def test_handshake(self): """Test the OAuth handshake procedure """ oaconsumer = oauth.OAuthConsumer(self.consumer.key, self.consumer.secret) # Get a request key... request = oauth.OAuthRequest.from_consumer_and_token( oaconsumer, http_url="http://testserver/api/oauth/request_token" ) request.sign_request(self.signature_method, oaconsumer, None) response = self.client.get("/api/oauth/request_token", request.parameters) oatoken = oauth.OAuthToken.from_string(response.content) token = Token.objects.get(key=oatoken.key, token_type=Token.REQUEST) self.assertEqual(token.secret, oatoken.secret) # Simulate user authentication... self.failUnless(self.client.login(username="******", password="******")) request = oauth.OAuthRequest.from_token_and_callback( token=oatoken, callback="http://printer.example.com/request_token_ready", http_url="http://testserver/api/oauth/authorize", ) request.sign_request(self.signature_method, oaconsumer, oatoken) # Request the login page # TODO: Parse the response to make sure all the fields exist # response = self.client.get('/api/oauth/authorize', { # 'oauth_token': oatoken.key, # 'oauth_callback': 'http://printer.example.com/request_token_ready', # }) response = self.client.post( "/api/oauth/authorize", { "oauth_token": oatoken.key, "oauth_callback": "http://printer.example.com/request_token_ready", "csrf_signature": OAuthAuthenticationForm.get_csrf_signature(settings.SECRET_KEY, oatoken.key), "authorize_access": 1, }, ) # Response should be a redirect... self.assertEqual(302, response.status_code) self.assertEqual( "http://printer.example.com/request_token_ready?oauth_token=" + oatoken.key, response["Location"] ) # Obtain access token... request = oauth.OAuthRequest.from_consumer_and_token( oaconsumer, token=oatoken, http_url="http://testserver/api/oauth/access_token" ) request.sign_request(self.signature_method, oaconsumer, oatoken) response = self.client.get("/api/oauth/access_token", request.parameters) oa_atoken = oauth.OAuthToken.from_string(response.content) atoken = Token.objects.get(key=oa_atoken.key, token_type=Token.ACCESS) self.assertEqual(atoken.secret, oa_atoken.secret)
def test_handshake(self): """Test the OAuth handshake procedure """ oaconsumer = oauth.OAuthConsumer(self.consumer.key, self.consumer.secret) # Get a request key... request = oauth.OAuthRequest.from_consumer_and_token( oaconsumer, http_url="http://testserver/api/oauth/request_token" ) request.sign_request(self.signature_method, oaconsumer, None) response = self.client.get("/api/oauth/request_token", request.parameters) oatoken = oauth.OAuthToken.from_string(response.content) token = Token.objects.get(key=oatoken.key, token_type=Token.REQUEST) self.assertEqual(token.secret, oatoken.secret) # Simulate user authentication... self.failUnless(self.client.login(username="******", password="******")) request = oauth.OAuthRequest.from_token_and_callback( token=oatoken, callback="http://printer.example.com/request_token_ready", http_url="http://testserver/api/oauth/authorize", ) request.sign_request(self.signature_method, oaconsumer, oatoken) # Request the login page # TODO: Parse the response to make sure all the fields exist # response = self.client.get('/api/oauth/authorize', { # 'oauth_token': oatoken.key, # 'oauth_callback': 'http://printer.example.com/request_token_ready', # }) # Send request with "Content-type: application/x-www-form-urlencoded" # c.f. http://www.mail-archive.com/[email protected]/msg01556.html response = self.client.post( "/api/oauth/authorize", urlencode( { "oauth_token": oatoken.key, "oauth_callback": "http://printer.example.com/request_token_ready", "csrf_signature": OAuthAuthenticationForm.get_csrf_signature(settings.SECRET_KEY, oatoken.key), "authorize_access": 1, }, doseq=True, ), content_type="application/x-www-form-urlencoded; charset=utf-8", ) # Response should be a redirect... self.assertEqual(302, response.status_code) self.failUnless(response["Location"].startswith("http://printer.example.com/request_token_ready?")) self.failUnless(("oauth_token=" + oatoken.key in response["Location"]))
def test_handshake(self): '''Test the OAuth handshake procedure ''' oaconsumer = oauth.OAuthConsumer(self.consumer.key, self.consumer.secret) # Get a request key... request = oauth.OAuthRequest.from_consumer_and_token(oaconsumer, http_url='http://testserver/oauth/request_token/' ) request.sign_request(self.signature_method, oaconsumer, None) response = self.client.get('/oauth/request_token/', request.parameters) oatoken = oauth.OAuthToken.from_string(response.content) token = Token.objects.get(key=oatoken.key, token_type=Token.REQUEST) self.assertEqual(token.secret, oatoken.secret) # Simulate user authentication... self.failUnless(self.client.login(username='******', password='******')) request = oauth.OAuthRequest.from_token_and_callback(token=oatoken, callback='http://printer.example.com/request_token_ready', http_url='http://testserver/oauth/authorize/') request.sign_request(self.signature_method, oaconsumer, oatoken) # Request the login page # TODO: Parse the response to make sure all the fields exist # response = self.client.get('/api/oauth/authorize', { # 'oauth_token': oatoken.key, # 'oauth_callback': 'http://printer.example.com/request_token_ready', # }) response = self.client.post('/oauth/authorize/', { 'oauth_token': oatoken.key, 'oauth_callback': 'http://printer.example.com/request_token_ready', 'csrf_signature': OAuthAuthenticationForm.get_csrf_signature(settings.SECRET_KEY, oatoken.key), 'authorize_access': 1, }) # Response should be a redirect... self.assertEqual(302, response.status_code) self.assertEqual('http://printer.example.com/request_token_ready?oauth_token='+oatoken.key, response['Location']) # Obtain access token... request = oauth.OAuthRequest.from_consumer_and_token(oaconsumer, token=oatoken, http_url='http://testserver/oauth/access_token/') request.sign_request(self.signature_method, oaconsumer, oatoken) response = self.client.get('/oauth/access_token/', request.parameters) oa_atoken = oauth.OAuthToken.from_string(response.content) atoken = Token.objects.get(key=oa_atoken.key, token_type=Token.ACCESS) self.assertEqual(atoken.secret, oa_atoken.secret) # save the acces token so we can do oauth requests self.oa_atoken = oa_atoken
def oauth_auth_view(request, token, callback, params): form = OAuthAuthenticationForm( initial={ 'oauth_token': token.key, 'oauth_callback': callback, # 'oauth_callback': token.get_callback_url() or callback, # XXX changed }) return render('authorize_token.html', { 'form': form, 'apiconsumers': True, }, context_instance=RequestContext(request))
def test_handshake(self): '''Test the OAuth handshake procedure ''' oaconsumer = oauth.OAuthConsumer(self.consumer.key, self.consumer.secret) # Get a request key... request = oauth.OAuthRequest.from_consumer_and_token( oaconsumer, http_url='http://testserver/api/oauth/request_token') request.sign_request(self.signature_method, oaconsumer, None) response = self.client.get('/api/oauth/request_token', request.parameters) oatoken = oauth.OAuthToken.from_string(response.content) token = Token.objects.get(key=oatoken.key, token_type=Token.REQUEST) self.assertEqual(token.secret, oatoken.secret) # Simulate user authentication... self.failUnless(self.client.login(username='******', password='******')) request = oauth.OAuthRequest.from_token_and_callback( token=oatoken, callback='http://printer.example.com/request_token_ready', http_url='http://testserver/api/oauth/authorize') request.sign_request(self.signature_method, oaconsumer, oatoken) # Request the login page # TODO: Parse the response to make sure all the fields exist # response = self.client.get('/api/oauth/authorize', { # 'oauth_token': oatoken.key, # 'oauth_callback': 'http://printer.example.com/request_token_ready', # }) response = self.client.post( '/api/oauth/authorize', { 'oauth_token': oatoken.key, 'oauth_callback': 'http://printer.example.com/request_token_ready', 'csrf_signature': OAuthAuthenticationForm.get_csrf_signature( settings.SECRET_KEY, oatoken.key), 'authorize_access': 1, }) # Response should be a redirect... self.assertEqual(302, response.status_code) self.failUnless(response['Location'].startswith( "http://printer.example.com/request_token_ready?")) self.failUnless(('oauth_token=' + oatoken.key in response['Location']))
def handshake(self, ssl=False): '''Test the OAuth handshake procedure ''' oaconsumer = oauth.OAuthConsumer(self.consumer.key, self.consumer.secret) # Get a request key... request = oauth.OAuthRequest.from_consumer_and_token( oaconsumer, http_url='http://testserver/api/oauth/request_token') request.sign_request(self.signature_method, oaconsumer, None) response = self.client.get('/api/oauth/request_token', request.parameters) oatoken = oauth.OAuthToken.from_string(response.content) token = Token.objects.get(key=oatoken.key, token_type=Token.REQUEST) self.assertEqual(token.secret, oatoken.secret) # Simulate user authentication... self.failUnless(self.client.login(username='******', password='******')) request = oauth.OAuthRequest.from_token_and_callback( token=oatoken, callback='http://printer.example.com/request_token_ready', http_url='http://testserver/api/oauth/authorize') request.sign_request(self.signature_method, oaconsumer, oatoken) # Request the login page # TODO: Parse the response to make sure all the fields exist response = self.client.get( '/api/oauth/authorize', { 'oauth_token': oatoken.key, 'oauth_callback': 'http://printer.example.com/request_token_ready', }) response = self.client.post( '/api/oauth/authorize', { 'oauth_token': oatoken.key, 'oauth_callback': 'http://printer.example.com/request_token_ready', 'csrf_signature': OAuthAuthenticationForm.get_csrf_signature( settings.SECRET_KEY, oatoken.key), 'authorize_access': 1, }) redirect_to = response['Location'] query_string = urllib.splitquery(redirect_to)[1] data = dict(cgi.parse_qsl(query_string)) verifier = data['oauth_verifier'] returned_token = data['oauth_token'] # Response should be a redirect... self.assertEqual(302, response.status_code) self.failUnless( redirect_to.startswith( "http://printer.example.com/request_token_ready?")) self.assertEqual(oatoken.key, returned_token) #response = self.client.get(redirect_to) oatoken.set_verifier(verifier) # Obtain access token... protocol = 'http' port = '80' if ssl: protocol = 'https' port = '443' request = oauth.OAuthRequest.from_consumer_and_token( oaconsumer, token=oatoken, verifier=verifier, http_url='%s://testserver:%s/api/oauth/access_token' % (protocol, port)) request.sign_request(self.signature_method, oaconsumer, oatoken) extra = {} if ssl: extra['wsgi.url_scheme'] = 'https' extra['SERVER_PORT'] = '443' response = self.client.get('/api/oauth/access_token', request.parameters, **extra) oa_atoken = oauth.OAuthToken.from_string(response.content) atoken = Token.objects.get(key=oa_atoken.key, token_type=Token.ACCESS) self.assertEqual(atoken.secret, oa_atoken.secret)
def handshake(self, ssl=False): '''Test the OAuth handshake procedure ''' oaconsumer = oauth.OAuthConsumer(self.consumer.key, self.consumer.secret) # Get a request key... request = oauth.OAuthRequest.from_consumer_and_token(oaconsumer, http_url='http://testserver/api/oauth/request_token') request.sign_request(self.signature_method, oaconsumer, None) response = self.client.get('/api/oauth/request_token', request.parameters) oatoken = oauth.OAuthToken.from_string(response.content) token = Token.objects.get(key=oatoken.key, token_type=Token.REQUEST) self.assertEqual(token.secret, oatoken.secret) # Simulate user authentication... self.failUnless(self.client.login(username='******', password='******')) request = oauth.OAuthRequest.from_token_and_callback(token=oatoken, callback='http://printer.example.com/request_token_ready', http_url='http://testserver/api/oauth/authorize') request.sign_request(self.signature_method, oaconsumer, oatoken) # Request the login page # TODO: Parse the response to make sure all the fields exist response = self.client.get('/api/oauth/authorize', { 'oauth_token': oatoken.key, 'oauth_callback': 'http://printer.example.com/request_token_ready', }) response = self.client.post('/api/oauth/authorize', { 'oauth_token': oatoken.key, 'oauth_callback': 'http://printer.example.com/request_token_ready', 'csrf_signature': OAuthAuthenticationForm.get_csrf_signature(settings.SECRET_KEY, oatoken.key), 'authorize_access': 1, }) redirect_to = response['Location'] query_string = urllib.splitquery(redirect_to)[1] data = dict(cgi.parse_qsl(query_string)) verifier = data['oauth_verifier'] returned_token = data['oauth_token'] # Response should be a redirect... self.assertEqual(302, response.status_code) self.failUnless(redirect_to.startswith("http://printer.example.com/request_token_ready?")) self.assertEqual(oatoken.key, returned_token) #response = self.client.get(redirect_to) oatoken.set_verifier(verifier) # Obtain access token... protocol = 'http' port = '80' if ssl: protocol = 'https' port = '443' request = oauth.OAuthRequest.from_consumer_and_token(oaconsumer, token=oatoken, verifier=verifier, http_url='%s://testserver:%s/api/oauth/access_token' % (protocol, port)) request.sign_request(self.signature_method, oaconsumer, oatoken) extra = {} if ssl: extra['wsgi.url_scheme'] = 'https' extra['SERVER_PORT'] = '443' response = self.client.get('/api/oauth/access_token', request.parameters, **extra) oa_atoken = oauth.OAuthToken.from_string(response.content) atoken = Token.objects.get(key=oa_atoken.key, token_type=Token.ACCESS) self.assertEqual(atoken.secret, oa_atoken.secret)