motionbox-oauth 0.4.5

data/test/cases/spec/1_0-final/test_signature_base_strings.rb

@@ -0,0 +1,77 @@
+require File.expand_path('../../../oauth_case', __FILE__)
+
+# See http://oauth.net/core/1.0/#anchor14
+#
+# 9.1.  Signature Base String
+#
+# The Signature Base String is a consistent reproducible concatenation of the request elements
+# into a single string. The string is used as an input in hashing or signing algorithms. The
+# HMAC-SHA1 signature method provides both a standard and an example of using the Signature
+# Base String with a signing algorithm to generate signatures. All the request parameters MUST
+# be encoded as described in Parameter Encoding prior to constructing the Signature Base String.
+#
+
+class SignatureBaseStringTest < OAuthCase
+
+  def test_A_5_1
+    parameters={
+      'oauth_consumer_key'=>'dpf43f3p2l4k3l03',
+      'oauth_token'=>'nnch734d00sl2jdk',
+      'oauth_signature_method'=>'HMAC-SHA1',
+      'oauth_timestamp'=>'1191242096',
+      'oauth_nonce'=>'kllo9940pd9333jh',
+      'oauth_version'=>'1.0',
+      'file'=>'vacation.jpg',
+      'size'=>'original'
+    }
+    sbs='GET&http%3A%2F%2Fphotos.example.net%2Fphotos&file%3Dvacation.jpg%26oauth_consumer_key%3Ddpf43f3p2l4k3l03%26oauth_nonce%3Dkllo9940pd9333jh%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1191242096%26oauth_token%3Dnnch734d00sl2jdk%26oauth_version%3D1.0%26size%3Doriginal'
+
+    assert_signature_base_string sbs,parameters,'GET',"http://photos.example.net/photos"
+  end
+
+  # These are from the wiki http://wiki.oauth.net/TestCases
+  # in the section Concatenate Test Elements
+
+  def test_wiki_1_simple_with_ending_slash
+    parameters={
+      'n'=>'v'
+    }
+    sbs='GET&http%3A%2F%2Fexample.com%2F&n%3Dv'
+
+    assert_signature_base_string sbs,parameters,'GET',"http://example.com/"
+  end
+
+
+  def test_wiki_2_simple_without_ending_slash
+    parameters={
+      'n'=>'v'
+    }
+    sbs='GET&http%3A%2F%2Fexample.com%2F&n%3Dv'
+
+    assert_signature_base_string sbs,parameters,'GET',"http://example.com"
+  end
+
+  def test_wiki_2_request_token
+    parameters={
+'oauth_version'=>'1.0',
+'oauth_consumer_key'=>'dpf43f3p2l4k3l03',
+'oauth_timestamp'=>'1191242090',
+'oauth_nonce'=>'hsu94j3884jdopsl',
+'oauth_signature_method'=>'PLAINTEXT',
+'oauth_signature'=>'ignored'    }
+    sbs='POST&https%3A%2F%2Fphotos.example.net%2Frequest_token&oauth_consumer_key%3Ddpf43f3p2l4k3l03%26oauth_nonce%3Dhsu94j3884jdopsl%26oauth_signature_method%3DPLAINTEXT%26oauth_timestamp%3D1191242090%26oauth_version%3D1.0'
+
+    assert_signature_base_string sbs,parameters,'POST',"https://photos.example.net/request_token"
+  end
+
+  protected
+
+
+  def assert_signature_base_string(expected,params={},method='GET',uri="http://photos.example.net/photos",message="Signature Base String does not match")
+    assert_equal expected, signature_base_string(params,method,uri), message
+  end
+
+  def signature_base_string(params={},method='GET',uri="http://photos.example.net/photos")
+    request(params,method,uri).signature_base_string
+  end
+end

data/test/integration/consumer_test.rb

@@ -0,0 +1,307 @@
+require File.expand_path('../../test_helper', __FILE__)
+
+module Integration
+  class ConsumerTest < Test::Unit::TestCase
+    def setup
+      @consumer=OAuth::Consumer.new(
+          'consumer_key_86cad9', '5888bf0345e5d237',
+          {
+          :site=>"http://blabla.bla",
+          :proxy=>"http://user:password@proxy.bla:8080",
+          :request_token_path=>"/oauth/example/request_token.php",
+          :access_token_path=>"/oauth/example/access_token.php",
+          :authorize_path=>"/oauth/example/authorize.php",
+          :scheme=>:header,
+          :http_method=>:get
+          })
+      @token = OAuth::ConsumerToken.new(@consumer,'token_411a7f', '3196ffd991c8ebdb')
+      @request_uri = URI.parse('http://example.com/test?key=value')
+      @request_parameters = { 'key' => 'value' }
+      @nonce = 225579211881198842005988698334675835446
+      @timestamp = "1199645624"
+      @consumer.http=Net::HTTP.new(@request_uri.host, @request_uri.port)
+    end
+
+    def test_that_signing_auth_headers_on_get_requests_works
+      request = Net::HTTP::Get.new(@request_uri.path + "?" + request_parameters_to_s)
+      @token.sign!(request, {:nonce => @nonce, :timestamp => @timestamp})
+
+      assert_equal 'GET', request.method
+      assert_equal '/test?key=value', request.path
+      assert_equal "OAuth oauth_nonce=\"225579211881198842005988698334675835446\", oauth_signature_method=\"HMAC-SHA1\", oauth_token=\"token_411a7f\", oauth_timestamp=\"1199645624\", oauth_consumer_key=\"consumer_key_86cad9\", oauth_signature=\"1oO2izFav1GP4kEH2EskwXkCRFg%3D\", oauth_version=\"1.0\"".delete(',').split.sort, request['authorization'].delete(',').split.sort
+    end
+
+    def test_that_setting_signature_method_on_consumer_effects_signing
+      require 'oauth/signature/plaintext'
+      request = Net::HTTP::Get.new(@request_uri.path)
+      consumer = @consumer.dup
+      consumer.options[:signature_method] = 'PLAINTEXT'
+      token = OAuth::ConsumerToken.new(consumer, 'token_411a7f', '3196ffd991c8ebdb')
+      token.sign!(request, {:nonce => @nonce, :timestamp => @timestamp})
+
+      assert_no_match( /oauth_signature_method="HMAC-SHA1"/, request['authorization'])
+      assert_match(    /oauth_signature_method="PLAINTEXT"/, request['authorization'])
+    end
+
+    def test_that_setting_signature_method_on_consumer_effects_signature_base_string
+      require 'oauth/signature/plaintext'
+      request = Net::HTTP::Get.new(@request_uri.path)
+      consumer = @consumer.dup
+      consumer.options[:signature_method] = 'PLAINTEXT'
+
+      request = Net::HTTP::Get.new('/')
+      signature_base_string = consumer.signature_base_string(request)
+
+      assert_no_match( /HMAC-SHA1/, signature_base_string)
+      assert_equal( "#{consumer.secret}&", signature_base_string)
+    end
+
+    def test_that_plaintext_signature_works
+      # Invalid test because server expects double-escaped signature
+      require 'oauth/signature/plaintext'
+      # consumer = OAuth::Consumer.new("key", "secret",
+      #   :site => "http://term.ie", :signature_method => 'PLAINTEXT')
+      # access_token = OAuth::AccessToken.new(consumer, 'accesskey', 'accesssecret')
+      # response = access_token.get("/oauth/example/echo_api.php?echo=hello")
+
+      # assert_equal 'echo=hello', response.body
+    end
+
+    def test_that_signing_auth_headers_on_post_requests_works
+      request = Net::HTTP::Post.new(@request_uri.path)
+      request.set_form_data( @request_parameters )
+      @token.sign!(request, {:nonce => @nonce, :timestamp => @timestamp})
+  #    assert_equal "",request.oauth_helper.signature_base_string
+
+      assert_equal 'POST', request.method
+      assert_equal '/test', request.path
+      assert_equal 'key=value', request.body
+      assert_equal "OAuth oauth_nonce=\"225579211881198842005988698334675835446\", oauth_signature_method=\"HMAC-SHA1\", oauth_token=\"token_411a7f\", oauth_timestamp=\"1199645624\", oauth_consumer_key=\"consumer_key_86cad9\", oauth_signature=\"26g7wHTtNO6ZWJaLltcueppHYiI%3D\", oauth_version=\"1.0\"".delete(',').split.sort, request['authorization'].delete(',').split.sort
+    end
+
+    def test_that_signing_post_params_works
+      request = Net::HTTP::Post.new(@request_uri.path)
+      request.set_form_data( @request_parameters )
+      @token.sign!(request, {:scheme => 'body', :nonce => @nonce, :timestamp => @timestamp})
+
+      assert_equal 'POST', request.method
+      assert_equal '/test', request.path
+      assert_equal "key=value&oauth_consumer_key=consumer_key_86cad9&oauth_nonce=225579211881198842005988698334675835446&oauth_signature=26g7wHTtNO6ZWJaLltcueppHYiI%3d&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1199645624&oauth_token=token_411a7f&oauth_version=1.0", request.body.split("&").sort.join("&")
+      assert_equal nil, request['authorization']
+    end
+
+    def test_that_using_auth_headers_on_get_on_create_signed_requests_works
+      request=@consumer.create_signed_request(:get,@request_uri.path+ "?" + request_parameters_to_s,@token,{:nonce => @nonce, :timestamp => @timestamp},@request_parameters)
+
+      assert_equal 'GET', request.method
+      assert_equal '/test?key=value', request.path
+      assert_equal "OAuth oauth_nonce=\"225579211881198842005988698334675835446\", oauth_signature_method=\"HMAC-SHA1\", oauth_token=\"token_411a7f\", oauth_timestamp=\"1199645624\", oauth_consumer_key=\"consumer_key_86cad9\", oauth_signature=\"1oO2izFav1GP4kEH2EskwXkCRFg%3D\", oauth_version=\"1.0\"".delete(',').split.sort, request['authorization'].delete(',').split.sort
+    end
+
+    def test_that_using_auth_headers_on_post_on_create_signed_requests_works
+      request=@consumer.create_signed_request(:post,@request_uri.path,@token,{:nonce => @nonce, :timestamp => @timestamp},@request_parameters,{})
+      assert_equal 'POST', request.method
+      assert_equal '/test', request.path
+      assert_equal 'key=value', request.body
+      assert_equal "OAuth oauth_nonce=\"225579211881198842005988698334675835446\", oauth_signature_method=\"HMAC-SHA1\", oauth_token=\"token_411a7f\", oauth_timestamp=\"1199645624\", oauth_consumer_key=\"consumer_key_86cad9\", oauth_signature=\"26g7wHTtNO6ZWJaLltcueppHYiI%3D\", oauth_version=\"1.0\"".delete(',').split.sort, request['authorization'].delete(',').split.sort
+    end
+
+    def test_that_signing_post_params_works_2
+      request=@consumer.create_signed_request(:post,@request_uri.path,@token,{:scheme => 'body', :nonce => @nonce, :timestamp => @timestamp},@request_parameters,{})
+
+      assert_equal 'POST', request.method
+      assert_equal '/test', request.path
+      assert_equal "key=value&oauth_consumer_key=consumer_key_86cad9&oauth_nonce=225579211881198842005988698334675835446&oauth_signature=26g7wHTtNO6ZWJaLltcueppHYiI%3d&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1199645624&oauth_token=token_411a7f&oauth_version=1.0", request.body.split("&").sort.join("&")
+      assert_equal nil, request['authorization']
+    end
+
+    def test_step_by_step_token_request
+      stub_test_ie
+
+      @consumer=OAuth::Consumer.new(
+          "key",
+          "secret",
+          {
+          :site=>"http://term.ie",
+          :request_token_path=>"/oauth/example/request_token.php",
+          :access_token_path=>"/oauth/example/access_token.php",
+          :authorize_path=>"/oauth/example/authorize.php",
+          :scheme=>:header
+          })
+      options={:nonce=>'nonce',:timestamp=>Time.now.to_i.to_s}
+
+      request = Net::HTTP::Get.new("/oauth/example/request_token.php")
+      signature_base_string=@consumer.signature_base_string(request,nil,options)
+      assert_equal "GET&http%3A%2F%2Fterm.ie%2Foauth%2Fexample%2Frequest_token.php&oauth_consumer_key%3Dkey%26oauth_nonce%3D#{options[:nonce]}%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D#{options[:timestamp]}%26oauth_version%3D1.0",signature_base_string
+      @consumer.sign!(request, nil,options)
+
+      assert_equal 'GET', request.method
+      assert_equal nil, request.body
+      response=@consumer.http.request(request)
+      assert_equal "200",response.code
+      assert_equal "oauth_token=requestkey&oauth_token_secret=requestsecret",response.body
+    end
+
+    def test_get_token_sequence
+      stub_test_ie
+
+      @consumer=OAuth::Consumer.new(
+          "key",
+          "secret",
+          {
+          :site=>"http://term.ie",
+          :request_token_path=>"/oauth/example/request_token.php",
+          :access_token_path=>"/oauth/example/access_token.php",
+          :authorize_path=>"/oauth/example/authorize.php"
+          })
+      assert_equal "http://term.ie/oauth/example/request_token.php",@consumer.request_token_url
+      assert_equal "http://term.ie/oauth/example/access_token.php",@consumer.access_token_url
+
+      assert !@consumer.request_token_url?, "Should not use fully qualified request token url"
+      assert !@consumer.access_token_url?, "Should not use fully qualified access token url"
+      assert !@consumer.authorize_url?, "Should not use fully qualified url"
+
+      @request_token=@consumer.get_request_token
+      assert_not_nil @request_token
+      assert_equal "requestkey",@request_token.token
+      assert_equal "requestsecret",@request_token.secret
+      assert_equal "http://term.ie/oauth/example/authorize.php?oauth_token=requestkey",@request_token.authorize_url
+
+      @access_token=@request_token.get_access_token
+      assert_not_nil @access_token
+      assert_equal "accesskey",@access_token.token
+      assert_equal "accesssecret",@access_token.secret
+
+      @response=@access_token.get("/oauth/example/echo_api.php?ok=hello&test=this")
+      assert_not_nil @response
+      assert_equal "200",@response.code
+      assert_equal( "ok=hello&test=this",@response.body)
+
+      @response=@access_token.post("/oauth/example/echo_api.php",{'ok'=>'hello','test'=>'this'})
+      assert_not_nil @response
+      assert_equal "200",@response.code
+      assert_equal( "ok=hello&test=this",@response.body)
+    end
+
+    def test_get_token_sequence_using_fqdn
+      stub_test_ie
+
+      @consumer=OAuth::Consumer.new(
+          "key",
+          "secret",
+          {
+          :site=>"http://term.ie",
+          :request_token_url=>"http://term.ie/oauth/example/request_token.php",
+          :access_token_url=>"http://term.ie/oauth/example/access_token.php",
+          :authorize_url=>"http://term.ie/oauth/example/authorize.php"
+          })
+      assert_equal "http://term.ie/oauth/example/request_token.php",@consumer.request_token_url
+      assert_equal "http://term.ie/oauth/example/access_token.php",@consumer.access_token_url
+
+      assert @consumer.request_token_url?, "Should use fully qualified request token url"
+      assert @consumer.access_token_url?, "Should use fully qualified access token url"
+      assert @consumer.authorize_url?, "Should use fully qualified url"
+
+      @request_token=@consumer.get_request_token
+      assert_not_nil @request_token
+      assert_equal "requestkey",@request_token.token
+      assert_equal "requestsecret",@request_token.secret
+      assert_equal "http://term.ie/oauth/example/authorize.php?oauth_token=requestkey",@request_token.authorize_url
+
+      @access_token=@request_token.get_access_token
+      assert_not_nil @access_token
+      assert_equal "accesskey",@access_token.token
+      assert_equal "accesssecret",@access_token.secret
+
+      @response=@access_token.get("/oauth/example/echo_api.php?ok=hello&test=this")
+      assert_not_nil @response
+      assert_equal "200",@response.code
+      assert_equal( "ok=hello&test=this",@response.body)
+
+      @response=@access_token.post("/oauth/example/echo_api.php",{'ok'=>'hello','test'=>'this'})
+      assert_not_nil @response
+      assert_equal "200",@response.code
+      assert_equal( "ok=hello&test=this",@response.body)
+    end
+
+
+    # This test does an actual https request (the result doesn't matter)
+    # to initialize the same way as get_request_token does. Can be any
+    # site that supports https.
+    #
+    # It also generates "warning: using default DH parameters." which I
+    # don't know how to get rid of
+  #  def test_serialization_with_https
+  #    consumer = OAuth::Consumer.new('token', 'secret', :site => 'https://plazes.net')
+  #    consumer.http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+  #    consumer.http.get('/')
+  #
+  #    assert_nothing_raised do
+  #      # Specifically this should not raise TypeError: no marshal_dump
+  #      # is defined for class OpenSSL::SSL::SSLContext
+  #      Marshal.dump(consumer)
+  #    end
+  #  end
+  #
+    def test_get_request_token_with_custom_arguments
+      stub_test_ie
+
+      @consumer=OAuth::Consumer.new(
+          "key",
+          "secret",
+          {
+          :site=>"http://term.ie",
+          :request_token_path=>"/oauth/example/request_token.php",
+          :access_token_path=>"/oauth/example/access_token.php",
+          :authorize_path=>"/oauth/example/authorize.php"
+          })
+
+      @consumer.get_request_token({}, {:scope => "http://www.google.com/calendar/feeds http://picasaweb.google.com/data"})
+
+      # Because this is a POST request, create_http_request should take the first element of *arguments
+      # and turn it into URL-encoded data in the body of the POST.
+    end
+
+    def test_post_with_body_stream
+      stub_test_ie
+
+      @consumer=OAuth::Consumer.new(
+          "key",
+          "secret",
+          {
+          :site=>"http://term.ie",
+          :request_token_path=>"/oauth/example/request_token.php",
+          :access_token_path=>"/oauth/example/access_token.php",
+          :authorize_path=>"/oauth/example/authorize.php"
+          })
+
+
+      @request_token=@consumer.get_request_token
+      @access_token=@request_token.get_access_token
+
+      request_body_string = "Hello, hello, hello"
+      request_body_stream = StringIO.new( request_body_string )
+
+      @response=@access_token.post("/oauth/example/echo_api.php",request_body_stream)
+      assert_not_nil @response
+      assert_equal "200",@response.code
+
+      request_body_file = File.open(__FILE__)
+
+      @response=@access_token.post("/oauth/example/echo_api.php",request_body_file)
+      assert_not_nil @response
+      assert_equal "200",@response.code
+
+      # unfortunately I don't know of a way to test that the body data was received correctly since the test server at http://term.ie
+      # echos back any non-oauth parameters but not the body.  However, this does test that the request is still correctly signed
+      # (including the Content-Length header) and that the server received Content-Length bytes of body since it won't process the
+      # request & respond until the full body length is received.
+    end
+
+    private
+
+    def request_parameters_to_s
+      @request_parameters.map { |k,v| "#{k}=#{v}" }.join("&")
+    end
+  end
+end

data/test/keys/rsa.cert

@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBpjCCAQ+gAwIBAgIBATANBgkqhkiG9w0BAQUFADAZMRcwFQYDVQQDDA5UZXN0
+IFByaW5jaXBhbDAeFw03MDAxMDEwODAwMDBaFw0zODEyMzEwODAwMDBaMBkxFzAV
+BgNVBAMMDlRlc3QgUHJpbmNpcGFsMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
+gQC0YjCwIfYoprq/FQO6lb3asXrxLlJFuCvtinTF5p0GxvQGu5O3gYytUvtC2JlY
+zypSRjVxwxrsuRcP3e641SdASwfrmzyvIgP08N4S0IFzEURkV1wp/IpH7kH41Etb
+mUmrXSwfNZsnQRE5SYSOhh+LcK2wyQkdgcMv11l4KoBkcwIDAQABMA0GCSqGSIb3
+DQEBBQUAA4GBAGZLPEuJ5SiJ2ryq+CmEGOXfvlTtEL2nuGtr9PewxkgnOjZpUy+d
+4TvuXJbNQc8f4AMWL/tO9w0Fk80rWKp9ea8/df4qMq5qlFWlx6yOLQxumNOmECKb
+WpkUQDIDJEoFUzKMVuJf4KO/FJ345+BNLGgbJ6WujreoM1X/gYfdnJ/J
+-----END CERTIFICATE-----

data/test/keys/rsa.pem

@@ -0,0 +1,16 @@
+-----BEGIN PRIVATE KEY-----
+MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBALRiMLAh9iimur8V
+A7qVvdqxevEuUkW4K+2KdMXmnQbG9Aa7k7eBjK1S+0LYmVjPKlJGNXHDGuy5Fw/d
+7rjVJ0BLB+ubPK8iA/Tw3hLQgXMRRGRXXCn8ikfuQfjUS1uZSatdLB81mydBETlJ
+hI6GH4twrbDJCR2Bwy/XWXgqgGRzAgMBAAECgYBYWVtleUzavkbrPjy0T5FMou8H
+X9u2AC2ry8vD/l7cqedtwMPp9k7TubgNFo+NGvKsl2ynyprOZR1xjQ7WgrgVB+mm
+uScOM/5HVceFuGRDhYTCObE+y1kxRloNYXnx3ei1zbeYLPCHdhxRYW7T0qcynNmw
+rn05/KO2RLjgQNalsQJBANeA3Q4Nugqy4QBUCEC09SqylT2K9FrrItqL2QKc9v0Z
+zO2uwllCbg0dwpVuYPYXYvikNHHg+aCWF+VXsb9rpPsCQQDWR9TT4ORdzoj+Nccn
+qkMsDmzt0EfNaAOwHOmVJ2RVBspPcxt5iN4HI7HNeG6U5YsFBb+/GZbgfBT3kpNG
+WPTpAkBI+gFhjfJvRw38n3g/+UeAkwMI2TJQS4n8+hid0uus3/zOjDySH3XHCUno
+cn1xOJAyZODBo47E+67R4jV1/gzbAkEAklJaspRPXP877NssM5nAZMU0/O/NGCZ+
+3jPgDUno6WbJn5cqm8MqWhW1xGkImgRk+fkDBquiq4gPiT898jusgQJAd5Zrr6Q8
+AO/0isr/3aa6O6NLQxISLKcPDk2NOccAfS/xOtfOz4sJYM3+Bs4Io9+dZGSDCA54
+Lw03eHTNQghS0A==
+-----END PRIVATE KEY-----

data/test/test_access_token.rb

@@ -0,0 +1,26 @@
+require File.expand_path('../test_helper', __FILE__)
+
+class TestAccessToken < Test::Unit::TestCase
+  def setup
+    @fake_response = {
+      :user_id => 5734758743895,
+      :oauth_token => "key",
+      :oauth_token_secret => "secret"
+    }
+    # setup a fake req. token. mocking Consumer would be more appropriate...
+    @access_token = OAuth::AccessToken.from_hash(
+      OAuth::Consumer.new("key", "secret", {}),
+      @fake_response
+    )
+  end
+
+  def test_provides_response_parameters
+    assert @access_token
+    assert_respond_to @access_token, :params
+  end
+
+  def test_access_token_makes_non_oauth_response_params_available
+    assert_not_nil @access_token.params[:user_id]
+    assert_equal 5734758743895, @access_token.params[:user_id]
+  end
+end

data/test/test_action_controller_request_proxy.rb

@@ -0,0 +1,133 @@
+gem 'actionpack', '~> 2.3.8'
+require File.expand_path('../test_helper', __FILE__)
+
+require 'oauth/request_proxy/action_controller_request'
+require 'action_controller/test_process'
+
+class ActionControllerRequestProxyTest < Test::Unit::TestCase
+
+  def request_proxy(request_method = :get, uri_params = {}, body_params = {})
+    request = ActionController::TestRequest.new
+    request.set_REQUEST_URI('/')
+
+    case request_method
+    when :post
+      request.env['REQUEST_METHOD'] = 'POST'
+    when :put
+      request.env['REQUEST_METHOD'] = 'PUT'
+    end
+
+    request.env['REQUEST_URI'] = '/'
+    request.env['RAW_POST_DATA'] = body_params.to_query
+    request.env['QUERY_STRING'] = body_params.to_query
+    request.env['CONTENT_TYPE'] = 'application/x-www-form-urlencoded'
+
+    yield request if block_given?
+    OAuth::RequestProxy::ActionControllerRequest.new(request, :parameters => uri_params)
+  end
+
+  def test_that_proxy_simple_get_request_works_with_query_params
+    request_proxy = request_proxy(:get, {'key'=>'value'})
+
+    expected_parameters = [["key", "value"]]
+    assert_equal expected_parameters, request_proxy.parameters_for_signature
+    assert_equal 'GET', request_proxy.method
+  end
+
+  def test_that_proxy_simple_post_request_works_with_query_params
+    request_proxy = request_proxy(:post, {'key'=>'value'})
+
+    expected_parameters = [["key", "value"]]
+    assert_equal expected_parameters, request_proxy.parameters_for_signature
+    assert_equal 'POST', request_proxy.method
+  end
+
+  def test_that_proxy_simple_put_request_works_with_query_params
+    request_proxy = request_proxy(:put, {'key'=>'value'})
+
+    expected_parameters = [["key", "value"]]
+    assert_equal expected_parameters, request_proxy.parameters_for_signature
+    assert_equal 'PUT', request_proxy.method
+  end
+
+  def test_that_proxy_simple_get_request_works_with_post_params
+    request_proxy = request_proxy(:get, {}, {'key'=>'value'})
+
+    expected_parameters = []
+    assert_equal expected_parameters, request_proxy.parameters_for_signature
+    assert_equal 'GET', request_proxy.method
+  end
+
+  def test_that_proxy_simple_post_request_works_with_post_params
+    request_proxy = request_proxy(:post, {}, {'key'=>'value'})
+
+    expected_parameters = [["key", "value"]]
+    assert_equal expected_parameters, request_proxy.parameters_for_signature
+    assert_equal 'POST', request_proxy.method
+  end
+
+  def test_that_proxy_simple_put_request_works_with_post_params
+    request_proxy = request_proxy(:put, {}, {'key'=>'value'})
+
+    expected_parameters = []
+    assert_equal expected_parameters, request_proxy.parameters_for_signature
+    assert_equal 'PUT', request_proxy.method
+  end
+
+  def test_that_proxy_simple_get_request_works_with_mixed_params
+    request_proxy = request_proxy(:get, {'key'=>'value'}, {'key2'=>'value2'})
+
+    expected_parameters = [["key", "value"]]
+    assert_equal expected_parameters, request_proxy.parameters_for_signature
+    assert_equal 'GET', request_proxy.method
+  end
+
+  def test_that_proxy_simple_post_request_works_with_mixed_params
+    request_proxy = request_proxy(:post, {'key'=>'value'}, {'key2'=>'value2'})
+
+    expected_parameters = [["key", "value"],["key2", "value2"]]
+    assert_equal expected_parameters, request_proxy.parameters_for_signature
+    assert_equal 'POST', request_proxy.method
+  end
+
+  def test_that_proxy_simple_put_request_works_with_mixed_params
+    request_proxy = request_proxy(:put, {'key'=>'value'}, {'key2'=>'value2'})
+
+    expected_parameters = [["key", "value"]]
+    assert_equal expected_parameters, request_proxy.parameters_for_signature
+    assert_equal 'PUT', request_proxy.method
+  end
+
+  def test_parameter_keys_should_preserve_brackets_from_hash
+    assert_equal(
+      [["message[body]", "This is a test"]],
+      request_proxy(:post, { :message => { :body => 'This is a test' }}).parameters_for_signature
+    )
+  end
+
+  def test_parameter_values_with_amps_should_not_break_parameter_parsing
+    assert_equal(
+      [['message[body]', 'http://foo.com/?a=b&c=d']],
+      request_proxy(:post, { :message => { :body => 'http://foo.com/?a=b&c=d'}}).parameters_for_signature
+    )
+  end
+
+  def test_parameter_keys_should_preserve_brackets_from_array
+    assert_equal(
+      [["foo[]", "123"], ["foo[]", "456"]],
+      request_proxy(:post, { :foo => [123, 456] }).parameters_for_signature.sort
+    )
+  end
+
+  # TODO disabled; ActionController::TestRequest does not appear to parse
+  # QUERY_STRING
+  def x_test_query_string_parameter_values_should_be_cgi_unescaped
+    request = request_proxy do |r|
+      r.env['QUERY_STRING'] = 'url=http%3A%2F%2Ffoo.com%2F%3Fa%3Db%26c%3Dd'
+    end
+    assert_equal(
+      [['url', 'http://foo.com/?a=b&c=d']],
+      request.parameters_for_signature.sort
+    )
+  end
+end