| Index: third_party/gsutil/third_party/oauth2client/tests/test_appengine.py
|
| diff --git a/third_party/gsutil/third_party/oauth2client/tests/test_appengine.py b/third_party/gsutil/third_party/oauth2client/tests/test_appengine.py
|
| new file mode 100755
|
| index 0000000000000000000000000000000000000000..2e49a501389fed506127b31678500561fe22fcb1
|
| --- /dev/null
|
| +++ b/third_party/gsutil/third_party/oauth2client/tests/test_appengine.py
|
| @@ -0,0 +1,882 @@
|
| +#!/usr/bin/python2.4
|
| +#
|
| +# Copyright 2014 Google Inc. All rights reserved.
|
| +#
|
| +# Licensed under the Apache License, Version 2.0 (the "License");
|
| +# you may not use this file except in compliance with the License.
|
| +# You may obtain a copy of the License at
|
| +#
|
| +# http://www.apache.org/licenses/LICENSE-2.0
|
| +#
|
| +# Unless required by applicable law or agreed to in writing, software
|
| +# distributed under the License is distributed on an "AS IS" BASIS,
|
| +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
| +# See the License for the specific language governing permissions and
|
| +# limitations under the License.
|
| +
|
| +
|
| +"""Discovery document tests
|
| +
|
| +Unit tests for objects created from discovery documents.
|
| +"""
|
| +
|
| +__author__ = 'jcgregorio@google.com (Joe Gregorio)'
|
| +
|
| +import datetime
|
| +import httplib2
|
| +import json
|
| +import os
|
| +import time
|
| +import unittest
|
| +import urllib
|
| +import urlparse
|
| +
|
| +import dev_appserver
|
| +dev_appserver.fix_sys_path()
|
| +import mock
|
| +import webapp2
|
| +
|
| +from google.appengine.api import apiproxy_stub
|
| +from google.appengine.api import apiproxy_stub_map
|
| +from google.appengine.api import app_identity
|
| +from google.appengine.api import memcache
|
| +from google.appengine.api import users
|
| +from google.appengine.api.memcache import memcache_stub
|
| +from google.appengine.ext import db
|
| +from google.appengine.ext import ndb
|
| +from google.appengine.ext import testbed
|
| +from google.appengine.runtime import apiproxy_errors
|
| +from oauth2client import appengine
|
| +from oauth2client import GOOGLE_TOKEN_URI
|
| +from oauth2client.clientsecrets import _loadfile
|
| +from oauth2client.clientsecrets import InvalidClientSecretsError
|
| +from oauth2client.appengine import AppAssertionCredentials
|
| +from oauth2client.appengine import CredentialsModel
|
| +from oauth2client.appengine import CredentialsNDBModel
|
| +from oauth2client.appengine import FlowNDBProperty
|
| +from oauth2client.appengine import FlowProperty
|
| +from oauth2client.appengine import OAuth2Decorator
|
| +from oauth2client.appengine import OAuth2DecoratorFromClientSecrets
|
| +from oauth2client.appengine import StorageByKeyName
|
| +from oauth2client.client import AccessTokenRefreshError
|
| +from oauth2client.client import Credentials
|
| +from oauth2client.client import FlowExchangeError
|
| +from oauth2client.client import OAuth2Credentials
|
| +from oauth2client.client import flow_from_clientsecrets
|
| +from oauth2client.client import save_to_well_known_file
|
| +from webtest import TestApp
|
| +
|
| +
|
| +DATA_DIR = os.path.join(os.path.dirname(__file__), 'data')
|
| +
|
| +
|
| +def datafile(filename):
|
| + return os.path.join(DATA_DIR, filename)
|
| +
|
| +
|
| +def load_and_cache(existing_file, fakename, cache_mock):
|
| + client_type, client_info = _loadfile(datafile(existing_file))
|
| + cache_mock.cache[fakename] = {client_type: client_info}
|
| +
|
| +
|
| +class CacheMock(object):
|
| + def __init__(self):
|
| + self.cache = {}
|
| +
|
| + def get(self, key, namespace=''):
|
| + # ignoring namespace for easier testing
|
| + return self.cache.get(key, None)
|
| +
|
| + def set(self, key, value, namespace=''):
|
| + # ignoring namespace for easier testing
|
| + self.cache[key] = value
|
| +
|
| +
|
| +class UserMock(object):
|
| + """Mock the app engine user service"""
|
| +
|
| + def __call__(self):
|
| + return self
|
| +
|
| + def user_id(self):
|
| + return 'foo_user'
|
| +
|
| +
|
| +class UserNotLoggedInMock(object):
|
| + """Mock the app engine user service"""
|
| +
|
| + def __call__(self):
|
| + return None
|
| +
|
| +
|
| +class Http2Mock(object):
|
| + """Mock httplib2.Http"""
|
| + status = 200
|
| + content = {
|
| + 'access_token': 'foo_access_token',
|
| + 'refresh_token': 'foo_refresh_token',
|
| + 'expires_in': 3600,
|
| + 'extra': 'value',
|
| + }
|
| +
|
| + def request(self, token_uri, method, body, headers, *args, **kwargs):
|
| + self.body = body
|
| + self.headers = headers
|
| + return (self, json.dumps(self.content))
|
| +
|
| +
|
| +class TestAppAssertionCredentials(unittest.TestCase):
|
| + account_name = "service_account_name@appspot.com"
|
| + signature = "signature"
|
| +
|
| +
|
| + class AppIdentityStubImpl(apiproxy_stub.APIProxyStub):
|
| +
|
| + def __init__(self):
|
| + super(TestAppAssertionCredentials.AppIdentityStubImpl, self).__init__(
|
| + 'app_identity_service')
|
| +
|
| + def _Dynamic_GetAccessToken(self, request, response):
|
| + response.set_access_token('a_token_123')
|
| + response.set_expiration_time(time.time() + 1800)
|
| +
|
| +
|
| + class ErroringAppIdentityStubImpl(apiproxy_stub.APIProxyStub):
|
| +
|
| + def __init__(self):
|
| + super(TestAppAssertionCredentials.ErroringAppIdentityStubImpl, self).__init__(
|
| + 'app_identity_service')
|
| +
|
| + def _Dynamic_GetAccessToken(self, request, response):
|
| + raise app_identity.BackendDeadlineExceeded()
|
| +
|
| + def test_raise_correct_type_of_exception(self):
|
| + app_identity_stub = self.ErroringAppIdentityStubImpl()
|
| + apiproxy_stub_map.apiproxy = apiproxy_stub_map.APIProxyStubMap()
|
| + apiproxy_stub_map.apiproxy.RegisterStub('app_identity_service',
|
| + app_identity_stub)
|
| + apiproxy_stub_map.apiproxy.RegisterStub(
|
| + 'memcache', memcache_stub.MemcacheServiceStub())
|
| +
|
| + scope = 'http://www.googleapis.com/scope'
|
| + credentials = AppAssertionCredentials(scope)
|
| + http = httplib2.Http()
|
| + self.assertRaises(AccessTokenRefreshError, credentials.refresh, http)
|
| +
|
| + def test_get_access_token_on_refresh(self):
|
| + app_identity_stub = self.AppIdentityStubImpl()
|
| + apiproxy_stub_map.apiproxy = apiproxy_stub_map.APIProxyStubMap()
|
| + apiproxy_stub_map.apiproxy.RegisterStub("app_identity_service",
|
| + app_identity_stub)
|
| + apiproxy_stub_map.apiproxy.RegisterStub(
|
| + 'memcache', memcache_stub.MemcacheServiceStub())
|
| +
|
| + scope = [
|
| + "http://www.googleapis.com/scope",
|
| + "http://www.googleapis.com/scope2"]
|
| + credentials = AppAssertionCredentials(scope)
|
| + http = httplib2.Http()
|
| + credentials.refresh(http)
|
| + self.assertEqual('a_token_123', credentials.access_token)
|
| +
|
| + json = credentials.to_json()
|
| + credentials = Credentials.new_from_json(json)
|
| + self.assertEqual(
|
| + 'http://www.googleapis.com/scope http://www.googleapis.com/scope2',
|
| + credentials.scope)
|
| +
|
| + scope = "http://www.googleapis.com/scope http://www.googleapis.com/scope2"
|
| + credentials = AppAssertionCredentials(scope)
|
| + http = httplib2.Http()
|
| + credentials.refresh(http)
|
| + self.assertEqual('a_token_123', credentials.access_token)
|
| + self.assertEqual(
|
| + 'http://www.googleapis.com/scope http://www.googleapis.com/scope2',
|
| + credentials.scope)
|
| +
|
| + def test_custom_service_account(self):
|
| + scope = "http://www.googleapis.com/scope"
|
| + account_id = "service_account_name_2@appspot.com"
|
| +
|
| + with mock.patch.object(app_identity, 'get_access_token',
|
| + return_value=('a_token_456', None),
|
| + autospec=True) as get_access_token:
|
| + credentials = AppAssertionCredentials(
|
| + scope, service_account_id=account_id)
|
| + http = httplib2.Http()
|
| + credentials.refresh(http)
|
| +
|
| + self.assertEqual('a_token_456', credentials.access_token)
|
| + self.assertEqual(scope, credentials.scope)
|
| + get_access_token.assert_called_once_with(
|
| + [scope], service_account_id=account_id)
|
| +
|
| + def test_create_scoped_required_without_scopes(self):
|
| + credentials = AppAssertionCredentials([])
|
| + self.assertTrue(credentials.create_scoped_required())
|
| +
|
| + def test_create_scoped_required_with_scopes(self):
|
| + credentials = AppAssertionCredentials(['dummy_scope'])
|
| + self.assertFalse(credentials.create_scoped_required())
|
| +
|
| + def test_create_scoped(self):
|
| + credentials = AppAssertionCredentials([])
|
| + new_credentials = credentials.create_scoped(['dummy_scope'])
|
| + self.assertNotEqual(credentials, new_credentials)
|
| + self.assertTrue(isinstance(new_credentials, AppAssertionCredentials))
|
| + self.assertEqual('dummy_scope', new_credentials.scope)
|
| +
|
| + def test_get_access_token(self):
|
| + app_identity_stub = self.AppIdentityStubImpl()
|
| + apiproxy_stub_map.apiproxy = apiproxy_stub_map.APIProxyStubMap()
|
| + apiproxy_stub_map.apiproxy.RegisterStub("app_identity_service",
|
| + app_identity_stub)
|
| + apiproxy_stub_map.apiproxy.RegisterStub(
|
| + 'memcache', memcache_stub.MemcacheServiceStub())
|
| +
|
| + credentials = AppAssertionCredentials(['dummy_scope'])
|
| + token = credentials.get_access_token()
|
| + self.assertEqual('a_token_123', token.access_token)
|
| + self.assertEqual(None, token.expires_in)
|
| +
|
| + def test_save_to_well_known_file(self):
|
| + credentials = AppAssertionCredentials([])
|
| + self.assertRaises(NotImplementedError, save_to_well_known_file, credentials)
|
| +
|
| +
|
| +class TestFlowModel(db.Model):
|
| + flow = FlowProperty()
|
| +
|
| +
|
| +class FlowPropertyTest(unittest.TestCase):
|
| +
|
| + def setUp(self):
|
| + self.testbed = testbed.Testbed()
|
| + self.testbed.activate()
|
| + self.testbed.init_datastore_v3_stub()
|
| +
|
| + def tearDown(self):
|
| + self.testbed.deactivate()
|
| +
|
| + def test_flow_get_put(self):
|
| + instance = TestFlowModel(
|
| + flow=flow_from_clientsecrets(datafile('client_secrets.json'), 'foo',
|
| + redirect_uri='oob'),
|
| + key_name='foo'
|
| + )
|
| + instance.put()
|
| + retrieved = TestFlowModel.get_by_key_name('foo')
|
| +
|
| + self.assertEqual('foo_client_id', retrieved.flow.client_id)
|
| +
|
| +
|
| +class TestFlowNDBModel(ndb.Model):
|
| + flow = FlowNDBProperty()
|
| +
|
| +
|
| +class FlowNDBPropertyTest(unittest.TestCase):
|
| +
|
| + def setUp(self):
|
| + self.testbed = testbed.Testbed()
|
| + self.testbed.activate()
|
| + self.testbed.init_datastore_v3_stub()
|
| + self.testbed.init_memcache_stub()
|
| +
|
| + def tearDown(self):
|
| + self.testbed.deactivate()
|
| +
|
| + def test_flow_get_put(self):
|
| + instance = TestFlowNDBModel(
|
| + flow=flow_from_clientsecrets(datafile('client_secrets.json'), 'foo',
|
| + redirect_uri='oob'),
|
| + id='foo'
|
| + )
|
| + instance.put()
|
| + retrieved = TestFlowNDBModel.get_by_id('foo')
|
| +
|
| + self.assertEqual('foo_client_id', retrieved.flow.client_id)
|
| +
|
| +
|
| +def _http_request(*args, **kwargs):
|
| + resp = httplib2.Response({'status': '200'})
|
| + content = json.dumps({'access_token': 'bar'})
|
| +
|
| + return resp, content
|
| +
|
| +
|
| +class StorageByKeyNameTest(unittest.TestCase):
|
| +
|
| + def setUp(self):
|
| + self.testbed = testbed.Testbed()
|
| + self.testbed.activate()
|
| + self.testbed.init_datastore_v3_stub()
|
| + self.testbed.init_memcache_stub()
|
| + self.testbed.init_user_stub()
|
| +
|
| + access_token = 'foo'
|
| + client_id = 'some_client_id'
|
| + client_secret = 'cOuDdkfjxxnv+'
|
| + refresh_token = '1/0/a.df219fjls0'
|
| + token_expiry = datetime.datetime.utcnow()
|
| + user_agent = 'refresh_checker/1.0'
|
| + self.credentials = OAuth2Credentials(
|
| + access_token, client_id, client_secret,
|
| + refresh_token, token_expiry, GOOGLE_TOKEN_URI,
|
| + user_agent)
|
| +
|
| + def tearDown(self):
|
| + self.testbed.deactivate()
|
| +
|
| + def test_get_and_put_simple(self):
|
| + storage = StorageByKeyName(
|
| + CredentialsModel, 'foo', 'credentials')
|
| +
|
| + self.assertEqual(None, storage.get())
|
| + self.credentials.set_store(storage)
|
| +
|
| + self.credentials._refresh(_http_request)
|
| + credmodel = CredentialsModel.get_by_key_name('foo')
|
| + self.assertEqual('bar', credmodel.credentials.access_token)
|
| +
|
| + def test_get_and_put_cached(self):
|
| + storage = StorageByKeyName(
|
| + CredentialsModel, 'foo', 'credentials', cache=memcache)
|
| +
|
| + self.assertEqual(None, storage.get())
|
| + self.credentials.set_store(storage)
|
| +
|
| + self.credentials._refresh(_http_request)
|
| + credmodel = CredentialsModel.get_by_key_name('foo')
|
| + self.assertEqual('bar', credmodel.credentials.access_token)
|
| +
|
| + # Now remove the item from the cache.
|
| + memcache.delete('foo')
|
| +
|
| + # Check that getting refreshes the cache.
|
| + credentials = storage.get()
|
| + self.assertEqual('bar', credentials.access_token)
|
| + self.assertNotEqual(None, memcache.get('foo'))
|
| +
|
| + # Deleting should clear the cache.
|
| + storage.delete()
|
| + credentials = storage.get()
|
| + self.assertEqual(None, credentials)
|
| + self.assertEqual(None, memcache.get('foo'))
|
| +
|
| + def test_get_and_put_set_store_on_cache_retrieval(self):
|
| + storage = StorageByKeyName(
|
| + CredentialsModel, 'foo', 'credentials', cache=memcache)
|
| +
|
| + self.assertEqual(None, storage.get())
|
| + self.credentials.set_store(storage)
|
| + storage.put(self.credentials)
|
| + # Pre-bug 292 old_creds wouldn't have storage, and the _refresh wouldn't
|
| + # be able to store the updated cred back into the storage.
|
| + old_creds = storage.get()
|
| + self.assertEqual(old_creds.access_token, 'foo')
|
| + old_creds.invalid = True
|
| + old_creds._refresh(_http_request)
|
| + new_creds = storage.get()
|
| + self.assertEqual(new_creds.access_token, 'bar')
|
| +
|
| + def test_get_and_put_ndb(self):
|
| + # Start empty
|
| + storage = StorageByKeyName(
|
| + CredentialsNDBModel, 'foo', 'credentials')
|
| + self.assertEqual(None, storage.get())
|
| +
|
| + # Refresh storage and retrieve without using storage
|
| + self.credentials.set_store(storage)
|
| + self.credentials._refresh(_http_request)
|
| + credmodel = CredentialsNDBModel.get_by_id('foo')
|
| + self.assertEqual('bar', credmodel.credentials.access_token)
|
| + self.assertEqual(credmodel.credentials.to_json(),
|
| + self.credentials.to_json())
|
| +
|
| + def test_delete_ndb(self):
|
| + # Start empty
|
| + storage = StorageByKeyName(
|
| + CredentialsNDBModel, 'foo', 'credentials')
|
| + self.assertEqual(None, storage.get())
|
| +
|
| + # Add credentials to model with storage, and check equivalent w/o storage
|
| + storage.put(self.credentials)
|
| + credmodel = CredentialsNDBModel.get_by_id('foo')
|
| + self.assertEqual(credmodel.credentials.to_json(),
|
| + self.credentials.to_json())
|
| +
|
| + # Delete and make sure empty
|
| + storage.delete()
|
| + self.assertEqual(None, storage.get())
|
| +
|
| + def test_get_and_put_mixed_ndb_storage_db_get(self):
|
| + # Start empty
|
| + storage = StorageByKeyName(
|
| + CredentialsNDBModel, 'foo', 'credentials')
|
| + self.assertEqual(None, storage.get())
|
| +
|
| + # Set NDB store and refresh to add to storage
|
| + self.credentials.set_store(storage)
|
| + self.credentials._refresh(_http_request)
|
| +
|
| + # Retrieve same key from DB model to confirm mixing works
|
| + credmodel = CredentialsModel.get_by_key_name('foo')
|
| + self.assertEqual('bar', credmodel.credentials.access_token)
|
| + self.assertEqual(self.credentials.to_json(),
|
| + credmodel.credentials.to_json())
|
| +
|
| + def test_get_and_put_mixed_db_storage_ndb_get(self):
|
| + # Start empty
|
| + storage = StorageByKeyName(
|
| + CredentialsModel, 'foo', 'credentials')
|
| + self.assertEqual(None, storage.get())
|
| +
|
| + # Set DB store and refresh to add to storage
|
| + self.credentials.set_store(storage)
|
| + self.credentials._refresh(_http_request)
|
| +
|
| + # Retrieve same key from NDB model to confirm mixing works
|
| + credmodel = CredentialsNDBModel.get_by_id('foo')
|
| + self.assertEqual('bar', credmodel.credentials.access_token)
|
| + self.assertEqual(self.credentials.to_json(),
|
| + credmodel.credentials.to_json())
|
| +
|
| + def test_delete_db_ndb_mixed(self):
|
| + # Start empty
|
| + storage_ndb = StorageByKeyName(
|
| + CredentialsNDBModel, 'foo', 'credentials')
|
| + storage = StorageByKeyName(
|
| + CredentialsModel, 'foo', 'credentials')
|
| +
|
| + # First DB, then NDB
|
| + self.assertEqual(None, storage.get())
|
| + storage.put(self.credentials)
|
| + self.assertNotEqual(None, storage.get())
|
| +
|
| + storage_ndb.delete()
|
| + self.assertEqual(None, storage.get())
|
| +
|
| + # First NDB, then DB
|
| + self.assertEqual(None, storage_ndb.get())
|
| + storage_ndb.put(self.credentials)
|
| +
|
| + storage.delete()
|
| + self.assertNotEqual(None, storage_ndb.get())
|
| + # NDB uses memcache and an instance cache (Context)
|
| + ndb.get_context().clear_cache()
|
| + memcache.flush_all()
|
| + self.assertEqual(None, storage_ndb.get())
|
| +
|
| +
|
| +class MockRequest(object):
|
| + url = 'https://example.org'
|
| +
|
| + def relative_url(self, rel):
|
| + return self.url + rel
|
| +
|
| +
|
| +class MockRequestHandler(object):
|
| + request = MockRequest()
|
| +
|
| +
|
| +class DecoratorTests(unittest.TestCase):
|
| +
|
| + def setUp(self):
|
| + self.testbed = testbed.Testbed()
|
| + self.testbed.activate()
|
| + self.testbed.init_datastore_v3_stub()
|
| + self.testbed.init_memcache_stub()
|
| + self.testbed.init_user_stub()
|
| +
|
| + decorator = OAuth2Decorator(client_id='foo_client_id',
|
| + client_secret='foo_client_secret',
|
| + scope=['foo_scope', 'bar_scope'],
|
| + user_agent='foo')
|
| +
|
| + self._finish_setup(decorator, user_mock=UserMock)
|
| +
|
| + def _finish_setup(self, decorator, user_mock):
|
| + self.decorator = decorator
|
| + self.had_credentials = False
|
| + self.found_credentials = None
|
| + self.should_raise = False
|
| + parent = self
|
| +
|
| + class TestRequiredHandler(webapp2.RequestHandler):
|
| + @decorator.oauth_required
|
| + def get(self):
|
| + if decorator.has_credentials():
|
| + parent.had_credentials = True
|
| + parent.found_credentials = decorator.credentials
|
| + if parent.should_raise:
|
| + raise Exception('')
|
| +
|
| + class TestAwareHandler(webapp2.RequestHandler):
|
| + @decorator.oauth_aware
|
| + def get(self, *args, **kwargs):
|
| + self.response.out.write('Hello World!')
|
| + assert(kwargs['year'] == '2012')
|
| + assert(kwargs['month'] == '01')
|
| + if decorator.has_credentials():
|
| + parent.had_credentials = True
|
| + parent.found_credentials = decorator.credentials
|
| + if parent.should_raise:
|
| + raise Exception('')
|
| +
|
| +
|
| + application = webapp2.WSGIApplication([
|
| + ('/oauth2callback', self.decorator.callback_handler()),
|
| + ('/foo_path', TestRequiredHandler),
|
| + webapp2.Route(r'/bar_path/<year:\d{4}>/<month:\d{2}>',
|
| + handler=TestAwareHandler, name='bar')],
|
| + debug=True)
|
| + self.app = TestApp(application, extra_environ={
|
| + 'wsgi.url_scheme': 'http',
|
| + 'HTTP_HOST': 'localhost',
|
| + })
|
| + self.current_user = user_mock()
|
| + users.get_current_user = self.current_user
|
| + self.httplib2_orig = httplib2.Http
|
| + httplib2.Http = Http2Mock
|
| +
|
| + def tearDown(self):
|
| + self.testbed.deactivate()
|
| + httplib2.Http = self.httplib2_orig
|
| +
|
| + def test_required(self):
|
| + # An initial request to an oauth_required decorated path should be a
|
| + # redirect to start the OAuth dance.
|
| + self.assertEqual(self.decorator.flow, None)
|
| + self.assertEqual(self.decorator.credentials, None)
|
| + response = self.app.get('http://localhost/foo_path')
|
| + self.assertTrue(response.status.startswith('302'))
|
| + q = urlparse.parse_qs(response.headers['Location'].split('?', 1)[1])
|
| + self.assertEqual('http://localhost/oauth2callback', q['redirect_uri'][0])
|
| + self.assertEqual('foo_client_id', q['client_id'][0])
|
| + self.assertEqual('foo_scope bar_scope', q['scope'][0])
|
| + self.assertEqual('http://localhost/foo_path',
|
| + q['state'][0].rsplit(':', 1)[0])
|
| + self.assertEqual('code', q['response_type'][0])
|
| + self.assertEqual(False, self.decorator.has_credentials())
|
| +
|
| + with mock.patch.object(appengine, '_parse_state_value',
|
| + return_value='foo_path',
|
| + autospec=True) as parse_state_value:
|
| + # Now simulate the callback to /oauth2callback.
|
| + response = self.app.get('/oauth2callback', {
|
| + 'code': 'foo_access_code',
|
| + 'state': 'foo_path:xsrfkey123',
|
| + })
|
| + parts = response.headers['Location'].split('?', 1)
|
| + self.assertEqual('http://localhost/foo_path', parts[0])
|
| + self.assertEqual(None, self.decorator.credentials)
|
| + if self.decorator._token_response_param:
|
| + response_query = urlparse.parse_qs(parts[1])
|
| + response = response_query[self.decorator._token_response_param][0]
|
| + self.assertEqual(Http2Mock.content,
|
| + json.loads(urllib.unquote(response)))
|
| + self.assertEqual(self.decorator.flow, self.decorator._tls.flow)
|
| + self.assertEqual(self.decorator.credentials,
|
| + self.decorator._tls.credentials)
|
| +
|
| + parse_state_value.assert_called_once_with(
|
| + 'foo_path:xsrfkey123', self.current_user)
|
| +
|
| + # Now requesting the decorated path should work.
|
| + response = self.app.get('/foo_path')
|
| + self.assertEqual('200 OK', response.status)
|
| + self.assertEqual(True, self.had_credentials)
|
| + self.assertEqual('foo_refresh_token',
|
| + self.found_credentials.refresh_token)
|
| + self.assertEqual('foo_access_token',
|
| + self.found_credentials.access_token)
|
| + self.assertEqual(None, self.decorator.credentials)
|
| +
|
| + # Raising an exception still clears the Credentials.
|
| + self.should_raise = True
|
| + self.assertRaises(Exception, self.app.get, '/foo_path')
|
| + self.should_raise = False
|
| + self.assertEqual(None, self.decorator.credentials)
|
| +
|
| + # Invalidate the stored Credentials.
|
| + self.found_credentials.invalid = True
|
| + self.found_credentials.store.put(self.found_credentials)
|
| +
|
| + # Invalid Credentials should start the OAuth dance again.
|
| + response = self.app.get('/foo_path')
|
| + self.assertTrue(response.status.startswith('302'))
|
| + q = urlparse.parse_qs(response.headers['Location'].split('?', 1)[1])
|
| + self.assertEqual('http://localhost/oauth2callback', q['redirect_uri'][0])
|
| +
|
| + def test_storage_delete(self):
|
| + # An initial request to an oauth_required decorated path should be a
|
| + # redirect to start the OAuth dance.
|
| + response = self.app.get('/foo_path')
|
| + self.assertTrue(response.status.startswith('302'))
|
| +
|
| + with mock.patch.object(appengine, '_parse_state_value',
|
| + return_value='foo_path',
|
| + autospec=True) as parse_state_value:
|
| + # Now simulate the callback to /oauth2callback.
|
| + response = self.app.get('/oauth2callback', {
|
| + 'code': 'foo_access_code',
|
| + 'state': 'foo_path:xsrfkey123',
|
| + })
|
| + self.assertEqual('http://localhost/foo_path', response.headers['Location'])
|
| + self.assertEqual(None, self.decorator.credentials)
|
| +
|
| + # Now requesting the decorated path should work.
|
| + response = self.app.get('/foo_path')
|
| +
|
| + self.assertTrue(self.had_credentials)
|
| +
|
| + # Credentials should be cleared after each call.
|
| + self.assertEqual(None, self.decorator.credentials)
|
| +
|
| + # Invalidate the stored Credentials.
|
| + self.found_credentials.store.delete()
|
| +
|
| + # Invalid Credentials should start the OAuth dance again.
|
| + response = self.app.get('/foo_path')
|
| + self.assertTrue(response.status.startswith('302'))
|
| +
|
| + parse_state_value.assert_called_once_with(
|
| + 'foo_path:xsrfkey123', self.current_user)
|
| +
|
| + def test_aware(self):
|
| + # An initial request to an oauth_aware decorated path should not redirect.
|
| + response = self.app.get('http://localhost/bar_path/2012/01')
|
| + self.assertEqual('Hello World!', response.body)
|
| + self.assertEqual('200 OK', response.status)
|
| + self.assertEqual(False, self.decorator.has_credentials())
|
| + url = self.decorator.authorize_url()
|
| + q = urlparse.parse_qs(url.split('?', 1)[1])
|
| + self.assertEqual('http://localhost/oauth2callback', q['redirect_uri'][0])
|
| + self.assertEqual('foo_client_id', q['client_id'][0])
|
| + self.assertEqual('foo_scope bar_scope', q['scope'][0])
|
| + self.assertEqual('http://localhost/bar_path/2012/01',
|
| + q['state'][0].rsplit(':', 1)[0])
|
| + self.assertEqual('code', q['response_type'][0])
|
| +
|
| + with mock.patch.object(appengine, '_parse_state_value',
|
| + return_value='bar_path',
|
| + autospec=True) as parse_state_value:
|
| + # Now simulate the callback to /oauth2callback.
|
| + url = self.decorator.authorize_url()
|
| + response = self.app.get('/oauth2callback', {
|
| + 'code': 'foo_access_code',
|
| + 'state': 'bar_path:xsrfkey456',
|
| + })
|
| +
|
| + self.assertEqual('http://localhost/bar_path', response.headers['Location'])
|
| + self.assertEqual(False, self.decorator.has_credentials())
|
| + parse_state_value.assert_called_once_with(
|
| + 'bar_path:xsrfkey456', self.current_user)
|
| +
|
| + # Now requesting the decorated path will have credentials.
|
| + response = self.app.get('/bar_path/2012/01')
|
| + self.assertEqual('200 OK', response.status)
|
| + self.assertEqual('Hello World!', response.body)
|
| + self.assertEqual(True, self.had_credentials)
|
| + self.assertEqual('foo_refresh_token',
|
| + self.found_credentials.refresh_token)
|
| + self.assertEqual('foo_access_token',
|
| + self.found_credentials.access_token)
|
| +
|
| + # Credentials should be cleared after each call.
|
| + self.assertEqual(None, self.decorator.credentials)
|
| +
|
| + # Raising an exception still clears the Credentials.
|
| + self.should_raise = True
|
| + self.assertRaises(Exception, self.app.get, '/bar_path/2012/01')
|
| + self.should_raise = False
|
| + self.assertEqual(None, self.decorator.credentials)
|
| +
|
| +
|
| + def test_error_in_step2(self):
|
| + # An initial request to an oauth_aware decorated path should not redirect.
|
| + response = self.app.get('/bar_path/2012/01')
|
| + url = self.decorator.authorize_url()
|
| + response = self.app.get('/oauth2callback', {
|
| + 'error': 'Bad<Stuff>Happened\''
|
| + })
|
| + self.assertEqual('200 OK', response.status)
|
| + self.assertTrue('Bad<Stuff>Happened'' in response.body)
|
| +
|
| + def test_kwargs_are_passed_to_underlying_flow(self):
|
| + decorator = OAuth2Decorator(client_id='foo_client_id',
|
| + client_secret='foo_client_secret',
|
| + user_agent='foo_user_agent',
|
| + scope=['foo_scope', 'bar_scope'],
|
| + access_type='offline',
|
| + approval_prompt='force',
|
| + revoke_uri='dummy_revoke_uri')
|
| + request_handler = MockRequestHandler()
|
| + decorator._create_flow(request_handler)
|
| +
|
| + self.assertEqual('https://example.org/oauth2callback',
|
| + decorator.flow.redirect_uri)
|
| + self.assertEqual('offline', decorator.flow.params['access_type'])
|
| + self.assertEqual('force', decorator.flow.params['approval_prompt'])
|
| + self.assertEqual('foo_user_agent', decorator.flow.user_agent)
|
| + self.assertEqual('dummy_revoke_uri', decorator.flow.revoke_uri)
|
| + self.assertEqual(None, decorator.flow.params.get('user_agent', None))
|
| + self.assertEqual(decorator.flow, decorator._tls.flow)
|
| +
|
| + def test_token_response_param(self):
|
| + self.decorator._token_response_param = 'foobar'
|
| + self.test_required()
|
| +
|
| + def test_decorator_from_client_secrets(self):
|
| + decorator = OAuth2DecoratorFromClientSecrets(
|
| + datafile('client_secrets.json'),
|
| + scope=['foo_scope', 'bar_scope'])
|
| + self._finish_setup(decorator, user_mock=UserMock)
|
| +
|
| + self.assertFalse(decorator._in_error)
|
| + self.decorator = decorator
|
| + self.test_required()
|
| + http = self.decorator.http()
|
| + self.assertEquals('foo_access_token', http.request.credentials.access_token)
|
| +
|
| + # revoke_uri is not required
|
| + self.assertEqual(self.decorator._revoke_uri,
|
| + 'https://accounts.google.com/o/oauth2/revoke')
|
| + self.assertEqual(self.decorator._revoke_uri,
|
| + self.decorator.credentials.revoke_uri)
|
| +
|
| + def test_decorator_from_client_secrets_kwargs(self):
|
| + decorator = OAuth2DecoratorFromClientSecrets(
|
| + datafile('client_secrets.json'),
|
| + scope=['foo_scope', 'bar_scope'],
|
| + approval_prompt='force')
|
| + self.assertTrue('approval_prompt' in decorator._kwargs)
|
| +
|
| +
|
| + def test_decorator_from_cached_client_secrets(self):
|
| + cache_mock = CacheMock()
|
| + load_and_cache('client_secrets.json', 'secret', cache_mock)
|
| + decorator = OAuth2DecoratorFromClientSecrets(
|
| + # filename, scope, message=None, cache=None
|
| + 'secret', '', cache=cache_mock)
|
| + self.assertFalse(decorator._in_error)
|
| +
|
| + def test_decorator_from_client_secrets_not_logged_in_required(self):
|
| + decorator = OAuth2DecoratorFromClientSecrets(
|
| + datafile('client_secrets.json'),
|
| + scope=['foo_scope', 'bar_scope'], message='NotLoggedInMessage')
|
| + self.decorator = decorator
|
| + self._finish_setup(decorator, user_mock=UserNotLoggedInMock)
|
| +
|
| + self.assertFalse(decorator._in_error)
|
| +
|
| + # An initial request to an oauth_required decorated path should be a
|
| + # redirect to login.
|
| + response = self.app.get('/foo_path')
|
| + self.assertTrue(response.status.startswith('302'))
|
| + self.assertTrue('Login' in str(response))
|
| +
|
| + def test_decorator_from_client_secrets_not_logged_in_aware(self):
|
| + decorator = OAuth2DecoratorFromClientSecrets(
|
| + datafile('client_secrets.json'),
|
| + scope=['foo_scope', 'bar_scope'], message='NotLoggedInMessage')
|
| + self.decorator = decorator
|
| + self._finish_setup(decorator, user_mock=UserNotLoggedInMock)
|
| +
|
| + # An initial request to an oauth_aware decorated path should be a
|
| + # redirect to login.
|
| + response = self.app.get('/bar_path/2012/03')
|
| + self.assertTrue(response.status.startswith('302'))
|
| + self.assertTrue('Login' in str(response))
|
| +
|
| + def test_decorator_from_unfilled_client_secrets_required(self):
|
| + MESSAGE = 'File is missing'
|
| + try:
|
| + decorator = OAuth2DecoratorFromClientSecrets(
|
| + datafile('unfilled_client_secrets.json'),
|
| + scope=['foo_scope', 'bar_scope'], message=MESSAGE)
|
| + except InvalidClientSecretsError:
|
| + pass
|
| +
|
| + def test_decorator_from_unfilled_client_secrets_aware(self):
|
| + MESSAGE = 'File is missing'
|
| + try:
|
| + decorator = OAuth2DecoratorFromClientSecrets(
|
| + datafile('unfilled_client_secrets.json'),
|
| + scope=['foo_scope', 'bar_scope'], message=MESSAGE)
|
| + except InvalidClientSecretsError:
|
| + pass
|
| +
|
| +
|
| +class DecoratorXsrfSecretTests(unittest.TestCase):
|
| + """Test xsrf_secret_key."""
|
| +
|
| + def setUp(self):
|
| + self.testbed = testbed.Testbed()
|
| + self.testbed.activate()
|
| + self.testbed.init_datastore_v3_stub()
|
| + self.testbed.init_memcache_stub()
|
| +
|
| + def tearDown(self):
|
| + self.testbed.deactivate()
|
| +
|
| + def test_build_and_parse_state(self):
|
| + secret = appengine.xsrf_secret_key()
|
| +
|
| + # Secret shouldn't change from call to call.
|
| + secret2 = appengine.xsrf_secret_key()
|
| + self.assertEqual(secret, secret2)
|
| +
|
| + # Secret shouldn't change if memcache goes away.
|
| + memcache.delete(appengine.XSRF_MEMCACHE_ID,
|
| + namespace=appengine.OAUTH2CLIENT_NAMESPACE)
|
| + secret3 = appengine.xsrf_secret_key()
|
| + self.assertEqual(secret2, secret3)
|
| +
|
| + # Secret should change if both memcache and the model goes away.
|
| + memcache.delete(appengine.XSRF_MEMCACHE_ID,
|
| + namespace=appengine.OAUTH2CLIENT_NAMESPACE)
|
| + model = appengine.SiteXsrfSecretKey.get_or_insert('site')
|
| + model.delete()
|
| +
|
| + secret4 = appengine.xsrf_secret_key()
|
| + self.assertNotEqual(secret3, secret4)
|
| +
|
| + def test_ndb_insert_db_get(self):
|
| + secret = appengine._generate_new_xsrf_secret_key()
|
| + appengine.SiteXsrfSecretKeyNDB(id='site', secret=secret).put()
|
| +
|
| + site_key = appengine.SiteXsrfSecretKey.get_by_key_name('site')
|
| + self.assertEqual(site_key.secret, secret)
|
| +
|
| + def test_db_insert_ndb_get(self):
|
| + secret = appengine._generate_new_xsrf_secret_key()
|
| + appengine.SiteXsrfSecretKey(key_name='site', secret=secret).put()
|
| +
|
| + site_key = appengine.SiteXsrfSecretKeyNDB.get_by_id('site')
|
| + self.assertEqual(site_key.secret, secret)
|
| +
|
| +
|
| +class DecoratorXsrfProtectionTests(unittest.TestCase):
|
| + """Test _build_state_value and _parse_state_value."""
|
| +
|
| + def setUp(self):
|
| + self.testbed = testbed.Testbed()
|
| + self.testbed.activate()
|
| + self.testbed.init_datastore_v3_stub()
|
| + self.testbed.init_memcache_stub()
|
| +
|
| + def tearDown(self):
|
| + self.testbed.deactivate()
|
| +
|
| + def test_build_and_parse_state(self):
|
| + state = appengine._build_state_value(MockRequestHandler(), UserMock())
|
| + self.assertEqual(
|
| + 'https://example.org',
|
| + appengine._parse_state_value(state, UserMock()))
|
| + self.assertRaises(appengine.InvalidXsrfTokenError,
|
| + appengine._parse_state_value, state[1:], UserMock())
|
| +
|
| +
|
| +if __name__ == '__main__':
|
| + unittest.main()
|
|
|
Chromium Code Reviews
Issue 1377933002:
[catapult] - Copy Telemetry's gsutilz over to third_party. (Closed)
Base URL: https://github.com/catapult-project/catapult.git@master