Exemplo n.º 1
0
 def test_http_services_session_file_save_load(self):
     save_session_data = self.create_and_save_session_data(
         'test_http_services_session_file_save_load')
     load_session_data = CO.HttpServices()
     load_session_data.load_httpd_session()
     self.assertSessionDataEqual(save_session_data, 'saved',
                                 load_session_data, 'loaded')
Exemplo n.º 2
0
def redirect_client_start():
    """
    This function implements the C{start()} portion of the Dropbox OAuth redirect flow.

    It passes the necessary parameters to dropbox C{start()} and returns the generated URL to the caller.
    """
    logger.debug('starting Dropbox authorisation (redirect mode)')
    logger.debug(
        'creating DropboxOAuth2Flow client for app "{app_name}" with key "{key}" and secret "{secret}"'
        .format(app_name=CO.AppData.APP_NAME,
                key=CO.AppData.APP_KEY,
                secret=CO.AppData.APP_SECRET))
    httpd_services = CO.HttpServices()

    # EXERCISE:
    #  - create an OAuth redirect object (the class is DropboxOAuth2Flow)
    #    hint: get the app key and secret from CO.AppData
    #    hint: get the finish URL from the httpd_services object
    #    hint: the CSRF session variable is httpd_services.httpd_session
    #    hint: the CSRF session key is httpd_services.OAUTH_CSRF_SESSION_KEY
    #  - start the dropbox OAuth redirect workflow by calling start()
    #  - save the returned redirect URL in authorise_url
    # TODO ==> INSERT CODE HERE <==

    logger.info(
        'Dropbox authorisation start successful, authorisation URL="{url}"'.
        format(url=authorise_url))
    logger.debug('CSRF token="{token}", HTTP session is "{session}"'.format(
        token=httpd_services.httpd_session[
            httpd_services.OAUTH_CSRF_SESSION_KEY],
        session=str(httpd_services.httpd_session)))
    httpd_services.save_httpd_session()
    return DropboxStatus(301, redirect_url=authorise_url)
Exemplo n.º 3
0
    def do_GET(self):
        """Process an HTTP GET"""

        logger.info('do_GET: request is "%s"' % (self.path,))
        http_services = CO.HttpServices()
        http_services.save_latest_url(self.path)
        try:
            parsed_url = urlparse(self.path) # this is a named tuple
            logger.debug('do_GET: parsed URL is %s' % (str(parsed_url),))
            # this code turns the query into a dict of the form 'query_param' : 'query_value'
            query_dict = { query_param[0]: query_param[1][0] for query_param in parse_qs(parsed_url.query).items() }
            logger.debug('do_GET: query dict is %s' % (str(query_dict),))

            if parsed_url.path.endswith(http_services.OAUTH_FINISH_PAGE):
                logger.debug('do_GET.finish-handler: path is "{path}", query is "{query}"'.format(
                    path=self.path, query=query_dict))
                dropbox_status = DW.httpd_handle_finish_and_save(self.path, query_dict)
                logger.info('do_GET.start-handler: dropbox finish() successfully handled')
                self.handle_dropbox_status(dropbox_status)

            elif parsed_url.path.endswith('favicon.ico'):
                logger.info('do_GET: /favicon.ico (not found)')
                self.send_error(404, 'Not Found')

            elif parsed_url.path.endswith('home'):
                logger.info('do_GET: /home (send home page)')
                self.send_http_header()
                self.send_html_content(self.home_page_body())

            elif parsed_url.path.startswith('/doc/'):
                logger.info('do_GET: /doc (script documentation), path is %s')
                if (parsed_url.path == '/doc/'):
                    logger.debug('do_GET: invalid documentation URL %s, redirecting', parsed_url.path)
                    self.send_http_header('/home')
                else:
                    module_path = parsed_url.path.split('/')
                    module_file = module_path[2]
                    file_type = module_file.split('.')[1]
                    logger.debug('do_GET: module path is %s, module file is %s', str(module_path), module_file)
                    self.send_http_header()
                    # with file('{demodir}/doc/{module_file}'.format(
                           #  demodir=CO.DEMO_DIRECTORY, module_file=module_file)) as f:
                    with file(os.path.join(CO.DOC_DIRECTORY, module_file)) as f:
                        file_content = f.read()
                    if file_type == 'txt':
                        file_content = '<html><head><title>BCS SPA 2014 OAuth Demo</title><body><pre>%s</pre></body></html> ' % (file_content)
                    self.wfile.write(file_content)

            else:
                logger.info('do_GET: unsupported request {request}'.format(request=self.path))
                self.send_error(404, 'unsupported request {request}'.format(request=self.path))

        except IOError:
            logger.info('do_GET: internal server error (request={request})'.format(request=self.path))
            self.send_error(500, 'internal server error (request={request})'.format(request=self.path))
Exemplo n.º 4
0
 def setUp(self):
     """unit test fixture - setup"""
     CO.logger.setLevel(logging.CRITICAL)
     self.delete_oauth_files()
     TestCommonOauth.http_services = CO.HttpServices()
Exemplo n.º 5
0
# @see http://docs.python.org/2/library/unittest.html
# use @unittest.skip("not yet written") to skip a test

import logging
from mock import Mock
import types
import urllib

import unittest

from common_test import *

# module under test
import common_oauth as CO

http_services = CO.HttpServices()


class TestCommonOauth(CustomAssertions):
    def delete_oauth_files(self):
        for datafile in [
                CO.AccessData.ACCESS_TOKEN_FILE,
                http_services.HTTPD_SESSION_FILE,
                http_services.HTTPD_SESSION_FILE_EXPIRED,
                http_services.HTTPD_LATEST_URL_FILE
        ]:
            delete_file(datafile)

    def create_and_save_access_data(self, test_name):
        save_access_data = CO.AccessData('TEST %s' % (test_name))
        save_access_data.access_token = 'TOKEN %s' % (test_name)
Exemplo n.º 6
0
def httpd_handle_finish_and_save(request_path, query_dict):
    """
    This httpd handler implements the finish() portion of the Dropbox OAuth server (redirect) flow.

    It calls Dropbox C{finish()} to finish the Oauth workflow.
    It then saves the access token returned by C{finish()} and creates some sample files in the Dropbox app folder.
    """
    httpd_services = CO.HttpServices()
    httpd_services.load_httpd_session()
    logger.debug(
        'finishing Dropbox authorisation (redirect mode), URL query="%s"' %
        (str(query_dict), ))

    # EXERCISE:
    #  - create an OAuth no-redirect object (as you did for redirect_client_start)
    #    hint: get the app key and secret from CO.AppData
    # SPA14_OAUTH_START
    logger.debug(
        'creating DropboxOAuth2Flow client for app "{app_name}" with key "{key}" and secret "{secret}"'
        .format(app_name=CO.AppData.APP_NAME,
                key=CO.AppData.APP_KEY,
                secret=CO.AppData.APP_SECRET))
    redirect_client = dropbox.client.DropboxOAuth2Flow(
        CO.AppData.APP_KEY, CO.AppData.APP_SECRET,
        httpd_services.OAUTH_FINISH_URL, httpd_services.httpd_session,
        httpd_services.OAUTH_CSRF_SESSION_KEY)
    logger.debug(
        'created DropboxOAuth2Flow client, running finish() to generate Dropbox access token'
    )
    # SPA14_OAUTH_FINISH

    try:
        # EXERCISE:
        #  - finish the dropbox OAuth no-redirect workflow by calling finish()
        #    (pass it the URL query dict{} that was used in the redirect to the HTTP server)
        #  - store the returned access token and user id in a CO.AccessData() object
        #  - (this demo ignores the "URL state" variable)
        # SPA14_OAUTH_START
        access_data = CO.AccessData(
            'created using Python dropbox.client.DropboxOAuth2Flow()')
        access_data.access_token, access_data.user_id, url_state = redirect_client.finish(
            query_dict)
        # SPA14_OAUTH_FINISH

        httpd_services.expire_httpd_session()
        logger.info(
            'Dropbox authorisation finish successful, access token="{access_token}", user id="{user_id}"'
            .format(access_token=access_data.access_token,
                    user_id=access_data.user_id))
        access_data.save()
        db_create_sample_files()
        return DropboxStatus(
            200,
            '<h1>Congratulations!</h1><p>The Dropbox access token was created successfully.<p>You may return to your client.'
        )
    except dropbox.client.DropboxOAuth2Flow.BadRequestException as e:
        logger.error('do_GET.finish-handler: 400 bad request "%s"' %
                     (request_path, ))
        httpd_services.expire_httpd_session()
        return DropboxStatus(400, 'Bad Request')
    except dropbox.client.DropboxOAuth2Flow.BadStateException as e:
        logger.error('do_GET.finish-handler: bad state, request="%s"' %
                     (request_path, ))
        httpd_services.expire_httpd_session()
        return DropboxStatus(301, redirect_url=OAUTH_START_URL)
    except dropbox.client.DropboxOAuth2Flow.CsrfException as e:
        logger.error(
            'do_GET.finish-handler: 403 missing CSRF token, request="%s"' %
            (request_path, ))
        httpd_services.expire_httpd_session()
        return DropboxStatus(403, 'Forbidden')
    except dropbox.client.DropboxOAuth2Flow.NotApprovedException as e:
        logger.error(
            'do_GET.finish-handler: user did not approve, request="%s"' %
            (request_path, ))
        httpd_services.expire_httpd_session()
        return DropboxStatus(301, redirect_url=OAUTH_START_URL)
    except dropbox.client.DropboxOAuth2Flow.ProviderException as e:
        logger.error(
            'do_GET.finish-handler: 403 Dropbox authorisation error %s, request="%s"'
            % (e, path))
        httpd_services.expire_httpd_session()
        return DropboxStatus(403, 'Forbidden')