added success test case

changed order of positional arguments

Author: IamMayankThakur

CHANGELOG.md

@@ -8,6 +8,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [unreleased]
 
+## [0.16.4] - 2023-10-05
+
 - Add `validate_access_token` function to providers
     - This can be used to verify the access token received from providers.
     - Implemented `validate_access_token` for the Github provider.

supertokens_python/recipe/thirdparty/provider.py

@@ -173,15 +173,15 @@ def __init__(
                 Awaitable[None],
             ]
         ] = None,
+        generate_fake_email: Optional[
+            Callable[[str, str, Dict[str, Any]], Awaitable[str]]
+        ] = None,
         validate_access_token: Optional[
             Callable[
                 [str, ProviderConfigForClient, Dict[str, Any]],
                 Awaitable[None],
             ]
         ] = None,
-        generate_fake_email: Optional[
-            Callable[[str, str, Dict[str, Any]], Awaitable[str]]
-        ] = None,
     ):
         self.third_party_id = third_party_id
         self.name = name
@@ -289,8 +289,8 @@ def __init__(
             user_info_map,
             require_email,
             validate_id_token_payload,
-            validate_access_token,
             generate_fake_email,
+            validate_access_token,
         )
 
     def to_json(self) -> Dict[str, Any]:
@@ -349,8 +349,8 @@ def __init__(
             user_info_map,
             require_email,
             validate_id_token_payload,
-            validate_access_token,
             generate_fake_email,
+            validate_access_token,
         )
         self.clients = clients
 

supertokens_python/recipe/thirdparty/providers/custom.py

@@ -403,7 +403,12 @@ async def get_user_info(
                     user_context,
                 )
 
-        if access_token is not None and self.config.token_endpoint is not None:
+        if self.config.validate_access_token is not None and access_token is not None:
+            await self.config.validate_access_token(
+                access_token, self.config, user_context
+            )
+
+        if access_token is not None and self.config.user_info_endpoint is not None:
             headers: Dict[str, str] = {"Authorization": f"Bearer {access_token}"}
             query_params: Dict[str, str] = {}
 
@@ -422,11 +427,6 @@ async def get_user_info(
                     self.config.user_info_endpoint, query_params, headers
                 )
 
-        if self.config.validate_access_token is not None and access_token is not None:
-            await self.config.validate_access_token(
-                access_token, self.config, user_context
-            )
-
         user_info_result = get_supertokens_user_info_result_from_raw_user_info(
             self.config, raw_user_info_from_provider
         )

supertokens_python/recipe/thirdparty/providers/github.py

@@ -14,12 +14,12 @@
 from __future__ import annotations
 
 import base64
-import json
 from typing import Any, Dict, List, Optional
 
-import requests
-
-from supertokens_python.recipe.thirdparty.providers.utils import do_get_request
+from supertokens_python.recipe.thirdparty.providers.utils import (
+    do_get_request,
+    do_post_request,
+)
 from supertokens_python.recipe.thirdparty.types import UserInfo, UserInfoEmail
 
 from .custom import GenericProvider, NewProvider
@@ -95,14 +95,11 @@ async def validate_access_token(
         "Authorization": f"Basic {basic_auth_token}",
         "Content-Type": "application/json",
     }
-    payload = json.dumps({"access_token": access_token})
-
-    resp = requests.post(url, headers=headers, data=payload)
 
-    if resp.status_code != 200:
+    try:
+        body = await do_post_request(url, {"access_token": access_token}, headers)
+    except Exception:
         raise ValueError("Invalid access token")
 
-    body = resp.json()
-
-    if "app" not in body or body["app"]["client_id"] != config.client_id:
+    if "app" not in body or body["app"].get("client_id") != config.client_id:
         raise ValueError("Access token does not belong to your application")

tests/thirdparty/test_thirdparty.py

@@ -6,6 +6,7 @@
 import respx
 from fastapi import FastAPI
 from pytest import fixture, mark
+from pytest_mock import MockerFixture
 from starlette.testclient import TestClient
 
 from supertokens_python import init
@@ -106,18 +107,6 @@ async def exchange_auth_code_for_valid_oauth_tokens(  # pylint: disable=unused-a
     }
 
 
-async def get_user_info(  # pylint: disable=unused-argument
-    oauth_tokens: Dict[str, Any],
-    user_context: Dict[str, Any],
-) -> UserInfo:
-    time = str(datetime.datetime.now())
-    return UserInfo(
-        "" + time,
-        UserInfoEmail(f"johndoeprovidertest+{time}@supertokens.com", True),
-        RawUserInfoFromProvider({}, {}),
-    )
-
-
 async def exchange_auth_code_for_invalid_oauth_tokens(  # pylint: disable=unused-argument
     redirect_uri_info: RedirectUriInfo,
     user_context: Dict[str, Any],
@@ -139,7 +128,6 @@ def get_custom_valid_token_provider(provider: Provider) -> Provider:
     provider.exchange_auth_code_for_oauth_tokens = (
         exchange_auth_code_for_valid_oauth_tokens
     )
-    provider.get_user_info = get_user_info
     return provider
 
 
@@ -153,7 +141,9 @@ async def invalid_access_token(  # pylint: disable=unused-argument
 
 
 async def valid_access_token(  # pylint: disable=unused-argument
-    access_token: str, config: ProviderConfig, user_context: Optional[Dict[str, Any]]
+    access_token: str,
+    config: ProviderConfigForClient,
+    user_context: Optional[Dict[str, Any]],
 ):
     if access_token == "accesstoken":
         return
@@ -210,53 +200,66 @@ async def test_signinup_when_validate_access_token_throws(fastapi_client: TestCl
     assert res.status_code == 500
 
 
-# async def test_signinup_works_when_validate_access_token_does_not_throw(fastapi_client: TestClient):
-#     st_init_args = {
-#         **st_init_common_args,
-#         "recipe_list": [
-#             session.init(),
-#             thirdpartyemailpassword.init(
-#                 providers=[
-#                     ProviderInput(
-#                         config=ProviderConfig(
-#                             third_party_id="custom",
-#                             clients=[
-#                                 ProviderClientConfig(
-#                                     client_id="test",
-#                                     client_secret="test-secret",
-#                                     scope=["profile", "email"],
-#                                 ),
-#                             ],
-#                             authorization_endpoint="https://example.com/oauth/authorize",
-#                             validate_access_token=valid_access_token,
-#                             authorization_endpoint_query_params={
-#                                 "response_type": "token",  # Changing an existing parameter
-#                                 "response_mode": "form",  # Adding a new parameter
-#                                 "scope": None,  # Removing a parameter
-#                             },
-#                             token_endpoint="https://example.com/oauth/token",
-#                         ),
-#                         override=get_custom_valid_token_provider
-#                     )
-#                 ]
-#             ),
-#         ],
-#     }
-#
-#     init(**st_init_args)  # type: ignore
-#     start_st()
-#
-#     res = fastapi_client.post(
-#         "/auth/signinup",
-#         json={
-#             "thirdPartyId": "custom",
-#             "redirectURIInfo": {
-#                 "redirectURIOnProviderDashboard": "http://127.0.0.1/callback",
-#                 "redirectURIQueryParams": {
-#                     "code": "abcdefghj",
-#                 },
-#             },
-#         }
-#     )
-#     assert res.status_code == 200
-#     assert res.json()["status"] == "OK"
+async def test_signinup_works_when_validate_access_token_does_not_throw(
+    fastapi_client: TestClient, mocker: MockerFixture
+):
+    time = str(datetime.datetime.now())
+    mocker.patch(
+        "supertokens_python.recipe.thirdparty.providers.custom.get_supertokens_user_info_result_from_raw_user_info",
+        return_value=UserInfo(
+            "" + time,
+            UserInfoEmail(f"johndoeprovidertest+{time}@supertokens.com", True),
+            RawUserInfoFromProvider({}, {}),
+        ),
+    )
+
+    st_init_args = {
+        **st_init_common_args,
+        "recipe_list": [
+            session.init(),
+            thirdpartyemailpassword.init(
+                providers=[
+                    ProviderInput(
+                        config=ProviderConfig(
+                            third_party_id="custom",
+                            clients=[
+                                ProviderClientConfig(
+                                    client_id="test",
+                                    client_secret="test-secret",
+                                    scope=["profile", "email"],
+                                ),
+                            ],
+                            authorization_endpoint="https://example.com/oauth/authorize",
+                            validate_access_token=valid_access_token,
+                            authorization_endpoint_query_params={
+                                "response_type": "token",  # Changing an existing parameter
+                                "response_mode": "form",  # Adding a new parameter
+                                "scope": None,  # Removing a parameter
+                            },
+                            token_endpoint="https://example.com/oauth/token",
+                        ),
+                        override=get_custom_valid_token_provider,
+                    )
+                ]
+            ),
+        ],
+    }
+
+    init(**st_init_args)  # type: ignore
+    start_st()
+
+    res = fastapi_client.post(
+        "/auth/signinup",
+        json={
+            "thirdPartyId": "custom",
+            "redirectURIInfo": {
+                "redirectURIOnProviderDashboard": "http://127.0.0.1/callback",
+                "redirectURIQueryParams": {
+                    "code": "abcdefghj",
+                },
+            },
+        },
+    )
+
+    assert res.status_code == 200
+    assert res.json()["status"] == "OK"