def testRenewToken(self):
"""
L{SecureOAuthConsumerAPI.renewToken} generates a new
L{OAuthRenewalToken} and L{OAuthAccessToken}, given a valid
L{OAuthRenewalToken}.
"""
UserAPI().create([
(u'consumer', u'secret', u'Consumer', u'*****@*****.**'),
(u'user', u'secret', u'User', u'*****@*****.**')])
consumer = getUser(u'consumer')
user = getUser(u'user')
api = OAuthConsumerAPI()
api.register(consumer)
token = api.getRenewalToken(consumer, user).encrypt()
encryptedRenewalToken, encryptedAccessToken = (
SecureOAuthConsumerAPI().renewToken(u'consumer', token))
renewalToken = OAuthRenewalToken.decrypt(consumer,
encryptedRenewalToken)
accessToken = OAuthAccessToken.decrypt(consumer, encryptedAccessToken)
self.assertTrue(isinstance(renewalToken, OAuthRenewalToken))
self.assertIdentical(consumer, renewalToken.consumer)
self.assertIdentical(user, renewalToken.user)
self.assertTrue(isinstance(accessToken, OAuthAccessToken))
self.assertIdentical(consumer, accessToken.consumer)
self.assertIdentical(user, accessToken.user)
def testRenderWithExpiredRenewalToken(self):
"""
An C{UNAUTHORIZED} HTTP status code is returned if an expired
L{OAuthRenewalToken} is used in a renewal request.
"""
UserAPI().create(
[(u'consumer', 'secret', u'Consumer', u'*****@*****.**'),
(u'user', 'secret', u'User', u'*****@*****.**')])
consumer = getUser(u'consumer')
user = getUser(u'consumer')
api = OAuthConsumerAPI()
api.register(consumer)
creationTime = datetime.utcnow() - timedelta(hours=200)
token = api.getRenewalToken(consumer, user, now=lambda: creationTime)
self.store.commit()
headers = {'X-FluidDB-Renewal-Token': [token.encrypt()]}
request = FakeRequest(headers=Headers(headers))
with login(u'consumer', consumer.objectID, self.transact) as session:
resource = RenewOAuthTokenResource(session)
self.assertEqual(NOT_DONE_YET, resource.render_GET(request))
yield resource.deferred
headers = dict(request.responseHeaders.getAllRawHeaders())
self.assertEqual(
{'X-Fluiddb-Error-Class': ['ExpiredOAuth2RenewalToken'],
'X-Fluiddb-Username': ['consumer'],
'X-Fluiddb-Request-Id': [session.id]},
headers)
self.assertEqual(UNAUTHORIZED, request.code)
def testRenderWithUnknownConsumer(self):
"""
A C{BAD_REQUEST} HTTP status code is returned if an
L{OAuthRenewalToken} for an unknown L{OAuthConsumer} is used in a
renewal request.
"""
UserAPI().create(
[(u'consumer', 'secret', u'Consumer', u'*****@*****.**'),
(u'user', 'secret', u'User', u'*****@*****.**')])
consumer = getUser(u'consumer')
user = getUser(u'consumer')
api = OAuthConsumerAPI()
api.register(consumer)
token = api.getRenewalToken(consumer, user)
headers = {'X-FluidDB-Renewal-Token': [token.encrypt()]}
self.store.find(OAuthConsumer).remove()
self.store.commit()
request = FakeRequest(headers=Headers(headers))
with login(u'consumer', consumer.objectID, self.transact) as session:
resource = RenewOAuthTokenResource(session)
self.assertEqual(NOT_DONE_YET, resource.render_GET(request))
yield resource.deferred
headers = dict(request.responseHeaders.getAllRawHeaders())
self.assertEqual(
{'X-Fluiddb-Error-Class': ['UnknownConsumer'],
'X-Fluiddb-Username': ['consumer'],
'X-Fluiddb-Request-Id': [session.id]},
headers)
self.assertEqual(BAD_REQUEST, request.code)
def testRenderWithSuccessfulVerification(self):
"""
An C{OK} HTTP status code is returned, along with new access and
renewal tokens, if a renewal request is successful.
"""
UserAPI().create(
[(u'consumer', 'secret', u'Consumer', u'*****@*****.**'),
(u'user', 'secret', u'User', u'*****@*****.**')])
consumer = getUser(u'consumer')
user = getUser(u'consumer')
api = OAuthConsumerAPI()
api.register(consumer)
token = api.getRenewalToken(consumer, user)
self.store.commit()
headers = {'X-FluidDB-Renewal-Token': [token.encrypt()]}
request = FakeRequest(headers=Headers(headers))
with login(u'consumer', consumer.objectID, self.transact) as session:
resource = RenewOAuthTokenResource(session)
self.assertEqual(NOT_DONE_YET, resource.render_GET(request))
yield resource.deferred
headers = dict(request.responseHeaders.getAllRawHeaders())
self.assertTrue(headers['X-Fluiddb-Access-Token'])
self.assertTrue(headers['X-Fluiddb-Renewal-Token'])
self.assertEqual(OK, request.code)
def run():
if not request.isSecure() and not getDevelopmentMode():
raise TBadRequest(
'/users/<username>/verify requests must use HTTPS')
dictionary = registry.checkRequest(usage, request)
user = cachingGetUser(self.username.decode('utf-8'))
if not user:
raise TNoSuchUser(self.username)
password = dictionary['password']
if checkPassword(password, user.passwordHash):
# FIXME Hard-coding the 'anon' consumer here isn't great,
# but for now it means we don't have to change the public
# API. -jkakar
api = OAuthConsumerAPI()
consumer = cachingGetUser(u'anon')
accessToken = api.getAccessToken(consumer, user)
renewalToken = api.getRenewalToken(consumer, user)
return {'accessToken': accessToken.encrypt(),
'fullname': user.fullname,
'renewalToken': renewalToken.encrypt(),
'role': str(user.role),
'valid': True}
else:
return {'valid': False}
def testRenewTokenWithUnknownConsumer(self):
"""
L{OAuthConsumerAPI.renewToken} raises an L{UnknownConsumerError} if an
L{OAuthRenewalToken} for an unknown consumer is used to generate a new
L{OAuthAccessToken}.
"""
UserAPI().create([
(u'consumer', u'secret', u'Consumer', u'*****@*****.**'),
(u'user', u'secret', u'User', u'*****@*****.**')])
consumerUser = getUser(u'consumer')
user = getUser(u'user')
api = OAuthConsumerAPI()
api.register(consumerUser)
renewalToken = api.getRenewalToken(consumerUser, user)
getUsers(usernames=[u'consumer']).remove()
self.assertRaises(UnknownConsumerError, api.renewToken, renewalToken)
def testRenewExpiredToken(self):
"""
L{OAuthConsumerAPI.renewToken} raises an L{ExpiredOAuthTokenError} if
an expired L{OAuthRenewalToken} is used when trying to generate a new
L{OAuthAccessToken}.
"""
UserAPI().create([
(u'consumer', u'secret', u'Consumer', u'*****@*****.**'),
(u'user', u'secret', u'User', u'*****@*****.**')])
consumerUser = getUser(u'consumer')
user = getUser(u'user')
creationTime = datetime.utcnow() - timedelta(hours=200)
api = OAuthConsumerAPI()
api.register(consumerUser)
renewalToken = api.getRenewalToken(consumerUser, user,
now=lambda: creationTime)
self.assertRaises(ExpiredOAuthTokenError, api.renewToken, renewalToken)
def testGetRenewalToken(self):
"""
L{OAuthConsumerAPI.getRenewalToken} returns an L{OAuthRenewalToken} for
a consumer to act on behalf of a L{User}. It includes the consumer,
the user to act on behalf of, and the creation time, after which the
token will not be accepted.
"""
UserAPI().create([
(u'consumer', u'secret', u'Consumer', u'*****@*****.**'),
(u'user', u'secret', u'User', u'*****@*****.**')])
consumerUser = getUser(u'consumer')
user = getUser(u'user')
now = datetime.utcnow()
api = OAuthConsumerAPI()
api.register(consumerUser)
token = api.getRenewalToken(consumerUser, user, now=lambda: now)
self.assertTrue(isinstance(token, OAuthRenewalToken))
self.assertIdentical(consumerUser, token.consumer)
self.assertIdentical(user, token.user)
self.assertEqual(now, token.creationTime)
def testRenewToken(self):
"""
L{OAuthConsumerAPI.renewToken} generates a new L{OAuthRenewalToken}
and L{OAuthAccessToken}, given a valid L{OAuthRenewalToken}.
"""
UserAPI().create([
(u'consumer', u'secret', u'Consumer', u'*****@*****.**'),
(u'user', u'secret', u'User', u'*****@*****.**')])
consumerUser = getUser(u'consumer')
user = getUser(u'user')
api = OAuthConsumerAPI()
api.register(consumerUser)
renewalToken = api.getRenewalToken(consumerUser, user)
newRenewalToken, accessToken = api.renewToken(renewalToken)
self.assertNotEqual(renewalToken, newRenewalToken)
self.assertTrue(isinstance(renewalToken, OAuthRenewalToken))
self.assertIdentical(consumerUser, renewalToken.consumer)
self.assertIdentical(user, renewalToken.user)
self.assertTrue(isinstance(accessToken, OAuthAccessToken))
self.assertIdentical(consumerUser, accessToken.consumer)
self.assertIdentical(user, accessToken.user)
