@Test(expected=RuntimeException.class) public void testAccessTokenData_noDirectRequest() throws Exception { serviceProvider.setReturnAccessTokenData(true); MakeRequestClient client = makeNonSocialClient("owner", "owner", GADGET_URL); HttpResponse response = client.sendGet(FakeOAuthServiceProvider.ACCESS_TOKEN_URL); assertEquals("", response.getResponseAsString()); client.approveToken("user_data=hello-oauth"); response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL); assertEquals("User data is hello-oauth", response.getResponseAsString()); client.sendGet(FakeOAuthServiceProvider.ACCESS_TOKEN_URL); fail("Service provider should have rejected bogus request to access token URL"); }
@Test(expected=RuntimeException.class) public void testAccessTokenData_noDirectRequest() throws Exception { serviceProvider.setReturnAccessTokenData(true); MakeRequestClient client = makeNonSocialClient("owner", "owner", GADGET_URL); HttpResponse response = client.sendGet(FakeOAuthServiceProvider.ACCESS_TOKEN_URL); assertEquals("", response.getResponseAsString()); client.approveToken("user_data=hello-oauth"); response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL); assertEquals("User data is hello-oauth", response.getResponseAsString()); client.sendGet(FakeOAuthServiceProvider.ACCESS_TOKEN_URL); fail("Service provider should have rejected bogus request to access token URL"); }
@Test public void testExtraParamsRejected() throws Exception { serviceProvider.setRejectExtraParams(true); MakeRequestClient client = makeNonSocialClient("owner", "owner", GADGET_URL); HttpResponse response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL); assertEquals("parameter_rejected", response.getMetadata().get("oauthError")); }
@Test public void testExtraParamsRejected() throws Exception { serviceProvider.setRejectExtraParams(true); MakeRequestClient client = makeNonSocialClient("owner", "owner", GADGET_URL); HttpResponse response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL); assertEquals("parameter_rejected", response.getMetadata().get("oauthError")); }
@Test public void testExtraParamsSuppressed() throws Exception { serviceProvider.setRejectExtraParams(true); MakeRequestClient client = makeStrictNonSocialClient("owner", "owner", GADGET_URL); HttpResponse response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL); assertEquals("", response.getResponseAsString()); client.approveToken("user_data=hello-oauth"); response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL); assertEquals("User data is hello-oauth", response.getResponseAsString()); }
@Test public void testTrickyParametersInQuery() throws Exception { MakeRequestClient client = makeSignedFetchClient("o", "v", "http://www.example.com/app"); String tricky = "%6fpensocial_owner_id=gotcha"; HttpResponse resp = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL + '?' + tricky); assertEquals(OAuthError.INVALID_PARAMETER.name(), resp.getMetadata().get(OAuthResponseParams.ERROR_CODE)); checkStringContains("Wrong error text", resp.getMetadata().get("oauthErrorText"), "Invalid parameter name opensocial_owner_id, applications may not override " + "oauth, xoauth, or opensocial parameters"); }
@Test public void testTrickyParametersInQuery() throws Exception { MakeRequestClient client = makeSignedFetchClient("o", "v", "http://www.example.com/app"); String tricky = "%6fpensocial_owner_id=gotcha"; HttpResponse resp = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL + '?' + tricky); assertEquals(OAuthError.INVALID_PARAMETER.name(), resp.getMetadata().get(OAuthResponseParams.ERROR_CODE)); checkStringContains("Wrong error text", resp.getMetadata().get("oauthErrorText"), "Invalid parameter name opensocial_owner_id, applications may not override " + "oauth, xoauth, or opensocial parameters"); }
@Test public void testExtraParamsSuppressed() throws Exception { serviceProvider.setRejectExtraParams(true); MakeRequestClient client = makeStrictNonSocialClient("owner", "owner", GADGET_URL); HttpResponse response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL); assertEquals("", response.getResponseAsString()); client.approveToken("user_data=hello-oauth"); response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL); assertEquals("User data is hello-oauth", response.getResponseAsString()); }
@Test public void testOAuthFlow() throws Exception { MakeRequestClient client = makeNonSocialClient("owner", "owner", GADGET_URL); HttpResponse response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL); assertEquals("", response.getResponseAsString()); client.approveToken("user_data=hello-oauth"); response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL); assertEquals("User data is hello-oauth", response.getResponseAsString()); checkEmptyLog(); }
@Test public void testOAuthFlow() throws Exception { MakeRequestClient client = makeNonSocialClient("owner", "owner", GADGET_URL); HttpResponse response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL); assertEquals("", response.getResponseAsString()); client.approveToken("user_data=hello-oauth"); response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL); assertEquals("User data is hello-oauth", response.getResponseAsString()); checkEmptyLog(); }
@Test public void testValidParameterCharacters() throws Exception { MakeRequestClient client = makeSignedFetchClient("o", "v", "http://www.example.com/app"); String weird = "~!@$*()-_[]:,./"; HttpResponse resp = client.sendGet( FakeOAuthServiceProvider.RESOURCE_URL + '?' + weird + "=foo"); List<Parameter> queryParams = OAuth.decodeForm(resp.getResponseAsString()); assertTrue(contains(queryParams, weird, "foo")); }
@Test public void testOAuthFlow_unauthUser() throws Exception { MakeRequestClient client = makeNonSocialClient(null, null, GADGET_URL); HttpResponse response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL); assertEquals("", response.getResponseAsString()); assertEquals(403, response.getHttpStatusCode()); assertEquals(-1, response.getCacheTtl()); assertEquals(OAuthError.UNAUTHENTICATED.name(), response.getMetadata().get("oauthError")); }
@Test public void testOAuthFlow_unauthUser() throws Exception { MakeRequestClient client = makeNonSocialClient(null, null, GADGET_URL); HttpResponse response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL); assertEquals("", response.getResponseAsString()); assertEquals(403, response.getHttpStatusCode()); assertEquals(-1, response.getCacheTtl()); assertEquals(OAuthError.UNAUTHENTICATED.name(), response.getMetadata().get("oauthError")); }
@Test public void testGetWithQueryMultiParam() throws Exception { MakeRequestClient client = makeSignedFetchClient("o", "v", "http://www.example.com/app"); HttpResponse resp = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL + "?a=b&a=c"); List<Parameter> queryParams = OAuth.decodeForm(resp.getResponseAsString()); assertTrue(contains(queryParams, "a", "b")); assertTrue(contains(queryParams, "a", "c")); }
@Test public void testGetNoQuery() throws Exception { MakeRequestClient client = makeSignedFetchClient("o", "v", "http://www.example.com/app"); HttpResponse resp = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL); List<Parameter> queryParams = OAuth.decodeForm(resp.getResponseAsString()); assertTrue(contains(queryParams, "opensocial_owner_id", "o")); assertTrue(contains(queryParams, "opensocial_viewer_id", "v")); }
@Test public void testSignedFetch_authHeader() throws Exception { serviceProvider.setParamLocation(OAuthParamLocation.AUTH_HEADER); MakeRequestClient client = makeSignedFetchClient("o", "v", "http://www.example.com/app"); client.getBaseArgs().setRequestOption(OAuthArguments.PROGRAMMATIC_CONFIG_PARAM, "true"); client.getBaseArgs().setRequestOption(OAuthArguments.PARAM_LOCATION_PARAM, "auth-header"); HttpResponse resp = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL); String auth = resp.getHeader(FakeOAuthServiceProvider.AUTHZ_ECHO_HEADER); assertNotNull("Should have echoed authz header", auth); checkStringContains("should have opensocial params in header", auth, "opensocial_owner_id=\"o\""); }
@Test public void testNoSignViewer() throws Exception { MakeRequestClient client = makeSignedFetchClient("o", "v", "http://www.example.com/app"); client.getBaseArgs().setSignViewer(false); HttpResponse resp = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL); List<Parameter> queryParams = OAuth.decodeForm(resp.getResponseAsString()); assertTrue(contains(queryParams, "opensocial_owner_id", "o")); assertFalse(contains(queryParams, "opensocial_viewer_id", "v")); }
@Test public void testNoSignOwner() throws Exception { MakeRequestClient client = makeSignedFetchClient("o", "v", "http://www.example.com/app"); client.getBaseArgs().setSignOwner(false); HttpResponse resp = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL); List<Parameter> queryParams = OAuth.decodeForm(resp.getResponseAsString()); assertFalse(contains(queryParams, "opensocial_owner_id", "o")); assertTrue(contains(queryParams, "opensocial_viewer_id", "v")); }
@Test public void testSignedFetch_extraQueryParameters() throws Exception { MakeRequestClient client = makeSignedFetchClient("o", "v", "http://www.example.com/app"); HttpResponse resp = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL + "?foo=bar&foo=baz"); List<Parameter> queryParams = OAuth.decodeForm(resp.getResponseAsString()); assertTrue(contains(queryParams, "opensocial_owner_id", "o")); assertTrue(contains(queryParams, "opensocial_viewer_id", "v")); assertTrue(contains(queryParams, "opensocial_app_id", "app")); assertTrue(contains(queryParams, OAuth.OAUTH_CONSUMER_KEY, "signedfetch")); assertTrue(contains(queryParams, "xoauth_signature_publickey", "foo")); assertTrue(contains(queryParams, "xoauth_public_key", "foo")); }
@Test public void testSignedFetch_extraQueryParameters() throws Exception { MakeRequestClient client = makeSignedFetchClient("o", "v", "http://www.example.com/app"); HttpResponse resp = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL + "?foo=bar&foo=baz"); List<Parameter> queryParams = OAuth.decodeForm(resp.getResponseAsString()); assertTrue(contains(queryParams, "opensocial_owner_id", "o")); assertTrue(contains(queryParams, "opensocial_viewer_id", "v")); assertTrue(contains(queryParams, "opensocial_app_id", "app")); assertTrue(contains(queryParams, OAuth.OAUTH_CONSUMER_KEY, "signedfetch")); assertTrue(contains(queryParams, "xoauth_signature_publickey", "foo")); assertTrue(contains(queryParams, "xoauth_public_key", "foo")); }