Adds some tests for the OAuth and some docs

This commit is contained in:
xray7224 2013-07-16 19:19:49 +01:00
parent 1c694fbec5
commit 86ba416883
3 changed files with 168 additions and 9 deletions

36
docs/source/api/oauth.rst Normal file
View File

@ -0,0 +1,36 @@
.. MediaGoblin Documentation
Written in 2011, 2012 by MediaGoblin contributors
To the extent possible under law, the author(s) have dedicated all
copyright and related and neighboring rights to this software to
the public domain worldwide. This software is distributed without
any warranty.
You should have received a copy of the CC0 Public Domain
Dedication along with this software. If not, see
<http://creativecommons.org/publicdomain/zero/1.0/>.
==============
Authentication
==============
GNU MediaGoblin uses OAuth1 to authenticate requests to the API. There are many
libraries out there for OAuth1, you're likely not going to have to do much. There
is a library for the GNU MediaGoblin called `PyPump <https://github.com/xray7224/PyPump>`_.
We are not using OAuth2 as we want to stay completely compatable with GNU MediaGoblin.
We use :doc:`client_register` to get the client ID and secret.
Endpoints
---------
These are the endpoints you need to use for the oauth requests:
`/oauth/request_token` is for getting the request token.
`/oauth/authorize` is to send the user to to authorize your application.
`/oauth/access_token` is for getting the access token to use in requests.

View File

@ -108,13 +108,14 @@ def client_register(request):
client_secret = random_string(43) # again, seems to be what pump uses client_secret = random_string(43) # again, seems to be what pump uses
expirey = 0 # for now, lets not have it expire expirey = 0 # for now, lets not have it expire
expirey_db = None if expirey == 0 else expirey expirey_db = None if expirey == 0 else expirey
application_type = data["application_type"]
# save it # save it
client = Client( client = Client(
id=client_id, id=client_id,
secret=client_secret, secret=client_secret,
expirey=expirey_db, expirey=expirey_db,
application_type=data["application_type"], application_type=application_type,
) )
else: else:
@ -133,7 +134,7 @@ def client_register(request):
client.application_name = data.get("application_name", None) client.application_name = data.get("application_name", None)
contacts = data.get("contact", None) contacts = data.get("contacts", None)
if contacts is not None: if contacts is not None:
if type(contacts) is not unicode: if type(contacts) is not unicode:
error = "Contacts must be a string of space-seporated email addresses." error = "Contacts must be a string of space-seporated email addresses."
@ -149,21 +150,21 @@ def client_register(request):
client.contacts = contacts client.contacts = contacts
request_uri = data.get("request_uris", None) redirect_uris = data.get("redirect_uris", None)
if request_uri is not None: if redirect_uris is not None:
if type(request_uri) is not unicode: if type(redirect_uris) is not unicode:
error = "redirect_uris must be space-seporated URLs." error = "redirect_uris must be space-seporated URLs."
return json_respinse({"error": error}, status=400) return json_respinse({"error": error}, status=400)
request_uri = request_uri.split() redirect_uris = redirect_uris.split()
for uri in request_uri: for uri in redirect_uris:
if not validate_url(uri): if not validate_url(uri):
# not a valid uri # not a valid uri
error = "URI {0} is not a valid URI".format(uri) error = "URI {0} is not a valid URI".format(uri)
return json_response({"error": error}, status=400) return json_response({"error": error}, status=400)
client.request_uri = request_uri client.redirect_uri = redirect_uris
client.save() client.save()

View File

@ -0,0 +1,122 @@
# GNU MediaGoblin -- federated, autonomous media hosting
# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import json
import pytest
from urlparse import parse_qs, urlparse
from mediagoblin import mg_globals
from mediagoblin.tools import template, pluginapi
from mediagoblin.tests.tools import fixture_add_user
class TestOAuth(object):
@pytest.fixture(autouse=True)
def setup(self, test_app):
self.test_app = test_app
self.db = mg_globals.database
self.pman = pluginapi.PluginManager()
self.user_password = "AUserPassword123"
self.user = fixture_add_user("OAuthy", self.user_password)
self.login()
def login(self):
self.test_app.post(
"/auth/login/", {
"username": self.user.username,
"password": self.user_password})
def register_client(self, **kwargs):
""" Regiters a client with the API """
kwargs["type"] = "client_associate"
kwargs["application_type"] = kwargs.get("application_type", "native")
return self.test_app.post("/api/client/register", kwargs)
def test_client_client_register_limited_info(self):
""" Tests that a client can be registered with limited information """
response = self.register_client()
client_info = json.loads(response.body)
client = self.db.Client.query.filter_by(id=client_info["client_id"]).first()
assert response.status_int == 200
assert client is not None
def test_client_register_full_info(self):
""" Provides every piece of information possible to register client """
query = {
"application_name": "Testificate MD",
"application_type": "web",
"contacts": "someone@someplace.com tuteo@tsengeo.lu",
"logo_url": "http://ayrel.com/utral.png",
"redirect_uris": "http://navi-kosman.lu http://gmg-yawne-oeru.lu",
}
response = self.register_client(**query)
client_info = json.loads(response.body)
client = self.db.Client.query.filter_by(id=client_info["client_id"]).first()
assert client is not None
assert client.secret == client_info["client_secret"]
assert client.application_type == query["application_type"]
assert client.redirect_uri == query["redirect_uris"].split()
assert client.logo_url == query["logo_url"]
assert client.contacts == query["contacts"].split()
def test_client_update(self):
""" Tests that you can update a client """
# first we need to register a client
response = self.register_client()
client_info = json.loads(response.body)
client = self.db.Client.query.filter_by(id=client_info["client_id"]).first()
# Now update
update_query = {
"type": "client_update",
"application_name": "neytiri",
"contacts": "someone@someplace.com abc@cba.com",
"logo_url": "http://place.com/picture.png",
"application_type": "web",
"redirect_uris": "http://blah.gmg/whatever https://inboxen.org/",
}
update_response = self.register_client(**update_query)
assert update_response.status_int == 200
client_info = json.loads(update_response.body)
client = self.Client.query.filter_by(id=client_info["client_id"]).first()
assert client.secret == client_info["client_secret"]
assert client.application_type == update_query["application_type"]
assert client.application_name == update_query["application_name"]
assert client.contacts == update_query["contacts"].split()
assert client.logo_url == update_query["logo_url"]
assert client.redirect_uri == update_query["redirect_uris"].split()
def request_token(self):
""" Test a request for a request token """
response = self.register_client()