Skip to content

Commit 198814e

Browse files
maxxiefjvmaxxiefjv
committed
add plaintext and false code_verifier test
1 parent 5258c4e commit 198814e

1 file changed

Lines changed: 21 additions & 2 deletions

File tree

tests/pyop/test_provider.py

Lines changed: 21 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -332,6 +332,20 @@ def test_pkce_code_exchange_request(self):
332332
assert response['access_token'] in self.provider.authz_state.access_tokens
333333
assert_id_token_base_claims(response['id_token'], self.provider.signing_key, self.provider,
334334
self.authn_request_args)
335+
336+
@patch('time.time', MOCK_TIME)
337+
def test_pkce_code_exchange_request_plaintext(self):
338+
self.authorization_code_exchange_request_args['code'] = self.create_authz_code(
339+
{
340+
"code_challenge": "SoOEDN-mZKNhw7Mc52VXxyiqTvFB3mod36MwPru253c",
341+
"code_challenge_method": "plain"
342+
}
343+
)
344+
self.authorization_code_exchange_request_args['code_verifier'] = "SoOEDN-mZKNhw7Mc52VXxyiqTvFB3mod36MwPru253c"
345+
response = self.provider._do_code_exchange(self.authorization_code_exchange_request_args, None)
346+
assert response['access_token'] in self.provider.authz_state.access_tokens
347+
assert_id_token_base_claims(response['id_token'], self.provider.signing_key, self.provider,
348+
self.authn_request_args)
335349
@patch('time.time', MOCK_TIME)
336350
def test_code_exchange_request_with_claims_requested_in_id_token(self):
337351
claims_req = {'claims': ClaimsRequest(id_token=Claims(email=None))}
@@ -389,8 +403,13 @@ def test_handle_token_request_reject_missing_grant_type(self):
389403
self.provider.handle_token_request(urlencode(self.authorization_code_exchange_request_args))
390404

391405
def test_handle_token_request_reject_invalid_code_verifier(self):
392-
del self.authorization_code_exchange_request_args['grant_type']
393-
self.authorization_code_exchange_request_args['code'] = self.create_authz_code()
406+
self.authorization_code_exchange_request_args['code'] = self.create_authz_code(
407+
{
408+
"code_challenge": "_1f8tFjAtu6D1Df-GOyDPoMjCJdEvaSWsnqR6SLpzsw=",
409+
"code_challenge_method": "S256"
410+
}
411+
)
412+
self.authorization_code_exchange_request_args['code_verifier'] = "ThiS Cer_tainly Ain't Valid"
394413
with pytest.raises(InvalidTokenRequest):
395414
self.provider.handle_token_request(urlencode(self.authorization_code_exchange_request_args))
396415

0 commit comments

Comments
 (0)