1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
|
import base64
import json
import pytest
from fxa.errors import ClientError
from api import *
@pytest.fixture
def push_server():
s = PushServer()
yield s
s.server.shutdown()
s.server.server_close()
@pytest.fixture
def mail_server():
s = MailServer()
yield s
s.stop()
@pytest.fixture
def client():
return AuthClient()
def _login(client, email, mail_server):
# unverified accounts and unverified session behave the same, so we don't bother
# with dedicated unverified-session tests and just always verify.
c = client.login(email, "")
(to, body) = mail_server.wait()
assert to == [email]
c.post_a('/session/verify_code', { 'code': body.strip() })
return c
def _account(client, primary, email, mail_server):
s = client.create_account(email, "")
try:
(to, body) = mail_server.wait()
assert to == [email]
data = json.loads(base64.urlsafe_b64decode(body.split("#/verify/", maxsplit=1)[1]).decode('utf8'))
s.post_a('/recovery_email/verify_code', { 'uid': data['uid'], 'code': data['code'] })
if primary:
yield s
else:
c = _login(client, email, mail_server)
yield c
s.password = c.password
finally:
try:
s.destroy_account(email, s.password)
except ClientError as e:
# don't fail if the account was already deleted
if e.details['errno'] != 102:
raise
email1 = f"test.account-{os.urandom(8).hex()}@test-auth"
email2 = f"test.account2-{os.urandom(8).hex()}@test-auth"
@pytest.fixture(params=[True, False], ids=["primary", "secondary"])
def account(client, request, mail_server):
for a in _account(client, request.param, email1, mail_server):
yield a
@pytest.fixture(params=[True, False], ids=["primary", "secondary"])
def account2(client, request, mail_server):
for a in _account(client, request.param, email2, mail_server):
yield a
@pytest.fixture
def unverified_account(client, mail_server):
s = client.create_account(email1, "")
yield s
s.destroy_account(s.email, "")
@pytest.fixture
def login(client, mail_server):
return _login(client, email1, mail_server)
@pytest.fixture
def login2(client, mail_server):
return _login(client, email2, mail_server)
def _refresh_token(account, scope):
body = {
"client_id": "5882386c6d801776",
"ttl": 60,
"grant_type": "fxa-credentials",
"access_type": "offline",
"scope": scope,
}
yield account.post_a("/oauth/token", body)
@pytest.fixture
def refresh_token(account):
for r in _refresh_token(account, "profile https://identity.mozilla.com/apps/oldsync https://identity.mozilla.com/tokens/session"):
yield AuthClient(email=account.email, bearer=r['refresh_token'], props=r)
@pytest.fixture
def narrow_refresh_token(account):
for r in _refresh_token(account, "profile https://identity.mozilla.com/tokens/session"):
yield AuthClient(email=account.email, bearer=r['refresh_token'], props=r)
def _account_or_rt(account, request, scope):
if request.param:
yield account
else:
for r in _refresh_token(account, scope):
yield AuthClient(email=account.email, bearer=r['refresh_token'], props=r)
@pytest.fixture(params=[True, False], ids=["session", "refresh_token"])
def account_or_rt(account, request):
for r in _account_or_rt(account, request, "profile https://identity.mozilla.com/apps/oldsync https://identity.mozilla.com/tokens/session"):
yield r
@pytest.fixture
def forgot_token(account):
resp = account.post_a("/password/forgot/send_code", { 'email': account.email })
assert 'passwordForgotToken' in resp
assert resp['ttl'] == 300
assert resp['codeLength'] == 16
assert resp['tries'] == 1
return PasswordChange(account.client, resp['passwordForgotToken'], 'passwordForgotToken')
|
