def test_bearer_token_valid(self, request): user = M.User.by_username('test-admin') consumer_token = M.OAuthConsumerToken( name='foo', description='foo app', ) request_token = M.OAuthRequestToken( consumer_token_id=consumer_token._id, user_id=user._id, callback='manual', validation_pin=h.nonce(20), is_bearer=True, ) access_token = M.OAuthAccessToken( consumer_token_id=consumer_token._id, request_token_id=request_token._id, user_id=user._id, is_bearer=True, ) ThreadLocalODMSession.flush_all() request.headers = {} request.params = {'access_token': access_token.api_key} request.scheme = 'https' r = self.api_post('/rest/p/test/wiki', access_token='foo') assert_equal(r.status_int, 200)
def token(self, username): if self._use_token: return self._use_token # only create token once, else ming gets dupe key error if username not in self._token_cache: user = M.User.query.get(username=username) consumer_token = M.OAuthConsumerToken( name='test-%s' % str(user._id), description='test-app-%s' % str(user._id), user_id=user._id) request_token = M.OAuthRequestToken( consumer_token_id=consumer_token._id, user_id=user._id, callback='manual', validation_pin=h.nonce(20)) token = M.OAuthAccessToken(consumer_token_id=consumer_token._id, request_token_id=request_token._id, user_id=user._id, is_bearer=True) ming.orm.session(consumer_token).flush() ming.orm.session(request_token).flush() ming.orm.session(token).flush() self._token_cache[username] = token return self._token_cache[username]
def test_bearer_token_valid_via_headers(self, request): user = M.User.by_username('test-admin') consumer_token = M.OAuthConsumerToken( name='foo', description='foo app', ) request_token = M.OAuthRequestToken( consumer_token_id=consumer_token._id, user_id=user._id, callback='manual', validation_pin=h.nonce(20), is_bearer=True, ) access_token = M.OAuthAccessToken( consumer_token_id=consumer_token._id, request_token_id=request_token._id, user_id=user._id, is_bearer=True, ) ThreadLocalODMSession.flush_all() token = access_token.api_key request.headers = {'Authorization': 'Bearer {}'.format(token)} request.scheme = 'https' r = self.api_post('/rest/p/test/wiki', access_token='foo', status=200) # reverse proxy situation request.scheme = 'http' request.environ['paste.testing'] = False request.environ['HTTP_X_FORWARDED_PROTOx'] = 'https' r = self.api_post('/rest/p/test/wiki', access_token='foo', status=200)
def test_request_token_valid(self, Request, Server): M.OAuthConsumerToken.consumer = mock.Mock() user = M.User.by_username('test-user') consumer_token = M.OAuthConsumerToken( api_key='api_key', user_id=user._id, ) ThreadLocalORMSession.flush_all() req = Request.from_request.return_value = { 'oauth_consumer_key': 'api_key' } r = self.app.post('/rest/oauth/request_token', params={'key': 'value'}) Request.from_request.assert_called_once_with( 'POST', 'http://localhost/rest/oauth/request_token', headers={ 'Host': 'localhost:80', 'Content-Type': 'application/x-www-form-urlencoded; charset="utf-8"' }, parameters={'key': 'value'}, query_string='') Server().verify_request.assert_called_once_with( req, consumer_token.consumer, None) request_token = M.OAuthRequestToken.query.get( consumer_token_id=consumer_token._id) assert_is_not_none(request_token) assert_equal(r.body, request_token.to_string())
def test_interactive(self, Request, Server): M.OAuthConsumerToken.consumer = mock.Mock() user = M.User.by_username('test-admin') consumer_token = M.OAuthConsumerToken( api_key='api_key', user_id=user._id, description='ctok_desc', ) ThreadLocalORMSession.flush_all() req = Request.from_request.return_value = { 'oauth_consumer_key': 'api_key', 'oauth_callback': 'http://my.domain.com/callback', } r = self.app.post('/rest/oauth/request_token', params={}) rtok = parse_qs(r.body)['oauth_token'][0] r = self.app.post('/rest/oauth/authorize', params={'oauth_token': rtok}) r = r.forms[0].submit('yes') assert r.location.startswith('http://my.domain.com/callback') pin = parse_qs(urlparse(r.location).query)['oauth_verifier'][0] #pin = r.html.find(text=re.compile('^PIN: ')).split()[1] req = Request.from_request.return_value = { 'oauth_consumer_key': 'api_key', 'oauth_token': rtok, 'oauth_verifier': pin, } r = self.app.get('/rest/oauth/access_token') atok = parse_qs(r.body) assert_equal(len(atok['oauth_token']), 1) assert_equal(len(atok['oauth_token_secret']), 1)
def register(self, application_name=None, application_description=None, **kw): M.OAuthConsumerToken(name=application_name, description=application_description) flash('OAuth Application registered') redirect('.')
def test_access_token_no_request(self, Request): req = Request.from_request.return_value = { 'oauth_consumer_key': 'api_key', 'oauth_token': 'api_key', 'oauth_verifier': 'good', } user = M.User.by_username('test-admin') ctok = M.OAuthConsumerToken( api_key='api_key', user_id=user._id, description='ctok_desc', ) ThreadLocalORMSession.flush_all() self.app.get('/rest/oauth/access_token', status=403)
def test_request_token_invalid(self, Request, Server): Server().verify_request.side_effect = ValueError M.OAuthConsumerToken.consumer = mock.Mock() user = M.User.by_username('test-user') consumer_token = M.OAuthConsumerToken( api_key='api_key', user_id=user._id, ) ThreadLocalORMSession.flush_all() req = Request.from_request.return_value = { 'oauth_consumer_key': 'api_key' } r = self.app.post('/rest/oauth/request_token', params={'key': 'value'}, status=403)
def test_authorize_ok(self): user = M.User.by_username('test-admin') ctok = M.OAuthConsumerToken( api_key='api_key', user_id=user._id, description='ctok_desc', ) rtok = M.OAuthRequestToken( api_key='api_key', consumer_token_id=ctok._id, callback='oob', user_id=user._id, ) ThreadLocalORMSession.flush_all() r = self.app.post('/rest/oauth/authorize', params={'oauth_token': 'api_key'}) assert_in('ctok_desc', r.body) assert_in('api_key', r.body)
def test_do_authorize_oob(self): user = M.User.by_username('test-admin') ctok = M.OAuthConsumerToken( api_key='api_key', user_id=user._id, description='ctok_desc', ) rtok = M.OAuthRequestToken( api_key='api_key', consumer_token_id=ctok._id, callback='oob', user_id=user._id, ) ThreadLocalORMSession.flush_all() r = self.app.get('/rest/oauth/do_authorize', params={ 'yes': '1', 'oauth_token': 'api_key' }) assert_is_not_none(r.html.find(text=re.compile('^PIN: ')))
def test_do_authorize_no(self): user = M.User.by_username('test-admin') ctok = M.OAuthConsumerToken( api_key='api_key', user_id=user._id, description='ctok_desc', ) rtok = M.OAuthRequestToken( api_key='api_key', consumer_token_id=ctok._id, callback='oob', user_id=user._id, ) ThreadLocalORMSession.flush_all() r = self.app.get('/rest/oauth/do_authorize', params={ 'no': '1', 'oauth_token': 'api_key' }) assert_is_none(M.OAuthRequestToken.query.get(api_key='api_key'))
def test_access_token_bad_pin(self, Request): req = Request.from_request.return_value = { 'oauth_consumer_key': 'api_key', 'oauth_token': 'api_key', 'oauth_verifier': 'bad', } user = M.User.by_username('test-admin') ctok = M.OAuthConsumerToken( api_key='api_key', user_id=user._id, description='ctok_desc', ) rtok = M.OAuthRequestToken( api_key='api_key', consumer_token_id=ctok._id, callback='http://my.domain.com/callback?myparam=foo', user_id=user._id, validation_pin='good', ) ThreadLocalORMSession.flush_all() self.app.get('/rest/oauth/access_token', status=403)
def test_do_authorize_cb(self): user = M.User.by_username('test-admin') ctok = M.OAuthConsumerToken( api_key='api_key', user_id=user._id, description='ctok_desc', ) rtok = M.OAuthRequestToken( api_key='api_key', consumer_token_id=ctok._id, callback='http://my.domain.com/callback', user_id=user._id, ) ThreadLocalORMSession.flush_all() r = self.app.get('/rest/oauth/do_authorize', params={ 'yes': '1', 'oauth_token': 'api_key' }) assert r.location.startswith( 'http://my.domain.com/callback?oauth_token=api_key&oauth_verifier=' )
def test_access_token_ok(self, Request, Server): req = Request.from_request.return_value = { 'oauth_consumer_key': 'api_key', 'oauth_token': 'api_key', 'oauth_verifier': 'good', } user = M.User.by_username('test-admin') ctok = M.OAuthConsumerToken( api_key='api_key', user_id=user._id, description='ctok_desc', ) rtok = M.OAuthRequestToken( api_key='api_key', consumer_token_id=ctok._id, callback='http://my.domain.com/callback?myparam=foo', user_id=user._id, validation_pin='good', ) ThreadLocalORMSession.flush_all() r = self.app.get('/rest/oauth/access_token') atok = parse_qs(r.body) assert_equal(len(atok['oauth_token']), 1) assert_equal(len(atok['oauth_token_secret']), 1)