def testAttributes(self): """ The arguments passed to C{OAuth2Credentials} should be available as atttributes of the instance. """ credentials = OAuth2Credentials('user', 'pass', 'token') self.assertEqual('user', credentials.consumerKey) self.assertEqual('pass', credentials.consumerPassword) self.assertEqual('token', credentials.token)
def testRequestAvatarIdWithInvalidToken(self): """ L{FacadeOAuth2Checker.requestAvatarId} creates a L{FluidinfoSession} for the authenticated user only if the access token was properly formed (by calling dataToToken). """ user = createUser(u'user', u'pass', u'User', u'*****@*****.**') createOAuthConsumer(user, secret='secret16charlng1') self.store.commit() credentials = OAuth2Credentials(u'user', u'pass', token='xxx') deferred = self.checker.requestAvatarId(credentials) return self.assertFailure(deferred, UnauthorizedLogin)
def testAuthenticateUserWithOAuth2UnknownUsernameInToken(self): """ L{FacadeAuthMixin.authenticateUserWithOAuth2} ignores the case in the consumer key. """ user = createUser(u'user', u'pass', u'User', u'*****@*****.**') oauthConsumer = createOAuthConsumer(user, secret='secret16charlng1') self.store.commit() token = dataToToken(oauthConsumer.secret, {'username': u'unknownUser'}) credentials = OAuth2Credentials(u'user', u'pass', token) deferred = self.facade.authenticateUserWithOAuth2(credentials) return self.assertFailure(deferred, TNoSuchUser)
def testRequestAvatarIdWithTokenMadeFromWrongSecret(self): """ L{FacadeOAuth2Checker.requestAvatarId} creates a L{FluidinfoSession} for the authenticated user only if the access token was created using the consumer's secret. """ user1 = createUser(u'user1', u'pass1', u'User1', u'*****@*****.**') createOAuthConsumer(user1, secret='secret16charlng1') user2 = createUser(u'user2', u'pass2', u'User2', u'*****@*****.**') self.store.commit() token = dataToToken('a' * 16, {'username': user2.username}) credentials = OAuth2Credentials(u'user1', u'pass1', token) deferred = self.checker.requestAvatarId(credentials) return self.assertFailure(deferred, UnauthorizedLogin)
def testAuthenticateUserWithOAuth2UnregisteredConsumer(self): """ L{FacadeAuthMixin.authenticateUserWithOAuth2} raises L{TPasswordIncorrect} if the consumer exists as a Fluidinfo user but is not registered as an OAuth consumer. """ createUser(u'user1', u'pass1', u'User1', u'*****@*****.**') createUser(u'user2', u'pass2', u'User2', u'*****@*****.**') self.store.commit() token = dataToToken('a' * 16, {'username': u'user2'}) credentials = OAuth2Credentials(u'user1', u'pass1', token) deferred = self.facade.authenticateUserWithOAuth2(credentials) return self.assertFailure(deferred, TPasswordIncorrect)
def testAuthenticateOAuth2WithUnknownConsumer(self): """ L{OAuthConsumerAPI.authenticate} raises an L{AuthenticationError} exception if the consumer is not registered. """ UserAPI().create([(u'user1', u'secret1', u'User1', u'*****@*****.**')]) secret = 'a' * 16 oauthEchoSecret = getConfig().get('oauth', 'access-secret') token = dataToToken(oauthEchoSecret + secret, {'user1': 'secret1'}) oauthConsumerAPI = OAuthConsumerAPI() credentials = OAuth2Credentials(u'user1', u'secret1', token) self.assertRaises(AuthenticationError, oauthConsumerAPI.authenticate, credentials)
def testAuthenticateUserWithOAuth2ConsumerPasswordIncorrect(self): """ L{FacadeAuthMixin.authenticateUserWithOAuth2} raises L{TPasswordIncorrect} if the consumer's password is not correct. """ user1 = createUser(u'user1', u'pass1', u'User1', u'*****@*****.**') oauthConsumer1 = createOAuthConsumer(user1, secret='secret16charlng1') user2 = createUser(u'user2', u'pass2', u'User2', u'*****@*****.**') self.store.commit() token = dataToToken(oauthConsumer1.secret, {'username': user2.username}) credentials = OAuth2Credentials(u'user1', u'invalid', token) deferred = self.facade.authenticateUserWithOAuth2(credentials) return self.assertFailure(deferred, TPasswordIncorrect)
def testAuthenticateAnonymousUserWithOAuth2(self): """ L{FacadeAuthMixin.authenticateUserWithOAuth2} should create a L{FluidinfoSession} for the anonymous user. """ anonymous = self.system.users[u'anon'] UserAPI().create([(u'user', u'secret', u'User', u'*****@*****.**')]) user = getUser(u'user') api = OAuthConsumerAPI() api.register(anonymous) token = api.getAccessToken(anonymous, user) self.store.commit() credentials = OAuth2Credentials(u'anon', None, token.encrypt()) session = yield self.facade.authenticateUserWithOAuth2(credentials) self.assertEqual(user.username, session.auth.username) self.assertEqual(user.objectID, session.auth.objectID)
def testAuthenticateOAuth2WithUnknownUser(self): """ L{OAuthConsumerAPI.authenticate} raises a L{UnknownUserError} exception if the user in the L{OAuth2Credentials} token doesn't exist. """ UserAPI().create([(u'user1', u'secret1', u'User1', u'*****@*****.**')]) user1 = getUser(u'user1') oauthConsumerAPI = OAuthConsumerAPI() consumer = oauthConsumerAPI.register(user1, secret='abyOTsAfo9MVN0qz') oauthEchoSecret = getConfig().get('oauth', 'access-secret') token = dataToToken(oauthEchoSecret + consumer.secret, {'username': '******'}) credentials = OAuth2Credentials(u'user1', u'secret1', token) self.assertRaises(UnknownUserError, oauthConsumerAPI.authenticate, credentials)
def testAuthenticateOAuth2(self): """ L{OAuthConsumerAPI.authenticate} returns the L{User} when passed valid L{OAuth2Credentials}. In the case of OAuth Echo, and in the case of this test, a consumer makes a request using a token that grants it access to act on behalf of a particular user. """ UserAPI().create([(u'consumer', u'password', u'Consumer', u'*****@*****.**')]) UserAPI().create([(u'user', u'secret', u'User', u'*****@*****.**')]) consumer = getUser(u'consumer') user = getUser(u'user') api = OAuthConsumerAPI() api.register(consumer, secret='abyOTsAfo9MVN0qz') token = api.getAccessToken(consumer, user) credentials = OAuth2Credentials(u'consumer', u'secret1', token.encrypt()) self.assertIdentical(user, api.authenticate(credentials))
def testRequestAvatarId(self): """ L{FacadeOAuth2Checker.requestAvatarId} creates a L{FluidinfoSession} for the authenticated user only if credentials are correct. """ UserAPI().create([(u'consumer', u'secret', u'Consumer', u'*****@*****.**'), (u'user', u'secret', u'User', u'*****@*****.**')]) consumerUser = getUser(u'consumer') user = getUser(u'user') api = OAuthConsumerAPI() api.register(consumerUser) token = api.getAccessToken(consumerUser, user) self.store.commit() credentials = OAuth2Credentials(u'consumer', 'secret', token.encrypt()) session = yield self.checker.requestAvatarId(credentials) self.assertEqual(user.username, session.auth.username) self.assertEqual(user.objectID, session.auth.objectID)
def testAuthenticateUserWithOAuthWithMixedCaseToken(self): """ L{FacadeAuthMixin.authenticateUserWithOAuth2} ignores case in the username in the token. """ UserAPI().create([ (u'consumer', u'secret', u'Consumer', u'*****@*****.**'), (u'user', u'secret', u'User', u'*****@*****.**')]) consumer = getUser(u'consumer') user = getUser(u'user') api = OAuthConsumerAPI() oauthConsumer = api.register(consumer) token = dataToToken(oauthConsumer.secret, {'username': u'UseR', 'creationTime': '20121228-161823'}) self.store.commit() credentials = OAuth2Credentials(consumer.username, u'secret', token) session = yield self.facade.authenticateUserWithOAuth2(credentials) self.assertEqual(user.username, session.auth.username) self.assertEqual(user.objectID, session.auth.objectID)
def testAuthenticateUserWithOAuth2IgnoresCase(self): """ L{FacadeAuthMixin.authenticateUserWithOAuth2} creates a L{FluidinfoSession} for the authenticated user only if credentials are correct. """ UserAPI().create([ (u'consumer', u'secret', u'Consumer', u'*****@*****.**'), (u'user', u'secret', u'User', u'*****@*****.**')]) consumer = getUser(u'consumer') user = getUser(u'user') api = OAuthConsumerAPI() api.register(consumer) token = api.getAccessToken(consumer, user) self.store.commit() credentials = OAuth2Credentials(u'ConsumeR', u'secret', token.encrypt()) session = yield self.facade.authenticateUserWithOAuth2(credentials) self.assertEqual(user.username, session.auth.username) self.assertEqual(user.objectID, session.auth.objectID)
def testAuthenticateOAuth2WithTokenMadeFromBadOAuthEchoSecret(self): """ L{OAuthConsumerAPI.authenticate} raises an L{AuthenticationError} exception if the token in the L{OAuthCredentials} is invalid because it is not made with our oauthEchoSecret in the key. """ UserAPI().create([(u'user1', u'secret1', u'User1', u'*****@*****.**')]) user1 = getUser(u'user1') UserAPI().create([(u'user2', u'secret2', u'User2', u'*****@*****.**')]) oauthConsumerAPI = OAuthConsumerAPI() consumer = oauthConsumerAPI.register(user1, secret='abyOTsAfo9MVN0qz') oauthEchoSecret = 'x' * 16 token = dataToToken(oauthEchoSecret + consumer.secret, {'username': '******'}) credentials = OAuth2Credentials(u'user1', u'secret1', token) self.assertRaises(AuthenticationError, oauthConsumerAPI.authenticate, credentials)
def testAuthenticateOAuth2WithInvalidToken(self): """ L{OAuthConsumerAPI.authenticate} raises an L{AuthenticationError} exception if the token in the L{OAuthCredentials} is invalid. """ UserAPI().create([(u'user1', u'secret1', u'User1', u'*****@*****.**')]) user1 = getUser(u'user1') # NOTE This second user is not used, but it's created anyway to make # sure that the environment is the same as the other tests, but this # time the test will only fail because of an invalid token. # This is here to avoid regressions. UserAPI().create([(u'user2', u'secret2', u'User2', u'*****@*****.**')]) oauthConsumerAPI = OAuthConsumerAPI() oauthConsumerAPI.register(user1, secret='abyOTsAfo9MVN0qz') token = 'invalid' credentials = OAuth2Credentials(u'user1', u'secret1', token) self.assertRaises(AuthenticationError, oauthConsumerAPI.authenticate, credentials)
def testVerifySignature(self): """ C{OAuth2Credentials}.verifySignature must return C{True}. """ credentials = OAuth2Credentials('user', 'pass', 'token') self.assertEqual(True, credentials.verifySignature())