1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
|
import json
import pytest
from authlib.integrations.django_oauth2 import RevocationEndpoint
from .models import Client
from .oauth2_server import create_basic_auth
ENDPOINT_NAME = RevocationEndpoint.ENDPOINT_NAME
@pytest.fixture(autouse=True)
def server(server):
server.register_endpoint(RevocationEndpoint)
return server
@pytest.fixture(autouse=True)
def client(user):
client = Client(
user_id=user.pk,
client_id="client-id",
client_secret="client-secret",
token_endpoint_auth_method="client_secret_basic",
default_redirect_uri="https://client.test",
)
client.save()
yield client
client.delete()
def test_invalid_client(factory, server):
request = factory.post("/oauth/revoke")
resp = server.create_endpoint_response(ENDPOINT_NAME, request)
data = json.loads(resp.content)
assert data["error"] == "invalid_client"
request = factory.post("/oauth/revoke", HTTP_AUTHORIZATION="invalid token")
resp = server.create_endpoint_response(ENDPOINT_NAME, request)
data = json.loads(resp.content)
assert data["error"] == "invalid_client"
request = factory.post(
"/oauth/revoke",
HTTP_AUTHORIZATION=create_basic_auth("invalid", "client-secret"),
)
resp = server.create_endpoint_response(ENDPOINT_NAME, request)
data = json.loads(resp.content)
assert data["error"] == "invalid_client"
request = factory.post(
"/oauth/revoke",
HTTP_AUTHORIZATION=create_basic_auth("client-id", "invalid"),
)
resp = server.create_endpoint_response(ENDPOINT_NAME, request)
data = json.loads(resp.content)
assert data["error"] == "invalid_client"
def test_invalid_token(factory, server, token):
auth_header = create_basic_auth("client-id", "client-secret")
request = factory.post("/oauth/revoke", HTTP_AUTHORIZATION=auth_header)
resp = server.create_endpoint_response(ENDPOINT_NAME, request)
data = json.loads(resp.content)
assert data["error"] == "invalid_request"
# case 1
request = factory.post(
"/oauth/revoke",
data={"token": "invalid-token"},
HTTP_AUTHORIZATION=auth_header,
)
resp = server.create_endpoint_response(ENDPOINT_NAME, request)
assert resp.status_code == 200
# case 2
request = factory.post(
"/oauth/revoke",
data={
"token": "a1",
"token_type_hint": "unsupported_token_type",
},
HTTP_AUTHORIZATION=auth_header,
)
resp = server.create_endpoint_response(ENDPOINT_NAME, request)
data = json.loads(resp.content)
assert data["error"] == "unsupported_token_type"
# case 3
request = factory.post(
"/oauth/revoke",
data={
"token": "a1",
"token_type_hint": "refresh_token",
},
HTTP_AUTHORIZATION=auth_header,
)
resp = server.create_endpoint_response(ENDPOINT_NAME, request)
assert resp.status_code == 200
def test_revoke_token_with_hint(factory, server, token):
revoke_token(server, factory, {"token": "a1", "token_type_hint": "access_token"})
revoke_token(server, factory, {"token": "r1", "token_type_hint": "refresh_token"})
def test_revoke_token_without_hint(factory, server, token):
revoke_token(server, factory, {"token": "a1"})
revoke_token(server, factory, {"token": "r1"})
def revoke_token(server, factory, data):
auth_header = create_basic_auth("client-id", "client-secret")
request = factory.post(
"/oauth/revoke",
data=data,
HTTP_AUTHORIZATION=auth_header,
)
resp = server.create_endpoint_response(ENDPOINT_NAME, request)
assert resp.status_code == 200
|
