You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shindig.apache.org by be...@apache.org on 2008/10/23 02:00:45 UTC
svn commit: r707229 - in /incubator/shindig/trunk/java:
common/src/main/java/org/apache/shindig/auth/
gadgets/src/main/java/org/apache/shindig/gadgets/oauth/
gadgets/src/test/java/org/apache/shindig/gadgets/oauth/
Author: beaton
Date: Wed Oct 22 17:00:45 2008
New Revision: 707229
URL: http://svn.apache.org/viewvc?rev=707229&view=rev
Log:
A couple more developer visible error codes for OAuth, in particular the
ability to tell when a request failed because the user is not authenticated.
Modified:
incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/BasicSecurityToken.java
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthError.java
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthFetcher.java
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/UserVisibleOAuthException.java
incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/OAuthFetcherTest.java
Modified: incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/BasicSecurityToken.java
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/BasicSecurityToken.java?rev=707229&r1=707228&r2=707229&view=diff
==============================================================================
--- incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/BasicSecurityToken.java (original)
+++ incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/BasicSecurityToken.java Wed Oct 22 17:00:45 2008
@@ -48,9 +48,6 @@
private static final String APPURL_KEY = "u";
private static final String MODULE_KEY = "m";
- /**
- * {@inheritDoc}
- */
public String toSerialForm() {
return token;
}
@@ -70,14 +67,20 @@
public BasicSecurityToken(String owner, String viewer, String app,
String domain, String appUrl, String moduleId) throws BlobCrypterException {
tokenData = new HashMap<String, String>(5,1);
- tokenData.put(OWNER_KEY, owner);
- tokenData.put(VIEWER_KEY, viewer);
- tokenData.put(APP_KEY, app);
- tokenData.put(DOMAIN_KEY, domain);
- tokenData.put(APPURL_KEY, appUrl);
- tokenData.put(MODULE_KEY, moduleId);
+ putNullSafe(OWNER_KEY, owner);
+ putNullSafe(VIEWER_KEY, viewer);
+ putNullSafe(APP_KEY, app);
+ putNullSafe(DOMAIN_KEY, domain);
+ putNullSafe(APPURL_KEY, appUrl);
+ putNullSafe(MODULE_KEY, moduleId);
token = crypter.wrap(tokenData);
}
+
+ private void putNullSafe(String key, String value) {
+ if (value != null) {
+ tokenData.put(key, value);
+ }
+ }
/**
* {@inheritDoc}
Modified: incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthError.java
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthError.java?rev=707229&r1=707228&r2=707229&view=diff
==============================================================================
--- incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthError.java (original)
+++ incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthError.java Wed Oct 22 17:00:45 2008
@@ -30,4 +30,14 @@
* The request cannot be completed for an unspecified reason.
*/
UNKNOWN_PROBLEM,
+
+ /**
+ * The user is not authenticated.
+ */
+ UNAUTHENTICATED,
+
+ /**
+ * The user is not the owner of the page.
+ */
+ NOT_OWNER,
}
Modified: incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthFetcher.java
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthFetcher.java?rev=707229&r1=707228&r2=707229&view=diff
==============================================================================
--- incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthFetcher.java (original)
+++ incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthFetcher.java Wed Oct 22 17:00:45 2008
@@ -170,6 +170,9 @@
if (!retry) {
response = pe.getResponseForGadget();
}
+ } catch (UserVisibleOAuthException e) {
+ responseParams.setError(e.getOAuthErrorCode());
+ return buildErrorResponse(e);
}
} while (retry);
@@ -272,8 +275,12 @@
String pageOwner = realRequest.getSecurityToken().getOwnerId();
String pageViewer = realRequest.getSecurityToken().getViewerId();
String stateOwner = clientState.getOwner();
+ if (pageOwner == null) {
+ throw new UserVisibleOAuthException(OAuthError.UNAUTHENTICATED, "Unauthenticated");
+ }
if (!pageOwner.equals(pageViewer)) {
- throw new UserVisibleOAuthException("Only page owners can grant OAuth approval");
+ throw new UserVisibleOAuthException(OAuthError.NOT_OWNER,
+ "Only page owners can grant OAuth approval");
}
if (stateOwner != null && !stateOwner.equals(pageOwner)) {
throw new GadgetException(GadgetException.Code.INTERNAL_SERVER_ERROR,
Modified: incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/UserVisibleOAuthException.java
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/UserVisibleOAuthException.java?rev=707229&r1=707228&r2=707229&view=diff
==============================================================================
--- incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/UserVisibleOAuthException.java (original)
+++ incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/UserVisibleOAuthException.java Wed Oct 22 17:00:45 2008
@@ -25,6 +25,8 @@
*/
public class UserVisibleOAuthException extends GadgetException {
+ private OAuthError oauthErrorCode;
+
public UserVisibleOAuthException(String msg) {
super(Code.INVALID_PARAMETER, msg);
}
@@ -32,5 +34,16 @@
public UserVisibleOAuthException(String msg, Throwable t) {
super(Code.INVALID_PARAMETER, msg, t);
}
-
+
+ public UserVisibleOAuthException(OAuthError oauthErrorCode, String msg) {
+ super(Code.INVALID_PARAMETER, msg);
+ this.oauthErrorCode = oauthErrorCode;
+ }
+
+ /**
+ * @return the OAuth error code, or null if no code was specified.
+ */
+ public OAuthError getOAuthErrorCode() {
+ return oauthErrorCode;
+ }
}
Modified: incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/OAuthFetcherTest.java
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/OAuthFetcherTest.java?rev=707229&r1=707228&r2=707229&view=diff
==============================================================================
--- incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/OAuthFetcherTest.java (original)
+++ incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/OAuthFetcherTest.java Wed Oct 22 17:00:45 2008
@@ -266,6 +266,15 @@
}
@Test
+ public void testOAuthFlow_unauthUser() throws Exception {
+ MakeRequestClient client = makeNonSocialClient(null, null, GADGET_URL);
+ HttpResponse response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL);
+ assertEquals("", response.getResponseAsString());
+ assertEquals(403, response.getHttpStatusCode());
+ assertEquals(OAuthError.UNAUTHENTICATED.toString(), response.getMetadata().get("oauthError"));
+ }
+
+ @Test
public void testAccessTokenNotUsedForSocialPage() throws Exception {
MakeRequestClient client = makeNonSocialClient("owner", "owner", GADGET_URL);
@@ -277,12 +286,10 @@
assertEquals("User data is hello-oauth", response.getResponseAsString());
MakeRequestClient friend = makeNonSocialClient("owner", "friend", GADGET_URL);
- try {
- friend.sendGet(FakeOAuthServiceProvider.RESOURCE_URL);
- fail("Attempt to use OAuth token on non-social page");
- } catch (GadgetException e) {
- // good.
- }
+ response = friend.sendGet(FakeOAuthServiceProvider.RESOURCE_URL);
+ assertEquals("", response.getResponseAsString());
+ assertEquals(403, response.getHttpStatusCode());
+ assertEquals(OAuthError.NOT_OWNER.toString(), response.getMetadata().get("oauthError"));
}
@Test