def testRequestAvatarIdInvalidToken(self):
"""
L{FacadeOAuthChecker.requestAvatarId} creates a
L{FluidinfoSession} for the authenticated user only if
the access token was properly formed (by calling dataToToken).
"""
secret = ''.join(sample(ALPHABET, 16))
user = createUser(u'username', u'password', u'User',
u'*****@*****.**')
createOAuthConsumer(user, secret=secret)
self.store.commit()
timestamp = 1314976811
headers = {'header1': 'foo'}
arguments = 'argument1=bar'
token = 'token'
signature = 'wrong'
nonce = 'nonce'
credentials = OAuthCredentials('fluidinfo.com', user.username, token,
'HMAC-SHA1', signature, timestamp,
nonce, 'GET',
u'https://fluidinfo.com/foo', headers,
arguments)
deferred = self.checker.requestAvatarId(credentials)
return self.assertFailure(deferred, UnauthorizedLogin)
def testAuthenticateOAuthWithIncorrectSignature(self):
"""
L{OAuthConsumerAPI.authenticate} raises an L{AuthenticationError}
exception if the signature in the L{OAuthCredentials} is incorrect.
"""
UserAPI().create([
(u'consumer', u'secret', u'Consumer', u'*****@*****.**'),
(u'user', u'secret', u'User', u'*****@*****.**')])
consumerUser = getUser(u'consumer')
user = getUser(u'user')
api = OAuthConsumerAPI()
consumer = api.register(consumerUser, secret='abyOTsAfo9MVN0qz')
timestamp = 1314976811
headers = {'header1': 'foo'}
arguments = 'argument1=bar'
oauthEchoSecret = getConfig().get('oauth', 'access-secret')
token = dataToToken(oauthEchoSecret + consumer.secret,
{'username': user.username,
'creationTime': '2012-12-28 16:18:23'})
signature = 'wrong'
nonce = 'nonce'
credentials = OAuthCredentials(
'fluidinfo.com', consumerUser.username, token, 'HMAC-SHA1',
signature, timestamp, nonce, 'GET', u'https://fluidinfo.com/foo',
headers, arguments)
self.assertRaises(AuthenticationError, api.authenticate, credentials)
def testRequestAvatarId(self):
"""
L{FacadeOAuthChecker.requestAvatarId} creates a
L{FluidinfoSession} for the authenticated user only if credentials are
correct.
"""
UserAPI().create([(u'consumer', u'secret', u'Consumer',
u'*****@*****.**'),
(u'user', u'secret', u'User', u'*****@*****.**')])
consumerUser = getUser(u'consumer')
user = getUser(u'user')
api = OAuthConsumerAPI()
consumer = api.register(consumerUser)
token = api.getAccessToken(consumerUser, user)
self.store.commit()
timestamp = 1314976811
headers = {'header1': 'foo'}
arguments = 'argument1=bar'
# FIXME This isn't ideal. It'd be better to use a hard-coded
# signature, because then we'd know when something changed. It's hard
# to do that, though, because the encrypted token generated by
# fluiddb.util.minitoken is always different. -jkakar
request = Request.from_request('GET', u'https://fluidinfo.com/foo',
headers, {'argument1': 'bar'})
signature = SignatureMethod_HMAC_SHA1().sign(request, consumer, None)
nonce = 'nonce'
credentials = OAuthCredentials('fluidinfo.com', consumerUser.username,
token.encrypt(), 'HMAC-SHA1', signature,
timestamp, nonce, 'GET',
u'https://fluidinfo.com/foo', headers,
arguments)
session = yield self.checker.requestAvatarId(credentials)
self.assertEqual(user.username, session.auth.username)
self.assertEqual(user.objectID, session.auth.objectID)
def testAuthenticateOAuthWithInvalidToken(self):
"""
L{OAuthConsumerAPI.authenticate} raises an L{AuthenticationError}
exception if the token in the L{OAuthCredentials} is invalid.
"""
UserAPI().create([(u'user1', u'secret1', u'User1',
u'*****@*****.**')])
user1 = getUser(u'user1')
# NOTE This second user is not used, but it's created anyway to make
# sure that the environment is the same as the other tests, but this
# time the test will only fail because of an invalid token.
# This is here to avoid regressions.
UserAPI().create([(u'user2', u'secret2', u'User2',
u'*****@*****.**')])
oauthConsumerAPI = OAuthConsumerAPI()
oauthConsumerAPI.register(user1, secret='abyOTsAfo9MVN0qz')
timestamp = 1314976811
headers = {'header1': 'foo'}
arguments = 'argument1=bar'
token = 'invalid'
signature = 'wrong'
nonce = 'nonce'
credentials = OAuthCredentials(
'fluidinfo.com', user1.username, token, 'HMAC-SHA1', signature,
timestamp, nonce, 'GET', u'https://fluidinfo.com/foo', headers,
arguments)
self.assertRaises(AuthenticationError, oauthConsumerAPI.authenticate,
credentials)
def testAuthenticateOAuthWithUnknownConsumer(self):
"""
L{OAuthConsumerAPI.authenticate} raises an L{AuthenticationError}
exception if the consumer is not registered.
"""
UserAPI().create([(u'user1', u'secret1', u'User1',
u'*****@*****.**')])
user1 = getUser(u'user1')
secret = 'a' * 16
timestamp = 1314976811
headers = {'header1': 'foo'}
arguments = 'argument1=bar'
oauthEchoSecret = getConfig().get('oauth', 'access-secret')
token = dataToToken(oauthEchoSecret + secret, {'user1': 'secret1'})
signature = 'Sno1ocDhYv9vwJnEJATE3cmUvSo='
nonce = 'nonce'
oauthConsumerAPI = OAuthConsumerAPI()
credentials = OAuthCredentials(
'fluidinfo.com', user1.username, token, 'HMAC-SHA1', signature,
timestamp, nonce, 'GET', u'https://fluidinfo.com/foo', headers,
arguments)
self.assertRaises(AuthenticationError, oauthConsumerAPI.authenticate,
credentials)
def testAuthenticateOAuth(self):
"""
L{OAuthConsumerAPI.authenticate} returns the L{User} when passed valid
L{OAuthCredentials}. In the case of OAuth Echo, and in the case of
this test, a consumer makes a request using a token that grants it
access to act on behalf of a particular user.
"""
UserAPI().create([(u'consumer', u'password', u'Consumer',
u'*****@*****.**')])
UserAPI().create([(u'user', u'secret', u'User', u'*****@*****.**')])
consumer = getUser(u'consumer')
user = getUser(u'user')
api = OAuthConsumerAPI()
api.register(consumer, secret='abyOTsAfo9MVN0qz')
token = api.getAccessToken(consumer, user)
timestamp = 1314976811
headers = {'header1': 'foo'}
arguments = 'argument1=bar'
signature = 'Sno1ocDhYv9vwJnEJATE3cmUvSo='
nonce = 'nonce'
credentials = OAuthCredentials(
'fluidinfo.com', consumer.username, token.encrypt(), 'HMAC-SHA1',
signature, timestamp, nonce, 'GET', u'https://fluidinfo.com/foo',
headers, arguments)
self.assertIdentical(user, api.authenticate(credentials))
def testAuthenticateOAuthWithUnknownUser(self):
"""
L{OAuthConsumerAPI.authenticate} raises a L{UnknownUserError} exception
if the user in the L{OAuthCredentials} token doesn't exist.
"""
UserAPI().create([(u'user1', u'secret1', u'User1',
u'*****@*****.**')])
user1 = getUser(u'user1')
oauthConsumerAPI = OAuthConsumerAPI()
consumer = oauthConsumerAPI.register(user1, secret='abyOTsAfo9MVN0qz')
timestamp = 1314976811
headers = {'header1': 'foo'}
arguments = 'argument1=bar'
oauthEchoSecret = getConfig().get('oauth', 'access-secret')
token = dataToToken(oauthEchoSecret + consumer.secret,
{'username': '******'})
signature = 'Sno1ocDhYv9vwJnEJATE3cmUvSo='
nonce = 'nonce'
credentials = OAuthCredentials(
'fluidinfo.com', user1.username, token, 'HMAC-SHA1', signature,
timestamp, nonce, 'GET', u'https://fluidinfo.com/foo', headers,
arguments)
self.assertRaises(UnknownUserError, oauthConsumerAPI.authenticate,
credentials)
def testAuthenticateUserWithOAuthUnknownUsernameInToken(self):
"""
L{FacadeAuthMixin.authenticateUserWithOAuth} raises a
L{TNoSuchUser} exception if the username in the token does
not match an existing L{User}.
"""
user1 = createUser(u'user1', u'pass1', u'User1', u'*****@*****.**')
oauthConsumer1 = createOAuthConsumer(user1, secret='secret16charlng1')
self.store.commit()
timestamp = 1314976811
headers = {'header1': 'foo'}
arguments = 'argument1=bar'
token = dataToToken(oauthConsumer1.secret,
{'username': u'unknownUser'})
signature = '3MNZYSgsGftopjuwv3g2u5Q+MZM='
nonce = 'nonce'
credentials = OAuthCredentials(
'fluidinfo.com', user1.username, token, u'HMAC-SHA1', signature,
timestamp, nonce, 'GET', 'https://fluidinfo.com/foo', headers,
arguments)
deferred = self.facade.authenticateUserWithOAuth(credentials)
return self.assertFailure(deferred, TNoSuchUser)
def testAuthenticateUserWithOAuthIncorrectSignature(self):
"""
L{FacadeAuthMixin.authenticateUserWithOAuth} raises a
L{TPasswordIncorrect} exception if the signature in the OAuth
credentials is incorrect.
"""
UserAPI().create([
(u'consumer', u'secret', u'Consumer', u'*****@*****.**'),
(u'user', u'secret', u'User', u'*****@*****.**')])
consumerUser = getUser(u'consumer')
user = getUser(u'user')
api = OAuthConsumerAPI()
api.register(consumerUser)
token = api.getAccessToken(consumerUser, user)
self.store.commit()
timestamp = 1314976811
headers = {'header1': 'foo'}
arguments = 'argument1=bar'
signature = 'wrong'
nonce = 'nonce'
credentials = OAuthCredentials(
'fluidinfo.com', user.username, token.encrypt(), u'HMAC-SHA1',
signature, timestamp, nonce, 'GET', 'https://fluidinfo.com/foo',
headers, arguments)
deferred = self.facade.authenticateUserWithOAuth(credentials)
return self.assertFailure(deferred, TPasswordIncorrect)
def testAuthenticateUserWithOAuthWithMixedCaseInToken(self):
"""
L{FacadeAuthMixin.authenticateUserWithOAuth} ignores the case in the
username in the token.
"""
UserAPI().create([
(u'consumer', u'secret', u'Consumer', u'*****@*****.**'),
(u'user', u'secret', u'User', u'*****@*****.**')])
consumerUser = getUser(u'consumer')
user = getUser(u'user')
api = OAuthConsumerAPI()
consumer = api.register(consumerUser)
token = dataToToken(consumer.secret,
{'username': u'UseR',
'creationTime': '20121228-161823'})
self.store.commit()
timestamp = 1314976811
headers = {'header1': 'foo'}
arguments = 'argument1=bar'
request = Request.from_request('GET', u'https://fluidinfo.com/foo',
headers, {'argument1': 'bar'})
signature = SignatureMethod_HMAC_SHA1().sign(request,
consumer, None)
nonce = 'nonce'
credentials = OAuthCredentials(
'fluidinfo.com', consumerUser.username, token,
'HMAC-SHA1', signature, timestamp, nonce, 'GET',
u'https://fluidinfo.com/foo', headers, arguments)
session = yield self.facade.authenticateUserWithOAuth(credentials)
self.assertEqual(user.username, session.auth.username)
self.assertEqual(user.objectID, session.auth.objectID)
def testAuthenticateUserWithOAuth(self):
"""
L{FacadeAuthMixin.authenticateUserWithOAuth} creates a
L{FluidinfoSession} for the authenticated user only if credentials are
correct.
"""
UserAPI().create([
(u'consumer', u'secret', u'Consumer', u'*****@*****.**'),
(u'user', u'secret', u'User', u'*****@*****.**')])
consumerUser = getUser(u'consumer')
user = getUser(u'user')
api = OAuthConsumerAPI()
consumer = api.register(consumerUser)
token = api.getAccessToken(consumerUser, user)
self.store.commit()
timestamp = 1314976811
headers = {'header1': 'foo'}
arguments = 'argument1=bar'
request = Request.from_request('GET', u'https://fluidinfo.com/foo',
headers, {'argument1': 'bar'})
signature = SignatureMethod_HMAC_SHA1().sign(request,
consumer, None)
nonce = 'nonce'
credentials = OAuthCredentials(
'fluidinfo.com', consumerUser.username, token.encrypt(),
'HMAC-SHA1', signature, timestamp, nonce, 'GET',
u'https://fluidinfo.com/foo', headers, arguments)
session = yield self.facade.authenticateUserWithOAuth(credentials)
self.assertEqual(user.username, session.auth.username)
self.assertEqual(user.objectID, session.auth.objectID)
def testAuthenticateUserWithOAuthUnknownConsumer(self):
"""
L{FacadeAuthMixin.authenticateUserWithOAuth} raises
L{TNoSuchUser} if the consumer does not exist.
"""
user2 = createUser(u'user2', u'pass2', u'User2', u'*****@*****.**')
self.store.commit()
timestamp = 1314976811
headers = {'header1': 'foo'}
arguments = 'argument1=bar'
token = dataToToken('a' * 16, {'username': user2.username})
signature = '3MNZYSgsGftopjuwv3g2u5Q+MZM='
nonce = 'nonce'
credentials = OAuthCredentials(
'fluidinfo.com', u'user1', token, 'HMAC-SHA1', signature,
timestamp, nonce, 'GET', u'https://fluidinfo.com/foo', headers,
arguments)
deferred = self.facade.authenticateUserWithOAuth(credentials)
return self.assertFailure(deferred, TNoSuchUser)