def test_handle_no_user(self): """ This is a complex functional/integration test, hitting the following: create_user identifier_from_data create_profile update_profile_from_graph handle_unauthenticated_user login_user persist """ class session_like_obj(dict): # an alternative to http://code.djangoproject.com/ticket/10899 def __init__(self): dict.__init__(self) self['_auth_user_id'] = 'notme' self.flush = lambda: True self.set_expiry = Mock() pseudo_session = session_like_obj() self.request.session = pseudo_session callback = DefaultFacebookCallback() user_data = {'name':'new_user','id':'newfacebookid'} resp = callback.handle_no_user(self.request, self.access, self.token, user_data) ident = callback.identifier_from_data(user_data) expected_user = User.objects.get(username=ident) # was the expected user created and returned self.assertEquals(resp,expected_user) # was the set_expiry method called on the session # could check expected date also self.assertTrue(pseudo_session.set_expiry.called) # check that user data was persisted assoc_obj = UserAssociation.objects.get(identifier=user_data['id']) self.assertEquals(self.token.expires, assoc_obj.expires)
def test_update_profile_from_graph(self): callback = DefaultFacebookCallback() class DummyProfile(object): def __init__(self): self.color = "blue" profile = DummyProfile() ret_p = callback.update_profile_from_graph(self.request, self.access, self.token, profile) self.assertEquals(ret_p.color,'red')
def post(self, request, format=None): #return 200 if user is already authenticated if request.user is not None : logger.debug("mobileauth invoked with user %s on session" % request.user); if request.user.is_authenticated(): logger.debug("mobileauth invoked with authenticated user on session"); return Response(None,status=204); #validate the access token by hitting graph.facebook.com fbAuthToken = request.DATA['access_token']; if fbAuthToken is None: return Response("access_token is missing", status=400); urlStream = urllib.urlopen("https://graph.facebook.com/me?access_token=%s" % fbAuthToken); raw_data = urlStream.read(); fbResponseCode = urlStream.getcode(); if fbResponseCode <> 200: logger.debug("failed to verify access token. response code: %s. message: %s" % (fbResponseCode, raw_data)); return Response("failed to verify access token", status=500); fbResponse = json.loads(raw_data); fbUserId = fbResponse['id']; #let an instance of the LaFacebook default callback handle Django auth lafbCallback = DefaultFacebookCallback() existing_user = lafbCallback.lookup_user(None, None, fbResponse); logger.debug("existing user? %s" % existing_user); if existing_user is None: #create user record access = OAuthAccess() existing_user = lafbCallback.create_user(request._request, access, OAuth20Token(fbAuthToken), fbResponse); else: username = existing_user.username; logger.debug("query for user %s" % username); userObj = User.objects.get(username=username); lafbCallback.login_user(request._request, userObj); #return success & the user id if everything worked response = {}; response['id'] = fbResponse['id']; logger.debug("existing_user %s", existing_user); authUserPk = existing_user.id; response['token'] = Token.objects.get(user=existing_user).key; logger.debug("csrf dict: %s" % csrf.get_token(request)); if existing_user.is_authenticated(): return Response(response, status=200); else: return Response("Authentication failed for %s" % fbUserId, status=500);
def test_fectch_user_data(self): callback = DefaultFacebookCallback() ud = callback.fetch_user_data(self.request, self.access, 'faketoken') self.assertEquals(ud['id'], 'facebookid')
def test_lookup_user_does_not_exist(self): callback = DefaultFacebookCallback() user = callback.lookup_user(self.request, self.access,{'id':'bad-id'}) self.assertEquals(user,None)
def test_lookup_user_exists(self): callback = DefaultFacebookCallback() user = callback.lookup_user(self.request, self.access,{'id':'facebookid'}) self.assertEquals(user, self.test_user)