API - get oauth client by id or client_id
This commit is contained in:
parent
7b3c44e21e
commit
458394fa53
@ -1,4 +1,4 @@
|
|||||||
from typing import Dict, Tuple, Union
|
from typing import Dict, Optional, Tuple, Union
|
||||||
|
|
||||||
from flask import Blueprint, Response, request
|
from flask import Blueprint, Response, request
|
||||||
|
|
||||||
@ -89,12 +89,15 @@ def create_client(auth_user: User) -> Union[HttpResponse, Tuple[Dict, int]]:
|
|||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
@oauth_blueprint.route('/oauth/apps/<string:client_id>', methods=['GET'])
|
def get_client(
|
||||||
@require_auth()
|
auth_user: User,
|
||||||
def get_client(auth_user: User, client_id: str) -> Union[Dict, HttpResponse]:
|
client_id: Optional[int],
|
||||||
|
client_client_id: Optional[str],
|
||||||
|
) -> Union[Dict, HttpResponse]:
|
||||||
|
key = 'id' if client_id else 'client_id'
|
||||||
|
value = client_id if client_id else client_client_id
|
||||||
client = OAuth2Client.query.filter_by(
|
client = OAuth2Client.query.filter_by(
|
||||||
id=client_id,
|
**{key: value, 'user_id': auth_user.id}
|
||||||
user_id=auth_user.id,
|
|
||||||
).first()
|
).first()
|
||||||
|
|
||||||
if not client:
|
if not client:
|
||||||
@ -106,6 +109,22 @@ def get_client(auth_user: User, client_id: str) -> Union[Dict, HttpResponse]:
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@oauth_blueprint.route('/oauth/apps/<string:client_id>', methods=['GET'])
|
||||||
|
@require_auth()
|
||||||
|
def get_client_by_client_id(
|
||||||
|
auth_user: User, client_id: str
|
||||||
|
) -> Union[Dict, HttpResponse]:
|
||||||
|
return get_client(auth_user, client_id=None, client_client_id=client_id)
|
||||||
|
|
||||||
|
|
||||||
|
@oauth_blueprint.route('/oauth/apps/<int:client_id>/by_id', methods=['GET'])
|
||||||
|
@require_auth()
|
||||||
|
def get_client_by_id(
|
||||||
|
auth_user: User, client_id: int
|
||||||
|
) -> Union[Dict, HttpResponse]:
|
||||||
|
return get_client(auth_user, client_id=client_id, client_client_id=None)
|
||||||
|
|
||||||
|
|
||||||
@oauth_blueprint.route('/oauth/apps/<string:client_id>', methods=['DELETE'])
|
@oauth_blueprint.route('/oauth/apps/<string:client_id>', methods=['DELETE'])
|
||||||
@require_auth()
|
@require_auth()
|
||||||
def delete_client(
|
def delete_client(
|
||||||
|
@ -549,8 +549,8 @@ class TestOAuthGetClients(ApiTestCaseMixin):
|
|||||||
assert data['data']['clients'] == []
|
assert data['data']['clients'] == []
|
||||||
|
|
||||||
|
|
||||||
class TestOAuthGetClient(ApiTestCaseMixin):
|
class TestOAuthGetClientById(ApiTestCaseMixin):
|
||||||
route = '/api/oauth/apps/{client_id}'
|
route = '/api/oauth/apps/{client_id}/by_id'
|
||||||
|
|
||||||
def test_it_returns_error_when_not_authenticated(
|
def test_it_returns_error_when_not_authenticated(
|
||||||
self, app: Flask, user_1: User
|
self, app: Flask, user_1: User
|
||||||
@ -630,10 +630,100 @@ class TestOAuthGetClient(ApiTestCaseMixin):
|
|||||||
app, user_1.email
|
app, user_1.email
|
||||||
)
|
)
|
||||||
oauth_client = self.create_oauth_client(user_2)
|
oauth_client = self.create_oauth_client(user_2)
|
||||||
client_id = oauth_client.id
|
|
||||||
|
|
||||||
response = client.delete(
|
response = client.get(
|
||||||
self.route.format(client_id=client_id),
|
self.route.format(client_id=oauth_client.id),
|
||||||
|
content_type='application/json',
|
||||||
|
headers=dict(Authorization=f'Bearer {auth_token}'),
|
||||||
|
)
|
||||||
|
|
||||||
|
self.assert_404_with_message(response, 'OAuth client not found')
|
||||||
|
|
||||||
|
|
||||||
|
class TestOAuthGetClientByClientId(ApiTestCaseMixin):
|
||||||
|
route = '/api/oauth/apps/{client_id}'
|
||||||
|
|
||||||
|
def test_it_returns_error_when_not_authenticated(
|
||||||
|
self, app: Flask, user_1: User
|
||||||
|
) -> None:
|
||||||
|
client = app.test_client()
|
||||||
|
|
||||||
|
response = client.get(
|
||||||
|
self.route.format(client_id=self.random_string()),
|
||||||
|
content_type='application/json',
|
||||||
|
)
|
||||||
|
|
||||||
|
self.assert_401(response)
|
||||||
|
|
||||||
|
def test_it_returns_error_when_client_not_found(
|
||||||
|
self, app: Flask, user_1: User
|
||||||
|
) -> None:
|
||||||
|
client, auth_token = self.get_test_client_and_auth_token(
|
||||||
|
app, user_1.email
|
||||||
|
)
|
||||||
|
|
||||||
|
response = client.get(
|
||||||
|
self.route.format(client_id=self.random_string()),
|
||||||
|
content_type='application/json',
|
||||||
|
headers=dict(Authorization=f'Bearer {auth_token}'),
|
||||||
|
)
|
||||||
|
|
||||||
|
self.assert_404_with_message(response, 'OAuth client not found')
|
||||||
|
|
||||||
|
def test_it_returns_user_oauth_client(
|
||||||
|
self, app: Flask, user_1: User
|
||||||
|
) -> None:
|
||||||
|
client, auth_token = self.get_test_client_and_auth_token(
|
||||||
|
app, user_1.email
|
||||||
|
)
|
||||||
|
client_description = self.random_string()
|
||||||
|
oauth_client = self.create_oauth_client(
|
||||||
|
user_1,
|
||||||
|
metadata={
|
||||||
|
**TEST_OAUTH_CLIENT_METADATA,
|
||||||
|
'client_description': client_description,
|
||||||
|
},
|
||||||
|
)
|
||||||
|
client_id = oauth_client.id
|
||||||
|
client_client_id = oauth_client.client_id
|
||||||
|
|
||||||
|
response = client.get(
|
||||||
|
self.route.format(client_id=client_client_id),
|
||||||
|
content_type='application/json',
|
||||||
|
headers=dict(Authorization=f'Bearer {auth_token}'),
|
||||||
|
)
|
||||||
|
|
||||||
|
assert response.status_code == 200
|
||||||
|
data = json.loads(response.data.decode())
|
||||||
|
assert data['data']['client']['client_id'] == client_client_id
|
||||||
|
assert 'client_secret' not in data['data']['client']
|
||||||
|
assert (
|
||||||
|
data['data']['client']['client_description'] == client_description
|
||||||
|
)
|
||||||
|
assert data['data']['client']['id'] == client_id
|
||||||
|
assert (
|
||||||
|
data['data']['client']['name']
|
||||||
|
== TEST_OAUTH_CLIENT_METADATA['client_name']
|
||||||
|
)
|
||||||
|
assert (
|
||||||
|
data['data']['client']['redirect_uris']
|
||||||
|
== TEST_OAUTH_CLIENT_METADATA['redirect_uris']
|
||||||
|
)
|
||||||
|
assert (
|
||||||
|
data['data']['client']['website']
|
||||||
|
== TEST_OAUTH_CLIENT_METADATA['client_uri']
|
||||||
|
)
|
||||||
|
|
||||||
|
def test_it_does_not_return_oauth_client_from_another_user(
|
||||||
|
self, app: Flask, user_1: User, user_2: User
|
||||||
|
) -> None:
|
||||||
|
client, auth_token = self.get_test_client_and_auth_token(
|
||||||
|
app, user_1.email
|
||||||
|
)
|
||||||
|
oauth_client = self.create_oauth_client(user_2)
|
||||||
|
|
||||||
|
response = client.get(
|
||||||
|
self.route.format(client_id=oauth_client.client_id),
|
||||||
content_type='application/json',
|
content_type='application/json',
|
||||||
headers=dict(Authorization=f'Bearer {auth_token}'),
|
headers=dict(Authorization=f'Bearer {auth_token}'),
|
||||||
)
|
)
|
||||||
|
Loading…
Reference in New Issue
Block a user