Merge branch 'refactor-token-cache-test-cases' into dev

Author: rayluo

tests/test_application.py

@@ -5,7 +5,7 @@
 import msal
 from msal.application import _merge_claims_challenge_and_capabilities
 from tests import unittest
-from tests.test_token_cache import TokenCacheTestCase
+from tests.test_token_cache import build_id_token, build_response
 from tests.http_client import MinimalHttpClient, MinimalResponse
 from msal.telemetry import CLIENT_CURRENT_TELEMETRY, CLIENT_LAST_TELEMETRY
 
@@ -66,7 +66,7 @@ def setUp(self):
             "client_id": self.client_id,
             "scope": self.scopes,
             "token_endpoint": "{}/oauth2/v2.0/token".format(self.authority_url),
-            "response": TokenCacheTestCase.build_response(
+            "response": build_response(
                 access_token="an expired AT to trigger refresh", expires_in=-99,
                 uid=self.uid, utid=self.utid, refresh_token=self.rt),
             })  # The add(...) helper populates correct home_account_id for future searching
@@ -125,9 +125,9 @@ def setUp(self):
             "client_id": self.preexisting_family_app_id,
             "scope": self.scopes,
             "token_endpoint": "{}/oauth2/v2.0/token".format(self.authority_url),
-            "response": TokenCacheTestCase.build_response(
+            "response": build_response(
                 access_token="Siblings won't share AT. test_remove_account() will.",
-                id_token=TokenCacheTestCase.build_id_token(aud=self.preexisting_family_app_id),
+                id_token=build_id_token(aud=self.preexisting_family_app_id),
                 uid=self.uid, utid=self.utid, refresh_token=self.frt, foci="1"),
             })  # The add(...) helper populates correct home_account_id for future searching
 
@@ -153,8 +153,7 @@ def test_known_orphan_app_will_skip_frt_and_only_use_its_own_rt(self):
             "client_id": app.client_id,
             "scope": self.scopes,
             "token_endpoint": "{}/oauth2/v2.0/token".format(self.authority_url),
-            "response": TokenCacheTestCase.build_response(
-                uid=self.uid, utid=self.utid, refresh_token=rt),
+            "response": build_response(uid=self.uid, utid=self.utid, refresh_token=rt),
             })
         logger.debug("%s.cache = %s", self.id(), self.cache.serialize())
         def tester(url, data=None, **kwargs):
@@ -168,7 +167,7 @@ def tester(url, data=None, **kwargs):
             self.assertEqual(
                 self.frt, data.get("refresh_token"), "Should attempt the FRT")
             return MinimalResponse(
-                status_code=200, text=json.dumps(TokenCacheTestCase.build_response(
+                status_code=200, text=json.dumps(build_response(
                     uid=self.uid, utid=self.utid, foci="1", access_token="at")))
         app = ClientApplication(
             "unknown_family_app", authority=self.authority_url, token_cache=self.cache)
@@ -246,7 +245,7 @@ def setUp(self):
             "scope": self.scopes,
             "token_endpoint": "https://{}/common/oauth2/v2.0/token".format(
                 self.environment_in_cache),
-            "response": TokenCacheTestCase.build_response(
+            "response": build_response(
                 uid=uid, utid=utid,
                 access_token=self.access_token, refresh_token="some refresh token"),
         })  # The add(...) helper populates correct home_account_id for future searching
@@ -342,7 +341,7 @@ def populate_cache(self, access_token="at", expires_in=86400, refresh_in=43200):
             "client_id": self.client_id,
             "scope": self.scopes,
             "token_endpoint": "{}/oauth2/v2.0/token".format(self.authority_url),
-            "response": TokenCacheTestCase.build_response(
+            "response": build_response(
                 access_token=access_token,
                 expires_in=expires_in, refresh_in=refresh_in,
                 uid=self.uid, utid=self.utid, refresh_token=self.rt),
@@ -424,7 +423,7 @@ def populate_cache(self, cache, access_token="at"):
             "client_id": self.client_id,
             "scope": self.scopes,
             "token_endpoint": "{}/oauth2/v2.0/token".format(self.authority_url),
-            "response": TokenCacheTestCase.build_response(
+            "response": build_response(
                 access_token=access_token,
                 uid=self.uid, utid=self.utid, refresh_token=self.rt),
             })
@@ -571,9 +570,9 @@ def test_get_accounts(self):
                 "scope": scopes,
                 "token_endpoint":
                     "https://{}/{}/oauth2/v2.0/token".format(environment, tenant),
-                "response": TokenCacheTestCase.build_response(
+                "response": build_response(
                     uid=uid, utid=utid, access_token="at", refresh_token="rt",
-                    id_token=TokenCacheTestCase.build_id_token(
+                    id_token=build_id_token(
                         aud=client_id,
                         sub="oid_in_" + tenant,
                         preferred_username=username,

tests/test_token_cache.py

@@ -11,52 +11,56 @@
 logging.basicConfig(level=logging.DEBUG)
 
 
-class TokenCacheTestCase(unittest.TestCase):
+# NOTE: These helpers were once implemented as static methods in TokenCacheTestCase.
+#       That would cause other test files' "from ... import TokenCacheTestCase"
+#       to re-run all test cases in this file.
+#       Now we avoid that, by defining these helpers in module level.
+def build_id_token(
+        iss="issuer", sub="subject", aud="my_client_id", exp=None, iat=None,
+        **claims):  # AAD issues "preferred_username", ADFS issues "upn"
+    return "header.%s.signature" % base64.b64encode(json.dumps(dict({
+        "iss": iss,
+        "sub": sub,
+        "aud": aud,
+        "exp": exp or (time.time() + 100),
+        "iat": iat or time.time(),
+        }, **claims)).encode()).decode('utf-8')
+
 
-    @staticmethod
-    def build_id_token(
-            iss="issuer", sub="subject", aud="my_client_id", exp=None, iat=None,
-            **claims):  # AAD issues "preferred_username", ADFS issues "upn"
-        return "header.%s.signature" % base64.b64encode(json.dumps(dict({
-            "iss": iss,
-            "sub": sub,
-            "aud": aud,
-            "exp": exp or (time.time() + 100),
-            "iat": iat or time.time(),
-            }, **claims)).encode()).decode('utf-8')
+def build_response(  # simulate a response from AAD
+        uid=None, utid=None,  # If present, they will form client_info
+        access_token=None, expires_in=3600, token_type="some type",
+        **kwargs  # Pass-through: refresh_token, foci, id_token, error, refresh_in, ...
+        ):
+    response = {}
+    if uid and utid:  # Mimic the AAD behavior for "client_info=1" request
+        response["client_info"] = base64.b64encode(json.dumps({
+            "uid": uid, "utid": utid,
+            }).encode()).decode('utf-8')
+    if access_token:
+        response.update({
+            "access_token": access_token,
+            "expires_in": expires_in,
+            "token_type": token_type,
+            })
+    response.update(kwargs)  # Pass-through key-value pairs as top-level fields
+    return response
 
-    @staticmethod
-    def build_response(  # simulate a response from AAD
-            uid=None, utid=None,  # If present, they will form client_info
-            access_token=None, expires_in=3600, token_type="some type",
-            **kwargs  # Pass-through: refresh_token, foci, id_token, error, refresh_in, ...
-            ):
-        response = {}
-        if uid and utid:  # Mimic the AAD behavior for "client_info=1" request
-            response["client_info"] = base64.b64encode(json.dumps({
-                "uid": uid, "utid": utid,
-                }).encode()).decode('utf-8')
-        if access_token:
-            response.update({
-                "access_token": access_token,
-                "expires_in": expires_in,
-                "token_type": token_type,
-                })
-        response.update(kwargs)  # Pass-through key-value pairs as top-level fields
-        return response
+
+class TokenCacheTestCase(unittest.TestCase):
 
     def setUp(self):
         self.cache = TokenCache()
 
     def testAddByAad(self):
         client_id = "my_client_id"
-        id_token = self.build_id_token(
+        id_token = build_id_token(
             oid="object1234", preferred_username="John Doe", aud=client_id)
         self.cache.add({
             "client_id": client_id,
             "scope": ["s2", "s1", "s3"],  # Not in particular order
             "token_endpoint": "https://login.example.com/contoso/v2/token",
-            "response": self.build_response(
+            "response": build_response(
                 uid="uid", utid="utid",  # client_info
                 expires_in=3600, access_token="an access token",
                 id_token=id_token, refresh_token="a refresh token"),
@@ -125,12 +129,12 @@ def testAddByAad(self):
 
     def testAddByAdfs(self):
         client_id = "my_client_id"
-        id_token = self.build_id_token(aud=client_id, upn="[email protected]")
+        id_token = build_id_token(aud=client_id, upn="[email protected]")
         self.cache.add({
             "client_id": client_id,
             "scope": ["s2", "s1", "s3"],  # Not in particular order
             "token_endpoint": "https://fs.msidlab8.com/adfs/oauth2/token",
-            "response": self.build_response(
+            "response": build_response(
                 uid=None, utid=None,  # ADFS will provide no client_info
                 expires_in=3600, access_token="an access token",
                 id_token=id_token, refresh_token="a refresh token"),
@@ -204,7 +208,7 @@ def test_key_id_is_also_recorded(self):
             "client_id": "my_client_id",
             "scope": ["s2", "s1", "s3"],  # Not in particular order
             "token_endpoint": "https://login.example.com/contoso/v2/token",
-            "response": self.build_response(
+            "response": build_response(
                 uid="uid", utid="utid",  # client_info
                 expires_in=3600, access_token="an access token",
                 refresh_token="a refresh token"),
@@ -219,7 +223,7 @@ def test_refresh_in_should_be_recorded_as_refresh_on(self):  # Sounds weird. Yep
             "client_id": "my_client_id",
             "scope": ["s2", "s1", "s3"],  # Not in particular order
             "token_endpoint": "https://login.example.com/contoso/v2/token",
-            "response": self.build_response(
+            "response": build_response(
                 uid="uid", utid="utid",  # client_info
                 expires_in=3600, refresh_in=1800, access_token="an access token",
                 ),  #refresh_token="a refresh token"),