aboutsummaryrefslogtreecommitdiff
path: root/tests/contrib/django_util/test_views.py
diff options
context:
space:
mode:
Diffstat (limited to 'tests/contrib/django_util/test_views.py')
-rw-r--r--tests/contrib/django_util/test_views.py102
1 files changed, 71 insertions, 31 deletions
diff --git a/tests/contrib/django_util/test_views.py b/tests/contrib/django_util/test_views.py
index df0d11c..0b3fe30 100644
--- a/tests/contrib/django_util/test_views.py
+++ b/tests/contrib/django_util/test_views.py
@@ -20,27 +20,25 @@ import json
import django
from django import http
import django.conf
-from django.contrib.auth.models import AnonymousUser, User
+from django.contrib.auth import models as django_models
import mock
from six.moves import reload_module
-from tests.contrib.django_util import TestWithDjangoEnvironment
-from tests.contrib.django_util.models import CredentialsModel
-
-from oauth2client.client import FlowExchangeError, OAuth2WebServerFlow
+from oauth2client import client
import oauth2client.contrib.django_util
from oauth2client.contrib.django_util import views
-from oauth2client.contrib.django_util.models import CredentialsField
+from tests.contrib import django_util as tests_django_util
+from tests.contrib.django_util import models as tests_models
-class OAuth2AuthorizeTest(TestWithDjangoEnvironment):
+class OAuth2AuthorizeTest(tests_django_util.TestWithDjangoEnvironment):
def setUp(self):
super(OAuth2AuthorizeTest, self).setUp()
self.save_settings = copy.deepcopy(django.conf.settings)
reload_module(oauth2client.contrib.django_util)
- self.user = User.objects.create_user(
- username='bill', email='bill@example.com', password='hunter2')
+ self.user = django_models.User.objects.create_user(
+ username='bill', email='bill@example.com', password='hunter2')
def tearDown(self):
django.conf.settings = copy.deepcopy(self.save_settings)
@@ -55,7 +53,7 @@ class OAuth2AuthorizeTest(TestWithDjangoEnvironment):
def test_authorize_anonymous_user(self):
request = self.factory.get('oauth2/oauth2authorize')
request.session = self.session
- request.user = AnonymousUser()
+ request.user = django_models.AnonymousUser()
response = views.oauth2_authorize(request)
self.assertIsInstance(response, http.HttpResponseRedirect)
@@ -68,7 +66,8 @@ class OAuth2AuthorizeTest(TestWithDjangoEnvironment):
self.assertIsInstance(response, http.HttpResponseRedirect)
-class Oauth2AuthorizeStorageModelTest(TestWithDjangoEnvironment):
+class Oauth2AuthorizeStorageModelTest(
+ tests_django_util.TestWithDjangoEnvironment):
def setUp(self):
super(Oauth2AuthorizeStorageModelTest, self).setUp()
@@ -85,7 +84,7 @@ class Oauth2AuthorizeStorageModelTest(TestWithDjangoEnvironment):
# at import time, so in order for us to reload the settings
# we need to reload the module
reload_module(oauth2client.contrib.django_util)
- self.user = User.objects.create_user(
+ self.user = django_models.User.objects.create_user(
username='bill', email='bill@example.com', password='hunter2')
def tearDown(self):
@@ -103,7 +102,7 @@ class Oauth2AuthorizeStorageModelTest(TestWithDjangoEnvironment):
def test_authorize_anonymous_user_redirects_login(self):
request = self.factory.get('oauth2/oauth2authorize')
request.session = self.session
- request.user = AnonymousUser()
+ request.user = django_models.AnonymousUser()
response = views.oauth2_authorize(request)
self.assertIsInstance(response, http.HttpResponseRedirect)
# redirects to Django login
@@ -117,25 +116,53 @@ class Oauth2AuthorizeStorageModelTest(TestWithDjangoEnvironment):
response = views.oauth2_authorize(request)
self.assertIsInstance(response, http.HttpResponseRedirect)
- def test_authorized_user_not_logged_in_redirects(self):
+ def test_authorized_user_no_credentials_redirects(self):
+ request = self.factory.get('oauth2/oauth2authorize',
+ data={'return_url': '/return_endpoint'})
+ request.session = self.session
+
+ authorized_user = django_models.User.objects.create_user(
+ username='bill2', email='bill@example.com', password='hunter2')
+
+ tests_models.CredentialsModel.objects.create(
+ user_id=authorized_user,
+ credentials=None)
+
+ request.user = authorized_user
+ response = views.oauth2_authorize(request)
+ self.assertIsInstance(response, http.HttpResponseRedirect)
+
+ def test_already_authorized(self):
request = self.factory.get('oauth2/oauth2authorize',
data={'return_url': '/return_endpoint'})
request.session = self.session
- authorized_user = User.objects.create_user(
+ authorized_user = django_models.User.objects.create_user(
username='bill2', email='bill@example.com', password='hunter2')
- credentials = CredentialsField()
- CredentialsModel.objects.create(
+ credentials = _Credentials()
+ tests_models.CredentialsModel.objects.create(
user_id=authorized_user,
credentials=credentials)
request.user = authorized_user
response = views.oauth2_authorize(request)
self.assertIsInstance(response, http.HttpResponseRedirect)
+ self.assertEqual(response.url, '/return_endpoint')
+
+
+class _Credentials(object):
+ # Can't use mock when testing Django models
+ # https://code.djangoproject.com/ticket/25493
+ def __init__(self):
+ self.invalid = False
+ self.scopes = set()
+
+ def has_scopes(self, _):
+ return True
-class Oauth2CallbackTest(TestWithDjangoEnvironment):
+class Oauth2CallbackTest(tests_django_util.TestWithDjangoEnvironment):
def setUp(self):
super(Oauth2CallbackTest, self).setUp()
@@ -149,11 +176,11 @@ class Oauth2CallbackTest(TestWithDjangoEnvironment):
'return_url': self.RETURN_URL,
'scopes': django.conf.settings.GOOGLE_OAUTH2_SCOPES
}
- self.user = User.objects.create_user(
+ self.user = django_models.User.objects.create_user(
username='bill', email='bill@example.com', password='hunter2')
- @mock.patch('oauth2client.contrib.django_util.views.pickle')
- def test_callback_works(self, pickle):
+ @mock.patch('oauth2client.contrib.django_util.views.jsonpickle')
+ def test_callback_works(self, jsonpickle_mock):
request = self.factory.get('oauth2/oauth2callback', data={
'state': json.dumps(self.fake_state),
'code': 123
@@ -161,7 +188,7 @@ class Oauth2CallbackTest(TestWithDjangoEnvironment):
self.session['google_oauth2_csrf_token'] = self.CSRF_TOKEN
- flow = OAuth2WebServerFlow(
+ flow = client.OAuth2WebServerFlow(
client_id='clientid',
client_secret='clientsecret',
scope=['email'],
@@ -169,9 +196,10 @@ class Oauth2CallbackTest(TestWithDjangoEnvironment):
redirect_uri=request.build_absolute_uri("oauth2/oauth2callback"))
name = 'google_oauth2_flow_{0}'.format(self.CSRF_TOKEN)
- self.session[name] = pickle.dumps(flow)
+ pickled_flow = object()
+ self.session[name] = pickled_flow
flow.step2_exchange = mock.Mock()
- pickle.loads.return_value = flow
+ jsonpickle_mock.decode.return_value = flow
request.session = self.session
request.user = self.user
@@ -180,9 +208,10 @@ class Oauth2CallbackTest(TestWithDjangoEnvironment):
self.assertEqual(
response.status_code, django.http.HttpResponseRedirect.status_code)
self.assertEqual(response['Location'], self.RETURN_URL)
+ jsonpickle_mock.decode.assert_called_once_with(pickled_flow)
- @mock.patch('oauth2client.contrib.django_util.views.pickle')
- def test_callback_handles_bad_flow_exchange(self, pickle):
+ @mock.patch('oauth2client.contrib.django_util.views.jsonpickle')
+ def test_callback_handles_bad_flow_exchange(self, jsonpickle_mock):
request = self.factory.get('oauth2/oauth2callback', data={
"state": json.dumps(self.fake_state),
"code": 123
@@ -190,25 +219,27 @@ class Oauth2CallbackTest(TestWithDjangoEnvironment):
self.session['google_oauth2_csrf_token'] = self.CSRF_TOKEN
- flow = OAuth2WebServerFlow(
+ flow = client.OAuth2WebServerFlow(
client_id='clientid',
client_secret='clientsecret',
scope=['email'],
state=json.dumps(self.fake_state),
redirect_uri=request.build_absolute_uri('oauth2/oauth2callback'))
- self.session['google_oauth2_flow_{0}'.format(self.CSRF_TOKEN)] \
- = pickle.dumps(flow)
+ session_key = 'google_oauth2_flow_{0}'.format(self.CSRF_TOKEN)
+ pickled_flow = object()
+ self.session[session_key] = pickled_flow
def local_throws(code):
- raise FlowExchangeError('test')
+ raise client.FlowExchangeError('test')
flow.step2_exchange = local_throws
- pickle.loads.return_value = flow
+ jsonpickle_mock.decode.return_value = flow
request.session = self.session
response = views.oauth2_callback(request)
self.assertIsInstance(response, http.HttpResponseBadRequest)
+ jsonpickle_mock.decode.assert_called_once_with(pickled_flow)
def test_error_returns_bad_request(self):
request = self.factory.get('oauth2/oauth2callback', data={
@@ -218,6 +249,15 @@ class Oauth2CallbackTest(TestWithDjangoEnvironment):
self.assertIsInstance(response, http.HttpResponseBadRequest)
self.assertIn(b'Authorization failed', response.content)
+ def test_error_escapes_html(self):
+ request = self.factory.get('oauth2/oauth2callback', data={
+ 'error': '<script>bad</script>',
+ })
+ response = views.oauth2_callback(request)
+ self.assertIsInstance(response, http.HttpResponseBadRequest)
+ self.assertNotIn(b'<script>', response.content)
+ self.assertIn(b'&lt;script&gt;', response.content)
+
def test_no_session(self):
request = self.factory.get('oauth2/oauth2callback', data={
'code': 123,
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-10 08:05:01 +0000