python-oauthlib/tests/oauth1/rfc5849/test_client.py

270 lines
13 KiB
Python

# -*- coding: utf-8 -*-
from oauthlib.common import Request
from oauthlib.oauth1 import (
SIGNATURE_HMAC_SHA1, SIGNATURE_HMAC_SHA256, SIGNATURE_PLAINTEXT,
SIGNATURE_RSA, SIGNATURE_TYPE_BODY, SIGNATURE_TYPE_QUERY,
)
from oauthlib.oauth1.rfc5849 import Client
from tests.unittest import TestCase
class ClientRealmTests(TestCase):
def test_client_no_realm(self):
client = Client("client-key")
uri, header, body = client.sign("http://example-uri")
self.assertTrue(
header["Authorization"].startswith('OAuth oauth_nonce='))
def test_client_realm_sign_with_default_realm(self):
client = Client("client-key", realm="moo-realm")
self.assertEqual(client.realm, "moo-realm")
uri, header, body = client.sign("http://example-uri")
self.assertTrue(
header["Authorization"].startswith('OAuth realm="moo-realm",'))
def test_client_realm_sign_with_additional_realm(self):
client = Client("client-key", realm="moo-realm")
uri, header, body = client.sign("http://example-uri", realm="baa-realm")
self.assertTrue(
header["Authorization"].startswith('OAuth realm="baa-realm",'))
# make sure sign() does not override the default realm
self.assertEqual(client.realm, "moo-realm")
class ClientConstructorTests(TestCase):
def test_convert_to_unicode_resource_owner(self):
client = Client('client-key',
resource_owner_key=b'owner key')
self.assertNotIsInstance(client.resource_owner_key, bytes)
self.assertEqual(client.resource_owner_key, 'owner key')
def test_give_explicit_timestamp(self):
client = Client('client-key', timestamp='1')
params = dict(client.get_oauth_params(Request('http://example.com')))
self.assertEqual(params['oauth_timestamp'], '1')
def test_give_explicit_nonce(self):
client = Client('client-key', nonce='1')
params = dict(client.get_oauth_params(Request('http://example.com')))
self.assertEqual(params['oauth_nonce'], '1')
def test_decoding(self):
client = Client('client_key', decoding='utf-8')
uri, headers, body = client.sign('http://a.b/path?query',
http_method='POST', body='a=b',
headers={'Content-Type': 'application/x-www-form-urlencoded'})
self.assertIsInstance(uri, bytes)
self.assertIsInstance(body, bytes)
for k, v in headers.items():
self.assertIsInstance(k, bytes)
self.assertIsInstance(v, bytes)
def test_hmac_sha1(self):
client = Client('client_key')
# instance is using the correct signer method
self.assertEqual(Client.SIGNATURE_METHODS[SIGNATURE_HMAC_SHA1],
client.SIGNATURE_METHODS[client.signature_method])
def test_hmac_sha256(self):
client = Client('client_key', signature_method=SIGNATURE_HMAC_SHA256)
# instance is using the correct signer method
self.assertEqual(Client.SIGNATURE_METHODS[SIGNATURE_HMAC_SHA256],
client.SIGNATURE_METHODS[client.signature_method])
def test_rsa(self):
client = Client('client_key', signature_method=SIGNATURE_RSA)
# instance is using the correct signer method
self.assertEqual(Client.SIGNATURE_METHODS[SIGNATURE_RSA],
client.SIGNATURE_METHODS[client.signature_method])
# don't need an RSA key to instantiate
self.assertIsNone(client.rsa_key)
class SignatureMethodTest(TestCase):
def test_hmac_sha1_method(self):
client = Client('client_key', timestamp='1234567890', nonce='abc')
u, h, b = client.sign('http://example.com')
correct = ('OAuth oauth_nonce="abc", oauth_timestamp="1234567890", '
'oauth_version="1.0", oauth_signature_method="HMAC-SHA1", '
'oauth_consumer_key="client_key", '
'oauth_signature="hH5BWYVqo7QI4EmPBUUe9owRUUQ%3D"')
self.assertEqual(h['Authorization'], correct)
def test_hmac_sha256_method(self):
client = Client('client_key', signature_method=SIGNATURE_HMAC_SHA256,
timestamp='1234567890', nonce='abc')
u, h, b = client.sign('http://example.com')
correct = ('OAuth oauth_nonce="abc", oauth_timestamp="1234567890", '
'oauth_version="1.0", oauth_signature_method="HMAC-SHA256", '
'oauth_consumer_key="client_key", '
'oauth_signature="JzgJWBxX664OiMW3WE4MEjtYwOjI%2FpaUWHqtdHe68Es%3D"')
self.assertEqual(h['Authorization'], correct)
def test_rsa_method(self):
private_key = (
"-----BEGIN RSA PRIVATE KEY-----\nMIICXgIBAAKBgQDk1/bxy"
"S8Q8jiheHeYYp/4rEKJopeQRRKKpZI4s5i+UPwVpupG\nAlwXWfzXw"
"SMaKPAoKJNdu7tqKRniqst5uoHXw98gj0x7zamu0Ck1LtQ4c7pFMVa"
"h\n5IYGhBi2E9ycNS329W27nJPWNCbESTu7snVlG8V8mfvGGg3xNjT"
"MO7IdrwIDAQAB\nAoGBAOQ2KuH8S5+OrsL4K+wfjoCi6MfxCUyqVU9"
"GxocdM1m30WyWRFMEz2nKJ8fR\np3vTD4w8yplTOhcoXdQZl0kRoaD"
"zrcYkm2VvJtQRrX7dKFT8dR8D/Tr7dNQLOXfC\nDY6xveQczE7qt7V"
"k7lp4FqmxBsaaEuokt78pOOjywZoInjZhAkEA9wz3zoZNT0/i\nrf6"
"qv2qTIeieUB035N3dyw6f1BGSWYaXSuerDCD/J1qZbAPKKhyHZbVaw"
"Ft3UMhe\n542UftBaxQJBAO0iJy1I8GQjGnS7B3yvyH3CcLYGy296+"
"XO/2xKp/d/ty1OIeovx\nC60pLNwuFNF3z9d2GVQAdoQ89hUkOtjZL"
"eMCQQD0JO6oPHUeUjYT+T7ImAv7UKVT\nSuy30sKjLzqoGw1kR+wv7"
"C5PeDRvscs4wa4CW9s6mjSrMDkDrmCLuJDtmf55AkEA\nkmaMg2PNr"
"jUR51F0zOEFycaaqXbGcFwe1/xx9zLmHzMDXd4bsnwt9kk+fe0hQzV"
"S\nJzatanQit3+feev1PN3QewJAWv4RZeavEUhKv+kLe95Yd0su7lT"
"LVduVgh4v5yLT\nGa6FHdjGPcfajt+nrpB1n8UQBEH9ZxniokR/IPv"
"dMlxqXA==\n-----END RSA PRIVATE KEY-----"
)
client = Client('client_key', signature_method=SIGNATURE_RSA,
rsa_key=private_key, timestamp='1234567890', nonce='abc')
u, h, b = client.sign('http://example.com')
correct = ('OAuth oauth_nonce="abc", oauth_timestamp="1234567890", '
'oauth_version="1.0", oauth_signature_method="RSA-SHA1", '
'oauth_consumer_key="client_key", '
'oauth_signature="ktvzkUhtrIawBcq21DRJrAyysTc3E1Zq5GdGu8EzH'
'OtbeaCmOBDLGHAcqlm92mj7xp5E1Z6i2vbExPimYAJL7FzkLnkRE5YEJR4'
'rNtIgAf1OZbYsIUmmBO%2BCLuStuu5Lg3tAluwC7XkkgoXCBaRKT1mUXzP'
'HJILzZ8iFOvS6w5E%3D"')
self.assertEqual(h['Authorization'], correct)
def test_plaintext_method(self):
client = Client('client_key',
signature_method=SIGNATURE_PLAINTEXT,
timestamp='1234567890',
nonce='abc',
client_secret='foo',
resource_owner_secret='bar')
u, h, b = client.sign('http://example.com')
correct = ('OAuth oauth_nonce="abc", oauth_timestamp="1234567890", '
'oauth_version="1.0", oauth_signature_method="PLAINTEXT", '
'oauth_consumer_key="client_key", '
'oauth_signature="foo%26bar"')
self.assertEqual(h['Authorization'], correct)
def test_invalid_method(self):
client = Client('client_key', signature_method='invalid')
self.assertRaises(ValueError, client.sign, 'http://example.com')
def test_rsa_no_key(self):
client = Client('client_key', signature_method=SIGNATURE_RSA)
self.assertRaises(ValueError, client.sign, 'http://example.com')
def test_register_method(self):
Client.register_signature_method('PIZZA',
lambda base_string, client: 'PIZZA')
self.assertIn('PIZZA', Client.SIGNATURE_METHODS)
client = Client('client_key', signature_method='PIZZA',
timestamp='1234567890', nonce='abc')
u, h, b = client.sign('http://example.com')
self.assertEqual(h['Authorization'], (
'OAuth oauth_nonce="abc", oauth_timestamp="1234567890", '
'oauth_version="1.0", oauth_signature_method="PIZZA", '
'oauth_consumer_key="client_key", '
'oauth_signature="PIZZA"'
))
class SignatureTypeTest(TestCase):
def test_params_in_body(self):
client = Client('client_key', signature_type=SIGNATURE_TYPE_BODY,
timestamp='1378988215', nonce='14205877133089081931378988215')
_, h, b = client.sign('http://i.b/path', http_method='POST', body='a=b',
headers={'Content-Type': 'application/x-www-form-urlencoded'})
self.assertEqual(h['Content-Type'], 'application/x-www-form-urlencoded')
correct = ('a=b&oauth_nonce=14205877133089081931378988215&'
'oauth_timestamp=1378988215&'
'oauth_version=1.0&'
'oauth_signature_method=HMAC-SHA1&'
'oauth_consumer_key=client_key&'
'oauth_signature=2JAQomgbShqoscqKWBiYQZwWq94%3D')
self.assertEqual(b, correct)
def test_params_in_query(self):
client = Client('client_key', signature_type=SIGNATURE_TYPE_QUERY,
timestamp='1378988215', nonce='14205877133089081931378988215')
u, _, _ = client.sign('http://i.b/path', http_method='POST')
correct = ('http://i.b/path?oauth_nonce=14205877133089081931378988215&'
'oauth_timestamp=1378988215&'
'oauth_version=1.0&'
'oauth_signature_method=HMAC-SHA1&'
'oauth_consumer_key=client_key&'
'oauth_signature=08G5Snvw%2BgDAzBF%2BCmT5KqlrPKo%3D')
self.assertEqual(u, correct)
def test_invalid_signature_type(self):
client = Client('client_key', signature_type='invalid')
self.assertRaises(ValueError, client.sign, 'http://i.b/path')
class SigningTest(TestCase):
def test_case_insensitive_headers(self):
client = Client('client_key')
# Uppercase
_, h, _ = client.sign('http://i.b/path', http_method='POST', body='',
headers={'Content-Type': 'application/x-www-form-urlencoded'})
self.assertEqual(h['Content-Type'], 'application/x-www-form-urlencoded')
# Lowercase
_, h, _ = client.sign('http://i.b/path', http_method='POST', body='',
headers={'content-type': 'application/x-www-form-urlencoded'})
self.assertEqual(h['content-type'], 'application/x-www-form-urlencoded')
# Capitalized
_, h, _ = client.sign('http://i.b/path', http_method='POST', body='',
headers={'Content-type': 'application/x-www-form-urlencoded'})
self.assertEqual(h['Content-type'], 'application/x-www-form-urlencoded')
# Random
_, h, _ = client.sign('http://i.b/path', http_method='POST', body='',
headers={'conTent-tYpe': 'application/x-www-form-urlencoded'})
self.assertEqual(h['conTent-tYpe'], 'application/x-www-form-urlencoded')
def test_sign_no_body(self):
client = Client('client_key', decoding='utf-8')
self.assertRaises(ValueError, client.sign, 'http://i.b/path',
http_method='POST', body=None,
headers={'Content-Type': 'application/x-www-form-urlencoded'})
def test_sign_body(self):
client = Client('client_key')
_, h, b = client.sign('http://i.b/path', http_method='POST', body='',
headers={'Content-Type': 'application/x-www-form-urlencoded'})
self.assertEqual(h['Content-Type'], 'application/x-www-form-urlencoded')
def test_sign_get_with_body(self):
client = Client('client_key')
for method in ('GET', 'HEAD'):
self.assertRaises(ValueError, client.sign, 'http://a.b/path?query',
http_method=method, body='a=b',
headers={
'Content-Type': 'application/x-www-form-urlencoded'
})
def test_sign_unicode(self):
client = Client('client_key', nonce='abc', timestamp='abc')
_, h, b = client.sign('http://i.b/path', http_method='POST',
body='status=%E5%95%A6%E5%95%A6',
headers={'Content-Type': 'application/x-www-form-urlencoded'})
self.assertEqual(b, 'status=%E5%95%A6%E5%95%A6')
self.assertIn('oauth_signature="yrtSqp88m%2Fc5UDaucI8BXK4oEtk%3D"', h['Authorization'])
_, h, b = client.sign('http://i.b/path', http_method='POST',
body='status=%C3%A6%C3%A5%C3%B8',
headers={'Content-Type': 'application/x-www-form-urlencoded'})
self.assertEqual(b, 'status=%C3%A6%C3%A5%C3%B8')
self.assertIn('oauth_signature="oG5t3Eg%2FXO5FfQgUUlTtUeeZzvk%3D"', h['Authorization'])