Home Explore Help
Sign In
SMusatov
/
ydb
mirror of https://github.com/ydb-platform/ydb.git
1
0
Fork 0
Files
Tree: 94b1c249a1
Branches Tags
ydb
/
contrib
/
python
/
oauthlib
/
tests
/
oauth2
/
rfc6749
/
endpoints
/
test_revocation_endpoint.py

test_revocation_endpoint.py 6.7 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148 
  1. # -*- coding: utf-8 -*-
    2. 

  2. from json import loads
    3. 

  3. from unittest.mock import MagicMock
    4. 

  4. 

  5. from oauthlib.common import urlencode
    6. 

  6. from oauthlib.oauth2 import RequestValidator, RevocationEndpoint
    7. 

  7. 

  8. from tests.unittest import TestCase
    9. 

  9. 

  10. 

  11. class RevocationEndpointTest(TestCase):
    12. 

  12. 

  13.     def setUp(self):
    14. 

  14.         self.validator = MagicMock(wraps=RequestValidator())
    15. 

  15.         self.validator.client_authentication_required.return_value = True
    16. 

  16.         self.validator.authenticate_client.return_value = True
    17. 

  17.         self.validator.revoke_token.return_value = True
    18. 

  18.         self.endpoint = RevocationEndpoint(self.validator)
    19. 

  19. 

  20.         self.uri = 'https://example.com/revoke_token'
    21. 

  21.         self.headers = {
    22. 

  22.             'Content-Type': 'application/x-www-form-urlencoded',
    23. 

  23.         }
    24. 

  24.         self.resp_h = {
    25. 

  25.             'Cache-Control': 'no-store',
    26. 

  26.             'Content-Type': 'application/json',
    27. 

  27.             'Pragma': 'no-cache'
    28. 

  28.         }
    29. 

  29. 

  30.     def test_revoke_token(self):
    31. 

  31.         for token_type in ('access_token', 'refresh_token', 'invalid'):
    32. 

  32.             body = urlencode([('token', 'foo'),
    33. 

  33.                               ('token_type_hint', token_type)])
    34. 

  34.             h, b, s = self.endpoint.create_revocation_response(self.uri,
    35. 

  35.                     headers=self.headers, body=body)
    36. 

  36.             self.assertEqual(h, {})
    37. 

  37.             self.assertEqual(b, '')
    38. 

  38.             self.assertEqual(s, 200)
    39. 

  39. 

  40.         # don't specify token_type_hint
    41. 

  41.         body = urlencode([('token', 'foo')])
    42. 

  42.         h, b, s = self.endpoint.create_revocation_response(self.uri,
    43. 

  43.                 headers=self.headers, body=body)
    44. 

  44.         self.assertEqual(h, {})
    45. 

  45.         self.assertEqual(b, '')
    46. 

  46.         self.assertEqual(s, 200)
    47. 

  47. 

  48.     def test_revoke_token_client_authentication_failed(self):
    49. 

  49.         self.validator.authenticate_client.return_value = False
    50. 

  50.         body = urlencode([('token', 'foo'),
    51. 

  51.                           ('token_type_hint', 'access_token')])
    52. 

  52.         h, b, s = self.endpoint.create_revocation_response(self.uri,
    53. 

  53.                 headers=self.headers, body=body)
    54. 

  54.         self.assertEqual(h, {
    55. 

  55.             'Content-Type': 'application/json',
    56. 

  56.             'Cache-Control': 'no-store',
    57. 

  57.             'Pragma': 'no-cache',
    58. 

  58.             "WWW-Authenticate": 'Bearer error="invalid_client"'
    59. 

  59.         })
    60. 

  60.         self.assertEqual(loads(b)['error'], 'invalid_client')
    61. 

  61.         self.assertEqual(s, 401)
    62. 

  62. 

  63.     def test_revoke_token_public_client_authentication(self):
    64. 

  64.         self.validator.client_authentication_required.return_value = False
    65. 

  65.         self.validator.authenticate_client_id.return_value = True
    66. 

  66.         for token_type in ('access_token', 'refresh_token', 'invalid'):
    67. 

  67.             body = urlencode([('token', 'foo'),
    68. 

  68.                               ('token_type_hint', token_type)])
    69. 

  69.             h, b, s = self.endpoint.create_revocation_response(self.uri,
    70. 

  70.                     headers=self.headers, body=body)
    71. 

  71.             self.assertEqual(h, {})
    72. 

  72.             self.assertEqual(b, '')
    73. 

  73.             self.assertEqual(s, 200)
    74. 

  74. 

  75.     def test_revoke_token_public_client_authentication_failed(self):
    76. 

  76.         self.validator.client_authentication_required.return_value = False
    77. 

  77.         self.validator.authenticate_client_id.return_value = False
    78. 

  78.         body = urlencode([('token', 'foo'),
    79. 

  79.                           ('token_type_hint', 'access_token')])
    80. 

  80.         h, b, s = self.endpoint.create_revocation_response(self.uri,
    81. 

  81.                 headers=self.headers, body=body)
    82. 

  82.         self.assertEqual(h, {
    83. 

  83.             'Content-Type': 'application/json',
    84. 

  84.             'Cache-Control': 'no-store',
    85. 

  85.             'Pragma': 'no-cache',
    86. 

  86.             "WWW-Authenticate": 'Bearer error="invalid_client"'
    87. 

  87.         })
    88. 

  88.         self.assertEqual(loads(b)['error'], 'invalid_client')
    89. 

  89.         self.assertEqual(s, 401)
    90. 

  90. 

  91.     def test_revoke_with_callback(self):
    92. 

  92.         endpoint = RevocationEndpoint(self.validator, enable_jsonp=True)
    93. 

  93.         callback = 'package.hello_world'
    94. 

  94.         for token_type in ('access_token', 'refresh_token', 'invalid'):
    95. 

  95.             body = urlencode([('token', 'foo'),
    96. 

  96.                               ('token_type_hint', token_type),
    97. 

  97.                               ('callback', callback)])
    98. 

  98.             h, b, s = endpoint.create_revocation_response(self.uri,
    99. 

  99.                     headers=self.headers, body=body)
    100. 

  100.             self.assertEqual(h, {})
    101. 

  101.             self.assertEqual(b, callback + '();')
    102. 

  102.             self.assertEqual(s, 200)
    103. 

  103. 

  104.     def test_revoke_unsupported_token(self):
    105. 

  105.         endpoint = RevocationEndpoint(self.validator,
    106. 

  106.                                       supported_token_types=['access_token'])
    107. 

  107.         body = urlencode([('token', 'foo'),
    108. 

  108.                           ('token_type_hint', 'refresh_token')])
    109. 

  109.         h, b, s = endpoint.create_revocation_response(self.uri,
    110. 

  110.                 headers=self.headers, body=body)
    111. 

  111.         self.assertEqual(h, self.resp_h)
    112. 

  112.         self.assertEqual(loads(b)['error'], 'unsupported_token_type')
    113. 

  113.         self.assertEqual(s, 400)
    114. 

  114. 

  115.         h, b, s = endpoint.create_revocation_response(self.uri,
    116. 

  116.                 headers=self.headers, body='')
    117. 

  117.         self.assertEqual(h, self.resp_h)
    118. 

  118.         self.assertEqual(loads(b)['error'], 'invalid_request')
    119. 

  119.         self.assertEqual(s, 400)
    120. 

  120. 

  121.     def test_revoke_invalid_request_method(self):
    122. 

  122.         endpoint = RevocationEndpoint(self.validator,
    123. 

  123.                                       supported_token_types=['access_token'])
    124. 

  124.         test_methods = ['GET', 'pUt', 'dEleTe', 'paTcH']
    125. 

  125.         test_methods = test_methods + [x.lower() for x in test_methods] + [x.upper() for x in test_methods]
    126. 

  126.         for method in test_methods:
    127. 

  127.             body = urlencode([('token', 'foo'),
    128. 

  128.                               ('token_type_hint', 'refresh_token')])
    129. 

  129.             h, b, s = endpoint.create_revocation_response(self.uri,
    130. 

  130.                     http_method = method, headers=self.headers, body=body)
    131. 

  131.             self.assertEqual(h, self.resp_h)
    132. 

  132.             self.assertEqual(loads(b)['error'], 'invalid_request')
    133. 

  133.             self.assertIn('Unsupported request method', loads(b)['error_description'])
    134. 

  134.             self.assertEqual(s, 400)
    135. 

  135. 

  136.     def test_revoke_bad_post_request(self):
    137. 

  137.         endpoint = RevocationEndpoint(self.validator,
    138. 

  138.                                       supported_token_types=['access_token'])
    139. 

  139.         for param in ['token', 'secret', 'code', 'foo']:
    140. 

  140.             uri = 'http://some.endpoint?' + urlencode([(param, 'secret')])
    141. 

  141.             body = urlencode([('token', 'foo'),
    142. 

  142.                               ('token_type_hint', 'access_token')])
    143. 

  143.             h, b, s = endpoint.create_revocation_response(uri,
    144. 

  144.                     headers=self.headers, body=body)
    145. 

  145.             self.assertEqual(h, self.resp_h)
    146. 

  146.             self.assertEqual(loads(b)['error'], 'invalid_request')
    147. 

  147.             self.assertIn('query parameters are not allowed', loads(b)['error_description'])
    148. 

  148.             self.assertEqual(s, 400)
    149.