Commit 4c0a2b1d authored by Sofia Papagiannaki's avatar Sofia Papagiannaki
Browse files

astakos oa2: Improve tests

parent be36a7d9
......@@ -44,6 +44,7 @@ from django.test import Client as TestClient
from django.core.urlresolvers import reverse
from django.utils import simplejson as json
from astakos.oa2 import settings
from astakos.oa2.models import Client, AuthorizationCode, Token
from astakos.im.tests import common
......@@ -384,7 +385,9 @@ class TestOA2(TestCase, URLAssertionsMixin):
self.assertEqual(r.status_code, 400)
# redirect uri descendant
redirect_uri = '%s/more' % self.client3_redirect_uri
redirect_uri = '%s/' % self.client3_redirect_uri
rest = settings.MAXIMUM_ALLOWED_REDIRECT_URI_LENGTH - len(redirect_uri)
redirect_uri = '%s%s' % (redirect_uri, 'a'*rest)
params['redirect_uri'] = redirect_uri
self.client.set_credentials('client3', 'secret')
r = self.client.authorize_code('client3', urlparams=params)
......@@ -401,12 +404,10 @@ class TestOA2(TestCase, URLAssertionsMixin):
code = AuthorizationCode.objects.get(code=redirect.params['code'][0])
self.assertEqual(code.state, 'csrfstate')
self.assertEqual(code.redirect_uri,
'%s/more' % self.client3_redirect_uri)
self.assertEqual(code.redirect_uri, redirect_uri)
# too long redirect uri
redirect_uri = '%s?foo=%s' % (self.client3_redirect_uri, 'a'*10000)
params['redirect_uri'] = redirect_uri
params['redirect_uri'] = '%sa' % redirect_uri
self.client.set_credentials('client3', 'secret')
r = self.client.authorize_code('client3', urlparams=params)
self.assertEqual(r.status_code, 400)
......@@ -500,7 +501,9 @@ class TestOA2(TestCase, URLAssertionsMixin):
self.assert_access_token_response(r, expected)
# generate authorization code with too long redirect_uri
redirect_uri = '%s/%s' % (self.client3_redirect_uri, 'a'*2000)
redirect_uri = '%s/' % self.client3_redirect_uri
rest = settings.MAXIMUM_ALLOWED_REDIRECT_URI_LENGTH - len(redirect_uri)
redirect_uri = '%s%s' % (redirect_uri, 'a'*rest)
params = {'redirect_uri': redirect_uri}
r = self.client.authorize_code('client3', urlparams=params)
self.assertCount(AuthorizationCode, 1)
......@@ -510,6 +513,10 @@ class TestOA2(TestCase, URLAssertionsMixin):
# valid request
self.client.set_credentials('client3', 'secret')
r = self.client.access_token(code_instance.code,
redirect_uri='%sa' % redirect_uri)
self.assertEqual(r.status_code, 400)
r = self.client.access_token(code_instance.code,
redirect_uri=redirect_uri)
self.assertCount(AuthorizationCode, 0) # assert code is consumed
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment