Author: beaton
Date: Fri Jan 9 18:49:44 2009
New Revision: 733226
URL: http://svn.apache.org/viewvc?rev=733226&view=rev
Log:
Allow for trusted (oauth_, xoauth_, opensocial_) parameters from the gadget
server even if they don't fit into the security token.
Modified:
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthRequest.java
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/testing/FakeOAuthServiceProvider.java
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/testing/MakeRequestClient.java
incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/OAuthRequestTest.java
Modified:
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthRequest.java
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthRequest.java?rev=733226&r1=733225&r2=733226&view=diff
==============================================================================
---
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthRequest.java
(original)
+++
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthRequest.java
Fri Jan 9 18:49:44 2009
@@ -103,6 +103,11 @@
private final HttpFetcher fetcher;
/**
+ * Additional trusted parameters to be included in the OAuth request.
+ */
+ private final List<Parameter> trustedParams;
+
+ /**
* State information from client
*/
protected OAuthClientState clientState;
@@ -134,8 +139,20 @@
* @param fetcher fetcher to use for actually making requests
*/
public OAuthRequest(OAuthFetcherConfig fetcherConfig, HttpFetcher fetcher) {
+ this(fetcherConfig, fetcher, null);
+ }
+
+ /**
+ * @param fetcherConfig configuration options for the fetcher
+ * @param fetcher fetcher to use for actually making requests
+ * @param trustedParams additional parameters to include in all outgoing
OAuth requests, useful
+ * for client data that can't be pulled from the security token but is
still trustworthy.
+ */
+ public OAuthRequest(OAuthFetcherConfig fetcherConfig, HttpFetcher fetcher,
+ List<Parameter> trustedParams) {
this.fetcherConfig = fetcherConfig;
this.fetcher = fetcher;
+ this.trustedParams = trustedParams;
}
/**
@@ -375,6 +392,10 @@
if (appUrl != null) {
params.add(new Parameter(OPENSOCIAL_APPURL, appUrl));
}
+
+ if (trustedParams != null) {
+ params.addAll(trustedParams);
+ }
}
/**
Modified:
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/testing/FakeOAuthServiceProvider.java
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/testing/FakeOAuthServiceProvider.java?rev=733226&r1=733225&r2=733226&view=diff
==============================================================================
---
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/testing/FakeOAuthServiceProvider.java
(original)
+++
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/testing/FakeOAuthServiceProvider.java
Fri Jan 9 18:49:44 2009
@@ -190,6 +190,10 @@
private RuntimeException runtimeException;
+ private boolean checkTrustedParams;
+
+ private int trustedParamCount;
+
public FakeOAuthServiceProvider(TimeSource clock) {
this.clock = clock;
OAuthServiceProvider provider = new OAuthServiceProvider(
@@ -401,6 +405,21 @@
// Return the lot
info.message = new OAuthMessage(method, parsed.getLocation(), params);
+
+ // Check for trusted parameters
+ if (checkTrustedParams) {
+ if (!"foo".equals(OAuthUtil.getParameter(info.message, "oauth_magic"))) {
+ throw new RuntimeException("no oauth_trusted=foo parameter");
+ }
+ if (!"bar".equals(OAuthUtil.getParameter(info.message,
"opensocial_magic"))) {
+ throw new RuntimeException("no opensocial_trusted=foo parameter");
+ }
+ if (!"quux".equals(OAuthUtil.getParameter(info.message,
"xoauth_magic"))) {
+ throw new RuntimeException("no xoauth_magic=quux parameter");
+ }
+ trustedParamCount += 3;
+ }
+
return info;
}
@@ -717,4 +736,12 @@
public void setThrow(RuntimeException runtimeException) {
this.runtimeException = runtimeException;
}
+
+ public void setCheckTrustedParams(boolean checkTrustedParams) {
+ this.checkTrustedParams = checkTrustedParams;
+ }
+
+ public int getTrustedParamCount() {
+ return trustedParamCount;
+ }
}
Modified:
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/testing/MakeRequestClient.java
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/testing/MakeRequestClient.java?rev=733226&r1=733225&r2=733226&view=diff
==============================================================================
---
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/testing/MakeRequestClient.java
(original)
+++
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/testing/MakeRequestClient.java
Fri Jan 9 18:49:44 2009
@@ -19,6 +19,9 @@
package org.apache.shindig.gadgets.oauth.testing;
+import com.google.common.collect.Lists;
+import com.google.common.collect.Maps;
+
import org.apache.shindig.auth.SecurityToken;
import org.apache.shindig.common.uri.Uri;
import org.apache.shindig.common.util.CharsetUtil;
@@ -29,6 +32,12 @@
import org.apache.shindig.gadgets.oauth.OAuthRequest;
import org.apache.shindig.gadgets.oauth.OAuthArguments.UseToken;
+import net.oauth.OAuth.Parameter;
+
+import java.util.List;
+import java.util.Map;
+import java.util.Map.Entry;
+
/**
* Test utility to emulate the requests sent via gadgets.io.makeRequest. The
simulation starts
* at what arrives at OAuthRequest. Code above OAuthRequest
(MakeRequestHandler, preloads) are not
@@ -44,6 +53,7 @@
private String oauthState;
private String approvalUrl;
private boolean ignoreCache;
+ private Map<String, String> trustedParams = Maps.newHashMap();
/**
* Create a make request client with the given security token, sending
requests through an
@@ -78,6 +88,21 @@
public void setIgnoreCache(boolean ignoreCache) {
this.ignoreCache = ignoreCache;
}
+
+ public void setTrustedParam(String name, String value) {
+ trustedParams.put(name, value);
+ }
+
+ private OAuthRequest createRequest() {
+ if (trustedParams != null) {
+ List<Parameter> trusted = Lists.newArrayList();
+ for (Entry<String, String> e : trustedParams.entrySet()) {
+ trusted.add(new Parameter(e.getKey(), e.getValue()));
+ }
+ return new OAuthRequest(fetcherConfig, serviceProvider, trusted);
+ }
+ return new OAuthRequest(fetcherConfig, serviceProvider);
+ }
/**
* Send an OAuth GET request to the given URL.
@@ -85,7 +110,7 @@
public HttpResponse sendGet(String target) throws Exception {
HttpRequest request = new HttpRequest(Uri.parse(target));
request.setOAuthArguments(recallState());
- OAuthRequest dest = new OAuthRequest(fetcherConfig, serviceProvider);
+ OAuthRequest dest = createRequest();
request.setIgnoreCache(ignoreCache);
request.setSecurityToken(securityToken);
HttpResponse response = dest.fetch(request);
@@ -99,7 +124,7 @@
public HttpResponse sendFormPost(String target, String body) throws
Exception {
HttpRequest request = new HttpRequest(Uri.parse(target));
request.setOAuthArguments(recallState());
- OAuthRequest dest = new OAuthRequest(fetcherConfig, serviceProvider);
+ OAuthRequest dest = createRequest();
request.setMethod("POST");
request.setPostBody(CharsetUtil.getUtf8Bytes(body));
request.setHeader("content-type", "application/x-www-form-urlencoded");
@@ -115,7 +140,7 @@
public HttpResponse sendRawPost(String target, String type, byte[] body)
throws Exception {
HttpRequest request = new HttpRequest(Uri.parse(target));
request.setOAuthArguments(recallState());
- OAuthRequest dest = new OAuthRequest(fetcherConfig, serviceProvider);
+ OAuthRequest dest = createRequest();
request.setMethod("POST");
if (type != null) {
request.setHeader("Content-Type", type);
Modified:
incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/OAuthRequestTest.java
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/OAuthRequestTest.java?rev=733226&r1=733225&r2=733226&view=diff
==============================================================================
---
incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/OAuthRequestTest.java
(original)
+++
incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/OAuthRequestTest.java
Fri Jan 9 18:49:44 2009
@@ -1325,6 +1325,23 @@
checkLogContains("RuntimeException");
checkLogContains("very, very wrong");
}
+
+ @Test
+ public void testTrustedParams() throws Exception {
+ serviceProvider.setCheckTrustedParams(true);
+ MakeRequestClient client = makeNonSocialClient("owner", "owner",
GADGET_URL);
+ client.setTrustedParam("oauth_magic", "foo");
+ client.setTrustedParam("opensocial_magic", "bar");
+ client.setTrustedParam("xoauth_magic", "quux");
+
+ HttpResponse response =
client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL);
+ assertEquals("", response.getResponseAsString());
+ client.approveToken("user_data=hello-oauth");
+
+ response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL);
+ assertEquals("User data is hello-oauth", response.getResponseAsString());
+ assertEquals(9, serviceProvider.getTrustedParamCount());
+ }
// Checks whether the given parameter list contains the specified
// key/value pair
