def test_handle_no_user(self):
"""
This is a complex functional/integration test, hitting the following:
create_user
identifier_from_data
create_profile
update_profile_from_graph
handle_unauthenticated_user
login_user
persist
"""
class session_like_obj(dict):
# an alternative to http://code.djangoproject.com/ticket/10899
def __init__(self):
dict.__init__(self)
self['_auth_user_id'] = 'notme'
self.flush = lambda: True
self.set_expiry = Mock()
pseudo_session = session_like_obj()
self.request.session = pseudo_session
callback = DefaultFacebookCallback()
user_data = {'name':'new_user','id':'newfacebookid'}
resp = callback.handle_no_user(self.request, self.access, self.token,
user_data)
ident = callback.identifier_from_data(user_data)
expected_user = User.objects.get(username=ident)
# was the expected user created and returned
self.assertEquals(resp,expected_user)
# was the set_expiry method called on the session
# could check expected date also
self.assertTrue(pseudo_session.set_expiry.called)
# check that user data was persisted
assoc_obj = UserAssociation.objects.get(identifier=user_data['id'])
self.assertEquals(self.token.expires, assoc_obj.expires)
def test_update_profile_from_graph(self):
callback = DefaultFacebookCallback()
class DummyProfile(object):
def __init__(self):
self.color = "blue"
profile = DummyProfile()
ret_p = callback.update_profile_from_graph(self.request, self.access,
self.token, profile)
self.assertEquals(ret_p.color,'red')
def post(self, request, format=None):
#return 200 if user is already authenticated
if request.user is not None :
logger.debug("mobileauth invoked with user %s on session" % request.user);
if request.user.is_authenticated():
logger.debug("mobileauth invoked with authenticated user on session");
return Response(None,status=204);
#validate the access token by hitting graph.facebook.com
fbAuthToken = request.DATA['access_token'];
if fbAuthToken is None:
return Response("access_token is missing", status=400);
urlStream = urllib.urlopen("https://graph.facebook.com/me?access_token=%s" % fbAuthToken);
raw_data = urlStream.read();
fbResponseCode = urlStream.getcode();
if fbResponseCode <> 200:
logger.debug("failed to verify access token. response code: %s. message: %s" % (fbResponseCode, raw_data));
return Response("failed to verify access token", status=500);
fbResponse = json.loads(raw_data);
fbUserId = fbResponse['id'];
#let an instance of the LaFacebook default callback handle Django auth
lafbCallback = DefaultFacebookCallback()
existing_user = lafbCallback.lookup_user(None, None, fbResponse);
logger.debug("existing user? %s" % existing_user);
if existing_user is None:
#create user record
access = OAuthAccess()
existing_user = lafbCallback.create_user(request._request, access, OAuth20Token(fbAuthToken), fbResponse);
else:
username = existing_user.username;
logger.debug("query for user %s" % username);
userObj = User.objects.get(username=username);
lafbCallback.login_user(request._request, userObj);
#return success & the user id if everything worked
response = {};
response['id'] = fbResponse['id'];
logger.debug("existing_user %s", existing_user);
authUserPk = existing_user.id;
response['token'] = Token.objects.get(user=existing_user).key;
logger.debug("csrf dict: %s" % csrf.get_token(request));
if existing_user.is_authenticated():
return Response(response, status=200);
else:
return Response("Authentication failed for %s" % fbUserId, status=500);
def test_fectch_user_data(self):
callback = DefaultFacebookCallback()
ud = callback.fetch_user_data(self.request, self.access, 'faketoken')
self.assertEquals(ud['id'], 'facebookid')
def test_lookup_user_does_not_exist(self):
callback = DefaultFacebookCallback()
user = callback.lookup_user(self.request, self.access,{'id':'bad-id'})
self.assertEquals(user,None)
def test_lookup_user_exists(self):
callback = DefaultFacebookCallback()
user = callback.lookup_user(self.request, self.access,{'id':'facebookid'})
self.assertEquals(user, self.test_user)
