Examples of org.apache.shindig.common.testing.FakeHttpServletRequest

• org.apache.shindig.common.testing.FakeHttpServletRequest
  This class fakes a HttpServletRequest for unit test purposes. Currently, it supports servlet API 2.4.

  To use this class, you specify the request info (URL, parameters) in the constructors.

  Lots of stuff are still not implemented here. Feel free to implement them.

  public void testVerifyGetSignatureInHeader() throws Exception {
    expectTokenEntry();
    expectConsumer();
    replay();
    FakeOAuthRequest get = new FakeOAuthRequest("GET", TEST_URL, null, null);
    FakeHttpServletRequest request = get.sign(TOKEN,
        FakeOAuthRequest.OAuthParamLocation.AUTH_HEADER,
        FakeOAuthRequest.BodySigning.NONE);
    assertNotNull(reqHandler.getSecurityTokenFromRequest(request));
  }

  public void testVerifyConsumerGet() throws Exception {
    expectConsumer();
    expectSecurityToken();
    replay();
    FakeOAuthRequest get = new FakeOAuthRequest("GET", TEST_URL, null, null);
    FakeHttpServletRequest request = get.sign(null,
        FakeOAuthRequest.OAuthParamLocation.URI_QUERY,
        FakeOAuthRequest.BodySigning.NONE);
    assertNotNull(reqHandler.getSecurityTokenFromRequest(request));
  }

  public void testVerifyConsumerGetSignatureInHeader() throws Exception {
    expectConsumer();
    expectSecurityToken();
    replay();
    FakeOAuthRequest get = new FakeOAuthRequest("GET", TEST_URL, null, null);
    FakeHttpServletRequest request = get.sign(null,
        FakeOAuthRequest.OAuthParamLocation.AUTH_HEADER,
        FakeOAuthRequest.BodySigning.NONE);
    assertNotNull(reqHandler.getSecurityTokenFromRequest(request));
  }

  }

  @Test
  public void testNoSignature() throws Exception {
    replay();
    FakeHttpServletRequest request = formEncodedPost.sign(null,
        FakeOAuthRequest.OAuthParamLocation.URI_QUERY,
        FakeOAuthRequest.BodySigning.NONE);
    // A request without a signature is not an OAuth request
    request.setParameter(OAuth.OAUTH_SIGNATURE, "");
    SecurityToken st = reqHandler.getSecurityTokenFromRequest(request);
    assertNull(st);
  }

  public void testBodyHashSigning() throws Exception {
    expectConsumer();
    expectSecurityToken();
    replay();

    FakeHttpServletRequest request = nonFormEncodedPost.sign(null,
        FakeOAuthRequest.OAuthParamLocation.URI_QUERY,
        FakeOAuthRequest.BodySigning.HASH);
    assertNotNull(reqHandler.getSecurityTokenFromRequest(request));
  }

  public void testConsumerFailBodyHashSigningWithFormEncoding()
      throws Exception {
    replay();
    FakeOAuthRequest bodyHashPost = new FakeOAuthRequest("POST", TEST_URL,
        "a=b&c=d&oauth_body_hash=hash", OAuth.FORM_ENCODED);
    FakeHttpServletRequest request = bodyHashPost.sign(null,
        FakeOAuthRequest.OAuthParamLocation.URI_QUERY,
        FakeOAuthRequest.BodySigning.NONE);
    try {
      reqHandler.getSecurityTokenFromRequest(request);
      fail("Cant have body signing with form-encoded post bodies");

    }
  }

  @Test
  public void testStashBody() throws Exception {
    FakeHttpServletRequest req = new FakeHttpServletRequest();
    String body = "BODY";
    req.setPostData(CharsetUtil.getUtf8Bytes(body));
    byte[] bytes = OAuthAuthenticationHandler.readBody(req);
    assertTrue(Arrays.equals(bytes, CharsetUtil.getUtf8Bytes(body)));
    assertEquals(req.getAttribute(AuthenticationHandler.STASHED_BODY), bytes);
  }

    assertEquals(req.getAttribute(AuthenticationHandler.STASHED_BODY), bytes);
  }

  @Test
  public void testBodySigning() throws Exception {
    FakeHttpServletRequest req = new FakeHttpServletRequest();
    req.setContentType("text/plain");
    String body = "BODY";
    req.setPostData(CharsetUtil.getUtf8Bytes(body));
    String hash = new String(Base64.encodeBase64(DigestUtils.sha(CharsetUtil
        .getUtf8Bytes(body))), "UTF-8");
    req.setParameter(OAuthConstants.OAUTH_BODY_HASH, hash);
    OAuthAuthenticationHandler.verifyBodyHash(req, hash);
  }

    OAuthAuthenticationHandler.verifyBodyHash(req, hash);
  }

  @Test
  public void testFailBodySigning() throws Exception {
    FakeHttpServletRequest req = new FakeHttpServletRequest();
    req.setContentType("text/plain");
    String body = "BODY";
    req.setPostData(CharsetUtil.getUtf8Bytes(body));
    String hash = new String(Base64.encodeBase64(DigestUtils.sha(CharsetUtil
        .getUtf8Bytes("NOTBODY"))), "UTF-8");
    req.setParameter(OAuthConstants.OAUTH_BODY_HASH, hash);
    try {
      OAuthAuthenticationHandler.verifyBodyHash(req, hash);
      fail("Body verification should fail");
    } catch (AuthenticationHandler.InvalidAuthenticationException iae) {
      // Pass

    }
  }

  @Test
  public void testFailBodySigningWithFormEncoded() throws Exception {
    FakeHttpServletRequest req = new FakeHttpServletRequest();
    req.setContentType(OAuth.FORM_ENCODED);
    String body = "BODY";
    req.setPostData(CharsetUtil.getUtf8Bytes(body));
    String hash = new String(Base64.encodeBase64(DigestUtils.sha(CharsetUtil
        .getUtf8Bytes(body))), "UTF-8");
    req.setParameter(OAuthConstants.OAUTH_BODY_HASH, hash);
    try {
      OAuthAuthenticationHandler.verifyBodyHash(req, hash);
      fail("Body verification should fail");
    } catch (AuthenticationHandler.InvalidAuthenticationException iae) {
      // Pass