def test_check_realms(self): v = RequestValidator() self.assertFalse(v.check_realms(["foo"])) class FooRealmValidator(RequestValidator): @property def realms(self): return ["foo"] v = FooRealmValidator() self.assertTrue(v.check_realms(["foo"]))
def test_check_realms(self): v = RequestValidator() self.assertFalse(v.check_realms(['foo'])) class FooRealmValidator(RequestValidator): @property def realms(self): return ['foo'] v = FooRealmValidator() self.assertTrue(v.check_realms(['foo']))
def setUp(self): self.validator = MagicMock(wraps=RequestValidator()) self.validator.check_client_key.return_value = True self.validator.check_request_token.return_value = True self.validator.check_verifier.return_value = True self.validator.allowed_signature_methods = ['HMAC-SHA1'] self.validator.get_client_secret.return_value = 'bar' self.validator.get_request_token_secret.return_value = 'secret' self.validator.get_realms.return_value = ['foo'] self.validator.timestamp_lifetime = 600 self.validator.validate_client_key.return_value = True self.validator.validate_request_token.return_value = True self.validator.validate_verifier.return_value = True self.validator.validate_timestamp_and_nonce.return_value = True self.validator.invalidate_request_token.return_value = True self.validator.dummy_client = 'dummy' self.validator.dummy_secret = 'dummy' self.validator.dummy_request_token = 'dummy' self.validator.save_access_token = MagicMock() self.endpoint = AccessTokenEndpoint(self.validator) self.client = Client('foo', client_secret='bar', resource_owner_key='token', resource_owner_secret='secret', verifier='verfier') self.uri, self.headers, self.body = self.client.sign( 'https://i.b/access_token')
def test_oauth_timestamp(self): """Check for a valid UNIX timestamp.""" v = RequestValidator() e = BaseEndpoint(v) # Invalid timestamp length, must be 10 r = e._create_request( 'https://a.b/', 'GET', ('oauth_signature=a&oauth_consumer_key=b&oauth_nonce=c&' 'oauth_version=1.0&oauth_signature_method=RSA-SHA1&' 'oauth_timestamp=123456789'), URLENCODED) self.assertRaises(errors.InvalidRequestError, e._check_mandatory_parameters, r) # Invalid timestamp age, must be younger than 10 minutes r = e._create_request( 'https://a.b/', 'GET', ('oauth_signature=a&oauth_consumer_key=b&oauth_nonce=c&' 'oauth_version=1.0&oauth_signature_method=RSA-SHA1&' 'oauth_timestamp=1234567890'), URLENCODED) self.assertRaises(errors.InvalidRequestError, e._check_mandatory_parameters, r) # Timestamp must be an integer r = e._create_request( 'https://a.b/', 'GET', ('oauth_signature=a&oauth_consumer_key=b&oauth_nonce=c&' 'oauth_version=1.0&oauth_signature_method=RSA-SHA1&' 'oauth_timestamp=123456789a'), URLENCODED) self.assertRaises(errors.InvalidRequestError, e._check_mandatory_parameters, r)
def setUp(self): self.validator = MagicMock(wraps=RequestValidator()) self.validator.verify_request_token.return_value = True self.validator.verify_realms.return_value = True self.validator.get_realms.return_value = ['test'] self.validator.save_verifier = MagicMock() self.endpoint = AuthorizationEndpoint(self.validator) self.uri = 'https://i.b/authorize?oauth_token=foo'
def test_enforce_ssl(self): """Ensure SSL is enforced by default.""" v = RequestValidator() e = BaseEndpoint(v) c = Client('foo') u, h, b = c.sign('http://example.com') r = e._create_request(u, 'GET', b, h) self.assertRaises(errors.InsecureTransportError, e._check_transport_security, r)
def test_mandated_params(self): """Ensure all mandatory params are present.""" v = RequestValidator() e = BaseEndpoint(v) r = e._create_request( 'https://a.b/', 'GET', 'oauth_signature=a&oauth_consumer_key=b&oauth_nonce', URLENCODED) self.assertRaises(errors.InvalidRequestError, e._check_mandatory_parameters, r)
def test_check_length(self): v = RequestValidator() for method in (v.check_client_key, v.check_request_token, v.check_access_token, v.check_nonce, v.check_verifier): for not_valid in ('tooshort', 'invalid?characters!', 'thisclientkeyisalittlebittoolong'): self.assertFalse(method(not_valid)) for valid in ('itsjustaboutlongenough', ): self.assertTrue(method(valid))
def test_case_insensitive_headers(self): """Ensure headers are case-insensitive""" v = RequestValidator() e = BaseEndpoint(v) r = e._create_request( 'https://a.b', 'POST', ('oauth_signature=a&oauth_consumer_key=b&oauth_nonce=c&' 'oauth_version=1.0&oauth_signature_method=RSA-SHA1&' 'oauth_timestamp=123456789a'), URLENCODED) self.assertIsInstance(r.headers, CaseInsensitiveDict)
def test_duplicate_params(self): """Ensure params are only supplied once""" v = RequestValidator() e = BaseEndpoint(v) self.assertRaises(errors.InvalidRequestError, e._create_request, 'https://a.b/?oauth_version=a&oauth_version=b', 'GET', None, URLENCODED) self.assertRaises(errors.InvalidRequestError, e._create_request, 'https://a.b/', 'GET', 'oauth_version=a&oauth_version=b', URLENCODED)
def test_oauth_version(self): """OAuth version must be 1.0 if present.""" v = RequestValidator() e = BaseEndpoint(v) r = e._create_request( 'https://a.b/', 'GET', ('oauth_signature=a&oauth_consumer_key=b&oauth_nonce=c&' 'oauth_timestamp=a&oauth_signature_method=RSA-SHA1&' 'oauth_version=2.0'), URLENCODED) self.assertRaises(errors.InvalidRequestError, e._check_mandatory_parameters, r)
def setUp(self): self.validator = MagicMock(wraps=RequestValidator()) self.validator.check_client_key.return_value = True self.validator.allowed_signature_methods = ['HMAC-SHA1'] self.validator.get_client_secret.return_value = 'bar' self.validator.timestamp_lifetime = 600 self.validator.validate_client_key.return_value = True self.validator.validate_timestamp_and_nonce.return_value = True self.validator.dummy_client = 'dummy' self.validator.dummy_secret = 'dummy' self.endpoint = SignatureOnlyEndpoint(self.validator) self.client = Client('foo', client_secret='bar') self.uri, self.headers, self.body = self.client.sign( 'https://i.b/protected_resource')
def test_multiple_source_params(self): """Check for duplicate params""" v = RequestValidator() e = BaseEndpoint(v) self.assertRaises(errors.InvalidRequestError, e._create_request, 'https://a.b/?oauth_signature_method=HMAC-SHA1', 'GET', 'oauth_version=foo', URLENCODED) headers = {'Authorization': 'OAuth oauth_signature="foo"'} headers.update(URLENCODED) self.assertRaises(errors.InvalidRequestError, e._create_request, 'https://a.b/?oauth_signature_method=HMAC-SHA1', 'GET', 'oauth_version=foo', headers) headers = {'Authorization': 'OAuth oauth_signature_method="foo"'} headers.update(URLENCODED) self.assertRaises(errors.InvalidRequestError, e._create_request, 'https://a.b/', 'GET', 'oauth_signature=foo', headers)
def setUp(self): self.validator = MagicMock(wraps=RequestValidator()) self.validator.check_client_key.return_value = True self.validator.allowed_signature_methods = ['HMAC-SHA1'] self.validator.get_client_secret.return_value = 'bar' self.validator.get_default_realms.return_value = ['foo'] self.validator.timestamp_lifetime = 600 self.validator.check_realms.return_value = True self.validator.validate_client_key.return_value = True self.validator.validate_requested_realms.return_value = True self.validator.validate_redirect_uri.return_value = True self.validator.validate_timestamp_and_nonce.return_value = True self.validator.dummy_client = 'dummy' self.validator.dummy_secret = 'dummy' self.validator.save_request_token = MagicMock() self.endpoint = RequestTokenEndpoint(self.validator) self.client = Client('foo', client_secret='bar', realm='foo', callback_uri='https://c.b/cb') self.uri, self.headers, self.body = self.client.sign( 'https://i.b/request_token')
def test_not_implemented(self): v = RequestValidator() self.assertRaises(NotImplementedError, v.get_client_secret, None, None) self.assertRaises(NotImplementedError, v.get_request_token_secret, None, None, None) self.assertRaises(NotImplementedError, v.get_access_token_secret, None, None, None) self.assertRaises(NotImplementedError, lambda: v.dummy_client) self.assertRaises(NotImplementedError, lambda: v.dummy_request_token) self.assertRaises(NotImplementedError, lambda: v.dummy_access_token) self.assertRaises(NotImplementedError, v.get_rsa_key, None, None) self.assertRaises(NotImplementedError, v.get_default_realms, None, None) self.assertRaises(NotImplementedError, v.get_realms, None, None) self.assertRaises(NotImplementedError, v.get_redirect_uri, None, None) self.assertRaises(NotImplementedError, v.validate_client_key, None, None) self.assertRaises(NotImplementedError, v.validate_access_token, None, None, None) self.assertRaises(NotImplementedError, v.validate_request_token, None, None, None) self.assertRaises(NotImplementedError, v.verify_request_token, None, None) self.assertRaises(NotImplementedError, v.verify_realms, None, None, None) self.assertRaises(NotImplementedError, v.validate_timestamp_and_nonce, None, None, None, None) self.assertRaises(NotImplementedError, v.validate_redirect_uri, None, None, None) self.assertRaises(NotImplementedError, v.validate_realms, None, None, None, None, None) self.assertRaises(NotImplementedError, v.validate_requested_realms, None, None, None) self.assertRaises(NotImplementedError, v.validate_verifier, None, None, None, None) self.assertRaises(NotImplementedError, v.save_access_token, None, None) self.assertRaises(NotImplementedError, v.save_request_token, None, None) self.assertRaises(NotImplementedError, v.save_verifier, None, None, None)
def validator(): return RequestValidator()