Testing for allowed grant types

Ryan-K · Apr 2, 2015 · fb764a3 · fb764a3
1 parent 764b580
commit fb764a3
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 2 deletions.
diff --git a/tests/test_oauth2/base.py b/tests/test_oauth2/base.py
@@ -34,6 +34,7 @@ class Client(db.Model):
                               nullable=False)
     _redirect_uris = db.Column(db.Text)
     default_scope = db.Column(db.Text, default='email address')
+    disallow_grant_type = db.Column(db.String(20))
 
     @property
     def user(self):
@@ -57,8 +58,13 @@ def default_scopes(self):
 
     @property
     def allowed_grant_types(self):
-        return ['authorization_code', 'password', 'client_credentials',
-                'refresh_token']
+        types = [
+            'authorization_code', 'password',
+            'client_credentials', 'refresh_token',
+        ]
+        if self.disallow_grant_type:
+            types.remove(self.disallow_grant_type)
+        return types
 
 
 class Grant(db.Model):

diff --git a/tests/test_oauth2/test_password.py b/tests/test_oauth2/test_password.py
@@ -70,6 +70,20 @@ def test_get_token(self):
         }, headers={'Authorization': 'Basic %s' % auth})
         assert b'access_token' in rv.data
 
+    def test_disallow_grant_type(self):
+        self.oauth_client.disallow_grant_type = 'password'
+        db.session.add(self.oauth_client)
+        db.session.commit()
+
+        rv = self.client.post('/oauth/token', data={
+            'grant_type': 'password',
+            'username': 'foo',
+            'password': 'right',
+            'client_id': self.oauth_client.client_id,
+            'client_secret': self.oauth_client.client_secret,
+        })
+        assert b'error' in rv.data
+
 
 class TestSQLAlchemyProvider(TestDefaultProvider):
     def create_server(self):