--- a/web/ldt/text/tests.py Fri Nov 19 14:29:17 2010 +0100
+++ b/web/ldt/text/tests.py Fri Nov 19 18:12:57 2010 +0100
@@ -17,6 +17,16 @@
from django.test.client import Client
from ldt.text import VERSION_STR
from django.db import transaction
+from django.contrib.auth.models import User
+from oauth_provider.models import Resource, Consumer
+import time
+from oauth_provider.models import Token
+from oauth.oauth import OAuthRequest, OAuthSignatureMethod_HMAC_SHA1
+from django.contrib.auth.models import User
+from oauth_provider.models import Resource, Consumer, Token, Nonce
+import time
+from oauth_provider.consts import OUT_OF_BAND
+from oauth.oauth import OAuthRequest, OAuthSignatureMethod_PLAINTEXT, generate_nonce
# This test creates an annotation and checks that:
@@ -209,5 +219,135 @@
delete = urllib.urlopen("http://127.0.0.1:8000/api/"+VERSION_STR+"/text/delete/", self.id)
delete = urllib.urlopen("http://127.0.0.1:8000/api/"+VERSION_STR+"/text/delete/", self.id2)
+
-
\ No newline at end of file
+class OauthTestDelete(unittest.TestCase):
+ def setUp(self):
+ #create a user
+ self.jane = User.objects.create_user('jane', 'jane@example.com', 'toto')
+
+ resource = Resource(name='delete', url='/api/1.0/text/delete/')
+ resource.save()
+
+ self.CONSUMER_KEY = 'dpf43f3p2l4k3l03'
+ self.CONSUMER_SECRET = 'kd94hf93k423kf44'
+ self.consumer = Consumer(key=self.CONSUMER_KEY, secret=self.CONSUMER_SECRET, name='printer.example.com', user=self.jane)
+ self.consumer.save()
+
+ self.nonce = generate_nonce(8)
+
+ #auth parameters
+ self.parameters = {
+ 'oauth_consumer_key': self.CONSUMER_KEY,
+ 'oauth_signature_method': 'PLAINTEXT',
+ 'oauth_signature': '%s&' % self.CONSUMER_SECRET,
+ 'oauth_timestamp': str(int(time.time())),
+ 'oauth_nonce': self.nonce,
+ 'oauth_version': '1.0',
+ 'oauth_callback': 'http://printer.example.com/request_token_ready',
+ 'scope':'delete'
+ }
+
+ #test client
+ self.c = Client()
+
+ self.annotation = Annotation(external_id="d2c1d1fa-629d-4520-a3d2-955b4f2582c0",title="titre de l\'annotation",text="texte selectionne lors de la creation de l\'annotation",color="#AAAAAA", creation_date="2010-09-06T12:33:53.417550", update_date="2010-09-06T12:33:53.420459")
+ self.annotation.save()
+
+ def tearDown(self):
+ Token.objects.all().delete()
+ Resource.objects.all().delete()
+ Consumer.objects.all().delete()
+ Nonce.objects.all().delete()
+ User.objects.all().delete()
+
+
+ def test_auth_access_delete(self):
+ ## REQUEST TOKEN
+
+ response = self.c.get("/oauth/request_token/", self.parameters)
+ #self.assertEqual(response.content," ")
+ self.assertEqual(response.status_code,200)
+ token = list(Token.objects.all())[-1]
+ self.assertTrue(token.key in response.content)
+ self.assertTrue(token.secret in response.content)
+ self.assertEqual(token.callback, u'http://printer.example.com/request_token_ready'),
+ self.assertTrue(token.callback_confirmed)
+
+# token.callback = OUT_OF_BAND
+# token.save()
+#
+ ## USER AUTHORIZATION
+
+ parameters = {
+ 'oauth_token': token.key,
+ }
+
+ response = self.c.get("/oauth/authorize/", parameters)
+ self.assertEqual(response.status_code,302)
+ self.assertTrue(token.key in response['Location'])
+
+ self.c.login(username='jane', password='toto')
+
+ response = self.c.get("/oauth/authorize/", parameters)
+ self.assertEqual(response.status_code,200)
+ self.assertEqual(response.content,'Fake authorize view for printer.example.com.')
+
+# parameters['authorize_access'] = 0
+# response = self.c.post("/oauth/authorize/", parameters)
+# self.assertEqual(response.content, "Fake callback view.")
+
+ # fake authorization by the user
+ parameters['authorize_access'] = 1
+ response = self.c.post("/oauth/authorize/", parameters)
+ self.assertEqual(response.status_code,302)
+ token = list(Token.objects.all())[-1]
+ self.assertTrue(token.key in response['Location'])
+ self.assertTrue(token.is_approved)
+
+ ## ACCESS TOKEN
+
+ parameters = {
+ 'oauth_consumer_key': self.CONSUMER_KEY,
+ 'oauth_token': token.key,
+ 'oauth_signature_method': 'PLAINTEXT',
+ 'oauth_signature': '%s&%s' % (self.CONSUMER_SECRET, token.secret),
+ 'oauth_timestamp': str(int(time.time())),
+ 'oauth_nonce': self.nonce,
+ 'oauth_version': '1.0',
+ 'oauth_verifier': token.verifier,
+ }
+ response = self.c.get("/oauth/access_token/", parameters)
+
+ access_token = list(Token.objects.filter(token_type=Token.ACCESS))[-1]
+ self.assertTrue(access_token.key in response.content)
+ self.assertTrue(access_token.secret in response.content)
+ self.assertEqual(access_token.user.username, u'jane')
+
+ ## ACCESSING PROTECTED VIEW
+
+ parameters = {
+ 'oauth_consumer_key': self.CONSUMER_KEY,
+ 'oauth_token': access_token.key,
+ 'oauth_signature_method': 'HMAC-SHA1',
+ 'oauth_timestamp': str(int(time.time())),
+ 'oauth_nonce': self.nonce,
+ 'oauth_version': '1.0',
+ }
+
+ oauth_request = OAuthRequest.from_token_and_callback(access_token, http_url='/api/1.0/text/delete/', parameters=parameters)
+ signature_method = OAuthSignatureMethod_HMAC_SHA1()
+ signature = signature_method.build_signature(oauth_request, self.consumer, access_token)
+
+ parameters['oauth_signature'] = signature
+ #self.assertEqual(signature, " ")
+ parameters['id'] = 'd2c1d1fa-629d-4520-a3d2-955b4f2582c0'
+ response = self.c.post("/api/1.0/text/delete/", parameters)
+ self.assertEqual(response.content, " ")
+ self.assertEqual(response.status_code,200)
+
+ self.c.logout()
+ access_token.delete()
+#/api/1.0/text/delete/
+#/api/1.0/text/update/
+#/api/1.0/text/create/
\ No newline at end of file