class CachingUserAPI(object): """The public API to secure L{User}-related functionality. @param user: The L{User} to perform operations on behalf of. """ def __init__(self): self._api = UserAPI(factory=CachingAPIFactory()) def create(self, values, createPrivateNamespace=None): """See L{UserAPI.create}.""" return self._api.create(values, createPrivateNamespace) def delete(self, usernames): """See L{UserAPI.delete}.""" if isgenerator(usernames): usernames = list(usernames) cache = UserCache() for username in usernames: cache.clear(username) return self._api.delete(usernames) def get(self, usernames): """See L{UserAPI.get}.""" return self._api.get(usernames) def set(self, values): """See L{UserAPI.set}.""" cache = UserCache() for username, password, fullname, email, role in values: cache.clear(username) return self._api.set(values)
def removeTestingData(): """ Delete L{User}s, L{Namespace}s and L{Tag}s used for testing purposes. """ admin = getUser(u'fluiddb') logging.info('Deleting testing tags.') result = TagAPI(admin).get(TESTING_DATA[u'tags']) if result: TagAPI(admin).delete(result.keys()) logging.info('Deleting testing namespaces.') result = NamespaceAPI(admin).get(TESTING_DATA[u'namespaces']) # we must delete namespaces one by one, otherwise we'll get NotEmptyError. for path in sorted(result.keys(), reverse=True): NamespaceAPI(admin).delete([path]) logging.info('Deleting testing users.') result = UserAPI().get(TESTING_DATA[u'users']) if result: for username in result: path = '%s/private' % username try: NamespaceAPI(admin).delete([path]) except FeatureError: # FIXME This is a bit crap, but it's faster than checking to # see if the namespace exists before attempting to delete it. continue if result: UserAPI().delete(result.keys()) getMainStore().commit()
def testAuthenticateOAuth(self): """ L{OAuthConsumerAPI.authenticate} returns the L{User} when passed valid L{OAuthCredentials}. In the case of OAuth Echo, and in the case of this test, a consumer makes a request using a token that grants it access to act on behalf of a particular user. """ UserAPI().create([(u'consumer', u'password', u'Consumer', u'*****@*****.**')]) UserAPI().create([(u'user', u'secret', u'User', u'*****@*****.**')]) consumer = getUser(u'consumer') user = getUser(u'user') api = OAuthConsumerAPI() api.register(consumer, secret='abyOTsAfo9MVN0qz') token = api.getAccessToken(consumer, user) timestamp = 1314976811 headers = {'header1': 'foo'} arguments = 'argument1=bar' signature = 'Sno1ocDhYv9vwJnEJATE3cmUvSo=' nonce = 'nonce' credentials = OAuthCredentials( 'fluidinfo.com', consumer.username, token.encrypt(), 'HMAC-SHA1', signature, timestamp, nonce, 'GET', u'https://fluidinfo.com/foo', headers, arguments) self.assertIdentical(user, api.authenticate(credentials))
def testAuthenticateOAuthWithInvalidToken(self): """ L{OAuthConsumerAPI.authenticate} raises an L{AuthenticationError} exception if the token in the L{OAuthCredentials} is invalid. """ UserAPI().create([(u'user1', u'secret1', u'User1', u'*****@*****.**')]) user1 = getUser(u'user1') # NOTE This second user is not used, but it's created anyway to make # sure that the environment is the same as the other tests, but this # time the test will only fail because of an invalid token. # This is here to avoid regressions. UserAPI().create([(u'user2', u'secret2', u'User2', u'*****@*****.**')]) oauthConsumerAPI = OAuthConsumerAPI() oauthConsumerAPI.register(user1, secret='abyOTsAfo9MVN0qz') timestamp = 1314976811 headers = {'header1': 'foo'} arguments = 'argument1=bar' token = 'invalid' signature = 'wrong' nonce = 'nonce' credentials = OAuthCredentials( 'fluidinfo.com', user1.username, token, 'HMAC-SHA1', signature, timestamp, nonce, 'GET', u'https://fluidinfo.com/foo', headers, arguments) self.assertRaises(AuthenticationError, oauthConsumerAPI.authenticate, credentials)
def testPrepareForTestingCreatesUsers(self): """ L{prepareForTesting} creates all the necessary testing L{User}s. """ prepareForTesting() usernames = [u'testuser1', u'testuser2'] users = UserAPI().get(usernames) self.assertEquals(usernames, sorted(users.iterkeys()))
def testRemoveTestingDataWithPartialData(self): """ L{removeTestingData} only tries to remove testing data that exists. """ UserAPI().create([(u'testuser1', 'secret', u'Test user', u'*****@*****.**')]) NamespaceAPI(self.admin).delete([u'testuser1/private']) removeTestingData() users = UserAPI().get([u'testuser1', u'testuser2']) self.assertEquals({}, users)
def testGetRecentUserActivity(self): """ L{FacadeRecentActivityMixin.getRecentUserActivity} returns a C{dict} with information about the recent tag values on the given user. """ tagValues = TagValueAPI(self.user) objectID1 = ObjectAPI(self.user).create(u'object1') objectID2 = uuid4() # Use commit() frequently to have different timestamps on each value. self.store.commit() tagValues.set({objectID1: {u'user/tag1': u'A'}}) self.store.commit() tagValues.set({objectID1: {u'user/tag2': u'B'}}) self.store.commit() UserAPI().create([(u'user2', u'secret', u'User', u'*****@*****.**')]) tagValues = TagValueAPI(getUser(u'user2')) tagValues.set({objectID1: {u'user2/tag1': u'C'}}) self.store.commit() tagValues.set({objectID2: {u'user2/tag2': u'D'}}) self.store.commit() UserAPI().create([(u'user3', u'secret', u'User', u'*****@*****.**')]) tagValues = TagValueAPI(getUser(u'user3')) tagValues.set({objectID1: {u'user3/tag1': u'C'}}) self.store.commit() tagValues.set({objectID2: {u'user3/tag2': u'D'}}) self.store.commit() expected = [ {'tag': u'user/tag2', 'id': str(objectID1), 'about': u'object1', 'value': u'B', 'username': u'username'}, {'tag': u'user/tag1', 'id': str(objectID1), 'about': u'object1', 'value': u'A', 'username': u'username'}] with login(self.user.username, uuid4(), self.transact) as session: result = yield self.facade.getRecentUserActivity( session, self.user.username.encode('utf-8')) # Remove the creation times from the result. for item in result: del item['updated-at'] self.assertEqual(expected, result)
def testRenderWithNewUser(self): """ Missing L{User}s are created automatically and linked to L{TwitterUser}s for authorized UIDs. """ self.assertNotIn(u'john', UserAPI().get([u'john'])) self.store.commit() self.agent._connect = self._connect headers = { 'X-Verify-Credentials-Authorization': ['OAuth ...'], 'X-Auth-Service-Provider': [TWITTER_URL] } request = FakeRequest(headers=Headers(headers)) with login(u'anon', self.anonymous.objectID, self.transact) as session: resource = OAuthEchoResource(session, self.agent) self.assertEqual(NOT_DONE_YET, resource.render_GET(request)) [(_, responseDeferred)] = self.protocol.requests data = {'id': 1984245, 'screen_name': u'john', 'name': u'John'} response = FakeResponse(ResponseDone(), dumps(data)) responseDeferred.callback(response) result = yield resource.deferred self.assertTrue(result['access-token']) self.assertTrue(result['renewal-token']) del result['access-token'] del result['renewal-token'] self.assertEqual( { 'username': u'john', 'new-user': True, 'missing-password': True, 'data': data, 'uid': 1984245 }, result) self.assertEqual(OK, request.code) self.assertEqual(data, loads(request.written.getvalue())) headers = dict(request.responseHeaders.getAllRawHeaders()) self.assertTrue(headers['X-Fluiddb-Access-Token']) self.assertTrue(headers['X-Fluiddb-Renewal-Token']) del headers['X-Fluiddb-Access-Token'] del headers['X-Fluiddb-Renewal-Token'] self.assertEqual( { 'X-Fluiddb-New-User': ['true'], 'X-Fluiddb-Missing-Password': ['true'], 'X-Fluiddb-Username': ['am9obg=='] }, # username is in base64. headers) self.store.rollback() self.assertIn(u'john', UserAPI().get([u'john']))
def testGetUserWithNewUserAndMixedCaseTwitterScreenName(self): """ A new L{User} is created if L{Delegator.getUser} verifies the L{TwitterUser} but can't find a user matching the Twitter screen name. The Twitter user's screen name should be lowercased to make the new Fluidinfo username. """ UserAPI().create([ (u'consumer', 'secret', u'Consumer', u'*****@*****.**')]) consumer = getUser(u'consumer') OAuthConsumerAPI().register(consumer) self.store.commit() self.agent._connect = self._connect authentication = 'OAuth oauth_consumer_key="...", ...' provider = ServiceProvider(self.agent, 'https://example.com/verify') delegator = Delegator(self.transact) deferred = delegator.getUser(u'consumer', provider, authentication) [(request, responseDeferred)] = self.protocol.requests response = FakeResponse(ResponseDone(), dumps({'id': 1984245, 'screen_name': u'MixedCaseName', 'name': u'John Doe'})) responseDeferred.callback(response) result = yield deferred self.assertTrue(result['new-user']) user = TwitterUserAPI().get(1984245) self.assertEqual(u'mixedcasename', user.username)
def testRenewToken(self): """ L{SecureOAuthConsumerAPI.renewToken} generates a new L{OAuthRenewalToken} and L{OAuthAccessToken}, given a valid L{OAuthRenewalToken}. """ UserAPI().create([ (u'consumer', u'secret', u'Consumer', u'*****@*****.**'), (u'user', u'secret', u'User', u'*****@*****.**')]) consumer = getUser(u'consumer') user = getUser(u'user') api = OAuthConsumerAPI() api.register(consumer) token = api.getRenewalToken(consumer, user).encrypt() encryptedRenewalToken, encryptedAccessToken = ( SecureOAuthConsumerAPI().renewToken(u'consumer', token)) renewalToken = OAuthRenewalToken.decrypt(consumer, encryptedRenewalToken) accessToken = OAuthAccessToken.decrypt(consumer, encryptedAccessToken) self.assertTrue(isinstance(renewalToken, OAuthRenewalToken)) self.assertIdentical(consumer, renewalToken.consumer) self.assertIdentical(user, renewalToken.user) self.assertTrue(isinstance(accessToken, OAuthAccessToken)) self.assertIdentical(consumer, accessToken.consumer) self.assertIdentical(user, accessToken.user)
def testRenderWithExpiredRenewalToken(self): """ An C{UNAUTHORIZED} HTTP status code is returned if an expired L{OAuthRenewalToken} is used in a renewal request. """ UserAPI().create( [(u'consumer', 'secret', u'Consumer', u'*****@*****.**'), (u'user', 'secret', u'User', u'*****@*****.**')]) consumer = getUser(u'consumer') user = getUser(u'consumer') api = OAuthConsumerAPI() api.register(consumer) creationTime = datetime.utcnow() - timedelta(hours=200) token = api.getRenewalToken(consumer, user, now=lambda: creationTime) self.store.commit() headers = {'X-FluidDB-Renewal-Token': [token.encrypt()]} request = FakeRequest(headers=Headers(headers)) with login(u'consumer', consumer.objectID, self.transact) as session: resource = RenewOAuthTokenResource(session) self.assertEqual(NOT_DONE_YET, resource.render_GET(request)) yield resource.deferred headers = dict(request.responseHeaders.getAllRawHeaders()) self.assertEqual( {'X-Fluiddb-Error-Class': ['ExpiredOAuth2RenewalToken'], 'X-Fluiddb-Username': ['consumer'], 'X-Fluiddb-Request-Id': [session.id]}, headers) self.assertEqual(UNAUTHORIZED, request.code)
def testRenderWithUnknownConsumer(self): """ A C{BAD_REQUEST} HTTP status code is returned if an L{OAuthRenewalToken} for an unknown L{OAuthConsumer} is used in a renewal request. """ UserAPI().create( [(u'consumer', 'secret', u'Consumer', u'*****@*****.**'), (u'user', 'secret', u'User', u'*****@*****.**')]) consumer = getUser(u'consumer') user = getUser(u'consumer') api = OAuthConsumerAPI() api.register(consumer) token = api.getRenewalToken(consumer, user) headers = {'X-FluidDB-Renewal-Token': [token.encrypt()]} self.store.find(OAuthConsumer).remove() self.store.commit() request = FakeRequest(headers=Headers(headers)) with login(u'consumer', consumer.objectID, self.transact) as session: resource = RenewOAuthTokenResource(session) self.assertEqual(NOT_DONE_YET, resource.render_GET(request)) yield resource.deferred headers = dict(request.responseHeaders.getAllRawHeaders()) self.assertEqual( {'X-Fluiddb-Error-Class': ['UnknownConsumer'], 'X-Fluiddb-Username': ['consumer'], 'X-Fluiddb-Request-Id': [session.id]}, headers) self.assertEqual(BAD_REQUEST, request.code)
def testGetUser(self): """ L{Delegator.getUser} returns a C{(User, data)} 2-tuple when the service provider successfully verifies credentials and a mapping between a Fluidinfo L{User} and the L{TwitterUser} being verified exists. """ UserAPI().create([ (u'consumer', 'secret', u'Consumer', u'*****@*****.**'), (u'user', 'secret', u'User', u'*****@*****.**')]) TwitterUserAPI().create(u'user', 1984245) consumer = getUser(u'consumer') OAuthConsumerAPI().register(consumer) self.store.commit() self.agent._connect = self._connect authentication = 'OAuth oauth_consumer_key="...", ...' provider = ServiceProvider(self.agent, 'https://example.com/verify') delegator = Delegator(self.transact) deferred = delegator.getUser(u'consumer', provider, authentication) [(request, responseDeferred)] = self.protocol.requests response = FakeResponse(ResponseDone(), dumps({'id': 1984245})) responseDeferred.callback(response) result = yield deferred self.assertTrue(result['access-token']) self.assertTrue(result['renewal-token']) del result['access-token'] del result['renewal-token'] self.assertEqual({'username': u'user', 'new-user': False, 'missing-password': False, 'uid': 1984245, 'data': {u'id': 1984245}}, result)
def setUp(self): super(SecureRecentActivityAPIWithUserRoleTest, self).setUp() createSystemData() UserAPI().create([(u'user', u'secret', u'User', u'*****@*****.**')]) self.user = getUser(u'user') self.recentActivity = SecureRecentActivityAPI(self.user) self.permissions = CachingPermissionAPI(self.user)
def setUp(self): super(SecureObjectAPIWithBrokenCacheTest, self).setUp() self.system = createSystemData() UserAPI().create([(u'user', u'password', u'User', u'*****@*****.**')]) self.user = getUser(u'user') self.objects = SecureObjectAPI(self.user)
def testCreatePrivateChildTagWithDelegatedCreator(self): """ L{TagAPI.create} always ensures that a new L{Tag} is usable by the L{User} that created it. If the L{Operation.READ_TAG_VALUE} permission is L{Policy.CLOSED} the creator is added to the exceptions list. """ UserAPI().create([(u'friend', u'secret', u'name', u'*****@*****.**') ]) PermissionAPI(self.user).set([(u'username', Operation.CREATE_NAMESPACE, Policy.CLOSED, [u'username', u'friend']), (u'username', Operation.LIST_NAMESPACE, Policy.CLOSED, [u'username', u'friend'])]) friend = getUser(u'friend') TagAPI(friend).create([(u'username/tag', u'A shared tag')]) result = getTagPermissions([u'username/tag']) tag, permission = result.one() self.assertEqual((Policy.CLOSED, [self.user.id, friend.id]), permission.get(Operation.UPDATE_TAG)) self.assertEqual((Policy.CLOSED, [self.user.id, friend.id]), permission.get(Operation.DELETE_TAG)) self.assertEqual((Policy.CLOSED, [self.user.id]), permission.get(Operation.CONTROL_TAG)) self.assertEqual((Policy.CLOSED, [self.user.id, friend.id]), permission.get(Operation.WRITE_TAG_VALUE)) self.assertEqual((Policy.CLOSED, [self.user.id, friend.id]), permission.get(Operation.READ_TAG_VALUE)) self.assertEqual((Policy.CLOSED, [self.user.id, friend.id]), permission.get(Operation.DELETE_TAG_VALUE)) self.assertEqual((Policy.CLOSED, [self.user.id]), permission.get(Operation.CONTROL_TAG_VALUE))
def testCreateChildTagWithDelegatedCreator(self): """ L{TagAPI.create} always ensures that a new L{Tag} is usable by the L{User} that created it. In the case of default permissions, the user creating the new L{Tag} is granted L{Operation.UPDATE_TAG}, L{Operation.DELETE_TAG}, L{Operation.WRITE_TAG_VALUE} and L{Operation.DELETE_TAG_VALUE}. """ UserAPI().create([(u'friend', u'secret', u'name', u'*****@*****.**') ]) PermissionAPI(self.user).set([(u'username', Operation.CREATE_NAMESPACE, Policy.CLOSED, [u'username', u'friend'])]) friend = getUser(u'friend') TagAPI(friend).create([(u'username/tag', u'A shared tag')]) result = getTagPermissions([u'username/tag']) tag, permission = result.one() self.assertEqual((Policy.CLOSED, [self.user.id, friend.id]), permission.get(Operation.UPDATE_TAG)) self.assertEqual((Policy.CLOSED, [self.user.id, friend.id]), permission.get(Operation.DELETE_TAG)) self.assertEqual((Policy.CLOSED, [self.user.id]), permission.get(Operation.CONTROL_TAG)) self.assertEqual((Policy.CLOSED, [self.user.id, friend.id]), permission.get(Operation.WRITE_TAG_VALUE)) self.assertEqual((Policy.OPEN, []), permission.get(Operation.READ_TAG_VALUE)) self.assertEqual((Policy.CLOSED, [self.user.id, friend.id]), permission.get(Operation.DELETE_TAG_VALUE)) self.assertEqual((Policy.CLOSED, [self.user.id]), permission.get(Operation.CONTROL_TAG_VALUE))
def testGetUserWithUserConflict(self): """ A L{DuplicateUserError} exception is raised if a L{User} with the same username as the Twitter user's screen name already exists, but is not associated with the Twitter UID. """ UserAPI().create([ (u'consumer', 'secret', u'Consumer', u'*****@*****.**'), (u'john', 'secret', u'John', u'*****@*****.**')]) self.store.commit() self.agent._connect = self._connect authentication = 'OAuth oauth_consumer_key="...", ...' consumer = getUser(u'consumer') provider = ServiceProvider(self.agent, 'https://example.com/verify') delegator = Delegator(self.transact) deferred = delegator.getUser(consumer, provider, authentication) [(request, responseDeferred)] = self.protocol.requests response = FakeResponse(ResponseDone(), dumps({'id': 1984245, 'screen_name': u'john', 'name': u'John Doe'})) responseDeferred.callback(response) error = yield self.assertFailure(deferred, DuplicateUserError) self.assertEqual([u'john'], list(error.usernames))
def testAuthenticateOAuthWithUnknownUser(self): """ L{OAuthConsumerAPI.authenticate} raises a L{UnknownUserError} exception if the user in the L{OAuthCredentials} token doesn't exist. """ UserAPI().create([(u'user1', u'secret1', u'User1', u'*****@*****.**')]) user1 = getUser(u'user1') oauthConsumerAPI = OAuthConsumerAPI() consumer = oauthConsumerAPI.register(user1, secret='abyOTsAfo9MVN0qz') timestamp = 1314976811 headers = {'header1': 'foo'} arguments = 'argument1=bar' oauthEchoSecret = getConfig().get('oauth', 'access-secret') token = dataToToken(oauthEchoSecret + consumer.secret, {'username': '******'}) signature = 'Sno1ocDhYv9vwJnEJATE3cmUvSo=' nonce = 'nonce' credentials = OAuthCredentials( 'fluidinfo.com', user1.username, token, 'HMAC-SHA1', signature, timestamp, nonce, 'GET', u'https://fluidinfo.com/foo', headers, arguments) self.assertRaises(UnknownUserError, oauthConsumerAPI.authenticate, credentials)
def setUp(self): super(CachingObjectAPITest, self).setUp() self.system = createSystemData() UserAPI().create([(u'user', u'password', u'User', u'*****@*****.**') ]) self.user = getUser(u'user') self.objects = CachingObjectAPI(self.user)
def testRenderWithSuccessfulVerification(self): """ An C{OK} HTTP status code is returned, along with new access and renewal tokens, if a renewal request is successful. """ UserAPI().create( [(u'consumer', 'secret', u'Consumer', u'*****@*****.**'), (u'user', 'secret', u'User', u'*****@*****.**')]) consumer = getUser(u'consumer') user = getUser(u'consumer') api = OAuthConsumerAPI() api.register(consumer) token = api.getRenewalToken(consumer, user) self.store.commit() headers = {'X-FluidDB-Renewal-Token': [token.encrypt()]} request = FakeRequest(headers=Headers(headers)) with login(u'consumer', consumer.objectID, self.transact) as session: resource = RenewOAuthTokenResource(session) self.assertEqual(NOT_DONE_YET, resource.render_GET(request)) yield resource.deferred headers = dict(request.responseHeaders.getAllRawHeaders()) self.assertTrue(headers['X-Fluiddb-Access-Token']) self.assertTrue(headers['X-Fluiddb-Renewal-Token']) self.assertEqual(OK, request.code)
def setUp(self): super(DatasetImporterTest, self).setUp() self.system = createSystemData() UserAPI().create([(u'user', u'secret', u'User', u'*****@*****.**')]) user = getUser(u'user') self.objects = SecureObjectAPI(user) self.values = SecureTagValueAPI(user)
def testGetUserWithNoPassword(self): """ If a L{User} returned by L{Delegator.getUser} doesn't have a password, a C{missing-password} value is added to the result. """ UserAPI().create([ (u'consumer', 'secret', u'Consumer', u'*****@*****.**'), (u'user', None, u'User', u'*****@*****.**')]) TwitterUserAPI().create(u'user', 1984245) consumer = getUser(u'consumer') OAuthConsumerAPI().register(consumer) self.store.commit() self.agent._connect = self._connect authentication = 'OAuth oauth_consumer_key="...", ...' provider = ServiceProvider(self.agent, 'https://example.com/verify') delegator = Delegator(self.transact) deferred = delegator.getUser(u'consumer', provider, authentication) [(request, responseDeferred)] = self.protocol.requests response = FakeResponse(ResponseDone(), dumps({'id': 1984245})) responseDeferred.callback(response) result = yield deferred self.assertTrue(result['access-token']) self.assertTrue(result['renewal-token']) del result['access-token'] del result['renewal-token'] self.assertEqual({'username': u'user', 'new-user': False, 'missing-password': True, 'uid': 1984245, 'data': {u'id': 1984245}}, result)
def setUp(self): super(CachingPermissionAPIWithBrokenCacheTest, self).setUp() self.system = createSystemData() UserAPI().create([(u'username', u'password', u'User', u'*****@*****.**')]) self.user = getUser(u'username') self.permissions = CachingPermissionAPI(self.user)
def setUp(self): super(CachingPermissionCheckerAPITest, self).setUp() self.system = createSystemData() UserAPI().create([(u'username', u'password', u'User', u'*****@*****.**')]) self.user = getUser(u'username') self.api = CachingPermissionCheckerAPI()
def testRequestAvatarId(self): """ L{FacadeOAuthChecker.requestAvatarId} creates a L{FluidinfoSession} for the authenticated user only if credentials are correct. """ UserAPI().create([(u'consumer', u'secret', u'Consumer', u'*****@*****.**'), (u'user', u'secret', u'User', u'*****@*****.**')]) consumerUser = getUser(u'consumer') user = getUser(u'user') api = OAuthConsumerAPI() consumer = api.register(consumerUser) token = api.getAccessToken(consumerUser, user) self.store.commit() timestamp = 1314976811 headers = {'header1': 'foo'} arguments = 'argument1=bar' # FIXME This isn't ideal. It'd be better to use a hard-coded # signature, because then we'd know when something changed. It's hard # to do that, though, because the encrypted token generated by # fluiddb.util.minitoken is always different. -jkakar request = Request.from_request('GET', u'https://fluidinfo.com/foo', headers, {'argument1': 'bar'}) signature = SignatureMethod_HMAC_SHA1().sign(request, consumer, None) nonce = 'nonce' credentials = OAuthCredentials('fluidinfo.com', consumerUser.username, token.encrypt(), 'HMAC-SHA1', signature, timestamp, nonce, 'GET', u'https://fluidinfo.com/foo', headers, arguments) session = yield self.checker.requestAvatarId(credentials) self.assertEqual(user.username, session.auth.username) self.assertEqual(user.objectID, session.auth.objectID)
def run(userData): """ Handle user data sent by the L{ServiceProvider} when credentials are successfully verified. """ uid = userData['id'] user = TwitterUserAPI().get(uid) if user is None: newUser = True username = userData['screen_name'].lower() fullname = userData['name'] UserAPI().create([(username, None, fullname, None)]) TwitterUserAPI().create(username, uid) user = TwitterUserAPI().get(uid) else: newUser = False # FIXME The calls to encrypt the tokens below aren't tested very # well. consumer = getUser(consumerUsername) accessToken = OAuthConsumerAPI().getAccessToken(consumer, user) renewalToken = OAuthConsumerAPI().getRenewalToken(consumer, user) return {'username': user.username, 'new-user': newUser, 'missing-password': (user.passwordHash == '!'), 'access-token': accessToken.encrypt(), 'renewal-token': renewalToken.encrypt(), 'uid': uid, 'data': userData}
def testRenderWithUserConflict(self): """ A C{CONFLICT} HTTP status code is returned if the authorization is successfully verified by the service provider, but the username clashes with an existing L{User} that isn't linked to the Twitter UID. The offending username is returned UTF-8 and base64 encoded. """ username = u'john\N{HIRAGANA LETTER A}' UserAPI().create([(username, 'secret', u'John', u'*****@*****.**')]) self.store.commit() self.agent._connect = self._connect headers = { 'X-Verify-Credentials-Authorization': ['OAuth ...'], 'X-Auth-Service-Provider': [TWITTER_URL] } request = FakeRequest(headers=Headers(headers)) with login(u'anon', self.anonymous.objectID, self.transact) as session: resource = OAuthEchoResource(session, self.agent) self.assertEqual(NOT_DONE_YET, resource.render_GET(request)) [(_, responseDeferred)] = self.protocol.requests data = {'id': 1984245, 'screen_name': username, 'name': u'John'} response = FakeResponse(ResponseDone(), dumps(data)) responseDeferred.callback(response) yield resource.deferred self.assertEqual(CONFLICT, request.code) headers = dict(request.responseHeaders.getAllRawHeaders()) encodedUsername = b64encode(username.encode('utf-8')) self.assertEqual( { 'X-Fluiddb-Error-Class': ['UsernameConflict'], 'X-Fluiddb-Username': [encodedUsername], 'X-Fluiddb-Request-Id': [session.id] }, headers)
def testAuthenticateOAuthWithIncorrectSignature(self): """ L{OAuthConsumerAPI.authenticate} raises an L{AuthenticationError} exception if the signature in the L{OAuthCredentials} is incorrect. """ UserAPI().create([ (u'consumer', u'secret', u'Consumer', u'*****@*****.**'), (u'user', u'secret', u'User', u'*****@*****.**')]) consumerUser = getUser(u'consumer') user = getUser(u'user') api = OAuthConsumerAPI() consumer = api.register(consumerUser, secret='abyOTsAfo9MVN0qz') timestamp = 1314976811 headers = {'header1': 'foo'} arguments = 'argument1=bar' oauthEchoSecret = getConfig().get('oauth', 'access-secret') token = dataToToken(oauthEchoSecret + consumer.secret, {'username': user.username, 'creationTime': '2012-12-28 16:18:23'}) signature = 'wrong' nonce = 'nonce' credentials = OAuthCredentials( 'fluidinfo.com', consumerUser.username, token, 'HMAC-SHA1', signature, timestamp, nonce, 'GET', u'https://fluidinfo.com/foo', headers, arguments) self.assertRaises(AuthenticationError, api.authenticate, credentials)
def testAuthenticateOAuthWithUnknownConsumer(self): """ L{OAuthConsumerAPI.authenticate} raises an L{AuthenticationError} exception if the consumer is not registered. """ UserAPI().create([(u'user1', u'secret1', u'User1', u'*****@*****.**')]) user1 = getUser(u'user1') secret = 'a' * 16 timestamp = 1314976811 headers = {'header1': 'foo'} arguments = 'argument1=bar' oauthEchoSecret = getConfig().get('oauth', 'access-secret') token = dataToToken(oauthEchoSecret + secret, {'user1': 'secret1'}) signature = 'Sno1ocDhYv9vwJnEJATE3cmUvSo=' nonce = 'nonce' oauthConsumerAPI = OAuthConsumerAPI() credentials = OAuthCredentials( 'fluidinfo.com', user1.username, token, 'HMAC-SHA1', signature, timestamp, nonce, 'GET', u'https://fluidinfo.com/foo', headers, arguments) self.assertRaises(AuthenticationError, oauthConsumerAPI.authenticate, credentials)
def createUser(username, password, fullname, email, role): """Create a new L{User}. @param username: A C{unicode} username for the user. @param password: A C{unicode} password in plain text for the user. The password will be hashed before being stored. @param fullname: A C{unicode} name for the user. @param email: The C{unicode} email address for the user. @param role: The L{Role} for the user. @return: A C{list} of C{(objectID, username)} 2-tuples for the new L{User}s. """ username = username.lower() users = UserAPI() result = users.create([(username, password, fullname, email)]) # Set the role with an update to ensure that the 'fluiddb/users/role' tag # value is set correctly. users.set([(username, None, None, None, role)]) try: transaction.commit() except: transaction.abort() raise return result
def __init__(self): self._api = UserAPI(factory=CachingAPIFactory())