django-oidc-provider/oidc_provider/tests/test_userinfo_endpoint.py

from datetime import timedelta

from django.core.urlresolvers import reverse
from django.test import RequestFactory
from django.test import TestCase
from django.utils import timezone

from oidc_provider.lib.utils.token import *
from oidc_provider.models import *
from oidc_provider.tests.app.utils import *
from oidc_provider.views import userinfo


class UserInfoTestCase(TestCase):

    def setUp(self):
        self.factory = RequestFactory()
        self.user = create_fake_user()
        self.client = create_fake_client(response_type='code')

    def _create_token(self):
        """
        Generate a valid token.
        """
        id_token_dic = create_id_token(self.user,
                                       self.client.client_id, FAKE_NONCE)

        token = create_token(
            user=self.user,
            client=self.client,
            id_token_dic=id_token_dic,
            scope=['openid', 'email'])
        token.save()

        return token

    def _post_request(self, access_token):
        """
        Makes a request to the userinfo endpoint by sending the
        `post_data` parameters using the 'multipart/form-data'
        format.
        """
        url = reverse('oidc_provider:userinfo')

        request = self.factory.post(url,
            data={},
            content_type='multipart/form-data')

        request.META['HTTP_AUTHORIZATION'] = 'Bearer ' + access_token

        response = userinfo(request)

        return response

    def test_response_with_valid_token(self):
        token = self._create_token()

        # Test a valid request to the userinfo endpoint.
        response = self._post_request(token.access_token)

        self.assertEqual(response.status_code, 200)
        self.assertEqual(bool(response.content), True)

    def test_response_with_expired_token(self):
        token = self._create_token()

        # Make token expired.
        token.expires_at = timezone.now() - timedelta(hours=1)
        token.save()

        response = self._post_request(token.access_token)

        self.assertEqual(response.status_code, 401)

        try:
            is_header_field_ok = 'invalid_token' in response['WWW-Authenticate']
        except KeyError:
            is_header_field_ok = False
        self.assertEqual(is_header_field_ok, True)

    def test_response_with_invalid_scope(self):
        token = self._create_token()

        token.scope = ['otherone']
        token.save()

        response = self._post_request(token.access_token)

        self.assertEqual(response.status_code, 403)

        try:
            is_header_field_ok = 'insufficient_scope' in response['WWW-Authenticate']
        except KeyError:
            is_header_field_ok = False
        self.assertEqual(is_header_field_ok, True)
Add tests for userinfo endpoint. 2015-05-07 18:47:49 +00:00			`from datetime import timedelta`

			`from django.core.urlresolvers import reverse`
			`from django.test import RequestFactory`
			`from django.test import TestCase`
			`from django.utils import timezone`

			`from oidc_provider.lib.utils.token import *`
			`from oidc_provider.models import *`
Fix imports in tests. 2015-07-14 17:52:48 +00:00			`from oidc_provider.tests.app.utils import *`
Add tests for userinfo endpoint. 2015-05-07 18:47:49 +00:00			`from oidc_provider.views import userinfo`


			`class UserInfoTestCase(TestCase):`

			`def setUp(self):`
			`self.factory = RequestFactory()`
			`self.user = create_fake_user()`
			`self.client = create_fake_client(response_type='code')`

			`def _create_token(self):`
			`"""`
			`Generate a valid token.`
			`"""`
Fix tests for using nonce parameter. 2015-07-16 18:04:33 +00:00			`id_token_dic = create_id_token(self.user,`
			`self.client.client_id, FAKE_NONCE)`
Add tests for userinfo endpoint. 2015-05-07 18:47:49 +00:00
			`token = create_token(`
			`user=self.user,`
			`client=self.client,`
			`id_token_dic=id_token_dic,`
			`scope=['openid', 'email'])`
			`token.save()`

			`return token`

			`def _post_request(self, access_token):`
			`"""`
			`Makes a request to the userinfo endpoint by sending the`
			`post_data` parameters using the 'multipart/form-data'
			`format.`
			`"""`
			`url = reverse('oidc_provider:userinfo')`

			`request = self.factory.post(url,`
			`data={},`
			`content_type='multipart/form-data')`

			`request.META['HTTP_AUTHORIZATION'] = 'Bearer ' + access_token`

			`response = userinfo(request)`

			`return response`

			`def test_response_with_valid_token(self):`
			`token = self._create_token()`

			`# Test a valid request to the userinfo endpoint.`
			`response = self._post_request(token.access_token)`

			`self.assertEqual(response.status_code, 200)`
			`self.assertEqual(bool(response.content), True)`

			`def test_response_with_expired_token(self):`
			`token = self._create_token()`

			`# Make token expired.`
			`token.expires_at = timezone.now() - timedelta(hours=1)`
			`token.save()`

			`response = self._post_request(token.access_token)`

			`self.assertEqual(response.status_code, 401)`

			`try:`
			`is_header_field_ok = 'invalid_token' in response['WWW-Authenticate']`
			`except KeyError:`
			`is_header_field_ok = False`
Add tests for scope validation in userinfo endpoint. 2015-05-07 19:08:12 +00:00			`self.assertEqual(is_header_field_ok, True)`

			`def test_response_with_invalid_scope(self):`
			`token = self._create_token()`

			`token.scope = ['otherone']`
			`token.save()`

			`response = self._post_request(token.access_token)`

			`self.assertEqual(response.status_code, 403)`

			`try:`
			`is_header_field_ok = 'insufficient_scope' in response['WWW-Authenticate']`
			`except KeyError:`
			`is_header_field_ok = False`
Add tests for userinfo endpoint. 2015-05-07 18:47:49 +00:00			`self.assertEqual(is_header_field_ok, True)`