OCA
/
server-tools
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1600 Commits
13 Branches
0 Tags
45 MiB
Tree: 7d10384bdd
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7d10384bdd'
${ noResults }
server-tools/oauth_provider/tests/test_oauth_provider_control...

374 lines
15 KiB
Raw Normal View History

[ADD] Add oauth_provider module
8 years ago
[FIX] oauth_provider: Fix tests when using last oauthlib version
7 years ago
[ADD] Add oauth_provider module
8 years ago
[FIX] oauth_provider: Fix tests when using last oauthlib version
7 years ago
[ADD] Add oauth_provider module
8 years ago
  1. # -*- coding: utf-8 -*-
  2. # Copyright 2016 SYLEAM
  3. # License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
  5. import json
  6. import logging
  7. from .common_test_controller import OAuthProviderControllerTransactionCase
  8. from .common_test_oauth_provider_controller import \
  9. TestOAuthProviderRefreshTokenController, \
  10. TestOAuthProviderAurhorizeController, \
  11. TestOAuthProviderTokeninfoController, \
  12. TestOAuthProviderUserinfoController, \
  13. TestOAuthProviderOtherinfoController, \
  14. TestOAuthProviderRevokeTokenController
  16. _logger = logging.getLogger(__name__)
  18. try:
  19. import oauthlib
  20. except ImportError:
  21. _logger.debug('Cannot `import oauthlib`.')
  24. class TestOAuthProviderController(
  25. OAuthProviderControllerTransactionCase,
  26. TestOAuthProviderRefreshTokenController,
  27. TestOAuthProviderAurhorizeController,
  28. TestOAuthProviderTokeninfoController,
  29. TestOAuthProviderUserinfoController,
  30. TestOAuthProviderOtherinfoController,
  31. TestOAuthProviderRevokeTokenController):
  32. def setUp(self):
  33. super(TestOAuthProviderController, self).setUp('web application')
  35. def new_code(self):
  36. # Configure the client to skip the authorization page
  37. self.client.skip_authorization = True
  39. # Call the authorize method with good values
  40. state = 'Some custom state'
  41. self.login('demo', 'demo')
  42. response = self.get_request('/oauth2/authorize', data={
  43. 'client_id': self.client.identifier,
  44. 'response_type': self.client.response_type,
  45. 'redirect_uri': self.redirect_uri_base,
  46. 'scope': self.client.scope_ids[0].code,
  47. 'state': state,
  48. })
  49. # A new authorization code should have been generated
  50. # We can safely pick the latest generated code here, because no other
  51. # code could have been generated during the test
  52. code = self.env['oauth.provider.authorization.code'].search([
  53. ('client_id', '=', self.client.id),
  54. ], order='id DESC', limit=1)
  55. # The response should be a redirect to the redirect URI, with the
  56. # authorization_code added as GET parameter
  57. self.assertEqual(response.status_code, 302)
  58. query_string = oauthlib.common.urlencode(
  59. {'state': state, 'code': code.code}.items())
  60. self.assertEqual(
  61. response.headers['Location'], '{uri_base}?{query_string}'.format(
  62. uri_base=self.redirect_uri_base, query_string=query_string))
  63. self.assertEqual(code.user_id, self.user)
  65. self.logout()
  67. return code
  69. def test_token_error_missing_session(self):
  70. """ Check /oauth2/token without any session set
  72. Must return an invalid_client_id error
  73. """
  74. response = self.post_request('/oauth2/token')
  75. self.assertEqual(response.status_code, 401)
  76. self.assertEqual(
  77. json.loads(response.data), {'error': 'invalid_client_id'})
  79. def test_token_error_missing_arguments(self):
  80. """ Check /oauth2/token without any argument
  82. Must return an invalid_client_id error
  83. """
  84. # Generate an authorization code to set the session
  85. self.new_code()
  87. response = self.post_request('/oauth2/token')
  88. self.assertEqual(response.status_code, 401)
  89. self.assertEqual(
  90. json.loads(response.data), {'error': 'invalid_client_id'})
  92. def test_token_error_wrong_grant_type(self):
  93. """ Check /oauth2/token with an invalid grant type
  95. Must return an invalid_client_id error
  96. """
  97. # Generate an authorization code to set the session
  98. self.new_code()
  100. response = self.post_request('/oauth2/token', data={
  101. 'grant_type': 'Wrong grant type',
  102. })
  103. self.assertEqual(response.status_code, 401)
  104. self.assertEqual(
  105. json.loads(response.data), {'error': 'invalid_client_id'})
  107. def test_token_error_missing_code(self):
  108. """ Check /oauth2/token without code
  110. Must return an invalid_client_id error
  111. """
  112. # Generate an authorization code to set the session
  113. self.new_code()
  115. response = self.post_request('/oauth2/token', data={
  116. 'grant_type': self.client.grant_type,
  117. })
  118. self.assertEqual(response.status_code, 401)
  119. self.assertEqual(
  120. json.loads(response.data), {'error': 'invalid_client_id'})
  122. def test_token_error_missing_client_id(self):
  123. """ Check /oauth2/token without client
  125. Must return an invalid_client_id error
  126. """
  127. # Generate an authorization code to set the session
  128. self.new_code()
  130. response = self.post_request('/oauth2/token', data={
  131. 'grant_type': self.client.grant_type,
  132. 'code': 'Wrong code',
  133. })
  134. self.assertEqual(response.status_code, 401)
  135. self.assertEqual(
  136. json.loads(response.data), {'error': 'invalid_client_id'})
  138. def test_token_error_wrong_client_identifier(self):
  139. """ Check /oauth2/token with a wrong client identifier
  141. Must return an invalid_client_id error
  142. """
  143. # Generate an authorization code to set the session
  144. self.new_code()
  146. response = self.post_request('/oauth2/token', data={
  147. 'grant_type': self.client.grant_type,
  148. 'client_id': 'Wrong client identifier',
  149. 'code': 'Wrong code',
  150. })
  151. self.assertEqual(response.status_code, 401)
  152. self.assertEqual(
  153. json.loads(response.data), {'error': 'invalid_client_id'})
  155. def test_token_error_wrong_code(self):
  156. """ Check /oauth2/token with a wrong code
  158. Must return an invalid_grant error
  159. """
  160. # Generate an authorization code to set the session
  161. self.new_code()
  163. response = self.post_request('/oauth2/token', data={
  164. 'grant_type': self.client.grant_type,
  165. 'client_id': self.client.identifier,
  166. 'code': 'Wrong code',
  167. })
  168. self.assertEqual(response.status_code, 401)
  169. self.assertEqual(json.loads(response.data), {'error': 'invalid_grant'})
  171. def test_token_error_missing_redirect_uri(self):
  172. """ Check /oauth2/token without redirect_uri
  174. Must return an access_denied error
  175. """
  176. # Generate an authorization code
  177. code = self.new_code()
  179. response = self.post_request('/oauth2/token', data={
  180. 'grant_type': self.client.grant_type,
  181. 'client_id': self.client.identifier,
  182. 'code': code.code,
  183. })
  184. # Two possible returned errors, depending on the oauthlib version
  185. self.assertIn(response.status_code, (400, 401))
  186. if response.status_code == 400:
  187. self.assertEqual(json.loads(response.data), {
  188. 'error': 'invalid_request',
  189. 'error_description': 'Mismatching redirect URI.',
  190. })
  191. else:
  192. self.assertEqual(
  193. json.loads(response.data), {'error': 'access_denied'})
  195. def test_token_error_wrong_redirect_uri(self):
  196. """ Check /oauth2/token with a wrong redirect_uri
  198. Must return an access_denied error
  199. """
  200. # Generate an authorization code
  201. code = self.new_code()
  203. response = self.post_request('/oauth2/token', data={
  204. 'grant_type': self.client.grant_type,
  205. 'client_id': self.client.identifier,
  206. 'code': code.code,
  207. 'redirect_uri': 'Wrong redirect URI',
  208. })
  209. # Two possible returned errors, depending on the oauthlib version
  210. self.assertIn(response.status_code, (400, 401))
  211. if response.status_code == 400:
  212. self.assertEqual(json.loads(response.data), {
  213. 'error': 'invalid_request',
  214. 'error_description': 'Mismatching redirect URI.',
  215. })
  216. else:
  217. self.assertEqual(
  218. json.loads(response.data), {'error': 'access_denied'})
  220. def test_token_error_wrong_client_id(self):
  221. """ Check /oauth2/token with a wrong client id
  223. Must return an invalid_client_id error
  224. """
  225. # Generate an authorization code
  226. code = self.new_code()
  228. response = self.post_request('/oauth2/token', data={
  229. 'grant_type': self.client.grant_type,
  230. 'client_id': 'Wrong client id',
  231. 'code': code.code,
  232. 'redirect_uri': self.redirect_uri_base,
  233. 'scope': self.client.scope_ids[0].code,
  234. })
  235. self.assertEqual(response.status_code, 401)
  236. self.assertEqual(
  237. json.loads(response.data), {'error': 'invalid_client_id'})
  239. def test_token_error_missing_refresh_token(self):
  240. """ Check /oauth2/token in refresh token mode without refresh token
  242. Must return an invalid_request error
  243. """
  244. # Generate an authorization code to set the session
  245. self.new_code()
  247. response = self.post_request('/oauth2/token', data={
  248. 'grant_type': 'refresh_token',
  249. 'client_id': self.client.identifier,
  250. 'redirect_uri': self.redirect_uri_base,
  251. 'scope': self.client.scope_ids[0].code,
  252. })
  253. self.assertEqual(response.status_code, 400)
  254. self.assertEqual(json.loads(response.data), {
  255. 'error': 'invalid_request',
  256. 'error_description': 'Missing refresh token parameter.',
  257. })
  259. def test_token_error_invalid_refresh_token(self):
  260. """ Check /oauth2/token in refresh token mode with an invalid refresh token
  262. Must return an invalid_grant error
  263. """
  264. # Generate an authorization code to set the session
  265. self.new_code()
  267. response = self.post_request('/oauth2/token', data={
  268. 'grant_type': 'refresh_token',
  269. 'client_id': self.client.identifier,
  270. 'redirect_uri': self.redirect_uri_base,
  271. 'scope': self.client.scope_ids[0].code,
  272. 'refresh_token': 'Wrong refresh token',
  273. })
  274. self.assertEqual(response.status_code, 401)
  275. self.assertEqual(json.loads(response.data), {'error': 'invalid_grant'})
  277. def test_authorize_skip_authorization(self):
  278. """ Call /oauth2/authorize while skipping the authorization page """
  279. # Configure the client to skip the authorization page
  280. self.client.skip_authorization = True
  282. # Call the authorize method with good values
  283. state = 'Some custom state'
  284. self.login('demo', 'demo')
  285. response = self.get_request('/oauth2/authorize', data={
  286. 'client_id': self.client.identifier,
  287. 'response_type': self.client.response_type,
  288. 'redirect_uri': self.redirect_uri_base,
  289. 'scope': self.client.scope_ids[0].code,
  290. 'state': state,
  291. })
  292. # A new authorization code should have been generated
  293. # We can safely pick the latest generated code here, because no other
  294. # code could have been generated during the test
  295. code = self.env['oauth.provider.authorization.code'].search([
  296. ('client_id', '=', self.client.id),
  297. ], order='id DESC', limit=1)
  298. # The response should be a redirect to the redirect URI, with the
  299. # authorization_code added as GET parameter
  300. self.assertEqual(response.status_code, 302)
  301. query_string = oauthlib.common.urlencode({
  302. 'state': state,
  303. 'code': code.code,
  304. }.items())
  305. self.assertEqual(
  306. response.headers['Location'], '{uri_base}?{query_string}'.format(
  307. uri_base=self.redirect_uri_base, query_string=query_string))
  308. self.assertEqual(code.user_id, self.user)
  310. def test_successful_token_retrieval(self):
  311. """ Check the full process for a WebApplication
  313. GET, then POST, token and informations retrieval
  314. """
  315. # Call the authorize method with good values to fill the session scopes
  316. # and credentials variables
  317. state = 'Some custom state'
  318. self.login('demo', 'demo')
  319. response = self.get_request('/oauth2/authorize', data={
  320. 'client_id': self.client.identifier,
  321. 'response_type': self.client.response_type,
  322. 'redirect_uri': self.redirect_uri_base,
  323. 'scope': self.client.scope_ids[0].code,
  324. 'state': state,
  325. })
  326. self.assertEqual(response.status_code, 200)
  327. self.assertTrue(self.client.name in response.data)
  328. self.assertTrue(self.client.scope_ids[0].name in response.data)
  329. self.assertTrue(self.client.scope_ids[0].description in response.data)
  331. # Then, call the POST route to validate the authorization
  332. response = self.post_request('/oauth2/authorize')
  333. # A new authorization code should have been generated
  334. # We can safely pick the latest generated code here, because no other
  335. # code could have been generated during the test
  336. code = self.env['oauth.provider.authorization.code'].search([
  337. ('client_id', '=', self.client.id),
  338. ], order='id DESC', limit=1)
  339. # The response should be a redirect to the redirect URI, with the
  340. # authorization_code added as GET parameter
  341. self.assertEqual(response.status_code, 302)
  342. query_string = oauthlib.common.urlencode({
  343. 'state': state,
  344. 'code': code.code,
  345. }.items())
  346. self.assertEqual(
  347. response.headers['Location'], '{uri_base}?{query_string}'.format(
  348. uri_base=self.redirect_uri_base, query_string=query_string))
  349. self.assertEqual(code.user_id, self.user)
  351. self.logout()
  353. # Now that the user vaidated the authorization, we can ask for a token,
  354. # using the returned code
  355. response = self.post_request('/oauth2/token', data={
  356. 'client_id': self.client.identifier,
  357. 'redirect_uri': self.redirect_uri_base,
  358. 'scope': self.client.scope_ids[0].code,
  359. 'code': code.code,
  360. 'grant_type': self.client.grant_type,
  361. })
  362. response_data = json.loads(response.data)
  363. # A new token should have been generated
  364. # We can safely pick the latest generated token here, because no other
  365. # token could have been generated during the test
  366. token = self.env['oauth.provider.token'].search([
  367. ('client_id', '=', self.client.id),
  368. ], order='id DESC', limit=1)
  369. self.assertEqual(response.status_code, 200)
  370. self.assertEqual(token.token, response_data['access_token'])
  371. self.assertEqual(token.token_type, response_data['token_type'])
  372. self.assertEqual(token.refresh_token, response_data['refresh_token'])
  373. self.assertEqual(token.scope_ids, code.scope_ids)
  374. self.assertEqual(token.user_id, self.user)