def testRequestAvatarIdInvalidToken(self):
"""
L{FacadeOAuthChecker.requestAvatarId} creates a
L{FluidinfoSession} for the authenticated user only if
the access token was properly formed (by calling dataToToken).
"""
secret = ''.join(sample(ALPHABET, 16))
user = createUser(u'username', u'password', u'User',
u'*****@*****.**')
createOAuthConsumer(user, secret=secret)
self.store.commit()
timestamp = 1314976811
headers = {'header1': 'foo'}
arguments = 'argument1=bar'
token = 'token'
signature = 'wrong'
nonce = 'nonce'
credentials = OAuthCredentials('fluidinfo.com', user.username, token,
'HMAC-SHA1', signature, timestamp,
nonce, 'GET',
u'https://fluidinfo.com/foo', headers,
arguments)
deferred = self.checker.requestAvatarId(credentials)
return self.assertFailure(deferred, UnauthorizedLogin)
def testCreateOAuthConsumerGeneratesRandomSecret(self):
"""
L{createOAuthConsumer} generates a random secret each time an
L{OAuthConsumer} is created.
"""
user1 = createUser(u'user1', u'secret', u'User1', u'*****@*****.**')
consumer1 = createOAuthConsumer(user1)
user2 = createUser(u'user2', u'secret', u'User2', u'*****@*****.**')
consumer2 = createOAuthConsumer(user2)
self.assertNotEqual(consumer1.secret, consumer2.secret)
def testCreateOAuthConsumerGeneratesRandomSecret(self):
"""
L{createOAuthConsumer} generates a random secret each time an
L{OAuthConsumer} is created.
"""
user1 = createUser(u'user1', u'secret', u'User1', u'*****@*****.**')
consumer1 = createOAuthConsumer(user1)
user2 = createUser(u'user2', u'secret', u'User2', u'*****@*****.**')
consumer2 = createOAuthConsumer(user2)
self.assertNotEqual(consumer1.secret, consumer2.secret)
def testGetOAuthConsumers(self):
"""
L{getOAuthConsumers} returns all L{OAuthConsumer}s in the database
when no filtering options are provided.
"""
user1 = createUser(u'user1', u'secret', u'User1', u'*****@*****.**')
consumer1 = createOAuthConsumer(user1)
user2 = createUser(u'user2', u'secret', u'User2', u'*****@*****.**')
consumer2 = createOAuthConsumer(user2)
self.assertEqual([(user1, consumer1), (user2, consumer2)],
list(getOAuthConsumers().order_by(User.username)))
def testGetOAuthConsumers(self):
"""
L{getOAuthConsumers} returns all L{OAuthConsumer}s in the database
when no filtering options are provided.
"""
user1 = createUser(u'user1', u'secret', u'User1', u'*****@*****.**')
consumer1 = createOAuthConsumer(user1)
user2 = createUser(u'user2', u'secret', u'User2', u'*****@*****.**')
consumer2 = createOAuthConsumer(user2)
self.assertEqual([(user1, consumer1), (user2, consumer2)],
list(getOAuthConsumers().order_by(User.username)))
def testGetOAuthConsumersFilteredByUserID(self):
"""
L{getOAuthConsumers} returns the L{User} and L{OAuthConsumer}
instances that match the specified L{User.id}.
"""
user1 = createUser(u'user1', u'secret', u'User1', u'*****@*****.**')
consumer1 = createOAuthConsumer(user1)
user2 = createUser(u'user2', u'secret', u'User2', u'*****@*****.**')
createOAuthConsumer(user2)
self.assertEqual((user1, consumer1),
getOAuthConsumers(userIDs=[user1.id]).one())
def testGetOAuthConsumersFilteredByUserID(self):
"""
L{getOAuthConsumers} returns the L{User} and L{OAuthConsumer}
instances that match the specified L{User.id}.
"""
user1 = createUser(u'user1', u'secret', u'User1', u'*****@*****.**')
consumer1 = createOAuthConsumer(user1)
user2 = createUser(u'user2', u'secret', u'User2', u'*****@*****.**')
createOAuthConsumer(user2)
self.assertEqual((user1, consumer1),
getOAuthConsumers(userIDs=[user1.id]).one())
def testRequestAvatarIdWithInvalidToken(self):
"""
L{FacadeOAuth2Checker.requestAvatarId} creates a
L{FluidinfoSession} for the authenticated user only if the access
token was properly formed (by calling dataToToken).
"""
user = createUser(u'user', u'pass', u'User', u'*****@*****.**')
createOAuthConsumer(user, secret='secret16charlng1')
self.store.commit()
credentials = OAuth2Credentials(u'user', u'pass', token='xxx')
deferred = self.checker.requestAvatarId(credentials)
return self.assertFailure(deferred, UnauthorizedLogin)
def testRequestAvatarIdWithTokenMadeFromWrongSecret(self):
"""
L{FacadeOAuth2Checker.requestAvatarId} creates a
L{FluidinfoSession} for the authenticated user only if the access
token was created using the consumer's secret.
"""
user1 = createUser(u'user1', u'pass1', u'User1', u'*****@*****.**')
createOAuthConsumer(user1, secret='secret16charlng1')
user2 = createUser(u'user2', u'pass2', u'User2', u'*****@*****.**')
self.store.commit()
token = dataToToken('a' * 16, {'username': user2.username})
credentials = OAuth2Credentials(u'user1', u'pass1', token)
deferred = self.checker.requestAvatarId(credentials)
return self.assertFailure(deferred, UnauthorizedLogin)
def testAuthenticateUserWithOAuthUnknownUsernameInToken(self):
"""
L{FacadeAuthMixin.authenticateUserWithOAuth} raises a
L{TNoSuchUser} exception if the username in the token does
not match an existing L{User}.
"""
user1 = createUser(u'user1', u'pass1', u'User1', u'*****@*****.**')
oauthConsumer1 = createOAuthConsumer(user1, secret='secret16charlng1')
self.store.commit()
timestamp = 1314976811
headers = {'header1': 'foo'}
arguments = 'argument1=bar'
token = dataToToken(oauthConsumer1.secret,
{'username': u'unknownUser'})
signature = '3MNZYSgsGftopjuwv3g2u5Q+MZM='
nonce = 'nonce'
credentials = OAuthCredentials(
'fluidinfo.com', user1.username, token, u'HMAC-SHA1', signature,
timestamp, nonce, 'GET', 'https://fluidinfo.com/foo', headers,
arguments)
deferred = self.facade.authenticateUserWithOAuth(credentials)
return self.assertFailure(deferred, TNoSuchUser)
def register(self, user, secret=None):
"""Register a L{User} (probably an application) as an L{OAuthConsumer}.
@param user: The L{User} to register.
@param secret: Optionally a C{str} with the OAuth consumer secret.
@return: The L{OAuthConsumer} for the specified user.
"""
return createOAuthConsumer(user, secret)
def register(self, user, secret=None):
"""Register a L{User} (probably an application) as an L{OAuthConsumer}.
@param user: The L{User} to register.
@param secret: Optionally a C{str} with the OAuth consumer secret.
@return: The L{OAuthConsumer} for the specified user.
"""
return createOAuthConsumer(user, secret)
def testCreateOAuthConsumerWithCustomSecret(self):
"""
L{createOAuthConsumer} will use a custom secret, when it's provided.
"""
secret = ''.join(sample(ascii_letters + digits, 16))
user = createUser(u'user1', u'secret', u'User1', u'*****@*****.**')
consumer = createOAuthConsumer(user, secret)
self.assertEqual(secret, consumer.secret)
def testCreateOAuthConsumerAddsToStore(self):
"""
L{createOAuthConsumer} adds the new L{OAuthConsumer} to the main
store.
"""
user = createUser(u'user', u'secret', u'User', u'*****@*****.**')
consumer = createOAuthConsumer(user)
self.assertIdentical(consumer, self.store.find(OAuthConsumer).one())
def testCreateOAuthConsumerWithCustomSecret(self):
"""
L{createOAuthConsumer} will use a custom secret, when it's provided.
"""
secret = ''.join(sample(ascii_letters + digits, 16))
user = createUser(u'user1', u'secret', u'User1', u'*****@*****.**')
consumer = createOAuthConsumer(user, secret)
self.assertEqual(secret, consumer.secret)
def testCreateOAuthConsumerAddsToStore(self):
"""
L{createOAuthConsumer} adds the new L{OAuthConsumer} to the main
store.
"""
user = createUser(u'user', u'secret', u'User', u'*****@*****.**')
consumer = createOAuthConsumer(user)
self.assertIdentical(consumer, self.store.find(OAuthConsumer).one())
def testCreateOAuthConsumer(self):
"""
L{createOAuthConsumer} creates a new L{OAuthConsumer} with a secret
for the specified L{User}.
"""
user = createUser(u'username', u'secret', u'User', u'*****@*****.**')
consumer = createOAuthConsumer(user)
self.assertIdentical(user, consumer.user)
self.assertEqual(16, len(consumer.secret))
self.assertNotIdentical(None, consumer.secret)
def testCreateOAuthConsumer(self):
"""
L{createOAuthConsumer} creates a new L{OAuthConsumer} with a secret
for the specified L{User}.
"""
user = createUser(u'username', u'secret', u'User', u'*****@*****.**')
consumer = createOAuthConsumer(user)
self.assertIdentical(user, consumer.user)
self.assertEqual(16, len(consumer.secret))
self.assertNotIdentical(None, consumer.secret)
def testAuthenticateUserWithOAuth2UnknownUsernameInToken(self):
"""
L{FacadeAuthMixin.authenticateUserWithOAuth2} ignores the case in the
consumer key.
"""
user = createUser(u'user', u'pass', u'User', u'*****@*****.**')
oauthConsumer = createOAuthConsumer(user, secret='secret16charlng1')
self.store.commit()
token = dataToToken(oauthConsumer.secret, {'username': u'unknownUser'})
credentials = OAuth2Credentials(u'user', u'pass', token)
deferred = self.facade.authenticateUserWithOAuth2(credentials)
return self.assertFailure(deferred, TNoSuchUser)
def testAuthenticateUserWithOAuth2ConsumerPasswordIncorrect(self):
"""
L{FacadeAuthMixin.authenticateUserWithOAuth2} raises
L{TPasswordIncorrect} if the consumer's password is not correct.
"""
user1 = createUser(u'user1', u'pass1', u'User1', u'*****@*****.**')
oauthConsumer1 = createOAuthConsumer(user1, secret='secret16charlng1')
user2 = createUser(u'user2', u'pass2', u'User2', u'*****@*****.**')
self.store.commit()
token = dataToToken(oauthConsumer1.secret,
{'username': user2.username})
credentials = OAuth2Credentials(u'user1', u'invalid', token)
deferred = self.facade.authenticateUserWithOAuth2(credentials)
return self.assertFailure(deferred, TPasswordIncorrect)
