Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
def test_refresh_token(self):
ae = AuthnEvent("uid", "salt")
sid = self.sdb.create_authz_session(ae, AREQ)
self.sdb[sid]["sub"] = "sub"
grant = self.sdb[sid]["code"]
dict1 = self.sdb.upgrade_to_token(grant, issue_refresh=True).copy()
rtoken = dict1["refresh_token"]
dict2 = self.sdb.refresh_token(rtoken, AREQ["client_id"])
assert dict1["access_token"] != dict2["access_token"]
with pytest.raises(ExpiredToken):
self.sdb.refresh_token(dict2["access_token"], AREQ["client_id"])
def test_code_grant_type_refresh(self):
authreq = AuthorizationRequest(
state="state",
redirect_uri="http://example.com/authz",
client_id=CLIENT_ID,
response_type="code",
scope=["openid offline_access"],
prompt="consent",
)
_sdb = self.provider.sdb
sid = _sdb.access_token.key(user="sub", areq=authreq)
access_grant = _sdb.access_token(sid=sid)
ae = AuthnEvent("user", "salt")
_sdb[sid] = {
"oauth_state": "authz",
"authn_event": ae.to_json(),
"authzreq": authreq.to_json(),
"client_id": CLIENT_ID,
"code": access_grant,
"code_used": False,
"scope": ["openid", "offline_access"],
"redirect_uri": "http://example.com/authz",
}
_sdb.do_sub(sid, "client_salt")
# Construct Access token request
areq = AccessTokenRequest(
code=access_grant,
client_id=CLIENT_ID,
def test_valid_grant(self):
ae = AuthnEvent("another:user", "salt")
sid = self.sdb.create_authz_session(ae, AREQ)
grant = self.sdb[sid]["code"]
assert self.sdb.is_valid(grant)
def test_create_authz_session_with_nonce(self):
ae = AuthnEvent("sub", "salt")
sid = self.sdb.create_authz_session(ae, AREQN)
info = self.sdb[sid]
assert info["nonce"] == "something"
def test_update_new(self):
aevent2 = AuthnEvent("my_uid", "some_salt").to_json()
self.backend.update("key", "authn_event", aevent2)
self.backend.update("key", "id_token", "unsigned.jwt.")
assert self.backend.get_token_ids("my_uid") == ["unsigned.jwt."]
def test_sub_to_authn_event(self):
ae = AuthnEvent("sub", "salt", time_stamp=time.time())
sid = self.sdb.create_authz_session(ae, AREQ)
sub = self.sdb.do_sub(sid, "client_salt")
# given the sub find out whether the authn event is still valid
sids = self.sdb.get_by_sub(sub)
ae = self.sdb[sids[0]]["authn_event"]
assert AuthnEvent.from_json(ae).valid()
def test_revoke_token(self):
ae1 = AuthnEvent("uid", "salt")
sid = self.sdb.create_authz_session(ae1, AREQ)
self.sdb[sid]["sub"] = "sub"
grant = self.sdb[sid]["code"]
tokens = self.sdb.upgrade_to_token(grant, issue_refresh=True)
access_token = tokens["access_token"]
refresh_token = tokens["refresh_token"]
assert self.sdb.is_valid(access_token)
self.sdb.revoke_token(access_token)
assert not self.sdb.is_valid(access_token)
sinfo = self.sdb.refresh_token(refresh_token, AREQ["client_id"])
access_token = sinfo["access_token"]
assert self.sdb.is_valid(access_token)
def test_get_by_uid_multiple(self):
aevent1 = AuthnEvent("my_uid", "some_salt").to_json()
aevent2 = AuthnEvent("my_uid", "some_salt").to_json()
self.backend["session_id1"] = {"authn_event": aevent1}
self.backend["session_id2"] = {"authn_event": aevent2}
self.assertEqual(
set(self.backend.get_by_uid("my_uid")), {"session_id1", "session_id2"}
)
def authorization_endpoint(self, query):
req = self.parse_authorization_request(query=query)
aevent = AuthnEvent("user", "salt", authn_info="acr")
sid = self.sdb.create_authz_session(aevent, areq=req)
self.sdb.do_sub(sid, "client_salt")
_info = self.sdb[sid]
if "code" in req["response_type"]:
if "token" in req["response_type"]:
grant = _info["code"]
if "offline_access" in _info["scope"]:
_dict = self.sdb.upgrade_to_token(grant, issue_refresh=True)
else:
_dict = self.sdb.upgrade_to_token(grant)
_dict["oauth_state"] = ("authz",)
_dict = by_schema(AuthorizationResponse(), **_dict)
resp = AuthorizationResponse(
**_dict
def test_validity(self):
now = utc_time_sans_frac()
ae = AuthnEvent("uid", "salt", authn_time=now, valid_until=now + 1500)
# Some time has elapsed, so less then 1500 but not by much
assert ae.valid_for() < 1500
assert ae.valid_for() > 1499