Use JSON encoding/decoding in HTTP requests

johngian · johngian · commit a7cb8ec27bae · 2016-10-31T11:24:37.000+01:00
diff --git a/mozilla_django_oidc/auth.py b/mozilla_django_oidc/auth.py
@@ -46,17 +46,19 @@ def authenticate(self, code=None, state=None):
 
         # Get the token
         response = requests.post(self.OIDC_OP_TOKEN_ENDPOINT,
-                                 data=token_payload,
+                                 json=token_payload,
                                  verify=import_from_settings('VERIFY_SSL', True))
         # Validate the token
-        payload = self.verify_token(response.get('id_token'))
+        token_response = response.json()
+        payload = self.verify_token(token_response.get('id_token'))
 
         if payload:
             query = urlencode({
-                'access_token': response.get('access_token')
+                'access_token': token_response.get('access_token')
             })
-            user_info = requests.get('{url}?{query}'.format(url=self.OIDC_OP_USER_ENDPOINT,
-                                                            query=query))
+            user_response = requests.get('{url}?{query}'.format(url=self.OIDC_OP_USER_ENDPOINT,
+                                                                query=query))
+            user_info = user_response.json()
 
             try:
                 return self.UserModel.objects.get(email=user_info['verified_email'])
diff --git a/tests/test_auth.py b/tests/test_auth.py
@@ -1,4 +1,4 @@
-from mock import patch
+from mock import Mock, patch
 
 from django.contrib.auth import get_user_model
 from django.core.urlresolvers import reverse
@@ -26,14 +26,18 @@ def test_invalid_token(self, request_mock, token_mock):
         """Test authentication with an invalid token."""
 
         token_mock.return_value = None
-        request_mock.get.return_value = {
+        get_json_mock = Mock()
+        get_json_mock.json.return_value = {
             'username': 'username',
             'verified_email': 'email@example.com'
         }
-        request_mock.post.return_value = {
+        request_mock.get.return_value = get_json_mock
+        post_json_mock = Mock()
+        post_json_mock.json.return_value = {
             'id_token': 'id_token',
             'accesss_token': 'access_token'
         }
+        request_mock.post.return_value = post_json_mock
         self.assertEqual(self.backend.authenticate(code='foo', state='bar'), None)
 
     def test_get_user(self):
@@ -55,14 +59,19 @@ def test_successful_authentication_existing_user(self, token_mock, request_mock)
         user = User.objects.create_user(username='a_username',
                                         email='email@example.com')
         token_mock.return_value = True
-        request_mock.get.return_value = {
+        get_json_mock = Mock()
+        get_json_mock.json.return_value = {
             'username': 'a_username',
             'verified_email': 'email@example.com'
         }
-        request_mock.post.return_value = {
+        request_mock.get.return_value = get_json_mock
+        post_json_mock = Mock()
+        post_json_mock.json.return_value = {
             'id_token': 'id_token',
             'access_token': 'access_granted'
         }
+        request_mock.post.return_value = post_json_mock
+
         post_data = {
             'client_id': 'example_id',
             'client_secret': 'example_secret',
@@ -73,7 +82,7 @@ def test_successful_authentication_existing_user(self, token_mock, request_mock)
         self.assertEqual(self.backend.authenticate(code='foo', state='bar'), user)
         token_mock.assert_called_once_with('id_token')
         request_mock.post.assert_called_once_with('https://server.example.com/token',
-                                                  data=post_data,
+                                                  json=post_data,
                                                   verify=True)
         request_mock.get.assert_called_once_with(
             'https://server.example.com/user?access_token=access_granted'
@@ -85,14 +94,18 @@ def test_successful_authentication_new_user(self, token_mock, request_mock):
         """Test successful authentication and user creation."""
 
         token_mock.return_value = True
-        request_mock.get.return_value = {
+        get_json_mock = Mock()
+        get_json_mock.json.return_value = {
             'username': 'a_username',
             'verified_email': 'email@example.com'
         }
-        request_mock.post.return_value = {
+        request_mock.get.return_value = get_json_mock
+        post_json_mock = Mock()
+        post_json_mock.json.return_value = {
             'id_token': 'id_token',
             'access_token': 'access_granted'
         }
+        request_mock.post.return_value = post_json_mock
         post_data = {
             'client_id': 'example_id',
             'client_secret': 'example_secret',
@@ -109,7 +122,7 @@ def test_successful_authentication_new_user(self, token_mock, request_mock):
 
         token_mock.assert_called_once_with('id_token')
         request_mock.post.assert_called_once_with('https://server.example.com/token',
-                                                  data=post_data,
+                                                  json=post_data,
                                                   verify=True)
         request_mock.get.assert_called_once_with(
             'https://server.example.com/user?access_token=access_granted'
@@ -125,14 +138,18 @@ def test_authenticate_no_code_no_state(self):
     def test_jwt_decode_params(self, request_mock, jwt_mock):
         """Test jwt verification signature."""
 
-        request_mock.get.return_value = {
+        get_json_mock = Mock()
+        get_json_mock.json.return_value = {
             'username': 'username',
             'verified_email': 'email@example.com'
         }
-        request_mock.post.return_value = {
+        request_mock.get.return_value = get_json_mock
+        post_json_mock = Mock()
+        post_json_mock.json.return_value = {
             'id_token': 'token',
             'access_token': 'access_token'
         }
+        request_mock.post.return_value = post_json_mock
         self.backend.authenticate(code='foo', state='bar')
         jwt_mock.decode.assert_called_once_with('token', 'example_secret', verify=True)
 
@@ -142,13 +159,18 @@ def test_jwt_decode_params(self, request_mock, jwt_mock):
     def test_jwt_decode_params_verify_false(self, request_mock, jwt_mock):
         """Test jwt verification signature with verify False"""
 
-        request_mock.get.return_value = {
+        get_json_mock = Mock()
+        get_json_mock.json.return_value = {
             'username': 'username',
             'verified_email': 'email@example.com'
         }
-        request_mock.post.return_value = {
+        request_mock.get.return_value = get_json_mock
+        post_json_mock = Mock()
+        post_json_mock.json.return_value = {
             'id_token': 'token',
             'access_token': 'access_token'
         }
+        request_mock.post.return_value = post_json_mock
+
         self.backend.authenticate(code='foo', state='bar')
         jwt_mock.decode.assert_called_once_with('token', 'example_secret', verify=False)
