aboutsummaryrefslogtreecommitdiffstats
path: root/contrib/python/oauthlib/tests/oauth2/rfc6749/test_tokens.py
blob: fa6b1c092c873110a8ce5835ecaf207c2f6ed675 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
from unittest import mock

from oauthlib.common import Request
from oauthlib.oauth2.rfc6749.tokens import (
    BearerToken, prepare_bearer_body, prepare_bearer_headers,
    prepare_bearer_uri, prepare_mac_header,
)

from tests.unittest import TestCase


class TokenTest(TestCase):

    # MAC without body/payload or extension
    mac_plain = {
        'token': 'h480djs93hd8',
        'uri': 'http://example.com/resource/1?b=1&a=2',
        'key': '489dks293j39',
        'http_method': 'GET',
        'nonce': '264095:dj83hs9s',
        'hash_algorithm': 'hmac-sha-1'
    }
    auth_plain = {
        'Authorization': 'MAC id="h480djs93hd8", nonce="264095:dj83hs9s",'
        ' mac="SLDJd4mg43cjQfElUs3Qub4L6xE="'
    }

    # MAC with body/payload, no extension
    mac_body = {
        'token': 'jd93dh9dh39D',
        'uri': 'http://example.com/request',
        'key': '8yfrufh348h',
        'http_method': 'POST',
        'nonce': '273156:di3hvdf8',
        'hash_algorithm': 'hmac-sha-1',
        'body': 'hello=world%21'
    }
    auth_body = {
        'Authorization': 'MAC id="jd93dh9dh39D", nonce="273156:di3hvdf8",'
        ' bodyhash="k9kbtCIy0CkI3/FEfpS/oIDjk6k=", mac="W7bdMZbv9UWOTadASIQHagZyirA="'
    }

    # MAC with body/payload and extension
    mac_both = {
        'token': 'h480djs93hd8',
        'uri': 'http://example.com/request?b5=%3D%253D&a3=a&c%40=&a2=r%20b&c2&a3=2+q',
        'key': '489dks293j39',
        'http_method': 'GET',
        'nonce': '264095:7d8f3e4a',
        'hash_algorithm': 'hmac-sha-1',
        'body': 'Hello World!',
        'ext': 'a,b,c'
    }
    auth_both = {
        'Authorization': 'MAC id="h480djs93hd8", nonce="264095:7d8f3e4a",'
        ' bodyhash="Lve95gjOVATpfV8EL5X4nxwjKHE=", ext="a,b,c",'
        ' mac="Z3C2DojEopRDIC88/imW8Ez853g="'
    }

    # Bearer
    token = 'vF9dft4qmT'
    uri = 'http://server.example.com/resource'
    bearer_headers = {
        'Authorization': 'Bearer vF9dft4qmT'
    }
    valid_bearer_header_lowercase = {"Authorization": "bearer vF9dft4qmT"}
    fake_bearer_headers = [
        {'Authorization': 'Beaver vF9dft4qmT'},
        {'Authorization': 'BeavervF9dft4qmT'},
        {'Authorization': 'Beaver  vF9dft4qmT'},
        {'Authorization': 'BearerF9dft4qmT'},
        {'Authorization': 'Bearer vF9d ft4qmT'},
    ]
    valid_header_with_multiple_spaces = {'Authorization': 'Bearer  vF9dft4qmT'}
    bearer_body = 'access_token=vF9dft4qmT'
    bearer_uri = 'http://server.example.com/resource?access_token=vF9dft4qmT'

    def _mocked_validate_bearer_token(self, token, scopes, request):
        if not token:
            return False
        return True

    def test_prepare_mac_header(self):
        """Verify mac signatures correctness

        TODO: verify hmac-sha-256
        """
        self.assertEqual(prepare_mac_header(**self.mac_plain), self.auth_plain)
        self.assertEqual(prepare_mac_header(**self.mac_body), self.auth_body)
        self.assertEqual(prepare_mac_header(**self.mac_both), self.auth_both)

    def test_prepare_bearer_request(self):
        """Verify proper addition of bearer tokens to requests.

        They may be represented as query components in body or URI or
        in a Bearer authorization header.
        """
        self.assertEqual(prepare_bearer_headers(self.token), self.bearer_headers)
        self.assertEqual(prepare_bearer_body(self.token), self.bearer_body)
        self.assertEqual(prepare_bearer_uri(self.token, uri=self.uri), self.bearer_uri)

    def test_valid_bearer_is_validated(self):
        request_validator = mock.MagicMock()
        request_validator.validate_bearer_token = self._mocked_validate_bearer_token

        request = Request("/", headers=self.bearer_headers)
        result = BearerToken(request_validator=request_validator).validate_request(
            request
        )
        self.assertTrue(result)

    def test_lowercase_bearer_is_validated(self):
        request_validator = mock.MagicMock()
        request_validator.validate_bearer_token = self._mocked_validate_bearer_token

        request = Request("/", headers=self.valid_bearer_header_lowercase)
        result = BearerToken(request_validator=request_validator).validate_request(
            request
        )
        self.assertTrue(result)

    def test_fake_bearer_is_not_validated(self):
        request_validator = mock.MagicMock()
        request_validator.validate_bearer_token = self._mocked_validate_bearer_token

        for fake_header in self.fake_bearer_headers:
            request = Request("/", headers=fake_header)
            result = BearerToken(request_validator=request_validator).validate_request(
                request
            )

            self.assertFalse(result)

    def test_header_with_multispaces_is_validated(self):
        request_validator = mock.MagicMock()
        request_validator.validate_bearer_token = self._mocked_validate_bearer_token

        request = Request("/", headers=self.valid_header_with_multiple_spaces)
        result = BearerToken(request_validator=request_validator).validate_request(
            request
        )

        self.assertTrue(result)

    def test_estimate_type(self):
        request_validator = mock.MagicMock()
        request_validator.validate_bearer_token = self._mocked_validate_bearer_token
        request = Request("/", headers=self.bearer_headers)
        result = BearerToken(request_validator=request_validator).estimate_type(request)
        self.assertEqual(result, 9)

    def test_estimate_type_with_fake_header_returns_type_0(self):
        request_validator = mock.MagicMock()
        request_validator.validate_bearer_token = self._mocked_validate_bearer_token

        for fake_header in self.fake_bearer_headers:
            request = Request("/", headers=fake_header)
            result = BearerToken(request_validator=request_validator).estimate_type(
                request
            )

            if (
                fake_header["Authorization"].count(" ") == 2
                and fake_header["Authorization"].split()[0] == "Bearer"
            ):
                # If we're dealing with the header containing 2 spaces, it will be recognized
                # as a Bearer valid header, the token itself will be invalid by the way.
                self.assertEqual(result, 9)
            else:
                self.assertEqual(result, 0)