tests/test_oauth.py


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97

import pytest
from fxa.errors import ClientError

from api import *

@pytest.fixture
def oauth():
    return Oauth()

@pytest.fixture
def access_token(account):
    body = {
        "client_id": "5882386c6d801776",
        "ttl": 60,
        "grant_type": "fxa-credentials",
        "access_type": "online",
        "scope": "profile",
    }
    resp = account.post_a("/oauth/token", body)
    return resp['access_token']

@pytest.mark.parametrize("args,code,errno,error,message", [
    ({"access_token": "0"},
     400, 109, 'Bad Request', 'invalid request parameter'),
    ({"refresh_token": "0"},
     400, 109, 'Bad Request', 'invalid request parameter'),
    ({"token": "0"},
     400, 109, 'Bad Request', 'invalid request parameter'),
])
def test_destroy_invalid(oauth, args, code, errno, error, message):
    with pytest.raises(ClientError) as e:
        oauth.post("/destroy", args)
    assert e.value.details == {'code': code, 'errno': errno, 'error': error, 'message': message}

def test_destroy_access(oauth, access_token):
    oauth.post("/verify", {'token': access_token})
    oauth.post("/destroy", {'access_token': access_token})
    with pytest.raises(ClientError) as e:
        oauth.post("/verify", {'token': access_token})
    assert e.value.details == {
        'code': 400,
        'errno': 109,
        'error': 'Bad Request',
        'message': 'invalid request parameter'
    }

def test_destroy_refresh(oauth, refresh_token):
    refresh_token.get_a("/account/devices")
    oauth.post("/destroy", {'refresh_token': refresh_token.bearer})
    with pytest.raises(ClientError) as e:
        refresh_token.get_a("/account/devices")
    assert e.value.details == {
        'code': 401,
        'errno': 109,
        'error': 'Unauthorized',
        'message': 'invalid request signature'
    }

def test_destroy_any(oauth, access_token, refresh_token):
    oauth.post("/verify", {'token': access_token})
    oauth.post("/destroy", {'token': access_token})
    with pytest.raises(ClientError) as e:
        oauth.post("/verify", {'token': access_token})
    assert e.value.details == {
        'code': 400,
        'errno': 109,
        'error': 'Bad Request',
        'message': 'invalid request parameter'
    }

    refresh_token.get_a("/account/devices")
    oauth.post("/destroy", {'token': refresh_token.bearer})
    with pytest.raises(ClientError) as e:
        refresh_token.get_a("/account/devices")
    assert e.value.details == {
        'code': 401,
        'errno': 109,
        'error': 'Unauthorized',
        'message': 'invalid request signature'
    }

def test_oauth_verify(account, oauth, access_token):
    assert oauth.post("/verify", {'token': access_token}) == {
        'user': account.props['uid'],
        'client_id': "5882386c6d801776",
        'scope': ['profile'],
    }

def test_oauth_verify_refresh(oauth, refresh_token):
    with pytest.raises(ClientError) as e:
        oauth.post("/verify", {'token': refresh_token.bearer})
    assert e.value.details == {
        'code': 400,
        'errno': 109,
        'error': 'Bad Request',
        'message': 'invalid request parameter'
    }