sjs/simple_oauth
1
0
Fork 0
mirror of https://github.com/samsonjs/simple_oauth.git synced 2026-03-25 08:45:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Compare commits

base: sjs:master
Branches Tags
sjs:master
sjs:v0.3.2
sjs:v0.3.1
sjs:v0.3.0
sjs:v0.2.0
sjs:v0.1.9
sjs:v0.1.8
sjs:v0.1.7
sjs:v0.1.6
sjs:v0.1.5
sjs:v0.1.4
sjs:v0.1.3
sjs:v0.1.2
sjs:v0.1.1
sjs:v0.1.0
..
compare: sjs:v0.1.4
Branches Tags
sjs:master
sjs:v0.3.2
sjs:v0.3.1
sjs:v0.3.0
sjs:v0.2.0
sjs:v0.1.9
sjs:v0.1.8
sjs:v0.1.7
sjs:v0.1.6
sjs:v0.1.5
sjs:v0.1.4
sjs:v0.1.3
sjs:v0.1.2
sjs:v0.1.1
sjs:v0.1.0

No commits in common. "master" and "v0.1.4" have entirely different histories.
master ... v0.1.4

30 changed files with 481 additions and 733 deletions
Show stats Expand all files Collapse all files

0
.gemtest Normal file
View file

29
.github/workflows/main.yml vendored
View file

@ -1,29 +0,0 @@
name: Ruby
on:
push:
branches:
- master
pull_request:
jobs:
build:
runs-on: ubuntu-latest
name: Ruby ${{ matrix.ruby }}
strategy:
matrix:
ruby:
- "3.0"
- "3.1"
- "3.2"
steps:
- uses: actions/checkout@v3
- name: Set up Ruby
uses: ruby/setup-ruby@v1
with:
ruby-version: ${{ matrix.ruby }}
bundler-cache: true
- name: Run the default task
run: bundle exec rake

14
.gitignore vendored
View file

@ -1,9 +1,7 @@
/.bundle/
/.yardoc
/_yardoc/
/coverage/
/doc/
/pkg/
/spec/reports/
/tmp/
*.rbc
.DS_Store
.bundle
Gemfile.lock
coverage
pkg
rdoc

2
.rspec
View file

@ -1,2 +0,0 @@
--color
--order random

77
.rubocop.yml
View file

@ -1,77 +0,0 @@
require:
- standard
plugins:
- standard-performance
- rubocop-rspec
- rubocop-performance
- rubocop-rake
AllCops:
NewCops: enable
TargetRubyVersion: 3.0
Layout/ArgumentAlignment:
Enabled: true
EnforcedStyle: with_fixed_indentation
Layout/ArrayAlignment:
Enabled: true
EnforcedStyle: with_fixed_indentation
Layout/EndAlignment:
Enabled: true
EnforcedStyleAlignWith: variable
Layout/HashAlignment:
Enabled: true
EnforcedHashRocketStyle: key
EnforcedColonStyle: key
EnforcedLastArgumentHashStyle: always_inspect
Layout/LineLength:
Enabled: false
Layout/ParameterAlignment:
Enabled: true
EnforcedStyle: with_fixed_indentation
IndentationWidth: ~
Layout/SpaceInsideHashLiteralBraces:
Enabled: false
Metrics/ParameterLists:
CountKeywordArgs: false
RSpec/MultipleExpectations:
Enabled: false
RSpec/ExampleLength:
Enabled: false
RSpec/MessageSpies:
Enabled: false
RSpec/PendingWithoutReason:
Enabled: false
RSpec/SpecFilePathFormat:
Enabled: false
RSpec/SpecFilePathSuffix:
Enabled: false
Style/Alias:
Enabled: true
EnforcedStyle: prefer_alias_method
Style/FrozenStringLiteralComment:
Enabled: false
Style/StringLiterals:
Enabled: true
EnforcedStyle: double_quotes
Style/StringLiteralsInInterpolation:
Enabled: true
EnforcedStyle: double_quotes

21
.travis.yml
View file

@ -1,21 +0,0 @@
language: ruby
env:
global:
- JRUBY_OPTS="$JRUBY_OPTS --debug"
rvm:
- 1.8.7
- 1.9.3
- 2.0.0
- 2.1
- jruby-18mode
- jruby-19mode
- jruby-head
- rbx-2
- ruby-head
matrix:
allow_failures:
- rvm: jruby-head
- rvm: rbx-2
- rvm: ruby-head
fast_finish: true
sudo: false

5
.yardopts
View file

@ -1,5 +0,0 @@
--markup markdown
-
CONTRIBUTING.md
LICENSE.md
README.md

5
CHANGELOG.md
View file

@ -1,5 +0,0 @@
## [Unreleased]
## [0.4.0] - 2023-08-10
- Update

8
CONTRIBUTING.md
View file

@ -1,8 +0,0 @@
## Contributing
1. Fork the project.
2. Create a topic branch.
3. Add failing tests.
4. Add code to pass the failing tests.
5. Run `bundle exec rake`. If failing, repeat step 4.
6. Commit and push your changes.
7. Submit a pull request. Please do not include changes to the gemspec.

14
Gemfile
View file

@ -1,14 +1,2 @@
source "https://rubygems.org"
# Specify your gem's dependencies in simple_oauth.gemspec
source 'http://rubygems.org'
gemspec
gem "rake", ">= 13.0.6"
gem "rspec", ">= 3.12"
gem "rubocop", ">= 1.21"
gem "rubocop-performance", ">= 1.18"
gem "rubocop-rake", ">= 0.6"
gem "rubocop-rspec", ">= 0.31"
gem "simplecov", ">= 0.22"
gem "standard", ">= 1.30.1"
gem "webmock", ">= 3.18.1"

20
LICENSE Normal file
View file

@ -0,0 +1,20 @@
Copyright (c) 2010 Steve Richert
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

21
LICENSE.md
View file

@ -1,21 +0,0 @@
The MIT License (MIT)
Copyright (c) 2010-2023 Steve Richert, Erik Michaels-Ober
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.

24
README.md
View file

@ -1,24 +0,0 @@
# simple_oauth
Simply builds and verifies OAuth headers
## Installation
Install the gem and add to the application's Gemfile by executing:
$ bundle add simple_oauth
If bundler is not being used to manage dependencies, install the gem by executing:
$ gem install simple_oauth
## Contributing
Bug reports and pull requests are welcome on GitHub at https://github.com/laserlemon/simple_oauth.
This project conforms to [Standard Ruby](https://github.com/standardrb/standard). Patches that dont maintain that standard will not be accepted.
## License
The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

17
README.rdoc Normal file
View file

@ -0,0 +1,17 @@
= simple_oauth
Simply builds and verifies OAuth headers
== Note on Patches/Pull Requests
* Fork the project.
* Make your feature addition or bug fix.
* Add tests for it. This is important so I don't break it in a
future version unintentionally.
* Commit, do not mess with rakefile, version, or history.
(if you want to have your own version, that is fine but bump version in a commit by itself I can ignore when I pull)
* Send me a pull request. Bonus points for topic branches.
== Copyright
Copyright (c) 2010 Steve Richert. See LICENSE for details.

53
Rakefile
View file

@ -1,10 +1,49 @@
require "bundler/gem_tasks"
require "rspec/core/rake_task"
require "rubocop/rake_task"
require "standard/rake"
require 'rake'
require 'rake/testtask'
require 'rake/rdoctask'
require 'bundler'
RSpec::Core::RakeTask.new(:spec)
Bundler::GemHelper.install_tasks
RuboCop::RakeTask.new
Rake::TestTask.new do |test|
test.libs << 'lib' << 'test'
test.pattern = 'test/**/*_test.rb'
test.verbose = true
end
task default: %i[spec rubocop standard]
task :default => :test
Rake::RDocTask.new do |rdoc|
require File.expand_path('../lib/simple_oauth/version', __FILE__)
version = SimpleOAuth::Version::STRING
rdoc.rdoc_dir = 'rdoc'
rdoc.title = "simple_oauth #{version}"
rdoc.rdoc_files.include('README*')
rdoc.rdoc_files.include('lib/**/*.rb')
end
begin
require 'rcov/rcovtask'
Rcov::RcovTask.new do |rcov|
rcov.libs << 'lib' << 'test'
rcov.pattern = 'test/**/*_test.rb'
rcov.verbose = true
rcov.rcov_opts << '--exclude "gems/*"'
end
rescue LoadError
task :rcov do
abort 'RCov is not available. Install it with: gem install rcov'
end
end
def gemspec
@gemspec ||= begin
file = File.expand_path('../simple_oauth.gemspec', __FILE__)
eval(File.read(file), binding, file)
end
end
desc 'Validate the gemspec'
task :gemspec do
gemspec.validate
end

1
VERSION Normal file
View file

@ -0,0 +1 @@
0.0.0

10
bin/console
View file

@ -1,10 +0,0 @@
#!/usr/bin/env ruby
require "bundler/setup"
require "simple_oauth"
# You can add fixtures and/or initialization code here to make experimenting
# with your gem easier. You can also use a different console, if you like.
require "irb"
IRB.start(__FILE__)

8
bin/setup
View file

@ -1,8 +0,0 @@
#!/usr/bin/env bash
set -euo pipefail
IFS=$'\n\t'
set -vx
bundle install
# Do any other automated setup that you need to do here

1
init.rb Normal file
View file

@ -0,0 +1 @@
require File.expand_path('../lib/simple_oauth', __FILE__)

8
lib/simple_oauth.rb
View file

@ -1,2 +1,6 @@
require_relative "simple_oauth/header"
require_relative "simple_oauth/version"
require 'base64'
require 'cgi'
require 'openssl'
require 'uri'
require File.expand_path('../simple_oauth/core_ext/object', __FILE__)
require File.expand_path('../simple_oauth/header', __FILE__)

10
lib/simple_oauth/core_ext/object.rb Normal file
View file

@ -0,0 +1,10 @@
major, minor, patch = RUBY_VERSION.split('.')
if major.to_i == 1 && minor.to_i < 9
class Object
def tap
yield self
self
end
end
end

98
lib/simple_oauth/header.rb
View file

@ -1,65 +1,46 @@
require "openssl"
require "uri"
require "base64"
require "cgi"
module SimpleOAuth
# Generates OAuth header for HTTP request
class Header
ATTRIBUTE_KEYS = %i[callback consumer_key nonce signature_method timestamp token verifier version].freeze unless defined? ::SimpleOAuth::Header::ATTRIBUTE_KEYS
ATTRIBUTE_KEYS = [:consumer_key, :nonce, :signature_method, :timestamp, :token, :version] unless defined? ::SimpleOAuth::Header::ATTRIBUTE_KEYS
IGNORED_KEYS = %i[consumer_secret token_secret signature].freeze unless defined? ::SimpleOAuth::Header::IGNORED_KEYS
def self.default_options
{
:nonce => OpenSSL::Random.random_bytes(16).unpack('H*')[0],
:signature_method => 'HMAC-SHA1',
:timestamp => Time.now.to_i.to_s,
:version => '1.0'
}
end
attr_reader :method, :params, :options
def self.encode(value)
URI.encode(value.to_s, /[^a-z0-9\-\.\_\~]/i)
end
class << self
def default_options
{
nonce: OpenSSL::Random.random_bytes(16).unpack1("H*"),
signature_method: "HMAC-SHA1",
timestamp: Time.now.to_i.to_s,
version: "1.0"
}
end
def self.decode(value)
URI.decode(value.to_s)
end
def parse(header)
header.to_s.sub(/^OAuth\s/, "").split(/,\s*/).inject({}) do |attributes, pair|
match = pair.match(/^(\w+)="([^"]*)"$/)
attributes.merge(match[1].sub(/^oauth_/, "").to_sym => unescape(match[2]))
end
end
def escape(value)
uri_parser.escape(value.to_s, /[^a-z0-9\-._~]/i)
end
alias_method :encode, :escape
def unescape(value)
uri_parser.unescape(value.to_s)
end
alias_method :decode, :unescape
private
def uri_parser
@uri_parser ||= URI.const_defined?(:Parser) ? URI::RFC2396_PARSER : URI
def self.parse(header)
header.to_s.sub(/^OAuth\s/, '').split(', ').inject({}) do |attributes, pair|
match = pair.match(/^(\w+)\=\"([^\"]*)\"$/)
attributes.merge(match[1].sub(/^oauth_/, '').to_sym => decode(match[2]))
end
end
attr_reader :method, :params, :options
def initialize(method, url, params, oauth = {})
@method = method.to_s.upcase
@uri = URI.parse(url.to_s)
@uri.scheme = @uri.scheme.downcase
@uri.normalize!
@uri.fragment = nil
@uri = URI.parse(url).tap do |uri|
uri.scheme = uri.scheme.downcase
uri.normalize!
uri.fragment = nil
end
@params = params
@options = oauth.is_a?(Hash) ? self.class.default_options.merge(oauth) : self.class.parse(oauth)
end
def url
uri = @uri.dup
uri.query = nil
uri.to_s
@uri.dup.tap{|u| u.query = nil }.to_s
end
def to_s
@ -75,42 +56,38 @@ module SimpleOAuth
end
def signed_attributes
attributes.merge(oauth_signature: signature)
attributes.merge(:oauth_signature => signature)
end
private
def normalized_attributes
signed_attributes.sort_by { |k, _| k.to_s }.collect { |k, v| %(#{k}="#{self.class.escape(v)}") }.join(", ")
signed_attributes.sort_by{|k,v| k.to_s }.map{|k,v| %(#{k}="#{self.class.encode(v)}") }.join(', ')
end
def attributes
matching_keys, extra_keys = options.keys.partition { |key| ATTRIBUTE_KEYS.include?(key) }
extra_keys -= IGNORED_KEYS
raise "SimpleOAuth: Found extra option keys not matching ATTRIBUTE_KEYS:\n [#{extra_keys.collect(&:inspect).join(", ")}]" unless options[:ignore_extra_keys] || extra_keys.empty?
options.slice(*matching_keys).transform_keys { |key| :"oauth_#{key}" }
ATTRIBUTE_KEYS.inject({}){|a,k| options.key?(k) ? a.merge(:"oauth_#{k}" => options[k]) : a }
end
def signature
send("#{options[:signature_method].downcase.tr("-", "_")}_signature")
send(options[:signature_method].downcase.tr('-', '_') + '_signature')
end
def hmac_sha1_signature
Base64.encode64(OpenSSL::HMAC.digest(OpenSSL::Digest.new("SHA1"), secret, signature_base)).chomp.delete("\n")
Base64.encode64(OpenSSL::HMAC.digest(OpenSSL::Digest::SHA1.new, secret, signature_base)).chomp.gsub(/\n/, '')
end
def secret
options.values_at(:consumer_secret, :token_secret).collect { |v| self.class.escape(v) }.join("&")
options.values_at(:consumer_secret, :token_secret).map{|v| self.class.encode(v) }.join('&')
end
alias_method :plaintext_signature, :secret
def signature_base
[method, url, normalized_params].collect { |v| self.class.escape(v) }.join("&")
[method, url, normalized_params].map{|v| self.class.encode(v) }.join('&')
end
def normalized_params
signature_params.collect { |p| p.collect { |v| self.class.escape(v) } }.sort.collect { |p| p.join("=") }.join("&")
signature_params.map{|p| p.map{|v| self.class.encode(v) } }.sort.map{|p| p.join('=') }.join('&')
end
def signature_params
@ -118,15 +95,16 @@ module SimpleOAuth
end
def url_params
CGI.parse(@uri.query || "").inject([]) { |p, (k, vs)| p + vs.sort.collect { |v| [k, v] } }
CGI.parse(@uri.query || '').inject([]){|p,(k,vs)| p + vs.map{|v| [k, v] } }
end
def rsa_sha1_signature
Base64.encode64(private_key.sign(OpenSSL::Digest.new("SHA1"), signature_base)).chomp.delete("\n")
Base64.encode64(private_key.sign(OpenSSL::Digest::SHA1.new, signature_base)).chomp.gsub(/\n/, '')
end
def private_key
OpenSSL::PKey::RSA.new(options[:consumer_secret])
end
end
end

9
lib/simple_oauth/version.rb
View file

@ -1,3 +1,8 @@
module SimpleOauth
VERSION = "0.3.1".freeze
module SimpleOAuth
module Version
MAJOR = 0 unless defined? ::SimpleOAuth::Version::MAJOR
MINOR = 1 unless defined? ::SimpleOAuth::Version::MINOR
PATCH = 4 unless defined? ::SimpleOAuth::Version::PATCH
STRING = [MAJOR, MINOR, PATCH].join('.') unless defined? ::SimpleOAuth::Version::STRING
end
end

47
simple_oauth.gemspec
View file

@ -1,35 +1,18 @@
require_relative "lib/simple_oauth/version"
# -*- encoding: utf-8 -*-
require File.expand_path('../lib/simple_oauth/version', __FILE__)
Gem::Specification.new do |spec|
spec.name = "simple_oauth"
spec.version = SimpleOauth::VERSION
spec.authors = ["Steve Richert", "Erik Berlin"]
spec.email = ["steve.richert@gmail.com", "sferik@gmail.com"]
spec.summary = "Simply builds and verifies OAuth headers"
spec.description = spec.summary
spec.homepage = "https://github.com/laserlemon/simple_oauth"
spec.license = "MIT"
spec.required_ruby_version = ">= 3.0"
spec.metadata["allowed_push_host"] = "https://rubygems.org"
spec.metadata["homepage_uri"] = spec.homepage
spec.metadata["source_code_uri"] = "https://github.com/laserlemon/simple_oauth"
spec.metadata["changelog_uri"] = "https://github.com/laserlemon/simple_oauth/blob/master/CHANGELOG.md"
# Specify which files should be added to the gem when it is released.
# The `git ls-files -z` loads the files in the RubyGem that have been added into git.
spec.files = Dir.chdir(__dir__) do
`git ls-files -z`.split("\x0").reject do |f|
(File.expand_path(f) == __FILE__) ||
f.start_with?(*%w[bin/ test/ spec/ features/ .git .circleci appveyor Gemfile])
end
end
spec.bindir = "exe"
spec.executables = spec.files.grep(%r{\Aexe/}) { |f| File.basename(f) }
spec.require_paths = ["lib"]
spec.metadata["rubygems_mfa_required"] = "true"
spec.add_dependency "base64"
spec.add_development_dependency('mocha', '>= 0')
spec.author = 'Steve Richert'
spec.description = 'Simply builds and verifies OAuth headers'
spec.email = 'steve.richert@gmail.com'
spec.extra_rdoc_files = ['README.rdoc']
spec.files = `git ls-files`.split("\n")
spec.homepage = 'http://github.com/laserlemon/simple_oauth'
spec.name = 'simple_oauth'
spec.rdoc_options = ['--charset=UTF-8']
spec.required_rubygems_version = Gem::Requirement.new('>= 1.3.6') if spec.respond_to? :required_rubygems_version=
spec.summary = spec.description
spec.test_files = `git ls-files -- test/**/*_test.rb`.split("\n")
spec.version = SimpleOAuth::Version::STRING
end

23
spec/helper.rb
View file

@ -1,23 +0,0 @@
$LOAD_PATH.unshift File.expand_path("../lib", __dir__)
require "simplecov"
SimpleCov.start do
add_filter "/spec/"
minimum_coverage(100)
end
require "rspec"
require "simple_oauth"
def uri_parser
@uri_parser ||= URI.const_defined?(:Parser) ? URI::DEFAULT_PARSER : URI
end
RSpec.configure do |config|
config.expect_with :rspec do |c|
c.syntax = :expect
end
end
Dir[File.expand_path("support/**/*.rb", __dir__)].each { |f| require f }

365
spec/simple_oauth/header_spec.rb
View file

@ -1,365 +0,0 @@
require "helper"
describe SimpleOAuth::Header do
describe ".default_options" do
let(:default_options) { described_class.default_options }
it "is different every time" do
expect(described_class.default_options).not_to eq default_options
end
it "is used for new headers" do
allow(described_class).to receive(:default_options).and_return(default_options)
header = described_class.new(:get, "https://api.twitter.com/1/statuses/friendships.json", {})
expect(header.options).to eq default_options
end
it "includes a signature method and an OAuth version" do
expect(default_options[:signature_method]).not_to be_nil
expect(default_options[:version]).not_to be_nil
end
end
describe ".escape" do
it "escapes (most) non-word characters" do
[" ", "!", "@", "#", "$", "%", "^", "&"].each do |character|
escaped = described_class.escape(character)
expect(escaped).not_to eq character
expect(escaped).to eq uri_parser.escape(character, /.*/)
end
end
it "does not escape - . or ~" do
["-", ".", "~"].each do |character|
escaped = described_class.escape(character)
expect(escaped).to eq character
end
end
it "escapes non-ASCII characters" do
expect(described_class.escape("é")).to eq "%C3%A9"
end
it "escapes multibyte characters" do
expect(described_class.escape("")).to eq "%E3%81%82"
end
end
describe ".unescape" do
pending
end
describe ".parse" do
let(:header) { described_class.new(:get, "https://api.twitter.com/1/statuses/friends.json", {}) }
let(:parsed_options) { described_class.parse(header) }
it "returns a hash" do
expect(parsed_options).to be_a(Hash)
end
it "includes the options used to build the header" do
expect(parsed_options.except(:signature)).to eq header.options
end
it "includes a signature" do
expect(header.options).not_to have_key(:signature)
expect(parsed_options).to have_key(:signature)
expect(parsed_options[:signature]).not_to be_nil
end
it "handles optional 'linear white space'" do
parsed_header_with_spaces = described_class.parse 'OAuth oauth_consumer_key="abcd", oauth_nonce="oLKtec51GQy", oauth_signature="efgh%26mnop", oauth_signature_method="PLAINTEXT", oauth_timestamp="1286977095", oauth_token="ijkl", oauth_version="1.0"'
expect(parsed_header_with_spaces).to be_a(Hash)
expect(parsed_header_with_spaces.keys.size).to eq 7
parsed_header_with_tabs = described_class.parse 'OAuth oauth_consumer_key="abcd", oauth_nonce="oLKtec51GQy", oauth_signature="efgh%26mnop", oauth_signature_method="PLAINTEXT", oauth_timestamp="1286977095", oauth_token="ijkl", oauth_version="1.0"'
expect(parsed_header_with_tabs).to be_a(Hash)
expect(parsed_header_with_tabs.keys.size).to eq 7
parsed_header_with_spaces_and_tabs = described_class.parse 'OAuth oauth_consumer_key="abcd", oauth_nonce="oLKtec51GQy", oauth_signature="efgh%26mnop", oauth_signature_method="PLAINTEXT", oauth_timestamp="1286977095", oauth_token="ijkl", oauth_version="1.0"'
expect(parsed_header_with_spaces_and_tabs).to be_a(Hash)
expect(parsed_header_with_spaces_and_tabs.keys.size).to eq 7
parsed_header_without_spaces = described_class.parse 'OAuth oauth_consumer_key="abcd",oauth_nonce="oLKtec51GQy",oauth_signature="efgh%26mnop",oauth_signature_method="PLAINTEXT",oauth_timestamp="1286977095",oauth_token="ijkl",oauth_version="1.0"'
expect(parsed_header_without_spaces).to be_a(Hash)
expect(parsed_header_without_spaces.keys.size).to eq 7
end
end
describe "#initialize" do
let(:header) do
described_class.new(:get, "HTTPS://api.TWITTER.com:443/1/statuses/friendships.json?foo=bar#anchor", {})
end
it "stringifies and uppercases the request method" do
expect(header.method).to eq "GET"
end
it "downcases the scheme and authority" do
expect(header.url).to match %r{^https://api\.twitter\.com/}
end
it "ignores the query and fragment" do
expect(header.url).to match %r{/1/statuses/friendships\.json$}
end
end
describe "#valid?" do
context "when using the HMAC-SHA1 signature method" do
it "requires consumer and token secrets" do
secrets = {consumer_secret: "CONSUMER_SECRET", token_secret: "TOKEN_SECRET"}
header = described_class.new(:get, "https://api.twitter.com/1/statuses/friends.json", {}, secrets)
parsed_header = described_class.new(:get, "https://api.twitter.com/1/statuses/friends.json", {}, header)
expect(parsed_header).not_to be_valid
expect(parsed_header).to be_valid(secrets)
end
end
context "when using the RSA-SHA1 signature method" do
it "requires an identical private key" do
secrets = {consumer_secret: rsa_private_key}
header = described_class.new(:get, "https://api.twitter.com/1/statuses/friends.json", {},
secrets.merge(signature_method: "RSA-SHA1"))
parsed_header = described_class.new(:get, "https://api.twitter.com/1/statuses/friends.json", {}, header)
expect { parsed_header.valid? }.to raise_error(TypeError)
expect(parsed_header).to be_valid(secrets)
end
end
context "when using the PLAINTEXT signature method" do
it "requires consumer and token secrets" do
secrets = {consumer_secret: "CONSUMER_SECRET", token_secret: "TOKEN_SECRET"}
header = described_class.new(:get, "https://api.twitter.com/1/statuses/friends.json", {},
secrets.merge(signature_method: "PLAINTEXT"))
parsed_header = described_class.new(:get, "https://api.twitter.com/1/statuses/friends.json", {}, header)
expect(parsed_header).not_to be_valid
expect(parsed_header).to be_valid(secrets)
end
end
end
describe "#normalized_attributes" do
let(:header) { described_class.new(:get, "https://api.twitter.com/1/statuses/friends.json", {}) }
let(:normalized_attributes) { header.send(:normalized_attributes) }
it "returns a sorted-key, quoted-value and comma-separated list" do
allow(header).to receive(:signed_attributes).and_return(d: 1, c: 2, b: 3, a: 4)
expect(normalized_attributes).to eq 'a="4", b="3", c="2", d="1"'
end
it "URI encodes its values" do
allow(header).to receive(:signed_attributes).and_return(1 => "!", 2 => "@", 3 => "#", 4 => "$")
expect(normalized_attributes).to eq '1="%21", 2="%40", 3="%23", 4="%24"'
end
end
describe "#signed_attributes" do
it "includes the OAuth signature" do
header = described_class.new(:get, "https://api.twitter.com/1/statuses/friends.json", {})
expect(header.send(:signed_attributes)).to have_key(:oauth_signature)
end
end
describe "#attributes" do
let(:header) do
options = {}
SimpleOAuth::Header::ATTRIBUTE_KEYS.each { |k| options[k] = k.to_s.upcase }
options[:other] = "OTHER"
described_class.new(:get, "https://api.twitter.com/1/statuses/friendships.json", {}, options)
end
it "prepends keys with 'oauth_'" do
header.options[:ignore_extra_keys] = true
expect(header.send(:attributes).keys).to(be_all { |k| k.to_s =~ /^oauth_/ })
end
it "excludes keys not included in the list of valid attributes" do
header.options[:ignore_extra_keys] = true
expect(header.send(:attributes).keys).to(be_all { |k| k.is_a?(Symbol) })
expect(header.send(:attributes)).not_to have_key(:oauth_other)
end
it "preserves values for valid keys" do
header.options[:ignore_extra_keys] = true
expect(header.send(:attributes).size).to eq SimpleOAuth::Header::ATTRIBUTE_KEYS.size
expect(header.send(:attributes)).to(be_all { |k, v| k.to_s == "oauth_#{v.downcase}" })
end
it "raises exception for extra keys" do
expect do
header.send(:attributes)
end.to raise_error(RuntimeError,
"SimpleOAuth: Found extra option keys not matching ATTRIBUTE_KEYS:\n [:other]")
end
end
describe "#signature" do
specify "when using HMAC-SHA1" do
header = described_class.new(:get, "https://api.twitter.com/1/statuses/friends.json", {}, signature_method: "HMAC-SHA1")
expect(header).to receive(:hmac_sha1_signature).once.and_return("HMAC_SHA1_SIGNATURE")
expect(header.send(:signature)).to eq "HMAC_SHA1_SIGNATURE"
end
specify "when using RSA-SHA1" do
header = described_class.new(:get, "https://api.twitter.com/1/statuses/friends.json", {}, signature_method: "RSA-SHA1")
expect(header).to receive(:rsa_sha1_signature).once.and_return("RSA_SHA1_SIGNATURE")
expect(header.send(:signature)).to eq "RSA_SHA1_SIGNATURE"
end
specify "when using PLAINTEXT" do
header = described_class.new(:get, "https://api.twitter.com/1/statuses/friends.json", {}, signature_method: "PLAINTEXT")
expect(header).to receive(:plaintext_signature).once.and_return("PLAINTEXT_SIGNATURE")
expect(header.send(:signature)).to eq "PLAINTEXT_SIGNATURE"
end
end
describe "#hmac_sha1_signature" do
it "reproduces a successful Twitter GET" do
options = {
consumer_key: "8karQBlMg6gFOwcf8kcoYw",
consumer_secret: "3d0vcHyUiiqADpWxolW8nlDIpSWMlyK7YNgc5Qna2M",
nonce: "547fed103e122eecf84c080843eedfe6",
signature_method: "HMAC-SHA1",
timestamp: "1286830180",
token: "201425800-Sv4sTcgoffmHGkTCue0JnURT8vrm4DiFAkeFNDkh",
token_secret: "T5qa1tF57tfDzKmpM89DHsNuhgOY4NT6DlNLsTFcuQ"
}
header = described_class.new(:get, "https://api.twitter.com/1/statuses/friends.json", {}, options)
expect(header.to_s).to eq 'OAuth oauth_consumer_key="8karQBlMg6gFOwcf8kcoYw", oauth_nonce="547fed103e122eecf84c080843eedfe6", oauth_signature="i9CT6ahDRAlfGX3hKYf78QzXsaw%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1286830180", oauth_token="201425800-Sv4sTcgoffmHGkTCue0JnURT8vrm4DiFAkeFNDkh", oauth_version="1.0"'
end
it "reproduces a successful Twitter POST" do
options = {
consumer_key: "8karQBlMg6gFOwcf8kcoYw",
consumer_secret: "3d0vcHyUiiqADpWxolW8nlDIpSWMlyK7YNgc5Qna2M",
nonce: "b40a3e0f18590ecdcc0e273f7d7c82f8",
signature_method: "HMAC-SHA1",
timestamp: "1286830181",
token: "201425800-Sv4sTcgoffmHGkTCue0JnURT8vrm4DiFAkeFNDkh",
token_secret: "T5qa1tF57tfDzKmpM89DHsNuhgOY4NT6DlNLsTFcuQ"
}
header = described_class.new(:post, "https://api.twitter.com/1/statuses/update.json",
{status: "hi, again"}, options)
expect(header.to_s).to eq 'OAuth oauth_consumer_key="8karQBlMg6gFOwcf8kcoYw", oauth_nonce="b40a3e0f18590ecdcc0e273f7d7c82f8", oauth_signature="mPqSFKejrWWk3ZT9bTQjhO5b2xI%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1286830181", oauth_token="201425800-Sv4sTcgoffmHGkTCue0JnURT8vrm4DiFAkeFNDkh", oauth_version="1.0"'
end
end
describe "#secret" do
let(:header) { described_class.new(:get, "https://api.twitter.com/1/statuses/friendships.json", {}) }
let(:secret) { header.send(:secret) }
it "combines the consumer and token secrets with an ampersand" do
allow(header).to receive(:options).and_return(consumer_secret: "CONSUMER_SECRET",
token_secret: "TOKEN_SECRET")
expect(secret).to eq "CONSUMER_SECRET&TOKEN_SECRET"
end
it "URI encodes each secret value before combination" do
allow(header).to receive(:options).and_return(consumer_secret: "CONSUM#R_SECRET",
token_secret: "TOKEN_S#CRET")
expect(secret).to eq "CONSUM%23R_SECRET&TOKEN_S%23CRET"
end
end
describe "#signature_base" do
let(:header) { described_class.new(:get, "https://api.twitter.com/1/statuses/friendships.json", {}) }
let(:signature_base) { header.send(:signature_base) }
it "combines the request method, URL and normalized parameters using ampersands" do
allow(header).to receive_messages(method: "METHOD", url: "URL", normalized_params: "NORMALIZED_PARAMS")
expect(signature_base).to eq "METHOD&URL&NORMALIZED_PARAMS"
end
it "URI encodes each value before combination" do
allow(header).to receive_messages(method: "ME#HOD", url: "U#L", normalized_params: "NORMAL#ZED_PARAMS")
expect(signature_base).to eq "ME%23HOD&U%23L&NORMAL%23ZED_PARAMS"
end
end
describe "#normalized_params" do
let(:header) do
header = described_class.new(:get, "https://api.twitter.com/1/statuses/friendships.json", {})
allow(header).to receive(:signature_params).and_return([%w[A 4], %w[B 3], %w[B 2], %w[C 1], ["D[]", "0 "]])
header
end
let(:signature_params) { header.send(:signature_params) }
let(:normalized_params) { header.send(:normalized_params) }
it "joins key/value pairs with equal signs and ampersands" do
expect(normalized_params).to be_a(String)
parts = normalized_params.split("&")
expect(parts.size).to eq signature_params.size
pairs = parts.collect { |p| p.split("=") }
expect(pairs).to(be_all { |p| p.size == 2 })
end
end
describe "#signature_params" do
let(:header) { described_class.new(:get, "https://api.twitter.com/1/statuses/friendships.json", {}) }
let(:signature_params) { header.send(:signature_params) }
it "combines OAuth header attributes, body parameters and URL parameters into an flattened array of key/value pairs" do
allow(header).to receive_messages(attributes: {attribute: "ATTRIBUTE"}, params: {"param" => "PARAM"},
url_params: [%w[url_param 1], %w[url_param 2]])
expect(signature_params).to eq [
[:attribute, "ATTRIBUTE"],
%w[param PARAM],
%w[url_param 1],
%w[url_param 2]
]
end
end
describe "#url_params" do
it "returns an empty array when the URL has no query parameters" do
header = described_class.new(:get, "https://api.twitter.com/1/statuses/friendships.json", {})
expect(header.send(:url_params)).to eq []
end
it "returns an array of key/value pairs for each query parameter" do
header = described_class.new(:get, "https://api.twitter.com/1/statuses/friendships.json?test=TEST", {})
expect(header.send(:url_params)).to eq [%w[test TEST]]
end
it "sorts values for repeated keys" do
header = described_class.new(:get,
"https://api.twitter.com/1/statuses/friendships.json?test=3&test=1&test=2", {})
expect(header.send(:url_params)).to eq [%w[test 1], %w[test 2], %w[test 3]]
end
end
describe "#rsa_sha1_signature" do
it "reproduces a successful OAuth example GET" do
options = {
consumer_key: "dpf43f3p2l4k3l03",
consumer_secret: rsa_private_key,
nonce: "13917289812797014437",
signature_method: "RSA-SHA1",
timestamp: "1196666512"
}
header = described_class.new(:get, "http://photos.example.net/photos",
{file: "vacaction.jpg", size: "original"}, options)
expect(header.to_s).to eq 'OAuth oauth_consumer_key="dpf43f3p2l4k3l03", oauth_nonce="13917289812797014437", oauth_signature="jvTp%2FwX1TYtByB1m%2BPbyo0lnCOLIsyGCH7wke8AUs3BpnwZJtAuEJkvQL2%2F9n4s5wUmUl4aCI4BwpraNx4RtEXMe5qg5T1LVTGliMRpKasKsW%2F%2Fe%2BRinhejgCuzoH26dyF8iY2ZZ%2F5D1ilgeijhV%2FvBka5twt399mXwaYdCwFYE%3D", oauth_signature_method="RSA-SHA1", oauth_timestamp="1196666512", oauth_version="1.0"'
end
end
describe "#private_key" do
pending
end
describe "#plaintext_signature" do
it "reproduces a successful OAuth example GET" do
options = {
consumer_key: "abcd",
consumer_secret: "efgh",
nonce: "oLKtec51GQy",
signature_method: "PLAINTEXT",
timestamp: "1286977095",
token: "ijkl",
token_secret: "mnop"
}
header = described_class.new(:get, "http://host.net/resource?name=value", {name: "value"}, options)
expect(header.to_s).to eq 'OAuth oauth_consumer_key="abcd", oauth_nonce="oLKtec51GQy", oauth_signature="efgh%26mnop", oauth_signature_method="PLAINTEXT", oauth_timestamp="1286977095", oauth_token="ijkl", oauth_version="1.0"'
end
end
end

11
spec/support/rsa.rb
View file

@ -1,11 +0,0 @@
module RSAHelpers
PRIVATE_KEY_PATH = File.expand_path("fixtures/rsa-private-key", __dir__)
def rsa_private_key
@rsa_private_key ||= File.read(PRIVATE_KEY_PATH)
end
end
RSpec.configure do |config|
config.include RSAHelpers
end

4
test/helper.rb Normal file
View file

@ -0,0 +1,4 @@
require 'simple_oauth'
require 'rubygems'
require 'mocha'
require 'test/unit'

0
spec/support/fixtures/rsa-private-key → test/rsa_private_key
View file

309
test/simple_oauth_test.rb Normal file
View file

@ -0,0 +1,309 @@
# -*- encoding: utf-8 -*-
require 'helper'
class SimpleOAuthTest < Test::Unit::TestCase
def test_default_options
# Default header options should change with each call due to generation of
# a unique "timestamp" and "nonce" value combination.
default_options = SimpleOAuth::Header.default_options
assert_not_equal default_options, SimpleOAuth::Header.default_options
SimpleOAuth::Header.stubs(:default_options).returns(default_options)
header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friendships.json', {})
# Given no options argument, header options defer to the default options.
assert_equal default_options, header.options
# Default options should include a signature method and the OAuth version.
assert_equal 'HMAC-SHA1', default_options[:signature_method]
assert_equal '1.0', default_options[:version]
end
def test_encode
# Non-word characters should be URL encoded...
[' ', '!', '@', '#', '$', '%', '^', '&'].each do |character|
encoded = SimpleOAuth::Header.encode(character)
assert_not_equal character, encoded
assert_equal URI.encode(character, /.*/), encoded
end
# ...except for the "-", "." and "~" characters.
['-', '.', '~'].each do |character|
assert_equal character, SimpleOAuth::Header.encode(character)
end
major, minor, patch = RUBY_VERSION.split('.')
new_ruby = major.to_i >= 2 || major.to_i == 1 && minor.to_i >= 9
old_kcode = $KCODE if !new_ruby
begin
%w(n N e E s S u U).each do |kcode|
$KCODE = kcode if !new_ruby
assert_equal '%E3%81%82', SimpleOAuth::Header.encode('あ'), "Failed to correctly escape Japanese under $KCODE = #{kcode}"
assert_equal '%C3%A9', SimpleOAuth::Header.encode('é'), "Failed to correctly escape e+acute under $KCODE = #{kcode}"
end
ensure
$KCODE = old_kcode if !new_ruby
end
end
def test_decode
# Pending
end
def test_parse
header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friends.json', {})
parsed_options = SimpleOAuth::Header.parse(header)
# Parsed options should be a Hash.
assert_kind_of Hash, parsed_options
# Parsed options should equal the options used to build the header, along
# with the additional signature.
assert_equal header.options, parsed_options.reject{|k,v| k == :signature }
end
def test_initialize
header = SimpleOAuth::Header.new(:get, 'HTTPS://api.TWITTER.com:443/1/statuses/friendships.json#anchor', {})
# HTTP method should be an uppercase string.
#
# See: http://oauth.net/core/1.0/#rfc.section.9.1.3
assert_equal 'GET', header.method
# Request URL should downcase the scheme and authority parts as well as
# remove the query and fragment parts.
#
# See: http://oauth.net/core/1.0/#rfc.section.9.1.2
assert_equal 'https://api.twitter.com/1/statuses/friendships.json', header.url
end
def test_url
# Pending
end
def test_to_s
header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friends.json', {})
assert_equal "OAuth #{header.send(:normalized_attributes)}", header.to_s
end
def test_valid?
# When given consumer and token secrets, those secrets must be passed into
# the parsed header validation in order for the validity check to pass.
secrets = {:consumer_secret => 'CONSUMER_SECRET', :token_secret => 'TOKEN_SECRET'}
header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friends.json', {}, secrets)
parsed_header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friends.json', {}, header)
assert !parsed_header.valid?
assert parsed_header.valid?(secrets)
# Using the RSA-SHA1 signature method, the consumer secret must be a valid
# RSA private key. When parsing the header on the server side, the same
# consumer secret must be included in order for the header to validate.
secrets = {:consumer_secret => File.read('test/rsa_private_key')}
header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friends.json', {}, secrets.merge(:signature_method => 'RSA-SHA1'))
parsed_header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friends.json', {}, header)
assert_raise(TypeError){ parsed_header.valid? }
assert parsed_header.valid?(secrets)
# Like the default HMAC-RSA1 signature method, the PLAINTEXT method
# requires use of both a consumer secret and a token secret. A parsed
# header will not validate without these secret values.
secrets = {:consumer_secret => 'CONSUMER_SECRET', :token_secret => 'TOKEN_SECRET'}
header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friends.json', {}, secrets.merge(:signature_method => 'PLAINTEXT'))
parsed_header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friends.json', {}, header)
assert !parsed_header.valid?
assert parsed_header.valid?(secrets)
end
def test_normalized_attributes
header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friends.json', {})
header.stubs(:signed_attributes).returns(:d => 1, :c => 2, :b => 3, :a => 4)
# Should return the OAuth header attributes, sorted by name, with quoted
# values and comma-separated.
assert_equal 'a="4", b="3", c="2", d="1"', header.send(:normalized_attributes)
# Values should also be URL encoded.
header.stubs(:signed_attributes).returns(1 => '!', 2 => '@', 3 => '#', 4 => '$')
assert_equal '1="%21", 2="%40", 3="%23", 4="%24"', header.send(:normalized_attributes)
end
def test_signed_attributes
header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friends.json', {})
assert header.send(:signed_attributes).keys.include?(:oauth_signature)
end
def test_attributes
attribute_options = SimpleOAuth::Header::ATTRIBUTE_KEYS.inject({}){|o,a| o.merge(a => a.to_s.upcase) }
options = attribute_options.merge(:other => 'OTHER')
header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friendships.json', {}, options)
attributes = header.send(:attributes)
# OAuth header attributes are all to begin with the "oauth_" prefix.
assert attributes.all?{|k,v| k.to_s =~ /^oauth_/ }
# Custom options not included in the list of valid attribute keys should
# not be included in the header attributes.
assert !attributes.key?(:oauth_other)
# Valid attribute option values should be preserved.
assert_equal attribute_options.size, attributes.size
assert attributes.all?{|k,v| k.to_s == "oauth_#{v.downcase}" }
end
def test_signature
header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friends.json', {}, :signature_method => 'HMAC-SHA1')
header.expects(:hmac_sha1_signature).once.returns('HMAC_SHA1_SIGNATURE')
assert_equal 'HMAC_SHA1_SIGNATURE', header.send(:signature)
header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friends.json', {}, :signature_method => 'RSA-SHA1')
header.expects(:rsa_sha1_signature).once.returns('RSA_SHA1_SIGNATURE')
assert_equal 'RSA_SHA1_SIGNATURE', header.send(:signature)
header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friends.json', {}, :signature_method => 'PLAINTEXT')
header.expects(:plaintext_signature).once.returns('PLAINTEXT_SIGNATURE')
assert_equal 'PLAINTEXT_SIGNATURE', header.send(:signature)
end
def test_hmac_sha1_signature
# Reproduce an actual successful call to the Twitter API using the
# HMAC-SHA1 signature method, GETting a list of friends.
options = {
:consumer_key => '8karQBlMg6gFOwcf8kcoYw',
:consumer_secret => '3d0vcHyUiiqADpWxolW8nlDIpSWMlyK7YNgc5Qna2M',
:nonce => '547fed103e122eecf84c080843eedfe6',
#:signature_method => 'HMAC-SHA1',
:timestamp => '1286830180',
:token => '201425800-Sv4sTcgoffmHGkTCue0JnURT8vrm4DiFAkeFNDkh',
:token_secret => 'T5qa1tF57tfDzKmpM89DHsNuhgOY4NT6DlNLsTFcuQ'
}
successful = 'OAuth oauth_consumer_key="8karQBlMg6gFOwcf8kcoYw", oauth_nonce="547fed103e122eecf84c080843eedfe6", oauth_signature="i9CT6ahDRAlfGX3hKYf78QzXsaw%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1286830180", oauth_token="201425800-Sv4sTcgoffmHGkTCue0JnURT8vrm4DiFAkeFNDkh", oauth_version="1.0"'
header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friends.json', {}, options)
assert_equal successful, header.to_s
# Reproduce a successful Twitter call, POSTing a new status.
options.merge!(
:nonce => 'b40a3e0f18590ecdcc0e273f7d7c82f8',
:timestamp => '1286830181'
)
successful = 'OAuth oauth_consumer_key="8karQBlMg6gFOwcf8kcoYw", oauth_nonce="b40a3e0f18590ecdcc0e273f7d7c82f8", oauth_signature="mPqSFKejrWWk3ZT9bTQjhO5b2xI%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1286830181", oauth_token="201425800-Sv4sTcgoffmHGkTCue0JnURT8vrm4DiFAkeFNDkh", oauth_version="1.0"'
header = SimpleOAuth::Header.new(:post, 'https://api.twitter.com/1/statuses/update.json', {:status => 'hi, again'}, options)
assert_equal successful, header.to_s
end
def test_secret
header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friendships.json', {})
header.stubs(:options).returns(:consumer_secret => 'CONSUMER_SECRET', :token_secret => 'TOKEN_SECRET')
# Should combine the consumer and token secrets with an ampersand.
assert_equal 'CONSUMER_SECRET&TOKEN_SECRET', header.send(:secret)
header.stubs(:options).returns(:consumer_secret => 'CONSUM#R_SECRET', :token_secret => 'TOKEN_S#CRET')
# Should URL encode each secret value before combination.
assert_equal 'CONSUM%23R_SECRET&TOKEN_S%23CRET', header.send(:secret)
end
def test_signature_base
header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friendships.json', {})
header.stubs(:method).returns('METHOD')
header.stubs(:url).returns('URL')
header.stubs(:normalized_params).returns('NORMALIZED_PARAMS')
# Should combine HTTP method, URL and normalized parameters string using
# ampersands.
assert_equal 'METHOD&URL&NORMALIZED_PARAMS', header.send(:signature_base)
header.stubs(:method).returns('ME#HOD')
header.stubs(:url).returns('U#L')
header.stubs(:normalized_params).returns('NORMAL#ZED_PARAMS')
# Each of the three combined values should be URL encoded.
assert_equal 'ME%23HOD&U%23L&NORMAL%23ZED_PARAMS', header.send(:signature_base)
end
def test_normalized_params
header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friendships.json', {})
header.stubs(:signature_params).returns([['A', '4'], ['B', '3'], ['B', '2'], ['C', '1'], ['D[]', '0 ']])
# The +normalized_params+ string should join key=value pairs with
# ampersands.
signature_params = header.send(:signature_params)
normalized_params = header.send(:normalized_params)
parts = normalized_params.split('&')
pairs = parts.map{|p| p.split('=') }
assert_kind_of String, normalized_params
assert_equal signature_params.size, parts.size
assert pairs.all?{|p| p.size == 2 }
# The signature parameters should be sorted and the keys/values URL encoded
# first.
assert_equal signature_params.sort_by{|p| p.to_s}, pairs.map{|k, v| [URI.decode(k), URI.decode(v)]}
end
def test_signature_params
header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friendships.json', {})
header.stubs(:attributes).returns(:attribute => 'ATTRIBUTE')
header.stubs(:params).returns('param' => 'PARAM')
header.stubs(:url_params).returns([['url_param', '1'], ['url_param', '2']])
# Should combine OAuth header attributes, body parameters and URL
# parameters into an array of key value pairs.
signature_params = header.send(:signature_params)
assert_kind_of Array, signature_params
assert_equal [:attribute, 'param', 'url_param', 'url_param'], signature_params.map{|p| p.first}
assert_equal ['ATTRIBUTE', 'PARAM', '1', '2'], signature_params.map{|p| p.last}
end
def test_url_params
# A URL with no query parameters should produce empty +url_params+
header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friendships.json', {})
assert_equal [], header.send(:url_params)
# A URL with query parameters should return a hash having array values
# containing the given query parameters.
header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friendships.json?test=TEST', {})
url_params = header.send(:url_params)
assert_kind_of Array, url_params
assert_equal [['test', 'TEST']], url_params
# If a query parameter is repeated, the values should be sorted.
header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friendships.json?test=1&test=2', {})
assert_equal [['test', '1'], ['test', '2']], header.send(:url_params)
end
def test_rsa_sha1_signature
# Sample request taken from:
# http://wiki.oauth.net/TestCases
options = {
:consumer_key => 'dpf43f3p2l4k3l03',
:consumer_secret => File.read('test/rsa_private_key'),
:nonce => '13917289812797014437',
:signature_method => 'RSA-SHA1',
:timestamp => '1196666512'
}
successful = 'OAuth oauth_consumer_key="dpf43f3p2l4k3l03", oauth_nonce="13917289812797014437", oauth_signature="jvTp%2FwX1TYtByB1m%2BPbyo0lnCOLIsyGCH7wke8AUs3BpnwZJtAuEJkvQL2%2F9n4s5wUmUl4aCI4BwpraNx4RtEXMe5qg5T1LVTGliMRpKasKsW%2F%2Fe%2BRinhejgCuzoH26dyF8iY2ZZ%2F5D1ilgeijhV%2FvBka5twt399mXwaYdCwFYE%3D", oauth_signature_method="RSA-SHA1", oauth_timestamp="1196666512", oauth_version="1.0"'
header = SimpleOAuth::Header.new(:get, 'http://photos.example.net/photos', {:file => 'vacaction.jpg', :size => 'original'}, options)
assert_equal successful, header.to_s
end
def test_private_key
# Pending
end
def plaintext_signature
# Sample request taken from:
# http://oauth.googlecode.com/svn/code/javascript/example/signature.html
options = {
:consumer_key => 'abcd',
:consumer_secret => 'efgh',
:nonce => 'oLKtec51GQy',
:signature_method => 'PLAINTEXT',
:timestamp => '1286977095',
:token => 'ijkl',
:token_secret => 'mnop'
}
successful = 'OAuth oauth_consumer_key="abcd", oauth_nonce="oLKtec51GQy", oauth_signature="efgh%26mnop", oauth_signature_method="PLAINTEXT", oauth_timestamp="1286977095", oauth_token="ijkl", oauth_version="1.0"'
header = SimpleOAuth::Header.new(:get, 'http://host.net/resource?name=value', {:name => 'value'}, options)
assert_equal successful, header.to_s
end
end