def test_profile(requests_mock):
user_info = {
'profile_image_url_https': 'http://example.com/foo_normal.jpg',
'description':
'this is a biography. see more at https://is.gd/notareallink',
'entities': {
'description': {
'urls': [{
'url': 'https://is.gd/notareallink',
'expanded_url': 'https://beesbuzz.biz/'
}]
}
},
'screen_name': 'qwerpoiufojar',
}
requests_mock.head('http://example.com/foo_400x400.jpg', status_code=200)
handler = twitter.Twitter('foo', 'bar')
profile = handler.build_profile(user_info)
assert profile == {
'avatar': 'http://example.com/foo_400x400.jpg',
'bio': 'this is a biography. see more at https://beesbuzz.biz/',
'profile_url': 'https://twitter.com/qwerpoiufojar',
}
def test_auth_denied(mocker):
storage = {}
handler = twitter.Twitter('foo', 'bar', 60, storage)
# Test gets successful initiation
mocker.patch("authl.handlers.twitter.OAuth1")
session_mock = mocker.patch("authl.handlers.twitter.OAuth1Session")
session_mock().fetch_request_token.return_value = {
'oauth_token': 'my_token',
'oauth_token_secret': 'my_secret'
}
result = handler.initiate_auth('https://twitter.com/fluffy', 'http://cb',
'redir')
assert isinstance(result, disposition.Redirect), str(result)
assert result.url.startswith('https://api.twitter.com')
args = parse_args(result.url)
print(result.url)
assert args['screen_name'] == 'fluffy'
assert args['oauth_token'] == 'my_token'
assert 'my_token' in storage
args['denied'] = args.pop('oauth_token')
result = handler.check_callback('foo', args, {})
assert isinstance(result, disposition.Error)
assert 'authorization declined' in result.message
def test_auth_success(mocker, requests_mock):
storage = {}
handler = twitter.Twitter('foo', 'bar', 60, storage)
# Test gets successful initiation
mocker.patch("authl.handlers.twitter.OAuth1")
session_mock = mocker.patch("authl.handlers.twitter.OAuth1Session")
session_mock().fetch_request_token.return_value = {
'oauth_token': 'my_token',
'oauth_token_secret': 'my_secret'
}
result = handler.initiate_auth('https://twitter.com/fakeinput',
'http://cb', 'redir')
assert isinstance(result, disposition.Redirect), str(result)
assert result.url.startswith('https://api.twitter.com')
args = parse_args(result.url)
print(result.url)
assert args['screen_name'] == 'fakeinput'
assert args['oauth_token'] == 'my_token'
assert 'my_token' in storage
result = handler.check_callback('foo', {'oauth_token': 'blop'}, {})
assert isinstance(result, disposition.Error)
assert 'Invalid transaction' in result.message
requests_mock.get(
'https://api.twitter.com/1.1/account/verify_credentials.json?skip_status=1',
json={
'screen_name': 'foo',
'id_str': '12345'
})
cleanup = requests_mock.post(
'https://api.twitter.com/1.1/oauth/invalidate_token.json', text="okay")
args['oauth_verifier'] = 'verifier'
result = handler.check_callback('foo', args, {})
assert isinstance(result, disposition.Verified), str(result)
assert result.redir == 'redir'
assert result.identity == 'https://twitter.com/i/user/12345'
assert result.profile['profile_url'] == 'https://twitter.com/foo'
# guard against replay attacks
result = handler.check_callback('foo', args, {})
assert isinstance(result, disposition.Error), str(result)
assert cleanup.called
def test_misconfigured(mocker):
storage = {}
handler = twitter.Twitter('foo', 'bar', 60, storage)
mocker.patch("authl.handlers.twitter.OAuth1")
session_mock = mocker.patch("authl.handlers.twitter.OAuth1Session")
session_mock = mocker.patch("authl.handlers.twitter.OAuth1Session")
session_mock().fetch_request_token.side_effect = ValueError("bad config")
result = handler.initiate_auth('https://twitter.com/fluffy', 'http://cb', 'failure')
assert isinstance(result, disposition.Error), str(result)
assert 'bad config' in result.message
assert result.redir == 'failure'
def test_basics():
handler = twitter.Twitter('foo', 'bar')
assert handler.service_name == 'Twitter'
assert handler.url_schemes
assert 'twitter.com' in handler.description
assert handler.cb_id == 't'
assert handler.logo_html[0][1] == 'Twitter'
assert handler.generic_url
assert handler.handles_url('twitter.com') == 'https://twitter.com/'
assert handler.handles_url('twitter.com/fluffy') == 'https://twitter.com/fluffy'
assert handler.handles_url('twitter.com/@fluffy') == 'https://twitter.com/fluffy'
assert handler.handles_url(
'https://twitter.com/fluffy?utm_source=foo') == 'https://twitter.com/fluffy'
assert not handler.handles_url('https://foo.bar/baz')
def test_auth_failures(mocker, requests_mock):
storage = {}
handler = twitter.Twitter('foo', 'bar', 60, storage)
mocker.patch("authl.handlers.twitter.OAuth1")
session_mock = mocker.patch("authl.handlers.twitter.OAuth1Session")
# Test attempt at authenticating against non-twitter URL
result = handler.initiate_auth('https://foo.example', 'http://cb', 'redir')
assert isinstance(result,
disposition.Error), "tried to handle non-twitter URL"
# test timeouts
session_mock().fetch_request_token.return_value = {
'oauth_token': 'my_token',
'oauth_token_secret': 'my_secret'
}
mock_time = mocker.patch('time.time')
mock_time.return_value = 12345
result = handler.initiate_auth('https://twitter.com/', 'http://cb',
'timeout')
assert isinstance(result, disposition.Redirect), str(result)
args = parse_args(result.url)
args['oauth_verifier'] = 'verifier'
mock_time.return_value = 12345678
result = handler.check_callback('foo', args, {})
assert isinstance(result, disposition.Error), str(result)
assert 'timed out' in result.message
# test internal failure
result = handler.initiate_auth('https://twitter.com/', 'http://cb',
'timeout')
assert isinstance(result, disposition.Redirect), str(result)
args = parse_args(result.url)
args['oauth_verifier'] = 'verifier'
requests_mock.get(
'https://api.twitter.com/1.1/account/verify_credentials.json?skip_status=1',
json=['not a valid response'])
cleanup = requests_mock.post(
'https://api.twitter.com/1.1/oauth/invalidate_token.json', text="okay")
result = handler.check_callback('foo', args, {})
assert isinstance(result, disposition.Error), str(result)
assert 'object has no attribute' in result.message, str(result)
assert cleanup.called