def _getRequestForPersonAndAccountWithDifferentIDs(self): """Return a LaunchpadTestRequest with the correct OAuth parameters in its form. """ # Create a lone account followed by an account-with-person just to # make sure in the second one the ID of the account and the person are # different. self.factory.makeAccount('Personless account') person = self.factory.makePerson() self.assertNotEqual(person.id, person.account.id) # Create an access token for our new person. consumer = getUtility(IOAuthConsumerSet).new(u'test-consumer') request_token, _ = consumer.newRequestToken() request_token.review(person, permission=OAuthPermission.READ_PUBLIC, context=None) access_token, access_secret = request_token.createAccessToken() # Use oauth.OAuthRequest just to generate a dictionary containing all # the parameters we need to use in a valid OAuth request, using the # access token we just created for our new person. oauth_consumer = OAuthConsumer(consumer.key, u'') oauth_token = OAuthToken(access_token.key, access_secret) oauth_request = OAuthRequest.from_consumer_and_token( oauth_consumer, oauth_token) oauth_request.sign_request(OAuthSignatureMethod_PLAINTEXT(), oauth_consumer, oauth_token) return LaunchpadTestRequest(form=oauth_request.parameters)
def test_split_oauth(self): # OAuth headers are parsed correctly: see bug 314507. # This was really a bug in the underlying contrib/oauth.py module, but # it has no standalone test case. # # Note that the 'realm' parameter is not returned, because it's not # included in the OAuth calculations. headers = OAuthRequest._split_header( 'OAuth realm="foo", oauth_consumer_key="justtesting"') self.assertEquals(headers, {'oauth_consumer_key': 'justtesting'}) headers = OAuthRequest._split_header( 'OAuth oauth_consumer_key="justtesting"') self.assertEquals(headers, {'oauth_consumer_key': 'justtesting'}) headers = OAuthRequest._split_header( 'OAuth oauth_consumer_key="justtesting", realm="realm"') self.assertEquals(headers, {'oauth_consumer_key': 'justtesting'})
def addHeadersTo(self, full_url, full_headers): if self.consumer is not None and self.access_token is not None: request = OAuthRequest.from_consumer_and_token(self.consumer, self.access_token, http_url=full_url) request.sign_request(OAuthSignatureMethod_PLAINTEXT(), self.consumer, self.access_token) full_headers.update(request.to_header(OAUTH_REALM)) if not self.handle_errors: full_headers["X_Zope_handle_errors"] = "False"
def _getRequestForPersonAndAccountWithDifferentIDs(self): """Return a LaunchpadTestRequest with the correct OAuth parameters in its form. """ # Create a lone account followed by an account-with-person just to # make sure in the second one the ID of the account and the person are # different. self.factory.makeAccount('Personless account') person = self.factory.makePerson() self.failIfEqual(person.id, person.account.id) # Create an access token for our new person. consumer = getUtility(IOAuthConsumerSet).new('test-consumer') request_token = consumer.newRequestToken() request_token.review( person, permission=OAuthPermission.READ_PUBLIC, context=None) access_token = request_token.createAccessToken() # Use oauth.OAuthRequest just to generate a dictionary containing all # the parameters we need to use in a valid OAuth request, using the # access token we just created for our new person. oauth_request = OAuthRequest.from_consumer_and_token( consumer, access_token) oauth_request.sign_request( OAuthSignatureMethod_PLAINTEXT(), consumer, access_token) return LaunchpadTestRequest(form=oauth_request.parameters)
def addHeadersTo(self, full_url, full_headers): if self.consumer is not None and self.access_token is not None: request = OAuthRequest.from_consumer_and_token(self.consumer, self.access_token, http_url=full_url) request.sign_request(OAuthSignatureMethod_PLAINTEXT(), self.consumer, self.access_token) full_headers.update(request.to_header(OAUTH_REALM)) if not self.handle_errors: full_headers['X_Zope_handle_errors'] = 'False'
def get_oauth_authorization(request): """Retrieve OAuth authorization information from a request. The authorization information may be in the Authorization header, or it might be in the query string or entity-body. :return: a dictionary of authorization information. """ header = request._auth if header is not None and header.startswith("OAuth "): return OAuthRequest._split_header(header) else: return request.form
def get_oauth_authorization(request): """Retrieve OAuth authorization information from a request. The authorization information may be in the Authorization header, or it might be in the query string or entity-body. :return: a dictionary of authorization information. :raises UnicodeDecodeError: If the Authorization header is not valid UTF-8. """ header = request._auth if header is not None and header.startswith("OAuth "): # http://oauth.net/core/1.0/#encoding_parameters says "Text names # and values MUST be encoded as UTF-8 octets before percent-encoding # them", so we can reasonably fail if this hasn't been done. return OAuthRequest._split_header(six.ensure_text(header)) else: return request.form