Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
def test_closed_is_false_after_init(client_id, client_secret, mock_box_session):
auth = OAuth2(client_id=client_id, client_secret=client_secret, session=mock_box_session)
assert auth.closed is False
def test_get_correct_authorization_url(redirect_url):
# pylint:disable=redefined-outer-name
fake_client_id = 'fake_client_id'
fake_client_secret = 'fake_client_secret'
oauth2 = OAuth2(
client_id=fake_client_id,
client_secret=fake_client_secret,
)
auth_url, csrf_token = oauth2.get_authorization_url(redirect_url=redirect_url)
expected_auth_url_format = '{0}?state={1}&response_type=code&client_id={2}'
if redirect_url:
expected_auth_url_format += '&redirect_uri={3}'
assert auth_url == expected_auth_url_format.format(
API.OAUTH2_AUTHORIZE_URL,
csrf_token,
fake_client_id,
urlparse.quote_plus((redirect_url or '').encode('utf-8')),
)
assert re.match('^box_csrf_token_[A-Za-z0-9]{16}$', csrf_token)
def test_authenticate_stores_tokens_correctly(mock_box_session, successful_token_response):
fake_client_id = 'fake_client_id'
fake_client_secret = 'fake_client_secret'
fake_auth_code = 'fake_auth_code'
mock_box_session.request.return_value = successful_token_response
mock_token_callback = Mock()
oauth = OAuth2(
client_id=fake_client_id,
client_secret=fake_client_secret,
session=mock_box_session,
store_tokens=mock_token_callback,
)
access_token, refresh_token = oauth.authenticate(fake_auth_code)
mock_token_callback.assert_called_once_with(access_token, refresh_token)
assert access_token == successful_token_response.json()['access_token']
assert refresh_token == successful_token_response.json()['refresh_token']
def oauth(client_id, client_secret, access_token, refresh_token, mock_box_session):
return OAuth2(
client_id=client_id,
client_secret=client_secret,
access_token=access_token,
refresh_token=refresh_token,
session=mock_box_session,
)
def token_method(request):
""" Fixture that returns a partial method based on the method provided in request.param"""
if request.param == OAuth2.refresh:
return partial(OAuth2.refresh, access_token_to_refresh='fake_access_token')
elif request.param == OAuth2.authenticate:
return partial(OAuth2.authenticate, auth_code='fake_code')
return None
def test_context_manager_closes_auth_object(client_id, client_secret, mock_box_session, raise_exception):
auth = OAuth2(client_id=client_id, client_secret=client_secret, session=mock_box_session)
try:
with auth.closing():
if raise_exception:
raise MyError
except MyError:
pass
assert auth.closed is True
def test_tokens_get_updated_after_noop_refresh(client_id, client_secret, access_token, new_access_token, refresh_token, mock_box_session):
"""`OAuth2` object should update its state with new tokens, after no-op refresh.
If the protected method `_get_tokens()` returns new tokens, refresh is
skipped, and those tokens are used.
This is a regression test for issue #128 [1]. We would return the new
tokens without updating the object state. Subsequent uses of the `OAuth2`
object would use the old tokens.
[1]
"""
new_refresh_token = uuid.uuid4().hex
new_tokens = (new_access_token, new_refresh_token)
class GetTokensOAuth2(OAuth2):
def _get_tokens(self):
"""Return a new set of tokens, without updating any state.
In order for the test to pass, the `OAuth2` object must be
correctly programmed to take this return value and use it to update
its state.
"""
return new_tokens
oauth = GetTokensOAuth2(
client_id=client_id,
client_secret=client_secret,
access_token=access_token,
refresh_token=refresh_token,
session=mock_box_session,
)
def test_closed_is_true_after_close(client_id, client_secret, mock_box_session):
auth = OAuth2(client_id=client_id, client_secret=client_secret, session=mock_box_session)
auth.close()
assert auth.closed is True
def box_session(mock_network_layer):
mock_oauth = Mock(OAuth2)
mock_oauth.access_token = 'fake_access_token'
return BoxSession(mock_oauth, mock_network_layer)
# coding: utf-8
from __future__ import unicode_literals
from .oauth2 import OAuth2
class RemoteOAuth2Mixin(OAuth2):
"""
Box SDK OAuth2 mixin.
Allows for storing auth tokens remotely.
"""
def __init__(self, retrieve_access_token=None, *args, **kwargs):
"""
:param retrieve_access_token:
Callback to exchange an existing access token for a new one.
:type retrieve_access_token:
`callable` of `unicode` => `unicode`
"""
# pylint:disable=keyword-arg-before-vararg
self._retrieve_access_token = retrieve_access_token
super(RemoteOAuth2Mixin, self).__init__(*args, **kwargs)