Test HMAC-SHA1 signature generation against real-world, accepted signatures.

Also, stop memoizing the to_s and url instance methods.
2026-03-25 08:45:54 +00:00 · 2010-10-11 17:36:20 -04:00 · 2010-10-11 17:36:20 -04:00 · c8790cf98e
commit c8790cf98e
parent dd11ac300b
2 changed files with 28 additions and 2 deletions
--- a/lib/simple_oauth.rb
+++ b/lib/simple_oauth.rb
@ -34,11 +34,11 @@ module SimpleOAuth
    end

    def to_s
-      @to_s ||= "OAuth #{normalized_attributes}"
+      "OAuth #{normalized_attributes}"
    end

    def url
-      @url ||= @uri.dup.tap{|u| u.query = nil }.to_s
+      @uri.dup.tap{|u| u.query = nil }.to_s
    end

    private
--- a/test/simple_oauth_test.rb
+++ b/test/simple_oauth_test.rb
@ -145,4 +145,30 @@ class SimpleOAuthTest < Test::Unit::TestCase
    # Should URL encode each secret value before combination.
    assert_equal 'CONSUM%23R_SECRET&TOKEN_S%23CRET', header.send(:secret)
  end
+
+  def test_hmac_sha1_signature
+    # Reproduce an actual successful call to the Twitter API using the
+    # HMAC-SHA1 signature method, GETting a list of friends.
+    options = {
+      :consumer_key => '8karQBlMg6gFOwcf8kcoYw',
+      :consumer_secret => '3d0vcHyUiiqADpWxolW8nlDIpSWMlyK7YNgc5Qna2M',
+      :nonce => '547fed103e122eecf84c080843eedfe6',
+      #:signature_method => 'HMAC-SHA1',
+      :timestamp => '1286830180',
+      :token => '201425800-Sv4sTcgoffmHGkTCue0JnURT8vrm4DiFAkeFNDkh',
+      :token_secret => 'T5qa1tF57tfDzKmpM89DHsNuhgOY4NT6DlNLsTFcuQ'
+    }
+    successful = 'OAuth oauth_consumer_key="8karQBlMg6gFOwcf8kcoYw", oauth_nonce="547fed103e122eecf84c080843eedfe6", oauth_signature="i9CT6ahDRAlfGX3hKYf78QzXsaw%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1286830180", oauth_token="201425800-Sv4sTcgoffmHGkTCue0JnURT8vrm4DiFAkeFNDkh", oauth_version="1.0"'
+    header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friends.json', {}, options)
+    assert_equal successful, header.to_s
+
+    # Reproduce a successful Twitter call, POSTing a new status.
+    options.merge!(
+      :nonce => 'b40a3e0f18590ecdcc0e273f7d7c82f8',
+      :timestamp => '1286830181'
+    )
+    successful = 'OAuth oauth_consumer_key="8karQBlMg6gFOwcf8kcoYw", oauth_nonce="b40a3e0f18590ecdcc0e273f7d7c82f8", oauth_signature="mPqSFKejrWWk3ZT9bTQjhO5b2xI%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1286830181", oauth_token="201425800-Sv4sTcgoffmHGkTCue0JnURT8vrm4DiFAkeFNDkh", oauth_version="1.0"'
+    header = SimpleOAuth::Header.new(:post, 'https://api.twitter.com/1/statuses/update.json', {:status => 'hi, again'}, options)
+    assert_equal successful, header.to_s
+  end
 end