def __init__(self, test_case, username, password, consumer):
self.SERVER_NAME = 'testserver'
self.consumer = consumer
self.test_case = test_case
# Much of this method comes straight from Piston's unit tests
# TODO: Fix copyright, then!
oaconsumer = oauth.OAuthConsumer(self.consumer.key,
self.consumer.secret)
# Callback URL
c_url = 'http://printer.example.com/request_token_ready'
# Get a request key...
url = 'http://' + self.SERVER_NAME + '/oauth/request_token/'
request = oauth.OAuthRequest.from_consumer_and_token(
oaconsumer, http_url=url, parameters={"oauth_callback": c_url})
request.sign_request(self.signature_method, oaconsumer, None)
response = test_case.client.get('/oauth/request_token/',
request.parameters)
oatoken = oauth.OAuthToken.from_string(response.content)
token = Token.objects.get(key=oatoken.key, token_type=Token.REQUEST)
test_case.assertEqual(token.secret, oatoken.secret)
# Simulate user authentication...
test_case.failUnless(
test_case.client.login(username=username, password=password))
url = 'http://' + self.SERVER_NAME + '/oauth/authenticate/'
request = oauth.OAuthRequest.from_token_and_callback(token=oatoken,
http_url=url)
request.sign_request(self.signature_method, oaconsumer, oatoken)
# Faking form submission seems to not work, so approve token manually
# This normally happens in piston.store.authorize_request_token
token.is_approved = True
token.verifier = generate_random(VERIFIER_SIZE)
token.user = User.objects.get(username=username)
token.save()
# Normally the oauth_verifier is transmitted with the callback to the
# consumer, which does not happen here. Get the verifier directly from
# the database instead.
oaverifier = token.verifier
# Obtain access token...
url = 'http://' + self.SERVER_NAME + '/oauth/access_token/'
request = oauth.OAuthRequest.from_consumer_and_token(
oaconsumer, token=oatoken, verifier=oaverifier, http_url=url)
request.sign_request(self.signature_method, oaconsumer, oatoken)
response = test_case.client.get('/oauth/access_token/',
request.parameters)
oa_atoken = oauth.OAuthToken.from_string(response.content)
atoken = Token.objects.get(key=oa_atoken.key, token_type=Token.ACCESS)
test_case.assertEqual(atoken.secret, oa_atoken.secret)
self.oa_atoken = oa_atoken
def build_request(self, abs_uri, method, parameters={}):
url = 'http://' + self.SERVER_NAME + abs_uri
oaconsumer = oauth.OAuthConsumer(self.consumer.key,
self.consumer.secret)
request = oauth.OAuthRequest.from_consumer_and_token(
oaconsumer,
token=self.oa_atoken,
http_url=url,
http_method=method,
parameters=parameters)
request.sign_request(self.signature_method, oaconsumer, self.oa_atoken)
return request
def test_handshake(self):
'''Test the OAuth handshake procedure
'''
oaconsumer = oauth.OAuthConsumer(self.consumer.key,
self.consumer.secret)
# Get a request key...
request = oauth.OAuthRequest.from_consumer_and_token(
oaconsumer, http_url='http://testserver/api/oauth/request_token')
request.sign_request(self.signature_method, oaconsumer, None)
response = self.client.get('/api/oauth/request_token',
request.parameters)
oatoken = oauth.OAuthToken.from_string(response.content)
token = Token.objects.get(key=oatoken.key, token_type=Token.REQUEST)
self.assertEqual(token.secret, oatoken.secret)
# Simulate user authentication...
self.failUnless(self.client.login(username='******', password='******'))
request = oauth.OAuthRequest.from_token_and_callback(
token=oatoken,
callback='http://printer.example.com/request_token_ready',
http_url='http://testserver/api/oauth/authorize')
request.sign_request(self.signature_method, oaconsumer, oatoken)
# Request the login page
# TODO: Parse the response to make sure all the fields exist
# response = self.client.get('/api/oauth/authorize', {
# 'oauth_token': oatoken.key,
# 'oauth_callback': 'http://printer.example.com/request_token_ready',
# })
response = self.client.post(
'/api/oauth/authorize', {
'oauth_token':
oatoken.key,
'oauth_callback':
'http://printer.example.com/request_token_ready',
'csrf_signature':
OAuthAuthenticationForm.get_csrf_signature(
settings.SECRET_KEY, oatoken.key),
'authorize_access':
1,
})
# Response should be a redirect...
self.assertEqual(302, response.status_code)
self.failUnless(response['Location'].startswith(
"http://printer.example.com/request_token_ready?"))
self.failUnless(('oauth_token=' + oatoken.key in response['Location']))
def do_oauth_request(self, url, parameters={}, http_method='POST'):
oaconsumer = oauth.OAuthConsumer(self.consumer.key,
self.consumer.secret)
request = oauth.OAuthRequest.from_consumer_and_token(
oaconsumer,
http_method=http_method,
token=self.oa_atoken,
http_url='http://testserver%s' % url)
request.parameters.update(parameters)
request.sign_request(self.signature_method, oaconsumer, self.oa_atoken)
if http_method == 'POST':
response = self.client.post(url, request.parameters)
else:
response = self.client.get(url, request.parameters)
return response
def handshake(self, ssl=False):
'''Test the OAuth handshake procedure
'''
oaconsumer = oauth.OAuthConsumer(self.consumer.key,
self.consumer.secret)
# Get a request key...
request = oauth.OAuthRequest.from_consumer_and_token(
oaconsumer, http_url='http://testserver/api/oauth/request_token')
request.sign_request(self.signature_method, oaconsumer, None)
response = self.client.get('/api/oauth/request_token',
request.parameters)
oatoken = oauth.OAuthToken.from_string(response.content)
token = Token.objects.get(key=oatoken.key, token_type=Token.REQUEST)
self.assertEqual(token.secret, oatoken.secret)
# Simulate user authentication...
self.failUnless(self.client.login(username='******', password='******'))
request = oauth.OAuthRequest.from_token_and_callback(
token=oatoken,
callback='http://printer.example.com/request_token_ready',
http_url='http://testserver/api/oauth/authorize')
request.sign_request(self.signature_method, oaconsumer, oatoken)
# Request the login page
# TODO: Parse the response to make sure all the fields exist
response = self.client.get(
'/api/oauth/authorize', {
'oauth_token': oatoken.key,
'oauth_callback':
'http://printer.example.com/request_token_ready',
})
response = self.client.post(
'/api/oauth/authorize', {
'oauth_token':
oatoken.key,
'oauth_callback':
'http://printer.example.com/request_token_ready',
'csrf_signature':
OAuthAuthenticationForm.get_csrf_signature(
settings.SECRET_KEY, oatoken.key),
'authorize_access':
1,
})
redirect_to = response['Location']
query_string = urllib.splitquery(redirect_to)[1]
data = dict(cgi.parse_qsl(query_string))
verifier = data['oauth_verifier']
returned_token = data['oauth_token']
# Response should be a redirect...
self.assertEqual(302, response.status_code)
self.failUnless(
redirect_to.startswith(
"http://printer.example.com/request_token_ready?"))
self.assertEqual(oatoken.key, returned_token)
#response = self.client.get(redirect_to)
oatoken.set_verifier(verifier)
# Obtain access token...
protocol = 'http'
port = '80'
if ssl:
protocol = 'https'
port = '443'
request = oauth.OAuthRequest.from_consumer_and_token(
oaconsumer,
token=oatoken,
verifier=verifier,
http_url='%s://testserver:%s/api/oauth/access_token' %
(protocol, port))
request.sign_request(self.signature_method, oaconsumer, oatoken)
extra = {}
if ssl:
extra['wsgi.url_scheme'] = 'https'
extra['SERVER_PORT'] = '443'
response = self.client.get('/api/oauth/access_token',
request.parameters, **extra)
oa_atoken = oauth.OAuthToken.from_string(response.content)
atoken = Token.objects.get(key=oa_atoken.key, token_type=Token.ACCESS)
self.assertEqual(atoken.secret, oa_atoken.secret)
def __init__(self, consumer, token):
self.token = oauth.OAuthToken(token.key, token.secret)
self.consumer = oauth.OAuthConsumer(consumer.key, consumer.secret)
self.signature = oauth.OAuthSignatureMethod_HMAC_SHA1()
super(OAuthClient, self).__init__()