[Python-modules-commits] [python-oauthlib] 02/07: Import python-oauthlib_1.1.2.orig.tar.gz
Daniele Tricoli
eriol-guest at moszumanska.debian.org
Fri Jun 10 19:59:45 UTC 2016
This is an automated email from the git hooks/post-receive script.
eriol-guest pushed a commit to branch master
in repository python-oauthlib.
commit 13a42d9009258b39eaae55ac411058a480c4bbd0
Author: Daniele Tricoli <eriol at mornie.org>
Date: Fri Jun 10 18:49:34 2016 +0200
Import python-oauthlib_1.1.2.orig.tar.gz
---
CHANGELOG.rst | 267 +++++++++++++++++++++
MANIFEST.in | 2 +-
PKG-INFO | 10 +-
README.rst | 8 +-
oauthlib.egg-info/PKG-INFO | 10 +-
oauthlib.egg-info/SOURCES.txt | 2 +-
oauthlib.egg-info/pbr.json | 1 -
oauthlib.egg-info/requires.txt | 2 -
oauthlib/__init__.py | 2 +-
oauthlib/common.py | 14 +-
.../rfc6749/grant_types/authorization_code.py | 5 +-
.../oauth2/rfc6749/grant_types/refresh_token.py | 5 +-
oauthlib/oauth2/rfc6749/tokens.py | 6 +-
setup.cfg | 2 +-
.../rfc6749/grant_types/test_authorization_code.py | 17 ++
tests/test_common.py | 26 +-
16 files changed, 345 insertions(+), 34 deletions(-)
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
new file mode 100644
index 0000000..91e0565
--- /dev/null
+++ b/CHANGELOG.rst
@@ -0,0 +1,267 @@
+Changelog
+=========
+
+1.1.2 (2016-06-01)
+------------------
+* (Fix) Query strings should be able to include colons.
+* (Fix) Cast body to a string to ensure that we can perform a regex substitution on it.
+
+1.1.1 (2016-05-01)
+------------------
+* (Enhancement) Better sanitisation of Request objects __repr__.
+
+1.1.0 (2016-04-11)
+------------------
+* (Fix) '(', ')', '/' and '?' are now safe characters in url encoded strings.
+* (Enhancement) Added support for specifying if refresh tokens should be created on authorization code grants.
+* (Fix) OAuth2Token now handles None scopes correctly.
+* (Fix) Request token is now available for OAuth 1.
+* (Enhancement) OAuth2Token is declared with __slots__ for smaller memory footprint.
+* (Enhancement) RefreshTokenGrant now allows to set issue_new_refresh_tokens.
+* Documentation improvements and fixes.
+
+1.0.3 (2015-08-16)
+------------------
+* (Fix) Changed the documented return type of the ```invalidate_request_token()``` method from the RSA key to None since nobody is using the return type.
+* (Enhancement) Added a validator log that will store what the endpoint has computed for debugging and logging purposes (OAuth 1 only for now).
+
+1.0.2 (2015-08-10)
+------------------
+* (Fix) Allow client secret to be null for public applications that do not mandate it's specification in the query parameters.
+* (Fix) Encode request body before hashing in order to prevent encoding errors in Python 3.
+
+1.0.1 (2015-07-27)
+------------------
+* (Fix) Added token_type_hint to the list of default Request parameters.
+
+1.0.0 (2015-07-19)
+------------------
+
+* (Breaking Change) Replace pycrypto with cryptography from https://cryptography.io
+* (Breaking Change) Update jwt to 1.0.0 (which is backwards incompatible) no oauthlib api changes
+ were made.
+* (Breaking Change) Raise attribute error for non-existing attributes in the Request object.
+* (Fix) Strip whitespace off of scope string.
+* (Change) Don't require to return the state in the access token response.
+* (Change) Hide password in logs.
+* (Fix) Fix incorrect invocation of prepare_refresh_body in the OAuth2 client.
+* (Fix) Handle empty/non-parsable query strings.
+* (Fix) Check if an RSA key is actually needed before requiring it.
+* (Change) Allow tuples for list_to_scope as well as sets and lists.
+* (Change) Add code to determine if client authentication is required for OAuth2.
+* (Fix) Fix error message on invalid Content-Type header for OAtuh1 signing.
+* (Fix) Allow ! character in query strings.
+* (Fix) OAuth1 now includes the body hash for requests that specify any content-type that isn't x-www-form-urlencoded.
+* (Fix) Fixed error description in oauth1 endpoint.
+* (Fix) Revocation endpoint for oauth2 will now return an empty string in the response body instead of 'None'.
+* Increased test coverage.
+* Performance improvements.
+* Documentation improvements and fixes.
+
+0.7.2 (2014-11-13)
+------------------
+
+* (Quick fix) Unpushed locally modified files got included in the PyPI 0.7.1
+ release. Doing a new clean release to address this. Please upgrade quickly
+ and report any issues you are running into.
+
+0.7.1 (2014-10-27)
+------------------
+
+* (Quick fix) Add oauthlib.common.log object back in for libraries using it.
+
+0.7.0 (2014-10-27)
+------------------
+
+* (Change) OAuth2 clients will not raise a Warning on scope change if
+ the environment variable ``OAUTHLIB_RELAX_TOKEN_SCOPE`` is set. The token
+ will now be available as an attribute on the error, ``error.token``.
+ Token changes will now also be announced using blinker.
+* (Fix/Feature) Automatic fixes of non-compliant OAuth2 provider responses (e.g. Facebook).
+* (Fix) Logging is now tiered (per file) as opposed to logging all under ``oauthlib``.
+* (Fix) Error messages should now include a description in their message.
+* (Fix/Feature) Optional support for jsonp callbacks after token revocation.
+* (Feature) Client side preparation of OAuth 2 token revocation requests.
+* (Feature) New OAuth2 client API methods for preparing full requests.
+* (Feature) OAuth1 SignatureOnlyEndpoint that only verifies signatures and client IDs.
+* (Fix/Feature) Refresh token grant now allow optional refresh tokens.
+* (Fix) add missing state param to OAuth2 errors.
+* (Fix) add_params_to_uri now properly parse fragment.
+* (Fix/Feature) All OAuth1 errors can now be imported from oauthlib.oauth1.
+* (Fix/Security) OAuth2 logs will now strip client provided password, if present.
+* Allow unescaped @ in urlencoded parameters.
+
+0.6.3 (2014-06-10)
+------------------
+
+Quick fix. OAuth 1 client repr in 0.6.2 overwrote secrets when scrubbing for print.
+
+0.6.2 (2014-06-06)
+------------------
+
+* Numerous OAuth2 provider errors now suggest a status code of 401 instead
+ of 400 (#247.
+
+* Added support for JSON web tokens with oauthlib.common.generate_signed_token.
+ Install extra dependency with oauthlib[signedtoken] (#237).
+
+* OAuth2 scopes can be arbitrary objects with __str__ defined (#240).
+
+* OAuth 1 Clients can now register custom signature methods (#239).
+
+* Exposed new method oauthlib.oauth2.is_secure_transport that checks whether
+ the given URL is HTTPS. Checks using this method can be disabled by setting
+ the environment variable OAUTHLIB_INSECURE_TRANSPORT (#249).
+
+* OAuth1 clients now has __repr__ and will be printed with secrets scrubbed.
+
+* OAuth1 Client.get_oauth_params now takes an oauthlib.Request as an argument.
+
+* urldecode will now raise a much more informative error message on
+ incorrectly encoded strings.
+
+* Plenty of typo and other doc fixes.
+
+0.6.1 (2014-01-20)
+------------------
+
+Draft revocation endpoint features and numerous fixes including:
+
+* (OAuth 2 Provider) is_within_original_scope to check whether a refresh token
+ is trying to aquire a new set of scopes that are a subset of the original scope.
+
+* (OAuth 2 Provider) expires_in token lifetime can be set per request.
+
+* (OAuth 2 Provider) client_authentication_required method added to differentiate
+ between public and confidential clients.
+
+* (OAuth 2 Provider) rotate_refresh_token now indicates whether a new refresh
+ token should be generated during token refresh or if old should be kept.
+
+* (OAuth 2 Provider) returned JSON headers no longer include charset.
+
+* (OAuth 2 Provider) validate_authorizatoin_request now also includes the
+ internal request object in the returned dictionary. Note that this is
+ not meant to be relied upon heavily and its interface might change.
+
+* and many style and typo fixes.
+
+0.6.0
+-----
+
+OAuth 1 & 2 provider API refactor with breaking changes:
+
+* All endpoint methods change contract to return 3 values instead of 4. The new
+ signature is `headers`, `body`, `status code` where the initial `redirect_uri`
+ has been relocated to its rightful place inside headers as `Location`.
+
+* OAuth 1 Access Token Endpoint has a new required validator method
+ `invalidate_request_token`.
+
+* OAuth 1 Authorization Endpoint now returns a 200 response instead of 302 on
+ `oob` callbacks.
+
+0.5.1
+-----
+
+OAuth 1 provider fix for incorrect token param in nonce validation.
+
+0.5.0
+-----
+
+OAuth 1 provider refactor. OAuth 2 refresh token validation fix.
+
+0.4.2
+-----
+
+OAuth 2 draft to RFC. Removed OAuth 2 framework decorators.
+
+0.4.1
+-----
+
+Documentation corrections and various small code fixes.
+
+0.4.0
+-----
+
+OAuth 2 Provider support (experimental).
+
+0.3.8
+-----
+
+OAuth 2 Client now uses custom errors and raise on expire.
+
+0.3.7
+-----
+
+OAuth 1 optional encoding of Client.sign return values.
+
+0.3.6
+-----
+
+Revert default urlencoding.
+
+0.3.5
+-----
+
+Default unicode conversion (utf-8) and urlencoding of input.
+
+0.3.4
+-----
+
+A number of small features and bug fixes.
+
+0.3.3
+-----
+
+OAuth 1 Provider verify now return useful params.
+
+0.3.2
+-----
+
+Fixed #62, all Python 3 tests pass.
+
+0.3.1
+-----
+
+Python 3.1, 3.2, 3.3 support (experimental).
+
+0.3.0
+-----
+
+Initial OAuth 2 client support.
+
+0.2.1
+-----
+
+Exclude non urlencoded bodies during request verification.
+
+0.2.0
+-----
+
+OAuth provider support.
+
+0.1.4
+-----
+
+Soft dependency on PyCrypto.
+
+0.1.3
+-----
+
+Use python-rsa instead of pycrypto.
+
+0.1.1 / 0.1.2
+-------------
+
+Fix installation of pycrypto dependency.
+
+0.1.0
+-----
+
+OAuth 1 client functionality seems to be working. Hooray!
+
+0.0.x
+-----
+
+In the beginning, there was the word.
diff --git a/MANIFEST.in b/MANIFEST.in
index 9a895ed..6dc7971 100644
--- a/MANIFEST.in
+++ b/MANIFEST.in
@@ -1,2 +1,2 @@
-include README.rst LICENSE
+include README.rst LICENSE CHANGELOG.rst
recursive-include tests *.py
diff --git a/PKG-INFO b/PKG-INFO
index 8e46ff2..81ee955 100644
--- a/PKG-INFO
+++ b/PKG-INFO
@@ -1,6 +1,6 @@
Metadata-Version: 1.1
Name: oauthlib
-Version: 1.0.3
+Version: 1.1.2
Summary: A generic, spec-compliant, thorough implementation of the OAuth request-signing logic
Home-page: https://github.com/idan/oauthlib
Author: Ib Lundgren
@@ -10,7 +10,7 @@ Description: OAuthLib
========
*A generic, spec-compliant, thorough implementation of the OAuth request-signing
- logic.*
+ logic for python*
.. image:: https://travis-ci.org/idan/oauthlib.png?branch=master
:target: https://travis-ci.org/idan/oauthlib
@@ -31,7 +31,7 @@ Description: OAuthLib
OAuthLib is a generic utility which implements the logic of OAuth without
assuming a specific HTTP request object or web framework. Use it to graft OAuth
- client support onto your favorite HTTP library, or provider support onto your
+ client support onto your favorite HTTP library, or provide support onto your
favourite web framework. If you're a maintainer of such a library, write a thin
veneer on top of OAuthLib and get OAuth support for very little effort.
@@ -45,7 +45,7 @@ Description: OAuthLib
pull request!
.. _`G+ community`: https://plus.google.com/communities/101889017375384052571
- .. _`Read the Docs`: https://oauthlib.readthedocs.org/en/latest/index.html
+ .. _`Read the Docs`: https://oauthlib.readthedocs.io/en/latest/index.html
Interested in making OAuth requests?
------------------------------------
@@ -104,7 +104,7 @@ Description: OAuthLib
completed, for providers as well as clients.* See `supported features`_ for
details.
- .. _`supported features`: http://oauthlib.readthedocs.org/en/latest/feature_matrix.html
+ .. _`supported features`: https://oauthlib.readthedocs.io/en/latest/feature_matrix.html
For a full changelog see ``CHANGELOG.rst``.
diff --git a/README.rst b/README.rst
index acf8209..47e989c 100644
--- a/README.rst
+++ b/README.rst
@@ -2,7 +2,7 @@ OAuthLib
========
*A generic, spec-compliant, thorough implementation of the OAuth request-signing
-logic.*
+logic for python*
.. image:: https://travis-ci.org/idan/oauthlib.png?branch=master
:target: https://travis-ci.org/idan/oauthlib
@@ -23,7 +23,7 @@ both of the following:
OAuthLib is a generic utility which implements the logic of OAuth without
assuming a specific HTTP request object or web framework. Use it to graft OAuth
-client support onto your favorite HTTP library, or provider support onto your
+client support onto your favorite HTTP library, or provide support onto your
favourite web framework. If you're a maintainer of such a library, write a thin
veneer on top of OAuthLib and get OAuth support for very little effort.
@@ -37,7 +37,7 @@ you'd like to know, or discuss it in our `G+ community`_, or even better, send a
pull request!
.. _`G+ community`: https://plus.google.com/communities/101889017375384052571
-.. _`Read the Docs`: https://oauthlib.readthedocs.org/en/latest/index.html
+.. _`Read the Docs`: https://oauthlib.readthedocs.io/en/latest/index.html
Interested in making OAuth requests?
------------------------------------
@@ -96,6 +96,6 @@ Changelog
completed, for providers as well as clients.* See `supported features`_ for
details.
-.. _`supported features`: http://oauthlib.readthedocs.org/en/latest/feature_matrix.html
+.. _`supported features`: https://oauthlib.readthedocs.io/en/latest/feature_matrix.html
For a full changelog see ``CHANGELOG.rst``.
diff --git a/oauthlib.egg-info/PKG-INFO b/oauthlib.egg-info/PKG-INFO
index 8e46ff2..81ee955 100644
--- a/oauthlib.egg-info/PKG-INFO
+++ b/oauthlib.egg-info/PKG-INFO
@@ -1,6 +1,6 @@
Metadata-Version: 1.1
Name: oauthlib
-Version: 1.0.3
+Version: 1.1.2
Summary: A generic, spec-compliant, thorough implementation of the OAuth request-signing logic
Home-page: https://github.com/idan/oauthlib
Author: Ib Lundgren
@@ -10,7 +10,7 @@ Description: OAuthLib
========
*A generic, spec-compliant, thorough implementation of the OAuth request-signing
- logic.*
+ logic for python*
.. image:: https://travis-ci.org/idan/oauthlib.png?branch=master
:target: https://travis-ci.org/idan/oauthlib
@@ -31,7 +31,7 @@ Description: OAuthLib
OAuthLib is a generic utility which implements the logic of OAuth without
assuming a specific HTTP request object or web framework. Use it to graft OAuth
- client support onto your favorite HTTP library, or provider support onto your
+ client support onto your favorite HTTP library, or provide support onto your
favourite web framework. If you're a maintainer of such a library, write a thin
veneer on top of OAuthLib and get OAuth support for very little effort.
@@ -45,7 +45,7 @@ Description: OAuthLib
pull request!
.. _`G+ community`: https://plus.google.com/communities/101889017375384052571
- .. _`Read the Docs`: https://oauthlib.readthedocs.org/en/latest/index.html
+ .. _`Read the Docs`: https://oauthlib.readthedocs.io/en/latest/index.html
Interested in making OAuth requests?
------------------------------------
@@ -104,7 +104,7 @@ Description: OAuthLib
completed, for providers as well as clients.* See `supported features`_ for
details.
- .. _`supported features`: http://oauthlib.readthedocs.org/en/latest/feature_matrix.html
+ .. _`supported features`: https://oauthlib.readthedocs.io/en/latest/feature_matrix.html
For a full changelog see ``CHANGELOG.rst``.
diff --git a/oauthlib.egg-info/SOURCES.txt b/oauthlib.egg-info/SOURCES.txt
index ec26b3a..0fe204d 100644
--- a/oauthlib.egg-info/SOURCES.txt
+++ b/oauthlib.egg-info/SOURCES.txt
@@ -1,3 +1,4 @@
+CHANGELOG.rst
LICENSE
MANIFEST.in
README.rst
@@ -9,7 +10,6 @@ oauthlib/uri_validate.py
oauthlib.egg-info/PKG-INFO
oauthlib.egg-info/SOURCES.txt
oauthlib.egg-info/dependency_links.txt
-oauthlib.egg-info/pbr.json
oauthlib.egg-info/requires.txt
oauthlib.egg-info/top_level.txt
oauthlib/oauth1/__init__.py
diff --git a/oauthlib.egg-info/pbr.json b/oauthlib.egg-info/pbr.json
deleted file mode 100644
index 46a8746..0000000
--- a/oauthlib.egg-info/pbr.json
+++ /dev/null
@@ -1 +0,0 @@
-{"is_release": true, "git_version": "e693176"}
\ No newline at end of file
diff --git a/oauthlib.egg-info/requires.txt b/oauthlib.egg-info/requires.txt
index 098d291..50fb2a3 100644
--- a/oauthlib.egg-info/requires.txt
+++ b/oauthlib.egg-info/requires.txt
@@ -11,8 +11,6 @@ pyjwt>=1.0.0
[test]
nose
-unittest2
cryptography
-mock
pyjwt>=1.0.0
blinker
diff --git a/oauthlib/__init__.py b/oauthlib/__init__.py
index 50afc05..0c857aa 100644
--- a/oauthlib/__init__.py
+++ b/oauthlib/__init__.py
@@ -10,7 +10,7 @@
"""
__author__ = 'Idan Gazit <idan at gazit.me>'
-__version__ = '1.0.3'
+__version__ = '1.1.2'
import logging
diff --git a/oauthlib/common.py b/oauthlib/common.py
index ed2b699..e5ab6eb 100644
--- a/oauthlib/common.py
+++ b/oauthlib/common.py
@@ -36,7 +36,7 @@ UNICODE_ASCII_CHARACTER_SET = ('abcdefghijklmnopqrstuvwxyz'
CLIENT_ID_CHARACTER_SET = (r' !"#$%&\'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMN'
'OPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}')
-PASSWORD_PATTERN = re.compile(r'password=[^&]+')
+SANITIZE_PATTERN = re.compile(r'([^&;]*(?:password|token)[^=]*=)[^&;]+', re.IGNORECASE)
INVALID_HEX_PATTERN = re.compile(r'%[^0-9A-Fa-f]|%[0-9A-Fa-f][^0-9A-Fa-f]')
always_safe = ('ABCDEFGHIJKLMNOPQRSTUVWXYZ'
@@ -109,7 +109,7 @@ def decode_params_utf8(params):
return decoded
-urlencoded = set(always_safe) | set('=&;%+~,*@!')
+urlencoded = set(always_safe) | set('=&;:%+~,*@!()/?')
def urldecode(query):
@@ -393,6 +393,7 @@ class Request(object):
"grant_type": None,
"redirect_uri": None,
"refresh_token": None,
+ "request_token": None,
"response_type": None,
"scope": None,
"scopes": None,
@@ -413,10 +414,13 @@ class Request(object):
def __repr__(self):
body = self.body
- if body and 'password=' in body:
- body = PASSWORD_PATTERN.sub('password=***', body)
+ headers = self.headers.copy()
+ if body:
+ body = SANITIZE_PATTERN.sub('\1<SANITIZED>', str(body))
+ if 'Authorization' in headers:
+ headers['Authorization'] = '<SANITIZED>'
return '<oauthlib.Request url="%s", http_method="%s", headers="%s", body="%s">' % (
- self.uri, self.http_method, self.headers, body)
+ self.uri, self.http_method, headers, body)
@property
def uri_query(self):
diff --git a/oauthlib/oauth2/rfc6749/grant_types/authorization_code.py b/oauthlib/oauth2/rfc6749/grant_types/authorization_code.py
index 658f5ad..31f06fc 100644
--- a/oauthlib/oauth2/rfc6749/grant_types/authorization_code.py
+++ b/oauthlib/oauth2/rfc6749/grant_types/authorization_code.py
@@ -95,8 +95,9 @@ class AuthorizationCodeGrant(GrantTypeBase):
.. _`Authorization Code Grant`: http://tools.ietf.org/html/rfc6749#section-4.1
"""
- def __init__(self, request_validator=None):
+ def __init__(self, request_validator=None, refresh_token=True):
self.request_validator = request_validator or RequestValidator()
+ self.refresh_token = refresh_token
def create_authorization_code(self, request):
"""Generates an authorization grant represented as a dictionary."""
@@ -237,7 +238,7 @@ class AuthorizationCodeGrant(GrantTypeBase):
log.debug('Client error during validation of %r. %r.', request, e)
return headers, e.json, e.status_code
- token = token_handler.create_token(request, refresh_token=True)
+ token = token_handler.create_token(request, refresh_token=self.refresh_token)
self.request_validator.invalidate_authorization_code(
request.client_id, request.code, request)
return headers, json.dumps(token), 200
diff --git a/oauthlib/oauth2/rfc6749/grant_types/refresh_token.py b/oauthlib/oauth2/rfc6749/grant_types/refresh_token.py
index 0ab10c9..9ecfe63 100644
--- a/oauthlib/oauth2/rfc6749/grant_types/refresh_token.py
+++ b/oauthlib/oauth2/rfc6749/grant_types/refresh_token.py
@@ -22,12 +22,9 @@ class RefreshTokenGrant(GrantTypeBase):
.. _`Refresh token grant`: http://tools.ietf.org/html/rfc6749#section-6
"""
- @property
- def issue_new_refresh_tokens(self):
- return True
-
def __init__(self, request_validator=None, issue_new_refresh_tokens=True):
self.request_validator = request_validator or RequestValidator()
+ self.issue_new_refresh_tokens = issue_new_refresh_tokens
def create_token_response(self, request, token_handler):
"""Create a new access token from a refresh_token.
diff --git a/oauthlib/oauth2/rfc6749/tokens.py b/oauthlib/oauth2/rfc6749/tokens.py
index 3252e90..53f42ca 100644
--- a/oauthlib/oauth2/rfc6749/tokens.py
+++ b/oauthlib/oauth2/rfc6749/tokens.py
@@ -28,7 +28,7 @@ class OAuth2Token(dict):
def __init__(self, params, old_scope=None):
super(OAuth2Token, self).__init__(params)
self._new_scope = None
- if 'scope' in params:
+ if 'scope' in params and params['scope']:
self._new_scope = set(utils.scope_to_list(params['scope']))
if old_scope is not None:
self._old_scope = set(utils.scope_to_list(old_scope))
@@ -232,6 +232,10 @@ class TokenBase(object):
class BearerToken(TokenBase):
+ __slots__ = (
+ 'request_validator', 'token_generator',
+ 'refresh_token_generator', 'expires_in'
+ )
def __init__(self, request_validator=None, token_generator=None,
expires_in=None, refresh_token_generator=None):
diff --git a/setup.cfg b/setup.cfg
index 861a9f5..ebbec92 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -1,5 +1,5 @@
[egg_info]
tag_build =
-tag_date = 0
tag_svn_revision = 0
+tag_date = 0
diff --git a/tests/oauth2/rfc6749/grant_types/test_authorization_code.py b/tests/oauth2/rfc6749/grant_types/test_authorization_code.py
index 61e63e2..e206b91 100644
--- a/tests/oauth2/rfc6749/grant_types/test_authorization_code.py
+++ b/tests/oauth2/rfc6749/grant_types/test_authorization_code.py
@@ -70,6 +70,23 @@ class AuthorizationCodeGrantTest(TestCase):
self.assertTrue(self.mock_validator.validate_grant_type.called)
self.assertTrue(self.mock_validator.invalidate_authorization_code.called)
+ def test_create_token_response_without_refresh_token(self):
+ self.auth.refresh_token = False # Not to issue refresh token.
+
+ bearer = BearerToken(self.mock_validator)
+ h, token, s = self.auth.create_token_response(self.request, bearer)
+ token = json.loads(token)
+ self.assertIn('access_token', token)
+ self.assertNotIn('refresh_token', token)
+ self.assertIn('expires_in', token)
+ self.assertIn('scope', token)
+ self.assertTrue(self.mock_validator.client_authentication_required.called)
+ self.assertTrue(self.mock_validator.authenticate_client.called)
+ self.assertTrue(self.mock_validator.validate_code.called)
+ self.assertTrue(self.mock_validator.confirm_redirect_uri.called)
+ self.assertTrue(self.mock_validator.validate_grant_type.called)
+ self.assertTrue(self.mock_validator.invalidate_authorization_code.called)
+
def test_invalid_request(self):
del self.request.code
self.assertRaises(errors.InvalidRequestError, self.auth.validate_token_request,
diff --git a/tests/test_common.py b/tests/test_common.py
index eadd79a..078b67b 100644
--- a/tests/test_common.py
+++ b/tests/test_common.py
@@ -40,10 +40,12 @@ class EncodingTest(TestCase):
self.assertItemsEqual(urldecode('foo_%20~=.bar-'),
[('foo_ ~', '.bar-')])
self.assertItemsEqual(urldecode('foo=1,2,3'), [('foo', '1,2,3')])
+ self.assertItemsEqual(urldecode('foo=(1,2,3)'), [('foo', '(1,2,3)')])
self.assertItemsEqual(urldecode('foo=bar.*'), [('foo', 'bar.*')])
self.assertItemsEqual(urldecode('foo=bar at spam'), [('foo', 'bar at spam')])
+ self.assertItemsEqual(urldecode('foo=bar/baz'), [('foo', 'bar/baz')])
+ self.assertItemsEqual(urldecode('foo=bar?baz'), [('foo', 'bar?baz')])
self.assertRaises(ValueError, urldecode, 'foo bar')
- self.assertRaises(ValueError, urldecode, '?')
self.assertRaises(ValueError, urldecode, '%R')
self.assertRaises(ValueError, urldecode, '%RA')
self.assertRaises(ValueError, urldecode, '%AR')
@@ -185,14 +187,36 @@ class RequestTest(TestCase):
with self.assertRaises(AttributeError):
getattr(r, 'does_not_exist')
+ def test_sanitizing_authorization_header(self):
+ r = Request(URI, headers={'Accept': 'application/json',
+ 'Authorization': 'Basic Zm9vOmJhcg=='}
+ )
+ self.assertNotIn('Zm9vOmJhcg==', repr(r))
+ self.assertIn('<SANITIZED>', repr(r))
+ # Double-check we didn't modify the underlying object:
+ self.assertEqual(r.headers['Authorization'], 'Basic Zm9vOmJhcg==')
+
+ def test_token_body(self):
+ payload = 'client_id=foo&refresh_token=bar'
+ r = Request(URI, body=payload)
+ self.assertNotIn('bar', repr(r))
+ self.assertIn('<SANITIZED>', repr(r))
+
+ payload = 'refresh_token=bar&client_id=foo'
+ r = Request(URI, body=payload)
+ self.assertNotIn('bar', repr(r))
+ self.assertIn('<SANITIZED>', repr(r))
+
def test_password_body(self):
payload = 'username=foo&password=bar'
r = Request(URI, body=payload)
self.assertNotIn('bar', repr(r))
+ self.assertIn('<SANITIZED>', repr(r))
payload = 'password=bar&username=foo'
r = Request(URI, body=payload)
self.assertNotIn('bar', repr(r))
+ self.assertIn('<SANITIZED>', repr(r))
class CaseInsensitiveDictTest(TestCase):
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/python-modules/packages/python-oauthlib.git
More information about the Python-modules-commits
mailing list