oauthenticator 0.1.4 → 1.0.0

data/test/parse_authorization_test.rb

@@ -0,0 +1,86 @@
+# encoding: utf-8
+proc { |p| $:.unshift(p) unless $:.any? { |lp| File.expand_path(lp) == p } }.call(File.expand_path('.', File.dirname(__FILE__)))
+require 'helper'
+
+describe 'OAuthenticator.parse_authorization' do
+  let :spec_authorization do
+    %q(OAuth realm="Example",
+      oauth_consumer_key="9djdj82h48djs9d2",
+      oauth_token="kkk9d7dh3k39sjv7",
+      oauth_signature_method="HMAC-SHA1",
+      oauth_timestamp="137131201",
+      oauth_nonce="7d8f3e4a",
+      oauth_signature="r6%2FTJjbCOr97%2F%2BUU0NsvSne7s5g%3D"
+    )
+  end
+  let :spec_authorization_hash do
+    {
+      'realm' => "Example",
+      'oauth_consumer_key' => "9djdj82h48djs9d2",
+      'oauth_token' => "kkk9d7dh3k39sjv7",
+      'oauth_signature_method' => "HMAC-SHA1",
+      'oauth_timestamp' => "137131201",
+      'oauth_nonce' => "7d8f3e4a",
+      'oauth_signature' => "r6/TJjbCOr97/+UU0NsvSne7s5g=",
+    }
+  end
+
+  it 'parses the example in the spec' do
+    assert_equal(spec_authorization_hash, OAuthenticator.parse_authorization(spec_authorization))
+  end
+  it 'parses the authorization SignableRequest calculates' do
+    request = OAuthenticator::SignableRequest.new({
+      :request_method => 'POST',
+      :uri => 'http://example.com/request?b5=%3D%253D&a3=a&c%40=&a2=r%20b',
+      :media_type => 'application/x-www-form-urlencoded',
+      :body => 'c2&a3=2+q',
+      :authorization => spec_authorization_hash,
+      :consumer_secret => 'j49sk3j29djd',
+      :token_secret => 'dh893hdasih9',
+    })
+    assert_equal(spec_authorization_hash, OAuthenticator.parse_authorization(request.authorization))
+  end
+
+  describe 'optional linear white space' do
+    { :space =>           %q(OAuth a="b", c="d", e="f"),
+      :spaces =>          %q(OAuth a="b",    c="d",   e="f" ),
+      :tab =>             %q(OAuth a="b",	c="d",	e="f"),
+      :tabs =>            %q(OAuth a="b",		c="d",			e="f"),
+      :tabs_and_spaces => %q(OAuth a="b",		 c="d",   	e="f"),
+      :none =>            %q(OAuth a="b",c="d",e="f"),
+    }.map do |name, authorization|
+      it "parses with #{name}" do
+        assert_equal({'a' => 'b', 'c' => 'd', 'e' => 'f'}, OAuthenticator.parse_authorization(authorization))
+      end
+    end
+  end
+
+  it "handles commas inside quoted values" do
+    # note that this is invalid according to the spec; commas should be %-encoded, but this is accepted in 
+    # the interests of robustness and consistency (other characters are accepted when they should really be 
+    # escaped). 
+    header_with_commas = 'OAuth oauth_consumer_key="a,bcd", oauth_nonce="o,LKtec51GQy", oauth_signature="efgh%2Cmnop"'
+    assert_equal({'oauth_consumer_key' => "a,bcd", 'oauth_nonce' => "o,LKtec51GQy", 'oauth_signature' => "efgh,mnop"},
+      OAuthenticator.parse_authorization(header_with_commas))
+  end
+
+  it "raises ParseError on input without a comma between key/value pairs" do
+    assert_raises(OAuthenticator::ParseError) do
+      OAuthenticator.parse_authorization(%q(OAuth oauth_consumer_key="k" oauth_nonce="n"))
+    end
+  end
+
+  it "raises ParseError on malformed input" do
+    assert_raises(OAuthenticator::ParseError) { OAuthenticator.parse_authorization(%q(OAuth huh=/)) }
+  end
+
+  it "raises ParseError when the header does not start with 'OAuth '" do
+    assert_raises(OAuthenticator::ParseError) { OAuthenticator.parse_authorization(%q(FooAuth foo="baz")) }
+  end
+
+  it "raises DuplicatedParameter when the header contains duplicated parameters" do
+    assert_raises(OAuthenticator::DuplicatedParameters) do
+      OAuthenticator.parse_authorization(%q(OAuth oauth_nonce="a", oauth_nonce="b"))
+    end
+  end
+end

data/test/{oauthenticator_test.rb → rack_authenticator_test.rb}

@@ -2,77 +2,13 @@
 proc { |p| $:.unshift(p) unless $:.any? { |lp| File.expand_path(lp) == p } }.call(File.expand_path('.', File.dirname(__FILE__)))
 require 'helper'
 
-# config methods for testing OAuthenticator. simple 
-module OAuthenticatorTestConfigMethods
-  class << self
-    # a set of nonces
-    define_method(:nonces) { @nonces ||= Set.new }
-    # a Hash keyed by consumer keys with values of consumer secrets
-    define_method(:consumer_secrets) { @consumer_secrets ||= {} }
-    # a Hash keyed by access tokens with values of access token secrets 
-    define_method(:access_token_secrets) { @access_token_secrets ||= {} }
-    # a Hash keyed by access tokens with values of consumer keys
-    define_method(:access_token_consumers) { @access_token_consumers ||= {} }
-  end
-
-  def nonce_used?
-    OAuthenticatorTestConfigMethods.nonces.include?(oauth_header_params[:nonce])
-  end
-
-  def use_nonce!
-    OAuthenticatorTestConfigMethods.nonces << oauth_header_params[:nonce]
-  end
-
-  def timestamp_valid_period
-    10
-  end
-
-  def allowed_signature_methods
-    %w(HMAC-SHA1 RSA-SHA1 PLAINTEXT)
-  end
-
-  def consumer_secret
-    OAuthenticatorTestConfigMethods.consumer_secrets[oauth_header_params[:consumer_key]]
-  end
-
-  def access_token_secret
-    OAuthenticatorTestConfigMethods.access_token_secrets[oauth_header_params[:token]]
-  end
-
-  def access_token_belongs_to_consumer?
-    OAuthenticatorTestConfigMethods.access_token_consumers[oauth_header_params[:token]] == oauth_header_params[:consumer_key]
-  end
-end
-
-describe OAuthenticator::Middleware do
+describe OAuthenticator::RackAuthenticator do
   # act like a database cleaner
   after do
-    [:nonces, :consumer_secrets, :access_token_secrets, :access_token_consumers].each do |db|
+    [:nonces, :consumer_secrets, :token_secrets, :token_consumers].each do |db|
       OAuthenticatorTestConfigMethods.send(db).clear
     end
-
-    Timecop.return
-  end
-
-  let(:simpleapp) { proc { |env| [200, {}, ['☺']] } }
-  let(:oapp) { OAuthenticator::Middleware.new(simpleapp, :config_methods => OAuthenticatorTestConfigMethods) }
-
-  let(:consumer) do
-    {:key => "test_client_app_key", :secret => "test_client_app_secret"}.tap do |consumer|
-      OAuthenticatorTestConfigMethods.consumer_secrets[consumer[:key]] = consumer[:secret]
-    end
-  end
-  let(:consumer_key) { consumer[:key] }
-  let(:consumer_secret) { consumer[:secret] }
-
-  let(:access_token_hash) do
-    {:token => 'test_access_token', :secret => 'test_access_token_secret', :consumer_key => consumer_key}.tap do |hash|
-      OAuthenticatorTestConfigMethods.access_token_secrets[hash[:token]] = hash[:secret]
-      OAuthenticatorTestConfigMethods.access_token_consumers[hash[:token]] = hash[:consumer_key]
-    end
   end
-  let(:access_token) { access_token_hash[:token] }
-  let(:access_token_secret) { access_token_hash[:secret] }
 
   def assert_response(expected_status, expected_body, actual_status, actual_headers, actual_body)
     actual_body_s = actual_body.to_enum.to_a.join
@@ -83,27 +19,31 @@ describe OAuthenticator::Middleware do
 
   it 'makes a valid two-legged signed request (generated)' do
     request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'GET'))
-    request.env['HTTP_AUTHORIZATION'] = SimpleOAuth::Header.new(
-      request.request_method,
-      request.url,
-      nil,
-      {:consumer_key => consumer_key, :consumer_secret => consumer_secret}
-    ).to_s
+    request.env['HTTP_AUTHORIZATION'] = OAuthenticator::SignableRequest.new({
+      :request_method => request.request_method,
+      :uri => request.url,
+      :media_type => request.media_type,
+      :body => request.body,
+      :signature_method => 'HMAC-SHA1',
+      :consumer_key => consumer_key,
+      :consumer_secret => consumer_secret,
+    }).authorization
     assert_response(200, '☺', *oapp.call(request.env))
   end
 
-  it 'makes a valid two-legged signed request with a blank access token (generated)' do
+  it 'makes a valid two-legged signed request with a blank token (generated)' do
     request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'GET'))
-    request.env['HTTP_AUTHORIZATION'] = SimpleOAuth::Header.new(
-      request.request_method,
-      request.url,
-      nil,
-      { :consumer_key => consumer_key,
-        :consumer_secret => consumer_secret,
-        :token => '',
-        :token_secret => '',
-      }
-    ).to_s
+    request.env['HTTP_AUTHORIZATION'] = OAuthenticator::SignableRequest.new({
+      :request_method => request.request_method,
+      :uri => request.url,
+      :media_type => request.media_type,
+      :body => request.body,
+      :signature_method => 'HMAC-SHA1',
+      :consumer_key => consumer_key,
+      :consumer_secret => consumer_secret,
+      :token => '',
+      :token_secret => '',
+    }).authorization
     assert_response(200, '☺', *oapp.call(request.env))
   end
 
@@ -113,27 +53,31 @@ describe OAuthenticator::Middleware do
       :input => 'a=b&a=c',
       'CONTENT_TYPE' => 'application/x-www-form-urlencoded; charset=UTF8',
     ))
-    request.env['HTTP_AUTHORIZATION'] = SimpleOAuth::Header.new(
-      request.request_method,
-      request.url,
-      [['a', 'b'], ['a', 'c']],
-      {:consumer_key => consumer_key, :consumer_secret => consumer_secret}
-    ).to_s
+    request.env['HTTP_AUTHORIZATION'] = OAuthenticator::SignableRequest.new({
+      :request_method => request.request_method,
+      :uri => request.url,
+      :media_type => request.media_type,
+      :body => request.body,
+      :signature_method => 'HMAC-SHA1',
+      :consumer_key => consumer_key,
+      :consumer_secret => consumer_secret
+    }).authorization
     assert_response(200, '☺', *oapp.call(request.env))
   end
 
   it 'makes a valid three-legged signed request (generated)' do
     request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'GET'))
-    request.env['HTTP_AUTHORIZATION'] = SimpleOAuth::Header.new(
-      request.request_method,
-      request.url,
-      nil,
-      { :consumer_key => consumer_key,
-        :consumer_secret => consumer_secret,
-        :token => access_token,
-        :token_secret => access_token_secret,
-      }
-    ).to_s
+    request.env['HTTP_AUTHORIZATION'] = OAuthenticator::SignableRequest.new({
+      :request_method => request.request_method,
+      :uri => request.url,
+      :media_type => request.media_type,
+      :body => request.body,
+      :signature_method => 'HMAC-SHA1',
+      :consumer_key => consumer_key,
+      :consumer_secret => consumer_secret,
+      :token => token,
+      :token_secret => token_secret,
+    }).authorization
     assert_response(200, '☺', *oapp.call(request.env))
   end
 
@@ -156,15 +100,15 @@ describe OAuthenticator::Middleware do
     it "makes a valid signed three-legged request (static #{i})" do
       Timecop.travel Time.at 1391021695
       consumer # cause this to be created
-      access_token_hash # cause this to be created
+      token_hash # cause this to be created
       request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'GET'))
       request.env['HTTP_AUTHORIZATION'] = %q(OAuth ) +
         %q(oauth_consumer_key="test_client_app_key", ) +
         %q(oauth_nonce="6320851a8f4e18b2ac223497b0477f2e", ) +
-        %q(oauth_signature="B0sJjhfiXajEveqgjaRL3L60sCM%3D", ) +
+        %q(oauth_signature="MyfcvCJfiOHCdkdwFOKtfwoOPqE%3D", ) +
         %q(oauth_signature_method="HMAC-SHA1", ) +
         %q(oauth_timestamp="1391021695", ) +
-        %q(oauth_token="test_access_token", ) +
+        %q(oauth_token="test_token", ) +
         %q(oauth_version="1.0")
       assert_response(200, '☺', *oapp.call(request.env))
     end
@@ -183,17 +127,16 @@ describe OAuthenticator::Middleware do
   end
 
   describe 'invalid Authorization header' do
-    if SimpleOAuth.const_defined?(:ParseError)
-      it 'does not prefix with oauth_' do
-        assert_response(401, /Could not parse Authorization header/, *oapp.call({'HTTP_AUTHORIZATION' => %q(OAuth client_app_key="test_client_app_key")}))
-      end
-      it 'has something unparseable' do
-        assert_response(401, /Could not parse Authorization header/, *oapp.call({'HTTP_AUTHORIZATION' => %q(OAuth <client-app-key>test_client_app_key</client-app-key>)}))
-      end
-    else
-      it 'has something unparseable' do
-        assert_response(401, /Authorization header is not a properly-formed OAuth 1.0 header./, *oapp.call({'HTTP_AUTHORIZATION' => %q(OAuth <client-app-key>test_client_app_key</client-app-key>)}))
-      end
+    it 'has duplicate params' do
+      assert_response(
+        401,
+        /Received multiple instances of Authorization parameter oauth_version/,
+        *oapp.call({'HTTP_AUTHORIZATION' => %q(OAuth oauth_version="1.0", oauth_version="1.1")})
+      )
+    end
+
+    it 'has something unparseable' do
+      assert_response(401, /Could not parse Authorization header/, *oapp.call({'HTTP_AUTHORIZATION' => %q(OAuth <client-app-key>test_client_app_key</client-app-key>)}))
     end
   end
 
@@ -209,6 +152,18 @@ describe OAuthenticator::Middleware do
       %q(oauth_version="1.0")
     assert_response(401, /Authorization oauth_timestamp.*is missing/m, *oapp.call(request.env))
   end
+  it 'omits timestamp with PLAINTEXT' do
+    Timecop.travel Time.at 1391021695
+    consumer # cause this to be created
+    request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'GET'))
+    request.env['HTTP_AUTHORIZATION'] = %q(OAuth oauth_consumer_key="test_client_app_key", ) +
+      %q(oauth_nonce="c1c2bd8676d44e48691c8dceffa66a96", ) +
+      %q(oauth_signature="test_client_app_secret%26", ) +
+      %q(oauth_signature_method="PLAINTEXT", ) +
+      #%q(oauth_timestamp="1391021695", ) +
+      %q(oauth_version="1.0")
+    assert_response(200, '☺', *oapp.call(request.env))
+  end
   it 'has a non-integer timestamp' do
     Timecop.travel Time.at 1391021695
     consumer # cause this to be created
@@ -293,25 +248,25 @@ describe OAuthenticator::Middleware do
       %q(oauth_version="1.0")
     assert_response(401, /Authorization oauth_consumer_key.*is invalid/m, *oapp.call(request.env))
   end
-  it 'has an invalid access token' do
+  it 'has an invalid token' do
     Timecop.travel Time.at 1391021695
     consumer # cause this to be created
-    access_token_hash # cause this to be created
+    token_hash # cause this to be created
     request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'GET'))
     request.env['HTTP_AUTHORIZATION'] = %q(OAuth ) +
       %q(oauth_consumer_key="test_client_app_key", ) +
       %q(oauth_nonce="6320851a8f4e18b2ac223497b0477f2e", ) +
-      %q(oauth_signature="B0sJjhfiXajEveqgjaRL3L60sCM%3D", ) +
+      %q(oauth_signature="MyfcvCJfiOHCdkdwFOKtfwoOPqE%3D", ) +
       %q(oauth_signature_method="HMAC-SHA1", ) +
       %q(oauth_timestamp="1391021695", ) +
-      %q(oauth_token="nonexistent_access_token", ) +
+      %q(oauth_token="nonexistent_token", ) +
       %q(oauth_version="1.0")
     assert_response(401, /Authorization oauth_token.*is invalid/m, *oapp.call(request.env))
   end
-  it 'has an access token belonging to a different consumer key' do
+  it 'has a token belonging to a different consumer key' do
     Timecop.travel Time.at 1391021695
     consumer # cause this to be created
-    access_token_hash # cause this to be created
+    token_hash # cause this to be created
 
     OAuthenticatorTestConfigMethods.consumer_secrets["different_client_app_key"] = "different_client_app_secret"
 
@@ -322,7 +277,7 @@ describe OAuthenticator::Middleware do
       %q(oauth_signature="PVscPDg%2B%2FjAXRiahIggkeBpN5zI%3D", ) +
       %q(oauth_signature_method="HMAC-SHA1", ) +
       %q(oauth_timestamp="1391021695", ) +
-      %q(oauth_token="test_access_token", ) +
+      %q(oauth_token="test_token", ) +
       %q(oauth_version="1.0")
     assert_response(401, /Authorization oauth_token.*does not belong to the specified consumer/m, *oapp.call(request.env))
   end
@@ -338,6 +293,18 @@ describe OAuthenticator::Middleware do
       %q(oauth_version="1.0")
     assert_response(401, /Authorization oauth_nonce.*is missing/m, *oapp.call(request.env))
   end
+  it 'omits nonce with PLAINTEXT' do
+    Timecop.travel Time.at 1391021695
+    consumer # cause this to be created
+    request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'GET'))
+    request.env['HTTP_AUTHORIZATION'] = %q(OAuth oauth_consumer_key="test_client_app_key", ) +
+      #%q(oauth_nonce="c1c2bd8676d44e48691c8dceffa66a96", ) +
+      %q(oauth_signature="test_client_app_secret%26", ) +
+      %q(oauth_signature_method="PLAINTEXT", ) +
+      %q(oauth_timestamp="1391021695", ) +
+      %q(oauth_version="1.0")
+    assert_response(200, '☺', *oapp.call(request.env))
+  end
   it 'has an already-used nonce' do
     Timecop.travel Time.at 1391021695
     consumer # cause this to be created
@@ -400,29 +367,152 @@ describe OAuthenticator::Middleware do
     assert_response(401, /Authorization oauth_signature.*is invalid/m, *oapp.call(request.env))
   end
 
+  describe 'oauth_body_hash' do
+    it 'has a valid body hash' do
+      Timecop.travel Time.at 1391021695
+      consumer # cause this to be created
+      request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'PUT', :input => 'hello', 'CONTENT_TYPE' => 'text/plain'))
+      request.env['HTTP_AUTHORIZATION'] = %q(OAuth oauth_consumer_key="test_client_app_key", ) +
+        %q(oauth_nonce="c1c2bd8676d44e48691c8dceffa66a96", ) +
+        %q(oauth_signature="RkmgdKV4zUPAlY1%2BkjwPSuCSr%2F8%3D", ) +
+        %q(oauth_signature_method="HMAC-SHA1", ) +
+        %q(oauth_timestamp="1391021695", ) +
+        %q(oauth_version="1.0", ) +
+        %q(oauth_body_hash="qvTGHdzF6KLavt4PO0gs2a6pQ00%3D")
+      assert_response(200, '☺', *oapp.call(request.env))
+    end
+
+    it 'has an incorrect body hash' do
+      Timecop.travel Time.at 1391021695
+      consumer # cause this to be created
+      request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'PUT', :input => 'hello', 'CONTENT_TYPE' => 'text/plain'))
+      request.env['HTTP_AUTHORIZATION'] = %q(OAuth oauth_consumer_key="test_client_app_key", ) +
+        %q(oauth_nonce="c1c2bd8676d44e48691c8dceffa66a96", ) +
+        %q(oauth_signature="RkmgdKV4zUPAlY1%2BkjwPSuCSr%2F8%3D", ) +
+        %q(oauth_signature_method="HMAC-SHA1", ) +
+        %q(oauth_timestamp="1391021695", ) +
+        %q(oauth_version="1.0", ) +
+        %q(oauth_body_hash="yes this is authentic")
+      assert_response(401, /Authorization oauth_body_hash.*is invalid/m, *oapp.call(request.env))
+    end
+
+    it 'has a body hash when one is not allowed (even if it is correct)' do
+      Timecop.travel Time.at 1391021695
+      consumer # cause this to be created
+      request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'PUT', :input => 'hello', 'CONTENT_TYPE' => 'application/x-www-form-urlencoded'))
+      request.env['HTTP_AUTHORIZATION'] = %q(OAuth oauth_consumer_key="test_client_app_key", ) +
+        %q(oauth_nonce="c1c2bd8676d44e48691c8dceffa66a96", ) +
+        %q(oauth_signature="DG9qcuXaMPMx0fOcVFiUEPdYQnY%3D", ) +
+        %q(oauth_signature_method="HMAC-SHA1", ) +
+        %q(oauth_timestamp="1391021695", ) +
+        %q(oauth_version="1.0", ) +
+        %q(oauth_body_hash="qvTGHdzF6KLavt4PO0gs2a6pQ00%3D")
+      assert_response(401, /Authorization oauth_body_hash.*must not be included with form-encoded requests/m, *oapp.call(request.env))
+    end
+
+    it 'has a body hash with PLAINTEXT' do
+      Timecop.travel Time.at 1391021695
+      consumer # cause this to be created
+      request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'PUT', :input => 'hello', 'CONTENT_TYPE' => 'text/plain'))
+      request.env['HTTP_AUTHORIZATION'] = %q(OAuth oauth_consumer_key="test_client_app_key", ) +
+        %q(oauth_nonce="c1c2bd8676d44e48691c8dceffa66a96", ) +
+        %q(oauth_signature="test_client_app_secret%26", ) +
+        %q(oauth_signature_method="PLAINTEXT", ) +
+        %q(oauth_timestamp="1391021695", ) +
+        %q(oauth_version="1.0", ) +
+        %q(oauth_body_hash="qvTGHdzF6KLavt4PO0gs2a6pQ00%3D")
+      assert_response(200, '☺', *oapp.call(request.env))
+    end
+
+    describe 'body hash is required' do
+      let(:hashrequiredapp) do
+        hash_required_config = Module.new do
+          include OAuthenticatorTestConfigMethods
+          define_method(:body_hash_required?) { true }
+        end
+        OAuthenticator::RackAuthenticator.new(simpleapp, :config_methods => hash_required_config)
+      end
+
+      it 'is missing a body hash, one is not allowed' do
+        Timecop.travel Time.at 1391021695
+        consumer # cause this to be created
+        request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'PUT', :input => 'hello', 'CONTENT_TYPE' => 'application/x-www-form-urlencoded'))
+        request.env['HTTP_AUTHORIZATION'] = %q(OAuth oauth_consumer_key="test_client_app_key", ) +
+          %q(oauth_nonce="c1c2bd8676d44e48691c8dceffa66a96", ) +
+          %q(oauth_signature="DG9qcuXaMPMx0fOcVFiUEPdYQnY%3D", ) +
+          %q(oauth_signature_method="HMAC-SHA1", ) +
+          %q(oauth_timestamp="1391021695", ) +
+          %q(oauth_version="1.0")
+        assert_response(200, '☺', *hashrequiredapp.call(request.env))
+      end
+      it 'is missing a body hash, one is allowed' do
+        Timecop.travel Time.at 1391021695
+        consumer # cause this to be created
+        request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'PUT', :input => 'hello', 'CONTENT_TYPE' => 'text/plain'))
+        request.env['HTTP_AUTHORIZATION'] = %q(OAuth oauth_consumer_key="test_client_app_key", ) +
+          %q(oauth_nonce="c1c2bd8676d44e48691c8dceffa66a96", ) +
+          %q(oauth_signature="czC%2F9Z8tE1H4AJaT8lOKLokrWRE%3D", ) +
+          %q(oauth_signature_method="HMAC-SHA1", ) +
+          %q(oauth_timestamp="1391021695", ) +
+          %q(oauth_version="1.0")
+        assert_response(401, /Authorization oauth_body_hash.*is required \(on non-form-encoded requests\)/m, *hashrequiredapp.call(request.env))
+      end
+    end
+
+    describe 'body hash not required' do
+      it 'is missing a body hash, one is not allowed' do
+        Timecop.travel Time.at 1391021695
+        consumer # cause this to be created
+        request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'PUT', :input => 'hello', 'CONTENT_TYPE' => 'application/x-www-form-urlencoded'))
+        request.env['HTTP_AUTHORIZATION'] = %q(OAuth oauth_consumer_key="test_client_app_key", ) +
+          %q(oauth_nonce="c1c2bd8676d44e48691c8dceffa66a96", ) +
+          %q(oauth_signature="DG9qcuXaMPMx0fOcVFiUEPdYQnY%3D", ) +
+          %q(oauth_signature_method="HMAC-SHA1", ) +
+          %q(oauth_timestamp="1391021695", ) +
+          %q(oauth_version="1.0")
+        assert_response(200, '☺', *oapp.call(request.env))
+      end
+      it 'is missing a body hash, one is allowed' do
+        Timecop.travel Time.at 1391021695
+        consumer # cause this to be created
+        request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'PUT', :input => 'hello', 'CONTENT_TYPE' => 'text/plain'))
+        request.env['HTTP_AUTHORIZATION'] = %q(OAuth oauth_consumer_key="test_client_app_key", ) +
+          %q(oauth_nonce="c1c2bd8676d44e48691c8dceffa66a96", ) +
+          %q(oauth_signature="czC%2F9Z8tE1H4AJaT8lOKLokrWRE%3D", ) +
+          %q(oauth_signature_method="HMAC-SHA1", ) +
+          %q(oauth_timestamp="1391021695", ) +
+          %q(oauth_version="1.0")
+        assert_response(200, '☺', *oapp.call(request.env))
+      end
+    end
+  end
+
   describe :bypass do
     it 'bypasses with invalid request' do
-      oapp = OAuthenticator::Middleware.new(simpleapp, :bypass => proc { true }, :config_methods => OAuthenticatorTestConfigMethods)
+      oapp = OAuthenticator::RackAuthenticator.new(simpleapp, :bypass => proc { true }, :config_methods => OAuthenticatorTestConfigMethods)
       env = Rack::MockRequest.env_for('/', :method => 'GET').merge({'HTTP_AUTHORIZATION' => 'oauth ?'})
       assert_response(200, '☺', *oapp.call(env))
     end
 
     it 'does not bypass with invalid request' do
-      oapp = OAuthenticator::Middleware.new(simpleapp, :bypass => proc { false }, :config_methods => OAuthenticatorTestConfigMethods)
+      oapp = OAuthenticator::RackAuthenticator.new(simpleapp, :bypass => proc { false }, :config_methods => OAuthenticatorTestConfigMethods)
       assert_equal(401, oapp.call({}).first)
     end
 
     it 'bypasses with valid request' do
       was_authenticated = nil
       bapp = proc { |env| was_authenticated = env['oauth.authenticated']; [200, {}, ['☺']] }
-      boapp = OAuthenticator::Middleware.new(bapp, :bypass => proc { true }, :config_methods => OAuthenticatorTestConfigMethods)
+      boapp = OAuthenticator::RackAuthenticator.new(bapp, :bypass => proc { true }, :config_methods => OAuthenticatorTestConfigMethods)
       request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'GET'))
-      request.env['HTTP_AUTHORIZATION'] = SimpleOAuth::Header.new(
-        request.request_method,
-        request.url,
-        nil,
-        {:consumer_key => consumer_key, :consumer_secret => consumer_secret}
-      ).to_s
+      request.env['HTTP_AUTHORIZATION'] = OAuthenticator::SignableRequest.new({
+        :request_method => request.request_method,
+        :uri => request.url,
+        :media_type => request.media_type,
+        :body => request.body,
+        :signature_method => 'HMAC-SHA1',
+        :consumer_key => consumer_key,
+        :consumer_secret => consumer_secret
+      }).authorization
       assert_response(200, '☺', *boapp.call(request.env))
       assert(was_authenticated == false)
     end
@@ -430,16 +520,54 @@ describe OAuthenticator::Middleware do
     it 'does not bypass with valid request' do
       was_authenticated = nil
       bapp = proc { |env| was_authenticated = env['oauth.authenticated']; [200, {}, ['☺']] }
-      boapp = OAuthenticator::Middleware.new(bapp, :bypass => proc { false }, :config_methods => OAuthenticatorTestConfigMethods)
+      boapp = OAuthenticator::RackAuthenticator.new(bapp, :bypass => proc { false }, :config_methods => OAuthenticatorTestConfigMethods)
       request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'GET'))
-      request.env['HTTP_AUTHORIZATION'] = SimpleOAuth::Header.new(
-        request.request_method,
-        request.url,
-        nil,
-        {:consumer_key => consumer_key, :consumer_secret => consumer_secret}
-      ).to_s
+      request.env['HTTP_AUTHORIZATION'] = OAuthenticator::SignableRequest.new({
+        :request_method => request.request_method,
+        :uri => request.url,
+        :media_type => request.media_type,
+        :body => request.body,
+        :signature_method => 'HMAC-SHA1',
+        :consumer_key => consumer_key,
+        :consumer_secret => consumer_secret
+      }).authorization
       assert_response(200, '☺', *boapp.call(request.env))
       assert(was_authenticated == true)
     end
   end
+
+  describe 'rack env variables' do
+    let :request do
+      Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'GET')).tap do |request|
+        request.env['HTTP_AUTHORIZATION'] = OAuthenticator::SignableRequest.new({
+          :request_method => request.request_method,
+          :uri => request.url,
+          :media_type => request.media_type,
+          :body => request.body,
+          :signature_method => 'HMAC-SHA1',
+          :consumer_key => consumer_key,
+          :consumer_secret => consumer_secret,
+          :token => token,
+          :token_secret => token_secret,
+        }).authorization
+      end
+    end
+
+    it 'sets oauth.authenticated, oauth.token, oauth.consumer_key' do
+      oauth_authenticated = nil
+      oauth_token = nil
+      oauth_consumer_key = nil
+      testapp = proc do |env|
+        oauth_authenticated = env['oauth.authenticated']
+        oauth_token = env['oauth.token']
+        oauth_consumer_key = env['oauth.consumer_key']
+        [200, {}, ['☺']]
+      end
+      otestapp = OAuthenticator::RackAuthenticator.new(testapp, :config_methods => OAuthenticatorTestConfigMethods)
+      assert_response(200, '☺', *otestapp.call(request.env))
+      assert_equal(token, oauth_token)
+      assert_equal(consumer_key, oauth_consumer_key)
+      assert_equal(true, oauth_authenticated)
+    end
+  end
 end