@Test public void testOAuthFetcherConfig() { BlobCrypter crypter = mock(BlobCrypter.class); mock(HttpCache.class); GadgetOAuthTokenStore tokenStore = mock(GadgetOAuthTokenStore.class); OAuthCallbackGenerator callbackGenerator = mock(OAuthCallbackGenerator.class); OAuthFetcherConfig config = new OAuthFetcherConfig(crypter, tokenStore, new TimeSource(), callbackGenerator, false); assertEquals(crypter, config.getStateCrypter()); assertEquals(tokenStore, config.getTokenStore()); assertEquals(callbackGenerator, config.getOAuthCallbackGenerator()); assertFalse(config.isViewerAccessTokensEnabled()); } }
private boolean accessTokenExpired() { return (accessorInfo.getTokenExpireMillis() != ACCESS_TOKEN_EXPIRE_UNKNOWN && accessorInfo.getTokenExpireMillis() < fetcherConfig.getClock().currentTimeMillis()); }
@Before public void setUp() throws Exception { base = new BasicOAuthStore(); base.setDefaultCallbackUrl(GadgetTokenStoreTest.DEFAULT_CALLBACK); serviceProvider = new FakeOAuthServiceProvider(clock); callbackGenerator = createNullCallbackGenerator(); fetcherConfig = new OAuthFetcherConfig( new BasicBlobCrypter("abcdefghijklmnop".getBytes()), getOAuthStore(base), clock, callbackGenerator, false); logger = Logger.getLogger(OAuthResponseParams.class.getName()); logger.addHandler(new Handler() { @Override public void close() throws SecurityException { } @Override public void flush() { } @Override public void publish(LogRecord arg0) { logRecords.add(arg0); } }); logger.setLevel(Level.FINE); }
/** * Save off our new token and secret to the persistent store. */ private void saveAccessToken() throws OAuthRequestException { OAuthAccessor accessor = accessorInfo.getAccessor(); TokenInfo tokenInfo = new TokenInfo(accessor.accessToken, accessor.tokenSecret, accessorInfo.getSessionHandle(), accessorInfo.getTokenExpireMillis()); fetcherConfig.getTokenStore().storeTokenKeyAndSecret(realRequest.getSecurityToken(), accessorInfo.getConsumer(), realRequest.getOAuthArguments(), tokenInfo, responseParams); }
/** * Make sure the user is authorized to approve access tokens. At the moment * we restrict this to page owner's viewing their own pages. */ private void checkCanApprove() throws OAuthRequestException { String pageOwner = realRequest.getSecurityToken().getOwnerId(); String pageViewer = realRequest.getSecurityToken().getViewerId(); String stateOwner = clientState.getOwner(); if (pageOwner == null || pageViewer == null) { throw new OAuthRequestException(OAuthError.UNAUTHENTICATED); } if (!fetcherConfig.isViewerAccessTokensEnabled() && !pageOwner.equals(pageViewer)) { throw new OAuthRequestException(OAuthError.NOT_OWNER); } if (stateOwner != null && !stateOwner.equals(pageViewer)) { throw new OAuthRequestException(OAuthError.UNKNOWN_PROBLEM, "Client state belongs to a different person " + "(state owner=" + stateOwner + ", pageViewer=" + pageViewer + ')'); } }
private void addCallback(List<Parameter> requestTokenParams) throws OAuthRequestException { // This will be either the consumer key callback URL or the global callback URL. String baseCallback = StringUtils.trimToNull(accessorInfo.getConsumer().getCallbackUrl()); if (baseCallback != null) { String callbackUrl = fetcherConfig.getOAuthCallbackGenerator().generateCallback( fetcherConfig, baseCallback, realRequest, responseParams); if (callbackUrl != null) { requestTokenParams.add(new Parameter(OAuth.OAUTH_CALLBACK, callbackUrl)); } } }
/** * OAuth authenticated fetch. */ public HttpResponse fetch(HttpRequest request) { realRequest = request; clientState = new OAuthClientState( fetcherConfig.getStateCrypter(), request.getOAuthArguments().getOrigClientState()); responseParams = new OAuthResponseParams(request.getSecurityToken(), request, fetcherConfig.getStateCrypter()); try { return fetchNoThrow(); } catch (RuntimeException e) { // We log here to record the request/response pairs that created the failure. responseParams.logDetailedWarning(classname,"fetch",MessageKeys.OAUTH_FETCH_UNEXPECTED_ERROR, e); throw e; } }
@Before public void setUp() throws Exception { base = new BasicOAuthStore(); base.setDefaultCallbackUrl(GadgetTokenStoreTest.DEFAULT_CALLBACK); serviceProvider = new FakeOAuthServiceProvider(clock); callbackGenerator = createNullCallbackGenerator(); fetcherConfig = new OAuthFetcherConfig( new BasicBlobCrypter("abcdefghijklmnop".getBytes()), getOAuthStore(base), clock, callbackGenerator, false); logger = Logger.getLogger(OAuthResponseParams.class.getName()); logger.addHandler(new Handler() { @Override public void close() throws SecurityException { } @Override public void flush() { } @Override public void publish(LogRecord arg0) { logRecords.add(arg0); } }); logger.setLevel(Level.FINE); }
/** * Save off our new token and secret to the persistent store. */ private void saveAccessToken() throws OAuthRequestException { OAuthAccessor accessor = accessorInfo.getAccessor(); TokenInfo tokenInfo = new TokenInfo(accessor.accessToken, accessor.tokenSecret, accessorInfo.getSessionHandle(), accessorInfo.getTokenExpireMillis()); fetcherConfig.getTokenStore().storeTokenKeyAndSecret(realRequest.getSecurityToken(), accessorInfo.getConsumer(), realRequest.getOAuthArguments(), tokenInfo, responseParams); }
/** * Make sure the user is authorized to approve access tokens. At the moment * we restrict this to page owner's viewing their own pages. */ private void checkCanApprove() throws OAuthRequestException { String pageOwner = realRequest.getSecurityToken().getOwnerId(); String pageViewer = realRequest.getSecurityToken().getViewerId(); String stateOwner = clientState.getOwner(); if (pageOwner == null || pageViewer == null) { throw new OAuthRequestException(OAuthError.UNAUTHENTICATED); } if (!fetcherConfig.isViewerAccessTokensEnabled() && !pageOwner.equals(pageViewer)) { throw new OAuthRequestException(OAuthError.NOT_OWNER); } if (stateOwner != null && !stateOwner.equals(pageViewer)) { throw new OAuthRequestException(OAuthError.UNKNOWN_PROBLEM, "Client state belongs to a different person " + "(state owner=" + stateOwner + ", pageViewer=" + pageViewer + ')'); } }
private void addCallback(List<Parameter> requestTokenParams) throws OAuthRequestException { // This will be either the consumer key callback URL or the global callback URL. String baseCallback = StringUtils.trimToNull(accessorInfo.getConsumer().getCallbackUrl()); if (baseCallback != null) { String callbackUrl = fetcherConfig.getOAuthCallbackGenerator().generateCallback( fetcherConfig, baseCallback, realRequest, responseParams); if (callbackUrl != null) { requestTokenParams.add(new Parameter(OAuth.OAUTH_CALLBACK, callbackUrl)); } } }
/** * OAuth authenticated fetch. */ public HttpResponse fetch(HttpRequest request) { realRequest = request; clientState = new OAuthClientState( fetcherConfig.getStateCrypter(), request.getOAuthArguments().getOrigClientState()); responseParams = new OAuthResponseParams(request.getSecurityToken(), request, fetcherConfig.getStateCrypter()); try { return fetchNoThrow(); } catch (RuntimeException e) { // We log here to record the request/response pairs that created the failure. responseParams.logDetailedWarning("OAuth fetch unexpected fatal error", e); throw e; } }
@Test public void testOAuthFetcherConfig() { BlobCrypter crypter = mock(BlobCrypter.class); mock(HttpCache.class); GadgetOAuthTokenStore tokenStore = mock(GadgetOAuthTokenStore.class); OAuthCallbackGenerator callbackGenerator = mock(OAuthCallbackGenerator.class); OAuthFetcherConfig config = new OAuthFetcherConfig(crypter, tokenStore, new TimeSource(), callbackGenerator, false); assertEquals(crypter, config.getStateCrypter()); assertEquals(tokenStore, config.getTokenStore()); assertEquals(callbackGenerator, config.getOAuthCallbackGenerator()); assertFalse(config.isViewerAccessTokensEnabled()); } }
@Before public void setUp() throws Exception { base = new BasicOAuthStore(); base.setDefaultCallbackUrl(GadgetTokenStoreTest.DEFAULT_CALLBACK); serviceProvider = new FakeOAuthServiceProvider(clock); callbackGenerator = createNullCallbackGenerator(); fetcherConfig = new OAuthFetcherConfig( new BasicBlobCrypter("abcdefghijklmnop".getBytes()), getOAuthStore(base), clock, callbackGenerator, false); logger = Logger.getLogger(OAuthResponseParams.class.getName()); logger.addHandler(new Handler() { @Override public void close() throws SecurityException { } @Override public void flush() { } @Override public void publish(LogRecord arg0) { logRecords.add(arg0); } }); }
/** * Save off our new token and secret to the persistent store. */ private void saveAccessToken() throws OAuthRequestException { OAuthAccessor accessor = accessorInfo.getAccessor(); TokenInfo tokenInfo = new TokenInfo(accessor.accessToken, accessor.tokenSecret, accessorInfo.getSessionHandle(), accessorInfo.getTokenExpireMillis()); fetcherConfig.getTokenStore().storeTokenKeyAndSecret(realRequest.getSecurityToken(), accessorInfo.getConsumer(), realRequest.getOAuthArguments(), tokenInfo, responseParams); }
/** * Make sure the user is authorized to approve access tokens. At the moment * we restrict this to page owner's viewing their own pages. */ private void checkCanApprove() throws OAuthRequestException { String pageOwner = realRequest.getSecurityToken().getOwnerId(); String pageViewer = realRequest.getSecurityToken().getViewerId(); String stateOwner = clientState.getOwner(); if (pageOwner == null || pageViewer == null) { throw new OAuthRequestException(OAuthError.UNAUTHENTICATED); } if (!fetcherConfig.isViewerAccessTokensEnabled() && !pageOwner.equals(pageViewer)) { throw new OAuthRequestException(OAuthError.NOT_OWNER); } if (stateOwner != null && !stateOwner.equals(pageViewer)) { throw new OAuthRequestException(OAuthError.UNKNOWN_PROBLEM, "Client state belongs to a different person " + "(state owner=" + stateOwner + ", pageViewer=" + pageViewer + ')'); } }
private void addCallback(List<Parameter> requestTokenParams) throws OAuthRequestException { // This will be either the consumer key callback URL or the global callback URL. String baseCallback = StringUtils.trimToNull(accessorInfo.getConsumer().getCallbackUrl()); if (baseCallback != null) { String callbackUrl = fetcherConfig.getOAuthCallbackGenerator().generateCallback( fetcherConfig, baseCallback, realRequest, responseParams); if (callbackUrl != null) { requestTokenParams.add(new Parameter(OAuth.OAUTH_CALLBACK, callbackUrl)); } } }
/** * OAuth authenticated fetch. */ public HttpResponse fetch(HttpRequest request) { realRequest = request; clientState = new OAuthClientState( fetcherConfig.getStateCrypter(), request.getOAuthArguments().getOrigClientState()); responseParams = new OAuthResponseParams(request.getSecurityToken(), request, fetcherConfig.getStateCrypter()); try { return fetchNoThrow(); } catch (RuntimeException e) { // We log here to record the request/response pairs that created the failure. responseParams.logDetailedWarning("OAuth fetch unexpected fatal error", e); throw e; } }
private boolean accessTokenExpired() { return (accessorInfo.getTokenExpireMillis() != ACCESS_TOKEN_EXPIRE_UNKNOWN && accessorInfo.getTokenExpireMillis() < fetcherConfig.getClock().currentTimeMillis()); }
@Test public void testOAuthFetcherConfig() { BlobCrypter crypter = mock(BlobCrypter.class); mock(HttpCache.class); GadgetOAuthTokenStore tokenStore = mock(GadgetOAuthTokenStore.class); OAuthCallbackGenerator callbackGenerator = mock(OAuthCallbackGenerator.class); OAuthFetcherConfig config = new OAuthFetcherConfig(crypter, tokenStore, new TimeSource(), callbackGenerator, false); assertEquals(crypter, config.getStateCrypter()); assertEquals(tokenStore, config.getTokenStore()); assertEquals(callbackGenerator, config.getOAuthCallbackGenerator()); assertFalse(config.isViewerAccessTokensEnabled()); } }