#!/usr/bin/env perl
use warnings;
use strict;
use lib 't/lib';
use Test::More tests => 58;
use TestApp::Plugin::OAuth::Test;
use Jifty::Test::WWW::Mechanize;
# setup {{{
start_server();
# create two consumers {{{
my $consumer = Jifty::Plugin::OAuth::Model::Consumer->new(current_user => Jifty::CurrentUser->superuser);
my ($ok, $msg) = $consumer->create(
consumer_key => 'foo',
secret => 'bar',
name => 'FooBar Industries',
url => 'http://foo.bar.example.com',
rsa_key => $pubkey,
);
ok($ok, $msg);
my $rsaless = Jifty::Plugin::OAuth::Model::Consumer->new(current_user => Jifty::CurrentUser->superuser);
($ok, $msg) = $rsaless->create(
consumer_key => 'foo2',
secret => 'bar2',
name => 'Backwater.org',
url => 'http://backwater.org',
);
ok($ok, $msg);
# }}}
# create user and log in {{{
my $u = TestApp::Plugin::OAuth::Model::User->new(current_user => TestApp::Plugin::OAuth::CurrentUser->superuser);
$u->create( name => 'You Zer', email => 'youzer@example.com', password => 'secret', email_confirmed => 1);
ok($u->id, "New user has valid id set");
$umech->get_ok($URL . '/login');
$umech->fill_in_action_ok($umech->moniker_for('TestApp::Plugin::OAuth::Action::Login'), email => 'youzer@example.com', password => 'secret');
$umech->submit;
$umech->content_contains('Logout');
# }}}
# }}}
# make sure we're not logged in {{{
response_is(
url => '/nuke/the/whales',
code => 200,
testname => "200 - protected resource request",
consumer_secret => 'bar',
oauth_consumer_key => 'foo',
oauth_signature_method => 'PLAINTEXT',
oauth_token => 'please',
token_secret => 'letmein',
);
$cmech->content_contains("Login with a password", "redirected to login");
$cmech->content_lacks("Press the shiny red button", "did NOT get to a protected page");
# }}}}
# basic protected request {{{
get_access_token();
response_is(
url => '/nuke/the/whales',
code => 200,
testname => "200 - protected resource request",
consumer_secret => 'bar',
oauth_consumer_key => 'foo',
oauth_signature_method => 'PLAINTEXT',
oauth_token => $token_obj->token,
token_secret => $token_obj->secret,
);
$cmech->content_contains("Press the shiny red button", "got to a protected page");
$cmech->content_contains("human #1.", "correct current_user");
# }}}
# without OAuth parameters, no access {{{
$cmech->get_ok('/nuke/the/whales');
$cmech->content_contains("Login with a password", "current_user unset");
$cmech->content_lacks("Press the shiny red button", "did NOT get to a protected page");
$cmech->content_lacks("human #1.", "did NOT get to a protected page");
# }}}
# access tokens last for more than one hit {{{
response_is(
url => '/nuke/the/whales',
code => 200,
testname => "200 - protected resource request",
consumer_secret => 'bar',
oauth_consumer_key => 'foo',
oauth_signature_method => 'PLAINTEXT',
oauth_token => $token_obj->token,
token_secret => $token_obj->secret,
);
$cmech->content_contains("Press the shiny red button", "got to a protected page");
$cmech->content_contains("human #1.", "correct current_user");
# }}}
# expired access token {{{
$token_obj->set_valid_until(DateTime->now->subtract(days => 1));
response_is(
url => '/nuke/the/whales',
code => 200,
testname => "200 - protected resource request",
consumer_secret => 'bar',
oauth_consumer_key => 'foo',
oauth_signature_method => 'PLAINTEXT',
oauth_token => $token_obj->token,
token_secret => $token_obj->secret,
);
$cmech->content_contains("Login with a password", "redirected to login");
$cmech->content_lacks("Press the shiny red button", "did NOT get to a protected page");
$cmech->content_lacks("human #1.", "did NOT get to a protected page");
# }}}
# basic protected request {{{
get_access_token();
my $good_token = $token_obj;
response_is(
url => '/nuke/the/whales',
code => 200,
testname => "200 - protected resource request",
consumer_secret => 'bar',
oauth_consumer_key => 'foo',
oauth_signature_method => 'PLAINTEXT',
oauth_token => $good_token->token,
token_secret => $good_token->secret,
);
$cmech->content_contains("Press the shiny red button", "got to a protected page");
$cmech->content_contains("human #1.", "correct current_user");
# }}}
# authorizing an access token through a protected resource request {{{
my $request_token = get_request_token();
$umech->get_ok('/oauth/authorize');
$umech->content_like(qr/If you trust this application/);
response_is(
url => '/oauth/authorize',
code => 403,
testname => "403 - not able to get to /oauth/authorize",
no_token => 1,
consumer_secret => 'bar',
oauth_consumer_key => 'foo',
oauth_signature_method => 'PLAINTEXT',
oauth_token => $good_token->token,
token_secret => $good_token->secret,
);
# }}}
# the original user can still authorize tokens {{{
$token_obj = $request_token;
allow_ok();
get_access_token(1);
# }}}
# consumer can use either token {{{
response_is(
url => '/nuke/the/whales',
code => 200,
testname => "200 - protected resource request",
consumer_secret => 'bar',
oauth_consumer_key => 'foo',
oauth_signature_method => 'PLAINTEXT',
oauth_token => $token_obj->token,
token_secret => $token_obj->secret,
);
$cmech->content_contains("Press the shiny red button", "got to a protected page");
$cmech->content_contains("human #1.", "correct current_user");
$token_obj = $good_token;
response_is(
url => '/nuke/the/whales',
code => 200,
testname => "200 - protected resource request",
consumer_secret => 'bar',
oauth_consumer_key => 'foo',
oauth_signature_method => 'PLAINTEXT',
oauth_token => $good_token->token,
token_secret => $good_token->secret,
);
$cmech->content_contains("Press the shiny red button", "got to a protected page");
$cmech->content_contains("human #1.", "correct current_user");
# }}}