ó O'—^c@sddlmZddlZddlmZmZddlmZddlm Z m Z m Z m Z ddl mZddlmZdd lmZmZeƒZe ƒZd efd „ƒYZd efd „ƒYZdefd„ƒYZdefd„ƒYZdS(iÿÿÿÿ(tunicode_literalsN(tTestCasetRequestFactory(treversei(turlparsetparse_qst urlencodetget_user_model(tget_application_model(toauth2_settings(tProtectedResourceViewtAuthorizationViewt ResourceViewcBseZd„ZRS(cOsdS(NuThis is a protected resource((tselftrequesttargstkwargs((sE/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/tests/test_implicit.pytgets(t__name__t __module__R(((sE/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/tests/test_implicit.pyR stBaseTestcBseZd„Zd„ZRS(c Cs¡tƒ|_tjjdddƒ|_tjjdddƒ|_tdddd d |jd tjd tj ƒ|_ |j j ƒd dgt _ d gt _dS(Nu test_useru test@user.comu123456udev_useru dev@user.comtnameuTest Implicit Applicationt redirect_urisu5http://localhost http://example.com http://example.ittusert client_typetauthorization_grant_typeureaduwrite(Rtfactoryt UserModeltobjectst create_usert test_usertdev_usert Applicationt CLIENT_PUBLICtGRANT_IMPLICITt applicationtsaveR t_SCOPESt_DEFAULT_SCOPES(R ((sE/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/tests/test_implicit.pytsetUps    cCs+|jjƒ|jjƒ|jjƒdS(N(R#tdeleteRR(R ((sE/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/tests/test_implicit.pyttearDown*s  (RRR'R)(((sE/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/tests/test_implicit.pyRs t!TestImplicitAuthorizationCodeViewcBsbeZd„Zd„Zd„Zd„Zd„Zd„Zd„Zd„Z d„Z d „Z RS( cCsÈ|jjddddƒti|jjd6dd6dd 6d d 6ƒ}d jd tdƒd|ƒ}|jj|ƒ}|j|j dƒ|j d|j ƒ|j d}|j|dj ƒdƒdS(ub Test response for a valid client_id with response_type: token and default_scopes tusernameu test_usertpasswordu123456u client_idutokenu response_typeurandom_state_stringustateuhttp://example.itu redirect_uriu {url}?{qs}turluoauth2_provider:authorizetqsiÈuformuscopeureadN( tclienttloginRR#t client_idtformatRRt assertEqualt status_codetassertIntcontexttvalue(R t query_stringR-tresponsetform((sE/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/tests/test_implicit.pyt)test_pre_auth_valid_client_default_scopes1s   cCs#|jjddddƒti|jjd6dd6dd 6d d 6d d 6ƒ}djdtdƒd|ƒ}|jj|ƒ}|j|j dƒ|j d|j ƒ|j d}|j|d j ƒd ƒ|j|d j ƒdƒ|j|d j ƒd ƒ|j|dj ƒ|jjƒdS(uO Test response for a valid client_id with response_type: token R+u test_userR,u123456u client_idutokenu response_typeurandom_state_stringustateu read writeuscopeuhttp://example.itu redirect_uriu {url}?{qs}R-uoauth2_provider:authorizeR.iÈuformN( R/R0RR#R1R2RRR3R4R5R6R7(R R8R-R9R:((sE/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/tests/test_implicit.pyttest_pre_auth_valid_clientEs    cCsz|jjddddƒtidd6dd6ƒ}d jd td ƒd |ƒ}|jj|ƒ}|j|jd ƒdS(uO Test error for an invalid client_id with response_type: token R+u test_userR,u123456u fakeclientidu client_idutokenu response_typeu {url}?{qs}R-uoauth2_provider:authorizeR.iN(R/R0RR2RRR3R4(R R8R-R9((sE/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/tests/test_implicit.pyttest_pre_auth_invalid_client`s cCs§|jjddddƒti|jjd6dd6ƒ}djd td ƒd |ƒ}|jj|ƒ}|j|j d ƒ|j d }|j|dj ƒdƒdS(uf Test for default redirect uri if omitted from query string with response_type: token R+u test_userR,u123456u client_idutokenu response_typeu {url}?{qs}R-uoauth2_provider:authorizeR.iÈuformu redirect_uriuhttp://localhostN( R/R0RR#R1R2RRR3R4R6R7(R R8R-R9R:((sE/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/tests/test_implicit.pyttest_pre_auth_default_redirectos   cCs‡|jjddddƒti|jjd6dd6dd 6ƒ}d jd td ƒd |ƒ}|jj|ƒ}|j|j dƒdS(ul Test error when passing a forbidden redirect_uri in query string with response_type: token R+u test_userR,u123456u client_idutokenu response_typeuhttp://forbidden.itu redirect_uriu {url}?{qs}R-uoauth2_provider:authorizeR.iN( R/R0RR#R1R2RRR3R4(R R8R-R9((sE/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/tests/test_implicit.pyt test_pre_auth_forbibben_redirects  cCsÀ|jjddddƒi|jjd6dd6dd 6d d 6d d 6td6}|jjtdƒd|ƒ}|j|jdƒ|j d|dƒ|j d|dƒ|j d|dƒdS(uc Test authorization code is given for an allowed request with response_type: token R+u test_userR,u123456u client_idurandom_state_stringustateu read writeuscopeuhttp://example.itu redirect_uriutokenu response_typeuallowuoauth2_provider:authorizetdatai.uhttp://example.it#uLocationu access_token=ustate=random_state_stringN( R/R0R#R1tTruetpostRR3R4R5(R t form_dataR9((sE/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/tests/test_implicit.pyttest_post_auth_allow‘s  cCsê|jjddddƒt|j_|jjƒti|jjd6dd6dd 6d d 6d d 6ƒ}djdt dƒd|ƒ}|jj |ƒ}|j |j dƒ|j d|dƒ|j d|dƒ|j d|dƒdS(u_ If application.skip_authorization = True, should skip the authorization page. R+u test_userR,u123456u client_idutokenu response_typeurandom_state_stringustateu read writeuscopeuhttp://example.itu redirect_uriu {url}?{qs}R-uoauth2_provider:authorizeR.i.uhttp://example.it#uLocationu access_token=ustate=random_state_stringN(R/R0RAR#tskip_authorizationR$RR1R2RRR3R4R5(R R8R-R9((sE/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/tests/test_implicit.pyt"test_skip_authorization_completely¦s    cCs˜|jjddddƒi|jjd6dd6dd 6d d 6d d 6td6}|jjtdƒd|ƒ}|j|jdƒ|j d|dƒdS(u< Test error when resource owner deny access R+u test_userR,u123456u client_idurandom_state_stringustateu read writeuscopeuhttp://example.itu redirect_uriutokenu response_typeuallowuoauth2_provider:authorizeR@i.uerror=access_denieduLocationN( R/R0R#R1tFalseRBRR3R4R5(R RCR9((sE/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/tests/test_implicit.pyttest_token_post_auth_deny¾s  cCs¬|jjddddƒi|jjd6dd6dd 6d d 6d d 6td6}|jjtdƒd|ƒ}|j|jdƒ|j d |dƒ|j d|dƒdS(u½ Tests that a redirection uri with query string is allowed and query string is retained on redirection. See http://tools.ietf.org/html/rfc6749#section-3.1.2 R+u test_userR,u123456u client_idurandom_state_stringustateu read writeuscopeuhttp://example.com?foo=baru redirect_uriutokenu response_typeuallowuoauth2_provider:authorizeR@i.uLocationu access_token=N( R/R0R#R1RARBRR3R4R5(R RCR9((sE/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/tests/test_implicit.pyt.test_implicit_redirection_uri_with_querystringÑs  cCs„|jjddddƒi|jjd6dd6dd 6d d 6d d 6td6}|jjtdƒd|ƒ}|j|jdƒdS(uV Tests that a redirection uri is matched using scheme + netloc + path R+u test_userR,u123456u client_idurandom_state_stringustateu read writeuscopeuhttp://example.com/a?foo=baru redirect_uriucodeu response_typeuallowuoauth2_provider:authorizeR@iN( R/R0R#R1RARBRR3R4(R RCR9((sE/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/tests/test_implicit.pyt5test_implicit_fails_when_redirect_uri_path_is_invalidçs  ( RRR;R<R=R>R?RDRFRHRIRJ(((sE/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/tests/test_implicit.pyR*0s         tTestImplicitTokenViewcBseZd„ZRS(cCsô|jjddddƒi|jjd6dd6dd 6d d 6d d 6td6}|jjtdƒd|ƒ}tt|dƒj ƒ}|dj ƒ}id|d6}|j j d|}|j |_tjƒ}||ƒ}|j|dƒdS(NR+u test_userR,u123456u client_idurandom_state_stringustateu read writeuscopeuhttp://example.itu redirect_uriutokenu response_typeuallowuoauth2_provider:authorizeR@uLocationu access_tokenuBearer uHTTP_AUTHORIZATIONu/fake-resourceuThis is a protected resource(R/R0R#R1RARBRRRtfragmenttpopRRRRR tas_viewR3(R t authcode_dataR9t frag_dictt access_tokent auth_headersRtview((sE/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/tests/test_implicit.pyttest_resource_access_allowedûs$     (RRRT(((sE/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/tests/test_implicit.pyRKús(t __future__Rtmockt django.testRRtdjango.core.urlresolversRtcompatRRRRtmodelsRtsettingsR tviewsR R R RR RR*RK(((sE/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/tests/test_implicit.pyts "  Ê