def test_url_add_query(self): self.assertEqual( "https://woo.test:8888/sdf?param=value&newparam=newvalue", UrlUtils.add_query( "https://woo.test:8888/sdf?param=value", 'newparam', 'newvalue' ) )
def get_verifier(self, request_token=None, wp_user=None, wp_pass=None): """ pretends to be a browser, uses the authorize auth link, submits user creds to WP login form to get verifier string from access token """ if request_token is None: request_token = self.request_token assert request_token, "need a valid request_token for this step" if wp_user is None and self.wp_user: wp_user = self.wp_user if wp_pass is None and self.wp_pass: wp_pass = self.wp_pass authorize_url = self.authentication['oauth1']['authorize'] authorize_url = UrlUtils.add_query(authorize_url, 'oauth_token', request_token) # we're using a different session from the usual API calls # (I think the headers are incompatible?) # self.requester.get(authorize_url) authorize_session = requests.Session() login_form_response = authorize_session.get(authorize_url) try: login_form_action, login_form_data = self.get_form_info( login_form_response, 'loginform') except AssertionError, e: #try to parse error login_form_soup = BeautifulSoup(login_form_response.text, 'lxml') error = login_form_soup.select_one('div#login_error') if error and "invalid token" in error.string.lower(): raise UserWarning("Invalid token: %s" % repr(request_token)) else: raise UserWarning( "could not parse login form. Site is misbehaving. Original error: %s " \ % str(e) )
def get_verifier(self, request_token=None, wp_user=None, wp_pass=None): """ pretends to be a browser, uses the authorize auth link, submits user creds to WP login form to get verifier string from access token """ if request_token is None: request_token = self.request_token assert request_token, "need a valid request_token for this step" if wp_user is None and self.wp_user: wp_user = self.wp_user if wp_pass is None and self.wp_pass: wp_pass = self.wp_pass authorize_url = self.authentication['oauth1']['authorize'] authorize_url = UrlUtils.add_query(authorize_url, 'oauth_token', request_token) # we're using a different session from the usual API calls # (I think the headers are incompatible?) # self.requester.get(authorize_url) authorize_session = requests.Session() login_form_response = authorize_session.get(authorize_url) login_form_params = { 'username': wp_user, 'password': wp_pass, 'token': request_token } try: login_form_action, login_form_data = self.get_form_info( login_form_response, 'loginform') except AssertionError as exc: self.parse_login_form_error(login_form_response, exc, **login_form_params) for name, values in login_form_data.items(): if name == 'log': login_form_data[name] = wp_user elif name == 'pwd': login_form_data[name] = wp_pass else: login_form_data[name] = values[0] assert 'log' in login_form_data, 'input for user login did not appear on form' assert 'pwd' in login_form_data, 'input for user password did not appear on form' # print "submitting login form to %s : %s" % (login_form_action, str(login_form_data)) confirmation_response = authorize_session.post(login_form_action, data=login_form_data, allow_redirects=True) try: authorize_form_action, authorize_form_data = self.get_form_info( confirmation_response, 'oauth1_authorize_form') except AssertionError as exc: self.parse_login_form_error(confirmation_response, exc, **login_form_params) for name, values in authorize_form_data.items(): if name == 'wp-submit': assert \ 'authorize' in values, \ "apparently no authorize button, only %s" % str(values) authorize_form_data[name] = 'authorize' else: authorize_form_data[name] = values[0] assert 'wp-submit' in login_form_data, 'authorize button did not appear on form' final_response = authorize_session.post(authorize_form_action, data=authorize_form_data, allow_redirects=False) assert \ final_response.status_code == 302, \ "was not redirected by authorize screen, was %d instead. something went wrong" \ % final_response.status_code assert 'location' in final_response.headers, "redirect did not provide redirect location in header" final_location = final_response.headers['location'] # At this point we can chose to follow the redirect if the user wants, # or just parse the verifier out of the redirect url. # open to suggestions if anyone has any :) final_location_queries = parse_qs(urlparse(final_location).query) assert \ 'oauth_verifier' in final_location_queries, \ "oauth verifier not provided in final redirect: %s" % final_location self._oauth_verifier = final_location_queries['oauth_verifier'][0] return self._oauth_verifier