class EvernoteOAuth1Test(OAuth1Test):
backend_path = 'social.backends.evernote.EvernoteOAuth'
expected_username = '******'
access_token_body = urlencode({
'edam_webApiUrlPrefix':
'https://sandbox.evernote.com/shard/s1/',
'edam_shard':
's1',
'oauth_token':
'foobar',
'edam_expires':
'1395118279645',
'edam_userId':
'101010',
'edam_noteStoreUrl':
'https://sandbox.evernote.com/shard/s1/notestore'
})
request_token_body = urlencode({
'oauth_token_secret': 'foobar-secret',
'oauth_token': 'foobar',
'oauth_callback_confirmed': 'true'
})
def test_login(self):
self.do_login()
def test_partial_pipeline(self):
self.do_partial_pipeline()
class SteamOpenIdMissingSteamIdTest(SteamOpenIdTest):
server_response = urlencode({
'janrain_nonce': JANRAIN_NONCE,
'openid.ns': 'http://specs.openid.net/auth/2.0',
'openid.mode': 'id_res',
'openid.op_endpoint': 'https://steamcommunity.com/openid/login',
'openid.claimed_id': 'https://steamcommunity.com/openid/BROKEN',
'openid.identity': 'https://steamcommunity.com/openid/BROKEN',
'openid.return_to': 'http://myapp.com/complete/steam/?'
'janrain_nonce=' + JANRAIN_NONCE,
'openid.response_nonce': JANRAIN_NONCE +
'oD4UZ3w9chOAiQXk0AqDipqFYRA=',
'openid.assoc_handle': '1234567890',
'openid.signed': 'signed,op_endpoint,claimed_id,identity,return_to,'
'response_nonce,assoc_handle',
'openid.sig': '1az53vj9SVdiBwhk8%2BFQ68R2plo=',
})
def test_login(self):
self._login_setup(user_url='https://steamcommunity.com/openid/BROKEN')
self.do_login.when.called_with().should.throw(AuthFailed)
def test_partial_pipeline(self):
self._login_setup(user_url='https://steamcommunity.com/openid/BROKEN')
self.do_partial_pipeline.when.called_with().should.throw(AuthFailed)
def auth_url(self):
"""Return authorization redirect url."""
key, secret = self.get_key_and_secret()
callback = self.strategy.absolute_uri(self.redirect_uri)
callback = sub(r'^https', 'http', callback)
query = urlencode({'cb': callback})
return 'https://www.twilio.com/authorize/{0}?{1}'.format(key, query)
def oauth_authorization_request(self, token):
params = self.setting('AUTH_EXTRA_ARGUMENTS', {}).copy()
params.update({
'consumer_id': settings.SOCIAL_AUTH_PINTEREST_KEY,
'response_type': self.RESPONSE_TYPE,
})
return '{0}?{1}'.format(self.authorization_url(), urlencode(params))
class FacebookOAuth2Test(OAuth2Test):
backend_path = 'social.backends.facebook.FacebookOAuth2'
user_data_url = 'https://graph.facebook.com/me'
expected_username = '******'
access_token_body = urlencode({
'access_token': 'foobar',
'token_type': 'bearer'
})
user_data_body = json.dumps({
'username': '******',
'first_name': 'Foo',
'last_name': 'Bar',
'verified': True,
'name': 'Foo Bar',
'gender': 'male',
'updated_time': '2013-02-13T14:59:42+0000',
'link': 'http://www.facebook.com/foobar',
'id': '110011001100010'
})
def test_login(self):
self.do_login()
def test_partial_pipeline(self):
self.do_partial_pipeline()
class KhanAcademyOAuth1Test(OAuth1Test):
backend_path = 'social.backends.khanacademy.KhanAcademyOAuth1'
user_data_url = 'https://www.khanacademy.org/api/v1/user'
expected_username = '******'
access_token_body = json.dumps({
'access_token': 'foobar',
'token_type': 'bearer'
})
request_token_body = urlencode({
'oauth_token_secret': 'foobar-secret',
'oauth_token': 'foobar',
'oauth_callback_confirmed': 'true'
})
user_data_body = json.dumps({
"key_email":
"*****@*****.**",
"user_id":
"http://googleid.khanacademy.org/11111111111111",
})
def test_login(self):
self.do_login()
def test_partial_pipeline(self):
self.do_partial_pipeline()
class BitbucketOAuth1Test(BitbucketOAuthMixin, OAuth1Test):
backend_path = 'social.backends.bitbucket.BitbucketOAuth'
request_token_body = urlencode({
'oauth_token_secret': 'foobar-secret',
'oauth_token': 'foobar',
'oauth_callback_confirmed': 'true'
})
access_token_body = json.dumps({
'access_token': 'foobar',
'token_type': 'bearer'
})
def test_login(self):
HTTPretty.register_uri(HTTPretty.GET,
self.bb_api_user_emails,
status=200,
body=self.emails_body)
self.do_login()
def test_partial_pipeline(self):
HTTPretty.register_uri(HTTPretty.GET,
self.bb_api_user_emails,
status=200,
body=self.emails_body)
self.do_partial_pipeline()
class DropboxOAuth1Test(OAuth1Test):
backend_path = 'social.backends.dropbox.DropboxOAuth'
user_data_url = 'https://api.dropbox.com/1/account/info'
expected_username = '******'
access_token_body = json.dumps({
'access_token': 'foobar',
'token_type': 'bearer'
})
request_token_body = urlencode({
'oauth_token_secret': 'foobar-secret',
'oauth_token': 'foobar',
'oauth_callback_confirmed': 'true'
})
user_data_body = json.dumps({
'referral_link': 'https://www.dropbox.com/referrals/foobar',
'display_name': 'Foo Bar',
'uid': 10101010,
'country': 'US',
'quota_info': {
'shared': 138573,
'quota': 2952790016,
'normal': 157327
},
'email': '*****@*****.**'
})
def test_login(self):
self.do_login()
def test_partial_pipeline(self):
self.do_partial_pipeline()
class LinkedinOAuth1Test(BaseLinkedinTest, OAuth1Test):
backend_path = 'social.backends.linkedin.LinkedinOAuth'
request_token_body = urlencode({
'oauth_token_secret': 'foobar-secret',
'oauth_token': 'foobar',
'oauth_callback_confirmed': 'true'
})
def auth_url(self):
"""Return redirect url"""
state = self.get_or_create_state()
if self.strategy.setting('SUBDOMAIN_REDIRECTS', False):
# add the original domain to the session
if self.data.get('state'):
state = self.data.get('state')
self.strategy.session_set(self.name + '_state', state)
else:
self.strategy.session_set(state, self.data['next'])
if not self.strategy.request.is_base:
# redirect to base domain first
c = self.strategy.request.base_path + '/' + self.strategy.request.build_absolute_uri(
)[6:].lstrip('/').split('/', 1)[1] + '&state=' + state
return self.strategy.request.base_path + '/' + self.strategy.request.build_absolute_uri(
)[6:].lstrip('/').split('/', 1)[1] + '&state=' + state
params = self.auth_params(state)
params.update(self.get_scope_argument())
params.update(self.auth_extra_arguments())
params = urlencode(params)
if not self.REDIRECT_STATE:
# redirect_uri matching is strictly enforced, so match the
# providers value exactly.
params = unquote(params)
return '{0}?{1}'.format(self.authorization_url(), params)
def auth_url(self):
"""Return authorization redirect url."""
key, secret = self.get_key_and_secret()
callback = self.strategy.absolute_uri(self.redirect_uri)
callback = sub(r'^https', 'http', callback)
query = urlencode({'cb': callback})
return 'https://www.twilio.com/authorize/{0}?{1}'.format(key, query)
class ReadabilityOAuth1Test(OAuth1Test):
backend_path = 'social.backends.readability.ReadabilityOAuth'
user_data_url = 'https://www.readability.com/api/rest/v1/users/_current'
expected_username = '******'
access_token_body = json.dumps({
'access_token': 'foobar',
'token_type': 'bearer'
})
request_token_body = urlencode({
'oauth_token_secret': 'foobar-secret',
'oauth_token': 'foobar',
'oauth_callback_confirmed': 'true'
})
user_data_body = json.dumps({
'username': '******',
'first_name': 'Foo',
'last_name': 'Bar',
'has_active_subscription': False,
'tags': [],
'is_publisher': False,
'email_into_address': '*****@*****.**',
'kindle_email_address': None,
'avatar_url': 'https://secure.gravatar.com/avatar/'
'5280f15cedf540b544eecc30fcf3027c?d='
'https://www.readability.com/media/images/'
'avatar.png&s=36',
'date_joined': '2013-03-18 02:51:02'
})
def test_login(self):
self.do_login()
def test_partial_pipeline(self):
self.do_partial_pipeline()
def url_add_parameters(url, params):
"""Adds parameters to URL, parameter will be repeated if already present"""
if params:
fragments = list(urlparse(url))
fragments[4] = urlencode(parse_qsl(fragments[4]) + params.items())
url = urlunparse(fragments)
return url
def auth_url(self):
"""Return redirect url"""
if self.STATE_PARAMETER or self.REDIRECT_STATE:
# Store state in session for further request validation. The state
# value is passed as state parameter (as specified in OAuth2 spec),
# but also added to redirect, that way we can still verify the
# request if the provider doesn't implement the state parameter.
# Reuse token if any.
name = self.name + '_state'
state = self.strategy.session_get(name)
if state is None:
state = self.state_token()
self.strategy.session_set(name, state)
else:
state = None
params = self.auth_params(state)
params.update(self.get_scope_argument())
params.update(self.auth_extra_arguments())
params = urlencode(params)
if not self.REDIRECT_STATE:
# redirect_uri matching is strictly enforced, so match the
# providers value exactly.
params = unquote(params)
return self.AUTHORIZATION_URL + '?' + params
class ThisIsMyJameOAuth1Test(OAuth1Test):
backend_path = 'social.backends.thisismyjam.ThisIsMyJamOAuth1'
user_data_url = 'http://api.thisismyjam.com/1/verify.json'
expected_username = '******'
access_token_body = json.dumps({
'access_token': 'foobar',
'token_type': 'bearer'
})
request_token_body = urlencode({
'oauth_token_secret': 'foobar-secret',
'oauth_token': 'foobar',
'oauth_callback_confirmed': 'true'
})
user_data_body = json.dumps({
'id': 10101010,
'person': {
'name': 'foobar',
'fullname': 'Foo Bar'
}
})
def test_login(self):
self.do_login()
def test_partial_pipeline(self):
self.do_partial_pipeline()
def revoke_token(self, token, uid):
if self.REVOKE_TOKEN_URL:
url = self.revoke_token_url(token, uid)
params = self.revoke_token_params(token, uid)
headers = self.revoke_token_headers(token, uid)
data = urlencode(params) if self.REVOKE_TOKEN_METHOD != "GET" else None
response = self.request(url, params=params, headers=headers, data=data, method=self.REVOKE_TOKEN_METHOD)
return self.process_revoke_token_response(response)
def user_data(self, access_token, *args, **kwargs):
"""Loads user data from service"""
user_id_url = kwargs.get('response').get('id')
url = user_id_url + '?' + urlencode({'access_token': access_token})
try:
return self.get_json(url)
except ValueError:
return None
class TumblrOAuth1Test(OAuth1Test):
backend_path = 'social.backends.tumblr.TumblrOAuth'
user_data_url = 'http://api.tumblr.com/v2/user/info'
expected_username = '******'
access_token_body = json.dumps({
'access_token': 'foobar',
'token_type': 'bearer'
})
request_token_body = urlencode({
'oauth_token_secret': 'foobar-secret',
'oauth_token': 'foobar',
'oauth_callback_confirmed': 'true'
})
user_data_body = json.dumps({
'meta': {
'status': 200,
'msg': 'OK'
},
'response': {
'user': {
'following':
1,
'blogs': [{
'updated': 0,
'description': '',
'drafts': 0,
'title': 'Untitled',
'url': 'http://foobar.tumblr.com/',
'messages': 0,
'tweet': 'N',
'share_likes': True,
'posts': 0,
'primary': True,
'queue': 0,
'admin': True,
'followers': 0,
'ask': False,
'facebook': 'N',
'type': 'public',
'facebook_opengraph_enabled': 'N',
'name': 'foobar'
}],
'default_post_format':
'html',
'name':
'foobar',
'likes':
0
}
}
})
def test_login(self):
self.do_login()
def test_partial_pipeline(self):
self.do_partial_pipeline()
def url_add_parameters(url, params):
"""Adds parameters to URL, parameter will be repeated if already present"""
if params:
fragments = list(urlparse(url))
value = parse_qs(fragments[4])
value.update(params)
fragments[4] = urlencode(value)
url = urlunparse(fragments)
return url
def url_add_parameters(url, params):
"""Adds parameters to URL, parameter will be repeated if already present"""
if params:
fragments = list(urlparse(url))
value = parse_qs(fragments[4])
value.update(params)
fragments[4] = urlencode(value)
url = urlunparse(fragments)
return url
def oauth_authorization_request(self, token):
"""Generate OAuth request to authorize token."""
if not isinstance(token, dict):
token = parse_qs(token)
params = self.auth_extra_arguments() or {}
params.update(self.get_scope_argument())
params['oauth_token'] = token.get('oauth_token')
params['redirect_uri'] = self.redirect_uri
return self.AUTHORIZATION_URL + '?' + urlencode(params)
class FitbitOAuth1Test(OAuth1Test):
backend_path = 'social.backends.fitbit.FitbitOAuth'
expected_username = '******'
access_token_body = urlencode({
'oauth_token_secret': 'a-secret',
'encoded_user_id': '101010',
'oauth_token': 'foobar'
})
request_token_body = urlencode({
'oauth_token_secret': 'foobar-secret',
'oauth_token': 'foobar',
'oauth_callback_confirmed': 'true'
})
user_data_url = 'https://api.fitbit.com/1/user/-/profile.json'
user_data_body = json.dumps({
'user': {
'weightUnit': 'en_US',
'strideLengthWalking': 0,
'displayName': 'foobar',
'weight': 62.6,
'foodsLocale': 'en_US',
'heightUnit': 'en_US',
'locale': 'en_US',
'gender': 'NA',
'memberSince': '2011-12-26',
'offsetFromUTCMillis': -25200000,
'height': 0,
'timezone': 'America/Los_Angeles',
'dateOfBirth': '',
'encodedId': '101010',
'avatar': 'http://www.fitbit.com/images/profile/'
'defaultProfile_100_male.gif',
'waterUnit': 'en_US',
'distanceUnit': 'en_US',
'glucoseUnit': 'en_US',
'strideLengthRunning': 0
}
})
def test_login(self):
self.do_login()
def test_partial_pipeline(self):
self.do_partial_pipeline()
class TripitOAuth1Test(OAuth1Test):
backend_path = 'social.backends.tripit.TripItOAuth'
user_data_url = 'https://api.tripit.com/v1/get/profile'
expected_username = '******'
access_token_body = json.dumps({
'access_token': 'foobar',
'token_type': 'bearer'
})
request_token_body = urlencode({
'oauth_token_secret': 'foobar-secret',
'oauth_token': 'foobar',
'oauth_callback_confirmed': 'true'
})
user_data_content_type = 'text/xml'
user_data_body = \
'<Response>' \
'<timestamp>1363590451</timestamp>' \
'<num_bytes>1040</num_bytes>' \
'<Profile ref="ignore-me">' \
'<ProfileEmailAddresses>' \
'<ProfileEmailAddress>' \
'<address>[email protected]</address>' \
'<is_auto_import>false</is_auto_import>' \
'<is_confirmed>true</is_confirmed>' \
'<is_primary>true</is_primary>' \
'<is_auto_inbox_eligible>' \
'true' \
'</is_auto_inbox_eligible>' \
'</ProfileEmailAddress>' \
'</ProfileEmailAddresses>' \
'<is_client>true</is_client>' \
'<is_pro>false</is_pro>' \
'<screen_name>foobar</screen_name>' \
'<public_display_name>Foo Bar</public_display_name>' \
'<profile_url>people/foobar</profile_url>' \
'<home_city>Foo, Barland</home_city>' \
'<activity_feed_url>' \
'https://www.tripit.com/feed/activities/private/' \
'ignore-this/activities.atom' \
'</activity_feed_url>' \
'<alerts_feed_url>' \
'https://www.tripit.com/feed/alerts/private/' \
'ignore-this/alerts.atom' \
'</alerts_feed_url>' \
'<ical_url>' \
'webcal://www.tripit.com/feed/ical/private/' \
'ignore-this/tripit.ics' \
'</ical_url>' \
'</Profile>' \
'</Response>'
def test_login(self):
self.do_login()
def test_partial_pipeline(self):
self.do_partial_pipeline()
def oauth_authorization_request(self, token):
"""Generate OAuth request to authorize token."""
if not isinstance(token, dict):
token = parse_qs(token)
params = self.auth_extra_arguments() or {}
params.update(self.get_scope_argument())
params[self.OAUTH_TOKEN_PARAMETER_NAME] = token.get(self.OAUTH_TOKEN_PARAMETER_NAME)
state = self.get_or_create_state()
params[self.REDIRECT_URI_PARAMETER_NAME] = self.get_redirect_uri(state)
return "{0}?{1}".format(self.authorization_url(), urlencode(params))
def oauth_authorization_request(self, token):
"""Generate OAuth request to authorize token."""
if not isinstance(token, dict):
token = parse_qs(token)
params = self.auth_extra_arguments() or {}
params.update(self.get_scope_argument())
params[self.OAUTH_TOKEN_PARAMETER_NAME] = token.get(
self.OAUTH_TOKEN_PARAMETER_NAME)
params[self.REDIRECT_URI_PARAMETER_NAME] = self.redirect_uri
return self.AUTHORIZATION_URL + '?' + urlencode(params)
def revoke_token(self, token, uid):
if self.REVOKE_TOKEN_URL:
url = self.revoke_token_url(token, uid)
params = self.revoke_token_params(token, uid)
headers = self.revoke_token_headers(token, uid)
data = urlencode(params) if self.REVOKE_TOKEN_METHOD != 'GET' \
else None
response = self.request(url, params=params, headers=headers,
data=data, method=self.REVOKE_TOKEN_METHOD)
return self.process_revoke_token_response(response)
class ZoteroOAuth1Test(OAuth1Test):
backend_path = 'social.backends.zotero.ZoteroOAuth'
expected_username = '******'
access_token_body = urlencode({
'oauth_token': 'foobar',
'oauth_token_secret': 'rodgsNDK4hLJU1504Atk131G',
'userID': '123456_abcdef',
'username': '******'
})
request_token_body = urlencode({
'oauth_token_secret': 'foobar-secret',
'oauth_token': 'foobar',
'oauth_callback_confirmed': 'true'
})
def test_login(self):
self.do_login()
def test_partial_pipeline(self):
self.do_partial_pipeline()
class FlickrOAuth1Test(OAuth1Test):
backend_path = 'social.backends.flickr.FlickrOAuth'
expected_username = '******'
access_token_body = urlencode({
'oauth_token_secret': 'a-secret',
'username': '******',
'oauth_token': 'foobar',
'user_nsid': '10101010@N01'
})
request_token_body = urlencode({
'oauth_token_secret': 'foobar-secret',
'oauth_token': 'foobar',
'oauth_callback_confirmed': 'true'
})
def test_login(self):
self.do_login()
def test_partial_pipeline(self):
self.do_partial_pipeline()
def oauth_authorization_request(self, token):
"""Generate OAuth request to authorize token."""
if not isinstance(token, dict):
token = parse_qs(token)
params = self.auth_extra_arguments() or {}
params.update(self.get_scope_argument())
params[self.OAUTH_TOKEN_PARAMETER_NAME] = token.get(
self.OAUTH_TOKEN_PARAMETER_NAME)
state = self.get_or_create_state()
params[self.REDIRECT_URI_PARAMETER_NAME] = self.get_redirect_uri(state)
return '{0}?{1}'.format(self.authorization_url(), urlencode(params))
class BitbucketOAuth1Test(OAuth1Test):
backend_path = 'social.backends.bitbucket.BitbucketOAuth'
user_data_url = 'https://bitbucket.org/api/1.0/users/[email protected]'
expected_username = '******'
access_token_body = json.dumps({
'access_token': 'foobar',
'token_type': 'bearer'
})
request_token_body = urlencode({
'oauth_token_secret': 'foobar-secret',
'oauth_token': 'foobar',
'oauth_callback_confirmed': 'true'
})
emails_body = json.dumps([{
'active': True,
'email': '*****@*****.**',
'primary': True
}])
user_data_body = json.dumps({
'user': {
'username':
'******',
'first_name':
'Foo',
'last_name':
'Bar',
'display_name':
'Foo Bar',
'is_team':
False,
'avatar':
'https://secure.gravatar.com/avatar/'
'5280f15cedf540b544eecc30fcf3027c?'
'd=https%3A%2F%2Fd3oaxc4q5k2d6q.cloudfront.net%2Fm%2F'
'9e262ba34f96%2Fimg%2Fdefault_avatar%2F32%2F'
'user_blue.png&s=32',
'resource_uri':
'/1.0/users/foobar'
}
})
def test_login(self):
HTTPretty.register_uri(HTTPretty.GET,
'https://bitbucket.org/api/1.0/emails/',
status=200,
body=self.emails_body)
self.do_login()
def test_partial_pipeline(self):
HTTPretty.register_uri(HTTPretty.GET,
'https://bitbucket.org/api/1.0/emails/',
status=200,
body=self.emails_body)
self.do_partial_pipeline()
def oauth_authorization_request(self, token):
"""Generate OAuth request to authorize token."""
if not isinstance(token, dict):
token = parse_qs(token)
params = self.auth_extra_arguments() or {}
params.update(self.get_scope_argument())
params[self.OAUTH_TOKEN_PARAMETER_NAME] = token.get(
self.OAUTH_TOKEN_PARAMETER_NAME
)
params[self.REDIRECT_URI_PARAMETER_NAME] = self.redirect_uri
return self.AUTHORIZATION_URL + '?' + urlencode(params)
def auth_url(self):
"""Return redirect url"""
state = self.get_or_create_state()
params = self.auth_params(state)
params.update(self.get_scope_argument())
params.update(self.auth_extra_arguments())
params = urlencode(params)
if not self.REDIRECT_STATE:
# redirect_uri matching is strictly enforced, so match the
# providers value exactly.
params = unquote(params)
return self.AUTHORIZATION_URL + '?' + params
def auth_url(self):
"""Return redirect url"""
state = self.get_or_create_state()
params = self.auth_params(state)
params.update(self.get_scope_argument())
params.update(self.auth_extra_arguments())
params = urlencode(params)
if not self.REDIRECT_STATE:
# redirect_uri matching is strictly enforced, so match the
# providers value exactly.
params = unquote(params)
return '{0}?{1}'.format(self.authorization_url(), params)
def auth_url(self):
"""Return redirect url"""
state = self.get_or_create_state()
params = self.auth_params(state)
params.update(self.get_scope_argument())
params.update(self.auth_extra_arguments())
params = urlencode(params)
if not self.REDIRECT_STATE:
# redirect_uri matching is strictly enforced, so match the
# providers value exactly.
params = unquote(params)
return self.AUTHORIZATION_URL + '?' + params
def auth_url(self):
"""Return redirect url"""
state = self.get_or_create_state()
params = self.auth_params(state)
params.update(self.get_scope_argument())
params.update(self.auth_extra_arguments())
params = urlencode(params)
if not self.REDIRECT_STATE:
# redirect_uri matching is strictly enforced, so match the
# providers value exactly.
params = unquote(params)
return '{0}?{1}'.format(self.authorization_url(), params)
def get_admin_access_token(request):
backend = Facebook2OAuth2()
params = {
'app_id': settings.SOCIAL_AUTH_FACEBOOK_APP_KEY,
'scope': 'public_profile,email,manage_pages,publish_pages,publish_actions',
'next': request.build_absolute_uri(reverse('get_admin_access_token_complete')),
}
params = urlencode(params)
redirect_url = '{0}?{1}'.format(backend.authorization_url(), params)
return HttpResponseRedirect(redirect_url)
def refresh_token(self, token, *args, **kwargs):
# python-social-auth doesn't give the right hooks to override just the url when refreshing the token
# so we need to copy over the whole method.
scope_params = urlencode(self.get_scope_argument())
params = self.refresh_token_params(token, *args, **kwargs)
# Wave's Oauth2 implementation requires that you send the scope as a URL paramater when refreshing the
# token - this is a bug in their system.
url = '{url}?{params}'.format(url=self.REFRESH_TOKEN_URL or self.ACCESS_TOKEN_URL, params=scope_params)
method = self.REFRESH_TOKEN_METHOD
key = 'params' if method == 'GET' else 'data'
request_args = {'headers': self.auth_headers(), 'method': method, key: params}
request = self.request(url, **request_args)
return self.process_refresh_token_response(request, *args, **kwargs)
class YahooOAuth1Test(OAuth1Test):
backend_path = 'social.backends.yahoo.YahooOAuth'
user_data_url = 'http://social.yahooapis.com/v1/user/a-guid/profile?' \
'format=json'
expected_username = '******'
access_token_body = json.dumps({
'access_token': 'foobar',
'token_type': 'bearer'
})
request_token_body = urlencode({
'oauth_token_secret': 'foobar-secret',
'oauth_token': 'foobar',
'oauth_callback_confirmed': 'true'
})
guid_body = json.dumps({
'guid': {
'uri': 'http://social.yahooapis.com/v1/me/guid',
'value': 'a-guid'
}
})
user_data_body = json.dumps({
'profile': {
'bdRestricted': True,
'memberSince': '2007-12-11T14:40:30Z',
'image': {
'width': 192,
'imageUrl': 'http://l.yimg.com/dh/ap/social/profile/'
'profile_b192.png',
'size': '192x192',
'height': 192
},
'created': '2013-03-18T04:15:08Z',
'uri': 'http://social.yahooapis.com/v1/user/a-guid/profile',
'isConnected': False,
'profileUrl': 'http://profile.yahoo.com/a-guid',
'guid': 'a-guid',
'nickname': 'foobar'
}
})
def test_login(self):
HTTPretty.register_uri(
HTTPretty.GET,
'http://social.yahooapis.com/v1/me/guid?format=json',
status=200,
body=self.guid_body)
self.do_login()
def test_partial_pipeline(self):
self.do_partial_pipeline()
def auth_complete(self, *args, **kwargs):
"""Completes login process, must return user instance"""
state = self.validate_state()
self.process_error(self.data)
response = self.request_access_token(
self.access_token_url(),
data=self.auth_complete_params(state),
headers=self.auth_headers(),
auth=self.auth_complete_credentials(),
method=self.ACCESS_TOKEN_METHOD)
self.process_error(response)
if self.strategy.setting('SUBDOMAIN_REDIRECTS', False):
# if the destination is on a subdomain, redirect to that subdomain
if self.strategy.request.is_base and self.strategy.session_get(
'next'):
params = self.strategy.request_get()
params.update(response)
# build the appropriate redirect URL
c = self.strategy.session_get('next').split(
':', 1
)[0] + '://' + self.strategy.session_get('next')[6:].lstrip(
'/').split(
'/', 1
)[0] + '/r' + self.strategy.request.path + '?' + urlencode(
params)
return self.strategy.redirect(
self.strategy.session_get('next').split(':', 1)[0] +
'://' + self.strategy.session_get('next')[6:].lstrip(
'/').split('/', 1)[0] + '/r' +
self.strategy.request.path + '?' + urlencode(params))
return self.do_auth(response['access_token'],
response=response,
*args,
**kwargs)
class GoogleOAuth1Test(OAuth1Test):
backend_path = 'social.backends.google.GoogleOAuth'
user_data_url = 'https://www.googleapis.com/userinfo/email'
expected_username = '******'
access_token_body = json.dumps({
'access_token': 'foobar',
'token_type': 'bearer'
})
request_token_body = urlencode({
'oauth_token_secret': 'foobar-secret',
'oauth_token': 'foobar',
'oauth_callback_confirmed': 'true'
})
user_data_body = urlencode({
'email': '*****@*****.**',
'isVerified': 'true',
'id': '101010101010101010101'
})
def test_login(self):
self.do_login()
def test_partial_pipeline(self):
self.do_partial_pipeline()
def test_with_unique_user_id(self):
self.strategy.set_settings(
{'SOCIAL_AUTH_GOOGLE_OAUTH_USE_UNIQUE_USER_ID': True})
self.do_login()
def test_with_anonymous_key_and_secret(self):
self.strategy.set_settings({
'SOCIAL_AUTH_GOOGLE_OAUTH_KEY': None,
'SOCIAL_AUTH_GOOGLE_OAUTH_SECRET': None
})
self.do_login()
class UpworkOAuth1Test(OAuth1Test):
backend_path = 'social.backends.upwork.UpworkOAuth'
user_data_url = 'https://www.upwork.com/api/auth/v1/info.json'
expected_username = '******'
access_token_body = json.dumps({
'access_token': 'foobar',
'token_type': 'bearer'
})
request_token_body = urlencode({
'oauth_token_secret': 'foobar-secret',
'oauth_token': 'foobar',
'oauth_callback_confirmed': 'true'
})
user_data_body = json.dumps({
'info': {
'portrait_32_img': '',
'capacity': {
'buyer': 'no',
'affiliate_manager': 'no',
'provider': 'yes'
},
'company_url': '',
'has_agency': '1',
'portrait_50_img': '',
'portrait_100_img': '',
'location': {
'city': 'New York',
'state': '',
'country': 'USA'
},
'ref': '9755314',
'profile_url': 'https://www.upwork.com/users/~10101010'
},
'auth_user': {
'timezone': 'USA/New York',
'first_name': 'Foo',
'last_name': 'Bar',
'timezone_offset': '10000'
},
'server_time': '1111111111'
})
def test_login(self):
self.do_login()
def test_partial_pipeline(self):
self.do_partial_pipeline()
def auth_url(self):
"""Return redirect url"""
state = None
if self.STATE_PARAMETER or self.REDIRECT_STATE:
# Store state in session for further request validation. The state
# value is passed as state parameter (as specified in OAuth2 spec),
# but also added to redirect_uri, that way we can still verify the
# request if the provider doesn't implement the state parameter.
# Reuse token if any.
name = self.name + "_state"
state = self.strategy.session_get(name) or self.state_token()
self.strategy.session_set(name, state)
params = self.auth_params(state)
params.update(self.get_scope_argument())
params.update(self.auth_extra_arguments())
return self.AUTHORIZATION_URL + "?" + urlencode(params)
def unauthorized_token_request(self):
"""Return request for unauthorized token (first stage)"""
params = self.request_token_extra_arguments()
params.update(self.get_scope_argument())
key, secret = self.get_key_and_secret()
# decoding='utf-8' produces errors with python-requests on Python3
# since the final URL will be of type bytes
decoding = None if six.PY3 else "utf-8"
state = self.get_or_create_state()
auth = OAuth1(
key,
secret,
callback_uri=self.get_redirect_uri(state),
decoding=decoding,
signature_method=SIGNATURE_HMAC,
signature_type=SIGNATURE_TYPE_QUERY,
)
url = self.REQUEST_TOKEN_URL + "?" + urlencode(params)
url, _, _ = auth.client.sign(url)
return url
def modify_start_url(self, start_url):
"""
Given a SAML redirect URL, parse it and change the ID to
a consistent value, so the request is always identical.
"""
# Parse the SAML Request URL to get the XML being sent to TestShib
url_parts = urlparse(start_url)
query = dict((k, v[0]) for (k, v) in
parse_qs(url_parts.query).iteritems())
xml = OneLogin_Saml2_Utils.decode_base64_and_inflate(
query['SAMLRequest']
)
# Modify the XML:
xml, changed = re.subn(r'ID="[^"]+"', 'ID="TEST_ID"', xml)
self.assertEqual(changed, 1)
# Update the URL to use the modified query string:
query['SAMLRequest'] = OneLogin_Saml2_Utils.deflate_and_base64_encode(
xml
)
url_parts = list(url_parts)
url_parts[4] = urlencode(query)
return urlunparse(url_parts)