OAuth10CredentialsTest.cpp source code [POCO/Net/testsuite/src/OAuth10CredentialsTest.cpp]

1	//
2	// OAuth10CredentialsTest.cpp
3	//
4	// Copyright (c) 2014, Applied Informatics Software Engineering GmbH.
5	// and Contributors.
6	//
7	// SPDX-License-Identifier: BSL-1.0
8	//
9
10
11	#include "OAuth10CredentialsTest.h"
12	#include "Poco/CppUnit/TestCaller.h"
13	#include "Poco/CppUnit/TestSuite.h"
14	#include "Poco/Net/HTTPRequest.h"
15	#include "Poco/Net/HTTPResponse.h"
16	#include "Poco/Net/OAuth10Credentials.h"
17	#include "Poco/Net/NetException.h"
18	#include "Poco/Net/HTMLForm.h"
19	#include "Poco/URI.h"
20
21
22	using Poco::Net::HTTPRequest;
23	using Poco::Net::HTTPResponse;
24	using Poco::Net::OAuth10Credentials;
25	using Poco::Net::NotAuthenticatedException;
26	using Poco::Net::HTMLForm;
27	using Poco::URI;
28
29
30	OAuth10CredentialsTest::OAuth10CredentialsTest(const std::string& name): CppUnit::TestCase (name)
31	{
32	}
33
34
35	OAuth10CredentialsTest::~OAuth10CredentialsTest()
36	{
37	}
38
39
40	void OAuth10CredentialsTest::testCallback()
41	{
42	// Note: Request taken from <https://dev.twitter.com/web/sign-in/implementing>
43	//
44	// POST /oauth/request_token HTTP/1.1
45	// Host: api.twitter.com
46	// Authorization:
47	// OAuth oauth_callback="http%3A%2F%2Flocalhost%2Fsign-in-with-twitter%2F",
48	// oauth_consumer_key="cChZNFj6T5R0TigYB9yd1w",
49	// oauth_nonce="ea9ec8429b68d6b77cd5600adbbb0456",
50	// oauth_signature="F1Li3tvehgcraF8DMJ7OyxO4w9Y%3D",
51	// oauth_signature_method="HMAC-SHA1",
52	// oauth_timestamp="1318467427",
53	// oauth_version="1.0"
54
55
56	URI uri("https://api.twitter.com/oauth/request_token");
57	OAuth10Credentials creds("cChZNFj6T5R0TigYB9yd1w", "L8qq9PZyRg6ieKGEKhZolGC0vJWLw8iEJ88DRdyOg");
58	creds.setCallback("http://localhost/sign-in-with-twitter/");
59	creds.nonceAndTimestampForTesting("ea9ec8429b68d6b77cd5600adbbb0456", "1318467427");
60	HTTPRequest request(HTTPRequest::HTTP_POST, uri.getPathEtc());
61
62	creds.authenticate(request, uri);
63
64	std::string auth = request.get("Authorization");
65	assertTrue (auth == "OAuth"
66	" oauth_consumer_key=\"cChZNFj6T5R0TigYB9yd1w\","
67	" oauth_nonce=\"ea9ec8429b68d6b77cd5600adbbb0456\","
68	" oauth_signature=\"F1Li3tvehgcraF8DMJ7OyxO4w9Y%3D\","
69	" oauth_signature_method=\"HMAC-SHA1\","
70	" oauth_timestamp=\"1318467427\","
71	" oauth_callback=\"http%3A%2F%2Flocalhost%2Fsign-in-with-twitter%2F\","
72	" oauth_version=\"1.0\"");
73	}
74
75
76	void OAuth10CredentialsTest::testParams()
77	{
78	// Note: Request taken from <https://dev.twitter.com/oauth/overview/authorizing-requests>
79	// and <https://dev.twitter.com/oauth/overview/creating-signatures>.
80	//
81	// POST /1/statuses/update.json?include_entities=true HTTP/1.1
82	// Content-Type: application/x-www-form-urlencoded
83	// Authorization:
84	// OAuth oauth_consumer_key="xvz1evFS4wEEPTGEFPHBog",
85	// oauth_nonce="kYjzVBB8Y0ZFabxSWbWovY3uYSQ2pTgmZeNu2VS4cg",
86	// oauth_signature="tnnArxj06cWHq44gCs1OSKk%2FjLY%3D",
87	// oauth_signature_method="HMAC-SHA1",
88	// oauth_timestamp="1318622958",
89	// oauth_token="370773112-GmHxMAgYyLbNEtIKZeRNFsMKPR9EyMZeS9weJAEb",
90	// oauth_version="1.0"
91	// Content-Length: 76
92	// Host: api.twitter.com
93	//
94	// status=Hello%20Ladies%20%2b%20Gentlemen%2c%20a%20signed%20OAuth%20request%21
95
96	URI uri("https://api.twitter.com/1/statuses/update.json?include_entities=true");
97	OAuth10Credentials creds(
98	"xvz1evFS4wEEPTGEFPHBog",
99	"kAcSOqF21Fu85e7zjz7ZN2U4ZRhfV3WpwPAoE3Z7kBw",
100	"370773112-GmHxMAgYyLbNEtIKZeRNFsMKPR9EyMZeS9weJAEb",
101	"LswwdoUaIvS8ltyTt5jkRh4J50vUPVVHtR2YPi5kE"
102	);
103	creds.nonceAndTimestampForTesting("kYjzVBB8Y0ZFabxSWbWovY3uYSQ2pTgmZeNu2VS4cg", "1318622958");
104	HTTPRequest request(HTTPRequest::HTTP_POST, uri.getPathEtc());
105
106	HTMLForm params;
107	params.set("include_entities", "true");
108	params.set("status", "Hello Ladies + Gentlemen, a signed OAuth request!");
109
110	creds.authenticate(request, uri, params);
111
112	std::string auth = request.get("Authorization");
113	assertTrue (auth == "OAuth"
114	" oauth_consumer_key=\"xvz1evFS4wEEPTGEFPHBog\","
115	" oauth_nonce=\"kYjzVBB8Y0ZFabxSWbWovY3uYSQ2pTgmZeNu2VS4cg\","
116	" oauth_signature=\"tnnArxj06cWHq44gCs1OSKk%2FjLY%3D\","
117	" oauth_signature_method=\"HMAC-SHA1\","
118	" oauth_timestamp=\"1318622958\","
119	" oauth_token=\"370773112-GmHxMAgYyLbNEtIKZeRNFsMKPR9EyMZeS9weJAEb\","
120	" oauth_version=\"1.0\"");
121	}
122
123
124	void OAuth10CredentialsTest::testRealm()
125	{
126	// Note: Request taken from <https://dev.twitter.com/oauth/overview/authorizing-requests>
127	// and <https://dev.twitter.com/oauth/overview/creating-signatures>.
128	//
129	// POST /1/statuses/update.json?include_entities=true HTTP/1.1
130	// Content-Type: application/x-www-form-urlencoded
131	// Authorization:
132	// OAuth realm="Twitter API"
133	// oauth_consumer_key="xvz1evFS4wEEPTGEFPHBog",
134	// oauth_nonce="kYjzVBB8Y0ZFabxSWbWovY3uYSQ2pTgmZeNu2VS4cg",
135	// oauth_signature="tnnArxj06cWHq44gCs1OSKk%2FjLY%3D",
136	// oauth_signature_method="HMAC-SHA1",
137	// oauth_timestamp="1318622958",
138	// oauth_token="370773112-GmHxMAgYyLbNEtIKZeRNFsMKPR9EyMZeS9weJAEb",
139	// oauth_version="1.0"
140	// Content-Length: 76
141	// Host: api.twitter.com
142	//
143	// status=Hello%20Ladies%20%2b%20Gentlemen%2c%20a%20signed%20OAuth%20request%21
144
145	URI uri("https://api.twitter.com/1/statuses/update.json?include_entities=true");
146	OAuth10Credentials creds(
147	"xvz1evFS4wEEPTGEFPHBog",
148	"kAcSOqF21Fu85e7zjz7ZN2U4ZRhfV3WpwPAoE3Z7kBw",
149	"370773112-GmHxMAgYyLbNEtIKZeRNFsMKPR9EyMZeS9weJAEb",
150	"LswwdoUaIvS8ltyTt5jkRh4J50vUPVVHtR2YPi5kE"
151	);
152	creds.setRealm("Twitter API");
153	creds.nonceAndTimestampForTesting("kYjzVBB8Y0ZFabxSWbWovY3uYSQ2pTgmZeNu2VS4cg", "1318622958");
154	HTTPRequest request(HTTPRequest::HTTP_POST, uri.getPathEtc());
155
156	HTMLForm params;
157	params.set("include_entities", "true");
158	params.set("status", "Hello Ladies + Gentlemen, a signed OAuth request!");
159
160	creds.authenticate(request, uri, params);
161
162	std::string auth = request.get("Authorization");
163	assertTrue (auth == "OAuth"
164	" realm=\"Twitter API\","
165	" oauth_consumer_key=\"xvz1evFS4wEEPTGEFPHBog\","
166	" oauth_nonce=\"kYjzVBB8Y0ZFabxSWbWovY3uYSQ2pTgmZeNu2VS4cg\","
167	" oauth_signature=\"tnnArxj06cWHq44gCs1OSKk%2FjLY%3D\","
168	" oauth_signature_method=\"HMAC-SHA1\","
169	" oauth_timestamp=\"1318622958\","
170	" oauth_token=\"370773112-GmHxMAgYyLbNEtIKZeRNFsMKPR9EyMZeS9weJAEb\","
171	" oauth_version=\"1.0\"");
172	}
173
174
175	void OAuth10CredentialsTest::testPlaintext()
176	{
177	URI uri("https://api.twitter.com/oauth/request_token");
178	OAuth10Credentials creds("consumerKey", "consumerSecret");
179	creds.setCallback("http://localhost/sign-in-with-twitter/");
180	HTTPRequest request(HTTPRequest::HTTP_POST, uri.getPathEtc());
181
182	creds.authenticate(request, uri, OAuth10Credentials::SIGN_PLAINTEXT);
183
184	std::string auth = request.get("Authorization");
185
186	assertTrue (auth == "OAuth"
187	" oauth_consumer_key=\"consumerKey\","
188	" oauth_signature=\"consumerSecret%26\","
189	" oauth_signature_method=\"PLAINTEXT\","
190	" oauth_callback=\"http%3A%2F%2Flocalhost%2Fsign-in-with-twitter%2F\","
191	" oauth_version=\"1.0\"");
192	}
193
194
195	void OAuth10CredentialsTest::testVerify()
196	{
197	URI uri("https://api.twitter.com/1/statuses/update.json?include_entities=true");
198	HTTPRequest request(HTTPRequest::HTTP_POST, uri.getPathEtc());
199	request.set("Authorization", "OAuth"
200	" oauth_consumer_key=\"xvz1evFS4wEEPTGEFPHBog\","
201	" oauth_nonce=\"kYjzVBB8Y0ZFabxSWbWovY3uYSQ2pTgmZeNu2VS4cg\","
202	" oauth_signature=\"tnnArxj06cWHq44gCs1OSKk%2FjLY%3D\","
203	" oauth_signature_method=\"HMAC-SHA1\","
204	" oauth_timestamp=\"1318622958\","
205	" oauth_token=\"370773112-GmHxMAgYyLbNEtIKZeRNFsMKPR9EyMZeS9weJAEb\","
206	" oauth_version=\"1.0\"");
207
208	OAuth10Credentials creds(request);
209	assertTrue (creds.getConsumerKey() == "xvz1evFS4wEEPTGEFPHBog");
210	assertTrue (creds.getToken() == "370773112-GmHxMAgYyLbNEtIKZeRNFsMKPR9EyMZeS9weJAEb");
211	creds.setConsumerSecret("kAcSOqF21Fu85e7zjz7ZN2U4ZRhfV3WpwPAoE3Z7kBw");
212	creds.setTokenSecret("LswwdoUaIvS8ltyTt5jkRh4J50vUPVVHtR2YPi5kE");
213
214	HTMLForm params;
215	params.read(uri.getRawQuery());
216	params.read("status=Hello%20Ladies%20%2b%20Gentlemen%2c%20a%20signed%20OAuth%20request%21");
217
218	assertTrue (creds.verify(request, uri, params));
219	}
220
221
222	void OAuth10CredentialsTest::testVerifyPlaintext()
223	{
224	URI uri("https://api.twitter.com/oauth/request_token");
225	HTTPRequest request(HTTPRequest::HTTP_POST, uri.getPathEtc());
226	request.set("Authorization", "OAuth"
227	" oauth_consumer_key=\"consumerKey\","
228	" oauth_signature=\"consumerSecret%26\","
229	" oauth_signature_method=\"PLAINTEXT\","
230	" oauth_callback=\"http%3A%2F%2Flocalhost%2Fsign-in-with-twitter%2F\","
231	" oauth_version=\"1.0\"");
232
233	OAuth10Credentials creds(request);
234	assertTrue (creds.getConsumerKey() == "consumerKey");
235	creds.setConsumerSecret("consumerSecret");
236
237	assertTrue (creds.verify(request, uri));
238	assertTrue (creds.getCallback() == "http://localhost/sign-in-with-twitter/");
239	}
240
241
242	void OAuth10CredentialsTest::setUp()
243	{
244	}
245
246
247	void OAuth10CredentialsTest::tearDown()
248	{
249	}
250
251
252	CppUnit::Test* OAuth10CredentialsTest::suite()
253	{
254	CppUnit::TestSuite* pSuite = new CppUnit::TestSuite ("OAuth10CredentialsTest");
255
256	CppUnit_addTest(pSuite, OAuth10CredentialsTest, testCallback);
257	CppUnit_addTest(pSuite, OAuth10CredentialsTest, testParams);
258	CppUnit_addTest(pSuite, OAuth10CredentialsTest, testRealm);
259	CppUnit_addTest(pSuite, OAuth10CredentialsTest, testPlaintext);
260	CppUnit_addTest(pSuite, OAuth10CredentialsTest, testVerify);
261	CppUnit_addTest(pSuite, OAuth10CredentialsTest, testVerifyPlaintext);
262
263	return pSuite;
264	}
265

Browse the source code of POCO/Net/testsuite/src/OAuth10CredentialsTest.cpp