OCA
/
server-tools
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1488 Commits
13 Branches
0 Tags
45 MiB
Tree: 38594fa149
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '38594fa149'
${ noResults }
server-tools/oauth_provider/tests/test_oauth_provider_control...

358 lines
14 KiB
Raw Normal View History

[ADD] Add oauth_provider module
8 years ago
  1. # -*- coding: utf-8 -*-
  2. # Copyright 2016 SYLEAM
  3. # License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
  5. import json
  6. import logging
  7. from .common_test_controller import OAuthProviderControllerTransactionCase
  8. from .common_test_oauth_provider_controller import \
  9. TestOAuthProviderRefreshTokenController, \
  10. TestOAuthProviderAurhorizeController, \
  11. TestOAuthProviderTokeninfoController, \
  12. TestOAuthProviderUserinfoController, \
  13. TestOAuthProviderOtherinfoController, \
  14. TestOAuthProviderRevokeTokenController
  16. _logger = logging.getLogger(__name__)
  18. try:
  19. import oauthlib
  20. except ImportError:
  21. _logger.debug('Cannot `import oauthlib`.')
  24. class TestOAuthProviderController(
  25. OAuthProviderControllerTransactionCase,
  26. TestOAuthProviderRefreshTokenController,
  27. TestOAuthProviderAurhorizeController,
  28. TestOAuthProviderTokeninfoController,
  29. TestOAuthProviderUserinfoController,
  30. TestOAuthProviderOtherinfoController,
  31. TestOAuthProviderRevokeTokenController):
  32. def setUp(self):
  33. super(TestOAuthProviderController, self).setUp('web application')
  35. def new_code(self):
  36. # Configure the client to skip the authorization page
  37. self.client.skip_authorization = True
  39. # Call the authorize method with good values
  40. state = 'Some custom state'
  41. self.login('demo', 'demo')
  42. response = self.get_request('/oauth2/authorize', data={
  43. 'client_id': self.client.identifier,
  44. 'response_type': self.client.response_type,
  45. 'redirect_uri': self.redirect_uri_base,
  46. 'scope': self.client.scope_ids[0].code,
  47. 'state': state,
  48. })
  49. # A new authorization code should have been generated
  50. # We can safely pick the latest generated code here, because no other
  51. # code could have been generated during the test
  52. code = self.env['oauth.provider.authorization.code'].search([
  53. ('client_id', '=', self.client.id),
  54. ], order='id DESC', limit=1)
  55. # The response should be a redirect to the redirect URI, with the
  56. # authorization_code added as GET parameter
  57. self.assertEqual(response.status_code, 302)
  58. query_string = oauthlib.common.urlencode(
  59. {'state': state, 'code': code.code}.items())
  60. self.assertEqual(
  61. response.headers['Location'], '{uri_base}?{query_string}'.format(
  62. uri_base=self.redirect_uri_base, query_string=query_string))
  63. self.assertEqual(code.user_id, self.user)
  65. self.logout()
  67. return code
  69. def test_token_error_missing_session(self):
  70. """ Check /oauth2/token without any session set
  72. Must return an invalid_client_id error
  73. """
  74. response = self.post_request('/oauth2/token')
  75. self.assertEqual(response.status_code, 401)
  76. self.assertEqual(
  77. json.loads(response.data), {'error': 'invalid_client_id'})
  79. def test_token_error_missing_arguments(self):
  80. """ Check /oauth2/token without any argument
  82. Must return an invalid_client_id error
  83. """
  84. # Generate an authorization code to set the session
  85. self.new_code()
  87. response = self.post_request('/oauth2/token')
  88. self.assertEqual(response.status_code, 401)
  89. self.assertEqual(
  90. json.loads(response.data), {'error': 'invalid_client_id'})
  92. def test_token_error_wrong_grant_type(self):
  93. """ Check /oauth2/token with an invalid grant type
  95. Must return an invalid_client_id error
  96. """
  97. # Generate an authorization code to set the session
  98. self.new_code()
  100. response = self.post_request('/oauth2/token', data={
  101. 'grant_type': 'Wrong grant type',
  102. })
  103. self.assertEqual(response.status_code, 401)
  104. self.assertEqual(
  105. json.loads(response.data), {'error': 'invalid_client_id'})
  107. def test_token_error_missing_code(self):
  108. """ Check /oauth2/token without code
  110. Must return an invalid_client_id error
  111. """
  112. # Generate an authorization code to set the session
  113. self.new_code()
  115. response = self.post_request('/oauth2/token', data={
  116. 'grant_type': self.client.grant_type,
  117. })
  118. self.assertEqual(response.status_code, 401)
  119. self.assertEqual(
  120. json.loads(response.data), {'error': 'invalid_client_id'})
  122. def test_token_error_missing_client_id(self):
  123. """ Check /oauth2/token without client
  125. Must return an invalid_client_id error
  126. """
  127. # Generate an authorization code to set the session
  128. self.new_code()
  130. response = self.post_request('/oauth2/token', data={
  131. 'grant_type': self.client.grant_type,
  132. 'code': 'Wrong code',
  133. })
  134. self.assertEqual(response.status_code, 401)
  135. self.assertEqual(
  136. json.loads(response.data), {'error': 'invalid_client_id'})
  138. def test_token_error_wrong_client_identifier(self):
  139. """ Check /oauth2/token with a wrong client identifier
  141. Must return an invalid_client_id error
  142. """
  143. # Generate an authorization code to set the session
  144. self.new_code()
  146. response = self.post_request('/oauth2/token', data={
  147. 'grant_type': self.client.grant_type,
  148. 'client_id': 'Wrong client identifier',
  149. 'code': 'Wrong code',
  150. })
  151. self.assertEqual(response.status_code, 401)
  152. self.assertEqual(
  153. json.loads(response.data), {'error': 'invalid_client_id'})
  155. def test_token_error_wrong_code(self):
  156. """ Check /oauth2/token with a wrong code
  158. Must return an invalid_grant error
  159. """
  160. # Generate an authorization code to set the session
  161. self.new_code()
  163. response = self.post_request('/oauth2/token', data={
  164. 'grant_type': self.client.grant_type,
  165. 'client_id': self.client.identifier,
  166. 'code': 'Wrong code',
  167. })
  168. self.assertEqual(response.status_code, 401)
  169. self.assertEqual(json.loads(response.data), {'error': 'invalid_grant'})
  171. def test_token_error_missing_redirect_uri(self):
  172. """ Check /oauth2/token without redirect_uri
  174. Must return an access_denied error
  175. """
  176. # Generate an authorization code
  177. code = self.new_code()
  179. response = self.post_request('/oauth2/token', data={
  180. 'grant_type': self.client.grant_type,
  181. 'client_id': self.client.identifier,
  182. 'code': code.code,
  183. })
  184. self.assertEqual(response.status_code, 401)
  185. self.assertEqual(json.loads(response.data), {'error': 'access_denied'})
  187. def test_token_error_wrong_redirect_uri(self):
  188. """ Check /oauth2/token with a wrong redirect_uri
  190. Must return an access_denied error
  191. """
  192. # Generate an authorization code
  193. code = self.new_code()
  195. response = self.post_request('/oauth2/token', data={
  196. 'grant_type': self.client.grant_type,
  197. 'client_id': self.client.identifier,
  198. 'code': code.code,
  199. 'redirect_uri': 'Wrong redirect URI',
  200. })
  201. self.assertEqual(response.status_code, 401)
  202. self.assertEqual(json.loads(response.data), {'error': 'access_denied'})
  204. def test_token_error_wrong_client_id(self):
  205. """ Check /oauth2/token with a wrong client id
  207. Must return an invalid_client_id error
  208. """
  209. # Generate an authorization code
  210. code = self.new_code()
  212. response = self.post_request('/oauth2/token', data={
  213. 'grant_type': self.client.grant_type,
  214. 'client_id': 'Wrong client id',
  215. 'code': code.code,
  216. 'redirect_uri': self.redirect_uri_base,
  217. 'scope': self.client.scope_ids[0].code,
  218. })
  219. self.assertEqual(response.status_code, 401)
  220. self.assertEqual(
  221. json.loads(response.data), {'error': 'invalid_client_id'})
  223. def test_token_error_missing_refresh_token(self):
  224. """ Check /oauth2/token in refresh token mode without refresh token
  226. Must return an invalid_request error
  227. """
  228. # Generate an authorization code to set the session
  229. self.new_code()
  231. response = self.post_request('/oauth2/token', data={
  232. 'grant_type': 'refresh_token',
  233. 'client_id': self.client.identifier,
  234. 'redirect_uri': self.redirect_uri_base,
  235. 'scope': self.client.scope_ids[0].code,
  236. })
  237. self.assertEqual(response.status_code, 400)
  238. self.assertEqual(json.loads(response.data), {
  239. 'error': 'invalid_request',
  240. 'error_description': 'Missing refresh token parameter.',
  241. })
  243. def test_token_error_invalid_refresh_token(self):
  244. """ Check /oauth2/token in refresh token mode with an invalid refresh token
  246. Must return an invalid_grant error
  247. """
  248. # Generate an authorization code to set the session
  249. self.new_code()
  251. response = self.post_request('/oauth2/token', data={
  252. 'grant_type': 'refresh_token',
  253. 'client_id': self.client.identifier,
  254. 'redirect_uri': self.redirect_uri_base,
  255. 'scope': self.client.scope_ids[0].code,
  256. 'refresh_token': 'Wrong refresh token',
  257. })
  258. self.assertEqual(response.status_code, 401)
  259. self.assertEqual(json.loads(response.data), {'error': 'invalid_grant'})
  261. def test_authorize_skip_authorization(self):
  262. """ Call /oauth2/authorize while skipping the authorization page """
  263. # Configure the client to skip the authorization page
  264. self.client.skip_authorization = True
  266. # Call the authorize method with good values
  267. state = 'Some custom state'
  268. self.login('demo', 'demo')
  269. response = self.get_request('/oauth2/authorize', data={
  270. 'client_id': self.client.identifier,
  271. 'response_type': self.client.response_type,
  272. 'redirect_uri': self.redirect_uri_base,
  273. 'scope': self.client.scope_ids[0].code,
  274. 'state': state,
  275. })
  276. # A new authorization code should have been generated
  277. # We can safely pick the latest generated code here, because no other
  278. # code could have been generated during the test
  279. code = self.env['oauth.provider.authorization.code'].search([
  280. ('client_id', '=', self.client.id),
  281. ], order='id DESC', limit=1)
  282. # The response should be a redirect to the redirect URI, with the
  283. # authorization_code added as GET parameter
  284. self.assertEqual(response.status_code, 302)
  285. query_string = oauthlib.common.urlencode({
  286. 'state': state,
  287. 'code': code.code,
  288. }.items())
  289. self.assertEqual(
  290. response.headers['Location'], '{uri_base}?{query_string}'.format(
  291. uri_base=self.redirect_uri_base, query_string=query_string))
  292. self.assertEqual(code.user_id, self.user)
  294. def test_successful_token_retrieval(self):
  295. """ Check the full process for a WebApplication
  297. GET, then POST, token and informations retrieval
  298. """
  299. # Call the authorize method with good values to fill the session scopes
  300. # and credentials variables
  301. state = 'Some custom state'
  302. self.login('demo', 'demo')
  303. response = self.get_request('/oauth2/authorize', data={
  304. 'client_id': self.client.identifier,
  305. 'response_type': self.client.response_type,
  306. 'redirect_uri': self.redirect_uri_base,
  307. 'scope': self.client.scope_ids[0].code,
  308. 'state': state,
  309. })
  310. self.assertEqual(response.status_code, 200)
  311. self.assertTrue(self.client.name in response.data)
  312. self.assertTrue(self.client.scope_ids[0].name in response.data)
  313. self.assertTrue(self.client.scope_ids[0].description in response.data)
  315. # Then, call the POST route to validate the authorization
  316. response = self.post_request('/oauth2/authorize')
  317. # A new authorization code should have been generated
  318. # We can safely pick the latest generated code here, because no other
  319. # code could have been generated during the test
  320. code = self.env['oauth.provider.authorization.code'].search([
  321. ('client_id', '=', self.client.id),
  322. ], order='id DESC', limit=1)
  323. # The response should be a redirect to the redirect URI, with the
  324. # authorization_code added as GET parameter
  325. self.assertEqual(response.status_code, 302)
  326. query_string = oauthlib.common.urlencode({
  327. 'state': state,
  328. 'code': code.code,
  329. }.items())
  330. self.assertEqual(
  331. response.headers['Location'], '{uri_base}?{query_string}'.format(
  332. uri_base=self.redirect_uri_base, query_string=query_string))
  333. self.assertEqual(code.user_id, self.user)
  335. self.logout()
  337. # Now that the user vaidated the authorization, we can ask for a token,
  338. # using the returned code
  339. response = self.post_request('/oauth2/token', data={
  340. 'client_id': self.client.identifier,
  341. 'redirect_uri': self.redirect_uri_base,
  342. 'scope': self.client.scope_ids[0].code,
  343. 'code': code.code,
  344. 'grant_type': self.client.grant_type,
  345. })
  346. response_data = json.loads(response.data)
  347. # A new token should have been generated
  348. # We can safely pick the latest generated token here, because no other
  349. # token could have been generated during the test
  350. token = self.env['oauth.provider.token'].search([
  351. ('client_id', '=', self.client.id),
  352. ], order='id DESC', limit=1)
  353. self.assertEqual(response.status_code, 200)
  354. self.assertEqual(token.token, response_data['access_token'])
  355. self.assertEqual(token.token_type, response_data['token_type'])
  356. self.assertEqual(token.refresh_token, response_data['refresh_token'])
  357. self.assertEqual(token.scope_ids, code.scope_ids)
  358. self.assertEqual(token.user_id, self.user)