oauthenticator 1.4.0 → 1.4.1

data/test/signable_request_test.rb

@@ -1,676 +0,0 @@
-# encoding: utf-8
-proc { |p| $:.unshift(p) unless $:.any? { |lp| File.expand_path(lp) == p } }.call(File.expand_path('.', File.dirname(__FILE__)))
-require 'helper'
-
-describe OAuthenticator::SignableRequest do
-  let :base_example_initialize_attrs do
-    {
-      :request_method => 'get',
-      :uri => 'http://example.com',
-      :media_type => 'text/plain',
-      :body => 'hi there',
-    }
-  end
-  let :example_initialize_attrs do
-    base_example_initialize_attrs.merge({
-      :consumer_key => 'a consumer key',
-      :consumer_secret => 'a consumer secret',
-      :signature_method => 'PLAINTEXT'
-    })
-  end
-
-  def example_request(attributes={})
-    OAuthenticator::SignableRequest.new(example_initialize_attrs.reject do |k,_|
-      attributes.keys.any? { |ak| ak.to_s == k.to_s }
-    end.merge(attributes))
-  end
-
-  def example_signed_request(authorization, attributes={})
-    attributes = attributes.merge(:authorization => authorization)
-    OAuthenticator::SignableRequest.new(base_example_initialize_attrs.reject do |k,_|
-      attributes.keys.any? { |ak| ak.to_s == k.to_s }
-    end.merge(attributes))
-  end
-
-  let :rsa_private_key do
-    %q(
-      -----BEGIN PRIVATE KEY-----
-      MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBALRiMLAh9iimur8V
-      A7qVvdqxevEuUkW4K+2KdMXmnQbG9Aa7k7eBjK1S+0LYmVjPKlJGNXHDGuy5Fw/d
-      7rjVJ0BLB+ubPK8iA/Tw3hLQgXMRRGRXXCn8ikfuQfjUS1uZSatdLB81mydBETlJ
-      hI6GH4twrbDJCR2Bwy/XWXgqgGRzAgMBAAECgYBYWVtleUzavkbrPjy0T5FMou8H
-      X9u2AC2ry8vD/l7cqedtwMPp9k7TubgNFo+NGvKsl2ynyprOZR1xjQ7WgrgVB+mm
-      uScOM/5HVceFuGRDhYTCObE+y1kxRloNYXnx3ei1zbeYLPCHdhxRYW7T0qcynNmw
-      rn05/KO2RLjgQNalsQJBANeA3Q4Nugqy4QBUCEC09SqylT2K9FrrItqL2QKc9v0Z
-      zO2uwllCbg0dwpVuYPYXYvikNHHg+aCWF+VXsb9rpPsCQQDWR9TT4ORdzoj+Nccn
-      qkMsDmzt0EfNaAOwHOmVJ2RVBspPcxt5iN4HI7HNeG6U5YsFBb+/GZbgfBT3kpNG
-      WPTpAkBI+gFhjfJvRw38n3g/+UeAkwMI2TJQS4n8+hid0uus3/zOjDySH3XHCUno
-      cn1xOJAyZODBo47E+67R4jV1/gzbAkEAklJaspRPXP877NssM5nAZMU0/O/NGCZ+
-      3jPgDUno6WbJn5cqm8MqWhW1xGkImgRk+fkDBquiq4gPiT898jusgQJAd5Zrr6Q8
-      AO/0isr/3aa6O6NLQxISLKcPDk2NOccAfS/xOtfOz4sJYM3+Bs4Io9+dZGSDCA54
-      Lw03eHTNQghS0A==
-      -----END PRIVATE KEY-----
-    ).strip.split("\n").map(&:strip).join("\n")
-  end
-
-  describe 'initialize' do
-    describe 'default attributes' do
-      describe 'with any signature method' do
-        OAuthenticator::SignableRequest::SIGNATURE_METHODS.keys.each do |signature_method|
-          it("defaults to version 1.0 with #{signature_method}") do
-            request = example_request(:signature_method => signature_method)
-            assert_equal('1.0', request.protocol_params['oauth_version'])
-          end
-          it("lets you omit version if you really want to with #{signature_method}") do
-            request = example_request(:version => nil, :signature_method => signature_method)
-            assert(!request.protocol_params.key?('oauth_version'))
-          end
-        end
-      end
-      describe 'not plaintext' do
-        it('generates nonces') do
-          nonces = 2.times.map do
-            example_request(:signature_method => 'HMAC-SHA1').protocol_params['oauth_nonce']
-          end
-          assert_equal(2, nonces.uniq.compact.size)
-        end
-        it 'generates timestamp' do
-          Timecop.freeze Time.at 1391021695
-          request = example_request(:signature_method => 'HMAC-SHA1')
-          assert_equal 1391021695.to_s, request.protocol_params['oauth_timestamp']
-        end
-      end
-      describe 'plaintext' do
-        it('does not generate nonces') do
-          request = example_request(:signature_method => 'PLAINTEXT')
-          assert(!request.protocol_params.key?('oauth_nonce'))
-        end
-        it 'does not generate timestamp' do
-          request = example_request(:signature_method => 'PLAINTEXT')
-          assert(!request.protocol_params.key?('oauth_timestamp'))
-        end
-      end
-    end
-
-    it 'accepts string and symbol' do
-      initialize_attr_variants = [
-        # by string
-        example_initialize_attrs.map { |k,v| {k.to_s => v} }.inject({}, &:update),
-        # by symbol
-        example_initialize_attrs.map { |k,v| {k.to_sym => v} }.inject({}, &:update),
-        # random mix
-        example_initialize_attrs.map { |k,v| {rand(2) == 0 ? k.to_s : k.to_sym => v} }.inject({}, &:update),
-      ]
-      authorizations = initialize_attr_variants.map do |attrs|
-        OAuthenticator::SignableRequest.new(attrs).authorization
-      end
-      assert_equal(1, authorizations.uniq.size)
-    end
-
-    it 'checks type' do
-      assert_raises(TypeError) { OAuthenticator::SignableRequest.new("hello!") }
-    end
-
-    it 'checks authorization type' do
-      assert_raises(TypeError) { example_request(:authorization => "hello!") }
-    end
-
-    it 'does not allow protocol parameters to be specified when authorization is specified' do
-      OAuthenticator::SignableRequest::PROTOCOL_PARAM_KEYS.map do |key|
-        assert_raises(ArgumentError) do
-          example_signed_request({}, key => 'val')
-        end
-      end
-    end
-
-    describe 'required attributes' do
-      it 'complains about missing required params' do
-        err = assert_raises(ArgumentError) { OAuthenticator::SignableRequest.new({}) }
-        %w(request_method uri media_type body consumer_key signature_method).each do |required|
-          assert_match(/#{required}/, err.message)
-        end
-      end
-    end
-  end
-
-  describe 'the example in 3.1' do
-    # a request with attributes from the oauth spec
-    def spec_request
-      example_request({
-        :request_method => 'POST',
-        :uri => 'http://example.com/request?b5=%3D%253D&a3=a&c%40=&a2=r%20b',
-        :media_type => 'application/x-www-form-urlencoded',
-        :body => 'c2&a3=2+q',
-        :consumer_key => '9djdj82h48djs9d2',
-        :token => 'kkk9d7dh3k39sjv7',
-        :consumer_secret => 'j49sk3j29djd',
-        :token_secret => 'dh893hdasih9',
-        :signature_method => 'HMAC-SHA1',
-        :timestamp => '137131201',
-        :nonce => '7d8f3e4a',
-        :version => nil,
-        :realm => "Example",
-      })
-    end
-
-    it 'has the same signature base string' do
-      spec_signature_base = (
-        "POST&http%3A%2F%2Fexample.com%2Frequest&a2%3Dr%2520b%26a3%3D2%2520q" +
-        "%26a3%3Da%26b5%3D%253D%25253D%26c%2540%3D%26c2%3D%26oauth_consumer_" +
-        "key%3D9djdj82h48djs9d2%26oauth_nonce%3D7d8f3e4a%26oauth_signature_m" +
-        "ethod%3DHMAC-SHA1%26oauth_timestamp%3D137131201%26oauth_token%3Dkkk" +
-        "9d7dh3k39sjv7"
-      )
-      assert_equal(spec_signature_base, spec_request.send(:signature_base))
-    end
-
-    it 'has the same normalized parameters' do
-      spec_normalized_request_params_string = (
-        "a2=r%20b&a3=2%20q&a3=a&b5=%3D%253D&c%40=&c2=&oauth_consumer_key=9dj" +
-        "dj82h48djs9d2&oauth_nonce=7d8f3e4a&oauth_signature_method=HMAC-SHA1" +
-        "&oauth_timestamp=137131201&oauth_token=kkk9d7dh3k39sjv7"
-      )
-      assert_equal(spec_normalized_request_params_string, spec_request.send(:normalized_request_params_string))
-
-    end
-
-    it 'calculates authorization the same' do
-      # a keen observer may note that the signature is different than the one in the actual spec. the spec is
-      # in error - see http://www.rfc-editor.org/errata_search.php?rfc=5849
-      spec_authorization = OAuthenticator.parse_authorization(%q(OAuth realm="Example",
-        oauth_consumer_key="9djdj82h48djs9d2",
-        oauth_token="kkk9d7dh3k39sjv7",
-        oauth_signature_method="HMAC-SHA1",
-        oauth_timestamp="137131201",
-        oauth_nonce="7d8f3e4a",
-        oauth_signature="r6%2FTJjbCOr97%2F%2BUU0NsvSne7s5g%3D"
-      ))
-      assert_equal(spec_authorization, spec_request.signed_protocol_params)
-    end
-  end
-
-  describe '#authorization' do
-    it 'has the parameter name followed by an = and a quoted encoded value' do
-      many_characters = %q( !#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[]^_`abcdefghijklmnopqrstuvwxyz{|}~Ā)
-      authorization = example_request(:consumer_key => many_characters).authorization
-      # only alphas, numerics, and -._~ remain unencoded per 3.6
-      # hexes are uppercase 
-      assert authorization.include?(%q(consumer_key="%20%21%23%24%25%26%27%28%29%2A%2B%2C-.%2F0123456789%3A%3B%3C%3D%3E%3F%40ABCDEFGHIJKLMNOPQRSTUVWXYZ%5B%5D%5E_%60abcdefghijklmnopqrstuvwxyz%7B%7C%7D~%C4%80"))
-    end
-
-    it 'generally looks like: OAuth key="quoted-value", anotherkey="anothervalue"' do
-      assert_equal(%q(OAuth ) +
-        %q(oauth_consumer_key="a%20consumer%20key", ) +
-        %q(oauth_signature="a%2520consumer%2520secret%26", ) +
-        %q(oauth_signature_method="PLAINTEXT", ) +
-        %q(oauth_version="1.0"),
-        example_request.authorization
-      )
-    end
-  end
-
-  describe 'signature' do
-    describe 'PLAINTEXT' do
-      it 'signs with the consumer and token secrets, encoded and &-joined' do
-        request = example_request(:token => 'a token', :token_secret => 'a token secret', :signature_method => 'PLAINTEXT')
-        assert_equal('a%20consumer%20secret&a%20token%20secret', request.signed_protocol_params['oauth_signature'])
-      end
-    end
-
-    describe 'HMAC-SHA1' do
-      it 'signs with a HMAC-SHA1 digest of the signature base' do
-        request = example_request(
-          :token => 'a token',
-          :token_secret => 'a token secret',
-          :signature_method => 'HMAC-SHA1',
-          :nonce => 'a nonce',
-          :timestamp => 1397726597,
-          :hash_body? => false
-        )
-        assert_equal('rVKcy4CgAih1kv4HAMGiNnjmUJk=', request.signed_protocol_params['oauth_signature'])
-      end
-    end
-
-    describe 'HMAC-SHA256' do
-      it 'signs with a HMAC-SHA256 digest of the signature base' do
-        request = example_request(
-          :token => 'a token',
-          :token_secret => 'a token secret',
-          :signature_method => 'HMAC-SHA256',
-          :nonce => 'a nonce',
-          :timestamp => 1397726597,
-          :hash_body? => false
-        )
-        assert_equal('Cb4UAr3l25eqC7p2PSm0l6j7lgXvh5SPnMOhPAJ1jWU=', request.signed_protocol_params['oauth_signature'])
-      end
-    end
-
-    describe 'RSA-SHA1' do
-      it 'signs with a RSA private key SHA1 signature' do
-        request = example_request(
-          :consumer_secret => rsa_private_key,
-          :token => 'a token',
-          :token_secret => 'a token secret',
-          :signature_method => 'RSA-SHA1',
-          :nonce => 'a nonce',
-          :timestamp => 1397726597,
-          :hash_body? => false
-        )
-        assert_equal(
-          "s3/TkrCJw54tOpsKUHkoQ9PeH1r4wB2fNb70XC2G1ef7Wb/dwwNUOhtjtpGMSDhmYQHzEPt0dAJ+PgeNs1O5NZJQB5JqdsmrhLS3ZdHx2iucxYvZSuDNi0GxaEepz5VS9rg+y5Gmep60BpAKhX0KGnkMY9HIhomTPSrYidAfDOE=",
-          request.signed_protocol_params['oauth_signature']
-        )
-      end
-
-      it 'ignores the token secret' do
-        request_attrs = {
-          :consumer_secret => rsa_private_key,
-          :token => 'a token',
-          :signature_method => 'RSA-SHA1',
-          :nonce => 'a nonce',
-          :timestamp => 1397726597,
-        }
-        request1 = example_request(request_attrs.merge(:token_secret => 'a token secret'))
-        request2 = example_request(request_attrs.merge(:token_secret => 'an entirely different token secret'))
-        assert_equal(request1.signature, request2.signature)
-        assert_equal(request1.authorization, request2.authorization)
-      end
-
-      describe 'with an invalid key' do
-        it 'errors' do
-          assert_raises(OpenSSL::PKey::RSAError) { example_request(:signature_method => 'RSA-SHA1').signature }
-        end
-      end
-    end
-  end
-
-  describe 'protocol_params' do
-    it 'includes given protocol params with an oauth_ prefix' do
-      OAuthenticator::SignableRequest::PROTOCOL_PARAM_KEYS.each do |param_key|
-        assert_equal(example_request(param_key => 'a value').protocol_params["oauth_#{param_key}"], 'a value')
-      end
-    end
-    it 'does not include a calculated signature' do
-      assert !example_request.protocol_params.key?('oauth_signature')
-    end
-    it 'does include the signature of a given authorization' do
-      assert_equal('a signature', example_signed_request('oauth_signature' => 'a signature').protocol_params['oauth_signature'])
-    end
-    it 'does include unknown parameters of a given authorization' do
-      assert_equal('bar', example_signed_request('foo' => 'bar').protocol_params['foo'])
-    end
-  end
-
-  describe 'signed_protocol_params' do
-    it 'includes a signature' do
-      assert_equal 'a%20consumer%20secret&', example_request.signed_protocol_params['oauth_signature']
-    end
-
-    it 'has a different signature than the given authorization if the given authorization is wrong' do
-      request = example_signed_request({
-          'oauth_consumer_key' => 'a consumer key',
-          'oauth_signature' => 'wrong%20secret&',
-          'oauth_signature_method' => 'PLAINTEXT',
-        },
-        {:consumer_secret => 'a consumer secret'}
-      )
-      refute_equal(
-        request.protocol_params['oauth_signature'],
-        request.signed_protocol_params['oauth_signature']
-      )
-    end
-  end
-
-  describe 'uri, per section 3.4.1.2' do
-    it 'lowercases scheme and host' do
-      [
-        'http://example.com/FooBar',
-        'Http://Example.com/FooBar',
-        'HTTP://EXAMPLE.cOM/FooBar',
-      ].each do |uri|
-        assert_equal('http://example.com/FooBar', example_request(:uri => uri).send(:base_string_uri))
-      end
-    end
-
-    it 'normalizes port' do
-      assert_equal('http://example.com/F', example_request(:uri => 'http://example.com/F').send(:base_string_uri))
-      assert_equal('http://example.com/F', example_request(:uri => 'http://example.com:80/F').send(:base_string_uri))
-      assert_equal('http://example.com:81/F', example_request(:uri => 'http://example.com:81/F').send(:base_string_uri))
-      assert_equal('https://example.com/F', example_request(:uri => 'https://example.com/F').send(:base_string_uri))
-      assert_equal('https://example.com/F', example_request(:uri => 'https://example.com:443/F').send(:base_string_uri))
-      assert_equal('https://example.com:444/F', example_request(:uri => 'https://example.com:444/F').send(:base_string_uri))
-    end
-
-    it 'excludes query and fragment' do
-      assert_equal('http://example.com/FooBar', example_request(:uri => 'http://example.com/FooBar?foo=bar#foobar').send(:base_string_uri))
-      assert_equal('http://example.com/FooBar', example_request(:uri => 'http://example.com/FooBar#foobar').send(:base_string_uri))
-    end
-  end
-
-  it 'accepts string or symbol request methods' do
-    {'GET' => [:get, :Get, :GET, 'GeT', 'get'], 'OPTIONS' => [:options, 'Options']}.each do |norm, variants|
-      variants.each do |request_method|
-        assert_equal(norm, example_request(:request_method => request_method).send(:normalized_request_method))
-      end
-    end
-  end
-
-  describe 'body' do
-    it 'takes a string' do
-      assert_equal('abody', example_request(:body => 'abody').send(:read_body))
-    end
-    it 'takes an IO' do
-      assert_equal('abody', example_request(:body => StringIO.new('abody')).send(:read_body))
-    end
-    it 'takes nil' do
-      assert_equal('', example_request(:body => nil).send(:read_body))
-    end
-    it 'rejects something else' do
-      assert_raises(TypeError) { example_request(:body => Object.new).send(:read_body) }
-    end
-    it 'calculates their authorization the same' do
-      request_io_body = example_request(:body => StringIO.new('abody'))
-      request_str_body = example_request(:body => 'abody')
-      assert_equal(request_io_body.authorization, request_str_body.authorization)
-    end
-  end
-
-  describe 'signature_base' do
-    it 'includes unrecognized authorization params when calculating signature base' do
-      authorization = %q(OAuth realm="Example",
-        oauth_foo="bar",
-        oauth_consumer_key="9djdj82h48djs9d2",
-        oauth_signature_method="HMAC-SHA1",
-        oauth_timestamp="137131201",
-        oauth_nonce="7d8f3e4a"
-      )
-      assert(example_signed_request(OAuthenticator.parse_authorization(authorization)).send(:signature_base).include?("oauth_foo%3Dbar"))
-    end
-
-    it 'does include body in a formencoded request' do
-      assert(example_request(:media_type => 'application/x-www-form-urlencoded', :body => 'foo=bar').send(:signature_base).include?('foo'))
-    end
-
-    it 'does include body in a formencoded request with alternate capitalization' do
-      assert(example_request(:media_type => 'APPLICATION/X-WWW-FORM-URLENCODED', :body => 'foo=bar').send(:signature_base).include?('foo'))
-    end
-
-    it 'does not include body in a non-formencoded request' do
-      assert(!example_request(:media_type => 'text/plain', :body => 'foo=bar').send(:signature_base).include?('foo'))
-    end
-  end
-
-  describe 'normalized request params' do
-    describe 'normalized request params string' do
-      # this is effectively tested by #authorization so we won't here 
-    end
-    describe 'protocol params' do
-      it 'does not include realm with a new request' do
-        request = example_request(:realm => 'everywhere')
-        assert(!request.send(:normalized_request_params).any? { |k,v| k.downcase == 'realm' })
-      end
-      it 'does not include realm with a previously-signed request' do
-        request = example_signed_request('realm' => 'somewhere')
-        assert(!request.send(:normalized_request_params).any? { |k,v| k.downcase == 'realm' })
-      end
-      it 'does not include signature' do
-        request = example_signed_request('oauth_signature' => 'totallylegit', 'foo' => 'bar')
-        assert(!request.send(:normalized_request_params).any? { |k,v| k.downcase == 'oauth_signature' })
-      end
-      it 'does include all other given params' do
-        request = example_signed_request(
-          'realm' => 'somewhere',
-          'foo' => 'bar',
-          'oauth_signature' => 'totallylegit',
-          'oauth_timestamp' => '137131201'
-        )
-        [['foo', 'bar'], ['oauth_timestamp', '137131201']].each do |pair|
-          assert(request.send(:normalized_request_params).include?(pair))
-        end
-      end
-    end
-    describe 'query params' do
-      it 'goes into normalized request params' do
-        request = example_request(:uri => 'http://example.com/?a=b&c=d&e=&f')
-        [['a', 'b'], ['c', 'd'], ['e', ''], ['f', nil]].each do |pair|
-          assert(request.send(:normalized_request_params).include?(pair))
-        end
-      end
-      it 'is empty with no query' do
-        request = example_request(:uri => 'http://example.com/')
-        assert_equal([], request.send(:query_params))
-      end
-      it 'decodes a + sign' do
-        request = example_request(:uri => 'http://example.com/?a+key=a+value')
-        assert_equal([['a key', 'a value']], request.send(:query_params))
-      end
-      it 'decodes %-encoded' do
-        request = example_request(:uri => 'http://example.com/?a%20key=a%20value')
-        assert_equal([['a key', 'a value']], request.send(:query_params))
-      end
-      it 'includes form encoded keys with an = sign and no value' do
-        request = example_request(:uri => 'http://example.com/?a=')
-        assert_equal([['a', '']], request.send(:query_params))
-      end
-      it 'includes form encoded keys with no = sign and no value' do
-        request = example_request(:uri => 'http://example.com/?a')
-        assert_equal([['a', nil]], request.send(:query_params))
-      end
-    end
-    describe 'entity params' do
-      it 'goes into normalized request params' do
-        request = example_request(:body => 'a=b&c=d&e=&f', :media_type => 'application/x-www-form-urlencoded')
-        [['a', 'b'], ['c', 'd'], ['e', ''], ['f', nil]].each do |pair|
-          assert(request.send(:normalized_request_params).include?(pair))
-        end
-      end
-      it 'includes all form encoded params' do
-        request = example_request(:body => 'a=b&c=d', :media_type => 'application/x-www-form-urlencoded')
-        assert_equal([['a', 'b'], ['c', 'd']], request.send(:entity_params))
-      end
-      it 'includes no non-form encoded params' do
-        request = example_request(:body => 'a=b&c=d', :media_type => 'text/plain')
-        assert_equal([], request.send(:entity_params))
-      end
-      it 'does not parse nested params' do
-        request = example_request(:body => 'a[b]=c', :media_type => 'application/x-www-form-urlencoded')
-        assert_equal([['a[b]', 'c']], request.send(:entity_params))
-      end
-      it 'decodes a + sign' do
-        request = example_request(:body => 'a+key=a+value', :media_type => 'application/x-www-form-urlencoded')
-        assert_equal([['a key', 'a value']], request.send(:entity_params))
-      end
-      it 'decodes %-encoded keys and values' do
-        request = example_request(:body => 'a%20key=a%20value', :media_type => 'application/x-www-form-urlencoded')
-        assert_equal([['a key', 'a value']], request.send(:entity_params))
-      end
-      it 'includes form encoded keys with an = sign and no value' do
-        request = example_request(:body => 'a=', :media_type => 'application/x-www-form-urlencoded')
-        assert_equal([['a', '']], request.send(:entity_params))
-      end
-      it 'includes form encoded keys with no = sign and no value' do
-        request = example_request(:body => 'a', :media_type => 'application/x-www-form-urlencoded')
-        assert_equal([['a', nil]], request.send(:entity_params))
-      end
-    end
-  end
-
-  describe 'body hash' do
-    describe 'default inclusion' do
-      it 'includes by default with non-form-encoded and HMAC-SHA1' do
-        request = example_request(:media_type => 'text/plain', :body => 'foo=bar', :signature_method => 'HMAC-SHA1')
-        assert_equal('L7j0ARXdHmlcviPU+Xzlsftpfu4=', request.protocol_params['oauth_body_hash'])
-      end
-      it 'includes by default with non-form-encoded and HMAC-SHA256' do
-        request = example_request(:media_type => 'text/plain', :body => 'foo=bar', :signature_method => 'HMAC-SHA256')
-        assert_equal('O6iQfnolIydIjfOQ7VF8Rblt6tAzYAIZvcpxB9HT+Io=', request.protocol_params['oauth_body_hash'])
-      end
-      it 'includes by default with non-form-encoded and RSA-SHA1' do
-        request = example_request(:media_type => 'text/plain', :body => 'foo=bar', :signature_method => 'RSA-SHA1', :consumer_secret => rsa_private_key)
-        assert_equal('L7j0ARXdHmlcviPU+Xzlsftpfu4=', request.protocol_params['oauth_body_hash'])
-      end
-      it 'does not include by default with non-form-encoded and PLAINTEXT' do
-        request = example_request(:media_type => 'text/plain', :body => 'foo=bar', :signature_method => 'PLAINTEXT')
-        assert(!request.protocol_params.key?('oauth_body_hash'))
-      end
-      it 'does not include by default with form-encoded and HMAC-SHA1' do
-        request = example_request(:media_type => 'application/x-www-form-urlencoded', :body => 'foo=bar', :signature_method => 'HMAC-SHA1')
-        assert(!request.protocol_params.key?('oauth_body_hash'))
-      end
-      it 'does not include by default with form-encoded and HMAC-SHA256' do
-        request = example_request(:media_type => 'application/x-www-form-urlencoded', :body => 'foo=bar', :signature_method => 'HMAC-SHA256')
-        assert(!request.protocol_params.key?('oauth_body_hash'))
-      end
-      it 'does not include by default with form-encoded and RSA-SHA1' do
-        request = example_request(:media_type => 'application/x-www-form-urlencoded', :body => 'foo=bar', :signature_method => 'RSA-SHA1', :consumer_secret => rsa_private_key)
-        assert(!request.protocol_params.key?('oauth_body_hash'))
-      end
-      it 'does not include by default with form-encoded and PLAINTEXT' do
-        request = example_request(:media_type => 'application/x-www-form-urlencoded', :body => 'foo=bar', :signature_method => 'PLAINTEXT')
-        assert(!request.protocol_params.key?('oauth_body_hash'))
-      end
-    end
-    it 'respects the :hash_body? option' do
-      attributes = {:media_type => 'text/plain', :body => 'foo=bar', :signature_method => 'HMAC-SHA1'}
-      # ensure these would generate the hash by default, without :hash_body?
-      assert_equal('L7j0ARXdHmlcviPU+Xzlsftpfu4=', example_request(attributes).protocol_params['oauth_body_hash'])
-      assert(!example_request(attributes.merge(:hash_body? => false)).protocol_params.key?('oauth_body_hash'))
-      assert_equal('L7j0ARXdHmlcviPU+Xzlsftpfu4=', example_request(attributes.merge(:hash_body? => true)).protocol_params['oauth_body_hash'])
-    end
-    it 'does not generate a body hash when given a authorization' do
-      assert(!example_signed_request({}).protocol_params.key?('oauth_body_hash'))
-    end
-
-    describe '#body_hash' do
-      it 'is the same as goes in protocol params when generated' do
-        request = example_request(:media_type => 'text/plain', :body => 'foo=bar', :signature_method => 'HMAC-SHA1')
-        assert_equal(request.protocol_params['oauth_body_hash'], request.body_hash)
-      end
-      it 'matches the given protocol params for a valid request' do
-        request = example_signed_request(
-          {'oauth_body_hash' => 'Lve95gjOVATpfV8EL5X4nxwjKHE=', 'oauth_signature_method' => 'HMAC-SHA1'},
-          :body => 'Hello World!', :media_type => 'text/plain'
-        )
-        assert_equal(request.protocol_params['oauth_body_hash'], request.body_hash)
-      end
-      it 'is different than the given protocol params for an invalid request' do
-        request = example_signed_request(
-          {'oauth_body_hash' => 'helloooooo?=', 'oauth_signature_method' => 'HMAC-SHA1'},
-          :body => 'Hello World!', :media_type => 'text/plain'
-        )
-        refute_equal(request.protocol_params['oauth_body_hash'], request.body_hash)
-      end
-      it 'returns nil for an unsupported signature method' do
-        assert_equal(nil, example_request(:signature_method => 'PLAINTEXT').body_hash)
-      end
-    end
-
-    describe 'example appendix A1' do
-      let :request do
-        OAuthenticator::SignableRequest.new({
-          :request_method => 'PUT',
-          :uri => 'http://www.example.com/resource',
-          :media_type => 'text/plain',
-          :body => 'Hello World!',
-          :signature_method => 'HMAC-SHA1',
-          :token => "token",
-          :consumer_key => "consumer",
-          :timestamp => "1236874236",
-          :nonce => "10369470270925",
-        })
-      end
-      it 'has the same oauth body hash' do
-        assert_equal('Lve95gjOVATpfV8EL5X4nxwjKHE=', request.signed_protocol_params['oauth_body_hash'])
-      end
-      it 'has the same signature base' do
-        assert_equal(
-          %q(PUT&http%3A%2F%2Fwww.example.com%2Fresource&oauth_body_hash%3D) +
-          %q(Lve95gjOVATpfV8EL5X4nxwjKHE%253D%26oauth_consumer_key%3Dconsum) +
-          %q(er%26oauth_nonce%3D10369470270925%26oauth_signature_method%3DH) +
-          %q(MAC-SHA1%26oauth_timestamp%3D1236874236%26oauth_token%3Dtoken%) +
-          %q(26oauth_version%3D1.0),
-          request.send(:signature_base)
-        )
-      end
-    end
-    describe 'example appendix A2' do
-      let :request do
-        OAuthenticator::SignableRequest.new({
-          :request_method => 'GET',
-          :uri => 'http://www.example.com/resource',
-          :media_type => nil,
-          :body => nil,
-          :signature_method => 'HMAC-SHA1',
-          :token => "token",
-          :consumer_key => "consumer",
-          :timestamp => "1238395022",
-          :nonce => "8628868109991",
-        })
-      end
-      it 'has the same oauth body hash' do
-        assert_equal('2jmj7l5rSw0yVb/vlWAYkK/YBwk=', request.signed_protocol_params['oauth_body_hash'])
-      end
-      it 'has the same signature base' do
-        assert_equal(
-          %q(GET&http%3A%2F%2Fwww.example.com%2Fresource&oauth_body_hash%3D2jmj7) +
-          %q(l5rSw0yVb%252FvlWAYkK%252FYBwk%253D%26oauth_consumer_key%3Dconsumer) +
-          %q(%26oauth_nonce%3D8628868109991%26oauth_signature_method%3DHMAC-SHA1) +
-          %q(%26oauth_timestamp%3D1238395022%26oauth_token%3Dtoken%26oauth_versi) +
-          %q(on%3D1.0),
-          request.send(:signature_base)
-        )
-      end
-    end
-  end
-
-  it 'reproduces a successful OAuth example GET (lifted from simple oauth)' do
-    request = OAuthenticator::SignableRequest.new(
-      :request_method => :get,
-      :uri => 'http://photos.example.net/photos',
-      :media_type => 'application/x-www-form-urlencoded',
-      :body => 'file=vacaction.jpg&size=original',
-      :consumer_key => 'dpf43f3p2l4k3l03',
-      :consumer_secret => rsa_private_key,
-      :nonce => '13917289812797014437',
-      :signature_method => 'RSA-SHA1',
-      :timestamp => '1196666512'
-    )
-    expected_protocol_params = {
-      "oauth_consumer_key" => "dpf43f3p2l4k3l03",
-      "oauth_nonce" => "13917289812797014437",
-      "oauth_signature" => "jvTp/wX1TYtByB1m+Pbyo0lnCOLIsyGCH7wke8AUs3BpnwZJtAuEJkvQL2/9n4s5wUmUl4aCI4BwpraNx4RtEXMe5qg5T1LVTGliMRpKasKsW//e+RinhejgCuzoH26dyF8iY2ZZ/5D1ilgeijhV/vBka5twt399mXwaYdCwFYE=",
-      "oauth_signature_method" => "RSA-SHA1",
-      "oauth_timestamp" => "1196666512",
-      "oauth_version" => "1.0",
-    }
-
-    assert_equal(expected_protocol_params, request.signed_protocol_params)
-  end
-
-  it 'reproduces a successful OAuth example GET (lifted from simple oauth)' do
-    request = OAuthenticator::SignableRequest.new(
-      :request_method => :get,
-      :uri => 'http://host.net/resource?name=value',
-      :media_type => 'application/x-www-form-urlencoded',
-      :body => 'name=value',
-      :consumer_key => 'abcd',
-      :consumer_secret => 'efgh',
-      :token => 'ijkl',
-      :token_secret => 'mnop',
-      :nonce => 'oLKtec51GQy',
-      :signature_method => 'PLAINTEXT',
-      :timestamp => '1286977095'
-    )
-    expected_protocol_params = {
-      "oauth_consumer_key" => "abcd",
-      "oauth_nonce" => "oLKtec51GQy",
-      "oauth_signature" => "efgh&mnop",
-      "oauth_signature_method" => "PLAINTEXT",
-      "oauth_timestamp" => "1286977095",
-      "oauth_token" => "ijkl",
-      "oauth_version" => "1.0"
-    }
-
-    assert_equal(expected_protocol_params, request.signed_protocol_params)
-  end
-end