@Test public void testStripSensitiveFromResponse() { verifyStrip("oauth_token=dbce9de6d6da692b99b39cdcde60fd83&oauth_token_secret=60c1aabe0f6db96" + "f2719956168c08d9d"); String out = verifyStrip("oauth_token=dbce9de6d6da692b99b39cdcde60fd83&oauth_token_secret" + "=60c1aabe0f6db96f2719956168c08d9d&oauth_session_handle=ABCDEFGH"); checkStringContains(out, "oauth_token=dbce"); checkStringContains(out, "HTTP/1.1 200"); out = verifyStrip("oauth_token_secret=x"); checkStringContains(out, "oauth_token_secret=REMOVED"); out = verifyStrip("foo&oauth_token_secret=!@#$%$^&(()&"); checkStringContains(out, "foo&oauth_token_secret=REMOVED&"); }
@Test public void testStripSensitiveFromResponse() { verifyStrip("oauth_token=dbce9de6d6da692b99b39cdcde60fd83&oauth_token_secret=60c1aabe0f6db96" + "f2719956168c08d9d"); String out = verifyStrip("oauth_token=dbce9de6d6da692b99b39cdcde60fd83&oauth_token_secret" + "=60c1aabe0f6db96f2719956168c08d9d&oauth_session_handle=ABCDEFGH"); checkStringContains(out, "oauth_token=dbce"); checkStringContains(out, "HTTP/1.1 200"); out = verifyStrip("oauth_token_secret=x"); checkStringContains(out, "oauth_token_secret=REMOVED"); out = verifyStrip("foo&oauth_token_secret=!@#$%$^&(()&"); checkStringContains(out, "foo&oauth_token_secret=REMOVED&"); }
@Test public void testStripSensitiveFromResponse() { verifyStrip("oauth_token=dbce9de6d6da692b99b39cdcde60fd83&oauth_token_secret=60c1aabe0f6db96" + "f2719956168c08d9d"); String out = verifyStrip("oauth_token=dbce9de6d6da692b99b39cdcde60fd83&oauth_token_secret" + "=60c1aabe0f6db96f2719956168c08d9d&oauth_session_handle=ABCDEFGH"); checkStringContains(out, "oauth_token=dbce"); checkStringContains(out, "HTTP/1.1 200"); out = verifyStrip("oauth_token_secret=x"); checkStringContains(out, "oauth_token_secret=REMOVED"); out = verifyStrip("foo&oauth_token_secret=!@#$%$^&(()&"); checkStringContains(out, "foo&oauth_token_secret=REMOVED&"); }
private String verifyStrip(String body) { HttpResponseBuilder resp = new HttpResponseBuilder() .setHttpStatusCode(200) .setHeader("Date", "Date: Fri, 09 Jan 2009 00:35:08 GMT") .setResponseString(body); String out = OAuthResponseParams.filterSecrets(resp.create().toString()); if (out.contains("oauth_token_secret")) { checkStringContains("should remove secret", out, "oauth_token_secret=REMOVED"); } if (out.contains("oauth_session_handle")) { checkStringContains("should remove handle", out, "oauth_session_handle=REMOVED"); } return out; }
private String verifyStrip(String body) { HttpResponseBuilder resp = new HttpResponseBuilder() .setHttpStatusCode(200) .setHeader("Date", "Date: Fri, 09 Jan 2009 00:35:08 GMT") .setResponseString(body); String out = OAuthResponseParams.filterSecrets(resp.create().toString()); if (out.contains("oauth_token_secret")) { checkStringContains("should remove secret", out, "oauth_token_secret=REMOVED"); } if (out.contains("oauth_session_handle")) { checkStringContains("should remove handle", out, "oauth_session_handle=REMOVED"); } return out; }
private String verifyStrip(String body) { HttpResponseBuilder resp = new HttpResponseBuilder() .setHttpStatusCode(200) .setHeader("Date", "Date: Fri, 09 Jan 2009 00:35:08 GMT") .setResponseString(body); String out = OAuthResponseParams.filterSecrets(resp.create().toString()); if (out.contains("oauth_token_secret")) { checkStringContains("should remove secret", out, "oauth_token_secret=REMOVED"); } if (out.contains("oauth_session_handle")) { checkStringContains("should remove handle", out, "oauth_session_handle=REMOVED"); } return out; }
@Test public void testSendTraceToClient() { OAuthRequestException e = new OAuthRequestException(OAuthError.BAD_OAUTH_CONFIGURATION, "whoa there cowboy"); params.addRequestTrace(null, null); params.addRequestTrace(null, null); HttpResponseBuilder responseBuilder = new HttpResponseBuilder(); params.addToResponse(responseBuilder, e); HttpResponse response = responseBuilder.create(); String errorText = response.getMetadata().get("oauthErrorText"); assertEquals("whoa there cowboy", errorText); params.setSendTraceToClient(true); params.addToResponse(responseBuilder, e); response = responseBuilder.create(); errorText = response.getMetadata().get("oauthErrorText"); checkStringContains("includes error text", errorText, "whoa there cowboy"); checkStringContains("Request 1 logged", errorText, "Sent request 1:\n\n"); checkStringContains("Request 2 logged", errorText, "Sent request 2:\n\n"); }
@Test public void testSendTraceToClient() { OAuthRequestException e = new OAuthRequestException(OAuthError.BAD_OAUTH_CONFIGURATION, "whoa there cowboy"); params.addRequestTrace(null, null); params.addRequestTrace(null, null); HttpResponseBuilder responseBuilder = new HttpResponseBuilder(); params.addToResponse(responseBuilder, e); HttpResponse response = responseBuilder.create(); String errorText = response.getMetadata().get("oauthErrorText"); assertEquals("whoa there cowboy", errorText); params.setSendTraceToClient(true); params.addToResponse(responseBuilder, e); response = responseBuilder.create(); errorText = response.getMetadata().get("oauthErrorText"); checkStringContains("includes error text", errorText, "whoa there cowboy"); checkStringContains("Request 1 logged", errorText, "Sent request 1:\n\n"); checkStringContains("Request 2 logged", errorText, "Sent request 2:\n\n"); }
@Test public void testStripSecretsFromRequestUrl() { HttpRequest req = new HttpRequest(Uri.parse("http://www.example.com/access?param=foo&openso" + "cial_owner_id=owner&opensocial_viewer_id=owner&opensocial_app_id=app&" + "oauth_session_handle" + "=http%3A%2F%2Fwww.example.com%2Fgadget.xml&oauth_version=1.0&oauth_timestamp=12" + "31461132&oauth_consumer_key=consumer&oauth_signature_method=HMAC-SHA1&oauth_nonce=1" + "231461160262578000&oauth_signature=HuFQ%2BRYTrRzcgsi3al6ld9Msvoo%3D")); String filtered = OAuthResponseParams.filterSecrets(req.toString()); checkStringContains(filtered, "oauth_session_handle=REMOVED"); }
@Test public void testStripSecretsFromRequestUrl() { HttpRequest req = new HttpRequest(Uri.parse("http://www.example.com/access?param=foo&openso" + "cial_owner_id=owner&opensocial_viewer_id=owner&opensocial_app_id=app&" + "oauth_session_handle" + "=http%3A%2F%2Fwww.example.com%2Fgadget.xml&oauth_version=1.0&oauth_timestamp=12" + "31461132&oauth_consumer_key=consumer&oauth_signature_method=HMAC-SHA1&oauth_nonce=1" + "231461160262578000&oauth_signature=HuFQ%2BRYTrRzcgsi3al6ld9Msvoo%3D")); String filtered = OAuthResponseParams.filterSecrets(req.toString()); checkStringContains(filtered, "oauth_session_handle=REMOVED"); }
@Test public void testStripSecretsFromRequestUrl() { HttpRequest req = new HttpRequest(Uri.parse("http://www.example.com/access?param=foo&openso" + "cial_owner_id=owner&opensocial_viewer_id=owner&opensocial_app_id=app&" + "oauth_session_handle" + "=http%3A%2F%2Fwww.example.com%2Fgadget.xml&oauth_version=1.0&oauth_timestamp=12" + "31461132&oauth_consumer_key=consumer&oauth_signature_method=HMAC-SHA1&oauth_nonce=1" + "231461160262578000&oauth_signature=HuFQ%2BRYTrRzcgsi3al6ld9Msvoo%3D")); String filtered = OAuthResponseParams.filterSecrets(req.toString()); checkStringContains(filtered, "oauth_session_handle=REMOVED"); }
@Test public void testAddParams() { params.getNewClientState().setAccessToken("access"); params.setAznUrl("aznurl"); OAuthRequestException e = new OAuthRequestException(OAuthError.BAD_OAUTH_CONFIGURATION, "whoa there cowboy"); HttpResponseBuilder responseBuilder = new HttpResponseBuilder(); params.addToResponse(responseBuilder, e); HttpResponse response = responseBuilder.create(); assertEquals("BAD_OAUTH_CONFIGURATION", response.getMetadata().get("oauthError")); String errorText = response.getMetadata().get("oauthErrorText"); checkStringContains("error text returned", errorText, "whoa there cowboy"); assertEquals("aznurl", response.getMetadata().get("oauthApprovalUrl")); assertNotNull(response.getMetadata().get("oauthState")); assertTrue(response.getMetadata().get("oauthState").length() > 10); }
@Test public void testStripSecretsFromRequestHeader() { HttpRequest req = new HttpRequest(Uri.parse("http://www.example.com/foo")); req.setHeader("Authorization", "OAuth opensocial_owner_id=\"owner\", opensocial_viewer_id=" + "\"owner\", opensocial_app_id=\"app\", opensocial_app_url=\"http%3A%2F%2Fwww.examp" + "le.com%2Fheader.xml\", oauth_version=\"1.0\", oauth_timestamp=\"1231461306\", oau" + "th_consumer_key=\"consumer\", oauth_signature_method=\"HMAC-SHA1\", oauth_nonce" + "=\"1231461308333563000\", oauth_session_handle=\"w0zAI1yN5ZRvmBX5kcVdra5%2BbZE%" + "3D\""); String filtered = OAuthResponseParams.filterSecrets(req.toString()); checkStringContains(filtered, "oauth_session_handle=REMOVED"); }
@Test public void testException() { HttpRequest req = new HttpRequest(Uri.parse("http://www")); HttpResponse ok = new HttpResponseBuilder().setHttpStatusCode(200).create(); params.addRequestTrace(req, ok); OAuthRequestException e = new OAuthRequestException("error", "errorText"); checkStringContains(e.toString(), "[error,errorText]"); params.addRequestTrace(null, null); Throwable cause = new RuntimeException(); e = new OAuthRequestException(OAuthError.UNAUTHENTICATED, "errorText", cause); checkStringContains(e.toString(), "[UNAUTHENTICATED,Unauthenticated OAuth fetch]"); assertEquals(cause, e.getCause()); }
@Test public void testAddParams() { params.getNewClientState().setAccessToken("access"); params.setAznUrl("aznurl"); OAuthRequestException e = new OAuthRequestException(OAuthError.BAD_OAUTH_CONFIGURATION, "whoa there cowboy"); HttpResponseBuilder responseBuilder = new HttpResponseBuilder(); params.addToResponse(responseBuilder, e); HttpResponse response = responseBuilder.create(); assertEquals("BAD_OAUTH_CONFIGURATION", response.getMetadata().get("oauthError")); String errorText = response.getMetadata().get("oauthErrorText"); checkStringContains("error text returned", errorText, "whoa there cowboy"); assertEquals("aznurl", response.getMetadata().get("oauthApprovalUrl")); assertNotNull(response.getMetadata().get("oauthState")); assertTrue(response.getMetadata().get("oauthState").length() > 10); }
@Test public void testAddParams() { params.getNewClientState().setAccessToken("access"); params.setAznUrl("aznurl"); OAuthRequestException e = new OAuthRequestException(OAuthError.BAD_OAUTH_CONFIGURATION, "whoa there cowboy"); HttpResponseBuilder responseBuilder = new HttpResponseBuilder(); params.addToResponse(responseBuilder, e); HttpResponse response = responseBuilder.create(); assertEquals("BAD_OAUTH_CONFIGURATION", response.getMetadata().get("oauthError")); String errorText = response.getMetadata().get("oauthErrorText"); checkStringContains("error text returned", errorText, "whoa there cowboy"); assertEquals("aznurl", response.getMetadata().get("oauthApprovalUrl")); assertNotNull(response.getMetadata().get("oauthState")); assertTrue(response.getMetadata().get("oauthState").length() > 10); }
@Test public void testException() { HttpRequest req = new HttpRequest(Uri.parse("http://www")); HttpResponse ok = new HttpResponseBuilder().setHttpStatusCode(200).create(); params.addRequestTrace(req, ok); OAuthRequestException e = new OAuthRequestException("error", "errorText"); checkStringContains(e.toString(), "[error,errorText]"); params.addRequestTrace(null, null); Throwable cause = new RuntimeException(); e = new OAuthRequestException(OAuthError.UNAUTHENTICATED, "errorText", cause); checkStringContains(e.toString(), "[UNAUTHENTICATED,Unauthenticated OAuth fetch]"); assertEquals(cause, e.getCause()); }
@Test public void testStripSecretsFromRequestHeader() { HttpRequest req = new HttpRequest(Uri.parse("http://www.example.com/foo")); req.setHeader("Authorization", "OAuth opensocial_owner_id=\"owner\", opensocial_viewer_id=" + "\"owner\", opensocial_app_id=\"app\", opensocial_app_url=\"http%3A%2F%2Fwww.examp" + "le.com%2Fheader.xml\", oauth_version=\"1.0\", oauth_timestamp=\"1231461306\", oau" + "th_consumer_key=\"consumer\", oauth_signature_method=\"HMAC-SHA1\", oauth_nonce" + "=\"1231461308333563000\", oauth_session_handle=\"w0zAI1yN5ZRvmBX5kcVdra5%2BbZE%" + "3D\""); String filtered = OAuthResponseParams.filterSecrets(req.toString()); checkStringContains(filtered, "oauth_session_handle=REMOVED"); }
@Test public void testStripSecretsFromRequestHeader() { HttpRequest req = new HttpRequest(Uri.parse("http://www.example.com/foo")); req.setHeader("Authorization", "OAuth opensocial_owner_id=\"owner\", opensocial_viewer_id=" + "\"owner\", opensocial_app_id=\"app\", opensocial_app_url=\"http%3A%2F%2Fwww.examp" + "le.com%2Fheader.xml\", oauth_version=\"1.0\", oauth_timestamp=\"1231461306\", oau" + "th_consumer_key=\"consumer\", oauth_signature_method=\"HMAC-SHA1\", oauth_nonce" + "=\"1231461308333563000\", oauth_session_handle=\"w0zAI1yN5ZRvmBX5kcVdra5%2BbZE%" + "3D\""); String filtered = OAuthResponseParams.filterSecrets(req.toString()); checkStringContains(filtered, "oauth_session_handle=REMOVED"); }
@Test public void testException() { HttpRequest req = new HttpRequest(Uri.parse("http://www")); HttpResponse ok = new HttpResponseBuilder().setHttpStatusCode(200).create(); params.addRequestTrace(req, ok); OAuthRequestException e = new OAuthRequestException("error", "errorText"); checkStringContains(e.toString(), "[error,errorText]"); params.addRequestTrace(null, null); Throwable cause = new RuntimeException(); e = new OAuthRequestException(OAuthError.UNAUTHENTICATED, "errorText", cause); checkStringContains(e.toString(), "[UNAUTHENTICATED,Unauthenticated OAuth fetch]"); assertEquals(cause, e.getCause()); }