def testAuthenticateUserWithOAuthUnknownUsernameInToken(self):
"""
L{FacadeAuthMixin.authenticateUserWithOAuth} raises a
L{TNoSuchUser} exception if the username in the token does
not match an existing L{User}.
"""
user1 = createUser(u'user1', u'pass1', u'User1', u'*****@*****.**')
oauthConsumer1 = createOAuthConsumer(user1, secret='secret16charlng1')
self.store.commit()
timestamp = 1314976811
headers = {'header1': 'foo'}
arguments = 'argument1=bar'
token = dataToToken(oauthConsumer1.secret,
{'username': u'unknownUser'})
signature = '3MNZYSgsGftopjuwv3g2u5Q+MZM='
nonce = 'nonce'
credentials = OAuthCredentials(
'fluidinfo.com', user1.username, token, u'HMAC-SHA1', signature,
timestamp, nonce, 'GET', 'https://fluidinfo.com/foo', headers,
arguments)
deferred = self.facade.authenticateUserWithOAuth(credentials)
return self.assertFailure(deferred, TNoSuchUser)
def testRoundtripAfterFork(self):
"""
Test that we can roundtrip encrypt / decrypt after forking
without error.
"""
if fork() == 0:
key = createKey()
data = {u'user': u'aliafshar', u'id': u'91821212'}
token = dataToToken(key, data)
self.assertEqual(data, tokenToData(key, token))
# This is horrible, but necessary: Turn the child into a sleep
# process, so trial doesn't get its knickers in a knot when the
# child tries to remove the trial lock file. I.e., politically
# 'vanish' the child process and trial (the parent) removes the
# lock as normal.
#
# This is necessary because trial checks the PID of the process
# when removing the lock file. So apart from having two
# processes trying to remove the same lock file (which causes
# one kind of error), if the child gets there first, there is a
# PID-mismatch error.
execl('/bin/sleep', 'sleep', '0.01')
else:
# The parent waits for the child and exits normally.
wait()
def testAuthenticateUserWithOAuthWithMixedCaseInToken(self):
"""
L{FacadeAuthMixin.authenticateUserWithOAuth} ignores the case in the
username in the token.
"""
UserAPI().create([
(u'consumer', u'secret', u'Consumer', u'*****@*****.**'),
(u'user', u'secret', u'User', u'*****@*****.**')])
consumerUser = getUser(u'consumer')
user = getUser(u'user')
api = OAuthConsumerAPI()
consumer = api.register(consumerUser)
token = dataToToken(consumer.secret,
{'username': u'UseR',
'creationTime': '20121228-161823'})
self.store.commit()
timestamp = 1314976811
headers = {'header1': 'foo'}
arguments = 'argument1=bar'
request = Request.from_request('GET', u'https://fluidinfo.com/foo',
headers, {'argument1': 'bar'})
signature = SignatureMethod_HMAC_SHA1().sign(request,
consumer, None)
nonce = 'nonce'
credentials = OAuthCredentials(
'fluidinfo.com', consumerUser.username, token,
'HMAC-SHA1', signature, timestamp, nonce, 'GET',
u'https://fluidinfo.com/foo', headers, arguments)
session = yield self.facade.authenticateUserWithOAuth(credentials)
self.assertEqual(user.username, session.auth.username)
self.assertEqual(user.objectID, session.auth.objectID)
def testAuthenticateOAuthWithIncorrectSignature(self):
"""
L{OAuthConsumerAPI.authenticate} raises an L{AuthenticationError}
exception if the signature in the L{OAuthCredentials} is incorrect.
"""
UserAPI().create([
(u'consumer', u'secret', u'Consumer', u'*****@*****.**'),
(u'user', u'secret', u'User', u'*****@*****.**')])
consumerUser = getUser(u'consumer')
user = getUser(u'user')
api = OAuthConsumerAPI()
consumer = api.register(consumerUser, secret='abyOTsAfo9MVN0qz')
timestamp = 1314976811
headers = {'header1': 'foo'}
arguments = 'argument1=bar'
oauthEchoSecret = getConfig().get('oauth', 'access-secret')
token = dataToToken(oauthEchoSecret + consumer.secret,
{'username': user.username,
'creationTime': '2012-12-28 16:18:23'})
signature = 'wrong'
nonce = 'nonce'
credentials = OAuthCredentials(
'fluidinfo.com', consumerUser.username, token, 'HMAC-SHA1',
signature, timestamp, nonce, 'GET', u'https://fluidinfo.com/foo',
headers, arguments)
self.assertRaises(AuthenticationError, api.authenticate, credentials)
def testRequestAvatarIdWithTokenMadeFromWrongSecret(self):
"""
L{FacadeOAuthChecker.requestAvatarId} creates a L{FluidinfoSession}
for the authenticated user only if the access token was created
using the consumer's secret.
"""
secret = ''.join(sample(ALPHABET, 16))
user = createUser(u'username', u'password', u'User',
u'*****@*****.**')
createOAuthConsumer(user, secret=secret)
self.store.commit()
timestamp = 1314976811
headers = {'header1': 'foo'}
arguments = 'argument1=bar'
token = dataToToken('a' * 16, {'username': user.username})
signature = 'wrong'
nonce = 'nonce'
credentials = OAuthCredentials('fluidinfo.com', user.username, token,
'HMAC-SHA1', signature, timestamp,
nonce, 'GET',
u'https://fluidinfo.com/foo', headers,
arguments)
deferred = self.checker.requestAvatarId(credentials)
return self.assertFailure(deferred, UnauthorizedLogin)
def testAuthenticateOAuthWithUnknownConsumer(self):
"""
L{OAuthConsumerAPI.authenticate} raises an L{AuthenticationError}
exception if the consumer is not registered.
"""
UserAPI().create([(u'user1', u'secret1', u'User1',
u'*****@*****.**')])
user1 = getUser(u'user1')
secret = 'a' * 16
timestamp = 1314976811
headers = {'header1': 'foo'}
arguments = 'argument1=bar'
oauthEchoSecret = getConfig().get('oauth', 'access-secret')
token = dataToToken(oauthEchoSecret + secret, {'user1': 'secret1'})
signature = 'Sno1ocDhYv9vwJnEJATE3cmUvSo='
nonce = 'nonce'
oauthConsumerAPI = OAuthConsumerAPI()
credentials = OAuthCredentials(
'fluidinfo.com', user1.username, token, 'HMAC-SHA1', signature,
timestamp, nonce, 'GET', u'https://fluidinfo.com/foo', headers,
arguments)
self.assertRaises(AuthenticationError, oauthConsumerAPI.authenticate,
credentials)
def testAuthenticateOAuthWithUnknownUser(self):
"""
L{OAuthConsumerAPI.authenticate} raises a L{UnknownUserError} exception
if the user in the L{OAuthCredentials} token doesn't exist.
"""
UserAPI().create([(u'user1', u'secret1', u'User1',
u'*****@*****.**')])
user1 = getUser(u'user1')
oauthConsumerAPI = OAuthConsumerAPI()
consumer = oauthConsumerAPI.register(user1, secret='abyOTsAfo9MVN0qz')
timestamp = 1314976811
headers = {'header1': 'foo'}
arguments = 'argument1=bar'
oauthEchoSecret = getConfig().get('oauth', 'access-secret')
token = dataToToken(oauthEchoSecret + consumer.secret,
{'username': '******'})
signature = 'Sno1ocDhYv9vwJnEJATE3cmUvSo='
nonce = 'nonce'
credentials = OAuthCredentials(
'fluidinfo.com', user1.username, token, 'HMAC-SHA1', signature,
timestamp, nonce, 'GET', u'https://fluidinfo.com/foo', headers,
arguments)
self.assertRaises(UnknownUserError, oauthConsumerAPI.authenticate,
credentials)
def testTokenToDataWithBadKey(self):
"""Attempt to turn a token into valid data using an invalid key.
Make sure we get a C{ValueError}.
"""
key = createKey()
data = {u'user': u'aliafshar'}
token = dataToToken(key, data)
self.assertRaises(ValueError, tokenToData, createKey(), token=token)
def testAuthenticateUserWithOAuth2UnknownUsernameInToken(self):
"""
L{FacadeAuthMixin.authenticateUserWithOAuth2} ignores the case in the
consumer key.
"""
user = createUser(u'user', u'pass', u'User', u'*****@*****.**')
oauthConsumer = createOAuthConsumer(user, secret='secret16charlng1')
self.store.commit()
token = dataToToken(oauthConsumer.secret, {'username': u'unknownUser'})
credentials = OAuth2Credentials(u'user', u'pass', token)
deferred = self.facade.authenticateUserWithOAuth2(credentials)
return self.assertFailure(deferred, TNoSuchUser)
def testRequestAvatarIdWithTokenMadeFromWrongSecret(self):
"""
L{FacadeOAuth2Checker.requestAvatarId} creates a
L{FluidinfoSession} for the authenticated user only if the access
token was created using the consumer's secret.
"""
user1 = createUser(u'user1', u'pass1', u'User1', u'*****@*****.**')
createOAuthConsumer(user1, secret='secret16charlng1')
user2 = createUser(u'user2', u'pass2', u'User2', u'*****@*****.**')
self.store.commit()
token = dataToToken('a' * 16, {'username': user2.username})
credentials = OAuth2Credentials(u'user1', u'pass1', token)
deferred = self.checker.requestAvatarId(credentials)
return self.assertFailure(deferred, UnauthorizedLogin)
def encrypt(self):
"""Convert this token into an encrypted blob.
@return: A encrypted token as a C{str}.
"""
result = getOAuthConsumers(userIDs=[self.consumer.id]).one()
if result is None:
raise UnknownConsumerError("'%s' is not a consumer."
% self.consumer.username)
_, consumer = result
salt = getConfig().get('oauth', self.configName)
secret = salt + consumer.secret
creationTime = self.creationTime.strftime('%Y%m%d-%H%M%S')
return dataToToken(secret, {'username': self.user.username,
'creationTime': creationTime})
def testAuthenticateUserWithOAuth2UnregisteredConsumer(self):
"""
L{FacadeAuthMixin.authenticateUserWithOAuth2} raises
L{TPasswordIncorrect} if the consumer exists as a Fluidinfo user
but is not registered as an OAuth consumer.
"""
createUser(u'user1', u'pass1', u'User1', u'*****@*****.**')
createUser(u'user2', u'pass2', u'User2', u'*****@*****.**')
self.store.commit()
token = dataToToken('a' * 16, {'username': u'user2'})
credentials = OAuth2Credentials(u'user1', u'pass1', token)
deferred = self.facade.authenticateUserWithOAuth2(credentials)
return self.assertFailure(deferred, TPasswordIncorrect)
def testDecryptTokenWithoutCreationTime(self):
"""
L{OAuthTokenBase.decrypt} correctly decrypts tokens without a
C{creationTime} field, since old OAuth tokens didn't have these.
"""
UserAPI().create([
(u'consumer', u'secret', u'Consumer', u'*****@*****.**'),
(u'user', u'secret', u'User', u'*****@*****.**')])
consumerUser = getUser(u'consumer')
consumer = OAuthConsumerAPI().register(consumerUser)
salt = getConfig().get('oauth', self.cls.configName)
secret = salt + consumer.secret
encryptedToken = dataToToken(secret, {'username': u'user'})
token = self.cls.decrypt(consumerUser, encryptedToken)
self.assertIdentical(None, token.creationTime)
def testAuthenticateOAuth2WithUnknownConsumer(self):
"""
L{OAuthConsumerAPI.authenticate} raises an L{AuthenticationError}
exception if the consumer is not registered.
"""
UserAPI().create([(u'user1', u'secret1', u'User1',
u'*****@*****.**')])
secret = 'a' * 16
oauthEchoSecret = getConfig().get('oauth', 'access-secret')
token = dataToToken(oauthEchoSecret + secret, {'user1': 'secret1'})
oauthConsumerAPI = OAuthConsumerAPI()
credentials = OAuth2Credentials(u'user1', u'secret1', token)
self.assertRaises(AuthenticationError, oauthConsumerAPI.authenticate,
credentials)
def testAuthenticateUserWithOAuth2ConsumerPasswordIncorrect(self):
"""
L{FacadeAuthMixin.authenticateUserWithOAuth2} raises
L{TPasswordIncorrect} if the consumer's password is not correct.
"""
user1 = createUser(u'user1', u'pass1', u'User1', u'*****@*****.**')
oauthConsumer1 = createOAuthConsumer(user1, secret='secret16charlng1')
user2 = createUser(u'user2', u'pass2', u'User2', u'*****@*****.**')
self.store.commit()
token = dataToToken(oauthConsumer1.secret,
{'username': user2.username})
credentials = OAuth2Credentials(u'user1', u'invalid', token)
deferred = self.facade.authenticateUserWithOAuth2(credentials)
return self.assertFailure(deferred, TPasswordIncorrect)
def encrypt(self):
"""Convert this token into an encrypted blob.
@return: A encrypted token as a C{str}.
"""
result = getOAuthConsumers(userIDs=[self.consumer.id]).one()
if result is None:
raise UnknownConsumerError("'%s' is not a consumer." %
self.consumer.username)
_, consumer = result
salt = getConfig().get('oauth', self.configName)
secret = salt + consumer.secret
creationTime = self.creationTime.strftime('%Y%m%d-%H%M%S')
return dataToToken(secret, {
'username': self.user.username,
'creationTime': creationTime
})
def testAuthenticateOAuth2WithUnknownUser(self):
"""
L{OAuthConsumerAPI.authenticate} raises a L{UnknownUserError} exception
if the user in the L{OAuth2Credentials} token doesn't exist.
"""
UserAPI().create([(u'user1', u'secret1', u'User1',
u'*****@*****.**')])
user1 = getUser(u'user1')
oauthConsumerAPI = OAuthConsumerAPI()
consumer = oauthConsumerAPI.register(user1, secret='abyOTsAfo9MVN0qz')
oauthEchoSecret = getConfig().get('oauth', 'access-secret')
token = dataToToken(oauthEchoSecret + consumer.secret,
{'username': '******'})
credentials = OAuth2Credentials(u'user1', u'secret1', token)
self.assertRaises(UnknownUserError, oauthConsumerAPI.authenticate,
credentials)
def testAuthenticateUserWithOAuthWithMixedCaseToken(self):
"""
L{FacadeAuthMixin.authenticateUserWithOAuth2} ignores case in the
username in the token.
"""
UserAPI().create([
(u'consumer', u'secret', u'Consumer', u'*****@*****.**'),
(u'user', u'secret', u'User', u'*****@*****.**')])
consumer = getUser(u'consumer')
user = getUser(u'user')
api = OAuthConsumerAPI()
oauthConsumer = api.register(consumer)
token = dataToToken(oauthConsumer.secret,
{'username': u'UseR',
'creationTime': '20121228-161823'})
self.store.commit()
credentials = OAuth2Credentials(consumer.username, u'secret', token)
session = yield self.facade.authenticateUserWithOAuth2(credentials)
self.assertEqual(user.username, session.auth.username)
self.assertEqual(user.objectID, session.auth.objectID)
def testAuthenticateUserWithOAuthUnknownConsumer(self):
"""
L{FacadeAuthMixin.authenticateUserWithOAuth} raises
L{TNoSuchUser} if the consumer does not exist.
"""
user2 = createUser(u'user2', u'pass2', u'User2', u'*****@*****.**')
self.store.commit()
timestamp = 1314976811
headers = {'header1': 'foo'}
arguments = 'argument1=bar'
token = dataToToken('a' * 16, {'username': user2.username})
signature = '3MNZYSgsGftopjuwv3g2u5Q+MZM='
nonce = 'nonce'
credentials = OAuthCredentials(
'fluidinfo.com', u'user1', token, 'HMAC-SHA1', signature,
timestamp, nonce, 'GET', u'https://fluidinfo.com/foo', headers,
arguments)
deferred = self.facade.authenticateUserWithOAuth(credentials)
return self.assertFailure(deferred, TNoSuchUser)
def testAuthenticateOAuth2WithTokenMadeFromBadOAuthEchoSecret(self):
"""
L{OAuthConsumerAPI.authenticate} raises an L{AuthenticationError}
exception if the token in the L{OAuthCredentials} is invalid
because it is not made with our oauthEchoSecret in the key.
"""
UserAPI().create([(u'user1', u'secret1', u'User1',
u'*****@*****.**')])
user1 = getUser(u'user1')
UserAPI().create([(u'user2', u'secret2', u'User2',
u'*****@*****.**')])
oauthConsumerAPI = OAuthConsumerAPI()
consumer = oauthConsumerAPI.register(user1, secret='abyOTsAfo9MVN0qz')
oauthEchoSecret = 'x' * 16
token = dataToToken(oauthEchoSecret + consumer.secret,
{'username': '******'})
credentials = OAuth2Credentials(u'user1', u'secret1', token)
self.assertRaises(AuthenticationError, oauthConsumerAPI.authenticate,
credentials)
def testRoundtrip(self):
"""Test that we can roundtrip encrypt / decrypt without error."""
key = createKey()
data = {u'user': u'aliafshar', u'id': u'91821212'}
token = dataToToken(key, data)
self.assertEqual(data, tokenToData(key, token))