def test_rsa_sha1_signature(self):
self.prepare_data()
server = self.create_server()
url = '/oauth/token'
self.prepare_temporary_credential(server)
params = [
('oauth_consumer_key', 'client'),
('oauth_token', 'abc'),
('oauth_verifier', 'abc-verifier'),
('oauth_signature_method', 'RSA-SHA1'),
('oauth_timestamp', str(int(time.time()))),
('oauth_nonce', 'rsa-sha1-nonce'),
]
base_string = signature.construct_base_string(
'POST', 'http://testserver/oauth/token', params)
sig = signature.rsa_sha1_signature(base_string,
read_file_path('rsa_private.pem'))
params.append(('oauth_signature', sig))
auth_param = ','.join(['{}="{}"'.format(k, v) for k, v in params])
auth_header = 'OAuth ' + auth_param
request = self.factory.post(url, HTTP_AUTHORIZATION=auth_header)
resp = server.create_token_response(request)
data = decode_response(resp.content)
self.assertIn('oauth_token', data)
# case: invalid signature
self.prepare_temporary_credential(server)
auth_param = auth_param.replace('rsa-sha1-nonce', 'alt-sha1-nonce')
auth_header = 'OAuth ' + auth_param
request = self.factory.post(url, HTTP_AUTHORIZATION=auth_header)
resp = server.create_token_response(request)
data = decode_response(resp.content)
self.assertEqual(data['error'], 'invalid_signature')
def test_hmac_sha1_signature(self):
self.prepare_data()
server = self.create_server()
url = '/oauth/token'
params = [
('oauth_consumer_key', 'client'),
('oauth_token', 'abc'),
('oauth_verifier', 'abc-verifier'),
('oauth_signature_method', 'HMAC-SHA1'),
('oauth_timestamp', str(int(time.time()))),
('oauth_nonce', 'hmac-sha1-nonce'),
]
base_string = signature.construct_base_string(
'POST', 'http://testserver/oauth/token', params)
sig = signature.hmac_sha1_signature(base_string, 'secret',
'abc-secret')
params.append(('oauth_signature', sig))
auth_param = ','.join(['{}="{}"'.format(k, v) for k, v in params])
auth_header = 'OAuth ' + auth_param
# case 1: success
self.prepare_temporary_credential(server)
request = self.factory.post(url, HTTP_AUTHORIZATION=auth_header)
resp = server.create_token_response(request)
data = decode_response(resp.content)
self.assertIn('oauth_token', data)
# case 2: exists nonce
self.prepare_temporary_credential(server)
request = self.factory.post(url, HTTP_AUTHORIZATION=auth_header)
resp = server.create_token_response(request)
data = decode_response(resp.content)
self.assertEqual(data['error'], 'invalid_nonce')
def test_rsa_sha1_signature(self):
self.prepare_data()
url = '/oauth/initiate'
params = [
('oauth_consumer_key', 'client'),
('oauth_callback', 'oob'),
('oauth_signature_method', 'RSA-SHA1'),
('oauth_timestamp', str(int(time.time()))),
('oauth_nonce', 'rsa-sha1-nonce'),
]
base_string = signature.construct_base_string(
'POST', 'http://localhost/oauth/initiate', params)
sig = signature.rsa_sha1_signature(base_string,
read_file_path('rsa_private.pem'))
params.append(('oauth_signature', sig))
auth_param = ','.join(['{}="{}"'.format(k, v) for k, v in params])
auth_header = 'OAuth ' + auth_param
headers = {'Authorization': auth_header}
rv = self.client.post(url, headers=headers)
data = decode_response(rv.data)
self.assertIn('oauth_token', data)
# case: invalid signature
auth_param = auth_param.replace('rsa-sha1-nonce', 'alt-sha1-nonce')
auth_header = 'OAuth ' + auth_param
headers = {'Authorization': auth_header}
rv = self.client.post(url, headers=headers)
data = decode_response(rv.data)
self.assertEqual(data['error'], 'invalid_signature')
def test_hmac_sha1_signature(self):
self.prepare_data()
url = '/oauth/initiate'
params = [
('oauth_consumer_key', 'client'),
('oauth_callback', 'oob'),
('oauth_signature_method', 'HMAC-SHA1'),
('oauth_timestamp', str(int(time.time()))),
('oauth_nonce', 'hmac-sha1-nonce'),
]
base_string = signature.construct_base_string(
'POST', 'http://localhost/oauth/initiate', params)
sig = signature.hmac_sha1_signature(base_string, 'secret', None)
params.append(('oauth_signature', sig))
auth_param = ','.join(['{}="{}"'.format(k, v) for k, v in params])
auth_header = 'OAuth ' + auth_param
headers = {'Authorization': auth_header}
# case 1: success
rv = self.client.post(url, headers=headers)
data = decode_response(rv.data)
self.assertIn('oauth_token', data)
# case 2: exists nonce
rv = self.client.post(url, headers=headers)
data = decode_response(rv.data)
self.assertEqual(data['error'], 'invalid_nonce')
def test_rsa_sha1_signature(self):
self.prepare_data()
handle = self.create_route()
url = '/user'
params = [
('oauth_consumer_key', 'client'),
('oauth_token', 'valid-token'),
('oauth_signature_method', 'RSA-SHA1'),
('oauth_timestamp', str(int(time.time()))),
('oauth_nonce', 'rsa-sha1-nonce'),
]
base_string = signature.construct_base_string(
'GET', 'http://testserver/user', params
)
sig = signature.rsa_sha1_signature(
base_string, read_file_path('rsa_private.pem'))
params.append(('oauth_signature', sig))
auth_param = ','.join(['{}="{}"'.format(k, v) for k, v in params])
auth_header = 'OAuth ' + auth_param
request = self.factory.get(url, HTTP_AUTHORIZATION=auth_header)
resp = handle(request)
data = json.loads(to_unicode(resp.content))
self.assertIn('username', data)
# case: invalid signature
auth_param = auth_param.replace('rsa-sha1-nonce', 'alt-sha1-nonce')
auth_header = 'OAuth ' + auth_param
request = self.factory.get(url, HTTP_AUTHORIZATION=auth_header)
resp = handle(request)
data = json.loads(to_unicode(resp.content))
self.assertEqual(data['error'], 'invalid_signature')
def test_hmac_sha1_signature(self):
self.prepare_data()
handle = self.create_route()
url = '/user'
params = [
('oauth_consumer_key', 'client'),
('oauth_token', 'valid-token'),
('oauth_signature_method', 'HMAC-SHA1'),
('oauth_timestamp', str(int(time.time()))),
('oauth_nonce', 'hmac-sha1-nonce'),
]
base_string = signature.construct_base_string(
'GET', 'http://testserver/user', params
)
sig = signature.hmac_sha1_signature(
base_string, 'secret', 'valid-token-secret')
params.append(('oauth_signature', sig))
auth_param = ','.join(['{}="{}"'.format(k, v) for k, v in params])
auth_header = 'OAuth ' + auth_param
# case 1: success
request = self.factory.get(url, HTTP_AUTHORIZATION=auth_header)
resp = handle(request)
data = json.loads(to_unicode(resp.content))
self.assertIn('username', data)
# case 2: exists nonce
request = self.factory.get(url, HTTP_AUTHORIZATION=auth_header)
resp = handle(request)
data = json.loads(to_unicode(resp.content))
self.assertEqual(data['error'], 'invalid_nonce')