/*
* Copyright 2015 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.social.oauth1;
import static org.hamcrest.core.StringContains.*;
import static org.junit.Assert.*;
import static org.springframework.http.HttpMethod.*;
import static org.springframework.test.web.client.match.MockRestRequestMatchers.*;
import static org.springframework.test.web.client.response.MockRestResponseCreators.*;
import org.junit.Before;
import org.junit.Test;
import org.springframework.core.io.ClassPathResource;
import org.springframework.http.HttpHeaders;
import org.springframework.http.MediaType;
import org.springframework.test.web.client.MockRestServiceServer;
import org.springframework.test.web.client.RequestMatcher;
import org.springframework.util.MultiValueMap;
public class OAuth1TemplateTest {
private static final String ACCESS_TOKEN_URL = "http://www.someprovider.com/oauth/accessToken";
private static final String AUTHENTICATE_URL = "https://www.someprovider.com/oauth/authenticate";
private static final String AUTHORIZE_URL = "https://www.someprovider.com/oauth/authorize";
private static final String REQUEST_TOKEN_URL = "https://www.someprovider.com/oauth/requestToken";
private OAuth1Template oauth10a;
private OAuth1Template oauth10;
private OAuth1Template customOauth10;
@Before
public void setup() {
oauth10a = new OAuth1Template("consumer_key", "consumer_secret", REQUEST_TOKEN_URL, AUTHORIZE_URL, null, ACCESS_TOKEN_URL, OAuth1Version.CORE_10_REVISION_A);
oauth10 = new OAuth1Template("consumer_key", "consumer_secret", REQUEST_TOKEN_URL, AUTHORIZE_URL, AUTHENTICATE_URL, ACCESS_TOKEN_URL, OAuth1Version.CORE_10);
customOauth10 = new OAuth1Template("consumer_key", "consumer_secret", REQUEST_TOKEN_URL, AUTHORIZE_URL, null, ACCESS_TOKEN_URL, OAuth1Version.CORE_10) {
protected void addCustomAuthorizationParameters(MultiValueMap<String,String> parameters) {
parameters.set("custom_parameter", "custom_parameter_value");
};
};
}
@Test
public void buildAuthorizeUrl() {
OAuth1Parameters parameters = new OAuth1Parameters(null);
parameters.setCallbackUrl("http://www.someclient.com/oauth/callback");
assertEquals(AUTHORIZE_URL + "?oauth_token=request_token",
oauth10a.buildAuthorizeUrl("request_token", OAuth1Parameters.NONE));
assertEquals(AUTHORIZE_URL + "?oauth_token=request_token&oauth_callback=http%3A%2F%2Fwww.someclient.com%2Foauth%2Fcallback",
oauth10.buildAuthorizeUrl("request_token", parameters));
}
@Test
public void buildAuthorizeUrl_customAuthorizeParameters() {
OAuth1Parameters parameters = new OAuth1Parameters(null);
parameters.setCallbackUrl("http://www.someclient.com/oauth/callback");
assertEquals(AUTHORIZE_URL + "?oauth_token=request_token&oauth_callback=http%3A%2F%2Fwww.someclient.com%2Foauth%2Fcallback&custom_parameter=custom_parameter_value",
customOauth10.buildAuthorizeUrl("request_token", parameters));
}
@Test
public void fetchNewRequestToken_OAuth10a() {
MockRestServiceServer mockServer = MockRestServiceServer.createServer(oauth10a.getRestTemplate());
HttpHeaders responseHeaders = new HttpHeaders();
responseHeaders.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
mockServer
.expect(requestTo(REQUEST_TOKEN_URL))
.andExpect(method(POST))
.andExpect(headerContains("Authorization", "oauth_callback=\"http%3A%2F%2Fwww.someclient.com%2Foauth%2Fcallback\""))
.andExpect(headerContains("Authorization", "oauth_version=\"1.0\""))
.andExpect(headerContains("Authorization", "oauth_signature_method=\"HMAC-SHA1\""))
.andExpect(headerContains("Authorization", "oauth_consumer_key=\"consumer_key\""))
.andExpect(headerContains("Authorization", "oauth_nonce=\""))
.andExpect(headerContains("Authorization", "oauth_signature=\""))
.andExpect(headerContains("Authorization", "oauth_timestamp=\""))
.andRespond(withSuccess(new ClassPathResource("requestToken.formencoded", getClass()), MediaType.APPLICATION_FORM_URLENCODED));
OAuthToken requestToken = oauth10a.fetchRequestToken("http://www.someclient.com/oauth/callback", null);
assertEquals("1234567890", requestToken.getValue());
assertEquals("abcdefghijklmnop", requestToken.getSecret());
}
@Test
public void fetchNewRequestToken_OAuth10() {
MockRestServiceServer mockServer = MockRestServiceServer.createServer(oauth10.getRestTemplate());
HttpHeaders responseHeaders = new HttpHeaders();
responseHeaders.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
mockServer.expect(requestTo(REQUEST_TOKEN_URL))
.andExpect(method(POST))
.andExpect(headerContains("Authorization", "oauth_version=\"1.0\""))
.andExpect(headerContains("Authorization", "oauth_signature_method=\"HMAC-SHA1\""))
.andExpect(headerContains("Authorization", "oauth_consumer_key=\"consumer_key\""))
.andExpect(headerContains("Authorization", "oauth_nonce=\""))
.andExpect(headerContains("Authorization", "oauth_signature=\""))
.andExpect(headerContains("Authorization", "oauth_timestamp=\""))
.andRespond(withSuccess(new ClassPathResource("requestToken.formencoded", getClass()), MediaType.APPLICATION_FORM_URLENCODED));
OAuthToken requestToken = oauth10.fetchRequestToken("http://www.someclient.com/oauth/callback", null);
assertEquals("1234567890", requestToken.getValue());
assertEquals("abcdefghijklmnop", requestToken.getSecret());
}
@Test
public void exchangeForAccessToken_OAuth10a() {
MockRestServiceServer mockServer = MockRestServiceServer.createServer(oauth10a.getRestTemplate());
HttpHeaders responseHeaders = new HttpHeaders();
responseHeaders.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
mockServer
.expect(requestTo(ACCESS_TOKEN_URL))
.andExpect(method(POST))
.andExpect(headerContains("Authorization", "oauth_version=\"1.0\""))
.andExpect(headerContains("Authorization", "oauth_signature_method=\"HMAC-SHA1\""))
.andExpect(headerContains("Authorization", "oauth_consumer_key=\"consumer_key\""))
.andExpect(headerContains("Authorization", "oauth_token=\"1234567890\""))
.andExpect(headerContains("Authorization", "oauth_verifier=\"verifier\""))
.andExpect(headerContains("Authorization", "oauth_nonce=\""))
.andExpect(headerContains("Authorization", "oauth_signature=\""))
.andExpect(headerContains("Authorization", "oauth_timestamp=\""))
.andRespond(withSuccess(new ClassPathResource("accessToken.formencoded", getClass()), MediaType.APPLICATION_FORM_URLENCODED));
OAuthToken requestToken = new OAuthToken("1234567890", "abcdefghijklmnop");
OAuthToken accessToken = oauth10a.exchangeForAccessToken(new AuthorizedRequestToken(requestToken, "verifier"), null);
assertEquals("9876543210", accessToken.getValue());
assertEquals("ponmlkjihgfedcba", accessToken.getSecret());
}
@Test
public void exchangeForAccessToken_OAuth10() {
MockRestServiceServer mockServer = MockRestServiceServer.createServer(oauth10.getRestTemplate());
HttpHeaders responseHeaders = new HttpHeaders();
responseHeaders.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
mockServer
.expect(requestTo(ACCESS_TOKEN_URL))
.andExpect(method(POST))
.andExpect(headerContains("Authorization", "oauth_version=\"1.0\""))
.andExpect(headerContains("Authorization", "oauth_signature_method=\"HMAC-SHA1\""))
.andExpect(headerContains("Authorization", "oauth_consumer_key=\"consumer_key\""))
.andExpect(headerContains("Authorization", "oauth_token=\"1234567890\""))
.andExpect(headerContains("Authorization", "oauth_nonce=\""))
.andExpect(headerContains("Authorization", "oauth_signature=\""))
.andExpect(headerContains("Authorization", "oauth_timestamp=\""))
.andRespond(withSuccess(new ClassPathResource("accessToken.formencoded", getClass()), MediaType.APPLICATION_FORM_URLENCODED));
OAuthToken requestToken = new OAuthToken("1234567890", "abcdefghijklmnop");
OAuthToken accessToken = oauth10.exchangeForAccessToken(new AuthorizedRequestToken(requestToken, "verifier"), null);
assertEquals("9876543210", accessToken.getValue());
assertEquals("ponmlkjihgfedcba", accessToken.getSecret());
}
// parameter assertion tests
@Test(expected = IllegalArgumentException.class)
public void construct_nullConsumerKey() {
new OAuth1Template(null, "secret", REQUEST_TOKEN_URL, AUTHORIZE_URL, ACCESS_TOKEN_URL);
}
@Test(expected = IllegalArgumentException.class)
public void construct_nullConsumerSecret() {
new OAuth1Template("key", null, REQUEST_TOKEN_URL, AUTHORIZE_URL, ACCESS_TOKEN_URL);
}
@Test(expected = IllegalArgumentException.class)
public void construct_nullRequestTokenUrl() {
new OAuth1Template("key", "secret", null, AUTHORIZE_URL, ACCESS_TOKEN_URL);
}
@Test(expected = IllegalArgumentException.class)
public void construct_nullAuthorizeUrl() {
new OAuth1Template("key", "secret", REQUEST_TOKEN_URL, null, ACCESS_TOKEN_URL);
}
@Test(expected = IllegalArgumentException.class)
public void construct_nullAcessTokenUrl() {
new OAuth1Template("key", "secret", REQUEST_TOKEN_URL, AUTHORIZE_URL, null);
}
@Test(expected = IllegalArgumentException.class)
public void setRequestFactory_null() {
oauth10a.setRequestFactory(null);
}
// private helper
private RequestMatcher headerContains(String name, String substring) {
return header(name, containsString(substring));
}
}