From 126b807e2ddf03d0ea830ed478c0081a60167085 Mon Sep 17 00:00:00 2001 From: laserlemon Date: Wed, 13 Oct 2010 09:33:43 -0400 Subject: [PATCH] Rearranged method definitions. --- lib/simple_oauth.rb | 20 +-- test/simple_oauth_test.rb | 370 ++++++++++++++++++++------------------ 2 files changed, 205 insertions(+), 185 deletions(-) diff --git a/lib/simple_oauth.rb b/lib/simple_oauth.rb index 31f687b..52c2a67 100644 --- a/lib/simple_oauth.rb +++ b/lib/simple_oauth.rb @@ -88,20 +88,10 @@ module SimpleOAuth Base64.encode64(OpenSSL::HMAC.digest(OpenSSL::Digest::SHA1.new, secret, signature_base)).chomp.gsub(/\n/, '') end - def rsa_sha1_signature - Base64.encode64(private_key.sign(OpenSSL::Digest::SHA1.new, signature_base)).chomp.gsub(/\n/, '') - end - - def private_key - OpenSSL::PKey::RSA.new(options[:consumer_secret]) - end - def secret options.values_at(:consumer_secret, :token_secret).map{|v| self.class.encode(v) }.join('&') end - alias_method :plaintext_signature, :secret - def signature_base [method, url, normalized_params].map{|v| self.class.encode(v) }.join('&') end @@ -117,5 +107,15 @@ module SimpleOAuth def url_params CGI.parse(@uri.query || '').inject([]){|p,(k,vs)| p + vs.map{|v| [k, v] } } end + + def rsa_sha1_signature + Base64.encode64(private_key.sign(OpenSSL::Digest::SHA1.new, signature_base)).chomp.gsub(/\n/, '') + end + + def private_key + OpenSSL::PKey::RSA.new(options[:consumer_secret]) + end + + alias_method :plaintext_signature, :secret end end diff --git a/test/simple_oauth_test.rb b/test/simple_oauth_test.rb index 2e6f3b7..a0bd9be 100644 --- a/test/simple_oauth_test.rb +++ b/test/simple_oauth_test.rb @@ -1,21 +1,6 @@ require 'helper' class SimpleOAuthTest < Test::Unit::TestCase - def test_initialize - header = SimpleOAuth::Header.new(:get, 'HTTPS://api.TWITTER.com:443/1/statuses/friendships.json#anchor', {}) - - # HTTP method should be an uppercase string. - # - # See: http://oauth.net/core/1.0/#rfc.section.9.1.3 - assert_equal 'GET', header.method - - # Request URL should downcase the scheme and authority parts as well as - # remove the query and fragment parts. - # - # See: http://oauth.net/core/1.0/#rfc.section.9.1.2 - assert_equal 'https://api.twitter.com/1/statuses/friendships.json', header.url - end - def test_default_options # Default header options should change with each call due to generation of # a unique "timestamp" and "nonce" value combination. @@ -33,24 +18,6 @@ class SimpleOAuthTest < Test::Unit::TestCase assert_equal '1.0', default_options[:version] end - def test_attributes - attribute_options = SimpleOAuth::Header::ATTRIBUTE_KEYS.inject({}){|o,a| o.merge(a => a.to_s.upcase) } - options = attribute_options.merge(:other => 'OTHER') - header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friendships.json', {}, options) - attributes = header.send(:attributes) - - # OAuth header attributes are all to begin with the "oauth_" prefix. - assert attributes.all?{|k,v| k.to_s =~ /^oauth_/ } - - # Custom options not included in the list of valid attribute keys should - # not be included in the header attributes. - assert !attributes.key?(:oauth_other) - - # Valid attribute option values should be preserved. - assert_equal attribute_options.size, attributes.size - assert attributes.all?{|k,v| k.to_s == "oauth_#{v.downcase}" } - end - def test_encode # Non-word characters should be URL encoded... [' ', '!', '@', '#', '$', '%', '^', '&'].each do |character| @@ -65,148 +32,8 @@ class SimpleOAuthTest < Test::Unit::TestCase end end - def test_url_params - # A URL with no query parameters should produce empty +url_params+ - header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friendships.json', {}) - assert_equal [], header.send(:url_params) - - # A URL with query parameters should return a hash having array values - # containing the given query parameters. - header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friendships.json?test=TEST', {}) - url_params = header.send(:url_params) - assert_kind_of Array, url_params - assert_equal [['test', 'TEST']], url_params - - # If a query parameter is repeated, the values should be sorted. - header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friendships.json?test=1&test=2', {}) - assert_equal [['test', '1'], ['test', '2']], header.send(:url_params) - end - - def test_signature_params - header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friendships.json', {}) - header.stubs(:attributes).returns(:attribute => 'ATTRIBUTE') - header.stubs(:params).returns('param' => 'PARAM') - header.stubs(:url_params).returns([['url_param', '1'], ['url_param', '2']]) - - # Should combine OAuth header attributes, body parameters and URL - # parameters into an array of key value pairs. - signature_params = header.send(:signature_params) - assert_kind_of Array, signature_params - assert_equal [:attribute, 'param', 'url_param', 'url_param'], signature_params.map(&:first) - assert_equal ['ATTRIBUTE', 'PARAM', '1', '2'], signature_params.map(&:last) - end - - def test_normalized_params - header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friendships.json', {}) - header.stubs(:signature_params).returns([['A', '4'], ['B', '3'], ['B', '2'], ['C', '1'], ['D[]', '0 ']]) - - # The +normalized_params+ string should join key=value pairs with - # ampersands. - signature_params = header.send(:signature_params) - normalized_params = header.send(:normalized_params) - parts = normalized_params.split('&') - pairs = parts.map{|p| p.split('=') } - assert_kind_of String, normalized_params - assert_equal signature_params.size, parts.size - assert pairs.all?{|p| p.size == 2 } - - # The signature parameters should be sorted and the keys/values URL encoded - # first. - assert_equal signature_params.sort_by(&:to_s), pairs.map{|k,v| [URI.decode(k), URI.decode(v)] } - end - - def test_signature_base - header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friendships.json', {}) - header.stubs(:method).returns('METHOD') - header.stubs(:url).returns('URL') - header.stubs(:normalized_params).returns('NORMALIZED_PARAMS') - - # Should combine HTTP method, URL and normalized parameters string using - # ampersands. - assert_equal 'METHOD&URL&NORMALIZED_PARAMS', header.send(:signature_base) - - header.stubs(:method).returns('ME#HOD') - header.stubs(:url).returns('U#L') - header.stubs(:normalized_params).returns('NORMAL#ZED_PARAMS') - - # Each of the three combined values should be URL encoded. - assert_equal 'ME%23HOD&U%23L&NORMAL%23ZED_PARAMS', header.send(:signature_base) - end - - def test_secret - header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friendships.json', {}) - header.stubs(:options).returns(:consumer_secret => 'CONSUMER_SECRET', :token_secret => 'TOKEN_SECRET') - - # Should combine the consumer and token secrets with an ampersand. - assert_equal 'CONSUMER_SECRET&TOKEN_SECRET', header.send(:secret) - - header.stubs(:options).returns(:consumer_secret => 'CONSUM#R_SECRET', :token_secret => 'TOKEN_S#CRET') - - # Should URL encode each secret value before combination. - assert_equal 'CONSUM%23R_SECRET&TOKEN_S%23CRET', header.send(:secret) - end - - def test_hmac_sha1_signature - # Reproduce an actual successful call to the Twitter API using the - # HMAC-SHA1 signature method, GETting a list of friends. - options = { - :consumer_key => '8karQBlMg6gFOwcf8kcoYw', - :consumer_secret => '3d0vcHyUiiqADpWxolW8nlDIpSWMlyK7YNgc5Qna2M', - :nonce => '547fed103e122eecf84c080843eedfe6', - #:signature_method => 'HMAC-SHA1', - :timestamp => '1286830180', - :token => '201425800-Sv4sTcgoffmHGkTCue0JnURT8vrm4DiFAkeFNDkh', - :token_secret => 'T5qa1tF57tfDzKmpM89DHsNuhgOY4NT6DlNLsTFcuQ' - } - successful = 'OAuth oauth_consumer_key="8karQBlMg6gFOwcf8kcoYw", oauth_nonce="547fed103e122eecf84c080843eedfe6", oauth_signature="i9CT6ahDRAlfGX3hKYf78QzXsaw%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1286830180", oauth_token="201425800-Sv4sTcgoffmHGkTCue0JnURT8vrm4DiFAkeFNDkh", oauth_version="1.0"' - header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friends.json', {}, options) - assert_equal successful, header.to_s - - # Reproduce a successful Twitter call, POSTing a new status. - options.merge!( - :nonce => 'b40a3e0f18590ecdcc0e273f7d7c82f8', - :timestamp => '1286830181' - ) - successful = 'OAuth oauth_consumer_key="8karQBlMg6gFOwcf8kcoYw", oauth_nonce="b40a3e0f18590ecdcc0e273f7d7c82f8", oauth_signature="mPqSFKejrWWk3ZT9bTQjhO5b2xI%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1286830181", oauth_token="201425800-Sv4sTcgoffmHGkTCue0JnURT8vrm4DiFAkeFNDkh", oauth_version="1.0"' - header = SimpleOAuth::Header.new(:post, 'https://api.twitter.com/1/statuses/update.json', {:status => 'hi, again'}, options) - assert_equal successful, header.to_s - end - - def test_signature - header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friends.json', {}, :signature_method => 'HMAC-SHA1') - header.expects(:hmac_sha1_signature).once.returns('HMAC_SHA1_SIGNATURE') - assert_equal 'HMAC_SHA1_SIGNATURE', header.send(:signature) - - header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friends.json', {}, :signature_method => 'RSA-SHA1') - header.expects(:rsa_sha1_signature).once.returns('RSA_SHA1_SIGNATURE') - assert_equal 'RSA_SHA1_SIGNATURE', header.send(:signature) - - header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friends.json', {}, :signature_method => 'PLAINTEXT') - header.expects(:plaintext_signature).once.returns('PLAINTEXT_SIGNATURE') - assert_equal 'PLAINTEXT_SIGNATURE', header.send(:signature) - end - - def test_signed_attributes - header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friends.json', {}) - assert header.send(:signed_attributes).keys.include?(:oauth_signature) - end - - def test_normalized_attributes - header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friends.json', {}) - header.stubs(:signed_attributes).returns(:d => 1, :c => 2, :b => 3, :a => 4) - - # Should return the OAuth header attributes, sorted by name, with quoted - # values and comma-separated. - assert_equal 'a="4", b="3", c="2", d="1"', header.send(:normalized_attributes) - - # Values should also be URL encoded. - header.stubs(:signed_attributes).returns(1 => '!', 2 => '@', 3 => '#', 4 => '$') - assert_equal '1="%21", 2="%40", 3="%23", 4="%24"', header.send(:normalized_attributes) - end - - def test_to_s - header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friends.json', {}) - assert_equal "OAuth #{header.send(:normalized_attributes)}", header.to_s + def test_decode + # Pending end def test_parse @@ -221,6 +48,30 @@ class SimpleOAuthTest < Test::Unit::TestCase assert_equal header.options, parsed_options.reject{|k,v| k == :signature } end + def test_initialize + header = SimpleOAuth::Header.new(:get, 'HTTPS://api.TWITTER.com:443/1/statuses/friendships.json#anchor', {}) + + # HTTP method should be an uppercase string. + # + # See: http://oauth.net/core/1.0/#rfc.section.9.1.3 + assert_equal 'GET', header.method + + # Request URL should downcase the scheme and authority parts as well as + # remove the query and fragment parts. + # + # See: http://oauth.net/core/1.0/#rfc.section.9.1.2 + assert_equal 'https://api.twitter.com/1/statuses/friendships.json', header.url + end + + def test_url + # Pending + end + + def test_to_s + header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friends.json', {}) + assert_equal "OAuth #{header.send(:normalized_attributes)}", header.to_s + end + def test_valid # When given consumer and token secrets, those secrets must be passed into # the parsed header validation in order for the validity check to pass. @@ -248,4 +99,173 @@ class SimpleOAuthTest < Test::Unit::TestCase assert !parsed_header.valid? assert parsed_header.valid?(secrets) end + + def test_normalized_attributes + header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friends.json', {}) + header.stubs(:signed_attributes).returns(:d => 1, :c => 2, :b => 3, :a => 4) + + # Should return the OAuth header attributes, sorted by name, with quoted + # values and comma-separated. + assert_equal 'a="4", b="3", c="2", d="1"', header.send(:normalized_attributes) + + # Values should also be URL encoded. + header.stubs(:signed_attributes).returns(1 => '!', 2 => '@', 3 => '#', 4 => '$') + assert_equal '1="%21", 2="%40", 3="%23", 4="%24"', header.send(:normalized_attributes) + end + + def test_signed_attributes + header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friends.json', {}) + assert header.send(:signed_attributes).keys.include?(:oauth_signature) + end + + def test_attributes + attribute_options = SimpleOAuth::Header::ATTRIBUTE_KEYS.inject({}){|o,a| o.merge(a => a.to_s.upcase) } + options = attribute_options.merge(:other => 'OTHER') + header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friendships.json', {}, options) + attributes = header.send(:attributes) + + # OAuth header attributes are all to begin with the "oauth_" prefix. + assert attributes.all?{|k,v| k.to_s =~ /^oauth_/ } + + # Custom options not included in the list of valid attribute keys should + # not be included in the header attributes. + assert !attributes.key?(:oauth_other) + + # Valid attribute option values should be preserved. + assert_equal attribute_options.size, attributes.size + assert attributes.all?{|k,v| k.to_s == "oauth_#{v.downcase}" } + end + + def test_signature + header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friends.json', {}, :signature_method => 'HMAC-SHA1') + header.expects(:hmac_sha1_signature).once.returns('HMAC_SHA1_SIGNATURE') + assert_equal 'HMAC_SHA1_SIGNATURE', header.send(:signature) + + header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friends.json', {}, :signature_method => 'RSA-SHA1') + header.expects(:rsa_sha1_signature).once.returns('RSA_SHA1_SIGNATURE') + assert_equal 'RSA_SHA1_SIGNATURE', header.send(:signature) + + header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friends.json', {}, :signature_method => 'PLAINTEXT') + header.expects(:plaintext_signature).once.returns('PLAINTEXT_SIGNATURE') + assert_equal 'PLAINTEXT_SIGNATURE', header.send(:signature) + end + + def test_hmac_sha1_signature + # Reproduce an actual successful call to the Twitter API using the + # HMAC-SHA1 signature method, GETting a list of friends. + options = { + :consumer_key => '8karQBlMg6gFOwcf8kcoYw', + :consumer_secret => '3d0vcHyUiiqADpWxolW8nlDIpSWMlyK7YNgc5Qna2M', + :nonce => '547fed103e122eecf84c080843eedfe6', + #:signature_method => 'HMAC-SHA1', + :timestamp => '1286830180', + :token => '201425800-Sv4sTcgoffmHGkTCue0JnURT8vrm4DiFAkeFNDkh', + :token_secret => 'T5qa1tF57tfDzKmpM89DHsNuhgOY4NT6DlNLsTFcuQ' + } + successful = 'OAuth oauth_consumer_key="8karQBlMg6gFOwcf8kcoYw", oauth_nonce="547fed103e122eecf84c080843eedfe6", oauth_signature="i9CT6ahDRAlfGX3hKYf78QzXsaw%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1286830180", oauth_token="201425800-Sv4sTcgoffmHGkTCue0JnURT8vrm4DiFAkeFNDkh", oauth_version="1.0"' + header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friends.json', {}, options) + assert_equal successful, header.to_s + + # Reproduce a successful Twitter call, POSTing a new status. + options.merge!( + :nonce => 'b40a3e0f18590ecdcc0e273f7d7c82f8', + :timestamp => '1286830181' + ) + successful = 'OAuth oauth_consumer_key="8karQBlMg6gFOwcf8kcoYw", oauth_nonce="b40a3e0f18590ecdcc0e273f7d7c82f8", oauth_signature="mPqSFKejrWWk3ZT9bTQjhO5b2xI%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1286830181", oauth_token="201425800-Sv4sTcgoffmHGkTCue0JnURT8vrm4DiFAkeFNDkh", oauth_version="1.0"' + header = SimpleOAuth::Header.new(:post, 'https://api.twitter.com/1/statuses/update.json', {:status => 'hi, again'}, options) + assert_equal successful, header.to_s + end + + def test_secret + header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friendships.json', {}) + header.stubs(:options).returns(:consumer_secret => 'CONSUMER_SECRET', :token_secret => 'TOKEN_SECRET') + + # Should combine the consumer and token secrets with an ampersand. + assert_equal 'CONSUMER_SECRET&TOKEN_SECRET', header.send(:secret) + + header.stubs(:options).returns(:consumer_secret => 'CONSUM#R_SECRET', :token_secret => 'TOKEN_S#CRET') + + # Should URL encode each secret value before combination. + assert_equal 'CONSUM%23R_SECRET&TOKEN_S%23CRET', header.send(:secret) + end + + def test_signature_base + header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friendships.json', {}) + header.stubs(:method).returns('METHOD') + header.stubs(:url).returns('URL') + header.stubs(:normalized_params).returns('NORMALIZED_PARAMS') + + # Should combine HTTP method, URL and normalized parameters string using + # ampersands. + assert_equal 'METHOD&URL&NORMALIZED_PARAMS', header.send(:signature_base) + + header.stubs(:method).returns('ME#HOD') + header.stubs(:url).returns('U#L') + header.stubs(:normalized_params).returns('NORMAL#ZED_PARAMS') + + # Each of the three combined values should be URL encoded. + assert_equal 'ME%23HOD&U%23L&NORMAL%23ZED_PARAMS', header.send(:signature_base) + end + + def test_normalized_params + header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friendships.json', {}) + header.stubs(:signature_params).returns([['A', '4'], ['B', '3'], ['B', '2'], ['C', '1'], ['D[]', '0 ']]) + + # The +normalized_params+ string should join key=value pairs with + # ampersands. + signature_params = header.send(:signature_params) + normalized_params = header.send(:normalized_params) + parts = normalized_params.split('&') + pairs = parts.map{|p| p.split('=') } + assert_kind_of String, normalized_params + assert_equal signature_params.size, parts.size + assert pairs.all?{|p| p.size == 2 } + + # The signature parameters should be sorted and the keys/values URL encoded + # first. + assert_equal signature_params.sort_by(&:to_s), pairs.map{|k,v| [URI.decode(k), URI.decode(v)] } + end + + def test_signature_params + header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friendships.json', {}) + header.stubs(:attributes).returns(:attribute => 'ATTRIBUTE') + header.stubs(:params).returns('param' => 'PARAM') + header.stubs(:url_params).returns([['url_param', '1'], ['url_param', '2']]) + + # Should combine OAuth header attributes, body parameters and URL + # parameters into an array of key value pairs. + signature_params = header.send(:signature_params) + assert_kind_of Array, signature_params + assert_equal [:attribute, 'param', 'url_param', 'url_param'], signature_params.map(&:first) + assert_equal ['ATTRIBUTE', 'PARAM', '1', '2'], signature_params.map(&:last) + end + + def test_url_params + # A URL with no query parameters should produce empty +url_params+ + header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friendships.json', {}) + assert_equal [], header.send(:url_params) + + # A URL with query parameters should return a hash having array values + # containing the given query parameters. + header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friendships.json?test=TEST', {}) + url_params = header.send(:url_params) + assert_kind_of Array, url_params + assert_equal [['test', 'TEST']], url_params + + # If a query parameter is repeated, the values should be sorted. + header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friendships.json?test=1&test=2', {}) + assert_equal [['test', '1'], ['test', '2']], header.send(:url_params) + end + + def test_rsa_sha1_signature + # Pending + end + + def test_private_key + # Pending + end + + def plaintext_signature + # Pending + end end