You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shindig.apache.org by be...@apache.org on 2008/09/01 02:03:10 UTC
svn commit: r690827 - in /incubator/shindig/trunk/java:
common/src/main/java/org/apache/shindig/common/util/
common/src/test/java/org/apache/shindig/common/util/
gadgets/src/main/java/org/apache/shindig/gadgets/http/
gadgets/src/main/java/org/apache/sh...
Author: beaton
Date: Sun Aug 31 17:03:09 2008
New Revision: 690827
URL: http://svn.apache.org/viewvc?rev=690827&view=rev
Log:
Add test coverage for OAuth data in post bodies and authz headers. This
turned up an interesting corner case in the OAuth spec: what are we
supposed to do with service providers who ask for OAuth data in POST
bodies when the request we're sending is a GET? I decided to deal with
this by sticking the data in the authorization header, since that stands
some chance of working.
Added:
incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/CharsetUtil.java
incubator/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/util/CharsetUtilTest.java
Modified:
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/http/HttpResponse.java
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/http/HttpResponseBuilder.java
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthFetcher.java
incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/FakeGadgetSpecFactory.java
incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/http/HttpResponseBuilderTest.java
incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/FakeOAuthServiceProvider.java
incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/OAuthFetcherTest.java
Added: incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/CharsetUtil.java
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/CharsetUtil.java?rev=690827&view=auto
==============================================================================
--- incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/CharsetUtil.java (added)
+++ incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/CharsetUtil.java Sun Aug 31 17:03:09 2008
@@ -0,0 +1,52 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.shindig.common.util;
+
+import org.apache.commons.lang.ArrayUtils;
+
+import java.nio.ByteBuffer;
+import java.nio.charset.Charset;
+import java.util.Arrays;
+
+/**
+ * Utilities for dealing with character set encoding.
+ */
+public class CharsetUtil {
+
+ /**
+ * UTF-8 Charset.
+ */
+ public static final Charset UTF8;
+
+ static {
+ UTF8 = Charset.forName("UTF-8");
+ }
+
+ /**
+ * @return UTF-8 byte array for the input string.
+ */
+ public static byte[] getUtf8Bytes(String s) {
+ if (s == null) {
+ return ArrayUtils.EMPTY_BYTE_ARRAY;
+ }
+ ByteBuffer bb = UTF8.encode(s);
+ return Arrays.copyOf(bb.array(), bb.limit());
+ }
+}
Added: incubator/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/util/CharsetUtilTest.java
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/util/CharsetUtilTest.java?rev=690827&view=auto
==============================================================================
--- incubator/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/util/CharsetUtilTest.java (added)
+++ incubator/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/util/CharsetUtilTest.java Sun Aug 31 17:03:09 2008
@@ -0,0 +1,69 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.shindig.common.util;
+
+import static org.junit.Assert.assertEquals;
+
+import org.junit.Test;
+
+import junitx.framework.ArrayAssert;
+
+/**
+ * Tests for CharsetUtil.
+ */
+public class CharsetUtilTest {
+
+ @Test
+ public void testGetUtf8String() {
+ ArrayAssert.assertEquals(new byte[] { 0x69, 0x6e }, CharsetUtil.getUtf8Bytes("in"));
+ ArrayAssert.assertEquals(new byte[] {}, CharsetUtil.getUtf8Bytes(null));
+ testStringOfLength(0);
+ testStringOfLength(10);
+ testStringOfLength(100);
+ testStringOfLength(1000);
+ }
+
+ private void testStringOfLength(int len) {
+ StringBuilder sb = new StringBuilder();
+ for (int i=0; i < len; ++i) {
+ sb.append('a');
+ }
+ byte[] out = CharsetUtil.getUtf8Bytes(sb.toString());
+ assertEquals(len, out.length);
+ for (int i=0; i < len; ++i) {
+ assertEquals('a', out[i]);
+ }
+ }
+
+
+ private static final byte[] LATIN1_UTF8_DATA = new byte[] {
+ 'G', 'a', 'm', 'e', 's', ',', ' ', 'H', 'Q', ',', ' ', 'M', 'a', 'n', 'g', (byte)0xC3,
+ (byte) 0xA1, ',', ' ', 'A', 'n', 'i', 'm', 'e', ' ', 'e', ' ', 't', 'u', 'd', 'o', ' ',
+ 'q', 'u', 'e', ' ', 'u', 'm', ' ', 'b', 'o', 'm', ' ', 'n', 'e', 'r', 'd', ' ', 'a', 'm', 'a'
+ };
+
+ private static final String LATIN1_STRING
+ = "Games, HQ, Mang\u00E1, Anime e tudo que um bom nerd ama";
+
+ @Test
+ public void testLatin1() {
+ ArrayAssert.assertEquals(LATIN1_UTF8_DATA, CharsetUtil.getUtf8Bytes(LATIN1_STRING));
+ }
+}
Modified: incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/http/HttpResponse.java
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/http/HttpResponse.java?rev=690827&r1=690826&r2=690827&view=diff
==============================================================================
--- incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/http/HttpResponse.java (original)
+++ incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/http/HttpResponse.java Sun Aug 31 17:03:09 2008
@@ -25,12 +25,10 @@
import com.ibm.icu.text.CharsetDetector;
import com.ibm.icu.text.CharsetMatch;
-import org.apache.commons.lang.ArrayUtils;
import org.apache.shindig.common.util.DateUtil;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
-import java.io.UnsupportedEncodingException;
import java.nio.ByteBuffer;
import java.nio.charset.Charset;
import java.util.Arrays;
@@ -124,18 +122,7 @@
private HttpResponse(int httpStatusCode, String body) {
this(new HttpResponseBuilder()
.setHttpStatusCode(httpStatusCode)
- .setResponse(getUtf8Bytes(body)));
- }
-
- private static byte[] getUtf8Bytes(String body) {
- try {
- if (body == null) {
- return ArrayUtils.EMPTY_BYTE_ARRAY;
- }
- return body.getBytes(DEFAULT_ENCODING);
- } catch (UnsupportedEncodingException e) {
- throw new RuntimeException(e);
- }
+ .setResponseString(body));
}
public HttpResponse(String body) {
Modified: incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/http/HttpResponseBuilder.java
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/http/HttpResponseBuilder.java?rev=690827&r1=690826&r2=690827&view=diff
==============================================================================
--- incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/http/HttpResponseBuilder.java (original)
+++ incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/http/HttpResponseBuilder.java Sun Aug 31 17:03:09 2008
@@ -19,6 +19,7 @@
import com.google.common.collect.*;
import org.apache.commons.lang.ArrayUtils;
+import org.apache.shindig.common.util.CharsetUtil;
import org.apache.shindig.common.util.DateUtil;
import java.util.*;
@@ -59,6 +60,14 @@
return new HttpResponse(this);
}
+ /**
+ * @param responseString The response string. Converted to UTF-8 bytes and copied when set.
+ */
+ public HttpResponseBuilder setResponseString(String body) {
+ responseBytes = CharsetUtil.getUtf8Bytes(body);
+ return this;
+ }
+
/**
* @param responseBytes The response body. Copied when set.
*/
Modified: incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthFetcher.java
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthFetcher.java?rev=690827&r1=690826&r2=690827&view=diff
==============================================================================
--- incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthFetcher.java (original)
+++ incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthFetcher.java Sun Aug 31 17:03:09 2008
@@ -25,6 +25,7 @@
import org.apache.shindig.gadgets.http.HttpRequest;
import org.apache.shindig.gadgets.http.HttpResponse;
import org.apache.shindig.gadgets.http.HttpResponseBuilder;
+import org.apache.shindig.gadgets.oauth.OAuthStore.OAuthParamLocation;
import net.oauth.OAuth;
import net.oauth.OAuthAccessor;
@@ -376,6 +377,16 @@
// paramLocation could be overriden by a run-time parameter to fetchRequest
HttpRequest result = new HttpRequest(base);
+
+ // If someone specifies that OAuth parameters go in the body, but then sends a request for
+ // data using GET, we've got a choice. We can throw some type of error, since a GET request
+ // can't have a body, or we can stick the parameters somewhere else, like, say, the header.
+ // We opt to put them in the header, since that stands some chance of working with some
+ // OAuth service providers.
+ if (paramLocation == OAuthStore.OAuthParamLocation.POST_BODY &&
+ !result.getMethod().equals("POST")) {
+ paramLocation = OAuthStore.OAuthParamLocation.AUTH_HEADER;
+ }
switch (paramLocation) {
case AUTH_HEADER:
@@ -413,6 +424,11 @@
HttpRequest req = new HttpRequest(Uri.parse(request.URL))
.setMethod(request.method)
.setIgnoreCache(true);
+
+ // Per section 5.2 of OAuth spec
+ if (accessorInfo.paramLocation == OAuthParamLocation.POST_BODY) {
+ req.setHeader("Content-Type", "application/x-www-form-urlencoded");
+ }
HttpRequest oauthRequest = createHttpRequest(req, filterOAuthParams(request));
Modified: incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/FakeGadgetSpecFactory.java
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/FakeGadgetSpecFactory.java?rev=690827&r1=690826&r2=690827&view=diff
==============================================================================
--- incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/FakeGadgetSpecFactory.java (original)
+++ incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/FakeGadgetSpecFactory.java Sun Aug 31 17:03:09 2008
@@ -37,12 +37,23 @@
public GadgetSpec getGadgetSpec(URI gadgetUri, boolean ignoreCache)
throws GadgetException {
- if (gadgetUri.toString().contains("nokey")) {
- String nokeySpec = GadgetTokenStoreTest.GADGET_SPEC.replace(
- SERVICE_NAME, SERVICE_NAME_NO_KEY);
+ String gadget = gadgetUri.toString();
+ String baseSpec = GadgetTokenStoreTest.GADGET_SPEC;
+ if (gadget.contains("nokey")) {
+ // For testing key lookup failures
+ String nokeySpec = baseSpec.replace(SERVICE_NAME, SERVICE_NAME_NO_KEY);
return new GadgetSpec(gadgetUri, nokeySpec);
+ } else if (gadget.contains("header")) {
+ // For testing oauth data in header
+ String headerSpec = baseSpec.replace("uri-query", "auth-header");
+ return new GadgetSpec(gadgetUri, headerSpec);
+ } else if (gadget.contains("body")) {
+ // For testing oauth data in body
+ String bodySpec = baseSpec.replace("uri-query", "post-body");
+ bodySpec = bodySpec.replace("'GET'", "'POST'");
+ return new GadgetSpec(gadgetUri, bodySpec);
} else {
- return new GadgetSpec(gadgetUri, GadgetTokenStoreTest.GADGET_SPEC);
+ return new GadgetSpec(gadgetUri, baseSpec);
}
}
}
Modified: incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/http/HttpResponseBuilderTest.java
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/http/HttpResponseBuilderTest.java?rev=690827&r1=690826&r2=690827&view=diff
==============================================================================
--- incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/http/HttpResponseBuilderTest.java (original)
+++ incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/http/HttpResponseBuilderTest.java Sun Aug 31 17:03:09 2008
@@ -123,4 +123,11 @@
}
+ @Test
+ public void setResponseString() {
+ HttpResponse resp = new HttpResponseBuilder()
+ .setResponseString("foo")
+ .create();
+ assertEquals("foo", resp.getResponseAsString());
+ }
}
Modified: incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/FakeOAuthServiceProvider.java
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/FakeOAuthServiceProvider.java?rev=690827&r1=690826&r2=690827&view=diff
==============================================================================
--- incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/FakeOAuthServiceProvider.java (original)
+++ incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/FakeOAuthServiceProvider.java Sun Aug 31 17:03:09 2008
@@ -24,20 +24,28 @@
import net.oauth.OAuthServiceProvider;
import net.oauth.OAuthValidator;
import net.oauth.SimpleOAuthValidator;
+
import org.apache.shindig.common.crypto.Crypto;
import org.apache.shindig.gadgets.GadgetException;
import org.apache.shindig.gadgets.http.HttpFetcher;
import org.apache.shindig.gadgets.http.HttpRequest;
import org.apache.shindig.gadgets.http.HttpResponse;
import org.apache.shindig.gadgets.http.HttpResponseBuilder;
+import org.apache.shindig.gadgets.oauth.OAuthStore.OAuthParamLocation;
import java.io.IOException;
import java.util.ArrayList;
import java.util.HashMap;
+import java.util.HashSet;
import java.util.List;
+import java.util.Set;
public class FakeOAuthServiceProvider implements HttpFetcher {
+ public static final String BODY_ECHO_HEADER = "X-Echoed-Body";
+
+ public static final String AUTHZ_ECHO_HEADER = "X-Echoed-Authz";
+
public final static String SP_HOST = "http://www.example.com";
public final static String REQUEST_TOKEN_URL =
@@ -115,6 +123,8 @@
private int resourceAccessCount = 0;
+ private Set<OAuthParamLocation> validParamLocations;
+
public FakeOAuthServiceProvider() {
OAuthServiceProvider provider = new OAuthServiceProvider(
REQUEST_TOKEN_URL, APPROVAL_URL, ACCESS_TOKEN_URL);
@@ -123,11 +133,26 @@
tokenState = new HashMap<String, TokenState>();
validator = new SimpleOAuthValidator();
vagueErrors = false;
+ validParamLocations = new HashSet<OAuthParamLocation>();
+ validParamLocations.add(OAuthParamLocation.URI_QUERY);
}
public void setVagueErrors(boolean vagueErrors) {
this.vagueErrors = vagueErrors;
}
+
+ public void addParamLocation(OAuthParamLocation paramLocation) {
+ validParamLocations.add(paramLocation);
+ }
+
+ public void removeParamLocation(OAuthParamLocation paramLocation) {
+ validParamLocations.remove(paramLocation);
+ }
+
+ public void setParamLocation(OAuthParamLocation paramLocation) {
+ validParamLocations.clear();
+ validParamLocations.add(paramLocation);
+ }
@SuppressWarnings("unused")
public HttpResponse fetch(HttpRequest request)
@@ -156,7 +181,7 @@
private HttpResponse handleRequestTokenUrl(HttpRequest request)
throws Exception {
- OAuthMessage message = parseMessage(request);
+ OAuthMessage message = parseMessage(request).message;
String requestConsumer = message.getParameter(OAuth.OAUTH_CONSUMER_KEY);
if (!CONSUMER_KEY.equals(requestConsumer)) {
return makeOAuthProblemReport(
@@ -197,23 +222,61 @@
// Loosely based off net.oauth.OAuthServlet, and even more loosely related
// to the OAuth specification
- private OAuthMessage parseMessage(HttpRequest request) {
+ private MessageInfo parseMessage(HttpRequest request) {
+ MessageInfo info = new MessageInfo();
String method = request.getMethod();
- if (!method.equals("GET")) {
- throw new RuntimeException("Only GET supported for now");
- }
- ParsedUrl url = new ParsedUrl(request.getUri().toString());
+ ParsedUrl parsed = new ParsedUrl(request.getUri().toString());
+
List<OAuth.Parameter> params = new ArrayList<OAuth.Parameter>();
- params.addAll(url.getParsedQuery());
- String aznHeader = request.getHeader("Authorization");
- if (aznHeader != null) {
- for (OAuth.Parameter p : OAuthMessage.decodeAuthorization(aznHeader)) {
- if (!p.getKey().equalsIgnoreCase("realm")) {
- params.add(p);
+ params.addAll(parsed.getParsedQuery());
+
+ if (!validParamLocations.contains(OAuthParamLocation.URI_QUERY)) {
+ // Make sure nothing OAuth related ended up in the query string
+ for (OAuth.Parameter p : params) {
+ if (p.getKey().contains("oauth_")) {
+ throw new RuntimeException("Found unexpected query param " + p.getKey());
+ }
+ }
+ }
+
+ // Parse authorization header
+ if (validParamLocations.contains(OAuthParamLocation.AUTH_HEADER)) {
+ String aznHeader = request.getHeader("Authorization");
+ if (aznHeader != null) {
+ info.aznHeader = aznHeader;
+ for (OAuth.Parameter p : OAuthMessage.decodeAuthorization(aznHeader)) {
+ if (!p.getKey().equalsIgnoreCase("realm")) {
+ params.add(p);
+ }
}
}
}
- return new OAuthMessage(method, url.getLocation(), params);
+
+ // Parse body
+ if (validParamLocations.contains(OAuthParamLocation.POST_BODY)) {
+ String body = request.getPostBodyAsString();
+ if (request.getMethod().equals("POST")) {
+ String type = request.getHeader("Content-Type");
+ if (!"application/x-www-form-urlencoded".equals(type)) {
+ throw new RuntimeException("Wrong content-type header: " + type);
+ }
+ info.body = body;
+ params.addAll(OAuth.decodeForm(request.getPostBodyAsString()));
+ }
+ }
+
+ // Return the lot
+ info.message = new OAuthMessage(method, parsed.getLocation(), params);
+ return info;
+ }
+
+ /**
+ * Bundles information about a received OAuthMessage.
+ */
+ private static class MessageInfo {
+ public OAuthMessage message;
+ public String aznHeader;
+ public String body;
}
/**
@@ -316,7 +379,7 @@
private HttpResponse handleAccessTokenUrl(HttpRequest request)
throws Exception {
- OAuthMessage message = parseMessage(request);
+ OAuthMessage message = parseMessage(request).message;
String requestToken = message.getParameter("oauth_token");
TokenState state = tokenState.get(requestToken);
if (throttled) {
@@ -345,8 +408,8 @@
private HttpResponse handleResourceUrl(HttpRequest request)
throws Exception {
- OAuthMessage message = parseMessage(request);
- String accessToken = message.getParameter("oauth_token");
+ MessageInfo info = parseMessage(request);
+ String accessToken = info.message.getParameter("oauth_token");
TokenState state = tokenState.get(accessToken);
if (throttled) {
return makeOAuthProblemReport(
@@ -363,8 +426,17 @@
OAuthAccessor accessor = new OAuthAccessor(consumer);
accessor.accessToken = accessToken;
accessor.tokenSecret = state.getSecret();
- message.validateMessage(accessor, validator);
- return new HttpResponse("User data is " + state.getUserData());
+ info.message.validateMessage(accessor, validator);
+ HttpResponseBuilder resp = new HttpResponseBuilder()
+ .setHttpStatusCode(HttpResponse.SC_OK)
+ .setResponseString("User data is " + state.getUserData());
+ if (info.aznHeader != null) {
+ resp.setHeader(AUTHZ_ECHO_HEADER, info.aznHeader);
+ }
+ if (info.body != null) {
+ resp.setHeader(BODY_ECHO_HEADER, info.body);
+ }
+ return resp.create();
}
public void setConsumersThrottled(boolean throttled) {
Modified: incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/OAuthFetcherTest.java
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/OAuthFetcherTest.java?rev=690827&r1=690826&r2=690827&view=diff
==============================================================================
--- incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/OAuthFetcherTest.java (original)
+++ incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/OAuthFetcherTest.java Sun Aug 31 17:03:09 2008
@@ -20,12 +20,14 @@
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
import org.apache.shindig.auth.BasicSecurityToken;
import org.apache.shindig.auth.SecurityToken;
import org.apache.shindig.common.cache.DefaultCacheProvider;
import org.apache.shindig.common.crypto.BasicBlobCrypter;
import org.apache.shindig.common.uri.Uri;
+import org.apache.shindig.common.util.CharsetUtil;
import org.apache.shindig.gadgets.FakeGadgetSpecFactory;
import org.apache.shindig.gadgets.GadgetException;
import org.apache.shindig.gadgets.http.BasicHttpCache;
@@ -33,6 +35,7 @@
import org.apache.shindig.gadgets.http.HttpRequest;
import org.apache.shindig.gadgets.http.HttpResponse;
import org.apache.shindig.gadgets.oauth.FakeOAuthServiceProvider.TokenPair;
+import org.apache.shindig.gadgets.oauth.OAuthStore.OAuthParamLocation;
import org.junit.After;
import org.junit.Before;
@@ -53,6 +56,8 @@
public static final String GADGET_URL = "http://www.example.com/gadget.xml";
public static final String GADGET_URL_NO_KEY = "http://www.example.com/nokey.xml";
+ public static final String GADGET_URL_HEADER = "http://www.example.com/header.xml";
+ public static final String GADGET_URL_BODY = "http://www.example.com/body.xml";
@Before
public void setUp() throws Exception {
@@ -70,6 +75,8 @@
BasicOAuthStore base = new BasicOAuthStore();
addValidConsumer(base);
addInvalidConsumer(base);
+ addAuthHeaderConsumer(base);
+ addBodyConsumer(base);
BasicGadgetOAuthTokenStore store = new BasicGadgetOAuthTokenStore(base,
new FakeGadgetSpecFactory());
store.initFromConfigString("{}");
@@ -92,6 +99,24 @@
FakeGadgetSpecFactory.SERVICE_NAME_NO_KEY,
"garbage_key", "garbage_secret");
}
+
+ private static void addAuthHeaderConsumer(BasicOAuthStore base) {
+ addConsumer(
+ base,
+ GADGET_URL_HEADER,
+ FakeGadgetSpecFactory.SERVICE_NAME,
+ FakeOAuthServiceProvider.CONSUMER_KEY,
+ FakeOAuthServiceProvider.CONSUMER_SECRET);
+ }
+
+ private static void addBodyConsumer(BasicOAuthStore base) {
+ addConsumer(
+ base,
+ GADGET_URL_BODY,
+ FakeGadgetSpecFactory.SERVICE_NAME,
+ FakeOAuthServiceProvider.CONSUMER_KEY,
+ FakeOAuthServiceProvider.CONSUMER_SECRET);
+ }
private static void addConsumer(
BasicOAuthStore base,
@@ -110,19 +135,36 @@
}
/**
- * Builds a nicely populated gadget token.
+ * Builds gadget token for testing a service with parameters in the query.
*/
- public static SecurityToken getSecurityToken(String owner, String viewer) throws Exception {
- return new BasicSecurityToken(owner, viewer, "app", "container.com",
- GADGET_URL, "0");
+ public static SecurityToken getNormalSecurityToken(String owner, String viewer) throws Exception {
+ return getSecurityToken(owner, viewer, GADGET_URL);
}
/**
- * Builds a nicely populated gadget token.
+ * Builds gadget token for testing services without a key.
*/
public static SecurityToken getNokeySecurityToken(String owner, String viewer) throws Exception {
- return new BasicSecurityToken(owner, viewer, "app", "container.com",
- GADGET_URL_NO_KEY, "0");
+ return getSecurityToken(owner, viewer, GADGET_URL_NO_KEY);
+ }
+
+ /**
+ * Builds gadget token for testing a service that wants parameters in a header.
+ */
+ public static SecurityToken getHeaderSecurityToken(String owner, String viewer) throws Exception {
+ return getSecurityToken(owner, viewer, GADGET_URL_HEADER);
+ }
+
+ /**
+ * Builds gadget token for testing a service that wants parameters in the request body.
+ */
+ public static SecurityToken getBodySecurityToken(String owner, String viewer) throws Exception {
+ return getSecurityToken(owner, viewer, GADGET_URL_BODY);
+ }
+
+ public static SecurityToken getSecurityToken(String owner, String viewer, String gadget)
+ throws Exception {
+ return new BasicSecurityToken(owner, viewer, "app", "container.com", gadget, "0");
}
@After
@@ -143,7 +185,7 @@
HttpResponse response;
fetcher = getFetcher(
- getSecurityToken("owner", "owner"),
+ getNormalSecurityToken("owner", "owner"),
new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, null, false));
request = new HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
response = fetcher.fetch(request);
@@ -155,21 +197,22 @@
serviceProvider.browserVisit(approvalUrl + "&user_data=hello-oauth");
fetcher = getFetcher(
- getSecurityToken("owner", "owner"),
+ getNormalSecurityToken("owner", "owner"),
new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, clientState, false));
request = new HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
response = fetcher.fetch(request);
assertEquals("User data is hello-oauth", response.getResponseAsString());
+ assertNull(response.getHeader(FakeOAuthServiceProvider.AUTHZ_ECHO_HEADER));
fetcher = getFetcher(
- getSecurityToken("owner", "somebody else"),
+ getNormalSecurityToken("owner", "somebody else"),
new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, null, false));
request = new HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
response = fetcher.fetch(request);
assertEquals("User data is hello-oauth", response.getResponseAsString());
fetcher = getFetcher(
- getSecurityToken("somebody else", "somebody else"),
+ getNormalSecurityToken("somebody else", "somebody else"),
new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, null, false));
request = new HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
response = fetcher.fetch(request);
@@ -181,12 +224,213 @@
serviceProvider.browserVisit(approvalUrl + "&user_data=somebody%20else");
fetcher = getFetcher(
- getSecurityToken("somebody else", "somebody else"),
+ getNormalSecurityToken("somebody else", "somebody else"),
new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, clientState, false));
request = new HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
response = fetcher.fetch(request);
assertEquals("User data is somebody else", response.getResponseAsString());
}
+
+ @Test
+ public void testParamsInHeader() throws Exception {
+ HttpFetcher fetcher;
+ HttpRequest request;
+ HttpResponse response;
+
+ serviceProvider.setParamLocation(OAuthParamLocation.AUTH_HEADER);
+
+ fetcher = getFetcher(
+ getHeaderSecurityToken("owner", "owner"),
+ new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, null, false));
+ request = new HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
+ response = fetcher.fetch(request);
+ String clientState = response.getMetadata().get("oauthState");
+ assertNotNull(clientState);
+ String approvalUrl = response.getMetadata().get("oauthApprovalUrl");
+ assertNotNull(approvalUrl);
+
+ serviceProvider.browserVisit(approvalUrl + "&user_data=hello-oauth");
+
+ fetcher = getFetcher(
+ getHeaderSecurityToken("owner", "owner"),
+ new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, clientState, false));
+ request = new HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
+ response = fetcher.fetch(request);
+ assertEquals("User data is hello-oauth", response.getResponseAsString());
+
+ String aznHeader = response.getHeader(FakeOAuthServiceProvider.AUTHZ_ECHO_HEADER);
+ assertNotNull(aznHeader);
+ assertTrue("azn header: " + aznHeader, aznHeader.indexOf("OAuth") != -1);
+ }
+
+ @Test
+ public void testParamsInBody() throws Exception {
+ HttpFetcher fetcher;
+ HttpRequest request;
+ HttpResponse response;
+
+ serviceProvider.setParamLocation(OAuthParamLocation.POST_BODY);
+
+ fetcher = getFetcher(
+ getBodySecurityToken("owner", "owner"),
+ new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, null, false));
+ request = new HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
+ response = fetcher.fetch(request);
+ String clientState = response.getMetadata().get("oauthState");
+ assertNotNull(clientState);
+ String approvalUrl = response.getMetadata().get("oauthApprovalUrl");
+ assertNotNull(approvalUrl);
+
+ serviceProvider.browserVisit(approvalUrl + "&user_data=hello-oauth");
+
+ fetcher = getFetcher(
+ getBodySecurityToken("owner", "owner"),
+ new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, clientState, false));
+ request = new HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
+ request.setHeader("content-type", "application/x-www-form-urlencoded");
+ request.setMethod("POST");
+ response = fetcher.fetch(request);
+ assertEquals("User data is hello-oauth", response.getResponseAsString());
+
+ String echoedBody = response.getHeader(FakeOAuthServiceProvider.BODY_ECHO_HEADER);
+ assertNotNull(echoedBody);
+ assertTrue("body: " + echoedBody, echoedBody.indexOf("oauth_consumer_key=") != -1);
+ }
+
+ @Test
+ public void testParamsInBody_withExtraParams() throws Exception {
+ HttpFetcher fetcher;
+ HttpRequest request;
+ HttpResponse response;
+
+ serviceProvider.setParamLocation(OAuthParamLocation.POST_BODY);
+
+ fetcher = getFetcher(
+ getBodySecurityToken("owner", "owner"),
+ new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, null, false));
+ request = new HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
+ response = fetcher.fetch(request);
+ String clientState = response.getMetadata().get("oauthState");
+ assertNotNull(clientState);
+ String approvalUrl = response.getMetadata().get("oauthApprovalUrl");
+ assertNotNull(approvalUrl);
+
+ serviceProvider.browserVisit(approvalUrl + "&user_data=hello-oauth");
+
+ fetcher = getFetcher(
+ getBodySecurityToken("owner", "owner"),
+ new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, clientState, false));
+ request = new HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
+ request.setHeader("content-type", "application/x-www-form-urlencoded");
+ request.setMethod("POST");
+ request.setPostBody(CharsetUtil.getUtf8Bytes("foo=bar&foo=baz"));
+ response = fetcher.fetch(request);
+ assertEquals("User data is hello-oauth", response.getResponseAsString());
+
+ String echoedBody = response.getHeader(FakeOAuthServiceProvider.BODY_ECHO_HEADER);
+ assertNotNull(echoedBody);
+ assertTrue("body: " + echoedBody, echoedBody.indexOf("oauth_consumer_key=") != -1);
+ assertTrue("body: " + echoedBody, echoedBody.indexOf("foo=bar&foo=baz") != -1);
+ }
+
+ @Test
+ public void testParamsInBody_forGetRequest() throws Exception {
+ HttpFetcher fetcher;
+ HttpRequest request;
+ HttpResponse response;
+
+ // We're sending a GET request with an auth-header, let the SP look in the header for the authz
+ // params.
+ serviceProvider.setParamLocation(OAuthParamLocation.POST_BODY);
+ serviceProvider.addParamLocation(OAuthParamLocation.AUTH_HEADER);
+
+ fetcher = getFetcher(
+ getBodySecurityToken("owner", "owner"),
+ new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, null, false));
+ request = new HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
+ response = fetcher.fetch(request);
+ String clientState = response.getMetadata().get("oauthState");
+ assertNotNull(clientState);
+ String approvalUrl = response.getMetadata().get("oauthApprovalUrl");
+ assertNotNull(approvalUrl);
+
+ serviceProvider.browserVisit(approvalUrl + "&user_data=hello-oauth");
+
+ fetcher = getFetcher(
+ getBodySecurityToken("owner", "owner"),
+ new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, clientState, false));
+ request = new HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
+
+ response = fetcher.fetch(request);
+ assertEquals("User data is hello-oauth", response.getResponseAsString());
+
+ String aznHeader = response.getHeader(FakeOAuthServiceProvider.AUTHZ_ECHO_HEADER);
+ assertNotNull(aznHeader);
+ assertTrue("azn header: " + aznHeader, aznHeader.indexOf("OAuth") != -1);
+ }
+
+ @Test
+ public void testParamsInBody_forGetRequestStrictSp() throws Exception {
+ HttpFetcher fetcher;
+ HttpRequest request;
+ HttpResponse response;
+
+ serviceProvider.setParamLocation(OAuthParamLocation.POST_BODY);
+
+ fetcher = getFetcher(
+ getBodySecurityToken("owner", "owner"),
+ new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, null, false));
+ request = new HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
+ response = fetcher.fetch(request);
+ String clientState = response.getMetadata().get("oauthState");
+ assertNotNull(clientState);
+ String approvalUrl = response.getMetadata().get("oauthApprovalUrl");
+ assertNotNull(approvalUrl);
+
+ serviceProvider.browserVisit(approvalUrl + "&user_data=hello-oauth");
+
+ fetcher = getFetcher(
+ getBodySecurityToken("owner", "owner"),
+ new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, clientState, false));
+ request = new HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
+
+ // Failed because the SP doesn't accept authz headers
+ response = fetcher.fetch(request);
+ approvalUrl = response.getMetadata().get("oauthApprovalUrl");
+ assertNotNull(approvalUrl);
+ }
+
+ @Test
+ public void testPlainTextParams() throws Exception {
+ HttpFetcher fetcher;
+ HttpRequest request;
+ HttpResponse response;
+
+ serviceProvider.setParamLocation(OAuthParamLocation.AUTH_HEADER);
+
+ fetcher = getFetcher(
+ getHeaderSecurityToken("owner", "owner"),
+ new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, null, false));
+ request = new HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
+ response = fetcher.fetch(request);
+ String clientState = response.getMetadata().get("oauthState");
+ assertNotNull(clientState);
+ String approvalUrl = response.getMetadata().get("oauthApprovalUrl");
+ assertNotNull(approvalUrl);
+
+ serviceProvider.browserVisit(approvalUrl + "&user_data=hello-oauth");
+
+ fetcher = getFetcher(
+ getHeaderSecurityToken("owner", "owner"),
+ new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, clientState, false));
+ request = new HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
+ response = fetcher.fetch(request);
+ assertEquals("User data is hello-oauth", response.getResponseAsString());
+
+ String aznHeader = response.getHeader(FakeOAuthServiceProvider.AUTHZ_ECHO_HEADER);
+ assertNotNull(aznHeader);
+ assertTrue("azn header: " + aznHeader, aznHeader.indexOf("OAuth") != -1);
+ }
@Test
public void testRevokedAccessToken() throws Exception {
@@ -195,7 +439,7 @@
HttpResponse response;
fetcher = getFetcher(
- getSecurityToken("owner", "owner"),
+ getNormalSecurityToken("owner", "owner"),
new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, null, false));
request = new HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
response = fetcher.fetch(request);
@@ -207,7 +451,7 @@
serviceProvider.browserVisit(approvalUrl + "&user_data=hello-oauth");
fetcher = getFetcher(
- getSecurityToken("owner", "owner"),
+ getNormalSecurityToken("owner", "owner"),
new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, clientState, false));
request = new HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
response = fetcher.fetch(request);
@@ -216,7 +460,7 @@
serviceProvider.revokeAllAccessTokens();
fetcher = getFetcher(
- getSecurityToken("owner", "owner"),
+ getNormalSecurityToken("owner", "owner"),
new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, clientState, false));
request = new HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
request.setIgnoreCache(true);
@@ -229,7 +473,7 @@
serviceProvider.browserVisit(approvalUrl + "&user_data=reapproved");
fetcher = getFetcher(
- getSecurityToken("owner", "owner"),
+ getNormalSecurityToken("owner", "owner"),
new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, clientState, false));
request = new HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
request.setIgnoreCache(true);
@@ -247,7 +491,7 @@
serviceProvider.setVagueErrors(true);
fetcher = getFetcher(
- getSecurityToken("owner", "owner"),
+ getNormalSecurityToken("owner", "owner"),
new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, null, false));
request = new HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
response = fetcher.fetch(request);
@@ -259,7 +503,7 @@
serviceProvider.browserVisit(approvalUrl + "&user_data=hello-oauth");
fetcher = getFetcher(
- getSecurityToken("owner", "owner"),
+ getNormalSecurityToken("owner", "owner"),
new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, clientState, false));
request = new HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
response = fetcher.fetch(request);
@@ -268,7 +512,7 @@
serviceProvider.revokeAllAccessTokens();
fetcher = getFetcher(
- getSecurityToken("owner", "owner"),
+ getNormalSecurityToken("owner", "owner"),
new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, clientState, false));
request = new HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
request.setIgnoreCache(true);
@@ -281,7 +525,7 @@
serviceProvider.browserVisit(approvalUrl + "&user_data=reapproved");
fetcher = getFetcher(
- getSecurityToken("owner", "owner"),
+ getNormalSecurityToken("owner", "owner"),
new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, clientState, false));
request = new HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
request.setIgnoreCache(true);
@@ -339,7 +583,7 @@
assertEquals(0, serviceProvider.getResourceAccessCount());
fetcher = getFetcher(
- getSecurityToken("owner", "owner"),
+ getNormalSecurityToken("owner", "owner"),
new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, null, false));
request = new HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
request.setIgnoreCache(true);
@@ -356,7 +600,7 @@
serviceProvider.browserVisit(approvalUrl + "&user_data=hello-oauth");
fetcher = getFetcher(
- getSecurityToken("owner", "owner"),
+ getNormalSecurityToken("owner", "owner"),
new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, clientState, false));
request = new HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
request.setIgnoreCache(true);
@@ -369,7 +613,7 @@
assertEquals(1, serviceProvider.getResourceAccessCount());
fetcher = getFetcher(
- getSecurityToken("owner", "owner"),
+ getNormalSecurityToken("owner", "owner"),
new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, clientState, false));
request = new HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
request.setIgnoreCache(true);
@@ -384,7 +628,7 @@
serviceProvider.setConsumersThrottled(true);
fetcher = getFetcher(
- getSecurityToken("owner", "owner"),
+ getNormalSecurityToken("owner", "owner"),
new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, null,
false));
request = new HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
@@ -405,7 +649,7 @@
serviceProvider.setConsumersThrottled(false);
fetcher = getFetcher(
- getSecurityToken("owner", "owner"),
+ getNormalSecurityToken("owner", "owner"),
new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null,
clientState, false));
request = new HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
@@ -427,7 +671,7 @@
HttpResponse response;
fetcher = getFetcher(
- getSecurityToken("owner", "owner"),
+ getNormalSecurityToken("owner", "owner"),
new OAuthArguments("nosuchservice", null, null, false));
request = new HttpRequest(
Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
@@ -459,7 +703,7 @@
FakeGadgetSpecFactory.SERVICE_NAME, null, null, false, reqToken.token,
reqToken.secret);
- fetcher = getFetcher(getSecurityToken("owner", "owner"), params);
+ fetcher = getFetcher(getNormalSecurityToken("owner", "owner"), params);
request = new HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
response = fetcher.fetch(request);
@@ -472,7 +716,7 @@
assertEquals(1, serviceProvider.getAccessTokenCount());
assertEquals(1, serviceProvider.getResourceAccessCount());
- fetcher = getFetcher(getSecurityToken("owner", "owner"), params);
+ fetcher = getFetcher(getNormalSecurityToken("owner", "owner"), params);
request = new HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
request.setIgnoreCache(true);
response = fetcher.fetch(request);
@@ -482,7 +726,7 @@
assertEquals(1, serviceProvider.getAccessTokenCount());
assertEquals(2, serviceProvider.getResourceAccessCount());
- fetcher = getFetcher(getSecurityToken("owner", "owner"), params);
+ fetcher = getFetcher(getNormalSecurityToken("owner", "owner"), params);
request = new HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
request.setIgnoreCache(true);
response = fetcher.fetch(request);
@@ -502,7 +746,7 @@
OAuthArguments params = new OAuthArguments(
FakeGadgetSpecFactory.SERVICE_NAME, null, null, false, "garbage", "garbage");
- fetcher = getFetcher(getSecurityToken("owner", "owner"), params);
+ fetcher = getFetcher(getNormalSecurityToken("owner", "owner"), params);
request = new HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
response = fetcher.fetch(request);
String clientState = response.getMetadata().get("oauthState");
@@ -515,7 +759,7 @@
params = new OAuthArguments(
FakeGadgetSpecFactory.SERVICE_NAME, null, clientState, false, "garbage", "garbage");
- fetcher = getFetcher(getSecurityToken("owner", "owner"), params);
+ fetcher = getFetcher(getNormalSecurityToken("owner", "owner"), params);
request = new HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
response = fetcher.fetch(request);
assertEquals("User data is hello-oauth", response.getResponseAsString());
@@ -523,7 +767,7 @@
params = new OAuthArguments(
FakeGadgetSpecFactory.SERVICE_NAME, null, clientState, false, "garbage", "garbage");
- fetcher = getFetcher(getSecurityToken("owner", "owner"), params);
+ fetcher = getFetcher(getNormalSecurityToken("owner", "owner"), params);
request = new HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
response = fetcher.fetch(request);
assertEquals("User data is hello-oauth", response.getResponseAsString());
@@ -539,7 +783,7 @@
OAuthArguments params = new OAuthArguments(
FakeGadgetSpecFactory.SERVICE_NAME, null, null, false, "garbage", "garbage");
- fetcher = getFetcher(getSecurityToken("owner", "owner"), params);
+ fetcher = getFetcher(getNormalSecurityToken("owner", "owner"), params);
request = new HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
response = fetcher.fetch(request);
String clientState = response.getMetadata().get("oauthState");
@@ -552,7 +796,7 @@
params = new OAuthArguments(
FakeGadgetSpecFactory.SERVICE_NAME, null, clientState, false, "garbage", "garbage");
- fetcher = getFetcher(getSecurityToken("owner", "owner"), params);
+ fetcher = getFetcher(getNormalSecurityToken("owner", "owner"), params);
request = new HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
response = fetcher.fetch(request);
assertEquals("User data is hello-oauth", response.getResponseAsString());
@@ -562,7 +806,7 @@
params = new OAuthArguments(
FakeGadgetSpecFactory.SERVICE_NAME, null, null, false, "garbage",
"garbage");
- fetcher = getFetcher(getSecurityToken("owner", "owner"), params);
+ fetcher = getFetcher(getNormalSecurityToken("owner", "owner"), params);
request = new HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
response = fetcher.fetch(request);
assertEquals("User data is hello-oauth", response.getResponseAsString());
@@ -579,7 +823,7 @@
assertEquals(0, serviceProvider.getResourceAccessCount());
fetcher = getFetcher(
- getSecurityToken("owner", "owner"),
+ getNormalSecurityToken("owner", "owner"),
new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, null, false));
request = new HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
response = fetcher.fetch(request);
@@ -591,7 +835,7 @@
serviceProvider.browserVisit(approvalUrl + "&user_data=hello-oauth");
fetcher = getFetcher(
- getSecurityToken("owner", "owner"),
+ getNormalSecurityToken("owner", "owner"),
new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, clientState, false));
request = new HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
response = fetcher.fetch(request);
@@ -602,7 +846,7 @@
assertEquals(1, serviceProvider.getResourceAccessCount());
fetcher = getFetcher(
- getSecurityToken("owner", "somebody else"),
+ getNormalSecurityToken("owner", "somebody else"),
new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, null, false));
request = new HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
response = fetcher.fetch(request);