simple_oauth 0.1.0 → 0.1.1

data/.gitignore

@@ -19,3 +19,4 @@ rdoc
 pkg
 
 ## PROJECT::SPECIFIC
+.bundle

data/Gemfile

@@ -0,0 +1,2 @@
+source 'http://rubygems.org'
+gemspec

data/Gemfile.lock

@@ -0,0 +1,18 @@
+PATH
+  remote: .
+  specs:
+    simple_oauth (0.1.0)
+
+GEM
+  remote: http://rubygems.org/
+  specs:
+    mocha (0.9.8)
+      rake
+    rake (0.8.7)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  mocha
+  simple_oauth!

data/lib/simple_oauth.rb

@@ -7,7 +7,7 @@ module SimpleOAuth
   module Version
     MAJOR = 0
     MINOR = 1
-    PATCH = 0
+    PATCH = 1
     STRING = [MAJOR, MINOR, PATCH].join('.')
   end
 
@@ -69,7 +69,7 @@ module SimpleOAuth
 
     private
       def normalized_attributes
-        signed_attributes.sort_by(&:to_s).map{|k,v| %(#{k}="#{self.class.encode(v)}") }.join(', ')
+        signed_attributes.sort_by{|k,v| k.to_s }.map{|k,v| %(#{k}="#{self.class.encode(v)}") }.join(', ')
       end
 
       def signed_attributes
@@ -85,25 +85,19 @@ module SimpleOAuth
       end
 
       def hmac_sha1_signature
-        Base64.encode64(OpenSSL::HMAC.digest(OpenSSL::Digest::Digest.new('sha1'), secret, signature_base)).chomp
-      end
-
-      def rsa_sha1_signature
-        Base64.encode64(OpenSSL::HMAC.digest(OpenSSL::Digest::Digest.new('sha1'), options[:private_key].to_s, signature_base)).chomp
+        Base64.encode64(OpenSSL::HMAC.digest(OpenSSL::Digest::SHA1.new, secret, signature_base)).chomp.gsub(/\n/, '')
       end
 
       def secret
         options.values_at(:consumer_secret, :token_secret).map{|v| self.class.encode(v) }.join('&')
       end
 
-      alias_method :plaintext_signature, :secret
-
       def signature_base
         [method, url, normalized_params].map{|v| self.class.encode(v) }.join('&')
       end
 
       def normalized_params
-        signature_params.sort_by(&:to_s).map{|p| p.map{|v| self.class.encode(v) }.join('=') }.join('&')
+        signature_params.map{|p| p.map{|v| self.class.encode(v) } }.sort.map{|p| p.join('=') }.join('&')
       end
 
       def signature_params
@@ -113,5 +107,15 @@ module SimpleOAuth
       def url_params
         CGI.parse(@uri.query || '').inject([]){|p,(k,vs)| p + vs.map{|v| [k, v] } }
       end
+
+      def rsa_sha1_signature
+        Base64.encode64(private_key.sign(OpenSSL::Digest::SHA1.new, signature_base)).chomp.gsub(/\n/, '')
+      end
+
+      def private_key
+        OpenSSL::PKey::RSA.new(options[:consumer_secret])
+      end
+
+      alias_method :plaintext_signature, :secret
   end
 end

data/simple_oauth.gemspec

@@ -0,0 +1,56 @@
+# Generated by jeweler
+# DO NOT EDIT THIS FILE DIRECTLY
+# Instead, edit Jeweler::Tasks in Rakefile, and run the gemspec command
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |s|
+  s.name = %q{simple_oauth}
+  s.version = "0.1.1"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Steve Richert"]
+  s.date = %q{2010-10-13}
+  s.description = %q{Simply builds and verifies OAuth headers}
+  s.email = %q{steve.richert@gmail.com}
+  s.extra_rdoc_files = [
+    "LICENSE",
+     "README.rdoc"
+  ]
+  s.files = [
+    ".gitignore",
+     "Gemfile",
+     "Gemfile.lock",
+     "LICENSE",
+     "README.rdoc",
+     "Rakefile",
+     "init.rb",
+     "lib/simple_oauth.rb",
+     "simple_oauth.gemspec",
+     "test/helper.rb",
+     "test/rsa_private_key",
+     "test/simple_oauth_test.rb"
+  ]
+  s.homepage = %q{http://github.com/laserlemon/simple_oauth}
+  s.rdoc_options = ["--charset=UTF-8"]
+  s.require_paths = ["lib"]
+  s.rubygems_version = %q{1.3.7}
+  s.summary = %q{Simply builds and verifies OAuth headers}
+  s.test_files = [
+    "test/helper.rb",
+     "test/simple_oauth_test.rb"
+  ]
+
+  if s.respond_to? :specification_version then
+    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
+    s.specification_version = 3
+
+    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
+      s.add_development_dependency(%q<mocha>, [">= 0"])
+    else
+      s.add_dependency(%q<mocha>, [">= 0"])
+    end
+  else
+    s.add_dependency(%q<mocha>, [">= 0"])
+  end
+end
+

data/test/rsa_private_key

@@ -0,0 +1,16 @@
+-----BEGIN PRIVATE KEY-----
+MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBALRiMLAh9iimur8V
+A7qVvdqxevEuUkW4K+2KdMXmnQbG9Aa7k7eBjK1S+0LYmVjPKlJGNXHDGuy5Fw/d
+7rjVJ0BLB+ubPK8iA/Tw3hLQgXMRRGRXXCn8ikfuQfjUS1uZSatdLB81mydBETlJ
+hI6GH4twrbDJCR2Bwy/XWXgqgGRzAgMBAAECgYBYWVtleUzavkbrPjy0T5FMou8H
+X9u2AC2ry8vD/l7cqedtwMPp9k7TubgNFo+NGvKsl2ynyprOZR1xjQ7WgrgVB+mm
+uScOM/5HVceFuGRDhYTCObE+y1kxRloNYXnx3ei1zbeYLPCHdhxRYW7T0qcynNmw
+rn05/KO2RLjgQNalsQJBANeA3Q4Nugqy4QBUCEC09SqylT2K9FrrItqL2QKc9v0Z
+zO2uwllCbg0dwpVuYPYXYvikNHHg+aCWF+VXsb9rpPsCQQDWR9TT4ORdzoj+Nccn
+qkMsDmzt0EfNaAOwHOmVJ2RVBspPcxt5iN4HI7HNeG6U5YsFBb+/GZbgfBT3kpNG
+WPTpAkBI+gFhjfJvRw38n3g/+UeAkwMI2TJQS4n8+hid0uus3/zOjDySH3XHCUno
+cn1xOJAyZODBo47E+67R4jV1/gzbAkEAklJaspRPXP877NssM5nAZMU0/O/NGCZ+
+3jPgDUno6WbJn5cqm8MqWhW1xGkImgRk+fkDBquiq4gPiT898jusgQJAd5Zrr6Q8
+AO/0isr/3aa6O6NLQxISLKcPDk2NOccAfS/xOtfOz4sJYM3+Bs4Io9+dZGSDCA54
+Lw03eHTNQghS0A==
+-----END PRIVATE KEY-----

data/test/simple_oauth_test.rb

@@ -1,21 +1,6 @@
 require 'helper'
 
 class SimpleOAuthTest < Test::Unit::TestCase
-  def test_initialize
-    header = SimpleOAuth::Header.new(:get, 'HTTPS://api.TWITTER.com:443/1/statuses/friendships.json#anchor', {})
-
-    # HTTP method should be an uppercase string.
-    #
-    # See: http://oauth.net/core/1.0/#rfc.section.9.1.3
-    assert_equal 'GET', header.method
-
-    # Request URL should downcase the scheme and authority parts as well as
-    # remove the query and fragment parts.
-    #
-    # See: http://oauth.net/core/1.0/#rfc.section.9.1.2
-    assert_equal 'https://api.twitter.com/1/statuses/friendships.json', header.url
-  end
-
   def test_default_options
     # Default header options should change with each call due to generation of
     # a unique "timestamp" and "nonce" value combination.
@@ -33,24 +18,6 @@ class SimpleOAuthTest < Test::Unit::TestCase
     assert_equal '1.0', default_options[:version]
   end
 
-  def test_attributes
-    attribute_options = SimpleOAuth::Header::ATTRIBUTE_KEYS.inject({}){|o,a| o.merge(a => a.to_s.upcase) }
-    options = attribute_options.merge(:other => 'OTHER')
-    header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friendships.json', {}, options)
-    attributes = header.send(:attributes)
-
-    # OAuth header attributes are all to begin with the "oauth_" prefix.
-    assert attributes.all?{|k,v| k.to_s =~ /^oauth_/ }
-
-    # Custom options not included in the list of valid attribute keys should
-    # not be included in the header attributes.
-    assert !attributes.key?(:oauth_other)
-
-    # Valid attribute option values should be preserved.
-    assert_equal attribute_options.size, attributes.size
-    assert attributes.all?{|k,v| k.to_s == "oauth_#{v.downcase}" }
-  end
-
   def test_encode
     # Non-word characters should be URL encoded...
     [' ', '!', '@', '#', '$', '%', '^', '&'].each do |character|
@@ -65,85 +32,122 @@ class SimpleOAuthTest < Test::Unit::TestCase
     end
   end
 
-  def test_url_params
-    # A URL with no query parameters should produce empty +url_params+
-    header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friendships.json', {})
-    assert_equal [], header.send(:url_params)
+  def test_decode
+    # Pending
+  end
 
-    # A URL with query parameters should return a hash having array values
-    # containing the given query parameters.
-    header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friendships.json?test=TEST', {})
-    url_params = header.send(:url_params)
-    assert_kind_of Array, url_params
-    assert_equal [['test', 'TEST']], url_params
+  def test_parse
+    header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friends.json', {})
+    parsed_options = SimpleOAuth::Header.parse(header)
 
-    # If a query parameter is repeated, the values should be sorted.
-    header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friendships.json?test=1&test=2', {})
-    assert_equal [['test', '1'], ['test', '2']], header.send(:url_params)
+    # Parsed options should be a Hash.
+    assert_kind_of Hash, parsed_options
+
+    # Parsed options should equal the options used to build the header, along
+    # with the additional signature.
+    assert_equal header.options, parsed_options.reject{|k,v| k == :signature }
   end
 
-  def test_signature_params
-    header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friendships.json', {})
-    header.stubs(:attributes).returns(:attribute => 'ATTRIBUTE')
-    header.stubs(:params).returns('param' => 'PARAM')
-    header.stubs(:url_params).returns([['url_param', '1'], ['url_param', '2']])
+  def test_initialize
+    header = SimpleOAuth::Header.new(:get, 'HTTPS://api.TWITTER.com:443/1/statuses/friendships.json#anchor', {})
 
-    # Should combine OAuth header attributes, body parameters and URL
-    # parameters into an array of key value pairs.
-    signature_params = header.send(:signature_params)
-    assert_kind_of Array, signature_params
-    assert_equal [:attribute, 'param', 'url_param', 'url_param'], signature_params.map(&:first)
-    assert_equal ['ATTRIBUTE', 'PARAM', '1', '2'], signature_params.map(&:last)
+    # HTTP method should be an uppercase string.
+    #
+    # See: http://oauth.net/core/1.0/#rfc.section.9.1.3
+    assert_equal 'GET', header.method
+
+    # Request URL should downcase the scheme and authority parts as well as
+    # remove the query and fragment parts.
+    #
+    # See: http://oauth.net/core/1.0/#rfc.section.9.1.2
+    assert_equal 'https://api.twitter.com/1/statuses/friendships.json', header.url
   end
 
-  def test_normalized_params
-    header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friendships.json', {})
-    header.stubs(:signature_params).returns([['A', '4'], ['B', '3'], ['B', '2'], ['C', '1'], ['D[]', '0 ']])
+  def test_url
+    # Pending
+  end
 
-    # The +normalized_params+ string should join key=value pairs with
-    # ampersands.
-    signature_params = header.send(:signature_params)
-    normalized_params = header.send(:normalized_params)
-    parts = normalized_params.split('&')
-    pairs = parts.map{|p| p.split('=') }
-    assert_kind_of String, normalized_params
-    assert_equal signature_params.size, parts.size
-    assert pairs.all?{|p| p.size == 2 }
+  def test_to_s
+    header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friends.json', {})
+    assert_equal "OAuth #{header.send(:normalized_attributes)}", header.to_s
+  end
 
-    # The signature parameters should be sorted and the keys/values URL encoded
-    # first.
-    assert_equal signature_params.sort_by(&:to_s), pairs.map{|k,v| [URI.decode(k), URI.decode(v)] }
+  def test_valid?
+    # When given consumer and token secrets, those secrets must be passed into
+    # the parsed header validation in order for the validity check to pass.
+    secrets = {:consumer_secret => 'CONSUMER_SECRET', :token_secret => 'TOKEN_SECRET'}
+    header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friends.json', {}, secrets)
+    parsed_header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friends.json', {}, header)
+    assert !parsed_header.valid?
+    assert parsed_header.valid?(secrets)
+
+    # Using the RSA-SHA1 signature method, the consumer secret must be a valid
+    # RSA private key. When parsing the header on the server side, the same
+    # consumer secret must be included in order for the header to validate.
+    secrets = {:consumer_secret => File.read('test/rsa_private_key')}
+    header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friends.json', {}, secrets.merge(:signature_method => 'RSA-SHA1'))
+    parsed_header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friends.json', {}, header)
+    assert_raise(TypeError){ parsed_header.valid? }
+    assert parsed_header.valid?(secrets)
+
+    # Like the default HMAC-RSA1 signature method, the PLAINTEXT method
+    # requires use of both a consumer secret and a token secret. A parsed
+    # header will not validate without these secret values.
+    secrets = {:consumer_secret => 'CONSUMER_SECRET', :token_secret => 'TOKEN_SECRET'}
+    header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friends.json', {}, secrets.merge(:signature_method => 'PLAINTEXT'))
+    parsed_header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friends.json', {}, header)
+    assert !parsed_header.valid?
+    assert parsed_header.valid?(secrets)
   end
 
-  def test_signature_base
-    header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friendships.json', {})
-    header.stubs(:method).returns('METHOD')
-    header.stubs(:url).returns('URL')
-    header.stubs(:normalized_params).returns('NORMALIZED_PARAMS')
+  def test_normalized_attributes
+    header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friends.json', {})
+    header.stubs(:signed_attributes).returns(:d => 1, :c => 2, :b => 3, :a => 4)
 
-    # Should combine HTTP method, URL and normalized parameters string using
-    # ampersands.
-    assert_equal 'METHOD&URL&NORMALIZED_PARAMS', header.send(:signature_base)
+    # Should return the OAuth header attributes, sorted by name, with quoted
+    # values and comma-separated.
+    assert_equal 'a="4", b="3", c="2", d="1"', header.send(:normalized_attributes)
 
-    header.stubs(:method).returns('ME#HOD')
-    header.stubs(:url).returns('U#L')
-    header.stubs(:normalized_params).returns('NORMAL#ZED_PARAMS')
+    # Values should also be URL encoded.
+    header.stubs(:signed_attributes).returns(1 => '!', 2 => '@', 3 => '#', 4 => '$')
+    assert_equal '1="%21", 2="%40", 3="%23", 4="%24"', header.send(:normalized_attributes)
+  end
 
-    # Each of the three combined values should be URL encoded.
-    assert_equal 'ME%23HOD&U%23L&NORMAL%23ZED_PARAMS', header.send(:signature_base)
+  def test_signed_attributes
+    header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friends.json', {})
+    assert header.send(:signed_attributes).keys.include?(:oauth_signature)
   end
 
-  def test_secret
-    header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friendships.json', {})
-    header.stubs(:options).returns(:consumer_secret => 'CONSUMER_SECRET', :token_secret => 'TOKEN_SECRET')
+  def test_attributes
+    attribute_options = SimpleOAuth::Header::ATTRIBUTE_KEYS.inject({}){|o,a| o.merge(a => a.to_s.upcase) }
+    options = attribute_options.merge(:other => 'OTHER')
+    header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friendships.json', {}, options)
+    attributes = header.send(:attributes)
 
-    # Should combine the consumer and token secrets with an ampersand.
-    assert_equal 'CONSUMER_SECRET&TOKEN_SECRET', header.send(:secret)
+    # OAuth header attributes are all to begin with the "oauth_" prefix.
+    assert attributes.all?{|k,v| k.to_s =~ /^oauth_/ }
 
-    header.stubs(:options).returns(:consumer_secret => 'CONSUM#R_SECRET', :token_secret => 'TOKEN_S#CRET')
+    # Custom options not included in the list of valid attribute keys should
+    # not be included in the header attributes.
+    assert !attributes.key?(:oauth_other)
 
-    # Should URL encode each secret value before combination.
-    assert_equal 'CONSUM%23R_SECRET&TOKEN_S%23CRET', header.send(:secret)
+    # Valid attribute option values should be preserved.
+    assert_equal attribute_options.size, attributes.size
+    assert attributes.all?{|k,v| k.to_s == "oauth_#{v.downcase}" }
+  end
+
+  def test_signature
+    header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friends.json', {}, :signature_method => 'HMAC-SHA1')
+    header.expects(:hmac_sha1_signature).once.returns('HMAC_SHA1_SIGNATURE')
+    assert_equal 'HMAC_SHA1_SIGNATURE', header.send(:signature)
+
+    header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friends.json', {}, :signature_method => 'RSA-SHA1')
+    header.expects(:rsa_sha1_signature).once.returns('RSA_SHA1_SIGNATURE')
+    assert_equal 'RSA_SHA1_SIGNATURE', header.send(:signature)
+
+    header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friends.json', {}, :signature_method => 'PLAINTEXT')
+    header.expects(:plaintext_signature).once.returns('PLAINTEXT_SIGNATURE')
+    assert_equal 'PLAINTEXT_SIGNATURE', header.send(:signature)
   end
 
   def test_hmac_sha1_signature
@@ -172,89 +176,120 @@ class SimpleOAuthTest < Test::Unit::TestCase
     assert_equal successful, header.to_s
   end
 
-  def test_signature
-    header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friends.json', {}, :signature_method => 'HMAC-SHA1')
-    header.expects(:hmac_sha1_signature).once.returns('HMAC_SHA1_SIGNATURE')
-    assert_equal 'HMAC_SHA1_SIGNATURE', header.send(:signature)
+  def test_secret
+    header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friendships.json', {})
+    header.stubs(:options).returns(:consumer_secret => 'CONSUMER_SECRET', :token_secret => 'TOKEN_SECRET')
 
-    header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friends.json', {}, :signature_method => 'RSA-SHA1', :private_key => 'PRIVATE_KEY')
-    header.expects(:rsa_sha1_signature).once.returns('RSA_SHA1_SIGNATURE')
-    assert_equal 'RSA_SHA1_SIGNATURE', header.send(:signature)
+    # Should combine the consumer and token secrets with an ampersand.
+    assert_equal 'CONSUMER_SECRET&TOKEN_SECRET', header.send(:secret)
 
-    header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friends.json', {}, :signature_method => 'PLAINTEXT')
-    header.expects(:plaintext_signature).once.returns('PLAINTEXT_SIGNATURE')
-    assert_equal 'PLAINTEXT_SIGNATURE', header.send(:signature)
+    header.stubs(:options).returns(:consumer_secret => 'CONSUM#R_SECRET', :token_secret => 'TOKEN_S#CRET')
+
+    # Should URL encode each secret value before combination.
+    assert_equal 'CONSUM%23R_SECRET&TOKEN_S%23CRET', header.send(:secret)
   end
 
-  def test_signed_attributes
-    header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friends.json', {})
-    assert header.send(:signed_attributes).keys.include?(:oauth_signature)
+  def test_signature_base
+    header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friendships.json', {})
+    header.stubs(:method).returns('METHOD')
+    header.stubs(:url).returns('URL')
+    header.stubs(:normalized_params).returns('NORMALIZED_PARAMS')
+
+    # Should combine HTTP method, URL and normalized parameters string using
+    # ampersands.
+    assert_equal 'METHOD&URL&NORMALIZED_PARAMS', header.send(:signature_base)
+
+    header.stubs(:method).returns('ME#HOD')
+    header.stubs(:url).returns('U#L')
+    header.stubs(:normalized_params).returns('NORMAL#ZED_PARAMS')
+
+    # Each of the three combined values should be URL encoded.
+    assert_equal 'ME%23HOD&U%23L&NORMAL%23ZED_PARAMS', header.send(:signature_base)
   end
 
-  def test_normalized_attributes
-    header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friends.json', {})
-    header.stubs(:signed_attributes).returns(:d => 1, :c => 2, :b => 3, :a => 4)
+  def test_normalized_params
+    header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friendships.json', {})
+    header.stubs(:signature_params).returns([['A', '4'], ['B', '3'], ['B', '2'], ['C', '1'], ['D[]', '0 ']])
 
-    # Should return the OAuth header attributes, sorted by name, with quoted
-    # values and comma-separated.
-    assert_equal 'a="4", b="3", c="2", d="1"', header.send(:normalized_attributes)
+    # The +normalized_params+ string should join key=value pairs with
+    # ampersands.
+    signature_params = header.send(:signature_params)
+    normalized_params = header.send(:normalized_params)
+    parts = normalized_params.split('&')
+    pairs = parts.map{|p| p.split('=') }
+    assert_kind_of String, normalized_params
+    assert_equal signature_params.size, parts.size
+    assert pairs.all?{|p| p.size == 2 }
 
-    # Values should also be URL encoded.
-    header.stubs(:signed_attributes).returns(1 => '!', 2 => '@', 3 => '#', 4 => '$')
-    assert_equal '1="%21", 2="%40", 3="%23", 4="%24"', header.send(:normalized_attributes)
+    # The signature parameters should be sorted and the keys/values URL encoded
+    # first.
+    assert_equal signature_params.sort_by(&:to_s), pairs.map{|k,v| [URI.decode(k), URI.decode(v)] }
   end
 
-  def test_to_s
-    header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friends.json', {})
-    assert_equal "OAuth #{header.send(:normalized_attributes)}", header.to_s
+  def test_signature_params
+    header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friendships.json', {})
+    header.stubs(:attributes).returns(:attribute => 'ATTRIBUTE')
+    header.stubs(:params).returns('param' => 'PARAM')
+    header.stubs(:url_params).returns([['url_param', '1'], ['url_param', '2']])
+
+    # Should combine OAuth header attributes, body parameters and URL
+    # parameters into an array of key value pairs.
+    signature_params = header.send(:signature_params)
+    assert_kind_of Array, signature_params
+    assert_equal [:attribute, 'param', 'url_param', 'url_param'], signature_params.map(&:first)
+    assert_equal ['ATTRIBUTE', 'PARAM', '1', '2'], signature_params.map(&:last)
   end
 
-  def test_parse
-    header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friends.json', {})
-    parsed_options = SimpleOAuth::Header.parse(header)
+  def test_url_params
+    # A URL with no query parameters should produce empty +url_params+
+    header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friendships.json', {})
+    assert_equal [], header.send(:url_params)
 
-    # Parsed options should be a Hash.
-    assert_kind_of Hash, parsed_options
+    # A URL with query parameters should return a hash having array values
+    # containing the given query parameters.
+    header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friendships.json?test=TEST', {})
+    url_params = header.send(:url_params)
+    assert_kind_of Array, url_params
+    assert_equal [['test', 'TEST']], url_params
 
-    # Parsed options should equal the options used to build the header, along
-    # with the additional signature.
-    assert_equal header.options, parsed_options.reject{|k,v| k == :signature }
+    # If a query parameter is repeated, the values should be sorted.
+    header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friendships.json?test=1&test=2', {})
+    assert_equal [['test', '1'], ['test', '2']], header.send(:url_params)
   end
 
-  def test_valid
-    # With no consumer or token secrets, built headers should be valid when
-    # parsed without secrets, regardless of signature method.
-    ['HMAC-SHA1', 'RSA-SHA1', 'PLAINTEXT'].each do |signature_method|
-      header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friends.json', {}, :signature_method => signature_method)
-      parsed_header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friends.json', {}, header)
-      assert_equal signature_method, parsed_header.options[:signature_method]
-      assert parsed_header.valid?
-    end
-
-    # When given consumer and token secrets, those secrets must be passed into
-    # the parsed header validation in order for the validity check to pass.
-    secrets = {:consumer_secret => 'CONSUMER_SECRET', :token_secret => 'TOKEN_SECRET'}
-    header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friends.json', {}, secrets)
-    parsed_header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friends.json', {}, header)
-    assert !parsed_header.valid?
-    assert parsed_header.valid?(secrets)
+  def test_rsa_sha1_signature
+    # Sample request taken from:
+    # http://wiki.oauth.net/TestCases
+    options = {
+      :consumer_key => 'dpf43f3p2l4k3l03',
+      :consumer_secret => File.read('test/rsa_private_key'),
+      :nonce => '13917289812797014437',
+      :signature_method => 'RSA-SHA1',
+      :timestamp => '1196666512'
+    }
+    successful = 'OAuth oauth_consumer_key="dpf43f3p2l4k3l03", oauth_nonce="13917289812797014437", oauth_signature="jvTp%2FwX1TYtByB1m%2BPbyo0lnCOLIsyGCH7wke8AUs3BpnwZJtAuEJkvQL2%2F9n4s5wUmUl4aCI4BwpraNx4RtEXMe5qg5T1LVTGliMRpKasKsW%2F%2Fe%2BRinhejgCuzoH26dyF8iY2ZZ%2F5D1ilgeijhV%2FvBka5twt399mXwaYdCwFYE%3D", oauth_signature_method="RSA-SHA1", oauth_timestamp="1196666512", oauth_version="1.0"'
+    header = SimpleOAuth::Header.new(:get, 'http://photos.example.net/photos', {:file => 'vacaction.jpg', :size => 'original'}, options)
+    assert_equal successful, header.to_s
+  end
 
-    # Using the RSA-SHA1 signature method, a private key should be included
-    # with the options. When parsing the header on the server side, the
-    # the private key must be included in order for the header to validate.
-    secrets = {:private_key => 'PRIVATE_KEY'}
-    header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friends.json', {}, secrets.merge(:signature_method => 'RSA-SHA1'))
-    parsed_header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friends.json', {}, header)
-    assert !parsed_header.valid?
-    assert parsed_header.valid?(secrets)
+  def test_private_key
+    # Pending
+  end
 
-    # Like the default HMAC-RSA1 signature method, the PLAINTEXT method
-    # requires use of both a consumer secret and a token secret. A parsed
-    # header will not validate without these secret values.
-    secrets = {:consumer_secret => 'CONSUMER_SECRET', :token_secret => 'TOKEN_SECRET'}
-    header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friends.json', {}, secrets.merge(:signature_method => 'PLAINTEXT'))
-    parsed_header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friends.json', {}, header)
-    assert !parsed_header.valid?
-    assert parsed_header.valid?(secrets)
+  def plaintext_signature
+    # Sample request taken from:
+    # http://oauth.googlecode.com/svn/code/javascript/example/signature.html
+    options = {
+      :consumer_key => 'abcd',
+      :consumer_secret => 'efgh',
+      :nonce => 'oLKtec51GQy',
+      :signature_method => 'PLAINTEXT',
+      :timestamp => '1286977095',
+      :token => 'ijkl',
+      :token_secret => 'mnop'
+    }
+    successful = 'OAuth oauth_consumer_key="abcd", oauth_nonce="oLKtec51GQy", oauth_signature="efgh%26mnop", oauth_signature_method="PLAINTEXT", oauth_timestamp="1286977095", oauth_token="ijkl", oauth_version="1.0"'
+    header = SimpleOAuth::Header.new(:get, 'http://host.net/resource?name=value', {:name => 'value'}, options)
+    assert_equal successful, header.to_s
   end
 end

metadata

@@ -1,12 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: simple_oauth
 version: !ruby/object:Gem::Version 
+  hash: 25
   prerelease: false
   segments: 
   - 0
   - 1
-  - 0
-  version: 0.1.0
+  - 1
+  version: 0.1.1
 platform: ruby
 authors: 
 - Steve Richert
@@ -14,7 +15,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2010-10-11 00:00:00 -04:00
+date: 2010-10-13 00:00:00 -04:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -25,6 +26,7 @@ dependencies:
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
+        hash: 3
         segments: 
         - 0
         version: "0"
@@ -41,12 +43,16 @@ extra_rdoc_files:
 - README.rdoc
 files: 
 - .gitignore
+- Gemfile
+- Gemfile.lock
 - LICENSE
 - README.rdoc
 - Rakefile
 - init.rb
 - lib/simple_oauth.rb
+- simple_oauth.gemspec
 - test/helper.rb
+- test/rsa_private_key
 - test/simple_oauth_test.rb
 has_rdoc: true
 homepage: http://github.com/laserlemon/simple_oauth
@@ -62,6 +68,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements: 
   - - ">="
     - !ruby/object:Gem::Version 
+      hash: 3
       segments: 
       - 0
       version: "0"
@@ -70,6 +77,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
   requirements: 
   - - ">="
     - !ruby/object:Gem::Version 
+      hash: 3
       segments: 
       - 0
       version: "0"