Fix the inconsistent fails with public and admin hosts

Signed-off-by: Christian Tavares <christian.tavares@ossystems.com.br>
OSSystems · Nov 28, 2018 · 4abf07e · 4abf07e
1 parent 674894b
commit 4abf07e
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 31 deletions.
diff --git a/hydra/clients.py b/hydra/clients.py
@@ -54,32 +54,32 @@ def as_dict(self):
 
 class ClientManager(HydraManager):
 
-    SCOPE = 'hydra.clients'
+    # SCOPE = 'hydra.clients'
 
     def create(self, client):
         response = self.hydra.request(
-            'POST', '/clients', scope=self.SCOPE, json=client.as_dict())
+            'POST', '/clients', json=client.as_dict())
         if response.ok:
             return Client(**response.json())
 
     def get(self, client_id):
         path = '/clients/{}'.format(client_id)
-        response = self.hydra.request('GET', path, scope=self.SCOPE)
+        response = self.hydra.request('GET', path)
         if response.ok:
             return Client(**response.json())
 
     def update(self, client):
         path = '/clients/{}'.format(client.id)
         response = self.hydra.request(
-            'PUT', path, scope=self.SCOPE, json=client.as_dict())
+            'PUT', path, json=client.as_dict())
         if response.ok:
             return Client(**response.json())
 
     def delete(self, client_id):
         path = '/clients/{}'.format(client_id)
-        self.hydra.request('DELETE', path, scope=self.SCOPE)
+        self.hydra.request('DELETE', path)
 
     def all(self):
-        response = self.hydra.request('GET', '/clients', scope=self.SCOPE)
+        response = self.hydra.request('GET', '/clients')
         if response.ok:
             return [Client(**data) for data in response.json()]
diff --git a/hydra/oauth2.py b/hydra/oauth2.py
@@ -43,21 +43,18 @@ def __init__(self, publichost, adminhost, client, secret):
         self.secret = secret
         self._tokens = {}
 
-    def request(self, method, path, token=True, **kwargs):
+    def request(self, method, path, token=False, **kwargs):
         if token:
-            url = urljoin(self.adminhost, path)
+            url = urljoin(self.publichost, path)
             return self._token_request(method, url, **kwargs)
-        url = urljoin(self.publichost, path)
-        return self._basic_request(method, url, **kwargs)
+        url = urljoin(self.adminhost, path)
+        return self._admin_request(method, url, **kwargs)
 
-    def _basic_request(self, method, url, **kwargs):
-        kwargs['auth'] = (self.client, self.secret)
+    def _admin_request(self, method, url, **kwargs):
         return requests.request(method, url, **kwargs)
 
     def _token_request(self, method, url, scope=None, **kwargs):
-        token = self.get_access_token(scope)
-        headers = kwargs.setdefault('headers', {})
-        headers['Authorization'] = str(token)
+        kwargs['auth'] = (self.client, self.secret)
         return requests.request(method, url, **kwargs)
 
     def get_access_token(self, scope=None):
@@ -68,8 +65,9 @@ def get_access_token(self, scope=None):
 
         if scope is not None:
             data['scope'] = scope
-        response = self.request(
-            'POST', '/oauth2/token', token=False, data=data)
+        response = requests.request(
+            'POST', urljoin(self.publichost, '/oauth2/token'),
+            auth=(self.client, self.secret), data=data)
         if response.ok:
             token = Token(**response.json())
             self._tokens[scope] = token
@@ -83,7 +81,7 @@ def instrospect_token(self, token):
 
     def revoke_token(self, token):
         response = self.request(
-            'POST', '/oauth2/revoke', token=False, data={'token': token.token})
+            'POST', '/oauth2/revoke', token=True, data={'token': token.token})
         return response.ok
 
     def get_login_request(self, challenge):

diff --git a/tests/test_oauth2.py b/tests/test_oauth2.py
@@ -67,19 +67,20 @@ def test_can_create_client(self):
     def test_request_with_basic_authentication(self, request):
         c = Client(**self.data)
         c.request(
-            'POST', '/oauth2/token', token=False, json={'token': 'foobar'})
+            'POST', '/oauth2/token', token=False,
+            auth=('client', 'secret'), json={'token': 'foobar'})
         request.assert_called_with(
-            'POST', 'http://localhost:4444/oauth2/token',
+            'POST', 'http://localhost:4445/oauth2/token',
             auth=('client', 'secret'), json={'token': 'foobar'})
 
     @patch('requests.request')
     def test_request_with_token_authentication(self, request):
         request.return_value.json.return_value = self.token_response
         c = Client(**self.data)
         c.request('GET', '/clients', token=True)
-        headers = {'Authorization': 'bearer super-token'}
+        auth = ('client', 'secret')
         request.assert_called_with(
-            'GET', 'http://localhost:4445/clients', headers=headers)
+            'GET', 'http://localhost:4444/clients', auth=auth)
 
     @patch('requests.request')
     def test_can_get_access_token(self, request):
@@ -122,20 +123,20 @@ def test_can_instrospect_token(self, request):
         request.return_value.json.return_value = self.token_response
         c = Client(**self.data)
         c.instrospect_token(self.token)
-        headers = {'Authorization': 'bearer super-token'}
         data = {'token': 'super-token'}
         request.assert_called_with(
             'POST', 'http://localhost:4445/oauth2/introspect',
-            data=data, headers=headers)
+            data=data)
 
     @patch('requests.request')
     def test_can_revoke_token(self, request):
         c = Client(**self.data)
         c.revoke_token(self.token)
         data = {'token': 'super-token'}
+        auth = ('client', 'secret')
         request.assert_called_with(
             'POST', 'http://localhost:4444/oauth2/revoke',
-            data=data, auth=('client', 'secret'))
+            data=data, auth=auth)
 
     @patch('requests.request')
     def test_can_get_login_request(self, request):
@@ -144,8 +145,7 @@ def test_can_get_login_request(self, request):
         request.assert_called_with(
             'GET',
             'http://localhost:4445/oauth2/auth/requests/login/{}'
-            .format(self.challenge),
-            headers={'Authorization': 'None None'})
+            .format(self.challenge))
 
     @patch('requests.request')
     def test_can_accept_login_request(self, request):
@@ -160,7 +160,6 @@ def test_can_accept_login_request(self, request):
             'PUT',
             'http://localhost:4445/oauth2/auth/requests/login/{}/accept'
             .format(self.challenge),
-            headers={'Authorization': 'None None'},
             json=accept_config)
 
     @patch('requests.request')
@@ -170,8 +169,7 @@ def test_can_get_consent_request(self, request):
         request.assert_called_with(
             'GET',
             'http://localhost:4445/oauth2/auth/requests/consent/{}'
-            .format(self.challenge),
-            headers={'Authorization': 'None None'})
+            .format(self.challenge))
 
     @patch('requests.request')
     def test_can_accept_consent_request(self, request):
@@ -188,5 +186,4 @@ def test_can_accept_consent_request(self, request):
             'PUT',
             'http://localhost:4445/oauth2/auth/requests/consent/{}/accept'
             .format(self.challenge),
-            headers={'Authorization': 'None None'},
             json=accept_config)