|
22
|
1 |
#encoding:UTF-8 |
|
|
2 |
|
|
|
3 |
""" Run these tests with 'python manage.py test text' """ |
|
|
4 |
|
|
|
5 |
from django.conf import settings, settings |
|
|
6 |
from django.contrib.auth.models import * |
|
|
7 |
from django.db import transaction |
|
|
8 |
from django.test import TestCase |
|
|
9 |
from django.test.client import Client |
|
|
10 |
from ldt.test.testcases import OAuthTestCase |
|
|
11 |
from ldt.text import VERSION_STR |
|
|
12 |
from ldt.text.models import Annotation |
|
|
13 |
from ldt.text.views import * |
|
|
14 |
from oauth2 import Request, SignatureMethod_HMAC_SHA1, SignatureMethod_PLAINTEXT, \ |
|
|
15 |
generate_nonce |
|
|
16 |
from oauth_provider.consts import OUT_OF_BAND |
|
|
17 |
from oauth_provider.models import Resource, Consumer, Token, Nonce |
|
|
18 |
import logging |
|
|
19 |
import time |
|
|
20 |
import urlparse |
|
|
21 |
|
|
|
22 |
class OAuthTestDelete(TestCase): |
|
|
23 |
def setUp(self): |
|
|
24 |
#create a user |
|
|
25 |
self.jane = User.objects.create_user('jane', 'jane@example.com', 'toto') |
|
|
26 |
|
|
|
27 |
resource = Resource(name='all', url='/api/'+VERSION_STR+'/text/delete/') |
|
|
28 |
resource.save() |
|
|
29 |
|
|
|
30 |
resource = Resource(name='delete', url='/api/'+VERSION_STR+'/text/delete/') |
|
|
31 |
resource.save() |
|
|
32 |
|
|
|
33 |
self.CONSUMER_KEY = 'dpf43f3p2l4k3l03' |
|
|
34 |
self.CONSUMER_SECRET = 'kd94hf93k423kf44' |
|
|
35 |
self.consumer = Consumer(key=self.CONSUMER_KEY, secret=self.CONSUMER_SECRET, name='printer.example.com', user=self.jane) |
|
|
36 |
self.consumer.save() |
|
|
37 |
|
|
|
38 |
self.nonce = generate_nonce(8) |
|
|
39 |
|
|
|
40 |
#auth parameters |
|
|
41 |
self.parameters = { |
|
|
42 |
'oauth_consumer_key': self.CONSUMER_KEY, |
|
|
43 |
'oauth_signature_method': 'PLAINTEXT', |
|
|
44 |
'oauth_signature': '%s&' % self.CONSUMER_SECRET, |
|
|
45 |
'oauth_timestamp': str(int(time.time())), |
|
|
46 |
'oauth_nonce': self.nonce, |
|
|
47 |
'oauth_version': '1.0', |
|
|
48 |
'oauth_callback': OUT_OF_BAND, |
|
|
49 |
'scope':'delete' |
|
|
50 |
} |
|
|
51 |
|
|
|
52 |
self.annotation = Annotation(external_id="d2c1d1fa-629d-4520-a3d2-955b4f2582c0",title="titre de l\'annotation",text="texte selectionne lors de la creation de l\'annotation",color="#AAAAAA", creation_date="2010-09-06T12:33:53.417550", update_date="2010-09-06T12:33:53.420459") |
|
|
53 |
self.annotation.save() |
|
|
54 |
|
|
|
55 |
|
|
|
56 |
def test_auth_access_delete(self): |
|
|
57 |
## REQUEST TOKEN |
|
|
58 |
|
|
|
59 |
response = self.client.get("/oauth/request_token/", self.parameters) |
|
|
60 |
#self.assertEqual(response.content," ") |
|
|
61 |
self.assertEqual(response.status_code,200) |
|
|
62 |
token = list(Token.objects.all())[-1] |
|
|
63 |
logging.debug(response.content) |
|
|
64 |
data = urlparse.parse_qs(response.content) |
|
|
65 |
self.assertEqual(token.key, data["oauth_token"][0]) |
|
|
66 |
self.assertEqual(token.secret, data['oauth_token_secret'][0]) |
|
|
67 |
self.assertTrue(data['oauth_callback_confirmed'][0]) |
|
|
68 |
self.assertEqual(token.callback, None), |
|
|
69 |
|
|
|
70 |
# token.callback = OUT_OF_BAND |
|
|
71 |
# token.save() |
|
|
72 |
# |
|
|
73 |
## USER AUTHORIZATION |
|
|
74 |
|
|
|
75 |
parameters = { |
|
|
76 |
'oauth_token': token.key, |
|
|
77 |
} |
|
|
78 |
|
|
|
79 |
response = self.client.get("/oauth/authorize/", parameters) |
|
|
80 |
self.assertEqual(response.status_code,302) |
|
|
81 |
self.assertTrue(token.key in response['Location']) |
|
|
82 |
logging.debug(repr(response['location'])) |
|
|
83 |
|
|
|
84 |
self.client.login(username='jane', password='toto') |
|
|
85 |
|
|
|
86 |
response = self.client.get("/oauth/authorize/", parameters) |
|
|
87 |
self.assertEqual(response.status_code,200) |
|
|
88 |
self.assertEqual(response.content,'Fake authorize view for printer.example.com.') |
|
|
89 |
|
|
|
90 |
# parameters['authorize_access'] = 0 |
|
|
91 |
# response = self.c.post("/oauth/authorize/", parameters) |
|
|
92 |
# self.assertEqual(response.content, "Fake callback view.") |
|
|
93 |
|
|
|
94 |
# fake authorization by the user |
|
|
95 |
parameters['authorize_access'] = 1 |
|
|
96 |
response = self.client.post("/oauth/authorize/", parameters) |
|
|
97 |
self.assertEqual(response.status_code,200) |
|
|
98 |
token = list(Token.objects.all())[-1] |
|
|
99 |
#self.assertTrue(token.key in response['Location']) |
|
|
100 |
self.assertTrue(token.is_approved) |
|
|
101 |
|
|
|
102 |
## ACCESS TOKEN |
|
|
103 |
|
|
|
104 |
parameters = { |
|
|
105 |
'oauth_consumer_key': self.CONSUMER_KEY, |
|
|
106 |
'oauth_token': token.key, |
|
|
107 |
'oauth_signature_method': 'PLAINTEXT', |
|
|
108 |
'oauth_signature': '%s&%s' % (self.CONSUMER_SECRET, token.secret), |
|
|
109 |
'oauth_timestamp': str(int(time.time())), |
|
|
110 |
'oauth_nonce': self.nonce, |
|
|
111 |
'oauth_version': '1.0', |
|
|
112 |
'oauth_verifier': token.verifier, |
|
|
113 |
} |
|
|
114 |
response = self.client.get("/oauth/access_token/", parameters) |
|
|
115 |
|
|
|
116 |
access_token = list(Token.objects.filter(token_type=Token.ACCESS))[-1] |
|
|
117 |
self.assertTrue(access_token.key in response.content) |
|
|
118 |
self.assertTrue(access_token.secret in response.content) |
|
|
119 |
self.assertEqual(access_token.user.username, u'jane') |
|
|
120 |
|
|
|
121 |
## ACCESSING PROTECTED VIEW |
|
|
122 |
|
|
|
123 |
parameters = { |
|
|
124 |
'oauth_consumer_key': self.CONSUMER_KEY, |
|
|
125 |
'oauth_token': access_token.key, |
|
|
126 |
'oauth_signature_method': 'HMAC-SHA1', |
|
|
127 |
'oauth_timestamp': str(int(time.time())), |
|
|
128 |
'oauth_nonce': self.nonce, |
|
|
129 |
'oauth_version': '1.0', |
|
|
130 |
'id':'d2c1d1fa-629d-4520-a3d2-955b4f2582c0' |
|
|
131 |
} |
|
|
132 |
|
|
|
133 |
oauth_request = Request.from_token_and_callback(access_token, http_url='http://testserver/api/'+VERSION_STR+'/text/delete/', parameters=parameters, http_method="POST") |
|
|
134 |
signature_method = SignatureMethod_HMAC_SHA1() |
|
|
135 |
signature = signature_method.sign(oauth_request, self.consumer, access_token) |
|
|
136 |
|
|
|
137 |
parameters['oauth_signature'] = signature |
|
|
138 |
#self.assertEqual(signature, " ") |
|
|
139 |
response = self.client.post("/api/"+VERSION_STR+"/text/delete/", parameters) |
|
|
140 |
self.assertEqual(response.content, "") |
|
|
141 |
self.assertEqual(response.status_code,200) |
|
|
142 |
|
|
|
143 |
self.client.logout() |
|
|
144 |
access_token.delete() |
|
|
145 |
|
|
|
146 |
|
|
|
147 |
class OAuthTestDeleteClient(OAuthTestCase): |
|
|
148 |
def setUp(self): |
|
|
149 |
#create a user |
|
|
150 |
self.jane = User.objects.create_user('jane', 'jane@example.com', 'toto') |
|
|
151 |
|
|
|
152 |
resource = Resource(name='all', url='/api/'+VERSION_STR+'/text/delete/') |
|
|
153 |
resource.save() |
|
|
154 |
|
|
|
155 |
resource = Resource(name='delete', url='/api/'+VERSION_STR+'/text/delete/') |
|
|
156 |
resource.save() |
|
|
157 |
|
|
|
158 |
self.CONSUMER_KEY = 'dpf43f3p2l4k3l03' |
|
|
159 |
self.CONSUMER_SECRET = 'kd94hf93k423kf44' |
|
|
160 |
|
|
|
161 |
self.set_consumer(self.CONSUMER_KEY, self.CONSUMER_SECRET) |
|
|
162 |
|
|
|
163 |
self.consumer = Consumer(key=self.CONSUMER_KEY, secret=self.CONSUMER_SECRET, name='printer.example.com', user=self.jane) |
|
|
164 |
self.consumer.save() |
|
|
165 |
|
|
|
166 |
self.annotation = Annotation(external_id="d2c1d1fa-629d-4520-a3d2-955b4f2582c0",title="titre de l\'annotation",text="texte selectionne lors de la creation de l\'annotation",color="#AAAAAA", creation_date="2010-09-06T12:33:53.417550", update_date="2010-09-06T12:33:53.420459") |
|
|
167 |
self.annotation.save() |
|
|
168 |
|
|
|
169 |
|
|
|
170 |
def test_auth_access_delete(self): |
|
|
171 |
|
|
|
172 |
res = self.client.login(username='jane', password='toto') |
|
|
173 |
self.assertTrue(res) |
|
|
174 |
|
|
|
175 |
parameters = { 'id' : 'd2c1d1fa-629d-4520-a3d2-955b4f2582c0' } |
|
|
176 |
response = self.client.post(path="/api/"+VERSION_STR+"/text/delete/", data=parameters) |
|
|
177 |
self.assertEqual(response.content, "") |
|
|
178 |
self.assertEqual(response.status_code,200) |