270 lines
13 KiB
Python
270 lines
13 KiB
Python
# -*- coding: utf-8 -*-
|
|
from oauthlib.common import Request
|
|
from oauthlib.oauth1 import (
|
|
SIGNATURE_HMAC_SHA1, SIGNATURE_HMAC_SHA256, SIGNATURE_PLAINTEXT,
|
|
SIGNATURE_RSA, SIGNATURE_TYPE_BODY, SIGNATURE_TYPE_QUERY,
|
|
)
|
|
from oauthlib.oauth1.rfc5849 import Client
|
|
|
|
from tests.unittest import TestCase
|
|
|
|
|
|
class ClientRealmTests(TestCase):
|
|
|
|
def test_client_no_realm(self):
|
|
client = Client("client-key")
|
|
uri, header, body = client.sign("http://example-uri")
|
|
self.assertTrue(
|
|
header["Authorization"].startswith('OAuth oauth_nonce='))
|
|
|
|
def test_client_realm_sign_with_default_realm(self):
|
|
client = Client("client-key", realm="moo-realm")
|
|
self.assertEqual(client.realm, "moo-realm")
|
|
uri, header, body = client.sign("http://example-uri")
|
|
self.assertTrue(
|
|
header["Authorization"].startswith('OAuth realm="moo-realm",'))
|
|
|
|
def test_client_realm_sign_with_additional_realm(self):
|
|
client = Client("client-key", realm="moo-realm")
|
|
uri, header, body = client.sign("http://example-uri", realm="baa-realm")
|
|
self.assertTrue(
|
|
header["Authorization"].startswith('OAuth realm="baa-realm",'))
|
|
# make sure sign() does not override the default realm
|
|
self.assertEqual(client.realm, "moo-realm")
|
|
|
|
|
|
class ClientConstructorTests(TestCase):
|
|
|
|
def test_convert_to_unicode_resource_owner(self):
|
|
client = Client('client-key',
|
|
resource_owner_key=b'owner key')
|
|
self.assertNotIsInstance(client.resource_owner_key, bytes)
|
|
self.assertEqual(client.resource_owner_key, 'owner key')
|
|
|
|
def test_give_explicit_timestamp(self):
|
|
client = Client('client-key', timestamp='1')
|
|
params = dict(client.get_oauth_params(Request('http://example.com')))
|
|
self.assertEqual(params['oauth_timestamp'], '1')
|
|
|
|
def test_give_explicit_nonce(self):
|
|
client = Client('client-key', nonce='1')
|
|
params = dict(client.get_oauth_params(Request('http://example.com')))
|
|
self.assertEqual(params['oauth_nonce'], '1')
|
|
|
|
def test_decoding(self):
|
|
client = Client('client_key', decoding='utf-8')
|
|
uri, headers, body = client.sign('http://a.b/path?query',
|
|
http_method='POST', body='a=b',
|
|
headers={'Content-Type': 'application/x-www-form-urlencoded'})
|
|
self.assertIsInstance(uri, bytes)
|
|
self.assertIsInstance(body, bytes)
|
|
for k, v in headers.items():
|
|
self.assertIsInstance(k, bytes)
|
|
self.assertIsInstance(v, bytes)
|
|
|
|
def test_hmac_sha1(self):
|
|
client = Client('client_key')
|
|
# instance is using the correct signer method
|
|
self.assertEqual(Client.SIGNATURE_METHODS[SIGNATURE_HMAC_SHA1],
|
|
client.SIGNATURE_METHODS[client.signature_method])
|
|
|
|
def test_hmac_sha256(self):
|
|
client = Client('client_key', signature_method=SIGNATURE_HMAC_SHA256)
|
|
# instance is using the correct signer method
|
|
self.assertEqual(Client.SIGNATURE_METHODS[SIGNATURE_HMAC_SHA256],
|
|
client.SIGNATURE_METHODS[client.signature_method])
|
|
|
|
def test_rsa(self):
|
|
client = Client('client_key', signature_method=SIGNATURE_RSA)
|
|
# instance is using the correct signer method
|
|
self.assertEqual(Client.SIGNATURE_METHODS[SIGNATURE_RSA],
|
|
client.SIGNATURE_METHODS[client.signature_method])
|
|
# don't need an RSA key to instantiate
|
|
self.assertIsNone(client.rsa_key)
|
|
|
|
|
|
class SignatureMethodTest(TestCase):
|
|
|
|
def test_hmac_sha1_method(self):
|
|
client = Client('client_key', timestamp='1234567890', nonce='abc')
|
|
u, h, b = client.sign('http://example.com')
|
|
correct = ('OAuth oauth_nonce="abc", oauth_timestamp="1234567890", '
|
|
'oauth_version="1.0", oauth_signature_method="HMAC-SHA1", '
|
|
'oauth_consumer_key="client_key", '
|
|
'oauth_signature="hH5BWYVqo7QI4EmPBUUe9owRUUQ%3D"')
|
|
self.assertEqual(h['Authorization'], correct)
|
|
|
|
def test_hmac_sha256_method(self):
|
|
client = Client('client_key', signature_method=SIGNATURE_HMAC_SHA256,
|
|
timestamp='1234567890', nonce='abc')
|
|
u, h, b = client.sign('http://example.com')
|
|
correct = ('OAuth oauth_nonce="abc", oauth_timestamp="1234567890", '
|
|
'oauth_version="1.0", oauth_signature_method="HMAC-SHA256", '
|
|
'oauth_consumer_key="client_key", '
|
|
'oauth_signature="JzgJWBxX664OiMW3WE4MEjtYwOjI%2FpaUWHqtdHe68Es%3D"')
|
|
self.assertEqual(h['Authorization'], correct)
|
|
|
|
def test_rsa_method(self):
|
|
private_key = (
|
|
"-----BEGIN RSA PRIVATE KEY-----\nMIICXgIBAAKBgQDk1/bxy"
|
|
"S8Q8jiheHeYYp/4rEKJopeQRRKKpZI4s5i+UPwVpupG\nAlwXWfzXw"
|
|
"SMaKPAoKJNdu7tqKRniqst5uoHXw98gj0x7zamu0Ck1LtQ4c7pFMVa"
|
|
"h\n5IYGhBi2E9ycNS329W27nJPWNCbESTu7snVlG8V8mfvGGg3xNjT"
|
|
"MO7IdrwIDAQAB\nAoGBAOQ2KuH8S5+OrsL4K+wfjoCi6MfxCUyqVU9"
|
|
"GxocdM1m30WyWRFMEz2nKJ8fR\np3vTD4w8yplTOhcoXdQZl0kRoaD"
|
|
"zrcYkm2VvJtQRrX7dKFT8dR8D/Tr7dNQLOXfC\nDY6xveQczE7qt7V"
|
|
"k7lp4FqmxBsaaEuokt78pOOjywZoInjZhAkEA9wz3zoZNT0/i\nrf6"
|
|
"qv2qTIeieUB035N3dyw6f1BGSWYaXSuerDCD/J1qZbAPKKhyHZbVaw"
|
|
"Ft3UMhe\n542UftBaxQJBAO0iJy1I8GQjGnS7B3yvyH3CcLYGy296+"
|
|
"XO/2xKp/d/ty1OIeovx\nC60pLNwuFNF3z9d2GVQAdoQ89hUkOtjZL"
|
|
"eMCQQD0JO6oPHUeUjYT+T7ImAv7UKVT\nSuy30sKjLzqoGw1kR+wv7"
|
|
"C5PeDRvscs4wa4CW9s6mjSrMDkDrmCLuJDtmf55AkEA\nkmaMg2PNr"
|
|
"jUR51F0zOEFycaaqXbGcFwe1/xx9zLmHzMDXd4bsnwt9kk+fe0hQzV"
|
|
"S\nJzatanQit3+feev1PN3QewJAWv4RZeavEUhKv+kLe95Yd0su7lT"
|
|
"LVduVgh4v5yLT\nGa6FHdjGPcfajt+nrpB1n8UQBEH9ZxniokR/IPv"
|
|
"dMlxqXA==\n-----END RSA PRIVATE KEY-----"
|
|
)
|
|
client = Client('client_key', signature_method=SIGNATURE_RSA,
|
|
rsa_key=private_key, timestamp='1234567890', nonce='abc')
|
|
u, h, b = client.sign('http://example.com')
|
|
correct = ('OAuth oauth_nonce="abc", oauth_timestamp="1234567890", '
|
|
'oauth_version="1.0", oauth_signature_method="RSA-SHA1", '
|
|
'oauth_consumer_key="client_key", '
|
|
'oauth_signature="ktvzkUhtrIawBcq21DRJrAyysTc3E1Zq5GdGu8EzH'
|
|
'OtbeaCmOBDLGHAcqlm92mj7xp5E1Z6i2vbExPimYAJL7FzkLnkRE5YEJR4'
|
|
'rNtIgAf1OZbYsIUmmBO%2BCLuStuu5Lg3tAluwC7XkkgoXCBaRKT1mUXzP'
|
|
'HJILzZ8iFOvS6w5E%3D"')
|
|
self.assertEqual(h['Authorization'], correct)
|
|
|
|
def test_plaintext_method(self):
|
|
client = Client('client_key',
|
|
signature_method=SIGNATURE_PLAINTEXT,
|
|
timestamp='1234567890',
|
|
nonce='abc',
|
|
client_secret='foo',
|
|
resource_owner_secret='bar')
|
|
u, h, b = client.sign('http://example.com')
|
|
correct = ('OAuth oauth_nonce="abc", oauth_timestamp="1234567890", '
|
|
'oauth_version="1.0", oauth_signature_method="PLAINTEXT", '
|
|
'oauth_consumer_key="client_key", '
|
|
'oauth_signature="foo%26bar"')
|
|
self.assertEqual(h['Authorization'], correct)
|
|
|
|
def test_invalid_method(self):
|
|
client = Client('client_key', signature_method='invalid')
|
|
self.assertRaises(ValueError, client.sign, 'http://example.com')
|
|
|
|
def test_rsa_no_key(self):
|
|
client = Client('client_key', signature_method=SIGNATURE_RSA)
|
|
self.assertRaises(ValueError, client.sign, 'http://example.com')
|
|
|
|
def test_register_method(self):
|
|
Client.register_signature_method('PIZZA',
|
|
lambda base_string, client: 'PIZZA')
|
|
|
|
self.assertIn('PIZZA', Client.SIGNATURE_METHODS)
|
|
|
|
client = Client('client_key', signature_method='PIZZA',
|
|
timestamp='1234567890', nonce='abc')
|
|
|
|
u, h, b = client.sign('http://example.com')
|
|
|
|
self.assertEqual(h['Authorization'], (
|
|
'OAuth oauth_nonce="abc", oauth_timestamp="1234567890", '
|
|
'oauth_version="1.0", oauth_signature_method="PIZZA", '
|
|
'oauth_consumer_key="client_key", '
|
|
'oauth_signature="PIZZA"'
|
|
))
|
|
|
|
|
|
class SignatureTypeTest(TestCase):
|
|
|
|
def test_params_in_body(self):
|
|
client = Client('client_key', signature_type=SIGNATURE_TYPE_BODY,
|
|
timestamp='1378988215', nonce='14205877133089081931378988215')
|
|
_, h, b = client.sign('http://i.b/path', http_method='POST', body='a=b',
|
|
headers={'Content-Type': 'application/x-www-form-urlencoded'})
|
|
self.assertEqual(h['Content-Type'], 'application/x-www-form-urlencoded')
|
|
correct = ('a=b&oauth_nonce=14205877133089081931378988215&'
|
|
'oauth_timestamp=1378988215&'
|
|
'oauth_version=1.0&'
|
|
'oauth_signature_method=HMAC-SHA1&'
|
|
'oauth_consumer_key=client_key&'
|
|
'oauth_signature=2JAQomgbShqoscqKWBiYQZwWq94%3D')
|
|
self.assertEqual(b, correct)
|
|
|
|
def test_params_in_query(self):
|
|
client = Client('client_key', signature_type=SIGNATURE_TYPE_QUERY,
|
|
timestamp='1378988215', nonce='14205877133089081931378988215')
|
|
u, _, _ = client.sign('http://i.b/path', http_method='POST')
|
|
correct = ('http://i.b/path?oauth_nonce=14205877133089081931378988215&'
|
|
'oauth_timestamp=1378988215&'
|
|
'oauth_version=1.0&'
|
|
'oauth_signature_method=HMAC-SHA1&'
|
|
'oauth_consumer_key=client_key&'
|
|
'oauth_signature=08G5Snvw%2BgDAzBF%2BCmT5KqlrPKo%3D')
|
|
self.assertEqual(u, correct)
|
|
|
|
def test_invalid_signature_type(self):
|
|
client = Client('client_key', signature_type='invalid')
|
|
self.assertRaises(ValueError, client.sign, 'http://i.b/path')
|
|
|
|
|
|
class SigningTest(TestCase):
|
|
|
|
def test_case_insensitive_headers(self):
|
|
client = Client('client_key')
|
|
# Uppercase
|
|
_, h, _ = client.sign('http://i.b/path', http_method='POST', body='',
|
|
headers={'Content-Type': 'application/x-www-form-urlencoded'})
|
|
self.assertEqual(h['Content-Type'], 'application/x-www-form-urlencoded')
|
|
|
|
# Lowercase
|
|
_, h, _ = client.sign('http://i.b/path', http_method='POST', body='',
|
|
headers={'content-type': 'application/x-www-form-urlencoded'})
|
|
self.assertEqual(h['content-type'], 'application/x-www-form-urlencoded')
|
|
|
|
# Capitalized
|
|
_, h, _ = client.sign('http://i.b/path', http_method='POST', body='',
|
|
headers={'Content-type': 'application/x-www-form-urlencoded'})
|
|
self.assertEqual(h['Content-type'], 'application/x-www-form-urlencoded')
|
|
|
|
# Random
|
|
_, h, _ = client.sign('http://i.b/path', http_method='POST', body='',
|
|
headers={'conTent-tYpe': 'application/x-www-form-urlencoded'})
|
|
self.assertEqual(h['conTent-tYpe'], 'application/x-www-form-urlencoded')
|
|
|
|
def test_sign_no_body(self):
|
|
client = Client('client_key', decoding='utf-8')
|
|
self.assertRaises(ValueError, client.sign, 'http://i.b/path',
|
|
http_method='POST', body=None,
|
|
headers={'Content-Type': 'application/x-www-form-urlencoded'})
|
|
|
|
def test_sign_body(self):
|
|
client = Client('client_key')
|
|
_, h, b = client.sign('http://i.b/path', http_method='POST', body='',
|
|
headers={'Content-Type': 'application/x-www-form-urlencoded'})
|
|
self.assertEqual(h['Content-Type'], 'application/x-www-form-urlencoded')
|
|
|
|
def test_sign_get_with_body(self):
|
|
client = Client('client_key')
|
|
for method in ('GET', 'HEAD'):
|
|
self.assertRaises(ValueError, client.sign, 'http://a.b/path?query',
|
|
http_method=method, body='a=b',
|
|
headers={
|
|
'Content-Type': 'application/x-www-form-urlencoded'
|
|
})
|
|
|
|
def test_sign_unicode(self):
|
|
client = Client('client_key', nonce='abc', timestamp='abc')
|
|
_, h, b = client.sign('http://i.b/path', http_method='POST',
|
|
body='status=%E5%95%A6%E5%95%A6',
|
|
headers={'Content-Type': 'application/x-www-form-urlencoded'})
|
|
self.assertEqual(b, 'status=%E5%95%A6%E5%95%A6')
|
|
self.assertIn('oauth_signature="yrtSqp88m%2Fc5UDaucI8BXK4oEtk%3D"', h['Authorization'])
|
|
_, h, b = client.sign('http://i.b/path', http_method='POST',
|
|
body='status=%C3%A6%C3%A5%C3%B8',
|
|
headers={'Content-Type': 'application/x-www-form-urlencoded'})
|
|
self.assertEqual(b, 'status=%C3%A6%C3%A5%C3%B8')
|
|
self.assertIn('oauth_signature="oG5t3Eg%2FXO5FfQgUUlTtUeeZzvk%3D"', h['Authorization'])
|