oauth-instructure 0.4.8
Sign up to get free protection for your applications and to get access to all the features.
- data/.gemtest +0 -0
- data/Gemfile +16 -0
- data/Gemfile.lock +47 -0
- data/HISTORY +174 -0
- data/LICENSE +20 -0
- data/README.rdoc +75 -0
- data/Rakefile +37 -0
- data/TODO +32 -0
- data/bin/oauth +5 -0
- data/examples/yql.rb +44 -0
- data/lib/digest/hmac.rb +104 -0
- data/lib/oauth.rb +13 -0
- data/lib/oauth/cli.rb +378 -0
- data/lib/oauth/client.rb +4 -0
- data/lib/oauth/client/action_pack.rb +9 -0
- data/lib/oauth/client/em_http.rb +120 -0
- data/lib/oauth/client/helper.rb +91 -0
- data/lib/oauth/client/net_http.rb +120 -0
- data/lib/oauth/consumer.rb +389 -0
- data/lib/oauth/core_ext.rb +31 -0
- data/lib/oauth/errors.rb +3 -0
- data/lib/oauth/errors/error.rb +4 -0
- data/lib/oauth/errors/problem.rb +14 -0
- data/lib/oauth/errors/unauthorized.rb +12 -0
- data/lib/oauth/helper.rb +109 -0
- data/lib/oauth/oauth.rb +13 -0
- data/lib/oauth/oauth_test_helper.rb +25 -0
- data/lib/oauth/request_proxy.rb +24 -0
- data/lib/oauth/request_proxy/action_controller_request.rb +116 -0
- data/lib/oauth/request_proxy/action_dispatch_request.rb +113 -0
- data/lib/oauth/request_proxy/base.rb +174 -0
- data/lib/oauth/request_proxy/curb_request.rb +55 -0
- data/lib/oauth/request_proxy/em_http_request.rb +66 -0
- data/lib/oauth/request_proxy/jabber_request.rb +41 -0
- data/lib/oauth/request_proxy/mock_request.rb +44 -0
- data/lib/oauth/request_proxy/net_http.rb +73 -0
- data/lib/oauth/request_proxy/rack_request.rb +44 -0
- data/lib/oauth/request_proxy/typhoeus_request.rb +53 -0
- data/lib/oauth/server.rb +66 -0
- data/lib/oauth/signature.rb +45 -0
- data/lib/oauth/signature/base.rb +110 -0
- data/lib/oauth/signature/hmac/base.rb +15 -0
- data/lib/oauth/signature/hmac/md5.rb +8 -0
- data/lib/oauth/signature/hmac/rmd160.rb +8 -0
- data/lib/oauth/signature/hmac/sha1.rb +9 -0
- data/lib/oauth/signature/hmac/sha2.rb +8 -0
- data/lib/oauth/signature/md5.rb +13 -0
- data/lib/oauth/signature/plaintext.rb +23 -0
- data/lib/oauth/signature/rsa/sha1.rb +46 -0
- data/lib/oauth/signature/sha1.rb +13 -0
- data/lib/oauth/token.rb +7 -0
- data/lib/oauth/tokens/access_token.rb +71 -0
- data/lib/oauth/tokens/consumer_token.rb +33 -0
- data/lib/oauth/tokens/request_token.rb +32 -0
- data/lib/oauth/tokens/server_token.rb +9 -0
- data/lib/oauth/tokens/token.rb +17 -0
- data/oauth.gemspec +148 -0
- data/tasks/deployment.rake +34 -0
- data/tasks/environment.rake +7 -0
- data/tasks/website.rake +17 -0
- data/test/cases/oauth_case.rb +19 -0
- data/test/cases/spec/1_0-final/test_construct_request_url.rb +62 -0
- data/test/cases/spec/1_0-final/test_normalize_request_parameters.rb +88 -0
- data/test/cases/spec/1_0-final/test_parameter_encodings.rb +86 -0
- data/test/cases/spec/1_0-final/test_signature_base_strings.rb +77 -0
- data/test/integration/consumer_test.rb +307 -0
- data/test/keys/rsa.cert +11 -0
- data/test/keys/rsa.pem +16 -0
- data/test/test_access_token.rb +26 -0
- data/test/test_action_controller_request_proxy.rb +133 -0
- data/test/test_consumer.rb +220 -0
- data/test/test_curb_request_proxy.rb +77 -0
- data/test/test_em_http_client.rb +80 -0
- data/test/test_em_http_request_proxy.rb +115 -0
- data/test/test_helper.rb +28 -0
- data/test/test_hmac_sha1.rb +20 -0
- data/test/test_net_http_client.rb +292 -0
- data/test/test_net_http_request_proxy.rb +72 -0
- data/test/test_oauth_helper.rb +94 -0
- data/test/test_rack_request_proxy.rb +40 -0
- data/test/test_request_token.rb +51 -0
- data/test/test_rsa_sha1.rb +59 -0
- data/test/test_server.rb +40 -0
- data/test/test_signature.rb +22 -0
- data/test/test_signature_base.rb +32 -0
- data/test/test_signature_plain_text.rb +31 -0
- data/test/test_token.rb +14 -0
- data/test/test_typhoeus_request_proxy.rb +80 -0
- metadata +274 -0
@@ -0,0 +1,88 @@
|
|
1
|
+
require File.expand_path('../../../oauth_case', __FILE__)
|
2
|
+
|
3
|
+
# See http://oauth.net/core/1.0/#anchor14
|
4
|
+
#
|
5
|
+
# 9.1.1. Normalize Request Parameters
|
6
|
+
#
|
7
|
+
# The request parameters are collected, sorted and concatenated into a normalized string:
|
8
|
+
#
|
9
|
+
# Parameters in the OAuth HTTP Authorization header excluding the realm parameter.
|
10
|
+
# Parameters in the HTTP POST request body (with a content-type of application/x-www-form-urlencoded).
|
11
|
+
# HTTP GET parameters added to the URLs in the query part (as defined by [RFC3986] section 3).
|
12
|
+
# The oauth_signature parameter MUST be excluded.
|
13
|
+
#
|
14
|
+
# The parameters are normalized into a single string as follows:
|
15
|
+
#
|
16
|
+
# Parameters are sorted by name, using lexicographical byte value ordering.
|
17
|
+
# If two or more parameters share the same name, they are sorted by their value. For example:
|
18
|
+
#
|
19
|
+
# a=1, c=hi%20there, f=25, f=50, f=a, z=p, z=t
|
20
|
+
# Parameters are concatenated in their sorted order into a single string. For each parameter,
|
21
|
+
# the name is separated from the corresponding value by an ‘=’ character (ASCII code 61), even
|
22
|
+
# if the value is empty. Each name-value pair is separated by an ‘&’ character (ASCII code 38). For example:
|
23
|
+
# a=1&c=hi%20there&f=25&f=50&f=a&z=p&z=t
|
24
|
+
#
|
25
|
+
|
26
|
+
|
27
|
+
class NormalizeRequestParametersTest < OAuthCase
|
28
|
+
|
29
|
+
def test_parameters_for_signature
|
30
|
+
params={'a'=>1, 'c'=>'hi there', 'f'=>'25', 'f'=>'50', 'f'=>'a', 'z'=>'p', 'z'=>'t'}
|
31
|
+
assert_equal params,request(params).parameters_for_signature
|
32
|
+
end
|
33
|
+
|
34
|
+
|
35
|
+
def test_parameters_for_signature_removes_oauth_signature
|
36
|
+
params={'a'=>1, 'c'=>'hi there', 'f'=>'25', 'f'=>'50', 'f'=>'a', 'z'=>'p', 'z'=>'t'}
|
37
|
+
assert_equal params,request(params.merge({'oauth_signature'=>'blalbla'})).parameters_for_signature
|
38
|
+
end
|
39
|
+
|
40
|
+
def test_spec_example
|
41
|
+
assert_normalized 'a=1&c=hi%20there&f=25&f=50&f=a&z=p&z=t', { 'a' => 1, 'c' => 'hi there', 'f' => ['25', '50', 'a'], 'z' => ['p', 't'] }
|
42
|
+
end
|
43
|
+
|
44
|
+
def test_sorts_parameters_correctly
|
45
|
+
# values for 'f' are scrambled
|
46
|
+
assert_normalized 'a=1&c=hi%20there&f=5&f=70&f=a&z=p&z=t', { 'a' => 1, 'c' => 'hi there', 'f' => ['a', '70', '5'], 'z' => ['p', 't'] }
|
47
|
+
end
|
48
|
+
|
49
|
+
def test_empty
|
50
|
+
assert_normalized "",{}
|
51
|
+
end
|
52
|
+
|
53
|
+
|
54
|
+
# These are from the wiki http://wiki.oauth.net/TestCases
|
55
|
+
# in the section Normalize Request Parameters
|
56
|
+
# Parameters have already been x-www-form-urlencoded (i.e. + = <space>)
|
57
|
+
def test_wiki1
|
58
|
+
assert_normalized "name=",{"name"=>nil}
|
59
|
+
end
|
60
|
+
|
61
|
+
def test_wiki2
|
62
|
+
assert_normalized "a=b",{'a'=>'b'}
|
63
|
+
end
|
64
|
+
|
65
|
+
def test_wiki3
|
66
|
+
assert_normalized "a=b&c=d",{'a'=>'b','c'=>'d'}
|
67
|
+
end
|
68
|
+
|
69
|
+
def test_wiki4
|
70
|
+
assert_normalized "a=x%20y&a=x%21y",{'a'=>["x!y","x y"]}
|
71
|
+
|
72
|
+
end
|
73
|
+
|
74
|
+
def test_wiki5
|
75
|
+
assert_normalized "x=a&x%21y=a",{"x!y"=>'a','x'=>'a'}
|
76
|
+
end
|
77
|
+
|
78
|
+
protected
|
79
|
+
|
80
|
+
|
81
|
+
def assert_normalized(expected,params,message=nil)
|
82
|
+
assert_equal expected, normalize_request_parameters(params), message
|
83
|
+
end
|
84
|
+
|
85
|
+
def normalize_request_parameters(params={})
|
86
|
+
request(params).normalized_parameters
|
87
|
+
end
|
88
|
+
end
|
@@ -0,0 +1,86 @@
|
|
1
|
+
require File.expand_path('../../../oauth_case', __FILE__)
|
2
|
+
|
3
|
+
# See http://oauth.net/core/1.0/#encoding_parameters
|
4
|
+
#
|
5
|
+
# 5.1. Parameter Encoding
|
6
|
+
#
|
7
|
+
# All parameter names and values are escaped using the [RFC3986] percent-encoding (%xx) mechanism.
|
8
|
+
# Characters not in the unreserved character set ([RFC3986] section 2.3) MUST be encoded. Characters
|
9
|
+
# in the unreserved character set MUST NOT be encoded. Hexadecimal characters in encodings MUST be
|
10
|
+
# upper case. Text names and values MUST be encoded as UTF-8 octets before percent-encoding them per [RFC3629].
|
11
|
+
#
|
12
|
+
# unreserved = ALPHA, DIGIT, '-', '.', '_', '~'
|
13
|
+
#
|
14
|
+
|
15
|
+
class ParameterEncodingTest < OAuthCase
|
16
|
+
def test_encodings_alpha_num
|
17
|
+
assert_encoding 'abcABC123', 'abcABC123'
|
18
|
+
end
|
19
|
+
|
20
|
+
def test_encodings_non_escaped
|
21
|
+
assert_encoding '-._~', '-._~'
|
22
|
+
end
|
23
|
+
|
24
|
+
def test_encodings_percent
|
25
|
+
assert_encoding '%25', '%'
|
26
|
+
end
|
27
|
+
|
28
|
+
def test_encodings_plus
|
29
|
+
assert_encoding '%2B', '+'
|
30
|
+
end
|
31
|
+
|
32
|
+
def test_encodings_space
|
33
|
+
assert_encoding '%20', ' '
|
34
|
+
end
|
35
|
+
|
36
|
+
def test_encodings_query_param_symbols
|
37
|
+
assert_encoding '%26%3D%2A', '&=*'
|
38
|
+
end
|
39
|
+
|
40
|
+
def test_encodings_unicode_lf
|
41
|
+
assert_encoding '%0A', unicode_to_utf8('U+000A')
|
42
|
+
end
|
43
|
+
|
44
|
+
def test_encodings_unicode_space
|
45
|
+
assert_encoding '%20', unicode_to_utf8('U+0020')
|
46
|
+
end
|
47
|
+
|
48
|
+
def test_encodings_unicode_007f
|
49
|
+
assert_encoding '%7F', unicode_to_utf8('U+007F')
|
50
|
+
end
|
51
|
+
|
52
|
+
def test_encodings_unicode_0080
|
53
|
+
assert_encoding '%C2%80', unicode_to_utf8('U+0080')
|
54
|
+
end
|
55
|
+
|
56
|
+
def test_encoding_unicode_2708
|
57
|
+
assert_encoding '%E2%9C%88', unicode_to_utf8('U+2708')
|
58
|
+
end
|
59
|
+
|
60
|
+
def test_encodings_unicode_3001
|
61
|
+
assert_encoding '%E3%80%81', unicode_to_utf8('U+3001')
|
62
|
+
end
|
63
|
+
|
64
|
+
protected
|
65
|
+
|
66
|
+
def unicode_to_utf8(unicode)
|
67
|
+
return unicode if unicode =~ /\A[[:space:]]*\z/m
|
68
|
+
|
69
|
+
str = ''
|
70
|
+
|
71
|
+
unicode.scan(/(U\+(?:[[:digit:][:xdigit:]]{4,5}|10[[:digit:][:xdigit:]]{4})|.)/mu) do
|
72
|
+
c = $1
|
73
|
+
if c =~ /^U\+/
|
74
|
+
str << [c[2..-1].hex].pack('U*')
|
75
|
+
else
|
76
|
+
str << c
|
77
|
+
end
|
78
|
+
end
|
79
|
+
|
80
|
+
str
|
81
|
+
end
|
82
|
+
|
83
|
+
def assert_encoding(expected, given, message = nil)
|
84
|
+
assert_equal expected, OAuth::Helper.escape(given), message
|
85
|
+
end
|
86
|
+
end
|
@@ -0,0 +1,77 @@
|
|
1
|
+
require File.expand_path('../../../oauth_case', __FILE__)
|
2
|
+
|
3
|
+
# See http://oauth.net/core/1.0/#anchor14
|
4
|
+
#
|
5
|
+
# 9.1. Signature Base String
|
6
|
+
#
|
7
|
+
# The Signature Base String is a consistent reproducible concatenation of the request elements
|
8
|
+
# into a single string. The string is used as an input in hashing or signing algorithms. The
|
9
|
+
# HMAC-SHA1 signature method provides both a standard and an example of using the Signature
|
10
|
+
# Base String with a signing algorithm to generate signatures. All the request parameters MUST
|
11
|
+
# be encoded as described in Parameter Encoding prior to constructing the Signature Base String.
|
12
|
+
#
|
13
|
+
|
14
|
+
class SignatureBaseStringTest < OAuthCase
|
15
|
+
|
16
|
+
def test_A_5_1
|
17
|
+
parameters={
|
18
|
+
'oauth_consumer_key'=>'dpf43f3p2l4k3l03',
|
19
|
+
'oauth_token'=>'nnch734d00sl2jdk',
|
20
|
+
'oauth_signature_method'=>'HMAC-SHA1',
|
21
|
+
'oauth_timestamp'=>'1191242096',
|
22
|
+
'oauth_nonce'=>'kllo9940pd9333jh',
|
23
|
+
'oauth_version'=>'1.0',
|
24
|
+
'file'=>'vacation.jpg',
|
25
|
+
'size'=>'original'
|
26
|
+
}
|
27
|
+
sbs='GET&http%3A%2F%2Fphotos.example.net%2Fphotos&file%3Dvacation.jpg%26oauth_consumer_key%3Ddpf43f3p2l4k3l03%26oauth_nonce%3Dkllo9940pd9333jh%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1191242096%26oauth_token%3Dnnch734d00sl2jdk%26oauth_version%3D1.0%26size%3Doriginal'
|
28
|
+
|
29
|
+
assert_signature_base_string sbs,parameters,'GET',"http://photos.example.net/photos"
|
30
|
+
end
|
31
|
+
|
32
|
+
# These are from the wiki http://wiki.oauth.net/TestCases
|
33
|
+
# in the section Concatenate Test Elements
|
34
|
+
|
35
|
+
def test_wiki_1_simple_with_ending_slash
|
36
|
+
parameters={
|
37
|
+
'n'=>'v'
|
38
|
+
}
|
39
|
+
sbs='GET&http%3A%2F%2Fexample.com%2F&n%3Dv'
|
40
|
+
|
41
|
+
assert_signature_base_string sbs,parameters,'GET',"http://example.com/"
|
42
|
+
end
|
43
|
+
|
44
|
+
|
45
|
+
def test_wiki_2_simple_without_ending_slash
|
46
|
+
parameters={
|
47
|
+
'n'=>'v'
|
48
|
+
}
|
49
|
+
sbs='GET&http%3A%2F%2Fexample.com%2F&n%3Dv'
|
50
|
+
|
51
|
+
assert_signature_base_string sbs,parameters,'GET',"http://example.com"
|
52
|
+
end
|
53
|
+
|
54
|
+
def test_wiki_2_request_token
|
55
|
+
parameters={
|
56
|
+
'oauth_version'=>'1.0',
|
57
|
+
'oauth_consumer_key'=>'dpf43f3p2l4k3l03',
|
58
|
+
'oauth_timestamp'=>'1191242090',
|
59
|
+
'oauth_nonce'=>'hsu94j3884jdopsl',
|
60
|
+
'oauth_signature_method'=>'PLAINTEXT',
|
61
|
+
'oauth_signature'=>'ignored' }
|
62
|
+
sbs='POST&https%3A%2F%2Fphotos.example.net%2Frequest_token&oauth_consumer_key%3Ddpf43f3p2l4k3l03%26oauth_nonce%3Dhsu94j3884jdopsl%26oauth_signature_method%3DPLAINTEXT%26oauth_timestamp%3D1191242090%26oauth_version%3D1.0'
|
63
|
+
|
64
|
+
assert_signature_base_string sbs,parameters,'POST',"https://photos.example.net/request_token"
|
65
|
+
end
|
66
|
+
|
67
|
+
protected
|
68
|
+
|
69
|
+
|
70
|
+
def assert_signature_base_string(expected,params={},method='GET',uri="http://photos.example.net/photos",message="Signature Base String does not match")
|
71
|
+
assert_equal expected, signature_base_string(params,method,uri), message
|
72
|
+
end
|
73
|
+
|
74
|
+
def signature_base_string(params={},method='GET',uri="http://photos.example.net/photos")
|
75
|
+
request(params,method,uri).signature_base_string
|
76
|
+
end
|
77
|
+
end
|
@@ -0,0 +1,307 @@
|
|
1
|
+
require File.expand_path('../../test_helper', __FILE__)
|
2
|
+
|
3
|
+
module Integration
|
4
|
+
class ConsumerTest < Test::Unit::TestCase
|
5
|
+
def setup
|
6
|
+
@consumer=OAuth::Consumer.new(
|
7
|
+
'consumer_key_86cad9', '5888bf0345e5d237',
|
8
|
+
{
|
9
|
+
:site=>"http://blabla.bla",
|
10
|
+
:proxy=>"http://user:password@proxy.bla:8080",
|
11
|
+
:request_token_path=>"/oauth/example/request_token.php",
|
12
|
+
:access_token_path=>"/oauth/example/access_token.php",
|
13
|
+
:authorize_path=>"/oauth/example/authorize.php",
|
14
|
+
:scheme=>:header,
|
15
|
+
:http_method=>:get
|
16
|
+
})
|
17
|
+
@token = OAuth::ConsumerToken.new(@consumer,'token_411a7f', '3196ffd991c8ebdb')
|
18
|
+
@request_uri = URI.parse('http://example.com/test?key=value')
|
19
|
+
@request_parameters = { 'key' => 'value' }
|
20
|
+
@nonce = 225579211881198842005988698334675835446
|
21
|
+
@timestamp = "1199645624"
|
22
|
+
@consumer.http=Net::HTTP.new(@request_uri.host, @request_uri.port)
|
23
|
+
end
|
24
|
+
|
25
|
+
def test_that_signing_auth_headers_on_get_requests_works
|
26
|
+
request = Net::HTTP::Get.new(@request_uri.path + "?" + request_parameters_to_s)
|
27
|
+
@token.sign!(request, {:nonce => @nonce, :timestamp => @timestamp})
|
28
|
+
|
29
|
+
assert_equal 'GET', request.method
|
30
|
+
assert_equal '/test?key=value', request.path
|
31
|
+
assert_equal "OAuth oauth_nonce=\"225579211881198842005988698334675835446\", oauth_signature_method=\"HMAC-SHA1\", oauth_token=\"token_411a7f\", oauth_timestamp=\"1199645624\", oauth_consumer_key=\"consumer_key_86cad9\", oauth_signature=\"1oO2izFav1GP4kEH2EskwXkCRFg%3D\", oauth_version=\"1.0\"".delete(',').split.sort, request['authorization'].delete(',').split.sort
|
32
|
+
end
|
33
|
+
|
34
|
+
def test_that_setting_signature_method_on_consumer_effects_signing
|
35
|
+
require 'oauth/signature/plaintext'
|
36
|
+
request = Net::HTTP::Get.new(@request_uri.path)
|
37
|
+
consumer = @consumer.dup
|
38
|
+
consumer.options[:signature_method] = 'PLAINTEXT'
|
39
|
+
token = OAuth::ConsumerToken.new(consumer, 'token_411a7f', '3196ffd991c8ebdb')
|
40
|
+
token.sign!(request, {:nonce => @nonce, :timestamp => @timestamp})
|
41
|
+
|
42
|
+
assert_no_match( /oauth_signature_method="HMAC-SHA1"/, request['authorization'])
|
43
|
+
assert_match( /oauth_signature_method="PLAINTEXT"/, request['authorization'])
|
44
|
+
end
|
45
|
+
|
46
|
+
def test_that_setting_signature_method_on_consumer_effects_signature_base_string
|
47
|
+
require 'oauth/signature/plaintext'
|
48
|
+
request = Net::HTTP::Get.new(@request_uri.path)
|
49
|
+
consumer = @consumer.dup
|
50
|
+
consumer.options[:signature_method] = 'PLAINTEXT'
|
51
|
+
|
52
|
+
request = Net::HTTP::Get.new('/')
|
53
|
+
signature_base_string = consumer.signature_base_string(request)
|
54
|
+
|
55
|
+
assert_no_match( /HMAC-SHA1/, signature_base_string)
|
56
|
+
assert_equal( "#{consumer.secret}&", signature_base_string)
|
57
|
+
end
|
58
|
+
|
59
|
+
def test_that_plaintext_signature_works
|
60
|
+
# Invalid test because server expects double-escaped signature
|
61
|
+
require 'oauth/signature/plaintext'
|
62
|
+
# consumer = OAuth::Consumer.new("key", "secret",
|
63
|
+
# :site => "http://term.ie", :signature_method => 'PLAINTEXT')
|
64
|
+
# access_token = OAuth::AccessToken.new(consumer, 'accesskey', 'accesssecret')
|
65
|
+
# response = access_token.get("/oauth/example/echo_api.php?echo=hello")
|
66
|
+
|
67
|
+
# assert_equal 'echo=hello', response.body
|
68
|
+
end
|
69
|
+
|
70
|
+
def test_that_signing_auth_headers_on_post_requests_works
|
71
|
+
request = Net::HTTP::Post.new(@request_uri.path)
|
72
|
+
request.set_form_data( @request_parameters )
|
73
|
+
@token.sign!(request, {:nonce => @nonce, :timestamp => @timestamp})
|
74
|
+
# assert_equal "",request.oauth_helper.signature_base_string
|
75
|
+
|
76
|
+
assert_equal 'POST', request.method
|
77
|
+
assert_equal '/test', request.path
|
78
|
+
assert_equal 'key=value', request.body
|
79
|
+
assert_equal "OAuth oauth_nonce=\"225579211881198842005988698334675835446\", oauth_signature_method=\"HMAC-SHA1\", oauth_token=\"token_411a7f\", oauth_timestamp=\"1199645624\", oauth_consumer_key=\"consumer_key_86cad9\", oauth_signature=\"26g7wHTtNO6ZWJaLltcueppHYiI%3D\", oauth_version=\"1.0\"".delete(',').split.sort, request['authorization'].delete(',').split.sort
|
80
|
+
end
|
81
|
+
|
82
|
+
def test_that_signing_post_params_works
|
83
|
+
request = Net::HTTP::Post.new(@request_uri.path)
|
84
|
+
request.set_form_data( @request_parameters )
|
85
|
+
@token.sign!(request, {:scheme => 'body', :nonce => @nonce, :timestamp => @timestamp})
|
86
|
+
|
87
|
+
assert_equal 'POST', request.method
|
88
|
+
assert_equal '/test', request.path
|
89
|
+
assert_match /key=value&oauth_consumer_key=consumer_key_86cad9&oauth_nonce=225579211881198842005988698334675835446&oauth_signature=26g7wHTtNO6ZWJaLltcueppHYiI%3[Dd]&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1199645624&oauth_token=token_411a7f&oauth_version=1.0/, request.body.split("&").sort.join("&")
|
90
|
+
assert_equal nil, request['authorization']
|
91
|
+
end
|
92
|
+
|
93
|
+
def test_that_using_auth_headers_on_get_on_create_signed_requests_works
|
94
|
+
request=@consumer.create_signed_request(:get,@request_uri.path+ "?" + request_parameters_to_s,@token,{:nonce => @nonce, :timestamp => @timestamp},@request_parameters)
|
95
|
+
|
96
|
+
assert_equal 'GET', request.method
|
97
|
+
assert_equal '/test?key=value', request.path
|
98
|
+
assert_equal "OAuth oauth_nonce=\"225579211881198842005988698334675835446\", oauth_signature_method=\"HMAC-SHA1\", oauth_token=\"token_411a7f\", oauth_timestamp=\"1199645624\", oauth_consumer_key=\"consumer_key_86cad9\", oauth_signature=\"1oO2izFav1GP4kEH2EskwXkCRFg%3D\", oauth_version=\"1.0\"".delete(',').split.sort, request['authorization'].delete(',').split.sort
|
99
|
+
end
|
100
|
+
|
101
|
+
def test_that_using_auth_headers_on_post_on_create_signed_requests_works
|
102
|
+
request=@consumer.create_signed_request(:post,@request_uri.path,@token,{:nonce => @nonce, :timestamp => @timestamp},@request_parameters,{})
|
103
|
+
assert_equal 'POST', request.method
|
104
|
+
assert_equal '/test', request.path
|
105
|
+
assert_equal 'key=value', request.body
|
106
|
+
assert_equal "OAuth oauth_nonce=\"225579211881198842005988698334675835446\", oauth_signature_method=\"HMAC-SHA1\", oauth_token=\"token_411a7f\", oauth_timestamp=\"1199645624\", oauth_consumer_key=\"consumer_key_86cad9\", oauth_signature=\"26g7wHTtNO6ZWJaLltcueppHYiI%3D\", oauth_version=\"1.0\"".delete(',').split.sort, request['authorization'].delete(',').split.sort
|
107
|
+
end
|
108
|
+
|
109
|
+
def test_that_signing_post_params_works_2
|
110
|
+
request=@consumer.create_signed_request(:post,@request_uri.path,@token,{:scheme => 'body', :nonce => @nonce, :timestamp => @timestamp},@request_parameters,{})
|
111
|
+
|
112
|
+
assert_equal 'POST', request.method
|
113
|
+
assert_equal '/test', request.path
|
114
|
+
assert_match /key=value&oauth_consumer_key=consumer_key_86cad9&oauth_nonce=225579211881198842005988698334675835446&oauth_signature=26g7wHTtNO6ZWJaLltcueppHYiI%3[Dd]&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1199645624&oauth_token=token_411a7f&oauth_version=1.0/, request.body.split("&").sort.join("&")
|
115
|
+
assert_equal nil, request['authorization']
|
116
|
+
end
|
117
|
+
|
118
|
+
def test_step_by_step_token_request
|
119
|
+
stub_test_ie
|
120
|
+
|
121
|
+
@consumer=OAuth::Consumer.new(
|
122
|
+
"key",
|
123
|
+
"secret",
|
124
|
+
{
|
125
|
+
:site=>"http://term.ie",
|
126
|
+
:request_token_path=>"/oauth/example/request_token.php",
|
127
|
+
:access_token_path=>"/oauth/example/access_token.php",
|
128
|
+
:authorize_path=>"/oauth/example/authorize.php",
|
129
|
+
:scheme=>:header
|
130
|
+
})
|
131
|
+
options={:nonce=>'nonce',:timestamp=>Time.now.to_i.to_s}
|
132
|
+
|
133
|
+
request = Net::HTTP::Get.new("/oauth/example/request_token.php")
|
134
|
+
signature_base_string=@consumer.signature_base_string(request,nil,options)
|
135
|
+
assert_equal "GET&http%3A%2F%2Fterm.ie%2Foauth%2Fexample%2Frequest_token.php&oauth_consumer_key%3Dkey%26oauth_nonce%3D#{options[:nonce]}%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D#{options[:timestamp]}%26oauth_version%3D1.0",signature_base_string
|
136
|
+
@consumer.sign!(request, nil,options)
|
137
|
+
|
138
|
+
assert_equal 'GET', request.method
|
139
|
+
assert_equal nil, request.body
|
140
|
+
response=@consumer.http.request(request)
|
141
|
+
assert_equal "200",response.code
|
142
|
+
assert_equal "oauth_token=requestkey&oauth_token_secret=requestsecret",response.body
|
143
|
+
end
|
144
|
+
|
145
|
+
def test_get_token_sequence
|
146
|
+
stub_test_ie
|
147
|
+
|
148
|
+
@consumer=OAuth::Consumer.new(
|
149
|
+
"key",
|
150
|
+
"secret",
|
151
|
+
{
|
152
|
+
:site=>"http://term.ie",
|
153
|
+
:request_token_path=>"/oauth/example/request_token.php",
|
154
|
+
:access_token_path=>"/oauth/example/access_token.php",
|
155
|
+
:authorize_path=>"/oauth/example/authorize.php"
|
156
|
+
})
|
157
|
+
assert_equal "http://term.ie/oauth/example/request_token.php",@consumer.request_token_url
|
158
|
+
assert_equal "http://term.ie/oauth/example/access_token.php",@consumer.access_token_url
|
159
|
+
|
160
|
+
assert !@consumer.request_token_url?, "Should not use fully qualified request token url"
|
161
|
+
assert !@consumer.access_token_url?, "Should not use fully qualified access token url"
|
162
|
+
assert !@consumer.authorize_url?, "Should not use fully qualified url"
|
163
|
+
|
164
|
+
@request_token=@consumer.get_request_token
|
165
|
+
assert_not_nil @request_token
|
166
|
+
assert_equal "requestkey",@request_token.token
|
167
|
+
assert_equal "requestsecret",@request_token.secret
|
168
|
+
assert_equal "http://term.ie/oauth/example/authorize.php?oauth_token=requestkey",@request_token.authorize_url
|
169
|
+
|
170
|
+
@access_token=@request_token.get_access_token
|
171
|
+
assert_not_nil @access_token
|
172
|
+
assert_equal "accesskey",@access_token.token
|
173
|
+
assert_equal "accesssecret",@access_token.secret
|
174
|
+
|
175
|
+
@response=@access_token.get("/oauth/example/echo_api.php?ok=hello&test=this")
|
176
|
+
assert_not_nil @response
|
177
|
+
assert_equal "200",@response.code
|
178
|
+
assert_equal( "ok=hello&test=this",@response.body)
|
179
|
+
|
180
|
+
@response=@access_token.post("/oauth/example/echo_api.php",{'ok'=>'hello','test'=>'this'})
|
181
|
+
assert_not_nil @response
|
182
|
+
assert_equal "200",@response.code
|
183
|
+
assert_equal( "ok=hello&test=this",@response.body)
|
184
|
+
end
|
185
|
+
|
186
|
+
def test_get_token_sequence_using_fqdn
|
187
|
+
stub_test_ie
|
188
|
+
|
189
|
+
@consumer=OAuth::Consumer.new(
|
190
|
+
"key",
|
191
|
+
"secret",
|
192
|
+
{
|
193
|
+
:site=>"http://term.ie",
|
194
|
+
:request_token_url=>"http://term.ie/oauth/example/request_token.php",
|
195
|
+
:access_token_url=>"http://term.ie/oauth/example/access_token.php",
|
196
|
+
:authorize_url=>"http://term.ie/oauth/example/authorize.php"
|
197
|
+
})
|
198
|
+
assert_equal "http://term.ie/oauth/example/request_token.php",@consumer.request_token_url
|
199
|
+
assert_equal "http://term.ie/oauth/example/access_token.php",@consumer.access_token_url
|
200
|
+
|
201
|
+
assert @consumer.request_token_url?, "Should use fully qualified request token url"
|
202
|
+
assert @consumer.access_token_url?, "Should use fully qualified access token url"
|
203
|
+
assert @consumer.authorize_url?, "Should use fully qualified url"
|
204
|
+
|
205
|
+
@request_token=@consumer.get_request_token
|
206
|
+
assert_not_nil @request_token
|
207
|
+
assert_equal "requestkey",@request_token.token
|
208
|
+
assert_equal "requestsecret",@request_token.secret
|
209
|
+
assert_equal "http://term.ie/oauth/example/authorize.php?oauth_token=requestkey",@request_token.authorize_url
|
210
|
+
|
211
|
+
@access_token=@request_token.get_access_token
|
212
|
+
assert_not_nil @access_token
|
213
|
+
assert_equal "accesskey",@access_token.token
|
214
|
+
assert_equal "accesssecret",@access_token.secret
|
215
|
+
|
216
|
+
@response=@access_token.get("/oauth/example/echo_api.php?ok=hello&test=this")
|
217
|
+
assert_not_nil @response
|
218
|
+
assert_equal "200",@response.code
|
219
|
+
assert_equal( "ok=hello&test=this",@response.body)
|
220
|
+
|
221
|
+
@response=@access_token.post("/oauth/example/echo_api.php",{'ok'=>'hello','test'=>'this'})
|
222
|
+
assert_not_nil @response
|
223
|
+
assert_equal "200",@response.code
|
224
|
+
assert_equal( "ok=hello&test=this",@response.body)
|
225
|
+
end
|
226
|
+
|
227
|
+
|
228
|
+
# This test does an actual https request (the result doesn't matter)
|
229
|
+
# to initialize the same way as get_request_token does. Can be any
|
230
|
+
# site that supports https.
|
231
|
+
#
|
232
|
+
# It also generates "warning: using default DH parameters." which I
|
233
|
+
# don't know how to get rid of
|
234
|
+
# def test_serialization_with_https
|
235
|
+
# consumer = OAuth::Consumer.new('token', 'secret', :site => 'https://plazes.net')
|
236
|
+
# consumer.http.verify_mode = OpenSSL::SSL::VERIFY_NONE
|
237
|
+
# consumer.http.get('/')
|
238
|
+
#
|
239
|
+
# assert_nothing_raised do
|
240
|
+
# # Specifically this should not raise TypeError: no marshal_dump
|
241
|
+
# # is defined for class OpenSSL::SSL::SSLContext
|
242
|
+
# Marshal.dump(consumer)
|
243
|
+
# end
|
244
|
+
# end
|
245
|
+
#
|
246
|
+
def test_get_request_token_with_custom_arguments
|
247
|
+
stub_test_ie
|
248
|
+
|
249
|
+
@consumer=OAuth::Consumer.new(
|
250
|
+
"key",
|
251
|
+
"secret",
|
252
|
+
{
|
253
|
+
:site=>"http://term.ie",
|
254
|
+
:request_token_path=>"/oauth/example/request_token.php",
|
255
|
+
:access_token_path=>"/oauth/example/access_token.php",
|
256
|
+
:authorize_path=>"/oauth/example/authorize.php"
|
257
|
+
})
|
258
|
+
|
259
|
+
@consumer.get_request_token({}, {:scope => "http://www.google.com/calendar/feeds http://picasaweb.google.com/data"})
|
260
|
+
|
261
|
+
# Because this is a POST request, create_http_request should take the first element of *arguments
|
262
|
+
# and turn it into URL-encoded data in the body of the POST.
|
263
|
+
end
|
264
|
+
|
265
|
+
def test_post_with_body_stream
|
266
|
+
stub_test_ie
|
267
|
+
|
268
|
+
@consumer=OAuth::Consumer.new(
|
269
|
+
"key",
|
270
|
+
"secret",
|
271
|
+
{
|
272
|
+
:site=>"http://term.ie",
|
273
|
+
:request_token_path=>"/oauth/example/request_token.php",
|
274
|
+
:access_token_path=>"/oauth/example/access_token.php",
|
275
|
+
:authorize_path=>"/oauth/example/authorize.php"
|
276
|
+
})
|
277
|
+
|
278
|
+
|
279
|
+
@request_token=@consumer.get_request_token
|
280
|
+
@access_token=@request_token.get_access_token
|
281
|
+
|
282
|
+
request_body_string = "Hello, hello, hello"
|
283
|
+
request_body_stream = StringIO.new( request_body_string )
|
284
|
+
|
285
|
+
@response=@access_token.post("/oauth/example/echo_api.php",request_body_stream)
|
286
|
+
assert_not_nil @response
|
287
|
+
assert_equal "200",@response.code
|
288
|
+
|
289
|
+
request_body_file = File.open(__FILE__)
|
290
|
+
|
291
|
+
@response=@access_token.post("/oauth/example/echo_api.php",request_body_file)
|
292
|
+
assert_not_nil @response
|
293
|
+
assert_equal "200",@response.code
|
294
|
+
|
295
|
+
# unfortunately I don't know of a way to test that the body data was received correctly since the test server at http://term.ie
|
296
|
+
# echos back any non-oauth parameters but not the body. However, this does test that the request is still correctly signed
|
297
|
+
# (including the Content-Length header) and that the server received Content-Length bytes of body since it won't process the
|
298
|
+
# request & respond until the full body length is received.
|
299
|
+
end
|
300
|
+
|
301
|
+
private
|
302
|
+
|
303
|
+
def request_parameters_to_s
|
304
|
+
@request_parameters.map { |k,v| "#{k}=#{v}" }.join("&")
|
305
|
+
end
|
306
|
+
end
|
307
|
+
end
|