Modified: incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/GadgetTokenStoreTest.java URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/GadgetTokenStoreTest.java?rev=693675&r1=693674&r2=693675&view=diff ============================================================================== --- incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/GadgetTokenStoreTest.java (original) +++ incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/GadgetTokenStoreTest.java Tue Sep 9 18:50:41 2008 @@ -18,26 +18,27 @@ */ package org.apache.shindig.gadgets.oauth; -import static org.easymock.EasyMock.eq; -import static org.easymock.EasyMock.expect; -import static org.easymock.EasyMock.expectLastCall; -import static org.easymock.EasyMock.same; - -import junit.framework.TestCase; - +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNull; +import static org.junit.Assert.fail; + +import org.apache.shindig.common.crypto.BasicBlobCrypter; +import org.apache.shindig.common.crypto.BlobCrypter; +import org.apache.shindig.common.testing.FakeGadgetToken; +import org.apache.shindig.gadgets.FakeGadgetSpecFactory; import org.apache.shindig.gadgets.GadgetException; -import org.apache.shindig.gadgets.GadgetSpecFactory; -import org.apache.shindig.gadgets.spec.GadgetSpec; -import org.easymock.IArgumentMatcher; -import org.easymock.classextension.EasyMock; -import org.easymock.classextension.IMocksControl; - -import java.net.URI; -import java.util.regex.Matcher; -import java.util.regex.Pattern; +import org.apache.shindig.gadgets.oauth.AccessorInfo.HttpMethod; +import org.apache.shindig.gadgets.oauth.AccessorInfo.OAuthParamLocation; +import org.apache.shindig.gadgets.oauth.BasicOAuthStoreConsumerKeyAndSecret.KeyType; +import org.apache.shindig.gadgets.oauth.OAuthArguments.UseToken; +import org.apache.shindig.gadgets.oauth.OAuthStore.TokenInfo; +import org.junit.Before; +import org.junit.Test; -public class GadgetTokenStoreTest extends TestCase { +public class GadgetTokenStoreTest { + private static final String GADGET_URL = "http://www.example.com/gadget.xml";; + public static final String GADGET_SPEC = "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n" + " <Module>\n" + @@ -69,206 +70,360 @@ " </Content>\n" + " </Module>"; + private BasicOAuthStore backingStore; private GadgetOAuthTokenStore store; - private GadgetSpec spec; - private IMocksControl control; - private BasicOAuthStore mockStoreImpl; - private GadgetSpecFactory mockSpecFactory; - - private static class ProviderInfoMatcher implements IArgumentMatcher { - - private OAuthStore.ProviderInfo expectedInfo; - - public ProviderInfoMatcher(OAuthStore.ProviderInfo info) { - expectedInfo = info; - } - - public void appendTo(StringBuffer sb) { - sb.append("eqProvInfo("); - sb.append("access: "); - sb.append(expectedInfo.getProvider().accessTokenURL); - sb.append(", request: "); - sb.append(expectedInfo.getProvider().requestTokenURL); - sb.append(", authorize: "); - sb.append(expectedInfo.getProvider().userAuthorizationURL); - sb.append(", http_method: "); - sb.append(expectedInfo.getHttpMethod()); - sb.append(", param_location: "); - sb.append(expectedInfo.getParamLocation()); - sb.append(", signature_type: "); - sb.append(expectedInfo.getSignatureType()); - sb.append(')'); - } - - public boolean matches(Object actual) { - if (! (actual instanceof OAuthStore.ProviderInfo)) { - return false; - } - - OAuthStore.ProviderInfo actualInfo = (OAuthStore.ProviderInfo)actual; - - return (actualInfo.getHttpMethod() == expectedInfo.getHttpMethod()) - && (actualInfo.getParamLocation() - == expectedInfo.getParamLocation()) - && (actualInfo.getSignatureType() - == expectedInfo.getSignatureType()) - && actualInfo.getProvider().accessTokenURL.equals( - expectedInfo.getProvider().accessTokenURL) - && actualInfo.getProvider().requestTokenURL.equals( - expectedInfo.getProvider().requestTokenURL) - && actualInfo.getProvider().userAuthorizationURL.equals( - expectedInfo.getProvider().userAuthorizationURL); + private FakeGadgetToken socialToken; + private FakeGadgetToken privateToken; + private BlobCrypter stateCrypter; + private OAuthClientState clientState; + + @Before + public void setUp() throws Exception { + backingStore = new BasicOAuthStore(); + backingStore.setDefaultKey( + new BasicOAuthStoreConsumerKeyAndSecret("key", "secret", KeyType.RSA_PRIVATE, "keyname")); + store = new GadgetOAuthTokenStore(backingStore, new FakeGadgetSpecFactory()); + + socialToken = new FakeGadgetToken(); + socialToken.setOwnerId("owner"); + socialToken.setViewerId("viewer"); + socialToken.setAppUrl(GADGET_URL); + + privateToken = new FakeGadgetToken(); + privateToken.setOwnerId("owner"); + privateToken.setViewerId("owner"); + privateToken.setAppUrl(GADGET_URL); + + stateCrypter = new BasicBlobCrypter("abcdefghijklmnop".getBytes()); + clientState = new OAuthClientState(stateCrypter); + } + + @Test + public void testGetOAuthAccessor_signedFetch() throws Exception { + OAuthArguments arguments = new OAuthArguments(); + arguments.setUseToken(UseToken.NEVER); + AccessorInfo info = store.getOAuthAccessor(socialToken, arguments, clientState); + assertEquals(OAuthParamLocation.URI_QUERY, info.getParamLocation()); + assertEquals("keyname", info.getConsumer().getKeyName()); + assertEquals("key", info.getConsumer().getConsumer().consumerKey); + assertNull(info.getConsumer().getConsumer().consumerSecret); + assertNull(info.getAccessor().requestToken); + assertNull(info.getAccessor().accessToken); + assertNull(info.getAccessor().tokenSecret); + } + + @Test + public void testGetOAuthAccessor_useToken_noOAuthInSpec() throws Exception { + OAuthArguments arguments = new OAuthArguments(); + arguments.setUseToken(UseToken.IF_AVAILABLE); + try { + store.getOAuthAccessor(socialToken, arguments, clientState); + fail(); + } catch (GadgetException e) { + // good } } - - private static OAuthStore.ProviderInfo eqProvInfo( - OAuthStore.ProviderInfo info) { - EasyMock.reportMatcher(new ProviderInfoMatcher(info)); - return null; + + @Test + public void testGetOAuthAccessor_signedFetch_hmacKey() throws Exception { + BasicOAuthStoreConsumerIndex index = new BasicOAuthStoreConsumerIndex(); + index.setGadgetUri(GADGET_URL); + index.setServiceName("hmac"); + BasicOAuthStoreConsumerKeyAndSecret cks = + new BasicOAuthStoreConsumerKeyAndSecret("hmac", "hmacsecret", KeyType.HMAC_SYMMETRIC, null); + backingStore.setConsumerKeyAndSecret(index, cks); + OAuthArguments arguments = new OAuthArguments(); + arguments.setUseToken(UseToken.NEVER); + arguments.setServiceName("hmac"); + AccessorInfo info = store.getOAuthAccessor(socialToken, arguments, clientState); + assertEquals(OAuthParamLocation.URI_QUERY, info.getParamLocation()); + assertEquals(null, info.getConsumer().getKeyName()); + assertEquals("hmac", info.getConsumer().getConsumer().consumerKey); + assertEquals("hmacsecret", info.getConsumer().getConsumer().consumerSecret); + assertNull(info.getAccessor().requestToken); + assertNull(info.getAccessor().accessToken); + assertNull(info.getAccessor().tokenSecret); } - @Override - protected void setUp() throws Exception { - super.setUp(); - control = EasyMock.createStrictControl(); - mockStoreImpl = control.createMock(BasicOAuthStore.class); - mockSpecFactory = control.createMock(GadgetSpecFactory.class); - - store = new GadgetOAuthTokenStore(mockStoreImpl, mockSpecFactory); - spec = new GadgetSpec(new URI("http://foo.bar.com/gadget.xml";), GADGET_SPEC); + @Test + public void testGetOAuthAccessor_signedFetch_badServiceName() throws Exception { + BasicOAuthStoreConsumerIndex index = new BasicOAuthStoreConsumerIndex(); + index.setGadgetUri(GADGET_URL); + index.setServiceName("otherservice"); + BasicOAuthStoreConsumerKeyAndSecret cks = + new BasicOAuthStoreConsumerKeyAndSecret("hmac", "hmacsecret", KeyType.HMAC_SYMMETRIC, null); + backingStore.setConsumerKeyAndSecret(index, cks); + OAuthArguments arguments = new OAuthArguments(); + arguments.setUseToken(UseToken.NEVER); + arguments.setServiceName("hmac"); + AccessorInfo info = store.getOAuthAccessor(socialToken, arguments, clientState); + assertEquals("keyname", info.getConsumer().getKeyName()); + assertEquals("key", info.getConsumer().getConsumer().consumerKey); } - - public void testStoreConsumerKeyAndSecret() throws Exception { - URI gadgetUrl = new URI("http://foo.bar.com/gadget.xml";); - String serviceName = "testservice"; - - OAuthStore.ProviderKey providerKey = new OAuthStore.ProviderKey(); - providerKey.setGadgetUri(gadgetUrl.toString()); - providerKey.setServiceName(serviceName); - - OAuthStore.ConsumerKeyAndSecret kas = new OAuthStore.ConsumerKeyAndSecret( - "key", "secret", OAuthStore.KeyType.HMAC_SYMMETRIC); - - mockStoreImpl.setOAuthConsumerKeyAndSecret(eq(providerKey), same(kas)); - expectLastCall().once(); - - control.replay(); - - store.storeConsumerKeyAndSecret(gadgetUrl, serviceName, kas); - - control.verify(); + + @Test + public void testGetOAuthAccessor_signedFetch_defaultHmac() throws Exception { + BasicOAuthStoreConsumerIndex index = new BasicOAuthStoreConsumerIndex(); + index.setGadgetUri(GADGET_URL); + index.setServiceName(""); + BasicOAuthStoreConsumerKeyAndSecret cks = + new BasicOAuthStoreConsumerKeyAndSecret("hmac", "hmacsecret", KeyType.HMAC_SYMMETRIC, null); + backingStore.setConsumerKeyAndSecret(index, cks); + OAuthArguments arguments = new OAuthArguments(); + arguments.setUseToken(UseToken.NEVER); + AccessorInfo info = store.getOAuthAccessor(socialToken, arguments, clientState); + assertEquals(OAuthParamLocation.URI_QUERY, info.getParamLocation()); + assertEquals(null, info.getConsumer().getKeyName()); + assertEquals("hmac", info.getConsumer().getConsumer().consumerKey); + assertEquals("hmacsecret", info.getConsumer().getConsumer().consumerSecret); + assertNull(info.getAccessor().requestToken); + assertNull(info.getAccessor().accessToken); + assertNull(info.getAccessor().tokenSecret); } - - public void testStoreTokenKeyAndSecret() throws Exception { - - final String url = "http://foo.bar.com/gadget.xml";; - final int moduleId = 42957; - final String userId = "testuser"; - final String serviceName = "testservice"; - final String tokenName = "testtoken"; - - OAuthStore.TokenInfo tokenInfo = new OAuthStore.TokenInfo("", ""); - - OAuthStore.TokenKey tokenKey = new OAuthStore.TokenKey(); - tokenKey.setGadgetUri(url); - tokenKey.setModuleId(moduleId); - tokenKey.setServiceName(serviceName); - tokenKey.setTokenName(tokenName); - tokenKey.setUserId(userId); - - mockStoreImpl.setTokenAndSecret(eq(tokenKey), same(tokenInfo)); - expectLastCall().once(); - - control.replay(); - - store.storeTokenKeyAndSecret(tokenKey, tokenInfo); - - control.verify(); + + @Test + public void testGetOAuthAccessor_socialOAuth_socialPage() throws Exception { + BasicOAuthStoreConsumerIndex index = new BasicOAuthStoreConsumerIndex(); + index.setGadgetUri(GADGET_URL); + index.setServiceName("testservice"); + BasicOAuthStoreConsumerKeyAndSecret cks = + new BasicOAuthStoreConsumerKeyAndSecret("hmac", "hmacsecret", KeyType.HMAC_SYMMETRIC, null); + backingStore.setConsumerKeyAndSecret(index, cks); + OAuthArguments arguments = new OAuthArguments(); + arguments.setServiceName("testservice"); + arguments.setUseToken(UseToken.IF_AVAILABLE); + AccessorInfo info = store.getOAuthAccessor(socialToken, arguments, clientState); + assertEquals(OAuthParamLocation.URI_QUERY, info.getParamLocation()); + assertEquals(null, info.getConsumer().getKeyName()); + assertEquals("hmac", info.getConsumer().getConsumer().consumerKey); + assertEquals("hmacsecret", info.getConsumer().getConsumer().consumerSecret); + assertNull(info.getAccessor().requestToken); + assertNull(info.getAccessor().accessToken); + assertNull(info.getAccessor().tokenSecret); } - - public void testGetOAuthAccessor() throws Exception { - - final String url = "http://foo.bar.com/gadget.xml";; - final int moduleId = 42957; - final String userId = "testuser"; - final String serviceName = "testservice"; - final String tokenName = "testtoken"; - final boolean ignoreCache = false; - - OAuthStore.TokenKey tokenKey = new OAuthStore.TokenKey(); - tokenKey.setGadgetUri(url); - tokenKey.setModuleId(moduleId); - tokenKey.setServiceName(serviceName); - tokenKey.setTokenName(tokenName); - tokenKey.setUserId(userId); - - OAuthStore.ProviderInfo info = - GadgetOAuthTokenStore.getProviderInfo(spec, serviceName); - - OAuthStore.AccessorInfo accessorInfo = new OAuthStore.AccessorInfo(); - - expect(mockSpecFactory.getGadgetSpec(eq(new URI(url)), eq(ignoreCache))) - .andReturn(spec); - expect(mockStoreImpl.getOAuthAccessor(eq(tokenKey), eqProvInfo(info))) - .andReturn(accessorInfo); - - control.replay(); - - OAuthStore.AccessorInfo compare = - store.getOAuthAccessor(tokenKey, ignoreCache); - - control.verify(); - - assertSame(accessorInfo, compare); + + @Test + public void testGetOAuthAccessor_socialOAuth_privatePage() throws Exception { + BasicOAuthStoreConsumerIndex index = new BasicOAuthStoreConsumerIndex(); + index.setGadgetUri(GADGET_URL); + index.setServiceName("testservice"); + BasicOAuthStoreConsumerKeyAndSecret cks = + new BasicOAuthStoreConsumerKeyAndSecret("hmac", "hmacsecret", KeyType.HMAC_SYMMETRIC, null); + backingStore.setConsumerKeyAndSecret(index, cks); + OAuthArguments arguments = new OAuthArguments(); + arguments.setServiceName("testservice"); + arguments.setUseToken(UseToken.IF_AVAILABLE); + AccessorInfo info = store.getOAuthAccessor(privateToken, arguments, clientState); + assertEquals(OAuthParamLocation.URI_QUERY, info.getParamLocation()); + assertEquals(null, info.getConsumer().getKeyName()); + assertEquals("hmac", info.getConsumer().getConsumer().consumerKey); + assertEquals("hmacsecret", info.getConsumer().getConsumer().consumerSecret); + assertNull(info.getAccessor().requestToken); + assertNull(info.getAccessor().accessToken); + assertNull(info.getAccessor().tokenSecret); } - - public void testGetGadgetOAuthInfo() throws Exception { - String serviceName = "testservice"; - - OAuthStore.ProviderInfo provInfo = - GadgetOAuthTokenStore.getProviderInfo(spec, serviceName); - - assertEquals(FakeOAuthServiceProvider.ACCESS_TOKEN_URL, - provInfo.getProvider().accessTokenURL); - assertEquals(FakeOAuthServiceProvider.REQUEST_TOKEN_URL, - provInfo.getProvider().requestTokenURL); - assertEquals(FakeOAuthServiceProvider.APPROVAL_URL, - provInfo.getProvider().userAuthorizationURL); - assertEquals(OAuthStore.HttpMethod.GET, provInfo.getHttpMethod()); - assertEquals(OAuthStore.SignatureType.HMAC_SHA1, - provInfo.getSignatureType()); - assertEquals(OAuthStore.OAuthParamLocation.URI_QUERY, - provInfo.getParamLocation()); - - // now, let's change the spec a bit - - String newSpecStr = GADGET_SPEC.replaceAll("GET", "POST"); - spec = new GadgetSpec(new URI("http://foo.bar.com/gadget.xml";), newSpecStr); - - provInfo = GadgetOAuthTokenStore.getProviderInfo(spec, serviceName); - assertEquals(OAuthStore.HttpMethod.POST, provInfo.getHttpMethod()); - - // Unknown service error - - try { - provInfo = GadgetOAuthTokenStore.getProviderInfo(spec, "otherservice"); - fail("expected exception, but didn't get it"); - } catch (GadgetException e) { - // this is expected - } - - // what if the gadget doesn't require oauth? - Matcher oauth = Pattern.compile("<OAuth>.*</OAuth>", Pattern.DOTALL) - .matcher(GADGET_SPEC); - newSpecStr = oauth.replaceFirst(""); - spec = new GadgetSpec( - new URI("http://foo.bar.com/gadget.xml";), - newSpecStr); + + @Test + public void testGetOAuthAccessor_socialOAuth_withToken() throws Exception { + BasicOAuthStoreConsumerIndex index = new BasicOAuthStoreConsumerIndex(); + index.setGadgetUri(GADGET_URL); + index.setServiceName("testservice"); + BasicOAuthStoreConsumerKeyAndSecret cks = + new BasicOAuthStoreConsumerKeyAndSecret("hmac", "hmacsecret", KeyType.HMAC_SYMMETRIC, null); + backingStore.setConsumerKeyAndSecret(index, cks); + + backingStore.setTokenInfo(privateToken, null, "testservice", "", + new TokenInfo("token", "secret")); + + // Owner views their own page + OAuthArguments arguments = new OAuthArguments(); + arguments.setServiceName("testservice"); + arguments.setUseToken(UseToken.IF_AVAILABLE); + AccessorInfo info = store.getOAuthAccessor(privateToken, arguments, clientState); + assertEquals(OAuthParamLocation.URI_QUERY, info.getParamLocation()); + assertEquals(null, info.getConsumer().getKeyName()); + assertEquals("hmac", info.getConsumer().getConsumer().consumerKey); + assertEquals("hmacsecret", info.getConsumer().getConsumer().consumerSecret); + assertNull(info.getAccessor().requestToken); + assertEquals("token", info.getAccessor().accessToken); + assertEquals("secret", info.getAccessor().tokenSecret); + + // Friend views page + info = store.getOAuthAccessor(socialToken, arguments, clientState); + assertEquals(OAuthParamLocation.URI_QUERY, info.getParamLocation()); + assertEquals(null, info.getConsumer().getKeyName()); + assertEquals("hmac", info.getConsumer().getConsumer().consumerKey); + assertEquals("hmacsecret", info.getConsumer().getConsumer().consumerSecret); + assertNull(info.getAccessor().requestToken); + assertNull(info.getAccessor().accessToken); + assertNull(info.getAccessor().tokenSecret); + } + + @Test + public void testGetOAuthAccessor_fullOAuth_socialPage() throws Exception { + BasicOAuthStoreConsumerIndex index = new BasicOAuthStoreConsumerIndex(); + index.setGadgetUri(GADGET_URL); + index.setServiceName("testservice"); + BasicOAuthStoreConsumerKeyAndSecret cks = + new BasicOAuthStoreConsumerKeyAndSecret("hmac", "hmacsecret", KeyType.HMAC_SYMMETRIC, null); + backingStore.setConsumerKeyAndSecret(index, cks); + OAuthArguments arguments = new OAuthArguments(); + arguments.setServiceName("testservice"); + arguments.setUseToken(UseToken.ALWAYS); + AccessorInfo info = store.getOAuthAccessor(socialToken, arguments, clientState); + assertEquals(OAuthParamLocation.URI_QUERY, info.getParamLocation()); + assertEquals(null, info.getConsumer().getKeyName()); + assertEquals("hmac", info.getConsumer().getConsumer().consumerKey); + assertEquals("hmacsecret", info.getConsumer().getConsumer().consumerSecret); + assertNull(info.getAccessor().requestToken); + assertNull(info.getAccessor().accessToken); + assertNull(info.getAccessor().tokenSecret); + } + + @Test + public void testGetOAuthAccessor_serviceNotFound() throws Exception { + OAuthArguments arguments = new OAuthArguments(); + arguments.setServiceName("no such service"); + arguments.setUseToken(UseToken.ALWAYS); try { - provInfo = GadgetOAuthTokenStore.getProviderInfo(spec, serviceName); - fail("expected exception, but didn't get it"); + store.getOAuthAccessor(socialToken, arguments, clientState); + fail(); } catch (GadgetException e) { - // this is expected + // good. } } + + @Test + public void testGetOAuthAccessor_oauthParamsInBody() throws Exception { + OAuthArguments arguments = new OAuthArguments(); + arguments.setServiceName("testservice"); + arguments.setUseToken(UseToken.ALWAYS); + privateToken.setAppUrl("http://www.example.com/body.xml";); + AccessorInfo info = store.getOAuthAccessor(privateToken, arguments, clientState); + assertEquals( + FakeOAuthServiceProvider.REQUEST_TOKEN_URL, + info.getConsumer().getConsumer().serviceProvider.requestTokenURL); + assertEquals( + FakeOAuthServiceProvider.APPROVAL_URL, + info.getConsumer().getConsumer().serviceProvider.userAuthorizationURL); + assertEquals( + FakeOAuthServiceProvider.ACCESS_TOKEN_URL, + info.getConsumer().getConsumer().serviceProvider.accessTokenURL); + assertEquals(HttpMethod.POST, info.getHttpMethod()); + assertEquals(OAuthParamLocation.POST_BODY, info.getParamLocation()); + } + + @Test + public void testGetOAuthAccessor_oauthParamsInHeader() throws Exception { + OAuthArguments arguments = new OAuthArguments(); + arguments.setServiceName("testservice"); + arguments.setUseToken(UseToken.ALWAYS); + privateToken.setAppUrl("http://www.example.com/header.xml";); + AccessorInfo info = store.getOAuthAccessor(privateToken, arguments, clientState); + assertEquals( + FakeOAuthServiceProvider.REQUEST_TOKEN_URL, + info.getConsumer().getConsumer().serviceProvider.requestTokenURL); + assertEquals( + FakeOAuthServiceProvider.APPROVAL_URL, + info.getConsumer().getConsumer().serviceProvider.userAuthorizationURL); + assertEquals( + FakeOAuthServiceProvider.ACCESS_TOKEN_URL, + info.getConsumer().getConsumer().serviceProvider.accessTokenURL); + assertEquals(HttpMethod.GET, info.getHttpMethod()); + assertEquals(OAuthParamLocation.AUTH_HEADER, info.getParamLocation()); + } + + @Test + public void testAccessTokenFromServerDatabase() throws Exception { + OAuthArguments arguments = new OAuthArguments(); + arguments.setServiceName("testservice"); + arguments.setUseToken(UseToken.ALWAYS); + store.storeTokenKeyAndSecret(privateToken, null, arguments, new TokenInfo("access", "secret")); + + AccessorInfo info = store.getOAuthAccessor(privateToken, arguments, clientState); + assertNull(info.getAccessor().requestToken); + assertEquals("access", info.getAccessor().accessToken); + assertEquals("secret", info.getAccessor().tokenSecret); + } + + @Test + public void testAccessTokenFromClient() throws Exception { + OAuthArguments arguments = new OAuthArguments(); + arguments.setServiceName("testservice"); + arguments.setUseToken(UseToken.ALWAYS); + store.storeTokenKeyAndSecret(privateToken, null, arguments, new TokenInfo("access", "secret")); + + clientState.setAccessToken("clienttoken"); + clientState.setAccessTokenSecret("clienttokensecret"); + + AccessorInfo info = store.getOAuthAccessor(privateToken, arguments, clientState); + assertNull(info.getAccessor().requestToken); + assertEquals("clienttoken", info.getAccessor().accessToken); + assertEquals("clienttokensecret", info.getAccessor().tokenSecret); + } + + @Test + public void testRequestTokenFromClientState() throws Exception { + OAuthArguments arguments = new OAuthArguments(); + arguments.setServiceName("testservice"); + arguments.setUseToken(UseToken.ALWAYS); + store.storeTokenKeyAndSecret(privateToken, null, arguments, new TokenInfo("access", "secret")); + + clientState.setRequestToken("request"); + clientState.setRequestTokenSecret("requestsecret"); + + AccessorInfo info = store.getOAuthAccessor(privateToken, arguments, clientState); + assertEquals("request", info.getAccessor().requestToken); + assertEquals("requestsecret", info.getAccessor().tokenSecret); + assertNull(info.getAccessor().accessToken); + } + + @Test + public void testRequestTokenFromClient_preferTokenInStorage() throws Exception { + OAuthArguments arguments = new OAuthArguments(); + arguments.setServiceName("testservice"); + arguments.setUseToken(UseToken.ALWAYS); + arguments.setRequestToken("preapproved"); + arguments.setRequestTokenSecret("preapprovedsecret"); + store.storeTokenKeyAndSecret(privateToken, null, arguments, new TokenInfo("access", "secret")); + + AccessorInfo info = store.getOAuthAccessor(privateToken, arguments, clientState); + assertNull(info.getAccessor().requestToken); + assertEquals("access", info.getAccessor().accessToken); + assertEquals("secret", info.getAccessor().tokenSecret); + } + + @Test + public void testRequestTokenFromClient_noTokenInStorage() throws Exception { + OAuthArguments arguments = new OAuthArguments(); + arguments.setServiceName("testservice"); + arguments.setUseToken(UseToken.ALWAYS); + arguments.setRequestToken("preapproved"); + arguments.setRequestTokenSecret("preapprovedsecret"); + + AccessorInfo info = store.getOAuthAccessor(privateToken, arguments, clientState); + assertNull(info.getAccessor().accessToken); + assertEquals("preapproved", info.getAccessor().requestToken); + assertEquals("preapprovedsecret", info.getAccessor().tokenSecret); + } + + @Test + public void testRemoveToken() throws Exception { + OAuthArguments arguments = new OAuthArguments(); + arguments.setServiceName("testservice"); + arguments.setUseToken(UseToken.ALWAYS); + store.storeTokenKeyAndSecret(privateToken, null, arguments, new TokenInfo("access", "secret")); + + AccessorInfo info = store.getOAuthAccessor(privateToken, arguments, clientState); + assertNull(info.getAccessor().requestToken); + assertEquals("access", info.getAccessor().accessToken); + assertEquals("secret", info.getAccessor().tokenSecret); + + store.removeToken(privateToken, null, arguments); + + info = store.getOAuthAccessor(privateToken, arguments, clientState); + assertNull(info.getAccessor().requestToken); + assertNull(info.getAccessor().accessToken); + assertNull(info.getAccessor().tokenSecret); + } }
Added: incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/MakeRequestClient.java URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/MakeRequestClient.java?rev=693675&view=auto ============================================================================== --- incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/MakeRequestClient.java (added) +++ incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/MakeRequestClient.java Tue Sep 9 18:50:41 2008 @@ -0,0 +1,126 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.shindig.gadgets.oauth; + +import org.apache.shindig.auth.SecurityToken; +import org.apache.shindig.common.uri.Uri; +import org.apache.shindig.common.util.CharsetUtil; +import org.apache.shindig.gadgets.http.HttpRequest; +import org.apache.shindig.gadgets.http.HttpResponse; +import org.apache.shindig.gadgets.oauth.OAuthArguments.UseToken; + +/** + * + */ +public class MakeRequestClient { + + private final SecurityToken securityToken; + private final OAuthFetcherConfig fetcherConfig; + private final FakeOAuthServiceProvider serviceProvider; + private final String serviceName; + private OAuthArguments baseArgs; + private String oauthState; + private String approvalUrl; + private boolean ignoreCache; + + public MakeRequestClient(SecurityToken securityToken, OAuthFetcherConfig fetcherConfig, + FakeOAuthServiceProvider serviceProvider, String serviceName) { + this.securityToken = securityToken; + this.fetcherConfig = fetcherConfig; + this.serviceProvider = serviceProvider; + this.serviceName = serviceName; + this.baseArgs = makeNonSocialOAuthArguments(); + this.ignoreCache = false; + } + + public void setBaseArgs(OAuthArguments baseArgs) { + this.baseArgs = baseArgs; + } + + public OAuthArguments getBaseArgs() { + return baseArgs; + } + + public void setIgnoreCache(boolean ignoreCache) { + this.ignoreCache = ignoreCache; + } + + public HttpResponse sendGet(String target) throws Exception { + HttpRequest request = new HttpRequest(Uri.parse(target)); + request.setOAuthArguments(recallState()); + OAuthFetcher dest = new OAuthFetcher(fetcherConfig, serviceProvider, request); + request.setIgnoreCache(ignoreCache); + request.setSecurityToken(securityToken); + HttpResponse response = dest.fetch(request); + saveState(response); + return response; + } + + public HttpResponse sendFormPost(String target, String body) throws Exception { + HttpRequest request = new HttpRequest(Uri.parse(target)); + request.setOAuthArguments(recallState()); + OAuthFetcher dest = new OAuthFetcher(fetcherConfig, serviceProvider, request); + request.setMethod("POST"); + request.setPostBody(CharsetUtil.getUtf8Bytes(body)); + request.setHeader("content-type", "application/x-www-form-urlencoded"); + request.setSecurityToken(securityToken); + HttpResponse response = dest.fetch(request); + saveState(response); + return response; + } + + public OAuthArguments makeNonSocialOAuthArguments() { + OAuthArguments params = new OAuthArguments(); + params.setUseToken(UseToken.ALWAYS); + params.setServiceName(serviceName); + params.setSignOwner(false); + params.setSignViewer(false); + return params; + } + + public OAuthArguments makeSignedFetchArguments() { + OAuthArguments params = new OAuthArguments(); + params.setUseToken(UseToken.NEVER); + params.setSignOwner(true); + params.setSignViewer(true); + return params; + } + + private OAuthArguments recallState() { + OAuthArguments params = new OAuthArguments(baseArgs); + params.setOrigClientState(oauthState); + return params; + } + + private void saveState(HttpResponse response) { + approvalUrl = null; + if (response.getMetadata() != null) { + if (response.getMetadata().containsKey("oauthState")) { + oauthState = response.getMetadata().get("oauthState"); + } + approvalUrl = response.getMetadata().get("oauthApprovalUrl"); + } + } + + public void approveToken(String params) throws Exception { + // This will throw if approvalUrl looks wrong. + serviceProvider.browserVisit(approvalUrl + "&" + params); + } +} Propchange: incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/MakeRequestClient.java ------------------------------------------------------------------------------ svn:eol-style = native Modified: incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/OAuthArgumentsTest.java URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/OAuthArgumentsTest.java?rev=693675&r1=693674&r2=693675&view=diff ============================================================================== --- incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/OAuthArgumentsTest.java (original) +++ incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/OAuthArgumentsTest.java Tue Sep 9 18:50:41 2008 @@ -20,11 +20,18 @@ import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNull; +import static org.junit.Assert.fail; +import org.apache.shindig.common.testing.FakeHttpServletRequest; import org.apache.shindig.common.xml.XmlUtil; +import org.apache.shindig.gadgets.GadgetException; +import org.apache.shindig.gadgets.oauth.OAuthArguments.UseToken; +import org.apache.shindig.gadgets.spec.Auth; import org.apache.shindig.gadgets.spec.Preload; import org.junit.Test; +import javax.servlet.http.HttpServletRequest; + /** * Tests parameter parsing */ @@ -37,6 +44,7 @@ "OAUTH_TOKEN_NAME='token' " + "OAUTH_REQuest_token='requesttoken' " + "oauth_request_token_secret='tokensecret' " + + "OAUTH_USE_TOKEN='never' " + "/>"; Preload preload = new Preload(XmlUtil.parse(xml)); @@ -45,7 +53,150 @@ assertEquals("token", params.getTokenName()); assertEquals("requesttoken", params.getRequestToken()); assertEquals("tokensecret", params.getRequestTokenSecret()); + assertEquals(UseToken.NEVER, params.getUseToken()); assertNull(params.getOrigClientState()); assertFalse(params.getBypassSpecCache()); } + + private FakeHttpServletRequest makeDummyRequest() throws Exception { + FakeHttpServletRequest req = new FakeHttpServletRequest(); + req.setParameter("OAUTH_USE_TOKEN", true, "never"); + req.setParameter("OAUTH_SERVICE_NAME", true, "service"); + req.setParameter("OAUTH_TOKEN_NAME", true, "token"); + req.setParameter("OAUTH_REQUEST_TOKEN", true, "reqtoken"); + req.setParameter("OAUTH_REQUEST_TOKEN_SECRET", true, "secret"); + req.setParameter("oauthState", true, "state"); + req.setParameter("bypassSpecCache", true, "1"); + req.setParameter("signOwner", true, "false"); + req.setParameter("signViewer", true, "false"); + return req; + } + + @Test + public void testInitFromRequest() throws Exception { + HttpServletRequest req = makeDummyRequest(); + + OAuthArguments args = new OAuthArguments(Auth.SIGNED, req); + assertEquals(UseToken.NEVER, args.getUseToken()); + assertEquals("service", args.getServiceName()); + assertEquals("token", args.getTokenName()); + assertEquals("reqtoken", args.getRequestToken()); + assertEquals("secret", args.getRequestTokenSecret()); + assertEquals("state", args.getOrigClientState()); + assertEquals(true, args.getBypassSpecCache()); + assertEquals(false, args.getSignOwner()); + assertEquals(false, args.getSignViewer()); + } + + @Test + public void testInitFromRequest_defaults() throws Exception { + HttpServletRequest req = new FakeHttpServletRequest(); + OAuthArguments args = new OAuthArguments(Auth.SIGNED, req); + assertEquals(UseToken.NEVER, args.getUseToken()); + assertEquals("", args.getServiceName()); + assertEquals("", args.getTokenName()); + assertEquals(null, args.getRequestToken()); + assertEquals(null, args.getRequestTokenSecret()); + assertEquals(null, args.getOrigClientState()); + assertEquals(false, args.getBypassSpecCache()); + assertEquals(true, args.getSignOwner()); + assertEquals(true, args.getSignViewer()); + } + + @Test + public void testInitFromRequest_oauthDefaults() throws Exception { + FakeHttpServletRequest req = new FakeHttpServletRequest(); + OAuthArguments args = new OAuthArguments(Auth.OAUTH, req); + assertEquals(UseToken.ALWAYS, args.getUseToken()); + } + + @Test + public void testNoArgConstructorDefaults() throws Exception { + OAuthArguments args = new OAuthArguments(); + assertEquals(UseToken.ALWAYS, args.getUseToken()); + assertEquals("", args.getServiceName()); + assertEquals("", args.getTokenName()); + assertEquals(null, args.getRequestToken()); + assertEquals(null, args.getRequestTokenSecret()); + assertEquals(null, args.getOrigClientState()); + assertEquals(false, args.getBypassSpecCache()); + assertEquals(false, args.getSignOwner()); + assertEquals(false, args.getSignViewer()); + } + + @Test + public void testGetAndSet() throws Exception { + OAuthArguments args = new OAuthArguments(); + args.setBypassSpecCache(true); + assertEquals(true, args.getBypassSpecCache()); + + args.setOrigClientState("thestate"); + assertEquals("thestate", args.getOrigClientState()); + + args.setRequestToken("rt"); + assertEquals("rt", args.getRequestToken()); + + args.setRequestTokenSecret("rts"); + assertEquals("rts", args.getRequestTokenSecret()); + + args.setServiceName("s"); + assertEquals("s", args.getServiceName()); + + args.setSignOwner(true); + assertEquals(true, args.getSignOwner()); + + args.setSignViewer(true); + assertEquals(true, args.getSignViewer()); + + args.setUseToken(UseToken.IF_AVAILABLE); + assertEquals(UseToken.IF_AVAILABLE, args.getUseToken()); + } + + @Test + public void testCopyConstructor() throws Exception { + HttpServletRequest req = makeDummyRequest(); + OAuthArguments args = new OAuthArguments(Auth.OAUTH, req); + args = new OAuthArguments(args); + assertEquals(UseToken.NEVER, args.getUseToken()); + assertEquals("service", args.getServiceName()); + assertEquals("token", args.getTokenName()); + assertEquals("reqtoken", args.getRequestToken()); + assertEquals("secret", args.getRequestTokenSecret()); + assertEquals("state", args.getOrigClientState()); + assertEquals(true, args.getBypassSpecCache()); + assertEquals(false, args.getSignOwner()); + assertEquals(false, args.getSignViewer()); + } + + @Test + public void testParseUseToken() throws Exception { + FakeHttpServletRequest req = new FakeHttpServletRequest(); + req.setParameter("OAUTH_USE_TOKEN", "ALWAYS"); + OAuthArguments args = new OAuthArguments(Auth.SIGNED, req); + assertEquals(UseToken.ALWAYS, args.getUseToken()); + + req.setParameter("OAUTH_USE_TOKEN", "if_available"); + args = new OAuthArguments(Auth.SIGNED, req); + assertEquals(UseToken.IF_AVAILABLE, args.getUseToken()); + + req.setParameter("OAUTH_USE_TOKEN", "never"); + args = new OAuthArguments(Auth.SIGNED, req); + assertEquals(UseToken.NEVER, args.getUseToken()); + + req.setParameter("OAUTH_USE_TOKEN", ""); + args = new OAuthArguments(Auth.SIGNED, req); + assertEquals(UseToken.NEVER, args.getUseToken()); + + req.setParameter("OAUTH_USE_TOKEN", ""); + args = new OAuthArguments(Auth.OAUTH, req); + assertEquals(UseToken.ALWAYS, args.getUseToken()); + + try { + req.setParameter("OAUTH_USE_TOKEN", "stuff"); + new OAuthArguments(Auth.OAUTH, req); + fail("Should have thrown"); + } catch (GadgetException e) { + // good. + } + } }
