Exemplo n.º 1
0
def test_profile(requests_mock):
    user_info = {
        'profile_image_url_https': 'http://example.com/foo_normal.jpg',
        'description':
        'this is a biography. see more at https://is.gd/notareallink',
        'entities': {
            'description': {
                'urls': [{
                    'url': 'https://is.gd/notareallink',
                    'expanded_url': 'https://beesbuzz.biz/'
                }]
            }
        },
        'screen_name': 'qwerpoiufojar',
    }

    requests_mock.head('http://example.com/foo_400x400.jpg', status_code=200)

    handler = twitter.Twitter('foo', 'bar')
    profile = handler.build_profile(user_info)
    assert profile == {
        'avatar': 'http://example.com/foo_400x400.jpg',
        'bio': 'this is a biography. see more at https://beesbuzz.biz/',
        'profile_url': 'https://twitter.com/qwerpoiufojar',
    }
Exemplo n.º 2
0
def test_auth_denied(mocker):
    storage = {}
    handler = twitter.Twitter('foo', 'bar', 60, storage)

    # Test gets successful initiation
    mocker.patch("authl.handlers.twitter.OAuth1")
    session_mock = mocker.patch("authl.handlers.twitter.OAuth1Session")

    session_mock().fetch_request_token.return_value = {
        'oauth_token': 'my_token',
        'oauth_token_secret': 'my_secret'
    }

    result = handler.initiate_auth('https://twitter.com/fluffy', 'http://cb',
                                   'redir')

    assert isinstance(result, disposition.Redirect), str(result)
    assert result.url.startswith('https://api.twitter.com')

    args = parse_args(result.url)
    print(result.url)
    assert args['screen_name'] == 'fluffy'
    assert args['oauth_token'] == 'my_token'
    assert 'my_token' in storage

    args['denied'] = args.pop('oauth_token')
    result = handler.check_callback('foo', args, {})
    assert isinstance(result, disposition.Error)
    assert 'authorization declined' in result.message
Exemplo n.º 3
0
def test_auth_success(mocker, requests_mock):
    storage = {}
    handler = twitter.Twitter('foo', 'bar', 60, storage)

    # Test gets successful initiation
    mocker.patch("authl.handlers.twitter.OAuth1")
    session_mock = mocker.patch("authl.handlers.twitter.OAuth1Session")

    session_mock().fetch_request_token.return_value = {
        'oauth_token': 'my_token',
        'oauth_token_secret': 'my_secret'
    }

    result = handler.initiate_auth('https://twitter.com/fakeinput',
                                   'http://cb', 'redir')

    assert isinstance(result, disposition.Redirect), str(result)
    assert result.url.startswith('https://api.twitter.com')

    args = parse_args(result.url)
    print(result.url)
    assert args['screen_name'] == 'fakeinput'
    assert args['oauth_token'] == 'my_token'
    assert 'my_token' in storage

    result = handler.check_callback('foo', {'oauth_token': 'blop'}, {})
    assert isinstance(result, disposition.Error)
    assert 'Invalid transaction' in result.message

    requests_mock.get(
        'https://api.twitter.com/1.1/account/verify_credentials.json?skip_status=1',
        json={
            'screen_name': 'foo',
            'id_str': '12345'
        })
    cleanup = requests_mock.post(
        'https://api.twitter.com/1.1/oauth/invalidate_token.json', text="okay")

    args['oauth_verifier'] = 'verifier'

    result = handler.check_callback('foo', args, {})
    assert isinstance(result, disposition.Verified), str(result)
    assert result.redir == 'redir'
    assert result.identity == 'https://twitter.com/i/user/12345'
    assert result.profile['profile_url'] == 'https://twitter.com/foo'

    # guard against replay attacks
    result = handler.check_callback('foo', args, {})
    assert isinstance(result, disposition.Error), str(result)

    assert cleanup.called
Exemplo n.º 4
0
def test_misconfigured(mocker):
    storage = {}
    handler = twitter.Twitter('foo', 'bar', 60, storage)

    mocker.patch("authl.handlers.twitter.OAuth1")
    session_mock = mocker.patch("authl.handlers.twitter.OAuth1Session")

    session_mock = mocker.patch("authl.handlers.twitter.OAuth1Session")
    session_mock().fetch_request_token.side_effect = ValueError("bad config")

    result = handler.initiate_auth('https://twitter.com/fluffy', 'http://cb', 'failure')
    assert isinstance(result, disposition.Error), str(result)
    assert 'bad config' in result.message
    assert result.redir == 'failure'
Exemplo n.º 5
0
def test_basics():
    handler = twitter.Twitter('foo', 'bar')
    assert handler.service_name == 'Twitter'
    assert handler.url_schemes
    assert 'twitter.com' in handler.description
    assert handler.cb_id == 't'
    assert handler.logo_html[0][1] == 'Twitter'
    assert handler.generic_url

    assert handler.handles_url('twitter.com') == 'https://twitter.com/'
    assert handler.handles_url('twitter.com/fluffy') == 'https://twitter.com/fluffy'
    assert handler.handles_url('twitter.com/@fluffy') == 'https://twitter.com/fluffy'
    assert handler.handles_url(
        'https://twitter.com/fluffy?utm_source=foo') == 'https://twitter.com/fluffy'
    assert not handler.handles_url('https://foo.bar/baz')
Exemplo n.º 6
0
def test_auth_failures(mocker, requests_mock):
    storage = {}
    handler = twitter.Twitter('foo', 'bar', 60, storage)

    mocker.patch("authl.handlers.twitter.OAuth1")
    session_mock = mocker.patch("authl.handlers.twitter.OAuth1Session")

    # Test attempt at authenticating against non-twitter URL
    result = handler.initiate_auth('https://foo.example', 'http://cb', 'redir')
    assert isinstance(result,
                      disposition.Error), "tried to handle non-twitter URL"

    # test timeouts
    session_mock().fetch_request_token.return_value = {
        'oauth_token': 'my_token',
        'oauth_token_secret': 'my_secret'
    }

    mock_time = mocker.patch('time.time')
    mock_time.return_value = 12345
    result = handler.initiate_auth('https://twitter.com/', 'http://cb',
                                   'timeout')
    assert isinstance(result, disposition.Redirect), str(result)
    args = parse_args(result.url)
    args['oauth_verifier'] = 'verifier'

    mock_time.return_value = 12345678
    result = handler.check_callback('foo', args, {})
    assert isinstance(result, disposition.Error), str(result)
    assert 'timed out' in result.message

    # test internal failure
    result = handler.initiate_auth('https://twitter.com/', 'http://cb',
                                   'timeout')
    assert isinstance(result, disposition.Redirect), str(result)
    args = parse_args(result.url)
    args['oauth_verifier'] = 'verifier'

    requests_mock.get(
        'https://api.twitter.com/1.1/account/verify_credentials.json?skip_status=1',
        json=['not a valid response'])
    cleanup = requests_mock.post(
        'https://api.twitter.com/1.1/oauth/invalidate_token.json', text="okay")

    result = handler.check_callback('foo', args, {})
    assert isinstance(result, disposition.Error), str(result)
    assert 'object has no attribute' in result.message, str(result)
    assert cleanup.called