Examples of org.apache.shindig.gadgets.oauth.testing.MakeRequestClient

• org.apache.shindig.gadgets.oauth.testing.MakeRequestClient
  Test utility to emulate the requests sent via gadgets.io.makeRequest. The simulation starts at what arrives at OAuthRequest. Code above OAuthRequest (MakeRequestHandler, preloads) are not exercised here.

  }

  @Test(expected=RuntimeException.class)
  public void testPostTamperedRawContent() throws Exception {
    byte[] raw = { 0, 1, 2, 3, 4, 5 };
    MakeRequestClient client = makeSignedFetchClient("o", "v", "http://www.example.com/app");
    // Tamper with the body before it hits the service provider
    client.setNextFetcher(new HttpFetcher() {
      public HttpResponse fetch(HttpRequest request) throws GadgetException {
        request.setPostBody("yo momma".getBytes());
        return serviceProvider.fetch(request);
      }
    });
    client.sendRawPost(FakeOAuthServiceProvider.RESOURCE_URL,
       "funky-content", raw);
    fail("Should have thrown with oauth_body_hash mismatch");
  }

    fail("Should have thrown with oauth_body_hash mismatch");
  }

  @Test(expected=RuntimeException.class)
  public void testPostTamperedFormContent() throws Exception {
    MakeRequestClient client = makeSignedFetchClient("o", "v", "http://www.example.com/app");
    // Tamper with the body before it hits the service provider
    client.setNextFetcher(new HttpFetcher() {
      public HttpResponse fetch(HttpRequest request) throws GadgetException {
        request.setPostBody("foo=quux".getBytes());
        return serviceProvider.fetch(request);
      }
    });
    client.sendFormPost(FakeOAuthServiceProvider.RESOURCE_URL, "foo=bar");
    fail("Should have thrown with oauth signature mismatch");
  }

  }

  @Test(expected=RuntimeException.class)
  public void testPostTamperedRemoveRawContent() throws Exception {
    byte[] raw = { 0, 1, 2, 3, 4, 5 };
    MakeRequestClient client = makeSignedFetchClient("o", "v", "http://www.example.com/app");
    // Tamper with the body before it hits the service provider
    client.setNextFetcher(new HttpFetcher() {
      public HttpResponse fetch(HttpRequest request) throws GadgetException {
        request.setPostBody(ArrayUtils.EMPTY_BYTE_ARRAY);
        request.setHeader("Content-Type", "application/x-www-form-urlencoded");
        return serviceProvider.fetch(request);
      }
    });
    client.sendRawPost(FakeOAuthServiceProvider.RESOURCE_URL,
        "funky-content", raw);
    fail("Should have thrown with body hash in form encoded request");
  }

  @Test
  public void testSignedFetch_error401() throws Exception {
    assertEquals(0, base.getAccessTokenRemoveCount());
    serviceProvider.setConsumerUnauthorized(true);
    serviceProvider.setVagueErrors(true);
    MakeRequestClient client = makeSignedFetchClient("o", "v", "http://www.example.com/app");

    HttpResponse response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL);
    assertNull(response.getMetadata().get("oauthError"));
    String errorText = response.getMetadata().get("oauthErrorText");
    checkStringContains("Should return sent request", errorText, "GET /data");
    checkStringContains("Should return response", errorText, "HTTP/1.1 401");
    checkStringContains("Should return response", errorText, "some vague error");

  @Test
  public void testSignedFetch_error403() throws Exception {
    assertEquals(0, base.getAccessTokenRemoveCount());
    serviceProvider.setConsumersThrottled(true);
    serviceProvider.setVagueErrors(true);
    MakeRequestClient client = makeSignedFetchClient("o", "v", "http://www.example.com/app");

    HttpResponse response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL);
    assertNull(response.getMetadata().get("oauthError"));
    String errorText = response.getMetadata().get("oauthErrorText");
    checkStringContains("Should return sent request", errorText, "GET /data");
    checkStringContains("Should return response", errorText, "HTTP/1.1 403");
    checkStringContains("Should return response", errorText, "some vague error");

  @Test
  public void testSignedFetch_unnamedConsumerKey() throws Exception {
    BasicOAuthStoreConsumerKeyAndSecret defaultKey = new BasicOAuthStoreConsumerKeyAndSecret(
        null, FakeOAuthServiceProvider.PRIVATE_KEY_TEXT, KeyType.RSA_PRIVATE, "foo", null);
    base.setDefaultKey(defaultKey);
    MakeRequestClient client = makeSignedFetchClient("o", "v", "http://www.example.com/app");
    HttpResponse resp = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL);
    List<Parameter> queryParams = OAuth.decodeForm(resp.getResponseAsString());
    assertTrue(contains(queryParams, "opensocial_owner_id", "o"));
    assertTrue(contains(queryParams, "opensocial_viewer_id", "v"));
    assertTrue(contains(queryParams, "opensocial_app_id", "app"));
    assertTrue(contains(queryParams, OAuth.OAUTH_CONSUMER_KEY, "container.com"));

    assertTrue(contains(queryParams, "xoauth_public_key", "foo"));
  }

  @Test
  public void testSignedFetch_extraQueryParameters() throws Exception {
    MakeRequestClient client = makeSignedFetchClient("o", "v", "http://www.example.com/app");
    HttpResponse resp = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL + "?foo=bar&foo=baz");
    List<Parameter> queryParams = OAuth.decodeForm(resp.getResponseAsString());
    assertTrue(contains(queryParams, "opensocial_owner_id", "o"));
    assertTrue(contains(queryParams, "opensocial_viewer_id", "v"));
    assertTrue(contains(queryParams, "opensocial_app_id", "app"));
    assertTrue(contains(queryParams, OAuth.OAUTH_CONSUMER_KEY, "signedfetch"));

    assertTrue(contains(queryParams, "xoauth_public_key", "foo"));
  }

  @Test
  public void testNoSignViewer() throws Exception {
    MakeRequestClient client = makeSignedFetchClient("o", "v", "http://www.example.com/app");
    client.getBaseArgs().setSignViewer(false);
    HttpResponse resp = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL);
    List<Parameter> queryParams = OAuth.decodeForm(resp.getResponseAsString());
    assertTrue(contains(queryParams, "opensocial_owner_id", "o"));
    assertFalse(contains(queryParams, "opensocial_viewer_id", "v"));
  }

    assertFalse(contains(queryParams, "opensocial_viewer_id", "v"));
  }

  @Test
  public void testNoSignOwner() throws Exception {
    MakeRequestClient client = makeSignedFetchClient("o", "v", "http://www.example.com/app");
    client.getBaseArgs().setSignOwner(false);
    HttpResponse resp = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL);
    List<Parameter> queryParams = OAuth.decodeForm(resp.getResponseAsString());
    assertFalse(contains(queryParams, "opensocial_owner_id", "o"));
    assertTrue(contains(queryParams, "opensocial_viewer_id", "v"));
  }

    assertTrue(contains(queryParams, "opensocial_viewer_id", "v"));
  }

  @Test
  public void testTrickyParametersInQuery() throws Exception {
    MakeRequestClient client = makeSignedFetchClient("o", "v", "http://www.example.com/app");
    String tricky = "%6fpensocial_owner_id=gotcha";
    HttpResponse resp = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL + '?' + tricky);
    assertEquals(OAuthError.INVALID_PARAMETER.name(),
        resp.getMetadata().get(OAuthResponseParams.ERROR_CODE));
    checkStringContains("Wrong error text", resp.getMetadata().get("oauthErrorText"),
        "Invalid parameter name opensocial_owner_id, applications may not override " +
        "oauth, xoauth, or opensocial parameters");