/** * OAuth authenticated fetch. */ public HttpResponse fetch(HttpRequest request) { realRequest = request; clientState = new OAuthClientState( fetcherConfig.getStateCrypter(), request.getOAuthArguments().getOrigClientState()); responseParams = new OAuthResponseParams(request.getSecurityToken(), request, fetcherConfig.getStateCrypter()); try { return fetchNoThrow(); } catch (RuntimeException e) { // We log here to record the request/response pairs that created the failure. responseParams.logDetailedWarning(classname,"fetch",MessageKeys.OAUTH_FETCH_UNEXPECTED_ERROR, e); throw e; } }
@Test public void testNullSafe() { params.addRequestTrace(null, null); new OAuthRequestException("error", "errorText"); params.logDetailedWarning("org.apache.shindig.gadgets.oauth.OAuthResponseParamsTest","testNullSafe","wow"); params.logDetailedWarning("org.apache.shindig.gadgets.oauth.OAuthResponseParamsTest","testNullSafe","new runtime", new RuntimeException()); }
responseParams.logDetailedInfo("Unauthenticated OAuth fetch", e); } else if (OAuthError.BAD_OAUTH_TOKEN_URL.name().equals(e.getError())) { responseParams.logDetailedInfo("Invalid OAuth fetch request", e); } else { responseParams.logDetailedWarning("OAuth fetch fatal error", e); responseParams.setSendTraceToClient(true); response = new HttpResponseBuilder() .setHttpStatusCode(HttpResponse.SC_FORBIDDEN) .setStrictNoCache(); responseParams.addToResponse(response, e); return response.create(); responseParams.logDetailedWarning("OAuth fetch fatal error"); responseParams.setSendTraceToClient(true); } else if (responseParams.getAznUrl() != null && responseParams.sawErrorResponse()) { responseParams.logDetailedWarning("OAuth fetch error, reprompting for user approval"); responseParams.setSendTraceToClient(true); responseParams.addToResponse(response, null); return response.create();
@Test public void testSetAndGet() { params.getNewClientState().setAccessToken("access"); params.setAznUrl("aznurl"); assertFalse(params.sendTraceToClient()); params.setSendTraceToClient(true); assertTrue(params.sendTraceToClient()); assertEquals("access", params.getNewClientState().getAccessToken()); assertEquals("aznurl", params.getAznUrl()); }
@Test public void testAddParams() { params.getNewClientState().setAccessToken("access"); params.setAznUrl("aznurl"); OAuthRequestException e = new OAuthRequestException(OAuthError.BAD_OAUTH_CONFIGURATION, "whoa there cowboy"); HttpResponseBuilder responseBuilder = new HttpResponseBuilder(); params.addToResponse(responseBuilder, e); HttpResponse response = responseBuilder.create(); assertEquals("BAD_OAUTH_CONFIGURATION", response.getMetadata().get("oauthError")); String errorText = response.getMetadata().get("oauthErrorText"); checkStringContains("error text returned", errorText, "whoa there cowboy"); assertEquals("aznurl", response.getMetadata().get("oauthApprovalUrl")); assertNotNull(response.getMetadata().get("oauthState")); assertTrue(response.getMetadata().get("oauthState").length() > 10); }
@Test public void testSendTraceToClient() { OAuthRequestException e = new OAuthRequestException(OAuthError.BAD_OAUTH_CONFIGURATION, "whoa there cowboy"); params.addRequestTrace(null, null); params.addRequestTrace(null, null); HttpResponseBuilder responseBuilder = new HttpResponseBuilder(); params.addToResponse(responseBuilder, e); HttpResponse response = responseBuilder.create(); String errorText = response.getMetadata().get("oauthErrorText"); assertEquals("whoa there cowboy", errorText); params.setSendTraceToClient(true); params.addToResponse(responseBuilder, e); response = responseBuilder.create(); errorText = response.getMetadata().get("oauthErrorText"); checkStringContains("includes error text", errorText, "whoa there cowboy"); checkStringContains("Request 1 logged", errorText, "Sent request 1:\n\n"); checkStringContains("Request 2 logged", errorText, "Sent request 2:\n\n"); }
@Test public void testSawErrorResponse() { HttpRequest req = new HttpRequest(Uri.parse("http://www")); HttpResponse ok = new HttpResponseBuilder().setHttpStatusCode(200).create(); HttpResponse redir = new HttpResponseBuilder().setHttpStatusCode(302).create(); HttpResponse notFound = new HttpResponseBuilder().setHttpStatusCode(404).create(); HttpResponse doh = new HttpResponseBuilder().setHttpStatusCode(502).create(); OAuthResponseParams params = new OAuthResponseParams(token, origRequest, crypter); assertFalse(params.sawErrorResponse()); params.addRequestTrace(req, ok); assertFalse(params.sawErrorResponse()); params.addRequestTrace(req, redir); assertFalse(params.sawErrorResponse()); params.addRequestTrace(req, null); assertTrue(params.sawErrorResponse()); params = new OAuthResponseParams(token, origRequest, crypter); params.addRequestTrace(req, notFound); assertTrue(params.sawErrorResponse()); params = new OAuthResponseParams(token, origRequest, crypter); params.addRequestTrace(req, doh); assertTrue(params.sawErrorResponse()); params.addRequestTrace(req, ok); assertTrue(params.sawErrorResponse()); }
private String getRequestTrace() { StringBuilder trace = new StringBuilder(); trace.append("\n==== Original request:\n"); trace.append(originalRequest); trace.append("\n===="); int i = 1; for (Pair<HttpRequest, HttpResponse> event : requestTrace) { trace.append("\n==== Sent request ").append(i).append(":\n"); if (event.one != null) { trace.append(filterSecrets(event.one.toString())); } trace.append("\n==== Received response ").append(i).append(":\n"); if (event.two != null) { trace.append(filterSecrets(event.two.toString())); } trace.append("\n===="); ++i; } return trace.toString(); }
@Before public void setUp() { crypter = new BasicBlobCrypter("abcdefafadfaxxxx".getBytes()); token = EasyMock.createMock(SecurityToken.class); origRequest = new HttpRequest(Uri.parse("http://originalrequest/")); EasyMock.expect(token.getAppUrl()).andStubReturn(APP); EasyMock.replay(token); params = new OAuthResponseParams(token, origRequest, crypter); }
/** * Builds the data we'll cache on the client while we make requests. */ private void buildClientAccessState() { OAuthAccessor accessor = accessorInfo.getAccessor(); responseParams.getNewClientState().setAccessToken(accessor.accessToken); responseParams.getNewClientState().setAccessTokenSecret(accessor.tokenSecret); responseParams.getNewClientState().setOwner(realRequest.getSecurityToken().getOwnerId()); responseParams.getNewClientState().setSessionHandle(accessorInfo.getSessionHandle()); responseParams.getNewClientState().setTokenExpireMillis(accessorInfo.getTokenExpireMillis()); }
private HttpResponse fetchFromServer(HttpRequest request) throws OAuthRequestException { HttpResponse response = null; try { response = fetcher.fetch(request); if (response == null) { throw new OAuthRequestException(OAuthError.MISSING_SERVER_RESPONSE); } return response; } catch (GadgetException e) { throw new OAuthRequestException(OAuthError.MISSING_SERVER_RESPONSE, "", e); } finally { responseParams.addRequestTrace(request, response); } }
@Test public void testAddEmptyParams() { HttpResponseBuilder responseBuilder = new HttpResponseBuilder(); params.addToResponse(responseBuilder, null); HttpResponse response = responseBuilder.create(); assertTrue(response.getMetadata().isEmpty()); }
/** * Builds the URL the client needs to visit to approve access. */ private void buildAznUrl() throws OAuthRequestException { // We add the token, gadget is responsible for the callback URL. OAuthAccessor accessor = accessorInfo.getAccessor(); if (accessor.consumer.serviceProvider.userAuthorizationURL == null) { throw new OAuthRequestException(OAuthError.BAD_OAUTH_TOKEN_URL, "authorization"); } StringBuilder azn = new StringBuilder( accessor.consumer.serviceProvider.userAuthorizationURL); if (azn.indexOf("?") == -1) { azn.append('?'); } else { azn.append('&'); } azn.append(OAuth.OAUTH_TOKEN); azn.append('='); azn.append(OAuth.percentEncode(accessor.requestToken)); responseParams.setAznUrl(azn.toString()); }
responseParams.logDetailedWarning("server returned bogus expiration");
@Test public void testSetAndGet() { params.getNewClientState().setAccessToken("access"); params.setAznUrl("aznurl"); assertFalse(params.sendTraceToClient()); params.setSendTraceToClient(true); assertTrue(params.sendTraceToClient()); assertEquals("access", params.getNewClientState().getAccessToken()); assertEquals("aznurl", params.getAznUrl()); }
@Test public void testAddParams() { params.getNewClientState().setAccessToken("access"); params.setAznUrl("aznurl"); OAuthRequestException e = new OAuthRequestException(OAuthError.BAD_OAUTH_CONFIGURATION, "whoa there cowboy"); HttpResponseBuilder responseBuilder = new HttpResponseBuilder(); params.addToResponse(responseBuilder, e); HttpResponse response = responseBuilder.create(); assertEquals("BAD_OAUTH_CONFIGURATION", response.getMetadata().get("oauthError")); String errorText = response.getMetadata().get("oauthErrorText"); checkStringContains("error text returned", errorText, "whoa there cowboy"); assertEquals("aznurl", response.getMetadata().get("oauthApprovalUrl")); assertNotNull(response.getMetadata().get("oauthState")); assertTrue(response.getMetadata().get("oauthState").length() > 10); }
@Test public void testSendTraceToClient() { OAuthRequestException e = new OAuthRequestException(OAuthError.BAD_OAUTH_CONFIGURATION, "whoa there cowboy"); params.addRequestTrace(null, null); params.addRequestTrace(null, null); HttpResponseBuilder responseBuilder = new HttpResponseBuilder(); params.addToResponse(responseBuilder, e); HttpResponse response = responseBuilder.create(); String errorText = response.getMetadata().get("oauthErrorText"); assertEquals("whoa there cowboy", errorText); params.setSendTraceToClient(true); params.addToResponse(responseBuilder, e); response = responseBuilder.create(); errorText = response.getMetadata().get("oauthErrorText"); checkStringContains("includes error text", errorText, "whoa there cowboy"); checkStringContains("Request 1 logged", errorText, "Sent request 1:\n\n"); checkStringContains("Request 2 logged", errorText, "Sent request 2:\n\n"); }
@Test public void testSawErrorResponse() { HttpRequest req = new HttpRequest(Uri.parse("http://www")); HttpResponse ok = new HttpResponseBuilder().setHttpStatusCode(200).create(); HttpResponse redir = new HttpResponseBuilder().setHttpStatusCode(302).create(); HttpResponse notFound = new HttpResponseBuilder().setHttpStatusCode(404).create(); HttpResponse doh = new HttpResponseBuilder().setHttpStatusCode(502).create(); OAuthResponseParams params = new OAuthResponseParams(token, origRequest, crypter); assertFalse(params.sawErrorResponse()); params.addRequestTrace(req, ok); assertFalse(params.sawErrorResponse()); params.addRequestTrace(req, redir); assertFalse(params.sawErrorResponse()); params.addRequestTrace(req, null); assertTrue(params.sawErrorResponse()); params = new OAuthResponseParams(token, origRequest, crypter); params.addRequestTrace(req, notFound); assertTrue(params.sawErrorResponse()); params = new OAuthResponseParams(token, origRequest, crypter); params.addRequestTrace(req, doh); assertTrue(params.sawErrorResponse()); params.addRequestTrace(req, ok); assertTrue(params.sawErrorResponse()); }
private String getRequestTrace() { StringBuilder trace = new StringBuilder(); trace.append("\n==== Original request:\n"); trace.append(originalRequest); trace.append("\n===="); int i = 1; for (Pair<HttpRequest, HttpResponse> event : requestTrace) { trace.append("\n==== Sent request ").append(i).append(":\n"); if (event.one != null) { trace.append(filterSecrets(event.one.toString())); } trace.append("\n==== Received response ").append(i).append(":\n"); if (event.two != null) { trace.append(filterSecrets(event.two.toString())); } trace.append("\n===="); ++i; } return trace.toString(); }
@Before public void setUp() { crypter = new BasicBlobCrypter("abcdefafadfaxxxx".getBytes()); token = EasyMock.createMock(SecurityToken.class); origRequest = new HttpRequest(Uri.parse("http://originalrequest/")); EasyMock.expect(token.getAppUrl()).andStubReturn(APP); EasyMock.replay(token); params = new OAuthResponseParams(token, origRequest, crypter); }