Add end-to-end OAuth login and attach tests

2016-12-08 18:35:42 -05:00 · 2016-12-08 18:35:42 -05:00 · dbdcb802b1
commit dbdcb802b1
parent 36324708db
4 changed files with 194 additions and 13 deletions
--- a/endpoints/oauthlogin.py
+++ b/endpoints/oauthlogin.py
@ -32,7 +32,10 @@ def render_ologin_error(service_name, error_message=None, register_redirect=Fals
    'user_creation': user_creation,
    'register_redirect': register_redirect,
  }
-  return index('', error_info=error_info)
+
+  resp = index('', error_info=error_info)
+  resp.status_code = 400
+  return resp


 def get_user(service, token):
@ -114,6 +117,9 @@ def google_oauth_callback():

  code = request.args.get('code')
  token = google_login.exchange_code_for_token(app.config, client, code, form_encode=True)
+  if token is None:
+    return render_ologin_error('Google')
+
  user_data = get_user(google_login, token)
  if not user_data or not user_data.get('id', None) or not user_data.get('email', None):
    return render_ologin_error('Google')
@ -145,6 +151,8 @@ def github_oauth_callback():
  # Exchange the OAuth code.
  code = request.args.get('code')
  token = github_login.exchange_code_for_token(app.config, client, code)
+  if token is None:
+    return render_ologin_error('GitHub')

  # Retrieve the user's information.
  user_data = get_user(github_login, token)
@ -177,6 +185,8 @@ def github_oauth_callback():
  # Find the e-mail address for the user: we will accept any email, but we prefer the primary
  get_email = client.get(github_login.email_endpoint(), params=token_param,
                         headers=v3_media_type)
+  if get_email.status_code / 100 != 2:
+    return render_ologin_error('GitHub')

  found_email = None
  for user_email in get_email.json():
@ -206,6 +216,8 @@ def google_oauth_attach():
  code = request.args.get('code')
  token = google_login.exchange_code_for_token(app.config, client, code,
                                               redirect_suffix='/attach', form_encode=True)
+  if token is None:
+    return render_ologin_error('Google')

  user_data = get_user(google_login, token)
  if not user_data or not user_data.get('id', None):
@ -243,6 +255,9 @@ def google_oauth_attach():
 def github_oauth_attach():
  code = request.args.get('code')
  token = github_login.exchange_code_for_token(app.config, client, code)
+  if token is None:
+    return render_ologin_error('GitHub')
+
  user_data = get_user(github_login, token)
  if not user_data:
    return render_ologin_error('GitHub')
@ -292,10 +307,12 @@ def dex_oauth_callback():

  token = dex_login.exchange_code_for_token(app.config, client, code, client_auth=True,
                                            form_encode=True)
+  if token is None:
+    return render_ologin_error(dex_login.public_title)

  try:
    payload = decode_user_jwt(token, dex_login)
-  except InvalidTokenError:
+  except InvalidTokenError as ite:
    logger.exception('Exception when decoding returned JWT')
    return render_ologin_error(
      dex_login.public_title,
@ -328,7 +345,7 @@ def dex_oauth_attach():
  code = request.args.get('code')
  token = dex_login.exchange_code_for_token(app.config, client, code, redirect_suffix='/attach',
                                            client_auth=True, form_encode=True)
-  if not token:
+  if token is None:
    return render_ologin_error(dex_login.public_title)

  try: