oauth-instructure 0.4.8

data/test/cases/spec/1_0-final/test_normalize_request_parameters.rb

@@ -0,0 +1,88 @@
+require File.expand_path('../../../oauth_case', __FILE__)
+
+# See http://oauth.net/core/1.0/#anchor14
+#
+# 9.1.1.  Normalize Request Parameters
+#
+# The request parameters are collected, sorted and concatenated into a normalized string:
+#
+# Parameters in the OAuth HTTP Authorization header excluding the realm parameter.
+# Parameters in the HTTP POST request body (with a content-type of application/x-www-form-urlencoded).
+# HTTP GET parameters added to the URLs in the query part (as defined by [RFC3986] section 3).
+# The oauth_signature parameter MUST be excluded.
+#
+# The parameters are normalized into a single string as follows:
+#
+# Parameters are sorted by name, using lexicographical byte value ordering.
+# If two or more parameters share the same name, they are sorted by their value. For example:
+#
+#   a=1, c=hi%20there, f=25, f=50, f=a, z=p, z=t
+# Parameters are concatenated in their sorted order into a single string. For each parameter,
+# the name is separated from the corresponding value by an ‘=’ character (ASCII code 61), even
+# if the value is empty. Each name-value pair is separated by an ‘&’ character (ASCII code 38). For example:
+#   a=1&c=hi%20there&f=25&f=50&f=a&z=p&z=t
+#
+
+
+class NormalizeRequestParametersTest < OAuthCase
+
+  def test_parameters_for_signature
+    params={'a'=>1, 'c'=>'hi there', 'f'=>'25', 'f'=>'50', 'f'=>'a', 'z'=>'p', 'z'=>'t'}
+    assert_equal params,request(params).parameters_for_signature
+  end
+
+
+  def test_parameters_for_signature_removes_oauth_signature
+    params={'a'=>1, 'c'=>'hi there', 'f'=>'25', 'f'=>'50', 'f'=>'a', 'z'=>'p', 'z'=>'t'}
+    assert_equal params,request(params.merge({'oauth_signature'=>'blalbla'})).parameters_for_signature
+  end
+
+  def test_spec_example
+    assert_normalized 'a=1&c=hi%20there&f=25&f=50&f=a&z=p&z=t', { 'a' => 1, 'c' => 'hi there', 'f' => ['25', '50', 'a'], 'z' => ['p', 't'] }
+  end
+
+  def test_sorts_parameters_correctly
+    # values for 'f' are scrambled
+    assert_normalized 'a=1&c=hi%20there&f=5&f=70&f=a&z=p&z=t', { 'a' => 1, 'c' => 'hi there', 'f' => ['a', '70', '5'], 'z' => ['p', 't'] }
+  end
+
+  def test_empty
+    assert_normalized "",{}
+  end
+
+
+  # These are from the wiki http://wiki.oauth.net/TestCases
+  # in the section Normalize Request Parameters
+  # Parameters have already been x-www-form-urlencoded (i.e. + = <space>)
+  def test_wiki1
+    assert_normalized "name=",{"name"=>nil}
+  end
+
+  def test_wiki2
+    assert_normalized "a=b",{'a'=>'b'}
+  end
+
+  def test_wiki3
+    assert_normalized "a=b&c=d",{'a'=>'b','c'=>'d'}
+  end
+
+  def test_wiki4
+    assert_normalized "a=x%20y&a=x%21y",{'a'=>["x!y","x y"]}
+
+  end
+
+  def test_wiki5
+    assert_normalized "x=a&x%21y=a",{"x!y"=>'a','x'=>'a'}
+  end
+
+  protected
+
+
+  def assert_normalized(expected,params,message=nil)
+    assert_equal expected, normalize_request_parameters(params), message
+  end
+
+  def normalize_request_parameters(params={})
+    request(params).normalized_parameters
+  end
+end

data/test/cases/spec/1_0-final/test_parameter_encodings.rb

@@ -0,0 +1,86 @@
+require File.expand_path('../../../oauth_case', __FILE__)
+
+# See http://oauth.net/core/1.0/#encoding_parameters
+#
+# 5.1.  Parameter Encoding
+#
+# All parameter names and values are escaped using the [RFC3986] percent-encoding (%xx) mechanism.
+# Characters not in the unreserved character set ([RFC3986] section 2.3) MUST be encoded. Characters
+# in the unreserved character set MUST NOT be encoded. Hexadecimal characters in encodings MUST be
+# upper case. Text names and values MUST be encoded as UTF-8 octets before percent-encoding them per [RFC3629].
+#
+#   unreserved = ALPHA, DIGIT, '-', '.', '_', '~'
+#
+
+class ParameterEncodingTest < OAuthCase
+  def test_encodings_alpha_num
+    assert_encoding 'abcABC123', 'abcABC123'
+  end
+
+  def test_encodings_non_escaped
+    assert_encoding '-._~', '-._~'
+  end
+
+  def test_encodings_percent
+    assert_encoding '%25', '%'
+  end
+
+  def test_encodings_plus
+    assert_encoding '%2B', '+'
+  end
+
+  def test_encodings_space
+    assert_encoding '%20', ' '
+  end
+
+  def test_encodings_query_param_symbols
+    assert_encoding '%26%3D%2A', '&=*'
+  end
+
+  def test_encodings_unicode_lf
+    assert_encoding '%0A', unicode_to_utf8('U+000A')
+  end
+
+  def test_encodings_unicode_space
+    assert_encoding '%20', unicode_to_utf8('U+0020')
+  end
+
+  def test_encodings_unicode_007f
+    assert_encoding '%7F', unicode_to_utf8('U+007F')
+  end
+
+  def test_encodings_unicode_0080
+    assert_encoding '%C2%80', unicode_to_utf8('U+0080')
+  end
+
+  def test_encoding_unicode_2708
+    assert_encoding '%E2%9C%88', unicode_to_utf8('U+2708')
+  end
+
+  def test_encodings_unicode_3001
+    assert_encoding '%E3%80%81', unicode_to_utf8('U+3001')
+  end
+
+protected
+
+  def unicode_to_utf8(unicode)
+    return unicode if unicode =~ /\A[[:space:]]*\z/m
+
+    str = ''
+
+    unicode.scan(/(U\+(?:[[:digit:][:xdigit:]]{4,5}|10[[:digit:][:xdigit:]]{4})|.)/mu) do
+      c = $1
+      if c =~ /^U\+/
+        str << [c[2..-1].hex].pack('U*')
+      else
+        str << c
+      end
+    end
+
+    str
+  end
+
+  def assert_encoding(expected, given, message = nil)
+    assert_equal expected, OAuth::Helper.escape(given), message
+  end
+end

data/test/cases/spec/1_0-final/test_signature_base_strings.rb

@@ -0,0 +1,77 @@
+require File.expand_path('../../../oauth_case', __FILE__)
+
+# See http://oauth.net/core/1.0/#anchor14
+#
+# 9.1.  Signature Base String
+#
+# The Signature Base String is a consistent reproducible concatenation of the request elements
+# into a single string. The string is used as an input in hashing or signing algorithms. The
+# HMAC-SHA1 signature method provides both a standard and an example of using the Signature
+# Base String with a signing algorithm to generate signatures. All the request parameters MUST
+# be encoded as described in Parameter Encoding prior to constructing the Signature Base String.
+#
+
+class SignatureBaseStringTest < OAuthCase
+
+  def test_A_5_1
+    parameters={
+      'oauth_consumer_key'=>'dpf43f3p2l4k3l03',
+      'oauth_token'=>'nnch734d00sl2jdk',
+      'oauth_signature_method'=>'HMAC-SHA1',
+      'oauth_timestamp'=>'1191242096',
+      'oauth_nonce'=>'kllo9940pd9333jh',
+      'oauth_version'=>'1.0',
+      'file'=>'vacation.jpg',
+      'size'=>'original'
+    }
+    sbs='GET&http%3A%2F%2Fphotos.example.net%2Fphotos&file%3Dvacation.jpg%26oauth_consumer_key%3Ddpf43f3p2l4k3l03%26oauth_nonce%3Dkllo9940pd9333jh%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1191242096%26oauth_token%3Dnnch734d00sl2jdk%26oauth_version%3D1.0%26size%3Doriginal'
+
+    assert_signature_base_string sbs,parameters,'GET',"http://photos.example.net/photos"
+  end
+
+  # These are from the wiki http://wiki.oauth.net/TestCases
+  # in the section Concatenate Test Elements
+
+  def test_wiki_1_simple_with_ending_slash
+    parameters={
+      'n'=>'v'
+    }
+    sbs='GET&http%3A%2F%2Fexample.com%2F&n%3Dv'
+
+    assert_signature_base_string sbs,parameters,'GET',"http://example.com/"
+  end
+
+
+  def test_wiki_2_simple_without_ending_slash
+    parameters={
+      'n'=>'v'
+    }
+    sbs='GET&http%3A%2F%2Fexample.com%2F&n%3Dv'
+
+    assert_signature_base_string sbs,parameters,'GET',"http://example.com"
+  end
+
+  def test_wiki_2_request_token
+    parameters={
+'oauth_version'=>'1.0',
+'oauth_consumer_key'=>'dpf43f3p2l4k3l03',
+'oauth_timestamp'=>'1191242090',
+'oauth_nonce'=>'hsu94j3884jdopsl',
+'oauth_signature_method'=>'PLAINTEXT',
+'oauth_signature'=>'ignored'    }
+    sbs='POST&https%3A%2F%2Fphotos.example.net%2Frequest_token&oauth_consumer_key%3Ddpf43f3p2l4k3l03%26oauth_nonce%3Dhsu94j3884jdopsl%26oauth_signature_method%3DPLAINTEXT%26oauth_timestamp%3D1191242090%26oauth_version%3D1.0'
+
+    assert_signature_base_string sbs,parameters,'POST',"https://photos.example.net/request_token"
+  end
+
+  protected
+
+
+  def assert_signature_base_string(expected,params={},method='GET',uri="http://photos.example.net/photos",message="Signature Base String does not match")
+    assert_equal expected, signature_base_string(params,method,uri), message
+  end
+
+  def signature_base_string(params={},method='GET',uri="http://photos.example.net/photos")
+    request(params,method,uri).signature_base_string
+  end
+end

data/test/integration/consumer_test.rb

@@ -0,0 +1,307 @@
+require File.expand_path('../../test_helper', __FILE__)
+
+module Integration
+  class ConsumerTest < Test::Unit::TestCase
+    def setup
+      @consumer=OAuth::Consumer.new(
+          'consumer_key_86cad9', '5888bf0345e5d237',
+          {
+          :site=>"http://blabla.bla",
+          :proxy=>"http://user:password@proxy.bla:8080",
+          :request_token_path=>"/oauth/example/request_token.php",
+          :access_token_path=>"/oauth/example/access_token.php",
+          :authorize_path=>"/oauth/example/authorize.php",
+          :scheme=>:header,
+          :http_method=>:get
+          })
+      @token = OAuth::ConsumerToken.new(@consumer,'token_411a7f', '3196ffd991c8ebdb')
+      @request_uri = URI.parse('http://example.com/test?key=value')
+      @request_parameters = { 'key' => 'value' }
+      @nonce = 225579211881198842005988698334675835446
+      @timestamp = "1199645624"
+      @consumer.http=Net::HTTP.new(@request_uri.host, @request_uri.port)
+    end
+
+    def test_that_signing_auth_headers_on_get_requests_works
+      request = Net::HTTP::Get.new(@request_uri.path + "?" + request_parameters_to_s)
+      @token.sign!(request, {:nonce => @nonce, :timestamp => @timestamp})
+
+      assert_equal 'GET', request.method
+      assert_equal '/test?key=value', request.path
+      assert_equal "OAuth oauth_nonce=\"225579211881198842005988698334675835446\", oauth_signature_method=\"HMAC-SHA1\", oauth_token=\"token_411a7f\", oauth_timestamp=\"1199645624\", oauth_consumer_key=\"consumer_key_86cad9\", oauth_signature=\"1oO2izFav1GP4kEH2EskwXkCRFg%3D\", oauth_version=\"1.0\"".delete(',').split.sort, request['authorization'].delete(',').split.sort
+    end
+
+    def test_that_setting_signature_method_on_consumer_effects_signing
+      require 'oauth/signature/plaintext'
+      request = Net::HTTP::Get.new(@request_uri.path)
+      consumer = @consumer.dup
+      consumer.options[:signature_method] = 'PLAINTEXT'
+      token = OAuth::ConsumerToken.new(consumer, 'token_411a7f', '3196ffd991c8ebdb')
+      token.sign!(request, {:nonce => @nonce, :timestamp => @timestamp})
+
+      assert_no_match( /oauth_signature_method="HMAC-SHA1"/, request['authorization'])
+      assert_match(    /oauth_signature_method="PLAINTEXT"/, request['authorization'])
+    end
+
+    def test_that_setting_signature_method_on_consumer_effects_signature_base_string
+      require 'oauth/signature/plaintext'
+      request = Net::HTTP::Get.new(@request_uri.path)
+      consumer = @consumer.dup
+      consumer.options[:signature_method] = 'PLAINTEXT'
+
+      request = Net::HTTP::Get.new('/')
+      signature_base_string = consumer.signature_base_string(request)
+
+      assert_no_match( /HMAC-SHA1/, signature_base_string)
+      assert_equal( "#{consumer.secret}&", signature_base_string)
+    end
+
+    def test_that_plaintext_signature_works
+      # Invalid test because server expects double-escaped signature
+      require 'oauth/signature/plaintext'
+      # consumer = OAuth::Consumer.new("key", "secret",
+      #   :site => "http://term.ie", :signature_method => 'PLAINTEXT')
+      # access_token = OAuth::AccessToken.new(consumer, 'accesskey', 'accesssecret')
+      # response = access_token.get("/oauth/example/echo_api.php?echo=hello")
+
+      # assert_equal 'echo=hello', response.body
+    end
+
+    def test_that_signing_auth_headers_on_post_requests_works
+      request = Net::HTTP::Post.new(@request_uri.path)
+      request.set_form_data( @request_parameters )
+      @token.sign!(request, {:nonce => @nonce, :timestamp => @timestamp})
+  #    assert_equal "",request.oauth_helper.signature_base_string
+
+      assert_equal 'POST', request.method
+      assert_equal '/test', request.path
+      assert_equal 'key=value', request.body
+      assert_equal "OAuth oauth_nonce=\"225579211881198842005988698334675835446\", oauth_signature_method=\"HMAC-SHA1\", oauth_token=\"token_411a7f\", oauth_timestamp=\"1199645624\", oauth_consumer_key=\"consumer_key_86cad9\", oauth_signature=\"26g7wHTtNO6ZWJaLltcueppHYiI%3D\", oauth_version=\"1.0\"".delete(',').split.sort, request['authorization'].delete(',').split.sort
+    end
+
+    def test_that_signing_post_params_works
+      request = Net::HTTP::Post.new(@request_uri.path)
+      request.set_form_data( @request_parameters )
+      @token.sign!(request, {:scheme => 'body', :nonce => @nonce, :timestamp => @timestamp})
+
+      assert_equal 'POST', request.method
+      assert_equal '/test', request.path
+      assert_match /key=value&oauth_consumer_key=consumer_key_86cad9&oauth_nonce=225579211881198842005988698334675835446&oauth_signature=26g7wHTtNO6ZWJaLltcueppHYiI%3[Dd]&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1199645624&oauth_token=token_411a7f&oauth_version=1.0/, request.body.split("&").sort.join("&")
+      assert_equal nil, request['authorization']
+    end
+
+    def test_that_using_auth_headers_on_get_on_create_signed_requests_works
+      request=@consumer.create_signed_request(:get,@request_uri.path+ "?" + request_parameters_to_s,@token,{:nonce => @nonce, :timestamp => @timestamp},@request_parameters)
+
+      assert_equal 'GET', request.method
+      assert_equal '/test?key=value', request.path
+      assert_equal "OAuth oauth_nonce=\"225579211881198842005988698334675835446\", oauth_signature_method=\"HMAC-SHA1\", oauth_token=\"token_411a7f\", oauth_timestamp=\"1199645624\", oauth_consumer_key=\"consumer_key_86cad9\", oauth_signature=\"1oO2izFav1GP4kEH2EskwXkCRFg%3D\", oauth_version=\"1.0\"".delete(',').split.sort, request['authorization'].delete(',').split.sort
+    end
+
+    def test_that_using_auth_headers_on_post_on_create_signed_requests_works
+      request=@consumer.create_signed_request(:post,@request_uri.path,@token,{:nonce => @nonce, :timestamp => @timestamp},@request_parameters,{})
+      assert_equal 'POST', request.method
+      assert_equal '/test', request.path
+      assert_equal 'key=value', request.body
+      assert_equal "OAuth oauth_nonce=\"225579211881198842005988698334675835446\", oauth_signature_method=\"HMAC-SHA1\", oauth_token=\"token_411a7f\", oauth_timestamp=\"1199645624\", oauth_consumer_key=\"consumer_key_86cad9\", oauth_signature=\"26g7wHTtNO6ZWJaLltcueppHYiI%3D\", oauth_version=\"1.0\"".delete(',').split.sort, request['authorization'].delete(',').split.sort
+    end
+
+    def test_that_signing_post_params_works_2
+      request=@consumer.create_signed_request(:post,@request_uri.path,@token,{:scheme => 'body', :nonce => @nonce, :timestamp => @timestamp},@request_parameters,{})
+
+      assert_equal 'POST', request.method
+      assert_equal '/test', request.path
+      assert_match /key=value&oauth_consumer_key=consumer_key_86cad9&oauth_nonce=225579211881198842005988698334675835446&oauth_signature=26g7wHTtNO6ZWJaLltcueppHYiI%3[Dd]&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1199645624&oauth_token=token_411a7f&oauth_version=1.0/, request.body.split("&").sort.join("&")
+      assert_equal nil, request['authorization']
+    end
+
+    def test_step_by_step_token_request
+      stub_test_ie
+
+      @consumer=OAuth::Consumer.new(
+          "key",
+          "secret",
+          {
+          :site=>"http://term.ie",
+          :request_token_path=>"/oauth/example/request_token.php",
+          :access_token_path=>"/oauth/example/access_token.php",
+          :authorize_path=>"/oauth/example/authorize.php",
+          :scheme=>:header
+          })
+      options={:nonce=>'nonce',:timestamp=>Time.now.to_i.to_s}
+
+      request = Net::HTTP::Get.new("/oauth/example/request_token.php")
+      signature_base_string=@consumer.signature_base_string(request,nil,options)
+      assert_equal "GET&http%3A%2F%2Fterm.ie%2Foauth%2Fexample%2Frequest_token.php&oauth_consumer_key%3Dkey%26oauth_nonce%3D#{options[:nonce]}%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D#{options[:timestamp]}%26oauth_version%3D1.0",signature_base_string
+      @consumer.sign!(request, nil,options)
+
+      assert_equal 'GET', request.method
+      assert_equal nil, request.body
+      response=@consumer.http.request(request)
+      assert_equal "200",response.code
+      assert_equal "oauth_token=requestkey&oauth_token_secret=requestsecret",response.body
+    end
+
+    def test_get_token_sequence
+      stub_test_ie
+
+      @consumer=OAuth::Consumer.new(
+          "key",
+          "secret",
+          {
+          :site=>"http://term.ie",
+          :request_token_path=>"/oauth/example/request_token.php",
+          :access_token_path=>"/oauth/example/access_token.php",
+          :authorize_path=>"/oauth/example/authorize.php"
+          })
+      assert_equal "http://term.ie/oauth/example/request_token.php",@consumer.request_token_url
+      assert_equal "http://term.ie/oauth/example/access_token.php",@consumer.access_token_url
+
+      assert !@consumer.request_token_url?, "Should not use fully qualified request token url"
+      assert !@consumer.access_token_url?, "Should not use fully qualified access token url"
+      assert !@consumer.authorize_url?, "Should not use fully qualified url"
+
+      @request_token=@consumer.get_request_token
+      assert_not_nil @request_token
+      assert_equal "requestkey",@request_token.token
+      assert_equal "requestsecret",@request_token.secret
+      assert_equal "http://term.ie/oauth/example/authorize.php?oauth_token=requestkey",@request_token.authorize_url
+
+      @access_token=@request_token.get_access_token
+      assert_not_nil @access_token
+      assert_equal "accesskey",@access_token.token
+      assert_equal "accesssecret",@access_token.secret
+
+      @response=@access_token.get("/oauth/example/echo_api.php?ok=hello&test=this")
+      assert_not_nil @response
+      assert_equal "200",@response.code
+      assert_equal( "ok=hello&test=this",@response.body)
+
+      @response=@access_token.post("/oauth/example/echo_api.php",{'ok'=>'hello','test'=>'this'})
+      assert_not_nil @response
+      assert_equal "200",@response.code
+      assert_equal( "ok=hello&test=this",@response.body)
+    end
+
+    def test_get_token_sequence_using_fqdn
+      stub_test_ie
+
+      @consumer=OAuth::Consumer.new(
+          "key",
+          "secret",
+          {
+          :site=>"http://term.ie",
+          :request_token_url=>"http://term.ie/oauth/example/request_token.php",
+          :access_token_url=>"http://term.ie/oauth/example/access_token.php",
+          :authorize_url=>"http://term.ie/oauth/example/authorize.php"
+          })
+      assert_equal "http://term.ie/oauth/example/request_token.php",@consumer.request_token_url
+      assert_equal "http://term.ie/oauth/example/access_token.php",@consumer.access_token_url
+
+      assert @consumer.request_token_url?, "Should use fully qualified request token url"
+      assert @consumer.access_token_url?, "Should use fully qualified access token url"
+      assert @consumer.authorize_url?, "Should use fully qualified url"
+
+      @request_token=@consumer.get_request_token
+      assert_not_nil @request_token
+      assert_equal "requestkey",@request_token.token
+      assert_equal "requestsecret",@request_token.secret
+      assert_equal "http://term.ie/oauth/example/authorize.php?oauth_token=requestkey",@request_token.authorize_url
+
+      @access_token=@request_token.get_access_token
+      assert_not_nil @access_token
+      assert_equal "accesskey",@access_token.token
+      assert_equal "accesssecret",@access_token.secret
+
+      @response=@access_token.get("/oauth/example/echo_api.php?ok=hello&test=this")
+      assert_not_nil @response
+      assert_equal "200",@response.code
+      assert_equal( "ok=hello&test=this",@response.body)
+
+      @response=@access_token.post("/oauth/example/echo_api.php",{'ok'=>'hello','test'=>'this'})
+      assert_not_nil @response
+      assert_equal "200",@response.code
+      assert_equal( "ok=hello&test=this",@response.body)
+    end
+
+
+    # This test does an actual https request (the result doesn't matter)
+    # to initialize the same way as get_request_token does. Can be any
+    # site that supports https.
+    #
+    # It also generates "warning: using default DH parameters." which I
+    # don't know how to get rid of
+  #  def test_serialization_with_https
+  #    consumer = OAuth::Consumer.new('token', 'secret', :site => 'https://plazes.net')
+  #    consumer.http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+  #    consumer.http.get('/')
+  #
+  #    assert_nothing_raised do
+  #      # Specifically this should not raise TypeError: no marshal_dump
+  #      # is defined for class OpenSSL::SSL::SSLContext
+  #      Marshal.dump(consumer)
+  #    end
+  #  end
+  #
+    def test_get_request_token_with_custom_arguments
+      stub_test_ie
+
+      @consumer=OAuth::Consumer.new(
+          "key",
+          "secret",
+          {
+          :site=>"http://term.ie",
+          :request_token_path=>"/oauth/example/request_token.php",
+          :access_token_path=>"/oauth/example/access_token.php",
+          :authorize_path=>"/oauth/example/authorize.php"
+          })
+
+      @consumer.get_request_token({}, {:scope => "http://www.google.com/calendar/feeds http://picasaweb.google.com/data"})
+
+      # Because this is a POST request, create_http_request should take the first element of *arguments
+      # and turn it into URL-encoded data in the body of the POST.
+    end
+
+    def test_post_with_body_stream
+      stub_test_ie
+
+      @consumer=OAuth::Consumer.new(
+          "key",
+          "secret",
+          {
+          :site=>"http://term.ie",
+          :request_token_path=>"/oauth/example/request_token.php",
+          :access_token_path=>"/oauth/example/access_token.php",
+          :authorize_path=>"/oauth/example/authorize.php"
+          })
+
+
+      @request_token=@consumer.get_request_token
+      @access_token=@request_token.get_access_token
+
+      request_body_string = "Hello, hello, hello"
+      request_body_stream = StringIO.new( request_body_string )
+
+      @response=@access_token.post("/oauth/example/echo_api.php",request_body_stream)
+      assert_not_nil @response
+      assert_equal "200",@response.code
+
+      request_body_file = File.open(__FILE__)
+
+      @response=@access_token.post("/oauth/example/echo_api.php",request_body_file)
+      assert_not_nil @response
+      assert_equal "200",@response.code
+
+      # unfortunately I don't know of a way to test that the body data was received correctly since the test server at http://term.ie
+      # echos back any non-oauth parameters but not the body.  However, this does test that the request is still correctly signed
+      # (including the Content-Length header) and that the server received Content-Length bytes of body since it won't process the
+      # request & respond until the full body length is received.
+    end
+
+    private
+
+    def request_parameters_to_s
+      @request_parameters.map { |k,v| "#{k}=#{v}" }.join("&")
+    end
+  end
+end