def run(): if not request.isSecure() and not getDevelopmentMode(): raise TBadRequest( '/users/<username>/verify requests must use HTTPS') dictionary = registry.checkRequest(usage, request) user = cachingGetUser(self.username.decode('utf-8')) if not user: raise TNoSuchUser(self.username) password = dictionary['password'] if checkPassword(password, user.passwordHash): # FIXME Hard-coding the 'anon' consumer here isn't great, # but for now it means we don't have to change the public # API. -jkakar api = OAuthConsumerAPI() consumer = cachingGetUser(u'anon') accessToken = api.getAccessToken(consumer, user) renewalToken = api.getRenewalToken(consumer, user) return {'accessToken': accessToken.encrypt(), 'fullname': user.fullname, 'renewalToken': renewalToken.encrypt(), 'role': str(user.role), 'valid': True} else: return {'valid': False}
def testAuthenticateOAuthWithIncorrectSignature(self): """ L{OAuthConsumerAPI.authenticate} raises an L{AuthenticationError} exception if the signature in the L{OAuthCredentials} is incorrect. """ UserAPI().create([ (u'consumer', u'secret', u'Consumer', u'*****@*****.**'), (u'user', u'secret', u'User', u'*****@*****.**')]) consumerUser = getUser(u'consumer') user = getUser(u'user') api = OAuthConsumerAPI() consumer = api.register(consumerUser, secret='abyOTsAfo9MVN0qz') timestamp = 1314976811 headers = {'header1': 'foo'} arguments = 'argument1=bar' oauthEchoSecret = getConfig().get('oauth', 'access-secret') token = dataToToken(oauthEchoSecret + consumer.secret, {'username': user.username, 'creationTime': '2012-12-28 16:18:23'}) signature = 'wrong' nonce = 'nonce' credentials = OAuthCredentials( 'fluidinfo.com', consumerUser.username, token, 'HMAC-SHA1', signature, timestamp, nonce, 'GET', u'https://fluidinfo.com/foo', headers, arguments) self.assertRaises(AuthenticationError, api.authenticate, credentials)
def testRequestAvatarId(self): """ L{FacadeOAuthChecker.requestAvatarId} creates a L{FluidinfoSession} for the authenticated user only if credentials are correct. """ UserAPI().create([(u'consumer', u'secret', u'Consumer', u'*****@*****.**'), (u'user', u'secret', u'User', u'*****@*****.**')]) consumerUser = getUser(u'consumer') user = getUser(u'user') api = OAuthConsumerAPI() consumer = api.register(consumerUser) token = api.getAccessToken(consumerUser, user) self.store.commit() timestamp = 1314976811 headers = {'header1': 'foo'} arguments = 'argument1=bar' # FIXME This isn't ideal. It'd be better to use a hard-coded # signature, because then we'd know when something changed. It's hard # to do that, though, because the encrypted token generated by # fluiddb.util.minitoken is always different. -jkakar request = Request.from_request('GET', u'https://fluidinfo.com/foo', headers, {'argument1': 'bar'}) signature = SignatureMethod_HMAC_SHA1().sign(request, consumer, None) nonce = 'nonce' credentials = OAuthCredentials('fluidinfo.com', consumerUser.username, token.encrypt(), 'HMAC-SHA1', signature, timestamp, nonce, 'GET', u'https://fluidinfo.com/foo', headers, arguments) session = yield self.checker.requestAvatarId(credentials) self.assertEqual(user.username, session.auth.username) self.assertEqual(user.objectID, session.auth.objectID)
def testAuthenticateUserWithOAuthIncorrectSignature(self): """ L{FacadeAuthMixin.authenticateUserWithOAuth} raises a L{TPasswordIncorrect} exception if the signature in the OAuth credentials is incorrect. """ UserAPI().create([ (u'consumer', u'secret', u'Consumer', u'*****@*****.**'), (u'user', u'secret', u'User', u'*****@*****.**')]) consumerUser = getUser(u'consumer') user = getUser(u'user') api = OAuthConsumerAPI() api.register(consumerUser) token = api.getAccessToken(consumerUser, user) self.store.commit() timestamp = 1314976811 headers = {'header1': 'foo'} arguments = 'argument1=bar' signature = 'wrong' nonce = 'nonce' credentials = OAuthCredentials( 'fluidinfo.com', user.username, token.encrypt(), u'HMAC-SHA1', signature, timestamp, nonce, 'GET', 'https://fluidinfo.com/foo', headers, arguments) deferred = self.facade.authenticateUserWithOAuth(credentials) return self.assertFailure(deferred, TPasswordIncorrect)
def testAuthenticateOAuthWithInvalidToken(self): """ L{OAuthConsumerAPI.authenticate} raises an L{AuthenticationError} exception if the token in the L{OAuthCredentials} is invalid. """ UserAPI().create([(u'user1', u'secret1', u'User1', u'*****@*****.**')]) user1 = getUser(u'user1') # NOTE This second user is not used, but it's created anyway to make # sure that the environment is the same as the other tests, but this # time the test will only fail because of an invalid token. # This is here to avoid regressions. UserAPI().create([(u'user2', u'secret2', u'User2', u'*****@*****.**')]) oauthConsumerAPI = OAuthConsumerAPI() oauthConsumerAPI.register(user1, secret='abyOTsAfo9MVN0qz') timestamp = 1314976811 headers = {'header1': 'foo'} arguments = 'argument1=bar' token = 'invalid' signature = 'wrong' nonce = 'nonce' credentials = OAuthCredentials( 'fluidinfo.com', user1.username, token, 'HMAC-SHA1', signature, timestamp, nonce, 'GET', u'https://fluidinfo.com/foo', headers, arguments) self.assertRaises(AuthenticationError, oauthConsumerAPI.authenticate, credentials)
def testAuthenticateUserWithOAuthWithMixedCaseInToken(self): """ L{FacadeAuthMixin.authenticateUserWithOAuth} ignores the case in the username in the token. """ UserAPI().create([ (u'consumer', u'secret', u'Consumer', u'*****@*****.**'), (u'user', u'secret', u'User', u'*****@*****.**')]) consumerUser = getUser(u'consumer') user = getUser(u'user') api = OAuthConsumerAPI() consumer = api.register(consumerUser) token = dataToToken(consumer.secret, {'username': u'UseR', 'creationTime': '20121228-161823'}) self.store.commit() timestamp = 1314976811 headers = {'header1': 'foo'} arguments = 'argument1=bar' request = Request.from_request('GET', u'https://fluidinfo.com/foo', headers, {'argument1': 'bar'}) signature = SignatureMethod_HMAC_SHA1().sign(request, consumer, None) nonce = 'nonce' credentials = OAuthCredentials( 'fluidinfo.com', consumerUser.username, token, 'HMAC-SHA1', signature, timestamp, nonce, 'GET', u'https://fluidinfo.com/foo', headers, arguments) session = yield self.facade.authenticateUserWithOAuth(credentials) self.assertEqual(user.username, session.auth.username) self.assertEqual(user.objectID, session.auth.objectID)
def testAuthenticateUserWithOAuth(self): """ L{FacadeAuthMixin.authenticateUserWithOAuth} creates a L{FluidinfoSession} for the authenticated user only if credentials are correct. """ UserAPI().create([ (u'consumer', u'secret', u'Consumer', u'*****@*****.**'), (u'user', u'secret', u'User', u'*****@*****.**')]) consumerUser = getUser(u'consumer') user = getUser(u'user') api = OAuthConsumerAPI() consumer = api.register(consumerUser) token = api.getAccessToken(consumerUser, user) self.store.commit() timestamp = 1314976811 headers = {'header1': 'foo'} arguments = 'argument1=bar' request = Request.from_request('GET', u'https://fluidinfo.com/foo', headers, {'argument1': 'bar'}) signature = SignatureMethod_HMAC_SHA1().sign(request, consumer, None) nonce = 'nonce' credentials = OAuthCredentials( 'fluidinfo.com', consumerUser.username, token.encrypt(), 'HMAC-SHA1', signature, timestamp, nonce, 'GET', u'https://fluidinfo.com/foo', headers, arguments) session = yield self.facade.authenticateUserWithOAuth(credentials) self.assertEqual(user.username, session.auth.username) self.assertEqual(user.objectID, session.auth.objectID)
def testAuthenticateOAuthWithUnknownUser(self): """ L{OAuthConsumerAPI.authenticate} raises a L{UnknownUserError} exception if the user in the L{OAuthCredentials} token doesn't exist. """ UserAPI().create([(u'user1', u'secret1', u'User1', u'*****@*****.**')]) user1 = getUser(u'user1') oauthConsumerAPI = OAuthConsumerAPI() consumer = oauthConsumerAPI.register(user1, secret='abyOTsAfo9MVN0qz') timestamp = 1314976811 headers = {'header1': 'foo'} arguments = 'argument1=bar' oauthEchoSecret = getConfig().get('oauth', 'access-secret') token = dataToToken(oauthEchoSecret + consumer.secret, {'username': '******'}) signature = 'Sno1ocDhYv9vwJnEJATE3cmUvSo=' nonce = 'nonce' credentials = OAuthCredentials( 'fluidinfo.com', user1.username, token, 'HMAC-SHA1', signature, timestamp, nonce, 'GET', u'https://fluidinfo.com/foo', headers, arguments) self.assertRaises(UnknownUserError, oauthConsumerAPI.authenticate, credentials)
def testAuthenticateOAuth(self): """ L{OAuthConsumerAPI.authenticate} returns the L{User} when passed valid L{OAuthCredentials}. In the case of OAuth Echo, and in the case of this test, a consumer makes a request using a token that grants it access to act on behalf of a particular user. """ UserAPI().create([(u'consumer', u'password', u'Consumer', u'*****@*****.**')]) UserAPI().create([(u'user', u'secret', u'User', u'*****@*****.**')]) consumer = getUser(u'consumer') user = getUser(u'user') api = OAuthConsumerAPI() api.register(consumer, secret='abyOTsAfo9MVN0qz') token = api.getAccessToken(consumer, user) timestamp = 1314976811 headers = {'header1': 'foo'} arguments = 'argument1=bar' signature = 'Sno1ocDhYv9vwJnEJATE3cmUvSo=' nonce = 'nonce' credentials = OAuthCredentials( 'fluidinfo.com', consumer.username, token.encrypt(), 'HMAC-SHA1', signature, timestamp, nonce, 'GET', u'https://fluidinfo.com/foo', headers, arguments) self.assertIdentical(user, api.authenticate(credentials))
def testRenderWithExpiredRenewalToken(self): """ An C{UNAUTHORIZED} HTTP status code is returned if an expired L{OAuthRenewalToken} is used in a renewal request. """ UserAPI().create( [(u'consumer', 'secret', u'Consumer', u'*****@*****.**'), (u'user', 'secret', u'User', u'*****@*****.**')]) consumer = getUser(u'consumer') user = getUser(u'consumer') api = OAuthConsumerAPI() api.register(consumer) creationTime = datetime.utcnow() - timedelta(hours=200) token = api.getRenewalToken(consumer, user, now=lambda: creationTime) self.store.commit() headers = {'X-FluidDB-Renewal-Token': [token.encrypt()]} request = FakeRequest(headers=Headers(headers)) with login(u'consumer', consumer.objectID, self.transact) as session: resource = RenewOAuthTokenResource(session) self.assertEqual(NOT_DONE_YET, resource.render_GET(request)) yield resource.deferred headers = dict(request.responseHeaders.getAllRawHeaders()) self.assertEqual( {'X-Fluiddb-Error-Class': ['ExpiredOAuth2RenewalToken'], 'X-Fluiddb-Username': ['consumer'], 'X-Fluiddb-Request-Id': [session.id]}, headers) self.assertEqual(UNAUTHORIZED, request.code)
def testRenewToken(self): """ L{SecureOAuthConsumerAPI.renewToken} generates a new L{OAuthRenewalToken} and L{OAuthAccessToken}, given a valid L{OAuthRenewalToken}. """ UserAPI().create([ (u'consumer', u'secret', u'Consumer', u'*****@*****.**'), (u'user', u'secret', u'User', u'*****@*****.**')]) consumer = getUser(u'consumer') user = getUser(u'user') api = OAuthConsumerAPI() api.register(consumer) token = api.getRenewalToken(consumer, user).encrypt() encryptedRenewalToken, encryptedAccessToken = ( SecureOAuthConsumerAPI().renewToken(u'consumer', token)) renewalToken = OAuthRenewalToken.decrypt(consumer, encryptedRenewalToken) accessToken = OAuthAccessToken.decrypt(consumer, encryptedAccessToken) self.assertTrue(isinstance(renewalToken, OAuthRenewalToken)) self.assertIdentical(consumer, renewalToken.consumer) self.assertIdentical(user, renewalToken.user) self.assertTrue(isinstance(accessToken, OAuthAccessToken)) self.assertIdentical(consumer, accessToken.consumer) self.assertIdentical(user, accessToken.user)
def testRenderWithUnknownConsumer(self): """ A C{BAD_REQUEST} HTTP status code is returned if an L{OAuthRenewalToken} for an unknown L{OAuthConsumer} is used in a renewal request. """ UserAPI().create( [(u'consumer', 'secret', u'Consumer', u'*****@*****.**'), (u'user', 'secret', u'User', u'*****@*****.**')]) consumer = getUser(u'consumer') user = getUser(u'consumer') api = OAuthConsumerAPI() api.register(consumer) token = api.getRenewalToken(consumer, user) headers = {'X-FluidDB-Renewal-Token': [token.encrypt()]} self.store.find(OAuthConsumer).remove() self.store.commit() request = FakeRequest(headers=Headers(headers)) with login(u'consumer', consumer.objectID, self.transact) as session: resource = RenewOAuthTokenResource(session) self.assertEqual(NOT_DONE_YET, resource.render_GET(request)) yield resource.deferred headers = dict(request.responseHeaders.getAllRawHeaders()) self.assertEqual( {'X-Fluiddb-Error-Class': ['UnknownConsumer'], 'X-Fluiddb-Username': ['consumer'], 'X-Fluiddb-Request-Id': [session.id]}, headers) self.assertEqual(BAD_REQUEST, request.code)
def testRenderWithSuccessfulVerification(self): """ An C{OK} HTTP status code is returned, along with new access and renewal tokens, if a renewal request is successful. """ UserAPI().create( [(u'consumer', 'secret', u'Consumer', u'*****@*****.**'), (u'user', 'secret', u'User', u'*****@*****.**')]) consumer = getUser(u'consumer') user = getUser(u'consumer') api = OAuthConsumerAPI() api.register(consumer) token = api.getRenewalToken(consumer, user) self.store.commit() headers = {'X-FluidDB-Renewal-Token': [token.encrypt()]} request = FakeRequest(headers=Headers(headers)) with login(u'consumer', consumer.objectID, self.transact) as session: resource = RenewOAuthTokenResource(session) self.assertEqual(NOT_DONE_YET, resource.render_GET(request)) yield resource.deferred headers = dict(request.responseHeaders.getAllRawHeaders()) self.assertTrue(headers['X-Fluiddb-Access-Token']) self.assertTrue(headers['X-Fluiddb-Renewal-Token']) self.assertEqual(OK, request.code)
def testGet(self): """ L{OAuthConsumerAPI.get} returns the L{OAuthConsumer} associated with the specified L{User}. """ UserAPI().create([(u'user', u'secret', u'User', u'*****@*****.**')]) user = getUser(u'user') consumer = OAuthConsumerAPI().register(user) self.assertIdentical(consumer, OAuthConsumerAPI().get(user))
def testGetUserWithNoPassword(self): """ If a L{User} returned by L{Delegator.getUser} doesn't have a password, a C{missing-password} value is added to the result. """ UserAPI().create([ (u'consumer', 'secret', u'Consumer', u'*****@*****.**'), (u'user', None, u'User', u'*****@*****.**')]) TwitterUserAPI().create(u'user', 1984245) consumer = getUser(u'consumer') OAuthConsumerAPI().register(consumer) self.store.commit() self.agent._connect = self._connect authentication = 'OAuth oauth_consumer_key="...", ...' provider = ServiceProvider(self.agent, 'https://example.com/verify') delegator = Delegator(self.transact) deferred = delegator.getUser(u'consumer', provider, authentication) [(request, responseDeferred)] = self.protocol.requests response = FakeResponse(ResponseDone(), dumps({'id': 1984245})) responseDeferred.callback(response) result = yield deferred self.assertTrue(result['access-token']) self.assertTrue(result['renewal-token']) del result['access-token'] del result['renewal-token'] self.assertEqual({'username': u'user', 'new-user': False, 'missing-password': True, 'uid': 1984245, 'data': {u'id': 1984245}}, result)
def testGetUserWithNewUserAndMixedCaseTwitterScreenName(self): """ A new L{User} is created if L{Delegator.getUser} verifies the L{TwitterUser} but can't find a user matching the Twitter screen name. The Twitter user's screen name should be lowercased to make the new Fluidinfo username. """ UserAPI().create([ (u'consumer', 'secret', u'Consumer', u'*****@*****.**')]) consumer = getUser(u'consumer') OAuthConsumerAPI().register(consumer) self.store.commit() self.agent._connect = self._connect authentication = 'OAuth oauth_consumer_key="...", ...' provider = ServiceProvider(self.agent, 'https://example.com/verify') delegator = Delegator(self.transact) deferred = delegator.getUser(u'consumer', provider, authentication) [(request, responseDeferred)] = self.protocol.requests response = FakeResponse(ResponseDone(), dumps({'id': 1984245, 'screen_name': u'MixedCaseName', 'name': u'John Doe'})) responseDeferred.callback(response) result = yield deferred self.assertTrue(result['new-user']) user = TwitterUserAPI().get(1984245) self.assertEqual(u'mixedcasename', user.username)
def testGetUser(self): """ L{Delegator.getUser} returns a C{(User, data)} 2-tuple when the service provider successfully verifies credentials and a mapping between a Fluidinfo L{User} and the L{TwitterUser} being verified exists. """ UserAPI().create([ (u'consumer', 'secret', u'Consumer', u'*****@*****.**'), (u'user', 'secret', u'User', u'*****@*****.**')]) TwitterUserAPI().create(u'user', 1984245) consumer = getUser(u'consumer') OAuthConsumerAPI().register(consumer) self.store.commit() self.agent._connect = self._connect authentication = 'OAuth oauth_consumer_key="...", ...' provider = ServiceProvider(self.agent, 'https://example.com/verify') delegator = Delegator(self.transact) deferred = delegator.getUser(u'consumer', provider, authentication) [(request, responseDeferred)] = self.protocol.requests response = FakeResponse(ResponseDone(), dumps({'id': 1984245})) responseDeferred.callback(response) result = yield deferred self.assertTrue(result['access-token']) self.assertTrue(result['renewal-token']) del result['access-token'] del result['renewal-token'] self.assertEqual({'username': u'user', 'new-user': False, 'missing-password': False, 'uid': 1984245, 'data': {u'id': 1984245}}, result)
def run(): # Check the consumer username and password if this is not an # anonymous request. if credentials.consumerKey != u'anon': try: user = authenticate(credentials.consumerKey, credentials.consumerPassword) except AuthenticationError as error: session.log.exception(error) raise TPasswordIncorrect() except UnknownUserError as error: session.log.exception(error) raise TNoSuchUser(credentials.consumerKey.encode('utf-8')) # The Consumer has been authenticated (or was anonymous). Use # the OAuthConsumerAPI to get the username the request is being # made for from the OAuth access token. try: user = OAuthConsumerAPI().authenticate(credentials) except AuthenticationError as error: session.log.exception(error) raise TPasswordIncorrect() except UnknownUserError as error: raise TNoSuchUser(error.usernames[0].encode('utf-8')) session.auth.login(user.username, user.objectID) return session
def testAuthenticateOAuthWithUnknownConsumer(self): """ L{OAuthConsumerAPI.authenticate} raises an L{AuthenticationError} exception if the consumer is not registered. """ UserAPI().create([(u'user1', u'secret1', u'User1', u'*****@*****.**')]) user1 = getUser(u'user1') secret = 'a' * 16 timestamp = 1314976811 headers = {'header1': 'foo'} arguments = 'argument1=bar' oauthEchoSecret = getConfig().get('oauth', 'access-secret') token = dataToToken(oauthEchoSecret + secret, {'user1': 'secret1'}) signature = 'Sno1ocDhYv9vwJnEJATE3cmUvSo=' nonce = 'nonce' oauthConsumerAPI = OAuthConsumerAPI() credentials = OAuthCredentials( 'fluidinfo.com', user1.username, token, 'HMAC-SHA1', signature, timestamp, nonce, 'GET', u'https://fluidinfo.com/foo', headers, arguments) self.assertRaises(AuthenticationError, oauthConsumerAPI.authenticate, credentials)
def testRenewTokenWithUnknownConsumer(self): """ L{OAuthConsumerAPI.renewToken} raises an L{UnknownConsumerError} if an L{OAuthRenewalToken} for an unknown consumer is used to generate a new L{OAuthAccessToken}. """ UserAPI().create([ (u'consumer', u'secret', u'Consumer', u'*****@*****.**'), (u'user', u'secret', u'User', u'*****@*****.**')]) consumerUser = getUser(u'consumer') user = getUser(u'user') api = OAuthConsumerAPI() api.register(consumerUser) renewalToken = api.getRenewalToken(consumerUser, user) getUsers(usernames=[u'consumer']).remove() self.assertRaises(UnknownConsumerError, api.renewToken, renewalToken)
def testAuthenticateAnonymousUserWithOAuth2(self): """ L{FacadeAuthMixin.authenticateUserWithOAuth2} should create a L{FluidinfoSession} for the anonymous user. """ anonymous = self.system.users[u'anon'] UserAPI().create([(u'user', u'secret', u'User', u'*****@*****.**')]) user = getUser(u'user') api = OAuthConsumerAPI() api.register(anonymous) token = api.getAccessToken(anonymous, user) self.store.commit() credentials = OAuth2Credentials(u'anon', None, token.encrypt()) session = yield self.facade.authenticateUserWithOAuth2(credentials) self.assertEqual(user.username, session.auth.username) self.assertEqual(user.objectID, session.auth.objectID)
def setUp(self): super(OAuthEchoResourceTest, self).setUp() self.agent = Agent(self.FakeReactor()) self.transact = Transact(self.threadPool) system = createSystemData() self.anonymous = system.users[u'anon'] OAuthConsumerAPI().register(self.anonymous) self.agent = Agent(self.FakeReactor())
def testGetWithoutMatch(self): """ L{OAuthConsumerAPI.get} returns C{None} if the specified L{User} isn't an OAuth consumer. """ UserAPI().create([(u'user', u'secret', u'User', u'*****@*****.**')]) user = getUser(u'user') self.assertIdentical(None, OAuthConsumerAPI().get(user))
def testRenewExpiredToken(self): """ L{OAuthConsumerAPI.renewToken} raises an L{ExpiredOAuthTokenError} if an expired L{OAuthRenewalToken} is used when trying to generate a new L{OAuthAccessToken}. """ UserAPI().create([ (u'consumer', u'secret', u'Consumer', u'*****@*****.**'), (u'user', u'secret', u'User', u'*****@*****.**')]) consumerUser = getUser(u'consumer') user = getUser(u'user') creationTime = datetime.utcnow() - timedelta(hours=200) api = OAuthConsumerAPI() api.register(consumerUser) renewalToken = api.getRenewalToken(consumerUser, user, now=lambda: creationTime) self.assertRaises(ExpiredOAuthTokenError, api.renewToken, renewalToken)
def testAuthenticateOAuth2WithUnknownUser(self): """ L{OAuthConsumerAPI.authenticate} raises a L{UnknownUserError} exception if the user in the L{OAuth2Credentials} token doesn't exist. """ UserAPI().create([(u'user1', u'secret1', u'User1', u'*****@*****.**')]) user1 = getUser(u'user1') oauthConsumerAPI = OAuthConsumerAPI() consumer = oauthConsumerAPI.register(user1, secret='abyOTsAfo9MVN0qz') oauthEchoSecret = getConfig().get('oauth', 'access-secret') token = dataToToken(oauthEchoSecret + consumer.secret, {'username': '******'}) credentials = OAuth2Credentials(u'user1', u'secret1', token) self.assertRaises(UnknownUserError, oauthConsumerAPI.authenticate, credentials)
def setUp(self): super(VerifyUserPasswordResourceTest, self).setUp() self.transact = Transact(self.threadPool) createSystemData() UserAPI().create([ (u'fluidinfo.com', 'secret', u'Fluidinfo', u'*****@*****.**'), (u'user', u'pass', u'Peter Parker', u'*****@*****.**')]) consumer = getUser(u'anon') OAuthConsumerAPI().register(consumer) self.store.commit()
def testAuthenticateOAuth2(self): """ L{OAuthConsumerAPI.authenticate} returns the L{User} when passed valid L{OAuth2Credentials}. In the case of OAuth Echo, and in the case of this test, a consumer makes a request using a token that grants it access to act on behalf of a particular user. """ UserAPI().create([(u'consumer', u'password', u'Consumer', u'*****@*****.**')]) UserAPI().create([(u'user', u'secret', u'User', u'*****@*****.**')]) consumer = getUser(u'consumer') user = getUser(u'user') api = OAuthConsumerAPI() api.register(consumer, secret='abyOTsAfo9MVN0qz') token = api.getAccessToken(consumer, user) credentials = OAuth2Credentials(u'consumer', u'secret1', token.encrypt()) self.assertIdentical(user, api.authenticate(credentials))
def testRegister(self): """ L{OAuthConsumerAPI.register} creates a new L{OAuthConsumer} so that a L{User} (most likely an application) can make OAuth calls to Fluidinfo. """ UserAPI().create([(u'user', u'secret', u'User', u'*****@*****.**')]) user = getUser(u'user') consumer = OAuthConsumerAPI().register(user) self.assertTrue(isinstance(consumer, OAuthConsumer)) self.assertIdentical(user, consumer.user)
def testRequestAvatarId(self): """ L{FacadeOAuth2Checker.requestAvatarId} creates a L{FluidinfoSession} for the authenticated user only if credentials are correct. """ UserAPI().create([(u'consumer', u'secret', u'Consumer', u'*****@*****.**'), (u'user', u'secret', u'User', u'*****@*****.**')]) consumerUser = getUser(u'consumer') user = getUser(u'user') api = OAuthConsumerAPI() api.register(consumerUser) token = api.getAccessToken(consumerUser, user) self.store.commit() credentials = OAuth2Credentials(u'consumer', 'secret', token.encrypt()) session = yield self.checker.requestAvatarId(credentials) self.assertEqual(user.username, session.auth.username) self.assertEqual(user.objectID, session.auth.objectID)
def run(): try: user = OAuthConsumerAPI().authenticate(credentials) except AuthenticationError as error: session.log.exception(error) raise TPasswordIncorrect() except UnknownUserError as error: raise TNoSuchUser(error.usernames[0].encode('utf-8')) else: session.auth.login(user.username, user.objectID) return session
def bootstrapWebAdminData(): """Create system data in a database.""" try: superuser = getUser(u'fluiddb') UserAPI().create([((u'fluidinfo.com', u'secret', u'Fluidinfo website', u'*****@*****.**'))]) webuser = getUser(u'fluidinfo.com') webuser.role = Role.USER_MANAGER TagAPI(superuser).create([(u'fluiddb/users/activation-token', u'Activation token for the user')]) PermissionAPI(superuser).set([ (u'fluiddb/users/activation-token', Operation.WRITE_TAG_VALUE, Policy.CLOSED, [u'fluidinfo.com']) ]) anonuser = getUser(u'anon') OAuthConsumerAPI.register(anonuser) except: transaction.abort() raise else: transaction.commit()
def testGetRenewalToken(self): """ L{OAuthConsumerAPI.getRenewalToken} returns an L{OAuthRenewalToken} for a consumer to act on behalf of a L{User}. It includes the consumer, the user to act on behalf of, and the creation time, after which the token will not be accepted. """ UserAPI().create([ (u'consumer', u'secret', u'Consumer', u'*****@*****.**'), (u'user', u'secret', u'User', u'*****@*****.**')]) consumerUser = getUser(u'consumer') user = getUser(u'user') now = datetime.utcnow() api = OAuthConsumerAPI() api.register(consumerUser) token = api.getRenewalToken(consumerUser, user, now=lambda: now) self.assertTrue(isinstance(token, OAuthRenewalToken)) self.assertIdentical(consumerUser, token.consumer) self.assertIdentical(user, token.user) self.assertEqual(now, token.creationTime)
def bootstrapWebAdminData(): """Create system data in a database.""" try: superuser = getUser(u'fluiddb') UserAPI().create([((u'fluidinfo.com', u'secret', u'Fluidinfo website', u'*****@*****.**'))]) webuser = getUser(u'fluidinfo.com') webuser.role = Role.USER_MANAGER TagAPI(superuser).create([(u'fluiddb/users/activation-token', u'Activation token for the user')]) PermissionAPI(superuser).set([(u'fluiddb/users/activation-token', Operation.WRITE_TAG_VALUE, Policy.CLOSED, [u'fluidinfo.com'])]) anonuser = getUser(u'anon') OAuthConsumerAPI.register(anonuser) except: transaction.abort() raise else: transaction.commit()
def testRenewToken(self): """ L{OAuthConsumerAPI.renewToken} generates a new L{OAuthRenewalToken} and L{OAuthAccessToken}, given a valid L{OAuthRenewalToken}. """ UserAPI().create([ (u'consumer', u'secret', u'Consumer', u'*****@*****.**'), (u'user', u'secret', u'User', u'*****@*****.**')]) consumerUser = getUser(u'consumer') user = getUser(u'user') api = OAuthConsumerAPI() api.register(consumerUser) renewalToken = api.getRenewalToken(consumerUser, user) newRenewalToken, accessToken = api.renewToken(renewalToken) self.assertNotEqual(renewalToken, newRenewalToken) self.assertTrue(isinstance(renewalToken, OAuthRenewalToken)) self.assertIdentical(consumerUser, renewalToken.consumer) self.assertIdentical(user, renewalToken.user) self.assertTrue(isinstance(accessToken, OAuthAccessToken)) self.assertIdentical(consumerUser, accessToken.consumer) self.assertIdentical(user, accessToken.user)
def testAuthenticateOAuth2WithTokenMadeFromBadOAuthEchoSecret(self): """ L{OAuthConsumerAPI.authenticate} raises an L{AuthenticationError} exception if the token in the L{OAuthCredentials} is invalid because it is not made with our oauthEchoSecret in the key. """ UserAPI().create([(u'user1', u'secret1', u'User1', u'*****@*****.**')]) user1 = getUser(u'user1') UserAPI().create([(u'user2', u'secret2', u'User2', u'*****@*****.**')]) oauthConsumerAPI = OAuthConsumerAPI() consumer = oauthConsumerAPI.register(user1, secret='abyOTsAfo9MVN0qz') oauthEchoSecret = 'x' * 16 token = dataToToken(oauthEchoSecret + consumer.secret, {'username': '******'}) credentials = OAuth2Credentials(u'user1', u'secret1', token) self.assertRaises(AuthenticationError, oauthConsumerAPI.authenticate, credentials)
def testAuthenticateOAuth2WithInvalidToken(self): """ L{OAuthConsumerAPI.authenticate} raises an L{AuthenticationError} exception if the token in the L{OAuthCredentials} is invalid. """ UserAPI().create([(u'user1', u'secret1', u'User1', u'*****@*****.**')]) user1 = getUser(u'user1') # NOTE This second user is not used, but it's created anyway to make # sure that the environment is the same as the other tests, but this # time the test will only fail because of an invalid token. # This is here to avoid regressions. UserAPI().create([(u'user2', u'secret2', u'User2', u'*****@*****.**')]) oauthConsumerAPI = OAuthConsumerAPI() oauthConsumerAPI.register(user1, secret='abyOTsAfo9MVN0qz') token = 'invalid' credentials = OAuth2Credentials(u'user1', u'secret1', token) self.assertRaises(AuthenticationError, oauthConsumerAPI.authenticate, credentials)