|
1 #encoding:UTF-8 |
|
2 |
|
3 """ Run these tests with 'python manage.py test text' """ |
|
4 |
|
5 from django.conf import settings, settings |
|
6 from django.contrib.auth.models import * |
|
7 from django.db import transaction |
|
8 from django.test import TestCase |
|
9 from django.test.client import Client |
|
10 from ldt.test.testcases import OAuthTestCase |
|
11 from ldt.text import VERSION_STR |
|
12 from ldt.text.models import Annotation |
|
13 from ldt.text.views import * |
|
14 from oauth2 import Request, SignatureMethod_HMAC_SHA1, SignatureMethod_PLAINTEXT, \ |
|
15 generate_nonce |
|
16 from oauth_provider.consts import OUT_OF_BAND |
|
17 from oauth_provider.models import Resource, Consumer, Token, Nonce |
|
18 import logging |
|
19 import time |
|
20 import urlparse |
|
21 |
|
22 class OAuthTestDelete(TestCase): |
|
23 def setUp(self): |
|
24 #create a user |
|
25 self.jane = User.objects.create_user('jane', 'jane@example.com', 'toto') |
|
26 |
|
27 resource = Resource(name='all', url='/api/'+VERSION_STR+'/text/delete/') |
|
28 resource.save() |
|
29 |
|
30 resource = Resource(name='delete', url='/api/'+VERSION_STR+'/text/delete/') |
|
31 resource.save() |
|
32 |
|
33 self.CONSUMER_KEY = 'dpf43f3p2l4k3l03' |
|
34 self.CONSUMER_SECRET = 'kd94hf93k423kf44' |
|
35 self.consumer = Consumer(key=self.CONSUMER_KEY, secret=self.CONSUMER_SECRET, name='printer.example.com', user=self.jane) |
|
36 self.consumer.save() |
|
37 |
|
38 self.nonce = generate_nonce(8) |
|
39 |
|
40 #auth parameters |
|
41 self.parameters = { |
|
42 'oauth_consumer_key': self.CONSUMER_KEY, |
|
43 'oauth_signature_method': 'PLAINTEXT', |
|
44 'oauth_signature': '%s&' % self.CONSUMER_SECRET, |
|
45 'oauth_timestamp': str(int(time.time())), |
|
46 'oauth_nonce': self.nonce, |
|
47 'oauth_version': '1.0', |
|
48 'oauth_callback': OUT_OF_BAND, |
|
49 'scope':'delete' |
|
50 } |
|
51 |
|
52 self.annotation = Annotation(external_id="d2c1d1fa-629d-4520-a3d2-955b4f2582c0",title="titre de l\'annotation",text="texte selectionne lors de la creation de l\'annotation",color="#AAAAAA", creation_date="2010-09-06T12:33:53.417550", update_date="2010-09-06T12:33:53.420459") |
|
53 self.annotation.save() |
|
54 |
|
55 |
|
56 def test_auth_access_delete(self): |
|
57 ## REQUEST TOKEN |
|
58 |
|
59 response = self.client.get("/oauth/request_token/", self.parameters) |
|
60 #self.assertEqual(response.content," ") |
|
61 self.assertEqual(response.status_code,200) |
|
62 token = list(Token.objects.all())[-1] |
|
63 logging.debug(response.content) |
|
64 data = urlparse.parse_qs(response.content) |
|
65 self.assertEqual(token.key, data["oauth_token"][0]) |
|
66 self.assertEqual(token.secret, data['oauth_token_secret'][0]) |
|
67 self.assertTrue(data['oauth_callback_confirmed'][0]) |
|
68 self.assertEqual(token.callback, None), |
|
69 |
|
70 # token.callback = OUT_OF_BAND |
|
71 # token.save() |
|
72 # |
|
73 ## USER AUTHORIZATION |
|
74 |
|
75 parameters = { |
|
76 'oauth_token': token.key, |
|
77 } |
|
78 |
|
79 response = self.client.get("/oauth/authorize/", parameters) |
|
80 self.assertEqual(response.status_code,302) |
|
81 self.assertTrue(token.key in response['Location']) |
|
82 logging.debug(repr(response['location'])) |
|
83 |
|
84 self.client.login(username='jane', password='toto') |
|
85 |
|
86 response = self.client.get("/oauth/authorize/", parameters) |
|
87 self.assertEqual(response.status_code,200) |
|
88 self.assertEqual(response.content,'Fake authorize view for printer.example.com.') |
|
89 |
|
90 # parameters['authorize_access'] = 0 |
|
91 # response = self.c.post("/oauth/authorize/", parameters) |
|
92 # self.assertEqual(response.content, "Fake callback view.") |
|
93 |
|
94 # fake authorization by the user |
|
95 parameters['authorize_access'] = 1 |
|
96 response = self.client.post("/oauth/authorize/", parameters) |
|
97 self.assertEqual(response.status_code,200) |
|
98 token = list(Token.objects.all())[-1] |
|
99 #self.assertTrue(token.key in response['Location']) |
|
100 self.assertTrue(token.is_approved) |
|
101 |
|
102 ## ACCESS TOKEN |
|
103 |
|
104 parameters = { |
|
105 'oauth_consumer_key': self.CONSUMER_KEY, |
|
106 'oauth_token': token.key, |
|
107 'oauth_signature_method': 'PLAINTEXT', |
|
108 'oauth_signature': '%s&%s' % (self.CONSUMER_SECRET, token.secret), |
|
109 'oauth_timestamp': str(int(time.time())), |
|
110 'oauth_nonce': self.nonce, |
|
111 'oauth_version': '1.0', |
|
112 'oauth_verifier': token.verifier, |
|
113 } |
|
114 response = self.client.get("/oauth/access_token/", parameters) |
|
115 |
|
116 access_token = list(Token.objects.filter(token_type=Token.ACCESS))[-1] |
|
117 self.assertTrue(access_token.key in response.content) |
|
118 self.assertTrue(access_token.secret in response.content) |
|
119 self.assertEqual(access_token.user.username, u'jane') |
|
120 |
|
121 ## ACCESSING PROTECTED VIEW |
|
122 |
|
123 parameters = { |
|
124 'oauth_consumer_key': self.CONSUMER_KEY, |
|
125 'oauth_token': access_token.key, |
|
126 'oauth_signature_method': 'HMAC-SHA1', |
|
127 'oauth_timestamp': str(int(time.time())), |
|
128 'oauth_nonce': self.nonce, |
|
129 'oauth_version': '1.0', |
|
130 'id':'d2c1d1fa-629d-4520-a3d2-955b4f2582c0' |
|
131 } |
|
132 |
|
133 oauth_request = Request.from_token_and_callback(access_token, http_url='http://testserver/api/'+VERSION_STR+'/text/delete/', parameters=parameters, http_method="POST") |
|
134 signature_method = SignatureMethod_HMAC_SHA1() |
|
135 signature = signature_method.sign(oauth_request, self.consumer, access_token) |
|
136 |
|
137 parameters['oauth_signature'] = signature |
|
138 #self.assertEqual(signature, " ") |
|
139 response = self.client.post("/api/"+VERSION_STR+"/text/delete/", parameters) |
|
140 self.assertEqual(response.content, "") |
|
141 self.assertEqual(response.status_code,200) |
|
142 |
|
143 self.client.logout() |
|
144 access_token.delete() |
|
145 |
|
146 |
|
147 class OAuthTestDeleteClient(OAuthTestCase): |
|
148 def setUp(self): |
|
149 #create a user |
|
150 self.jane = User.objects.create_user('jane', 'jane@example.com', 'toto') |
|
151 |
|
152 resource = Resource(name='all', url='/api/'+VERSION_STR+'/text/delete/') |
|
153 resource.save() |
|
154 |
|
155 resource = Resource(name='delete', url='/api/'+VERSION_STR+'/text/delete/') |
|
156 resource.save() |
|
157 |
|
158 self.CONSUMER_KEY = 'dpf43f3p2l4k3l03' |
|
159 self.CONSUMER_SECRET = 'kd94hf93k423kf44' |
|
160 |
|
161 self.set_consumer(self.CONSUMER_KEY, self.CONSUMER_SECRET) |
|
162 |
|
163 self.consumer = Consumer(key=self.CONSUMER_KEY, secret=self.CONSUMER_SECRET, name='printer.example.com', user=self.jane) |
|
164 self.consumer.save() |
|
165 |
|
166 self.annotation = Annotation(external_id="d2c1d1fa-629d-4520-a3d2-955b4f2582c0",title="titre de l\'annotation",text="texte selectionne lors de la creation de l\'annotation",color="#AAAAAA", creation_date="2010-09-06T12:33:53.417550", update_date="2010-09-06T12:33:53.420459") |
|
167 self.annotation.save() |
|
168 |
|
169 |
|
170 def test_auth_access_delete(self): |
|
171 |
|
172 res = self.client.login(username='jane', password='toto') |
|
173 self.assertTrue(res) |
|
174 |
|
175 parameters = { 'id' : 'd2c1d1fa-629d-4520-a3d2-955b4f2582c0' } |
|
176 response = self.client.post(path="/api/"+VERSION_STR+"/text/delete/", data=parameters) |
|
177 self.assertEqual(response.content, "") |
|
178 self.assertEqual(response.status_code,200) |