def test_url_add_query(self):
self.assertEqual(
"https://woo.test:8888/sdf?param=value&newparam=newvalue",
UrlUtils.add_query(
"https://woo.test:8888/sdf?param=value", 'newparam', 'newvalue'
)
)
def get_verifier(self, request_token=None, wp_user=None, wp_pass=None):
""" pretends to be a browser, uses the authorize auth link, submits user creds to WP login form to get
verifier string from access token """
if request_token is None:
request_token = self.request_token
assert request_token, "need a valid request_token for this step"
if wp_user is None and self.wp_user:
wp_user = self.wp_user
if wp_pass is None and self.wp_pass:
wp_pass = self.wp_pass
authorize_url = self.authentication['oauth1']['authorize']
authorize_url = UrlUtils.add_query(authorize_url, 'oauth_token',
request_token)
# we're using a different session from the usual API calls
# (I think the headers are incompatible?)
# self.requester.get(authorize_url)
authorize_session = requests.Session()
login_form_response = authorize_session.get(authorize_url)
try:
login_form_action, login_form_data = self.get_form_info(
login_form_response, 'loginform')
except AssertionError, e:
#try to parse error
login_form_soup = BeautifulSoup(login_form_response.text, 'lxml')
error = login_form_soup.select_one('div#login_error')
if error and "invalid token" in error.string.lower():
raise UserWarning("Invalid token: %s" % repr(request_token))
else:
raise UserWarning(
"could not parse login form. Site is misbehaving. Original error: %s " \
% str(e)
)
def get_verifier(self, request_token=None, wp_user=None, wp_pass=None):
""" pretends to be a browser, uses the authorize auth link, submits user creds to WP login form to get
verifier string from access token """
if request_token is None:
request_token = self.request_token
assert request_token, "need a valid request_token for this step"
if wp_user is None and self.wp_user:
wp_user = self.wp_user
if wp_pass is None and self.wp_pass:
wp_pass = self.wp_pass
authorize_url = self.authentication['oauth1']['authorize']
authorize_url = UrlUtils.add_query(authorize_url, 'oauth_token',
request_token)
# we're using a different session from the usual API calls
# (I think the headers are incompatible?)
# self.requester.get(authorize_url)
authorize_session = requests.Session()
login_form_response = authorize_session.get(authorize_url)
login_form_params = {
'username': wp_user,
'password': wp_pass,
'token': request_token
}
try:
login_form_action, login_form_data = self.get_form_info(
login_form_response, 'loginform')
except AssertionError as exc:
self.parse_login_form_error(login_form_response, exc,
**login_form_params)
for name, values in login_form_data.items():
if name == 'log':
login_form_data[name] = wp_user
elif name == 'pwd':
login_form_data[name] = wp_pass
else:
login_form_data[name] = values[0]
assert 'log' in login_form_data, 'input for user login did not appear on form'
assert 'pwd' in login_form_data, 'input for user password did not appear on form'
# print "submitting login form to %s : %s" % (login_form_action, str(login_form_data))
confirmation_response = authorize_session.post(login_form_action,
data=login_form_data,
allow_redirects=True)
try:
authorize_form_action, authorize_form_data = self.get_form_info(
confirmation_response, 'oauth1_authorize_form')
except AssertionError as exc:
self.parse_login_form_error(confirmation_response, exc,
**login_form_params)
for name, values in authorize_form_data.items():
if name == 'wp-submit':
assert \
'authorize' in values, \
"apparently no authorize button, only %s" % str(values)
authorize_form_data[name] = 'authorize'
else:
authorize_form_data[name] = values[0]
assert 'wp-submit' in login_form_data, 'authorize button did not appear on form'
final_response = authorize_session.post(authorize_form_action,
data=authorize_form_data,
allow_redirects=False)
assert \
final_response.status_code == 302, \
"was not redirected by authorize screen, was %d instead. something went wrong" \
% final_response.status_code
assert 'location' in final_response.headers, "redirect did not provide redirect location in header"
final_location = final_response.headers['location']
# At this point we can chose to follow the redirect if the user wants,
# or just parse the verifier out of the redirect url.
# open to suggestions if anyone has any :)
final_location_queries = parse_qs(urlparse(final_location).query)
assert \
'oauth_verifier' in final_location_queries, \
"oauth verifier not provided in final redirect: %s" % final_location
self._oauth_verifier = final_location_queries['oauth_verifier'][0]
return self._oauth_verifier
