[Jifty-commit] r4352 - in jifty/trunk: . lib/Jifty/Plugin/OAuth
lib/Jifty/Plugin/OAuth/Model
jifty-commit at lists.jifty.org
jifty-commit at lists.jifty.org
Wed Oct 31 18:07:42 EDT 2007
Author: sartak
Date: Wed Oct 31 18:07:41 2007
New Revision: 4352
Modified:
jifty/trunk/ (props changed)
jifty/trunk/lib/Jifty/Plugin/OAuth/Dispatcher.pm
jifty/trunk/lib/Jifty/Plugin/OAuth/Model/Consumer.pm
jifty/trunk/lib/Jifty/Plugin/OAuth/Model/RequestToken.pm
jifty/trunk/t/TestApp-Plugin-OAuth/t/02-request-token.t
jifty/trunk/t/TestApp-Plugin-OAuth/t/03-authorize.t
jifty/trunk/t/TestApp-Plugin-OAuth/t/04-access-token.t
Log:
r44475 at onn: sartak | 2007-10-31 18:07:21 -0400
Various refactors and cleanups
Request tokens are now properly set to "used"
Life of a request token lengthened on authorize
Fixed duplicate timestamp/nonce check (and test)
Modified: jifty/trunk/lib/Jifty/Plugin/OAuth/Dispatcher.pm
==============================================================================
--- jifty/trunk/lib/Jifty/Plugin/OAuth/Dispatcher.pm (original)
+++ jifty/trunk/lib/Jifty/Plugin/OAuth/Dispatcher.pm Wed Oct 31 18:07:41 2007
@@ -181,6 +181,8 @@
if $@ || !defined($token) || !$ok;
$consumer->made_request(@oauth_params{qw/timestamp nonce/});
+ $request_token->set_used('t');
+
set oauth_response => {
oauth_token => $token->token,
oauth_token_secret => $token->secret
Modified: jifty/trunk/lib/Jifty/Plugin/OAuth/Model/Consumer.pm
==============================================================================
--- jifty/trunk/lib/Jifty/Plugin/OAuth/Model/Consumer.pm (original)
+++ jifty/trunk/lib/Jifty/Plugin/OAuth/Model/Consumer.pm Wed Oct 31 18:07:41 2007
@@ -118,7 +118,7 @@
sub made_request {
my ($self, $timestamp, $nonce) = @_;
$self->set_last_timestamp($timestamp);
- $self->nonces->{$nonce} = 1;
+ $self->set_nonces({ %{$self->nonces}, $nonce => 1 });
}
1;
Modified: jifty/trunk/lib/Jifty/Plugin/OAuth/Model/RequestToken.pm
==============================================================================
--- jifty/trunk/lib/Jifty/Plugin/OAuth/Model/RequestToken.pm (original)
+++ jifty/trunk/lib/Jifty/Plugin/OAuth/Model/RequestToken.pm Wed Oct 31 18:07:41 2007
@@ -57,13 +57,15 @@
=head2 after_set_authorized
-This will set the C<authorized_by> to the current user.
+This will set the C<authorized_by> to the current user. It will also refresh
+the valid_until to be active for another hour.
=cut
sub after_set_authorized {
my $self = shift;
$self->set_authorized_by(Jifty->web->current_user->id);
+ $self->set_valid_until(DateTime->now->add(hours => 1));
}
=head2 can_trade_for_access_token
Modified: jifty/trunk/t/TestApp-Plugin-OAuth/t/02-request-token.t
==============================================================================
--- jifty/trunk/t/TestApp-Plugin-OAuth/t/02-request-token.t (original)
+++ jifty/trunk/t/TestApp-Plugin-OAuth/t/02-request-token.t Wed Oct 31 18:07:41 2007
@@ -8,7 +8,7 @@
use TestApp::Plugin::OAuth::Test;
if (eval { require Net::OAuth::Request; require Crypt::OpenSSL::RSA; 1 }) {
- plan tests => 56;
+ plan tests => 59;
}
else {
plan skip_all => "Net::OAuth isn't installed";
@@ -162,17 +162,6 @@
oauth_signature => 'hello ^____^',
);
# }}}
-# duplicate timestamp and nonce {{{
-response_is(
- code => 401,
- testname => "401 - duplicate timestamp and nonce",
- consumer_secret => 'bar',
- oauth_consumer_key => 'foo',
- oauth_timestamp => 1,
- oauth_nonce => 1,
- oauth_signature_method => 'PLAINTEXT',
-);
-# }}}
# unknown signature method {{{
response_is(
code => 400,
@@ -275,3 +264,20 @@
);
# }}}
+# duplicate timestamp and nonce {{{
+response_is(
+ code => 200,
+ testname => "200 - plaintext signature",
+ consumer_secret => 'bar',
+ oauth_consumer_key => 'foo',
+ oauth_signature_method => 'PLAINTEXT',
+);
+--$timestamp;
+response_is(
+ code => 401,
+ testname => "401 - duplicate timestamp and nonce",
+ consumer_secret => 'bar',
+ oauth_consumer_key => 'foo',
+ oauth_signature_method => 'PLAINTEXT',
+);
+# }}}
Modified: jifty/trunk/t/TestApp-Plugin-OAuth/t/03-authorize.t
==============================================================================
--- jifty/trunk/t/TestApp-Plugin-OAuth/t/03-authorize.t (original)
+++ jifty/trunk/t/TestApp-Plugin-OAuth/t/03-authorize.t Wed Oct 31 18:07:41 2007
@@ -8,7 +8,7 @@
use TestApp::Plugin::OAuth::Test;
if (eval { require Net::OAuth::Request; require Crypt::OpenSSL::RSA; 1 }) {
- plan tests => 81;
+ plan tests => 86;
}
else {
plan skip_all => "Net::OAuth isn't installed";
@@ -22,6 +22,21 @@
$mech = Jifty::Test::WWW::Mechanize->new();
$url = $URL . '/oauth/request_token';
+# helper functions {{{
+sub get_request_token {
+ local $Test::Builder::Level = $Test::Builder::Level + 1;
+
+ response_is(
+ code => 200,
+ testname => "200 - plaintext signature",
+ consumer_secret => 'bar',
+ oauth_consumer_key => 'foo',
+ oauth_signature_method => 'PLAINTEXT',
+ @_,
+ );
+ return $token_obj;
+}
+# }}}
# create some consumers {{{
my $consumer = Jifty::Plugin::OAuth::Model::Consumer->new(current_user => Jifty::CurrentUser->superuser);
my ($ok, $msg) = $consumer->create(
@@ -42,17 +57,8 @@
);
ok($ok, $msg);
# }}}
-# get a request token as a known consumer (PLAINTEXT) {{{
-response_is(
- code => 200,
- testname => "200 - plaintext signature",
- consumer_secret => 'bar',
- oauth_consumer_key => 'foo',
- oauth_signature_method => 'PLAINTEXT',
-);
-# }}}
# try to navigate to protected pages while not logged in {{{
-$mech->get_ok('/oauth/authorize');
+$mech->get_ok($URL . '/oauth/authorize');
$mech->content_unlike(qr/If you trust this application/);
$mech->get_ok('/oauth/authorized');
@@ -99,7 +105,8 @@
$mech->content_contains("I don't know of that request token.");
}
# }}}
-# deny the above request token {{{
+# deny request token {{{
+get_request_token();
deny_ok();
# }}}
# try to use the denied request token {{{
@@ -111,16 +118,8 @@
$mech->content_contains("I don't know of that request token.");
}
# }}}
-# get another request token as a known consumer (PLAINTEXT) {{{
-response_is(
- code => 200,
- testname => "200 - plaintext signature",
- consumer_secret => 'bar',
- oauth_consumer_key => 'foo',
- oauth_signature_method => 'PLAINTEXT',
-);
-# }}}
-# allow the above request token {{{
+# allow request token {{{
+get_request_token();
allow_ok();
# }}}
# try to allow again {{{
@@ -132,16 +131,9 @@
$mech->content_contains("I don't know of that request token.");
}
# }}}
-# get another request token as a known consumer (PLAINTEXT) {{{
-response_is(
- code => 200,
- testname => "200 - plaintext signature",
- consumer_secret => 'bar',
- oauth_consumer_key => 'foo',
- oauth_signature_method => 'PLAINTEXT',
-);
-# }}}
-# expire the token, try to allow it {{{
+# expire a token, try to allow it {{{
+get_request_token();
+
my $late = Jifty::DateTime->now(time_zone => 'GMT')->subtract(minutes => 10);
$token_obj->set_valid_until($late);
@@ -163,16 +155,8 @@
}
# }}}
-# get another request token as a known consumer (PLAINTEXT) {{{
-response_is(
- code => 200,
- testname => "200 - plaintext signature",
- consumer_secret => 'bar',
- oauth_consumer_key => 'foo',
- oauth_signature_method => 'PLAINTEXT',
-);
-# }}}
-# deny it with a request parameter {{{
+# deny token with a request parameter {{{
+get_request_token();
$mech->get_ok('/oauth/authorize?oauth_token=' . $token_obj->token);
$mech->content_like(qr/If you trust this application/);
$mech->content_unlike(qr/should have provided it/, "token hint doesn't show up if we already have it");
@@ -186,16 +170,8 @@
$mech->content_contains("To return to");
$mech->content_contains("FooBar Industries");
# }}}
-# get another request token as a known consumer (PLAINTEXT) {{{
-response_is(
- code => 200,
- testname => "200 - plaintext signature",
- consumer_secret => 'bar',
- oauth_consumer_key => 'foo',
- oauth_signature_method => 'PLAINTEXT',
-);
-# }}}
-# allow it with a request parameter {{{
+# allow token with a request parameter {{{
+get_request_token();
$mech->get_ok('/oauth/authorize?oauth_token=' . $token_obj->token);
$mech->content_like(qr/If you trust this application/);
$mech->content_unlike(qr/should have provided it/, "token hint doesn't show up if we already have it");
@@ -209,16 +185,8 @@
$mech->content_contains("To return to");
$mech->content_contains("FooBar Industries");
# }}}
-# get another request token as a known consumer (PLAINTEXT) {{{
-response_is(
- code => 200,
- testname => "200 - plaintext signature",
- consumer_secret => 'bar',
- oauth_consumer_key => 'foo',
- oauth_signature_method => 'PLAINTEXT',
-);
-# }}}
-# deny it with a callback {{{
+# deny token with a callback {{{
+get_request_token();
$mech->get_ok('/oauth/authorize?oauth_callback=http%3A%2f%2fgoogle.com');
$mech->content_like(qr/If you trust this application/);
@@ -231,16 +199,8 @@
$mech->content_contains("To return to");
$mech->content_contains("FooBar Industries");
# }}}
-# get another request token as a known consumer (PLAINTEXT) {{{
-response_is(
- code => 200,
- testname => "200 - plaintext signature",
- consumer_secret => 'bar',
- oauth_consumer_key => 'foo',
- oauth_signature_method => 'PLAINTEXT',
-);
-# }}}
# deny it with a callback + request params {{{
+get_request_token();
$mech->get_ok('/oauth/authorize?oauth_token='.$token_obj->token.'&oauth_callback=http%3A%2F%2Fgoogle.com%2F%3Ffoo%3Dbar');
$mech->content_like(qr/If you trust this application/);
$mech->content_unlike(qr/should have provided it/, "token hint doesn't show up if we already have it");
@@ -256,3 +216,27 @@
$mech->content_contains("FooBar Industries");
# }}}
+# authorizing a token refreshes its valid_until {{{
+get_request_token();
+my $in_ten = DateTime->now(time_zone => "GMT")->add(minutes => 10);
+$token_obj->set_valid_until($in_ten->clone);
+
+my $id = $token_obj->id;
+undef $token_obj;
+$token_obj = Jifty::Plugin::OAuth::Model::RequestToken->new(current_user => Jifty::CurrentUser->superuser);
+$token_obj->load($id);
+
+allow_ok();
+
+undef $token_obj;
+$token_obj = Jifty::Plugin::OAuth::Model::RequestToken->new(current_user => Jifty::CurrentUser->superuser);
+$token_obj->load($id);
+
+my $difference = $token_obj->valid_until - $in_ten;
+
+TODO: {
+ local $TODO = "some kind of caching issue, serverside it works fine";
+ ok($difference->minutes > 15, "valid for more than 15 minutes");
+}
+# }}}
+
Modified: jifty/trunk/t/TestApp-Plugin-OAuth/t/04-access-token.t
==============================================================================
--- jifty/trunk/t/TestApp-Plugin-OAuth/t/04-access-token.t (original)
+++ jifty/trunk/t/TestApp-Plugin-OAuth/t/04-access-token.t Wed Oct 31 18:07:41 2007
@@ -8,7 +8,7 @@
use TestApp::Plugin::OAuth::Test;
if (eval { require Net::OAuth::Request; require Crypt::OpenSSL::RSA; 1 }) {
- plan tests => 45;
+ plan tests => 71;
}
else {
plan skip_all => "Net::OAuth isn't installed";
@@ -35,12 +35,14 @@
oauth_signature_method => 'PLAINTEXT',
@_,
);
+ return $token_obj;
}
sub get_authorized_token {
local $Test::Builder::Level = $Test::Builder::Level + 1;
get_request_token(@_);
allow_ok();
+ return $token_obj;
}
# }}}
# setup {{{
@@ -142,4 +144,58 @@
oauth_nonce => 'kjfh',
);
# }}}
+# duplicate timestamp and nonce as previous access token {{{
+get_authorized_token();
+$timestamp -= 2;
+response_is(
+ code => 401,
+ testname => "401 - duplicate ts/nonce as previous access",
+ consumer_secret => 'bar',
+ oauth_consumer_key => 'foo',
+ oauth_signature_method => 'PLAINTEXT',
+);
+$timestamp += 100;
+# }}}
+# duplicate timestamp and nonce as request token {{{
+get_authorized_token();
+--$timestamp;
+response_is(
+ code => 401,
+ testname => "401 - duplicate ts/nonce for request token",
+ consumer_secret => 'bar',
+ oauth_consumer_key => 'foo',
+ oauth_signature_method => 'PLAINTEXT',
+);
+# }}}
+# same request token {{{
+$token_obj = $request_token;
+response_is(
+ code => 401,
+ testname => "401 - already used",
+ consumer_secret => 'bar',
+ oauth_consumer_key => 'foo',
+ oauth_signature_method => 'PLAINTEXT',
+);
+# }}}
+# expired request token {{{
+get_authorized_token();
+$token_obj->set_valid_until(DateTime->now(time_zone => "GMT")->subtract(days => 1));
+response_is(
+ code => 401,
+ testname => "401 - expired",
+ consumer_secret => 'bar',
+ oauth_consumer_key => 'foo',
+ oauth_signature_method => 'PLAINTEXT',
+);
+# }}}
+# wrong consumer secret {{{
+get_authorized_token();
+response_is(
+ code => 401,
+ testname => "401 - wrong secret",
+ consumer_secret => 'bah!',
+ oauth_consumer_key => 'foo',
+ oauth_signature_method => 'PLAINTEXT',
+);
+# }}}
More information about the Jifty-commit
mailing list