oauthenticator 1.4.0 → 1.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1,615 +0,0 @@
1
- # encoding: utf-8
2
- proc { |p| $:.unshift(p) unless $:.any? { |lp| File.expand_path(lp) == p } }.call(File.expand_path('.', File.dirname(__FILE__)))
3
- require 'helper'
4
-
5
- describe OAuthenticator::RackAuthenticator do
6
- # act like a database cleaner
7
- after do
8
- [:nonces, :consumer_secrets, :token_secrets, :token_consumers].each do |db|
9
- OAuthenticatorTestConfigMethods.send(db).clear
10
- end
11
- end
12
-
13
- def assert_response(expected_status, expected_body, actual_status, actual_headers, actual_body)
14
- actual_body_s = actual_body.to_enum.to_a.join
15
- assert_equal expected_status.to_i, actual_status.to_i, "Expected status to be #{expected_status.inspect}" +
16
- "; got #{actual_status.inspect}. body was: #{actual_body_s}"
17
- assert expected_body === actual_body_s, "Expected match for #{expected_body}; got #{actual_body_s}"
18
- end
19
-
20
- it 'makes a valid two-legged signed request (generated)' do
21
- request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'GET'))
22
- request.env['HTTP_AUTHORIZATION'] = OAuthenticator::SignableRequest.new({
23
- :request_method => request.request_method,
24
- :uri => request.url,
25
- :media_type => request.media_type,
26
- :body => request.body,
27
- :signature_method => 'HMAC-SHA1',
28
- :consumer_key => consumer_key,
29
- :consumer_secret => consumer_secret,
30
- }).authorization
31
- assert_response(200, '☺', *oapp.call(request.env))
32
- end
33
-
34
- it 'makes a valid two-legged signed request with a blank token (generated)' do
35
- request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'GET'))
36
- request.env['HTTP_AUTHORIZATION'] = OAuthenticator::SignableRequest.new({
37
- :request_method => request.request_method,
38
- :uri => request.url,
39
- :media_type => request.media_type,
40
- :body => request.body,
41
- :signature_method => 'HMAC-SHA1',
42
- :consumer_key => consumer_key,
43
- :consumer_secret => consumer_secret,
44
- :token => '',
45
- :token_secret => '',
46
- }).authorization
47
- assert_response(200, '☺', *oapp.call(request.env))
48
- end
49
-
50
- it 'makes a valid two-legged signed request with a form encoded body (generated)' do
51
- request = Rack::Request.new(Rack::MockRequest.env_for('/',
52
- :method => 'GET',
53
- :input => 'a=b&a=c',
54
- 'CONTENT_TYPE' => 'application/x-www-form-urlencoded; charset=UTF8'
55
- ))
56
- request.env['HTTP_AUTHORIZATION'] = OAuthenticator::SignableRequest.new({
57
- :request_method => request.request_method,
58
- :uri => request.url,
59
- :media_type => request.media_type,
60
- :body => request.body,
61
- :signature_method => 'HMAC-SHA1',
62
- :consumer_key => consumer_key,
63
- :consumer_secret => consumer_secret
64
- }).authorization
65
- assert_response(200, '☺', *oapp.call(request.env))
66
- end
67
-
68
- it 'makes a valid three-legged signed request (generated)' do
69
- request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'GET'))
70
- request.env['HTTP_AUTHORIZATION'] = OAuthenticator::SignableRequest.new({
71
- :request_method => request.request_method,
72
- :uri => request.url,
73
- :media_type => request.media_type,
74
- :body => request.body,
75
- :signature_method => 'HMAC-SHA1',
76
- :consumer_key => consumer_key,
77
- :consumer_secret => consumer_secret,
78
- :token => token,
79
- :token_secret => token_secret,
80
- }).authorization
81
- assert_response(200, '☺', *oapp.call(request.env))
82
- end
83
-
84
- 2.times do |i|
85
- # run these twice to make sure that the databas cleaner clears out the nonce since we use the same
86
- # nonce across tests
87
- it "makes a valid signed two-legged request (static #{i})" do
88
- Timecop.travel Time.at 1391021695
89
- consumer # cause this to be created
90
- request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'GET'))
91
- request.env['HTTP_AUTHORIZATION'] = %q(OAuth oauth_consumer_key="test_client_app_key", ) +
92
- %q(oauth_nonce="c1c2bd8676d44e48691c8dceffa66a96", ) +
93
- %q(oauth_signature="Xy1s5IUn8x0U2KPyHBw4B2cHZMo%3D", ) +
94
- %q(oauth_signature_method="HMAC-SHA1", ) +
95
- %q(oauth_timestamp="1391021695", ) +
96
- %q(oauth_version="1.0")
97
- assert_response(200, '☺', *oapp.call(request.env))
98
- end
99
-
100
- it "makes a valid signed three-legged request (static #{i})" do
101
- Timecop.travel Time.at 1391021695
102
- consumer # cause this to be created
103
- token_hash # cause this to be created
104
- request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'GET'))
105
- request.env['HTTP_AUTHORIZATION'] = %q(OAuth ) +
106
- %q(oauth_consumer_key="test_client_app_key", ) +
107
- %q(oauth_nonce="6320851a8f4e18b2ac223497b0477f2e", ) +
108
- %q(oauth_signature="MyfcvCJfiOHCdkdwFOKtfwoOPqE%3D", ) +
109
- %q(oauth_signature_method="HMAC-SHA1", ) +
110
- %q(oauth_timestamp="1391021695", ) +
111
- %q(oauth_token="test_token", ) +
112
- %q(oauth_version="1.0")
113
- assert_response(200, '☺', *oapp.call(request.env))
114
- end
115
- end
116
-
117
- it 'complains about a missing Authorization header' do
118
- assert_response(401, /Authorization header is missing/, *oapp.call({}))
119
- end
120
-
121
- it 'complains about a blank Authorization header' do
122
- assert_response(401, /Authorization header is blank/, *oapp.call({'HTTP_AUTHORIZATION' => ' '}))
123
- end
124
-
125
- it 'complains about a non-OAuth Authentication header' do
126
- assert_response(401, /Authorization scheme is not OAuth/, *oapp.call({'HTTP_AUTHORIZATION' => 'Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ=='}))
127
- end
128
-
129
- describe 'invalid Authorization header' do
130
- it 'has duplicate params' do
131
- assert_response(
132
- 401,
133
- /Received multiple instances of Authorization parameter oauth_version/,
134
- *oapp.call({'HTTP_AUTHORIZATION' => %q(OAuth oauth_version="1.0", oauth_version="1.1")})
135
- )
136
- end
137
-
138
- it 'has something unparseable' do
139
- assert_response(401, /Could not parse Authorization header/, *oapp.call({'HTTP_AUTHORIZATION' => %q(OAuth <client-app-key>test_client_app_key</client-app-key>)}))
140
- end
141
- end
142
-
143
- it 'omits timestamp' do
144
- Timecop.travel Time.at 1391021695
145
- consumer # cause this to be created
146
- request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'GET'))
147
- request.env['HTTP_AUTHORIZATION'] = %q(OAuth oauth_consumer_key="test_client_app_key", ) +
148
- %q(oauth_nonce="c1c2bd8676d44e48691c8dceffa66a96", ) +
149
- %q(oauth_signature="Xy1s5IUn8x0U2KPyHBw4B2cHZMo%3D", ) +
150
- %q(oauth_signature_method="HMAC-SHA1", ) +
151
- #%q(oauth_timestamp="1391021695", ) +
152
- %q(oauth_version="1.0")
153
- assert_response(401, /Authorization oauth_timestamp.*is missing/m, *oapp.call(request.env))
154
- end
155
- it 'omits timestamp with PLAINTEXT' do
156
- Timecop.travel Time.at 1391021695
157
- consumer # cause this to be created
158
- request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'GET'))
159
- request.env['HTTP_AUTHORIZATION'] = %q(OAuth oauth_consumer_key="test_client_app_key", ) +
160
- %q(oauth_nonce="c1c2bd8676d44e48691c8dceffa66a96", ) +
161
- %q(oauth_signature="test_client_app_secret%26", ) +
162
- %q(oauth_signature_method="PLAINTEXT", ) +
163
- #%q(oauth_timestamp="1391021695", ) +
164
- %q(oauth_version="1.0")
165
- assert_response(200, '☺', *oapp.call(request.env))
166
- end
167
- it 'has a non-integer timestamp' do
168
- Timecop.travel Time.at 1391021695
169
- consumer # cause this to be created
170
- request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'GET'))
171
- request.env['HTTP_AUTHORIZATION'] = %q(OAuth oauth_consumer_key="test_client_app_key", ) +
172
- %q(oauth_nonce="c1c2bd8676d44e48691c8dceffa66a96", ) +
173
- %q(oauth_signature="Xy1s5IUn8x0U2KPyHBw4B2cHZMo%3D", ) +
174
- %q(oauth_signature_method="HMAC-SHA1", ) +
175
- %q(oauth_timestamp="now", ) +
176
- %q(oauth_version="1.0")
177
- assert_response(401, /Authorization oauth_timestamp.*is not an integer - got: now/m, *oapp.call(request.env))
178
- end
179
- it 'has a too-old timestamp' do
180
- Timecop.travel Time.at 1391021695
181
- consumer # cause this to be created
182
- request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'GET'))
183
- request.env['HTTP_AUTHORIZATION'] = %q(OAuth oauth_consumer_key="test_client_app_key", ) +
184
- %q(oauth_nonce="c1c2bd8676d44e48691c8dceffa66a96", ) +
185
- %q(oauth_signature="Xy1s5IUn8x0U2KPyHBw4B2cHZMo%3D", ) +
186
- %q(oauth_signature_method="HMAC-SHA1", ) +
187
- %q(oauth_timestamp="1391010893", ) +
188
- %q(oauth_version="1.0")
189
- assert_response(401, /Authorization oauth_timestamp.*is too old: 1391010893/m, *oapp.call(request.env))
190
- end
191
- it 'has a timestamp too far in the future' do
192
- Timecop.travel Time.at 1391021695
193
- consumer # cause this to be created
194
- request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'GET'))
195
- request.env['HTTP_AUTHORIZATION'] = %q(OAuth oauth_consumer_key="test_client_app_key", ) +
196
- %q(oauth_nonce="c1c2bd8676d44e48691c8dceffa66a96", ) +
197
- %q(oauth_signature="Xy1s5IUn8x0U2KPyHBw4B2cHZMo%3D", ) +
198
- %q(oauth_signature_method="HMAC-SHA1", ) +
199
- %q(oauth_timestamp="1391032497", ) +
200
- %q(oauth_version="1.0")
201
- assert_response(401, /Authorization oauth_timestamp.*is too far in the future: 1391032497/m, *oapp.call(request.env))
202
- end
203
- it 'omits version' do
204
- Timecop.travel Time.at 1391021695
205
- consumer # cause this to be created
206
- request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'GET'))
207
- request.env['HTTP_AUTHORIZATION'] = %q(OAuth oauth_consumer_key="test_client_app_key", ) +
208
- %q(oauth_nonce="c1c2bd8676d44e48691c8dceffa66a96", ) +
209
- %q(oauth_signature="lCVypLHYc6oKz+vOa6DKEivoyys%3D", ) +
210
- %q(oauth_signature_method="HMAC-SHA1", ) +
211
- %q(oauth_timestamp="1391021695")
212
- #%q(oauth_version="1.0")
213
- assert_response(200, '☺', *oapp.call(request.env))
214
- end
215
- it 'has a wrong version' do
216
- Timecop.travel Time.at 1391021695
217
- consumer # cause this to be created
218
- request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'GET'))
219
- request.env['HTTP_AUTHORIZATION'] = %q(OAuth oauth_consumer_key="test_client_app_key", ) +
220
- %q(oauth_nonce="c1c2bd8676d44e48691c8dceffa66a96", ) +
221
- %q(oauth_signature="Xy1s5IUn8x0U2KPyHBw4B2cHZMo%3D", ) +
222
- %q(oauth_signature_method="HMAC-SHA1", ) +
223
- %q(oauth_timestamp="1391021695", ) +
224
- %q(oauth_version="3.14")
225
- assert_response(401, /Authorization oauth_version.*must be 1\.0; got: 3\.14/m, *oapp.call(request.env))
226
- end
227
- it 'omits consumer key' do
228
- Timecop.travel Time.at 1391021695
229
- consumer # cause this to be created
230
- request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'GET'))
231
- request.env['HTTP_AUTHORIZATION'] = %q(OAuth ) + #%q(oauth_consumer_key="test_client_app_key", ) +
232
- %q(oauth_nonce="c1c2bd8676d44e48691c8dceffa66a96", ) +
233
- %q(oauth_signature="Xy1s5IUn8x0U2KPyHBw4B2cHZMo%3D", ) +
234
- %q(oauth_signature_method="HMAC-SHA1", ) +
235
- %q(oauth_timestamp="1391021695", ) +
236
- %q(oauth_version="1.0")
237
- assert_response(401, /Authorization oauth_consumer_key.*is missing/m, *oapp.call(request.env))
238
- end
239
- it 'has an invalid consumer key' do
240
- Timecop.travel Time.at 1391021695
241
- consumer # cause this to be created
242
- request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'GET'))
243
- request.env['HTTP_AUTHORIZATION'] = %q(OAuth oauth_consumer_key="nonexistent_app_key", ) +
244
- %q(oauth_nonce="c1c2bd8676d44e48691c8dceffa66a96", ) +
245
- %q(oauth_signature="Xy1s5IUn8x0U2KPyHBw4B2cHZMo%3D", ) +
246
- %q(oauth_signature_method="HMAC-SHA1", ) +
247
- %q(oauth_timestamp="1391021695", ) +
248
- %q(oauth_version="1.0")
249
- assert_response(401, /Authorization oauth_consumer_key.*is invalid/m, *oapp.call(request.env))
250
- end
251
- it 'has an invalid token' do
252
- Timecop.travel Time.at 1391021695
253
- consumer # cause this to be created
254
- token_hash # cause this to be created
255
- request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'GET'))
256
- request.env['HTTP_AUTHORIZATION'] = %q(OAuth ) +
257
- %q(oauth_consumer_key="test_client_app_key", ) +
258
- %q(oauth_nonce="6320851a8f4e18b2ac223497b0477f2e", ) +
259
- %q(oauth_signature="MyfcvCJfiOHCdkdwFOKtfwoOPqE%3D", ) +
260
- %q(oauth_signature_method="HMAC-SHA1", ) +
261
- %q(oauth_timestamp="1391021695", ) +
262
- %q(oauth_token="nonexistent_token", ) +
263
- %q(oauth_version="1.0")
264
- assert_response(401, /Authorization oauth_token.*is invalid/m, *oapp.call(request.env))
265
- end
266
- it 'has a token belonging to a different consumer key' do
267
- Timecop.travel Time.at 1391021695
268
- consumer # cause this to be created
269
- token_hash # cause this to be created
270
-
271
- OAuthenticatorTestConfigMethods.consumer_secrets["different_client_app_key"] = "different_client_app_secret"
272
-
273
- request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'GET'))
274
- request.env['HTTP_AUTHORIZATION'] = %q(OAuth ) +
275
- %q(oauth_consumer_key="different_client_app_key", ) +
276
- %q(oauth_nonce="6320851a8f4e18b2ac223497b0477f2e", ) +
277
- %q(oauth_signature="PVscPDg%2B%2FjAXRiahIggkeBpN5zI%3D", ) +
278
- %q(oauth_signature_method="HMAC-SHA1", ) +
279
- %q(oauth_timestamp="1391021695", ) +
280
- %q(oauth_token="test_token", ) +
281
- %q(oauth_version="1.0")
282
- assert_response(401, /Authorization oauth_token.*does not belong to the specified consumer/m, *oapp.call(request.env))
283
- end
284
- it 'omits nonce' do
285
- Timecop.travel Time.at 1391021695
286
- consumer # cause this to be created
287
- request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'GET'))
288
- request.env['HTTP_AUTHORIZATION'] = %q(OAuth oauth_consumer_key="test_client_app_key", ) +
289
- #%q(oauth_nonce="c1c2bd8676d44e48691c8dceffa66a96", ) +
290
- %q(oauth_signature="Xy1s5IUn8x0U2KPyHBw4B2cHZMo%3D", ) +
291
- %q(oauth_signature_method="HMAC-SHA1", ) +
292
- %q(oauth_timestamp="1391021695", ) +
293
- %q(oauth_version="1.0")
294
- assert_response(401, /Authorization oauth_nonce.*is missing/m, *oapp.call(request.env))
295
- end
296
- it 'omits nonce with PLAINTEXT' do
297
- Timecop.travel Time.at 1391021695
298
- consumer # cause this to be created
299
- request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'GET'))
300
- request.env['HTTP_AUTHORIZATION'] = %q(OAuth oauth_consumer_key="test_client_app_key", ) +
301
- #%q(oauth_nonce="c1c2bd8676d44e48691c8dceffa66a96", ) +
302
- %q(oauth_signature="test_client_app_secret%26", ) +
303
- %q(oauth_signature_method="PLAINTEXT", ) +
304
- %q(oauth_timestamp="1391021695", ) +
305
- %q(oauth_version="1.0")
306
- assert_response(200, '☺', *oapp.call(request.env))
307
- end
308
- it 'does not try to use an omitted nonce with PLAINTEXT' do
309
- Timecop.travel Time.at 1391021695
310
- consumer # cause this to be created
311
- request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'GET'))
312
- request.env['HTTP_AUTHORIZATION'] = %q(OAuth oauth_consumer_key="test_client_app_key", ) +
313
- #%q(oauth_nonce="c1c2bd8676d44e48691c8dceffa66a96", ) +
314
- %q(oauth_signature="test_client_app_secret%26", ) +
315
- %q(oauth_signature_method="PLAINTEXT", ) +
316
- %q(oauth_timestamp="1391021695", ) +
317
- %q(oauth_version="1.0")
318
- test_config_methods_without_use_nonce = Module.new do
319
- include OAuthenticatorTestConfigMethods
320
- def use_nonce!
321
- raise "#use_nonce! should not have been called"
322
- end
323
- end
324
- app = OAuthenticator::RackAuthenticator.new(simpleapp, :config_methods => test_config_methods_without_use_nonce)
325
- assert_response(200, '☺', *app.call(request.env))
326
- end
327
- it 'has an already-used nonce' do
328
- Timecop.travel Time.at 1391021695
329
- consumer # cause this to be created
330
- request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'GET'))
331
- request.env['HTTP_AUTHORIZATION'] = %q(OAuth oauth_consumer_key="test_client_app_key", ) +
332
- %q(oauth_nonce="c1c2bd8676d44e48691c8dceffa66a96", ) +
333
- %q(oauth_signature="Xy1s5IUn8x0U2KPyHBw4B2cHZMo%3D", ) +
334
- %q(oauth_signature_method="HMAC-SHA1", ) +
335
- %q(oauth_timestamp="1391021695", ) +
336
- %q(oauth_version="1.0")
337
- assert_response(200, '☺', *oapp.call(request.env))
338
- assert_response(401, /Authorization oauth_nonce.*has already been used/m, *oapp.call(request.env))
339
- end
340
- it 'has an already-used nonce, via use_nonce!' do
341
- Timecop.travel Time.at 1391021695
342
- consumer # cause this to be created
343
- request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'GET'))
344
- request.env['HTTP_AUTHORIZATION'] = %q(OAuth oauth_consumer_key="test_client_app_key", ) +
345
- %q(oauth_nonce="c1c2bd8676d44e48691c8dceffa66a96", ) +
346
- %q(oauth_signature="Xy1s5IUn8x0U2KPyHBw4B2cHZMo%3D", ) +
347
- %q(oauth_signature_method="HMAC-SHA1", ) +
348
- %q(oauth_timestamp="1391021695", ) +
349
- %q(oauth_version="1.0")
350
- test_config_methods_nonce_used_false = Module.new do
351
- include OAuthenticatorTestConfigMethods
352
- def nonce_used?
353
- false
354
- end
355
- end
356
- app = OAuthenticator::RackAuthenticator.new(simpleapp, :config_methods => test_config_methods_nonce_used_false)
357
- assert_response(200, '☺', *app.call(request.env))
358
- assert_response(401, /Authorization oauth_nonce.*has already been used/m, *app.call(request.env))
359
- end
360
- it 'omits signature' do
361
- Timecop.travel Time.at 1391021695
362
- consumer # cause this to be created
363
- request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'GET'))
364
- request.env['HTTP_AUTHORIZATION'] = %q(OAuth oauth_consumer_key="test_client_app_key", ) +
365
- %q(oauth_nonce="c1c2bd8676d44e48691c8dceffa66a96", ) +
366
- #%q(oauth_signature="Xy1s5IUn8x0U2KPyHBw4B2cHZMo%3D", ) +
367
- %q(oauth_signature_method="HMAC-SHA1", ) +
368
- %q(oauth_timestamp="1391021695", ) +
369
- %q(oauth_version="1.0")
370
- assert_response(401, /Authorization oauth_signature.*is missing/m, *oapp.call(request.env))
371
- end
372
- it 'omits signature method' do
373
- Timecop.travel Time.at 1391021695
374
- consumer # cause this to be created
375
- request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'GET'))
376
- request.env['HTTP_AUTHORIZATION'] = %q(OAuth oauth_consumer_key="test_client_app_key", ) +
377
- %q(oauth_nonce="c1c2bd8676d44e48691c8dceffa66a96", ) +
378
- %q(oauth_signature="Xy1s5IUn8x0U2KPyHBw4B2cHZMo%3D", ) +
379
- #%q(oauth_signature_method="HMAC-SHA1", ) +
380
- %q(oauth_timestamp="1391021695", ) +
381
- %q(oauth_version="1.0")
382
- assert_response(401, /Authorization oauth_signature_method.*is missing/m, *oapp.call(request.env))
383
- end
384
- it 'specifies an invalid signature method' do
385
- Timecop.travel Time.at 1391021695
386
- consumer # cause this to be created
387
- request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'GET'))
388
- request.env['HTTP_AUTHORIZATION'] = %q(OAuth oauth_consumer_key="test_client_app_key", ) +
389
- %q(oauth_nonce="c1c2bd8676d44e48691c8dceffa66a96", ) +
390
- %q(oauth_signature="Xy1s5IUn8x0U2KPyHBw4B2cHZMo%3D", ) +
391
- %q(oauth_signature_method="ROT13", ) +
392
- %q(oauth_timestamp="1391021695", ) +
393
- %q(oauth_version="1.0")
394
- assert_response(401, /Authorization oauth_signature_method.*must be one of HMAC-SHA1, RSA-SHA1, PLAINTEXT; got: ROT13/m, *oapp.call(request.env))
395
- end
396
- it 'has an invalid signature' do
397
- Timecop.travel Time.at 1391021695
398
- consumer # cause this to be created
399
- request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'GET'))
400
- request.env['HTTP_AUTHORIZATION'] = %q(OAuth oauth_consumer_key="test_client_app_key", ) +
401
- %q(oauth_nonce="c1c2bd8676d44e48691c8dceffa66a96", ) +
402
- %q(oauth_signature="totallylegit", ) +
403
- %q(oauth_signature_method="HMAC-SHA1", ) +
404
- %q(oauth_timestamp="1391021695", ) +
405
- %q(oauth_version="1.0")
406
- assert_response(401, /Authorization oauth_signature.*is invalid/m, *oapp.call(request.env))
407
- end
408
-
409
- describe 'oauth_body_hash' do
410
- it 'has a valid body hash' do
411
- Timecop.travel Time.at 1391021695
412
- consumer # cause this to be created
413
- request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'PUT', :input => 'hello', 'CONTENT_TYPE' => 'text/plain'))
414
- request.env['HTTP_AUTHORIZATION'] = %q(OAuth oauth_consumer_key="test_client_app_key", ) +
415
- %q(oauth_nonce="c1c2bd8676d44e48691c8dceffa66a96", ) +
416
- %q(oauth_signature="RkmgdKV4zUPAlY1%2BkjwPSuCSr%2F8%3D", ) +
417
- %q(oauth_signature_method="HMAC-SHA1", ) +
418
- %q(oauth_timestamp="1391021695", ) +
419
- %q(oauth_version="1.0", ) +
420
- %q(oauth_body_hash="qvTGHdzF6KLavt4PO0gs2a6pQ00%3D")
421
- assert_response(200, '☺', *oapp.call(request.env))
422
- end
423
-
424
- it 'has an incorrect body hash' do
425
- Timecop.travel Time.at 1391021695
426
- consumer # cause this to be created
427
- request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'PUT', :input => 'hello', 'CONTENT_TYPE' => 'text/plain'))
428
- request.env['HTTP_AUTHORIZATION'] = %q(OAuth oauth_consumer_key="test_client_app_key", ) +
429
- %q(oauth_nonce="c1c2bd8676d44e48691c8dceffa66a96", ) +
430
- %q(oauth_signature="RkmgdKV4zUPAlY1%2BkjwPSuCSr%2F8%3D", ) +
431
- %q(oauth_signature_method="HMAC-SHA1", ) +
432
- %q(oauth_timestamp="1391021695", ) +
433
- %q(oauth_version="1.0", ) +
434
- %q(oauth_body_hash="yes this is authentic")
435
- assert_response(401, /Authorization oauth_body_hash.*is invalid/m, *oapp.call(request.env))
436
- end
437
-
438
- it 'has a body hash when one is not allowed (even if it is correct)' do
439
- Timecop.travel Time.at 1391021695
440
- consumer # cause this to be created
441
- request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'PUT', :input => 'hello', 'CONTENT_TYPE' => 'application/x-www-form-urlencoded'))
442
- request.env['HTTP_AUTHORIZATION'] = %q(OAuth oauth_consumer_key="test_client_app_key", ) +
443
- %q(oauth_nonce="c1c2bd8676d44e48691c8dceffa66a96", ) +
444
- %q(oauth_signature="DG9qcuXaMPMx0fOcVFiUEPdYQnY%3D", ) +
445
- %q(oauth_signature_method="HMAC-SHA1", ) +
446
- %q(oauth_timestamp="1391021695", ) +
447
- %q(oauth_version="1.0", ) +
448
- %q(oauth_body_hash="qvTGHdzF6KLavt4PO0gs2a6pQ00%3D")
449
- assert_response(401, /Authorization oauth_body_hash.*must not be included with form-encoded requests/m, *oapp.call(request.env))
450
- end
451
-
452
- it 'has a body hash with PLAINTEXT' do
453
- Timecop.travel Time.at 1391021695
454
- consumer # cause this to be created
455
- request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'PUT', :input => 'hello', 'CONTENT_TYPE' => 'text/plain'))
456
- request.env['HTTP_AUTHORIZATION'] = %q(OAuth oauth_consumer_key="test_client_app_key", ) +
457
- %q(oauth_nonce="c1c2bd8676d44e48691c8dceffa66a96", ) +
458
- %q(oauth_signature="test_client_app_secret%26", ) +
459
- %q(oauth_signature_method="PLAINTEXT", ) +
460
- %q(oauth_timestamp="1391021695", ) +
461
- %q(oauth_version="1.0", ) +
462
- %q(oauth_body_hash="qvTGHdzF6KLavt4PO0gs2a6pQ00%3D")
463
- assert_response(200, '☺', *oapp.call(request.env))
464
- end
465
-
466
- describe 'body hash is required' do
467
- let(:hashrequiredapp) do
468
- hash_required_config = Module.new do
469
- include OAuthenticatorTestConfigMethods
470
- define_method(:body_hash_required?) { true }
471
- end
472
- OAuthenticator::RackAuthenticator.new(simpleapp, :config_methods => hash_required_config)
473
- end
474
-
475
- it 'is missing a body hash, one is not allowed' do
476
- Timecop.travel Time.at 1391021695
477
- consumer # cause this to be created
478
- request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'PUT', :input => 'hello', 'CONTENT_TYPE' => 'application/x-www-form-urlencoded'))
479
- request.env['HTTP_AUTHORIZATION'] = %q(OAuth oauth_consumer_key="test_client_app_key", ) +
480
- %q(oauth_nonce="c1c2bd8676d44e48691c8dceffa66a96", ) +
481
- %q(oauth_signature="DG9qcuXaMPMx0fOcVFiUEPdYQnY%3D", ) +
482
- %q(oauth_signature_method="HMAC-SHA1", ) +
483
- %q(oauth_timestamp="1391021695", ) +
484
- %q(oauth_version="1.0")
485
- assert_response(200, '☺', *hashrequiredapp.call(request.env))
486
- end
487
- it 'is missing a body hash, one is allowed' do
488
- Timecop.travel Time.at 1391021695
489
- consumer # cause this to be created
490
- request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'PUT', :input => 'hello', 'CONTENT_TYPE' => 'text/plain'))
491
- request.env['HTTP_AUTHORIZATION'] = %q(OAuth oauth_consumer_key="test_client_app_key", ) +
492
- %q(oauth_nonce="c1c2bd8676d44e48691c8dceffa66a96", ) +
493
- %q(oauth_signature="czC%2F9Z8tE1H4AJaT8lOKLokrWRE%3D", ) +
494
- %q(oauth_signature_method="HMAC-SHA1", ) +
495
- %q(oauth_timestamp="1391021695", ) +
496
- %q(oauth_version="1.0")
497
- assert_response(401, /Authorization oauth_body_hash.*is required \(on non-form-encoded requests\)/m, *hashrequiredapp.call(request.env))
498
- end
499
- end
500
-
501
- describe 'body hash not required' do
502
- it 'is missing a body hash, one is not allowed' do
503
- Timecop.travel Time.at 1391021695
504
- consumer # cause this to be created
505
- request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'PUT', :input => 'hello', 'CONTENT_TYPE' => 'application/x-www-form-urlencoded'))
506
- request.env['HTTP_AUTHORIZATION'] = %q(OAuth oauth_consumer_key="test_client_app_key", ) +
507
- %q(oauth_nonce="c1c2bd8676d44e48691c8dceffa66a96", ) +
508
- %q(oauth_signature="DG9qcuXaMPMx0fOcVFiUEPdYQnY%3D", ) +
509
- %q(oauth_signature_method="HMAC-SHA1", ) +
510
- %q(oauth_timestamp="1391021695", ) +
511
- %q(oauth_version="1.0")
512
- assert_response(200, '☺', *oapp.call(request.env))
513
- end
514
- it 'is missing a body hash, one is allowed' do
515
- Timecop.travel Time.at 1391021695
516
- consumer # cause this to be created
517
- request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'PUT', :input => 'hello', 'CONTENT_TYPE' => 'text/plain'))
518
- request.env['HTTP_AUTHORIZATION'] = %q(OAuth oauth_consumer_key="test_client_app_key", ) +
519
- %q(oauth_nonce="c1c2bd8676d44e48691c8dceffa66a96", ) +
520
- %q(oauth_signature="czC%2F9Z8tE1H4AJaT8lOKLokrWRE%3D", ) +
521
- %q(oauth_signature_method="HMAC-SHA1", ) +
522
- %q(oauth_timestamp="1391021695", ) +
523
- %q(oauth_version="1.0")
524
- assert_response(200, '☺', *oapp.call(request.env))
525
- end
526
- end
527
- end
528
-
529
- describe :bypass do
530
- it 'bypasses with invalid request' do
531
- oapp = OAuthenticator::RackAuthenticator.new(simpleapp, :bypass => proc { true }, :config_methods => OAuthenticatorTestConfigMethods)
532
- env = Rack::MockRequest.env_for('/', :method => 'GET').merge({'HTTP_AUTHORIZATION' => 'oauth ?'})
533
- assert_response(200, '☺', *oapp.call(env))
534
- end
535
-
536
- it 'does not bypass with invalid request' do
537
- oapp = OAuthenticator::RackAuthenticator.new(simpleapp, :bypass => proc { false }, :config_methods => OAuthenticatorTestConfigMethods)
538
- assert_equal(401, oapp.call({}).first)
539
- end
540
-
541
- it 'bypasses with valid request' do
542
- was_authenticated = nil
543
- bapp = proc { |env| was_authenticated = env['oauth.authenticated']; [200, {}, ['☺']] }
544
- boapp = OAuthenticator::RackAuthenticator.new(bapp, :bypass => proc { true }, :config_methods => OAuthenticatorTestConfigMethods)
545
- request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'GET'))
546
- request.env['HTTP_AUTHORIZATION'] = OAuthenticator::SignableRequest.new({
547
- :request_method => request.request_method,
548
- :uri => request.url,
549
- :media_type => request.media_type,
550
- :body => request.body,
551
- :signature_method => 'HMAC-SHA1',
552
- :consumer_key => consumer_key,
553
- :consumer_secret => consumer_secret
554
- }).authorization
555
- assert_response(200, '☺', *boapp.call(request.env))
556
- assert(was_authenticated == false)
557
- end
558
-
559
- it 'does not bypass with valid request' do
560
- was_authenticated = nil
561
- bapp = proc { |env| was_authenticated = env['oauth.authenticated']; [200, {}, ['☺']] }
562
- boapp = OAuthenticator::RackAuthenticator.new(bapp, :bypass => proc { false }, :config_methods => OAuthenticatorTestConfigMethods)
563
- request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'GET'))
564
- request.env['HTTP_AUTHORIZATION'] = OAuthenticator::SignableRequest.new({
565
- :request_method => request.request_method,
566
- :uri => request.url,
567
- :media_type => request.media_type,
568
- :body => request.body,
569
- :signature_method => 'HMAC-SHA1',
570
- :consumer_key => consumer_key,
571
- :consumer_secret => consumer_secret
572
- }).authorization
573
- assert_response(200, '☺', *boapp.call(request.env))
574
- assert(was_authenticated == true)
575
- end
576
- end
577
-
578
- describe 'rack env variables' do
579
- let :request do
580
- Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'GET')).tap do |request|
581
- request.env['HTTP_AUTHORIZATION'] = OAuthenticator::SignableRequest.new({
582
- :request_method => request.request_method,
583
- :uri => request.url,
584
- :media_type => request.media_type,
585
- :body => request.body,
586
- :signature_method => 'HMAC-SHA1',
587
- :consumer_key => consumer_key,
588
- :consumer_secret => consumer_secret,
589
- :token => token,
590
- :token_secret => token_secret,
591
- }).authorization
592
- end
593
- end
594
-
595
- it 'sets oauth.authenticated, oauth.token, oauth.consumer_key, oauth.signed_request' do
596
- oauth_authenticated = nil
597
- oauth_token = nil
598
- oauth_consumer_key = nil
599
- oauth_signed_request = nil
600
- testapp = proc do |env|
601
- oauth_authenticated = env['oauth.authenticated']
602
- oauth_token = env['oauth.token']
603
- oauth_consumer_key = env['oauth.consumer_key']
604
- oauth_signed_request = env['oauth.signed_request']
605
- [200, {}, ['☺']]
606
- end
607
- otestapp = OAuthenticator::RackAuthenticator.new(testapp, :config_methods => OAuthenticatorTestConfigMethods)
608
- assert_response(200, '☺', *otestapp.call(request.env))
609
- assert_equal(token, oauth_token)
610
- assert_equal(consumer_key, oauth_consumer_key)
611
- assert_equal(true, oauth_authenticated)
612
- assert_kind_of(OAuthenticator::SignedRequest, oauth_signed_request)
613
- end
614
- end
615
- end
@@ -1,61 +0,0 @@
1
- # encoding: utf-8
2
- proc { |p| $:.unshift(p) unless $:.any? { |lp| File.expand_path(lp) == p } }.call(File.expand_path('.', File.dirname(__FILE__)))
3
- require 'helper'
4
-
5
- require 'oauthenticator/rack_test_signer'
6
-
7
- # not going to test a ton here, since the rack test signer mostly just calls to SignableRequest which is
8
- # rather well-tested
9
- describe OAuthenticator::RackTestSigner do
10
- def assert_response(expected_status, expected_body, rack_response)
11
- assert_equal expected_status.to_i, rack_response.status.to_i, "Expected status to be #{expected_status.inspect}" +
12
- "; got #{rack_response.status.inspect}. body was: #{rack_response.body}"
13
- assert expected_body === rack_response.body, "Expected match for #{expected_body}; got #{rack_response.body}"
14
- end
15
-
16
- def app
17
- oapp
18
- end
19
-
20
- # this will construct the rack test session for us
21
- include Rack::Test::Methods
22
-
23
- it 'succeeds' do
24
- signing_options = {
25
- :signature_method => 'PLAINTEXT',
26
- :consumer_key => consumer_key,
27
- :consumer_secret => consumer_secret,
28
- :token => token,
29
- :token_secret => token_secret,
30
- }
31
-
32
- response = OAuthenticator.signing_rack_test(signing_options) { get '/' }
33
- assert_response 200, '☺', response
34
- end
35
-
36
- it 'succeeds with form-encoded with HMAC' do
37
- signing_options = {
38
- :signature_method => 'HMAC-SHA1',
39
- :consumer_key => consumer_key,
40
- :consumer_secret => consumer_secret,
41
- :token => token,
42
- :token_secret => token_secret,
43
- }
44
-
45
- response = OAuthenticator.signing_rack_test(signing_options) { put('/', :foo => {:bar => :baz}) }
46
- assert_response 200, '☺', response
47
- end
48
-
49
- it 'is unauthorized' do
50
- signing_options = {
51
- :signature_method => 'PLAINTEXT',
52
- :consumer_key => consumer_key,
53
- :consumer_secret => 'nope',
54
- :token => token,
55
- :token_secret => 'definitelynot',
56
- }
57
-
58
- response = OAuthenticator.signing_rack_test(signing_options) { get '/' }
59
- assert_response 401, /Authorization oauth_signature.*is invalid/m, response
60
- end
61
- end