pelle-oauth 0.2.7 → 0.3.0
Sign up to get free protection for your applications and to get access to all the features.
- data/History.txt +14 -0
- data/Manifest.txt +19 -3
- data/README.rdoc +73 -0
- data/Rakefile +34 -4
- data/TODO +14 -0
- data/bin/oauth +5 -0
- data/lib/oauth.rb +3 -3
- data/lib/oauth/cli.rb +130 -0
- data/lib/oauth/client/helper.rb +3 -2
- data/lib/oauth/consumer.rb +1 -1
- data/lib/oauth/helper.rb +3 -0
- data/lib/oauth/oauth_test_helper.rb +26 -0
- data/lib/oauth/request_proxy/action_controller_request.rb +2 -4
- data/lib/oauth/request_proxy/base.rb +31 -0
- data/lib/oauth/request_proxy/jabber_request.rb +42 -0
- data/lib/oauth/request_proxy/mock_request.rb +36 -0
- data/lib/oauth/request_proxy/net_http.rb +0 -2
- data/lib/oauth/request_proxy/rack_request.rb +1 -3
- data/lib/oauth/signature/base.rb +20 -7
- data/lib/oauth/signature/plaintext.rb +1 -1
- data/lib/oauth/token.rb +3 -3
- data/lib/oauth/version.rb +2 -8
- data/oauth.gemspec +43 -0
- data/script/txt2html +1 -1
- data/test/cases/oauth_case.rb +19 -0
- data/test/cases/spec/1_0-final/test_construct_request_url.rb +62 -0
- data/test/cases/spec/1_0-final/test_normalize_request_parameters.rb +88 -0
- data/test/cases/spec/1_0-final/test_parameter_encodings.rb +86 -0
- data/test/cases/spec/1_0-final/test_signature_base_strings.rb +77 -0
- data/test/keys/rsa.cert +11 -0
- data/test/keys/rsa.pem +16 -0
- data/test/test_action_controller_request_proxy.rb +2 -1
- data/test/test_consumer.rb +17 -18
- data/test/test_helper.rb +8 -0
- data/test/test_net_http_client.rb +7 -7
- data/test/test_net_http_request_proxy.rb +3 -3
- data/test/test_rack_request_proxy.rb +3 -3
- data/test/test_rsa_sha1.rb +59 -0
- data/test/test_signature_plain_text.rb +31 -0
- data/website/index.html +1 -1
- metadata +53 -14
- data/config/hoe.rb +0 -71
- data/config/requirements.rb +0 -17
@@ -0,0 +1,86 @@
|
|
1
|
+
require File.dirname(__FILE__) + '/../../oauth_case'
|
2
|
+
|
3
|
+
# See http://oauth.net/core/1.0/#encoding_parameters
|
4
|
+
#
|
5
|
+
# 5.1. Parameter Encoding
|
6
|
+
#
|
7
|
+
# All parameter names and values are escaped using the [RFC3986] percent-encoding (%xx) mechanism.
|
8
|
+
# Characters not in the unreserved character set ([RFC3986] section 2.3) MUST be encoded. Characters
|
9
|
+
# in the unreserved character set MUST NOT be encoded. Hexadecimal characters in encodings MUST be
|
10
|
+
# upper case. Text names and values MUST be encoded as UTF-8 octets before percent-encoding them per [RFC3629].
|
11
|
+
#
|
12
|
+
# unreserved = ALPHA, DIGIT, '-', '.', '_', '~'
|
13
|
+
#
|
14
|
+
|
15
|
+
class ParameterEncodingTest < OAuthCase
|
16
|
+
def test_encodings_alpha_num
|
17
|
+
assert_encoding 'abcABC123', 'abcABC123'
|
18
|
+
end
|
19
|
+
|
20
|
+
def test_encodings_non_escaped
|
21
|
+
assert_encoding '-._~', '-._~'
|
22
|
+
end
|
23
|
+
|
24
|
+
def test_encodings_percent
|
25
|
+
assert_encoding '%25', '%'
|
26
|
+
end
|
27
|
+
|
28
|
+
def test_encodings_plus
|
29
|
+
assert_encoding '%2B', '+'
|
30
|
+
end
|
31
|
+
|
32
|
+
def test_encodings_space
|
33
|
+
assert_encoding '%20', ' '
|
34
|
+
end
|
35
|
+
|
36
|
+
def test_encodings_query_param_symbols
|
37
|
+
assert_encoding '%26%3D%2A', '&=*'
|
38
|
+
end
|
39
|
+
|
40
|
+
def test_encodings_unicode_lf
|
41
|
+
assert_encoding '%0A', unicode_to_utf8('U+000A')
|
42
|
+
end
|
43
|
+
|
44
|
+
def test_encodings_unicode_space
|
45
|
+
assert_encoding '%20', unicode_to_utf8('U+0020')
|
46
|
+
end
|
47
|
+
|
48
|
+
def test_encodings_unicode_007f
|
49
|
+
assert_encoding '%7F', unicode_to_utf8('U+007F')
|
50
|
+
end
|
51
|
+
|
52
|
+
def test_encodings_unicode_0080
|
53
|
+
assert_encoding '%C2%80', unicode_to_utf8('U+0080')
|
54
|
+
end
|
55
|
+
|
56
|
+
def test_encoding_unicode_2708
|
57
|
+
assert_encoding '%E2%9C%88', unicode_to_utf8('U+2708')
|
58
|
+
end
|
59
|
+
|
60
|
+
def test_encodings_unicode_3001
|
61
|
+
assert_encoding '%E3%80%81', unicode_to_utf8('U+3001')
|
62
|
+
end
|
63
|
+
|
64
|
+
protected
|
65
|
+
|
66
|
+
def unicode_to_utf8(unicode)
|
67
|
+
return unicode if unicode =~ /\A[[:space:]]*\z/m
|
68
|
+
|
69
|
+
str = ''
|
70
|
+
|
71
|
+
unicode.scan(/(U\+(?:[[:digit:][:xdigit:]]{4,5}|10[[:digit:][:xdigit:]]{4})|.)/mu) do
|
72
|
+
c = $1
|
73
|
+
if c =~ /^U\+/
|
74
|
+
str << [c[2..-1].hex].pack('U*')
|
75
|
+
else
|
76
|
+
str << c
|
77
|
+
end
|
78
|
+
end
|
79
|
+
|
80
|
+
str
|
81
|
+
end
|
82
|
+
|
83
|
+
def assert_encoding(expected, given, message = nil)
|
84
|
+
assert_equal expected, OAuth::Helper.escape(given), message
|
85
|
+
end
|
86
|
+
end
|
@@ -0,0 +1,77 @@
|
|
1
|
+
require File.dirname(__FILE__) + '/../../oauth_case'
|
2
|
+
|
3
|
+
# See http://oauth.net/core/1.0/#anchor14
|
4
|
+
#
|
5
|
+
# 9.1. Signature Base String
|
6
|
+
#
|
7
|
+
# The Signature Base String is a consistent reproducible concatenation of the request elements
|
8
|
+
# into a single string. The string is used as an input in hashing or signing algorithms. The
|
9
|
+
# HMAC-SHA1 signature method provides both a standard and an example of using the Signature
|
10
|
+
# Base String with a signing algorithm to generate signatures. All the request parameters MUST
|
11
|
+
# be encoded as described in Parameter Encoding prior to constructing the Signature Base String.
|
12
|
+
#
|
13
|
+
|
14
|
+
class SignatureBaseStringTest < OAuthCase
|
15
|
+
|
16
|
+
def test_A_5_1
|
17
|
+
parameters={
|
18
|
+
'oauth_consumer_key'=>'dpf43f3p2l4k3l03',
|
19
|
+
'oauth_token'=>'nnch734d00sl2jdk',
|
20
|
+
'oauth_signature_method'=>'HMAC-SHA1',
|
21
|
+
'oauth_timestamp'=>'1191242096',
|
22
|
+
'oauth_nonce'=>'kllo9940pd9333jh',
|
23
|
+
'oauth_version'=>'1.0',
|
24
|
+
'file'=>'vacation.jpg',
|
25
|
+
'size'=>'original'
|
26
|
+
}
|
27
|
+
sbs='GET&http%3A%2F%2Fphotos.example.net%2Fphotos&file%3Dvacation.jpg%26oauth_consumer_key%3Ddpf43f3p2l4k3l03%26oauth_nonce%3Dkllo9940pd9333jh%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1191242096%26oauth_token%3Dnnch734d00sl2jdk%26oauth_version%3D1.0%26size%3Doriginal'
|
28
|
+
|
29
|
+
assert_signature_base_string sbs,parameters,'GET',"http://photos.example.net/photos"
|
30
|
+
end
|
31
|
+
|
32
|
+
# These are from the wiki http://wiki.oauth.net/TestCases
|
33
|
+
# in the section Concatenate Test Elements
|
34
|
+
|
35
|
+
def test_wiki_1_simple_with_ending_slash
|
36
|
+
parameters={
|
37
|
+
'n'=>'v'
|
38
|
+
}
|
39
|
+
sbs='GET&http%3A%2F%2Fexample.com%2F&n%3Dv'
|
40
|
+
|
41
|
+
assert_signature_base_string sbs,parameters,'GET',"http://example.com/"
|
42
|
+
end
|
43
|
+
|
44
|
+
|
45
|
+
def test_wiki_2_simple_without_ending_slash
|
46
|
+
parameters={
|
47
|
+
'n'=>'v'
|
48
|
+
}
|
49
|
+
sbs='GET&http%3A%2F%2Fexample.com%2F&n%3Dv'
|
50
|
+
|
51
|
+
assert_signature_base_string sbs,parameters,'GET',"http://example.com"
|
52
|
+
end
|
53
|
+
|
54
|
+
def test_wiki_2_request_token
|
55
|
+
parameters={
|
56
|
+
'oauth_version'=>'1.0',
|
57
|
+
'oauth_consumer_key'=>'dpf43f3p2l4k3l03',
|
58
|
+
'oauth_timestamp'=>'1191242090',
|
59
|
+
'oauth_nonce'=>'hsu94j3884jdopsl',
|
60
|
+
'oauth_signature_method'=>'PLAINTEXT',
|
61
|
+
'oauth_signature'=>'ignored' }
|
62
|
+
sbs='POST&https%3A%2F%2Fphotos.example.net%2Frequest_token&oauth_consumer_key%3Ddpf43f3p2l4k3l03%26oauth_nonce%3Dhsu94j3884jdopsl%26oauth_signature_method%3DPLAINTEXT%26oauth_timestamp%3D1191242090%26oauth_version%3D1.0'
|
63
|
+
|
64
|
+
assert_signature_base_string sbs,parameters,'POST',"https://photos.example.net/request_token"
|
65
|
+
end
|
66
|
+
|
67
|
+
protected
|
68
|
+
|
69
|
+
|
70
|
+
def assert_signature_base_string(expected,params={},method='GET',uri="http://photos.example.net/photos",message="Signature Base String does not match")
|
71
|
+
assert_equal expected, signature_base_string(params,method,uri), message
|
72
|
+
end
|
73
|
+
|
74
|
+
def signature_base_string(params={},method='GET',uri="http://photos.example.net/photos")
|
75
|
+
request(params,method,uri).signature_base_string
|
76
|
+
end
|
77
|
+
end
|
data/test/keys/rsa.cert
ADDED
@@ -0,0 +1,11 @@
|
|
1
|
+
-----BEGIN CERTIFICATE-----
|
2
|
+
MIIBpjCCAQ+gAwIBAgIBATANBgkqhkiG9w0BAQUFADAZMRcwFQYDVQQDDA5UZXN0
|
3
|
+
IFByaW5jaXBhbDAeFw03MDAxMDEwODAwMDBaFw0zODEyMzEwODAwMDBaMBkxFzAV
|
4
|
+
BgNVBAMMDlRlc3QgUHJpbmNpcGFsMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
|
5
|
+
gQC0YjCwIfYoprq/FQO6lb3asXrxLlJFuCvtinTF5p0GxvQGu5O3gYytUvtC2JlY
|
6
|
+
zypSRjVxwxrsuRcP3e641SdASwfrmzyvIgP08N4S0IFzEURkV1wp/IpH7kH41Etb
|
7
|
+
mUmrXSwfNZsnQRE5SYSOhh+LcK2wyQkdgcMv11l4KoBkcwIDAQABMA0GCSqGSIb3
|
8
|
+
DQEBBQUAA4GBAGZLPEuJ5SiJ2ryq+CmEGOXfvlTtEL2nuGtr9PewxkgnOjZpUy+d
|
9
|
+
4TvuXJbNQc8f4AMWL/tO9w0Fk80rWKp9ea8/df4qMq5qlFWlx6yOLQxumNOmECKb
|
10
|
+
WpkUQDIDJEoFUzKMVuJf4KO/FJ345+BNLGgbJ6WujreoM1X/gYfdnJ/J
|
11
|
+
-----END CERTIFICATE-----
|
data/test/keys/rsa.pem
ADDED
@@ -0,0 +1,16 @@
|
|
1
|
+
-----BEGIN PRIVATE KEY-----
|
2
|
+
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBALRiMLAh9iimur8V
|
3
|
+
A7qVvdqxevEuUkW4K+2KdMXmnQbG9Aa7k7eBjK1S+0LYmVjPKlJGNXHDGuy5Fw/d
|
4
|
+
7rjVJ0BLB+ubPK8iA/Tw3hLQgXMRRGRXXCn8ikfuQfjUS1uZSatdLB81mydBETlJ
|
5
|
+
hI6GH4twrbDJCR2Bwy/XWXgqgGRzAgMBAAECgYBYWVtleUzavkbrPjy0T5FMou8H
|
6
|
+
X9u2AC2ry8vD/l7cqedtwMPp9k7TubgNFo+NGvKsl2ynyprOZR1xjQ7WgrgVB+mm
|
7
|
+
uScOM/5HVceFuGRDhYTCObE+y1kxRloNYXnx3ei1zbeYLPCHdhxRYW7T0qcynNmw
|
8
|
+
rn05/KO2RLjgQNalsQJBANeA3Q4Nugqy4QBUCEC09SqylT2K9FrrItqL2QKc9v0Z
|
9
|
+
zO2uwllCbg0dwpVuYPYXYvikNHHg+aCWF+VXsb9rpPsCQQDWR9TT4ORdzoj+Nccn
|
10
|
+
qkMsDmzt0EfNaAOwHOmVJ2RVBspPcxt5iN4HI7HNeG6U5YsFBb+/GZbgfBT3kpNG
|
11
|
+
WPTpAkBI+gFhjfJvRw38n3g/+UeAkwMI2TJQS4n8+hid0uus3/zOjDySH3XHCUno
|
12
|
+
cn1xOJAyZODBo47E+67R4jV1/gzbAkEAklJaspRPXP877NssM5nAZMU0/O/NGCZ+
|
13
|
+
3jPgDUno6WbJn5cqm8MqWhW1xGkImgRk+fkDBquiq4gPiT898jusgQJAd5Zrr6Q8
|
14
|
+
AO/0isr/3aa6O6NLQxISLKcPDk2NOccAfS/xOtfOz4sJYM3+Bs4Io9+dZGSDCA54
|
15
|
+
Lw03eHTNQghS0A==
|
16
|
+
-----END PRIVATE KEY-----
|
@@ -5,9 +5,10 @@ require 'action_controller/test_process'
|
|
5
5
|
|
6
6
|
class ActionControllerRequestProxyTest < Test::Unit::TestCase
|
7
7
|
|
8
|
-
def request_proxy(parameters)
|
8
|
+
def request_proxy(parameters={})
|
9
9
|
request = ActionController::TestRequest.new({}, parameters)
|
10
10
|
request.env['CONTENT_TYPE'] = 'application/x-www-form-urlencoded'
|
11
|
+
yield request if block_given?
|
11
12
|
OAuth::RequestProxy.proxy(request)
|
12
13
|
end
|
13
14
|
|
data/test/test_consumer.rb
CHANGED
@@ -1,5 +1,4 @@
|
|
1
1
|
require 'rubygems'
|
2
|
-
gem 'oauth'
|
3
2
|
require 'test/unit'
|
4
3
|
require 'oauth/consumer'
|
5
4
|
require 'oauth/signature/rsa/sha1'
|
@@ -88,7 +87,7 @@ class ConsumerTest < Test::Unit::TestCase
|
|
88
87
|
|
89
88
|
assert_equal 'GET', request.method
|
90
89
|
assert_equal '/test?key=value', request.path
|
91
|
-
assert_equal "OAuth
|
90
|
+
assert_equal "OAuth oauth_nonce=\"225579211881198842005988698334675835446\", oauth_signature_method=\"HMAC-SHA1\", oauth_token=\"token_411a7f\", oauth_timestamp=\"1199645624\", oauth_consumer_key=\"consumer_key_86cad9\", oauth_signature=\"1oO2izFav1GP4kEH2EskwXkCRFg%3D\", oauth_version=\"1.0\"".split(', ').sort, request['authorization'].split(', ').sort
|
92
91
|
end
|
93
92
|
|
94
93
|
def test_that_setting_signature_method_on_consumer_effects_signing
|
@@ -135,7 +134,7 @@ class ConsumerTest < Test::Unit::TestCase
|
|
135
134
|
assert_equal 'POST', request.method
|
136
135
|
assert_equal '/test', request.path
|
137
136
|
assert_equal 'key=value', request.body
|
138
|
-
assert_equal "OAuth
|
137
|
+
assert_equal "OAuth oauth_nonce=\"225579211881198842005988698334675835446\", oauth_signature_method=\"HMAC-SHA1\", oauth_token=\"token_411a7f\", oauth_timestamp=\"1199645624\", oauth_consumer_key=\"consumer_key_86cad9\", oauth_signature=\"26g7wHTtNO6ZWJaLltcueppHYiI%3D\", oauth_version=\"1.0\"".split(', ').sort, request['authorization'].split(', ').sort
|
139
138
|
end
|
140
139
|
|
141
140
|
def test_that_signing_post_params_works
|
@@ -154,7 +153,7 @@ class ConsumerTest < Test::Unit::TestCase
|
|
154
153
|
|
155
154
|
assert_equal 'GET', request.method
|
156
155
|
assert_equal '/test?key=value', request.path
|
157
|
-
assert_equal "OAuth
|
156
|
+
assert_equal "OAuth oauth_nonce=\"225579211881198842005988698334675835446\", oauth_signature_method=\"HMAC-SHA1\", oauth_token=\"token_411a7f\", oauth_timestamp=\"1199645624\", oauth_consumer_key=\"consumer_key_86cad9\", oauth_signature=\"1oO2izFav1GP4kEH2EskwXkCRFg%3D\", oauth_version=\"1.0\"".split(', ').sort, request['authorization'].split(', ').sort
|
158
157
|
end
|
159
158
|
|
160
159
|
def test_that_using_auth_headers_on_post_on_create_signed_requests_works
|
@@ -162,7 +161,7 @@ class ConsumerTest < Test::Unit::TestCase
|
|
162
161
|
assert_equal 'POST', request.method
|
163
162
|
assert_equal '/test', request.path
|
164
163
|
assert_equal 'key=value', request.body
|
165
|
-
assert_equal "OAuth
|
164
|
+
assert_equal "OAuth oauth_nonce=\"225579211881198842005988698334675835446\", oauth_signature_method=\"HMAC-SHA1\", oauth_token=\"token_411a7f\", oauth_timestamp=\"1199645624\", oauth_consumer_key=\"consumer_key_86cad9\", oauth_signature=\"26g7wHTtNO6ZWJaLltcueppHYiI%3D\", oauth_version=\"1.0\"".split(', ').sort, request['authorization'].split(', ').sort
|
166
165
|
end
|
167
166
|
|
168
167
|
def test_that_signing_post_params_works
|
@@ -189,7 +188,7 @@ class ConsumerTest < Test::Unit::TestCase
|
|
189
188
|
|
190
189
|
request = Net::HTTP::Get.new("/oauth/example/request_token.php")
|
191
190
|
signature_base_string=@consumer.signature_base_string(request,nil,options)
|
192
|
-
assert_equal "GET&http%3A%2F%2Fterm.ie%2Foauth%2Fexample%2Frequest_token.php&oauth_consumer_key%3Dkey%26oauth_nonce%3D#{options[:nonce]}%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D#{options[:timestamp]}%
|
191
|
+
assert_equal "GET&http%3A%2F%2Fterm.ie%2Foauth%2Fexample%2Frequest_token.php&oauth_consumer_key%3Dkey%26oauth_nonce%3D#{options[:nonce]}%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D#{options[:timestamp]}%26oauth_version%3D1.0",signature_base_string
|
193
192
|
@consumer.sign!(request, nil,options)
|
194
193
|
|
195
194
|
assert_equal 'GET', request.method
|
@@ -239,18 +238,18 @@ class ConsumerTest < Test::Unit::TestCase
|
|
239
238
|
#
|
240
239
|
# It also generates "warning: using default DH parameters." which I
|
241
240
|
# don't know how to get rid of
|
242
|
-
def test_serialization_with_https
|
243
|
-
consumer = OAuth::Consumer.new('token', 'secret', :site => 'https://plazes.net')
|
244
|
-
consumer.http.verify_mode = OpenSSL::SSL::VERIFY_NONE
|
245
|
-
consumer.http.get('/')
|
246
|
-
|
247
|
-
assert_nothing_raised do
|
248
|
-
# Specifically this should not raise TypeError: no marshal_dump
|
249
|
-
# is defined for class OpenSSL::SSL::SSLContext
|
250
|
-
Marshal.dump(consumer)
|
251
|
-
end
|
252
|
-
end
|
253
|
-
|
241
|
+
# def test_serialization_with_https
|
242
|
+
# consumer = OAuth::Consumer.new('token', 'secret', :site => 'https://plazes.net')
|
243
|
+
# consumer.http.verify_mode = OpenSSL::SSL::VERIFY_NONE
|
244
|
+
# consumer.http.get('/')
|
245
|
+
#
|
246
|
+
# assert_nothing_raised do
|
247
|
+
# # Specifically this should not raise TypeError: no marshal_dump
|
248
|
+
# # is defined for class OpenSSL::SSL::SSLContext
|
249
|
+
# Marshal.dump(consumer)
|
250
|
+
# end
|
251
|
+
# end
|
252
|
+
#
|
254
253
|
def test_get_request_token_with_custom_arguments
|
255
254
|
@consumer=OAuth::Consumer.new(
|
256
255
|
"key",
|
data/test/test_helper.rb
CHANGED
@@ -1,6 +1,14 @@
|
|
1
1
|
require 'test/unit'
|
2
2
|
require File.dirname(__FILE__) + '/../lib/oauth'
|
3
3
|
|
4
|
+
begin
|
5
|
+
# load redgreen unless running from within TextMate (in which case ANSI
|
6
|
+
# color codes mess with the output)
|
7
|
+
require 'redgreen' unless ENV['TM_CURRENT_LINE']
|
8
|
+
rescue LoadError
|
9
|
+
nil
|
10
|
+
end
|
11
|
+
|
4
12
|
def requests(request)
|
5
13
|
Marshal.load(File.read(File.dirname(__FILE__) + '/fixtures/' + request))
|
6
14
|
end
|
@@ -19,7 +19,7 @@ class NetHTTPClientTest < Test::Unit::TestCase
|
|
19
19
|
|
20
20
|
assert_equal 'GET', request.method
|
21
21
|
assert_equal '/test?key=value', request.path
|
22
|
-
assert_equal "OAuth
|
22
|
+
assert_equal "OAuth oauth_nonce=\"225579211881198842005988698334675835446\", oauth_signature_method=\"HMAC-SHA1\", oauth_token=\"token_411a7f\", oauth_timestamp=\"1199645624\", oauth_consumer_key=\"consumer_key_86cad9\", oauth_signature=\"1oO2izFav1GP4kEH2EskwXkCRFg%3D\", oauth_version=\"1.0\"".split(', ').sort, request['authorization'].split(', ').sort
|
23
23
|
end
|
24
24
|
|
25
25
|
def test_that_using_auth_headers_on_post_requests_works
|
@@ -30,7 +30,7 @@ class NetHTTPClientTest < Test::Unit::TestCase
|
|
30
30
|
assert_equal 'POST', request.method
|
31
31
|
assert_equal '/test', request.path
|
32
32
|
assert_equal 'key=value', request.body
|
33
|
-
assert_equal "OAuth
|
33
|
+
assert_equal "OAuth oauth_nonce=\"225579211881198842005988698334675835446\", oauth_signature_method=\"HMAC-SHA1\", oauth_token=\"token_411a7f\", oauth_timestamp=\"1199645624\", oauth_consumer_key=\"consumer_key_86cad9\", oauth_signature=\"26g7wHTtNO6ZWJaLltcueppHYiI%3D\", oauth_version=\"1.0\"".split(', ').sort, request['authorization'].split(', ').sort
|
34
34
|
end
|
35
35
|
|
36
36
|
def test_that_using_post_params_works
|
@@ -115,7 +115,7 @@ class NetHTTPClientTest < Test::Unit::TestCase
|
|
115
115
|
|
116
116
|
request = Net::HTTP::Get.new(request_uri.path)
|
117
117
|
signature_base_string=request.signature_base_string(http, consumer, nil, {:scheme=>:query_string,:nonce => nonce, :timestamp => timestamp})
|
118
|
-
assert_equal "GET&http%3A%2F%2Fterm.ie%2Foauth%2Fexample%2Frequest_token.php&oauth_consumer_key%3Dkey%26oauth_nonce%3D#{nonce}%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D#{timestamp}%
|
118
|
+
assert_equal "GET&http%3A%2F%2Fterm.ie%2Foauth%2Fexample%2Frequest_token.php&oauth_consumer_key%3Dkey%26oauth_nonce%3D#{nonce}%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D#{timestamp}%26oauth_version%3D1.0",signature_base_string
|
119
119
|
|
120
120
|
# request = Net::HTTP::Get.new(request_uri.path)
|
121
121
|
request.oauth!(http, consumer, nil, {:scheme=>:query_string,:nonce => nonce, :timestamp => timestamp})
|
@@ -135,21 +135,21 @@ class NetHTTPClientTest < Test::Unit::TestCase
|
|
135
135
|
request.body = "<?xml version=\"1.0\"?><foo><bar>baz</bar></foo>"
|
136
136
|
request["Content-Type"] = "application/xml"
|
137
137
|
signature_base_string=request.signature_base_string(@http, @consumer, nil, { :nonce => @nonce, :timestamp => @timestamp })
|
138
|
-
assert_equal "PUT&http%3A%2F%2Fexample.com%2Ftest&oauth_consumer_key%3Dconsumer_key_86cad9%26oauth_nonce%3D225579211881198842005988698334675835446%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1199645624%
|
138
|
+
assert_equal "PUT&http%3A%2F%2Fexample.com%2Ftest&oauth_consumer_key%3Dconsumer_key_86cad9%26oauth_nonce%3D225579211881198842005988698334675835446%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1199645624%26oauth_version%3D1.0", signature_base_string
|
139
139
|
end
|
140
140
|
|
141
141
|
def test_that_put_bodies_not_signed_even_if_form_urlencoded
|
142
142
|
request = Net::HTTP::Put.new(@request_uri.path)
|
143
143
|
request.set_form_data( { 'key2' => 'value2' } )
|
144
144
|
signature_base_string=request.signature_base_string(@http, @consumer, nil, { :nonce => @nonce, :timestamp => @timestamp })
|
145
|
-
assert_equal "PUT&http%3A%2F%2Fexample.com%2Ftest&oauth_consumer_key%3Dconsumer_key_86cad9%26oauth_nonce%3D225579211881198842005988698334675835446%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1199645624%
|
145
|
+
assert_equal "PUT&http%3A%2F%2Fexample.com%2Ftest&oauth_consumer_key%3Dconsumer_key_86cad9%26oauth_nonce%3D225579211881198842005988698334675835446%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1199645624%26oauth_version%3D1.0", signature_base_string
|
146
146
|
end
|
147
147
|
|
148
148
|
def test_that_post_bodies_signed_if_form_urlencoded
|
149
149
|
request = Net::HTTP::Post.new(@request_uri.path)
|
150
150
|
request.set_form_data( { 'key2' => 'value2' } )
|
151
151
|
signature_base_string=request.signature_base_string(@http, @consumer, nil, { :nonce => @nonce, :timestamp => @timestamp })
|
152
|
-
assert_equal "POST&http%3A%2F%2Fexample.com%2Ftest&key2%3Dvalue2%26oauth_consumer_key%3Dconsumer_key_86cad9%26oauth_nonce%3D225579211881198842005988698334675835446%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1199645624%
|
152
|
+
assert_equal "POST&http%3A%2F%2Fexample.com%2Ftest&key2%3Dvalue2%26oauth_consumer_key%3Dconsumer_key_86cad9%26oauth_nonce%3D225579211881198842005988698334675835446%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1199645624%26oauth_version%3D1.0", signature_base_string
|
153
153
|
end
|
154
154
|
|
155
155
|
def test_that_post_bodies_not_signed_if_other_content_type
|
@@ -157,7 +157,7 @@ class NetHTTPClientTest < Test::Unit::TestCase
|
|
157
157
|
request.body = "<?xml version=\"1.0\"?><foo><bar>baz</bar></foo>"
|
158
158
|
request["Content-Type"] = "application/xml"
|
159
159
|
signature_base_string=request.signature_base_string(@http, @consumer, nil, { :nonce => @nonce, :timestamp => @timestamp })
|
160
|
-
assert_equal "POST&http%3A%2F%2Fexample.com%2Ftest&oauth_consumer_key%3Dconsumer_key_86cad9%26oauth_nonce%3D225579211881198842005988698334675835446%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1199645624%
|
160
|
+
assert_equal "POST&http%3A%2F%2Fexample.com%2Ftest&oauth_consumer_key%3Dconsumer_key_86cad9%26oauth_nonce%3D225579211881198842005988698334675835446%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1199645624%26oauth_version%3D1.0", signature_base_string
|
161
161
|
end
|
162
162
|
|
163
163
|
protected
|
@@ -9,7 +9,7 @@ class NetHTTPRequestProxyTest < Test::Unit::TestCase
|
|
9
9
|
|
10
10
|
expected_parameters = {'key' => ['value']}
|
11
11
|
assert_equal expected_parameters, request_proxy.parameters
|
12
|
-
assert_equal 'http://example.com/test', request_proxy.
|
12
|
+
assert_equal 'http://example.com/test', request_proxy.normalized_uri
|
13
13
|
assert_equal 'GET', request_proxy.method
|
14
14
|
end
|
15
15
|
|
@@ -20,7 +20,7 @@ class NetHTTPRequestProxyTest < Test::Unit::TestCase
|
|
20
20
|
|
21
21
|
expected_parameters = {'key' => ['value']}
|
22
22
|
assert_equal expected_parameters, request_proxy.parameters
|
23
|
-
assert_equal 'http://example.com/test', request_proxy.
|
23
|
+
assert_equal 'http://example.com/test', request_proxy.normalized_uri
|
24
24
|
assert_equal 'POST', request_proxy.method
|
25
25
|
end
|
26
26
|
|
@@ -31,7 +31,7 @@ class NetHTTPRequestProxyTest < Test::Unit::TestCase
|
|
31
31
|
|
32
32
|
expected_parameters = {'key' => ['value'], 'key2' => ['value2']}
|
33
33
|
assert_equal expected_parameters, request_proxy.parameters
|
34
|
-
assert_equal 'http://example.com/test', request_proxy.
|
34
|
+
assert_equal 'http://example.com/test', request_proxy.normalized_uri
|
35
35
|
assert_equal 'POST', request_proxy.method
|
36
36
|
end
|
37
37
|
|
@@ -11,7 +11,7 @@ class RackRequestProxyTest < Test::Unit::TestCase
|
|
11
11
|
|
12
12
|
expected_parameters = {'key' => 'value'}
|
13
13
|
assert_equal expected_parameters, request_proxy.parameters
|
14
|
-
assert_equal 'http://example.com/test', request_proxy.
|
14
|
+
assert_equal 'http://example.com/test', request_proxy.normalized_uri
|
15
15
|
assert_equal 'GET', request_proxy.method
|
16
16
|
end
|
17
17
|
|
@@ -22,7 +22,7 @@ class RackRequestProxyTest < Test::Unit::TestCase
|
|
22
22
|
|
23
23
|
expected_parameters = {'key' => 'value'}
|
24
24
|
assert_equal expected_parameters, request_proxy.parameters
|
25
|
-
assert_equal 'http://example.com/test', request_proxy.
|
25
|
+
assert_equal 'http://example.com/test', request_proxy.normalized_uri
|
26
26
|
assert_equal 'POST', request_proxy.method
|
27
27
|
end
|
28
28
|
|
@@ -33,7 +33,7 @@ class RackRequestProxyTest < Test::Unit::TestCase
|
|
33
33
|
|
34
34
|
expected_parameters = {'key' => 'value', 'key2' => 'value2'}
|
35
35
|
assert_equal expected_parameters, request_proxy.parameters
|
36
|
-
assert_equal 'http://example.com/test', request_proxy.
|
36
|
+
assert_equal 'http://example.com/test', request_proxy.normalized_uri
|
37
37
|
assert_equal 'POST', request_proxy.method
|
38
38
|
end
|
39
39
|
|
@@ -0,0 +1,59 @@
|
|
1
|
+
require File.dirname(__FILE__) + '/test_helper.rb'
|
2
|
+
require 'oauth/consumer'
|
3
|
+
require 'oauth/signature/rsa/sha1'
|
4
|
+
|
5
|
+
class TestSignatureRsaSha1 < Test::Unit::TestCase
|
6
|
+
|
7
|
+
def setup
|
8
|
+
@request = Net::HTTP::Get.new('/photos?file=vacaction.jpg&size=original&oauth_version=1.0&oauth_consumer_key=dpf43f3p2l4k3l03&oauth_timestamp=1196666512&oauth_nonce=13917289812797014437&oauth_signature_method=RSA-SHA1')
|
9
|
+
|
10
|
+
@consumer = OAuth::Consumer.new('dpf43f3p2l4k3l03', OpenSSL::PKey::RSA.new(IO.read(File.dirname(__FILE__) + "/keys/rsa.pem")))
|
11
|
+
|
12
|
+
end
|
13
|
+
|
14
|
+
def test_that_rsa_sha1_implements_rsa_sha1
|
15
|
+
assert OAuth::Signature.available_methods.include?('rsa-sha1')
|
16
|
+
end
|
17
|
+
|
18
|
+
def test_that_get_request_from_oauth_test_cases_produces_matching_signature_base_string
|
19
|
+
sbs = OAuth::Signature.signature_base_string(@request, { :consumer => @consumer,
|
20
|
+
:uri => 'http://photos.example.net/photos' } )
|
21
|
+
|
22
|
+
assert_equal 'GET&http%3A%2F%2Fphotos.example.net%2Fphotos&file%3Dvacaction.jpg%26oauth_consumer_key%3Ddpf43f3p2l4k3l03%26oauth_nonce%3D13917289812797014437%26oauth_signature_method%3DRSA-SHA1%26oauth_timestamp%3D1196666512%26oauth_version%3D1.0%26size%3Doriginal', sbs
|
23
|
+
end
|
24
|
+
|
25
|
+
def test_that_get_request_from_oauth_test_cases_produces_matching_signature
|
26
|
+
signature = OAuth::Signature.sign(@request, { :consumer => @consumer,
|
27
|
+
:uri => 'http://photos.example.net/photos' } )
|
28
|
+
|
29
|
+
assert_equal 'jvTp/wX1TYtByB1m+Pbyo0lnCOLIsyGCH7wke8AUs3BpnwZJtAuEJkvQL2/9n4s5wUmUl4aCI4BwpraNx4RtEXMe5qg5T1LVTGliMRpKasKsW//e+RinhejgCuzoH26dyF8iY2ZZ/5D1ilgeijhV/vBka5twt399mXwaYdCwFYE=', signature
|
30
|
+
|
31
|
+
end
|
32
|
+
|
33
|
+
def test_that_get_request_from_oauth_test_cases_produces_matching_signature_using_private_key_file
|
34
|
+
@consumer = OAuth::Consumer.new('dpf43f3p2l4k3l03',nil)
|
35
|
+
|
36
|
+
signature = OAuth::Signature.sign(@request, { :consumer => @consumer,
|
37
|
+
:private_key_file=>File.dirname(__FILE__) + "/keys/rsa.pem",
|
38
|
+
:uri => 'http://photos.example.net/photos' } )
|
39
|
+
|
40
|
+
assert_equal 'jvTp/wX1TYtByB1m+Pbyo0lnCOLIsyGCH7wke8AUs3BpnwZJtAuEJkvQL2/9n4s5wUmUl4aCI4BwpraNx4RtEXMe5qg5T1LVTGliMRpKasKsW//e+RinhejgCuzoH26dyF8iY2ZZ/5D1ilgeijhV/vBka5twt399mXwaYdCwFYE=', signature
|
41
|
+
end
|
42
|
+
|
43
|
+
def test_that_get_request_from_oauth_test_cases_verifies_signature
|
44
|
+
@request = Net::HTTP::Get.new('/photos?oauth_signature_method=RSA-SHA1&oauth_version=1.0&oauth_consumer_key=dpf43f3p2l4k3l03&oauth_timestamp=1196666512&oauth_nonce=13917289812797014437&file=vacaction.jpg&size=original&oauth_signature=jvTp%2FwX1TYtByB1m%2BPbyo0lnCOLIsyGCH7wke8AUs3BpnwZJtAuEJkvQL2%2F9n4s5wUmUl4aCI4BwpraNx4RtEXMe5qg5T1LVTGliMRpKasKsW%2F%2Fe%2BRinhejgCuzoH26dyF8iY2ZZ%2F5D1ilgeijhV%2FvBka5twt399mXwaYdCwFYE%3D')
|
45
|
+
@consumer = OAuth::Consumer.new('dpf43f3p2l4k3l03',OpenSSL::X509::Certificate.new(IO.read(File.dirname(__FILE__) + "/keys/rsa.cert")))
|
46
|
+
|
47
|
+
assert OAuth::Signature.verify(@request, { :consumer => @consumer,
|
48
|
+
:uri => 'http://photos.example.net/photos' } )
|
49
|
+
|
50
|
+
end
|
51
|
+
|
52
|
+
def test_that_get_request_from_oauth_test_cases_verifies_signature_with_pem
|
53
|
+
@request = Net::HTTP::Get.new('/photos?oauth_signature_method=RSA-SHA1&oauth_version=1.0&oauth_consumer_key=dpf43f3p2l4k3l03&oauth_timestamp=1196666512&oauth_nonce=13917289812797014437&file=vacaction.jpg&size=original&oauth_signature=jvTp%2FwX1TYtByB1m%2BPbyo0lnCOLIsyGCH7wke8AUs3BpnwZJtAuEJkvQL2%2F9n4s5wUmUl4aCI4BwpraNx4RtEXMe5qg5T1LVTGliMRpKasKsW%2F%2Fe%2BRinhejgCuzoH26dyF8iY2ZZ%2F5D1ilgeijhV%2FvBka5twt399mXwaYdCwFYE%3D')
|
54
|
+
assert OAuth::Signature.verify(@request, { :consumer => @consumer,
|
55
|
+
:uri => 'http://photos.example.net/photos' } )
|
56
|
+
|
57
|
+
end
|
58
|
+
|
59
|
+
end
|