qoobaa-oauth 0.3.8

data/test/cases/oauth_case.rb

@@ -0,0 +1,19 @@
+require 'test/unit'
+require 'oauth/signature'
+require 'oauth/request_proxy/mock_request'
+
+
+class OAuthCase < Test::Unit::TestCase
+  # avoid whining about a lack of tests
+  def run(*args)
+    return if @method_name.to_s == "default_test"
+    super
+  end
+  
+  protected
+  
+  # Creates a fake request
+  def request(params={},method='GET',uri="http://photos.example.net/photos")
+    OAuth::RequestProxy.proxy({'parameters'=>params,'method'=>method,'uri'=>uri})
+  end
+end

data/test/cases/spec/1_0-final/test_construct_request_url.rb

@@ -0,0 +1,62 @@
+require File.expand_path(File.dirname(__FILE__) + '/../../oauth_case')
+
+# See http://oauth.net/core/1.0/#anchor14
+#
+#9.1.2.  Construct Request URL
+#
+#The Signature Base String includes the request absolute URL, tying the signature to a specific endpoint. The URL used in the Signature Base String MUST include the scheme, authority, and path, and MUST exclude the query and fragment as defined by [RFC3986] section 3.
+#
+#If the absolute request URL is not available to the Service Provider (it is always available to the Consumer), it can be constructed by combining the scheme being used, the HTTP Host header, and the relative HTTP request URL. If the Host header is not available, the Service Provider SHOULD use the host name communicated to the Consumer in the documentation or other means.
+#
+#The Service Provider SHOULD document the form of URL used in the Signature Base String to avoid ambiguity due to URL normalization. Unless specified, URL scheme and authority MUST be lowercase and include the port number; http default port 80 and https default port 443 MUST be excluded.
+#
+#For example, the request:
+#
+#                HTTP://Example.com:80/resource?id=123
+#Is included in the Signature Base String as:
+#
+#                http://example.com/resource
+
+
+class ConstructRequestUrlTest < OAuthCase
+  
+  def test_from_spec
+    assert_request_url("http://example.com/resource","HTTP://Example.com:80/resource?id=123")
+  end
+  
+  def test_simple_url_with_ending_slash
+    assert_request_url("http://example.com/","http://example.com/")
+  end
+
+  def test_simple_url_without_ending_slash
+    assert_request_url("http://example.com/","http://example.com")
+  end
+  
+  def test_of_normalized_http
+    assert_request_url("http://example.com/resource","http://example.com/resource")
+  end
+
+  def test_of_https
+    assert_request_url("https://example.com/resource","HTTPS://Example.com:443/resource?id=123")
+  end
+
+  def test_of_normalized_https
+    assert_request_url("https://example.com/resource","https://example.com/resource")
+  end
+  
+  def test_of_http_with_non_standard_port
+    assert_request_url("http://example.com:8080/resource","http://example.com:8080/resource")
+  end
+  
+  def test_of_https_with_non_standard_port
+    assert_request_url("https://example.com:8080/resource","https://example.com:8080/resource")
+  end
+  
+  protected
+  
+  
+  def assert_request_url(expected,given,message=nil)
+    assert_equal expected, request({},'GET',given).normalized_uri, message
+  end
+  
+end

data/test/cases/spec/1_0-final/test_normalize_request_parameters.rb

@@ -0,0 +1,88 @@
+require File.expand_path(File.dirname(__FILE__) + '/../../oauth_case')
+
+# See http://oauth.net/core/1.0/#anchor14
+#
+# 9.1.1.  Normalize Request Parameters
+# 
+# The request parameters are collected, sorted and concatenated into a normalized string:
+# 
+# Parameters in the OAuth HTTP Authorization header excluding the realm parameter.
+# Parameters in the HTTP POST request body (with a content-type of application/x-www-form-urlencoded).
+# HTTP GET parameters added to the URLs in the query part (as defined by [RFC3986] section 3).
+# The oauth_signature parameter MUST be excluded.
+# 
+# The parameters are normalized into a single string as follows:
+# 
+# Parameters are sorted by name, using lexicographical byte value ordering. 
+# If two or more parameters share the same name, they are sorted by their value. For example:
+#
+#   a=1, c=hi%20there, f=25, f=50, f=a, z=p, z=t
+# Parameters are concatenated in their sorted order into a single string. For each parameter, 
+# the name is separated from the corresponding value by an ‘=’ character (ASCII code 61), even 
+# if the value is empty. Each name-value pair is separated by an ‘&’ character (ASCII code 38). For example:
+#   a=1&c=hi%20there&f=25&f=50&f=a&z=p&z=t
+# 
+
+
+class NormalizeRequestParametersTest < OAuthCase
+  
+  def test_parameters_for_signature
+    params={'a'=>1, 'c'=>'hi there', 'f'=>'25', 'f'=>'50', 'f'=>'a', 'z'=>'p', 'z'=>'t'}
+    assert_equal params,request(params).parameters_for_signature
+  end
+
+
+  def test_parameters_for_signature_removes_oauth_signature
+    params={'a'=>1, 'c'=>'hi there', 'f'=>'25', 'f'=>'50', 'f'=>'a', 'z'=>'p', 'z'=>'t'}
+    assert_equal params,request(params.merge({'oauth_signature'=>'blalbla'})).parameters_for_signature
+  end
+  
+  def test_spec_example
+    assert_normalized 'a=1&c=hi%20there&f=25&f=50&f=a&z=p&z=t', { 'a' => 1, 'c' => 'hi there', 'f' => ['25', '50', 'a'], 'z' => ['p', 't'] }
+  end
+
+  def test_sorts_parameters_correctly
+    # values for 'f' are scrambled
+    assert_normalized 'a=1&c=hi%20there&f=5&f=70&f=a&z=p&z=t', { 'a' => 1, 'c' => 'hi there', 'f' => ['a', '70', '5'], 'z' => ['p', 't'] }
+  end
+
+  def test_empty
+    assert_normalized "",{}
+  end
+  
+  
+  # These are from the wiki http://wiki.oauth.net/TestCases
+  # in the section Normalize Request Parameters
+  # Parameters have already been x-www-form-urlencoded (i.e. + = <space>)
+  def test_wiki1
+    assert_normalized "name=",{"name"=>nil}
+  end
+  
+  def test_wiki2
+    assert_normalized "a=b",{'a'=>'b'}
+  end
+  
+  def test_wiki3
+    assert_normalized "a=b&c=d",{'a'=>'b','c'=>'d'}
+  end
+  
+  def test_wiki4
+    assert_normalized "a=x%20y&a=x%21y",{'a'=>["x!y","x y"]}
+    
+  end
+
+  def test_wiki5
+    assert_normalized "x=a&x%21y=a",{"x!y"=>'a','x'=>'a'}
+  end
+
+  protected
+  
+  
+  def assert_normalized(expected,params,message=nil)
+    assert_equal expected, normalize_request_parameters(params), message
+  end
+  
+  def normalize_request_parameters(params={})
+    request(params).normalized_parameters
+  end
+end

data/test/cases/spec/1_0-final/test_parameter_encodings.rb

@@ -0,0 +1,86 @@
+require File.expand_path(File.dirname(__FILE__) + '/../../oauth_case')
+
+# See http://oauth.net/core/1.0/#encoding_parameters
+#
+# 5.1.  Parameter Encoding
+# 
+# All parameter names and values are escaped using the [RFC3986] percent-encoding (%xx) mechanism. 
+# Characters not in the unreserved character set ([RFC3986] section 2.3) MUST be encoded. Characters 
+# in the unreserved character set MUST NOT be encoded. Hexadecimal characters in encodings MUST be 
+# upper case. Text names and values MUST be encoded as UTF-8 octets before percent-encoding them per [RFC3629].
+# 
+#   unreserved = ALPHA, DIGIT, '-', '.', '_', '~'
+# 
+
+class ParameterEncodingTest < OAuthCase
+  def test_encodings_alpha_num
+    assert_encoding 'abcABC123', 'abcABC123'
+  end
+
+  def test_encodings_non_escaped
+    assert_encoding '-._~', '-._~'
+  end
+
+  def test_encodings_percent
+    assert_encoding '%25', '%'
+  end
+
+  def test_encodings_plus
+    assert_encoding '%2B', '+'
+  end
+
+  def test_encodings_space
+    assert_encoding '%20', ' '
+  end
+
+  def test_encodings_query_param_symbols
+    assert_encoding '%26%3D%2A', '&=*'
+  end
+
+  def test_encodings_unicode_lf
+    assert_encoding '%0A', unicode_to_utf8('U+000A')
+  end
+
+  def test_encodings_unicode_space
+    assert_encoding '%20', unicode_to_utf8('U+0020')
+  end
+
+  def test_encodings_unicode_007f
+    assert_encoding '%7F', unicode_to_utf8('U+007F')
+  end
+
+  def test_encodings_unicode_0080
+    assert_encoding '%C2%80', unicode_to_utf8('U+0080')
+  end
+
+  def test_encoding_unicode_2708
+    assert_encoding '%E2%9C%88', unicode_to_utf8('U+2708')
+  end
+
+  def test_encodings_unicode_3001
+    assert_encoding '%E3%80%81', unicode_to_utf8('U+3001')
+  end
+
+protected
+
+  def unicode_to_utf8(unicode)
+    return unicode if unicode =~ /\A[[:space:]]*\z/m
+
+    str = ''
+
+    unicode.scan(/(U\+(?:[[:digit:][:xdigit:]]{4,5}|10[[:digit:][:xdigit:]]{4})|.)/mu) do
+      c = $1
+      if c =~ /^U\+/
+        str << [c[2..-1].hex].pack('U*')
+      else
+        str << c
+      end
+    end
+
+    str
+  end
+
+  def assert_encoding(expected, given, message = nil)
+    assert_equal expected, OAuth::Helper.escape(given), message
+  end
+end

data/test/cases/spec/1_0-final/test_signature_base_strings.rb

@@ -0,0 +1,77 @@
+require File.expand_path(File.dirname(__FILE__) + '/../../oauth_case')
+
+# See http://oauth.net/core/1.0/#anchor14
+#
+# 9.1.  Signature Base String
+# 
+# The Signature Base String is a consistent reproducible concatenation of the request elements
+# into a single string. The string is used as an input in hashing or signing algorithms. The 
+# HMAC-SHA1 signature method provides both a standard and an example of using the Signature 
+# Base String with a signing algorithm to generate signatures. All the request parameters MUST 
+# be encoded as described in Parameter Encoding prior to constructing the Signature Base String.
+# 
+
+class SignatureBaseStringTest < OAuthCase
+  
+  def test_A_5_1
+    parameters={ 
+      'oauth_consumer_key'=>'dpf43f3p2l4k3l03',
+      'oauth_token'=>'nnch734d00sl2jdk',
+      'oauth_signature_method'=>'HMAC-SHA1',
+      'oauth_timestamp'=>'1191242096',
+      'oauth_nonce'=>'kllo9940pd9333jh',
+      'oauth_version'=>'1.0',
+      'file'=>'vacation.jpg',
+      'size'=>'original'
+    }
+    sbs='GET&http%3A%2F%2Fphotos.example.net%2Fphotos&file%3Dvacation.jpg%26oauth_consumer_key%3Ddpf43f3p2l4k3l03%26oauth_nonce%3Dkllo9940pd9333jh%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1191242096%26oauth_token%3Dnnch734d00sl2jdk%26oauth_version%3D1.0%26size%3Doriginal'
+    
+    assert_signature_base_string sbs,parameters,'GET',"http://photos.example.net/photos"
+  end
+  
+  # These are from the wiki http://wiki.oauth.net/TestCases
+  # in the section Concatenate Test Elements
+  
+  def test_wiki_1_simple_with_ending_slash
+    parameters={ 
+      'n'=>'v'
+    }
+    sbs='GET&http%3A%2F%2Fexample.com%2F&n%3Dv'
+    
+    assert_signature_base_string sbs,parameters,'GET',"http://example.com/"
+  end
+
+  
+  def test_wiki_2_simple_without_ending_slash
+    parameters={ 
+      'n'=>'v'
+    }
+    sbs='GET&http%3A%2F%2Fexample.com%2F&n%3Dv'
+    
+    assert_signature_base_string sbs,parameters,'GET',"http://example.com"
+  end
+
+  def test_wiki_2_request_token
+    parameters={ 
+'oauth_version'=>'1.0',
+'oauth_consumer_key'=>'dpf43f3p2l4k3l03',
+'oauth_timestamp'=>'1191242090',
+'oauth_nonce'=>'hsu94j3884jdopsl',
+'oauth_signature_method'=>'PLAINTEXT',
+'oauth_signature'=>'ignored'    }
+    sbs='POST&https%3A%2F%2Fphotos.example.net%2Frequest_token&oauth_consumer_key%3Ddpf43f3p2l4k3l03%26oauth_nonce%3Dhsu94j3884jdopsl%26oauth_signature_method%3DPLAINTEXT%26oauth_timestamp%3D1191242090%26oauth_version%3D1.0'
+    
+    assert_signature_base_string sbs,parameters,'POST',"https://photos.example.net/request_token"
+  end
+  
+  protected
+  
+  
+  def assert_signature_base_string(expected,params={},method='GET',uri="http://photos.example.net/photos",message="Signature Base String does not match")
+    assert_equal expected, signature_base_string(params,method,uri), message
+  end
+  
+  def signature_base_string(params={},method='GET',uri="http://photos.example.net/photos")
+    request(params,method,uri).signature_base_string
+  end
+end

data/test/integration/consumer_test.rb

@@ -0,0 +1,304 @@
+require File.dirname(__FILE__) + '/../test_helper'
+
+module Integration
+  class ConsumerTest < Test::Unit::TestCase
+    def setup
+      @consumer=OAuth::Consumer.new(
+          'consumer_key_86cad9', '5888bf0345e5d237',
+          {
+          :site=>"http://blabla.bla",
+          :proxy=>"http://user:password@proxy.bla:8080",
+          :request_token_path=>"/oauth/example/request_token.php",
+          :access_token_path=>"/oauth/example/access_token.php",
+          :authorize_path=>"/oauth/example/authorize.php",
+          :scheme=>:header,
+          :http_method=>:get
+          })
+      @token = OAuth::ConsumerToken.new(@consumer,'token_411a7f', '3196ffd991c8ebdb')
+      @request_uri = URI.parse('http://example.com/test?key=value')
+      @request_parameters = { 'key' => 'value' }
+      @nonce = 225579211881198842005988698334675835446
+      @timestamp = "1199645624"
+      @consumer.http=Net::HTTP.new(@request_uri.host, @request_uri.port)
+    end
+
+    def test_that_signing_auth_headers_on_get_requests_works
+      request = Net::HTTP::Get.new(@request_uri.path + "?" + request_parameters_to_s)
+      @token.sign!(request, {:nonce => @nonce, :timestamp => @timestamp})
+
+      assert_equal 'GET', request.method
+      assert_equal '/test?key=value', request.path
+      assert_equal "OAuth oauth_nonce=\"225579211881198842005988698334675835446\", oauth_signature_method=\"HMAC-SHA1\", oauth_token=\"token_411a7f\", oauth_timestamp=\"1199645624\", oauth_consumer_key=\"consumer_key_86cad9\", oauth_signature=\"1oO2izFav1GP4kEH2EskwXkCRFg%3D\", oauth_version=\"1.0\"".split(', ').sort, request['authorization'].split(', ').sort
+    end
+
+    def test_that_setting_signature_method_on_consumer_effects_signing
+      require 'oauth/signature/plaintext'
+      request = Net::HTTP::Get.new(@request_uri.path)
+      consumer = @consumer.dup
+      consumer.options[:signature_method] = 'PLAINTEXT'
+      token = OAuth::ConsumerToken.new(consumer, 'token_411a7f', '3196ffd991c8ebdb')
+      token.sign!(request, {:nonce => @nonce, :timestamp => @timestamp})
+
+      assert_no_match( /oauth_signature_method="HMAC-SHA1"/, request['authorization'])
+      assert_match(    /oauth_signature_method="PLAINTEXT"/, request['authorization'])
+    end
+
+    def test_that_setting_signature_method_on_consumer_effects_signature_base_string
+      require 'oauth/signature/plaintext'
+      request = Net::HTTP::Get.new(@request_uri.path)
+      consumer = @consumer.dup
+      consumer.options[:signature_method] = 'PLAINTEXT'
+
+      request = Net::HTTP::Get.new('/')
+      signature_base_string = consumer.signature_base_string(request)
+
+      assert_no_match( /HMAC-SHA1/, signature_base_string)
+      assert_equal( "#{consumer.secret}&", signature_base_string)
+    end
+
+    def test_that_plaintext_signature_works
+      # Invalid test because server expects double-escaped signature
+      require 'oauth/signature/plaintext'
+      # consumer = OAuth::Consumer.new("key", "secret",
+      #   :site => "http://term.ie", :signature_method => 'PLAINTEXT')
+      # access_token = OAuth::AccessToken.new(consumer, 'accesskey', 'accesssecret')
+      # response = access_token.get("/oauth/example/echo_api.php?echo=hello")
+
+      # assert_equal 'echo=hello', response.body
+    end
+
+    def test_that_signing_auth_headers_on_post_requests_works
+      request = Net::HTTP::Post.new(@request_uri.path)
+      request.set_form_data( @request_parameters )
+      @token.sign!(request, {:nonce => @nonce, :timestamp => @timestamp})
+  #    assert_equal "",request.oauth_helper.signature_base_string
+
+      assert_equal 'POST', request.method
+      assert_equal '/test', request.path
+      assert_equal 'key=value', request.body
+      assert_equal "OAuth oauth_nonce=\"225579211881198842005988698334675835446\", oauth_signature_method=\"HMAC-SHA1\", oauth_token=\"token_411a7f\", oauth_timestamp=\"1199645624\", oauth_consumer_key=\"consumer_key_86cad9\", oauth_signature=\"26g7wHTtNO6ZWJaLltcueppHYiI%3D\", oauth_version=\"1.0\"".split(', ').sort, request['authorization'].split(', ').sort
+    end
+
+    def test_that_signing_post_params_works
+      request = Net::HTTP::Post.new(@request_uri.path)
+      request.set_form_data( @request_parameters )
+      @token.sign!(request, {:scheme => 'body', :nonce => @nonce, :timestamp => @timestamp})
+
+      assert_equal 'POST', request.method
+      assert_equal '/test', request.path
+      assert_equal "key=value&oauth_consumer_key=consumer_key_86cad9&oauth_nonce=225579211881198842005988698334675835446&oauth_signature=26g7wHTtNO6ZWJaLltcueppHYiI%3d&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1199645624&oauth_token=token_411a7f&oauth_version=1.0", request.body.split("&").sort.join("&")
+      assert_equal nil, request['authorization']
+    end
+
+    def test_that_using_auth_headers_on_get_on_create_signed_requests_works
+      request=@consumer.create_signed_request(:get,@request_uri.path+ "?" + request_parameters_to_s,@token,{:nonce => @nonce, :timestamp => @timestamp},@request_parameters)
+
+      assert_equal 'GET', request.method
+      assert_equal '/test?key=value', request.path
+      assert_equal "OAuth oauth_nonce=\"225579211881198842005988698334675835446\", oauth_signature_method=\"HMAC-SHA1\", oauth_token=\"token_411a7f\", oauth_timestamp=\"1199645624\", oauth_consumer_key=\"consumer_key_86cad9\", oauth_signature=\"1oO2izFav1GP4kEH2EskwXkCRFg%3D\", oauth_version=\"1.0\"".split(', ').sort, request['authorization'].split(', ').sort
+    end
+
+    def test_that_using_auth_headers_on_post_on_create_signed_requests_works
+      request=@consumer.create_signed_request(:post,@request_uri.path,@token,{:nonce => @nonce, :timestamp => @timestamp},@request_parameters,{})
+      assert_equal 'POST', request.method
+      assert_equal '/test', request.path
+      assert_equal 'key=value', request.body
+      assert_equal "OAuth oauth_nonce=\"225579211881198842005988698334675835446\", oauth_signature_method=\"HMAC-SHA1\", oauth_token=\"token_411a7f\", oauth_timestamp=\"1199645624\", oauth_consumer_key=\"consumer_key_86cad9\", oauth_signature=\"26g7wHTtNO6ZWJaLltcueppHYiI%3D\", oauth_version=\"1.0\"".split(', ').sort, request['authorization'].split(', ').sort
+    end
+
+    def test_that_signing_post_params_works_2
+      request=@consumer.create_signed_request(:post,@request_uri.path,@token,{:scheme => 'body', :nonce => @nonce, :timestamp => @timestamp},@request_parameters,{})
+
+      assert_equal 'POST', request.method
+      assert_equal '/test', request.path
+      assert_equal "key=value&oauth_consumer_key=consumer_key_86cad9&oauth_nonce=225579211881198842005988698334675835446&oauth_signature=26g7wHTtNO6ZWJaLltcueppHYiI%3d&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1199645624&oauth_token=token_411a7f&oauth_version=1.0", request.body.split("&").sort.join("&")
+      assert_equal nil, request['authorization']
+    end
+
+    def test_step_by_step_token_request
+      @consumer=OAuth::Consumer.new(
+          "key",
+          "secret",
+          {
+          :site=>"http://term.ie",
+          :request_token_path=>"/oauth/example/request_token.php",
+          :access_token_path=>"/oauth/example/access_token.php",
+          :authorize_path=>"/oauth/example/authorize.php",
+          :scheme=>:header
+          })
+      options={:nonce=>'nonce',:timestamp=>Time.now.to_i.to_s}
+
+      request = Net::HTTP::Get.new("/oauth/example/request_token.php")
+      signature_base_string=@consumer.signature_base_string(request,nil,options)
+      assert_equal "GET&http%3A%2F%2Fterm.ie%2Foauth%2Fexample%2Frequest_token.php&oauth_consumer_key%3Dkey%26oauth_nonce%3D#{options[:nonce]}%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D#{options[:timestamp]}%26oauth_version%3D1.0",signature_base_string
+      @consumer.sign!(request, nil,options)
+
+      assert_equal 'GET', request.method
+      assert_equal nil, request.body
+      response=@consumer.http.request(request)
+      assert_equal "200",response.code
+      assert_equal "oauth_token=requestkey&oauth_token_secret=requestsecret",response.body
+    end
+
+    def test_get_token_sequence
+      @consumer=OAuth::Consumer.new(
+          "key",
+          "secret",
+          {
+          :site=>"http://term.ie",
+          :request_token_path=>"/oauth/example/request_token.php",
+          :access_token_path=>"/oauth/example/access_token.php",
+          :authorize_path=>"/oauth/example/authorize.php"
+          })
+      assert_equal "http://term.ie/oauth/example/request_token.php",@consumer.request_token_url
+      assert_equal "http://term.ie/oauth/example/access_token.php",@consumer.access_token_url
+
+      assert !@consumer.request_token_url?, "Should not use fully qualified request token url"
+      assert !@consumer.access_token_url?, "Should not use fully qualified access token url"
+      assert !@consumer.authorize_url?, "Should not use fully qualified url"
+
+      @request_token=@consumer.get_request_token
+      assert_not_nil @request_token
+      assert_equal "requestkey",@request_token.token
+      assert_equal "requestsecret",@request_token.secret
+      assert_equal "http://term.ie/oauth/example/authorize.php?oauth_token=requestkey",@request_token.authorize_url
+
+      @access_token=@request_token.get_access_token
+      assert_not_nil @access_token
+      assert_equal "accesskey",@access_token.token
+      assert_equal "accesssecret",@access_token.secret
+
+      @response=@access_token.get("/oauth/example/echo_api.php?ok=hello&test=this")
+      assert_not_nil @response
+      assert_equal "200",@response.code
+      assert_equal( "ok=hello&test=this",@response.body)
+
+      @response=@access_token.post("/oauth/example/echo_api.php",{'ok'=>'hello','test'=>'this'})
+      assert_not_nil @response
+      assert_equal "200",@response.code
+      assert_equal( "ok=hello&test=this",@response.body)
+    end
+
+    def test_get_token_sequence_using_fqdn
+      @consumer=OAuth::Consumer.new(
+          "key",
+          "secret",
+          {
+          :site=>"http://term.ie",
+          :request_token_url=>"http://term.ie/oauth/example/request_token.php",
+          :access_token_url=>"http://term.ie/oauth/example/access_token.php",
+          :authorize_url=>"http://term.ie/oauth/example/authorize.php"
+          })
+      assert_equal "http://term.ie/oauth/example/request_token.php",@consumer.request_token_url
+      assert_equal "http://term.ie/oauth/example/access_token.php",@consumer.access_token_url
+
+      assert @consumer.request_token_url?, "Should use fully qualified request token url"
+      assert @consumer.access_token_url?, "Should use fully qualified access token url"
+      assert @consumer.authorize_url?, "Should use fully qualified url"
+
+      @request_token=@consumer.get_request_token
+      assert_not_nil @request_token
+      assert_equal "requestkey",@request_token.token
+      assert_equal "requestsecret",@request_token.secret
+      assert_equal "http://term.ie/oauth/example/authorize.php?oauth_token=requestkey",@request_token.authorize_url
+
+      @access_token=@request_token.get_access_token
+      assert_not_nil @access_token
+      assert_equal "accesskey",@access_token.token
+      assert_equal "accesssecret",@access_token.secret
+
+      @response=@access_token.get("/oauth/example/echo_api.php?ok=hello&test=this")
+      assert_not_nil @response
+      assert_equal "200",@response.code
+      assert_equal( "ok=hello&test=this",@response.body)
+
+      @response=@access_token.post("/oauth/example/echo_api.php",{'ok'=>'hello','test'=>'this'})
+      assert_not_nil @response
+      assert_equal "200",@response.code
+      assert_equal( "ok=hello&test=this",@response.body)
+    end
+
+
+    # This test does an actual https request (the result doesn't matter)
+    # to initialize the same way as get_request_token does. Can be any
+    # site that supports https.
+    #
+    # It also generates "warning: using default DH parameters." which I
+    # don't know how to get rid of
+  #  def test_serialization_with_https
+  #    consumer = OAuth::Consumer.new('token', 'secret', :site => 'https://plazes.net')
+  #    consumer.http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+  #    consumer.http.get('/')
+  #
+  #    assert_nothing_raised do
+  #      # Specifically this should not raise TypeError: no marshal_dump
+  #      # is defined for class OpenSSL::SSL::SSLContext
+  #      Marshal.dump(consumer)
+  #    end
+  #  end
+  #
+    def test_get_request_token_with_custom_arguments
+      @consumer=OAuth::Consumer.new(
+          "key",
+          "secret",
+          {
+          :site=>"http://term.ie",
+          :request_token_path=>"/oauth/example/request_token.php",
+          :access_token_path=>"/oauth/example/access_token.php",
+          :authorize_path=>"/oauth/example/authorize.php"
+          })
+
+
+      debug = ""
+      @consumer.http.set_debug_output(debug)
+
+      # get_request_token should receive our custom request_options and *arguments parameters from get_request_token.
+      @consumer.get_request_token({}, {:scope => "http://www.google.com/calendar/feeds http://picasaweb.google.com/data"})
+
+      # Because this is a POST request, create_http_request should take the first element of *arguments
+      # and turn it into URL-encoded data in the body of the POST.
+      assert_match( /^<- "scope=http%3a%2f%2fwww.google.com%2fcalendar%2ffeeds%20http%3a%2f%2fpicasaweb.google.com%2fdata"/,
+        debug)
+    end
+
+    def test_post_with_body_stream
+      @consumer=OAuth::Consumer.new(
+          "key",
+          "secret",
+          {
+          :site=>"http://term.ie",
+          :request_token_path=>"/oauth/example/request_token.php",
+          :access_token_path=>"/oauth/example/access_token.php",
+          :authorize_path=>"/oauth/example/authorize.php"
+          })
+
+
+      @request_token=@consumer.get_request_token
+      @access_token=@request_token.get_access_token
+
+      request_body_string = "Hello, hello, hello"
+      request_body_stream = StringIO.new( request_body_string )
+
+      @response=@access_token.post("/oauth/example/echo_api.php",request_body_stream)
+      assert_not_nil @response
+      assert_equal "200",@response.code
+
+      request_body_file = File.open(__FILE__)
+
+      @response=@access_token.post("/oauth/example/echo_api.php",request_body_file)
+      assert_not_nil @response
+      assert_equal "200",@response.code
+
+      # unfortunately I don't know of a way to test that the body data was received correctly since the test server at http://term.ie
+      # echos back any non-oauth parameters but not the body.  However, this does test that the request is still correctly signed
+      # (including the Content-Length header) and that the server received Content-Length bytes of body since it won't process the
+      # request & respond until the full body length is received.
+    end
+
+    private
+
+    def request_parameters_to_s
+      @request_parameters.map { |k,v| "#{k}=#{v}" }.join("&")
+    end
+  end
+end