Merge pull request #404 from keillera/ALIS-4775

ALIS-4775: Add parameter of tokenAuthMethod to oauth application.

Author: hayago

src/handlers/me/applications/create/me_applications_create.py

@@ -31,6 +31,7 @@ def exec_main_proc(self):
             'clientName': self.params['name'],
             'description': self.params.get('description'),
             'applicationType': self.params['application_type'],
+            'tokenAuthMethod': self.__get_token_auth_method(self.params['application_type']),
             'clientType': self.__get_client_type_from_application_type(self.params['application_type']),
             'developer': self.event['requestContext']['authorizer']['claims']['cognito:username'],
             'redirectUris': self.params['redirect_urls'],
@@ -61,3 +62,11 @@ def __get_client_type_from_application_type(self, application_type):
             return 'PUBLIC'
         else:
             raise ValueError('Invalid application_type')
+
+    def __get_token_auth_method(self, application_type):
+        if application_type == 'WEB':
+            return 'CLIENT_SECRET_BASIC'
+        elif application_type == 'NATIVE':
+            return 'NONE'
+        else:
+            raise ValueError('Invalid application_type')

tests/handlers/me/applications/create/test_me_applications_create.py

@@ -20,7 +20,7 @@ def tearDown(self):
         pass
 
     @responses.activate
-    def test_main_ok(self):
+    def test_main_ok_type_web(self):
         params = {
             'body': {
                 'name': 'あ' * 80,
@@ -51,6 +51,43 @@ def test_main_ok(self):
 
         self.assertEqual(response['statusCode'], 200)
         self.assertEqual(json.loads(response['body']), {"developer": "matsumatsu20"})
+        self.assertEqual('CONFIDENTIAL', json.loads(responses.calls[0].request.body).get('clientType'))
+        self.assertEqual('CLIENT_SECRET_BASIC', json.loads(responses.calls[0].request.body).get('tokenAuthMethod'))
+
+    @responses.activate
+    def test_main_ok_type_native(self):
+        params = {
+            'body': {
+                'name': 'あ' * 80,
+                'description': 'A' * 180,
+                'application_type': 'NATIVE',
+                'redirect_urls': ['http://example.com/1', 'http://example.com/2',
+                                  'http://example.com/3', 'http://example.com/4', 'http://example.com/5']
+            },
+            'requestContext': {
+                'authorizer': {
+                    'claims': {
+                        'cognito:username': 'user01',
+                        'phone_number_verified': 'true',
+                        'email_verified': 'true'
+                    }
+                }
+            }
+        }
+
+        params['body'] = json.dumps(params['body'])
+
+        responses.add(responses.POST, settings.AUTHLETE_CLIENT_ENDPOINT + '/create',
+                      json={"developer": "matsumatsu20"}, status=200)
+
+        response = MeApplicationsCreate(params, {}).main()
+
+        logging.fatal(response)
+
+        self.assertEqual(response['statusCode'], 200)
+        self.assertEqual(json.loads(response['body']), {"developer": "matsumatsu20"})
+        self.assertEqual('PUBLIC', json.loads(responses.calls[0].request.body).get('clientType'))
+        self.assertEqual('NONE', json.loads(responses.calls[0].request.body).get('tokenAuthMethod'))
 
     @patch('requests.post', MagicMock(side_effect=requests.exceptions.RequestException()))
     def test_main_with_exception(self):