ó O'—^c@s—ddlmZddlZddlZddlZddlZddlmZmZddl m Z ddl m Z ddl mZddlmZmZmZmZdd lmZmZmZmZdd lmZdd lmZd d lmZeƒZeƒZ defd„ƒYZ!deefd„ƒYZ"de"fd„ƒYZ#de"fd„ƒYZ$de"fd„ƒYZ%de"fd„ƒYZ&dS(iÿÿÿÿ(tunicode_literalsN(tTestCasetRequestFactory(treverse(toverride_settings(ttimezonei(turlparsetparse_qst urlencodetget_user_model(tget_application_modeltGrantt AccessTokent RefreshToken(toauth2_settings(tProtectedResourceViewi(t TestCaseUtilst ResourceViewcBseZd„ZRS(cOsdS(NuThis is a protected resource((tselftrequesttargstkwargs((sO/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/tests/test_authorization_code.pytgets(t__name__t __module__R(((sO/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/tests/test_authorization_code.pyRstBaseTestcBseZd„Zd„ZRS(c Cs³tƒ|_tjjdddƒ|_tjjdddƒ|_ddgt_t dd d d d |jd t j dt j ƒ|_ |j j ƒddgt_ddgt_dS(Nu test_useru test@user.comu123456udev_useru dev@user.comuhttpu custom-schemetnameuTest Applicationt redirect_urisuQhttp://localhost http://example.com http://example.it custom-scheme://example.comtusert client_typetauthorization_grant_typeureaduwrite(Rtfactoryt UserModeltobjectst create_usert test_usertdev_userRtALLOWED_REDIRECT_URI_SCHEMESt ApplicationtCLIENT_CONFIDENTIALtGRANT_AUTHORIZATION_CODEt applicationtsavet_SCOPESt_DEFAULT_SCOPES(R((sO/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/tests/test_authorization_code.pytsetUp s    cCs+|jjƒ|jjƒ|jjƒdS(N(R)tdeleteR#R$(R((sO/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/tests/test_authorization_code.pyttearDown3s  (RRR-R/(((sO/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/tests/test_authorization_code.pyRs tTestAuthorizationCodeViewcBs¼eZd„Zd„Zd„Zd„Zd„Zd„Zd„Zd„Z d„Z d „Z d „Z d „Z d „Zd „Zd„Zd„Zd„Zd„Zd„Zd„ZRS(cCs®|jjddddƒt|j_|jjƒti|jjd6dd6dd 6d d 6d d 6ƒ}djdt dƒd|ƒ}|jj |ƒ}|j |j dƒdS(u_ If application.skip_authorization = True, should skip the authorization page. tusernameu test_usertpasswordu123456u client_iducodeu response_typeurandom_state_stringustateu read writeuscopeuhttp://example.itu redirect_uriu {url}?{qs}turluoauth2_provider:authorizetqsi.N( tclienttlogintTrueR)tskip_authorizationR*Rt client_idtformatRRt assertEqualt status_code(Rt query_stringR3tresponse((sO/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/tests/test_authorization_code.pyt"test_skip_authorization_completely:s    cCsz|jjddddƒtidd6dd6ƒ}d jd td ƒd |ƒ}|jj|ƒ}|j|jd ƒdS(uN Test error for an invalid client_id with response_type: code R1u test_userR2u123456u fakeclientidu client_iducodeu response_typeu {url}?{qs}R3uoauth2_provider:authorizeR4iN(R5R6RR:RRR;R<(RR=R3R>((sO/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/tests/test_authorization_code.pyttest_pre_auth_invalid_clientNs cCs#|jjddddƒti|jjd6dd6dd 6d d 6d d 6ƒ}djdtdƒd|ƒ}|jj|ƒ}|j|j dƒ|j d|j ƒ|j d}|j|d j ƒd ƒ|j|d j ƒdƒ|j|d j ƒd ƒ|j|dj ƒ|jjƒdS(uN Test response for a valid client_id with response_type: code R1u test_userR2u123456u client_iducodeu response_typeurandom_state_stringustateu read writeuscopeuhttp://example.itu redirect_uriu {url}?{qs}R3uoauth2_provider:authorizeR4iÈuformN( R5R6RR)R9R:RRR;R<tassertIntcontexttvalue(RR=R3R>tform((sO/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/tests/test_authorization_code.pyttest_pre_auth_valid_client]s    cCs#|jjddddƒti|jjd6dd6dd 6d d 6d d 6ƒ}djdtdƒd|ƒ}|jj|ƒ}|j|j dƒ|j d|j ƒ|j d}|j|d j ƒd ƒ|j|d j ƒdƒ|j|d j ƒd ƒ|j|dj ƒ|jjƒdS(uŽ Test response for a valid client_id with response_type: code using a non-standard, but allowed, redirect_uri scheme. R1u test_userR2u123456u client_iducodeu response_typeurandom_state_stringustateu read writeuscopeucustom-scheme://example.comu redirect_uriu {url}?{qs}R3uoauth2_provider:authorizeR4iÈuformN( R5R6RR)R9R:RRR;R<RARBRC(RR=R3R>RD((sO/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/tests/test_authorization_code.pyt5test_pre_auth_valid_client_custom_redirect_uri_schemexs    c Cstjjd|jddd|jdtjƒtjddƒdd ƒ}|j j d d d d ƒt i|jj d6dd6dd6d d6dd6dd6ƒ}dj dtdƒd|ƒ}|j j|ƒ}|j|jdƒd|_|jƒ|j j|ƒ}|j|jdƒdS( u TODO Rttokenu 1234567890R)texpirestdaysitscopeu read writeR1u test_userR2u123456u client_iducodeu response_typeurandom_state_stringustateuscopeuhttp://example.itu redirect_uriuautouapproval_promptu {url}?{qs}R3uoauth2_provider:authorizeR4i.ureadiÈN(R R!tcreateR#R)Rtnowtdatetimet timedeltaR5R6RR9R:RRR;R<RJR*(RttokR=R3R>((sO/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/tests/test_authorization_code.pyttest_pre_auth_approval_prompt”s&      c Csï|jtjdƒtjjd|jddd|jdtj ƒt j ddƒd d ƒ|j j d d d dƒti|jjd6dd6dd6d d6dd6ƒ}djdtdƒd|ƒ}|j j|ƒ}|j|jdƒdS(u TODO uforceRRGu 1234567890R)RHRIiRJu read writeR1u test_userR2u123456u client_iducodeu response_typeurandom_state_stringustateuscopeuhttp://example.itu redirect_uriu {url}?{qs}R3uoauth2_provider:authorizeR4iÈN(R;RtREQUEST_APPROVAL_PROMPTR R!RKR#R)RRLRMRNR5R6RR9R:RRR<(RR=R3R>((sO/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/tests/test_authorization_code.pyt%test_pre_auth_approval_prompt_default®s   c Csådt_tjjd|jddd|jdtjƒt j ddƒd d ƒ|j j d d d dƒt i|jjd6dd6dd6d d6dd6ƒ}djdtdƒd|ƒ}|j j|ƒ}|j|jdƒdS(u TODO uautoRRGu 1234567890R)RHRIiRJu read writeR1u test_userR2u123456u client_iducodeu response_typeurandom_state_stringustateuscopeuhttp://example.itu redirect_uriu {url}?{qs}R3uoauth2_provider:authorizeR4i.N(RRQR R!RKR#R)RRLRMRNR5R6RR9R:RRR;R<(RR=R3R>((sO/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/tests/test_authorization_code.pyt.test_pre_auth_approval_prompt_default_overrideÄs    cCs§|jjddddƒti|jjd6dd6ƒ}djd td ƒd |ƒ}|jj|ƒ}|j|j d ƒ|j d }|j|dj ƒdƒdS(ue Test for default redirect uri if omitted from query string with response_type: code R1u test_userR2u123456u client_iducodeu response_typeu {url}?{qs}R3uoauth2_provider:authorizeR4iÈuformu redirect_uriuhttp://localhostN( R5R6RR)R9R:RRR;R<RBRC(RR=R3R>RD((sO/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/tests/test_authorization_code.pyttest_pre_auth_default_redirectÚs   cCs‡|jjddddƒti|jjd6dd6dd 6ƒ}d jd td ƒd |ƒ}|jj|ƒ}|j|j dƒdS(uk Test error when passing a forbidden redirect_uri in query string with response_type: code R1u test_userR2u123456u client_iducodeu response_typeuhttp://forbidden.itu redirect_uriu {url}?{qs}R3uoauth2_provider:authorizeR4iN( R5R6RR)R9R:RRR;R<(RR=R3R>((sO/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/tests/test_authorization_code.pyt test_pre_auth_forbibben_redirectìs  cCs”|jjddddƒti|jjd6dd6ƒ}djd td ƒd |ƒ}|jj|ƒ}|j|j d ƒ|j d |dƒdS(uO Test error when passing a wrong response_type in query string R1u test_userR2u123456u client_iduWRONGu response_typeu {url}?{qs}R3uoauth2_provider:authorizeR4i.uerror=unsupported_response_typeuLocationN( R5R6RR)R9R:RRR;R<RA(RR=R3R>((sO/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/tests/test_authorization_code.pyt!test_pre_auth_wrong_response_typeüs  cCsÀ|jjddddƒi|jjd6dd6dd 6d d 6d d 6td6}|jjtdƒd|ƒ}|j|jdƒ|j d|dƒ|j d|dƒ|j d|dƒdS(ub Test authorization code is given for an allowed request with response_type: code R1u test_userR2u123456u client_idurandom_state_stringustateu read writeuscopeuhttp://example.itu redirect_uriucodeu response_typeuallowuoauth2_provider:authorizetdatai.uhttp://example.it?uLocationustate=random_state_stringucode=N( R5R6R)R9R7tpostRR;R<RA(Rt form_dataR>((sO/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/tests/test_authorization_code.pyttest_code_post_auth_allow s  cCs˜|jjddddƒi|jjd6dd6dd 6d d 6d d 6td6}|jjtdƒd|ƒ}|j|jdƒ|j d|dƒdS(u< Test error when resource owner deny access R1u test_userR2u123456u client_idurandom_state_stringustateu read writeuscopeuhttp://example.itu redirect_uriucodeu response_typeuallowuoauth2_provider:authorizeRWi.uerror=access_denieduLocationN( R5R6R)R9tFalseRXRR;R<RA(RRYR>((sO/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/tests/test_authorization_code.pyttest_code_post_auth_deny!s  cCs˜|jjddddƒi|jjd6dd6dd 6d d 6d d 6td6}|jjtdƒd|ƒ}|j|jdƒ|j d|dƒdS(ul Test authorization code is given for an allowed request with a response_type not supported R1u test_userR2u123456u client_idurandom_state_stringustateu read writeuscopeuhttp://example.itu redirect_uriuUNKNOWNu response_typeuallowuoauth2_provider:authorizeRWi.uhttp://example.it?erroruLocationN( R5R6R)R9R7RXRR;R<RA(RRYR>((sO/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/tests/test_authorization_code.pyt$test_code_post_auth_bad_responsetype4s  cCs„|jjddddƒi|jjd6dd6dd 6d d 6d d 6td6}|jjtdƒd|ƒ}|j|jdƒdS(ug Test authorization code is given for an allowed request with a forbidden redirect_uri R1u test_userR2u123456u client_idurandom_state_stringustateu read writeuscopeuhttp://forbidden.itu redirect_uriucodeu response_typeuallowuoauth2_provider:authorizeRWiN( R5R6R)R9R7RXRR;R<(RRYR>((sO/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/tests/test_authorization_code.pyt*test_code_post_auth_forbidden_redirect_uriGs  cCs„|jjddddƒi|jjd6dd6dd 6d d 6d d 6td6}|jjtdƒd|ƒ}|j|jdƒdS(u= Test validation of a malicious redirect_uri R1u test_userR2u123456u client_idurandom_state_stringustateu read writeuscopeu/../u redirect_uriucodeu response_typeuallowuoauth2_provider:authorizeRWiN( R5R6R)R9R7RXRR;R<(RRYR>((sO/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/tests/test_authorization_code.pyt*test_code_post_auth_malicious_redirect_uriYs  cCsÀ|jjddddƒi|jjd6dd6dd 6d d 6d d 6td6}|jjtdƒd|ƒ}|j|jdƒ|j d|dƒ|j d|dƒ|j d|dƒdS(u¢ Test authorization code is given for an allowed request with response_type: code using a non-standard, but allowed, redirect_uri scheme. R1u test_userR2u123456u client_idurandom_state_stringustateu read writeuscopeucustom-scheme://example.comu redirect_uriucodeu response_typeuallowuoauth2_provider:authorizeRWi.ucustom-scheme://example.com?uLocationustate=random_state_stringucode=N( R5R6R)R9R7RXRR;R<RA(RRYR>((sO/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/tests/test_authorization_code.pyt4test_code_post_auth_allow_custom_redirect_uri_schemeks  cCs¬|jjddddƒi|jjd6dd6dd 6d d 6d d 6td6}|jjtdƒd|ƒ}|j|jdƒ|j d|dƒ|j d|dƒdS(u| Test error when resource owner deny access using a non-standard, but allowed, redirect_uri scheme. R1u test_userR2u123456u client_idurandom_state_stringustateu read writeuscopeucustom-scheme://example.comu redirect_uriucodeu response_typeuallowuoauth2_provider:authorizeRWi.ucustom-scheme://example.com?uLocationuerror=access_deniedN( R5R6R)R9R[RXRR;R<RA(RRYR>((sO/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/tests/test_authorization_code.pyt3test_code_post_auth_deny_custom_redirect_uri_schemes  cCs¬|jjddddƒi|jjd6dd6dd 6d d 6d d 6td6}|jjtdƒd|ƒ}|j|jdƒ|j d |dƒ|j d|dƒdS(u½ Tests that a redirection uri with query string is allowed and query string is retained on redirection. See http://tools.ietf.org/html/rfc6749#section-3.1.2 R1u test_userR2u123456u client_idurandom_state_stringustateu read writeuscopeuhttp://example.com?foo=baru redirect_uriucodeu response_typeuallowuoauth2_provider:authorizeRWi.uLocationucode=N( R5R6R)R9R7RXRR;R<RA(RRYR>((sO/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/tests/test_authorization_code.pyt4test_code_post_auth_redirection_uri_with_querystring–s  cCs˜|jjddddƒi|jjd6dd6dd 6d d 6d d 6td6}|jjtdƒd|ƒ}|j|jdƒ|jd|dƒdS(u¨ Test that in case of error the querystring of the redirection uri is preserved See https://github.com/evonove/django-oauth-toolkit/issues/238 R1u test_userR2u123456u client_idurandom_state_stringustateu read writeuscopeuhttp://example.com?foo=baru redirect_uriucodeu response_typeuallowuoauth2_provider:authorizeRWi.u.http://example.com?foo=bar&error=access_denieduLocationN( R5R6R)R9R[RXRR;R<(RRYR>((sO/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/tests/test_authorization_code.pyt<test_code_post_auth_failing_redirection_uri_with_querystring¬s  cCs„|jjddddƒi|jjd6dd6dd 6d d 6d d 6td6}|jjtdƒd|ƒ}|j|jdƒdS(uV Tests that a redirection uri is matched using scheme + netloc + path R1u test_userR2u123456u client_idurandom_state_stringustateu read writeuscopeuhttp://example.com/a?foo=baru redirect_uriucodeu response_typeuallowuoauth2_provider:authorizeRWiN( R5R6R)R9R7RXRR;R<(RRYR>((sO/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/tests/test_authorization_code.pyt;test_code_post_auth_fails_when_redirect_uri_path_is_invalidÁs  (RRR?R@RERFRPRRRSRTRURVRZR\R]R^R_R`RaRbRcRd(((sO/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/tests/test_authorization_code.pyR09s(                   tTestAuthorizationCodeTokenViewcBs³eZd„Zd„Zd„Zd„Zd„Zd„Zd„Zd„Z d„Z d „Z d „Z d „Z d „Zd „Zd„Zd„Zd„Zd„Zd„ZRS(cCs{i|jjd6dd6dd6dd6dd 6td 6}|jjtd ƒd |ƒ}tt|d ƒjƒ}|dj ƒS(uF Helper method to retrieve a valid authorization code u client_idurandom_state_stringustateu read writeuscopeuhttp://example.itu redirect_uriucodeu response_typeuallowuoauth2_provider:authorizeRWuLocation( R)R9R7R5RXRRRtquerytpop(Rt authcode_dataR>t query_dict((sO/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/tests/test_authorization_code.pytget_authÕs  cCsð|jjddddƒ|jƒ}idd6|d6dd 6}|j|jj|jjƒ}|jjtd ƒd ||}|j |j d ƒt j |j jd ƒƒ}|j |ddƒ|j |ddƒ|j |dtjƒdS(u^ Request an access token using basic authentication for client authentication R1u test_userR2u123456uauthorization_codeu grant_typeucodeuhttp://example.itu redirect_uriuoauth2_provider:tokenRWiÈuutf-8u token_typeuBeareruscopeu read writeu expires_inN(R5R6Rjtget_basic_auth_headerR)R9t client_secretRXRR;R<tjsontloadstcontenttdecodeRtACCESS_TOKEN_EXPIRE_SECONDS(Rtauthorization_codettoken_request_datat auth_headersR>Ro((sO/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/tests/test_authorization_code.pyttest_basic_authæs  !cCsæ|jjddddƒ|jƒ}idd6|d6dd 6}|j|jj|jjƒ}|jjtd ƒd ||}t j |j j d ƒƒ}|j d |kƒ|jƒ}idd6|d6dd 6}|jjtd ƒd ||}id d6|d d 6|dd6}|jjtd ƒd ||}|j|jdƒt j |j j d ƒƒ}|j d|kƒ|jjtd ƒd ||}|j|jdƒt j |j j d ƒƒ}|j d|jƒkƒdS(u? Request an access token using a refresh token R1u test_userR2u123456uauthorization_codeu grant_typeucodeuhttp://example.itu redirect_uriuoauth2_provider:tokenRWuutf-8u refresh_tokenuscopeiÈu access_tokeni‘u invalid_grantN(R5R6RjRkR)R9RlRXRRmRnRoRpt assertTrueR;R<tvalues(RRrRsRtR>Ro((sO/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/tests/test_authorization_code.pyt test_refreshüs8  !  ! !!cCsI|jjddddƒ|jƒ}idd6|d6dd 6}|j|jj|jjƒ}|jjtd ƒd ||}t j |j j d ƒƒ}|d }|d}id d6|d 6|dd6}|jjtd ƒd ||}|j |jdƒ|jtjjd|ƒjƒƒ|jtjjd|ƒjƒƒdS(uU Ensure existing refresh tokens are cleaned up when issuing new ones R1u test_userR2u123456uauthorization_codeu grant_typeucodeuhttp://example.itu redirect_uriuoauth2_provider:tokenRWuutf-8u refresh_tokenu access_tokenuscopeiÈRGN(R5R6RjRkR)R9RlRXRRmRnRoRpR;R<t assertFalseR R!tfiltertexistsR (RRrRsRtR>Rotrttat((sO/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/tests/test_authorization_code.pyt#test_refresh_invalidates_old_tokens(s&  !  !"cCs+|jjddddƒ|jƒ}idd6|d6dd 6}|j|jj|jjƒ}|jjtd ƒd ||}t j |j j d ƒƒ}|j d |kƒid d6|d d 6}|jjtd ƒd ||}|j|jdƒt j |j j d ƒƒ}|j d|kƒdS(uY Request an access token using a refresh token without passing any scope R1u test_userR2u123456uauthorization_codeu grant_typeucodeuhttp://example.itu redirect_uriuoauth2_provider:tokenRWuutf-8u refresh_tokeniÈu access_tokenN(R5R6RjRkR)R9RlRXRRmRnRoRpRvR;R<(RRrRsRtR>Ro((sO/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/tests/test_authorization_code.pyttest_refresh_no_scopesGs"  !!cCs|jjddddƒ|jƒ}idd6|d6dd 6}|j|jj|jjƒ}|jjtd ƒd ||}t j |j j d ƒƒ}|j d |kƒid d6|d d 6dd6}|jjtd ƒd ||}|j|jdƒdS(uP Request an access token using a refresh token and wrong scopes R1u test_userR2u123456uauthorization_codeu grant_typeucodeuhttp://example.itu redirect_uriuoauth2_provider:tokenRWuutf-8u refresh_tokenuread write nukeuscopei‘N(R5R6RjRkR)R9RlRXRRmRnRoRpRvR;R<(RRrRsRtR>Ro((sO/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/tests/test_authorization_code.pyttest_refresh_bad_scopescs   !  !cCs<|jjddddƒ|jƒ}idd6|d6dd 6}|j|jj|jjƒ}|jjtd ƒd ||}t j |j j d ƒƒ}|j d |kƒid d6|d d 6|dd6}|jjtd ƒd ||}|j|jdƒ|jjtd ƒd ||}|j|jdƒdS(u[ Try refreshing an access token with the same refresh token more than once R1u test_userR2u123456uauthorization_codeu grant_typeucodeuhttp://example.itu redirect_uriuoauth2_provider:tokenRWuutf-8u refresh_tokenuscopeiÈi‘N(R5R6RjRkR)R9RlRXRRmRnRoRpRvR;R<(RRrRsRtR>Ro((sO/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/tests/test_authorization_code.pyt$test_refresh_fail_repeating_requests}s$  ! !!c CsX|jjddddƒ|jƒ}idd6|d6dd 6}|j|jj|jjƒ}|jjtd ƒd ||}t j |j j d ƒƒ}|j d |kƒid d6|d d 6|dd6}tjddtƒm|jjtd ƒd ||}|j|jdƒ|jjtd ƒd ||}|j|jdƒWdQXdS(uu Try refreshing an access token with the same refresh token more than once when not rotating tokens. R1u test_userR2u123456uauthorization_codeu grant_typeucodeuhttp://example.itu redirect_uriuoauth2_provider:tokenRWuutf-8u refresh_tokenuscopeuOoauthlib.oauth2.rfc6749.request_validator.RequestValidator.rotate_refresh_tokent return_valueiÈN(R5R6RjRkR)R9RlRXRRmRnRoRpRvtmocktpatchR[R;R<(RRrRsRtR>Ro((sO/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/tests/test_authorization_code.pyt3test_refresh_repeating_requests_non_rotating_tokens™s(  !   !!cCsŠ|jjddddƒidd6dd6d d 6}|j|jj|jjƒ}|jjtd ƒd ||}|j|j d ƒdS(uH Request an access token using a bad authorization code R1u test_userR2u123456uauthorization_codeu grant_typeuBLAHucodeuhttp://example.itu redirect_uriuoauth2_provider:tokenRWi‘N( R5R6RkR)R9RlRXRR;R<(RRsRtR>((sO/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/tests/test_authorization_code.pyttest_basic_auth_bad_authcode¸s !cCsŠ|jjddddƒidd6dd6d d 6}|j|jj|jjƒ}|jjtd ƒd ||}|j|j d ƒdS(uG Request an access token using a bad grant_type string R1u test_userR2u123456uUNKNOWNu grant_typeuBLAHucodeuhttp://example.itu redirect_uriuoauth2_provider:tokenRWiN( R5R6RkR)R9RlRXRR;R<(RRsRtR>((sO/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/tests/test_authorization_code.pyttest_basic_auth_bad_granttypeÈs !c CsÍ|jjddddƒtd|jd|jddd tjƒd d d d ƒ}|jƒid d6dd6dd6}|j|jj |jj ƒ}|jj t dƒd||}|j |jdƒdS(uF Request an access token using an expired grant token R1u test_userR2u123456R)RtcodeuBLAHRHt redirect_uriuRJuauthorization_codeu grant_typeucodeuhttp://example.itu redirect_uriuoauth2_provider:tokenRWi‘N(R5R6R R)R#RRLR*RkR9RlRXRR;R<(RtgRsRtR>((sO/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/tests/test_authorization_code.pyttest_basic_auth_grant_expiredØs*  !cCs|jjddddƒ|jƒ}idd6|d6dd 6}|j|jjd ƒ}|jjtd ƒd ||}|j|j d ƒdS(u^ Request an access token using basic authentication for client authentication R1u test_userR2u123456uauthorization_codeu grant_typeucodeuhttp://example.itu redirect_uriuBOOM!uoauth2_provider:tokenRWi‘N( R5R6RjRkR)R9RXRR;R<(RRrRsRtR>((sO/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/tests/test_authorization_code.pyttest_basic_auth_bad_secretës  !cCsÈ|jjddddƒ|jƒ}idd6|d6dd 6}d j|jj|jjƒ}tj|j d ƒƒ}id |j d ƒd 6}|jj t dƒd||}|j |jdƒdS(u^ Request an access token using basic authentication for client authentication R1u test_userR2u123456uauthorization_codeu grant_typeucodeuhttp://example.itu redirect_uriu{0}:{1}uutf-8uWrong uHTTP_AUTHORIZATIONuoauth2_provider:tokenRWi‘N(R5R6RjR:R)R9Rltbase64t b64encodetencodeRpRXRR;R<(RRrRst user_passt auth_stringRtR>((sO/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/tests/test_authorization_code.pyttest_basic_auth_wrong_auth_typeüs  !cCsé|jjddddƒ|jƒ}idd6|d6dd 6|jjd 6|jjd 6}|jjtd ƒd |ƒ}|j|j dƒt j |j j dƒƒ}|j|ddƒ|j|ddƒ|j|dtjƒdS(uC Request an access token using client_type: public R1u test_userR2u123456uauthorization_codeu grant_typeucodeuhttp://example.itu redirect_uriu client_idu client_secretuoauth2_provider:tokenRWiÈuutf-8u token_typeuBeareruscopeu read writeu expires_inN(R5R6RjR)R9RlRXRR;R<RmRnRoRpRRq(RRrRsR>Ro((sO/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/tests/test_authorization_code.pyttest_request_body_paramss  cCsø|jjddddƒtj|j_|jjƒ|jƒ}idd6|d6dd 6|jjd 6}|jj t d ƒd |ƒ}|j |j d ƒt j|jjdƒƒ}|j |ddƒ|j |ddƒ|j |dtjƒdS(uC Request an access token using client_type: public R1u test_userR2u123456uauthorization_codeu grant_typeucodeuhttp://example.itu redirect_uriu client_iduoauth2_provider:tokenRWiÈuutf-8u token_typeuBeareruscopeu read writeu expires_inN(R5R6R&t CLIENT_PUBLICR)RR*RjR9RXRR;R<RmRnRoRpRRq(RRrRsR>Ro((sO/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/tests/test_authorization_code.pyt test_public)s  cCsž|jjddddƒtj|j_|jjƒ|jƒ}idd6|d6dd 6|jjd 6}|jj t d ƒd |ƒ}|j |j d ƒdS(uz Request an access token using client_type: public and ensure redirect_uri is properly validated. R1u test_userR2u123456uauthorization_codeu grant_typeucodeu/../u redirect_uriu client_iduoauth2_provider:tokenRWi‘N( R5R6R&R”R)RR*RjR9RXRR;R<(RRrRsR>((sO/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/tests/test_authorization_code.pyttest_malicious_redirect_uriBs  cCsa|jjddddƒi|jjd6dd6dd 6d d 6d d 6td6}|jjtdƒd|ƒ}tt|dƒj ƒ}|d j ƒ}idd6|d 6d d 6}|j |jj|jj ƒ}|jjtdƒd||}|j |jdƒtj|jjdƒƒ}|j |ddƒ|j |d dƒ|j |dtjƒdS(ue Tests code exchange succeed when redirect uri matches the one used for code request R1u test_userR2u123456u client_idurandom_state_stringustateu read writeuscopeuhttp://example.it?foo=baru redirect_uriucodeu response_typeuallowuoauth2_provider:authorizeRWuLocationuauthorization_codeu grant_typeuoauth2_provider:tokeniÈuutf-8u token_typeuBeareru expires_inN(R5R6R)R9R7RXRRRRfRgRkRlR;R<RmRnRoRpRRq(RRhR>RiRrRsRtRo((sO/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/tests/test_authorization_code.pyt2test_code_exchange_succeed_when_redirect_uri_matchWs,   !cCs|jjddddƒi|jjd6dd6dd 6d d 6d d 6td6}|jjtdƒd|ƒ}tt|dƒj ƒ}|d j ƒ}idd6|d 6dd 6}|j |jj|jj ƒ}|jjtdƒd||}|j |jdƒdS(uj Tests code exchange fails when redirect uri does not match the one used for code request R1u test_userR2u123456u client_idurandom_state_stringustateu read writeuscopeuhttp://example.it?foo=baru redirect_uriucodeu response_typeuallowuoauth2_provider:authorizeRWuLocationuauthorization_codeu grant_typeuhttp://example.it?foo=baraauoauth2_provider:tokeni‘N(R5R6R)R9R7RXRRRRfRgRkRlR;R<(RRhR>RiRrRsRt((sO/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/tests/test_authorization_code.pyt9test_code_exchange_fails_when_redirect_uri_does_not_matchzs$   !cCsz|jjddddƒd|j_|jjƒi|jjd6dd6d d 6d d 6d d6td6}|jjtdƒd|ƒ}t t |dƒj ƒ}|d j ƒ}idd6|d 6d d 6}|j |jj|jjƒ}|jjtdƒd||}|j|jdƒtj|jjdƒƒ}|j|ddƒ|j|d d ƒ|j|dtjƒdS(ue Tests code exchange succeed when redirect uri matches the one used for code request R1u test_userR2u123456u+http://localhost http://example.com?foo=baru client_idurandom_state_stringustateu read writeuscopeu"http://example.com?bar=baz&foo=baru redirect_uriucodeu response_typeuallowuoauth2_provider:authorizeRWuLocationuauthorization_codeu grant_typeuoauth2_provider:tokeniÈuutf-8u token_typeuBeareru expires_inN(R5R6R)RR*R9R7RXRRRRfRgRkRlR;R<RmRnRoRpRRq(RRhR>RiRrRsRtRo((sO/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/tests/test_authorization_code.pytMtest_code_exchange_succeed_when_redirect_uri_match_with_multiple_query_params˜s0     !(RRRjRuRxR~RR€RR…R†R‡R‹RŒR’R“R•R–R—R˜R™(((sO/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/tests/test_authorization_code.pyReÔs&   ,              # t&TestAuthorizationCodeProtectedResourcecBseZd„Zd„ZRS(c Css|jjddddƒi|jjd6dd6dd 6d d 6d d 6td6}|jjtdƒd|ƒ}tt|dƒj ƒ}|d j ƒ}idd6|d 6d d 6}|j |jj|jj ƒ}|jjtdƒd||}t j|jjdƒƒ}|d}id|d6}|jjd|} |j| _tjƒ} | | ƒ}|j|dƒdS(NR1u test_userR2u123456u client_idurandom_state_stringustateu read writeuscopeuhttp://example.itu redirect_uriucodeu response_typeuallowuoauth2_provider:authorizeRWuLocationuauthorization_codeu grant_typeuoauth2_provider:tokenuutf-8u access_tokenuBearer uHTTP_AUTHORIZATIONu/fake-resourceuThis is a protected resource(R5R6R)R9R7RXRRRRfRgRkRlRmRnRoRpRRR#RRtas_viewR;( RRhR>RiRrRsRtRot access_tokenRtview((sO/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/tests/test_authorization_code.pyttest_resource_access_allowed¿s4   !    cCs]idd6}|jjd|}|j|_tjƒ}||ƒ}|j|jdƒdS(NuBearer u faketokenuHTTP_AUTHORIZATIONu/fake-resourcei“uBearer faketoken(RRR#RRR›R;R<(RRtRRR>((sO/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/tests/test_authorization_code.pyttest_resource_access_denyæs    (RRRžRŸ(((sO/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/tests/test_authorization_code.pyRš¾s 'tTestDefaultScopescBseZd„ZRS(cCs(|jjddddƒdgt_ti|jjd6dd6d d 6d d 6ƒ}d jdtdƒd|ƒ}|jj |ƒ}|j |j dƒ|j d|j ƒ|j d}|j |d jƒd ƒ|j |d jƒd ƒ|j |djƒdƒ|j |djƒ|jjƒdS(uc Test response for a valid client_id with response_type: code using default scopes R1u test_userR2u123456ureadu client_iducodeu response_typeurandom_state_stringustateuhttp://example.itu redirect_uriu {url}?{qs}R3uoauth2_provider:authorizeR4iÈuformuscopeN(R5R6RR,RR)R9R:RRR;R<RARBRC(RR=R3R>RD((sO/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/tests/test_authorization_code.pyttest_pre_auth_default_scopesôs     (RRR¡(((sO/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/tests/test_authorization_code.pyR òs('t __future__RRRmRMRƒt django.testRRtdjango.core.urlresolversRtdjango.test.utilsRt django.utilsRtcompatRRRR tmodelsR R R R tsettingsRtviewsRt test_utilsRR&R RRR0ReRšR (((sO/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/tests/test_authorization_code.pyts.    ""  ÿœÿë4