Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
def test_add_token_to_header(self):
token = 'Bearer ' + self.token['access_token']
def verifier(r, **kwargs):
auth_header = r.headers.get(str('Authorization'), None)
self.assertEqual(auth_header, token)
resp = mock.MagicMock()
return resp
sess = OAuth2Session(client_id=self.client_id, token=self.token)
sess.send = verifier
sess.get('https://i.b')
url = 'https://example.com/token'
def fake_send(r, **kwargs):
self.assertIn('code=v', r.url)
self.assertIn('grant_type=authorization_code', r.url)
resp = mock.MagicMock()
resp.json = lambda: self.token
return resp
sess = OAuth2Session(client_id=self.client_id)
sess.send = fake_send
token = sess.fetch_token(
url, authorization_response='https://i.b/?code=v', method='GET')
self.assertEqual(token, self.token)
sess = OAuth2Session(
client_id=self.client_id,
token_endpoint_auth_method='none',
)
sess.send = fake_send
token = sess.fetch_token(url, code='v', method='GET')
self.assertEqual(token, self.token)
token = sess.fetch_token(url + '?q=a', code='v', method='GET')
self.assertEqual(token, self.token)
old_token = dict(
access_token='a',
token_type='bearer',
expires_at=100
)
sess = OAuth2Session(
'foo', token=old_token,
token_endpoint='https://i.b/token',
grant_type='client_credentials',
)
sess.send = mock_json_response(self.token)
sess.get('https://i.b/user')
self.assertFalse(update_token.called)
sess = OAuth2Session(
'foo', token=old_token,
token_endpoint='https://i.b/token',
grant_type='client_credentials',
update_token=update_token,
)
sess.send = mock_json_response(self.token)
sess.get('https://i.b/user')
self.assertTrue(update_token.called)
def test_auto_refresh_token2(self):
def _update_token(token, refresh_token=None, access_token=None):
self.assertEqual(access_token, 'a')
self.assertEqual(token, self.token)
update_token = mock.Mock(side_effect=_update_token)
old_token = dict(
access_token='a',
token_type='bearer',
expires_at=100
)
sess = OAuth2Session(
'foo', token=old_token,
token_endpoint='https://i.b/token',
grant_type='client_credentials',
)
sess.send = mock_json_response(self.token)
sess.get('https://i.b/user')
self.assertFalse(update_token.called)
sess = OAuth2Session(
'foo', token=old_token,
token_endpoint='https://i.b/token',
grant_type='client_credentials',
update_token=update_token,
)
sess.send = mock_json_response(self.token)
sess.get('https://i.b/user')
sess.send = fake_send
self.assertEqual(
sess.fetch_token(
url, authorization_response='https://i.b/?code=v'),
self.token)
sess = OAuth2Session(
client_id=self.client_id,
token_endpoint_auth_method='none',
)
sess.send = fake_send
token = sess.fetch_token(url, code='v')
self.assertEqual(token, self.token)
error = {'error': 'invalid_request'}
sess = OAuth2Session(client_id=self.client_id, token=self.token)
sess.send = mock_json_response(error)
self.assertRaises(OAuthError, sess.fetch_access_token, url)
def test_cleans_previous_token_before_fetching_new_one(self):
"""Makes sure the previous token is cleaned before fetching a new one.
The reason behind it is that, if the previous token is expired, this
method shouldn't fail with a TokenExpiredError, since it's attempting
to get a new one (which shouldn't be expired).
"""
now = int(time.time())
new_token = deepcopy(self.token)
past = now - 7200
self.token['expires_at'] = past
new_token['expires_at'] = now + 3600
url = 'https://example.com/token'
with mock.patch('time.time', lambda: now):
sess = OAuth2Session(client_id=self.client_id, token=self.token)
sess.send = mock_json_response(new_token)
self.assertEqual(sess.fetch_token(url), new_token)
def test_invalid_token_type(self):
token = {
'token_type': 'invalid',
'access_token': 'a',
'refresh_token': 'b',
'expires_in': '3600',
'expires_at': int(time.time()) + 3600,
}
with OAuth2Session(self.client_id, token=token) as sess:
self.assertRaises(OAuthError, sess.get, 'https://i.b')
def test_create_authorization_url(self):
url = 'https://example.com/authorize?foo=bar'
sess = OAuth2Session(client_id=self.client_id)
auth_url, state = sess.create_authorization_url(url)
self.assertIn(state, auth_url)
self.assertIn(self.client_id, auth_url)
self.assertIn('response_type=code', auth_url)
sess = OAuth2Session(client_id=self.client_id, prompt='none')
auth_url, state = sess.create_authorization_url(
url, state='foo', redirect_uri='https://i.b', scope='profile')
self.assertEqual(state, 'foo')
self.assertIn('i.b', auth_url)
self.assertIn('profile', auth_url)
self.assertIn('prompt=none', auth_url)
def test_password_grant_type(self):
url = 'https://example.com/token'
def fake_send(r, **kwargs):
self.assertIn('username=v', r.body)
self.assertIn('grant_type=password', r.body)
self.assertIn('scope=profile', r.body)
resp = mock.MagicMock()
resp.json = lambda: self.token
return resp
sess = OAuth2Session(client_id=self.client_id, scope='profile')
sess.send = fake_send
token = sess.fetch_token(url, username='v', password='v')
self.assertEqual(token, self.token)
def test_client_credentials_type(self):
url = 'https://example.com/token'
def fake_send(r, **kwargs):
self.assertIn('grant_type=client_credentials', r.body)
self.assertIn('scope=profile', r.body)
resp = mock.MagicMock()
resp.json = lambda: self.token
return resp
sess = OAuth2Session(
client_id=self.client_id,
client_secret='v',
scope='profile',
)
sess.send = fake_send
token = sess.fetch_token(url)
self.assertEqual(token, self.token)