/** * Make sure the user is authorized to approve access tokens. At the moment * we restrict this to page owner's viewing their own pages. */ private void checkCanApprove() throws OAuthRequestException { String pageOwner = realRequest.getSecurityToken().getOwnerId(); String pageViewer = realRequest.getSecurityToken().getViewerId(); String stateOwner = clientState.getOwner(); if (pageOwner == null || pageViewer == null) { throw new OAuthRequestException(OAuthError.UNAUTHENTICATED); } if (!fetcherConfig.isViewerAccessTokensEnabled() && !pageOwner.equals(pageViewer)) { throw new OAuthRequestException(OAuthError.NOT_OWNER); } if (stateOwner != null && !stateOwner.equals(pageViewer)) { throw new OAuthRequestException(OAuthError.UNKNOWN_PROBLEM, "Client state belongs to a different person " + "(state owner=" + stateOwner + ", pageViewer=" + pageViewer + ')'); } }
/** * Make sure the user is authorized to approve access tokens. At the moment * we restrict this to page owner's viewing their own pages. */ private void checkCanApprove() throws OAuthRequestException { String pageOwner = realRequest.getSecurityToken().getOwnerId(); String pageViewer = realRequest.getSecurityToken().getViewerId(); String stateOwner = clientState.getOwner(); if (pageOwner == null || pageViewer == null) { throw new OAuthRequestException(OAuthError.UNAUTHENTICATED); } if (!fetcherConfig.isViewerAccessTokensEnabled() && !pageOwner.equals(pageViewer)) { throw new OAuthRequestException(OAuthError.NOT_OWNER); } if (stateOwner != null && !stateOwner.equals(pageViewer)) { throw new OAuthRequestException(OAuthError.UNKNOWN_PROBLEM, "Client state belongs to a different person " + "(state owner=" + stateOwner + ", pageViewer=" + pageViewer + ')'); } }
/** * Make sure the user is authorized to approve access tokens. At the moment * we restrict this to page owner's viewing their own pages. */ private void checkCanApprove() throws OAuthRequestException { String pageOwner = realRequest.getSecurityToken().getOwnerId(); String pageViewer = realRequest.getSecurityToken().getViewerId(); String stateOwner = clientState.getOwner(); if (pageOwner == null || pageViewer == null) { throw new OAuthRequestException(OAuthError.UNAUTHENTICATED); } if (!fetcherConfig.isViewerAccessTokensEnabled() && !pageOwner.equals(pageViewer)) { throw new OAuthRequestException(OAuthError.NOT_OWNER); } if (stateOwner != null && !stateOwner.equals(pageViewer)) { throw new OAuthRequestException(OAuthError.UNKNOWN_PROBLEM, "Client state belongs to a different person " + "(state owner=" + stateOwner + ", pageViewer=" + pageViewer + ')'); } }
if ((fetcherConfig != null && fetcherConfig.isViewerAccessTokensEnabled()) || securityToken.getViewerId().equals(securityToken.getOwnerId())) { lookupToken(securityToken, consumer, arguments, clientState, accessorBuilder, responseParams);
if ((fetcherConfig != null && fetcherConfig.isViewerAccessTokensEnabled()) || securityToken.getViewerId().equals(securityToken.getOwnerId())) { lookupToken(securityToken, consumer, arguments, clientState, accessorBuilder, responseParams);
if ((fetcherConfig != null && fetcherConfig.isViewerAccessTokensEnabled()) || securityToken.getViewerId().equals(securityToken.getOwnerId())) { lookupToken(securityToken, consumer, arguments, clientState, accessorBuilder, responseParams);
@Test public void testOAuthFetcherConfig() { BlobCrypter crypter = mock(BlobCrypter.class); mock(HttpCache.class); GadgetOAuthTokenStore tokenStore = mock(GadgetOAuthTokenStore.class); OAuthCallbackGenerator callbackGenerator = mock(OAuthCallbackGenerator.class); OAuthFetcherConfig config = new OAuthFetcherConfig(crypter, tokenStore, new TimeSource(), callbackGenerator, false); assertEquals(crypter, config.getStateCrypter()); assertEquals(tokenStore, config.getTokenStore()); assertEquals(callbackGenerator, config.getOAuthCallbackGenerator()); assertFalse(config.isViewerAccessTokensEnabled()); } }
@Test public void testOAuthFetcherConfig() { BlobCrypter crypter = mock(BlobCrypter.class); mock(HttpCache.class); GadgetOAuthTokenStore tokenStore = mock(GadgetOAuthTokenStore.class); OAuthCallbackGenerator callbackGenerator = mock(OAuthCallbackGenerator.class); OAuthFetcherConfig config = new OAuthFetcherConfig(crypter, tokenStore, new TimeSource(), callbackGenerator, false); assertEquals(crypter, config.getStateCrypter()); assertEquals(tokenStore, config.getTokenStore()); assertEquals(callbackGenerator, config.getOAuthCallbackGenerator()); assertFalse(config.isViewerAccessTokensEnabled()); } }
@Test public void testOAuthFetcherConfig() { BlobCrypter crypter = mock(BlobCrypter.class); mock(HttpCache.class); GadgetOAuthTokenStore tokenStore = mock(GadgetOAuthTokenStore.class); OAuthCallbackGenerator callbackGenerator = mock(OAuthCallbackGenerator.class); OAuthFetcherConfig config = new OAuthFetcherConfig(crypter, tokenStore, new TimeSource(), callbackGenerator, false); assertEquals(crypter, config.getStateCrypter()); assertEquals(tokenStore, config.getTokenStore()); assertEquals(callbackGenerator, config.getOAuthCallbackGenerator()); assertFalse(config.isViewerAccessTokensEnabled()); } }