def setUp(self):
self.validator = MagicMock(spec=RequestValidator)
self.validator.allowed_signature_methods = ['HMAC-SHA1']
self.validator.timestamp_lifetime = 600
self.endpoint = RequestTokenEndpoint(self.validator)
self.client = Client('foo', callback_uri='https://c.b/cb')
self.uri, self.headers, self.body = self.client.sign(
'https://i.b/request_token')
def setUp(self):
self.validator = MagicMock(spec=RequestValidator)
self.validator.allowed_signature_methods = ['HMAC-SHA1']
self.validator.timestamp_lifetime = 600
self.endpoint = RequestTokenEndpoint(self.validator)
self.client = Client('foo', callback_uri='https://c.b/cb')
self.uri, self.headers, self.body = self.client.sign(
'https://i.b/request_token')
def setUp(self):
self.validator = MagicMock(wraps=RequestValidator())
self.validator.check_client_key.return_value = True
self.validator.allowed_signature_methods = ['HMAC-SHA1']
self.validator.get_client_secret.return_value = 'bar'
self.validator.get_default_realms.return_value = ['foo']
self.validator.timestamp_lifetime = 600
self.validator.check_realms.return_value = True
self.validator.validate_client_key.return_value = True
self.validator.validate_requested_realms.return_value = True
self.validator.validate_redirect_uri.return_value = True
self.validator.validate_timestamp_and_nonce.return_value = True
self.validator.dummy_client = 'dummy'
self.validator.dummy_secret = 'dummy'
self.validator.save_request_token = MagicMock()
self.endpoint = RequestTokenEndpoint(self.validator)
self.client = Client('foo', client_secret='bar', realm='foo',
callback_uri='https://c.b/cb')
self.uri, self.headers, self.body = self.client.sign(
'https://i.b/request_token')
def setUp(self):
self.validator = MagicMock(wraps=RequestValidator())
self.validator.check_client_key.return_value = True
self.validator.allowed_signature_methods = ["HMAC-SHA1"]
self.validator.get_client_secret.return_value = "bar"
self.validator.get_default_realms.return_value = ["foo"]
self.validator.timestamp_lifetime = 600
self.validator.check_realm.return_value = True
self.validator.validate_client_key.return_value = True
self.validator.validate_requested_realm.return_value = True
self.validator.validate_redirect_uri.return_value = True
self.validator.validate_timestamp_and_nonce.return_value = True
self.validator.dummy_client = "dummy"
self.validator.dummy_secret = "dummy"
self.validator.save_request_token = MagicMock()
self.endpoint = RequestTokenEndpoint(self.validator)
self.client = Client("foo", client_secret="bar", realm="foo", callback_uri="https://c.b/cb")
self.uri, self.headers, self.body = self.client.sign("https://i.b/request_token")
class RequestTokenEndpointTest(TestCase):
def setUp(self):
self.validator = MagicMock(wraps=RequestValidator())
self.validator.check_client_key.return_value = True
self.validator.allowed_signature_methods = ['HMAC-SHA1']
self.validator.get_client_secret.return_value = 'bar'
self.validator.get_default_realms.return_value = ['foo']
self.validator.timestamp_lifetime = 600
self.validator.check_realms.return_value = True
self.validator.validate_client_key.return_value = True
self.validator.validate_requested_realms.return_value = True
self.validator.validate_redirect_uri.return_value = True
self.validator.validate_timestamp_and_nonce.return_value = True
self.validator.dummy_client = 'dummy'
self.validator.dummy_secret = 'dummy'
self.validator.save_request_token = MagicMock()
self.endpoint = RequestTokenEndpoint(self.validator)
self.client = Client('foo', client_secret='bar', realm='foo',
callback_uri='https://c.b/cb')
self.uri, self.headers, self.body = self.client.sign(
'https://i.b/request_token')
def test_check_redirect_uri(self):
client = Client('foo')
uri, headers, _ = client.sign(self.uri)
h, b, s = self.endpoint.create_request_token_response(
uri, headers=headers)
self.assertEqual(s, 400)
self.assertIn('invalid_request', b)
def test_check_realms(self):
self.validator.check_realms.return_value = False
h, b, s = self.endpoint.create_request_token_response(
self.uri, headers=self.headers)
self.assertEqual(s, 400)
self.assertIn('invalid_request', b)
def test_validate_client_key(self):
self.validator.validate_client_key.return_value = False
h, b, s = self.endpoint.create_request_token_response(
self.uri, headers=self.headers)
self.assertEqual(s, 401)
def test_validate_realms(self):
self.validator.validate_requested_realms.return_value = False
h, b, s = self.endpoint.create_request_token_response(
self.uri, headers=self.headers)
self.assertEqual(s, 401)
def test_validate_redirect_uri(self):
self.validator.validate_redirect_uri.return_value = False
h, b, s = self.endpoint.create_request_token_response(
self.uri, headers=self.headers)
self.assertEqual(s, 401)
def test_validate_signature(self):
client = Client('foo', callback_uri='https://c.b/cb')
_, headers, _ = client.sign(self.uri + '/extra')
h, b, s = self.endpoint.create_request_token_response(
self.uri, headers=headers)
self.assertEqual(s, 401)
def test_valid_request(self):
h, b, s = self.endpoint.create_request_token_response(
self.uri, headers=self.headers)
self.assertEqual(s, 200)
self.assertIn('oauth_token', b)
self.validator.validate_timestamp_and_nonce.assert_called_once_with(
self.client.client_key, ANY, ANY, ANY,
request_token=self.client.resource_owner_key)
def test_uri_provided_realm(self):
client = Client('foo', callback_uri='https://c.b/cb',
client_secret='bar')
uri = self.uri + '?realm=foo'
_, headers, _ = client.sign(uri)
h, b, s = self.endpoint.create_request_token_response(
uri, headers=headers)
self.assertEqual(s, 200)
self.assertIn('oauth_token', b)
class BaseEndpointTest(TestCase):
def setUp(self):
self.validator = MagicMock(spec=RequestValidator)
self.validator.allowed_signature_methods = ['HMAC-SHA1']
self.validator.timestamp_lifetime = 600
self.endpoint = RequestTokenEndpoint(self.validator)
self.client = Client('foo', callback_uri='https://c.b/cb')
self.uri, self.headers, self.body = self.client.sign(
'https://i.b/request_token')
def test_ssl_enforcement(self):
uri, headers, _ = self.client.sign('http://i.b/request_token')
h, b, s = self.endpoint.create_request_token_response(uri,
headers=headers)
self.assertEqual(s, 400)
self.assertIn('insecure_transport_protocol', b)
def test_missing_parameters(self):
h, b, s = self.endpoint.create_request_token_response(self.uri)
self.assertEqual(s, 400)
self.assertIn('invalid_request', b)
def test_signature_methods(self):
headers = {}
headers['Authorization'] = self.headers['Authorization'].replace(
'HMAC', 'RSA')
h, b, s = self.endpoint.create_request_token_response(self.uri,
headers=headers)
self.assertEqual(s, 400)
self.assertIn('invalid_signature_method', b)
def test_invalid_version(self):
headers = {}
headers['Authorization'] = self.headers['Authorization'].replace(
'1.0', '2.0')
h, b, s = self.endpoint.create_request_token_response(self.uri,
headers=headers)
self.assertEqual(s, 400)
self.assertIn('invalid_request', b)
def test_expired_timestamp(self):
headers = {}
for pattern in ('12345678901', '4567890123', '123456789K'):
headers['Authorization'] = sub(r'timestamp="\d*k?"',
'timestamp="%s"' % pattern,
self.headers['Authorization'])
h, b, s = self.endpoint.create_request_token_response(
self.uri, headers=headers)
self.assertEqual(s, 400)
self.assertIn('invalid_request', b)
def test_client_key_check(self):
self.validator.check_client_key.return_value = False
h, b, s = self.endpoint.create_request_token_response(
self.uri, headers=self.headers)
self.assertEqual(s, 400)
self.assertIn('invalid_request', b)
def test_noncecheck(self):
self.validator.check_nonce.return_value = False
h, b, s = self.endpoint.create_request_token_response(
self.uri, headers=self.headers)
self.assertEqual(s, 400)
self.assertIn('invalid_request', b)
def test_enforce_ssl(self):
"""Ensure SSL is enforced by default."""
v = RequestValidator()
e = BaseEndpoint(v)
c = Client('foo')
u, h, b = c.sign('http://example.com')
r = e._create_request(u, 'GET', b, h)
self.assertRaises(errors.InsecureTransportError,
e._check_transport_security, r)
def test_multiple_source_params(self):
"""Check for duplicate params"""
v = RequestValidator()
e = BaseEndpoint(v)
self.assertRaises(errors.InvalidRequestError, e._create_request,
'https://a.b/?oauth_signature_method=HMAC-SHA1',
'GET', 'oauth_version=foo', URLENCODED)
headers = {'Authorization': 'OAuth oauth_signature="foo"'}
headers.update(URLENCODED)
self.assertRaises(errors.InvalidRequestError, e._create_request,
'https://a.b/?oauth_signature_method=HMAC-SHA1',
'GET', 'oauth_version=foo', headers)
headers = {'Authorization': 'OAuth oauth_signature_method="foo"'}
headers.update(URLENCODED)
self.assertRaises(errors.InvalidRequestError, e._create_request,
'https://a.b/', 'GET', 'oauth_signature=foo',
headers)
def test_duplicate_params(self):
"""Ensure params are only supplied once"""
v = RequestValidator()
e = BaseEndpoint(v)
self.assertRaises(errors.InvalidRequestError, e._create_request,
'https://a.b/?oauth_version=a&oauth_version=b',
'GET', None, URLENCODED)
self.assertRaises(errors.InvalidRequestError, e._create_request,
'https://a.b/', 'GET',
'oauth_version=a&oauth_version=b', URLENCODED)
def test_mandated_params(self):
"""Ensure all mandatory params are present."""
v = RequestValidator()
e = BaseEndpoint(v)
r = e._create_request(
'https://a.b/', 'GET',
'oauth_signature=a&oauth_consumer_key=b&oauth_nonce', URLENCODED)
self.assertRaises(errors.InvalidRequestError,
e._check_mandatory_parameters, r)
def test_oauth_version(self):
"""OAuth version must be 1.0 if present."""
v = RequestValidator()
e = BaseEndpoint(v)
r = e._create_request(
'https://a.b/', 'GET',
('oauth_signature=a&oauth_consumer_key=b&oauth_nonce=c&'
'oauth_timestamp=a&oauth_signature_method=RSA-SHA1&'
'oauth_version=2.0'), URLENCODED)
self.assertRaises(errors.InvalidRequestError,
e._check_mandatory_parameters, r)
def test_oauth_timestamp(self):
"""Check for a valid UNIX timestamp."""
v = RequestValidator()
e = BaseEndpoint(v)
# Invalid timestamp length, must be 10
r = e._create_request(
'https://a.b/', 'GET',
('oauth_signature=a&oauth_consumer_key=b&oauth_nonce=c&'
'oauth_version=1.0&oauth_signature_method=RSA-SHA1&'
'oauth_timestamp=123456789'), URLENCODED)
self.assertRaises(errors.InvalidRequestError,
e._check_mandatory_parameters, r)
# Invalid timestamp age, must be younger than 10 minutes
r = e._create_request(
'https://a.b/', 'GET',
('oauth_signature=a&oauth_consumer_key=b&oauth_nonce=c&'
'oauth_version=1.0&oauth_signature_method=RSA-SHA1&'
'oauth_timestamp=1234567890'), URLENCODED)
self.assertRaises(errors.InvalidRequestError,
e._check_mandatory_parameters, r)
# Timestamp must be an integer
r = e._create_request(
'https://a.b/', 'GET',
('oauth_signature=a&oauth_consumer_key=b&oauth_nonce=c&'
'oauth_version=1.0&oauth_signature_method=RSA-SHA1&'
'oauth_timestamp=123456789a'), URLENCODED)
self.assertRaises(errors.InvalidRequestError,
e._check_mandatory_parameters, r)
def test_case_insensitive_headers(self):
"""Ensure headers are case-insensitive"""
v = RequestValidator()
e = BaseEndpoint(v)
r = e._create_request(
'https://a.b', 'POST',
('oauth_signature=a&oauth_consumer_key=b&oauth_nonce=c&'
'oauth_version=1.0&oauth_signature_method=RSA-SHA1&'
'oauth_timestamp=123456789a'), URLENCODED)
self.assertIsInstance(r.headers, CaseInsensitiveDict)
def test_signature_method_validation(self):
"""Ensure valid signature method is used."""
body = ('oauth_signature=a&oauth_consumer_key=b&oauth_nonce=c&'
'oauth_version=1.0&oauth_signature_method=%s&'
'oauth_timestamp=1234567890')
uri = 'https://example.com/'
class HMACValidator(RequestValidator):
@property
def allowed_signature_methods(self):
return (SIGNATURE_HMAC, )
v = HMACValidator()
e = BaseEndpoint(v)
r = e._create_request(uri, 'GET', body % 'RSA-SHA1', URLENCODED)
self.assertRaises(errors.InvalidSignatureMethodError,
e._check_mandatory_parameters, r)
r = e._create_request(uri, 'GET', body % 'PLAINTEXT', URLENCODED)
self.assertRaises(errors.InvalidSignatureMethodError,
e._check_mandatory_parameters, r)
r = e._create_request(uri, 'GET', body % 'shibboleth', URLENCODED)
self.assertRaises(errors.InvalidSignatureMethodError,
e._check_mandatory_parameters, r)
class RSAValidator(RequestValidator):
@property
def allowed_signature_methods(self):
return (SIGNATURE_RSA, )
v = RSAValidator()
e = BaseEndpoint(v)
r = e._create_request(uri, 'GET', body % 'HMAC-SHA1', URLENCODED)
self.assertRaises(errors.InvalidSignatureMethodError,
e._check_mandatory_parameters, r)
r = e._create_request(uri, 'GET', body % 'PLAINTEXT', URLENCODED)
self.assertRaises(errors.InvalidSignatureMethodError,
e._check_mandatory_parameters, r)
r = e._create_request(uri, 'GET', body % 'shibboleth', URLENCODED)
self.assertRaises(errors.InvalidSignatureMethodError,
e._check_mandatory_parameters, r)
class PlainValidator(RequestValidator):
@property
def allowed_signature_methods(self):
return (SIGNATURE_PLAINTEXT, )
v = PlainValidator()
e = BaseEndpoint(v)
r = e._create_request(uri, 'GET', body % 'HMAC-SHA1', URLENCODED)
self.assertRaises(errors.InvalidSignatureMethodError,
e._check_mandatory_parameters, r)
r = e._create_request(uri, 'GET', body % 'RSA-SHA1', URLENCODED)
self.assertRaises(errors.InvalidSignatureMethodError,
e._check_mandatory_parameters, r)
r = e._create_request(uri, 'GET', body % 'shibboleth', URLENCODED)
self.assertRaises(errors.InvalidSignatureMethodError,
e._check_mandatory_parameters, r)
class BaseEndpointTest(TestCase):
def setUp(self):
self.validator = MagicMock(spec=RequestValidator)
self.validator.allowed_signature_methods = ['HMAC-SHA1']
self.validator.timestamp_lifetime = 600
self.endpoint = RequestTokenEndpoint(self.validator)
self.client = Client('foo', callback_uri='https://c.b/cb')
self.uri, self.headers, self.body = self.client.sign(
'https://i.b/request_token')
def test_ssl_enforcement(self):
uri, headers, _ = self.client.sign('http://i.b/request_token')
h, b, s = self.endpoint.create_request_token_response(
uri, headers=headers)
self.assertEqual(s, 400)
self.assertIn('insecure_transport_protocol', b)
def test_missing_parameters(self):
h, b, s = self.endpoint.create_request_token_response(self.uri)
self.assertEqual(s, 400)
self.assertIn('invalid_request', b)
def test_signature_methods(self):
headers = {}
headers['Authorization'] = self.headers['Authorization'].replace(
'HMAC', 'RSA')
h, b, s = self.endpoint.create_request_token_response(
self.uri, headers=headers)
self.assertEqual(s, 400)
self.assertIn('invalid_signature_method', b)
def test_invalid_version(self):
headers = {}
headers['Authorization'] = self.headers['Authorization'].replace(
'1.0', '2.0')
h, b, s = self.endpoint.create_request_token_response(
self.uri, headers=headers)
self.assertEqual(s, 400)
self.assertIn('invalid_request', b)
def test_expired_timestamp(self):
headers = {}
for pattern in ('12345678901', '4567890123', '123456789K'):
headers['Authorization'] = sub('timestamp="\d*k?"',
'timestamp="%s"' % pattern,
self.headers['Authorization'])
h, b, s = self.endpoint.create_request_token_response(
self.uri, headers=headers)
self.assertEqual(s, 400)
self.assertIn('invalid_request', b)
def test_client_key_check(self):
self.validator.check_client_key.return_value = False
h, b, s = self.endpoint.create_request_token_response(
self.uri, headers=self.headers)
self.assertEqual(s, 400)
self.assertIn('invalid_request', b)
def test_noncecheck(self):
self.validator.check_nonce.return_value = False
h, b, s = self.endpoint.create_request_token_response(
self.uri, headers=self.headers)
self.assertEqual(s, 400)
self.assertIn('invalid_request', b)
def test_enforce_ssl(self):
"""Ensure SSL is enforced by default."""
v = RequestValidator()
e = BaseEndpoint(v)
c = Client('foo')
u, h, b = c.sign('http://example.com')
r = e._create_request(u, 'GET', b, h)
self.assertRaises(errors.InsecureTransportError,
e._check_transport_security, r)
def test_multiple_source_params(self):
"""Check for duplicate params"""
v = RequestValidator()
e = BaseEndpoint(v)
self.assertRaises(errors.InvalidRequestError, e._create_request,
'https://a.b/?oauth_signature_method=HMAC-SHA1',
'GET', 'oauth_version=foo', URLENCODED)
headers = {'Authorization': 'OAuth oauth_signature="foo"'}
headers.update(URLENCODED)
self.assertRaises(errors.InvalidRequestError, e._create_request,
'https://a.b/?oauth_signature_method=HMAC-SHA1',
'GET',
'oauth_version=foo',
headers)
headers = {'Authorization': 'OAuth oauth_signature_method="foo"'}
headers.update(URLENCODED)
self.assertRaises(errors.InvalidRequestError, e._create_request,
'https://a.b/',
'GET',
'oauth_signature=foo',
headers)
def test_duplicate_params(self):
"""Ensure params are only supplied once"""
v = RequestValidator()
e = BaseEndpoint(v)
self.assertRaises(errors.InvalidRequestError, e._create_request,
'https://a.b/?oauth_version=a&oauth_version=b',
'GET', None, URLENCODED)
self.assertRaises(errors.InvalidRequestError, e._create_request,
'https://a.b/', 'GET', 'oauth_version=a&oauth_version=b',
URLENCODED)
def test_mandated_params(self):
"""Ensure all mandatory params are present."""
v = RequestValidator()
e = BaseEndpoint(v)
r = e._create_request('https://a.b/', 'GET',
'oauth_signature=a&oauth_consumer_key=b&oauth_nonce',
URLENCODED)
self.assertRaises(errors.InvalidRequestError,
e._check_mandatory_parameters, r)
def test_oauth_version(self):
"""OAuth version must be 1.0 if present."""
v = RequestValidator()
e = BaseEndpoint(v)
r = e._create_request('https://a.b/', 'GET',
('oauth_signature=a&oauth_consumer_key=b&oauth_nonce=c&'
'oauth_timestamp=a&oauth_signature_method=RSA-SHA1&'
'oauth_version=2.0'),
URLENCODED)
self.assertRaises(errors.InvalidRequestError,
e._check_mandatory_parameters, r)
def test_oauth_timestamp(self):
"""Check for a valid UNIX timestamp."""
v = RequestValidator()
e = BaseEndpoint(v)
# Invalid timestamp length, must be 10
r = e._create_request('https://a.b/', 'GET',
('oauth_signature=a&oauth_consumer_key=b&oauth_nonce=c&'
'oauth_version=1.0&oauth_signature_method=RSA-SHA1&'
'oauth_timestamp=123456789'),
URLENCODED)
self.assertRaises(errors.InvalidRequestError,
e._check_mandatory_parameters, r)
# Invalid timestamp age, must be younger than 10 minutes
r = e._create_request('https://a.b/', 'GET',
('oauth_signature=a&oauth_consumer_key=b&oauth_nonce=c&'
'oauth_version=1.0&oauth_signature_method=RSA-SHA1&'
'oauth_timestamp=1234567890'),
URLENCODED)
self.assertRaises(errors.InvalidRequestError,
e._check_mandatory_parameters, r)
# Timestamp must be an integer
r = e._create_request('https://a.b/', 'GET',
('oauth_signature=a&oauth_consumer_key=b&oauth_nonce=c&'
'oauth_version=1.0&oauth_signature_method=RSA-SHA1&'
'oauth_timestamp=123456789a'),
URLENCODED)
self.assertRaises(errors.InvalidRequestError,
e._check_mandatory_parameters, r)
def test_signature_method_validation(self):
"""Ensure valid signature method is used."""
body = ('oauth_signature=a&oauth_consumer_key=b&oauth_nonce=c&'
'oauth_version=1.0&oauth_signature_method=%s&'
'oauth_timestamp=1234567890')
uri = 'https://example.com/'
class HMACValidator(RequestValidator):
@property
def allowed_signature_methods(self):
return (SIGNATURE_HMAC,)
v = HMACValidator()
e = BaseEndpoint(v)
r = e._create_request(uri, 'GET', body % 'RSA-SHA1', URLENCODED)
self.assertRaises(errors.InvalidSignatureMethodError,
e._check_mandatory_parameters, r)
r = e._create_request(uri, 'GET', body % 'PLAINTEXT', URLENCODED)
self.assertRaises(errors.InvalidSignatureMethodError,
e._check_mandatory_parameters, r)
r = e._create_request(uri, 'GET', body % 'shibboleth', URLENCODED)
self.assertRaises(errors.InvalidSignatureMethodError,
e._check_mandatory_parameters, r)
class RSAValidator(RequestValidator):
@property
def allowed_signature_methods(self):
return (SIGNATURE_RSA,)
v = RSAValidator()
e = BaseEndpoint(v)
r = e._create_request(uri, 'GET', body % 'HMAC-SHA1', URLENCODED)
self.assertRaises(errors.InvalidSignatureMethodError,
e._check_mandatory_parameters, r)
r = e._create_request(uri, 'GET', body % 'PLAINTEXT', URLENCODED)
self.assertRaises(errors.InvalidSignatureMethodError,
e._check_mandatory_parameters, r)
r = e._create_request(uri, 'GET', body % 'shibboleth', URLENCODED)
self.assertRaises(errors.InvalidSignatureMethodError,
e._check_mandatory_parameters, r)
class PlainValidator(RequestValidator):
@property
def allowed_signature_methods(self):
return (SIGNATURE_PLAINTEXT,)
v = PlainValidator()
e = BaseEndpoint(v)
r = e._create_request(uri, 'GET', body % 'HMAC-SHA1', URLENCODED)
self.assertRaises(errors.InvalidSignatureMethodError,
e._check_mandatory_parameters, r)
r = e._create_request(uri, 'GET', body % 'RSA-SHA1', URLENCODED)
self.assertRaises(errors.InvalidSignatureMethodError,
e._check_mandatory_parameters, r)
r = e._create_request(uri, 'GET', body % 'shibboleth', URLENCODED)
self.assertRaises(errors.InvalidSignatureMethodError,
e._check_mandatory_parameters, r)
class RequestTokenEndpointTest(TestCase):
def setUp(self):
self.validator = MagicMock(wraps=RequestValidator())
self.validator.check_client_key.return_value = True
self.validator.allowed_signature_methods = ["HMAC-SHA1"]
self.validator.get_client_secret.return_value = "bar"
self.validator.get_default_realms.return_value = ["foo"]
self.validator.timestamp_lifetime = 600
self.validator.check_realm.return_value = True
self.validator.validate_client_key.return_value = True
self.validator.validate_requested_realm.return_value = True
self.validator.validate_redirect_uri.return_value = True
self.validator.validate_timestamp_and_nonce.return_value = True
self.validator.dummy_client = "dummy"
self.validator.dummy_secret = "dummy"
self.validator.save_request_token = MagicMock()
self.endpoint = RequestTokenEndpoint(self.validator)
self.client = Client("foo", client_secret="bar", realm="foo", callback_uri="https://c.b/cb")
self.uri, self.headers, self.body = self.client.sign("https://i.b/request_token")
def test_check_redirect_uri(self):
client = Client("foo")
uri, headers, _ = client.sign(self.uri)
u, h, b, s = self.endpoint.create_request_token_response(uri, headers=headers)
self.assertEqual(s, 400)
self.assertIn("invalid_request", b)
def test_check_realm(self):
self.validator.check_realm.return_value = False
u, h, b, s = self.endpoint.create_request_token_response(self.uri, headers=self.headers)
self.assertEqual(s, 400)
self.assertIn("invalid_request", b)
def test_validate_client_key(self):
self.validator.validate_client_key.return_value = False
u, h, b, s = self.endpoint.create_request_token_response(self.uri, headers=self.headers)
self.assertEqual(s, 401)
def test_validate_realm(self):
self.validator.validate_requested_realm.return_value = False
u, h, b, s = self.endpoint.create_request_token_response(self.uri, headers=self.headers)
self.assertEqual(s, 401)
def test_validate_redirect_uri(self):
self.validator.validate_redirect_uri.return_value = False
u, h, b, s = self.endpoint.create_request_token_response(self.uri, headers=self.headers)
self.assertEqual(s, 401)
def test_validate_signature(self):
client = Client("foo", callback_uri="https://c.b/cb")
_, headers, _ = client.sign(self.uri + "/extra")
u, h, b, s = self.endpoint.create_request_token_response(self.uri, headers=headers)
self.assertEqual(s, 401)
def test_valid_request(self):
u, h, b, s = self.endpoint.create_request_token_response(self.uri, headers=self.headers)
self.assertEqual(s, 200)
self.assertIn("oauth_token", b)
def test_uri_provided_realm(self):
client = Client("foo", callback_uri="https://c.b/cb", client_secret="bar")
uri = self.uri + "?realm=foo"
_, headers, _ = client.sign(uri)
u, h, b, s = self.endpoint.create_request_token_response(uri, headers=headers)
self.assertEqual(s, 200)
self.assertIn("oauth_token", b)
