Package org.apache.shindig.common.testing

Examples of org.apache.shindig.common.testing.FakeHttpServletRequest

498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
   *
   * @throws Exception
   */
  @Test
  public void testGetAccessTokenBadClient() throws Exception {
    FakeHttpServletRequest req = new FakeHttpServletRequest(
        "http://localhost:8080", "/oauth2",
        "client_id=BAD_CLIENT&grant_type=authorization_code&redirect_uri="
            + URLEncoder.encode(REDIRECT_URI, "UTF-8") + "&code="
            + PUBLIC_AUTH_CODE);
    req.setMethod("GET");
    req.setServletPath("/oauth2");
    req.setPathInfo("/access_token");
    HttpServletResponse resp = mock(HttpServletResponse.class);
    resp.setStatus(HttpServletResponse.SC_BAD_REQUEST);
    MockServletOutputStream outputStream = new MockServletOutputStream();
    EasyMock.expect(resp.getOutputStream()).andReturn(outputStream).anyTimes();
    PrintWriter writer = new PrintWriter(outputStream);
View Full Code Here
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
   *
   * @throws Exception
   */
  @Test
  public void testGetAccessTokenBadGrantType() throws Exception {
    FakeHttpServletRequest req = new FakeHttpServletRequest(
        "http://localhost:8080", "/oauth2", "client_id=" + PUBLIC_CLIENT_ID
            + "&grant_type=BAD_GRANT&redirect_uri="
            + URLEncoder.encode(REDIRECT_URI, "UTF-8") + "&code="
            + PUBLIC_AUTH_CODE);
    req.setMethod("GET");
    req.setServletPath("/oauth2");
    req.setPathInfo("/access_token");
    HttpServletResponse resp = mock(HttpServletResponse.class);
    resp.setStatus(HttpServletResponse.SC_BAD_REQUEST);
    MockServletOutputStream outputStream = new MockServletOutputStream();
    EasyMock.expect(resp.getOutputStream()).andReturn(outputStream).anyTimes();
    PrintWriter writer = new PrintWriter(outputStream);
View Full Code Here
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
   *
   * @throws Exception
   */
  @Test
  public void testGetAccessTokenBadAuthCode() throws Exception {
    FakeHttpServletRequest req = new FakeHttpServletRequest(
        "http://localhost:8080", "/oauth2", "client_id=" + PUBLIC_CLIENT_ID
            + "&grant_type=authorization_code&redirect_uri="
            + URLEncoder.encode(REDIRECT_URI, "UTF-8") + "&code=BAD-CODE-OMG");
    req.setMethod("GET");
    req.setServletPath("/oauth2");
    req.setPathInfo("/access_token");
    HttpServletResponse resp = mock(HttpServletResponse.class);
    resp.setStatus(HttpServletResponse.SC_BAD_REQUEST);
    MockServletOutputStream outputStream = new MockServletOutputStream();
    EasyMock.expect(resp.getOutputStream()).andReturn(outputStream).anyTimes();
    PrintWriter writer = new PrintWriter(outputStream);
View Full Code Here
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
   * Test attempting to re-use an authorization code to get a new access token.
   */
  @Test
  public void testReuseAuthorizationCode() throws Exception {
    // get authorization code
    FakeHttpServletRequest req = new FakeHttpServletRequest("http://localhost:8080","/oauth2", "client_id=" + CONF_CLIENT_ID + "&client_secret="+CONF_CLIENT_SECRET+"&response_type=code&redirect_uri="+URLEncoder.encode(REDIRECT_URI,"UTF-8"));
    req.setMethod("GET");
    req.setServletPath("/oauth2");
    req.setPathInfo("/authorize");
    HttpServletResponse resp = mock(HttpServletResponse.class);
    Capture<String> redirectURI = new Capture<String>();
    resp.setHeader(EasyMock.eq("Location"), EasyMock.capture(redirectURI));
    resp.setStatus(EasyMock.eq(HttpServletResponse.SC_FOUND));
    MockServletOutputStream outputStream = new MockServletOutputStream();
    EasyMock.expect(resp.getOutputStream()).andReturn(outputStream).anyTimes();
    PrintWriter writer = new PrintWriter(outputStream);
    EasyMock.expect(resp.getWriter()).andReturn(writer).anyTimes();
    replay();
    servlet.service(req, resp);
    writer.flush();
    String response = new String(outputStream.getBuffer(),"UTF-8");
    assertTrue(response == null || response.equals(""));
    verify();
    assertTrue(redirectURI.getValue().startsWith(REDIRECT_URI+"?code="));
    String code = redirectURI.getValue().substring(redirectURI.getValue().indexOf("=")+1);
    UUID id = UUID.fromString(code);
    assertTrue(id != null);
    System.out.println("Retrieved authorization code: " + code);

    reset();

    // use authorization code to get access token
    req = new FakeHttpServletRequest("http://localhost:8080","/oauth2", "client_id=" + CONF_CLIENT_ID + "&grant_type=authorization_code&redirect_uri=" + URLEncoder.encode(REDIRECT_URI,"UTF-8") + "&code=" + code + "&client_secret=" + CONF_CLIENT_SECRET);
    req.setMethod("GET");
    req.setServletPath("/oauth2");
    req.setPathInfo("/access_token");
    resp = mock(HttpServletResponse.class);
    resp.setStatus(HttpServletResponse.SC_OK);
    outputStream = new MockServletOutputStream();
    EasyMock.expect(resp.getOutputStream()).andReturn(outputStream).anyTimes();
    writer = new PrintWriter(outputStream);
    EasyMock.expect(resp.getWriter()).andReturn(writer).anyTimes();
    replay();
    servlet.service(req, resp);
    writer.flush();
    JSONObject tokenResponse = new JSONObject(new String(outputStream.getBuffer(),"UTF-8"));
    assertEquals("bearer",tokenResponse.getString("token_type"));
    assertNotNull(tokenResponse.getString("access_token"));
    assertTrue(tokenResponse.getLong("expires_in") > 0);
    verify();
    String accessToken = tokenResponse.getString("access_token");
    System.out.println("Retrieved access token: " + accessToken);

    reset();

    // ensure access token can get security token for accessing resources
    OAuth2AuthenticationHandler handler = injector.getInstance(OAuth2AuthenticationHandler.class);
    req = new FakeHttpServletRequest("http://localhost:8080","/social/rest/activitystreams/john.doe/@self/1/object1", "access_token=" + accessToken);
    req.setMethod("GET");
    SecurityToken token = handler.getSecurityTokenFromRequest(req);
    assertNotNull(token);

    reset();

    // attempt to re-use authorization code to get new access token
    req = new FakeHttpServletRequest("http://localhost:8080","/oauth2", "client_id=" + CONF_CLIENT_ID + "&grant_type=authorization_code&redirect_uri=" + URLEncoder.encode(REDIRECT_URI,"UTF-8") + "&code=" + code + "&client_secret=" + CONF_CLIENT_SECRET);
    req.setMethod("GET");
    req.setServletPath("/oauth2");
    req.setPathInfo("/access_token");
    resp = mock(HttpServletResponse.class);
    resp.setStatus(HttpServletResponse.SC_FORBIDDEN);
    outputStream = new MockServletOutputStream();
    EasyMock.expect(resp.getOutputStream()).andReturn(outputStream).anyTimes();
    writer = new PrintWriter(outputStream);
    EasyMock.expect(resp.getWriter()).andReturn(writer).anyTimes();
    replay();
    servlet.service(req, resp);
    writer.flush();
    tokenResponse = new JSONObject(new String(outputStream.getBuffer(),"UTF-8"));
    System.out.println("Rejection response: " + tokenResponse.toString());
    assertEquals("invalid_grant",tokenResponse.getString("error"));
    verify();

    // use (revoked) access token to get a resource
    req = new FakeHttpServletRequest("http://localhost:8080","/social/rest/activitystreams/john.doe/@self/1/object1", "access_token=" + accessToken);
    req.setMethod("GET");
    try {
      handler.getSecurityTokenFromRequest(req);
    } catch (InvalidAuthenticationException ist) {
      return; // test passed
    }
View Full Code Here
145
146
147
148
149
150
151
152
153
154
  public void testVerifyGet() throws Exception {
    expectTokenEntry();
    expectConsumer();
    replay();
    FakeOAuthRequest get = new FakeOAuthRequest("GET", TEST_URL, null, null);
    FakeHttpServletRequest request = get.sign(TOKEN,
        FakeOAuthRequest.OAuthParamLocation.URI_QUERY,
        FakeOAuthRequest.BodySigning.NONE);
    assertNotNull(reqHandler.getSecurityTokenFromRequest(request));
  }
View Full Code Here
157
158
159
160
161
162
163
164
165
166
  public void testVerifyGetSignatureInHeader() throws Exception {
    expectTokenEntry();
    expectConsumer();
    replay();
    FakeOAuthRequest get = new FakeOAuthRequest("GET", TEST_URL, null, null);
    FakeHttpServletRequest request = get.sign(TOKEN,
        FakeOAuthRequest.OAuthParamLocation.AUTH_HEADER,
        FakeOAuthRequest.BodySigning.NONE);
    assertNotNull(reqHandler.getSecurityTokenFromRequest(request));
  }
View Full Code Here
272
273
274
275
276
277
278
279
280
281
  public void testVerifyConsumerGet() throws Exception {
    expectConsumer();
    expectSecurityToken();
    replay();
    FakeOAuthRequest get = new FakeOAuthRequest("GET", TEST_URL, null, null);
    FakeHttpServletRequest request = get.sign(null,
        FakeOAuthRequest.OAuthParamLocation.URI_QUERY,
        FakeOAuthRequest.BodySigning.NONE);
    assertNotNull(reqHandler.getSecurityTokenFromRequest(request));
  }
View Full Code Here
284
285
286
287
288
289
290
291
292
293
  public void testVerifyConsumerGetSignatureInHeader() throws Exception {
    expectConsumer();
    expectSecurityToken();
    replay();
    FakeOAuthRequest get = new FakeOAuthRequest("GET", TEST_URL, null, null);
    FakeHttpServletRequest request = get.sign(null,
        FakeOAuthRequest.OAuthParamLocation.AUTH_HEADER,
        FakeOAuthRequest.BodySigning.NONE);
    assertNotNull(reqHandler.getSecurityTokenFromRequest(request));
  }
View Full Code Here
317
318
319
320
321
322
323
324
325
326
327
328
329
  }

  @Test
  public void testNoSignature() throws Exception {
    replay();
    FakeHttpServletRequest request = formEncodedPost.sign(null,
        FakeOAuthRequest.OAuthParamLocation.URI_QUERY,
        FakeOAuthRequest.BodySigning.NONE);
    // A request without a signature is not an OAuth request
    request.setParameter(OAuth.OAUTH_SIGNATURE, "");
    SecurityToken st = reqHandler.getSecurityTokenFromRequest(request);
    assertNull(st);
  }
View Full Code Here
332
333
334
335
336
337
338
339
340
341
  public void testBodyHashSigning() throws Exception {
    expectConsumer();
    expectSecurityToken();
    replay();

    FakeHttpServletRequest request = nonFormEncodedPost.sign(null,
        FakeOAuthRequest.OAuthParamLocation.URI_QUERY,
        FakeOAuthRequest.BodySigning.HASH);
    assertNotNull(reqHandler.getSecurityTokenFromRequest(request));
  }
View Full Code Here
TOP

Related Classes of org.apache.shindig.common.testing.FakeHttpServletRequest

  • org.apache.shindig.auth.AuthInfoTest
  • org.apache.shindig.auth.AuthInfoUtilTest
  • org.apache.shindig.auth.UrlParameterAuthenticationHandlerTest
  • org.apache.shindig.common.util.JsonConversionUtilTest
  • org.apache.shindig.gadgets.oauth.OAuthArgumentsTest
  • org.apache.shindig.protocol.DataServiceServletTest
  • org.apache.shindig.protocol.multipart.DefaultMultipartFormParserTest
  • org.apache.shindig.social.core.oauth.FakeOAuthRequest
  • org.apache.shindig.social.core.oauth.OAuth2AuthCodeFlowTest
  • org.apache.shindig.social.core.oauth.OAuth2AuthenticationHandlerTest
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.