File: test_get_token_mixin.py

package info (click to toggle)
python-azure 20230112%2Bgit-1
  • links: PTS, VCS
  • area: main
  • in suites: bookworm
  • size: 749,544 kB
  • sloc: python: 6,815,827; javascript: 287; makefile: 195; xml: 109; sh: 105
file content (117 lines) | stat: -rw-r--r-- 4,220 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
# ------------------------------------
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT License.
# ------------------------------------
import time

try:
    from unittest import mock
except ImportError:
    import mock

from azure.core.credentials import AccessToken
import pytest

from azure.identity._constants import DEFAULT_REFRESH_OFFSET
from azure.identity._internal.get_token_mixin import GetTokenMixin


class MockCredential(GetTokenMixin):
    NEW_TOKEN = AccessToken("new token", 42)

    def __init__(self, cached_token=None):
        super(MockCredential, self).__init__()
        self.request_token = mock.Mock(return_value=MockCredential.NEW_TOKEN)
        self.acquire_token_silently = mock.Mock(return_value=cached_token)

    def _acquire_token_silently(self, *scopes, **kwargs):
        return self.acquire_token_silently(*scopes, **kwargs)

    def _request_token(self, *scopes, **kwargs):
        return self.request_token(*scopes, **kwargs)

    def get_token(self, *_, **__):
        return super(MockCredential, self).get_token(*_, **__)


CACHED_TOKEN = "cached token"
SCOPE = "scope"


def test_no_cached_token():
    """When it has no token cached, a credential should request one every time get_token is called"""

    credential = MockCredential()
    token = credential.get_token(SCOPE)

    credential.acquire_token_silently.assert_called_once_with(SCOPE)
    credential.request_token.assert_called_once_with(SCOPE)
    assert token.token == MockCredential.NEW_TOKEN.token


def test_tenant_id():    
    credential = MockCredential()
    token = credential.get_token(SCOPE, tenant_id="tenant_id")

    assert token.token == MockCredential.NEW_TOKEN.token


def test_token_acquisition_failure():
    """When the credential has no token cached, every get_token call should prompt a token request"""

    credential = MockCredential()
    credential.request_token = mock.Mock(side_effect=Exception("whoops"))
    for i in range(4):
        with pytest.raises(Exception):
            credential.get_token(SCOPE)
        assert credential.request_token.call_count == i + 1
        credential.request_token.assert_called_with(SCOPE)


def test_expired_token():
    """A credential should request a token when it has an expired token cached"""

    now = time.time()
    credential = MockCredential(cached_token=AccessToken(CACHED_TOKEN, now - 1))
    token = credential.get_token(SCOPE)

    credential.acquire_token_silently.assert_called_once_with(SCOPE)
    credential.request_token.assert_called_once_with(SCOPE)
    assert token.token == MockCredential.NEW_TOKEN.token


def test_cached_token_outside_refresh_window():
    """A credential shouldn't request a new token when it has a cached one with sufficient validity remaining"""

    credential = MockCredential(cached_token=AccessToken(CACHED_TOKEN, time.time() + DEFAULT_REFRESH_OFFSET + 1))
    token = credential.get_token(SCOPE)

    credential.acquire_token_silently.assert_called_once_with(SCOPE)
    assert credential.request_token.call_count == 0
    assert token.token == CACHED_TOKEN


def test_cached_token_within_refresh_window():
    """A credential should request a new token when its cached one is within the refresh window"""

    credential = MockCredential(cached_token=AccessToken(CACHED_TOKEN, time.time() + DEFAULT_REFRESH_OFFSET - 1))
    token = credential.get_token(SCOPE)

    credential.acquire_token_silently.assert_called_once_with(SCOPE)
    credential.request_token.assert_called_once_with(SCOPE)
    assert token.token == MockCredential.NEW_TOKEN.token


def test_retry_delay():
    """A credential should wait between requests when trying to refresh a token"""

    now = time.time()
    credential = MockCredential(cached_token=AccessToken(CACHED_TOKEN, now + DEFAULT_REFRESH_OFFSET - 1))

    # the credential should swallow exceptions during proactive refresh attempts
    credential.request_token = mock.Mock(side_effect=Exception("whoops"))
    for i in range(4):
        token = credential.get_token(SCOPE)
        assert token.token == CACHED_TOKEN
        credential.acquire_token_silently.assert_called_with(SCOPE)
        credential.request_token.assert_called_once_with(SCOPE)