signet 0.14.0 → 0.17.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.yardopts +11 -0
- data/CHANGELOG.md +31 -0
- data/CODE_OF_CONDUCT.md +43 -0
- data/README.md +10 -7
- data/SECURITY.md +7 -0
- data/lib/signet/oauth_1/client.rb +51 -72
- data/lib/signet/oauth_1/credential.rb +3 -11
- data/lib/signet/oauth_1/server.rb +8 -30
- data/lib/signet/oauth_1/signature_methods/hmac_sha1.rb +1 -1
- data/lib/signet/oauth_1/signature_methods/plaintext.rb +1 -1
- data/lib/signet/oauth_1/signature_methods/rsa_sha1.rb +2 -2
- data/lib/signet/oauth_1.rb +12 -22
- data/lib/signet/oauth_2/client.rb +37 -58
- data/lib/signet/oauth_2.rb +10 -14
- data/lib/signet/version.rb +1 -1
- data/lib/signet.rb +5 -8
- metadata +25 -39
- data/Gemfile +0 -8
- data/Rakefile +0 -112
- data/signet.gemspec +0 -44
- data/spec/signet/oauth_1/client_spec.rb +0 -810
- data/spec/signet/oauth_1/credential_spec.rb +0 -169
- data/spec/signet/oauth_1/server_spec.rb +0 -839
- data/spec/signet/oauth_1/signature_methods/hmac_sha1_spec.rb +0 -61
- data/spec/signet/oauth_1/signature_methods/plaintext_spec.rb +0 -61
- data/spec/signet/oauth_1/signature_methods/rsa_sha1_spec.rb +0 -126
- data/spec/signet/oauth_1_spec.rb +0 -1010
- data/spec/signet/oauth_2/client_spec.rb +0 -1254
- data/spec/signet/oauth_2_spec.rb +0 -194
- data/spec/signet_spec.rb +0 -78
- data/spec/spec.opts +0 -2
- data/spec/spec_helper.rb +0 -10
- data/spec/spec_helper_spec.rb +0 -17
- data/website/index.html +0 -95
@@ -1,839 +0,0 @@
|
|
1
|
-
# Copyright (C) 2011 The Yakima Herald-Republic.
|
2
|
-
#
|
3
|
-
# Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
-
# you may not use this file except in compliance with the License.
|
5
|
-
# You may obtain a copy of the License at
|
6
|
-
#
|
7
|
-
# http://www.apache.org/licenses/LICENSE-2.0
|
8
|
-
#
|
9
|
-
# Unless required by applicable law or agreed to in writing, software
|
10
|
-
# distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
-
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
-
# See the License for the specific language governing permissions and
|
13
|
-
# limitations under the License.
|
14
|
-
require "spec_helper"
|
15
|
-
require "signet/oauth_1/server"
|
16
|
-
require "signet/oauth_1/client"
|
17
|
-
require "addressable/uri"
|
18
|
-
require "stringio"
|
19
|
-
|
20
|
-
def merge_body chunked_body
|
21
|
-
merged_body = StringIO.new
|
22
|
-
chunked_body.each do |chunk|
|
23
|
-
merged_body.write chunk
|
24
|
-
end
|
25
|
-
merged_body.string
|
26
|
-
end
|
27
|
-
|
28
|
-
def make_oauth_signature_header real_headers = {}
|
29
|
-
[oauth_headers({ "oauth_signature" => "oauth_signature" }.merge(real_headers))]
|
30
|
-
end
|
31
|
-
|
32
|
-
def make_oauth_token_header real_headers = {}
|
33
|
-
[oauth_headers({ "oauth_token" => "oauth_token" }.merge(real_headers))]
|
34
|
-
end
|
35
|
-
|
36
|
-
def oauth_headers real_headers = {}
|
37
|
-
headers = {}
|
38
|
-
%w[oauth_consumer_key oauth_timestamp oauth_nonce].each do |key|
|
39
|
-
headers[key] = key
|
40
|
-
end
|
41
|
-
headers["oauth_signature_method"] = "HMAC-SHA1"
|
42
|
-
headers["oauth_version"] = "1.0"
|
43
|
-
headers.merge! real_headers
|
44
|
-
["Authorization", ::Signet::OAuth1.generate_authorization_header(headers, nil)]
|
45
|
-
end
|
46
|
-
|
47
|
-
def make_temporary_credential_request client, callback = nil, uri = nil, realm = nil
|
48
|
-
client.callback = callback if callback
|
49
|
-
client.temporary_credential_uri = uri || "http://photos.example.net/initiate"
|
50
|
-
client.generate_temporary_credential_request realm: realm
|
51
|
-
end
|
52
|
-
|
53
|
-
def make_token_credential_request client, verifier = nil, realm = nil, uri = nil
|
54
|
-
client.token_credential_uri = uri || "http://photos.example.net/token"
|
55
|
-
client.generate_token_credential_request(verifier: verifier || "12345",
|
56
|
-
realm: realm)
|
57
|
-
end
|
58
|
-
|
59
|
-
def make_resource_request client, real_request = {}, realm = nil
|
60
|
-
client.generate_authenticated_request(
|
61
|
-
method: real_request[:method] || "GET",
|
62
|
-
uri: real_request[:uri] || "http://photos.example.net/photos",
|
63
|
-
body: real_request[:body],
|
64
|
-
headers: real_request[:headers],
|
65
|
-
realm: realm
|
66
|
-
)
|
67
|
-
end
|
68
|
-
|
69
|
-
|
70
|
-
describe Signet::OAuth1::Server, "unconfigured" do
|
71
|
-
before do
|
72
|
-
@server = Signet::OAuth1::Server.new
|
73
|
-
end
|
74
|
-
it "should not have a client_credential Proc" do
|
75
|
-
expect(@server.client_credential).to eq nil
|
76
|
-
end
|
77
|
-
it "should not have a token_credential Proc" do
|
78
|
-
expect(@server.token_credential).to eq nil
|
79
|
-
end
|
80
|
-
it "should not have a nonce_timestamp Proc" do
|
81
|
-
expect(@server.nonce_timestamp).to eq nil
|
82
|
-
end
|
83
|
-
it "should not have a verifier Proc" do
|
84
|
-
expect(@server.verifier).to eq nil
|
85
|
-
end
|
86
|
-
end
|
87
|
-
|
88
|
-
|
89
|
-
describe Signet::OAuth1::Server, "configured" do
|
90
|
-
before do
|
91
|
-
@server = Signet::OAuth1::Server.new
|
92
|
-
@client_credential_key = "dpf43f3p2l4k3l03"
|
93
|
-
@client_credential_secret = "kd94hf93k423kf44"
|
94
|
-
@token_credential_key = "nnch734d00sl2jdk"
|
95
|
-
@token_credential_secret = "pfkkdhi9sl3r4s00"
|
96
|
-
@temporary_credential_key = "hh5s93j4hdidpola"
|
97
|
-
@temporary_credential_secret = "hdhd0244k9j7ao03"
|
98
|
-
@verifier = "hfdp7dh39dks9884"
|
99
|
-
|
100
|
-
@server.client_credential =
|
101
|
-
lambda do |x|
|
102
|
-
x.nil? ? nil : Signet::OAuth1::Credential.new(@client_credential_key,
|
103
|
-
@client_credential_secret)
|
104
|
-
end
|
105
|
-
@server.token_credential =
|
106
|
-
lambda do |x|
|
107
|
-
x.nil? ? nil : Signet::OAuth1::Credential.new(@token_credential_key,
|
108
|
-
@token_credential_secret)
|
109
|
-
end
|
110
|
-
@server.temporary_credential =
|
111
|
-
lambda do |x|
|
112
|
-
x.nil? ? nil : Signet::OAuth1::Credential.new(@temporary_credential_key,
|
113
|
-
@temporary_credential_secret)
|
114
|
-
end
|
115
|
-
@server.nonce_timestamp =
|
116
|
-
lambda do |nonce, timestamp|
|
117
|
-
!(nonce.nil? && timestamp.nil?)
|
118
|
-
end
|
119
|
-
@server.verifier = ->(x) { x == @verifier }
|
120
|
-
end
|
121
|
-
|
122
|
-
it "should raise an error if the client credential Proc is not set" do
|
123
|
-
@server.client_credential = nil
|
124
|
-
expect(lambda do
|
125
|
-
@server.authenticate_resource_request
|
126
|
-
end).to raise_error(ArgumentError)
|
127
|
-
end
|
128
|
-
|
129
|
-
it "should raise an error if the token credential Proc is not set" do
|
130
|
-
@server.token_credential = nil
|
131
|
-
expect(lambda do
|
132
|
-
@server.authenticate_resource_request
|
133
|
-
end).to raise_error(ArgumentError)
|
134
|
-
end
|
135
|
-
|
136
|
-
it "should raise an error if the temporary token credential Proc is not set" do
|
137
|
-
@server.temporary_credential = nil
|
138
|
-
expect(lambda do
|
139
|
-
@server.authenticate_token_credential_request
|
140
|
-
end).to raise_error(ArgumentError)
|
141
|
-
end
|
142
|
-
|
143
|
-
it "should raise an error if the verifier Proc is not set for a token request" do
|
144
|
-
@server.verifier = nil
|
145
|
-
expect(lambda do
|
146
|
-
@server.authenticate_token_credential_request
|
147
|
-
end).to raise_error(ArgumentError)
|
148
|
-
end
|
149
|
-
|
150
|
-
it "should raise an error if no request is provided" do
|
151
|
-
expect(lambda do
|
152
|
-
@server.authenticate_resource_request
|
153
|
-
end).to raise_error(ArgumentError)
|
154
|
-
end
|
155
|
-
|
156
|
-
it "should raise an error if a bogus request is provided" do
|
157
|
-
expect(lambda do
|
158
|
-
@server.authenticate_resource_request(
|
159
|
-
request: []
|
160
|
-
)
|
161
|
-
end).to raise_error(ArgumentError)
|
162
|
-
end
|
163
|
-
|
164
|
-
it "should raise an error if no Authentication header is provided" do
|
165
|
-
expect(lambda do
|
166
|
-
@server.authenticate_resource_request(
|
167
|
-
method: "GET",
|
168
|
-
uri: "https://photos.example.net/photos",
|
169
|
-
headers: [["Authorization", ""]],
|
170
|
-
body: ""
|
171
|
-
)
|
172
|
-
end).to raise_error(Signet::MalformedAuthorizationError)
|
173
|
-
end
|
174
|
-
|
175
|
-
it "should raise an error if no URI is provided" do
|
176
|
-
expect(lambda do
|
177
|
-
@server.authenticate_resource_request(
|
178
|
-
method: "GET",
|
179
|
-
headers: [],
|
180
|
-
body: ""
|
181
|
-
)
|
182
|
-
end).to raise_error(ArgumentError)
|
183
|
-
end
|
184
|
-
|
185
|
-
it "should reject a request with the wrong signature method" do
|
186
|
-
bad_method = "FOO"
|
187
|
-
expect(lambda do
|
188
|
-
@server.authenticate_resource_request(
|
189
|
-
method: "GET",
|
190
|
-
uri: "http://photos.example.net/photos",
|
191
|
-
headers: make_oauth_token_header("oauth_signature_method"=>bad_method)
|
192
|
-
)
|
193
|
-
end).to raise_error(NotImplementedError,
|
194
|
-
"Unsupported signature method: #{bad_method}")
|
195
|
-
end
|
196
|
-
|
197
|
-
|
198
|
-
describe "calling find_temporary_credential" do
|
199
|
-
it "should return a Signet credential if the Proc provides one" do
|
200
|
-
@server.temporary_credential =
|
201
|
-
lambda do |x|
|
202
|
-
x.nil? ? nil : Signet::OAuth1::Credential.new(
|
203
|
-
@temporary_credential_key, @temporary_credential_secret
|
204
|
-
)
|
205
|
-
end
|
206
|
-
expect(@server.find_temporary_credential(@temporary_credential_key)).to eq(
|
207
|
-
Signet::OAuth1::Credential.new(@temporary_credential_key,
|
208
|
-
@temporary_credential_secret)
|
209
|
-
)
|
210
|
-
end
|
211
|
-
it "should return a Signet credential if the Proc provides a key/secret pair" do
|
212
|
-
@server.temporary_credential =
|
213
|
-
lambda do |_x|
|
214
|
-
{ key: @temporary_credential_key, secret: @temporary_credential_secret }
|
215
|
-
end
|
216
|
-
expect(@server.find_temporary_credential(@temporary_credential_key)).to eq(
|
217
|
-
Signet::OAuth1::Credential.new(@temporary_credential_key,
|
218
|
-
@temporary_credential_secret)
|
219
|
-
)
|
220
|
-
end
|
221
|
-
it "should return a Signet credential if the Proc provides " \
|
222
|
-
"a key/secret Enumerable" do
|
223
|
-
@server.temporary_credential =
|
224
|
-
lambda do |_x|
|
225
|
-
[@temporary_credential_key, @temporary_credential_secret]
|
226
|
-
end
|
227
|
-
expect(@server.find_temporary_credential(@temporary_credential_key)).to eq(
|
228
|
-
Signet::OAuth1::Credential.new(@temporary_credential_key,
|
229
|
-
@temporary_credential_secret)
|
230
|
-
)
|
231
|
-
end
|
232
|
-
|
233
|
-
it "should return nil if the Proc does not provide a usable response" do
|
234
|
-
@server.temporary_credential = ->(_x) { nil }
|
235
|
-
expect(@server.find_temporary_credential(@temporary_credential_key)).to eq nil
|
236
|
-
end
|
237
|
-
end
|
238
|
-
|
239
|
-
|
240
|
-
describe "calling find_client_credential" do
|
241
|
-
it "should return a Signet credential if the Proc provides one" do
|
242
|
-
@server.client_credential =
|
243
|
-
lambda do |x|
|
244
|
-
x.nil? ? nil : Signet::OAuth1::Credential.new(@client_credential_key,
|
245
|
-
@client_credential_secret)
|
246
|
-
end
|
247
|
-
expect(@server.find_client_credential(@client_credential_key)).to eq(
|
248
|
-
Signet::OAuth1::Credential.new(@client_credential_key,
|
249
|
-
@client_credential_secret)
|
250
|
-
)
|
251
|
-
end
|
252
|
-
it "should return a Signet credential if the Proc provides a key/secret pair" do
|
253
|
-
@server.client_credential =
|
254
|
-
lambda do |_x|
|
255
|
-
{ key: @client_credential_key, secret: @client_credential_secret }
|
256
|
-
end
|
257
|
-
expect(@server.find_client_credential(@client_credential_key)).to eq(
|
258
|
-
Signet::OAuth1::Credential.new(@client_credential_key,
|
259
|
-
@client_credential_secret)
|
260
|
-
)
|
261
|
-
end
|
262
|
-
it "should return a Signet credential if the Proc provides " \
|
263
|
-
"a key/secret Enumerable" do
|
264
|
-
@server.client_credential =
|
265
|
-
lambda do |_x|
|
266
|
-
[@client_credential_key, @client_credential_secret]
|
267
|
-
end
|
268
|
-
expect(@server.find_client_credential(@client_credential_key)).to eq(
|
269
|
-
Signet::OAuth1::Credential.new(@client_credential_key,
|
270
|
-
@client_credential_secret)
|
271
|
-
)
|
272
|
-
end
|
273
|
-
|
274
|
-
it "should return nil if the Proc does not provide a usable response" do
|
275
|
-
@server.client_credential = ->(_x) { nil }
|
276
|
-
expect(@server.find_client_credential(@client_credential_key)).to be_nil
|
277
|
-
end
|
278
|
-
end
|
279
|
-
|
280
|
-
|
281
|
-
describe "calling find_token_credential" do
|
282
|
-
it "should return a Signet credential if the Proc provides one" do
|
283
|
-
@server.token_credential =
|
284
|
-
lambda do |x|
|
285
|
-
x.nil? ? nil : Signet::OAuth1::Credential.new(@token_credential_key,
|
286
|
-
@token_credential_secret)
|
287
|
-
end
|
288
|
-
expect(@server.find_token_credential(@token_credential_key)).to eq(
|
289
|
-
Signet::OAuth1::Credential.new(@token_credential_key,
|
290
|
-
@token_credential_secret)
|
291
|
-
)
|
292
|
-
end
|
293
|
-
|
294
|
-
it "should return a Signet credential if the Proc provides a key/secret pair" do
|
295
|
-
@server.token_credential =
|
296
|
-
lambda do |_x|
|
297
|
-
{ key: @token_credential_key, secret: @token_credential_secret }
|
298
|
-
end
|
299
|
-
expect(@server.find_token_credential(@token_credential_key)).to eq(
|
300
|
-
Signet::OAuth1::Credential.new(@token_credential_key,
|
301
|
-
@token_credential_secret)
|
302
|
-
)
|
303
|
-
end
|
304
|
-
|
305
|
-
it "should return a Signet credential if the Proc provides " \
|
306
|
-
"a key/secret Enumerable" do
|
307
|
-
@server.token_credential =
|
308
|
-
lambda do |_x|
|
309
|
-
[@token_credential_key, @token_credential_secret]
|
310
|
-
end
|
311
|
-
expect(@server.find_token_credential(@token_credential_key)).to eq(
|
312
|
-
Signet::OAuth1::Credential.new(@token_credential_key,
|
313
|
-
@token_credential_secret)
|
314
|
-
)
|
315
|
-
end
|
316
|
-
|
317
|
-
it "should return nil if the Proc does not provide a usable response" do
|
318
|
-
@server.token_credential = ->(_x) { nil }
|
319
|
-
expect(@server.find_token_credential(@token_credential_key)).to be_nil
|
320
|
-
end
|
321
|
-
end
|
322
|
-
|
323
|
-
|
324
|
-
describe "calling find_verifier" do
|
325
|
-
it "should return false if server verifier returns false" do
|
326
|
-
@server.verifier = ->(_x) { false }
|
327
|
-
expect(@server.find_verifier(@verifier)).to eq false
|
328
|
-
end
|
329
|
-
it "should return false if server verifier returns nil" do
|
330
|
-
@server.verifier = ->(_x) { nil }
|
331
|
-
expect(@server.find_verifier(@verifier)).to eq false
|
332
|
-
end
|
333
|
-
it "should return true if server verifier returns a random object" do
|
334
|
-
@server.verifier = ->(x) { x.succ }
|
335
|
-
expect(@server.find_verifier(@verifier)).to eq true
|
336
|
-
end
|
337
|
-
end
|
338
|
-
|
339
|
-
describe "calling validate_nonce_timestamp" do
|
340
|
-
it "should return false if nonce_timestamp Proc returns false" do
|
341
|
-
@server.nonce_timestamp = ->(_n, _t) { false }
|
342
|
-
expect(@server.validate_nonce_timestamp("nonce", "timestamp")).to be false
|
343
|
-
end
|
344
|
-
it "should return false if nonce_timestamp Proc returns nil" do
|
345
|
-
@server.nonce_timestamp = ->(_n, _t) { nil }
|
346
|
-
expect(@server.validate_nonce_timestamp("nonce", "timestamp")).to be false
|
347
|
-
end
|
348
|
-
it "should return true if nonce_timestamp Proc returns a random object" do
|
349
|
-
@server.nonce_timestamp = ->(n, t) { n + t.to_s }
|
350
|
-
expect(@server.validate_nonce_timestamp("nonce", "timestamp")).to be true
|
351
|
-
end
|
352
|
-
end
|
353
|
-
|
354
|
-
|
355
|
-
describe "expecting a request for a temporary credential" do
|
356
|
-
before do
|
357
|
-
@client = Signet::OAuth1::Client.new(
|
358
|
-
client_credential_key: @client_credential_key,
|
359
|
-
client_credential_secret: @client_credential_secret,
|
360
|
-
temporary_credential_uri: "http://photos.example.net/initiate"
|
361
|
-
)
|
362
|
-
end
|
363
|
-
|
364
|
-
it "should raise an error if the client credential Proc is not set" do
|
365
|
-
@server.client_credential = nil
|
366
|
-
expect(lambda do
|
367
|
-
@server.authenticate_temporary_credential_request(
|
368
|
-
request: make_temporary_credential_request(@client)
|
369
|
-
)
|
370
|
-
end).to raise_error(ArgumentError)
|
371
|
-
end
|
372
|
-
it "should reject an malformed request" do
|
373
|
-
bad_request = make_temporary_credential_request @client, nil, "https://photos.example.net/photos"
|
374
|
-
bad_request.headers["Authorization"].gsub!(/(OAuth)(.+)/, (Regexp.last_match 1).to_s)
|
375
|
-
expect(lambda do
|
376
|
-
@server.authenticate_temporary_credential_request(
|
377
|
-
request: bad_request
|
378
|
-
)
|
379
|
-
end).to raise_error(Signet::MalformedAuthorizationError)
|
380
|
-
end
|
381
|
-
|
382
|
-
it "should call a user-supplied Proc to validate a nonce/timestamp pair" do
|
383
|
-
nonce_callback = double "nonce"
|
384
|
-
expect(nonce_callback).to receive(:call).once.with(
|
385
|
-
an_instance_of(String), an_instance_of(String)
|
386
|
-
).and_return(true)
|
387
|
-
|
388
|
-
@server.nonce_timestamp = nonce_callback
|
389
|
-
@server.authenticate_temporary_credential_request(
|
390
|
-
request: make_temporary_credential_request(@client)
|
391
|
-
)
|
392
|
-
end
|
393
|
-
|
394
|
-
it "should return 'oob' for a valid request without an oauth_callback" do
|
395
|
-
bad_request = make_temporary_credential_request @client
|
396
|
-
expect(@server.authenticate_temporary_credential_request(
|
397
|
-
request: bad_request
|
398
|
-
)).to eq "oob"
|
399
|
-
end
|
400
|
-
it "should return the oauth_callback for a valid request " \
|
401
|
-
"with an oauth_callback" do
|
402
|
-
callback = "http://printer.example.com/ready"
|
403
|
-
expect(@server.authenticate_temporary_credential_request(
|
404
|
-
request: make_temporary_credential_request(@client, callback)
|
405
|
-
)).to eq callback
|
406
|
-
end
|
407
|
-
it "should return false for an unauthenticated request" do
|
408
|
-
bad_request = make_temporary_credential_request @client
|
409
|
-
bad_request.headers["Authorization"].gsub!(/oauth_signature=\".+\"/,
|
410
|
-
"oauth_signature=\"foobar\"")
|
411
|
-
expect(@server.authenticate_temporary_credential_request(
|
412
|
-
request: bad_request
|
413
|
-
)).to eq false
|
414
|
-
end
|
415
|
-
it "should return nil from #request_realm if no realm is provided" do
|
416
|
-
req = make_temporary_credential_request @client
|
417
|
-
expect(@server.request_realm(
|
418
|
-
request: req
|
419
|
-
)).to eq nil
|
420
|
-
end
|
421
|
-
|
422
|
-
describe "with a Realm provided" do
|
423
|
-
it "should return the realm from #request_realm" do
|
424
|
-
req = make_temporary_credential_request @client, nil, nil, "Photos"
|
425
|
-
expect(@server.request_realm(
|
426
|
-
request: req
|
427
|
-
)).to eq "Photos"
|
428
|
-
end
|
429
|
-
it 'should return "oob" with a valid request without an oauth_callback' do
|
430
|
-
req = make_temporary_credential_request @client, nil, nil, "Photos"
|
431
|
-
expect(@server.authenticate_temporary_credential_request(
|
432
|
-
request: req
|
433
|
-
)).to eq "oob"
|
434
|
-
end
|
435
|
-
end
|
436
|
-
end
|
437
|
-
|
438
|
-
|
439
|
-
describe "expecting a request for a token credential" do
|
440
|
-
before do
|
441
|
-
@client = Signet::OAuth1::Client.new(
|
442
|
-
client_credential_key: @client_credential_key,
|
443
|
-
client_credential_secret: @client_credential_secret,
|
444
|
-
temporary_credential_key: @temporary_credential_key,
|
445
|
-
temporary_credential_secret: @temporary_credential_secret,
|
446
|
-
token_credential_uri: "http://photos.example.net/token"
|
447
|
-
)
|
448
|
-
@return_hash = { client_credential: Signet::OAuth1::Credential.new(@client_credential_key, @client_credential_secret),
|
449
|
-
temporary_credential: Signet::OAuth1::Credential.new(@temporary_credential_key, @temporary_credential_secret),
|
450
|
-
realm: nil }
|
451
|
-
end
|
452
|
-
|
453
|
-
it "should reject an malformed request" do
|
454
|
-
bad_request = make_token_credential_request @client
|
455
|
-
bad_request.headers["Authorization"].gsub!(/(OAuth)(.+)/, (Regexp.last_match 1).to_s)
|
456
|
-
|
457
|
-
expect(lambda do
|
458
|
-
@server.authenticate_token_credential_request(
|
459
|
-
request: bad_request
|
460
|
-
)
|
461
|
-
end).to raise_error(Signet::MalformedAuthorizationError)
|
462
|
-
end
|
463
|
-
it "should call a user-supplied Proc to validate a nonce/timestamp pair" do
|
464
|
-
nonce_callback = double "nonce"
|
465
|
-
expect(nonce_callback).to receive(:call).once.with(
|
466
|
-
an_instance_of(String), an_instance_of(String)
|
467
|
-
).and_return(true)
|
468
|
-
@server.nonce_timestamp = nonce_callback
|
469
|
-
@server.authenticate_token_credential_request(
|
470
|
-
request: make_token_credential_request(@client)
|
471
|
-
)
|
472
|
-
end
|
473
|
-
it "should return an informational hash for a valid request" do
|
474
|
-
expect(@server.authenticate_token_credential_request(
|
475
|
-
request: make_token_credential_request(@client)
|
476
|
-
)).to eq @return_hash
|
477
|
-
end
|
478
|
-
it "should return nil for an unauthenticated request" do
|
479
|
-
bad_request = make_token_credential_request @client
|
480
|
-
bad_request.headers["Authorization"].gsub!(/oauth_signature=\".+\"/,
|
481
|
-
"oauth_signature=\"foobar\"")
|
482
|
-
expect(@server.authenticate_token_credential_request(
|
483
|
-
request: bad_request
|
484
|
-
)).to eq nil
|
485
|
-
end
|
486
|
-
it "should call a user-supplied Proc to fetch the client credential" do
|
487
|
-
client_cred = Signet::OAuth1::Credential.new(@client_credential_key,
|
488
|
-
@client_credential_secret)
|
489
|
-
key_callback = double "client_cred"
|
490
|
-
expect(key_callback).to receive(:call).at_least(:once).with(
|
491
|
-
@client_credential_key
|
492
|
-
).and_return(client_cred)
|
493
|
-
|
494
|
-
@server.client_credential = key_callback
|
495
|
-
@server.authenticate_token_credential_request(
|
496
|
-
request: make_token_credential_request(@client)
|
497
|
-
)
|
498
|
-
end
|
499
|
-
|
500
|
-
it "should call a user-supplied Proc to fetch the temporary token credential" do
|
501
|
-
temp_cred = Signet::OAuth1::Credential.new(@temporary_credential_key,
|
502
|
-
@temporary_credential_secret)
|
503
|
-
temp_callback = double "temp_cred"
|
504
|
-
expect(temp_callback).to receive(:call).at_least(:once).with(
|
505
|
-
@temporary_credential_key
|
506
|
-
).and_return(temp_cred)
|
507
|
-
|
508
|
-
@server.temporary_credential = temp_callback
|
509
|
-
@server.authenticate_token_credential_request(
|
510
|
-
request: make_token_credential_request(@client)
|
511
|
-
)
|
512
|
-
end
|
513
|
-
it "should return nil from #request_realm if no realm is provided" do
|
514
|
-
req = make_token_credential_request @client
|
515
|
-
expect(@server.request_realm(
|
516
|
-
request: req
|
517
|
-
)).to eq nil
|
518
|
-
end
|
519
|
-
|
520
|
-
describe "with a Realm provided" do
|
521
|
-
before do
|
522
|
-
@realm = "Photos"
|
523
|
-
@return_hash[:realm] = @realm
|
524
|
-
end
|
525
|
-
it "should return the realm from #request_realm" do
|
526
|
-
req = make_token_credential_request @client, nil, @realm
|
527
|
-
expect(@server.request_realm(
|
528
|
-
request: req
|
529
|
-
)).to eq @realm
|
530
|
-
end
|
531
|
-
it "should an informational hash with a valid request" do
|
532
|
-
req = make_token_credential_request @client, nil, @realm
|
533
|
-
expect(@server.authenticate_token_credential_request(
|
534
|
-
request: req
|
535
|
-
)).to eq @return_hash
|
536
|
-
end
|
537
|
-
end
|
538
|
-
end
|
539
|
-
|
540
|
-
|
541
|
-
describe "expecting a request for a protected resource" do
|
542
|
-
before :each do
|
543
|
-
@client = Signet::OAuth1::Client.new(
|
544
|
-
client_credential_key: @client_credential_key,
|
545
|
-
client_credential_secret: @client_credential_secret,
|
546
|
-
token_credential_key: @token_credential_key,
|
547
|
-
token_credential_secret: @token_credential_secret
|
548
|
-
)
|
549
|
-
@return_hash = { client_credential: Signet::OAuth1::Credential.new(@client_credential_key, @client_credential_secret),
|
550
|
-
token_credential: Signet::OAuth1::Credential.new(@token_credential_key, @token_credential_secret),
|
551
|
-
realm: nil }
|
552
|
-
end
|
553
|
-
|
554
|
-
it "should not raise an error if a request body is chunked(as Array)" do
|
555
|
-
approved = @server.authenticate_resource_request(
|
556
|
-
method: "POST",
|
557
|
-
uri: "https://photos.example.net/photos",
|
558
|
-
body: ["A chunked body."],
|
559
|
-
headers: make_oauth_signature_header
|
560
|
-
)
|
561
|
-
expect(approved).to eq nil
|
562
|
-
end
|
563
|
-
|
564
|
-
it "should not raise an error if a request body is chunked(as StringIO)" do
|
565
|
-
chunked_body = StringIO.new
|
566
|
-
chunked_body.write "A chunked body."
|
567
|
-
chunked_body.rewind
|
568
|
-
approved = @server.authenticate_resource_request(
|
569
|
-
method: "POST",
|
570
|
-
uri: "https://photos.example.net/photos",
|
571
|
-
body: chunked_body,
|
572
|
-
headers: make_oauth_signature_header
|
573
|
-
)
|
574
|
-
expect(approved).to eq nil
|
575
|
-
end
|
576
|
-
|
577
|
-
it "should raise an error if a request body is of a bogus type" do
|
578
|
-
expect(lambda do
|
579
|
-
@server.authenticate_resource_request(
|
580
|
-
method: "POST",
|
581
|
-
uri: "https://photos.example.net/photos",
|
582
|
-
body: 42,
|
583
|
-
headers: make_oauth_signature_header
|
584
|
-
)
|
585
|
-
end).to raise_error(TypeError)
|
586
|
-
end
|
587
|
-
it "should use form parameters in signature if request is a POSTed form" do
|
588
|
-
req = make_resource_request(
|
589
|
-
@client,
|
590
|
-
method: "POST",
|
591
|
-
headers: { "Content-Type"=>"application/x-www-form-urlencoded" },
|
592
|
-
body: "c2&a3=2+q"
|
593
|
-
)
|
594
|
-
expect(@server.authenticate_resource_request(request: req)).to eq @return_hash
|
595
|
-
end
|
596
|
-
it "should raise an error if signature is x-www-form-encoded " \
|
597
|
-
"but does not send form parameters in header" do
|
598
|
-
|
599
|
-
# Make a full request so that we can sign against the form parameters
|
600
|
-
# that will be removed.
|
601
|
-
req = make_resource_request(
|
602
|
-
@client,
|
603
|
-
method: "POST",
|
604
|
-
headers: { "Content-Type"=>"application/x-www-form-urlencoded" },
|
605
|
-
body: "c2&a3=2+q"
|
606
|
-
)
|
607
|
-
|
608
|
-
req.headers["Authorization"].gsub!(/c2=\"\", a3=\"2%20q\", /, "")
|
609
|
-
|
610
|
-
expect(lambda do
|
611
|
-
@server.authenticate_resource_request request: req
|
612
|
-
end).to raise_error(Signet::MalformedAuthorizationError,
|
613
|
-
"Request is of type application/x-www-form-urlencoded but " \
|
614
|
-
"Authentication header did not include form values")
|
615
|
-
end
|
616
|
-
|
617
|
-
it "should call a user-supplied Proc to validate a nonce/timestamp pair" do
|
618
|
-
nonce_callback = double "nonce"
|
619
|
-
expect(nonce_callback).to receive(:call).once.with(
|
620
|
-
an_instance_of(String), an_instance_of(String)
|
621
|
-
).and_return(true)
|
622
|
-
|
623
|
-
@server.nonce_timestamp = nonce_callback
|
624
|
-
@server.authenticate_resource_request(
|
625
|
-
request: make_resource_request(@client)
|
626
|
-
)
|
627
|
-
end
|
628
|
-
|
629
|
-
it "should call a user-supplied Proc to fetch the client credential" do
|
630
|
-
client_cred = Signet::OAuth1::Credential.new(@client_credential_key,
|
631
|
-
@client_credential_secret)
|
632
|
-
key_callback = double "client_cred"
|
633
|
-
expect(key_callback).to receive(:call).at_least(:once).with(
|
634
|
-
@client_credential_key
|
635
|
-
).and_return(client_cred)
|
636
|
-
|
637
|
-
@server.client_credential = key_callback
|
638
|
-
@server.authenticate_resource_request(
|
639
|
-
request: make_resource_request(@client)
|
640
|
-
)
|
641
|
-
end
|
642
|
-
|
643
|
-
it "should call a user-supplied Proc to fetch the token credential" do
|
644
|
-
token_cred = Signet::OAuth1::Credential.new(@token_credential_key,
|
645
|
-
@token_credential_secret)
|
646
|
-
key_callback = double "token_cred"
|
647
|
-
expect(key_callback).to receive(:call).at_least(:once).with(
|
648
|
-
@token_credential_key
|
649
|
-
).and_return(token_cred)
|
650
|
-
|
651
|
-
@server.token_credential = key_callback
|
652
|
-
@server.authenticate_resource_request(
|
653
|
-
request: make_resource_request(@client)
|
654
|
-
)
|
655
|
-
end
|
656
|
-
|
657
|
-
it "should return a Hash for a valid request" do
|
658
|
-
expect(@server.authenticate_resource_request(
|
659
|
-
request: make_resource_request(@client)
|
660
|
-
)).to eq @return_hash
|
661
|
-
end
|
662
|
-
it "should return nil for a unauthenticated request" do
|
663
|
-
bad_request = make_resource_request @client
|
664
|
-
bad_request.headers["Authorization"].gsub!(/oauth_signature=\".+\"/,
|
665
|
-
"oauth_signature=\"foobar\"")
|
666
|
-
expect(@server.authenticate_resource_request(request: bad_request)).to eq nil
|
667
|
-
end
|
668
|
-
it "should return nil from #request_realm if no realm is provided" do
|
669
|
-
req = make_resource_request @client
|
670
|
-
expect(@server.request_realm(
|
671
|
-
request: req
|
672
|
-
)).to eq nil
|
673
|
-
end
|
674
|
-
|
675
|
-
describe "with a Realm provided" do
|
676
|
-
before do
|
677
|
-
@realm = "Photos"
|
678
|
-
@return_hash[:realm] = @realm
|
679
|
-
end
|
680
|
-
it "should return the realm from #request_realm" do
|
681
|
-
req = make_resource_request(@client, {}, @realm)
|
682
|
-
expect(@server.request_realm(
|
683
|
-
request: req
|
684
|
-
)).to eq @realm
|
685
|
-
end
|
686
|
-
it "should return a hash containing the realm with a valid request" do
|
687
|
-
req = make_resource_request(@client, {}, @realm)
|
688
|
-
expect(@server.authenticate_resource_request(
|
689
|
-
request: req
|
690
|
-
)).to eq @return_hash
|
691
|
-
end
|
692
|
-
end
|
693
|
-
end
|
694
|
-
|
695
|
-
|
696
|
-
describe "expecting a two-legged request for a protected resource" do
|
697
|
-
before do
|
698
|
-
@client = Signet::OAuth1::Client.new(
|
699
|
-
client_credential_key: @client_credential_key,
|
700
|
-
client_credential_secret: @client_credential_secret,
|
701
|
-
two_legged: true
|
702
|
-
)
|
703
|
-
|
704
|
-
@return_hash = { client_credential: Signet::OAuth1::Credential.new(@client_credential_key, @client_credential_secret),
|
705
|
-
token_credential: nil,
|
706
|
-
realm: nil }
|
707
|
-
end
|
708
|
-
it "should not raise an error if a request body is chunked(as Array)" do
|
709
|
-
approved = @server.authenticate_resource_request(
|
710
|
-
method: "POST",
|
711
|
-
uri: "https://photos.example.net/photos",
|
712
|
-
body: ["A chunked body."],
|
713
|
-
headers: make_oauth_signature_header,
|
714
|
-
two_legged: true
|
715
|
-
)
|
716
|
-
expect(approved).to eq nil
|
717
|
-
end
|
718
|
-
|
719
|
-
it "should not raise an error if a request body is chunked(as StringIO)" do
|
720
|
-
chunked_body = StringIO.new
|
721
|
-
chunked_body.write "A chunked body."
|
722
|
-
chunked_body.rewind
|
723
|
-
approved = @server.authenticate_resource_request(
|
724
|
-
method: "POST",
|
725
|
-
uri: "https://photos.example.net/photos",
|
726
|
-
body: chunked_body,
|
727
|
-
headers: make_oauth_signature_header,
|
728
|
-
two_legged: true
|
729
|
-
)
|
730
|
-
expect(approved).to eq nil
|
731
|
-
end
|
732
|
-
|
733
|
-
it "should raise an error if a request body is of a bogus type" do
|
734
|
-
expect(lambda do
|
735
|
-
@server.authenticate_resource_request(
|
736
|
-
method: "POST",
|
737
|
-
uri: "https://photos.example.net/photos",
|
738
|
-
body: 42,
|
739
|
-
headers: make_oauth_signature_header,
|
740
|
-
two_legged: true
|
741
|
-
)
|
742
|
-
end).to raise_error(TypeError)
|
743
|
-
end
|
744
|
-
it "should use form parameters in signature if request is a POSTed form" do
|
745
|
-
req = make_resource_request(
|
746
|
-
@client,
|
747
|
-
method: "POST",
|
748
|
-
headers: { "Content-Type"=>"application/x-www-form-urlencoded" },
|
749
|
-
body: "c2&a3=2+q"
|
750
|
-
)
|
751
|
-
expect(@server.authenticate_resource_request(
|
752
|
-
request: req, two_legged: true
|
753
|
-
)).to eq @return_hash
|
754
|
-
end
|
755
|
-
it "should raise an error if signature is x-www-form-encoded " \
|
756
|
-
"but does not send form parameters in header" do
|
757
|
-
|
758
|
-
# Make a full request so that we can sign against the form parameters
|
759
|
-
# that will be removed.
|
760
|
-
req = make_resource_request(
|
761
|
-
@client,
|
762
|
-
method: "POST",
|
763
|
-
headers: { "Content-Type"=>"application/x-www-form-urlencoded" },
|
764
|
-
body: "c2&a3=2+q"
|
765
|
-
)
|
766
|
-
|
767
|
-
req.headers["Authorization"].gsub!(/c2=\"\", a3=\"2%20q\", /, "")
|
768
|
-
|
769
|
-
expect(lambda do
|
770
|
-
@server.authenticate_resource_request request: req, two_legged: true
|
771
|
-
end).to raise_error(Signet::MalformedAuthorizationError,
|
772
|
-
"Request is of type application/x-www-form-urlencoded but " \
|
773
|
-
"Authentication header did not include form values")
|
774
|
-
end
|
775
|
-
|
776
|
-
it "should call a user-supplied Proc to validate a nonce/timestamp pair" do
|
777
|
-
nonce_callback = double "nonce"
|
778
|
-
expect(nonce_callback).to receive(:call).once.with(
|
779
|
-
an_instance_of(String), an_instance_of(String)
|
780
|
-
).and_return(true)
|
781
|
-
|
782
|
-
@server.nonce_timestamp = nonce_callback
|
783
|
-
@server.authenticate_resource_request(
|
784
|
-
request: make_resource_request(@client), two_legged: true
|
785
|
-
)
|
786
|
-
end
|
787
|
-
|
788
|
-
it "should call a user-supplied Proc to fetch the client credential" do
|
789
|
-
client_cred = Signet::OAuth1::Credential.new(@client_credential_key,
|
790
|
-
@client_credential_secret)
|
791
|
-
key_callback = double "client_cred"
|
792
|
-
expect(key_callback).to receive(:call).at_least(:once).with(
|
793
|
-
@client_credential_key
|
794
|
-
).and_return(client_cred)
|
795
|
-
|
796
|
-
@server.client_credential = key_callback
|
797
|
-
@server.authenticate_resource_request(
|
798
|
-
request: make_resource_request(@client), two_legged: true
|
799
|
-
)
|
800
|
-
end
|
801
|
-
|
802
|
-
it "should return a informational hash for a valid request" do
|
803
|
-
expect(@server.authenticate_resource_request(
|
804
|
-
request: make_resource_request(@client), two_legged: true
|
805
|
-
)).to eq @return_hash
|
806
|
-
end
|
807
|
-
it "should return false for a unauthenticated request" do
|
808
|
-
bad_request = make_resource_request @client
|
809
|
-
bad_request.headers["Authorization"].gsub!(/oauth_signature=\".+\"/,
|
810
|
-
"oauth_signature=\"foobar\"")
|
811
|
-
expect(@server.authenticate_resource_request(request: bad_request)).to eq nil
|
812
|
-
end
|
813
|
-
it "should return nil from #request_realm if no realm is provided" do
|
814
|
-
req = make_resource_request @client
|
815
|
-
expect(@server.request_realm(
|
816
|
-
request: req
|
817
|
-
)).to eq nil
|
818
|
-
end
|
819
|
-
describe "with a Realm provided" do
|
820
|
-
before do
|
821
|
-
@realm = "Photos"
|
822
|
-
@return_hash[:realm] = @realm
|
823
|
-
end
|
824
|
-
it "should return the realm from #request_realm" do
|
825
|
-
req = make_resource_request(@client, {}, @realm)
|
826
|
-
expect(@server.request_realm(
|
827
|
-
request: req, two_legged: true
|
828
|
-
)).to eq @realm
|
829
|
-
end
|
830
|
-
|
831
|
-
it "should return a hash containing the realm with a valid request" do
|
832
|
-
req = make_resource_request(@client, {}, @realm)
|
833
|
-
expect(@server.authenticate_resource_request(
|
834
|
-
request: req, two_legged: true
|
835
|
-
)).to eq @return_hash
|
836
|
-
end
|
837
|
-
end
|
838
|
-
end
|
839
|
-
end
|