signet 0.1.0

data/lib/signet/oauth_1/credential.rb

@@ -0,0 +1,119 @@
+# Copyright (C) 2010 Google Inc.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License");
+#    you may not use this file except in compliance with the License.
+#    You may obtain a copy of the License at
+#
+#        http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS,
+#    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#    See the License for the specific language governing permissions and
+#    limitations under the License.
+
+module Signet #:nodoc:
+  module OAuth1
+    class Credential
+      ##
+      # Creates a token object from a key and secret.
+      #
+      # @example
+      #   Signet::OAuth1::Credential.new(
+      #     :key => "dpf43f3p2l4k3l03",
+      #     :secret => "kd94hf93k423kf44"
+      #   )
+      #
+      # @example
+      #   Signet::OAuth1::Credential.new([
+      #     ["oauth_token", "dpf43f3p2l4k3l03"],
+      #     ["oauth_token_secret", "kd94hf93k423kf44"]
+      #   ])
+      #
+      # @example
+      #   Signet::OAuth1::Credential.new(
+      #     "dpf43f3p2l4k3l03", "kd94hf93k423kf44"
+      #   )
+      def initialize(*args)
+        # We want to be particularly flexible in how we initialize a token
+        # object for maximum interoperability.  However, this flexibility
+        # means we need to be careful about returning an unexpected value for
+        # key or secret to avoid difficult-to-debug situations.  Thus lots
+        # of type-checking.
+
+        # This is cheaper than coercing to some kind of Hash with
+        # indifferent access.  Also uglier.
+        key_from_hash = lambda do |parameters|
+          parameters["oauth_token"] ||
+          parameters[:oauth_token] ||
+          parameters["key"] ||
+          parameters[:key]
+        end
+        secret_from_hash = lambda do |parameters|
+          parameters["oauth_token_secret"] ||
+          parameters[:oauth_token_secret] ||
+          parameters["secret"] ||
+          parameters[:secret]
+        end
+        if args.first.respond_to?(:to_hash)
+          parameters = args.first.to_hash
+          @key = key_from_hash.call(parameters)
+          @secret = secret_from_hash.call(parameters)
+          unless @key && @secret
+            raise ArgumentError,
+              "Could not find both key and secret in #{hash.inspect}."
+          end
+        else
+          # Normalize to an Array
+          if !args.first.kind_of?(String) &&
+              !args.first.respond_to?(:to_str) &&
+              args.first.kind_of?(Enumerable)
+            # We need to special-case strings since they're technically
+            # Enumerable objects.
+            args = args.first.to_a
+          elsif args.first.respond_to?(:to_ary)
+            args = args.first.to_ary
+          end
+          if args.all? { |value| value.kind_of?(Array) }
+            parameters = Hash[args]
+            @key = key_from_hash.call(parameters)
+            @secret = secret_from_hash.call(parameters)
+          elsif args.size == 2
+            @key, @secret = args
+          else
+            raise ArgumentError,
+              "wrong number of arguments (#{args.size} for 2)"
+          end
+        end
+        if @key.respond_to?(:to_str)
+          @key = @key.to_str
+        else
+          raise TypeError, "Expected String, got #{@key.class}."
+        end
+        if @secret.respond_to?(:to_str)
+          @secret = @secret.to_str
+        else
+          raise TypeError, "Expected String, got #{@secret.class}."
+        end
+      end
+
+      attr_accessor :key, :secret
+
+      def to_hash
+        return {
+          "oauth_token" => self.key,
+          "oauth_token_secret" => self.secret
+        }
+      end
+      alias_method :to_h, :to_hash
+
+      def ==(other)
+        if other.respond_to?(:key) && other.respond_to?(:secret)
+          return self.key == other.key && self.secret == other.secret
+        else
+          return false
+        end
+      end
+    end
+  end
+end

data/lib/signet/oauth_1/signature_methods/hmac_sha1.rb

@@ -0,0 +1,31 @@
+begin
+  require 'digest/hmac'
+rescue LoadError
+  require 'compat/digest/hmac'
+end
+require 'digest/sha1'
+require 'base64'
+
+require 'signet'
+
+module Signet #:nodoc:
+  module OAuth1
+    module HMACSHA1
+      def self.generate_signature(
+          base_string, client_credential_secret, token_credential_secret)
+        # Both the client secret and token secret must be escaped
+        client_credential_secret =
+          Signet::OAuth1.encode(client_credential_secret)
+        token_credential_secret =
+          Signet::OAuth1.encode(token_credential_secret)
+        # The key for the signature is just the client secret and token
+        # secret joined by the '&' character.  If the token secret is omitted,
+        # the '&' must still be present.
+        key = [client_credential_secret, token_credential_secret].join("&")
+        return Base64.encode64(Digest::HMAC.digest(
+          base_string, key, Digest::SHA1
+        )).strip
+      end
+    end
+  end
+end

data/lib/signet/version.rb

@@ -0,0 +1,26 @@
+# Copyright (C) 2010 Google Inc.
+# 
+#    Licensed under the Apache License, Version 2.0 (the "License");
+#    you may not use this file except in compliance with the License.
+#    You may obtain a copy of the License at
+# 
+#        http://www.apache.org/licenses/LICENSE-2.0
+# 
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS,
+#    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#    See the License for the specific language governing permissions and
+#    limitations under the License.
+
+# Used to prevent the class/module from being loaded more than once
+unless defined? Signet::VERSION
+  module Signet #:nodoc:
+    module VERSION #:nodoc:
+      MAJOR = 0
+      MINOR = 1
+      TINY  = 0
+
+      STRING = [MAJOR, MINOR, TINY].join('.')
+    end
+  end
+end

data/spec/force_compat/digest/hmac.rb

@@ -0,0 +1 @@
+raise LoadError, "Forcing compat-mode for testing."

data/spec/force_compat/securerandom.rb

@@ -0,0 +1 @@
+raise LoadError, "Forcing compat-mode for testing."

data/spec/signet/oauth_1/client_spec.rb

@@ -0,0 +1,687 @@
+# Copyright (C) 2010 Google Inc.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License");
+#    you may not use this file except in compliance with the License.
+#    You may obtain a copy of the License at
+#
+#        http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS,
+#    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#    See the License for the specific language governing permissions and
+#    limitations under the License.
+
+require 'spec_helper'
+
+require 'signet/oauth_1/client'
+require 'addressable/uri'
+
+def merge_body(chunked_body)
+  merged_body = StringIO.new
+  chunked_body.each do |chunk|
+    merged_body.write(chunk)
+  end
+  return merged_body.string
+end
+
+describe Signet::OAuth1::Client, 'unconfigured' do
+  before do
+    @client = Signet::OAuth1::Client.new
+  end
+
+  it 'should have no temporary_credential_uri' do
+    @client.temporary_credential_uri.should == nil
+  end
+
+  it 'should allow the temporary_credential_uri to be set to a String' do
+    @client.temporary_credential_uri = "http://example.com/"
+    @client.temporary_credential_uri.should === "http://example.com/"
+  end
+
+  it 'should allow the temporary_credential_uri to be set to a URI' do
+    @client.temporary_credential_uri =
+      Addressable::URI.parse("http://example.com/")
+    @client.temporary_credential_uri.should === "http://example.com/"
+  end
+
+  it 'should have no authorization_uri' do
+    @client.authorization_uri.should == nil
+  end
+
+  it 'should allow the authorization_uri to be set to a String' do
+    @client.authorization_uri = 'http://example.com/authorize'
+    @client.authorization_uri.to_s.should include(
+      'http://example.com/authorize'
+    )
+  end
+
+  it 'should allow the authorization_uri to be set to a URI' do
+    @client.authorization_uri =
+      Addressable::URI.parse('http://example.com/authorize')
+    @client.authorization_uri.to_s.should include(
+      'http://example.com/authorize'
+    )
+  end
+
+  it 'should have no token_credential_uri' do
+    @client.token_credential_uri.should == nil
+  end
+
+  it 'should allow the token_credential_uri to be set to a String' do
+    @client.token_credential_uri = "http://example.com/"
+    @client.token_credential_uri.should === "http://example.com/"
+  end
+
+  it 'should allow the token_credential_uri to be set to a URI' do
+    @client.token_credential_uri =
+      Addressable::URI.parse("http://example.com/")
+    @client.token_credential_uri.should === "http://example.com/"
+  end
+
+  it 'should have no client_credential' do
+    @client.client_credential.should == nil
+  end
+
+  it 'should raise an error for partially set client credentials' do
+    @client.client_credential_key = "12345"
+    @client.client_credential_secret = nil
+    (lambda do
+      @client.client_credential
+    end).should raise_error(ArgumentError)
+  end
+
+  it 'should raise an error for partially set client credentials' do
+    @client.client_credential_key = nil
+    @client.client_credential_secret = "54321"
+    (lambda do
+      @client.client_credential
+    end).should raise_error(ArgumentError)
+  end
+
+  it 'should allow the client_credential to be set to a ' +
+      'Signet::OAuth1::Credential' do
+    @client.client_credential =
+      Signet::OAuth1::Credential.new("12345", "54321")
+    @client.client_credential_key.should == "12345"
+    @client.client_credential_secret.should == "54321"
+    @client.client_credential.should ==
+      Signet::OAuth1::Credential.new("12345", "54321")
+  end
+
+  it 'should allow the client_credential to be set to nil' do
+    @client.client_credential_key = "12345"
+    @client.client_credential_secret = "54321"
+    @client.client_credential_key.should == "12345"
+    @client.client_credential_secret.should == "54321"
+    @client.client_credential = nil
+    @client.client_credential.should == nil
+    @client.client_credential_key.should == nil
+    @client.client_credential_secret.should == nil
+  end
+
+  it 'should not allow the client_credential to be set to a bogus value' do
+    (lambda do
+      @client.client_credential = 42
+    end).should raise_error(TypeError)
+  end
+
+  it 'should have no client_credential_key' do
+    @client.client_credential_key.should == nil
+  end
+
+  it 'should allow the client_credential_key to be set to a String' do
+    @client.client_credential_key = "12345"
+    @client.client_credential_key.should == "12345"
+  end
+
+  it 'should not allow the client_credential_key to be set to a non-String' do
+    (lambda do
+      @client.client_credential_key = 12345
+    end).should raise_error(TypeError)
+  end
+
+  it 'should have no client_credential_secret' do
+    @client.client_credential_secret.should == nil
+  end
+
+  it 'should allow the client_credential_secret to be set to a String' do
+    @client.client_credential_secret = "54321"
+    @client.client_credential_secret.should === "54321"
+  end
+
+  it 'should not allow the client_credential_secret ' +
+      'to be set to a non-String' do
+    (lambda do
+      @client.client_credential_secret = 54321
+    end).should raise_error(TypeError)
+  end
+
+  it 'should have an out-of-band callback' do
+    @client.callback.should == ::Signet::OAuth1::OUT_OF_BAND
+  end
+
+  it 'should allow the callback to be set to a String' do
+    @client.callback = "http://example.com/callback"
+    @client.callback.should == "http://example.com/callback"
+  end
+
+  it 'should allow the callback to be set to a URI' do
+    @client.callback =
+      Addressable::URI.parse("http://example.com/callback")
+    @client.callback.should == "http://example.com/callback"
+  end
+
+  it 'should not allow the callback to be set to a non-String' do
+    (lambda do
+      @client.callback = 12345
+    end).should raise_error(TypeError)
+  end
+
+  it 'should raise an error if the temporary credentials URI is not set' do
+    @client.client_credential_key = 'dpf43f3p2l4k3l03'
+    @client.client_credential_secret = 'kd94hf93k423kf44'
+    (lambda do
+      @client.generate_temporary_credential_request
+    end).should raise_error(ArgumentError)
+  end
+
+  it 'should raise an error if the client credential key is not set' do
+    @client.temporary_credential_uri =
+      'http://example.com/temporary_credentials'
+    @client.client_credential_secret = 'kd94hf93k423kf44'
+    (lambda do
+      @client.generate_temporary_credential_request
+    end).should raise_error(ArgumentError)
+  end
+
+  it 'should raise an error if the client credential secret is not set' do
+    @client.temporary_credential_uri =
+      'http://example.com/temporary_credentials'
+    @client.client_credential_key = 'dpf43f3p2l4k3l03'
+    (lambda do
+      @client.generate_temporary_credential_request
+    end).should raise_error(ArgumentError)
+  end
+
+  it 'should have no temporary_credential' do
+    @client.temporary_credential.should == nil
+  end
+
+  it 'should raise an error for partially set temporary credentials' do
+    @client.temporary_credential_key = "12345"
+    @client.temporary_credential_secret = nil
+    (lambda do
+      @client.temporary_credential
+    end).should raise_error(ArgumentError)
+  end
+
+  it 'should raise an error for partially set temporary credentials' do
+    @client.temporary_credential_key = nil
+    @client.temporary_credential_secret = "54321"
+    (lambda do
+      @client.temporary_credential
+    end).should raise_error(ArgumentError)
+  end
+
+  it 'should allow the temporary_credential to be set to a ' +
+      'Signet::OAuth1::Credential' do
+    @client.temporary_credential =
+      Signet::OAuth1::Credential.new("12345", "54321")
+    @client.temporary_credential_key.should == "12345"
+    @client.temporary_credential_secret.should == "54321"
+    @client.temporary_credential.should ==
+      Signet::OAuth1::Credential.new("12345", "54321")
+  end
+
+  it 'should allow the temporary_credential to be set to nil' do
+    @client.temporary_credential_key = "12345"
+    @client.temporary_credential_secret = "54321"
+    @client.temporary_credential_key.should == "12345"
+    @client.temporary_credential_secret.should == "54321"
+    @client.temporary_credential = nil
+    @client.temporary_credential.should == nil
+    @client.temporary_credential_key.should == nil
+    @client.temporary_credential_secret.should == nil
+  end
+
+  it 'should not allow the temporary_credential to be set to a bogus value' do
+    (lambda do
+      @client.temporary_credential = 42
+    end).should raise_error(TypeError)
+  end
+
+  it 'should have no temporary_credential_key' do
+    @client.temporary_credential_key.should == nil
+  end
+
+  it 'should allow the temporary_credential_key to be set to a String' do
+    @client.temporary_credential_key = "12345"
+    @client.temporary_credential_key.should === "12345"
+  end
+
+  it 'should not allow the temporary_credential_key ' +
+      'to be set to a non-String' do
+    (lambda do
+      @client.temporary_credential_key = 12345
+    end).should raise_error(TypeError)
+  end
+
+  it 'should have no temporary_credential_secret' do
+    @client.temporary_credential_secret.should == nil
+  end
+
+  it 'should allow the temporary_credential_secret to be set to a String' do
+    @client.temporary_credential_secret = "54321"
+    @client.temporary_credential_secret.should === "54321"
+  end
+
+  it 'should not allow the temporary_credential_secret ' +
+      'to be set to a non-String' do
+    (lambda do
+      @client.temporary_credential_secret = 54321
+    end).should raise_error(TypeError)
+  end
+
+  it 'should have no token_credential' do
+    @client.token_credential.should == nil
+  end
+
+  it 'should raise an error for partially set token credentials' do
+    @client.token_credential_key = "12345"
+    @client.token_credential_secret = nil
+    (lambda do
+      @client.token_credential
+    end).should raise_error(ArgumentError)
+  end
+
+  it 'should raise an error for partially set token credentials' do
+    @client.token_credential_key = nil
+    @client.token_credential_secret = "54321"
+    (lambda do
+      @client.token_credential
+    end).should raise_error(ArgumentError)
+  end
+
+  it 'should allow the token_credential to be set to a ' +
+      'Signet::OAuth1::Credential' do
+    @client.token_credential =
+      Signet::OAuth1::Credential.new("12345", "54321")
+    @client.token_credential_key.should == "12345"
+    @client.token_credential_secret.should == "54321"
+    @client.token_credential.should ==
+      Signet::OAuth1::Credential.new("12345", "54321")
+  end
+
+  it 'should allow the token_credential to be set to nil' do
+    @client.token_credential_key = "12345"
+    @client.token_credential_secret = "54321"
+    @client.token_credential_key.should == "12345"
+    @client.token_credential_secret.should == "54321"
+    @client.token_credential = nil
+    @client.token_credential.should == nil
+    @client.token_credential_key.should == nil
+    @client.token_credential_secret.should == nil
+  end
+
+  it 'should not allow the token_credential to be set to a bogus value' do
+    (lambda do
+      @client.token_credential = 42
+    end).should raise_error(TypeError)
+  end
+
+  it 'should have no token_credential_key' do
+    @client.token_credential_key.should == nil
+  end
+
+  it 'should allow the token_credential_key to be set to a String' do
+    @client.token_credential_key = "12345"
+    @client.token_credential_key.should === "12345"
+  end
+
+  it 'should not allow the token_credential_key ' +
+      'to be set to a non-String' do
+    (lambda do
+      @client.token_credential_key = 12345
+    end).should raise_error(TypeError)
+  end
+
+  it 'should have no token_credential_secret' do
+    @client.token_credential_secret.should == nil
+  end
+
+  it 'should allow the token_credential_secret to be set to a String' do
+    @client.token_credential_secret = "54321"
+    @client.token_credential_secret.should === "54321"
+  end
+
+  it 'should not allow the token_credential_secret ' +
+      'to be set to a non-String' do
+    (lambda do
+      @client.token_credential_secret = 54321
+    end).should raise_error(TypeError)
+  end
+end
+
+describe Signet::OAuth1::Client, 'configured' do
+  before do
+    @client = Signet::OAuth1::Client.new
+    @client.temporary_credential_uri =
+      'http://example.com/temporary_credentials'
+    @client.authorization_uri =
+      'http://example.com/authorize'
+    @client.token_credential_uri =
+      'http://example.com/token_credentials'
+    @client.callback = 'http://example.com/callback'
+    @client.client_credential_key = 'dpf43f3p2l4k3l03'
+    @client.client_credential_secret = 'kd94hf93k423kf44'
+    @client.temporary_credential_key = 'hh5s93j4hdidpola'
+    @client.temporary_credential_secret = 'hdhd0244k9j7ao03'
+    @client.token_credential_key = 'nnch734d00sl2jdk'
+    @client.token_credential_secret = 'pfkkdhi9sl3r4s00'
+  end
+
+  it 'should generate an authorization URI with a callback' do
+    @client.temporary_credential_key = nil
+    @client.authorization_uri.should ===
+      'http://example.com/authorize?oauth_callback=http://example.com/callback'
+  end
+
+  it 'should generate an authorization URI with a temporary credential' do
+    @client.callback = nil
+    @client.authorization_uri.to_s.should include(
+      'oauth_token=hh5s93j4hdidpola'
+    )
+  end
+
+  it 'should generate an authorization URI both a callback and ' +
+      'a temporary credential' do
+    @client.authorization_uri.to_s.should include(
+      'oauth_callback=http://example.com/callback'
+    )
+    @client.authorization_uri.to_s.should include(
+      'oauth_token=hh5s93j4hdidpola'
+    )
+  end
+
+  it 'should generate an authorization URI with additional parameters' do
+    authorization_uri = @client.authorization_uri(
+      :additional_parameters => {:domain => 'www.example.com'}
+    )
+    authorization_uri.to_s.should include(
+      'oauth_callback=http://example.com/callback'
+    )
+    authorization_uri.to_s.should include(
+      'oauth_token=hh5s93j4hdidpola'
+    )
+    authorization_uri.to_s.should include(
+      'domain=www.example.com'
+    )
+  end
+
+  it 'should raise an error if the verifier is not provided' do
+    (lambda do
+      @client.generate_token_credential_request
+    end).should raise_error(ArgumentError)
+    (lambda do
+      @client.generate_token_credential_request(:verifier => nil)
+    end).should raise_error(ArgumentError)
+  end
+
+  it 'should raise an error if the token credentials URI is not set' do
+    @client.token_credential_uri = nil
+    (lambda do
+      @client.generate_token_credential_request(:verifier => '12345')
+    end).should raise_error(ArgumentError)
+  end
+
+  it 'should raise an error if the client credential key is not set' do
+    @client.client_credential_key = nil
+    (lambda do
+      @client.generate_token_credential_request(:verifier => '12345')
+    end).should raise_error(ArgumentError)
+  end
+
+  it 'should raise an error if the client credential secret is not set' do
+    @client.client_credential_secret = nil
+    (lambda do
+      @client.generate_token_credential_request(:verifier => '12345')
+    end).should raise_error(ArgumentError)
+  end
+
+  it 'should raise an error if the temporary credential key is not set' do
+    @client.temporary_credential_key = nil
+    (lambda do
+      @client.generate_token_credential_request(:verifier => '12345')
+    end).should raise_error(ArgumentError)
+  end
+
+  it 'should raise an error if the temporary credential secret is not set' do
+    @client.temporary_credential_secret = nil
+    (lambda do
+      @client.generate_token_credential_request(:verifier => '12345')
+    end).should raise_error(ArgumentError)
+  end
+
+  it 'should raise an error if the client credential key is not set' do
+    @client.client_credential_key = nil
+    (lambda do
+      @client.generate_authenticated_request
+    end).should raise_error(ArgumentError)
+  end
+
+  it 'should raise an error if the client credential secret is not set' do
+    @client.client_credential_secret = nil
+    (lambda do
+      @client.generate_authenticated_request
+    end).should raise_error(ArgumentError)
+  end
+
+  it 'should raise an error if the token credential key is not set' do
+    @client.token_credential_key = nil
+    (lambda do
+      @client.generate_authenticated_request
+    end).should raise_error(ArgumentError)
+  end
+
+  it 'should raise an error if the token credential secret is not set' do
+    @client.token_credential_secret = nil
+    (lambda do
+      @client.generate_authenticated_request
+    end).should raise_error(ArgumentError)
+  end
+
+  it 'should raise an error if no request is provided' do
+    (lambda do
+      @client.generate_authenticated_request
+    end).should raise_error(ArgumentError)
+  end
+
+  it 'should raise an error if a bogus request is provided' do
+    (lambda do
+      @client.generate_authenticated_request(
+        :request => []
+      )
+    end).should raise_error(ArgumentError)
+  end
+
+  it 'should raise an error if no URI is provided' do
+    (lambda do
+      @client.generate_authenticated_request(
+        :method => 'GET',
+        :headers => [],
+        :body => ''
+      )
+    end).should raise_error(ArgumentError)
+  end
+
+  it 'should not raise an error if a request body is chunked' do
+    request = @client.generate_authenticated_request(
+      :method => 'POST',
+      :uri => 'https://photos.example.net/photos',
+      :body => ['A chunked body.']
+    )
+    method, uri, headers, body = request
+    merge_body(body).should == 'A chunked body.'
+  end
+
+  it 'should not raise an error if a request body is chunked' do
+    chunked_body = StringIO.new
+    chunked_body.write('A chunked body.')
+    chunked_body.rewind
+    request = @client.generate_authenticated_request(
+      :method => 'POST',
+      :uri => 'https://photos.example.net/photos',
+      :body => chunked_body
+    )
+    method, uri, headers, body = request
+    merge_body(body).should == 'A chunked body.'
+  end
+
+  it 'should raise an error if a request body is of a bogus type' do
+    (lambda do
+      @client.generate_authenticated_request(
+        :method => 'POST',
+        :uri => 'https://photos.example.net/photos',
+        :body => 42
+      )
+    end).should raise_error(TypeError)
+  end
+
+  it 'should correctly fetch the temporary credentials' do
+    # Repeat this because signatures change from test to test
+    10.times do
+      request = @client.generate_temporary_credential_request
+      method, uri, headers, body = request
+      method.should == 'POST'
+      uri.should == 'http://example.com/temporary_credentials'
+      authorization_header = nil
+      headers.each do |(header, value)|
+        authorization_header = value if header == 'Authorization'
+      end
+      parameters = Hash[::Signet::OAuth1.parse_authorization_header(
+        authorization_header
+      )]
+      parameters.should_not have_key('oauth_client_credential_key')
+      parameters.should_not have_key('oauth_temporary_credential_key')
+      parameters.should_not have_key('oauth_token')
+      parameters['oauth_nonce'].should =~ /^\w+$/
+      parameters['oauth_callback'].should == @client.callback
+      parameters['oauth_timestamp'].should =~ /^\d+$/
+      parameters['oauth_signature_method'].should == 'HMAC-SHA1'
+      parameters['oauth_consumer_key'].should == @client.client_credential_key
+      parameters['oauth_signature'].should =~ /^[a-zA-Z0-9\=\/\+]+$/
+      parameters['oauth_version'].should == '1.0'
+    end
+  end
+
+  it 'should correctly fetch the token credentials' do
+    # Repeat this because signatures change from test to test
+    10.times do
+      request = @client.generate_token_credential_request(
+        :verifier => '473f82d3'
+      )
+      method, uri, headers, body = request
+      method.should == 'POST'
+      uri.should == 'http://example.com/token_credentials'
+      authorization_header = nil
+      headers.each do |(header, value)|
+        authorization_header = value if header == 'Authorization'
+      end
+      parameters = Hash[::Signet::OAuth1.parse_authorization_header(
+        authorization_header
+      )]
+      parameters.should_not have_key('oauth_client_credential_key')
+      parameters.should_not have_key('oauth_temporary_credential_key')
+      parameters.should_not have_key('oauth_callback')
+      parameters['oauth_nonce'].should =~ /^\w+$/
+      parameters['oauth_timestamp'].should =~ /^\d+$/
+      parameters['oauth_signature_method'].should == 'HMAC-SHA1'
+      parameters['oauth_consumer_key'].should == @client.client_credential_key
+      parameters['oauth_token'].should == @client.temporary_credential_key
+      parameters['oauth_signature'].should =~ /^[a-zA-Z0-9\=\/\+]+$/
+      parameters['oauth_verifier'].should == '473f82d3'
+      parameters['oauth_version'].should == '1.0'
+    end
+  end
+
+  it 'should correctly fetch the protected resource' do
+    # Repeat this because signatures change from test to test
+    10.times do
+      original_request = [
+        'GET',
+        'https://photos.example.net/photos?file=vacation.jpg&size=original',
+        [['Host', 'photos.example.net']],
+        ['']
+      ]
+      signed_request = @client.generate_authenticated_request(
+        :request => original_request
+      )
+      method, uri, headers, body = signed_request
+      method.should == 'GET'
+      uri.should ==
+        'https://photos.example.net/photos?file=vacation.jpg&size=original'
+      authorization_header = nil
+      headers.each do |(header, value)|
+        authorization_header = value if header == 'Authorization'
+      end
+      merge_body(body).should == ''
+      parameters = Hash[::Signet::OAuth1.parse_authorization_header(
+        authorization_header
+      )]
+      parameters.should_not have_key('oauth_client_credential_key')
+      parameters.should_not have_key('oauth_temporary_credential_key')
+      parameters.should_not have_key('oauth_token_credential_key')
+      parameters.should_not have_key('oauth_callback')
+      parameters['oauth_nonce'].should =~ /^\w+$/
+      parameters['oauth_timestamp'].should =~ /^\d+$/
+      parameters['oauth_signature_method'].should == 'HMAC-SHA1'
+      parameters['oauth_consumer_key'].should == @client.client_credential_key
+      parameters['oauth_token'].should == @client.token_credential_key
+      parameters['oauth_signature'].should =~ /^[a-zA-Z0-9\=\/\+]+$/
+      parameters['oauth_version'].should == '1.0'
+    end
+  end
+
+  it 'should correctly fetch the protected resource' do
+    # Repeat this because signatures change from test to test
+    10.times do
+      original_request = [
+        'POST',
+        'https://photos.example.net/photos',
+        [
+          ['Host', 'photos.example.net'],
+          ['Content-Type', 'application/x-www-form-urlencoded; charset=utf-8'],
+          ['Content-Length', '31'],
+        ],
+        ['file=vacation.jpg&size=original']
+      ]
+      signed_request = @client.generate_authenticated_request(
+        :request => original_request
+      )
+      method, uri, headers, body = signed_request
+      method.should == 'POST'
+      uri.should ==
+        'https://photos.example.net/photos'
+      authorization_header = nil
+      headers.each do |(header, value)|
+        authorization_header = value if header == 'Authorization'
+      end
+      merge_body(body).should == 'file=vacation.jpg&size=original'
+      parameters = Hash[::Signet::OAuth1.parse_authorization_header(
+        authorization_header
+      )]
+      parameters.should_not have_key('oauth_client_credential_key')
+      parameters.should_not have_key('oauth_temporary_credential_key')
+      parameters.should_not have_key('oauth_token_credential_key')
+      parameters.should_not have_key('oauth_callback')
+      parameters['oauth_nonce'].should =~ /^\w+$/
+      parameters['oauth_timestamp'].should =~ /^\d+$/
+      parameters['oauth_signature_method'].should == 'HMAC-SHA1'
+      parameters['oauth_consumer_key'].should == @client.client_credential_key
+      parameters['oauth_token'].should == @client.token_credential_key
+      parameters['oauth_signature'].should =~ /^[a-zA-Z0-9\=\/\+]+$/
+      parameters['oauth_version'].should == '1.0'
+    end
+  end
+end