def setUp(self): self.validator = MagicMock(spec=RequestValidator) self.validator.allowed_signature_methods = ['HMAC-SHA1'] self.validator.timestamp_lifetime = 600 self.endpoint = RequestTokenEndpoint(self.validator) self.client = Client('foo', callback_uri='https://c.b/cb') self.uri, self.headers, self.body = self.client.sign( 'https://i.b/request_token')
def setUp(self): self.validator = MagicMock(spec=RequestValidator) self.validator.allowed_signature_methods = ['HMAC-SHA1'] self.validator.timestamp_lifetime = 600 self.endpoint = RequestTokenEndpoint(self.validator) self.client = Client('foo', callback_uri='https://c.b/cb') self.uri, self.headers, self.body = self.client.sign( 'https://i.b/request_token')
def setUp(self): self.validator = MagicMock(wraps=RequestValidator()) self.validator.check_client_key.return_value = True self.validator.allowed_signature_methods = ['HMAC-SHA1'] self.validator.get_client_secret.return_value = 'bar' self.validator.get_default_realms.return_value = ['foo'] self.validator.timestamp_lifetime = 600 self.validator.check_realms.return_value = True self.validator.validate_client_key.return_value = True self.validator.validate_requested_realms.return_value = True self.validator.validate_redirect_uri.return_value = True self.validator.validate_timestamp_and_nonce.return_value = True self.validator.dummy_client = 'dummy' self.validator.dummy_secret = 'dummy' self.validator.save_request_token = MagicMock() self.endpoint = RequestTokenEndpoint(self.validator) self.client = Client('foo', client_secret='bar', realm='foo', callback_uri='https://c.b/cb') self.uri, self.headers, self.body = self.client.sign( 'https://i.b/request_token')
def setUp(self): self.validator = MagicMock(wraps=RequestValidator()) self.validator.check_client_key.return_value = True self.validator.allowed_signature_methods = ["HMAC-SHA1"] self.validator.get_client_secret.return_value = "bar" self.validator.get_default_realms.return_value = ["foo"] self.validator.timestamp_lifetime = 600 self.validator.check_realm.return_value = True self.validator.validate_client_key.return_value = True self.validator.validate_requested_realm.return_value = True self.validator.validate_redirect_uri.return_value = True self.validator.validate_timestamp_and_nonce.return_value = True self.validator.dummy_client = "dummy" self.validator.dummy_secret = "dummy" self.validator.save_request_token = MagicMock() self.endpoint = RequestTokenEndpoint(self.validator) self.client = Client("foo", client_secret="bar", realm="foo", callback_uri="https://c.b/cb") self.uri, self.headers, self.body = self.client.sign("https://i.b/request_token")
class RequestTokenEndpointTest(TestCase): def setUp(self): self.validator = MagicMock(wraps=RequestValidator()) self.validator.check_client_key.return_value = True self.validator.allowed_signature_methods = ['HMAC-SHA1'] self.validator.get_client_secret.return_value = 'bar' self.validator.get_default_realms.return_value = ['foo'] self.validator.timestamp_lifetime = 600 self.validator.check_realms.return_value = True self.validator.validate_client_key.return_value = True self.validator.validate_requested_realms.return_value = True self.validator.validate_redirect_uri.return_value = True self.validator.validate_timestamp_and_nonce.return_value = True self.validator.dummy_client = 'dummy' self.validator.dummy_secret = 'dummy' self.validator.save_request_token = MagicMock() self.endpoint = RequestTokenEndpoint(self.validator) self.client = Client('foo', client_secret='bar', realm='foo', callback_uri='https://c.b/cb') self.uri, self.headers, self.body = self.client.sign( 'https://i.b/request_token') def test_check_redirect_uri(self): client = Client('foo') uri, headers, _ = client.sign(self.uri) h, b, s = self.endpoint.create_request_token_response( uri, headers=headers) self.assertEqual(s, 400) self.assertIn('invalid_request', b) def test_check_realms(self): self.validator.check_realms.return_value = False h, b, s = self.endpoint.create_request_token_response( self.uri, headers=self.headers) self.assertEqual(s, 400) self.assertIn('invalid_request', b) def test_validate_client_key(self): self.validator.validate_client_key.return_value = False h, b, s = self.endpoint.create_request_token_response( self.uri, headers=self.headers) self.assertEqual(s, 401) def test_validate_realms(self): self.validator.validate_requested_realms.return_value = False h, b, s = self.endpoint.create_request_token_response( self.uri, headers=self.headers) self.assertEqual(s, 401) def test_validate_redirect_uri(self): self.validator.validate_redirect_uri.return_value = False h, b, s = self.endpoint.create_request_token_response( self.uri, headers=self.headers) self.assertEqual(s, 401) def test_validate_signature(self): client = Client('foo', callback_uri='https://c.b/cb') _, headers, _ = client.sign(self.uri + '/extra') h, b, s = self.endpoint.create_request_token_response( self.uri, headers=headers) self.assertEqual(s, 401) def test_valid_request(self): h, b, s = self.endpoint.create_request_token_response( self.uri, headers=self.headers) self.assertEqual(s, 200) self.assertIn('oauth_token', b) self.validator.validate_timestamp_and_nonce.assert_called_once_with( self.client.client_key, ANY, ANY, ANY, request_token=self.client.resource_owner_key) def test_uri_provided_realm(self): client = Client('foo', callback_uri='https://c.b/cb', client_secret='bar') uri = self.uri + '?realm=foo' _, headers, _ = client.sign(uri) h, b, s = self.endpoint.create_request_token_response( uri, headers=headers) self.assertEqual(s, 200) self.assertIn('oauth_token', b)
class BaseEndpointTest(TestCase): def setUp(self): self.validator = MagicMock(spec=RequestValidator) self.validator.allowed_signature_methods = ['HMAC-SHA1'] self.validator.timestamp_lifetime = 600 self.endpoint = RequestTokenEndpoint(self.validator) self.client = Client('foo', callback_uri='https://c.b/cb') self.uri, self.headers, self.body = self.client.sign( 'https://i.b/request_token') def test_ssl_enforcement(self): uri, headers, _ = self.client.sign('http://i.b/request_token') h, b, s = self.endpoint.create_request_token_response(uri, headers=headers) self.assertEqual(s, 400) self.assertIn('insecure_transport_protocol', b) def test_missing_parameters(self): h, b, s = self.endpoint.create_request_token_response(self.uri) self.assertEqual(s, 400) self.assertIn('invalid_request', b) def test_signature_methods(self): headers = {} headers['Authorization'] = self.headers['Authorization'].replace( 'HMAC', 'RSA') h, b, s = self.endpoint.create_request_token_response(self.uri, headers=headers) self.assertEqual(s, 400) self.assertIn('invalid_signature_method', b) def test_invalid_version(self): headers = {} headers['Authorization'] = self.headers['Authorization'].replace( '1.0', '2.0') h, b, s = self.endpoint.create_request_token_response(self.uri, headers=headers) self.assertEqual(s, 400) self.assertIn('invalid_request', b) def test_expired_timestamp(self): headers = {} for pattern in ('12345678901', '4567890123', '123456789K'): headers['Authorization'] = sub(r'timestamp="\d*k?"', 'timestamp="%s"' % pattern, self.headers['Authorization']) h, b, s = self.endpoint.create_request_token_response( self.uri, headers=headers) self.assertEqual(s, 400) self.assertIn('invalid_request', b) def test_client_key_check(self): self.validator.check_client_key.return_value = False h, b, s = self.endpoint.create_request_token_response( self.uri, headers=self.headers) self.assertEqual(s, 400) self.assertIn('invalid_request', b) def test_noncecheck(self): self.validator.check_nonce.return_value = False h, b, s = self.endpoint.create_request_token_response( self.uri, headers=self.headers) self.assertEqual(s, 400) self.assertIn('invalid_request', b) def test_enforce_ssl(self): """Ensure SSL is enforced by default.""" v = RequestValidator() e = BaseEndpoint(v) c = Client('foo') u, h, b = c.sign('http://example.com') r = e._create_request(u, 'GET', b, h) self.assertRaises(errors.InsecureTransportError, e._check_transport_security, r) def test_multiple_source_params(self): """Check for duplicate params""" v = RequestValidator() e = BaseEndpoint(v) self.assertRaises(errors.InvalidRequestError, e._create_request, 'https://a.b/?oauth_signature_method=HMAC-SHA1', 'GET', 'oauth_version=foo', URLENCODED) headers = {'Authorization': 'OAuth oauth_signature="foo"'} headers.update(URLENCODED) self.assertRaises(errors.InvalidRequestError, e._create_request, 'https://a.b/?oauth_signature_method=HMAC-SHA1', 'GET', 'oauth_version=foo', headers) headers = {'Authorization': 'OAuth oauth_signature_method="foo"'} headers.update(URLENCODED) self.assertRaises(errors.InvalidRequestError, e._create_request, 'https://a.b/', 'GET', 'oauth_signature=foo', headers) def test_duplicate_params(self): """Ensure params are only supplied once""" v = RequestValidator() e = BaseEndpoint(v) self.assertRaises(errors.InvalidRequestError, e._create_request, 'https://a.b/?oauth_version=a&oauth_version=b', 'GET', None, URLENCODED) self.assertRaises(errors.InvalidRequestError, e._create_request, 'https://a.b/', 'GET', 'oauth_version=a&oauth_version=b', URLENCODED) def test_mandated_params(self): """Ensure all mandatory params are present.""" v = RequestValidator() e = BaseEndpoint(v) r = e._create_request( 'https://a.b/', 'GET', 'oauth_signature=a&oauth_consumer_key=b&oauth_nonce', URLENCODED) self.assertRaises(errors.InvalidRequestError, e._check_mandatory_parameters, r) def test_oauth_version(self): """OAuth version must be 1.0 if present.""" v = RequestValidator() e = BaseEndpoint(v) r = e._create_request( 'https://a.b/', 'GET', ('oauth_signature=a&oauth_consumer_key=b&oauth_nonce=c&' 'oauth_timestamp=a&oauth_signature_method=RSA-SHA1&' 'oauth_version=2.0'), URLENCODED) self.assertRaises(errors.InvalidRequestError, e._check_mandatory_parameters, r) def test_oauth_timestamp(self): """Check for a valid UNIX timestamp.""" v = RequestValidator() e = BaseEndpoint(v) # Invalid timestamp length, must be 10 r = e._create_request( 'https://a.b/', 'GET', ('oauth_signature=a&oauth_consumer_key=b&oauth_nonce=c&' 'oauth_version=1.0&oauth_signature_method=RSA-SHA1&' 'oauth_timestamp=123456789'), URLENCODED) self.assertRaises(errors.InvalidRequestError, e._check_mandatory_parameters, r) # Invalid timestamp age, must be younger than 10 minutes r = e._create_request( 'https://a.b/', 'GET', ('oauth_signature=a&oauth_consumer_key=b&oauth_nonce=c&' 'oauth_version=1.0&oauth_signature_method=RSA-SHA1&' 'oauth_timestamp=1234567890'), URLENCODED) self.assertRaises(errors.InvalidRequestError, e._check_mandatory_parameters, r) # Timestamp must be an integer r = e._create_request( 'https://a.b/', 'GET', ('oauth_signature=a&oauth_consumer_key=b&oauth_nonce=c&' 'oauth_version=1.0&oauth_signature_method=RSA-SHA1&' 'oauth_timestamp=123456789a'), URLENCODED) self.assertRaises(errors.InvalidRequestError, e._check_mandatory_parameters, r) def test_case_insensitive_headers(self): """Ensure headers are case-insensitive""" v = RequestValidator() e = BaseEndpoint(v) r = e._create_request( 'https://a.b', 'POST', ('oauth_signature=a&oauth_consumer_key=b&oauth_nonce=c&' 'oauth_version=1.0&oauth_signature_method=RSA-SHA1&' 'oauth_timestamp=123456789a'), URLENCODED) self.assertIsInstance(r.headers, CaseInsensitiveDict) def test_signature_method_validation(self): """Ensure valid signature method is used.""" body = ('oauth_signature=a&oauth_consumer_key=b&oauth_nonce=c&' 'oauth_version=1.0&oauth_signature_method=%s&' 'oauth_timestamp=1234567890') uri = 'https://example.com/' class HMACValidator(RequestValidator): @property def allowed_signature_methods(self): return (SIGNATURE_HMAC, ) v = HMACValidator() e = BaseEndpoint(v) r = e._create_request(uri, 'GET', body % 'RSA-SHA1', URLENCODED) self.assertRaises(errors.InvalidSignatureMethodError, e._check_mandatory_parameters, r) r = e._create_request(uri, 'GET', body % 'PLAINTEXT', URLENCODED) self.assertRaises(errors.InvalidSignatureMethodError, e._check_mandatory_parameters, r) r = e._create_request(uri, 'GET', body % 'shibboleth', URLENCODED) self.assertRaises(errors.InvalidSignatureMethodError, e._check_mandatory_parameters, r) class RSAValidator(RequestValidator): @property def allowed_signature_methods(self): return (SIGNATURE_RSA, ) v = RSAValidator() e = BaseEndpoint(v) r = e._create_request(uri, 'GET', body % 'HMAC-SHA1', URLENCODED) self.assertRaises(errors.InvalidSignatureMethodError, e._check_mandatory_parameters, r) r = e._create_request(uri, 'GET', body % 'PLAINTEXT', URLENCODED) self.assertRaises(errors.InvalidSignatureMethodError, e._check_mandatory_parameters, r) r = e._create_request(uri, 'GET', body % 'shibboleth', URLENCODED) self.assertRaises(errors.InvalidSignatureMethodError, e._check_mandatory_parameters, r) class PlainValidator(RequestValidator): @property def allowed_signature_methods(self): return (SIGNATURE_PLAINTEXT, ) v = PlainValidator() e = BaseEndpoint(v) r = e._create_request(uri, 'GET', body % 'HMAC-SHA1', URLENCODED) self.assertRaises(errors.InvalidSignatureMethodError, e._check_mandatory_parameters, r) r = e._create_request(uri, 'GET', body % 'RSA-SHA1', URLENCODED) self.assertRaises(errors.InvalidSignatureMethodError, e._check_mandatory_parameters, r) r = e._create_request(uri, 'GET', body % 'shibboleth', URLENCODED) self.assertRaises(errors.InvalidSignatureMethodError, e._check_mandatory_parameters, r)
class BaseEndpointTest(TestCase): def setUp(self): self.validator = MagicMock(spec=RequestValidator) self.validator.allowed_signature_methods = ['HMAC-SHA1'] self.validator.timestamp_lifetime = 600 self.endpoint = RequestTokenEndpoint(self.validator) self.client = Client('foo', callback_uri='https://c.b/cb') self.uri, self.headers, self.body = self.client.sign( 'https://i.b/request_token') def test_ssl_enforcement(self): uri, headers, _ = self.client.sign('http://i.b/request_token') h, b, s = self.endpoint.create_request_token_response( uri, headers=headers) self.assertEqual(s, 400) self.assertIn('insecure_transport_protocol', b) def test_missing_parameters(self): h, b, s = self.endpoint.create_request_token_response(self.uri) self.assertEqual(s, 400) self.assertIn('invalid_request', b) def test_signature_methods(self): headers = {} headers['Authorization'] = self.headers['Authorization'].replace( 'HMAC', 'RSA') h, b, s = self.endpoint.create_request_token_response( self.uri, headers=headers) self.assertEqual(s, 400) self.assertIn('invalid_signature_method', b) def test_invalid_version(self): headers = {} headers['Authorization'] = self.headers['Authorization'].replace( '1.0', '2.0') h, b, s = self.endpoint.create_request_token_response( self.uri, headers=headers) self.assertEqual(s, 400) self.assertIn('invalid_request', b) def test_expired_timestamp(self): headers = {} for pattern in ('12345678901', '4567890123', '123456789K'): headers['Authorization'] = sub('timestamp="\d*k?"', 'timestamp="%s"' % pattern, self.headers['Authorization']) h, b, s = self.endpoint.create_request_token_response( self.uri, headers=headers) self.assertEqual(s, 400) self.assertIn('invalid_request', b) def test_client_key_check(self): self.validator.check_client_key.return_value = False h, b, s = self.endpoint.create_request_token_response( self.uri, headers=self.headers) self.assertEqual(s, 400) self.assertIn('invalid_request', b) def test_noncecheck(self): self.validator.check_nonce.return_value = False h, b, s = self.endpoint.create_request_token_response( self.uri, headers=self.headers) self.assertEqual(s, 400) self.assertIn('invalid_request', b) def test_enforce_ssl(self): """Ensure SSL is enforced by default.""" v = RequestValidator() e = BaseEndpoint(v) c = Client('foo') u, h, b = c.sign('http://example.com') r = e._create_request(u, 'GET', b, h) self.assertRaises(errors.InsecureTransportError, e._check_transport_security, r) def test_multiple_source_params(self): """Check for duplicate params""" v = RequestValidator() e = BaseEndpoint(v) self.assertRaises(errors.InvalidRequestError, e._create_request, 'https://a.b/?oauth_signature_method=HMAC-SHA1', 'GET', 'oauth_version=foo', URLENCODED) headers = {'Authorization': 'OAuth oauth_signature="foo"'} headers.update(URLENCODED) self.assertRaises(errors.InvalidRequestError, e._create_request, 'https://a.b/?oauth_signature_method=HMAC-SHA1', 'GET', 'oauth_version=foo', headers) headers = {'Authorization': 'OAuth oauth_signature_method="foo"'} headers.update(URLENCODED) self.assertRaises(errors.InvalidRequestError, e._create_request, 'https://a.b/', 'GET', 'oauth_signature=foo', headers) def test_duplicate_params(self): """Ensure params are only supplied once""" v = RequestValidator() e = BaseEndpoint(v) self.assertRaises(errors.InvalidRequestError, e._create_request, 'https://a.b/?oauth_version=a&oauth_version=b', 'GET', None, URLENCODED) self.assertRaises(errors.InvalidRequestError, e._create_request, 'https://a.b/', 'GET', 'oauth_version=a&oauth_version=b', URLENCODED) def test_mandated_params(self): """Ensure all mandatory params are present.""" v = RequestValidator() e = BaseEndpoint(v) r = e._create_request('https://a.b/', 'GET', 'oauth_signature=a&oauth_consumer_key=b&oauth_nonce', URLENCODED) self.assertRaises(errors.InvalidRequestError, e._check_mandatory_parameters, r) def test_oauth_version(self): """OAuth version must be 1.0 if present.""" v = RequestValidator() e = BaseEndpoint(v) r = e._create_request('https://a.b/', 'GET', ('oauth_signature=a&oauth_consumer_key=b&oauth_nonce=c&' 'oauth_timestamp=a&oauth_signature_method=RSA-SHA1&' 'oauth_version=2.0'), URLENCODED) self.assertRaises(errors.InvalidRequestError, e._check_mandatory_parameters, r) def test_oauth_timestamp(self): """Check for a valid UNIX timestamp.""" v = RequestValidator() e = BaseEndpoint(v) # Invalid timestamp length, must be 10 r = e._create_request('https://a.b/', 'GET', ('oauth_signature=a&oauth_consumer_key=b&oauth_nonce=c&' 'oauth_version=1.0&oauth_signature_method=RSA-SHA1&' 'oauth_timestamp=123456789'), URLENCODED) self.assertRaises(errors.InvalidRequestError, e._check_mandatory_parameters, r) # Invalid timestamp age, must be younger than 10 minutes r = e._create_request('https://a.b/', 'GET', ('oauth_signature=a&oauth_consumer_key=b&oauth_nonce=c&' 'oauth_version=1.0&oauth_signature_method=RSA-SHA1&' 'oauth_timestamp=1234567890'), URLENCODED) self.assertRaises(errors.InvalidRequestError, e._check_mandatory_parameters, r) # Timestamp must be an integer r = e._create_request('https://a.b/', 'GET', ('oauth_signature=a&oauth_consumer_key=b&oauth_nonce=c&' 'oauth_version=1.0&oauth_signature_method=RSA-SHA1&' 'oauth_timestamp=123456789a'), URLENCODED) self.assertRaises(errors.InvalidRequestError, e._check_mandatory_parameters, r) def test_signature_method_validation(self): """Ensure valid signature method is used.""" body = ('oauth_signature=a&oauth_consumer_key=b&oauth_nonce=c&' 'oauth_version=1.0&oauth_signature_method=%s&' 'oauth_timestamp=1234567890') uri = 'https://example.com/' class HMACValidator(RequestValidator): @property def allowed_signature_methods(self): return (SIGNATURE_HMAC,) v = HMACValidator() e = BaseEndpoint(v) r = e._create_request(uri, 'GET', body % 'RSA-SHA1', URLENCODED) self.assertRaises(errors.InvalidSignatureMethodError, e._check_mandatory_parameters, r) r = e._create_request(uri, 'GET', body % 'PLAINTEXT', URLENCODED) self.assertRaises(errors.InvalidSignatureMethodError, e._check_mandatory_parameters, r) r = e._create_request(uri, 'GET', body % 'shibboleth', URLENCODED) self.assertRaises(errors.InvalidSignatureMethodError, e._check_mandatory_parameters, r) class RSAValidator(RequestValidator): @property def allowed_signature_methods(self): return (SIGNATURE_RSA,) v = RSAValidator() e = BaseEndpoint(v) r = e._create_request(uri, 'GET', body % 'HMAC-SHA1', URLENCODED) self.assertRaises(errors.InvalidSignatureMethodError, e._check_mandatory_parameters, r) r = e._create_request(uri, 'GET', body % 'PLAINTEXT', URLENCODED) self.assertRaises(errors.InvalidSignatureMethodError, e._check_mandatory_parameters, r) r = e._create_request(uri, 'GET', body % 'shibboleth', URLENCODED) self.assertRaises(errors.InvalidSignatureMethodError, e._check_mandatory_parameters, r) class PlainValidator(RequestValidator): @property def allowed_signature_methods(self): return (SIGNATURE_PLAINTEXT,) v = PlainValidator() e = BaseEndpoint(v) r = e._create_request(uri, 'GET', body % 'HMAC-SHA1', URLENCODED) self.assertRaises(errors.InvalidSignatureMethodError, e._check_mandatory_parameters, r) r = e._create_request(uri, 'GET', body % 'RSA-SHA1', URLENCODED) self.assertRaises(errors.InvalidSignatureMethodError, e._check_mandatory_parameters, r) r = e._create_request(uri, 'GET', body % 'shibboleth', URLENCODED) self.assertRaises(errors.InvalidSignatureMethodError, e._check_mandatory_parameters, r)
class RequestTokenEndpointTest(TestCase): def setUp(self): self.validator = MagicMock(wraps=RequestValidator()) self.validator.check_client_key.return_value = True self.validator.allowed_signature_methods = ["HMAC-SHA1"] self.validator.get_client_secret.return_value = "bar" self.validator.get_default_realms.return_value = ["foo"] self.validator.timestamp_lifetime = 600 self.validator.check_realm.return_value = True self.validator.validate_client_key.return_value = True self.validator.validate_requested_realm.return_value = True self.validator.validate_redirect_uri.return_value = True self.validator.validate_timestamp_and_nonce.return_value = True self.validator.dummy_client = "dummy" self.validator.dummy_secret = "dummy" self.validator.save_request_token = MagicMock() self.endpoint = RequestTokenEndpoint(self.validator) self.client = Client("foo", client_secret="bar", realm="foo", callback_uri="https://c.b/cb") self.uri, self.headers, self.body = self.client.sign("https://i.b/request_token") def test_check_redirect_uri(self): client = Client("foo") uri, headers, _ = client.sign(self.uri) u, h, b, s = self.endpoint.create_request_token_response(uri, headers=headers) self.assertEqual(s, 400) self.assertIn("invalid_request", b) def test_check_realm(self): self.validator.check_realm.return_value = False u, h, b, s = self.endpoint.create_request_token_response(self.uri, headers=self.headers) self.assertEqual(s, 400) self.assertIn("invalid_request", b) def test_validate_client_key(self): self.validator.validate_client_key.return_value = False u, h, b, s = self.endpoint.create_request_token_response(self.uri, headers=self.headers) self.assertEqual(s, 401) def test_validate_realm(self): self.validator.validate_requested_realm.return_value = False u, h, b, s = self.endpoint.create_request_token_response(self.uri, headers=self.headers) self.assertEqual(s, 401) def test_validate_redirect_uri(self): self.validator.validate_redirect_uri.return_value = False u, h, b, s = self.endpoint.create_request_token_response(self.uri, headers=self.headers) self.assertEqual(s, 401) def test_validate_signature(self): client = Client("foo", callback_uri="https://c.b/cb") _, headers, _ = client.sign(self.uri + "/extra") u, h, b, s = self.endpoint.create_request_token_response(self.uri, headers=headers) self.assertEqual(s, 401) def test_valid_request(self): u, h, b, s = self.endpoint.create_request_token_response(self.uri, headers=self.headers) self.assertEqual(s, 200) self.assertIn("oauth_token", b) def test_uri_provided_realm(self): client = Client("foo", callback_uri="https://c.b/cb", client_secret="bar") uri = self.uri + "?realm=foo" _, headers, _ = client.sign(uri) u, h, b, s = self.endpoint.create_request_token_response(uri, headers=headers) self.assertEqual(s, 200) self.assertIn("oauth_token", b)