def create_consumer(name, description, owner_userid, admin_contact,
permissions):
"""
Create a new Consumer with all of the info we need recorded. Arguments: (name, description, owner_userid, admin_contact, permissions)
Could be rolled into a form+view in /sysadmin/, but how many could there possibly be?
"""
assert set(permissions) <= set(PERMISSION_OPTIONS.keys(
)), 'Permissions must be chosen from PERMISSION_CHOICES.'
User = get_user_model()
c = Consumer(name=name,
description=description,
status=ACCEPTED,
user=User.objects.get(username=owner_userid),
xauth_allowed=False)
c.generate_random_codes()
c.save()
i = ConsumerInfo(consumer=c)
i.admin_contact = admin_contact
i.permissions = list(permissions)
i.save()
print("Consumer key:", c.key)
print("Consumer secret:", c.secret)
def setUp(self):
self.faketime = 525942870
self.client = Client()
# create a Consumer (and associated stuff)
try:
u = User.objects.get(username='******')
except User.DoesNotExist:
u = User(username='******')
u.save()
try:
c = Consumer.objects.get(name='Test Consumer')
except Consumer.DoesNotExist:
c = Consumer(name='Test Consumer')
c.description = 'Consumer to do some tests with'
c.status = ACCEPTED
c.user = u
c.xauth_allowed = False
c.generate_random_codes()
c.save()
self.consumer = c
i = ConsumerInfo(consumer=c)
i.admin_contact = '*****@*****.**'
i.permissions = ['courses']
i.timestamp = self.faketime - 10 # make sure the ConsumerInfo was there "before" the Token was created
i.save()
self.consumerinfo = i
# create an access token so we can jump in to requests
try:
t = Token.objects.get(token_type=Token.ACCESS, consumer=c, user=u)
except Token.DoesNotExist:
t = Token(token_type=Token.ACCESS,
consumer=c,
user=u,
timestamp=self.faketime)
t.is_approved = True
t.generate_random_codes()
t.verifier = VERIFIER
t.save()
self.token = t
def setUp(self):
self.faketime = 525942870
self.client = Client()
# create a Consumer (and associated stuff)
try:
u = User.objects.get(username='******')
except User.DoesNotExist:
u = User(username='******')
u.save()
try:
c = Consumer.objects.get(name='Test Consumer')
except Consumer.DoesNotExist:
c = Consumer(name='Test Consumer')
c.description = 'Consumer to do some tests with'
c.status = ACCEPTED
c.user = u
c.xauth_allowed = False
c.generate_random_codes()
c.save()
self.consumer = c
i = ConsumerInfo(consumer=c)
i.admin_contact = '*****@*****.**'
i.permissions = ['courses']
i.timestamp = self.faketime - 10 # make sure the ConsumerInfo was there "before" the Token was created
i.save()
self.consumerinfo = i
# create an access token so we can jump in to requests
try:
t = Token.objects.get(token_type=Token.ACCESS, consumer=c, user=u)
except Token.DoesNotExist:
t = Token(token_type=Token.ACCESS, consumer=c, user=u, timestamp=self.faketime)
t.is_approved = True
t.generate_random_codes()
t.verifier = VERIFIER
t.save()
self.token = t
def create_consumer(name, description, owner_userid, admin_contact, permissions):
"""
Create a new Consumer with all of the info we need recorded. Arguments: (name, description, owner_userid, admin_contact, permissions)
Could be rolled into a form+view in /sysadmin/, but how many could there possibly be?
"""
assert set(permissions) <= set(PERMISSION_OPTIONS.keys()), 'Permissions must be chosen from PERMISSION_CHOICES.'
User = get_user_model()
c = Consumer(name=name, description=description, status=ACCEPTED,
user=User.objects.get(username=owner_userid), xauth_allowed=False)
c.generate_random_codes()
c.save()
i = ConsumerInfo(consumer=c)
i.admin_contact = admin_contact
i.permissions = list(permissions)
i.save()
print("Consumer key:", c.key)
print("Consumer secret:", c.secret)
def test_oauth_workflow(self):
request_token_url = 'http://testserver' + reverse(
'api:oauth_request_token')
authorize_token_url = 'http://testserver' + reverse(
'api:oauth_user_authorization')
# create consumer for tests
c = Client()
c.login_user('ggbaker')
c.logout()
consumer = Consumer(name='Test Consumer',
description='Consumer to do some tests with',
status=ACCEPTED,
user=User.objects.get(username='******'),
xauth_allowed=False)
consumer.generate_random_codes()
consumer.save()
ci = ConsumerInfo(consumer=consumer)
ci.admin_contact = '*****@*****.**'
ci.permissions = ['courses', 'grades']
ci.save()
# generate request token
oauth_request = oauth.Request.from_consumer_and_token(
consumer,
http_url=request_token_url,
parameters={'oauth_callback': 'oob'})
oauth_request.sign_request(oauth.SignatureMethod_HMAC_SHA1(), consumer,
None)
resp = c.get(request_token_url, **oauth_request.to_header())
self.assertEqual(resp.status_code, 200)
request_token = dict(
urllib.parse.parse_qsl(resp.content.decode('utf8')))
# get auth verifier
c.login_user('ggbaker')
resp = c.get(authorize_token_url,
{'oauth_token': request_token['oauth_token']})
self.assertEqual(resp.status_code, 200)
resp = c.post(authorize_token_url, {
'oauth_token': request_token['oauth_token'],
'authorize_access': 'on'
})
self.assertEqual(resp.status_code, 200)
parser = etree.HTMLParser()
root = etree.fromstring(resp.content, parser=parser)
verifier_elt = root.xpath('//*[@id="verifier"]')[0]
oauth_verifier = verifier_elt.text.strip()
c.logout()
# get access token
token = oauth.Token(request_token['oauth_token'],
request_token['oauth_token_secret'])
token.set_verifier(oauth_verifier)
oauth_request = oauth.Request.from_consumer_and_token(
consumer, token, http_url=authorize_token_url)
oauth_request.sign_request(oauth.SignatureMethod_HMAC_SHA1(), consumer,
token)
resp = c.get(authorize_token_url, **oauth_request.to_header())
