Online Accounts: OAuth2 plug-in

Merge lp:~mardy/signon-plugin-oauth2/packaging into lp:signon-plugin-oauth2

packaging
Merge into trunk

Proposed by Alberto Mardegan on 2014-09-11

Status:

Merged

Approved by:

David Barth on 2014-09-15

Approved revision:

Merged at revision:

Proposed branch:

lp:~mardy/signon-plugin-oauth2/packaging

Merge into:

lp:signon-plugin-oauth2

Diff against target:

783 lines (+562/-44)

8 files modified

common-vars.pri (+1/-1)
debian/changelog (+8/-0)
debian/control (+2/-1)
src/oauth2data.h (+7/-0)
src/oauth2plugin.cpp (+22/-16)
src/oauth2plugin.h (+1/-1)
tests/oauth2plugintest.cpp (+515/-25)
tests/oauth2plugintest.h (+6/-0)

To merge this branch:

bzr merge lp:~mardy/signon-plugin-oauth2/packaging

Medium

In Progress

Link a bug report

Reviewer	Review Type	Date Requested	Status
PS Jenkins bot (community)	continuous-integration		Needs Fixing on 2014-09-12
David Barth (community)		2014-09-11	Approve on 2014-09-11
Review via email: mp+234282@code.launchpad.net

Commit message

New upstream release

- OAuth 2.0: follow the spec more closely, add Vimeo support
- Tests: increase test coverage

Description of the change

New upstream release

- OAuth 2.0: follow the spec more closely, add Vimeo support
- Tests: increase test coverage

Revision history for this message

David Barth (dbarth) on 2014-09-11:

review: Approve

Revision history for this message

PS Jenkins bot (ps-jenkins) wrote on 2014-09-11:

FAILED: Continuous integration, rev:65
http://jenkins.qa.ubuntu.com/job/signon-plugin-oauth2-ci/13/
Executed test runs:
FAILURE: http://jenkins.qa.ubuntu.com/job/signon-plugin-oauth2-utopic-amd64-ci/4/console
FAILURE: http://jenkins.qa.ubuntu.com/job/signon-plugin-oauth2-utopic-armhf-ci/4/console

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/signon-plugin-oauth2-ci/13/rebuild

review: Needs Fixing (continuous-integration)

lp:~mardy/signon-plugin-oauth2/packaging updated on 2014-09-12

66. By Alberto Mardegan on 2014-09-12: Require the very latest signond

Revision history for this message

PS Jenkins bot (ps-jenkins) wrote on 2014-09-12:

FAILED: Continuous integration, rev:66
http://jenkins.qa.ubuntu.com/job/signon-plugin-oauth2-ci/14/
Executed test runs:
FAILURE: http://jenkins.qa.ubuntu.com/job/signon-plugin-oauth2-utopic-amd64-ci/5/console
FAILURE: http://jenkins.qa.ubuntu.com/job/signon-plugin-oauth2-utopic-armhf-ci/5/console

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/signon-plugin-oauth2-ci/14/rebuild

review: Needs Fixing (continuous-integration)

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Alberto Mardegan

 === modified file 'common-vars.pri'
 --- common-vars.pri	2013-11-13 09:47:25 +0000
 +++ common-vars.pri	2014-09-12 09:09:50 +0000
@@ -13,7 +13,7 @@
  # Project version
  # remember to update debian/* files if you changes this
  #-----------------------------------------------------------------------------
--PROJECT_VERSION = 0.19
++PROJECT_VERSION = 0.20
  #-----------------------------------------------------------------------------
  # Library version
 === modified file 'debian/changelog'
 --- debian/changelog	2014-05-13 07:07:20 +0000
 +++ debian/changelog	2014-09-12 09:09:50 +0000
@@ -1,3 +1,11 @@
++signon-plugin-oauth2 (0.20-0ubuntu1) UNRELEASED; urgency=medium
++
++  * New upstream release
++    - OAuth 2.0: follow the spec more closely, add Vimeo support
++    - Tests: increase test coverage
++
++ -- Alberto Mardegan <alberto.mardegan@canonical.com>  Thu, 11 Sep 2014 12:55:35 +0300
++
  signon-plugin-oauth2 (0.19+14.10.20140513-0ubuntu1) utopic; urgency=low
    [ Ubuntu daily release ]
 === modified file 'debian/control'
 --- debian/control	2014-05-09 19:27:46 +0000
 +++ debian/control	2014-09-12 09:09:50 +0000
@@ -9,7 +9,7 @@
                 libsignon-qt5-dev,
                 pkg-config,
                 qt5-default,
--               signon-plugins-dev (>= 8.50-0ubuntu1),
++               signon-plugins-dev (>> 8.57+14.10.20140827-0ubuntu1),
                 xvfb,
  Standards-Version: 3.9.4
  Homepage: http://code.google.com/p/accounts-sso/
@@ -23,6 +23,7 @@
  Depends: ${shlibs:Depends},
           ${misc:Depends},
           signon-ui,
++Breaks: account-plugin-google (<< 0.12)
  Description: Single Signon oauth2 plugin
   Oauth2 plugin for the Single Signon framework
 === modified file 'src/oauth2data.h'
 --- src/oauth2data.h	2012-07-17 13:09:22 +0000
 +++ src/oauth2data.h	2014-09-12 09:09:50 +0000
@@ -57,6 +57,13 @@
          SIGNON_SESSION_DECLARE_PROPERTY(QString, ClientSecret);
          /*!
++         * Set this to true if the server does not conform to the OAuth 2.0
++         * specification in that it does not support supplying client ID and
++         * secret via basic HTTP authorization.
++         */
++        SIGNON_SESSION_DECLARE_PROPERTY(bool, ForceClientAuthViaRequestBody);
++
++        /*!
           * redirection URI
           */
          SIGNON_SESSION_DECLARE_PROPERTY(QString, RedirectUri);
 === modified file 'src/oauth2plugin.cpp'
 --- src/oauth2plugin.cpp	2014-05-05 09:42:08 +0000
 +++ src/oauth2plugin.cpp	2014-09-12 09:09:50 +0000
@@ -388,33 +388,27 @@
          if (url.hasQueryItem(AUTH_CODE)) {
              QString code = url.queryItemValue(AUTH_CODE);
              newUrl.addQueryItem(GRANT_TYPE, AUTHORIZATION_CODE);
--            newUrl.addQueryItem(CLIENT_ID, d->m_oauth2Data.ClientId());
--            newUrl.addQueryItem(CLIENT_SECRET, d->m_oauth2Data.ClientSecret());
              newUrl.addQueryItem(AUTH_CODE, code);
              newUrl.addQueryItem(REDIRECT_URI, d->m_oauth2Data.RedirectUri());
--            sendOAuth2PostRequest(newUrl.encodedQuery(),
++            sendOAuth2PostRequest(newUrl,
                                    GrantType::AuthorizationCode);
+         }
          else if (url.hasQueryItem(USERNAME) && url.hasQueryItem(PASSWORD)) {
              QString username = url.queryItemValue(USERNAME);
              QString password = url.queryItemValue(PASSWORD);
              newUrl.addQueryItem(GRANT_TYPE, USER_BASIC);
--            newUrl.addQueryItem(CLIENT_ID, d->m_oauth2Data.ClientId());
--            newUrl.addQueryItem(CLIENT_SECRET, d->m_oauth2Data.ClientSecret());
              newUrl.addQueryItem(USERNAME, username);
              newUrl.addQueryItem(PASSWORD, password);
--            sendOAuth2PostRequest(newUrl.encodedQuery(),
++            sendOAuth2PostRequest(newUrl,
                                    GrantType::UserBasic);
+         }
          else if (url.hasQueryItem(ASSERTION_TYPE) && url.hasQueryItem(ASSERTION)) {
              QString assertion_type = url.queryItemValue(ASSERTION_TYPE);
              QString assertion = url.queryItemValue(ASSERTION);
              newUrl.addQueryItem(GRANT_TYPE, ASSERTION);
--            newUrl.addQueryItem(CLIENT_ID, d->m_oauth2Data.ClientId());
--            newUrl.addQueryItem(CLIENT_SECRET, d->m_oauth2Data.ClientSecret());
              newUrl.addQueryItem(ASSERTION_TYPE, assertion_type);
              newUrl.addQueryItem(ASSERTION, assertion);
--            sendOAuth2PostRequest(newUrl.encodedQuery(),
++            sendOAuth2PostRequest(newUrl,
                                    GrantType::Assertion);
+         }
          else if (url.hasQueryItem(REFRESH_TOKEN)) {
@@ -569,15 +563,11 @@
      TRACE() << refreshToken;
      QUrl url;
      url.addQueryItem(GRANT_TYPE, REFRESH_TOKEN);
--    url.addQueryItem(CLIENT_ID, d->m_oauth2Data.ClientId());
--    if (!d->m_oauth2Data.ClientSecret().isEmpty()) {
--        url.addQueryItem(CLIENT_SECRET, d->m_oauth2Data.ClientSecret());
--    }
      url.addQueryItem(REFRESH_TOKEN, refreshToken);
--    sendOAuth2PostRequest(url.encodedQuery(), GrantType::RefreshToken);
++    sendOAuth2PostRequest(url, GrantType::RefreshToken);
+ }
--void OAuth2Plugin::sendOAuth2PostRequest(const QByteArray &postData,
++void OAuth2Plugin::sendOAuth2PostRequest(QUrl &postData,
                                           GrantType::e grantType)
+ {
      Q_D(OAuth2Plugin);
@@ -589,10 +579,26 @@
      QNetworkRequest request(url);
      request.setRawHeader(CONTENT_TYPE, CONTENT_APP_URLENCODED);
++    if (!d->m_oauth2Data.ClientSecret().isEmpty()) {
++        if (d->m_oauth2Data.ForceClientAuthViaRequestBody()) {
++            postData.addQueryItem(CLIENT_ID, d->m_oauth2Data.ClientId());
++            postData.addQueryItem(CLIENT_SECRET, d->m_oauth2Data.ClientSecret());
++        } else {
++            QByteArray authorization =
++                QUrl::toPercentEncoding(d->m_oauth2Data.ClientId()) + ":" +
++                QUrl::toPercentEncoding(d->m_oauth2Data.ClientSecret());
++            QByteArray basicAuthorization =
++                QByteArray("Basic ") + authorization.toBase64();
++            request.setRawHeader("Authorization", basicAuthorization);
++        }
++    } else {
++        postData.addQueryItem(CLIENT_ID, d->m_oauth2Data.ClientId());
++    }
++
      d->m_grantType = grantType;
      TRACE() << "Query string = " << postData;
--    postRequest(request, postData);
++    postRequest(request, postData.encodedQuery());
+ }
  void OAuth2Plugin::storeResponse(const OAuth2PluginTokenData &response)
 === modified file 'src/oauth2plugin.h'
 --- src/oauth2plugin.h	2013-01-22 14:30:08 +0000
 +++ src/oauth2plugin.h	2014-09-12 09:09:50 +0000
@@ -72,7 +72,7 @@
      bool respondWithStoredToken(const QVariantMap &token,
                                  const QStringList &scopes);
      void refreshOAuth2Token(const QString &refreshToken);
--    void sendOAuth2PostRequest(const QByteArray &postData,
++    void sendOAuth2PostRequest(QUrl &postData,
                                 GrantType::e grantType);
      void storeResponse(const OAuth2PluginTokenData &response);
      const QVariantMap parseJSONReply(const QByteArray &reply);
 === modified file 'tests/oauth2plugintest.cpp'
 --- tests/oauth2plugintest.cpp	2014-05-05 09:42:08 +0000
 +++ tests/oauth2plugintest.cpp	2014-09-12 09:09:50 +0000
@@ -21,6 +21,10 @@
   * 02110-1301 USA
   */
++#include <QNetworkAccessManager>
++#include <QNetworkReply>
++#include <QPointer>
++#include <QTimer>
  #include <QtTest/QtTest>
  #include "plugin.h"
@@ -36,6 +40,91 @@
  #define TEST_START qDebug("\n\n\n\n ----------------- %s ----------------\n\n",  __func__);
  #define TEST_DONE  qDebug("\n\n ----------------- %s DONE ----------------\n\n",  __func__);
++class TestNetworkReply: public QNetworkReply
++{
++    Q_OBJECT
++
++public:
++    TestNetworkReply(QObject *parent = 0):
++        QNetworkReply(parent),
++        m_offset(0)
++    {}
++
++    void setError(NetworkError errorCode, const QString &errorString) {
++        QNetworkReply::setError(errorCode, errorString);
++    }
++
++    void setRawHeader(const QByteArray &headerName, const QByteArray &value) {
++        QNetworkReply::setRawHeader(headerName, value);
++    }
++
++    void setContentType(const QString &contentType) {
++        setRawHeader("Content-Type", contentType.toUtf8());
++    }
++
++    void setStatusCode(int statusCode) {
++        setAttribute(QNetworkRequest::HttpStatusCodeAttribute, statusCode);
++    }
++
++    void setContent(const QByteArray &content) {
++        m_content = content;
++        m_offset = 0;
++
++        open(ReadOnly | Unbuffered);
++        setHeader(QNetworkRequest::ContentLengthHeader, QVariant(content.size()));
++
++        QTimer::singleShot(0, this, SIGNAL(readyRead()));
++        QTimer::singleShot(10, this, SLOT(finish()));
++    }
++
++public Q_SLOTS:
++    void finish() { setFinished(true); Q_EMIT finished(); }
++
++protected:
++    void abort() Q_DECL_OVERRIDE {}
++    qint64 bytesAvailable() const Q_DECL_OVERRIDE {
++        return m_content.size() - m_offset + QIODevice::bytesAvailable();
++    }
++
++    bool isSequential() const Q_DECL_OVERRIDE { return true; }
++    qint64 readData(char *data, qint64 maxSize) Q_DECL_OVERRIDE {
++        if (m_offset >= m_content.size())
++            return -1;
++        qint64 number = qMin(maxSize, m_content.size() - m_offset);
++        memcpy(data, m_content.constData() + m_offset, number);
++        m_offset += number;
++        return number;
++    }
++
++private:
++    QByteArray m_content;
++    qint64 m_offset;
++};
++
++class TestNetworkAccessManager: public QNetworkAccessManager
++{
++    Q_OBJECT
++
++public:
++    TestNetworkAccessManager(): QNetworkAccessManager() {}
++
++    void setNextReply(TestNetworkReply *reply) { m_nextReply = reply; }
++
++protected:
++    QNetworkReply *createRequest(Operation op, const QNetworkRequest &request,
++                                 QIODevice *outgoingData = 0) Q_DECL_OVERRIDE {
++        Q_UNUSED(op);
++        m_lastRequest = request;
++        m_lastRequestData = outgoingData->readAll();
++        return m_nextReply;
++    }
++
++public:
++    QPointer<TestNetworkReply> m_nextReply;
++    QNetworkRequest m_lastRequest;
++    QByteArray m_lastRequestData;
++};
++
  void OAuth2PluginTest::initTestCase()
+ {
      TEST_START
@@ -56,6 +145,8 @@
  void OAuth2PluginTest::init()
+ {
      m_testPlugin = new Plugin();
++    m_response = SignOn::SessionData();
++    m_error = SignOn::Error(-1);
+ }
  //finnish each test by deleting plugin
@@ -506,18 +597,169 @@
      TEST_DONE
+ }
++void OAuth2PluginTest::testPluginWebserverUserActionFinished_data()
++{
++    QTest::addColumn<QString>("urlResponse");
++    QTest::addColumn<int>("errorCode");
++    QTest::addColumn<QString>("postUrl");
++    QTest::addColumn<QString>("postContents");
++    QTest::addColumn<int>("replyStatusCode");
++    QTest::addColumn<QString>("replyContentType");
++    QTest::addColumn<QString>("replyContents");
++    QTest::addColumn<QVariantMap>("response");
++
++    QVariantMap response;
++
++    QTest::newRow("empty data") <<
++        "" <<
++        int(Error::NotAuthorized) <<
++        "" << "" << 0 << "" << "" << QVariantMap();
++
++    QTest::newRow("no query data") <<
++        "http://localhost/resp.html" <<
++        int(Error::NotAuthorized) <<
++        "" << "" << 0 << "" << "" << QVariantMap();
++
++    QTest::newRow("permission denied") <<
++        "http://localhost/resp.html?error=user_denied" <<
++        int(Error::NotAuthorized) <<
++        "" << "" << 0 << "" << "" << QVariantMap();
++
++    QTest::newRow("invalid data") <<
++        "http://localhost/resp.html?sdsdsds=access.grant." <<
++        int(Error::NotAuthorized) <<
++        "" << "" << 0 << "" << "" << QVariantMap();
++
++    QTest::newRow("reply code, http error 401") <<
++        "http://localhost/resp.html?code=c0d3" <<
++        int(Error::OperationFailed) <<
++        "https://localhost/access_token" <<
++        "grant_type=authorization_code&code=c0d3&redirect_uri=http://localhost/resp.html" <<
++        int(401) <<
++        "application/json" <<
++        "something else" <<
++        QVariantMap();
++
++    QTest::newRow("reply code, empty reply") <<
++        "http://localhost/resp.html?code=c0d3" <<
++        int(Error::NotAuthorized) <<
++        "https://localhost/access_token" <<
++        "grant_type=authorization_code&code=c0d3&redirect_uri=http://localhost/resp.html" <<
++        int(200) <<
++        "application/json" <<
++        "something else" <<
++        QVariantMap();
++
++    QTest::newRow("reply code, no content type") <<
++        "http://localhost/resp.html?code=c0d3" <<
++        int(Error::OperationFailed) <<
++        "https://localhost/access_token" <<
++        "grant_type=authorization_code&code=c0d3&redirect_uri=http://localhost/resp.html" <<
++        int(200) <<
++        "" <<
++        "something else" <<
++        QVariantMap();
++
++    QTest::newRow("reply code, unsupported content type") <<
++        "http://localhost/resp.html?code=c0d3" <<
++        int(Error::OperationFailed) <<
++        "https://localhost/access_token" <<
++        "grant_type=authorization_code&code=c0d3&redirect_uri=http://localhost/resp.html" <<
++        int(200) <<
++        "image/jpeg" <<
++        "something else" <<
++        QVariantMap();
++
++    response.clear();
++    response.insert("AccessToken", "t0k3n");
++    response.insert("ExpiresIn", int(3600));
++    response.insert("RefreshToken", QString());
++    QTest::newRow("reply code, valid token") <<
++        "http://localhost/resp.html?code=c0d3" <<
++        int(-1) <<
++        "https://localhost/access_token" <<
++        "grant_type=authorization_code&code=c0d3&redirect_uri=http://localhost/resp.html" <<
++        int(200) <<
++        "application/json" <<
++        "{ \"access_token\":\"t0k3n\", \"expires_in\": 3600 }" <<
++        response;
++
++    response.clear();
++    QTest::newRow("reply code, facebook, no token") <<
++        "http://localhost/resp.html?code=c0d3" <<
++        int(Error::NotAuthorized) <<
++        "https://localhost/access_token" <<
++        "grant_type=authorization_code&code=c0d3&redirect_uri=http://localhost/resp.html" <<
++        int(200) <<
++        "text/plain" <<
++        "expires=3600" <<
++        response;
++
++    response.clear();
++    response.insert("AccessToken", "t0k3n");
++    response.insert("ExpiresIn", int(3600));
++    response.insert("RefreshToken", QString());
++    QTest::newRow("reply code, facebook, valid token") <<
++        "http://localhost/resp.html?code=c0d3" <<
++        int(-1) <<
++        "https://localhost/access_token" <<
++        "grant_type=authorization_code&code=c0d3&redirect_uri=http://localhost/resp.html" <<
++        int(200) <<
++        "text/plain" <<
++        "access_token=t0k3n&expires=3600" <<
++        response;
++
++    response.clear();
++    response.insert("AccessToken", "t0k3n");
++    response.insert("ExpiresIn", int(3600));
++    response.insert("RefreshToken", QString());
++    QTest::newRow("username-password, valid token") <<
++        "http://localhost/resp.html?username=us3r&password=s3cr3t" <<
++        int(-1) <<
++        "https://localhost/access_token" <<
++        "grant_type=user_basic&username=us3r&password=s3cr3t" <<
++        int(200) <<
++        "application/json" <<
++        "{ \"access_token\":\"t0k3n\", \"expires_in\": 3600 }" <<
++        response;
++
++    response.clear();
++    response.insert("AccessToken", "t0k3n");
++    response.insert("ExpiresIn", int(3600));
++    response.insert("RefreshToken", QString());
++    QTest::newRow("assertion, valid token") <<
++        "http://localhost/resp.html?assertion_type=http://oauth.net/token/1.0"
++        "&assertion=oauth1t0k3n" <<
++        int(-1) <<
++        "https://localhost/access_token" <<
++        "grant_type=assertion&assertion_type=http://oauth.net/token/1.0&assertion=oauth1t0k3n" <<
++        int(200) <<
++        "application/json" <<
++        "{ \"access_token\":\"t0k3n\", \"expires_in\": 3600 }" <<
++        response;
++}
++
  void OAuth2PluginTest::testPluginWebserverUserActionFinished()
+ {
      TEST_START
++    QFETCH(QString, urlResponse);
++    QFETCH(int, errorCode);
++    QFETCH(QString, postUrl);
++    QFETCH(QString, postContents);
++    QFETCH(int, replyStatusCode);
++    QFETCH(QString, replyContentType);
++    QFETCH(QString, replyContents);
++    QFETCH(QVariantMap, response);
++
      SignOn::UiSessionData info;
      OAuth2PluginData data;
--    data.setHost("https://localhost");
++    data.setHost("localhost");
      data.setAuthPath("authorize");
      data.setTokenPath("access_token");
      data.setClientId("104660106251471");
      data.setClientSecret("fa28f40b5a1f8c1d5628963d880636fbkjkjkj");
--    data.setRedirectUri("http://localhost/connect/login_success.html");
++    data.setRedirectUri("http://localhost/resp.html");
      QObject::connect(m_testPlugin, SIGNAL(result(const SignOn::SessionData&)),
                    this,  SLOT(result(const SignOn::SessionData&)),Qt::QueuedConnection);
@@ -527,33 +769,281 @@
                    this,  SLOT(uiRequest(const SignOn::UiSessionData&)),Qt::QueuedConnection);
      QTimer::singleShot(10*1000, &m_loop, SLOT(quit()));
++    TestNetworkAccessManager *nam = new TestNetworkAccessManager;
++    m_testPlugin->m_networkAccessManager = nam;
++    TestNetworkReply *reply = new TestNetworkReply(this);
++    reply->setStatusCode(replyStatusCode);
++    if (!replyContentType.isEmpty()) {
++        reply->setContentType(replyContentType);
++    }
++    reply->setContent(replyContents.toUtf8());
++    nam->setNextReply(reply);
++
      m_testPlugin->process(data, QString("web_server"));
      m_loop.exec();
      qDebug() << "Data = " << m_uiResponse.UrlResponse();
      QCOMPARE(m_uiResponse.UrlResponse(), QString("UI request received"));
--    //empty data
--    m_testPlugin->userActionFinished(info);
--    m_loop.exec();
--    QCOMPARE(m_error.type(), int(Error::NotAuthorized));
--
--    //invalid data
--    info.setUrlResponse(QString("http://www.facebook.com/connect/login_success.html"));
--    m_testPlugin->userActionFinished(info);
--    m_loop.exec();
--    QCOMPARE(m_error.type(), int(Error::NotAuthorized));
--
--    //Permission denied
--    info.setUrlResponse(QString("http://www.facebook.com/connect/login_success.html?error=user_denied"));
--    m_testPlugin->userActionFinished(info);
--    m_loop.exec();
--    QCOMPARE(m_error.type(), int(Error::NotAuthorized));
--
--    //invalid data
--    info.setUrlResponse(QString("http://www.facebook.com/connect/login_success.html?sdsdsds=access.grant."));
--    m_testPlugin->userActionFinished(info);
--    m_loop.exec();
--    QCOMPARE(m_error.type(), int(Error::NotAuthorized));
++    if (!urlResponse.isEmpty()) {
++        info.setUrlResponse(urlResponse);
++    }
++
++    m_testPlugin->userActionFinished(info);
++    m_loop.exec();
++
++    QCOMPARE(m_error.type(), errorCode);
++    QCOMPARE(nam->m_lastRequest.url(), QUrl(postUrl));
++    QCOMPARE(QString::fromUtf8(nam->m_lastRequestData), postContents);
++    qDebug() << "got response" << m_response.toMap();
++    qDebug() << "expected" << response;
++    QCOMPARE(m_response.toMap(), response);
++
++    delete nam;
++
++    TEST_DONE
++}
++
++void OAuth2PluginTest::testOAuth2Errors_data()
++{
++    QTest::addColumn<QString>("replyContents");
++    QTest::addColumn<int>("expectedErrorCode");
++
++    QTest::newRow("incorrect_client_credentials") <<
++        "{ \"error\": \"incorrect_client_credentials\" }" <<
++        int(Error::InvalidCredentials);
++
++    QTest::newRow("redirect_uri_mismatch") <<
++        "{ \"error\": \"redirect_uri_mismatch\" }" <<
++        int(Error::InvalidCredentials);
++
++    QTest::newRow("bad_authorization_code") <<
++        "{ \"error\": \"bad_authorization_code\" }" <<
++        int(Error::InvalidCredentials);
++
++    QTest::newRow("invalid_client_credentials") <<
++        "{ \"error\": \"invalid_client_credentials\" }" <<
++        int(Error::InvalidCredentials);
++
++    QTest::newRow("unauthorized_client") <<
++        "{ \"error\": \"unauthorized_client\" }" <<
++        int(Error::NotAuthorized);
++
++    QTest::newRow("invalid_assertion") <<
++        "{ \"error\": \"invalid_assertion\" }" <<
++        int(Error::InvalidCredentials);
++
++    QTest::newRow("unknown_format") <<
++        "{ \"error\": \"unknown_format\" }" <<
++        int(Error::InvalidQuery);
++
++    QTest::newRow("authorization_expired") <<
++        "{ \"error\": \"authorization_expired\" }" <<
++        int(Error::InvalidCredentials);
++
++    QTest::newRow("multiple_credentials") <<
++        "{ \"error\": \"multiple_credentials\" }" <<
++        int(Error::InvalidQuery);
++
++    QTest::newRow("invalid_user_credentials") <<
++        "{ \"error\": \"invalid_user_credentials\" }" <<
++        int(Error::InvalidCredentials);
++}
++
++void OAuth2PluginTest::testOAuth2Errors()
++{
++    TEST_START
++
++    QFETCH(QString, replyContents);
++    QFETCH(int, expectedErrorCode);
++
++    SignOn::UiSessionData info;
++    OAuth2PluginData data;
++    data.setHost("localhost");
++    data.setAuthPath("authorize");
++    data.setTokenPath("access_token");
++    data.setClientId("104660106251471");
++    data.setClientSecret("fa28f40b5a1f8c1d5628963d880636fbkjkjkj");
++    data.setRedirectUri("http://localhost/resp.html");
++
++    QObject::connect(m_testPlugin, SIGNAL(result(const SignOn::SessionData&)),
++                  this, SLOT(result(const SignOn::SessionData&)),
++                  Qt::QueuedConnection);
++    QObject::connect(m_testPlugin, SIGNAL(error(const SignOn::Error & )),
++                  this, SLOT(pluginError(const SignOn::Error &)),
++                  Qt::QueuedConnection);
++    QObject::connect(m_testPlugin, SIGNAL(userActionRequired(const SignOn::UiSessionData&)),
++                  this, SLOT(uiRequest(const SignOn::UiSessionData&)),
++                  Qt::QueuedConnection);
++    QTimer::singleShot(10*1000, &m_loop, SLOT(quit()));
++
++    TestNetworkAccessManager *nam = new TestNetworkAccessManager;
++    m_testPlugin->m_networkAccessManager = nam;
++    TestNetworkReply *reply = new TestNetworkReply(this);
++    reply->setStatusCode(401);
++    reply->setContentType("application/json");
++    reply->setContent(replyContents.toUtf8());
++    nam->setNextReply(reply);
++
++    m_testPlugin->process(data, QString("web_server"));
++    m_loop.exec();
++
++    info.setUrlResponse("http://localhost/resp.html?code=c0d3");
++    m_testPlugin->userActionFinished(info);
++    m_loop.exec();
++
++    QCOMPARE(m_error.type(), expectedErrorCode);
++
++    delete nam;
++
++    TEST_DONE
++}
++
++void OAuth2PluginTest::testRefreshToken()
++{
++    TEST_START
++
++    SignOn::UiSessionData info;
++    OAuth2PluginData data;
++    data.setHost("localhost");
++    data.setAuthPath("authorize");
++    data.setTokenPath("access_token");
++    data.setClientId("104660106251471");
++    data.setClientSecret("fa28f40b5a1f8c1d5628963d880636fbkjkjkj");
++    data.setRedirectUri("http://localhost/resp.html");
++
++    /* Pretend that we have stored an expired access token, but have a refresh
++     * token */
++    QVariantMap tokens;
++    QVariantMap token;
++    token.insert("Token", QLatin1String("tokenfromtest"));
++    token.insert("timestamp", QDateTime::currentDateTime().toTime_t() - 10000);
++    token.insert("Expiry", 1000);
++    token.insert("refresh_token", QString("r3fr3sh"));
++    tokens.insert(data.ClientId(), QVariant::fromValue(token));
++    data.m_data.insert("Tokens", tokens);
++
++    QObject::connect(m_testPlugin, SIGNAL(result(const SignOn::SessionData&)),
++                  this, SLOT(result(const SignOn::SessionData&)),
++                  Qt::QueuedConnection);
++    QObject::connect(m_testPlugin, SIGNAL(error(const SignOn::Error & )),
++                  this, SLOT(pluginError(const SignOn::Error &)),
++                  Qt::QueuedConnection);
++    QObject::connect(m_testPlugin, SIGNAL(userActionRequired(const SignOn::UiSessionData&)),
++                  this, SLOT(uiRequest(const SignOn::UiSessionData&)),
++                  Qt::QueuedConnection);
++    QTimer::singleShot(10*1000, &m_loop, SLOT(quit()));
++
++    TestNetworkAccessManager *nam = new TestNetworkAccessManager;
++    m_testPlugin->m_networkAccessManager = nam;
++    TestNetworkReply *reply = new TestNetworkReply(this);
++    reply->setStatusCode(200);
++    reply->setContentType("application/json");
++    reply->setContent("{ \"access_token\":\"n3w-t0k3n\", \"expires_in\": 3600 }");
++    nam->setNextReply(reply);
++
++    m_testPlugin->process(data, QString("web_server"));
++    m_loop.exec();
++
++    QCOMPARE(m_error.type(), -1);
++    QCOMPARE(nam->m_lastRequest.url(), QUrl("https://localhost/access_token"));
++    QCOMPARE(QString::fromUtf8(nam->m_lastRequestData),
++             QString("grant_type=refresh_token&refresh_token=r3fr3sh"));
++
++    QVariantMap expectedResponse;
++    expectedResponse.insert("AccessToken", "n3w-t0k3n");
++    expectedResponse.insert("ExpiresIn", 3600);
++    expectedResponse.insert("RefreshToken", QString());
++    qDebug() << "got response" << m_response.toMap();
++    qDebug() << "expected" << expectedResponse;
++    QCOMPARE(m_response.toMap(), expectedResponse);
++
++    delete nam;
++
++    TEST_DONE
++}
++
++void OAuth2PluginTest::testClientAuthentication_data()
++{
++    QTest::addColumn<QString>("clientSecret");
++    QTest::addColumn<bool>("forceAuthViaRequestBody");
++    QTest::addColumn<QString>("postContents");
++    QTest::addColumn<QString>("postAuthorization");
++
++    QTest::newRow("no secret, std auth") <<
++        "" << false <<
++        "grant_type=authorization_code&code=c0d3"
++        "&redirect_uri=http://localhost/resp.html&client_id=104660106251471" <<
++        "";
++    QTest::newRow("no secret, auth in body") <<
++        "" << true <<
++        "grant_type=authorization_code&code=c0d3"
++        "&redirect_uri=http://localhost/resp.html&client_id=104660106251471" <<
++        "";
++
++    QTest::newRow("with secret, std auth") <<
++        "s3cr3t" << false <<
++        "grant_type=authorization_code&code=c0d3&redirect_uri=http://localhost/resp.html" <<
++        "Basic MTA0NjYwMTA2MjUxNDcxOnMzY3IzdA==";
++    QTest::newRow("with secret, auth in body") <<
++        "s3cr3t" << true <<
++        "grant_type=authorization_code&code=c0d3"
++        "&redirect_uri=http://localhost/resp.html"
++        "&client_id=104660106251471&client_secret=s3cr3t" <<
++        "";
++}
++
++void OAuth2PluginTest::testClientAuthentication()
++{
++    TEST_START
++
++    QFETCH(QString, clientSecret);
++    QFETCH(bool, forceAuthViaRequestBody);
++    QFETCH(QString, postContents);
++    QFETCH(QString, postAuthorization);
++
++    SignOn::UiSessionData info;
++    OAuth2PluginData data;
++    data.setHost("localhost");
++    data.setAuthPath("authorize");
++    data.setTokenPath("access_token");
++    data.setClientId("104660106251471");
++    data.setClientSecret(clientSecret);
++    data.setRedirectUri("http://localhost/resp.html");
++    data.setForceClientAuthViaRequestBody(forceAuthViaRequestBody);
++
++    QObject::connect(m_testPlugin, SIGNAL(result(const SignOn::SessionData&)),
++                  this, SLOT(result(const SignOn::SessionData&)),
++                  Qt::QueuedConnection);
++    QObject::connect(m_testPlugin, SIGNAL(error(const SignOn::Error & )),
++                  this, SLOT(pluginError(const SignOn::Error &)),
++                  Qt::QueuedConnection);
++    QObject::connect(m_testPlugin, SIGNAL(userActionRequired(const SignOn::UiSessionData&)),
++                  this, SLOT(uiRequest(const SignOn::UiSessionData&)),
++                  Qt::QueuedConnection);
++    QTimer::singleShot(10*1000, &m_loop, SLOT(quit()));
++
++    TestNetworkAccessManager *nam = new TestNetworkAccessManager;
++    m_testPlugin->m_networkAccessManager = nam;
++    TestNetworkReply *reply = new TestNetworkReply(this);
++    reply->setStatusCode(200);
++    reply->setContentType("application/json");
++    reply->setContent("{ \"access_token\":\"t0k3n\", \"expires_in\": 3600 }");
++    nam->setNextReply(reply);
++
++    m_testPlugin->process(data, QString("web_server"));
++    m_loop.exec();
++
++    info.setUrlResponse("http://localhost/resp.html?code=c0d3");
++    m_testPlugin->userActionFinished(info);
++    m_loop.exec();
++
++    QCOMPARE(m_error.type(), -1);
++    QCOMPARE(nam->m_lastRequest.url(), QUrl("https://localhost/access_token"));
++    QCOMPARE(QString::fromUtf8(nam->m_lastRequestData), postContents);
++    QCOMPARE(QString::fromUtf8(nam->m_lastRequest.rawHeader("Authorization")),
++             postAuthorization);
++
++    delete nam;
      TEST_DONE
+ }
@@ -561,4 +1051,4 @@
  //end test cases
  QTEST_MAIN(OAuth2PluginTest)
--
++#include "oauth2plugintest.moc"
 === modified file 'tests/oauth2plugintest.h'
 --- tests/oauth2plugintest.h	2013-06-04 05:04:43 +0000
 +++ tests/oauth2plugintest.h	2014-09-12 09:09:50 +0000
@@ -56,7 +56,13 @@
      void testPluginProcess();
      void testPluginHmacSha1Process();
      void testPluginUseragentUserActionFinished();
++    void testPluginWebserverUserActionFinished_data();
      void testPluginWebserverUserActionFinished();
++    void testOAuth2Errors_data();
++    void testOAuth2Errors();
++    void testRefreshToken();
++    void testClientAuthentication_data();
++    void testClientAuthentication();
  private:
      Plugin *m_testPlugin;