Added tests for _authenticate_basic_auth:

hirokiky · hirokiky · commit d9033bd86f4b · 2015-01-13T14:40:00.000+09:00
Now OAuth2Validator._authenticate_basic_auth contains 2 valunerabilities:

* It will raise TypeError, if auth_string cant be decoded as base64
* It will raise UnicodeDecodeError, if b64 decoded string cant be decoded as unicode
diff --git a/oauth2_provider/tests/test_oauth2_validators.py b/oauth2_provider/tests/test_oauth2_validators.py
@@ -45,6 +45,36 @@ def test_extract_basic_auth(self):
         self.request.headers = {'HTTP_AUTHORIZATION': 'Basic 123456 789'}
         self.assertEqual(self.validator._extract_basic_auth(self.request), '123456 789')
 
+    def test_authenticate_basic_auth(self):
+        self.request.encoding = 'utf-8'
+        # client_id:client_secret
+        self.request.headers = {'HTTP_AUTHORIZATION': 'Basic Y2xpZW50X2lkOmNsaWVudF9zZWNyZXQ=\n'}
+        self.assertTrue(self.validator._authenticate_basic_auth(self.request))
+
+    def test_authenticate_basic_auth_wrong_client_id(self):
+        self.request.encoding = 'utf-8'
+        # wrong_id:client_secret
+        self.request.headers = {'HTTP_AUTHORIZATION': 'Basic d3JvbmdfaWQ6Y2xpZW50X3NlY3JldA==\n'}
+        self.assertFalse(self.validator._authenticate_basic_auth(self.request))
+
+    def test_authenticate_basic_auth_wrong_client_secret(self):
+        self.request.encoding = 'utf-8'
+        # client_id:wrong_secret
+        self.request.headers = {'HTTP_AUTHORIZATION': 'Basic Y2xpZW50X2lkOndyb25nX3NlY3JldA==\n'}
+        self.assertFalse(self.validator._authenticate_basic_auth(self.request))
+
+    def test_authenticate_basic_auth_not_b64_auth_string(self):
+        self.request.encoding = 'utf-8'
+        # Can't b64decode
+        self.request.headers = {'HTTP_AUTHORIZATION': 'Basic not_base64'}
+        self.assertFalse(self.validator._authenticate_basic_auth(self.request))
+
+    def test_authenticate_basic_auth_not_utf8(self):
+        self.request.encoding = 'utf-8'
+        # b64decode('test') will become b'\xb5\xeb-', it can't be decoded as utf-8
+        self.request.headers = {'HTTP_AUTHORIZATION': 'Basic test'}
+        self.assertFalse(self.validator._authenticate_basic_auth(self.request))
+
     def test_authenticate_client_id(self):
         self.assertTrue(self.validator.authenticate_client_id('client_id', self.request))
 
