@Test public void testWrongServiceName() throws Exception { SecurityToken securityToken = getSecurityToken("owner", "owner", GADGET_URL); MakeRequestClient client = new MakeRequestClient(securityToken, fetcherConfig, serviceProvider, "nosuchservice"); HttpResponse response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL); Map<String, String> metadata = response.getMetadata(); assertNull(metadata.get("oauthApprovalUrl")); assertEquals("BAD_OAUTH_CONFIGURATION", metadata.get("oauthError")); String errorText = metadata.get("oauthErrorText"); assertTrue(errorText, errorText.startsWith( "Failed to retrieve OAuth URLs, spec for gadget does " + "not contain OAuth service nosuchservice. Known services: testservice")); }
@Test(expected=RuntimeException.class) public void testAccessTokenData_noDirectRequest() throws Exception { serviceProvider.setReturnAccessTokenData(true); MakeRequestClient client = makeNonSocialClient("owner", "owner", GADGET_URL); HttpResponse response = client.sendGet(FakeOAuthServiceProvider.ACCESS_TOKEN_URL); assertEquals("", response.getResponseAsString()); client.approveToken("user_data=hello-oauth"); response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL); assertEquals("User data is hello-oauth", response.getResponseAsString()); client.sendGet(FakeOAuthServiceProvider.ACCESS_TOKEN_URL); fail("Service provider should have rejected bogus request to access token URL"); }
/** * Send an OAuth GET request to the given URL. */ public HttpResponse sendGet(String target) throws Exception { HttpRequest request = new HttpRequest(Uri.parse(target)); request.setOAuthArguments(recallState()); OAuthRequest dest = createRequest(); request.setIgnoreCache(ignoreCache); request.setSecurityToken(securityToken); HttpResponse response = dest.fetch(request); saveState(response); return response; }
private MakeRequestClient makeSignedFetchClient(String owner, String viewer, String gadget) throws Exception { SecurityToken securityToken = getSecurityToken(owner, viewer, gadget); MakeRequestClient client = new MakeRequestClient(securityToken, fetcherConfig, serviceProvider, null); client.setBaseArgs(client.makeSignedFetchArguments()); return client; }
/** Client that does OAuth and sends opensocial_* params */ private MakeRequestClient makeNonSocialClient(String owner, String viewer, String gadget) throws Exception { SecurityToken securityToken = getSecurityToken(owner, viewer, gadget); MakeRequestClient client = new MakeRequestClient(securityToken, fetcherConfig, serviceProvider, FakeGadgetSpecFactory.SERVICE_NAME); client.getBaseArgs().setSignOwner(true); client.getBaseArgs().setSignViewer(true); return client; }
HttpResponse response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL); assertEquals("", response.getResponseAsString()); assertEquals(0, serviceProvider.getResourceAccessCount()); client.approveToken("user_data=hello-oauth"); response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL); assertEquals("User data is hello-oauth", response.getResponseAsString()); assertEquals(1, serviceProvider.getResourceAccessCount()); response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL + "?cachebust=1"); assertEquals("User data is hello-oauth", response.getResponseAsString()); response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL + "?cachebust=2"); assertEquals("", response.getResponseAsString()); Map<String, String> metadata = response.getMetadata(); client.clearState(); response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL + "?cachebust=3"); assertEquals("User data is hello-oauth", response.getResponseAsString());
@Test public void testSignedFetch_authHeader() throws Exception { serviceProvider.setParamLocation(OAuthParamLocation.AUTH_HEADER); MakeRequestClient client = makeSignedFetchClient("o", "v", "http://www.example.com/app"); client.getBaseArgs().setRequestOption(OAuthArguments.PROGRAMMATIC_CONFIG_PARAM, "true"); client.getBaseArgs().setRequestOption(OAuthArguments.PARAM_LOCATION_PARAM, "auth-header"); HttpResponse resp = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL); String auth = resp.getHeader(FakeOAuthServiceProvider.AUTHZ_ECHO_HEADER); assertNotNull("Should have echoed authz header", auth); checkStringContains("should have opensocial params in header", auth, "opensocial_owner_id=\"o\""); }
@Test public void testParamsInBody() throws Exception { serviceProvider.setParamLocation(OAuthParamLocation.POST_BODY); MakeRequestClient client = makeNonSocialClient("owner", "owner", GADGET_URL_BODY); HttpResponse response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL); assertEquals("", response.getResponseAsString()); client.approveToken("user_data=hello-oauth"); response = client.sendFormPost(FakeOAuthServiceProvider.RESOURCE_URL, ""); assertEquals("User data is hello-oauth", response.getResponseAsString()); String echoedBody = response.getHeader(FakeOAuthServiceProvider.BODY_ECHO_HEADER); assertNotNull(echoedBody); Assert.assertNotSame("body: " + echoedBody, echoedBody.indexOf("oauth_consumer_key="), -1); }
@Test public void testStripOpenSocialParamsFromQuery() throws Exception { MakeRequestClient client = makeSignedFetchClient("o", "v", "http://www.example.com/app"); HttpResponse resp = client.sendFormPost(FakeOAuthServiceProvider.RESOURCE_URL + "?opensocial_foo=bar", null); assertEquals(OAuthError.INVALID_PARAMETER.name(), resp.getMetadata().get(OAuthResponseParams.ERROR_CODE)); checkStringContains("Wrong error text", resp.getMetadata().get("oauthErrorText"), "Invalid parameter name opensocial_foo"); }
@Test public void testBrokenAccessTokenResponse() throws Exception { SecurityToken securityToken = getSecurityToken("owner", "owner", GADGET_URL_BAD_OAUTH_URL); MakeRequestClient client = new MakeRequestClient(securityToken, fetcherConfig, serviceProvider, FakeGadgetSpecFactory.SERVICE_NAME); // This lets us skip the access token step client.getBaseArgs().setRequestToken("reqtoken"); client.getBaseArgs().setRequestTokenSecret("reqtokensecret"); HttpResponse response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL); assertEquals(403, response.getHttpStatusCode()); assertEquals("", response.getResponseAsString()); Map<String, String> metadata = response.getMetadata(); assertNotNull(metadata); assertEquals("MISSING_OAUTH_PARAMETER", metadata.get("oauthError")); String errorText = response.getMetadata().get("oauthErrorText"); checkStringContains("oauthErrorText mismatch", errorText, "No oauth_token_secret returned from service provider"); checkStringContains("oauthErrorText mismatch", errorText, "with_fleece_as_white_as_snow"); }
private void setNoSpecOptions(MakeRequestClient client) { client.getBaseArgs().setRequestOption(OAuthArguments.PROGRAMMATIC_CONFIG_PARAM, "true"); client.getBaseArgs().setRequestOption(OAuthArguments.PARAM_LOCATION_PARAM, "uri-query"); client.getBaseArgs().setRequestOption(OAuthArguments.REQUEST_METHOD_PARAM, "GET"); client.getBaseArgs().setRequestOption(OAuthArguments.REQUEST_TOKEN_URL_PARAM, FakeOAuthServiceProvider.REQUEST_TOKEN_URL); client.getBaseArgs().setRequestOption(OAuthArguments.ACCESS_TOKEN_URL_PARAM, FakeOAuthServiceProvider.ACCESS_TOKEN_URL); client.getBaseArgs().setRequestOption(OAuthArguments.AUTHORIZATION_URL_PARAM, FakeOAuthServiceProvider.APPROVAL_URL); }
/** Client that does OAuth and does not send opensocial_* params */ private MakeRequestClient makeStrictNonSocialClient(String owner, String viewer, String gadget) throws Exception { SecurityToken securityToken = getSecurityToken(owner, viewer, gadget); return new MakeRequestClient(securityToken, fetcherConfig, serviceProvider, FakeGadgetSpecFactory.SERVICE_NAME); }
/** * Create a make request client with the given security token, sending requests through an * OAuth fetcher to an OAuth service provider. * * @param securityToken identity of the user. * @param fetcherConfig configuration for the OAuthRequest * @param serviceProvider service provider being targeted. * @param serviceName nickname for the service being accessed. */ public MakeRequestClient(SecurityToken securityToken, OAuthFetcherConfig fetcherConfig, FakeOAuthServiceProvider serviceProvider, String serviceName) { this.securityToken = securityToken; this.fetcherConfig = fetcherConfig; this.serviceProvider = serviceProvider; this.serviceName = serviceName; this.baseArgs = makeNonSocialOAuthArguments(); this.ignoreCache = false; }
HttpResponse response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL); assertEquals("", response.getResponseAsString()); assertEquals(0, serviceProvider.getResourceAccessCount()); client.approveToken("user_data=hello-oauth"); response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL); assertEquals("User data is hello-oauth", response.getResponseAsString()); assertEquals(1, serviceProvider.getResourceAccessCount()); response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL + "?cachebust=1"); assertEquals("User data is hello-oauth", response.getResponseAsString()); response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL + "?cachebust=2"); assertEquals("", response.getResponseAsString()); Map<String, String> metadata = response.getMetadata(); client.clearState(); response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL + "?cachebust=3"); assertEquals("User data is hello-oauth", response.getResponseAsString());
@Test public void testSignedFetch_authHeader() throws Exception { serviceProvider.setParamLocation(OAuthParamLocation.AUTH_HEADER); MakeRequestClient client = makeSignedFetchClient("o", "v", "http://www.example.com/app"); client.getBaseArgs().setRequestOption(OAuthArguments.PROGRAMMATIC_CONFIG_PARAM, "true"); client.getBaseArgs().setRequestOption(OAuthArguments.PARAM_LOCATION_PARAM, "auth-header"); HttpResponse resp = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL); String auth = resp.getHeader(FakeOAuthServiceProvider.AUTHZ_ECHO_HEADER); assertNotNull("Should have echoed authz header", auth); checkStringContains("should have opensocial params in header", auth, "opensocial_owner_id=\"o\""); }
private MakeRequestClient makeSignedFetchClient(String owner, String viewer, String gadget) throws Exception { SecurityToken securityToken = getSecurityToken(owner, viewer, gadget); serviceProvider.setExpectedRequestSecurityToken( securityToken ); MakeRequestClient client = new MakeRequestClient(securityToken, fetcherConfig, serviceProvider, null); client.setBaseArgs(client.makeSignedFetchArguments()); return client; }
@Test public void testParamsInBody() throws Exception { serviceProvider.setParamLocation(OAuthParamLocation.POST_BODY); MakeRequestClient client = makeNonSocialClient("owner", "owner", GADGET_URL_BODY); HttpResponse response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL); assertEquals("", response.getResponseAsString()); client.approveToken("user_data=hello-oauth"); response = client.sendFormPost(FakeOAuthServiceProvider.RESOURCE_URL, ""); assertEquals("User data is hello-oauth", response.getResponseAsString()); String echoedBody = response.getHeader(FakeOAuthServiceProvider.BODY_ECHO_HEADER); assertNotNull(echoedBody); Assert.assertNotSame("body: " + echoedBody, echoedBody.indexOf("oauth_consumer_key="), -1); }
private MakeRequestClient makeSocialOAuthClient(String owner, String viewer, String gadget) throws Exception { SecurityToken securityToken = getSecurityToken(owner, viewer, gadget); MakeRequestClient client = new MakeRequestClient(securityToken, fetcherConfig, serviceProvider, FakeGadgetSpecFactory.SERVICE_NAME); client.getBaseArgs().setUseToken(UseToken.IF_AVAILABLE); return client; }
@Test public void testStripOAuthParamsFromQuery() throws Exception { MakeRequestClient client = makeSignedFetchClient("o", "v", "http://www.example.com/app"); HttpResponse resp = client.sendFormPost(FakeOAuthServiceProvider.RESOURCE_URL + "?oauth_foo=bar", "name=value"); assertEquals(OAuthError.INVALID_PARAMETER.name(), resp.getMetadata().get(OAuthResponseParams.ERROR_CODE)); checkStringContains("Wrong error text", resp.getMetadata().get("oauthErrorText"), "Invalid parameter name oauth_foo"); }
@Test public void testBrokenAccessTokenResponse() throws Exception { SecurityToken securityToken = getSecurityToken("owner", "owner", GADGET_URL_BAD_OAUTH_URL); MakeRequestClient client = new MakeRequestClient(securityToken, fetcherConfig, serviceProvider, FakeGadgetSpecFactory.SERVICE_NAME); // This lets us skip the access token step client.getBaseArgs().setRequestToken("reqtoken"); client.getBaseArgs().setRequestTokenSecret("reqtokensecret"); HttpResponse response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL); assertEquals(403, response.getHttpStatusCode()); assertEquals("", response.getResponseAsString()); Map<String, String> metadata = response.getMetadata(); assertNotNull(metadata); assertEquals("MISSING_OAUTH_PARAMETER", metadata.get("oauthError")); String errorText = response.getMetadata().get("oauthErrorText"); checkStringContains("oauthErrorText mismatch", errorText, "No oauth_token_secret returned from service provider"); checkStringContains("oauthErrorText mismatch", errorText, "with_fleece_as_white_as_snow"); }