Add tests for HTTP Basic Client auth.
This commit is contained in:
parent
6c4dad8c5c
commit
83c21cec40
|
@ -1,3 +1,4 @@
|
||||||
|
from base64 import b64encode
|
||||||
import json
|
import json
|
||||||
try:
|
try:
|
||||||
from urllib.parse import urlencode
|
from urllib.parse import urlencode
|
||||||
|
@ -44,7 +45,7 @@ class TokenTestCase(TestCase):
|
||||||
|
|
||||||
return post_data
|
return post_data
|
||||||
|
|
||||||
def _post_request(self, post_data):
|
def _post_request(self, post_data, extras={}):
|
||||||
"""
|
"""
|
||||||
Makes a request to the token endpoint by sending the
|
Makes a request to the token endpoint by sending the
|
||||||
`post_data` parameters using the 'application/x-www-form-urlencoded'
|
`post_data` parameters using the 'application/x-www-form-urlencoded'
|
||||||
|
@ -54,7 +55,8 @@ class TokenTestCase(TestCase):
|
||||||
|
|
||||||
request = self.factory.post(url,
|
request = self.factory.post(url,
|
||||||
data=urlencode(post_data),
|
data=urlencode(post_data),
|
||||||
content_type='application/x-www-form-urlencoded')
|
content_type='application/x-www-form-urlencoded',
|
||||||
|
**extras)
|
||||||
|
|
||||||
response = TokenView.as_view()(request)
|
response = TokenView.as_view()(request)
|
||||||
|
|
||||||
|
@ -113,12 +115,10 @@ class TokenTestCase(TestCase):
|
||||||
post_data = self._post_data(code=code.code)
|
post_data = self._post_data(code=code.code)
|
||||||
|
|
||||||
response = self._post_request(post_data)
|
response = self._post_request(post_data)
|
||||||
response_dic = json.loads(response.content.decode('utf-8'))
|
|
||||||
|
|
||||||
self.assertEqual('access_token' in response_dic, True,
|
self.assertEqual('invalid_client' in response.content.decode('utf-8'),
|
||||||
msg='"access_token" key is missing in response.')
|
False,
|
||||||
self.assertEqual('error' in response_dic, False,
|
msg='Client authentication fails using request-body credentials.')
|
||||||
msg='"error" key should not exists in response.')
|
|
||||||
|
|
||||||
# Now, test with an invalid client_id.
|
# Now, test with an invalid client_id.
|
||||||
invalid_data = post_data.copy()
|
invalid_data = post_data.copy()
|
||||||
|
@ -129,12 +129,32 @@ class TokenTestCase(TestCase):
|
||||||
invalid_data['code'] = code.code
|
invalid_data['code'] = code.code
|
||||||
|
|
||||||
response = self._post_request(invalid_data)
|
response = self._post_request(invalid_data)
|
||||||
response_dic = json.loads(response.content.decode('utf-8'))
|
|
||||||
|
|
||||||
self.assertEqual('error' in response_dic, True,
|
self.assertEqual('invalid_client' in response.content.decode('utf-8'),
|
||||||
msg='"error" key should exists in response.')
|
True,
|
||||||
self.assertEqual(response_dic.get('error') == 'invalid_client', True,
|
msg='Client authentication success with an invalid "client_id".')
|
||||||
msg='"error" key value should be "invalid_client".')
|
|
||||||
|
# Now, test using HTTP Basic Authentication method.
|
||||||
|
basicauth_data = post_data.copy()
|
||||||
|
|
||||||
|
# Create another grant code.
|
||||||
|
code = self._create_code()
|
||||||
|
basicauth_data['code'] = code.code
|
||||||
|
|
||||||
|
del basicauth_data['client_id']
|
||||||
|
del basicauth_data['client_secret']
|
||||||
|
|
||||||
|
# Generate HTTP Basic Auth header with id and secret.
|
||||||
|
user_pass = self.client.client_id + ':' + self.client.client_secret
|
||||||
|
auth_header = b'Basic ' + b64encode(user_pass.encode('utf-8'))
|
||||||
|
response = self._post_request(basicauth_data, {
|
||||||
|
'HTTP_AUTHORIZATION': auth_header.decode('utf-8'),
|
||||||
|
})
|
||||||
|
response.content.decode('utf-8')
|
||||||
|
|
||||||
|
self.assertEqual('invalid_client' in response.content.decode('utf-8'),
|
||||||
|
False,
|
||||||
|
msg='Client authentication fails using HTTP Basic Auth.')
|
||||||
|
|
||||||
def test_access_token_contains_nonce(self):
|
def test_access_token_contains_nonce(self):
|
||||||
"""
|
"""
|
||||||
|
|
Loading…
Reference in a new issue