From 44a32a55ad80eb8e85e93864c52124e385a0ac43 Mon Sep 17 00:00:00 2001 From: juanifioren Date: Tue, 19 Jan 2016 16:08:13 -0300 Subject: [PATCH] Add tests for Implicit Flow. --- .../tests/test_authorize_endpoint.py | 60 +++++++++++++++++++ 1 file changed, 60 insertions(+) diff --git a/oidc_provider/tests/test_authorize_endpoint.py b/oidc_provider/tests/test_authorize_endpoint.py index 45367c6..76c5df0 100644 --- a/oidc_provider/tests/test_authorize_endpoint.py +++ b/oidc_provider/tests/test_authorize_endpoint.py @@ -296,3 +296,63 @@ class AuthorizationCodeFlowTestCase(TestCase): response = AuthorizeView.as_view()(request) self.assertEqual(scope_test in response.content.decode('utf-8'), True) + + +class ImplicitFlowTestCase(TestCase): + """ + Test cases for Authorize Endpoint using Implicit Grant Flow. + """ + + def setUp(self): + self.factory = RequestFactory() + self.user = create_fake_user() + self.client = create_fake_client(response_type='id_token token') + self.state = uuid.uuid4().hex + self.nonce = uuid.uuid4().hex + + def test_missing_nonce(self): + """ + The `nonce` parameter is REQUIRED if you use the Implicit Flow. + """ + query_str = urlencode({ + 'client_id': self.client.client_id, + 'response_type': self.client.response_type, + 'redirect_uri': self.client.default_redirect_uri, + 'scope': 'openid email', + 'state': self.state, + }).replace('+', '%20') + + url = reverse('oidc_provider:authorize') + '?' + query_str + + request = self.factory.get(url) + # Simulate that the user is logged. + request.user = self.user + + response = AuthorizeView.as_view()(request) + + self.assertEqual('#error=invalid_request' in response['Location'], True) + + def test_access_token_response(self): + """ + Unlike the Authorization Code flow, in which the client makes + separate requests for authorization and for an access token, the client + receives the access token as the result of the authorization request. + """ + post_data = { + 'client_id': self.client.client_id, + 'redirect_uri': self.client.default_redirect_uri, + 'response_type': self.client.response_type, + 'scope': 'openid email', + 'state': self.state, + 'nonce': self.nonce, + 'allow': 'Accept', + } + + request = self.factory.post(reverse('oidc_provider:authorize'), + data=post_data) + # Simulate that the user is logged. + request.user = self.user + + response = AuthorizeView.as_view()(request) + + self.assertEqual('access_token' in response['Location'], True)