From: Ben Darnell <ben@bendarnell.com>
Date: Sun, 16 Sep 2018 16:04:52 +0000 (-0400)
Subject: auth: Fix twitter authenticate_redirect in 5.1
X-Git-Tag: v5.1.1~2^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5f5426c9e401d8b6924346318f0ccc62b1d7fd57;p=thirdparty%2Ftornado.git

auth: Fix twitter authenticate_redirect in 5.1

This had no test coverage so was missed in the refactoring to use
Futures.

Fixes #2482
---

diff --git a/tornado/auth.py b/tornado/auth.py
index ab1a8503a..0f019d6fd 100644
--- a/tornado/auth.py
+++ b/tornado/auth.py
@@ -796,10 +796,10 @@ class TwitterMixin(OAuthMixin):
            Use the returned awaitable object instead.
         """
         http = self.get_auth_http_client()
-        http.fetch(self._oauth_request_token_url(callback_uri=callback_uri),
-                   functools.partial(
-                       self._on_request_token, self._OAUTH_AUTHENTICATE_URL,
-                       None, callback))
+        fut = http.fetch(self._oauth_request_token_url(callback_uri=callback_uri))
+        fut.add_done_callback(functools.partial(
+            self._on_request_token, self._OAUTH_AUTHENTICATE_URL,
+            None, callback))
 
     @_auth_return_future
     def twitter_request(self, path, callback=None, access_token=None,
diff --git a/tornado/test/auth_test.py b/tornado/test/auth_test.py
index e0fd437b1..41993b1f6 100644
--- a/tornado/test/auth_test.py
+++ b/tornado/test/auth_test.py
@@ -221,6 +221,7 @@ class TwitterClientHandler(RequestHandler, TwitterMixin):
         self._OAUTH_REQUEST_TOKEN_URL = test.get_url('/oauth1/server/request_token')
         self._OAUTH_ACCESS_TOKEN_URL = test.get_url('/twitter/server/access_token')
         self._OAUTH_AUTHORIZE_URL = test.get_url('/oauth1/server/authorize')
+        self._OAUTH_AUTHENTICATE_URL = test.get_url('/twitter/server/authenticate')
         self._TWITTER_BASE_URL = test.get_url('/twitter/api')
 
     def get_auth_http_client(self):
@@ -254,6 +255,20 @@ class TwitterClientLoginHandler(TwitterClientHandler):
         yield self.authorize_redirect()
 
 
+class TwitterClientAuthenticateHandler(TwitterClientHandler):
+    # Like TwitterClientLoginHandler, but uses authenticate_redirect
+    # instead of authorize_redirect.
+    @gen.coroutine
+    def get(self):
+        if self.get_argument("oauth_token", None):
+            user = yield self.get_authenticated_user()
+            if user is None:
+                raise Exception("user is None")
+            self.finish(user)
+            return
+        yield self.authenticate_redirect()
+
+
 class TwitterClientLoginGenEngineHandler(TwitterClientHandler):
     with ignore_deprecation():
         @asynchronous
@@ -376,6 +391,7 @@ class AuthTest(AsyncHTTPTestCase):
 
                 ('/legacy/twitter/client/login', TwitterClientLoginHandlerLegacy, dict(test=self)),
                 ('/twitter/client/login', TwitterClientLoginHandler, dict(test=self)),
+                ('/twitter/client/authenticate', TwitterClientAuthenticateHandler, dict(test=self)),
                 ('/twitter/client/login_gen_engine',
                  TwitterClientLoginGenEngineHandler, dict(test=self)),
                 ('/twitter/client/login_gen_coroutine',
@@ -573,6 +589,16 @@ class AuthTest(AsyncHTTPTestCase):
     def test_twitter_redirect_gen_coroutine(self):
         self.base_twitter_redirect('/twitter/client/login_gen_coroutine')
 
+    def test_twitter_authenticate_redirect(self):
+        response = self.fetch('/twitter/client/authenticate', follow_redirects=False)
+        self.assertEqual(response.code, 302)
+        self.assertTrue(response.headers['Location'].endswith(
+            '/twitter/server/authenticate?oauth_token=zxcv'), response.headers['Location'])
+        # the cookie is base64('zxcv')|base64('1234')
+        self.assertTrue(
+            '_oauth_request_token="enhjdg==|MTIzNA=="' in response.headers['Set-Cookie'],
+            response.headers['Set-Cookie'])
+
     def test_twitter_get_user(self):
         response = self.fetch(
             '/twitter/client/login?oauth_token=zxcv',