package com.belladati.sdk.auth.impl; import static org.testng.Assert.assertEquals; import static org.testng.Assert.assertFalse; import static org.testng.Assert.assertTrue; import java.io.IOException; import java.io.UnsupportedEncodingException; import java.net.URLEncoder; import java.util.Map; import org.apache.http.entity.StringEntity; import org.testng.annotations.Test; import com.belladati.sdk.BellaDati; import com.belladati.sdk.BellaDatiConnection; import com.belladati.sdk.BellaDatiService; import com.belladati.sdk.auth.OAuthRequest; import com.belladati.sdk.test.SDKTest; import com.belladati.sdk.test.TestRequestHandler; import com.fasterxml.jackson.databind.ObjectMapper; import com.fasterxml.jackson.databind.node.ObjectNode; /** * Tests authentication using the SDK. Currently doesn't check signatures or * SSL, but ensures the correct keys and tokens are sent. * * @author Chris Hennigfeld */ @Test public class AuthenticationTest extends SDKTest { /** Tests OAuth authentication. */ public void oAuth() { final String key = "key"; final String secret = "secret"; final String requestToken = "requestToken"; final String requestSecret = "requestSecret"; String requestTokenURI = "/oauth/requestToken"; server.register(requestTokenURI, new TestRequestHandler() { @Override protected void handle(HttpHolder holder) throws IOException { holder.assertAuth(key, null); holder.response .setEntity(new StringEntity("oauth_token=" + requestToken + "&oauth_token_secret=" + requestSecret)); } }); BellaDatiConnection connection = BellaDati.connect(server.getHttpURL()); OAuthRequest oAuth = connection.oAuth(key, secret); assertTrue(connection.toString().contains(server.getHttpURL())); assertTrue(oAuth.toString().contains(server.getHttpURL())); assertTrue(oAuth.toString().contains(key)); assertFalse(oAuth.toString().contains(secret)); final String accessToken = "accessToken"; final String accessSecret = "accessSecret"; String accessTokenURI = "/oauth/accessToken"; server.register(accessTokenURI, new TestRequestHandler() { @Override protected void handle(HttpHolder holder) throws IOException { holder.assertAuth(key, requestToken); holder.response.setEntity(new StringEntity("oauth_token=" + accessToken + "&oauth_token_secret=" + accessSecret)); } }); BellaDatiService service = oAuth.requestAccess(); String reportsURI = queryReports(service, key, accessToken); server.assertRequestUris(requestTokenURI, accessTokenURI, reportsURI); assertTrue(service.toString().contains(server.getHttpURL())); assertTrue(service.toString().contains(key)); assertTrue(service.toString().contains(accessToken)); assertFalse(service.toString().contains(accessSecret)); } /** * Auth URL is correct when there's no redirect. */ public void authUrlNoRedirect() { // set up connnection and server BellaDatiConnection connection = BellaDati.connect(server.getHttpURL()); final String key = "key"; final String requestToken = "abc123"; server.register("/oauth/requestToken", "oauth_token=" + requestToken + "&oauth_token_secret=123abc"); OAuthRequest request = connection.oAuth(key, "secret"); assertEquals(request.getAuthorizationUrl().toString(), server.getHttpURL() + "/authorizeRequestToken/" + requestToken + "/" + key, "Unexpected authorization URL"); } /** * Valid redirect URL is appended. */ public void authUrlValidRedirect() throws UnsupportedEncodingException { // set up connnection and server BellaDatiConnection connection = BellaDati.connect(server.getHttpURL()); final String key = "key"; final String requestToken = "abc123"; final String redirectUrl = "http://www.example.com"; server.register("/oauth/requestToken", new TestRequestHandler() { @Override protected void handle(HttpHolder holder) throws IOException { assertEquals(holder.authHeaders.get("oauth_callback"), URLEncoder.encode(redirectUrl, "UTF-8"), "Wrong callback"); assertEquals(holder.getRequestBody(), ""); holder.response.setEntity(new StringEntity("oauth_token=" + requestToken + "&oauth_token_secret=123abc")); } }); OAuthRequest request = connection.oAuth(key, "secret", redirectUrl); assertEquals(request.getAuthorizationUrl().toString(), server.getHttpURL() + "/authorizeRequestToken/" + requestToken + "/" + key, "Unexpected authorization URL"); } /** * Invalid redirect URL leads to exception. */ @Test(expectedExceptions = IllegalArgumentException.class) public void authUrlInvalidRedirect() { // set up connnection and server BellaDatiConnection connection = BellaDati.connect(server.getHttpURL()); final String key = "key"; final String requestToken = "abc123"; String redirectUrl = "not a URL"; server.register("/oauth/requestToken", "oauth_token=" + requestToken + "&oauth_token_secret=123abc"); connection.oAuth(key, "secret", redirectUrl); } /** Tests xAuth authentication. */ public void xAuth() { final String key = "key"; final String secret = "secret"; final String username = "username"; final String password = "password"; final String accessToken = "accessToken"; final String accessSecret = "accessSecret"; String accessTokenURI = "/oauth/accessToken"; server.register(accessTokenURI, new TestRequestHandler() { @Override protected void handle(HttpHolder holder) throws IOException { holder.assertAuth(key, null); Map<String, String> formParams = holder.getFormParameters(); assertEquals(formParams.get("x_auth_username"), username, "Unexpected username"); assertEquals(formParams.get("x_auth_password"), password, "Unexpected password"); holder.response.setEntity(new StringEntity("oauth_token=" + accessToken + "&oauth_token_secret=" + accessSecret)); } }); BellaDatiService service = BellaDati.connect(server.getHttpURL()).xAuth(key, secret, username, password); String reportsURI = queryReports(service, key, accessToken); server.assertRequestUris(accessTokenURI, reportsURI); assertTrue(service.toString().contains(server.getHttpURL())); assertTrue(service.toString().contains(key)); assertTrue(service.toString().contains(accessToken)); assertFalse(service.toString().contains(accessSecret)); } /** * Sends a query to the reports API, verifying the specified key and token * are used. * * @param service service to use for the query * @param key consumer key * @param token access token * @return the server URI queried */ private String queryReports(BellaDatiService service, final String key, final String token) { String reportsURI = "/api/reports"; server.register(reportsURI, new TestRequestHandler() { @Override protected void handle(HttpHolder holder) throws IOException { holder.assertAuth(key, token); ObjectNode node = new ObjectMapper().createObjectNode(); node.put("size", 1).put("offset", 0).put("reports", new ObjectMapper().createArrayNode()); holder.response.setEntity(new StringEntity(node.toString())); } }); service.getReportInfo().load(); return reportsURI; } }