oauthenticator 1.4.0 → 1.4.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/README.md +2 -2
- data/lib/oauthenticator/parse_authorization.rb +5 -9
- data/lib/oauthenticator/rack_authenticator.rb +1 -1
- data/lib/oauthenticator/signable_request.rb +2 -2
- data/lib/oauthenticator/signed_request.rb +1 -1
- data/lib/oauthenticator/version.rb +1 -1
- metadata +11 -144
- data/.simplecov +0 -1
- data/Rakefile.rb +0 -14
- data/test/config_methods_test.rb +0 -44
- data/test/faraday_signer_test.rb +0 -82
- data/test/helper.rb +0 -30
- data/test/parse_authorization_test.rb +0 -86
- data/test/rack_authenticator_test.rb +0 -615
- data/test/rack_test_signer_test.rb +0 -61
- data/test/signable_request_test.rb +0 -676
- data/test/signed_request_test.rb +0 -12
- data/test/test_config_methods.rb +0 -74
@@ -1,615 +0,0 @@
|
|
1
|
-
# encoding: utf-8
|
2
|
-
proc { |p| $:.unshift(p) unless $:.any? { |lp| File.expand_path(lp) == p } }.call(File.expand_path('.', File.dirname(__FILE__)))
|
3
|
-
require 'helper'
|
4
|
-
|
5
|
-
describe OAuthenticator::RackAuthenticator do
|
6
|
-
# act like a database cleaner
|
7
|
-
after do
|
8
|
-
[:nonces, :consumer_secrets, :token_secrets, :token_consumers].each do |db|
|
9
|
-
OAuthenticatorTestConfigMethods.send(db).clear
|
10
|
-
end
|
11
|
-
end
|
12
|
-
|
13
|
-
def assert_response(expected_status, expected_body, actual_status, actual_headers, actual_body)
|
14
|
-
actual_body_s = actual_body.to_enum.to_a.join
|
15
|
-
assert_equal expected_status.to_i, actual_status.to_i, "Expected status to be #{expected_status.inspect}" +
|
16
|
-
"; got #{actual_status.inspect}. body was: #{actual_body_s}"
|
17
|
-
assert expected_body === actual_body_s, "Expected match for #{expected_body}; got #{actual_body_s}"
|
18
|
-
end
|
19
|
-
|
20
|
-
it 'makes a valid two-legged signed request (generated)' do
|
21
|
-
request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'GET'))
|
22
|
-
request.env['HTTP_AUTHORIZATION'] = OAuthenticator::SignableRequest.new({
|
23
|
-
:request_method => request.request_method,
|
24
|
-
:uri => request.url,
|
25
|
-
:media_type => request.media_type,
|
26
|
-
:body => request.body,
|
27
|
-
:signature_method => 'HMAC-SHA1',
|
28
|
-
:consumer_key => consumer_key,
|
29
|
-
:consumer_secret => consumer_secret,
|
30
|
-
}).authorization
|
31
|
-
assert_response(200, '☺', *oapp.call(request.env))
|
32
|
-
end
|
33
|
-
|
34
|
-
it 'makes a valid two-legged signed request with a blank token (generated)' do
|
35
|
-
request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'GET'))
|
36
|
-
request.env['HTTP_AUTHORIZATION'] = OAuthenticator::SignableRequest.new({
|
37
|
-
:request_method => request.request_method,
|
38
|
-
:uri => request.url,
|
39
|
-
:media_type => request.media_type,
|
40
|
-
:body => request.body,
|
41
|
-
:signature_method => 'HMAC-SHA1',
|
42
|
-
:consumer_key => consumer_key,
|
43
|
-
:consumer_secret => consumer_secret,
|
44
|
-
:token => '',
|
45
|
-
:token_secret => '',
|
46
|
-
}).authorization
|
47
|
-
assert_response(200, '☺', *oapp.call(request.env))
|
48
|
-
end
|
49
|
-
|
50
|
-
it 'makes a valid two-legged signed request with a form encoded body (generated)' do
|
51
|
-
request = Rack::Request.new(Rack::MockRequest.env_for('/',
|
52
|
-
:method => 'GET',
|
53
|
-
:input => 'a=b&a=c',
|
54
|
-
'CONTENT_TYPE' => 'application/x-www-form-urlencoded; charset=UTF8'
|
55
|
-
))
|
56
|
-
request.env['HTTP_AUTHORIZATION'] = OAuthenticator::SignableRequest.new({
|
57
|
-
:request_method => request.request_method,
|
58
|
-
:uri => request.url,
|
59
|
-
:media_type => request.media_type,
|
60
|
-
:body => request.body,
|
61
|
-
:signature_method => 'HMAC-SHA1',
|
62
|
-
:consumer_key => consumer_key,
|
63
|
-
:consumer_secret => consumer_secret
|
64
|
-
}).authorization
|
65
|
-
assert_response(200, '☺', *oapp.call(request.env))
|
66
|
-
end
|
67
|
-
|
68
|
-
it 'makes a valid three-legged signed request (generated)' do
|
69
|
-
request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'GET'))
|
70
|
-
request.env['HTTP_AUTHORIZATION'] = OAuthenticator::SignableRequest.new({
|
71
|
-
:request_method => request.request_method,
|
72
|
-
:uri => request.url,
|
73
|
-
:media_type => request.media_type,
|
74
|
-
:body => request.body,
|
75
|
-
:signature_method => 'HMAC-SHA1',
|
76
|
-
:consumer_key => consumer_key,
|
77
|
-
:consumer_secret => consumer_secret,
|
78
|
-
:token => token,
|
79
|
-
:token_secret => token_secret,
|
80
|
-
}).authorization
|
81
|
-
assert_response(200, '☺', *oapp.call(request.env))
|
82
|
-
end
|
83
|
-
|
84
|
-
2.times do |i|
|
85
|
-
# run these twice to make sure that the databas cleaner clears out the nonce since we use the same
|
86
|
-
# nonce across tests
|
87
|
-
it "makes a valid signed two-legged request (static #{i})" do
|
88
|
-
Timecop.travel Time.at 1391021695
|
89
|
-
consumer # cause this to be created
|
90
|
-
request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'GET'))
|
91
|
-
request.env['HTTP_AUTHORIZATION'] = %q(OAuth oauth_consumer_key="test_client_app_key", ) +
|
92
|
-
%q(oauth_nonce="c1c2bd8676d44e48691c8dceffa66a96", ) +
|
93
|
-
%q(oauth_signature="Xy1s5IUn8x0U2KPyHBw4B2cHZMo%3D", ) +
|
94
|
-
%q(oauth_signature_method="HMAC-SHA1", ) +
|
95
|
-
%q(oauth_timestamp="1391021695", ) +
|
96
|
-
%q(oauth_version="1.0")
|
97
|
-
assert_response(200, '☺', *oapp.call(request.env))
|
98
|
-
end
|
99
|
-
|
100
|
-
it "makes a valid signed three-legged request (static #{i})" do
|
101
|
-
Timecop.travel Time.at 1391021695
|
102
|
-
consumer # cause this to be created
|
103
|
-
token_hash # cause this to be created
|
104
|
-
request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'GET'))
|
105
|
-
request.env['HTTP_AUTHORIZATION'] = %q(OAuth ) +
|
106
|
-
%q(oauth_consumer_key="test_client_app_key", ) +
|
107
|
-
%q(oauth_nonce="6320851a8f4e18b2ac223497b0477f2e", ) +
|
108
|
-
%q(oauth_signature="MyfcvCJfiOHCdkdwFOKtfwoOPqE%3D", ) +
|
109
|
-
%q(oauth_signature_method="HMAC-SHA1", ) +
|
110
|
-
%q(oauth_timestamp="1391021695", ) +
|
111
|
-
%q(oauth_token="test_token", ) +
|
112
|
-
%q(oauth_version="1.0")
|
113
|
-
assert_response(200, '☺', *oapp.call(request.env))
|
114
|
-
end
|
115
|
-
end
|
116
|
-
|
117
|
-
it 'complains about a missing Authorization header' do
|
118
|
-
assert_response(401, /Authorization header is missing/, *oapp.call({}))
|
119
|
-
end
|
120
|
-
|
121
|
-
it 'complains about a blank Authorization header' do
|
122
|
-
assert_response(401, /Authorization header is blank/, *oapp.call({'HTTP_AUTHORIZATION' => ' '}))
|
123
|
-
end
|
124
|
-
|
125
|
-
it 'complains about a non-OAuth Authentication header' do
|
126
|
-
assert_response(401, /Authorization scheme is not OAuth/, *oapp.call({'HTTP_AUTHORIZATION' => 'Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ=='}))
|
127
|
-
end
|
128
|
-
|
129
|
-
describe 'invalid Authorization header' do
|
130
|
-
it 'has duplicate params' do
|
131
|
-
assert_response(
|
132
|
-
401,
|
133
|
-
/Received multiple instances of Authorization parameter oauth_version/,
|
134
|
-
*oapp.call({'HTTP_AUTHORIZATION' => %q(OAuth oauth_version="1.0", oauth_version="1.1")})
|
135
|
-
)
|
136
|
-
end
|
137
|
-
|
138
|
-
it 'has something unparseable' do
|
139
|
-
assert_response(401, /Could not parse Authorization header/, *oapp.call({'HTTP_AUTHORIZATION' => %q(OAuth <client-app-key>test_client_app_key</client-app-key>)}))
|
140
|
-
end
|
141
|
-
end
|
142
|
-
|
143
|
-
it 'omits timestamp' do
|
144
|
-
Timecop.travel Time.at 1391021695
|
145
|
-
consumer # cause this to be created
|
146
|
-
request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'GET'))
|
147
|
-
request.env['HTTP_AUTHORIZATION'] = %q(OAuth oauth_consumer_key="test_client_app_key", ) +
|
148
|
-
%q(oauth_nonce="c1c2bd8676d44e48691c8dceffa66a96", ) +
|
149
|
-
%q(oauth_signature="Xy1s5IUn8x0U2KPyHBw4B2cHZMo%3D", ) +
|
150
|
-
%q(oauth_signature_method="HMAC-SHA1", ) +
|
151
|
-
#%q(oauth_timestamp="1391021695", ) +
|
152
|
-
%q(oauth_version="1.0")
|
153
|
-
assert_response(401, /Authorization oauth_timestamp.*is missing/m, *oapp.call(request.env))
|
154
|
-
end
|
155
|
-
it 'omits timestamp with PLAINTEXT' do
|
156
|
-
Timecop.travel Time.at 1391021695
|
157
|
-
consumer # cause this to be created
|
158
|
-
request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'GET'))
|
159
|
-
request.env['HTTP_AUTHORIZATION'] = %q(OAuth oauth_consumer_key="test_client_app_key", ) +
|
160
|
-
%q(oauth_nonce="c1c2bd8676d44e48691c8dceffa66a96", ) +
|
161
|
-
%q(oauth_signature="test_client_app_secret%26", ) +
|
162
|
-
%q(oauth_signature_method="PLAINTEXT", ) +
|
163
|
-
#%q(oauth_timestamp="1391021695", ) +
|
164
|
-
%q(oauth_version="1.0")
|
165
|
-
assert_response(200, '☺', *oapp.call(request.env))
|
166
|
-
end
|
167
|
-
it 'has a non-integer timestamp' do
|
168
|
-
Timecop.travel Time.at 1391021695
|
169
|
-
consumer # cause this to be created
|
170
|
-
request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'GET'))
|
171
|
-
request.env['HTTP_AUTHORIZATION'] = %q(OAuth oauth_consumer_key="test_client_app_key", ) +
|
172
|
-
%q(oauth_nonce="c1c2bd8676d44e48691c8dceffa66a96", ) +
|
173
|
-
%q(oauth_signature="Xy1s5IUn8x0U2KPyHBw4B2cHZMo%3D", ) +
|
174
|
-
%q(oauth_signature_method="HMAC-SHA1", ) +
|
175
|
-
%q(oauth_timestamp="now", ) +
|
176
|
-
%q(oauth_version="1.0")
|
177
|
-
assert_response(401, /Authorization oauth_timestamp.*is not an integer - got: now/m, *oapp.call(request.env))
|
178
|
-
end
|
179
|
-
it 'has a too-old timestamp' do
|
180
|
-
Timecop.travel Time.at 1391021695
|
181
|
-
consumer # cause this to be created
|
182
|
-
request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'GET'))
|
183
|
-
request.env['HTTP_AUTHORIZATION'] = %q(OAuth oauth_consumer_key="test_client_app_key", ) +
|
184
|
-
%q(oauth_nonce="c1c2bd8676d44e48691c8dceffa66a96", ) +
|
185
|
-
%q(oauth_signature="Xy1s5IUn8x0U2KPyHBw4B2cHZMo%3D", ) +
|
186
|
-
%q(oauth_signature_method="HMAC-SHA1", ) +
|
187
|
-
%q(oauth_timestamp="1391010893", ) +
|
188
|
-
%q(oauth_version="1.0")
|
189
|
-
assert_response(401, /Authorization oauth_timestamp.*is too old: 1391010893/m, *oapp.call(request.env))
|
190
|
-
end
|
191
|
-
it 'has a timestamp too far in the future' do
|
192
|
-
Timecop.travel Time.at 1391021695
|
193
|
-
consumer # cause this to be created
|
194
|
-
request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'GET'))
|
195
|
-
request.env['HTTP_AUTHORIZATION'] = %q(OAuth oauth_consumer_key="test_client_app_key", ) +
|
196
|
-
%q(oauth_nonce="c1c2bd8676d44e48691c8dceffa66a96", ) +
|
197
|
-
%q(oauth_signature="Xy1s5IUn8x0U2KPyHBw4B2cHZMo%3D", ) +
|
198
|
-
%q(oauth_signature_method="HMAC-SHA1", ) +
|
199
|
-
%q(oauth_timestamp="1391032497", ) +
|
200
|
-
%q(oauth_version="1.0")
|
201
|
-
assert_response(401, /Authorization oauth_timestamp.*is too far in the future: 1391032497/m, *oapp.call(request.env))
|
202
|
-
end
|
203
|
-
it 'omits version' do
|
204
|
-
Timecop.travel Time.at 1391021695
|
205
|
-
consumer # cause this to be created
|
206
|
-
request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'GET'))
|
207
|
-
request.env['HTTP_AUTHORIZATION'] = %q(OAuth oauth_consumer_key="test_client_app_key", ) +
|
208
|
-
%q(oauth_nonce="c1c2bd8676d44e48691c8dceffa66a96", ) +
|
209
|
-
%q(oauth_signature="lCVypLHYc6oKz+vOa6DKEivoyys%3D", ) +
|
210
|
-
%q(oauth_signature_method="HMAC-SHA1", ) +
|
211
|
-
%q(oauth_timestamp="1391021695")
|
212
|
-
#%q(oauth_version="1.0")
|
213
|
-
assert_response(200, '☺', *oapp.call(request.env))
|
214
|
-
end
|
215
|
-
it 'has a wrong version' do
|
216
|
-
Timecop.travel Time.at 1391021695
|
217
|
-
consumer # cause this to be created
|
218
|
-
request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'GET'))
|
219
|
-
request.env['HTTP_AUTHORIZATION'] = %q(OAuth oauth_consumer_key="test_client_app_key", ) +
|
220
|
-
%q(oauth_nonce="c1c2bd8676d44e48691c8dceffa66a96", ) +
|
221
|
-
%q(oauth_signature="Xy1s5IUn8x0U2KPyHBw4B2cHZMo%3D", ) +
|
222
|
-
%q(oauth_signature_method="HMAC-SHA1", ) +
|
223
|
-
%q(oauth_timestamp="1391021695", ) +
|
224
|
-
%q(oauth_version="3.14")
|
225
|
-
assert_response(401, /Authorization oauth_version.*must be 1\.0; got: 3\.14/m, *oapp.call(request.env))
|
226
|
-
end
|
227
|
-
it 'omits consumer key' do
|
228
|
-
Timecop.travel Time.at 1391021695
|
229
|
-
consumer # cause this to be created
|
230
|
-
request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'GET'))
|
231
|
-
request.env['HTTP_AUTHORIZATION'] = %q(OAuth ) + #%q(oauth_consumer_key="test_client_app_key", ) +
|
232
|
-
%q(oauth_nonce="c1c2bd8676d44e48691c8dceffa66a96", ) +
|
233
|
-
%q(oauth_signature="Xy1s5IUn8x0U2KPyHBw4B2cHZMo%3D", ) +
|
234
|
-
%q(oauth_signature_method="HMAC-SHA1", ) +
|
235
|
-
%q(oauth_timestamp="1391021695", ) +
|
236
|
-
%q(oauth_version="1.0")
|
237
|
-
assert_response(401, /Authorization oauth_consumer_key.*is missing/m, *oapp.call(request.env))
|
238
|
-
end
|
239
|
-
it 'has an invalid consumer key' do
|
240
|
-
Timecop.travel Time.at 1391021695
|
241
|
-
consumer # cause this to be created
|
242
|
-
request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'GET'))
|
243
|
-
request.env['HTTP_AUTHORIZATION'] = %q(OAuth oauth_consumer_key="nonexistent_app_key", ) +
|
244
|
-
%q(oauth_nonce="c1c2bd8676d44e48691c8dceffa66a96", ) +
|
245
|
-
%q(oauth_signature="Xy1s5IUn8x0U2KPyHBw4B2cHZMo%3D", ) +
|
246
|
-
%q(oauth_signature_method="HMAC-SHA1", ) +
|
247
|
-
%q(oauth_timestamp="1391021695", ) +
|
248
|
-
%q(oauth_version="1.0")
|
249
|
-
assert_response(401, /Authorization oauth_consumer_key.*is invalid/m, *oapp.call(request.env))
|
250
|
-
end
|
251
|
-
it 'has an invalid token' do
|
252
|
-
Timecop.travel Time.at 1391021695
|
253
|
-
consumer # cause this to be created
|
254
|
-
token_hash # cause this to be created
|
255
|
-
request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'GET'))
|
256
|
-
request.env['HTTP_AUTHORIZATION'] = %q(OAuth ) +
|
257
|
-
%q(oauth_consumer_key="test_client_app_key", ) +
|
258
|
-
%q(oauth_nonce="6320851a8f4e18b2ac223497b0477f2e", ) +
|
259
|
-
%q(oauth_signature="MyfcvCJfiOHCdkdwFOKtfwoOPqE%3D", ) +
|
260
|
-
%q(oauth_signature_method="HMAC-SHA1", ) +
|
261
|
-
%q(oauth_timestamp="1391021695", ) +
|
262
|
-
%q(oauth_token="nonexistent_token", ) +
|
263
|
-
%q(oauth_version="1.0")
|
264
|
-
assert_response(401, /Authorization oauth_token.*is invalid/m, *oapp.call(request.env))
|
265
|
-
end
|
266
|
-
it 'has a token belonging to a different consumer key' do
|
267
|
-
Timecop.travel Time.at 1391021695
|
268
|
-
consumer # cause this to be created
|
269
|
-
token_hash # cause this to be created
|
270
|
-
|
271
|
-
OAuthenticatorTestConfigMethods.consumer_secrets["different_client_app_key"] = "different_client_app_secret"
|
272
|
-
|
273
|
-
request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'GET'))
|
274
|
-
request.env['HTTP_AUTHORIZATION'] = %q(OAuth ) +
|
275
|
-
%q(oauth_consumer_key="different_client_app_key", ) +
|
276
|
-
%q(oauth_nonce="6320851a8f4e18b2ac223497b0477f2e", ) +
|
277
|
-
%q(oauth_signature="PVscPDg%2B%2FjAXRiahIggkeBpN5zI%3D", ) +
|
278
|
-
%q(oauth_signature_method="HMAC-SHA1", ) +
|
279
|
-
%q(oauth_timestamp="1391021695", ) +
|
280
|
-
%q(oauth_token="test_token", ) +
|
281
|
-
%q(oauth_version="1.0")
|
282
|
-
assert_response(401, /Authorization oauth_token.*does not belong to the specified consumer/m, *oapp.call(request.env))
|
283
|
-
end
|
284
|
-
it 'omits nonce' do
|
285
|
-
Timecop.travel Time.at 1391021695
|
286
|
-
consumer # cause this to be created
|
287
|
-
request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'GET'))
|
288
|
-
request.env['HTTP_AUTHORIZATION'] = %q(OAuth oauth_consumer_key="test_client_app_key", ) +
|
289
|
-
#%q(oauth_nonce="c1c2bd8676d44e48691c8dceffa66a96", ) +
|
290
|
-
%q(oauth_signature="Xy1s5IUn8x0U2KPyHBw4B2cHZMo%3D", ) +
|
291
|
-
%q(oauth_signature_method="HMAC-SHA1", ) +
|
292
|
-
%q(oauth_timestamp="1391021695", ) +
|
293
|
-
%q(oauth_version="1.0")
|
294
|
-
assert_response(401, /Authorization oauth_nonce.*is missing/m, *oapp.call(request.env))
|
295
|
-
end
|
296
|
-
it 'omits nonce with PLAINTEXT' do
|
297
|
-
Timecop.travel Time.at 1391021695
|
298
|
-
consumer # cause this to be created
|
299
|
-
request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'GET'))
|
300
|
-
request.env['HTTP_AUTHORIZATION'] = %q(OAuth oauth_consumer_key="test_client_app_key", ) +
|
301
|
-
#%q(oauth_nonce="c1c2bd8676d44e48691c8dceffa66a96", ) +
|
302
|
-
%q(oauth_signature="test_client_app_secret%26", ) +
|
303
|
-
%q(oauth_signature_method="PLAINTEXT", ) +
|
304
|
-
%q(oauth_timestamp="1391021695", ) +
|
305
|
-
%q(oauth_version="1.0")
|
306
|
-
assert_response(200, '☺', *oapp.call(request.env))
|
307
|
-
end
|
308
|
-
it 'does not try to use an omitted nonce with PLAINTEXT' do
|
309
|
-
Timecop.travel Time.at 1391021695
|
310
|
-
consumer # cause this to be created
|
311
|
-
request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'GET'))
|
312
|
-
request.env['HTTP_AUTHORIZATION'] = %q(OAuth oauth_consumer_key="test_client_app_key", ) +
|
313
|
-
#%q(oauth_nonce="c1c2bd8676d44e48691c8dceffa66a96", ) +
|
314
|
-
%q(oauth_signature="test_client_app_secret%26", ) +
|
315
|
-
%q(oauth_signature_method="PLAINTEXT", ) +
|
316
|
-
%q(oauth_timestamp="1391021695", ) +
|
317
|
-
%q(oauth_version="1.0")
|
318
|
-
test_config_methods_without_use_nonce = Module.new do
|
319
|
-
include OAuthenticatorTestConfigMethods
|
320
|
-
def use_nonce!
|
321
|
-
raise "#use_nonce! should not have been called"
|
322
|
-
end
|
323
|
-
end
|
324
|
-
app = OAuthenticator::RackAuthenticator.new(simpleapp, :config_methods => test_config_methods_without_use_nonce)
|
325
|
-
assert_response(200, '☺', *app.call(request.env))
|
326
|
-
end
|
327
|
-
it 'has an already-used nonce' do
|
328
|
-
Timecop.travel Time.at 1391021695
|
329
|
-
consumer # cause this to be created
|
330
|
-
request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'GET'))
|
331
|
-
request.env['HTTP_AUTHORIZATION'] = %q(OAuth oauth_consumer_key="test_client_app_key", ) +
|
332
|
-
%q(oauth_nonce="c1c2bd8676d44e48691c8dceffa66a96", ) +
|
333
|
-
%q(oauth_signature="Xy1s5IUn8x0U2KPyHBw4B2cHZMo%3D", ) +
|
334
|
-
%q(oauth_signature_method="HMAC-SHA1", ) +
|
335
|
-
%q(oauth_timestamp="1391021695", ) +
|
336
|
-
%q(oauth_version="1.0")
|
337
|
-
assert_response(200, '☺', *oapp.call(request.env))
|
338
|
-
assert_response(401, /Authorization oauth_nonce.*has already been used/m, *oapp.call(request.env))
|
339
|
-
end
|
340
|
-
it 'has an already-used nonce, via use_nonce!' do
|
341
|
-
Timecop.travel Time.at 1391021695
|
342
|
-
consumer # cause this to be created
|
343
|
-
request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'GET'))
|
344
|
-
request.env['HTTP_AUTHORIZATION'] = %q(OAuth oauth_consumer_key="test_client_app_key", ) +
|
345
|
-
%q(oauth_nonce="c1c2bd8676d44e48691c8dceffa66a96", ) +
|
346
|
-
%q(oauth_signature="Xy1s5IUn8x0U2KPyHBw4B2cHZMo%3D", ) +
|
347
|
-
%q(oauth_signature_method="HMAC-SHA1", ) +
|
348
|
-
%q(oauth_timestamp="1391021695", ) +
|
349
|
-
%q(oauth_version="1.0")
|
350
|
-
test_config_methods_nonce_used_false = Module.new do
|
351
|
-
include OAuthenticatorTestConfigMethods
|
352
|
-
def nonce_used?
|
353
|
-
false
|
354
|
-
end
|
355
|
-
end
|
356
|
-
app = OAuthenticator::RackAuthenticator.new(simpleapp, :config_methods => test_config_methods_nonce_used_false)
|
357
|
-
assert_response(200, '☺', *app.call(request.env))
|
358
|
-
assert_response(401, /Authorization oauth_nonce.*has already been used/m, *app.call(request.env))
|
359
|
-
end
|
360
|
-
it 'omits signature' do
|
361
|
-
Timecop.travel Time.at 1391021695
|
362
|
-
consumer # cause this to be created
|
363
|
-
request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'GET'))
|
364
|
-
request.env['HTTP_AUTHORIZATION'] = %q(OAuth oauth_consumer_key="test_client_app_key", ) +
|
365
|
-
%q(oauth_nonce="c1c2bd8676d44e48691c8dceffa66a96", ) +
|
366
|
-
#%q(oauth_signature="Xy1s5IUn8x0U2KPyHBw4B2cHZMo%3D", ) +
|
367
|
-
%q(oauth_signature_method="HMAC-SHA1", ) +
|
368
|
-
%q(oauth_timestamp="1391021695", ) +
|
369
|
-
%q(oauth_version="1.0")
|
370
|
-
assert_response(401, /Authorization oauth_signature.*is missing/m, *oapp.call(request.env))
|
371
|
-
end
|
372
|
-
it 'omits signature method' do
|
373
|
-
Timecop.travel Time.at 1391021695
|
374
|
-
consumer # cause this to be created
|
375
|
-
request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'GET'))
|
376
|
-
request.env['HTTP_AUTHORIZATION'] = %q(OAuth oauth_consumer_key="test_client_app_key", ) +
|
377
|
-
%q(oauth_nonce="c1c2bd8676d44e48691c8dceffa66a96", ) +
|
378
|
-
%q(oauth_signature="Xy1s5IUn8x0U2KPyHBw4B2cHZMo%3D", ) +
|
379
|
-
#%q(oauth_signature_method="HMAC-SHA1", ) +
|
380
|
-
%q(oauth_timestamp="1391021695", ) +
|
381
|
-
%q(oauth_version="1.0")
|
382
|
-
assert_response(401, /Authorization oauth_signature_method.*is missing/m, *oapp.call(request.env))
|
383
|
-
end
|
384
|
-
it 'specifies an invalid signature method' do
|
385
|
-
Timecop.travel Time.at 1391021695
|
386
|
-
consumer # cause this to be created
|
387
|
-
request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'GET'))
|
388
|
-
request.env['HTTP_AUTHORIZATION'] = %q(OAuth oauth_consumer_key="test_client_app_key", ) +
|
389
|
-
%q(oauth_nonce="c1c2bd8676d44e48691c8dceffa66a96", ) +
|
390
|
-
%q(oauth_signature="Xy1s5IUn8x0U2KPyHBw4B2cHZMo%3D", ) +
|
391
|
-
%q(oauth_signature_method="ROT13", ) +
|
392
|
-
%q(oauth_timestamp="1391021695", ) +
|
393
|
-
%q(oauth_version="1.0")
|
394
|
-
assert_response(401, /Authorization oauth_signature_method.*must be one of HMAC-SHA1, RSA-SHA1, PLAINTEXT; got: ROT13/m, *oapp.call(request.env))
|
395
|
-
end
|
396
|
-
it 'has an invalid signature' do
|
397
|
-
Timecop.travel Time.at 1391021695
|
398
|
-
consumer # cause this to be created
|
399
|
-
request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'GET'))
|
400
|
-
request.env['HTTP_AUTHORIZATION'] = %q(OAuth oauth_consumer_key="test_client_app_key", ) +
|
401
|
-
%q(oauth_nonce="c1c2bd8676d44e48691c8dceffa66a96", ) +
|
402
|
-
%q(oauth_signature="totallylegit", ) +
|
403
|
-
%q(oauth_signature_method="HMAC-SHA1", ) +
|
404
|
-
%q(oauth_timestamp="1391021695", ) +
|
405
|
-
%q(oauth_version="1.0")
|
406
|
-
assert_response(401, /Authorization oauth_signature.*is invalid/m, *oapp.call(request.env))
|
407
|
-
end
|
408
|
-
|
409
|
-
describe 'oauth_body_hash' do
|
410
|
-
it 'has a valid body hash' do
|
411
|
-
Timecop.travel Time.at 1391021695
|
412
|
-
consumer # cause this to be created
|
413
|
-
request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'PUT', :input => 'hello', 'CONTENT_TYPE' => 'text/plain'))
|
414
|
-
request.env['HTTP_AUTHORIZATION'] = %q(OAuth oauth_consumer_key="test_client_app_key", ) +
|
415
|
-
%q(oauth_nonce="c1c2bd8676d44e48691c8dceffa66a96", ) +
|
416
|
-
%q(oauth_signature="RkmgdKV4zUPAlY1%2BkjwPSuCSr%2F8%3D", ) +
|
417
|
-
%q(oauth_signature_method="HMAC-SHA1", ) +
|
418
|
-
%q(oauth_timestamp="1391021695", ) +
|
419
|
-
%q(oauth_version="1.0", ) +
|
420
|
-
%q(oauth_body_hash="qvTGHdzF6KLavt4PO0gs2a6pQ00%3D")
|
421
|
-
assert_response(200, '☺', *oapp.call(request.env))
|
422
|
-
end
|
423
|
-
|
424
|
-
it 'has an incorrect body hash' do
|
425
|
-
Timecop.travel Time.at 1391021695
|
426
|
-
consumer # cause this to be created
|
427
|
-
request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'PUT', :input => 'hello', 'CONTENT_TYPE' => 'text/plain'))
|
428
|
-
request.env['HTTP_AUTHORIZATION'] = %q(OAuth oauth_consumer_key="test_client_app_key", ) +
|
429
|
-
%q(oauth_nonce="c1c2bd8676d44e48691c8dceffa66a96", ) +
|
430
|
-
%q(oauth_signature="RkmgdKV4zUPAlY1%2BkjwPSuCSr%2F8%3D", ) +
|
431
|
-
%q(oauth_signature_method="HMAC-SHA1", ) +
|
432
|
-
%q(oauth_timestamp="1391021695", ) +
|
433
|
-
%q(oauth_version="1.0", ) +
|
434
|
-
%q(oauth_body_hash="yes this is authentic")
|
435
|
-
assert_response(401, /Authorization oauth_body_hash.*is invalid/m, *oapp.call(request.env))
|
436
|
-
end
|
437
|
-
|
438
|
-
it 'has a body hash when one is not allowed (even if it is correct)' do
|
439
|
-
Timecop.travel Time.at 1391021695
|
440
|
-
consumer # cause this to be created
|
441
|
-
request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'PUT', :input => 'hello', 'CONTENT_TYPE' => 'application/x-www-form-urlencoded'))
|
442
|
-
request.env['HTTP_AUTHORIZATION'] = %q(OAuth oauth_consumer_key="test_client_app_key", ) +
|
443
|
-
%q(oauth_nonce="c1c2bd8676d44e48691c8dceffa66a96", ) +
|
444
|
-
%q(oauth_signature="DG9qcuXaMPMx0fOcVFiUEPdYQnY%3D", ) +
|
445
|
-
%q(oauth_signature_method="HMAC-SHA1", ) +
|
446
|
-
%q(oauth_timestamp="1391021695", ) +
|
447
|
-
%q(oauth_version="1.0", ) +
|
448
|
-
%q(oauth_body_hash="qvTGHdzF6KLavt4PO0gs2a6pQ00%3D")
|
449
|
-
assert_response(401, /Authorization oauth_body_hash.*must not be included with form-encoded requests/m, *oapp.call(request.env))
|
450
|
-
end
|
451
|
-
|
452
|
-
it 'has a body hash with PLAINTEXT' do
|
453
|
-
Timecop.travel Time.at 1391021695
|
454
|
-
consumer # cause this to be created
|
455
|
-
request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'PUT', :input => 'hello', 'CONTENT_TYPE' => 'text/plain'))
|
456
|
-
request.env['HTTP_AUTHORIZATION'] = %q(OAuth oauth_consumer_key="test_client_app_key", ) +
|
457
|
-
%q(oauth_nonce="c1c2bd8676d44e48691c8dceffa66a96", ) +
|
458
|
-
%q(oauth_signature="test_client_app_secret%26", ) +
|
459
|
-
%q(oauth_signature_method="PLAINTEXT", ) +
|
460
|
-
%q(oauth_timestamp="1391021695", ) +
|
461
|
-
%q(oauth_version="1.0", ) +
|
462
|
-
%q(oauth_body_hash="qvTGHdzF6KLavt4PO0gs2a6pQ00%3D")
|
463
|
-
assert_response(200, '☺', *oapp.call(request.env))
|
464
|
-
end
|
465
|
-
|
466
|
-
describe 'body hash is required' do
|
467
|
-
let(:hashrequiredapp) do
|
468
|
-
hash_required_config = Module.new do
|
469
|
-
include OAuthenticatorTestConfigMethods
|
470
|
-
define_method(:body_hash_required?) { true }
|
471
|
-
end
|
472
|
-
OAuthenticator::RackAuthenticator.new(simpleapp, :config_methods => hash_required_config)
|
473
|
-
end
|
474
|
-
|
475
|
-
it 'is missing a body hash, one is not allowed' do
|
476
|
-
Timecop.travel Time.at 1391021695
|
477
|
-
consumer # cause this to be created
|
478
|
-
request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'PUT', :input => 'hello', 'CONTENT_TYPE' => 'application/x-www-form-urlencoded'))
|
479
|
-
request.env['HTTP_AUTHORIZATION'] = %q(OAuth oauth_consumer_key="test_client_app_key", ) +
|
480
|
-
%q(oauth_nonce="c1c2bd8676d44e48691c8dceffa66a96", ) +
|
481
|
-
%q(oauth_signature="DG9qcuXaMPMx0fOcVFiUEPdYQnY%3D", ) +
|
482
|
-
%q(oauth_signature_method="HMAC-SHA1", ) +
|
483
|
-
%q(oauth_timestamp="1391021695", ) +
|
484
|
-
%q(oauth_version="1.0")
|
485
|
-
assert_response(200, '☺', *hashrequiredapp.call(request.env))
|
486
|
-
end
|
487
|
-
it 'is missing a body hash, one is allowed' do
|
488
|
-
Timecop.travel Time.at 1391021695
|
489
|
-
consumer # cause this to be created
|
490
|
-
request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'PUT', :input => 'hello', 'CONTENT_TYPE' => 'text/plain'))
|
491
|
-
request.env['HTTP_AUTHORIZATION'] = %q(OAuth oauth_consumer_key="test_client_app_key", ) +
|
492
|
-
%q(oauth_nonce="c1c2bd8676d44e48691c8dceffa66a96", ) +
|
493
|
-
%q(oauth_signature="czC%2F9Z8tE1H4AJaT8lOKLokrWRE%3D", ) +
|
494
|
-
%q(oauth_signature_method="HMAC-SHA1", ) +
|
495
|
-
%q(oauth_timestamp="1391021695", ) +
|
496
|
-
%q(oauth_version="1.0")
|
497
|
-
assert_response(401, /Authorization oauth_body_hash.*is required \(on non-form-encoded requests\)/m, *hashrequiredapp.call(request.env))
|
498
|
-
end
|
499
|
-
end
|
500
|
-
|
501
|
-
describe 'body hash not required' do
|
502
|
-
it 'is missing a body hash, one is not allowed' do
|
503
|
-
Timecop.travel Time.at 1391021695
|
504
|
-
consumer # cause this to be created
|
505
|
-
request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'PUT', :input => 'hello', 'CONTENT_TYPE' => 'application/x-www-form-urlencoded'))
|
506
|
-
request.env['HTTP_AUTHORIZATION'] = %q(OAuth oauth_consumer_key="test_client_app_key", ) +
|
507
|
-
%q(oauth_nonce="c1c2bd8676d44e48691c8dceffa66a96", ) +
|
508
|
-
%q(oauth_signature="DG9qcuXaMPMx0fOcVFiUEPdYQnY%3D", ) +
|
509
|
-
%q(oauth_signature_method="HMAC-SHA1", ) +
|
510
|
-
%q(oauth_timestamp="1391021695", ) +
|
511
|
-
%q(oauth_version="1.0")
|
512
|
-
assert_response(200, '☺', *oapp.call(request.env))
|
513
|
-
end
|
514
|
-
it 'is missing a body hash, one is allowed' do
|
515
|
-
Timecop.travel Time.at 1391021695
|
516
|
-
consumer # cause this to be created
|
517
|
-
request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'PUT', :input => 'hello', 'CONTENT_TYPE' => 'text/plain'))
|
518
|
-
request.env['HTTP_AUTHORIZATION'] = %q(OAuth oauth_consumer_key="test_client_app_key", ) +
|
519
|
-
%q(oauth_nonce="c1c2bd8676d44e48691c8dceffa66a96", ) +
|
520
|
-
%q(oauth_signature="czC%2F9Z8tE1H4AJaT8lOKLokrWRE%3D", ) +
|
521
|
-
%q(oauth_signature_method="HMAC-SHA1", ) +
|
522
|
-
%q(oauth_timestamp="1391021695", ) +
|
523
|
-
%q(oauth_version="1.0")
|
524
|
-
assert_response(200, '☺', *oapp.call(request.env))
|
525
|
-
end
|
526
|
-
end
|
527
|
-
end
|
528
|
-
|
529
|
-
describe :bypass do
|
530
|
-
it 'bypasses with invalid request' do
|
531
|
-
oapp = OAuthenticator::RackAuthenticator.new(simpleapp, :bypass => proc { true }, :config_methods => OAuthenticatorTestConfigMethods)
|
532
|
-
env = Rack::MockRequest.env_for('/', :method => 'GET').merge({'HTTP_AUTHORIZATION' => 'oauth ?'})
|
533
|
-
assert_response(200, '☺', *oapp.call(env))
|
534
|
-
end
|
535
|
-
|
536
|
-
it 'does not bypass with invalid request' do
|
537
|
-
oapp = OAuthenticator::RackAuthenticator.new(simpleapp, :bypass => proc { false }, :config_methods => OAuthenticatorTestConfigMethods)
|
538
|
-
assert_equal(401, oapp.call({}).first)
|
539
|
-
end
|
540
|
-
|
541
|
-
it 'bypasses with valid request' do
|
542
|
-
was_authenticated = nil
|
543
|
-
bapp = proc { |env| was_authenticated = env['oauth.authenticated']; [200, {}, ['☺']] }
|
544
|
-
boapp = OAuthenticator::RackAuthenticator.new(bapp, :bypass => proc { true }, :config_methods => OAuthenticatorTestConfigMethods)
|
545
|
-
request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'GET'))
|
546
|
-
request.env['HTTP_AUTHORIZATION'] = OAuthenticator::SignableRequest.new({
|
547
|
-
:request_method => request.request_method,
|
548
|
-
:uri => request.url,
|
549
|
-
:media_type => request.media_type,
|
550
|
-
:body => request.body,
|
551
|
-
:signature_method => 'HMAC-SHA1',
|
552
|
-
:consumer_key => consumer_key,
|
553
|
-
:consumer_secret => consumer_secret
|
554
|
-
}).authorization
|
555
|
-
assert_response(200, '☺', *boapp.call(request.env))
|
556
|
-
assert(was_authenticated == false)
|
557
|
-
end
|
558
|
-
|
559
|
-
it 'does not bypass with valid request' do
|
560
|
-
was_authenticated = nil
|
561
|
-
bapp = proc { |env| was_authenticated = env['oauth.authenticated']; [200, {}, ['☺']] }
|
562
|
-
boapp = OAuthenticator::RackAuthenticator.new(bapp, :bypass => proc { false }, :config_methods => OAuthenticatorTestConfigMethods)
|
563
|
-
request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'GET'))
|
564
|
-
request.env['HTTP_AUTHORIZATION'] = OAuthenticator::SignableRequest.new({
|
565
|
-
:request_method => request.request_method,
|
566
|
-
:uri => request.url,
|
567
|
-
:media_type => request.media_type,
|
568
|
-
:body => request.body,
|
569
|
-
:signature_method => 'HMAC-SHA1',
|
570
|
-
:consumer_key => consumer_key,
|
571
|
-
:consumer_secret => consumer_secret
|
572
|
-
}).authorization
|
573
|
-
assert_response(200, '☺', *boapp.call(request.env))
|
574
|
-
assert(was_authenticated == true)
|
575
|
-
end
|
576
|
-
end
|
577
|
-
|
578
|
-
describe 'rack env variables' do
|
579
|
-
let :request do
|
580
|
-
Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'GET')).tap do |request|
|
581
|
-
request.env['HTTP_AUTHORIZATION'] = OAuthenticator::SignableRequest.new({
|
582
|
-
:request_method => request.request_method,
|
583
|
-
:uri => request.url,
|
584
|
-
:media_type => request.media_type,
|
585
|
-
:body => request.body,
|
586
|
-
:signature_method => 'HMAC-SHA1',
|
587
|
-
:consumer_key => consumer_key,
|
588
|
-
:consumer_secret => consumer_secret,
|
589
|
-
:token => token,
|
590
|
-
:token_secret => token_secret,
|
591
|
-
}).authorization
|
592
|
-
end
|
593
|
-
end
|
594
|
-
|
595
|
-
it 'sets oauth.authenticated, oauth.token, oauth.consumer_key, oauth.signed_request' do
|
596
|
-
oauth_authenticated = nil
|
597
|
-
oauth_token = nil
|
598
|
-
oauth_consumer_key = nil
|
599
|
-
oauth_signed_request = nil
|
600
|
-
testapp = proc do |env|
|
601
|
-
oauth_authenticated = env['oauth.authenticated']
|
602
|
-
oauth_token = env['oauth.token']
|
603
|
-
oauth_consumer_key = env['oauth.consumer_key']
|
604
|
-
oauth_signed_request = env['oauth.signed_request']
|
605
|
-
[200, {}, ['☺']]
|
606
|
-
end
|
607
|
-
otestapp = OAuthenticator::RackAuthenticator.new(testapp, :config_methods => OAuthenticatorTestConfigMethods)
|
608
|
-
assert_response(200, '☺', *otestapp.call(request.env))
|
609
|
-
assert_equal(token, oauth_token)
|
610
|
-
assert_equal(consumer_key, oauth_consumer_key)
|
611
|
-
assert_equal(true, oauth_authenticated)
|
612
|
-
assert_kind_of(OAuthenticator::SignedRequest, oauth_signed_request)
|
613
|
-
end
|
614
|
-
end
|
615
|
-
end
|
@@ -1,61 +0,0 @@
|
|
1
|
-
# encoding: utf-8
|
2
|
-
proc { |p| $:.unshift(p) unless $:.any? { |lp| File.expand_path(lp) == p } }.call(File.expand_path('.', File.dirname(__FILE__)))
|
3
|
-
require 'helper'
|
4
|
-
|
5
|
-
require 'oauthenticator/rack_test_signer'
|
6
|
-
|
7
|
-
# not going to test a ton here, since the rack test signer mostly just calls to SignableRequest which is
|
8
|
-
# rather well-tested
|
9
|
-
describe OAuthenticator::RackTestSigner do
|
10
|
-
def assert_response(expected_status, expected_body, rack_response)
|
11
|
-
assert_equal expected_status.to_i, rack_response.status.to_i, "Expected status to be #{expected_status.inspect}" +
|
12
|
-
"; got #{rack_response.status.inspect}. body was: #{rack_response.body}"
|
13
|
-
assert expected_body === rack_response.body, "Expected match for #{expected_body}; got #{rack_response.body}"
|
14
|
-
end
|
15
|
-
|
16
|
-
def app
|
17
|
-
oapp
|
18
|
-
end
|
19
|
-
|
20
|
-
# this will construct the rack test session for us
|
21
|
-
include Rack::Test::Methods
|
22
|
-
|
23
|
-
it 'succeeds' do
|
24
|
-
signing_options = {
|
25
|
-
:signature_method => 'PLAINTEXT',
|
26
|
-
:consumer_key => consumer_key,
|
27
|
-
:consumer_secret => consumer_secret,
|
28
|
-
:token => token,
|
29
|
-
:token_secret => token_secret,
|
30
|
-
}
|
31
|
-
|
32
|
-
response = OAuthenticator.signing_rack_test(signing_options) { get '/' }
|
33
|
-
assert_response 200, '☺', response
|
34
|
-
end
|
35
|
-
|
36
|
-
it 'succeeds with form-encoded with HMAC' do
|
37
|
-
signing_options = {
|
38
|
-
:signature_method => 'HMAC-SHA1',
|
39
|
-
:consumer_key => consumer_key,
|
40
|
-
:consumer_secret => consumer_secret,
|
41
|
-
:token => token,
|
42
|
-
:token_secret => token_secret,
|
43
|
-
}
|
44
|
-
|
45
|
-
response = OAuthenticator.signing_rack_test(signing_options) { put('/', :foo => {:bar => :baz}) }
|
46
|
-
assert_response 200, '☺', response
|
47
|
-
end
|
48
|
-
|
49
|
-
it 'is unauthorized' do
|
50
|
-
signing_options = {
|
51
|
-
:signature_method => 'PLAINTEXT',
|
52
|
-
:consumer_key => consumer_key,
|
53
|
-
:consumer_secret => 'nope',
|
54
|
-
:token => token,
|
55
|
-
:token_secret => 'definitelynot',
|
56
|
-
}
|
57
|
-
|
58
|
-
response = OAuthenticator.signing_rack_test(signing_options) { get '/' }
|
59
|
-
assert_response 401, /Authorization oauth_signature.*is invalid/m, response
|
60
|
-
end
|
61
|
-
end
|