@Test public void testRevokedAccessToken() throws Exception { MakeRequestClient client = makeNonSocialClient("owner", "owner", GADGET_URL); HttpResponse response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL); assertEquals("", response.getResponseAsString()); client.approveToken("user_data=hello-oauth"); response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL + "?cachebust=1"); assertEquals("User data is hello-oauth", response.getResponseAsString()); serviceProvider.revokeAllAccessTokens(); response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL + "?cachebust=2"); assertEquals("", response.getResponseAsString()); assertNotNull(response.getMetadata().get("oauthApprovalUrl")); assertNull("Should not return oauthError for revoked token", response.getMetadata().get("oauthError")); String errorText = response.getMetadata().get("oauthErrorText"); assertNotNull(errorText); checkStringContains("should return original request", errorText, "GET /data?cachebust=2\n"); checkStringContains("should return signed request", errorText, "GET /data?cachebust=2&"); checkStringContains("should remove secret", errorText, "oauth_token_secret=REMOVED"); checkStringContains("should return response", errorText, "HTTP/1.1 401"); checkStringContains("should return response", errorText, "oauth_problem=\"token_revoked\""); client.approveToken("user_data=reapproved"); response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL + "?cachebust=3"); assertEquals("User data is reapproved", response.getResponseAsString()); }
@Test public void testRevokedAccessToken() throws Exception { MakeRequestClient client = makeNonSocialClient("owner", "owner", GADGET_URL); HttpResponse response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL); assertEquals("", response.getResponseAsString()); client.approveToken("user_data=hello-oauth"); response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL + "?cachebust=1"); assertEquals("User data is hello-oauth", response.getResponseAsString()); serviceProvider.revokeAllAccessTokens(); response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL + "?cachebust=2"); assertEquals("", response.getResponseAsString()); assertNotNull(response.getMetadata().get("oauthApprovalUrl")); assertNull("Should not return oauthError for revoked token", response.getMetadata().get("oauthError")); String errorText = response.getMetadata().get("oauthErrorText"); assertNotNull(errorText); checkStringContains("should return original request", errorText, "GET /data?cachebust=2\n"); checkStringContains("should return signed request", errorText, "GET /data?cachebust=2&"); checkStringContains("should remove secret", errorText, "oauth_token_secret=REMOVED"); checkStringContains("should return response", errorText, "HTTP/1.1 401"); checkStringContains("should return response", errorText, "oauth_problem=\"token_revoked\""); client.approveToken("user_data=reapproved"); response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL + "?cachebust=3"); assertEquals("User data is reapproved", response.getResponseAsString()); }
@Test public void testRevokedAccessToken() throws Exception { MakeRequestClient client = makeNonSocialClient("owner", "owner", GADGET_URL); HttpResponse response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL); assertEquals("", response.getResponseAsString()); client.approveToken("user_data=hello-oauth"); response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL + "?cachebust=1"); assertEquals("User data is hello-oauth", response.getResponseAsString()); serviceProvider.revokeAllAccessTokens(); response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL + "?cachebust=2"); assertEquals("", response.getResponseAsString()); assertNotNull(response.getMetadata().get("oauthApprovalUrl")); assertNull("Should not return oauthError for revoked token", response.getMetadata().get("oauthError")); String errorText = response.getMetadata().get("oauthErrorText"); assertNotNull(errorText); checkStringContains("should return original request", errorText, "GET /data?cachebust=2\n"); checkStringContains("should return signed request", errorText, "GET /data?cachebust=2&"); checkStringContains("should remove secret", errorText, "oauth_token_secret=REMOVED"); checkStringContains("should return response", errorText, "HTTP/1.1 401"); checkStringContains("should return response", errorText, "oauth_problem=\"token_revoked\""); client.approveToken("user_data=reapproved"); response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL + "?cachebust=3"); assertEquals("User data is reapproved", response.getResponseAsString()); }
@Test public void testError401() throws Exception { serviceProvider.setVagueErrors(true); MakeRequestClient client = makeNonSocialClient("owner", "owner", GADGET_URL); HttpResponse response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL); assertEquals("", response.getResponseAsString()); client.approveToken("user_data=hello-oauth"); response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL + "?cachebust=1"); assertEquals("User data is hello-oauth", response.getResponseAsString()); serviceProvider.revokeAllAccessTokens(); response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL + "?cachebust=2"); checkLogContains("GET /data?cachebust=2"); checkLogContains("HTTP/1.1 401"); assertEquals("", response.getResponseAsString()); assertNotNull(response.getMetadata().get("oauthApprovalUrl")); client.approveToken("user_data=reapproved"); response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL + "?cachebust=3"); assertEquals("User data is reapproved", response.getResponseAsString()); }
@Test public void testError401() throws Exception { serviceProvider.setVagueErrors(true); MakeRequestClient client = makeNonSocialClient("owner", "owner", GADGET_URL); HttpResponse response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL); assertEquals("", response.getResponseAsString()); client.approveToken("user_data=hello-oauth"); response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL + "?cachebust=1"); assertEquals("User data is hello-oauth", response.getResponseAsString()); serviceProvider.revokeAllAccessTokens(); response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL + "?cachebust=2"); checkLogContains("GET /data?cachebust=2"); checkLogContains("HTTP/1.1 401"); assertEquals("", response.getResponseAsString()); assertNotNull(response.getMetadata().get("oauthApprovalUrl")); client.approveToken("user_data=reapproved"); response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL + "?cachebust=3"); assertEquals("User data is reapproved", response.getResponseAsString()); }
@Test public void testError401() throws Exception { serviceProvider.setVagueErrors(true); MakeRequestClient client = makeNonSocialClient("owner", "owner", GADGET_URL); HttpResponse response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL); assertEquals("", response.getResponseAsString()); client.approveToken("user_data=hello-oauth"); response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL + "?cachebust=1"); assertEquals("User data is hello-oauth", response.getResponseAsString()); serviceProvider.revokeAllAccessTokens(); response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL + "?cachebust=2"); checkLogContains("GET /data?cachebust=2"); checkLogContains("HTTP/1.1 401"); assertEquals("", response.getResponseAsString()); assertNotNull(response.getMetadata().get("oauthApprovalUrl")); client.approveToken("user_data=reapproved"); response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL + "?cachebust=3"); assertEquals("User data is reapproved", response.getResponseAsString()); }
@Test public void testSocialOAuth_tokenRevoked() throws Exception { MakeRequestClient client = makeNonSocialClient("owner", "owner", GADGET_URL); HttpResponse response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL); assertEquals("", response.getResponseAsString()); client.approveToken("user_data=hello-oauth"); response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL); assertEquals("User data is hello-oauth", response.getResponseAsString()); serviceProvider.revokeAllAccessTokens(); assertEquals(0, base.getAccessTokenRemoveCount()); client = makeSocialOAuthClient("owner", "owner", GADGET_URL); response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL + "?cb=1"); assertEquals("", response.getResponseAsString()); assertEquals(1, base.getAccessTokenRemoveCount()); }
@Test public void testSocialOAuth_tokenRevoked() throws Exception { MakeRequestClient client = makeNonSocialClient("owner", "owner", GADGET_URL); HttpResponse response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL); assertEquals("", response.getResponseAsString()); client.approveToken("user_data=hello-oauth"); response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL); assertEquals("User data is hello-oauth", response.getResponseAsString()); serviceProvider.revokeAllAccessTokens(); assertEquals(0, base.getAccessTokenRemoveCount()); client = makeSocialOAuthClient("owner", "owner", GADGET_URL); response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL + "?cb=1"); assertEquals("", response.getResponseAsString()); assertEquals(1, base.getAccessTokenRemoveCount()); }
@Test public void testSocialOAuth_tokenRevoked() throws Exception { MakeRequestClient client = makeNonSocialClient("owner", "owner", GADGET_URL); HttpResponse response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL); assertEquals("", response.getResponseAsString()); client.approveToken("user_data=hello-oauth"); response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL); assertEquals("User data is hello-oauth", response.getResponseAsString()); serviceProvider.revokeAllAccessTokens(); assertEquals(0, base.getAccessTokenRemoveCount()); client = makeSocialOAuthClient("owner", "owner", GADGET_URL); response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL + "?cb=1"); assertEquals("", response.getResponseAsString()); assertEquals(1, base.getAccessTokenRemoveCount()); }
@Test public void testAccessTokenExpired_andRevoked() throws Exception { serviceProvider.setSessionExtension(true); MakeRequestClient client = makeNonSocialClient("owner", "owner", GADGET_URL); HttpResponse response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL); assertEquals("", response.getResponseAsString()); client.approveToken("user_data=hello-oauth"); response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL); assertEquals("User data is hello-oauth", response.getResponseAsString()); assertEquals(1, serviceProvider.getRequestTokenCount()); assertEquals(1, serviceProvider.getAccessTokenCount()); assertEquals(1, serviceProvider.getResourceAccessCount()); clock.incrementSeconds(FakeOAuthServiceProvider.TOKEN_EXPIRATION_SECONDS + 1); serviceProvider.revokeAllAccessTokens(); response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL + "?cb=1"); assertEquals("", response.getResponseAsString()); assertEquals(2, serviceProvider.getRequestTokenCount()); assertEquals(2, serviceProvider.getAccessTokenCount()); assertEquals(1, serviceProvider.getResourceAccessCount()); client.approveToken("user_data=renewed"); response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL + "?cb=1"); assertEquals(2, serviceProvider.getRequestTokenCount()); assertEquals(3, serviceProvider.getAccessTokenCount()); assertEquals(2, serviceProvider.getResourceAccessCount()); assertEquals("User data is renewed", response.getResponseAsString()); checkLogContains("oauth_token_secret=REMOVED"); }
@Test public void testAccessTokenExpired_andRevoked() throws Exception { serviceProvider.setSessionExtension(true); MakeRequestClient client = makeNonSocialClient("owner", "owner", GADGET_URL); HttpResponse response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL); assertEquals("", response.getResponseAsString()); client.approveToken("user_data=hello-oauth"); response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL); assertEquals("User data is hello-oauth", response.getResponseAsString()); assertEquals(1, serviceProvider.getRequestTokenCount()); assertEquals(1, serviceProvider.getAccessTokenCount()); assertEquals(1, serviceProvider.getResourceAccessCount()); clock.incrementSeconds(FakeOAuthServiceProvider.TOKEN_EXPIRATION_SECONDS + 1); serviceProvider.revokeAllAccessTokens(); response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL + "?cb=1"); assertEquals("", response.getResponseAsString()); assertEquals(2, serviceProvider.getRequestTokenCount()); assertEquals(2, serviceProvider.getAccessTokenCount()); assertEquals(1, serviceProvider.getResourceAccessCount()); client.approveToken("user_data=renewed"); response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL + "?cb=1"); assertEquals(2, serviceProvider.getRequestTokenCount()); assertEquals(3, serviceProvider.getAccessTokenCount()); assertEquals(2, serviceProvider.getResourceAccessCount()); assertEquals("User data is renewed", response.getResponseAsString()); checkLogContains("oauth_token_secret=REMOVED"); }
@Test public void testAccessTokenExpired_andRevoked() throws Exception { serviceProvider.setSessionExtension(true); MakeRequestClient client = makeNonSocialClient("owner", "owner", GADGET_URL); HttpResponse response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL); assertEquals("", response.getResponseAsString()); client.approveToken("user_data=hello-oauth"); response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL); assertEquals("User data is hello-oauth", response.getResponseAsString()); assertEquals(1, serviceProvider.getRequestTokenCount()); assertEquals(1, serviceProvider.getAccessTokenCount()); assertEquals(1, serviceProvider.getResourceAccessCount()); clock.incrementSeconds(FakeOAuthServiceProvider.TOKEN_EXPIRATION_SECONDS + 1); serviceProvider.revokeAllAccessTokens(); response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL + "?cb=1"); assertEquals("", response.getResponseAsString()); assertEquals(2, serviceProvider.getRequestTokenCount()); assertEquals(2, serviceProvider.getAccessTokenCount()); assertEquals(1, serviceProvider.getResourceAccessCount()); client.approveToken("user_data=renewed"); response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL + "?cb=1"); assertEquals(2, serviceProvider.getRequestTokenCount()); assertEquals(3, serviceProvider.getAccessTokenCount()); assertEquals(2, serviceProvider.getResourceAccessCount()); assertEquals("User data is renewed", response.getResponseAsString()); checkLogContains("oauth_token_secret=REMOVED"); }