Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Fetching contributors…

Cannot retrieve contributors at this time

254 lines (202 sloc) 7.738 kb
from nose.tools import with_setup
from datetime import datetime, timedelta
from django.test.client import Client
from django.test.client import RequestFactory
from django.core.urlresolvers import reverse
from django.core.management import call_command
from django.conf import settings
from fandjango.middleware import FacebookMiddleware
from fandjango.models import User
from fandjango.models import OAuthToken
from fandjango.utils import get_post_authorization_redirect_url
from .helpers import assert_contains
from facepy import GraphAPI, SignedRequest
TEST_APPLICATION_ID = '181259711925270'
TEST_APPLICATION_SECRET = '214e4cb484c28c35f18a70a3d735999b'
TEST_SIGNED_REQUEST = 'MJ1IzETiVz6zwqm2K-AxFjXxThBTwKCTU2Hmc6yMiMI.eyJh' \
'bGdvcml0aG0iOiJITUFDLVNIQTI1NiIsImV4cGlyZXMiOjEz' \
'NDEzMjQwMDAsImlzc3VlZF9hdCI6MTM0MTMxOTE4Niwib2F1' \
'dGhfdG9rZW4iOiJBQUFDazJ0Qzl6QllCQUw1UkVQUG5iYjF5' \
'OVpDcHgxcXdpZG5XWkFhMnRhbjNqWkJocEJhNVB4T3VyQmpa' \
'QlgwbXlzck9tbHBWSVUwT2daQ3FDcTUwajRiWkFVQTlQQzlX' \
'MVFlQUwyOFpDMFZMd1pEWkQiLCJ1c2VyIjp7ImNvdW50cnki' \
'OiJubyIsImxvY2FsZSI6ImVuX0dCIiwiYWdlIjp7Im1pbiI6' \
'MjF9fSwidXNlcl9pZCI6IjU4NjA1MjMzNiJ9'
call_command('syncdb', interactive=False)
call_command('migrate', interactive=False)
request_factory = RequestFactory()
@with_setup(teardown = lambda: call_command('flush', interactive=False))
def test_method_override():
"""
Verify that the request method is overridden
from POST to GET if it contains a signed request.
"""
facebook_middleware = FacebookMiddleware()
request = request_factory.post(
path = reverse('home'),
data = {
'signed_request': TEST_SIGNED_REQUEST
}
)
facebook_middleware.process_request(request)
assert request.method == 'GET'
@with_setup(teardown = lambda: call_command('flush', interactive=False))
def test_application_authorization():
"""
Verify that the user is redirected to authorize the application
upon querying a view decorated by ``facebook_authorization_required``
sans signed request.
"""
client = Client()
response = client.get(
path = reverse('home')
)
# There's no way to derive the view the response originated from in Django,
# so verifying its status code will have to suffice.
assert response.status_code == 401
response = client.get(
path = reverse('redirect')
)
# Verify that the URL the user is redirected to will in turn redirect to
# "http://example.org".
assert_contains("example.org", response.content)
@with_setup(teardown = lambda: call_command('flush', interactive=False))
def test_application_authorization_with_additional_permissions():
"""
Verify that the user is redirected to authorize the application upon querying a view
decorated by ``facebook_authorization_required`` and a list of additional
permissions sans signed request.
"""
client = Client()
response = client.get(
path = reverse('places')
)
# There's no way to derive the view the response originated from in Django,
# so verifying its status code will have to suffice.
assert response.status_code == 401
@with_setup(teardown = lambda: call_command('flush', interactive=False))
def test_authorization_denied():
"""
Verify that the view referred to by AUTHORIZATION_DENIED_VIEW is
rendered upon refusing to authorize the application.
"""
client = Client()
response = client.get(
path = reverse('home'),
data = {
'error': 'access_denied'
}
)
# There's no way to derive the view the response originated from in Django,
# so verifying its status code will have to suffice.
assert response.status_code == 403
@with_setup(teardown = lambda: call_command('flush', interactive=False))
def test_application_deauthorization():
"""
Verify that users are marked as deauthorized upon
deauthorizing the application.
"""
client = Client()
client.post(
path = reverse('home'),
data = {
'signed_request': TEST_SIGNED_REQUEST
}
)
user = User.objects.get(id=1)
assert user.authorized == True
response = client.post(
path = reverse('deauthorize_application'),
data = {
'signed_request': TEST_SIGNED_REQUEST
}
)
user = User.objects.get(id=1)
assert user.authorized == False
@with_setup(teardown = lambda: call_command('flush', interactive=False))
def test_signed_request_renewal():
"""
Verify that users are redirected to renew their signed requests
once they expire.
"""
client = Client()
signed_request = SignedRequest(TEST_SIGNED_REQUEST, TEST_APPLICATION_SECRET)
signed_request.user.oauth_token.expires_at = datetime.now() - timedelta(days=1)
response = client.get(
path = reverse('home'),
data = {
'signed_request': signed_request.generate()
}
)
# There's no way to derive the view the response originated from in Django,
# so verifying its status code will have to suffice.
assert response.status_code == 401
@with_setup(teardown = lambda: call_command('flush', interactive=False))
def test_registration():
"""
Verify that authorizing the application will register a new user.
"""
client = Client()
client.post(
path = reverse('home'),
data = {
'signed_request': TEST_SIGNED_REQUEST
}
)
user = User.objects.get(id=1)
assert user.first_name == user.graph.get('me')['first_name']
assert user.last_name == user.graph.get('me')['last_name']
assert user.url == user.graph.get('me')['link']
@with_setup(teardown = lambda: call_command('flush', interactive=False))
def test_user_synchronization():
"""
Verify that users may be synchronized.
"""
client = Client()
client.post(
path = reverse('home'),
data = {
'signed_request': TEST_SIGNED_REQUEST
}
)
user = User.objects.get(id=1)
user.synchronize()
@with_setup(teardown = lambda: call_command('flush', interactive=False))
def test_user_permissions():
"""
Verify that users maintain a list of permissions granted to the application.
"""
client = Client()
client.post(
path = reverse('home'),
data = {
'signed_request': TEST_SIGNED_REQUEST
}
)
user = User.objects.get(id=1)
assert 'installed' in user.permissions
@with_setup(teardown = lambda: call_command('flush', interactive=False))
def test_extend_oauth_token():
"""
Verify that OAuth access tokens may be extended.
"""
client = Client()
client.post(
path = reverse('home'),
data = {
'signed_request': TEST_SIGNED_REQUEST
}
)
user = User.objects.get(id=1)
user.oauth_token.extend()
# Facebook doesn't extend access tokens for test users, so asserting
# the expiration time will have to suffice.
assert user.oauth_token.expires_at
@with_setup(teardown = lambda: call_command('flush', interactive=False))
def test_get_post_authorization_redirect_url():
"""
Verify that Fandjango redirects the user correctly upon authorizing the application.
"""
request = request_factory.get('/foo/bar/baz')
redirect_url = get_post_authorization_redirect_url(request)
assert redirect_url == 'http://apps.facebook.com/fandjango-test/bar/baz'
Jump to Line
Something went wrong with that request. Please try again.