You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shindig.apache.org by Kevin Brown <et...@google.com> on 2008/09/01 02:33:45 UTC
Re: svn commit: r690827 - in /incubator/shindig/trunk/java: common/src/main/java/org/apache/shindig/common/util/ common/src/test/java/org/apache/shindig/common/util/ gadgets/src/main/java/org/apache/shindig/gadgets/http/ gadgets/src/main/java/org/apa
On Sun, Aug 31, 2008 at 5:03 PM, <be...@apache.org> wrote:
> Author: beaton
> Date: Sun Aug 31 17:03:09 2008
> New Revision: 690827
>
> URL: http://svn.apache.org/viewvc?rev=690827&view=rev
> Log:
> Add test coverage for OAuth data in post bodies and authz headers. This
> turned up an interesting corner case in the OAuth spec: what are we
> supposed to do with service providers who ask for OAuth data in POST
> bodies when the request we're sending is a GET? I decided to deal with
> this by sticking the data in the authorization header, since that stands
> some chance of working.
>
>
> Added:
>
> incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/CharsetUtil.java
>
> incubator/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/util/CharsetUtilTest.java
> Modified:
>
> incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/http/HttpResponse.java
>
> incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/http/HttpResponseBuilder.java
>
> incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthFetcher.java
>
> incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/FakeGadgetSpecFactory.java
>
> incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/http/HttpResponseBuilderTest.java
>
> incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/FakeOAuthServiceProvider.java
>
> incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/OAuthFetcherTest.java
>
> Added:
> incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/CharsetUtil.java
> URL:
> http://svn.apache.org/viewvc/incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/CharsetUtil.java?rev=690827&view=auto
>
> ==============================================================================
> ---
> incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/CharsetUtil.java
> (added)
> +++
> incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/CharsetUtil.java
> Sun Aug 31 17:03:09 2008
> @@ -0,0 +1,52 @@
> +/*
> + * Licensed to the Apache Software Foundation (ASF) under one
> + * or more contributor license agreements. See the NOTICE file
> + * distributed with this work for additional information
> + * regarding copyright ownership. The ASF licenses this file
> + * to you under the Apache License, Version 2.0 (the
> + * "License"); you may not use this file except in compliance
> + * with the License. You may obtain a copy of the License at
> + *
> + * http://www.apache.org/licenses/LICENSE-2.0
> + *
> + * Unless required by applicable law or agreed to in writing,
> + * software distributed under the License is distributed on an
> + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
> + * KIND, either express or implied. See the License for the
> + * specific language governing permissions and limitations
> + * under the License.
> + */
> +
> +package org.apache.shindig.common.util;
> +
> +import org.apache.commons.lang.ArrayUtils;
> +
> +import java.nio.ByteBuffer;
> +import java.nio.charset.Charset;
> +import java.util.Arrays;
> +
> +/**
> + * Utilities for dealing with character set encoding.
> + */
> +public class CharsetUtil {
> +
> + /**
> + * UTF-8 Charset.
> + */
> + public static final Charset UTF8;
> +
> + static {
> + UTF8 = Charset.forName("UTF-8");
> + }
This won't run on a 1.5 JRE.
>
> +
> + /**
> + * @return UTF-8 byte array for the input string.
> + */
> + public static byte[] getUtf8Bytes(String s) {
> + if (s == null) {
> + return ArrayUtils.EMPTY_BYTE_ARRAY;
> + }
> + ByteBuffer bb = UTF8.encode(s);
> + return Arrays.copyOf(bb.array(), bb.limit());
> + }
> +}
>
> Added:
> incubator/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/util/CharsetUtilTest.java
> URL:
> http://svn.apache.org/viewvc/incubator/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/util/CharsetUtilTest.java?rev=690827&view=auto
>
> ==============================================================================
> ---
> incubator/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/util/CharsetUtilTest.java
> (added)
> +++
> incubator/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/util/CharsetUtilTest.java
> Sun Aug 31 17:03:09 2008
> @@ -0,0 +1,69 @@
> +/*
> + * Licensed to the Apache Software Foundation (ASF) under one
> + * or more contributor license agreements. See the NOTICE file
> + * distributed with this work for additional information
> + * regarding copyright ownership. The ASF licenses this file
> + * to you under the Apache License, Version 2.0 (the
> + * "License"); you may not use this file except in compliance
> + * with the License. You may obtain a copy of the License at
> + *
> + * http://www.apache.org/licenses/LICENSE-2.0
> + *
> + * Unless required by applicable law or agreed to in writing,
> + * software distributed under the License is distributed on an
> + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
> + * KIND, either express or implied. See the License for the
> + * specific language governing permissions and limitations
> + * under the License.
> + */
> +
> +package org.apache.shindig.common.util;
> +
> +import static org.junit.Assert.assertEquals;
> +
> +import org.junit.Test;
> +
> +import junitx.framework.ArrayAssert;
> +
> +/**
> + * Tests for CharsetUtil.
> + */
> +public class CharsetUtilTest {
> +
> + @Test
> + public void testGetUtf8String() {
> + ArrayAssert.assertEquals(new byte[] { 0x69, 0x6e },
> CharsetUtil.getUtf8Bytes("in"));
> + ArrayAssert.assertEquals(new byte[] {},
> CharsetUtil.getUtf8Bytes(null));
> + testStringOfLength(0);
> + testStringOfLength(10);
> + testStringOfLength(100);
> + testStringOfLength(1000);
> + }
> +
> + private void testStringOfLength(int len) {
> + StringBuilder sb = new StringBuilder();
> + for (int i=0; i < len; ++i) {
> + sb.append('a');
> + }
> + byte[] out = CharsetUtil.getUtf8Bytes(sb.toString());
> + assertEquals(len, out.length);
> + for (int i=0; i < len; ++i) {
> + assertEquals('a', out[i]);
> + }
> + }
> +
> +
> + private static final byte[] LATIN1_UTF8_DATA = new byte[] {
> + 'G', 'a', 'm', 'e', 's', ',', ' ', 'H', 'Q', ',', ' ', 'M', 'a', 'n',
> 'g', (byte)0xC3,
> + (byte) 0xA1, ',', ' ', 'A', 'n', 'i', 'm', 'e', ' ', 'e', ' ', 't',
> 'u', 'd', 'o', ' ',
> + 'q', 'u', 'e', ' ', 'u', 'm', ' ', 'b', 'o', 'm', ' ', 'n', 'e', 'r',
> 'd', ' ', 'a', 'm', 'a'
> + };
> +
> + private static final String LATIN1_STRING
> + = "Games, HQ, Mang\u00E1, Anime e tudo que um bom nerd ama";
> +
> + @Test
> + public void testLatin1() {
> + ArrayAssert.assertEquals(LATIN1_UTF8_DATA,
> CharsetUtil.getUtf8Bytes(LATIN1_STRING));
> + }
> +}
>
> Modified:
> incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/http/HttpResponse.java
> URL:
> http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/http/HttpResponse.java?rev=690827&r1=690826&r2=690827&view=diff
>
> ==============================================================================
> ---
> incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/http/HttpResponse.java
> (original)
> +++
> incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/http/HttpResponse.java
> Sun Aug 31 17:03:09 2008
> @@ -25,12 +25,10 @@\ import com.ibm.icu.text.CharsetDetector;
> import com.ibm.icu.text.CharsetMatch;
>
> -import org.apache.commons.lang.ArrayUtils;
> import org.apache.shindig.common.util.DateUtil;
>
> import java.io.ByteArrayInputStream;
> import java.io.InputStream;
> -import java.io.UnsupportedEncodingException;
> import java.nio.ByteBuffer;
> import java.nio.charset.Charset;
> import java.util.Arrays;
> @@ -124,18 +122,7 @@
> private HttpResponse(int httpStatusCode, String body) {
> this(new HttpResponseBuilder()
> .setHttpStatusCode(httpStatusCode)
> - .setResponse(getUtf8Bytes(body)));
> - }
> -
> - private static byte[] getUtf8Bytes(String body) {
> - try {
> - if (body == null) {
> - return ArrayUtils.EMPTY_BYTE_ARRAY;
> - }
> - return body.getBytes(DEFAULT_ENCODING);
> - } catch (UnsupportedEncodingException e) {
> - throw new RuntimeException(e);
> - }
> + .setResponseString(body));
> }
>
> public HttpResponse(String body) {
>
> Modified:
> incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/http/HttpResponseBuilder.java
> URL:
> http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/http/HttpResponseBuilder.java?rev=690827&r1=690826&r2=690827&view=diff
>
> ==============================================================================
> ---
> incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/http/HttpResponseBuilder.java
> (original)
> +++
> incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/http/HttpResponseBuilder.java
> Sun Aug 31 17:03:09 2008
> @@ -19,6 +19,7 @@
>
> import com.google.common.collect.*;
> import org.apache.commons.lang.ArrayUtils;
> +import org.apache.shindig.common.util.CharsetUtil;
> import org.apache.shindig.common.util.DateUtil;
>
> import java.util.*;
> @@ -59,6 +60,14 @@
> return new HttpResponse(this);
> }
>
> + /**
> + * @param responseString The response string. Converted to UTF-8 bytes
> and copied when set.
> + */
> + public HttpResponseBuilder setResponseString(String body) {
> + responseBytes = CharsetUtil.getUtf8Bytes(body);
> + return this;
> + }
> +
> /**
> * @param responseBytes The response body. Copied when set.
> */
>
> Modified:
> incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthFetcher.java
> URL:
> http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthFetcher.java?rev=690827&r1=690826&r2=690827&view=diff
>
> ==============================================================================
> ---
> incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthFetcher.java
> (original)
> +++
> incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthFetcher.java
> Sun Aug 31 17:03:09 2008
> @@ -25,6 +25,7 @@
> import org.apache.shindig.gadgets.http.HttpRequest;
> import org.apache.shindig.gadgets.http.HttpResponse;
> import org.apache.shindig.gadgets.http.HttpResponseBuilder;
> +import org.apache.shindig.gadgets.oauth.OAuthStore.OAuthParamLocation;
>
> import net.oauth.OAuth;
> import net.oauth.OAuthAccessor;
> @@ -376,6 +377,16 @@
> // paramLocation could be overriden by a run-time parameter to
> fetchRequest
>
> HttpRequest result = new HttpRequest(base);
> +
> + // If someone specifies that OAuth parameters go in the body, but then
> sends a request for
> + // data using GET, we've got a choice. We can throw some type of
> error, since a GET request
> + // can't have a body, or we can stick the parameters somewhere else,
> like, say, the header.
> + // We opt to put them in the header, since that stands some chance of
> working with some
> + // OAuth service providers.
> + if (paramLocation == OAuthStore.OAuthParamLocation.POST_BODY &&
> + !result.getMethod().equals("POST")) {
> + paramLocation = OAuthStore.OAuthParamLocation.AUTH_HEADER;
> + }
>
> switch (paramLocation) {
> case AUTH_HEADER:
> @@ -413,6 +424,11 @@
> HttpRequest req = new HttpRequest(Uri.parse(request.URL))
> .setMethod(request.method)
> .setIgnoreCache(true);
> +
> + // Per section 5.2 of OAuth spec
> + if (accessorInfo.paramLocation == OAuthParamLocation.POST_BODY) {
> + req.setHeader("Content-Type", "application/x-www-form-urlencoded");
> + }
>
> HttpRequest oauthRequest = createHttpRequest(req,
> filterOAuthParams(request));
>
>
> Modified:
> incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/FakeGadgetSpecFactory.java
> URL:
> http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/FakeGadgetSpecFactory.java?rev=690827&r1=690826&r2=690827&view=diff
>
> ==============================================================================
> ---
> incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/FakeGadgetSpecFactory.java
> (original)
> +++
> incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/FakeGadgetSpecFactory.java
> Sun Aug 31 17:03:09 2008
> @@ -37,12 +37,23 @@
>
> public GadgetSpec getGadgetSpec(URI gadgetUri, boolean ignoreCache)
> throws GadgetException {
> - if (gadgetUri.toString().contains("nokey")) {
> - String nokeySpec = GadgetTokenStoreTest.GADGET_SPEC.replace(
> - SERVICE_NAME, SERVICE_NAME_NO_KEY);
> + String gadget = gadgetUri.toString();
> + String baseSpec = GadgetTokenStoreTest.GADGET_SPEC;
> + if (gadget.contains("nokey")) {
> + // For testing key lookup failures
> + String nokeySpec = baseSpec.replace(SERVICE_NAME,
> SERVICE_NAME_NO_KEY);
> return new GadgetSpec(gadgetUri, nokeySpec);
> + } else if (gadget.contains("header")) {
> + // For testing oauth data in header
> + String headerSpec = baseSpec.replace("uri-query", "auth-header");
> + return new GadgetSpec(gadgetUri, headerSpec);
> + } else if (gadget.contains("body")) {
> + // For testing oauth data in body
> + String bodySpec = baseSpec.replace("uri-query", "post-body");
> + bodySpec = bodySpec.replace("'GET'", "'POST'");
> + return new GadgetSpec(gadgetUri, bodySpec);
> } else {
> - return new GadgetSpec(gadgetUri, GadgetTokenStoreTest.GADGET_SPEC);
> + return new GadgetSpec(gadgetUri, baseSpec);
> }
> }
> }
>
> Modified:
> incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/http/HttpResponseBuilderTest.java
> URL:
> http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/http/HttpResponseBuilderTest.java?rev=690827&r1=690826&r2=690827&view=diff
>
> ==============================================================================
> ---
> incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/http/HttpResponseBuilderTest.java
> (original)
> +++
> incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/http/HttpResponseBuilderTest.java
> Sun Aug 31 17:03:09 2008
> @@ -123,4 +123,11 @@
> }
>
>
> + @Test
> + public void setResponseString() {
> + HttpResponse resp = new HttpResponseBuilder()
> + .setResponseString("foo")
> + .create();
> + assertEquals("foo", resp.getResponseAsString());
> + }
> }
>
> Modified:
> incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/FakeOAuthServiceProvider.java
> URL:
> http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/FakeOAuthServiceProvider.java?rev=690827&r1=690826&r2=690827&view=diff
>
> ==============================================================================
> ---
> incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/FakeOAuthServiceProvider.java
> (original)
> +++
> incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/FakeOAuthServiceProvider.java
> Sun Aug 31 17:03:09 2008
> @@ -24,20 +24,28 @@
> import net.oauth.OAuthServiceProvider;
> import net.oauth.OAuthValidator;
> import net.oauth.SimpleOAuthValidator;
> +
> import org.apache.shindig.common.crypto.Crypto;
> import org.apache.shindig.gadgets.GadgetException;
> import org.apache.shindig.gadgets.http.HttpFetcher;
> import org.apache.shindig.gadgets.http.HttpRequest;
> import org.apache.shindig.gadgets.http.HttpResponse;
> import org.apache.shindig.gadgets.http.HttpResponseBuilder;
> +import org.apache.shindig.gadgets.oauth.OAuthStore.OAuthParamLocation;
>
> import java.io.IOException;
> import java.util.ArrayList;
> import java.util.HashMap;
> +import java.util.HashSet;
> import java.util.List;
> +import java.util.Set;
>
> public class FakeOAuthServiceProvider implements HttpFetcher {
>
> + public static final String BODY_ECHO_HEADER = "X-Echoed-Body";
> +
> + public static final String AUTHZ_ECHO_HEADER = "X-Echoed-Authz";
> +
> public final static String SP_HOST = "http://www.example.com";
>
> public final static String REQUEST_TOKEN_URL =
> @@ -115,6 +123,8 @@
>
> private int resourceAccessCount = 0;
>
> + private Set<OAuthParamLocation> validParamLocations;
> +
> public FakeOAuthServiceProvider() {
> OAuthServiceProvider provider = new OAuthServiceProvider(
> REQUEST_TOKEN_URL, APPROVAL_URL, ACCESS_TOKEN_URL);
> @@ -123,11 +133,26 @@
> tokenState = new HashMap<String, TokenState>();
> validator = new SimpleOAuthValidator();
> vagueErrors = false;
> + validParamLocations = new HashSet<OAuthParamLocation>();
> + validParamLocations.add(OAuthParamLocation.URI_QUERY);
> }
>
> public void setVagueErrors(boolean vagueErrors) {
> this.vagueErrors = vagueErrors;
> }
> +
> + public void addParamLocation(OAuthParamLocation paramLocation) {
> + validParamLocations.add(paramLocation);
> + }
> +
> + public void removeParamLocation(OAuthParamLocation paramLocation) {
> + validParamLocations.remove(paramLocation);
> + }
> +
> + public void setParamLocation(OAuthParamLocation paramLocation) {
> + validParamLocations.clear();
> + validParamLocations.add(paramLocation);
> + }
>
> @SuppressWarnings("unused")
> public HttpResponse fetch(HttpRequest request)
> @@ -156,7 +181,7 @@
>
> private HttpResponse handleRequestTokenUrl(HttpRequest request)
> throws Exception {
> - OAuthMessage message = parseMessage(request);
> + OAuthMessage message = parseMessage(request).message;
> String requestConsumer =
> message.getParameter(OAuth.OAUTH_CONSUMER_KEY);
> if (!CONSUMER_KEY.equals(requestConsumer)) {
> return makeOAuthProblemReport(
> @@ -197,23 +222,61 @@
>
> // Loosely based off net.oauth.OAuthServlet, and even more loosely
> related
> // to the OAuth specification
> - private OAuthMessage parseMessage(HttpRequest request) {
> + private MessageInfo parseMessage(HttpRequest request) {
> + MessageInfo info = new MessageInfo();
> String method = request.getMethod();
> - if (!method.equals("GET")) {
> - throw new RuntimeException("Only GET supported for now");
> - }
> - ParsedUrl url = new ParsedUrl(request.getUri().toString());
> + ParsedUrl parsed = new ParsedUrl(request.getUri().toString());
> +
> List<OAuth.Parameter> params = new ArrayList<OAuth.Parameter>();
> - params.addAll(url.getParsedQuery());
> - String aznHeader = request.getHeader("Authorization");
> - if (aznHeader != null) {
> - for (OAuth.Parameter p :
> OAuthMessage.decodeAuthorization(aznHeader)) {
> - if (!p.getKey().equalsIgnoreCase("realm")) {
> - params.add(p);
> + params.addAll(parsed.getParsedQuery());
> +
> + if (!validParamLocations.contains(OAuthParamLocation.URI_QUERY)) {
> + // Make sure nothing OAuth related ended up in the query string
> + for (OAuth.Parameter p : params) {
> + if (p.getKey().contains("oauth_")) {
> + throw new RuntimeException("Found unexpected query param " +
> p.getKey());
> + }
> + }
> + }
> +
> + // Parse authorization header
> + if (validParamLocations.contains(OAuthParamLocation.AUTH_HEADER)) {
> + String aznHeader = request.getHeader("Authorization");
> + if (aznHeader != null) {
> + info.aznHeader = aznHeader;
> + for (OAuth.Parameter p :
> OAuthMessage.decodeAuthorization(aznHeader)) {
> + if (!p.getKey().equalsIgnoreCase("realm")) {
> + params.add(p);
> + }
> }
> }
> }
> - return new OAuthMessage(method, url.getLocation(), params);
> +
> + // Parse body
> + if (validParamLocations.contains(OAuthParamLocation.POST_BODY)) {
> + String body = request.getPostBodyAsString();
> + if (request.getMethod().equals("POST")) {
> + String type = request.getHeader("Content-Type");
> + if (!"application/x-www-form-urlencoded".equals(type)) {
> + throw new RuntimeException("Wrong content-type header: " +
> type);
> + }
> + info.body = body;
> + params.addAll(OAuth.decodeForm(request.getPostBodyAsString()));
> + }
> + }
> +
> + // Return the lot
> + info.message = new OAuthMessage(method, parsed.getLocation(), params);
> + return info;
> + }
> +
> + /**
> + * Bundles information about a received OAuthMessage.
> + */
> + private static class MessageInfo {
> + public OAuthMessage message;
> + public String aznHeader;
> + public String body;
> }
>
> /**
> @@ -316,7 +379,7 @@
>
> private HttpResponse handleAccessTokenUrl(HttpRequest request)
> throws Exception {
> - OAuthMessage message = parseMessage(request);
> + OAuthMessage message = parseMessage(request).message;
> String requestToken = message.getParameter("oauth_token");
> TokenState state = tokenState.get(requestToken);
> if (throttled) {
> @@ -345,8 +408,8 @@
>
> private HttpResponse handleResourceUrl(HttpRequest request)
> throws Exception {
> - OAuthMessage message = parseMessage(request);
> - String accessToken = message.getParameter("oauth_token");
> + MessageInfo info = parseMessage(request);
> + String accessToken = info.message.getParameter("oauth_token");
> TokenState state = tokenState.get(accessToken);
> if (throttled) {
> return makeOAuthProblemReport(
> @@ -363,8 +426,17 @@
> OAuthAccessor accessor = new OAuthAccessor(consumer);
> accessor.accessToken = accessToken;
> accessor.tokenSecret = state.getSecret();
> - message.validateMessage(accessor, validator);
> - return new HttpResponse("User data is " + state.getUserData());
> + info.message.validateMessage(accessor, validator);
> + HttpResponseBuilder resp = new HttpResponseBuilder()
> + .setHttpStatusCode(HttpResponse.SC_OK)
> + .setResponseString("User data is " + state.getUserData());
> + if (info.aznHeader != null) {
> + resp.setHeader(AUTHZ_ECHO_HEADER, info.aznHeader);
> + }
> + if (info.body != null) {
> + resp.setHeader(BODY_ECHO_HEADER, info.body);
> + }
> + return resp.create();
> }
>
> public void setConsumersThrottled(boolean throttled) {
>
> Modified:
> incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/OAuthFetcherTest.java
> URL:
> http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/OAuthFetcherTest.java?rev=690827&r1=690826&r2=690827&view=diff
>
> ==============================================================================
> ---
> incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/OAuthFetcherTest.java
> (original)
> +++
> incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/OAuthFetcherTest.java
> Sun Aug 31 17:03:09 2008
> @@ -20,12 +20,14 @@
> import static org.junit.Assert.assertEquals;
> import static org.junit.Assert.assertNotNull;
> import static org.junit.Assert.assertNull;
> +import static org.junit.Assert.assertTrue;
>
> import org.apache.shindig.auth.BasicSecurityToken;
> import org.apache.shindig.auth.SecurityToken;
> import org.apache.shindig.common.cache.DefaultCacheProvider;
> import org.apache.shindig.common.crypto.BasicBlobCrypter;
> import org.apache.shindig.common.uri.Uri;
> +import org.apache.shindig.common.util.CharsetUtil;
> import org.apache.shindig.gadgets.FakeGadgetSpecFactory;
> import org.apache.shindig.gadgets.GadgetException;
> import org.apache.shindig.gadgets.http.BasicHttpCache;
> @@ -33,6 +35,7 @@
> import org.apache.shindig.gadgets.http.HttpRequest;
> import org.apache.shindig.gadgets.http.HttpResponse;
> import
> org.apache.shindig.gadgets.oauth.FakeOAuthServiceProvider.TokenPair;
> +import org.apache.shindig.gadgets.oauth.OAuthStore.OAuthParamLocation;
>
> import org.junit.After;
> import org.junit.Before;
> @@ -53,6 +56,8 @@
>
> public static final String GADGET_URL = "
> http://www.example.com/gadget.xml";
> public static final String GADGET_URL_NO_KEY = "
> http://www.example.com/nokey.xml";
> + public static final String GADGET_URL_HEADER = "
> http://www.example.com/header.xml";
> + public static final String GADGET_URL_BODY = "
> http://www.example.com/body.xml";
>
> @Before
> public void setUp() throws Exception {
> @@ -70,6 +75,8 @@
> BasicOAuthStore base = new BasicOAuthStore();
> addValidConsumer(base);
> addInvalidConsumer(base);
> + addAuthHeaderConsumer(base);
> + addBodyConsumer(base);
> BasicGadgetOAuthTokenStore store = new BasicGadgetOAuthTokenStore(base,
> new FakeGadgetSpecFactory());
> store.initFromConfigString("{}");
> @@ -92,6 +99,24 @@
> FakeGadgetSpecFactory.SERVICE_NAME_NO_KEY,
> "garbage_key", "garbage_secret");
> }
> +
> + private static void addAuthHeaderConsumer(BasicOAuthStore base) {
> + addConsumer(
> + base,
> + GADGET_URL_HEADER,
> + FakeGadgetSpecFactory.SERVICE_NAME,
> + FakeOAuthServiceProvider.CONSUMER_KEY,
> + FakeOAuthServiceProvider.CONSUMER_SECRET);
> + }
> +
> + private static void addBodyConsumer(BasicOAuthStore base) {
> + addConsumer(
> + base,
> + GADGET_URL_BODY,
> + FakeGadgetSpecFactory.SERVICE_NAME,
> + FakeOAuthServiceProvider.CONSUMER_KEY,
> + FakeOAuthServiceProvider.CONSUMER_SECRET);
> + }
>
> private static void addConsumer(
> BasicOAuthStore base,
> @@ -110,19 +135,36 @@
> }
>
> /**
> - * Builds a nicely populated gadget token.
> + * Builds gadget token for testing a service with parameters in the
> query.
> */
> - public static SecurityToken getSecurityToken(String owner, String
> viewer) throws Exception {
> - return new BasicSecurityToken(owner, viewer, "app", "container.com",
> - GADGET_URL, "0");
> + public static SecurityToken getNormalSecurityToken(String owner, String
> viewer) throws Exception {
> + return getSecurityToken(owner, viewer, GADGET_URL);
> }
>
> /**
> - * Builds a nicely populated gadget token.
> + * Builds gadget token for testing services without a key.
> */
> public static SecurityToken getNokeySecurityToken(String owner, String
> viewer) throws Exception {
> - return new BasicSecurityToken(owner, viewer, "app", "container.com",
> - GADGET_URL_NO_KEY, "0");
> + return getSecurityToken(owner, viewer, GADGET_URL_NO_KEY);
> + }
> +
> + /**
> + * Builds gadget token for testing a service that wants parameters in a
> header.
> + */
> + public static SecurityToken getHeaderSecurityToken(String owner, String
> viewer) throws Exception {
> + return getSecurityToken(owner, viewer, GADGET_URL_HEADER);
> + }
> +
> + /**
> + * Builds gadget token for testing a service that wants parameters in
> the request body.
> + */
> + public static SecurityToken getBodySecurityToken(String owner, String
> viewer) throws Exception {
> + return getSecurityToken(owner, viewer, GADGET_URL_BODY);
> + }
> +
> + public static SecurityToken getSecurityToken(String owner, String
> viewer, String gadget)
> + throws Exception {
> + return new BasicSecurityToken(owner, viewer, "app", "container.com",
> gadget, "0");
> }
>
> @After
> @@ -143,7 +185,7 @@
> HttpResponse response;
>
> fetcher = getFetcher(
> - getSecurityToken("owner", "owner"),
> + getNormalSecurityToken("owner", "owner"),
> new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, null,
> false));
> request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
> response = fetcher.fetch(request);
> @@ -155,21 +197,22 @@
> serviceProvider.browserVisit(approvalUrl + "&user_data=hello-oauth");
>
> fetcher = getFetcher(
> - getSecurityToken("owner", "owner"),
> + getNormalSecurityToken("owner", "owner"),
> new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null,
> clientState, false));
> request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
> response = fetcher.fetch(request);
> assertEquals("User data is hello-oauth",
> response.getResponseAsString());
> +
> assertNull(response.getHeader(FakeOAuthServiceProvider.AUTHZ_ECHO_HEADER));
>
> fetcher = getFetcher(
> - getSecurityToken("owner", "somebody else"),
> + getNormalSecurityToken("owner", "somebody else"),
> new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, null,
> false));
> request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
> response = fetcher.fetch(request);
> assertEquals("User data is hello-oauth",
> response.getResponseAsString());
>
> fetcher = getFetcher(
> - getSecurityToken("somebody else", "somebody else"),
> + getNormalSecurityToken("somebody else", "somebody else"),
> new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, null,
> false));
> request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
> response = fetcher.fetch(request);
> @@ -181,12 +224,213 @@
> serviceProvider.browserVisit(approvalUrl +
> "&user_data=somebody%20else");
>
> fetcher = getFetcher(
> - getSecurityToken("somebody else", "somebody else"),
> + getNormalSecurityToken("somebody else", "somebody else"),
> new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null,
> clientState, false));
> request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
> response = fetcher.fetch(request);
> assertEquals("User data is somebody else",
> response.getResponseAsString());
> }
> +
> + @Test
> + public void testParamsInHeader() throws Exception {
> + HttpFetcher fetcher;
> + HttpRequest request;
> + HttpResponse response;
> +
> + serviceProvider.setParamLocation(OAuthParamLocation.AUTH_HEADER);
> +
> + fetcher = getFetcher(
> + getHeaderSecurityToken("owner", "owner"),
> + new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, null,
> false));
> + request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
> + response = fetcher.fetch(request);
> + String clientState = response.getMetadata().get("oauthState");
> + assertNotNull(clientState);
> + String approvalUrl = response.getMetadata().get("oauthApprovalUrl");
> + assertNotNull(approvalUrl);
> +
> + serviceProvider.browserVisit(approvalUrl + "&user_data=hello-oauth");
> +
> + fetcher = getFetcher(
> + getHeaderSecurityToken("owner", "owner"),
> + new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null,
> clientState, false));
> + request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
> + response = fetcher.fetch(request);
> + assertEquals("User data is hello-oauth",
> response.getResponseAsString());
> +
> + String aznHeader =
> response.getHeader(FakeOAuthServiceProvider.AUTHZ_ECHO_HEADER);
> + assertNotNull(aznHeader);
> + assertTrue("azn header: " + aznHeader, aznHeader.indexOf("OAuth") !=
> -1);
> + }
> +
> + @Test
> + public void testParamsInBody() throws Exception {
> + HttpFetcher fetcher;
> + HttpRequest request;
> + HttpResponse response;
> +
> + serviceProvider.setParamLocation(OAuthParamLocation.POST_BODY);
> +
> + fetcher = getFetcher(
> + getBodySecurityToken("owner", "owner"),
> + new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, null,
> false));
> + request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
> + response = fetcher.fetch(request);
> + String clientState = response.getMetadata().get("oauthState");
> + assertNotNull(clientState);
> + String approvalUrl = response.getMetadata().get("oauthApprovalUrl");
> + assertNotNull(approvalUrl);
> +
> + serviceProvider.browserVisit(approvalUrl + "&user_data=hello-oauth");
> +
> + fetcher = getFetcher(
> + getBodySecurityToken("owner", "owner"),
> + new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null,
> clientState, false));
> + request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
> + request.setHeader("content-type",
> "application/x-www-form-urlencoded");
> + request.setMethod("POST");
> + response = fetcher.fetch(request);
> + assertEquals("User data is hello-oauth",
> response.getResponseAsString());
> +
> + String echoedBody =
> response.getHeader(FakeOAuthServiceProvider.BODY_ECHO_HEADER);
> + assertNotNull(echoedBody);
> + assertTrue("body: " + echoedBody,
> echoedBody.indexOf("oauth_consumer_key=") != -1);
> + }
> +
> + @Test
> + public void testParamsInBody_withExtraParams() throws Exception {
> + HttpFetcher fetcher;
> + HttpRequest request;
> + HttpResponse response;
> +
> + serviceProvider.setParamLocation(OAuthParamLocation.POST_BODY);
> +
> + fetcher = getFetcher(
> + getBodySecurityToken("owner", "owner"),
> + new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, null,
> false));
> + request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
> + response = fetcher.fetch(request);
> + String clientState = response.getMetadata().get("oauthState");
> + assertNotNull(clientState);
> + String approvalUrl = response.getMetadata().get("oauthApprovalUrl");
> + assertNotNull(approvalUrl);
> +
> + serviceProvider.browserVisit(approvalUrl + "&user_data=hello-oauth");
> +
> + fetcher = getFetcher(
> + getBodySecurityToken("owner", "owner"),
> + new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null,
> clientState, false));
> + request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
> + request.setHeader("content-type",
> "application/x-www-form-urlencoded");
> + request.setMethod("POST");
> + request.setPostBody(CharsetUtil.getUtf8Bytes("foo=bar&foo=baz"));
> + response = fetcher.fetch(request);
> + assertEquals("User data is hello-oauth",
> response.getResponseAsString());
> +
> + String echoedBody =
> response.getHeader(FakeOAuthServiceProvider.BODY_ECHO_HEADER);
> + assertNotNull(echoedBody);
> + assertTrue("body: " + echoedBody,
> echoedBody.indexOf("oauth_consumer_key=") != -1);
> + assertTrue("body: " + echoedBody,
> echoedBody.indexOf("foo=bar&foo=baz") != -1);
> + }
> +
> + @Test
> + public void testParamsInBody_forGetRequest() throws Exception {
> + HttpFetcher fetcher;
> + HttpRequest request;
> + HttpResponse response;
> +
> + // We're sending a GET request with an auth-header, let the SP look in
> the header for the authz
> + // params.
> + serviceProvider.setParamLocation(OAuthParamLocation.POST_BODY);
> + serviceProvider.addParamLocation(OAuthParamLocation.AUTH_HEADER);
> +
> + fetcher = getFetcher(
> + getBodySecurityToken("owner", "owner"),
> + new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, null,
> false));
> + request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
> + response = fetcher.fetch(request);
> + String clientState = response.getMetadata().get("oauthState");
> + assertNotNull(clientState);
> + String approvalUrl = response.getMetadata().get("oauthApprovalUrl");
> + assertNotNull(approvalUrl);
> +
> + serviceProvider.browserVisit(approvalUrl + "&user_data=hello-oauth");
> +
> + fetcher = getFetcher(
> + getBodySecurityToken("owner", "owner"),
> + new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null,
> clientState, false));
> + request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
> +
> + response = fetcher.fetch(request);
> + assertEquals("User data is hello-oauth",
> response.getResponseAsString());
> +
> + String aznHeader =
> response.getHeader(FakeOAuthServiceProvider.AUTHZ_ECHO_HEADER);
> + assertNotNull(aznHeader);
> + assertTrue("azn header: " + aznHeader, aznHeader.indexOf("OAuth") !=
> -1);
> + }
> +
> + @Test
> + public void testParamsInBody_forGetRequestStrictSp() throws Exception {
> + HttpFetcher fetcher;
> + HttpRequest request;
> + HttpResponse response;
> +
> + serviceProvider.setParamLocation(OAuthParamLocation.POST_BODY);
> +
> + fetcher = getFetcher(
> + getBodySecurityToken("owner", "owner"),
> + new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, null,
> false));
> + request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
> + response = fetcher.fetch(request);
> + String clientState = response.getMetadata().get("oauthState");
> + assertNotNull(clientState);
> + String approvalUrl = response.getMetadata().get("oauthApprovalUrl");
> + assertNotNull(approvalUrl);
> +
> + serviceProvider.browserVisit(approvalUrl + "&user_data=hello-oauth");
> +
> + fetcher = getFetcher(
> + getBodySecurityToken("owner", "owner"),
> + new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null,
> clientState, false));
> + request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
> +
> + // Failed because the SP doesn't accept authz headers
> + response = fetcher.fetch(request);
> + approvalUrl = response.getMetadata().get("oauthApprovalUrl");
> + assertNotNull(approvalUrl);
> + }
> +
> + @Test
> + public void testPlainTextParams() throws Exception {
> + HttpFetcher fetcher;
> + HttpRequest request;
> + HttpResponse response;
> +
> + serviceProvider.setParamLocation(OAuthParamLocation.AUTH_HEADER);
> +
> + fetcher = getFetcher(
> + getHeaderSecurityToken("owner", "owner"),
> + new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, null,
> false));
> + request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
> + response = fetcher.fetch(request);
> + String clientState = response.getMetadata().get("oauthState");
> + assertNotNull(clientState);
> + String approvalUrl = response.getMetadata().get("oauthApprovalUrl");
> + assertNotNull(approvalUrl);
> +
> + serviceProvider.browserVisit(approvalUrl + "&user_data=hello-oauth");
> +
> + fetcher = getFetcher(
> + getHeaderSecurityToken("owner", "owner"),
> + new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null,
> clientState, false));
> + request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
> + response = fetcher.fetch(request);
> + assertEquals("User data is hello-oauth",
> response.getResponseAsString());
> +
> + String aznHeader =
> response.getHeader(FakeOAuthServiceProvider.AUTHZ_ECHO_HEADER);
> + assertNotNull(aznHeader);
> + assertTrue("azn header: " + aznHeader, aznHeader.indexOf("OAuth") !=
> -1);
> + }
>
> @Test
> public void testRevokedAccessToken() throws Exception {
> @@ -195,7 +439,7 @@
> HttpResponse response;
>
> fetcher = getFetcher(
> - getSecurityToken("owner", "owner"),
> + getNormalSecurityToken("owner", "owner"),
> new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, null,
> false));
> request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
> response = fetcher.fetch(request);
> @@ -207,7 +451,7 @@
> serviceProvider.browserVisit(approvalUrl + "&user_data=hello-oauth");
>
> fetcher = getFetcher(
> - getSecurityToken("owner", "owner"),
> + getNormalSecurityToken("owner", "owner"),
> new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null,
> clientState, false));
> request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
> response = fetcher.fetch(request);
> @@ -216,7 +460,7 @@
> serviceProvider.revokeAllAccessTokens();
>
> fetcher = getFetcher(
> - getSecurityToken("owner", "owner"),
> + getNormalSecurityToken("owner", "owner"),
> new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null,
> clientState, false));
> request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
> request.setIgnoreCache(true);
> @@ -229,7 +473,7 @@
>
> serviceProvider.browserVisit(approvalUrl + "&user_data=reapproved");
> fetcher = getFetcher(
> - getSecurityToken("owner", "owner"),
> + getNormalSecurityToken("owner", "owner"),
> new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null,
> clientState, false));
> request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
> request.setIgnoreCache(true);
> @@ -247,7 +491,7 @@
> serviceProvider.setVagueErrors(true);
>
> fetcher = getFetcher(
> - getSecurityToken("owner", "owner"),
> + getNormalSecurityToken("owner", "owner"),
> new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, null,
> false));
> request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
> response = fetcher.fetch(request);
> @@ -259,7 +503,7 @@
> serviceProvider.browserVisit(approvalUrl + "&user_data=hello-oauth");
>
> fetcher = getFetcher(
> - getSecurityToken("owner", "owner"),
> + getNormalSecurityToken("owner", "owner"),
> new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null,
> clientState, false));
> request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
> response = fetcher.fetch(request);
> @@ -268,7 +512,7 @@
> serviceProvider.revokeAllAccessTokens();
>
> fetcher = getFetcher(
> - getSecurityToken("owner", "owner"),
> + getNormalSecurityToken("owner", "owner"),
> new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null,
> clientState, false));
> request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
> request.setIgnoreCache(true);
> @@ -281,7 +525,7 @@
>
> serviceProvider.browserVisit(approvalUrl + "&user_data=reapproved");
> fetcher = getFetcher(
> - getSecurityToken("owner", "owner"),
> + getNormalSecurityToken("owner", "owner"),
> new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null,
> clientState, false));
> request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
> request.setIgnoreCache(true);
> @@ -339,7 +583,7 @@
> assertEquals(0, serviceProvider.getResourceAccessCount());
>
> fetcher = getFetcher(
> - getSecurityToken("owner", "owner"),
> + getNormalSecurityToken("owner", "owner"),
> new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, null,
> false));
> request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
> request.setIgnoreCache(true);
> @@ -356,7 +600,7 @@
> serviceProvider.browserVisit(approvalUrl + "&user_data=hello-oauth");
>
> fetcher = getFetcher(
> - getSecurityToken("owner", "owner"),
> + getNormalSecurityToken("owner", "owner"),
> new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null,
> clientState, false));
> request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
> request.setIgnoreCache(true);
> @@ -369,7 +613,7 @@
> assertEquals(1, serviceProvider.getResourceAccessCount());
>
> fetcher = getFetcher(
> - getSecurityToken("owner", "owner"),
> + getNormalSecurityToken("owner", "owner"),
> new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null,
> clientState, false));
> request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
> request.setIgnoreCache(true);
> @@ -384,7 +628,7 @@
> serviceProvider.setConsumersThrottled(true);
>
> fetcher = getFetcher(
> - getSecurityToken("owner", "owner"),
> + getNormalSecurityToken("owner", "owner"),
> new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, null,
> false));
> request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
> @@ -405,7 +649,7 @@
> serviceProvider.setConsumersThrottled(false);
>
> fetcher = getFetcher(
> - getSecurityToken("owner", "owner"),
> + getNormalSecurityToken("owner", "owner"),
> new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null,
> clientState, false));
> request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
> @@ -427,7 +671,7 @@
> HttpResponse response;
>
> fetcher = getFetcher(
> - getSecurityToken("owner", "owner"),
> + getNormalSecurityToken("owner", "owner"),
> new OAuthArguments("nosuchservice", null, null, false));
> request = new HttpRequest(
> Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
> @@ -459,7 +703,7 @@
> FakeGadgetSpecFactory.SERVICE_NAME, null, null, false,
> reqToken.token,
> reqToken.secret);
>
> - fetcher = getFetcher(getSecurityToken("owner", "owner"), params);
> + fetcher = getFetcher(getNormalSecurityToken("owner", "owner"),
> params);
> request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
> response = fetcher.fetch(request);
>
> @@ -472,7 +716,7 @@
> assertEquals(1, serviceProvider.getAccessTokenCount());
> assertEquals(1, serviceProvider.getResourceAccessCount());
>
> - fetcher = getFetcher(getSecurityToken("owner", "owner"), params);
> + fetcher = getFetcher(getNormalSecurityToken("owner", "owner"),
> params);
> request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
> request.setIgnoreCache(true);
> response = fetcher.fetch(request);
> @@ -482,7 +726,7 @@
> assertEquals(1, serviceProvider.getAccessTokenCount());
> assertEquals(2, serviceProvider.getResourceAccessCount());
>
> - fetcher = getFetcher(getSecurityToken("owner", "owner"), params);
> + fetcher = getFetcher(getNormalSecurityToken("owner", "owner"),
> params);
> request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
> request.setIgnoreCache(true);
> response = fetcher.fetch(request);
> @@ -502,7 +746,7 @@
> OAuthArguments params = new OAuthArguments(
> FakeGadgetSpecFactory.SERVICE_NAME, null, null, false, "garbage",
> "garbage");
>
> - fetcher = getFetcher(getSecurityToken("owner", "owner"), params);
> + fetcher = getFetcher(getNormalSecurityToken("owner", "owner"),
> params);
> request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
> response = fetcher.fetch(request);
> String clientState = response.getMetadata().get("oauthState");
> @@ -515,7 +759,7 @@
> params = new OAuthArguments(
> FakeGadgetSpecFactory.SERVICE_NAME, null, clientState, false,
> "garbage", "garbage");
>
> - fetcher = getFetcher(getSecurityToken("owner", "owner"), params);
> + fetcher = getFetcher(getNormalSecurityToken("owner", "owner"),
> params);
> request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
> response = fetcher.fetch(request);
> assertEquals("User data is hello-oauth",
> response.getResponseAsString());
> @@ -523,7 +767,7 @@
>
> params = new OAuthArguments(
> FakeGadgetSpecFactory.SERVICE_NAME, null, clientState, false,
> "garbage", "garbage");
> - fetcher = getFetcher(getSecurityToken("owner", "owner"), params);
> + fetcher = getFetcher(getNormalSecurityToken("owner", "owner"),
> params);
> request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
> response = fetcher.fetch(request);
> assertEquals("User data is hello-oauth",
> response.getResponseAsString());
> @@ -539,7 +783,7 @@
> OAuthArguments params = new OAuthArguments(
> FakeGadgetSpecFactory.SERVICE_NAME, null, null, false, "garbage",
> "garbage");
>
> - fetcher = getFetcher(getSecurityToken("owner", "owner"), params);
> + fetcher = getFetcher(getNormalSecurityToken("owner", "owner"),
> params);
> request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
> response = fetcher.fetch(request);
> String clientState = response.getMetadata().get("oauthState");
> @@ -552,7 +796,7 @@
> params = new OAuthArguments(
> FakeGadgetSpecFactory.SERVICE_NAME, null, clientState, false,
> "garbage", "garbage");
>
> - fetcher = getFetcher(getSecurityToken("owner", "owner"), params);
> + fetcher = getFetcher(getNormalSecurityToken("owner", "owner"),
> params);
> request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
> response = fetcher.fetch(request);
> assertEquals("User data is hello-oauth",
> response.getResponseAsString());
> @@ -562,7 +806,7 @@
> params = new OAuthArguments(
> FakeGadgetSpecFactory.SERVICE_NAME, null, null, false, "garbage",
> "garbage");
> - fetcher = getFetcher(getSecurityToken("owner", "owner"), params);
> + fetcher = getFetcher(getNormalSecurityToken("owner", "owner"),
> params);
> request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
> response = fetcher.fetch(request);
> assertEquals("User data is hello-oauth",
> response.getResponseAsString());
> @@ -579,7 +823,7 @@
> assertEquals(0, serviceProvider.getResourceAccessCount());
>
> fetcher = getFetcher(
> - getSecurityToken("owner", "owner"),
> + getNormalSecurityToken("owner", "owner"),
> new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, null,
> false));
> request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
> response = fetcher.fetch(request);
> @@ -591,7 +835,7 @@
> serviceProvider.browserVisit(approvalUrl + "&user_data=hello-oauth");
>
> fetcher = getFetcher(
> - getSecurityToken("owner", "owner"),
> + getNormalSecurityToken("owner", "owner"),
> new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null,
> clientState, false));
> request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
> response = fetcher.fetch(request);
> @@ -602,7 +846,7 @@
> assertEquals(1, serviceProvider.getResourceAccessCount());
>
> fetcher = getFetcher(
> - getSecurityToken("owner", "somebody else"),
> + getNormalSecurityToken("owner", "somebody else"),
> new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, null,
> false));
> request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
> response = fetcher.fetch(request);
>
>
>