/test/core/service-provider.lisp
Lisp | 126 lines | 90 code | 29 blank | 7 comment | 0 complexity | e205a26965cd10734182c227bb0a4636 MD5 | raw file
1 2(in-package :oauth-test) 3 4(def-suite service-provider :in oauth) 5 6(in-suite service-provider) 7 8;; TODO tests for check-nonce-and-timestamp 9 10 11(test check-version.valid 12 (let ((*get-parameters* '(("oauth_version" . "1.0")))) 13 (finishes (check-version)))) 14 15(test check-version.invalid 16 (let ((*get-parameters* '(("oauth_version" . "foo")))) 17 (signals error (check-version)))) 18 19 20(defmacro with-signed-request ((&key user-parameters 21 22 (version "1.0") 23 (timestamp (get-universal-time)) 24 (nonce (random most-positive-fixnum)) 25 26 signature-override 27 (signature-method "HMAC-SHA1") 28 29 (consumer-token (make-consumer-token)) 30 31 token 32 verification-code) 33 &body body) 34 "Execute BODY in a signed request environment. SIGNATURE-OVERRIDE may be used 35to provide a specific signature (which is supposed to be base64-urlencoded)." 36 `(progn 37 (register-token ,consumer-token) 38 (when ,token 39 (assert (typep ,token '(or request-token access-token))) 40 (setf (token-consumer ,token) ,consumer-token) 41 (register-token ,token)) 42 (let* ((*request-object* (random most-positive-fixnum)) 43 (*request-method* :get) 44 (*request-uri* "/foo") 45 (parameters (append ',user-parameters 46 (list (cons "oauth_version" ,version) 47 (cons "oauth_signature_method" ,signature-method) 48 (cons "oauth_consumer_key" (token-key ,consumer-token)) 49 (cons "oauth_timestamp" (princ-to-string ,timestamp)) 50 (cons "oauth_nonce" (princ-to-string ,nonce))) 51 (when ,token 52 (list (cons "oauth_token" (token-key ,token)))) 53 (when (and ,token (typep ,token 'request-token)) 54 (list (cons "oauth_verifier" (or ,verification-code 55 (request-token-verification-code ,token))))))) 56 (signature (or ,signature-override 57 (encode-signature 58 (hmac-sha1 (signature-base-string :parameters (sort-parameters 59 (copy-alist parameters))) 60 (hmac-key (token-secret ,consumer-token) 61 (when ,token (token-secret ,token)))) 62 nil))) 63 (*get-parameters* (cons (cons "oauth_signature" signature) parameters))) 64 (setf (gethash (request) oauth::*signature-cache*) signature) 65 ,@body) 66 (when ,token 67 (unregister-token ,token)) 68 (unregister-token ,consumer-token))) 69 70 71;; TODO check for specific errors in the following tests. 72(test check-signature.invalid-method 73 (with-signed-request (:signature-method "foo") 74 (signals error (check-signature)))) 75 76(test check-signature.invalid 77 (with-signed-request (:signature-override "haha") 78 (signals error (check-signature)))) 79 80(test check-signature.valid 81 (with-signed-request () 82 (finishes (check-signature)))) 83 84(test check-signature.valid2 85 (with-signed-request () 86 (finishes (check-signature)))) 87 88 89;;;; high-level API 90 91;;; phase 1 92(test (validate-request-token-request.oob 93 :depends-on (and check-version.valid check-signature.valid)) 94 (with-signed-request (:user-parameters (("oauth_callback" . "oob"))) 95 (is (typep (validate-request-token-request :allow-oob-callback-p t) 'request-token)))) 96 97(test (validate-request-token-request.oob-disallowed 98 :depends-on (and check-version.valid check-signature.valid)) 99 (with-signed-request (:user-parameters (("oauth_callback" . "oob"))) 100 (signals error (validate-request-token-request :allow-oob-callback-p nil)))) 101 102(test (validate-request-token-request.callback-uri 103 :depends-on (and check-version.valid check-signature.valid)) 104 (with-signed-request (:user-parameters (("oauth_callback" . "http://example.com/bar"))) 105 (is (typep (validate-request-token-request :allow-oob-callback-p nil) 'request-token)))) 106 107 108;;; phase 2 109(test (validate-access-token-request.valid-request-token 110 :depends-on (and check-version.valid check-signature.valid)) 111 (let ((request-token (make-request-token)) 112 (*protocol-version* :1.0a)) 113 (setf (request-token-authorized-p request-token) t) 114 (with-signed-request (:token request-token) 115 (is (typep (validate-access-token-request) 'access-token))))) 116 117;; TODO more tests, esp. for invalid requests. 118 119 120;;; phase 3 121(test (validate-access-token.valid 122 :depends-on (and check-version.valid check-signature.valid)) 123 (let ((access-token (make-access-token))) 124 (with-signed-request (:token access-token) 125 (is (eq t (validate-access-token)))))) 126