[Jifty-commit] r5094 - in jifty/trunk: . lib/Jifty/Plugin/OAuth t/TestApp-Plugin-OAuth/lib/TestApp/Plugin/OAuth
Jifty commits
jifty-commit at lists.jifty.org
Mon Feb 11 15:02:22 EST 2008
Author: sartak
Date: Mon Feb 11 15:02:17 2008
New Revision: 5094
Modified:
jifty/trunk/ (props changed)
jifty/trunk/lib/Jifty/Plugin/OAuth/Dispatcher.pm
jifty/trunk/t/TestApp-Plugin-OAuth/lib/TestApp/Plugin/OAuth/Test.pm
jifty/trunk/t/TestApp-Plugin-OAuth/t/05-protected-resource.t
Log:
r51758 at onn: sartak | 2008-02-11 15:01:04 -0500
Keep track of whether we are OAuthed in the stash (this may move in the future, since current_user_can will probably want it)
More tests, especially "don't let consumers oauth tokens while oauthed"
Modified: jifty/trunk/lib/Jifty/Plugin/OAuth/Dispatcher.pm
==============================================================================
--- jifty/trunk/lib/Jifty/Plugin/OAuth/Dispatcher.pm (original)
+++ jifty/trunk/lib/Jifty/Plugin/OAuth/Dispatcher.pm Mon Feb 11 15:02:17 2008
@@ -100,6 +100,7 @@
sub authorize {
my @params = qw/token callback/;
+ abortmsg(403, "Cannot authorize tokens as an OAuthed user") if Jifty->handler->stash->{oauth};
set no_abort => 1;
my %oauth_params = get_parameters(@params);
@@ -126,6 +127,7 @@
=cut
sub authorize_post {
+ abortmsg(403, "Cannot authorize tokens as an OAuthed user") if Jifty->handler->stash->{oauth};
my $result = Jifty->web->response->result("authorize_request_token");
unless ($result && $result->success) {
redirect '/oauth/authorize';
@@ -256,6 +258,7 @@
abortmsg(undef, "Invalid signature (type: $oauth_params{signature_method})."), return unless $request->verify;
$consumer->made_request(@oauth_params{qw/timestamp nonce/});
+ Jifty->handler->stash->{oauth} = 1;
Jifty->web->temporary_current_user(Jifty->app_class('CurrentUser')->new(id => $access_token->auth_as));
}
Modified: jifty/trunk/t/TestApp-Plugin-OAuth/lib/TestApp/Plugin/OAuth/Test.pm
==============================================================================
--- jifty/trunk/t/TestApp-Plugin-OAuth/lib/TestApp/Plugin/OAuth/Test.pm (original)
+++ jifty/trunk/t/TestApp-Plugin-OAuth/lib/TestApp/Plugin/OAuth/Test.pm Mon Feb 11 15:02:17 2008
@@ -62,6 +62,7 @@
my $code = delete $params{code};
my $testname = delete $params{testname} || "Response was $code";
+ my $no_token = delete $params{no_token};
my $method = delete $params{method};
my $params_in = delete $params{params_in};
my $token_secret = delete $params{token_secret};
@@ -100,12 +101,13 @@
if ($url =~ /oauth/) {
undef $token_obj;
get_latest_token();
- if ($code == 200) {
- main::ok($token_obj, "Successfully loaded a token object with token ".$token_obj->token.".");
- }
- else {
+
+ if ($no_token || $code != 200) {
main::ok(!$token_obj, "Did not get a token");
}
+ elsif ($code == 200) {
+ main::ok($token_obj, "Successfully loaded a token object with token ".$token_obj->token.".");
+ }
}
return $cmech->content;
@@ -287,7 +289,7 @@
sub get_access_token {
local $Test::Builder::Level = $Test::Builder::Level + 1;
- get_authorized_token();
+ get_authorized_token() unless shift;
response_is(
url => '/oauth/access_token',
code => 200,
Modified: jifty/trunk/t/TestApp-Plugin-OAuth/t/05-protected-resource.t
==============================================================================
--- jifty/trunk/t/TestApp-Plugin-OAuth/t/05-protected-resource.t (original)
+++ jifty/trunk/t/TestApp-Plugin-OAuth/t/05-protected-resource.t Mon Feb 11 15:02:17 2008
@@ -5,7 +5,7 @@
use Test::More;
BEGIN {
if (eval { require Net::OAuth::Request; require Crypt::OpenSSL::RSA; 1 }) {
- plan tests => 31;
+ plan tests => 58;
}
else {
plan skip_all => "Net::OAuth or Crypt::OpenSSL::RSA isn't installed";
@@ -119,3 +119,71 @@
$cmech->content_lacks("Press the shiny red button", "did NOT get to a protected page");
$cmech->content_lacks("human #1.", "did NOT get to a protected page");
# }}}
+# basic protected request {{{
+get_access_token();
+my $good_token = $token_obj;
+
+response_is(
+ url => '/nuke/the/whales',
+ code => 200,
+ testname => "200 - protected resource request",
+ consumer_secret => 'bar',
+ oauth_consumer_key => 'foo',
+ oauth_signature_method => 'PLAINTEXT',
+ oauth_token => $good_token->token,
+ token_secret => $good_token->secret,
+);
+$cmech->content_contains("Press the shiny red button", "got to a protected page");
+$cmech->content_contains("human #1.", "correct current_user");
+# }}}
+# authorizing an access token through a protected resource request {{{
+my $request_token = get_request_token();
+$umech->get_ok('/oauth/authorize');
+$umech->content_like(qr/If you trust this application/);
+
+response_is(
+ url => '/oauth/authorize',
+ code => 403,
+ testname => "403 - not able to get to /oauth/authorize",
+ no_token => 1,
+ consumer_secret => 'bar',
+ oauth_consumer_key => 'foo',
+ oauth_signature_method => 'PLAINTEXT',
+ oauth_token => $good_token->token,
+ token_secret => $good_token->secret,
+);
+# }}}
+# the original user can still authorize tokens {{{
+$token_obj = $request_token;
+allow_ok();
+get_access_token(1);
+# }}}
+# consumer can use either token {{{
+response_is(
+ url => '/nuke/the/whales',
+ code => 200,
+ testname => "200 - protected resource request",
+ consumer_secret => 'bar',
+ oauth_consumer_key => 'foo',
+ oauth_signature_method => 'PLAINTEXT',
+ oauth_token => $token_obj->token,
+ token_secret => $token_obj->secret,
+);
+$cmech->content_contains("Press the shiny red button", "got to a protected page");
+$cmech->content_contains("human #1.", "correct current_user");
+
+$token_obj = $good_token;
+response_is(
+ url => '/nuke/the/whales',
+ code => 200,
+ testname => "200 - protected resource request",
+ consumer_secret => 'bar',
+ oauth_consumer_key => 'foo',
+ oauth_signature_method => 'PLAINTEXT',
+ oauth_token => $good_token->token,
+ token_secret => $good_token->secret,
+);
+$cmech->content_contains("Press the shiny red button", "got to a protected page");
+$cmech->content_contains("human #1.", "correct current_user");
+
+# }}}
More information about the Jifty-commit
mailing list