def test_check_realms(self):
v = RequestValidator()
self.assertFalse(v.check_realms(["foo"]))
class FooRealmValidator(RequestValidator):
@property
def realms(self):
return ["foo"]
v = FooRealmValidator()
self.assertTrue(v.check_realms(["foo"]))
def test_check_realms(self):
v = RequestValidator()
self.assertFalse(v.check_realms(['foo']))
class FooRealmValidator(RequestValidator):
@property
def realms(self):
return ['foo']
v = FooRealmValidator()
self.assertTrue(v.check_realms(['foo']))
def setUp(self):
self.validator = MagicMock(wraps=RequestValidator())
self.validator.check_client_key.return_value = True
self.validator.check_request_token.return_value = True
self.validator.check_verifier.return_value = True
self.validator.allowed_signature_methods = ['HMAC-SHA1']
self.validator.get_client_secret.return_value = 'bar'
self.validator.get_request_token_secret.return_value = 'secret'
self.validator.get_realms.return_value = ['foo']
self.validator.timestamp_lifetime = 600
self.validator.validate_client_key.return_value = True
self.validator.validate_request_token.return_value = True
self.validator.validate_verifier.return_value = True
self.validator.validate_timestamp_and_nonce.return_value = True
self.validator.invalidate_request_token.return_value = True
self.validator.dummy_client = 'dummy'
self.validator.dummy_secret = 'dummy'
self.validator.dummy_request_token = 'dummy'
self.validator.save_access_token = MagicMock()
self.endpoint = AccessTokenEndpoint(self.validator)
self.client = Client('foo',
client_secret='bar',
resource_owner_key='token',
resource_owner_secret='secret',
verifier='verfier')
self.uri, self.headers, self.body = self.client.sign(
'https://i.b/access_token')
def test_oauth_timestamp(self):
"""Check for a valid UNIX timestamp."""
v = RequestValidator()
e = BaseEndpoint(v)
# Invalid timestamp length, must be 10
r = e._create_request(
'https://a.b/', 'GET',
('oauth_signature=a&oauth_consumer_key=b&oauth_nonce=c&'
'oauth_version=1.0&oauth_signature_method=RSA-SHA1&'
'oauth_timestamp=123456789'), URLENCODED)
self.assertRaises(errors.InvalidRequestError,
e._check_mandatory_parameters, r)
# Invalid timestamp age, must be younger than 10 minutes
r = e._create_request(
'https://a.b/', 'GET',
('oauth_signature=a&oauth_consumer_key=b&oauth_nonce=c&'
'oauth_version=1.0&oauth_signature_method=RSA-SHA1&'
'oauth_timestamp=1234567890'), URLENCODED)
self.assertRaises(errors.InvalidRequestError,
e._check_mandatory_parameters, r)
# Timestamp must be an integer
r = e._create_request(
'https://a.b/', 'GET',
('oauth_signature=a&oauth_consumer_key=b&oauth_nonce=c&'
'oauth_version=1.0&oauth_signature_method=RSA-SHA1&'
'oauth_timestamp=123456789a'), URLENCODED)
self.assertRaises(errors.InvalidRequestError,
e._check_mandatory_parameters, r)
def setUp(self):
self.validator = MagicMock(wraps=RequestValidator())
self.validator.verify_request_token.return_value = True
self.validator.verify_realms.return_value = True
self.validator.get_realms.return_value = ['test']
self.validator.save_verifier = MagicMock()
self.endpoint = AuthorizationEndpoint(self.validator)
self.uri = 'https://i.b/authorize?oauth_token=foo'
def test_enforce_ssl(self):
"""Ensure SSL is enforced by default."""
v = RequestValidator()
e = BaseEndpoint(v)
c = Client('foo')
u, h, b = c.sign('http://example.com')
r = e._create_request(u, 'GET', b, h)
self.assertRaises(errors.InsecureTransportError,
e._check_transport_security, r)
def test_mandated_params(self):
"""Ensure all mandatory params are present."""
v = RequestValidator()
e = BaseEndpoint(v)
r = e._create_request(
'https://a.b/', 'GET',
'oauth_signature=a&oauth_consumer_key=b&oauth_nonce', URLENCODED)
self.assertRaises(errors.InvalidRequestError,
e._check_mandatory_parameters, r)
def test_check_length(self):
v = RequestValidator()
for method in (v.check_client_key, v.check_request_token,
v.check_access_token, v.check_nonce, v.check_verifier):
for not_valid in ('tooshort', 'invalid?characters!',
'thisclientkeyisalittlebittoolong'):
self.assertFalse(method(not_valid))
for valid in ('itsjustaboutlongenough', ):
self.assertTrue(method(valid))
def test_case_insensitive_headers(self):
"""Ensure headers are case-insensitive"""
v = RequestValidator()
e = BaseEndpoint(v)
r = e._create_request(
'https://a.b', 'POST',
('oauth_signature=a&oauth_consumer_key=b&oauth_nonce=c&'
'oauth_version=1.0&oauth_signature_method=RSA-SHA1&'
'oauth_timestamp=123456789a'), URLENCODED)
self.assertIsInstance(r.headers, CaseInsensitiveDict)
def test_duplicate_params(self):
"""Ensure params are only supplied once"""
v = RequestValidator()
e = BaseEndpoint(v)
self.assertRaises(errors.InvalidRequestError, e._create_request,
'https://a.b/?oauth_version=a&oauth_version=b',
'GET', None, URLENCODED)
self.assertRaises(errors.InvalidRequestError, e._create_request,
'https://a.b/', 'GET',
'oauth_version=a&oauth_version=b', URLENCODED)
def test_oauth_version(self):
"""OAuth version must be 1.0 if present."""
v = RequestValidator()
e = BaseEndpoint(v)
r = e._create_request(
'https://a.b/', 'GET',
('oauth_signature=a&oauth_consumer_key=b&oauth_nonce=c&'
'oauth_timestamp=a&oauth_signature_method=RSA-SHA1&'
'oauth_version=2.0'), URLENCODED)
self.assertRaises(errors.InvalidRequestError,
e._check_mandatory_parameters, r)
def setUp(self):
self.validator = MagicMock(wraps=RequestValidator())
self.validator.check_client_key.return_value = True
self.validator.allowed_signature_methods = ['HMAC-SHA1']
self.validator.get_client_secret.return_value = 'bar'
self.validator.timestamp_lifetime = 600
self.validator.validate_client_key.return_value = True
self.validator.validate_timestamp_and_nonce.return_value = True
self.validator.dummy_client = 'dummy'
self.validator.dummy_secret = 'dummy'
self.endpoint = SignatureOnlyEndpoint(self.validator)
self.client = Client('foo', client_secret='bar')
self.uri, self.headers, self.body = self.client.sign(
'https://i.b/protected_resource')
def test_multiple_source_params(self):
"""Check for duplicate params"""
v = RequestValidator()
e = BaseEndpoint(v)
self.assertRaises(errors.InvalidRequestError, e._create_request,
'https://a.b/?oauth_signature_method=HMAC-SHA1',
'GET', 'oauth_version=foo', URLENCODED)
headers = {'Authorization': 'OAuth oauth_signature="foo"'}
headers.update(URLENCODED)
self.assertRaises(errors.InvalidRequestError, e._create_request,
'https://a.b/?oauth_signature_method=HMAC-SHA1',
'GET', 'oauth_version=foo', headers)
headers = {'Authorization': 'OAuth oauth_signature_method="foo"'}
headers.update(URLENCODED)
self.assertRaises(errors.InvalidRequestError, e._create_request,
'https://a.b/', 'GET', 'oauth_signature=foo',
headers)
def setUp(self):
self.validator = MagicMock(wraps=RequestValidator())
self.validator.check_client_key.return_value = True
self.validator.allowed_signature_methods = ['HMAC-SHA1']
self.validator.get_client_secret.return_value = 'bar'
self.validator.get_default_realms.return_value = ['foo']
self.validator.timestamp_lifetime = 600
self.validator.check_realms.return_value = True
self.validator.validate_client_key.return_value = True
self.validator.validate_requested_realms.return_value = True
self.validator.validate_redirect_uri.return_value = True
self.validator.validate_timestamp_and_nonce.return_value = True
self.validator.dummy_client = 'dummy'
self.validator.dummy_secret = 'dummy'
self.validator.save_request_token = MagicMock()
self.endpoint = RequestTokenEndpoint(self.validator)
self.client = Client('foo', client_secret='bar', realm='foo',
callback_uri='https://c.b/cb')
self.uri, self.headers, self.body = self.client.sign(
'https://i.b/request_token')
def test_not_implemented(self):
v = RequestValidator()
self.assertRaises(NotImplementedError, v.get_client_secret, None, None)
self.assertRaises(NotImplementedError, v.get_request_token_secret,
None, None, None)
self.assertRaises(NotImplementedError, v.get_access_token_secret, None,
None, None)
self.assertRaises(NotImplementedError, lambda: v.dummy_client)
self.assertRaises(NotImplementedError, lambda: v.dummy_request_token)
self.assertRaises(NotImplementedError, lambda: v.dummy_access_token)
self.assertRaises(NotImplementedError, v.get_rsa_key, None, None)
self.assertRaises(NotImplementedError, v.get_default_realms, None,
None)
self.assertRaises(NotImplementedError, v.get_realms, None, None)
self.assertRaises(NotImplementedError, v.get_redirect_uri, None, None)
self.assertRaises(NotImplementedError, v.validate_client_key, None,
None)
self.assertRaises(NotImplementedError, v.validate_access_token, None,
None, None)
self.assertRaises(NotImplementedError, v.validate_request_token, None,
None, None)
self.assertRaises(NotImplementedError, v.verify_request_token, None,
None)
self.assertRaises(NotImplementedError, v.verify_realms, None, None,
None)
self.assertRaises(NotImplementedError, v.validate_timestamp_and_nonce,
None, None, None, None)
self.assertRaises(NotImplementedError, v.validate_redirect_uri, None,
None, None)
self.assertRaises(NotImplementedError, v.validate_realms, None, None,
None, None, None)
self.assertRaises(NotImplementedError, v.validate_requested_realms,
None, None, None)
self.assertRaises(NotImplementedError, v.validate_verifier, None, None,
None, None)
self.assertRaises(NotImplementedError, v.save_access_token, None, None)
self.assertRaises(NotImplementedError, v.save_request_token, None,
None)
self.assertRaises(NotImplementedError, v.save_verifier, None, None,
None)
def validator():
return RequestValidator()
