def test_failed_user_lookup(self):
partner = UserProfile.objects.get(email="*****@*****.**")
c = Consumer(name="p", status="accepted", user=partner)
c.generate_random_codes()
c.save()
r = oclient.get("api.user", c, None, params={"email": "*****@*****.**"})
eq_(r.status_code, 404)
def user_activation(request, code,
template_name="users/user_activation.html"):
try:
activation = UserActivationCode.objects.get(code=code)
active = activation.is_active()
except UserActivationCode.DoesNotExist:
activation = active = False
if active:
user = activation.user
user.is_active = True
user.save()
try:
consumer = Consumer.objects.get(user=user)
except Consumer.DoesNotExist:
consumer = Consumer(name=user.username, user=user,
status='accepted')
consumer.generate_random_codes()
consumer.save()
try:
token = Token.objects.get(user=user, consumer=consumer)
except Token.DoesNotExist:
token = Token(user=user, consumer=consumer, is_approved=True,
timestamp=time.time(),
token_type=Token.ACCESS)
token.generate_random_codes()
token.save()
extra_context = {
'active': active,
'activation': activation
}
return direct_to_template(request, template_name,
extra_context=extra_context)
def setUp(self):
super(OAuthTests, self).setUp()
self.consumer = Consumer(name='Test Consumer',
description='Test',
status='accepted')
self.consumer.generate_random_codes()
self.consumer.save()
def test_user_lookup(self):
partner = UserProfile.objects.get(email="*****@*****.**")
c = Consumer(name="p", status="accepted", user=partner)
c.generate_random_codes()
c.save()
r = oclient.get("api.user", c, None, params={"email": "*****@*****.**"})
eq_(r.status_code, 200)
eq_(json.loads(r.content)["email"], "*****@*****.**")
def test_failed_user_lookup(self):
partner = UserProfile.objects.get(email='*****@*****.**')
c = Consumer(name='p', status='accepted', user=partner)
c.generate_random_codes()
c.save()
r = oclient.get('api.user', c, None,
params={'email': '*****@*****.**'})
eq_(r.status_code, 404)
class ConsumerTest(TestCase):
fixtures = ['models.json']
def setUp(self):
self.consumer = Consumer()
self.consumer.name = "Piston Test Consumer"
self.consumer.description = "A test consumer for Piston."
self.consumer.user = User.objects.get(pk=3)
self.consumer.generate_random_codes()
def _pre_test_email(self):
template = "piston/mails/consumer_%s.txt" % self.consumer.status
try:
loader.render_to_string(template, {
'consumer': self.consumer,
'user': self.consumer.user
})
return True
except TemplateDoesNotExist:
"""
They haven't set up the templates, which means they might not want
these emails sent.
"""
return False
def test_create_pending(self):
""" Ensure creating a pending Consumer sends proper emails """
# Verify if the emails can be sent
if not self._pre_test_email():
return
# If it's pending we should have two messages in the outbox; one
# to the consumer and one to the site admins.
if len(settings.ADMINS):
self.assertEquals(len(mail.outbox), 2)
else:
self.assertEquals(len(mail.outbox), 1)
expected = "Your API Consumer for example.com is awaiting approval."
self.assertEquals(mail.outbox[0].subject, expected)
def test_delete_consumer(self):
""" Ensure deleting a Consumer sends a cancel email """
# Clear out the outbox before we test for the cancel email.
mail.outbox = []
# Delete the consumer, which should fire off the cancel email.
self.consumer.delete()
# Verify if the emails can be sent
if not self._pre_test_email():
return
self.assertEquals(len(mail.outbox), 1)
expected = "Your API Consumer for example.com has been canceled."
self.assertEquals(mail.outbox[0].subject, expected)
class ConsumerTest(TestCase):
fixtures = ['models.json']
def setUp(self):
self.consumer = Consumer()
self.consumer.name = "Piston Test Consumer"
self.consumer.description = "A test consumer for Piston."
self.consumer.user = User.objects.get(pk=3)
self.consumer.generate_random_codes()
def _pre_test_email(self):
template = "piston/mails/consumer_%s.txt" % self.consumer.status
try:
loader.render_to_string(template, {
'consumer': self.consumer,
'user': self.consumer.user
})
return True
except TemplateDoesNotExist:
"""
They haven't set up the templates, which means they might not want
these emails sent.
"""
return False
def test_create_pending(self):
""" Ensure creating a pending Consumer sends proper emails """
# Verify if the emails can be sent
if not self._pre_test_email():
return
# If it's pending we should have two messages in the outbox; one
# to the consumer and one to the site admins.
if len(settings.ADMINS):
self.assertEquals(len(mail.outbox), 2)
else:
self.assertEquals(len(mail.outbox), 1)
expected = "Your API Consumer for example.com is awaiting approval."
self.assertEquals(mail.outbox[0].subject, expected)
def test_delete_consumer(self):
""" Ensure deleting a Consumer sends a cancel email """
# Clear out the outbox before we test for the cancel email.
mail.outbox = []
# Delete the consumer, which should fire off the cancel email.
self.consumer.delete()
# Verify if the emails can be sent
if not self._pre_test_email():
return
self.assertEquals(len(mail.outbox), 1)
expected = "Your API Consumer for example.com has been canceled."
self.assertEquals(mail.outbox[0].subject, expected)
def test_user_lookup(self):
partner = UserProfile.objects.get(email='*****@*****.**')
c = Consumer(name='p', status='accepted', user=partner)
c.generate_random_codes()
c.save()
r = oclient.get('api.user', c, None,
params={'email': '*****@*****.**'})
eq_(r.status_code, 200)
eq_(json.loads(r.content)['email'], '*****@*****.**')
def setUp(self):
self.user = User.objects.get(pk=2519)
for status in ("accepted", "pending", "canceled"):
c = Consumer(name="a", status=status, user=self.user)
c.generate_random_codes()
c.save()
setattr(self, "%s_consumer" % status, c)
self.client = OAuthClient(self.accepted_consumer)
def setUp(self):
self.user = User.objects.get(pk=2519)
for status in ('accepted', 'pending', 'canceled', ):
c = Consumer(name='a', status=status, user=self.user)
c.generate_random_codes()
c.save()
setattr(self, '%s_consumer' % status, c)
self.client = OAuthClient(self.accepted_consumer)
def setUp(self):
consumers = []
for status in ("accepted", "pending", "canceled"):
c = Consumer(name="a", status=status)
c.generate_random_codes()
c.save()
consumers.append(c)
self.accepted_consumer = consumers[0]
self.pending_consumer = consumers[1]
self.canceled_consumer = consumers[2]
def setUp(self):
self.user = User.objects.get(pk=2519)
self.user.get_profile().update(read_dev_agreement=datetime.now())
for status in ('accepted', 'pending', 'canceled', ):
c = Consumer(name='a', status=status, user=self.user)
c.generate_random_codes()
c.save()
setattr(self, '%s_consumer' % status, c)
self.client = OAuthClient(self.accepted_consumer)
def setUp(self):
self.editor = User.objects.get(email='*****@*****.**')
self.admin = User.objects.get(email='*****@*****.**')
consumers = []
for status in ('accepted', 'pending', 'canceled', ):
c = Consumer(name='a', status=status, user=self.editor)
c.generate_random_codes()
c.save()
consumers.append(c)
self.accepted_consumer = consumers[0]
self.pending_consumer = consumers[1]
self.canceled_consumer = consumers[2]
self.token = None
def setUp(self):
self.editor = UserProfile.objects.get(email="*****@*****.**")
self.admin = UserProfile.objects.get(email="*****@*****.**")
consumers = []
for status in ("accepted", "pending", "canceled"):
c = Consumer(name="a", status=status, user=self.editor)
c.generate_random_codes()
c.save()
consumers.append(c)
self.accepted_consumer = consumers[0]
self.pending_consumer = consumers[1]
self.canceled_consumer = consumers[2]
self.token = None
def handle(self, *args, **options):
from django.contrib.auth.models import User
from piston.models import Consumer
app = Consumer(status = 'accepted')
username = raw_input('Username of the app\'s owner: ')
while not username:
username = raw_input('Username of the app\'s owner (required): ')
try:
app.user = User.objects.get(username = username)
except User.DoesNotExist:
raise CommandError('User %s not found' % username)
name = raw_input('App name: ')
while not name:
name = raw_input('App name (required): ')
app.name = name
app.description = raw_input('App description (optional): ')
app.generate_random_codes()
app.save()
print '\nApplication name: %s\nApplication creator: %s\nAPI key: %s\nAPI secret: %s' % (
app.name,
app.user.get_full_name() or app.user.username,
app.key,
app.secret
)
def setUp(self):
# Although client.put now exists in Django 1.1, it is unusable for us:
# http://code.djangoproject.com/ticket/11371
# So, we override it with our own working version:
self.client.put = curry(self.client.post, REQUEST_METHOD='PUT')
# TODO: Use standard consumer?
self.consumer = Consumer(name='Test Consumer',
description='Test',
status='accepted')
self.consumer.key = "123"
self.consumer.secret = "123"
self.consumer.save()
self.admin_requester = OAuthRequester(self, 'admin', 'admin',
self.consumer)
self.test1_requester = OAuthRequester(self, 'test1', 'test1',
self.consumer)
def setUp(self):
super(OAuthTests, self).setUp()
self.consumer = Consumer(name='Test Consumer', description='Test', status='accepted')
self.consumer.generate_random_codes()
self.consumer.save()
self.oa_atoken = None
self.test_handshake()
def setUp(self):
self.user = User.objects.create_user('username', '*****@*****.**',
'userpassword')
self.user.save()
self.client = Client()
self.client.login(username='******', password='******')
self.consumer = Consumer(name=self.user.username,
status='accepted',
user=self.user)
self.consumer.generate_random_codes()
self.consumer.save()
self.token = Token(token_type=Token.ACCESS,
timestamp=time.time(),
is_approved=True,
user=self.user,
consumer=self.consumer)
self.token.generate_random_codes()
self.token.save()
def user_activation(request, code,
template_name="users/user_activation.html"):
try:
activation = UserActivationCode.objects.get(code=code)
active = activation.is_active()
except UserActivationCode.DoesNotExist:
activation = active = False
if active:
user = activation.user
user.is_active = True
user.save()
try:
consumer = Consumer.objects.get(user=user)
except Consumer.DoesNotExist:
consumer = Consumer(name=user.username, user=user,
status='accepted')
consumer.generate_random_codes()
consumer.save()
try:
token = Token.objects.get(user=user, consumer=consumer)
except Token.DoesNotExist:
token = Token(user=user, consumer=consumer, is_approved=True,
timestamp=time.time(),
token_type=Token.ACCESS)
token.generate_random_codes()
token.save()
extra_context = {
'active': active,
'activation': activation
}
return direct_to_template(request, template_name,
extra_context=extra_context)
def add_consumer(request):
"""
Piston Consumer form if upon POST save else render form
New API key request
"""
form_class = ConsumerForm
entry_class = Consumer
if request.method == 'POST':
form = form_class(request.POST)
if form.is_valid():
entry = Consumer(**form.cleaned_data)
entry.user = request.user
entry.key, entry.secret = Consumer.objects.generate_random_codes()
entry.status = 'pending'
# Save the entry to the DB
entry.save()
return HttpResponseRedirect(reverse('key_list'))
else:
initial = {
}
form = form_class(initial=initial)
context = {
'title': 'Get an API key',
'form_button': 'Get the key NOW!',
'form': form,
}
return render_to_response('key/edit.html', context,
context_instance=RequestContext(request))
def test_failed_user_lookup(self):
partner = UserProfile.objects.get(email='*****@*****.**')
c = Consumer(name='p', status='accepted', user=partner)
c.generate_random_codes()
c.save()
r = oclient.get('api.user', c, None,
params={'email': '*****@*****.**'})
eq_(r.status_code, 404)
def test_user_lookup(self):
partner = UserProfile.objects.get(email='*****@*****.**')
c = Consumer(name='p', status='accepted', user=partner)
c.generate_random_codes()
c.save()
r = oclient.get('api.user', c, None,
params={'email': '*****@*****.**'})
eq_(r.status_code, 200)
eq_(json.loads(r.content)['email'], '*****@*****.**')
def setUp(self):
consumers = []
for status in ('accepted', 'pending', 'canceled', ):
c = Consumer(name='a', status=status)
c.generate_random_codes()
c.save()
consumers.append(c)
self.accepted_consumer = consumers[0]
self.pending_consumer = consumers[1]
self.canceled_consumer = consumers[2]
def setUp(self):
self.user = User.objects.create_user('user', '*****@*****.**',
'userpassword')
self.user.save()
self.client = Client()
self.client.login(username='******', password='******')
self.consumer = Consumer(name=self.user.username, status='accepted',
user=self.user)
self.consumer.generate_random_codes()
self.consumer.save()
self.token = Token(token_type=Token.ACCESS, timestamp=time.time(),
is_approved=True, user=self.user,
consumer=self.consumer)
self.token.generate_random_codes()
self.token.save()
def setUp(self):
self.editor = User.objects.get(email='*****@*****.**')
self.admin = User.objects.get(email='*****@*****.**')
consumers = []
for status in ('accepted', 'pending', 'canceled', ):
c = Consumer(name='a', status=status, user=self.editor)
c.generate_random_codes()
c.save()
consumers.append(c)
self.accepted_consumer = consumers[0]
self.pending_consumer = consumers[1]
self.canceled_consumer = consumers[2]
self.token = None
def setUp(self):
self.user = User.objects.get(pk=2519)
for status in (
'accepted',
'pending',
'canceled',
):
c = Consumer(name='a', status=status, user=self.user)
c.generate_random_codes()
c.save()
setattr(self, '%s_consumer' % status, c)
self.client = OAuthClient(self.accepted_consumer)
class ApiTestCase(TestCase):
fixtures = ['basic.json']
def setUp(self):
# Although client.put now exists in Django 1.1, it is unusable for us:
# http://code.djangoproject.com/ticket/11371
# So, we override it with our own working version:
self.client.put = curry(self.client.post, REQUEST_METHOD='PUT')
# TODO: Use standard consumer?
self.consumer = Consumer(name='Test Consumer',
description='Test',
status='accepted')
self.consumer.key = "123"
self.consumer.secret = "123"
self.consumer.save()
self.admin_requester = OAuthRequester(self, 'admin', 'admin',
self.consumer)
self.test1_requester = OAuthRequester(self, 'test1', 'test1',
self.consumer)
def tearDown(self):
self.consumer.delete()
def testUser(self):
# Test a user with missing fields
response = self.client.get('/api/1.0/admin/')
self.assertEqual(response.status_code, 200)
# TODO: Genericize URL stuff
self.assertEqual(
json.loads(response.content), {
'user-name': 'admin',
'last-name': '',
'notes-ref': {
'href': 'http://example.com/admin/notes/',
'api-ref': 'http://example.com/api/1.0/admin/notes/'
},
'current-sync-guid': '5ec1f08a-19f1-416a-b086-ff22f6f7c9e8',
'first-name': '',
'latest-sync-revision': -1
})
# Test a user with all fields, with and without auth
for client in self.client, self.test1_requester:
response = client.get('/api/1.0/test1/')
self.assertEqual(response.status_code, 200)
self.assertEqual(
json.loads(response.content), {
'user-name': 'test1',
'last-name': 'Doe',
'notes-ref': {
'href': 'http://example.com/test1/notes/',
'api-ref': 'http://example.com/api/1.0/test1/notes/'
},
'current-sync-guid':
'1886ae92-6c46-43e8-86c0-bb74df89f66c',
'first-name': 'John',
'latest-sync-revision': -1
})
def testUserBadMethods(self):
# PUT/POST/DELETE are not allowed
# POST and PUT need some dummy data, otherwise piston replies "Bad Request"
response = self.admin_requester.put('/api/1.0/admin/',
'{ "test" : "test" }')
self.assertEqual(response.status_code, 405)
self.assertEqual(response['Allow'], 'GET')
response = self.admin_requester.post('/api/1.0/admin/',
'{ "test" : "test" }')
self.assertEqual(response.status_code, 405)
self.assertEqual(response['Allow'], 'GET')
response = self.admin_requester.delete('/api/1.0/admin/')
self.assertEqual(response.status_code, 405)
self.assertEqual(response['Allow'], 'GET')
def testRootNoAuth(self):
# Test w/out auth
response = self.client.get('/api/1.0/')
self.assertEqual(response.status_code, 200)
self.assertEqual(
json.loads(response.content), {
'api-version':
'1.0',
'oauth_access_token_url':
'http://example.com/oauth/access_token/',
'oauth_authorize_url':
'http://example.com/oauth/authenticate/',
'oauth_request_token_url':
'http://example.com/oauth/request_token/'
})
def testRootWithAuth(self):
# Test w/ auth (admin user)
response = self.admin_requester.get('/api/1.0/')
self.assertEqual(response.status_code, 200)
self.assertEqual(
json.loads(response.content), {
'api-version':
'1.0',
'user-ref': {
'href': 'http://example.com/admin/',
'api-ref': 'http://example.com/api/1.0/admin/'
},
'oauth_access_token_url':
'http://example.com/oauth/access_token/',
'oauth_authorize_url':
'http://example.com/oauth/authenticate/',
'oauth_request_token_url':
'http://example.com/oauth/request_token/'
})
# Test w/ auth (test1 user)
response = self.test1_requester.get('/api/1.0/')
self.assertEqual(response.status_code, 200)
self.assertEqual(
json.loads(response.content), {
'api-version':
'1.0',
'user-ref': {
'href': 'http://example.com/test1/',
'api-ref': 'http://example.com/api/1.0/test1/'
},
'oauth_access_token_url':
'http://example.com/oauth/access_token/',
'oauth_authorize_url':
'http://example.com/oauth/authenticate/',
'oauth_request_token_url':
'http://example.com/oauth/request_token/'
})
def testRootBadMethods(self):
# PUT/POST/DELETE are not allowed
# POST and PUT need some dummy data, otherwise piston replies "Bad Request"
response = self.admin_requester.put('/api/1.0/', '{ "test" : "test" }')
self.assertEqual(response.status_code, 405)
self.assertEqual(response['Allow'], 'GET')
response = self.admin_requester.post('/api/1.0/',
'{ "test" : "test" }')
self.assertEqual(response.status_code, 405)
self.assertEqual(response['Allow'], 'GET')
response = self.admin_requester.delete('/api/1.0/')
self.assertEqual(response.status_code, 405)
self.assertEqual(response['Allow'], 'GET')
def testNotes(self):
noteJson = '{"guid": "002e91a2-2e34-4e2d-bf88-21def49a7705",' + \
'"title" :"New Note 6",' + \
'"note-content" :"New Note 6\\nDescribe youre note <b>here</b>.",' + \
'"note-content-version" : 0.2,' + \
'"last-change-date" : "2009-04-19T21:29:23.2197340-07:00",' + \
'"last-metadata-change-date" : "2009-04-19T21:29:23.2197340-07:00",' + \
'"create-date" : "2008-03-06T13:44:46.4342680-08:00",' + \
'"last-sync-revision" : 0,' + \
'"open-on-startup" : false,' + \
'"tags" : ["tag1","tag2"]' + \
'}'
notesJson = '{"latest-sync-revision" : 0,' + \
'"note-changes" : [' + noteJson + ']}'
full_notes = {
"notes": [{
"guid": "002e91a2-2e34-4e2d-bf88-21def49a7705",
"ref": {
"href": "http://example.com/admin/notes/1/",
"api-ref": "http://example.com/api/1.0/admin/notes/1/"
},
"title": "New Note 6"
}],
"latest-sync-revision":
0
}
public_notes = {"notes": [], "latest-sync-revision": 0}
response = self.admin_requester.put('/api/1.0/admin/notes/', notesJson)
self.assertEqual(json.loads(response.content), full_notes)
response = self.client.get('/api/1.0/admin/notes/')
self.assertEqual(response.status_code, 401)
response = self.admin_requester.get('/api/1.0/admin/notes/')
self.assertEqual(json.loads(response.content), full_notes)
response = self.test1_requester.get('/api/1.0/admin/notes/')
self.assertEqual(json.loads(response.content), public_notes)
# Make a note public
# TODO: Test collections with a mix of public and private notes
admin = User.objects.get(username='******')
note = Note.objects.get(author=admin,
guid="002e91a2-2e34-4e2d-bf88-21def49a7705")
note.permissions = 1
note.save()
response = self.test1_requester.get('/api/1.0/admin/notes/')
self.assertEqual(json.loads(response.content), full_notes)
def testNotesBadMethods(self):
# POST/DELETE are not allowed
# POST and PUT need some dummy data, otherwise piston replies "Bad Request"
response = self.admin_requester.post('/api/1.0/admin/notes/',
'{ "test" : "test" }')
self.assertEqual(response.status_code, 405)
self.assertEqual(response['Allow'], 'GET, PUT')
response = self.admin_requester.delete('/api/1.0/admin/notes/')
self.assertEqual(response.status_code, 405)
self.assertEqual(response['Allow'], 'GET, PUT')
def testNote(self):
note = {
"note-content": "New Note 6\\nDescribe youre note <b>here</b>.",
"open-on-startup": False,
"last-metadata-change-date": "2010-01-28T18:30:45Z",
"tags": ["tag1", "tag2"],
"title": "New Note 6",
"create-date": "2009-08-28T18:30:45Z",
"pinned": False,
"last-sync-revision": 0,
"last-change-date": "2010-01-28T18:30:45Z",
"guid": "002e91a2-2e34-4e2d-bf88-21def49a7705"
}
# Put testing data into the database
notesJson = '{"latest-sync-revision" : 0,' + \
'"note-changes" : [' + json.dumps(note) + ']}'
response = self.admin_requester.put('/api/1.0/admin/notes/', notesJson)
# Strip the domain from the api-ref
noteAPIRef = json.loads(response.content)['notes'][0]['ref']['api-ref']
noteAPIRef = noteAPIRef.partition('/api/')[1] + noteAPIRef.partition(
'/api/')[2]
response = self.admin_requester.get(noteAPIRef)
responseNote = json.loads(response.content)['note'][0]
self.assertEqual(response.status_code, 200)
self.assertEqual(responseNote, note)
def testNoteBadMethods(self):
# PUT/POST/DELETE are not allowed
# POST and PUT need some dummy data, otherwise piston replies "Bad Request"
response = self.admin_requester.put('/api/1.0/admin/notes/1/',
'{ "test" : "test" }')
self.assertEqual(response.status_code, 405)
self.assertEqual(response['Allow'], 'GET')
response = self.admin_requester.post('/api/1.0/admin/notes/1/',
'{ "test" : "test" }')
self.assertEqual(response.status_code, 405)
self.assertEqual(response['Allow'], 'GET')
response = self.admin_requester.delete('/api/1.0/admin/notes/1/')
self.assertEqual(response.status_code, 405)
self.assertEqual(response['Allow'], 'GET')
class UserTest(TestCase):
"""Tests for users
"""
def setUp(self):
self.user = User.objects.create_user('user', '*****@*****.**',
'userpassword')
self.user.save()
self.client = Client()
self.client.login(username='******', password='******')
self.consumer = Consumer(name=self.user.username, status='accepted',
user=self.user)
self.consumer.generate_random_codes()
self.consumer.save()
self.token = Token(token_type=Token.ACCESS, timestamp=time.time(),
is_approved=True, user=self.user,
consumer=self.consumer)
self.token.generate_random_codes()
self.token.save()
def test_user_profile(self):
profile = self.user.get_profile()
self.assertEqual(profile.in_search, True)
self.assertEqual(profile.is_public, True)
def test_private_profile(self):
response = self.client.get('/user/profile/')
self.assertEqual(response.status_code, 200)
def test_my_public_profile(self):
response = self.client.get('/user/public/%s/' % self.user.username)
self.assertEqual(response.status_code, 200)
def test_public_profile(self):
another_user = User.objects.create_user('another_user',
'*****@*****.**', 'userpassword')
another_user.save()
response = self.client.get('/user/public/%s/' % another_user.username)
self.assertEqual(response.status_code, 200)
profile = another_user.get_profile()
profile.is_public = False
profile.save()
response = self.client.get('/user/public/%s/' % another_user.username)
self.assertEqual(response.status_code, 403)
def test_refresh_access_token(self):
token_key = self.token.key
token_secret = self.token.secret
response = self.client.get('/user/refresh_access_token/')
self.assertEqual(response.status_code, 200)
token = Token.objects.get(user=self.user)
self.assertNotEqual(token.key, token_key)
self.assertNotEqual(token.secret, token_secret)
class OAuthTests(APIMainTest):
"""
OAuthTest Does oauth handshake test and gives derived test classes tests the possibility
to do OAuth resource requests.
"""
signature_method = oauth.OAuthSignatureMethod_HMAC_SHA1()
def setUp(self):
super(OAuthTests, self).setUp()
self.consumer = Consumer(name='Test Consumer',
description='Test',
status='accepted')
self.consumer.generate_random_codes()
self.consumer.save()
self.oa_atoken = None
self.test_handshake()
def tearDown(self):
super(OAuthTests, self).tearDown()
self.consumer.delete()
def do_oauth_request(self, url, parameters={}, http_method='POST'):
oaconsumer = oauth.OAuthConsumer(self.consumer.key,
self.consumer.secret)
request = oauth.OAuthRequest.from_consumer_and_token(
oaconsumer,
http_method=http_method,
token=self.oa_atoken,
http_url='http://testserver%s' % url)
request.parameters.update(parameters)
request.sign_request(self.signature_method, oaconsumer, self.oa_atoken)
if http_method == 'POST':
response = self.client.post(url, request.parameters)
else:
response = self.client.get(url, request.parameters)
return response
def test_handshake(self):
'''Test the OAuth handshake procedure
'''
oaconsumer = oauth.OAuthConsumer(self.consumer.key,
self.consumer.secret)
# Get a request key...
request = oauth.OAuthRequest.from_consumer_and_token(
oaconsumer, http_url='http://testserver/oauth/request_token/')
request.sign_request(self.signature_method, oaconsumer, None)
response = self.client.get('/oauth/request_token/', request.parameters)
oatoken = oauth.OAuthToken.from_string(response.content)
token = Token.objects.get(key=oatoken.key, token_type=Token.REQUEST)
self.assertEqual(token.secret, oatoken.secret)
# Simulate user authentication...
self.failUnless(self.client.login(username='******', password='******'))
request = oauth.OAuthRequest.from_token_and_callback(
token=oatoken,
callback='http://printer.example.com/request_token_ready',
http_url='http://testserver/oauth/authorize/')
request.sign_request(self.signature_method, oaconsumer, oatoken)
# Request the login page
# TODO: Parse the response to make sure all the fields exist
# response = self.client.get('/api/oauth/authorize', {
# 'oauth_token': oatoken.key,
# 'oauth_callback': 'http://printer.example.com/request_token_ready',
# })
response = self.client.post(
'/oauth/authorize/', {
'oauth_token':
oatoken.key,
'oauth_callback':
'http://printer.example.com/request_token_ready',
'csrf_signature':
OAuthAuthenticationForm.get_csrf_signature(
settings.SECRET_KEY, oatoken.key),
'authorize_access':
1,
})
# Response should be a redirect...
self.assertEqual(302, response.status_code)
self.assertEqual(
'http://printer.example.com/request_token_ready?oauth_token=' +
oatoken.key, response['Location'])
# Obtain access token...
request = oauth.OAuthRequest.from_consumer_and_token(
oaconsumer,
token=oatoken,
http_url='http://testserver/oauth/access_token/')
request.sign_request(self.signature_method, oaconsumer, oatoken)
response = self.client.get('/oauth/access_token/', request.parameters)
oa_atoken = oauth.OAuthToken.from_string(response.content)
atoken = Token.objects.get(key=oa_atoken.key, token_type=Token.ACCESS)
self.assertEqual(atoken.secret, oa_atoken.secret)
# save the acces token so we can do oauth requests
self.oa_atoken = oa_atoken
class OAuthTests(MainTests):
signature_method = oauth.OAuthSignatureMethod_HMAC_SHA1()
def setUp(self):
super(OAuthTests, self).setUp()
self.consumer = Consumer(name='Test Consumer',
description='Test',
status='accepted')
self.consumer.generate_random_codes()
self.consumer.save()
def tearDown(self):
super(OAuthTests, self).tearDown()
self.consumer.delete()
def test_handshake(self):
'''Test the OAuth handshake procedure
'''
oaconsumer = oauth.OAuthConsumer(self.consumer.key,
self.consumer.secret)
# Get a request key...
request = oauth.OAuthRequest.from_consumer_and_token(
oaconsumer, http_url='http://testserver/api/oauth/request_token')
request.sign_request(self.signature_method, oaconsumer, None)
response = self.client.get('/api/oauth/request_token',
request.parameters)
oatoken = oauth.OAuthToken.from_string(response.content)
token = Token.objects.get(key=oatoken.key, token_type=Token.REQUEST)
self.assertEqual(token.secret, oatoken.secret)
# Simulate user authentication...
self.failUnless(self.client.login(username='******', password='******'))
request = oauth.OAuthRequest.from_token_and_callback(
token=oatoken,
callback='http://printer.example.com/request_token_ready',
http_url='http://testserver/api/oauth/authorize')
request.sign_request(self.signature_method, oaconsumer, oatoken)
# Request the login page
# TODO: Parse the response to make sure all the fields exist
# response = self.client.get('/api/oauth/authorize', {
# 'oauth_token': oatoken.key,
# 'oauth_callback': 'http://printer.example.com/request_token_ready',
# })
response = self.client.post(
'/api/oauth/authorize', {
'oauth_token':
oatoken.key,
'oauth_callback':
'http://printer.example.com/request_token_ready',
'csrf_signature':
OAuthAuthenticationForm.get_csrf_signature(
settings.SECRET_KEY, oatoken.key),
'authorize_access':
1,
})
# Response should be a redirect...
self.assertEqual(302, response.status_code)
self.assertEqual(
'http://printer.example.com/request_token_ready?oauth_token=' +
oatoken.key, response['Location'])
# Obtain access token...
request = oauth.OAuthRequest.from_consumer_and_token(
oaconsumer,
token=oatoken,
http_url='http://testserver/api/oauth/access_token')
request.sign_request(self.signature_method, oaconsumer, oatoken)
response = self.client.get('/api/oauth/access_token',
request.parameters)
oa_atoken = oauth.OAuthToken.from_string(response.content)
atoken = Token.objects.get(key=oa_atoken.key, token_type=Token.ACCESS)
self.assertEqual(atoken.secret, oa_atoken.secret)
def setUp(self):
self.consumer = Consumer()
self.consumer.name = "Piston Test Consumer"
self.consumer.description = "A test consumer for Piston."
self.consumer.user = User.objects.get(pk=3)
self.consumer.generate_random_codes()
def setUp(self):
super(OAuthTests, self).setUp()
self.consumer = Consumer(name="Test Consumer", description="Test", status="accepted")
self.consumer.generate_random_codes()
self.consumer.save()
class OAuthTests(MainTests):
signature_method = oauth.OAuthSignatureMethod_HMAC_SHA1()
def setUp(self):
super(OAuthTests, self).setUp()
self.consumer = Consumer(name="Test Consumer", description="Test", status="accepted")
self.consumer.generate_random_codes()
self.consumer.save()
def tearDown(self):
super(OAuthTests, self).tearDown()
self.consumer.delete()
def test_handshake(self):
"""Test the OAuth handshake procedure
"""
oaconsumer = oauth.OAuthConsumer(self.consumer.key, self.consumer.secret)
# Get a request key...
request = oauth.OAuthRequest.from_consumer_and_token(
oaconsumer, http_url="http://testserver/api/oauth/request_token"
)
request.sign_request(self.signature_method, oaconsumer, None)
response = self.client.get("/api/oauth/request_token", request.parameters)
oatoken = oauth.OAuthToken.from_string(response.content)
token = Token.objects.get(key=oatoken.key, token_type=Token.REQUEST)
self.assertEqual(token.secret, oatoken.secret)
# Simulate user authentication...
self.failUnless(self.client.login(username="******", password="******"))
request = oauth.OAuthRequest.from_token_and_callback(
token=oatoken,
callback="http://printer.example.com/request_token_ready",
http_url="http://testserver/api/oauth/authorize",
)
request.sign_request(self.signature_method, oaconsumer, oatoken)
# Request the login page
# TODO: Parse the response to make sure all the fields exist
# response = self.client.get('/api/oauth/authorize', {
# 'oauth_token': oatoken.key,
# 'oauth_callback': 'http://printer.example.com/request_token_ready',
# })
response = self.client.post(
"/api/oauth/authorize",
{
"oauth_token": oatoken.key,
"oauth_callback": "http://printer.example.com/request_token_ready",
"csrf_signature": OAuthAuthenticationForm.get_csrf_signature(settings.SECRET_KEY, oatoken.key),
"authorize_access": 1,
},
)
# Response should be a redirect...
self.assertEqual(302, response.status_code)
self.assertEqual(
"http://printer.example.com/request_token_ready?oauth_token=" + oatoken.key, response["Location"]
)
# Obtain access token...
request = oauth.OAuthRequest.from_consumer_and_token(
oaconsumer, token=oatoken, http_url="http://testserver/api/oauth/access_token"
)
request.sign_request(self.signature_method, oaconsumer, oatoken)
response = self.client.get("/api/oauth/access_token", request.parameters)
oa_atoken = oauth.OAuthToken.from_string(response.content)
atoken = Token.objects.get(key=oa_atoken.key, token_type=Token.ACCESS)
self.assertEqual(atoken.secret, oa_atoken.secret)
def setUp(self):
self.consumer = Consumer()
self.consumer.name = "Piston Test Consumer"
self.consumer.description = "A test consumer for Piston."
self.consumer.user = User.objects.get(pk=3)
self.consumer.generate_random_codes()
class UserTest(TestCase):
"""Tests for users
"""
def setUp(self):
self.user = User.objects.create_user('username', '*****@*****.**',
'userpassword')
self.user.save()
self.client = Client()
self.client.login(username='******', password='******')
self.consumer = Consumer(name=self.user.username,
status='accepted',
user=self.user)
self.consumer.generate_random_codes()
self.consumer.save()
self.token = Token(token_type=Token.ACCESS,
timestamp=time.time(),
is_approved=True,
user=self.user,
consumer=self.consumer)
self.token.generate_random_codes()
self.token.save()
def test_user_profile(self):
profile = self.user.get_profile()
self.assertEqual(profile.in_search, True)
self.assertEqual(profile.is_public, True)
def test_private_profile(self):
response = self.client.get('/user/profile/')
self.assertEqual(response.status_code, 200)
def test_my_public_profile(self):
response = self.client.get('/user/public/%s/' % self.user.username)
self.assertEqual(response.status_code, 200)
def test_public_profile(self):
another_user = User.objects.create_user('another_user',
'*****@*****.**',
'userpassword')
another_user.save()
response = self.client.get('/user/public/%s/' % another_user.username)
self.assertEqual(response.status_code, 200)
profile = another_user.get_profile()
profile.is_public = False
profile.save()
response = self.client.get('/user/public/%s/' % another_user.username)
self.assertEqual(response.status_code, 403)
def test_refresh_access_token(self):
token_key = self.token.key
token_secret = self.token.secret
response = self.client.get('/user/refresh_access_token/')
self.assertEqual(response.status_code, 200)
token = Token.objects.get(user=self.user)
self.assertNotEqual(token.key, token_key)
self.assertNotEqual(token.secret, token_secret)
def test_is_staffStatus(self):
self.user.is_staff = True
self.user.save()
self.user.is_staff = False
self.user.save()
def test_is_activeStatus(self):
self.user.is_active = True
self.user.save()
self.user.is_acive = False
self.user.save()
def test_is_authorize(self):
self.user.is_staff = False
response = self.client.get('/user/users/')
self.assertEqual(response.status_code, 404)
class OAuthTests(APIMainTest):
"""
OAuthTest Does oauth handshake test and gives derived test classes tests the possibility
to do OAuth resource requests.
"""
signature_method = oauth.OAuthSignatureMethod_HMAC_SHA1()
def setUp(self):
super(OAuthTests, self).setUp()
self.consumer = Consumer(name='Test Consumer', description='Test', status='accepted')
self.consumer.generate_random_codes()
self.consumer.save()
self.oa_atoken = None
self.test_handshake()
def tearDown(self):
super(OAuthTests, self).tearDown()
self.consumer.delete()
def do_oauth_request(self, url , parameters = {} , http_method = 'POST' ):
oaconsumer = oauth.OAuthConsumer(self.consumer.key, self.consumer.secret)
request = oauth.OAuthRequest.from_consumer_and_token(
oaconsumer,
http_method=http_method,
token=self.oa_atoken,
http_url='http://testserver%s' % url )
request.parameters.update( parameters )
request.sign_request(self.signature_method, oaconsumer, self.oa_atoken )
if http_method == 'POST':
response = self.client.post( url, request.parameters )
else :
response = self.client.get( url, request.parameters )
return response
def test_handshake(self):
'''Test the OAuth handshake procedure
'''
oaconsumer = oauth.OAuthConsumer(self.consumer.key, self.consumer.secret)
# Get a request key...
request = oauth.OAuthRequest.from_consumer_and_token(oaconsumer,
http_url='http://testserver/oauth/request_token/'
)
request.sign_request(self.signature_method, oaconsumer, None)
response = self.client.get('/oauth/request_token/', request.parameters)
oatoken = oauth.OAuthToken.from_string(response.content)
token = Token.objects.get(key=oatoken.key, token_type=Token.REQUEST)
self.assertEqual(token.secret, oatoken.secret)
# Simulate user authentication...
self.failUnless(self.client.login(username='******', password='******'))
request = oauth.OAuthRequest.from_token_and_callback(token=oatoken,
callback='http://printer.example.com/request_token_ready',
http_url='http://testserver/oauth/authorize/')
request.sign_request(self.signature_method, oaconsumer, oatoken)
# Request the login page
# TODO: Parse the response to make sure all the fields exist
# response = self.client.get('/api/oauth/authorize', {
# 'oauth_token': oatoken.key,
# 'oauth_callback': 'http://printer.example.com/request_token_ready',
# })
response = self.client.post('/oauth/authorize/', {
'oauth_token': oatoken.key,
'oauth_callback': 'http://printer.example.com/request_token_ready',
'csrf_signature': OAuthAuthenticationForm.get_csrf_signature(settings.SECRET_KEY, oatoken.key),
'authorize_access': 1,
})
# Response should be a redirect...
self.assertEqual(302, response.status_code)
self.assertEqual('http://printer.example.com/request_token_ready?oauth_token='+oatoken.key, response['Location'])
# Obtain access token...
request = oauth.OAuthRequest.from_consumer_and_token(oaconsumer, token=oatoken,
http_url='http://testserver/oauth/access_token/')
request.sign_request(self.signature_method, oaconsumer, oatoken)
response = self.client.get('/oauth/access_token/', request.parameters)
oa_atoken = oauth.OAuthToken.from_string(response.content)
atoken = Token.objects.get(key=oa_atoken.key, token_type=Token.ACCESS)
self.assertEqual(atoken.secret, oa_atoken.secret)
# save the acces token so we can do oauth requests
self.oa_atoken = oa_atoken