Adds some tests for the OAuth and some docs

docs/source/api/oauth.rst

@@ -0,0 +1,36 @@
+.. MediaGoblin Documentation
+
+   Written in 2011, 2012 by MediaGoblin contributors
+
+   To the extent possible under law, the author(s) have dedicated all
+   copyright and related and neighboring rights to this software to
+   the public domain worldwide. This software is distributed without
+   any warranty.
+
+   You should have received a copy of the CC0 Public Domain
+   Dedication along with this software. If not, see
+   <http://creativecommons.org/publicdomain/zero/1.0/>.
+
+==============
+Authentication
+==============
+
+GNU MediaGoblin uses OAuth1 to authenticate requests to the API. There are many
+libraries out there for OAuth1, you're likely not going to have to do much. There
+is a library for the GNU MediaGoblin called `PyPump <https://github.com/xray7224/PyPump>`_.
+We are not using OAuth2 as we want to stay completely compatable with GNU MediaGoblin.
+
+
+We use :doc:`client_register` to get the client ID and secret.
+
+Endpoints
+---------
+
+These are the endpoints you need to use for the oauth requests:
+
+`/oauth/request_token` is for getting the request token.
+
+`/oauth/authorize` is to send the user to to authorize your application.
+
+`/oauth/access_token` is for getting the access token to use in requests.
+

mediagoblin/federation/views.py

@@ -108,13 +108,14 @@ def client_register(request):
         client_secret = random_string(43) # again, seems to be what pump uses
         expirey = 0 # for now, lets not have it expire
         expirey_db = None if expirey == 0 else expirey
-  
+        application_type = data["application_type"] 
+ 
         # save it
         client = Client(
                 id=client_id, 
                 secret=client_secret, 
                 expirey=expirey_db,
-                application_type=data["application_type"],
+                application_type=application_type,
                 )
 
     else:
@@ -133,7 +134,7 @@ def client_register(request):
     
     client.application_name = data.get("application_name", None)
 
-    contacts = data.get("contact", None)
+    contacts = data.get("contacts", None)
     if contacts is not None:
         if type(contacts) is not unicode:
             error = "Contacts must be a string of space-seporated email addresses."
@@ -149,21 +150,21 @@ def client_register(request):
         
         client.contacts = contacts
 
-    request_uri = data.get("request_uris", None)
-    if request_uri is not None:
-        if type(request_uri) is not unicode:
+    redirect_uris = data.get("redirect_uris", None)
+    if redirect_uris is not None:
+        if type(redirect_uris) is not unicode:
             error = "redirect_uris must be space-seporated URLs."
             return json_respinse({"error": error}, status=400)
 
-        request_uri = request_uri.split()
+        redirect_uris = redirect_uris.split()
 
-        for uri in request_uri:
+        for uri in redirect_uris:
             if not validate_url(uri):
                 # not a valid uri
                 error = "URI {0} is not a valid URI".format(uri)
                 return json_response({"error": error}, status=400)
 
-        client.request_uri = request_uri
+        client.redirect_uri = redirect_uris
 
  
     client.save()

mediagoblin/tests/test_oauth1.py

@@ -0,0 +1,122 @@
+# GNU MediaGoblin -- federated, autonomous media hosting
+# Copyright (C) 2011, 2012 MediaGoblin contributors.  See AUTHORS.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+import json
+
+import pytest
+from urlparse import parse_qs, urlparse
+
+from mediagoblin import mg_globals
+from mediagoblin.tools import template, pluginapi
+from mediagoblin.tests.tools import fixture_add_user
+
+
+class TestOAuth(object):
+    @pytest.fixture(autouse=True)
+    def setup(self, test_app):
+        self.test_app = test_app
+
+        self.db = mg_globals.database
+
+        self.pman = pluginapi.PluginManager()
+
+        self.user_password = "AUserPassword123"
+        self.user = fixture_add_user("OAuthy", self.user_password)
+
+        self.login()
+
+    def login(self):
+        self.test_app.post(
+            "/auth/login/", {
+                "username": self.user.username,
+                "password": self.user_password})
+
+    def register_client(self, **kwargs):
+        """ Regiters a client with the API """
+        
+        kwargs["type"] = "client_associate"        
+        kwargs["application_type"] = kwargs.get("application_type", "native")
+        return self.test_app.post("/api/client/register", kwargs)
+
+    def test_client_client_register_limited_info(self):
+        """ Tests that a client can be registered with limited information """
+        response = self.register_client()
+        client_info = json.loads(response.body)
+
+        client = self.db.Client.query.filter_by(id=client_info["client_id"]).first()
+        
+        assert response.status_int == 200
+        assert client is not None
+
+    def test_client_register_full_info(self):
+        """ Provides every piece of information possible to register client """
+        query = {
+                "application_name": "Testificate MD",
+                "application_type": "web",
+                "contacts": "someone@someplace.com tuteo@tsengeo.lu",
+                "logo_url": "http://ayrel.com/utral.png",
+                "redirect_uris": "http://navi-kosman.lu http://gmg-yawne-oeru.lu",
+                }
+
+        response = self.register_client(**query)
+        client_info = json.loads(response.body)
+
+        client = self.db.Client.query.filter_by(id=client_info["client_id"]).first()
+        
+        assert client is not None
+        assert client.secret == client_info["client_secret"]
+        assert client.application_type == query["application_type"]
+        assert client.redirect_uri == query["redirect_uris"].split()
+        assert client.logo_url == query["logo_url"]
+        assert client.contacts == query["contacts"].split()
+
+
+    def test_client_update(self):
+        """ Tests that you can update a client """
+        # first we need to register a client
+        response = self.register_client()
+
+        client_info = json.loads(response.body)
+        client = self.db.Client.query.filter_by(id=client_info["client_id"]).first()
+
+        # Now update
+        update_query = {
+                "type": "client_update",
+                "application_name": "neytiri",
+                "contacts": "someone@someplace.com abc@cba.com",
+                "logo_url": "http://place.com/picture.png",
+                "application_type": "web",
+                "redirect_uris": "http://blah.gmg/whatever https://inboxen.org/",
+                }
+
+        update_response = self.register_client(**update_query)
+
+        assert update_response.status_int == 200
+        client_info = json.loads(update_response.body)
+        client = self.Client.query.filter_by(id=client_info["client_id"]).first()
+
+        assert client.secret == client_info["client_secret"]
+        assert client.application_type == update_query["application_type"]
+        assert client.application_name == update_query["application_name"]
+        assert client.contacts == update_query["contacts"].split()
+        assert client.logo_url == update_query["logo_url"]
+        assert client.redirect_uri == update_query["redirect_uris"].split()
+
+    def request_token(self):
+        """ Test a request for a request token """
+        response = self.register_client()
+
+