Author: beaton
Date: Tue Jun 16 20:50:03 2009
New Revision: 785388
URL: http://svn.apache.org/viewvc?rev=785388&view=rev
Log:
Don't throw out OAuth tokens on HTTP 400 errors.
Modified:
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthRequest.java
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/testing/FakeOAuthServiceProvider.java
incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/OAuthRequestTest.java
Modified:
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthRequest.java
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthRequest.java?rev=785388&r1=785387&r2=785388&view=diff
==============================================================================
---
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthRequest.java
(original)
+++
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthRequest.java
Tue Jun 16 20:50:03 2009
@@ -854,9 +854,9 @@
* and/or access tokens.
*/
private boolean isFullOAuthError(HttpResponse response) {
- // 400, 401 and 403 are likely to be authentication errors.
- if (response.getHttpStatusCode() != 400 && response.getHttpStatusCode() !=
401 &&
- response.getHttpStatusCode() != 403) {
+ // 401 and 403 are likely to be authentication errors.
+ if (response.getHttpStatusCode() != HttpResponse.SC_UNAUTHORIZED
+ && response.getHttpStatusCode() != HttpResponse.SC_FORBIDDEN) {
return false;
}
// If the client forced us to use full OAuth, this might be OAuth related.
Modified:
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/testing/FakeOAuthServiceProvider.java
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/testing/FakeOAuthServiceProvider.java?rev=785388&r1=785387&r2=785388&view=diff
==============================================================================
---
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/testing/FakeOAuthServiceProvider.java
(original)
+++
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/testing/FakeOAuthServiceProvider.java
Tue Jun 16 20:50:03 2009
@@ -72,6 +72,7 @@
public final static String APPROVAL_URL = SP_HOST + "/authorize";
public final static String RESOURCE_URL = SP_HOST + "/data";
public final static String NOT_FOUND_URL = SP_HOST + "/404";
+ public final static String ERROR_400 = SP_HOST + "/400";
public final static String ECHO_URL = SP_HOST + "/echo";
public final static String CONSUMER_KEY = "consumer";
@@ -280,6 +281,8 @@
return handleResourceUrl(request);
} else if (url.startsWith(NOT_FOUND_URL)) {
return handleNotFoundUrl(request);
+ } else if (url.startsWith(ERROR_400)) {
+ return handleError400Url(request);
} else if (url.startsWith(ECHO_URL)) {
return handleEchoUrl(request);
}
@@ -723,6 +726,13 @@
.create();
}
+ private HttpResponse handleError400Url(HttpRequest request) throws Exception
{
+ return new HttpResponseBuilder()
+ .setHttpStatusCode(HttpResponse.SC_BAD_REQUEST)
+ .setResponseString("bad request")
+ .create();
+ }
+
private HttpResponse handleEchoUrl(HttpRequest request) throws Exception {
String query = request.getUri().getQuery();
if (query.contains("add_oauth_token")) {
Modified:
incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/OAuthRequestTest.java
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/OAuthRequestTest.java?rev=785388&r1=785387&r2=785388&view=diff
==============================================================================
---
incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/OAuthRequestTest.java
(original)
+++
incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/OAuthRequestTest.java
Tue Jun 16 20:50:03 2009
@@ -899,6 +899,26 @@
}
@Test
+ public void testError400() throws Exception {
+ MakeRequestClient client = makeNonSocialClient("owner", "owner",
GADGET_URL);
+
+ HttpResponse response =
client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL);
+ assertEquals("", response.getResponseAsString());
+ client.approveToken("user_data=hello-oauth");
+
+ response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL +
"?cachebust=1");
+ assertEquals("User data is hello-oauth", response.getResponseAsString());
+
+ response = client.sendGet(FakeOAuthServiceProvider.ERROR_400);
+ assertEquals("bad request", response.getResponseAsString());
+ assertEquals(400, response.getHttpStatusCode());
+
+ response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL +
"?cachebust=3");
+ assertEquals("User data is hello-oauth", response.getResponseAsString());
+ }
+
+
+ @Test
public void testConsumerThrottled() throws Exception {
assertEquals(0, serviceProvider.getRequestTokenCount());
assertEquals(0, serviceProvider.getAccessTokenCount());
