From fb764a3540ad547598fbcdacadfb51b43348bf6d Mon Sep 17 00:00:00 2001 From: Hsiaoming Yang Date: Thu, 2 Apr 2015 14:55:44 +0800 Subject: [PATCH] Testing for allowed grant types --- tests/test_oauth2/base.py | 10 ++++++++-- tests/test_oauth2/test_password.py | 14 ++++++++++++++ 2 files changed, 22 insertions(+), 2 deletions(-) diff --git a/tests/test_oauth2/base.py b/tests/test_oauth2/base.py index 8bc6e3b7..9915d7b3 100644 --- a/tests/test_oauth2/base.py +++ b/tests/test_oauth2/base.py @@ -34,6 +34,7 @@ class Client(db.Model): nullable=False) _redirect_uris = db.Column(db.Text) default_scope = db.Column(db.Text, default='email address') + disallow_grant_type = db.Column(db.String(20)) @property def user(self): @@ -57,8 +58,13 @@ def default_scopes(self): @property def allowed_grant_types(self): - return ['authorization_code', 'password', 'client_credentials', - 'refresh_token'] + types = [ + 'authorization_code', 'password', + 'client_credentials', 'refresh_token', + ] + if self.disallow_grant_type: + types.remove(self.disallow_grant_type) + return types class Grant(db.Model): diff --git a/tests/test_oauth2/test_password.py b/tests/test_oauth2/test_password.py index 6a857c6d..20c11b57 100644 --- a/tests/test_oauth2/test_password.py +++ b/tests/test_oauth2/test_password.py @@ -70,6 +70,20 @@ def test_get_token(self): }, headers={'Authorization': 'Basic %s' % auth}) assert b'access_token' in rv.data + def test_disallow_grant_type(self): + self.oauth_client.disallow_grant_type = 'password' + db.session.add(self.oauth_client) + db.session.commit() + + rv = self.client.post('/oauth/token', data={ + 'grant_type': 'password', + 'username': 'foo', + 'password': 'right', + 'client_id': self.oauth_client.client_id, + 'client_secret': self.oauth_client.client_secret, + }) + assert b'error' in rv.data + class TestSQLAlchemyProvider(TestDefaultProvider): def create_server(self):