def _getRequestForPersonAndAccountWithDifferentIDs(self):
"""Return a LaunchpadTestRequest with the correct OAuth parameters in
its form.
"""
# Create a lone account followed by an account-with-person just to
# make sure in the second one the ID of the account and the person are
# different.
self.factory.makeAccount('Personless account')
person = self.factory.makePerson()
self.assertNotEqual(person.id, person.account.id)
# Create an access token for our new person.
consumer = getUtility(IOAuthConsumerSet).new(u'test-consumer')
request_token, _ = consumer.newRequestToken()
request_token.review(person,
permission=OAuthPermission.READ_PUBLIC,
context=None)
access_token, access_secret = request_token.createAccessToken()
# Use oauth.OAuthRequest just to generate a dictionary containing all
# the parameters we need to use in a valid OAuth request, using the
# access token we just created for our new person.
oauth_consumer = OAuthConsumer(consumer.key, u'')
oauth_token = OAuthToken(access_token.key, access_secret)
oauth_request = OAuthRequest.from_consumer_and_token(
oauth_consumer, oauth_token)
oauth_request.sign_request(OAuthSignatureMethod_PLAINTEXT(),
oauth_consumer, oauth_token)
return LaunchpadTestRequest(form=oauth_request.parameters)
def test_split_oauth(self):
# OAuth headers are parsed correctly: see bug 314507.
# This was really a bug in the underlying contrib/oauth.py module, but
# it has no standalone test case.
#
# Note that the 'realm' parameter is not returned, because it's not
# included in the OAuth calculations.
headers = OAuthRequest._split_header(
'OAuth realm="foo", oauth_consumer_key="justtesting"')
self.assertEquals(headers, {'oauth_consumer_key': 'justtesting'})
headers = OAuthRequest._split_header(
'OAuth oauth_consumer_key="justtesting"')
self.assertEquals(headers, {'oauth_consumer_key': 'justtesting'})
headers = OAuthRequest._split_header(
'OAuth oauth_consumer_key="justtesting", realm="realm"')
self.assertEquals(headers, {'oauth_consumer_key': 'justtesting'})
def addHeadersTo(self, full_url, full_headers):
if self.consumer is not None and self.access_token is not None:
request = OAuthRequest.from_consumer_and_token(self.consumer, self.access_token, http_url=full_url)
request.sign_request(OAuthSignatureMethod_PLAINTEXT(), self.consumer, self.access_token)
full_headers.update(request.to_header(OAUTH_REALM))
if not self.handle_errors:
full_headers["X_Zope_handle_errors"] = "False"
def _getRequestForPersonAndAccountWithDifferentIDs(self):
"""Return a LaunchpadTestRequest with the correct OAuth parameters in
its form.
"""
# Create a lone account followed by an account-with-person just to
# make sure in the second one the ID of the account and the person are
# different.
self.factory.makeAccount('Personless account')
person = self.factory.makePerson()
self.failIfEqual(person.id, person.account.id)
# Create an access token for our new person.
consumer = getUtility(IOAuthConsumerSet).new('test-consumer')
request_token = consumer.newRequestToken()
request_token.review(
person, permission=OAuthPermission.READ_PUBLIC, context=None)
access_token = request_token.createAccessToken()
# Use oauth.OAuthRequest just to generate a dictionary containing all
# the parameters we need to use in a valid OAuth request, using the
# access token we just created for our new person.
oauth_request = OAuthRequest.from_consumer_and_token(
consumer, access_token)
oauth_request.sign_request(
OAuthSignatureMethod_PLAINTEXT(), consumer, access_token)
return LaunchpadTestRequest(form=oauth_request.parameters)
def test_split_oauth(self):
# OAuth headers are parsed correctly: see bug 314507.
# This was really a bug in the underlying contrib/oauth.py module, but
# it has no standalone test case.
#
# Note that the 'realm' parameter is not returned, because it's not
# included in the OAuth calculations.
headers = OAuthRequest._split_header(
'OAuth realm="foo", oauth_consumer_key="justtesting"')
self.assertEquals(headers,
{'oauth_consumer_key': 'justtesting'})
headers = OAuthRequest._split_header(
'OAuth oauth_consumer_key="justtesting"')
self.assertEquals(headers,
{'oauth_consumer_key': 'justtesting'})
headers = OAuthRequest._split_header(
'OAuth oauth_consumer_key="justtesting", realm="realm"')
self.assertEquals(headers,
{'oauth_consumer_key': 'justtesting'})
def addHeadersTo(self, full_url, full_headers):
if self.consumer is not None and self.access_token is not None:
request = OAuthRequest.from_consumer_and_token(self.consumer,
self.access_token,
http_url=full_url)
request.sign_request(OAuthSignatureMethod_PLAINTEXT(),
self.consumer, self.access_token)
full_headers.update(request.to_header(OAUTH_REALM))
if not self.handle_errors:
full_headers['X_Zope_handle_errors'] = 'False'
def get_oauth_authorization(request):
"""Retrieve OAuth authorization information from a request.
The authorization information may be in the Authorization header,
or it might be in the query string or entity-body.
:return: a dictionary of authorization information.
"""
header = request._auth
if header is not None and header.startswith("OAuth "):
return OAuthRequest._split_header(header)
else:
return request.form
def get_oauth_authorization(request):
"""Retrieve OAuth authorization information from a request.
The authorization information may be in the Authorization header,
or it might be in the query string or entity-body.
:return: a dictionary of authorization information.
"""
header = request._auth
if header is not None and header.startswith("OAuth "):
return OAuthRequest._split_header(header)
else:
return request.form
def get_oauth_authorization(request):
"""Retrieve OAuth authorization information from a request.
The authorization information may be in the Authorization header,
or it might be in the query string or entity-body.
:return: a dictionary of authorization information.
:raises UnicodeDecodeError: If the Authorization header is not valid
UTF-8.
"""
header = request._auth
if header is not None and header.startswith("OAuth "):
# http://oauth.net/core/1.0/#encoding_parameters says "Text names
# and values MUST be encoded as UTF-8 octets before percent-encoding
# them", so we can reasonably fail if this hasn't been done.
return OAuthRequest._split_header(six.ensure_text(header))
else:
return request.form
