def run():
if not request.isSecure() and not getDevelopmentMode():
raise TBadRequest(
'/users/<username>/verify requests must use HTTPS')
dictionary = registry.checkRequest(usage, request)
user = cachingGetUser(self.username.decode('utf-8'))
if not user:
raise TNoSuchUser(self.username)
password = dictionary['password']
if checkPassword(password, user.passwordHash):
# FIXME Hard-coding the 'anon' consumer here isn't great,
# but for now it means we don't have to change the public
# API. -jkakar
api = OAuthConsumerAPI()
consumer = cachingGetUser(u'anon')
accessToken = api.getAccessToken(consumer, user)
renewalToken = api.getRenewalToken(consumer, user)
return {'accessToken': accessToken.encrypt(),
'fullname': user.fullname,
'renewalToken': renewalToken.encrypt(),
'role': str(user.role),
'valid': True}
else:
return {'valid': False}
def testAuthenticateOAuthWithIncorrectSignature(self):
"""
L{OAuthConsumerAPI.authenticate} raises an L{AuthenticationError}
exception if the signature in the L{OAuthCredentials} is incorrect.
"""
UserAPI().create([
(u'consumer', u'secret', u'Consumer', u'*****@*****.**'),
(u'user', u'secret', u'User', u'*****@*****.**')])
consumerUser = getUser(u'consumer')
user = getUser(u'user')
api = OAuthConsumerAPI()
consumer = api.register(consumerUser, secret='abyOTsAfo9MVN0qz')
timestamp = 1314976811
headers = {'header1': 'foo'}
arguments = 'argument1=bar'
oauthEchoSecret = getConfig().get('oauth', 'access-secret')
token = dataToToken(oauthEchoSecret + consumer.secret,
{'username': user.username,
'creationTime': '2012-12-28 16:18:23'})
signature = 'wrong'
nonce = 'nonce'
credentials = OAuthCredentials(
'fluidinfo.com', consumerUser.username, token, 'HMAC-SHA1',
signature, timestamp, nonce, 'GET', u'https://fluidinfo.com/foo',
headers, arguments)
self.assertRaises(AuthenticationError, api.authenticate, credentials)
def testRequestAvatarId(self):
"""
L{FacadeOAuthChecker.requestAvatarId} creates a
L{FluidinfoSession} for the authenticated user only if credentials are
correct.
"""
UserAPI().create([(u'consumer', u'secret', u'Consumer',
u'*****@*****.**'),
(u'user', u'secret', u'User', u'*****@*****.**')])
consumerUser = getUser(u'consumer')
user = getUser(u'user')
api = OAuthConsumerAPI()
consumer = api.register(consumerUser)
token = api.getAccessToken(consumerUser, user)
self.store.commit()
timestamp = 1314976811
headers = {'header1': 'foo'}
arguments = 'argument1=bar'
# FIXME This isn't ideal. It'd be better to use a hard-coded
# signature, because then we'd know when something changed. It's hard
# to do that, though, because the encrypted token generated by
# fluiddb.util.minitoken is always different. -jkakar
request = Request.from_request('GET', u'https://fluidinfo.com/foo',
headers, {'argument1': 'bar'})
signature = SignatureMethod_HMAC_SHA1().sign(request, consumer, None)
nonce = 'nonce'
credentials = OAuthCredentials('fluidinfo.com', consumerUser.username,
token.encrypt(), 'HMAC-SHA1', signature,
timestamp, nonce, 'GET',
u'https://fluidinfo.com/foo', headers,
arguments)
session = yield self.checker.requestAvatarId(credentials)
self.assertEqual(user.username, session.auth.username)
self.assertEqual(user.objectID, session.auth.objectID)
def testAuthenticateUserWithOAuthIncorrectSignature(self):
"""
L{FacadeAuthMixin.authenticateUserWithOAuth} raises a
L{TPasswordIncorrect} exception if the signature in the OAuth
credentials is incorrect.
"""
UserAPI().create([
(u'consumer', u'secret', u'Consumer', u'*****@*****.**'),
(u'user', u'secret', u'User', u'*****@*****.**')])
consumerUser = getUser(u'consumer')
user = getUser(u'user')
api = OAuthConsumerAPI()
api.register(consumerUser)
token = api.getAccessToken(consumerUser, user)
self.store.commit()
timestamp = 1314976811
headers = {'header1': 'foo'}
arguments = 'argument1=bar'
signature = 'wrong'
nonce = 'nonce'
credentials = OAuthCredentials(
'fluidinfo.com', user.username, token.encrypt(), u'HMAC-SHA1',
signature, timestamp, nonce, 'GET', 'https://fluidinfo.com/foo',
headers, arguments)
deferred = self.facade.authenticateUserWithOAuth(credentials)
return self.assertFailure(deferred, TPasswordIncorrect)
def testAuthenticateOAuthWithInvalidToken(self):
"""
L{OAuthConsumerAPI.authenticate} raises an L{AuthenticationError}
exception if the token in the L{OAuthCredentials} is invalid.
"""
UserAPI().create([(u'user1', u'secret1', u'User1',
u'*****@*****.**')])
user1 = getUser(u'user1')
# NOTE This second user is not used, but it's created anyway to make
# sure that the environment is the same as the other tests, but this
# time the test will only fail because of an invalid token.
# This is here to avoid regressions.
UserAPI().create([(u'user2', u'secret2', u'User2',
u'*****@*****.**')])
oauthConsumerAPI = OAuthConsumerAPI()
oauthConsumerAPI.register(user1, secret='abyOTsAfo9MVN0qz')
timestamp = 1314976811
headers = {'header1': 'foo'}
arguments = 'argument1=bar'
token = 'invalid'
signature = 'wrong'
nonce = 'nonce'
credentials = OAuthCredentials(
'fluidinfo.com', user1.username, token, 'HMAC-SHA1', signature,
timestamp, nonce, 'GET', u'https://fluidinfo.com/foo', headers,
arguments)
self.assertRaises(AuthenticationError, oauthConsumerAPI.authenticate,
credentials)
def testAuthenticateUserWithOAuthWithMixedCaseInToken(self):
"""
L{FacadeAuthMixin.authenticateUserWithOAuth} ignores the case in the
username in the token.
"""
UserAPI().create([
(u'consumer', u'secret', u'Consumer', u'*****@*****.**'),
(u'user', u'secret', u'User', u'*****@*****.**')])
consumerUser = getUser(u'consumer')
user = getUser(u'user')
api = OAuthConsumerAPI()
consumer = api.register(consumerUser)
token = dataToToken(consumer.secret,
{'username': u'UseR',
'creationTime': '20121228-161823'})
self.store.commit()
timestamp = 1314976811
headers = {'header1': 'foo'}
arguments = 'argument1=bar'
request = Request.from_request('GET', u'https://fluidinfo.com/foo',
headers, {'argument1': 'bar'})
signature = SignatureMethod_HMAC_SHA1().sign(request,
consumer, None)
nonce = 'nonce'
credentials = OAuthCredentials(
'fluidinfo.com', consumerUser.username, token,
'HMAC-SHA1', signature, timestamp, nonce, 'GET',
u'https://fluidinfo.com/foo', headers, arguments)
session = yield self.facade.authenticateUserWithOAuth(credentials)
self.assertEqual(user.username, session.auth.username)
self.assertEqual(user.objectID, session.auth.objectID)
def testAuthenticateUserWithOAuth(self):
"""
L{FacadeAuthMixin.authenticateUserWithOAuth} creates a
L{FluidinfoSession} for the authenticated user only if credentials are
correct.
"""
UserAPI().create([
(u'consumer', u'secret', u'Consumer', u'*****@*****.**'),
(u'user', u'secret', u'User', u'*****@*****.**')])
consumerUser = getUser(u'consumer')
user = getUser(u'user')
api = OAuthConsumerAPI()
consumer = api.register(consumerUser)
token = api.getAccessToken(consumerUser, user)
self.store.commit()
timestamp = 1314976811
headers = {'header1': 'foo'}
arguments = 'argument1=bar'
request = Request.from_request('GET', u'https://fluidinfo.com/foo',
headers, {'argument1': 'bar'})
signature = SignatureMethod_HMAC_SHA1().sign(request,
consumer, None)
nonce = 'nonce'
credentials = OAuthCredentials(
'fluidinfo.com', consumerUser.username, token.encrypt(),
'HMAC-SHA1', signature, timestamp, nonce, 'GET',
u'https://fluidinfo.com/foo', headers, arguments)
session = yield self.facade.authenticateUserWithOAuth(credentials)
self.assertEqual(user.username, session.auth.username)
self.assertEqual(user.objectID, session.auth.objectID)
def testAuthenticateOAuthWithUnknownUser(self):
"""
L{OAuthConsumerAPI.authenticate} raises a L{UnknownUserError} exception
if the user in the L{OAuthCredentials} token doesn't exist.
"""
UserAPI().create([(u'user1', u'secret1', u'User1',
u'*****@*****.**')])
user1 = getUser(u'user1')
oauthConsumerAPI = OAuthConsumerAPI()
consumer = oauthConsumerAPI.register(user1, secret='abyOTsAfo9MVN0qz')
timestamp = 1314976811
headers = {'header1': 'foo'}
arguments = 'argument1=bar'
oauthEchoSecret = getConfig().get('oauth', 'access-secret')
token = dataToToken(oauthEchoSecret + consumer.secret,
{'username': '******'})
signature = 'Sno1ocDhYv9vwJnEJATE3cmUvSo='
nonce = 'nonce'
credentials = OAuthCredentials(
'fluidinfo.com', user1.username, token, 'HMAC-SHA1', signature,
timestamp, nonce, 'GET', u'https://fluidinfo.com/foo', headers,
arguments)
self.assertRaises(UnknownUserError, oauthConsumerAPI.authenticate,
credentials)
def testAuthenticateOAuth(self):
"""
L{OAuthConsumerAPI.authenticate} returns the L{User} when passed valid
L{OAuthCredentials}. In the case of OAuth Echo, and in the case of
this test, a consumer makes a request using a token that grants it
access to act on behalf of a particular user.
"""
UserAPI().create([(u'consumer', u'password', u'Consumer',
u'*****@*****.**')])
UserAPI().create([(u'user', u'secret', u'User', u'*****@*****.**')])
consumer = getUser(u'consumer')
user = getUser(u'user')
api = OAuthConsumerAPI()
api.register(consumer, secret='abyOTsAfo9MVN0qz')
token = api.getAccessToken(consumer, user)
timestamp = 1314976811
headers = {'header1': 'foo'}
arguments = 'argument1=bar'
signature = 'Sno1ocDhYv9vwJnEJATE3cmUvSo='
nonce = 'nonce'
credentials = OAuthCredentials(
'fluidinfo.com', consumer.username, token.encrypt(), 'HMAC-SHA1',
signature, timestamp, nonce, 'GET', u'https://fluidinfo.com/foo',
headers, arguments)
self.assertIdentical(user, api.authenticate(credentials))
def testRenderWithExpiredRenewalToken(self):
"""
An C{UNAUTHORIZED} HTTP status code is returned if an expired
L{OAuthRenewalToken} is used in a renewal request.
"""
UserAPI().create(
[(u'consumer', 'secret', u'Consumer', u'*****@*****.**'),
(u'user', 'secret', u'User', u'*****@*****.**')])
consumer = getUser(u'consumer')
user = getUser(u'consumer')
api = OAuthConsumerAPI()
api.register(consumer)
creationTime = datetime.utcnow() - timedelta(hours=200)
token = api.getRenewalToken(consumer, user, now=lambda: creationTime)
self.store.commit()
headers = {'X-FluidDB-Renewal-Token': [token.encrypt()]}
request = FakeRequest(headers=Headers(headers))
with login(u'consumer', consumer.objectID, self.transact) as session:
resource = RenewOAuthTokenResource(session)
self.assertEqual(NOT_DONE_YET, resource.render_GET(request))
yield resource.deferred
headers = dict(request.responseHeaders.getAllRawHeaders())
self.assertEqual(
{'X-Fluiddb-Error-Class': ['ExpiredOAuth2RenewalToken'],
'X-Fluiddb-Username': ['consumer'],
'X-Fluiddb-Request-Id': [session.id]},
headers)
self.assertEqual(UNAUTHORIZED, request.code)
def testRenewToken(self):
"""
L{SecureOAuthConsumerAPI.renewToken} generates a new
L{OAuthRenewalToken} and L{OAuthAccessToken}, given a valid
L{OAuthRenewalToken}.
"""
UserAPI().create([
(u'consumer', u'secret', u'Consumer', u'*****@*****.**'),
(u'user', u'secret', u'User', u'*****@*****.**')])
consumer = getUser(u'consumer')
user = getUser(u'user')
api = OAuthConsumerAPI()
api.register(consumer)
token = api.getRenewalToken(consumer, user).encrypt()
encryptedRenewalToken, encryptedAccessToken = (
SecureOAuthConsumerAPI().renewToken(u'consumer', token))
renewalToken = OAuthRenewalToken.decrypt(consumer,
encryptedRenewalToken)
accessToken = OAuthAccessToken.decrypt(consumer, encryptedAccessToken)
self.assertTrue(isinstance(renewalToken, OAuthRenewalToken))
self.assertIdentical(consumer, renewalToken.consumer)
self.assertIdentical(user, renewalToken.user)
self.assertTrue(isinstance(accessToken, OAuthAccessToken))
self.assertIdentical(consumer, accessToken.consumer)
self.assertIdentical(user, accessToken.user)
def testRenderWithUnknownConsumer(self):
"""
A C{BAD_REQUEST} HTTP status code is returned if an
L{OAuthRenewalToken} for an unknown L{OAuthConsumer} is used in a
renewal request.
"""
UserAPI().create(
[(u'consumer', 'secret', u'Consumer', u'*****@*****.**'),
(u'user', 'secret', u'User', u'*****@*****.**')])
consumer = getUser(u'consumer')
user = getUser(u'consumer')
api = OAuthConsumerAPI()
api.register(consumer)
token = api.getRenewalToken(consumer, user)
headers = {'X-FluidDB-Renewal-Token': [token.encrypt()]}
self.store.find(OAuthConsumer).remove()
self.store.commit()
request = FakeRequest(headers=Headers(headers))
with login(u'consumer', consumer.objectID, self.transact) as session:
resource = RenewOAuthTokenResource(session)
self.assertEqual(NOT_DONE_YET, resource.render_GET(request))
yield resource.deferred
headers = dict(request.responseHeaders.getAllRawHeaders())
self.assertEqual(
{'X-Fluiddb-Error-Class': ['UnknownConsumer'],
'X-Fluiddb-Username': ['consumer'],
'X-Fluiddb-Request-Id': [session.id]},
headers)
self.assertEqual(BAD_REQUEST, request.code)
def testRenderWithSuccessfulVerification(self):
"""
An C{OK} HTTP status code is returned, along with new access and
renewal tokens, if a renewal request is successful.
"""
UserAPI().create(
[(u'consumer', 'secret', u'Consumer', u'*****@*****.**'),
(u'user', 'secret', u'User', u'*****@*****.**')])
consumer = getUser(u'consumer')
user = getUser(u'consumer')
api = OAuthConsumerAPI()
api.register(consumer)
token = api.getRenewalToken(consumer, user)
self.store.commit()
headers = {'X-FluidDB-Renewal-Token': [token.encrypt()]}
request = FakeRequest(headers=Headers(headers))
with login(u'consumer', consumer.objectID, self.transact) as session:
resource = RenewOAuthTokenResource(session)
self.assertEqual(NOT_DONE_YET, resource.render_GET(request))
yield resource.deferred
headers = dict(request.responseHeaders.getAllRawHeaders())
self.assertTrue(headers['X-Fluiddb-Access-Token'])
self.assertTrue(headers['X-Fluiddb-Renewal-Token'])
self.assertEqual(OK, request.code)
def testGet(self):
"""
L{OAuthConsumerAPI.get} returns the L{OAuthConsumer} associated with
the specified L{User}.
"""
UserAPI().create([(u'user', u'secret', u'User', u'*****@*****.**')])
user = getUser(u'user')
consumer = OAuthConsumerAPI().register(user)
self.assertIdentical(consumer, OAuthConsumerAPI().get(user))
def testGetUserWithNoPassword(self):
"""
If a L{User} returned by L{Delegator.getUser} doesn't have a password,
a C{missing-password} value is added to the result.
"""
UserAPI().create([
(u'consumer', 'secret', u'Consumer', u'*****@*****.**'),
(u'user', None, u'User', u'*****@*****.**')])
TwitterUserAPI().create(u'user', 1984245)
consumer = getUser(u'consumer')
OAuthConsumerAPI().register(consumer)
self.store.commit()
self.agent._connect = self._connect
authentication = 'OAuth oauth_consumer_key="...", ...'
provider = ServiceProvider(self.agent, 'https://example.com/verify')
delegator = Delegator(self.transact)
deferred = delegator.getUser(u'consumer', provider, authentication)
[(request, responseDeferred)] = self.protocol.requests
response = FakeResponse(ResponseDone(), dumps({'id': 1984245}))
responseDeferred.callback(response)
result = yield deferred
self.assertTrue(result['access-token'])
self.assertTrue(result['renewal-token'])
del result['access-token']
del result['renewal-token']
self.assertEqual({'username': u'user',
'new-user': False,
'missing-password': True,
'uid': 1984245,
'data': {u'id': 1984245}},
result)
def testGetUserWithNewUserAndMixedCaseTwitterScreenName(self):
"""
A new L{User} is created if L{Delegator.getUser} verifies the
L{TwitterUser} but can't find a user matching the Twitter screen name.
The Twitter user's screen name should be lowercased to make the
new Fluidinfo username.
"""
UserAPI().create([
(u'consumer', 'secret', u'Consumer', u'*****@*****.**')])
consumer = getUser(u'consumer')
OAuthConsumerAPI().register(consumer)
self.store.commit()
self.agent._connect = self._connect
authentication = 'OAuth oauth_consumer_key="...", ...'
provider = ServiceProvider(self.agent, 'https://example.com/verify')
delegator = Delegator(self.transact)
deferred = delegator.getUser(u'consumer', provider, authentication)
[(request, responseDeferred)] = self.protocol.requests
response = FakeResponse(ResponseDone(),
dumps({'id': 1984245,
'screen_name': u'MixedCaseName',
'name': u'John Doe'}))
responseDeferred.callback(response)
result = yield deferred
self.assertTrue(result['new-user'])
user = TwitterUserAPI().get(1984245)
self.assertEqual(u'mixedcasename', user.username)
def testGetUser(self):
"""
L{Delegator.getUser} returns a C{(User, data)} 2-tuple when the
service provider successfully verifies credentials and a mapping
between a Fluidinfo L{User} and the L{TwitterUser} being verified
exists.
"""
UserAPI().create([
(u'consumer', 'secret', u'Consumer', u'*****@*****.**'),
(u'user', 'secret', u'User', u'*****@*****.**')])
TwitterUserAPI().create(u'user', 1984245)
consumer = getUser(u'consumer')
OAuthConsumerAPI().register(consumer)
self.store.commit()
self.agent._connect = self._connect
authentication = 'OAuth oauth_consumer_key="...", ...'
provider = ServiceProvider(self.agent, 'https://example.com/verify')
delegator = Delegator(self.transact)
deferred = delegator.getUser(u'consumer', provider, authentication)
[(request, responseDeferred)] = self.protocol.requests
response = FakeResponse(ResponseDone(), dumps({'id': 1984245}))
responseDeferred.callback(response)
result = yield deferred
self.assertTrue(result['access-token'])
self.assertTrue(result['renewal-token'])
del result['access-token']
del result['renewal-token']
self.assertEqual({'username': u'user',
'new-user': False,
'missing-password': False,
'uid': 1984245,
'data': {u'id': 1984245}},
result)
def run():
# Check the consumer username and password if this is not an
# anonymous request.
if credentials.consumerKey != u'anon':
try:
user = authenticate(credentials.consumerKey,
credentials.consumerPassword)
except AuthenticationError as error:
session.log.exception(error)
raise TPasswordIncorrect()
except UnknownUserError as error:
session.log.exception(error)
raise TNoSuchUser(credentials.consumerKey.encode('utf-8'))
# The Consumer has been authenticated (or was anonymous). Use
# the OAuthConsumerAPI to get the username the request is being
# made for from the OAuth access token.
try:
user = OAuthConsumerAPI().authenticate(credentials)
except AuthenticationError as error:
session.log.exception(error)
raise TPasswordIncorrect()
except UnknownUserError as error:
raise TNoSuchUser(error.usernames[0].encode('utf-8'))
session.auth.login(user.username, user.objectID)
return session
def testAuthenticateOAuthWithUnknownConsumer(self):
"""
L{OAuthConsumerAPI.authenticate} raises an L{AuthenticationError}
exception if the consumer is not registered.
"""
UserAPI().create([(u'user1', u'secret1', u'User1',
u'*****@*****.**')])
user1 = getUser(u'user1')
secret = 'a' * 16
timestamp = 1314976811
headers = {'header1': 'foo'}
arguments = 'argument1=bar'
oauthEchoSecret = getConfig().get('oauth', 'access-secret')
token = dataToToken(oauthEchoSecret + secret, {'user1': 'secret1'})
signature = 'Sno1ocDhYv9vwJnEJATE3cmUvSo='
nonce = 'nonce'
oauthConsumerAPI = OAuthConsumerAPI()
credentials = OAuthCredentials(
'fluidinfo.com', user1.username, token, 'HMAC-SHA1', signature,
timestamp, nonce, 'GET', u'https://fluidinfo.com/foo', headers,
arguments)
self.assertRaises(AuthenticationError, oauthConsumerAPI.authenticate,
credentials)
def testRenewTokenWithUnknownConsumer(self):
"""
L{OAuthConsumerAPI.renewToken} raises an L{UnknownConsumerError} if an
L{OAuthRenewalToken} for an unknown consumer is used to generate a new
L{OAuthAccessToken}.
"""
UserAPI().create([
(u'consumer', u'secret', u'Consumer', u'*****@*****.**'),
(u'user', u'secret', u'User', u'*****@*****.**')])
consumerUser = getUser(u'consumer')
user = getUser(u'user')
api = OAuthConsumerAPI()
api.register(consumerUser)
renewalToken = api.getRenewalToken(consumerUser, user)
getUsers(usernames=[u'consumer']).remove()
self.assertRaises(UnknownConsumerError, api.renewToken, renewalToken)
def testAuthenticateAnonymousUserWithOAuth2(self):
"""
L{FacadeAuthMixin.authenticateUserWithOAuth2} should create a
L{FluidinfoSession} for the anonymous user.
"""
anonymous = self.system.users[u'anon']
UserAPI().create([(u'user', u'secret', u'User', u'*****@*****.**')])
user = getUser(u'user')
api = OAuthConsumerAPI()
api.register(anonymous)
token = api.getAccessToken(anonymous, user)
self.store.commit()
credentials = OAuth2Credentials(u'anon', None, token.encrypt())
session = yield self.facade.authenticateUserWithOAuth2(credentials)
self.assertEqual(user.username, session.auth.username)
self.assertEqual(user.objectID, session.auth.objectID)
def setUp(self):
super(OAuthEchoResourceTest, self).setUp()
self.agent = Agent(self.FakeReactor())
self.transact = Transact(self.threadPool)
system = createSystemData()
self.anonymous = system.users[u'anon']
OAuthConsumerAPI().register(self.anonymous)
self.agent = Agent(self.FakeReactor())
def testGetWithoutMatch(self):
"""
L{OAuthConsumerAPI.get} returns C{None} if the specified L{User} isn't
an OAuth consumer.
"""
UserAPI().create([(u'user', u'secret', u'User', u'*****@*****.**')])
user = getUser(u'user')
self.assertIdentical(None, OAuthConsumerAPI().get(user))
def testRenewExpiredToken(self):
"""
L{OAuthConsumerAPI.renewToken} raises an L{ExpiredOAuthTokenError} if
an expired L{OAuthRenewalToken} is used when trying to generate a new
L{OAuthAccessToken}.
"""
UserAPI().create([
(u'consumer', u'secret', u'Consumer', u'*****@*****.**'),
(u'user', u'secret', u'User', u'*****@*****.**')])
consumerUser = getUser(u'consumer')
user = getUser(u'user')
creationTime = datetime.utcnow() - timedelta(hours=200)
api = OAuthConsumerAPI()
api.register(consumerUser)
renewalToken = api.getRenewalToken(consumerUser, user,
now=lambda: creationTime)
self.assertRaises(ExpiredOAuthTokenError, api.renewToken, renewalToken)
def testAuthenticateOAuth2WithUnknownUser(self):
"""
L{OAuthConsumerAPI.authenticate} raises a L{UnknownUserError} exception
if the user in the L{OAuth2Credentials} token doesn't exist.
"""
UserAPI().create([(u'user1', u'secret1', u'User1',
u'*****@*****.**')])
user1 = getUser(u'user1')
oauthConsumerAPI = OAuthConsumerAPI()
consumer = oauthConsumerAPI.register(user1, secret='abyOTsAfo9MVN0qz')
oauthEchoSecret = getConfig().get('oauth', 'access-secret')
token = dataToToken(oauthEchoSecret + consumer.secret,
{'username': '******'})
credentials = OAuth2Credentials(u'user1', u'secret1', token)
self.assertRaises(UnknownUserError, oauthConsumerAPI.authenticate,
credentials)
def setUp(self):
super(VerifyUserPasswordResourceTest, self).setUp()
self.transact = Transact(self.threadPool)
createSystemData()
UserAPI().create([
(u'fluidinfo.com', 'secret', u'Fluidinfo', u'*****@*****.**'),
(u'user', u'pass', u'Peter Parker', u'*****@*****.**')])
consumer = getUser(u'anon')
OAuthConsumerAPI().register(consumer)
self.store.commit()
def testAuthenticateOAuth2(self):
"""
L{OAuthConsumerAPI.authenticate} returns the L{User} when passed valid
L{OAuth2Credentials}. In the case of OAuth Echo, and in the case of
this test, a consumer makes a request using a token that grants it
access to act on behalf of a particular user.
"""
UserAPI().create([(u'consumer', u'password', u'Consumer',
u'*****@*****.**')])
UserAPI().create([(u'user', u'secret', u'User', u'*****@*****.**')])
consumer = getUser(u'consumer')
user = getUser(u'user')
api = OAuthConsumerAPI()
api.register(consumer, secret='abyOTsAfo9MVN0qz')
token = api.getAccessToken(consumer, user)
credentials = OAuth2Credentials(u'consumer', u'secret1',
token.encrypt())
self.assertIdentical(user, api.authenticate(credentials))
def testRegister(self):
"""
L{OAuthConsumerAPI.register} creates a new L{OAuthConsumer} so that a
L{User} (most likely an application) can make OAuth calls to
Fluidinfo.
"""
UserAPI().create([(u'user', u'secret', u'User', u'*****@*****.**')])
user = getUser(u'user')
consumer = OAuthConsumerAPI().register(user)
self.assertTrue(isinstance(consumer, OAuthConsumer))
self.assertIdentical(user, consumer.user)
def testRequestAvatarId(self):
"""
L{FacadeOAuth2Checker.requestAvatarId} creates a
L{FluidinfoSession} for the authenticated user only if credentials are
correct.
"""
UserAPI().create([(u'consumer', u'secret', u'Consumer',
u'*****@*****.**'),
(u'user', u'secret', u'User', u'*****@*****.**')])
consumerUser = getUser(u'consumer')
user = getUser(u'user')
api = OAuthConsumerAPI()
api.register(consumerUser)
token = api.getAccessToken(consumerUser, user)
self.store.commit()
credentials = OAuth2Credentials(u'consumer', 'secret', token.encrypt())
session = yield self.checker.requestAvatarId(credentials)
self.assertEqual(user.username, session.auth.username)
self.assertEqual(user.objectID, session.auth.objectID)
def run():
try:
user = OAuthConsumerAPI().authenticate(credentials)
except AuthenticationError as error:
session.log.exception(error)
raise TPasswordIncorrect()
except UnknownUserError as error:
raise TNoSuchUser(error.usernames[0].encode('utf-8'))
else:
session.auth.login(user.username, user.objectID)
return session
def bootstrapWebAdminData():
"""Create system data in a database."""
try:
superuser = getUser(u'fluiddb')
UserAPI().create([((u'fluidinfo.com', u'secret', u'Fluidinfo website',
u'*****@*****.**'))])
webuser = getUser(u'fluidinfo.com')
webuser.role = Role.USER_MANAGER
TagAPI(superuser).create([(u'fluiddb/users/activation-token',
u'Activation token for the user')])
PermissionAPI(superuser).set([
(u'fluiddb/users/activation-token', Operation.WRITE_TAG_VALUE,
Policy.CLOSED, [u'fluidinfo.com'])
])
anonuser = getUser(u'anon')
OAuthConsumerAPI.register(anonuser)
except:
transaction.abort()
raise
else:
transaction.commit()
def testGetRenewalToken(self):
"""
L{OAuthConsumerAPI.getRenewalToken} returns an L{OAuthRenewalToken} for
a consumer to act on behalf of a L{User}. It includes the consumer,
the user to act on behalf of, and the creation time, after which the
token will not be accepted.
"""
UserAPI().create([
(u'consumer', u'secret', u'Consumer', u'*****@*****.**'),
(u'user', u'secret', u'User', u'*****@*****.**')])
consumerUser = getUser(u'consumer')
user = getUser(u'user')
now = datetime.utcnow()
api = OAuthConsumerAPI()
api.register(consumerUser)
token = api.getRenewalToken(consumerUser, user, now=lambda: now)
self.assertTrue(isinstance(token, OAuthRenewalToken))
self.assertIdentical(consumerUser, token.consumer)
self.assertIdentical(user, token.user)
self.assertEqual(now, token.creationTime)
def bootstrapWebAdminData():
"""Create system data in a database."""
try:
superuser = getUser(u'fluiddb')
UserAPI().create([((u'fluidinfo.com',
u'secret',
u'Fluidinfo website',
u'*****@*****.**'))])
webuser = getUser(u'fluidinfo.com')
webuser.role = Role.USER_MANAGER
TagAPI(superuser).create([(u'fluiddb/users/activation-token',
u'Activation token for the user')])
PermissionAPI(superuser).set([(u'fluiddb/users/activation-token',
Operation.WRITE_TAG_VALUE,
Policy.CLOSED, [u'fluidinfo.com'])])
anonuser = getUser(u'anon')
OAuthConsumerAPI.register(anonuser)
except:
transaction.abort()
raise
else:
transaction.commit()
def testRenewToken(self):
"""
L{OAuthConsumerAPI.renewToken} generates a new L{OAuthRenewalToken}
and L{OAuthAccessToken}, given a valid L{OAuthRenewalToken}.
"""
UserAPI().create([
(u'consumer', u'secret', u'Consumer', u'*****@*****.**'),
(u'user', u'secret', u'User', u'*****@*****.**')])
consumerUser = getUser(u'consumer')
user = getUser(u'user')
api = OAuthConsumerAPI()
api.register(consumerUser)
renewalToken = api.getRenewalToken(consumerUser, user)
newRenewalToken, accessToken = api.renewToken(renewalToken)
self.assertNotEqual(renewalToken, newRenewalToken)
self.assertTrue(isinstance(renewalToken, OAuthRenewalToken))
self.assertIdentical(consumerUser, renewalToken.consumer)
self.assertIdentical(user, renewalToken.user)
self.assertTrue(isinstance(accessToken, OAuthAccessToken))
self.assertIdentical(consumerUser, accessToken.consumer)
self.assertIdentical(user, accessToken.user)
def testAuthenticateOAuth2WithTokenMadeFromBadOAuthEchoSecret(self):
"""
L{OAuthConsumerAPI.authenticate} raises an L{AuthenticationError}
exception if the token in the L{OAuthCredentials} is invalid
because it is not made with our oauthEchoSecret in the key.
"""
UserAPI().create([(u'user1', u'secret1', u'User1',
u'*****@*****.**')])
user1 = getUser(u'user1')
UserAPI().create([(u'user2', u'secret2', u'User2',
u'*****@*****.**')])
oauthConsumerAPI = OAuthConsumerAPI()
consumer = oauthConsumerAPI.register(user1, secret='abyOTsAfo9MVN0qz')
oauthEchoSecret = 'x' * 16
token = dataToToken(oauthEchoSecret + consumer.secret,
{'username': '******'})
credentials = OAuth2Credentials(u'user1', u'secret1', token)
self.assertRaises(AuthenticationError, oauthConsumerAPI.authenticate,
credentials)
def testAuthenticateOAuth2WithInvalidToken(self):
"""
L{OAuthConsumerAPI.authenticate} raises an L{AuthenticationError}
exception if the token in the L{OAuthCredentials} is invalid.
"""
UserAPI().create([(u'user1', u'secret1', u'User1',
u'*****@*****.**')])
user1 = getUser(u'user1')
# NOTE This second user is not used, but it's created anyway to make
# sure that the environment is the same as the other tests, but this
# time the test will only fail because of an invalid token.
# This is here to avoid regressions.
UserAPI().create([(u'user2', u'secret2', u'User2',
u'*****@*****.**')])
oauthConsumerAPI = OAuthConsumerAPI()
oauthConsumerAPI.register(user1, secret='abyOTsAfo9MVN0qz')
token = 'invalid'
credentials = OAuth2Credentials(u'user1', u'secret1', token)
self.assertRaises(AuthenticationError, oauthConsumerAPI.authenticate,
credentials)
