Merge pull request #24 from jamesholcombe/dev

Dev
jamesholcombe · Jul 6, 2023 · f9f4fbe · f9f4fbe
2 parents 40dafb6 + 9831db6
commit f9f4fbe
Show file tree

Hide file tree

Showing 5 changed files with 79 additions and 100 deletions.
diff --git a/dash_auth_external/auth.py b/dash_auth_external/auth.py
@@ -65,6 +65,7 @@ def __init__(
         external_auth_url: str,
         external_token_url: str,
         client_id: str,
+        client_secret: str = None,
         with_pkce=True,
         app_url: str = "http://127.0.0.1:8050",
         redirect_suffix: str = "/redirect",
@@ -75,6 +76,7 @@ def __init__(
         _secret_key: str = None,
         auth_request_headers: dict = None,
         token_request_headers: dict = None,
+        token_body_params: dict = None,
         scope: str = None,
         _server_name: str = __name__,
     ):
@@ -90,10 +92,10 @@ def __init__(
             auth_suffix (str, optional): The route that will trigger the initial redirect to the external OAuth provider. Defaults to "/".
             home_suffix (str, optional): The route your dash application will sit, relative to your url. Defaults to "/home".
             _flask_server (Flask, optional): Flask server to use if additional config required. Defaults to None.
-            _token_field_name (str, optional): The key for the token returned in JSON from the token endpoint. Defaults to "access_token".
             _secret_key (str, optional): Secret key for flask app, normally generated at runtime. Defaults to None.
-            auth_request_headers (dict, optional): Additional params to send to the authorization endpoint. Defaults to None.
+            auth_request_headers (dict, optional): Additional headers to send to the authorization endpoint. Defaults to None.
             token_request_headers (dict, optional): Additional headers to send to the access token endpoint. Defaults to None.
+            token_body_params (dict, optional): Additional body params to send to the access token endpoint. Defaults to None.
             scope (str, optional): Header required by most Oauth2 Providers. Defaults to None.
             _server_name (str, optional): The name of the Flask Server. Defaults to __name__, ignored if _flask_server is not None.
 
@@ -108,7 +110,6 @@ def __init__(
             token_request_headers = {}
 
         if _flask_server is None:
-
             app = Flask(
                 _server_name, instance_relative_config=False, static_folder="./assets"
             )
@@ -136,11 +137,11 @@ def __init__(
             app,
             external_token_url=external_token_url,
             client_id=client_id,
+            client_secret=client_secret,
             redirect_uri=redirect_uri,
             redirect_suffix=redirect_suffix,
             _home_suffix=home_suffix,
             token_request_headers=token_request_headers,
-            _token_field_name=_token_field_name,
             with_pkce=with_pkce,
         )
 
@@ -156,7 +157,6 @@ def __init__(
 
 
 def refresh_token(url: str, token_data: OAuth2Token, headers: dict) -> OAuth2Token:
-
     body = {
         "grant_type": "refresh_token",
         "refresh_token": token_data.refresh_token,

diff --git a/dash_auth_external/routes.py b/dash_auth_external/routes.py
@@ -66,7 +66,9 @@ def get_auth_code():
     return app
 
 
-def build_token_body(url: str, redirect_uri: str, client_id: str, with_pkce: bool):
+def build_token_body(
+    url: str, redirect_uri: str, client_id: str, with_pkce: bool, client_secret: str
+):
     query = urllib.parse.urlparse(url).query
     redirect_params = urllib.parse.parse_qs(query)
     code = redirect_params["code"][0]
@@ -80,9 +82,11 @@ def build_token_body(url: str, redirect_uri: str, client_id: str, with_pkce: boo
     )
 
     if with_pkce:
-
         body["code_verifier"] = session["cv"]
 
+    if client_secret:
+        body["client_secret"] = client_secret
+
     return body
 
 
@@ -93,7 +97,7 @@ def make_access_token_route(
     _home_suffix: str,
     redirect_uri: str,
     client_id: str,
-    _token_field_name: str,
+    client_secret: str,
     with_pkce: bool,
     token_request_headers: dict,
 ):
@@ -105,6 +109,7 @@ def get_token_route():
             redirect_uri=redirect_uri,
             with_pkce=with_pkce,
             client_id=client_id,
+            client_secret=client_secret,
         )
 
         response_data = token_request(
@@ -124,9 +129,5 @@ def get_token_route():
 
 def token_request(url: str, body: dict, headers: dict):
     r = requests.post(url, data=body, headers=headers)
-
-    if r.status_code != 200:
-        raise requests.RequestException(
-            f"{r.status_code} {r.reason}:The request to the access token endpoint failed."
-        )
+    r.raise_for_status()
     return r.json()
diff --git a/setup.py b/setup.py
@@ -12,8 +12,8 @@
 
 setup(
     name=NAME,
-    version="1.0.1",
-    description="Integrate Dash with 3rd Parties and external providers",
+    version="1.1.0",
+    description=long_description,
     python_requires=">=3.7",
     author_email="jholcombe@hotmail.co.uk",
     url="https://github.com/jamesholcombe/dash-auth-external",

diff --git a/tests/test_app.py b/tests/test_app.py
@@ -1,114 +1,91 @@
-"""Module for integation tests, testing full OAuth2 flow, excluding the get_token method
-"""
-
+import pytest
 from dash_auth_external import DashAuthExternal
 from unittest.mock import Mock
 from dash_auth_external.config import FLASK_SESSION_TOKEN_KEY
-from .test_config import EXERNAL_TOKEN_URL, EXTERNAL_AUTH_URL, CLIENT_ID
-from pytest_mock import mocker
+from .test_config import (
+    EXERNAL_TOKEN_URL,
+    EXTERNAL_AUTH_URL,
+    CLIENT_ID,
+    CLIENT_SECRET,
+)
 from requests_oauthlib import OAuth2Session
 
 
-def test_pkce_true(mocker):
+@pytest.mark.parametrize(
+    "with_pkce, with_client_secret",
+    [(True, True), (True, False), (False, True), (False, False)],
+)
+def test_flow(with_pkce, with_client_secret, mocker):
+
     auth = DashAuthExternal(
-        EXTERNAL_AUTH_URL, EXERNAL_TOKEN_URL, CLIENT_ID, with_pkce=True
+        EXTERNAL_AUTH_URL,
+        EXERNAL_TOKEN_URL,
+        CLIENT_ID,
+        with_pkce=with_pkce,
+        client_secret=CLIENT_SECRET if with_client_secret else None,
     )
-    app = auth.server
+    redirect_uri = "http://127.0.0.1:8050" + auth.redirect_suffix
 
-    redirect_uri = "http://localhost:8050"
     session_mock = Mock(
-        OAuth2Session(CLIENT_ID, redirect_uri=redirect_uri, scope=auth.scope)
+        OAuth2Session(
+            CLIENT_ID,
+            redirect_uri=redirect_uri,
+            scope=auth.scope,
+        )
     )
-
+    app = auth.server
     session_mock.authorization_url.return_value = ("https://example.com", "state")
 
     mocker.patch("dash_auth_external.routes.OAuth2Session", return_value=session_mock)
-
-    mocker.patch(
-        "dash_auth_external.routes.make_code_challenge",
-        return_value=("code_challenge", "code_verifier"),
+    token_request_mock = mocker.patch(
+        "dash_auth_external.routes.token_request",
+        return_value={
+            "access_token": "access_token",
+            "refresh_token": "refresh_token",
+            "token_type": "Bearer",
+            "expires_in": "3599",
+        },
     )
-
-    # mocking the two helper functions called within the view function for the redirect to home suffix.
-
-    with app.test_client() as client:
-
-        response = client.get(auth.auth_suffix)
-        assert response.status_code == 302
-
-        # assert that the authorization_url method was called with the correct arguments
-        session_mock.authorization_url.assert_called_with(
-            EXTERNAL_AUTH_URL,
-            code_challenge="code_challenge",
-            code_challenge_method="S256",
-        )
-
-        # user logs in and is redirected to the redirect_uri, with a code and state
-
-        # mocking the token request in the token route
+    expected_token_request_body = {
+        "grant_type": "authorization_code",
+        "code": "code",
+        "redirect_uri": redirect_uri,
+        "client_id": CLIENT_ID,
+        "state": "state",
+    }
+    if with_pkce:
+        expected_token_request_body["code_verifier"] = "code_verifier"
+    if with_client_secret:
+        expected_token_request_body["client_secret"] = CLIENT_SECRET
+
+    if with_pkce:
         mocker.patch(
-            "dash_auth_external.routes.token_request",
-            return_value={
-                "access_token": "access_token",
-                "refresh_token": "refresh_token",
-                "token_type": "Bearer",
-                "expires_in": "3599",
-            },
+            "dash_auth_external.routes.make_code_challenge",
+            return_value=("code_challenge", "code_verifier"),
         )
 
-        # now we call the token route with the code and state returned from the authorization_url method
-        response = client.get(
-            auth.redirect_suffix, query_string={"code": "code", "state": "state"}
-        )
-        assert response.status_code == 302
-        with client.session_transaction() as session:
-            token_data = session[FLASK_SESSION_TOKEN_KEY]
-            assert token_data["access_token"] == "access_token"
-            assert token_data["refresh_token"] == "refresh_token"
-            assert token_data["token_type"] == "Bearer"
-            assert token_data["expires_in"] == "3599"
-
-
-def test_pkce_false(mocker):
-    auth = DashAuthExternal(
-        EXTERNAL_AUTH_URL, EXERNAL_TOKEN_URL, CLIENT_ID, with_pkce=False
-    )
-    app = auth.server
-
-    redirect_uri = "http://localhost:8050"
-    session_mock = Mock(
-        OAuth2Session(CLIENT_ID, redirect_uri=redirect_uri, scope=auth.scope)
-    )
-
-    session_mock.authorization_url.return_value = ("https://example.com", "state")
-
-    mocker.patch("dash_auth_external.routes.OAuth2Session", return_value=session_mock)
-
     with app.test_client() as client:
-
         response = client.get(auth.auth_suffix)
         assert response.status_code == 302
 
-        # assert that the authorization_url method was called with the correct arguments
-        session_mock.authorization_url.assert_called_with(EXTERNAL_AUTH_URL)
-
-        # user logs in and is redirected to the redirect_uri, with a code and state
+        if with_pkce:
+            session_mock.authorization_url.assert_called_with(
+                EXTERNAL_AUTH_URL,
+                code_challenge="code_challenge",
+                code_challenge_method="S256",
+            )
+        else:
+            session_mock.authorization_url.assert_called_with(EXTERNAL_AUTH_URL)
 
-        # mocking the token request in the token route
-        mocker.patch(
-            "dash_auth_external.routes.token_request",
-            return_value={
-                "access_token": "access_token",
-                "refresh_token": "refresh_token",
-                "token_type": "Bearer",
-                "expires_in": "3599",
-            },
-        )
-
-        # now we call the token route with the code and state returned from the authorization_url method
         response = client.get(
             auth.redirect_suffix, query_string={"code": "code", "state": "state"}
         )
+        token_request_mock.assert_called_with(
+            url=EXERNAL_TOKEN_URL,
+            body=expected_token_request_body,
+            headers={},
+        )
+
         assert response.status_code == 302
         with client.session_transaction() as session:
             token_data = session[FLASK_SESSION_TOKEN_KEY]

diff --git a/tests/test_config.py b/tests/test_config.py
@@ -1,3 +1,4 @@
 CLIENT_ID = "FAKE_ID"
 EXERNAL_TOKEN_URL = "TOKEN_URL"
 EXTERNAL_AUTH_URL = "AUTH_URL"
+CLIENT_SECRET = "FAKE_SECRET"