def testAuthenticateUserWithOAuthWithMixedCaseInToken(self):
"""
L{FacadeAuthMixin.authenticateUserWithOAuth} ignores the case in the
username in the token.
"""
UserAPI().create([
(u'consumer', u'secret', u'Consumer', u'*****@*****.**'),
(u'user', u'secret', u'User', u'*****@*****.**')])
consumerUser = getUser(u'consumer')
user = getUser(u'user')
api = OAuthConsumerAPI()
consumer = api.register(consumerUser)
token = dataToToken(consumer.secret,
{'username': u'UseR',
'creationTime': '20121228-161823'})
self.store.commit()
timestamp = 1314976811
headers = {'header1': 'foo'}
arguments = 'argument1=bar'
request = Request.from_request('GET', u'https://fluidinfo.com/foo',
headers, {'argument1': 'bar'})
signature = SignatureMethod_HMAC_SHA1().sign(request,
consumer, None)
nonce = 'nonce'
credentials = OAuthCredentials(
'fluidinfo.com', consumerUser.username, token,
'HMAC-SHA1', signature, timestamp, nonce, 'GET',
u'https://fluidinfo.com/foo', headers, arguments)
session = yield self.facade.authenticateUserWithOAuth(credentials)
self.assertEqual(user.username, session.auth.username)
self.assertEqual(user.objectID, session.auth.objectID)
def testRequestAvatarId(self):
"""
L{FacadeOAuthChecker.requestAvatarId} creates a
L{FluidinfoSession} for the authenticated user only if credentials are
correct.
"""
UserAPI().create([(u'consumer', u'secret', u'Consumer',
u'*****@*****.**'),
(u'user', u'secret', u'User', u'*****@*****.**')])
consumerUser = getUser(u'consumer')
user = getUser(u'user')
api = OAuthConsumerAPI()
consumer = api.register(consumerUser)
token = api.getAccessToken(consumerUser, user)
self.store.commit()
timestamp = 1314976811
headers = {'header1': 'foo'}
arguments = 'argument1=bar'
# FIXME This isn't ideal. It'd be better to use a hard-coded
# signature, because then we'd know when something changed. It's hard
# to do that, though, because the encrypted token generated by
# fluiddb.util.minitoken is always different. -jkakar
request = Request.from_request('GET', u'https://fluidinfo.com/foo',
headers, {'argument1': 'bar'})
signature = SignatureMethod_HMAC_SHA1().sign(request, consumer, None)
nonce = 'nonce'
credentials = OAuthCredentials('fluidinfo.com', consumerUser.username,
token.encrypt(), 'HMAC-SHA1', signature,
timestamp, nonce, 'GET',
u'https://fluidinfo.com/foo', headers,
arguments)
session = yield self.checker.requestAvatarId(credentials)
self.assertEqual(user.username, session.auth.username)
self.assertEqual(user.objectID, session.auth.objectID)
def testAuthenticateUserWithOAuth(self):
"""
L{FacadeAuthMixin.authenticateUserWithOAuth} creates a
L{FluidinfoSession} for the authenticated user only if credentials are
correct.
"""
UserAPI().create([
(u'consumer', u'secret', u'Consumer', u'*****@*****.**'),
(u'user', u'secret', u'User', u'*****@*****.**')])
consumerUser = getUser(u'consumer')
user = getUser(u'user')
api = OAuthConsumerAPI()
consumer = api.register(consumerUser)
token = api.getAccessToken(consumerUser, user)
self.store.commit()
timestamp = 1314976811
headers = {'header1': 'foo'}
arguments = 'argument1=bar'
request = Request.from_request('GET', u'https://fluidinfo.com/foo',
headers, {'argument1': 'bar'})
signature = SignatureMethod_HMAC_SHA1().sign(request,
consumer, None)
nonce = 'nonce'
credentials = OAuthCredentials(
'fluidinfo.com', consumerUser.username, token.encrypt(),
'HMAC-SHA1', signature, timestamp, nonce, 'GET',
u'https://fluidinfo.com/foo', headers, arguments)
session = yield self.facade.authenticateUserWithOAuth(credentials)
self.assertEqual(user.username, session.auth.username)
self.assertEqual(user.objectID, session.auth.objectID)
def oauth_request(cyclone_req):
"returns an oauth2.Request object from a cyclone request"
"""
parameters = dict
method = str
url = str
"""
params = {}
for x in cyclone_req.arguments.iterkeys():
params[x] = cyclone_req.arguments[x][0]
ret = Request.from_request(cyclone_req.method, '%s://%s%s' % \
(cyclone_req.protocol, cyclone_req.host, cyclone_req.path),
cyclone_req.headers, params, cyclone_req.query)
return ret
def verifySignature(self, secret):
"""See L{IOAuthCredentials#verifySignature}."""
consumer = Consumer(key=self.consumerKey, secret=secret)
oauthRequest = Request.from_request(
self.method, self.url, headers=self.headers,
query_string=self.arguments)
# verify the request has been oauth authorized, we only support
# HMAC-SHA1, reject OAuth signatures if they use a different method
if self.signatureMethod != 'HMAC-SHA1':
raise NotImplementedError(
'Unknown signature method: %s' % self.signatureMethod)
signatureMethod = SignatureMethod_HMAC_SHA1()
result = signatureMethod.check(oauthRequest, consumer, None,
self.signature)
return result
def verifySignature(self, secret):
"""See L{IOAuthCredentials#verifySignature}."""
consumer = Consumer(key=self.consumerKey, secret=secret)
oauthRequest = Request.from_request(self.method,
self.url,
headers=self.headers,
query_string=self.arguments)
# verify the request has been oauth authorized, we only support
# HMAC-SHA1, reject OAuth signatures if they use a different method
if self.signatureMethod != 'HMAC-SHA1':
raise NotImplementedError('Unknown signature method: %s' %
self.signatureMethod)
signatureMethod = SignatureMethod_HMAC_SHA1()
result = signatureMethod.check(oauthRequest, consumer, None,
self.signature)
return result
def __call__(self, environ, start_response):
try:
try:
#
# Pylons for whatever reason changes the Authorization http parameter to
# HTTP_AUTHORIZATION in environ.
#
if "HTTP_AUTHORIZATION" in environ:
environ['Authorization'] = environ['HTTP_AUTHORIZATION']
self.oauth_request = OAuthRequest.from_request(http_method = environ['REQUEST_METHOD'],
http_url = environ['routes.url'].current(qualified=True) + '?' + environ['QUERY_STRING'],
headers = environ,
query_string = environ['QUERY_STRING'])
except:
pass
return WSGIController.__call__(self, environ, start_response)
finally:
pass
