From de70b91a3a42b07c86d3a0cd8868ded6510fd91c Mon Sep 17 00:00:00 2001
From: Zach Copley <zach@status.net>
Date: Wed, 13 Jan 2010 16:52:33 -0800
Subject: [PATCH] Some rough test scripts for poking at the OAuth system

---
 tests/oauth/README              |  22 +++++++
 tests/oauth/exchangetokens.php  | 105 ++++++++++++++++++++++++++++++++
 tests/oauth/getrequesttoken.php |  71 +++++++++++++++++++++
 tests/oauth/oauth.ini           |  10 +++
 tests/oauth/verifycreds.php     | 101 ++++++++++++++++++++++++++++++
 5 files changed, 309 insertions(+)
 create mode 100644 tests/oauth/README
 create mode 100755 tests/oauth/exchangetokens.php
 create mode 100755 tests/oauth/getrequesttoken.php
 create mode 100644 tests/oauth/oauth.ini
 create mode 100755 tests/oauth/verifycreds.php

diff --git a/tests/oauth/README b/tests/oauth/README
new file mode 100644
index 0000000000..ea4aabadbe
--- /dev/null
+++ b/tests/oauth/README
@@ -0,0 +1,22 @@
+Some very rough test scripts for hitting up the OAuth endpoints.
+
+Note: this works best if you register an OAuth application, leaving
+the callback URL blank.
+
+Put your instance info and consumer key and secret in oauth.ini
+
+Example usage:
+--------------
+
+php getrequesttoken.php
+
+Gets and request token, token secret and a url to authorize it.  Once
+you get the token/secret you can exchange it for an access token...
+
+php exchangetokens.php --oauth_token=b9a79548a88c1aa9a5bea73103c6d41d --token_secret=4a47d9337fc0202a14ab552e17a3b657
+
+Once you have your access token, go ahead and try an protected API
+resource:
+
+php verifycreds.php --oauth_token=cf2de7665f0dda0a82c2dc39b01be7f9 --token_secret=4524c3b712200138e1a4cff2e9ca83d8
+
diff --git a/tests/oauth/exchangetokens.php b/tests/oauth/exchangetokens.php
new file mode 100755
index 0000000000..2394826c7e
--- /dev/null
+++ b/tests/oauth/exchangetokens.php
@@ -0,0 +1,105 @@
+#!/usr/bin/env php
+<?php
+/*
+ * StatusNet - a distributed open-source microblogging tool
+ * Copyright (C) 2008, 2009, StatusNet, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+define('INSTALLDIR', realpath(dirname(__FILE__) . '/../..'));
+
+require_once INSTALLDIR . '/extlib/OAuth.php';
+
+$ini = parse_ini_file("oauth.ini");
+
+$test_consumer = new OAuthConsumer($ini['consumer_key'], $ini['consumer_secret']);
+
+$at_endpoint = $ini['apiroot'] . $ini['access_token_url'];
+
+$shortoptions = 't:s:';
+$longoptions = array('oauth_token=', 'token_secret=');
+
+$helptext = <<<END_OF_ETOKENS_HELP
+  exchangetokens.php [options]
+  Exchange an authorized OAuth request token for an access token
+
+    -t --oauth_token       authorized request token
+    -s --token_secret      authorized request token secret
+
+END_OF_ETOKENS_HELP;
+
+require_once INSTALLDIR . '/scripts/commandline.inc';
+
+$token        = null;
+$token_secret = null;
+
+if (have_option('t', 'oauth_token')) {
+    $token = get_option_value('oauth_token');
+}
+
+if (have_option('s', 'token_secret')) {
+    $token_secret = get_option_value('s', 'token_secret');
+}
+
+if (empty($token)) {
+    print "Please specify a request token.\n";
+    exit(1);
+}
+
+if (empty($token_secret)) {
+    print "Please specify a request token secret.\n";
+    exit(1);
+}
+
+$rt = new OAuthToken($token, $token_secret);
+common_debug("Exchange request token = " . var_export($rt, true));
+
+$parsed = parse_url($at_endpoint);
+$params = array();
+parse_str($parsed['query'], $params);
+
+$hmac_method = new OAuthSignatureMethod_HMAC_SHA1();
+
+$req_req = OAuthRequest::from_consumer_and_token($test_consumer, $rt, "GET", $at_endpoint, $params);
+$req_req->sign_request($hmac_method, $test_consumer, $rt);
+
+$r = httpRequest($req_req->to_url());
+
+common_debug("Exchange request token = " . var_export($rt, true));
+common_debug("Exchange tokens URL: " . $req_req->to_url());
+
+$body = $r->getBody();
+
+$token_stuff = array();
+parse_str($body, $token_stuff);
+
+print 'Access token        : ' . $token_stuff['oauth_token'] . "\n";
+print 'Access token secret : ' . $token_stuff['oauth_token_secret'] . "\n";
+
+function httpRequest($url)
+{
+    $request = HTTPClient::start();
+
+    $request->setConfig(array(
+			      'follow_redirects' => true,
+			      'connect_timeout' => 120,
+			      'timeout' => 120,
+			      'ssl_verify_peer' => false,
+			      'ssl_verify_host' => false
+			      ));
+
+    return $request->get($url);
+}
+
diff --git a/tests/oauth/getrequesttoken.php b/tests/oauth/getrequesttoken.php
new file mode 100755
index 0000000000..fc546a0f4c
--- /dev/null
+++ b/tests/oauth/getrequesttoken.php
@@ -0,0 +1,71 @@
+#!/usr/bin/env php
+<?php
+/*
+ * StatusNet - a distributed open-source microblogging tool
+ * Copyright (C) 2008, 2009, StatusNet, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+define('INSTALLDIR', realpath(dirname(__FILE__) . '/../..'));
+
+require_once INSTALLDIR . '/scripts/commandline.inc';
+require_once INSTALLDIR . '/extlib/OAuth.php';
+
+$ini = parse_ini_file("oauth.ini");
+
+$test_consumer = new OAuthConsumer($ini['consumer_key'], $ini['consumer_secret']);
+
+$rt_endpoint = $ini['apiroot'] . $ini['request_token_url'];
+
+$parsed = parse_url($rt_endpoint);
+$params = array();
+
+parse_str($parsed['query'], $params);
+
+$hmac_method = new OAuthSignatureMethod_HMAC_SHA1();
+
+$req_req = OAuthRequest::from_consumer_and_token($test_consumer, NULL, "GET", $rt_endpoint, $params);
+$req_req->sign_request($hmac_method, $test_consumer, NULL);
+
+$r = httpRequest($req_req->to_url());
+
+$body = $r->getBody();
+
+$token_stuff = array();
+parse_str($body, $token_stuff);
+
+$authurl = $ini['apiroot'] . $ini['authorize_url'] . '?oauth_token=' . $token_stuff['oauth_token'];
+
+print 'Request token        : ' . $token_stuff['oauth_token'] . "\n";
+print 'Request token secret : ' . $token_stuff['oauth_token_secret'] . "\n";
+print "Authorize URL        : $authurl\n";
+
+//var_dump($req_req);
+
+function httpRequest($url)
+{
+    $request = HTTPClient::start();
+    
+    $request->setConfig(array(
+			      'follow_redirects' => true,
+			      'connect_timeout' => 120,
+			      'timeout' => 120,
+			      'ssl_verify_peer' => false,
+			      'ssl_verify_host' => false
+			      ));
+    
+    return $request->get($url);
+}
+
diff --git a/tests/oauth/oauth.ini b/tests/oauth/oauth.ini
new file mode 100644
index 0000000000..5ef0e571eb
--- /dev/null
+++ b/tests/oauth/oauth.ini
@@ -0,0 +1,10 @@
+; Setup OAuth info here
+apiroot       = "http://dev.controlyourself.ca/zach/api"
+
+request_token_url = "/oauth/request_token"
+authorize_url     = "/oauth/authorize"
+access_token_url  = "/oauth/access_token"
+
+consumer_key  = "b748968e9bea81a53f3a3c15aa0c686f"
+consumer_secret = "5434e18cce05d9e53cdd48029a62fa41"
+
diff --git a/tests/oauth/verifycreds.php b/tests/oauth/verifycreds.php
new file mode 100755
index 0000000000..873bdb8bdd
--- /dev/null
+++ b/tests/oauth/verifycreds.php
@@ -0,0 +1,101 @@
+#!/usr/bin/env php
+<?php
+/*
+ * StatusNet - a distributed open-source microblogging tool
+ * Copyright (C) 2008, 2009, StatusNet, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+define('INSTALLDIR', realpath(dirname(__FILE__) . '/../..'));
+
+require_once INSTALLDIR . '/extlib/OAuth.php';
+
+$shortoptions = 'o:s:';
+$longoptions = array('oauth_token=', 'token_secret=');
+
+$helptext = <<<END_OF_VERIFY_HELP
+  verifycreds.php [options]
+  Use an access token to verify credentials thru the api
+
+    -o --oauth_token       access token
+    -s --token_secret      access token secret
+
+END_OF_VERIFY_HELP;
+
+$token        = null;
+$token_secret = null;
+
+require_once INSTALLDIR . '/scripts/commandline.inc';
+
+if (have_option('o', 'oauth_token')) {
+    $token = get_option_value('oauth_token');
+}
+
+if (have_option('s', 'token_secret')) {
+    $token_secret = get_option_value('s', 'token_secret');
+}
+
+if (empty($token)) {
+    print "Please specify an access token.\n";
+    exit(1);
+}
+
+if (empty($token_secret)) {
+    print "Please specify an access token secret.\n";
+    exit(1);
+}
+
+$ini = parse_ini_file("oauth.ini");
+
+$test_consumer = new OAuthConsumer($ini['consumer_key'], $ini['consumer_secret']);
+
+$endpoint = $ini['apiroot'] . '/account/verify_credentials.xml';
+
+print "$endpoint\n";
+
+$at = new OAuthToken($token, $token_secret);
+
+$parsed = parse_url($endpoint);
+$params = array();
+parse_str($parsed['query'], $params);
+
+$hmac_method = new OAuthSignatureMethod_HMAC_SHA1();
+
+$req_req = OAuthRequest::from_consumer_and_token($test_consumer, $at, "GET", $endpoint, $params);
+$req_req->sign_request($hmac_method, $test_consumer, $at);
+
+$r = httpRequest($req_req->to_url());
+
+$body = $r->getBody();
+
+print "$body\n";
+
+//print $req_req->to_url() . "\n\n";
+
+function httpRequest($url)
+{
+    $request = HTTPClient::start();
+
+    $request->setConfig(array(
+			      'follow_redirects' => true,
+			      'connect_timeout' => 120,
+			      'timeout' => 120,
+			      'ssl_verify_peer' => false,
+			      'ssl_verify_host' => false
+			      ));
+
+    return $request->get($url);
+}
+