[Jifty-commit] r4337 - in jifty/trunk: .
lib/Jifty/Plugin/OAuth/Action
t/TestApp-Plugin-OAuth/lib/TestApp/Plugin/OAuth
jifty-commit at lists.jifty.org
jifty-commit at lists.jifty.org
Tue Oct 30 18:34:35 EDT 2007
Author: sartak
Date: Tue Oct 30 18:34:34 2007
New Revision: 4337
Modified:
jifty/trunk/ (props changed)
jifty/trunk/lib/Jifty/Plugin/OAuth/Action/AuthorizeRequestToken.pm
jifty/trunk/t/TestApp-Plugin-OAuth/lib/TestApp/Plugin/OAuth/Dispatcher.pm
jifty/trunk/t/TestApp-Plugin-OAuth/lib/TestApp/Plugin/OAuth/Test.pm
jifty/trunk/t/TestApp-Plugin-OAuth/t/01-basic.t
jifty/trunk/t/TestApp-Plugin-OAuth/t/03-authorize.t
Log:
r44433 at onn: sartak | 2007-10-30 14:17:57 -0400
Wrote most of the authorization tests
Modified: jifty/trunk/lib/Jifty/Plugin/OAuth/Action/AuthorizeRequestToken.pm
==============================================================================
--- jifty/trunk/lib/Jifty/Plugin/OAuth/Action/AuthorizeRequestToken.pm (original)
+++ jifty/trunk/lib/Jifty/Plugin/OAuth/Action/AuthorizeRequestToken.pm Tue Oct 30 18:34:34 2007
@@ -41,6 +41,11 @@
return $self->validation_error(token => "I don't know of that request token.") unless $request_token->id;
+ if ($request_token->valid_until < Jifty::DateTime->now(time_zone => 'GMT')) {
+ $request_token->delete();
+ return $self->validation_error(token => "This request token has expired.");
+ }
+
return $self->validation_ok('token');
}
Modified: jifty/trunk/t/TestApp-Plugin-OAuth/lib/TestApp/Plugin/OAuth/Dispatcher.pm
==============================================================================
--- jifty/trunk/t/TestApp-Plugin-OAuth/lib/TestApp/Plugin/OAuth/Dispatcher.pm (original)
+++ jifty/trunk/t/TestApp-Plugin-OAuth/lib/TestApp/Plugin/OAuth/Dispatcher.pm Tue Oct 30 18:34:34 2007
@@ -5,19 +5,20 @@
my @login_required = qw{
oauth/authorize
+ nuke/?
};
my $login_required = join '|', map {"^$_"} @login_required;
$login_required = qr/$login_required/;
-before '*' => run {
+before '**' => run {
if (Jifty->web->current_user->id) {
my $top = Jifty->web->navigation;
$top->child( _('Pick!') => url => '/pick' );
$top->child( _('Choices') => url => '/choices' );
}
elsif ($1 =~ $login_required) {
- tangent 'login';
+ tangent '/login';
}
};
Modified: jifty/trunk/t/TestApp-Plugin-OAuth/lib/TestApp/Plugin/OAuth/Test.pm
==============================================================================
--- jifty/trunk/t/TestApp-Plugin-OAuth/lib/TestApp/Plugin/OAuth/Test.pm (original)
+++ jifty/trunk/t/TestApp-Plugin-OAuth/lib/TestApp/Plugin/OAuth/Test.pm Tue Oct 30 18:34:34 2007
@@ -8,7 +8,9 @@
use Crypt::OpenSSL::RSA;
use Digest::HMAC_SHA1 'hmac_sha1';
-our @EXPORT = qw($timestamp $url $mech $pubkey $seckey response_is sign get_latest_token);
+our @EXPORT = qw($timestamp $url $mech $pubkey $seckey $token_obj
+ response_is sign get_latest_token
+ allow_ok deny_ok _authorize_request_token);
sub setup {
my $class = shift;
@@ -21,6 +23,7 @@
our $mech;
our $pubkey = slurp('t/id_rsa.pub');
our $seckey = slurp('t/id_rsa');
+our $token_obj;
sub response_is {
++$timestamp;
@@ -66,12 +69,13 @@
local $Test::Builder::Level = $Test::Builder::Level + 1;
main::is($r->code, $code, $testname);
- my $token = get_latest_token();
+ undef $token_obj;
+ get_latest_token();
if ($code == 200) {
- main::ok($token, "Successfully loaded a token object with token ".$token->token.".");
+ main::ok($token_obj, "Successfully loaded a token object with token ".$token_obj->token.".");
}
else {
- main::ok(!$token, "Did not get a token");
+ main::ok(!$token_obj, "Did not get a token");
}
}
@@ -158,7 +162,7 @@
if ($mech->uri =~ /request_token/) {
$package .= 'RequestToken';
}
- elsif ($mech->uri =~ /request_token/) {
+ elsif ($mech->uri =~ /access_token/) {
$package .= 'AccessToken';
}
else {
@@ -166,7 +170,7 @@
return;
}
- my $token_obj = $package->new(current_user => Jifty::CurrentUser->superuser);
+ $token_obj = $package->new(current_user => Jifty::CurrentUser->superuser);
$token_obj->load_by_cols(token => $token);
if (!$token_obj->id) {
@@ -177,5 +181,47 @@
return $token_obj;
}
+sub allow_ok {
+ local $Test::Builder::Level = $Test::Builder::Level + 1;
+
+ my $error = _authorize_request_token('Allow');
+ ok(0, $error), return if $error;
+
+ my $name = $token_obj->consumer->name;
+ $mech->content_contains("Allowing $name to access your stuff");
+}
+
+sub deny_ok {
+ local $Test::Builder::Level = $Test::Builder::Level + 1;
+
+ my $error = _authorize_request_token('Deny');
+ ok(0, $error), return if $error;
+
+ my $name = $token_obj->consumer->name;
+ $mech->content_contains("Denying $name the right to access your stuff");
+}
+
+sub _authorize_request_token {
+ local $Test::Builder::Level = $Test::Builder::Level + 1;
+
+ my $which_button = shift
+ or die "You did not specify a button to click to _authorize_request_token";
+
+ my $token = shift || $token_obj->token;
+ $token = $token->token if ref $token;
+
+ $mech->get('/oauth/authorize')
+ or return "Unable to navigate to /oauth/authorize";;
+ $mech->content =~ /If you trust this application/
+ or return "Content did not much qr/If you trust this application/";
+ my $moniker = $mech->moniker_for('TestApp::Plugin::OAuth::Action::AuthorizeRequestToken')
+ or return "Unable to find moniker for AuthorizeRequestToken";
+ $mech->fill_in_action($moniker, token => $token)
+ or return "Unable to fill in the AuthorizeRequestToken action";
+ $mech->click_button(value => $which_button)
+ or return "Unable to click $which_button button";
+ return;
+}
+
1;
Modified: jifty/trunk/t/TestApp-Plugin-OAuth/t/01-basic.t
==============================================================================
--- jifty/trunk/t/TestApp-Plugin-OAuth/t/01-basic.t (original)
+++ jifty/trunk/t/TestApp-Plugin-OAuth/t/01-basic.t Tue Oct 30 18:34:34 2007
@@ -29,5 +29,5 @@
$mech->content_like(qr{http://oauth\.net/}, "oauth page mentions OAuth homepage");
$mech->get_ok($URL . '/oauth/authorize');
-$mech->content_like(qr{If you trust this application}, "oauth authorization page exists without fancy headers");
+$mech->content_unlike(qr{If you trust this application}, "/oauth/authorize requires being logged in");
Modified: jifty/trunk/t/TestApp-Plugin-OAuth/t/03-authorize.t
==============================================================================
--- jifty/trunk/t/TestApp-Plugin-OAuth/t/03-authorize.t (original)
+++ jifty/trunk/t/TestApp-Plugin-OAuth/t/03-authorize.t Tue Oct 30 18:34:34 2007
@@ -51,4 +51,110 @@
oauth_signature_method => 'PLAINTEXT',
);
# }}}
+# try to navigate to protected pages while not logged in {{{
+$mech->get_ok('/oauth/authorize');
+$mech->content_unlike(qr/If you trust this application/);
+
+$mech->get_ok('/nuke/the/whales');
+$mech->content_unlike(qr/Press the shiny red button/);
+# }}}
+# log in {{{
+my $u = TestApp::Plugin::OAuth::Model::User->new(current_user => TestApp::Plugin::OAuth::CurrentUser->superuser);
+$u->create( name => 'You Zer', email => 'youzer at example.com', password => 'secret', email_confirmed => 1);
+ok($u->id, "New user has valid id set");
+
+$mech->get_ok('/login');
+$mech->fill_in_action_ok($mech->moniker_for('TestApp::Plugin::OAuth::Action::Login'), email => 'youzer at example.com', password => 'secret');
+$mech->submit;
+$mech->save_content('m2.html');
+$mech->content_contains('Logout');
+# }}}
+# try to navigate to protected pages while logged in {{{
+$mech->get_ok('/oauth/authorize');
+$mech->content_like(qr/If you trust this application/);
+
+$mech->get_ok('/nuke/the/whales');
+$mech->content_like(qr/Press the shiny red button/);
+# }}}
+# deny an unknown access token {{{
+my $error = _authorize_request_token('Deny', 'deadbeef');
+if ($error) {
+ ok(0, $error);
+}
+else {
+ $mech->content_contains("I don't know of that request token.");
+}
+# }}}
+# allow an unknown access token {{{
+$error = _authorize_request_token('Allow', 'hamburger');
+if ($error) {
+ ok(0, $error);
+}
+else {
+ $mech->content_contains("I don't know of that request token.");
+}
+# }}}
+# deny the above request token {{{
+deny_ok();
+# }}}
+# try to use the denied request token {{{
+$error = _authorize_request_token('Deny');
+if ($error) {
+ ok(0, $error);
+}
+else {
+ $mech->content_contains("I don't know of that request token.");
+}
+# }}}
+# get another request token as a known consumer (PLAINTEXT) {{{
+response_is(
+ code => 200,
+ testname => "200 - plaintext signature",
+ consumer_secret => 'bar',
+ oauth_consumer_key => 'foo',
+ oauth_signature_method => 'PLAINTEXT',
+);
+# }}}
+# allow the above request token {{{
+allow_ok();
+# }}}
+# try to allow again {{{
+$error = _authorize_request_token('Allow');
+if ($error) {
+ ok(0, $error);
+}
+else {
+ $mech->content_contains("I don't know of that request token.");
+}
+# }}}
+# get another request token as a known consumer (PLAINTEXT) {{{
+response_is(
+ code => 200,
+ testname => "200 - plaintext signature",
+ consumer_secret => 'bar',
+ oauth_consumer_key => 'foo',
+ oauth_signature_method => 'PLAINTEXT',
+);
+# }}}
+# expire the token, try to allow it {{{
+my $late = Jifty::DateTime->now(time_zone => 'GMT')->subtract(minutes => 10);
+$token_obj->set_valid_until($late);
+
+$error = _authorize_request_token('Allow');
+if ($error) {
+ ok(0, $error);
+}
+else {
+ $mech->content_contains("This request token has expired.");
+}
+# }}}
+# try again, it should be deleted {{{
+$error = _authorize_request_token('Allow');
+if ($error) {
+ ok(0, $error);
+}
+else {
+ $mech->content_contains("I don't know of that request token.");
+}
+# }}}
More information about the Jifty-commit
mailing list