@Test public void testGetWithFormEncodedBody() throws Exception { MakeRequestClient client = makeSignedFetchClient("o", "v", "http://www.example.com/app"); HttpResponse resp = client.sendGetWithBody(FakeOAuthServiceProvider.RESOURCE_URL, OAuth.FORM_ENCODED, "war=peace&yes=no".getBytes()); assertEquals("war=peace&yes=no", resp.getHeader(FakeOAuthServiceProvider.BODY_ECHO_HEADER)); }
@Test public void testGetWithFormEncodedBody() throws Exception { MakeRequestClient client = makeSignedFetchClient("o", "v", "http://www.example.com/app"); HttpResponse resp = client.sendGetWithBody(FakeOAuthServiceProvider.RESOURCE_URL, OAuth.FORM_ENCODED, "war=peace&yes=no".getBytes()); assertEquals("war=peace&yes=no", resp.getHeader(FakeOAuthServiceProvider.BODY_ECHO_HEADER)); }
@Test public void testGetWithFormEncodedBody() throws Exception { MakeRequestClient client = makeSignedFetchClient("o", "v", "http://www.example.com/app"); HttpResponse resp = client.sendGetWithBody(FakeOAuthServiceProvider.RESOURCE_URL, OAuth.FORM_ENCODED, "war=peace&yes=no".getBytes()); assertEquals("war=peace&yes=no", resp.getHeader(FakeOAuthServiceProvider.BODY_ECHO_HEADER)); }
@Test(expected=RuntimeException.class) public void testGetTamperedFormContent() throws Exception { MakeRequestClient client = makeSignedFetchClient("o", "v", "http://www.example.com/app"); // Tamper with the body before it hits the service provider client.setNextFetcher(new HttpFetcher() { public HttpResponse fetch(HttpRequest request) throws GadgetException { request.setPostBody("foo=quux".getBytes()); return serviceProvider.fetch(request); } }); client.sendGetWithBody(FakeOAuthServiceProvider.RESOURCE_URL, OAuth.FORM_ENCODED, "foo=bar".getBytes()); fail("Should have thrown with oauth signature mismatch"); }
@Test(expected=RuntimeException.class) public void testGetTamperedFormContent() throws Exception { MakeRequestClient client = makeSignedFetchClient("o", "v", "http://www.example.com/app"); // Tamper with the body before it hits the service provider client.setNextFetcher(new HttpFetcher() { public HttpResponse fetch(HttpRequest request) throws GadgetException { request.setPostBody("foo=quux".getBytes()); return serviceProvider.fetch(request); } }); client.sendGetWithBody(FakeOAuthServiceProvider.RESOURCE_URL, OAuth.FORM_ENCODED, "foo=bar".getBytes()); fail("Should have thrown with oauth signature mismatch"); }
@Test(expected=RuntimeException.class) public void testGetTamperedFormContent() throws Exception { MakeRequestClient client = makeSignedFetchClient("o", "v", "http://www.example.com/app"); // Tamper with the body before it hits the service provider client.setNextFetcher(new HttpFetcher() { public HttpResponse fetch(HttpRequest request) throws GadgetException { request.setPostBody("foo=quux".getBytes()); return serviceProvider.fetch(request); } }); client.sendGetWithBody(FakeOAuthServiceProvider.RESOURCE_URL, OAuth.FORM_ENCODED, "foo=bar".getBytes()); fail("Should have thrown with oauth signature mismatch"); }
@Test(expected=RuntimeException.class) public void testGetTamperedRemoveRawContent() throws Exception { byte[] raw = { 0, 1, 2, 3, 4, 5 }; MakeRequestClient client = makeSignedFetchClient("o", "v", "http://www.example.com/app"); // Tamper with the body before it hits the service provider client.setNextFetcher(new HttpFetcher() { public HttpResponse fetch(HttpRequest request) throws GadgetException { request.setPostBody(ArrayUtils.EMPTY_BYTE_ARRAY); request.setHeader("Content-Type", "application/x-www-form-urlencoded"); return serviceProvider.fetch(request); } }); client.sendGetWithBody(FakeOAuthServiceProvider.RESOURCE_URL, "funky-content", raw); fail("Should have thrown with body hash in form encoded request"); }
@Test(expected=RuntimeException.class) public void testGetTamperedRemoveRawContent() throws Exception { byte[] raw = { 0, 1, 2, 3, 4, 5 }; MakeRequestClient client = makeSignedFetchClient("o", "v", "http://www.example.com/app"); // Tamper with the body before it hits the service provider client.setNextFetcher(new HttpFetcher() { public HttpResponse fetch(HttpRequest request) throws GadgetException { request.setPostBody(ArrayUtils.EMPTY_BYTE_ARRAY); request.setHeader("Content-Type", "application/x-www-form-urlencoded"); return serviceProvider.fetch(request); } }); client.sendGetWithBody(FakeOAuthServiceProvider.RESOURCE_URL, "funky-content", raw); fail("Should have thrown with body hash in form encoded request"); }
@Test(expected=RuntimeException.class) public void testGetTamperedRemoveRawContent() throws Exception { byte[] raw = { 0, 1, 2, 3, 4, 5 }; MakeRequestClient client = makeSignedFetchClient("o", "v", "http://www.example.com/app"); // Tamper with the body before it hits the service provider client.setNextFetcher(new HttpFetcher() { public HttpResponse fetch(HttpRequest request) throws GadgetException { request.setPostBody(ArrayUtils.EMPTY_BYTE_ARRAY); request.setHeader("Content-Type", "application/x-www-form-urlencoded"); return serviceProvider.fetch(request); } }); client.sendGetWithBody(FakeOAuthServiceProvider.RESOURCE_URL, "funky-content", raw); fail("Should have thrown with body hash in form encoded request"); }
@Test public void testGetTamperedRawContent() throws Exception { byte[] raw = { 0, 1, 2, 3, 4, 5 }; MakeRequestClient client = makeSignedFetchClient("o", "v", "http://www.example.com/app"); // Tamper with the body before it hits the service provider client.setNextFetcher(new HttpFetcher() { public HttpResponse fetch(HttpRequest request) throws GadgetException { request.setPostBody("yo momma".getBytes()); return serviceProvider.fetch(request); } }); try { client.sendGetWithBody(FakeOAuthServiceProvider.RESOURCE_URL, "funky-content", raw); fail("Should have thrown with oauth_body_hash mismatch"); } catch (RuntimeException e) { // good } }
@Test public void testGetTamperedRawContent() throws Exception { byte[] raw = { 0, 1, 2, 3, 4, 5 }; MakeRequestClient client = makeSignedFetchClient("o", "v", "http://www.example.com/app"); // Tamper with the body before it hits the service provider client.setNextFetcher(new HttpFetcher() { public HttpResponse fetch(HttpRequest request) throws GadgetException { request.setPostBody("yo momma".getBytes()); return serviceProvider.fetch(request); } }); try { client.sendGetWithBody(FakeOAuthServiceProvider.RESOURCE_URL, "funky-content", raw); fail("Should have thrown with oauth_body_hash mismatch"); } catch (RuntimeException e) { // good } }
@Test public void testGetWithRawBody() throws Exception { MakeRequestClient client = makeSignedFetchClient("o", "v", "http://www.example.com/app"); HttpResponse resp = client.sendGetWithBody(FakeOAuthServiceProvider.RESOURCE_URL, "application/json", "war=peace&yes=no".getBytes()); assertEquals("war=peace&yes=no", resp.getHeader(FakeOAuthServiceProvider.BODY_ECHO_HEADER)); List<Parameter> queryParams = OAuth.decodeForm(resp.getResponseAsString()); checkContains(queryParams, "oauth_body_hash", "MfhwxPN6ns5CwQAZN9OcJXu3Jv4="); }
@Test public void testGetWithRawBody() throws Exception { MakeRequestClient client = makeSignedFetchClient("o", "v", "http://www.example.com/app"); HttpResponse resp = client.sendGetWithBody(FakeOAuthServiceProvider.RESOURCE_URL, "application/json", "war=peace&yes=no".getBytes()); assertEquals("war=peace&yes=no", resp.getHeader(FakeOAuthServiceProvider.BODY_ECHO_HEADER)); List<Parameter> queryParams = OAuth.decodeForm(resp.getResponseAsString()); checkContains(queryParams, "oauth_body_hash", "MfhwxPN6ns5CwQAZN9OcJXu3Jv4="); }
@Test public void testGetWithRawBody() throws Exception { MakeRequestClient client = makeSignedFetchClient("o", "v", "http://www.example.com/app"); HttpResponse resp = client.sendGetWithBody(FakeOAuthServiceProvider.RESOURCE_URL, "application/json", "war=peace&yes=no".getBytes()); assertEquals("war=peace&yes=no", resp.getHeader(FakeOAuthServiceProvider.BODY_ECHO_HEADER)); List<Parameter> queryParams = OAuth.decodeForm(resp.getResponseAsString()); checkContains(queryParams, "oauth_body_hash", "MfhwxPN6ns5CwQAZN9OcJXu3Jv4="); }
@Test public void testGetTamperedRawContent() throws Exception { byte[] raw = { 0, 1, 2, 3, 4, 5 }; MakeRequestClient client = makeSignedFetchClient("o", "v", "http://www.example.com/app"); // Tamper with the body before it hits the service provider client.setNextFetcher(new HttpFetcher() { public HttpResponse fetch(HttpRequest request) throws GadgetException { request.setPostBody("yo momma".getBytes()); return serviceProvider.fetch(request); } }); try { client.sendGetWithBody(FakeOAuthServiceProvider.RESOURCE_URL, "funky-content", raw); fail("Should have thrown with oauth_body_hash mismatch"); } catch (RuntimeException e) { // good } }