15 from django.contrib.auth.models import * |
15 from django.contrib.auth.models import * |
16 from django.conf import settings |
16 from django.conf import settings |
17 from django.test.client import Client |
17 from django.test.client import Client |
18 from ldt.text import VERSION_STR |
18 from ldt.text import VERSION_STR |
19 from django.db import transaction |
19 from django.db import transaction |
|
20 from django.contrib.auth.models import User |
|
21 from oauth_provider.models import Resource, Consumer |
|
22 import time |
|
23 from oauth_provider.models import Token |
|
24 from oauth.oauth import OAuthRequest, OAuthSignatureMethod_HMAC_SHA1 |
|
25 from django.contrib.auth.models import User |
|
26 from oauth_provider.models import Resource, Consumer, Token, Nonce |
|
27 import time |
|
28 from oauth_provider.consts import OUT_OF_BAND |
|
29 from oauth.oauth import OAuthRequest, OAuthSignatureMethod_PLAINTEXT, generate_nonce |
20 |
30 |
21 |
31 |
22 # This test creates an annotation and checks that: |
32 # This test creates an annotation and checks that: |
23 # 1. the annotation was created in the database (by trying to access it through a 'get') |
33 # 1. the annotation was created in the database (by trying to access it through a 'get') |
24 # 2. the returned xml contains correct data |
34 # 2. the returned xml contains correct data |
207 tmp = open('debug.html','r+') |
217 tmp = open('debug.html','r+') |
208 tmp.write(filt2.read()) |
218 tmp.write(filt2.read()) |
209 |
219 |
210 delete = urllib.urlopen("http://127.0.0.1:8000/api/"+VERSION_STR+"/text/delete/", self.id) |
220 delete = urllib.urlopen("http://127.0.0.1:8000/api/"+VERSION_STR+"/text/delete/", self.id) |
211 delete = urllib.urlopen("http://127.0.0.1:8000/api/"+VERSION_STR+"/text/delete/", self.id2) |
221 delete = urllib.urlopen("http://127.0.0.1:8000/api/"+VERSION_STR+"/text/delete/", self.id2) |
212 |
222 |
213 |
223 |
|
224 class OauthTestDelete(unittest.TestCase): |
|
225 def setUp(self): |
|
226 #create a user |
|
227 self.jane = User.objects.create_user('jane', 'jane@example.com', 'toto') |
|
228 |
|
229 resource = Resource(name='delete', url='/api/1.0/text/delete/') |
|
230 resource.save() |
|
231 |
|
232 self.CONSUMER_KEY = 'dpf43f3p2l4k3l03' |
|
233 self.CONSUMER_SECRET = 'kd94hf93k423kf44' |
|
234 self.consumer = Consumer(key=self.CONSUMER_KEY, secret=self.CONSUMER_SECRET, name='printer.example.com', user=self.jane) |
|
235 self.consumer.save() |
|
236 |
|
237 self.nonce = generate_nonce(8) |
|
238 |
|
239 #auth parameters |
|
240 self.parameters = { |
|
241 'oauth_consumer_key': self.CONSUMER_KEY, |
|
242 'oauth_signature_method': 'PLAINTEXT', |
|
243 'oauth_signature': '%s&' % self.CONSUMER_SECRET, |
|
244 'oauth_timestamp': str(int(time.time())), |
|
245 'oauth_nonce': self.nonce, |
|
246 'oauth_version': '1.0', |
|
247 'oauth_callback': 'http://printer.example.com/request_token_ready', |
|
248 'scope':'delete' |
|
249 } |
|
250 |
|
251 #test client |
|
252 self.c = Client() |
|
253 |
|
254 self.annotation = Annotation(external_id="d2c1d1fa-629d-4520-a3d2-955b4f2582c0",title="titre de l\'annotation",text="texte selectionne lors de la creation de l\'annotation",color="#AAAAAA", creation_date="2010-09-06T12:33:53.417550", update_date="2010-09-06T12:33:53.420459") |
|
255 self.annotation.save() |
|
256 |
|
257 def tearDown(self): |
|
258 Token.objects.all().delete() |
|
259 Resource.objects.all().delete() |
|
260 Consumer.objects.all().delete() |
|
261 Nonce.objects.all().delete() |
|
262 User.objects.all().delete() |
|
263 |
|
264 |
|
265 def test_auth_access_delete(self): |
|
266 ## REQUEST TOKEN |
|
267 |
|
268 response = self.c.get("/oauth/request_token/", self.parameters) |
|
269 #self.assertEqual(response.content," ") |
|
270 self.assertEqual(response.status_code,200) |
|
271 token = list(Token.objects.all())[-1] |
|
272 self.assertTrue(token.key in response.content) |
|
273 self.assertTrue(token.secret in response.content) |
|
274 self.assertEqual(token.callback, u'http://printer.example.com/request_token_ready'), |
|
275 self.assertTrue(token.callback_confirmed) |
|
276 |
|
277 # token.callback = OUT_OF_BAND |
|
278 # token.save() |
|
279 # |
|
280 ## USER AUTHORIZATION |
|
281 |
|
282 parameters = { |
|
283 'oauth_token': token.key, |
|
284 } |
|
285 |
|
286 response = self.c.get("/oauth/authorize/", parameters) |
|
287 self.assertEqual(response.status_code,302) |
|
288 self.assertTrue(token.key in response['Location']) |
|
289 |
|
290 self.c.login(username='jane', password='toto') |
|
291 |
|
292 response = self.c.get("/oauth/authorize/", parameters) |
|
293 self.assertEqual(response.status_code,200) |
|
294 self.assertEqual(response.content,'Fake authorize view for printer.example.com.') |
|
295 |
|
296 # parameters['authorize_access'] = 0 |
|
297 # response = self.c.post("/oauth/authorize/", parameters) |
|
298 # self.assertEqual(response.content, "Fake callback view.") |
|
299 |
|
300 # fake authorization by the user |
|
301 parameters['authorize_access'] = 1 |
|
302 response = self.c.post("/oauth/authorize/", parameters) |
|
303 self.assertEqual(response.status_code,302) |
|
304 token = list(Token.objects.all())[-1] |
|
305 self.assertTrue(token.key in response['Location']) |
|
306 self.assertTrue(token.is_approved) |
|
307 |
|
308 ## ACCESS TOKEN |
|
309 |
|
310 parameters = { |
|
311 'oauth_consumer_key': self.CONSUMER_KEY, |
|
312 'oauth_token': token.key, |
|
313 'oauth_signature_method': 'PLAINTEXT', |
|
314 'oauth_signature': '%s&%s' % (self.CONSUMER_SECRET, token.secret), |
|
315 'oauth_timestamp': str(int(time.time())), |
|
316 'oauth_nonce': self.nonce, |
|
317 'oauth_version': '1.0', |
|
318 'oauth_verifier': token.verifier, |
|
319 } |
|
320 response = self.c.get("/oauth/access_token/", parameters) |
|
321 |
|
322 access_token = list(Token.objects.filter(token_type=Token.ACCESS))[-1] |
|
323 self.assertTrue(access_token.key in response.content) |
|
324 self.assertTrue(access_token.secret in response.content) |
|
325 self.assertEqual(access_token.user.username, u'jane') |
|
326 |
|
327 ## ACCESSING PROTECTED VIEW |
|
328 |
|
329 parameters = { |
|
330 'oauth_consumer_key': self.CONSUMER_KEY, |
|
331 'oauth_token': access_token.key, |
|
332 'oauth_signature_method': 'HMAC-SHA1', |
|
333 'oauth_timestamp': str(int(time.time())), |
|
334 'oauth_nonce': self.nonce, |
|
335 'oauth_version': '1.0', |
|
336 } |
|
337 |
|
338 oauth_request = OAuthRequest.from_token_and_callback(access_token, http_url='/api/1.0/text/delete/', parameters=parameters) |
|
339 signature_method = OAuthSignatureMethod_HMAC_SHA1() |
|
340 signature = signature_method.build_signature(oauth_request, self.consumer, access_token) |
|
341 |
|
342 parameters['oauth_signature'] = signature |
|
343 #self.assertEqual(signature, " ") |
|
344 parameters['id'] = 'd2c1d1fa-629d-4520-a3d2-955b4f2582c0' |
|
345 response = self.c.post("/api/1.0/text/delete/", parameters) |
|
346 self.assertEqual(response.content, " ") |
|
347 self.assertEqual(response.status_code,200) |
|
348 |
|
349 self.c.logout() |
|
350 access_token.delete() |
|
351 #/api/1.0/text/delete/ |
|
352 #/api/1.0/text/update/ |
|
353 #/api/1.0/text/create/ |