PageRenderTime 122ms CodeModel.GetById 23ms RepoModel.GetById 1ms app.codeStats 0ms

/test/core/service-provider.lisp

http://github.com/skypher/cl-oauth
Lisp | 126 lines | 90 code | 29 blank | 7 comment | 0 complexity | e205a26965cd10734182c227bb0a4636 MD5 | raw file
Possible License(s): LGPL-3.0
  1. (in-package :oauth-test)
  2. (def-suite service-provider :in oauth)
  3. (in-suite service-provider)
  4. ;; TODO tests for check-nonce-and-timestamp
  5. (test check-version.valid
  6. (let ((*get-parameters* '(("oauth_version" . "1.0"))))
  7. (finishes (check-version))))
  8. (test check-version.invalid
  9. (let ((*get-parameters* '(("oauth_version" . "foo"))))
  10. (signals error (check-version))))
  11. (defmacro with-signed-request ((&key user-parameters
  12. (version "1.0")
  13. (timestamp (get-universal-time))
  14. (nonce (random most-positive-fixnum))
  15. signature-override
  16. (signature-method "HMAC-SHA1")
  17. (consumer-token (make-consumer-token))
  18. token
  19. verification-code)
  20. &body body)
  21. "Execute BODY in a signed request environment. SIGNATURE-OVERRIDE may be used
  22. to provide a specific signature (which is supposed to be base64-urlencoded)."
  23. `(progn
  24. (register-token ,consumer-token)
  25. (when ,token
  26. (assert (typep ,token '(or request-token access-token)))
  27. (setf (token-consumer ,token) ,consumer-token)
  28. (register-token ,token))
  29. (let* ((*request-object* (random most-positive-fixnum))
  30. (*request-method* :get)
  31. (*request-uri* "/foo")
  32. (parameters (append ',user-parameters
  33. (list (cons "oauth_version" ,version)
  34. (cons "oauth_signature_method" ,signature-method)
  35. (cons "oauth_consumer_key" (token-key ,consumer-token))
  36. (cons "oauth_timestamp" (princ-to-string ,timestamp))
  37. (cons "oauth_nonce" (princ-to-string ,nonce)))
  38. (when ,token
  39. (list (cons "oauth_token" (token-key ,token))))
  40. (when (and ,token (typep ,token 'request-token))
  41. (list (cons "oauth_verifier" (or ,verification-code
  42. (request-token-verification-code ,token)))))))
  43. (signature (or ,signature-override
  44. (encode-signature
  45. (hmac-sha1 (signature-base-string :parameters (sort-parameters
  46. (copy-alist parameters)))
  47. (hmac-key (token-secret ,consumer-token)
  48. (when ,token (token-secret ,token))))
  49. nil)))
  50. (*get-parameters* (cons (cons "oauth_signature" signature) parameters)))
  51. (setf (gethash (request) oauth::*signature-cache*) signature)
  52. ,@body)
  53. (when ,token
  54. (unregister-token ,token))
  55. (unregister-token ,consumer-token)))
  56. ;; TODO check for specific errors in the following tests.
  57. (test check-signature.invalid-method
  58. (with-signed-request (:signature-method "foo")
  59. (signals error (check-signature))))
  60. (test check-signature.invalid
  61. (with-signed-request (:signature-override "haha")
  62. (signals error (check-signature))))
  63. (test check-signature.valid
  64. (with-signed-request ()
  65. (finishes (check-signature))))
  66. (test check-signature.valid2
  67. (with-signed-request ()
  68. (finishes (check-signature))))
  69. ;;;; high-level API
  70. ;;; phase 1
  71. (test (validate-request-token-request.oob
  72. :depends-on (and check-version.valid check-signature.valid))
  73. (with-signed-request (:user-parameters (("oauth_callback" . "oob")))
  74. (is (typep (validate-request-token-request :allow-oob-callback-p t) 'request-token))))
  75. (test (validate-request-token-request.oob-disallowed
  76. :depends-on (and check-version.valid check-signature.valid))
  77. (with-signed-request (:user-parameters (("oauth_callback" . "oob")))
  78. (signals error (validate-request-token-request :allow-oob-callback-p nil))))
  79. (test (validate-request-token-request.callback-uri
  80. :depends-on (and check-version.valid check-signature.valid))
  81. (with-signed-request (:user-parameters (("oauth_callback" . "http://example.com/bar")))
  82. (is (typep (validate-request-token-request :allow-oob-callback-p nil) 'request-token))))
  83. ;;; phase 2
  84. (test (validate-access-token-request.valid-request-token
  85. :depends-on (and check-version.valid check-signature.valid))
  86. (let ((request-token (make-request-token))
  87. (*protocol-version* :1.0a))
  88. (setf (request-token-authorized-p request-token) t)
  89. (with-signed-request (:token request-token)
  90. (is (typep (validate-access-token-request) 'access-token)))))
  91. ;; TODO more tests, esp. for invalid requests.
  92. ;;; phase 3
  93. (test (validate-access-token.valid
  94. :depends-on (and check-version.valid check-signature.valid))
  95. (let ((access-token (make-access-token)))
  96. (with-signed-request (:token access-token)
  97. (is (eq t (validate-access-token))))))