def setUp(self):
super(OAuthServerTest, self).setUp()
# Credentials
self.user = User.objects.get(pk=1)
# Object to test on
self.clientcredentials = ClientCredential.objects.get(pk=1)
self.oauthserver = OAuthServer()
def setUp(self):
super(OAuthServerTest, self).setUp()
# Credentials
self.username = '******'
self.password = '******'
self.user = User.objects.create_user(
self.username, '*****@*****.**', self.password)
# Object to test on
self.clientcredentials = ClientCredential.objects.get(pk=1)
self.oauthserver = OAuthServer()
def temporary_credentials_request(request):
if request.META['HTTP_AUTHORIZATION']:
t = 'Auth present'
else:
t = 'missing'
# response = urlencode({
# 'realm': 1,
# 'oauth_consumer_key': 2,
# 'oauth_signature_method': 3,
# 'oauth_timestamp': 4,
# 'oauth_nonce': 5,
# 'oauth_callback': 6,
# 'oauth_signature': 7
# })
authorized = OAuthServer.verify_request(
request.build_absolute_uri(),
request.method,
request.body,
request.META,
require_resource_owner=False
)
# authorized = OAuthServer.verify_request(
# uri,
# http_method,
# body,
# headers,
# require_resource_owner=False
# )
# response = urlencode({
# 'oauth_token': 1,
# 'oauth_token_secret': 2,
# 'oauth_callback_confirmed': 'true'
# })
#response = "%s %s" % request.META['Authorization'],
# request.META['QUERY_STRING']
response = "%s" % t
return HttpResponse(response)
class OAuthServerTest(TestCase):
fixtures = ['test_entries.json']
def setUp(self):
super(OAuthServerTest, self).setUp()
# Credentials
self.username = '******'
self.password = '******'
self.user = User.objects.create_user(
self.username, '*****@*****.**', self.password)
# Object to test on
self.clientcredentials = ClientCredential.objects.get(pk=1)
self.oauthserver = OAuthServer()
# Nose setting for long diffs
#self.maxDiff = None
def test_validate_timestamp_and_nonce(self):
self.nonce = Nonce.objects.get(pk=1)
#Credentials already used
self.assertFalse(self.oauthserver.validate_timestamp_and_nonce(
self.clientcredentials.key, self.nonce.timestamp,
self.nonce.nonce))
#New timestamp
self.assertEquals(
self.oauthserver.validate_timestamp_and_nonce(
self.clientcredentials.key, 987654322,
self.nonce.nonce),
(self.clientcredentials.key, 987654322,
self.nonce.nonce, None))
#New nonce
self.assertEquals(
self.oauthserver.validate_timestamp_and_nonce(
self.clientcredentials.key,
self.nonce.timestamp, 'abc'),
(self.clientcredentials.key, self.nonce.timestamp,
'abc', None))
#Incorrect client key
self.assertFalse(self.oauthserver.validate_timestamp_and_nonce(
'm7UQ0_n8M0vUNmdwCgQ4kMCRAfO5A7l6pN4QEOePAE4=',
self.nonce.timestamp, self.nonce.nonce))
def test_validate_timestamp_and_nonce_request_token(self):
self.nonce_request_token = Nonce.objects.get(pk=2)
#Credentials already used
self.assertFalse(self.oauthserver.validate_timestamp_and_nonce(
self.clientcredentials.key,
self.nonce_request_token.timestamp,
self.nonce_request_token.nonce,
self.nonce_request_token.request_token))
#New timestamp
self.assertEquals(self.oauthserver.validate_timestamp_and_nonce(
self.clientcredentials.key, 987654322,
self.nonce_request_token.nonce,
self.nonce_request_token.request_token),
(self.clientcredentials.key, 987654322,
self.nonce_request_token.nonce,
self.nonce_request_token.request_token))
self.assertNotEquals(self.oauthserver.validate_timestamp_and_nonce(
self.clientcredentials.key, 987654323,
self.nonce_request_token.nonce,
self.nonce_request_token.request_token),
(self.clientcredentials.key, 987654323,
self.nonce_request_token.nonce, None))
#New nonce
self.assertEquals(self.oauthserver.validate_timestamp_and_nonce(
self.clientcredentials.key,
self.nonce_request_token.timestamp,
'abc', self.nonce_request_token.request_token),
(self.clientcredentials.key,
self.nonce_request_token.timestamp,
'abc', self.nonce_request_token.request_token))
self.assertNotEquals(self.oauthserver.validate_timestamp_and_nonce(
self.clientcredentials.key,
self.nonce_request_token.timestamp,
'abc', self.nonce_request_token.request_token),
(self.clientcredentials.key,
self.nonce_request_token.timestamp,
'abc', None))
#Incorrect client key
self.assertFalse(self.oauthserver.validate_timestamp_and_nonce(
'm7UQ0_n8M0vUNmdwCgQ4kMCRAfO5A7l6pN4QEOePAE4=',
self.nonce_request_token.timestamp,
self.nonce_request_token.nonce,
self.nonce_request_token.request_token))
def test_validate_timestamp_and_nonce_access_token(self):
self.nonce_access_token = Nonce.objects.get(pk=3)
#Credentials already used
self.assertFalse(self.oauthserver.validate_timestamp_and_nonce(
self.clientcredentials.key,
self.nonce_access_token.timestamp,
self.nonce_access_token.nonce,
None, self.nonce_access_token.access_token))
#New timestamp
self.assertEquals(self.oauthserver.validate_timestamp_and_nonce(
self.clientcredentials.key, 987654322,
self.nonce_access_token.nonce, None,
self.nonce_access_token.access_token),
(self.clientcredentials.key, 987654322,
self.nonce_access_token.nonce,
self.nonce_access_token.access_token))
self.assertNotEquals(self.oauthserver.validate_timestamp_and_nonce(
self.clientcredentials.key, 987654323,
self.nonce_access_token.nonce, None,
self.nonce_access_token.access_token),
(self.clientcredentials.key, 987654323,
self.nonce_access_token.nonce, None))
#New nonce
self.assertEquals(self.oauthserver.validate_timestamp_and_nonce(
self.clientcredentials.key,
self.nonce_access_token.timestamp,
'abc', None, self.nonce_access_token.access_token),
(self.clientcredentials.key,
self.nonce_access_token.timestamp,
'abc', self.nonce_access_token.access_token))
self.assertNotEquals(self.oauthserver.validate_timestamp_and_nonce(
self.clientcredentials.key,
self.nonce_access_token.timestamp,
'abc', None,
self.nonce_access_token.access_token),
(self.clientcredentials.key,
self.nonce_access_token.timestamp,
'abc', None))
#Incorrect client key
self.assertFalse(self.oauthserver.validate_timestamp_and_nonce(
'm7UQ0_n8M0vUNmdwCgQ4kMCRAfO5A7l6pN4QEOePAE4=',
self.nonce_access_token.timestamp,
self.nonce_access_token.nonce,
None, self.nonce_access_token.access_token))
def test_validate_client_key(self):
self.assertEquals(
self.oauthserver.validate_client_key(self.clientcredentials.key),
self.clientcredentials.key)
self.assertFalse(self.oauthserver.validate_client_key('notavalidkey'))
def test_validate_request_token(self):
self.token = Token.objects.get(pk=1)
self.assertTrue(
self.oauthserver.validate_request_token(
self.clientcredentials.key, self.token.key))
self.assertFalse(
self.oauthserver.validate_request_token(
'mdwCgQ4kMCRAfO5A7l6pN4QEOePAE4=', self.token.key))
self.assertFalse(
self.oauthserver.validate_request_token(
self.clientcredentials.key, 'm7UQ0_n8M0vUNmd'))
def test_validate_access_token(self):
self.token = Token.objects.get(pk=2)
self.assertTrue(
self.oauthserver.validate_access_token(
self.clientcredentials.key, self.token.key))
self.assertFalse(
self.oauthserver.validate_access_token(
'mdwCgQ4kMCRAfO5A7l6pN4QEOePAE4=', self.token.key))
self.assertFalse(
self.oauthserver.validate_access_token(
self.clientcredentials.key, 'm7UQ0_n8M0vUNmd'))
def test_validate_redirect_uri(self):
self.assertTrue(
self.oauthserver.validate_redirect_uri(
self.clientcredentials.key,
self.clientcredentials.callback))
self.assertFalse(
self.oauthserver.validate_redirect_uri(
'mdwCgQ4kMCRAfO5A7l6pN4QEOePAE4=',
self.clientcredentials.callback))
self.assertFalse(
self.oauthserver.validate_redirect_uri(
self.clientcredentials.key,
'http://www.example.com/ready'))
def test_validate_realm(self):
self.realm = Realm.objects.get(pk=2)
self.assertEquals(
self.oauthserver.validate_realm(
self.clientcredentials.key,
self.realm.access_token,
None, self.realm.name),
self.realm.name)
self.realm = Realm.objects.get(pk=3)
self.assertEquals(
self.oauthserver.validate_realm(
self.clientcredentials.key,
self.realm.access_token,
self.realm.url, None),
self.realm.url)
def test_validate_requested_realm(self):
self.realm = Realm.objects.get(pk=1)
self.assertEquals(
self.oauthserver.validate_requested_realm(
self.clientcredentials.key, self.realm.name),
self.realm.name)
self.assertFalse(
self.oauthserver.validate_requested_realm(
'mdwCgQ4kMCRAfO5A7l6pN4QEOePAE4=', self.realm.name))
self.assertFalse(
self.oauthserver.validate_requested_realm(
self.clientcredentials.key, 'wrong_realm_name'))
# def test_validate_verifier(self):
# self.token = Token.objects.get(pk=2)
# self.assertEquals(
# self.oauthserver.validate_verifier(
# self.clientcredentials.key,
# self.token.key,
# 'dfg'),
# 'dfg')
def test_get_client_secret(self):
self.assertEquals(
self.oauthserver.get_client_secret(self.clientcredentials.key),
self.clientcredentials.secret)
self.assertFalse(
self.oauthserver.get_client_secret('Vc_89DGdxcBShDhXGkDKJuc8='))
def test_get_request_token_secret(self):
self.token = Token.objects.get(pk=1)
self.assertEquals(
self.oauthserver.get_request_token_secret(
self.clientcredentials.key, self.token.key),
self.token.secret)
self.assertFalse(
self.oauthserver.get_request_token_secret(
'Vc_89DGdxcBShDhXGkDKJuc8=', self.token.key))
self.assertFalse(
self.oauthserver.get_request_token_secret(
self.clientcredentials.key, 'QhYz2iCdGS8xYwUegfSUHF'))
def test_get_access_token_secret(self):
self.token = Token.objects.get(pk=2)
self.assertEquals(self.oauthserver.get_request_token_secret(
self.clientcredentials.key, self.token.key),
self.token.secret)
self.assertFalse(self.oauthserver.get_request_token_secret(
'Vc_89DGdxcBShDhXGkDKJuc8=', self.token.key))
self.assertFalse(self.oauthserver.get_request_token_secret(
self.clientcredentials.key, 'QhYz2iCdGS8xYwUegfSUHF'))
#class TemporaryCredentialsRequestTest(TestCase):
# fixtures = ['test_entries.json']
#
# def setUp(self):
# super(TemporaryCredentialsRequestTest, self).setUp()
#
# # Credentials
# self.username = '******'
# self.password = '******'
# self.user = User.objects.create_user(
# self.username,
# '*****@*****.**',
# self.password
# )
#
# # Object to test on
# self.clientcredentials = ClientCredential.objects.get(pk=1)
#
# # Nose setting for long diffs
# self.maxDiff = None
#
# def testStuff(self):
#
# c = Client(
# self.clientcredentials.key,
# callback_uri=self.clientcredentials.callback
# )
#
# uri, headers, body = c.sign(u'http://127.0.0.1:8001/initiate/')
#TODO nonce/timestamp/signature will change
self.assertEqual(
headers,
{
u'Authorization': u'OAuth oauth_nonce='
u'"110880830699442379541341263567",'
u'oauth_timestamp="1341263567", oauth_version="1.0",'
u'oauth_signature_method="HMAC-SHA1",'
u'oauth_consumer_key=self.clientcredentials.key,'
u'oauth_callback=self.clientcredentials.callback,'
u'oauth_signature="1emEeMqMx1vgjKEwdwyrz57%2FyTE%3D"',
}
)
class OAuthServerTest(TestCase):
fixtures = ['initial_data.json', 'test_user.json', 'test_entries.json']
def setUp(self):
super(OAuthServerTest, self).setUp()
# Credentials
self.user = User.objects.get(pk=1)
# Object to test on
self.clientcredentials = ClientCredential.objects.get(pk=1)
self.oauthserver = OAuthServer()
# Nose setting for long diffs
#self.maxDiff = None
def test_validate_timestamp_and_nonce(self):
self.nonce = Nonce.objects.get(pk=1)
#Credentials already used
self.assertFalse(self.oauthserver.validate_timestamp_and_nonce(
self.clientcredentials.key, self.nonce.timestamp,
self.nonce.nonce))
#New timestamp
self.assertEquals(
self.oauthserver.validate_timestamp_and_nonce(
self.clientcredentials.key, 987654322,
self.nonce.nonce),
(self.clientcredentials.key, 987654322,
self.nonce.nonce, None))
#New nonce
self.assertEquals(
self.oauthserver.validate_timestamp_and_nonce(
self.clientcredentials.key,
self.nonce.timestamp, 'abc'),
(self.clientcredentials.key, self.nonce.timestamp,
'abc', None))
#Incorrect client key
self.assertFalse(self.oauthserver.validate_timestamp_and_nonce(
'm7UQ0_n8M0vUNmdwCgQ4kMCRAfO5A7l6pN4QEOePAE4=',
self.nonce.timestamp, self.nonce.nonce))
def test_validate_timestamp_and_nonce_request_token(self):
self.nonce_request_token = Nonce.objects.get(pk=2)
#Credentials already used
self.assertFalse(self.oauthserver.validate_timestamp_and_nonce(
self.clientcredentials.key,
self.nonce_request_token.timestamp,
self.nonce_request_token.nonce,
self.nonce_request_token.request_token))
#New timestamp
self.assertEquals(self.oauthserver.validate_timestamp_and_nonce(
self.clientcredentials.key, 987654322,
self.nonce_request_token.nonce,
self.nonce_request_token.request_token),
(self.clientcredentials.key, 987654322,
self.nonce_request_token.nonce,
self.nonce_request_token.request_token))
self.assertNotEquals(self.oauthserver.validate_timestamp_and_nonce(
self.clientcredentials.key, 987654323,
self.nonce_request_token.nonce,
self.nonce_request_token.request_token),
(self.clientcredentials.key, 987654323,
self.nonce_request_token.nonce, None))
#New nonce
self.assertEquals(self.oauthserver.validate_timestamp_and_nonce(
self.clientcredentials.key,
self.nonce_request_token.timestamp,
'abc', self.nonce_request_token.request_token),
(self.clientcredentials.key,
self.nonce_request_token.timestamp,
'abc', self.nonce_request_token.request_token))
self.assertNotEquals(self.oauthserver.validate_timestamp_and_nonce(
self.clientcredentials.key,
self.nonce_request_token.timestamp,
'abc', self.nonce_request_token.request_token),
(self.clientcredentials.key,
self.nonce_request_token.timestamp,
'abc', None))
#Incorrect client key
self.assertFalse(self.oauthserver.validate_timestamp_and_nonce(
'm7UQ0_n8M0vUNmdwCgQ4kMCRAfO5A7l6pN4QEOePAE4=',
self.nonce_request_token.timestamp,
self.nonce_request_token.nonce,
self.nonce_request_token.request_token))
def test_validate_timestamp_and_nonce_access_token(self):
self.nonce_access_token = Nonce.objects.get(pk=3)
#Credentials already used
self.assertFalse(self.oauthserver.validate_timestamp_and_nonce(
self.clientcredentials.key,
self.nonce_access_token.timestamp,
self.nonce_access_token.nonce,
None, self.nonce_access_token.access_token))
#New timestamp
self.assertEquals(self.oauthserver.validate_timestamp_and_nonce(
self.clientcredentials.key, 987654322,
self.nonce_access_token.nonce, None,
self.nonce_access_token.access_token),
(self.clientcredentials.key, 987654322,
self.nonce_access_token.nonce,
self.nonce_access_token.access_token))
self.assertNotEquals(self.oauthserver.validate_timestamp_and_nonce(
self.clientcredentials.key, 987654323,
self.nonce_access_token.nonce, None,
self.nonce_access_token.access_token),
(self.clientcredentials.key, 987654323,
self.nonce_access_token.nonce, None))
#New nonce
self.assertEquals(self.oauthserver.validate_timestamp_and_nonce(
self.clientcredentials.key,
self.nonce_access_token.timestamp,
'abc', None, self.nonce_access_token.access_token),
(self.clientcredentials.key,
self.nonce_access_token.timestamp,
'abc', self.nonce_access_token.access_token))
self.assertNotEquals(self.oauthserver.validate_timestamp_and_nonce(
self.clientcredentials.key,
self.nonce_access_token.timestamp,
'abc', None,
self.nonce_access_token.access_token),
(self.clientcredentials.key,
self.nonce_access_token.timestamp,
'abc', None))
#Incorrect client key
self.assertFalse(self.oauthserver.validate_timestamp_and_nonce(
'm7UQ0_n8M0vUNmdwCgQ4kMCRAfO5A7l6pN4QEOePAE4=',
self.nonce_access_token.timestamp,
self.nonce_access_token.nonce,
None, self.nonce_access_token.access_token))
def test_validate_client_key(self):
self.assertEquals(
self.oauthserver.validate_client_key(self.clientcredentials.key),
self.clientcredentials.key)
self.assertFalse(self.oauthserver.validate_client_key('notavalidkey'))
def test_validate_request_token(self):
self.token = Token.objects.get(pk=1)
self.assertTrue(
self.oauthserver.validate_request_token(
self.clientcredentials.key, self.token.key))
self.assertFalse(
self.oauthserver.validate_request_token(
'mdwCgQ4kMCRAfO5A7l6pN4QEOePAE4=', self.token.key))
self.assertFalse(
self.oauthserver.validate_request_token(
self.clientcredentials.key, 'm7UQ0_n8M0vUNmd'))
def test_validate_access_token(self):
self.token = Token.objects.get(pk=2)
self.assertTrue(
self.oauthserver.validate_access_token(
self.clientcredentials.key, self.token.key))
self.assertFalse(
self.oauthserver.validate_access_token(
'mdwCgQ4kMCRAfO5A7l6pN4QEOePAE4=', self.token.key))
self.assertFalse(
self.oauthserver.validate_access_token(
self.clientcredentials.key, 'm7UQ0_n8M0vUNmd'))
def test_validate_redirect_uri(self):
self.assertTrue(
self.oauthserver.validate_redirect_uri(
self.clientcredentials.key,
self.clientcredentials.callback))
self.assertFalse(
self.oauthserver.validate_redirect_uri(
'mdwCgQ4kMCRAfO5A7l6pN4QEOePAE4=',
self.clientcredentials.callback))
self.assertFalse(
self.oauthserver.validate_redirect_uri(
self.clientcredentials.key,
'http://www.example.com/ready'))
def test_validate_realm(self):
self.realm = Realm.objects.get(pk=2)
self.assertEquals(
self.oauthserver.validate_realm(
self.clientcredentials.key,
self.realm.access_token,
None, self.realm.name),
self.realm.name)
self.realm = Realm.objects.get(pk=3)
self.assertEquals(
self.oauthserver.validate_realm(
self.clientcredentials.key,
self.realm.access_token,
self.realm.url, None),
self.realm.url)
def test_validate_requested_realm(self):
self.realm = Realm.objects.get(pk=1)
self.assertEquals(
self.oauthserver.validate_requested_realm(
self.clientcredentials.key, self.realm.name),
self.realm.name)
self.assertFalse(
self.oauthserver.validate_requested_realm(
'mdwCgQ4kMCRAfO5A7l6pN4QEOePAE4=', self.realm.name))
self.assertFalse(
self.oauthserver.validate_requested_realm(
self.clientcredentials.key, 'wrong_realm_name'))
# def test_validate_verifier(self):
# self.token = Token.objects.get(pk=2)
# self.assertEquals(
# self.oauthserver.validate_verifier(
# self.clientcredentials.key,
# self.token.key,
# 'dfg'),
# 'dfg')
def test_get_client_secret(self):
self.assertEquals(
self.oauthserver.get_client_secret(self.clientcredentials.key),
self.clientcredentials.secret)
self.assertFalse(
self.oauthserver.get_client_secret('Vc_89DGdxcBShDhXGkDKJuc8='))
def test_get_request_token_secret(self):
self.token = Token.objects.get(pk=1)
self.assertEquals(
self.oauthserver.get_request_token_secret(
self.clientcredentials.key, self.token.key),
self.token.secret)
self.assertFalse(
self.oauthserver.get_request_token_secret(
'Vc_89DGdxcBShDhXGkDKJuc8=', self.token.key))
self.assertFalse(
self.oauthserver.get_request_token_secret(
self.clientcredentials.key, 'QhYz2iCdGS8xYwUegfSUHF'))
def test_get_access_token_secret(self):
self.token = Token.objects.get(pk=2)
self.assertEquals(self.oauthserver.get_request_token_secret(
self.clientcredentials.key, self.token.key),
self.token.secret)
self.assertFalse(self.oauthserver.get_request_token_secret(
'Vc_89DGdxcBShDhXGkDKJuc8=', self.token.key))
self.assertFalse(self.oauthserver.get_request_token_secret(
self.clientcredentials.key, 'QhYz2iCdGS8xYwUegfSUHF'))
