tests/oauth2/test__client.py - platform/external/python/google-auth-library-python - Git at Google

 # Copyright 2016 Google Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #      http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.

 import datetime
 import json
 import os

 import mock
 import pytest
 import six
 from six.moves import http_client
 from six.moves import urllib

 from google.auth import _helpers
 from google.auth import crypt
 from google.auth import exceptions
 from google.auth import jwt
 from google.auth import transport
 from google.oauth2 import _client


 DATA_DIR = os.path.join(os.path.dirname(__file__), '..', 'data')

 with open(os.path.join(DATA_DIR, 'privatekey.pem'), 'rb') as fh:
     PRIVATE_KEY_BYTES = fh.read()

 SIGNER = crypt.RSASigner.from_string(PRIVATE_KEY_BYTES, '1')

 SCOPES_AS_LIST = ['https://www.googleapis.com/auth/pubsub',
                   'https://www.googleapis.com/auth/logging.write']
 SCOPES_AS_STRING = ('https://www.googleapis.com/auth/pubsub'
                     ' https://www.googleapis.com/auth/logging.write')


 def test__handle_error_response():
     response_data = json.dumps({
         'error': 'help',
         'error_description': 'I\'m alive'})

     with pytest.raises(exceptions.RefreshError) as excinfo:
         _client._handle_error_response(response_data)

     assert excinfo.match(r'help: I\'m alive')


 def test__handle_error_response_non_json():
     response_data = 'Help, I\'m alive'

     with pytest.raises(exceptions.RefreshError) as excinfo:
         _client._handle_error_response(response_data)

     assert excinfo.match(r'Help, I\'m alive')


 @mock.patch('google.auth._helpers.utcnow', return_value=datetime.datetime.min)
 def test__parse_expiry(unused_utcnow):
     result = _client._parse_expiry({'expires_in': 500})
     assert result == datetime.datetime.min + datetime.timedelta(seconds=500)


 def test__parse_expiry_none():
     assert _client._parse_expiry({}) is None


 def make_request(response_data, status=http_client.OK):
     response = mock.create_autospec(transport.Response, instance=True)
     response.status = status
     response.data = json.dumps(response_data).encode('utf-8')
     request = mock.create_autospec(transport.Request)
     request.return_value = response
     return request


 def test__token_endpoint_request():
     request = make_request({'test': 'response'})

     result = _client._token_endpoint_request(
         request, 'http://example.com', {'test': 'params'})

     # Check request call
     request.assert_called_with(
         method='POST',
         url='http://example.com',
         headers={'content-type': 'application/x-www-form-urlencoded'},
         body='test=params')

     # Check result
     assert result == {'test': 'response'}


 def test__token_endpoint_request_error():
     request = make_request({}, status=http_client.BAD_REQUEST)

     with pytest.raises(exceptions.RefreshError):
         _client._token_endpoint_request(request, 'http://example.com', {})


 def test__token_endpoint_request_internal_failure_error():
     request = make_request({'error': 'internal_failure',
                             'error_description': 'internal_failure'},
                            status=http_client.BAD_REQUEST)

     with pytest.raises(exceptions.RefreshError):
         _client._token_endpoint_request(
             request, 'http://example.com',
             {'error': 'internal_failure',
              'error_description': 'internal_failure'})


 def verify_request_params(request, params):
     request_body = request.call_args[1]['body']
     request_params = urllib.parse.parse_qs(request_body)

     for key, value in six.iteritems(params):
         assert request_params[key][0] == value


 @mock.patch('google.auth._helpers.utcnow', return_value=datetime.datetime.min)
 def test_jwt_grant(utcnow):
     request = make_request({
         'access_token': 'token',
         'expires_in': 500,
         'extra': 'data'})

     token, expiry, extra_data = _client.jwt_grant(
         request, 'http://example.com', 'assertion_value')

     # Check request call
     verify_request_params(request, {
         'grant_type': _client._JWT_GRANT_TYPE,
         'assertion': 'assertion_value'
     })

     # Check result
     assert token == 'token'
     assert expiry == utcnow() + datetime.timedelta(seconds=500)
     assert extra_data['extra'] == 'data'


 def test_jwt_grant_no_access_token():
     request = make_request({
         # No access token.
         'expires_in': 500,
         'extra': 'data'})

     with pytest.raises(exceptions.RefreshError):
         _client.jwt_grant(request, 'http://example.com', 'assertion_value')


 def test_id_token_jwt_grant():
     now = _helpers.utcnow()
     id_token_expiry = _helpers.datetime_to_secs(now)
     id_token = jwt.encode(SIGNER, {'exp': id_token_expiry}).decode('utf-8')
     request = make_request({
         'id_token': id_token,
         'extra': 'data'})

     token, expiry, extra_data = _client.id_token_jwt_grant(
         request, 'http://example.com', 'assertion_value')

     # Check request call
     verify_request_params(request, {
         'grant_type': _client._JWT_GRANT_TYPE,
         'assertion': 'assertion_value'
     })

     # Check result
     assert token == id_token
     # JWT does not store microseconds
     now = now.replace(microsecond=0)
     assert expiry == now
     assert extra_data['extra'] == 'data'


 def test_id_token_jwt_grant_no_access_token():
     request = make_request({
         # No access token.
         'expires_in': 500,
         'extra': 'data'})

     with pytest.raises(exceptions.RefreshError):
         _client.id_token_jwt_grant(
             request, 'http://example.com', 'assertion_value')


 @mock.patch('google.auth._helpers.utcnow', return_value=datetime.datetime.min)
 def test_refresh_grant(unused_utcnow):
     request = make_request({
         'access_token': 'token',
         'refresh_token': 'new_refresh_token',
         'expires_in': 500,
         'extra': 'data'})

     token, refresh_token, expiry, extra_data = _client.refresh_grant(
         request, 'http://example.com', 'refresh_token', 'client_id',
         'client_secret')

     # Check request call
     verify_request_params(request, {
         'grant_type': _client._REFRESH_GRANT_TYPE,
         'refresh_token': 'refresh_token',
         'client_id': 'client_id',
         'client_secret': 'client_secret'
     })

     # Check result
     assert token == 'token'
     assert refresh_token == 'new_refresh_token'
     assert expiry == datetime.datetime.min + datetime.timedelta(seconds=500)
     assert extra_data['extra'] == 'data'


 @mock.patch('google.auth._helpers.utcnow', return_value=datetime.datetime.min)
 def test_refresh_grant_with_scopes(unused_utcnow):
     request = make_request({
         'access_token': 'token',
         'refresh_token': 'new_refresh_token',
         'expires_in': 500,
         'extra': 'data',
         'scope': SCOPES_AS_STRING})

     token, refresh_token, expiry, extra_data = _client.refresh_grant(
         request, 'http://example.com', 'refresh_token', 'client_id',
         'client_secret', SCOPES_AS_LIST)

     # Check request call.
     verify_request_params(request, {
         'grant_type': _client._REFRESH_GRANT_TYPE,
         'refresh_token': 'refresh_token',
         'client_id': 'client_id',
         'client_secret': 'client_secret',
         'scope': SCOPES_AS_STRING
     })

     # Check result.
     assert token == 'token'
     assert refresh_token == 'new_refresh_token'
     assert expiry == datetime.datetime.min + datetime.timedelta(seconds=500)
     assert extra_data['extra'] == 'data'


 def test_refresh_grant_no_access_token():
     request = make_request({
         # No access token.
         'refresh_token': 'new_refresh_token',
         'expires_in': 500,
         'extra': 'data'})

     with pytest.raises(exceptions.RefreshError):
         _client.refresh_grant(
             request, 'http://example.com', 'refresh_token', 'client_id',
             'client_secret')
	# Copyright 2016 Google Inc.
	#
	# Licensed under the Apache License, Version 2.0 (the "License");
	# you may not use this file except in compliance with the License.
	# You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS,
	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# See the License for the specific language governing permissions and
	# limitations under the License.

	import datetime
	import json
	import os

	import mock
	import pytest
	import six
	from six.moves import http_client
	from six.moves import urllib

	from google.auth import _helpers
	from google.auth import crypt
	from google.auth import exceptions
	from google.auth import jwt
	from google.auth import transport
	from google.oauth2 import _client


	DATA_DIR = os.path.join(os.path.dirname(__file__), '..', 'data')

	with open(os.path.join(DATA_DIR, 'privatekey.pem'), 'rb') as fh:
	PRIVATE_KEY_BYTES = fh.read()

	SIGNER = crypt.RSASigner.from_string(PRIVATE_KEY_BYTES, '1')

	SCOPES_AS_LIST = ['https://www.googleapis.com/auth/pubsub',
	'https://www.googleapis.com/auth/logging.write']
	SCOPES_AS_STRING = ('https://www.googleapis.com/auth/pubsub'
	' https://www.googleapis.com/auth/logging.write')


	def test__handle_error_response():
	response_data = json.dumps({
	'error': 'help',
	'error_description': 'I\'m alive'})

	with pytest.raises(exceptions.RefreshError) as excinfo:
	_client._handle_error_response(response_data)

	assert excinfo.match(r'help: I\'m alive')


	def test__handle_error_response_non_json():
	response_data = 'Help, I\'m alive'

	with pytest.raises(exceptions.RefreshError) as excinfo:
	_client._handle_error_response(response_data)

	assert excinfo.match(r'Help, I\'m alive')


	@mock.patch('google.auth._helpers.utcnow', return_value=datetime.datetime.min)
	def test__parse_expiry(unused_utcnow):
	result = _client._parse_expiry({'expires_in': 500})
	assert result == datetime.datetime.min + datetime.timedelta(seconds=500)


	def test__parse_expiry_none():
	assert _client._parse_expiry({}) is None


	def make_request(response_data, status=http_client.OK):
	response = mock.create_autospec(transport.Response, instance=True)
	response.status = status
	response.data = json.dumps(response_data).encode('utf-8')
	request = mock.create_autospec(transport.Request)
	request.return_value = response
	return request


	def test__token_endpoint_request():
	request = make_request({'test': 'response'})

	result = _client._token_endpoint_request(
	request, 'http://example.com', {'test': 'params'})

	# Check request call
	request.assert_called_with(
	method='POST',
	url='http://example.com',
	headers={'content-type': 'application/x-www-form-urlencoded'},
	body='test=params')

	# Check result
	assert result == {'test': 'response'}


	def test__token_endpoint_request_error():
	request = make_request({}, status=http_client.BAD_REQUEST)

	with pytest.raises(exceptions.RefreshError):
	_client._token_endpoint_request(request, 'http://example.com', {})


	def test__token_endpoint_request_internal_failure_error():
	request = make_request({'error': 'internal_failure',
	'error_description': 'internal_failure'},
	status=http_client.BAD_REQUEST)

	with pytest.raises(exceptions.RefreshError):
	_client._token_endpoint_request(
	request, 'http://example.com',
	{'error': 'internal_failure',
	'error_description': 'internal_failure'})


	def verify_request_params(request, params):
	request_body = request.call_args[1]['body']
	request_params = urllib.parse.parse_qs(request_body)

	for key, value in six.iteritems(params):
	assert request_params[key][0] == value


	@mock.patch('google.auth._helpers.utcnow', return_value=datetime.datetime.min)
	def test_jwt_grant(utcnow):
	request = make_request({
	'access_token': 'token',
	'expires_in': 500,
	'extra': 'data'})

	token, expiry, extra_data = _client.jwt_grant(
	request, 'http://example.com', 'assertion_value')

	# Check request call
	verify_request_params(request, {
	'grant_type': _client._JWT_GRANT_TYPE,
	'assertion': 'assertion_value'
	})

	# Check result
	assert token == 'token'
	assert expiry == utcnow() + datetime.timedelta(seconds=500)
	assert extra_data['extra'] == 'data'


	def test_jwt_grant_no_access_token():
	request = make_request({
	# No access token.
	'expires_in': 500,
	'extra': 'data'})

	with pytest.raises(exceptions.RefreshError):
	_client.jwt_grant(request, 'http://example.com', 'assertion_value')


	def test_id_token_jwt_grant():
	now = _helpers.utcnow()
	id_token_expiry = _helpers.datetime_to_secs(now)
	id_token = jwt.encode(SIGNER, {'exp': id_token_expiry}).decode('utf-8')
	request = make_request({
	'id_token': id_token,
	'extra': 'data'})

	token, expiry, extra_data = _client.id_token_jwt_grant(
	request, 'http://example.com', 'assertion_value')

	# Check request call
	verify_request_params(request, {
	'grant_type': _client._JWT_GRANT_TYPE,
	'assertion': 'assertion_value'
	})

	# Check result
	assert token == id_token
	# JWT does not store microseconds
	now = now.replace(microsecond=0)
	assert expiry == now
	assert extra_data['extra'] == 'data'


	def test_id_token_jwt_grant_no_access_token():
	request = make_request({
	# No access token.
	'expires_in': 500,
	'extra': 'data'})

	with pytest.raises(exceptions.RefreshError):
	_client.id_token_jwt_grant(
	request, 'http://example.com', 'assertion_value')


	@mock.patch('google.auth._helpers.utcnow', return_value=datetime.datetime.min)
	def test_refresh_grant(unused_utcnow):
	request = make_request({
	'access_token': 'token',
	'refresh_token': 'new_refresh_token',
	'expires_in': 500,
	'extra': 'data'})

	token, refresh_token, expiry, extra_data = _client.refresh_grant(
	request, 'http://example.com', 'refresh_token', 'client_id',
	'client_secret')

	# Check request call
	verify_request_params(request, {
	'grant_type': _client._REFRESH_GRANT_TYPE,
	'refresh_token': 'refresh_token',
	'client_id': 'client_id',
	'client_secret': 'client_secret'
	})

	# Check result
	assert token == 'token'
	assert refresh_token == 'new_refresh_token'
	assert expiry == datetime.datetime.min + datetime.timedelta(seconds=500)
	assert extra_data['extra'] == 'data'


	@mock.patch('google.auth._helpers.utcnow', return_value=datetime.datetime.min)
	def test_refresh_grant_with_scopes(unused_utcnow):
	request = make_request({
	'access_token': 'token',
	'refresh_token': 'new_refresh_token',
	'expires_in': 500,
	'extra': 'data',
	'scope': SCOPES_AS_STRING})

	token, refresh_token, expiry, extra_data = _client.refresh_grant(
	request, 'http://example.com', 'refresh_token', 'client_id',
	'client_secret', SCOPES_AS_LIST)

	# Check request call.
	verify_request_params(request, {
	'grant_type': _client._REFRESH_GRANT_TYPE,
	'refresh_token': 'refresh_token',
	'client_id': 'client_id',
	'client_secret': 'client_secret',
	'scope': SCOPES_AS_STRING
	})

	# Check result.
	assert token == 'token'
	assert refresh_token == 'new_refresh_token'
	assert expiry == datetime.datetime.min + datetime.timedelta(seconds=500)
	assert extra_data['extra'] == 'data'


	def test_refresh_grant_no_access_token():
	request = make_request({
	# No access token.
	'refresh_token': 'new_refresh_token',
	'expires_in': 500,
	'extra': 'data'})

	with pytest.raises(exceptions.RefreshError):
	_client.refresh_grant(
	request, 'http://example.com', 'refresh_token', 'client_id',
	'client_secret')