diff options
author | halcy <halcy@ARARAGI-KUN> | 2022-11-13 22:32:04 +0200 |
---|---|---|
committer | halcy <halcy@ARARAGI-KUN> | 2022-11-13 22:32:04 +0200 |
commit | 24c686f6b274e04082b13f159ea10d995c2ca281 (patch) | |
tree | 57b0095298f0564f6a5730a9b6a3ac9cdacb85b9 /tests | |
parent | 5b328d479c17e44a6dde96408d6c8680b6c11ee0 (diff) | |
download | mastodon.py-24c686f6b274e04082b13f159ea10d995c2ca281.tar.gz |
Improve auth support
Diffstat (limited to 'tests')
-rw-r--r-- | tests/cassettes/test_revoke.yaml | 253 | ||||
-rw-r--r-- | tests/test_auth.py | 27 |
2 files changed, 278 insertions, 2 deletions
diff --git a/tests/cassettes/test_revoke.yaml b/tests/cassettes/test_revoke.yaml new file mode 100644 index 0000000..1bbc487 --- /dev/null +++ b/tests/cassettes/test_revoke.yaml | |||
@@ -0,0 +1,253 @@ | |||
1 | interactions: | ||
2 | - request: | ||
3 | body: username=mastodonpy_test_2%40localhost%3A3000&password=5fc638e0e53eafd9c4145b6bb852667d&redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob&grant_type=password&client_id=__MASTODON_PY_TEST_CLIENT_ID&client_secret=__MASTODON_PY_TEST_CLIENT_SECRET&scope=read+write+follow+push | ||
4 | headers: | ||
5 | Accept: | ||
6 | - '*/*' | ||
7 | Accept-Encoding: | ||
8 | - gzip, deflate | ||
9 | Connection: | ||
10 | - keep-alive | ||
11 | Content-Length: | ||
12 | - '271' | ||
13 | Content-Type: | ||
14 | - application/x-www-form-urlencoded | ||
15 | User-Agent: | ||
16 | - tests/v311 | ||
17 | method: POST | ||
18 | uri: http://localhost:3000/oauth/token | ||
19 | response: | ||
20 | body: | ||
21 | string: '{"access_token":"s3ZSxpaa2Uhe9EcHankvkfaQZQGiWpdEWIhX7GuhDlk","token_type":"Bearer","scope":"read | ||
22 | write follow push","created_at":1668370881}' | ||
23 | headers: | ||
24 | Cache-Control: | ||
25 | - no-store | ||
26 | Content-Security-Policy: | ||
27 | - 'base-uri ''none''; default-src ''none''; frame-ancestors ''none''; font-src | ||
28 | ''self'' http://localhost:3000; img-src ''self'' https: data: blob: http://localhost:3000; | ||
29 | style-src ''self'' http://localhost:3000 ''nonce-pCi2AQ9aKYXwS29cp2OHAg==''; | ||
30 | media-src ''self'' https: data: http://localhost:3000; frame-src ''self'' | ||
31 | https:; manifest-src ''self'' http://localhost:3000; connect-src ''self'' | ||
32 | data: blob: http://localhost:3000 http://localhost:3000 ws://localhost:4000 | ||
33 | ws://localhost:3035 http://localhost:3035; script-src ''self'' ''unsafe-inline'' | ||
34 | ''unsafe-eval'' http://localhost:3000; child-src ''self'' blob: http://localhost:3000; | ||
35 | worker-src ''self'' blob: http://localhost:3000' | ||
36 | Content-Type: | ||
37 | - application/json; charset=utf-8 | ||
38 | ETag: | ||
39 | - W/"b4c5259bc2edbe94aab5df0f3b8ba79a" | ||
40 | Pragma: | ||
41 | - no-cache | ||
42 | Referrer-Policy: | ||
43 | - strict-origin-when-cross-origin | ||
44 | Transfer-Encoding: | ||
45 | - chunked | ||
46 | Vary: | ||
47 | - Accept, Origin | ||
48 | X-Content-Type-Options: | ||
49 | - nosniff | ||
50 | X-Download-Options: | ||
51 | - noopen | ||
52 | X-Frame-Options: | ||
53 | - SAMEORIGIN | ||
54 | X-Permitted-Cross-Domain-Policies: | ||
55 | - none | ||
56 | X-Request-Id: | ||
57 | - 086350f4-00fc-4d82-a5ce-2b557df59682 | ||
58 | X-Runtime: | ||
59 | - '0.040539' | ||
60 | X-XSS-Protection: | ||
61 | - 1; mode=block | ||
62 | status: | ||
63 | code: 200 | ||
64 | message: OK | ||
65 | - request: | ||
66 | body: client_id=__MASTODON_PY_TEST_CLIENT_ID&client_secret=__MASTODON_PY_TEST_CLIENT_SECRET&token=s3ZSxpaa2Uhe9EcHankvkfaQZQGiWpdEWIhX7GuhDlk | ||
67 | headers: | ||
68 | Accept: | ||
69 | - '*/*' | ||
70 | Accept-Encoding: | ||
71 | - gzip, deflate | ||
72 | Authorization: | ||
73 | - Bearer s3ZSxpaa2Uhe9EcHankvkfaQZQGiWpdEWIhX7GuhDlk | ||
74 | Connection: | ||
75 | - keep-alive | ||
76 | Content-Length: | ||
77 | - '135' | ||
78 | Content-Type: | ||
79 | - application/x-www-form-urlencoded | ||
80 | User-Agent: | ||
81 | - tests/v311 | ||
82 | method: POST | ||
83 | uri: http://localhost:3000/oauth/revoke | ||
84 | response: | ||
85 | body: | ||
86 | string: '{}' | ||
87 | headers: | ||
88 | Cache-Control: | ||
89 | - max-age=0, private, must-revalidate | ||
90 | Content-Security-Policy: | ||
91 | - 'base-uri ''none''; default-src ''none''; frame-ancestors ''none''; font-src | ||
92 | ''self'' http://localhost:3000; img-src ''self'' https: data: blob: http://localhost:3000; | ||
93 | style-src ''self'' http://localhost:3000 ''nonce-PqM4ChK427oGZ5jIKprkYQ==''; | ||
94 | media-src ''self'' https: data: http://localhost:3000; frame-src ''self'' | ||
95 | https:; manifest-src ''self'' http://localhost:3000; connect-src ''self'' | ||
96 | data: blob: http://localhost:3000 http://localhost:3000 ws://localhost:4000 | ||
97 | ws://localhost:3035 http://localhost:3035; script-src ''self'' ''unsafe-inline'' | ||
98 | ''unsafe-eval'' http://localhost:3000; child-src ''self'' blob: http://localhost:3000; | ||
99 | worker-src ''self'' blob: http://localhost:3000' | ||
100 | Content-Type: | ||
101 | - application/json; charset=utf-8 | ||
102 | ETag: | ||
103 | - W/"44136fa355b3678a1146ad16f7e8649e" | ||
104 | Referrer-Policy: | ||
105 | - strict-origin-when-cross-origin | ||
106 | Transfer-Encoding: | ||
107 | - chunked | ||
108 | Vary: | ||
109 | - Accept | ||
110 | X-Content-Type-Options: | ||
111 | - nosniff | ||
112 | X-Download-Options: | ||
113 | - noopen | ||
114 | X-Frame-Options: | ||
115 | - SAMEORIGIN | ||
116 | X-Permitted-Cross-Domain-Policies: | ||
117 | - none | ||
118 | X-Request-Id: | ||
119 | - 36ec7e63-b15b-487a-aa4a-c396db945794 | ||
120 | X-Runtime: | ||
121 | - '0.010431' | ||
122 | X-XSS-Protection: | ||
123 | - 1; mode=block | ||
124 | status: | ||
125 | code: 200 | ||
126 | message: OK | ||
127 | - request: | ||
128 | body: status=illegal+access+detected | ||
129 | headers: | ||
130 | Accept: | ||
131 | - '*/*' | ||
132 | Accept-Encoding: | ||
133 | - gzip, deflate | ||
134 | Connection: | ||
135 | - keep-alive | ||
136 | Content-Length: | ||
137 | - '30' | ||
138 | Content-Type: | ||
139 | - application/x-www-form-urlencoded | ||
140 | User-Agent: | ||
141 | - tests/v311 | ||
142 | method: POST | ||
143 | uri: http://localhost:3000/api/v1/statuses | ||
144 | response: | ||
145 | body: | ||
146 | string: '{"error":"The access token is invalid"}' | ||
147 | headers: | ||
148 | Cache-Control: | ||
149 | - no-store | ||
150 | Content-Security-Policy: | ||
151 | - 'base-uri ''none''; default-src ''none''; frame-ancestors ''none''; font-src | ||
152 | ''self'' http://localhost:3000; img-src ''self'' https: data: blob: http://localhost:3000; | ||
153 | style-src ''self'' http://localhost:3000 ''nonce-UClOh6+Y0zf3a4O/ysqT/w==''; | ||
154 | media-src ''self'' https: data: http://localhost:3000; frame-src ''self'' | ||
155 | https:; manifest-src ''self'' http://localhost:3000; connect-src ''self'' | ||
156 | data: blob: http://localhost:3000 http://localhost:3000 ws://localhost:4000 | ||
157 | ws://localhost:3035 http://localhost:3035; script-src ''self'' ''unsafe-inline'' | ||
158 | ''unsafe-eval'' http://localhost:3000; child-src ''self'' blob: http://localhost:3000; | ||
159 | worker-src ''self'' blob: http://localhost:3000' | ||
160 | Content-Type: | ||
161 | - application/json; charset=utf-8 | ||
162 | Pragma: | ||
163 | - no-cache | ||
164 | Referrer-Policy: | ||
165 | - strict-origin-when-cross-origin | ||
166 | Transfer-Encoding: | ||
167 | - chunked | ||
168 | Vary: | ||
169 | - Accept, Origin | ||
170 | WWW-Authenticate: | ||
171 | - Bearer realm="Doorkeeper", error="invalid_token", error_description="The access | ||
172 | token is invalid" | ||
173 | X-Content-Type-Options: | ||
174 | - nosniff | ||
175 | X-Download-Options: | ||
176 | - noopen | ||
177 | X-Frame-Options: | ||
178 | - SAMEORIGIN | ||
179 | X-Permitted-Cross-Domain-Policies: | ||
180 | - none | ||
181 | X-Request-Id: | ||
182 | - ab1f9d04-149b-431a-b2b0-79921d45f3bc | ||
183 | X-Runtime: | ||
184 | - '0.005292' | ||
185 | X-XSS-Protection: | ||
186 | - 1; mode=block | ||
187 | status: | ||
188 | code: 401 | ||
189 | message: Unauthorized | ||
190 | - request: | ||
191 | body: status=illegal+access+detected | ||
192 | headers: | ||
193 | Accept: | ||
194 | - '*/*' | ||
195 | Accept-Encoding: | ||
196 | - gzip, deflate | ||
197 | Connection: | ||
198 | - keep-alive | ||
199 | Content-Length: | ||
200 | - '30' | ||
201 | Content-Type: | ||
202 | - application/x-www-form-urlencoded | ||
203 | User-Agent: | ||
204 | - tests/v311 | ||
205 | method: POST | ||
206 | uri: http://localhost:3000/api/v1/statuses | ||
207 | response: | ||
208 | body: | ||
209 | string: '{"error":"The access token is invalid"}' | ||
210 | headers: | ||
211 | Cache-Control: | ||
212 | - no-store | ||
213 | Content-Security-Policy: | ||
214 | - 'base-uri ''none''; default-src ''none''; frame-ancestors ''none''; font-src | ||
215 | ''self'' http://localhost:3000; img-src ''self'' https: data: blob: http://localhost:3000; | ||
216 | style-src ''self'' http://localhost:3000 ''nonce-ZTmQUUs9q7lX74Aa3bTgzA==''; | ||
217 | media-src ''self'' https: data: http://localhost:3000; frame-src ''self'' | ||
218 | https:; manifest-src ''self'' http://localhost:3000; connect-src ''self'' | ||
219 | data: blob: http://localhost:3000 http://localhost:3000 ws://localhost:4000 | ||
220 | ws://localhost:3035 http://localhost:3035; script-src ''self'' ''unsafe-inline'' | ||
221 | ''unsafe-eval'' http://localhost:3000; child-src ''self'' blob: http://localhost:3000; | ||
222 | worker-src ''self'' blob: http://localhost:3000' | ||
223 | Content-Type: | ||
224 | - application/json; charset=utf-8 | ||
225 | Pragma: | ||
226 | - no-cache | ||
227 | Referrer-Policy: | ||
228 | - strict-origin-when-cross-origin | ||
229 | Transfer-Encoding: | ||
230 | - chunked | ||
231 | Vary: | ||
232 | - Accept, Origin | ||
233 | WWW-Authenticate: | ||
234 | - Bearer realm="Doorkeeper", error="invalid_token", error_description="The access | ||
235 | token is invalid" | ||
236 | X-Content-Type-Options: | ||
237 | - nosniff | ||
238 | X-Download-Options: | ||
239 | - noopen | ||
240 | X-Frame-Options: | ||
241 | - SAMEORIGIN | ||
242 | X-Permitted-Cross-Domain-Policies: | ||
243 | - none | ||
244 | X-Request-Id: | ||
245 | - 9a7ad262-0d94-4df6-92a5-a670d6515979 | ||
246 | X-Runtime: | ||
247 | - '0.004613' | ||
248 | X-XSS-Protection: | ||
249 | - 1; mode=block | ||
250 | status: | ||
251 | code: 401 | ||
252 | message: Unauthorized | ||
253 | version: 1 | ||
diff --git a/tests/test_auth.py b/tests/test_auth.py index c3acb66..a14b4e7 100644 --- a/tests/test_auth.py +++ b/tests/test_auth.py | |||
@@ -22,15 +22,38 @@ def test_log_in_none(api_anonymous): | |||
22 | with pytest.raises(MastodonIllegalArgumentError): | 22 | with pytest.raises(MastodonIllegalArgumentError): |
23 | api_anonymous.log_in() | 23 | api_anonymous.log_in() |
24 | 24 | ||
25 | |||
26 | @pytest.mark.vcr() | 25 | @pytest.mark.vcr() |
27 | def test_log_in_password(api_anonymous): | 26 | def test_log_in_password(api_anonymous): |
28 | token = api_anonymous.log_in( | 27 | token = api_anonymous.log_in( |
29 | username='mastodonpy_test_2@localhost:3000', | 28 | username='mastodonpy_test_2@localhost:3000', |
30 | password='5fc638e0e53eafd9c4145b6bb852667d') | 29 | password='5fc638e0e53eafd9c4145b6bb852667d' |
30 | ) | ||
31 | assert token | 31 | assert token |
32 | 32 | ||
33 | @pytest.mark.vcr() | 33 | @pytest.mark.vcr() |
34 | def test_revoke(api_anonymous): | ||
35 | token = api_anonymous.log_in( | ||
36 | username='mastodonpy_test_2@localhost:3000', | ||
37 | password='5fc638e0e53eafd9c4145b6bb852667d' | ||
38 | ) | ||
39 | api_anonymous.revoke_access_token() | ||
40 | |||
41 | try: | ||
42 | api_anonymous.toot("illegal access detected") | ||
43 | assert False | ||
44 | except Exception as e: | ||
45 | print(e) | ||
46 | pass | ||
47 | |||
48 | api_revoked_token = Mastodon(access_token = token) | ||
49 | try: | ||
50 | api_anonymous.toot("illegal access detected") | ||
51 | assert False | ||
52 | except Exception as e: | ||
53 | print(e) | ||
54 | pass | ||
55 | |||
56 | @pytest.mark.vcr() | ||
34 | def test_log_in_password_incorrect(api_anonymous): | 57 | def test_log_in_password_incorrect(api_anonymous): |
35 | with pytest.raises(MastodonIllegalArgumentError): | 58 | with pytest.raises(MastodonIllegalArgumentError): |
36 | api_anonymous.log_in( | 59 | api_anonymous.log_in( |