@Test public void testTrickyParametersInBody() throws Exception { MakeRequestClient client = makeSignedFetchClient("o", "v", "http://www.example.com/app"); String tricky = "%6fpensocial_owner_id=gotcha"; HttpResponse resp = client.sendFormPost(FakeOAuthServiceProvider.RESOURCE_URL, tricky); assertEquals(OAuthError.INVALID_PARAMETER.name(), resp.getMetadata().get(OAuthResponseParams.ERROR_CODE)); checkStringContains("Wrong error text", resp.getMetadata().get("oauthErrorText"), "Invalid parameter name opensocial_owner_id, applications may not override " + "oauth, xoauth, or opensocial parameters"); }
@Test public void testStripOpenSocialParamsFromQuery() throws Exception { MakeRequestClient client = makeSignedFetchClient("o", "v", "http://www.example.com/app"); HttpResponse resp = client.sendFormPost(FakeOAuthServiceProvider.RESOURCE_URL + "?opensocial_foo=bar", null); assertEquals(OAuthError.INVALID_PARAMETER.name(), resp.getMetadata().get(OAuthResponseParams.ERROR_CODE)); checkStringContains("Wrong error text", resp.getMetadata().get("oauthErrorText"), "Invalid parameter name opensocial_foo"); }
@Test public void testStripOpenSocialParamsFromBody() throws Exception { MakeRequestClient client = makeSignedFetchClient("o", "v", "http://www.example.com/app"); HttpResponse resp = client.sendFormPost(FakeOAuthServiceProvider.RESOURCE_URL, "opensocial_foo=bar"); assertEquals(OAuthError.INVALID_PARAMETER.name(), resp.getMetadata().get(OAuthResponseParams.ERROR_CODE)); checkStringContains("Wrong error text", resp.getMetadata().get("oauthErrorText"), "Invalid parameter name opensocial_foo"); }
@Test public void testStripOAuthParamsFromQuery() throws Exception { MakeRequestClient client = makeSignedFetchClient("o", "v", "http://www.example.com/app"); HttpResponse resp = client.sendFormPost(FakeOAuthServiceProvider.RESOURCE_URL + "?oauth_foo=bar", "name=value"); assertEquals(OAuthError.INVALID_PARAMETER.name(), resp.getMetadata().get(OAuthResponseParams.ERROR_CODE)); checkStringContains("Wrong error text", resp.getMetadata().get("oauthErrorText"), "Invalid parameter name oauth_foo"); }
@Test public void testTrickyParametersInQuery() throws Exception { MakeRequestClient client = makeSignedFetchClient("o", "v", "http://www.example.com/app"); String tricky = "%6fpensocial_owner_id=gotcha"; HttpResponse resp = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL + '?' + tricky); assertEquals(OAuthError.INVALID_PARAMETER.name(), resp.getMetadata().get(OAuthResponseParams.ERROR_CODE)); checkStringContains("Wrong error text", resp.getMetadata().get("oauthErrorText"), "Invalid parameter name opensocial_owner_id, applications may not override " + "oauth, xoauth, or opensocial parameters"); }
@Test public void testTrickyParametersInBody() throws Exception { MakeRequestClient client = makeSignedFetchClient("o", "v", "http://www.example.com/app"); String tricky = "%6fpensocial_owner_id=gotcha"; HttpResponse resp = client.sendFormPost(FakeOAuthServiceProvider.RESOURCE_URL, tricky); assertEquals(OAuthError.INVALID_PARAMETER.name(), resp.getMetadata().get(OAuthResponseParams.ERROR_CODE)); checkStringContains("Wrong error text", resp.getMetadata().get("oauthErrorText"), "Invalid parameter name opensocial_owner_id, applications may not override " + "oauth, xoauth, or opensocial parameters"); }
@Test public void testStripOpenSocialParamsFromBody() throws Exception { MakeRequestClient client = makeSignedFetchClient("o", "v", "http://www.example.com/app"); HttpResponse resp = client.sendFormPost(FakeOAuthServiceProvider.RESOURCE_URL, "opensocial_foo=bar"); assertEquals(OAuthError.INVALID_PARAMETER.name(), resp.getMetadata().get(OAuthResponseParams.ERROR_CODE)); checkStringContains("Wrong error text", resp.getMetadata().get("oauthErrorText"), "Invalid parameter name opensocial_foo"); }
@Test public void testTrickyParametersInQuery() throws Exception { MakeRequestClient client = makeSignedFetchClient("o", "v", "http://www.example.com/app"); String tricky = "%6fpensocial_owner_id=gotcha"; HttpResponse resp = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL + '?' + tricky); assertEquals(OAuthError.INVALID_PARAMETER.name(), resp.getMetadata().get(OAuthResponseParams.ERROR_CODE)); checkStringContains("Wrong error text", resp.getMetadata().get("oauthErrorText"), "Invalid parameter name opensocial_owner_id, applications may not override " + "oauth, xoauth, or opensocial parameters"); }
@Test public void testStripOAuthParamsFromBody() throws Exception { MakeRequestClient client = makeSignedFetchClient("o", "v", "http://www.example.com/app"); HttpResponse resp = client.sendFormPost(FakeOAuthServiceProvider.RESOURCE_URL, "oauth_foo=bar"); assertEquals(OAuthError.INVALID_PARAMETER.name(), resp.getMetadata().get(OAuthResponseParams.ERROR_CODE)); checkStringContains("Wrong error text", resp.getMetadata().get("oauthErrorText"), "Invalid parameter name oauth_foo"); }
@Test public void testStripOpenSocialParamsFromQuery() throws Exception { MakeRequestClient client = makeSignedFetchClient("o", "v", "http://www.example.com/app"); HttpResponse resp = client.sendFormPost(FakeOAuthServiceProvider.RESOURCE_URL + "?opensocial_foo=bar", null); assertEquals(OAuthError.INVALID_PARAMETER.name(), resp.getMetadata().get(OAuthResponseParams.ERROR_CODE)); checkStringContains("Wrong error text", resp.getMetadata().get("oauthErrorText"), "Invalid parameter name opensocial_foo"); }
@Test public void testTrickyParametersInQuery() throws Exception { MakeRequestClient client = makeSignedFetchClient("o", "v", "http://www.example.com/app"); String tricky = "%6fpensocial_owner_id=gotcha"; HttpResponse resp = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL + '?' + tricky); assertEquals(OAuthError.INVALID_PARAMETER.name(), resp.getMetadata().get(OAuthResponseParams.ERROR_CODE)); checkStringContains("Wrong error text", resp.getMetadata().get("oauthErrorText"), "Invalid parameter name opensocial_owner_id, applications may not override " + "oauth, xoauth, or opensocial parameters"); }
@Test public void testStripOAuthParamsFromBody() throws Exception { MakeRequestClient client = makeSignedFetchClient("o", "v", "http://www.example.com/app"); HttpResponse resp = client.sendFormPost(FakeOAuthServiceProvider.RESOURCE_URL, "oauth_foo=bar"); assertEquals(OAuthError.INVALID_PARAMETER.name(), resp.getMetadata().get(OAuthResponseParams.ERROR_CODE)); checkStringContains("Wrong error text", resp.getMetadata().get("oauthErrorText"), "Invalid parameter name oauth_foo"); }
@Test public void testStripOAuthParamsFromBody() throws Exception { MakeRequestClient client = makeSignedFetchClient("o", "v", "http://www.example.com/app"); HttpResponse resp = client.sendFormPost(FakeOAuthServiceProvider.RESOURCE_URL, "oauth_foo=bar"); assertEquals(OAuthError.INVALID_PARAMETER.name(), resp.getMetadata().get(OAuthResponseParams.ERROR_CODE)); checkStringContains("Wrong error text", resp.getMetadata().get("oauthErrorText"), "Invalid parameter name oauth_foo"); }
@Test public void testTrickyParametersInBody() throws Exception { MakeRequestClient client = makeSignedFetchClient("o", "v", "http://www.example.com/app"); String tricky = "%6fpensocial_owner_id=gotcha"; HttpResponse resp = client.sendFormPost(FakeOAuthServiceProvider.RESOURCE_URL, tricky); assertEquals(OAuthError.INVALID_PARAMETER.name(), resp.getMetadata().get(OAuthResponseParams.ERROR_CODE)); checkStringContains("Wrong error text", resp.getMetadata().get("oauthErrorText"), "Invalid parameter name opensocial_owner_id, applications may not override " + "oauth, xoauth, or opensocial parameters"); }
@Test public void testStripOAuthParamsFromQuery() throws Exception { MakeRequestClient client = makeSignedFetchClient("o", "v", "http://www.example.com/app"); HttpResponse resp = client.sendFormPost(FakeOAuthServiceProvider.RESOURCE_URL + "?oauth_foo=bar", "name=value"); assertEquals(OAuthError.INVALID_PARAMETER.name(), resp.getMetadata().get(OAuthResponseParams.ERROR_CODE)); checkStringContains("Wrong error text", resp.getMetadata().get("oauthErrorText"), "Invalid parameter name oauth_foo"); }
@Test public void testStripOpenSocialParamsFromQuery() throws Exception { MakeRequestClient client = makeSignedFetchClient("o", "v", "http://www.example.com/app"); HttpResponse resp = client.sendFormPost(FakeOAuthServiceProvider.RESOURCE_URL + "?opensocial_foo=bar", null); assertEquals(OAuthError.INVALID_PARAMETER.name(), resp.getMetadata().get(OAuthResponseParams.ERROR_CODE)); checkStringContains("Wrong error text", resp.getMetadata().get("oauthErrorText"), "Invalid parameter name opensocial_foo"); }
@Test public void testStripOAuthParamsFromQuery() throws Exception { MakeRequestClient client = makeSignedFetchClient("o", "v", "http://www.example.com/app"); HttpResponse resp = client.sendFormPost(FakeOAuthServiceProvider.RESOURCE_URL + "?oauth_foo=bar", "name=value"); assertEquals(OAuthError.INVALID_PARAMETER.name(), resp.getMetadata().get(OAuthResponseParams.ERROR_CODE)); checkStringContains("Wrong error text", resp.getMetadata().get("oauthErrorText"), "Invalid parameter name oauth_foo"); }
@Test public void testStripOpenSocialParamsFromBody() throws Exception { MakeRequestClient client = makeSignedFetchClient("o", "v", "http://www.example.com/app"); HttpResponse resp = client.sendFormPost(FakeOAuthServiceProvider.RESOURCE_URL, "opensocial_foo=bar"); assertEquals(OAuthError.INVALID_PARAMETER.name(), resp.getMetadata().get(OAuthResponseParams.ERROR_CODE)); checkStringContains("Wrong error text", resp.getMetadata().get("oauthErrorText"), "Invalid parameter name opensocial_foo"); }
@Test public void testSignedFetch_authHeader() throws Exception { serviceProvider.setParamLocation(OAuthParamLocation.AUTH_HEADER); MakeRequestClient client = makeSignedFetchClient("o", "v", "http://www.example.com/app"); client.getBaseArgs().setRequestOption(OAuthArguments.PROGRAMMATIC_CONFIG_PARAM, "true"); client.getBaseArgs().setRequestOption(OAuthArguments.PARAM_LOCATION_PARAM, "auth-header"); HttpResponse resp = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL); String auth = resp.getHeader(FakeOAuthServiceProvider.AUTHZ_ECHO_HEADER); assertNotNull("Should have echoed authz header", auth); checkStringContains("should have opensocial params in header", auth, "opensocial_owner_id=\"o\""); }
@Test public void testSignedFetch_authHeader() throws Exception { serviceProvider.setParamLocation(OAuthParamLocation.AUTH_HEADER); MakeRequestClient client = makeSignedFetchClient("o", "v", "http://www.example.com/app"); client.getBaseArgs().setRequestOption(OAuthArguments.PROGRAMMATIC_CONFIG_PARAM, "true"); client.getBaseArgs().setRequestOption(OAuthArguments.PARAM_LOCATION_PARAM, "auth-header"); HttpResponse resp = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL); String auth = resp.getHeader(FakeOAuthServiceProvider.AUTHZ_ECHO_HEADER); assertNotNull("Should have echoed authz header", auth); checkStringContains("should have opensocial params in header", auth, "opensocial_owner_id=\"o\""); }