Merge pull request #1 from samsonjs/fix-ruby-3.4-warning

Fix Ruby 3.4 warnings

.github/workflows/main.yml

@@ -0,0 +1,29 @@
+name: Ruby
+
+on:
+  push:
+    branches:
+      - master
+
+  pull_request:
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    name: Ruby ${{ matrix.ruby }}
+    strategy:
+      matrix:
+        ruby:
+          - "3.0"
+          - "3.1"
+          - "3.2"
+
+    steps:
+    - uses: actions/checkout@v3
+    - name: Set up Ruby
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: ${{ matrix.ruby }}
+        bundler-cache: true
+    - name: Run the default task
+      run: bundle exec rake

.gitignore

@@ -1,7 +1,9 @@
-*.rbc
-.DS_Store
-.bundle
+/.bundle/
+/.yardoc
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
 Gemfile.lock
-coverage
-pkg
-rdoc

.rspec

@@ -0,0 +1,2 @@
+--color
+--order random

.rubocop.yml

@@ -0,0 +1,77 @@
+require:
+ - standard
+
+plugins:
+ - standard-performance
+ - rubocop-rspec
+ - rubocop-performance
+ - rubocop-rake
+
+AllCops:
+  NewCops: enable
+  TargetRubyVersion: 3.0
+
+Layout/ArgumentAlignment:
+  Enabled: true
+  EnforcedStyle: with_fixed_indentation
+
+Layout/ArrayAlignment:
+  Enabled: true
+  EnforcedStyle: with_fixed_indentation
+
+Layout/EndAlignment:
+  Enabled: true
+  EnforcedStyleAlignWith: variable
+
+Layout/HashAlignment:
+  Enabled: true
+  EnforcedHashRocketStyle: key
+  EnforcedColonStyle: key
+  EnforcedLastArgumentHashStyle: always_inspect
+
+Layout/LineLength:
+  Enabled: false
+
+Layout/ParameterAlignment:
+  Enabled: true
+  EnforcedStyle: with_fixed_indentation
+  IndentationWidth: ~
+
+Layout/SpaceInsideHashLiteralBraces:
+  Enabled: false
+
+Metrics/ParameterLists:
+  CountKeywordArgs: false
+
+RSpec/MultipleExpectations:
+  Enabled: false
+
+RSpec/ExampleLength:
+  Enabled: false
+
+RSpec/MessageSpies:
+  Enabled: false
+
+RSpec/PendingWithoutReason:
+  Enabled: false
+
+RSpec/SpecFilePathFormat:
+  Enabled: false
+
+RSpec/SpecFilePathSuffix:
+  Enabled: false
+
+Style/Alias:
+  Enabled: true
+  EnforcedStyle: prefer_alias_method
+
+Style/FrozenStringLiteralComment:
+  Enabled: false
+
+Style/StringLiterals:
+  Enabled: true
+  EnforcedStyle: double_quotes
+
+Style/StringLiteralsInInterpolation:
+  Enabled: true
+  EnforcedStyle: double_quotes

.travis.yml

@@ -0,0 +1,21 @@
+language: ruby
+env:
+  global:
+    - JRUBY_OPTS="$JRUBY_OPTS --debug"
+rvm:
+  - 1.8.7
+  - 1.9.3
+  - 2.0.0
+  - 2.1
+  - jruby-18mode
+  - jruby-19mode
+  - jruby-head
+  - rbx-2
+  - ruby-head
+matrix:
+  allow_failures:
+    - rvm: jruby-head
+    - rvm: rbx-2
+    - rvm: ruby-head
+  fast_finish: true
+sudo: false

.yardopts

@@ -0,0 +1,5 @@
+--markup markdown
+-
+CONTRIBUTING.md
+LICENSE.md
+README.md

CHANGELOG.md

@@ -0,0 +1,5 @@
+## [Unreleased]
+
+## [0.4.0] - 2023-08-10
+
+- Update

CONTRIBUTING.md

@@ -0,0 +1,8 @@
+## Contributing
+1. Fork the project.
+2. Create a topic branch.
+3. Add failing tests.
+4. Add code to pass the failing tests.
+5. Run `bundle exec rake`. If failing, repeat step 4.
+6. Commit and push your changes.
+7. Submit a pull request. Please do not include changes to the gemspec.

Gemfile

@@ -1,2 +1,14 @@
-source 'http://rubygems.org'
+source "https://rubygems.org"
+
+# Specify your gem's dependencies in simple_oauth.gemspec
 gemspec
+
+gem "rake", ">= 13.0.6"
+gem "rspec", ">= 3.12"
+gem "rubocop", ">= 1.21"
+gem "rubocop-performance", ">= 1.18"
+gem "rubocop-rake", ">= 0.6"
+gem "rubocop-rspec", ">= 0.31"
+gem "simplecov", ">= 0.22"
+gem "standard", ">= 1.30.1"
+gem "webmock", ">= 3.18.1"

LICENSE

@@ -1,20 +0,0 @@
-Copyright (c) 2010 Steve Richert
-
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-"Software"), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

LICENSE.md

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2010-2023 Steve Richert, Erik Michaels-Ober
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

README.md

@@ -0,0 +1,24 @@
+# simple_oauth
+
+Simply builds and verifies OAuth headers
+
+## Installation
+
+Install the gem and add to the application's Gemfile by executing:
+
+    $ bundle add simple_oauth
+
+If bundler is not being used to manage dependencies, install the gem by executing:
+
+    $ gem install simple_oauth
+
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/laserlemon/simple_oauth.
+
+This project conforms to [Standard Ruby](https://github.com/standardrb/standard). Patches that don’t maintain that standard will not be accepted.
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

README.rdoc

@@ -1,17 +0,0 @@
-= simple_oauth
-
-Simply builds and verifies OAuth headers
-
-== Note on Patches/Pull Requests
- 
-* Fork the project.
-* Make your feature addition or bug fix.
-* Add tests for it. This is important so I don't break it in a
-  future version unintentionally.
-* Commit, do not mess with rakefile, version, or history.
-  (if you want to have your own version, that is fine but bump version in a commit by itself I can ignore when I pull)
-* Send me a pull request. Bonus points for topic branches.
-
-== Copyright
-
-Copyright (c) 2010 Steve Richert. See LICENSE for details.

Rakefile

@@ -1,49 +1,10 @@
-require 'rake'
-require 'rake/testtask'
-require 'rake/rdoctask'
-require 'bundler'
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+require "rubocop/rake_task"
+require "standard/rake"
 
-Bundler::GemHelper.install_tasks
+RSpec::Core::RakeTask.new(:spec)
 
-Rake::TestTask.new do |test|
-  test.libs << 'lib' << 'test'
-  test.pattern = 'test/**/*_test.rb'
-  test.verbose = true
-end
+RuboCop::RakeTask.new
 
-task :default => :test
-
-Rake::RDocTask.new do |rdoc|
-  require File.expand_path('../lib/simple_oauth/version', __FILE__)
-  version = SimpleOAuth::Version::STRING
-  rdoc.rdoc_dir = 'rdoc'
-  rdoc.title = "simple_oauth #{version}"
-  rdoc.rdoc_files.include('README*')
-  rdoc.rdoc_files.include('lib/**/*.rb')
-end
-
-begin
-  require 'rcov/rcovtask'
-  Rcov::RcovTask.new do |rcov|
-    rcov.libs << 'lib' << 'test'
-    rcov.pattern = 'test/**/*_test.rb'
-    rcov.verbose = true
-    rcov.rcov_opts << '--exclude "gems/*"'
-  end
-rescue LoadError
-  task :rcov do
-    abort 'RCov is not available. Install it with: gem install rcov'
-  end
-end
-
-def gemspec
-  @gemspec ||= begin
-    file = File.expand_path('../simple_oauth.gemspec', __FILE__)
-    eval(File.read(file), binding, file)
-  end
-end
-
-desc 'Validate the gemspec'
-task :gemspec do
-  gemspec.validate
-end
+task default: %i[spec rubocop standard]

VERSION

@@ -1 +0,0 @@
-0.0.0

bin/console

@@ -0,0 +1,10 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "simple_oauth"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+require "irb"
+IRB.start(__FILE__)

bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

init.rb

@@ -1 +0,0 @@
-require File.expand_path('../lib/simple_oauth', __FILE__)

lib/simple_oauth.rb

@@ -1,6 +1,2 @@
-require 'base64'
-require 'cgi'
-require 'openssl'
-require 'uri'
-require File.expand_path('../simple_oauth/core_ext/object', __FILE__)
-require File.expand_path('../simple_oauth/header', __FILE__)
+require_relative "simple_oauth/header"
+require_relative "simple_oauth/version"

lib/simple_oauth/core_ext/object.rb

@@ -1,10 +0,0 @@
-major, minor, patch = RUBY_VERSION.split('.')
-
-if major.to_i == 1 && minor.to_i < 9
-  class Object
-    def tap
-      yield self
-      self
-    end
-  end
-end

lib/simple_oauth/header.rb

@@ -1,46 +1,65 @@
+require "openssl"
+require "uri"
+require "base64"
+require "cgi"
+
 module SimpleOAuth
+  # Generates OAuth header for HTTP request
   class Header
-    ATTRIBUTE_KEYS = [:consumer_key, :nonce, :signature_method, :timestamp, :token, :version] unless defined? ::SimpleOAuth::Header::ATTRIBUTE_KEYS
+    ATTRIBUTE_KEYS = %i[callback consumer_key nonce signature_method timestamp token verifier version].freeze unless defined? ::SimpleOAuth::Header::ATTRIBUTE_KEYS
 
-    def self.default_options
-      {
-        :nonce => OpenSSL::Random.random_bytes(16).unpack('H*')[0],
-        :signature_method => 'HMAC-SHA1',
-        :timestamp => Time.now.to_i.to_s,
-        :version => '1.0'
-      }
-    end
-
-    def self.encode(value)
-      URI.encode(value.to_s, /[^a-z0-9\-\.\_\~]/i)
-    end
-
-    def self.decode(value)
-      URI.decode(value.to_s)
-    end
-
-    def self.parse(header)
-      header.to_s.sub(/^OAuth\s/, '').split(', ').inject({}) do |attributes, pair|
-        match = pair.match(/^(\w+)\=\"([^\"]*)\"$/)
-        attributes.merge(match[1].sub(/^oauth_/, '').to_sym => decode(match[2]))
-      end
-    end
+    IGNORED_KEYS = %i[consumer_secret token_secret signature].freeze unless defined? ::SimpleOAuth::Header::IGNORED_KEYS
 
     attr_reader :method, :params, :options
 
+    class << self
+      def default_options
+        {
+          nonce: OpenSSL::Random.random_bytes(16).unpack1("H*"),
+          signature_method: "HMAC-SHA1",
+          timestamp: Time.now.to_i.to_s,
+          version: "1.0"
+        }
+      end
+
+      def parse(header)
+        header.to_s.sub(/^OAuth\s/, "").split(/,\s*/).inject({}) do |attributes, pair|
+          match = pair.match(/^(\w+)="([^"]*)"$/)
+          attributes.merge(match[1].sub(/^oauth_/, "").to_sym => unescape(match[2]))
+        end
+      end
+
+      def escape(value)
+        uri_parser.escape(value.to_s, /[^a-z0-9\-._~]/i)
+      end
+      alias_method :encode, :escape
+
+      def unescape(value)
+        uri_parser.unescape(value.to_s)
+      end
+      alias_method :decode, :unescape
+
+      private
+
+      def uri_parser
+        @uri_parser ||= URI.const_defined?(:Parser) ? URI::RFC2396_PARSER : URI
+      end
+    end
+
     def initialize(method, url, params, oauth = {})
       @method = method.to_s.upcase
-      @uri = URI.parse(url).tap do |uri|
-        uri.scheme = uri.scheme.downcase
-        uri.normalize!
-        uri.fragment = nil
-      end
+      @uri = URI.parse(url.to_s)
+      @uri.scheme = @uri.scheme.downcase
+      @uri.normalize!
+      @uri.fragment = nil
       @params = params
       @options = oauth.is_a?(Hash) ? self.class.default_options.merge(oauth) : self.class.parse(oauth)
     end
 
     def url
-      @uri.dup.tap{|u| u.query = nil }.to_s
+      uri = @uri.dup
+      uri.query = nil
+      uri.to_s
     end
 
     def to_s
@@ -56,38 +75,42 @@ module SimpleOAuth
     end
 
     def signed_attributes
-      attributes.merge(:oauth_signature => signature)
+      attributes.merge(oauth_signature: signature)
     end
 
     private
 
     def normalized_attributes
-      signed_attributes.sort_by{|k,v| k.to_s }.map{|k,v| %(#{k}="#{self.class.encode(v)}") }.join(', ')
+      signed_attributes.sort_by { |k, _| k.to_s }.collect { |k, v| %(#{k}="#{self.class.escape(v)}") }.join(", ")
     end
 
     def attributes
-      ATTRIBUTE_KEYS.inject({}){|a,k| options.key?(k) ? a.merge(:"oauth_#{k}" => options[k]) : a }
+      matching_keys, extra_keys = options.keys.partition { |key| ATTRIBUTE_KEYS.include?(key) }
+      extra_keys -= IGNORED_KEYS
+      raise "SimpleOAuth: Found extra option keys not matching ATTRIBUTE_KEYS:\n  [#{extra_keys.collect(&:inspect).join(", ")}]" unless options[:ignore_extra_keys] || extra_keys.empty?
+
+      options.slice(*matching_keys).transform_keys { |key| :"oauth_#{key}" }
     end
 
     def signature
-      send(options[:signature_method].downcase.tr('-', '_') + '_signature')
+      send("#{options[:signature_method].downcase.tr("-", "_")}_signature")
     end
 
     def hmac_sha1_signature
-      Base64.encode64(OpenSSL::HMAC.digest(OpenSSL::Digest::SHA1.new, secret, signature_base)).chomp.gsub(/\n/, '')
+      Base64.encode64(OpenSSL::HMAC.digest(OpenSSL::Digest.new("SHA1"), secret, signature_base)).chomp.delete("\n")
     end
 
     def secret
-      options.values_at(:consumer_secret, :token_secret).map{|v| self.class.encode(v) }.join('&')
+      options.values_at(:consumer_secret, :token_secret).collect { |v| self.class.escape(v) }.join("&")
     end
     alias_method :plaintext_signature, :secret
 
     def signature_base
-      [method, url, normalized_params].map{|v| self.class.encode(v) }.join('&')
+      [method, url, normalized_params].collect { |v| self.class.escape(v) }.join("&")
     end
 
     def normalized_params
-      signature_params.map{|p| p.map{|v| self.class.encode(v) } }.sort.map{|p| p.join('=') }.join('&')
+      signature_params.collect { |p| p.collect { |v| self.class.escape(v) } }.sort.collect { |p| p.join("=") }.join("&")
     end
 
     def signature_params
@@ -95,16 +118,15 @@ module SimpleOAuth
     end
 
     def url_params
-      CGI.parse(@uri.query || '').inject([]){|p,(k,vs)| p + vs.map{|v| [k, v] } }
+      CGI.parse(@uri.query || "").inject([]) { |p, (k, vs)| p + vs.sort.collect { |v| [k, v] } }
     end
 
     def rsa_sha1_signature
-      Base64.encode64(private_key.sign(OpenSSL::Digest::SHA1.new, signature_base)).chomp.gsub(/\n/, '')
+      Base64.encode64(private_key.sign(OpenSSL::Digest.new("SHA1"), signature_base)).chomp.delete("\n")
     end
 
     def private_key
       OpenSSL::PKey::RSA.new(options[:consumer_secret])
     end
-
   end
 end

lib/simple_oauth/version.rb

@@ -1,8 +1,3 @@
-module SimpleOAuth
-  module Version
-    MAJOR = 0 unless defined? ::SimpleOAuth::Version::MAJOR
-    MINOR = 1 unless defined? ::SimpleOAuth::Version::MINOR
-    PATCH = 4 unless defined? ::SimpleOAuth::Version::PATCH
-    STRING = [MAJOR, MINOR, PATCH].join('.') unless defined? ::SimpleOAuth::Version::STRING
-  end
+module SimpleOauth
+  VERSION = "0.3.1".freeze
 end

simple_oauth.gemspec

@@ -1,18 +1,35 @@
-# -*- encoding: utf-8 -*-
-require File.expand_path('../lib/simple_oauth/version', __FILE__)
+require_relative "lib/simple_oauth/version"
 
 Gem::Specification.new do |spec|
-  spec.add_development_dependency('mocha', '>= 0')
-  spec.author = 'Steve Richert'
-  spec.description = 'Simply builds and verifies OAuth headers'
-  spec.email = 'steve.richert@gmail.com'
-  spec.extra_rdoc_files = ['README.rdoc']
-  spec.files = `git ls-files`.split("\n")
-  spec.homepage = 'http://github.com/laserlemon/simple_oauth'
-  spec.name = 'simple_oauth'
-  spec.rdoc_options = ['--charset=UTF-8']
-  spec.required_rubygems_version = Gem::Requirement.new('>= 1.3.6') if spec.respond_to? :required_rubygems_version=
-  spec.summary = spec.description
-  spec.test_files = `git ls-files -- test/**/*_test.rb`.split("\n")
-  spec.version = SimpleOAuth::Version::STRING
+  spec.name = "simple_oauth"
+  spec.version = SimpleOauth::VERSION
+  spec.authors = ["Steve Richert", "Erik Berlin"]
+  spec.email = ["steve.richert@gmail.com", "sferik@gmail.com"]
+
+  spec.summary = "Simply builds and verifies OAuth headers"
+  spec.description = spec.summary
+  spec.homepage = "https://github.com/laserlemon/simple_oauth"
+  spec.license = "MIT"
+  spec.required_ruby_version = ">= 3.0"
+
+  spec.metadata["allowed_push_host"] = "https://rubygems.org"
+
+  spec.metadata["homepage_uri"] = spec.homepage
+  spec.metadata["source_code_uri"] = "https://github.com/laserlemon/simple_oauth"
+  spec.metadata["changelog_uri"] = "https://github.com/laserlemon/simple_oauth/blob/master/CHANGELOG.md"
+
+  # Specify which files should be added to the gem when it is released.
+  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
+  spec.files = Dir.chdir(__dir__) do
+    `git ls-files -z`.split("\x0").reject do |f|
+      (File.expand_path(f) == __FILE__) ||
+        f.start_with?(*%w[bin/ test/ spec/ features/ .git .circleci appveyor Gemfile])
+    end
+  end
+  spec.bindir = "exe"
+  spec.executables = spec.files.grep(%r{\Aexe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+  spec.metadata["rubygems_mfa_required"] = "true"
+
+  spec.add_dependency "base64"
 end

spec/helper.rb

@@ -0,0 +1,23 @@
+$LOAD_PATH.unshift File.expand_path("../lib", __dir__)
+
+require "simplecov"
+
+SimpleCov.start do
+  add_filter "/spec/"
+  minimum_coverage(100)
+end
+
+require "rspec"
+require "simple_oauth"
+
+def uri_parser
+  @uri_parser ||= URI.const_defined?(:Parser) ? URI::DEFAULT_PARSER : URI
+end
+
+RSpec.configure do |config|
+  config.expect_with :rspec do |c|
+    c.syntax = :expect
+  end
+end
+
+Dir[File.expand_path("support/**/*.rb", __dir__)].each { |f| require f }

spec/simple_oauth/header_spec.rb

@@ -0,0 +1,365 @@
+require "helper"
+
+describe SimpleOAuth::Header do
+  describe ".default_options" do
+    let(:default_options) { described_class.default_options }
+
+    it "is different every time" do
+      expect(described_class.default_options).not_to eq default_options
+    end
+
+    it "is used for new headers" do
+      allow(described_class).to receive(:default_options).and_return(default_options)
+      header = described_class.new(:get, "https://api.twitter.com/1/statuses/friendships.json", {})
+      expect(header.options).to eq default_options
+    end
+
+    it "includes a signature method and an OAuth version" do
+      expect(default_options[:signature_method]).not_to be_nil
+      expect(default_options[:version]).not_to be_nil
+    end
+  end
+
+  describe ".escape" do
+    it "escapes (most) non-word characters" do
+      [" ", "!", "@", "#", "$", "%", "^", "&"].each do |character|
+        escaped = described_class.escape(character)
+        expect(escaped).not_to eq character
+        expect(escaped).to eq uri_parser.escape(character, /.*/)
+      end
+    end
+
+    it "does not escape - . or ~" do
+      ["-", ".", "~"].each do |character|
+        escaped = described_class.escape(character)
+        expect(escaped).to eq character
+      end
+    end
+
+    it "escapes non-ASCII characters" do
+      expect(described_class.escape("é")).to eq "%C3%A9"
+    end
+
+    it "escapes multibyte characters" do
+      expect(described_class.escape("あ")).to eq "%E3%81%82"
+    end
+  end
+
+  describe ".unescape" do
+    pending
+  end
+
+  describe ".parse" do
+    let(:header) { described_class.new(:get, "https://api.twitter.com/1/statuses/friends.json", {}) }
+    let(:parsed_options) { described_class.parse(header) }
+
+    it "returns a hash" do
+      expect(parsed_options).to be_a(Hash)
+    end
+
+    it "includes the options used to build the header" do
+      expect(parsed_options.except(:signature)).to eq header.options
+    end
+
+    it "includes a signature" do
+      expect(header.options).not_to have_key(:signature)
+      expect(parsed_options).to have_key(:signature)
+      expect(parsed_options[:signature]).not_to be_nil
+    end
+
+    it "handles optional 'linear white space'" do
+      parsed_header_with_spaces = described_class.parse 'OAuth oauth_consumer_key="abcd", oauth_nonce="oLKtec51GQy", oauth_signature="efgh%26mnop", oauth_signature_method="PLAINTEXT", oauth_timestamp="1286977095", oauth_token="ijkl", oauth_version="1.0"'
+      expect(parsed_header_with_spaces).to be_a(Hash)
+      expect(parsed_header_with_spaces.keys.size).to eq 7
+
+      parsed_header_with_tabs = described_class.parse 'OAuth oauth_consumer_key="abcd", oauth_nonce="oLKtec51GQy",  oauth_signature="efgh%26mnop",  oauth_signature_method="PLAINTEXT", oauth_timestamp="1286977095", oauth_token="ijkl", oauth_version="1.0"'
+      expect(parsed_header_with_tabs).to be_a(Hash)
+      expect(parsed_header_with_tabs.keys.size).to eq 7
+
+      parsed_header_with_spaces_and_tabs = described_class.parse 'OAuth oauth_consumer_key="abcd",  oauth_nonce="oLKtec51GQy",   oauth_signature="efgh%26mnop",   oauth_signature_method="PLAINTEXT",  oauth_timestamp="1286977095",  oauth_token="ijkl",  oauth_version="1.0"'
+      expect(parsed_header_with_spaces_and_tabs).to be_a(Hash)
+      expect(parsed_header_with_spaces_and_tabs.keys.size).to eq 7
+
+      parsed_header_without_spaces = described_class.parse 'OAuth oauth_consumer_key="abcd",oauth_nonce="oLKtec51GQy",oauth_signature="efgh%26mnop",oauth_signature_method="PLAINTEXT",oauth_timestamp="1286977095",oauth_token="ijkl",oauth_version="1.0"'
+      expect(parsed_header_without_spaces).to be_a(Hash)
+      expect(parsed_header_without_spaces.keys.size).to eq 7
+    end
+  end
+
+  describe "#initialize" do
+    let(:header) do
+      described_class.new(:get, "HTTPS://api.TWITTER.com:443/1/statuses/friendships.json?foo=bar#anchor", {})
+    end
+
+    it "stringifies and uppercases the request method" do
+      expect(header.method).to eq "GET"
+    end
+
+    it "downcases the scheme and authority" do
+      expect(header.url).to match %r{^https://api\.twitter\.com/}
+    end
+
+    it "ignores the query and fragment" do
+      expect(header.url).to match %r{/1/statuses/friendships\.json$}
+    end
+  end
+
+  describe "#valid?" do
+    context "when using the HMAC-SHA1 signature method" do
+      it "requires consumer and token secrets" do
+        secrets = {consumer_secret: "CONSUMER_SECRET", token_secret: "TOKEN_SECRET"}
+        header = described_class.new(:get, "https://api.twitter.com/1/statuses/friends.json", {}, secrets)
+        parsed_header = described_class.new(:get, "https://api.twitter.com/1/statuses/friends.json", {}, header)
+        expect(parsed_header).not_to be_valid
+        expect(parsed_header).to be_valid(secrets)
+      end
+    end
+
+    context "when using the RSA-SHA1 signature method" do
+      it "requires an identical private key" do
+        secrets = {consumer_secret: rsa_private_key}
+        header = described_class.new(:get, "https://api.twitter.com/1/statuses/friends.json", {},
+          secrets.merge(signature_method: "RSA-SHA1"))
+        parsed_header = described_class.new(:get, "https://api.twitter.com/1/statuses/friends.json", {}, header)
+        expect { parsed_header.valid? }.to raise_error(TypeError)
+        expect(parsed_header).to be_valid(secrets)
+      end
+    end
+
+    context "when using the PLAINTEXT signature method" do
+      it "requires consumer and token secrets" do
+        secrets = {consumer_secret: "CONSUMER_SECRET", token_secret: "TOKEN_SECRET"}
+        header = described_class.new(:get, "https://api.twitter.com/1/statuses/friends.json", {},
+          secrets.merge(signature_method: "PLAINTEXT"))
+        parsed_header = described_class.new(:get, "https://api.twitter.com/1/statuses/friends.json", {}, header)
+        expect(parsed_header).not_to be_valid
+        expect(parsed_header).to be_valid(secrets)
+      end
+    end
+  end
+
+  describe "#normalized_attributes" do
+    let(:header) { described_class.new(:get, "https://api.twitter.com/1/statuses/friends.json", {}) }
+    let(:normalized_attributes) { header.send(:normalized_attributes) }
+
+    it "returns a sorted-key, quoted-value and comma-separated list" do
+      allow(header).to receive(:signed_attributes).and_return(d: 1, c: 2, b: 3, a: 4)
+      expect(normalized_attributes).to eq 'a="4", b="3", c="2", d="1"'
+    end
+
+    it "URI encodes its values" do
+      allow(header).to receive(:signed_attributes).and_return(1 => "!", 2 => "@", 3 => "#", 4 => "$")
+      expect(normalized_attributes).to eq '1="%21", 2="%40", 3="%23", 4="%24"'
+    end
+  end
+
+  describe "#signed_attributes" do
+    it "includes the OAuth signature" do
+      header = described_class.new(:get, "https://api.twitter.com/1/statuses/friends.json", {})
+      expect(header.send(:signed_attributes)).to have_key(:oauth_signature)
+    end
+  end
+
+  describe "#attributes" do
+    let(:header) do
+      options = {}
+      SimpleOAuth::Header::ATTRIBUTE_KEYS.each { |k| options[k] = k.to_s.upcase }
+      options[:other] = "OTHER"
+      described_class.new(:get, "https://api.twitter.com/1/statuses/friendships.json", {}, options)
+    end
+
+    it "prepends keys with 'oauth_'" do
+      header.options[:ignore_extra_keys] = true
+      expect(header.send(:attributes).keys).to(be_all { |k| k.to_s =~ /^oauth_/ })
+    end
+
+    it "excludes keys not included in the list of valid attributes" do
+      header.options[:ignore_extra_keys] = true
+      expect(header.send(:attributes).keys).to(be_all { |k| k.is_a?(Symbol) })
+      expect(header.send(:attributes)).not_to have_key(:oauth_other)
+    end
+
+    it "preserves values for valid keys" do
+      header.options[:ignore_extra_keys] = true
+      expect(header.send(:attributes).size).to eq SimpleOAuth::Header::ATTRIBUTE_KEYS.size
+      expect(header.send(:attributes)).to(be_all { |k, v| k.to_s == "oauth_#{v.downcase}" })
+    end
+
+    it "raises exception for extra keys" do
+      expect do
+        header.send(:attributes)
+      end.to raise_error(RuntimeError,
+        "SimpleOAuth: Found extra option keys not matching ATTRIBUTE_KEYS:\n  [:other]")
+    end
+  end
+
+  describe "#signature" do
+    specify "when using HMAC-SHA1" do
+      header = described_class.new(:get, "https://api.twitter.com/1/statuses/friends.json", {}, signature_method: "HMAC-SHA1")
+      expect(header).to receive(:hmac_sha1_signature).once.and_return("HMAC_SHA1_SIGNATURE")
+      expect(header.send(:signature)).to eq "HMAC_SHA1_SIGNATURE"
+    end
+
+    specify "when using RSA-SHA1" do
+      header = described_class.new(:get, "https://api.twitter.com/1/statuses/friends.json", {}, signature_method: "RSA-SHA1")
+      expect(header).to receive(:rsa_sha1_signature).once.and_return("RSA_SHA1_SIGNATURE")
+      expect(header.send(:signature)).to eq "RSA_SHA1_SIGNATURE"
+    end
+
+    specify "when using PLAINTEXT" do
+      header = described_class.new(:get, "https://api.twitter.com/1/statuses/friends.json", {}, signature_method: "PLAINTEXT")
+      expect(header).to receive(:plaintext_signature).once.and_return("PLAINTEXT_SIGNATURE")
+      expect(header.send(:signature)).to eq "PLAINTEXT_SIGNATURE"
+    end
+  end
+
+  describe "#hmac_sha1_signature" do
+    it "reproduces a successful Twitter GET" do
+      options = {
+        consumer_key: "8karQBlMg6gFOwcf8kcoYw",
+        consumer_secret: "3d0vcHyUiiqADpWxolW8nlDIpSWMlyK7YNgc5Qna2M",
+        nonce: "547fed103e122eecf84c080843eedfe6",
+        signature_method: "HMAC-SHA1",
+        timestamp: "1286830180",
+        token: "201425800-Sv4sTcgoffmHGkTCue0JnURT8vrm4DiFAkeFNDkh",
+        token_secret: "T5qa1tF57tfDzKmpM89DHsNuhgOY4NT6DlNLsTFcuQ"
+      }
+      header = described_class.new(:get, "https://api.twitter.com/1/statuses/friends.json", {}, options)
+      expect(header.to_s).to eq 'OAuth oauth_consumer_key="8karQBlMg6gFOwcf8kcoYw", oauth_nonce="547fed103e122eecf84c080843eedfe6", oauth_signature="i9CT6ahDRAlfGX3hKYf78QzXsaw%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1286830180", oauth_token="201425800-Sv4sTcgoffmHGkTCue0JnURT8vrm4DiFAkeFNDkh", oauth_version="1.0"'
+    end
+
+    it "reproduces a successful Twitter POST" do
+      options = {
+        consumer_key: "8karQBlMg6gFOwcf8kcoYw",
+        consumer_secret: "3d0vcHyUiiqADpWxolW8nlDIpSWMlyK7YNgc5Qna2M",
+        nonce: "b40a3e0f18590ecdcc0e273f7d7c82f8",
+        signature_method: "HMAC-SHA1",
+        timestamp: "1286830181",
+        token: "201425800-Sv4sTcgoffmHGkTCue0JnURT8vrm4DiFAkeFNDkh",
+        token_secret: "T5qa1tF57tfDzKmpM89DHsNuhgOY4NT6DlNLsTFcuQ"
+      }
+      header = described_class.new(:post, "https://api.twitter.com/1/statuses/update.json",
+        {status: "hi, again"}, options)
+      expect(header.to_s).to eq 'OAuth oauth_consumer_key="8karQBlMg6gFOwcf8kcoYw", oauth_nonce="b40a3e0f18590ecdcc0e273f7d7c82f8", oauth_signature="mPqSFKejrWWk3ZT9bTQjhO5b2xI%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1286830181", oauth_token="201425800-Sv4sTcgoffmHGkTCue0JnURT8vrm4DiFAkeFNDkh", oauth_version="1.0"'
+    end
+  end
+
+  describe "#secret" do
+    let(:header) { described_class.new(:get, "https://api.twitter.com/1/statuses/friendships.json", {}) }
+    let(:secret) { header.send(:secret) }
+
+    it "combines the consumer and token secrets with an ampersand" do
+      allow(header).to receive(:options).and_return(consumer_secret: "CONSUMER_SECRET",
+        token_secret: "TOKEN_SECRET")
+      expect(secret).to eq "CONSUMER_SECRET&TOKEN_SECRET"
+    end
+
+    it "URI encodes each secret value before combination" do
+      allow(header).to receive(:options).and_return(consumer_secret: "CONSUM#R_SECRET",
+        token_secret: "TOKEN_S#CRET")
+      expect(secret).to eq "CONSUM%23R_SECRET&TOKEN_S%23CRET"
+    end
+  end
+
+  describe "#signature_base" do
+    let(:header) { described_class.new(:get, "https://api.twitter.com/1/statuses/friendships.json", {}) }
+    let(:signature_base) { header.send(:signature_base) }
+
+    it "combines the request method, URL and normalized parameters using ampersands" do
+      allow(header).to receive_messages(method: "METHOD", url: "URL", normalized_params: "NORMALIZED_PARAMS")
+      expect(signature_base).to eq "METHOD&URL&NORMALIZED_PARAMS"
+    end
+
+    it "URI encodes each value before combination" do
+      allow(header).to receive_messages(method: "ME#HOD", url: "U#L", normalized_params: "NORMAL#ZED_PARAMS")
+      expect(signature_base).to eq "ME%23HOD&U%23L&NORMAL%23ZED_PARAMS"
+    end
+  end
+
+  describe "#normalized_params" do
+    let(:header) do
+      header = described_class.new(:get, "https://api.twitter.com/1/statuses/friendships.json", {})
+      allow(header).to receive(:signature_params).and_return([%w[A 4], %w[B 3], %w[B 2], %w[C 1], ["D[]", "0 "]])
+      header
+    end
+    let(:signature_params) { header.send(:signature_params) }
+    let(:normalized_params) { header.send(:normalized_params) }
+
+    it "joins key/value pairs with equal signs and ampersands" do
+      expect(normalized_params).to be_a(String)
+      parts = normalized_params.split("&")
+      expect(parts.size).to eq signature_params.size
+      pairs = parts.collect { |p| p.split("=") }
+      expect(pairs).to(be_all { |p| p.size == 2 })
+    end
+  end
+
+  describe "#signature_params" do
+    let(:header) { described_class.new(:get, "https://api.twitter.com/1/statuses/friendships.json", {}) }
+    let(:signature_params) { header.send(:signature_params) }
+
+    it "combines OAuth header attributes, body parameters and URL parameters into an flattened array of key/value pairs" do
+      allow(header).to receive_messages(attributes: {attribute: "ATTRIBUTE"}, params: {"param" => "PARAM"},
+        url_params: [%w[url_param 1], %w[url_param 2]])
+      expect(signature_params).to eq [
+        [:attribute, "ATTRIBUTE"],
+        %w[param PARAM],
+        %w[url_param 1],
+        %w[url_param 2]
+      ]
+    end
+  end
+
+  describe "#url_params" do
+    it "returns an empty array when the URL has no query parameters" do
+      header = described_class.new(:get, "https://api.twitter.com/1/statuses/friendships.json", {})
+      expect(header.send(:url_params)).to eq []
+    end
+
+    it "returns an array of key/value pairs for each query parameter" do
+      header = described_class.new(:get, "https://api.twitter.com/1/statuses/friendships.json?test=TEST", {})
+      expect(header.send(:url_params)).to eq [%w[test TEST]]
+    end
+
+    it "sorts values for repeated keys" do
+      header = described_class.new(:get,
+        "https://api.twitter.com/1/statuses/friendships.json?test=3&test=1&test=2", {})
+      expect(header.send(:url_params)).to eq [%w[test 1], %w[test 2], %w[test 3]]
+    end
+  end
+
+  describe "#rsa_sha1_signature" do
+    it "reproduces a successful OAuth example GET" do
+      options = {
+        consumer_key: "dpf43f3p2l4k3l03",
+        consumer_secret: rsa_private_key,
+        nonce: "13917289812797014437",
+        signature_method: "RSA-SHA1",
+        timestamp: "1196666512"
+      }
+      header = described_class.new(:get, "http://photos.example.net/photos",
+        {file: "vacaction.jpg", size: "original"}, options)
+      expect(header.to_s).to eq 'OAuth oauth_consumer_key="dpf43f3p2l4k3l03", oauth_nonce="13917289812797014437", oauth_signature="jvTp%2FwX1TYtByB1m%2BPbyo0lnCOLIsyGCH7wke8AUs3BpnwZJtAuEJkvQL2%2F9n4s5wUmUl4aCI4BwpraNx4RtEXMe5qg5T1LVTGliMRpKasKsW%2F%2Fe%2BRinhejgCuzoH26dyF8iY2ZZ%2F5D1ilgeijhV%2FvBka5twt399mXwaYdCwFYE%3D", oauth_signature_method="RSA-SHA1", oauth_timestamp="1196666512", oauth_version="1.0"'
+    end
+  end
+
+  describe "#private_key" do
+    pending
+  end
+
+  describe "#plaintext_signature" do
+    it "reproduces a successful OAuth example GET" do
+      options = {
+        consumer_key: "abcd",
+        consumer_secret: "efgh",
+        nonce: "oLKtec51GQy",
+        signature_method: "PLAINTEXT",
+        timestamp: "1286977095",
+        token: "ijkl",
+        token_secret: "mnop"
+      }
+      header = described_class.new(:get, "http://host.net/resource?name=value", {name: "value"}, options)
+      expect(header.to_s).to eq 'OAuth oauth_consumer_key="abcd", oauth_nonce="oLKtec51GQy", oauth_signature="efgh%26mnop", oauth_signature_method="PLAINTEXT", oauth_timestamp="1286977095", oauth_token="ijkl", oauth_version="1.0"'
+    end
+  end
+end

spec/support/rsa.rb

@@ -0,0 +1,11 @@
+module RSAHelpers
+  PRIVATE_KEY_PATH = File.expand_path("fixtures/rsa-private-key", __dir__)
+
+  def rsa_private_key
+    @rsa_private_key ||= File.read(PRIVATE_KEY_PATH)
+  end
+end
+
+RSpec.configure do |config|
+  config.include RSAHelpers
+end

test/helper.rb

@@ -1,4 +0,0 @@
-require 'simple_oauth'
-require 'rubygems'
-require 'mocha'
-require 'test/unit'

test/simple_oauth_test.rb

@@ -1,309 +0,0 @@
-# -*- encoding: utf-8 -*-
-require 'helper'
-
-class SimpleOAuthTest < Test::Unit::TestCase
-  def test_default_options
-    # Default header options should change with each call due to generation of
-    # a unique "timestamp" and "nonce" value combination.
-    default_options = SimpleOAuth::Header.default_options
-    assert_not_equal default_options, SimpleOAuth::Header.default_options
-
-    SimpleOAuth::Header.stubs(:default_options).returns(default_options)
-    header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friendships.json', {})
-
-    # Given no options argument, header options defer to the default options.
-    assert_equal default_options, header.options
-
-    # Default options should include a signature method and the OAuth version.
-    assert_equal 'HMAC-SHA1', default_options[:signature_method]
-    assert_equal '1.0', default_options[:version]
-  end
-
-  def test_encode
-    # Non-word characters should be URL encoded...
-    [' ', '!', '@', '#', '$', '%', '^', '&'].each do |character|
-      encoded = SimpleOAuth::Header.encode(character)
-      assert_not_equal character, encoded
-      assert_equal URI.encode(character, /.*/), encoded
-    end
-
-    # ...except for the "-", "." and "~" characters.
-    ['-', '.', '~'].each do |character|
-      assert_equal character, SimpleOAuth::Header.encode(character)
-    end
-
-    major, minor, patch = RUBY_VERSION.split('.')
-    new_ruby = major.to_i >= 2 || major.to_i == 1 && minor.to_i >= 9
-    old_kcode = $KCODE if !new_ruby
-    begin
-      %w(n N e E s S u U).each do |kcode|
-        $KCODE = kcode if !new_ruby
-        assert_equal '%E3%81%82', SimpleOAuth::Header.encode('あ'), "Failed to correctly escape Japanese under $KCODE = #{kcode}"
-        assert_equal '%C3%A9', SimpleOAuth::Header.encode('é'), "Failed to correctly escape e+acute under $KCODE = #{kcode}"
-      end
-    ensure
-      $KCODE = old_kcode if !new_ruby
-    end
-  end
-
-  def test_decode
-    # Pending
-  end
-
-  def test_parse
-    header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friends.json', {})
-    parsed_options = SimpleOAuth::Header.parse(header)
-
-    # Parsed options should be a Hash.
-    assert_kind_of Hash, parsed_options
-
-    # Parsed options should equal the options used to build the header, along
-    # with the additional signature.
-    assert_equal header.options, parsed_options.reject{|k,v| k == :signature }
-  end
-
-  def test_initialize
-    header = SimpleOAuth::Header.new(:get, 'HTTPS://api.TWITTER.com:443/1/statuses/friendships.json#anchor', {})
-
-    # HTTP method should be an uppercase string.
-    #
-    # See: http://oauth.net/core/1.0/#rfc.section.9.1.3
-    assert_equal 'GET', header.method
-
-    # Request URL should downcase the scheme and authority parts as well as
-    # remove the query and fragment parts.
-    #
-    # See: http://oauth.net/core/1.0/#rfc.section.9.1.2
-    assert_equal 'https://api.twitter.com/1/statuses/friendships.json', header.url
-  end
-
-  def test_url
-    # Pending
-  end
-
-  def test_to_s
-    header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friends.json', {})
-    assert_equal "OAuth #{header.send(:normalized_attributes)}", header.to_s
-  end
-
-  def test_valid?
-    # When given consumer and token secrets, those secrets must be passed into
-    # the parsed header validation in order for the validity check to pass.
-    secrets = {:consumer_secret => 'CONSUMER_SECRET', :token_secret => 'TOKEN_SECRET'}
-    header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friends.json', {}, secrets)
-    parsed_header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friends.json', {}, header)
-    assert !parsed_header.valid?
-    assert parsed_header.valid?(secrets)
-
-    # Using the RSA-SHA1 signature method, the consumer secret must be a valid
-    # RSA private key. When parsing the header on the server side, the same
-    # consumer secret must be included in order for the header to validate.
-    secrets = {:consumer_secret => File.read('test/rsa_private_key')}
-    header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friends.json', {}, secrets.merge(:signature_method => 'RSA-SHA1'))
-    parsed_header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friends.json', {}, header)
-    assert_raise(TypeError){ parsed_header.valid? }
-    assert parsed_header.valid?(secrets)
-
-    # Like the default HMAC-RSA1 signature method, the PLAINTEXT method
-    # requires use of both a consumer secret and a token secret. A parsed
-    # header will not validate without these secret values.
-    secrets = {:consumer_secret => 'CONSUMER_SECRET', :token_secret => 'TOKEN_SECRET'}
-    header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friends.json', {}, secrets.merge(:signature_method => 'PLAINTEXT'))
-    parsed_header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friends.json', {}, header)
-    assert !parsed_header.valid?
-    assert parsed_header.valid?(secrets)
-  end
-
-  def test_normalized_attributes
-    header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friends.json', {})
-    header.stubs(:signed_attributes).returns(:d => 1, :c => 2, :b => 3, :a => 4)
-
-    # Should return the OAuth header attributes, sorted by name, with quoted
-    # values and comma-separated.
-    assert_equal 'a="4", b="3", c="2", d="1"', header.send(:normalized_attributes)
-
-    # Values should also be URL encoded.
-    header.stubs(:signed_attributes).returns(1 => '!', 2 => '@', 3 => '#', 4 => '$')
-    assert_equal '1="%21", 2="%40", 3="%23", 4="%24"', header.send(:normalized_attributes)
-  end
-
-  def test_signed_attributes
-    header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friends.json', {})
-    assert header.send(:signed_attributes).keys.include?(:oauth_signature)
-  end
-
-  def test_attributes
-    attribute_options = SimpleOAuth::Header::ATTRIBUTE_KEYS.inject({}){|o,a| o.merge(a => a.to_s.upcase) }
-    options = attribute_options.merge(:other => 'OTHER')
-    header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friendships.json', {}, options)
-    attributes = header.send(:attributes)
-
-    # OAuth header attributes are all to begin with the "oauth_" prefix.
-    assert attributes.all?{|k,v| k.to_s =~ /^oauth_/ }
-
-    # Custom options not included in the list of valid attribute keys should
-    # not be included in the header attributes.
-    assert !attributes.key?(:oauth_other)
-
-    # Valid attribute option values should be preserved.
-    assert_equal attribute_options.size, attributes.size
-    assert attributes.all?{|k,v| k.to_s == "oauth_#{v.downcase}" }
-  end
-
-  def test_signature
-    header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friends.json', {}, :signature_method => 'HMAC-SHA1')
-    header.expects(:hmac_sha1_signature).once.returns('HMAC_SHA1_SIGNATURE')
-    assert_equal 'HMAC_SHA1_SIGNATURE', header.send(:signature)
-
-    header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friends.json', {}, :signature_method => 'RSA-SHA1')
-    header.expects(:rsa_sha1_signature).once.returns('RSA_SHA1_SIGNATURE')
-    assert_equal 'RSA_SHA1_SIGNATURE', header.send(:signature)
-
-    header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friends.json', {}, :signature_method => 'PLAINTEXT')
-    header.expects(:plaintext_signature).once.returns('PLAINTEXT_SIGNATURE')
-    assert_equal 'PLAINTEXT_SIGNATURE', header.send(:signature)
-  end
-
-  def test_hmac_sha1_signature
-    # Reproduce an actual successful call to the Twitter API using the
-    # HMAC-SHA1 signature method, GETting a list of friends.
-    options = {
-      :consumer_key => '8karQBlMg6gFOwcf8kcoYw',
-      :consumer_secret => '3d0vcHyUiiqADpWxolW8nlDIpSWMlyK7YNgc5Qna2M',
-      :nonce => '547fed103e122eecf84c080843eedfe6',
-      #:signature_method => 'HMAC-SHA1',
-      :timestamp => '1286830180',
-      :token => '201425800-Sv4sTcgoffmHGkTCue0JnURT8vrm4DiFAkeFNDkh',
-      :token_secret => 'T5qa1tF57tfDzKmpM89DHsNuhgOY4NT6DlNLsTFcuQ'
-    }
-    successful = 'OAuth oauth_consumer_key="8karQBlMg6gFOwcf8kcoYw", oauth_nonce="547fed103e122eecf84c080843eedfe6", oauth_signature="i9CT6ahDRAlfGX3hKYf78QzXsaw%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1286830180", oauth_token="201425800-Sv4sTcgoffmHGkTCue0JnURT8vrm4DiFAkeFNDkh", oauth_version="1.0"'
-    header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friends.json', {}, options)
-    assert_equal successful, header.to_s
-
-    # Reproduce a successful Twitter call, POSTing a new status.
-    options.merge!(
-      :nonce => 'b40a3e0f18590ecdcc0e273f7d7c82f8',
-      :timestamp => '1286830181'
-    )
-    successful = 'OAuth oauth_consumer_key="8karQBlMg6gFOwcf8kcoYw", oauth_nonce="b40a3e0f18590ecdcc0e273f7d7c82f8", oauth_signature="mPqSFKejrWWk3ZT9bTQjhO5b2xI%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1286830181", oauth_token="201425800-Sv4sTcgoffmHGkTCue0JnURT8vrm4DiFAkeFNDkh", oauth_version="1.0"'
-    header = SimpleOAuth::Header.new(:post, 'https://api.twitter.com/1/statuses/update.json', {:status => 'hi, again'}, options)
-    assert_equal successful, header.to_s
-  end
-
-  def test_secret
-    header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friendships.json', {})
-    header.stubs(:options).returns(:consumer_secret => 'CONSUMER_SECRET', :token_secret => 'TOKEN_SECRET')
-
-    # Should combine the consumer and token secrets with an ampersand.
-    assert_equal 'CONSUMER_SECRET&TOKEN_SECRET', header.send(:secret)
-
-    header.stubs(:options).returns(:consumer_secret => 'CONSUM#R_SECRET', :token_secret => 'TOKEN_S#CRET')
-
-    # Should URL encode each secret value before combination.
-    assert_equal 'CONSUM%23R_SECRET&TOKEN_S%23CRET', header.send(:secret)
-  end
-
-  def test_signature_base
-    header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friendships.json', {})
-    header.stubs(:method).returns('METHOD')
-    header.stubs(:url).returns('URL')
-    header.stubs(:normalized_params).returns('NORMALIZED_PARAMS')
-
-    # Should combine HTTP method, URL and normalized parameters string using
-    # ampersands.
-    assert_equal 'METHOD&URL&NORMALIZED_PARAMS', header.send(:signature_base)
-
-    header.stubs(:method).returns('ME#HOD')
-    header.stubs(:url).returns('U#L')
-    header.stubs(:normalized_params).returns('NORMAL#ZED_PARAMS')
-
-    # Each of the three combined values should be URL encoded.
-    assert_equal 'ME%23HOD&U%23L&NORMAL%23ZED_PARAMS', header.send(:signature_base)
-  end
-
-  def test_normalized_params
-    header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friendships.json', {})
-    header.stubs(:signature_params).returns([['A', '4'], ['B', '3'], ['B', '2'], ['C', '1'], ['D[]', '0 ']])
-
-    # The +normalized_params+ string should join key=value pairs with
-    # ampersands.
-    signature_params = header.send(:signature_params)
-    normalized_params = header.send(:normalized_params)
-    parts = normalized_params.split('&')
-    pairs = parts.map{|p| p.split('=') }
-    assert_kind_of String, normalized_params
-    assert_equal signature_params.size, parts.size
-    assert pairs.all?{|p| p.size == 2 }
-
-    # The signature parameters should be sorted and the keys/values URL encoded
-    # first.
-    assert_equal signature_params.sort_by{|p| p.to_s}, pairs.map{|k, v| [URI.decode(k), URI.decode(v)]}
-  end
-
-  def test_signature_params
-    header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friendships.json', {})
-    header.stubs(:attributes).returns(:attribute => 'ATTRIBUTE')
-    header.stubs(:params).returns('param' => 'PARAM')
-    header.stubs(:url_params).returns([['url_param', '1'], ['url_param', '2']])
-
-    # Should combine OAuth header attributes, body parameters and URL
-    # parameters into an array of key value pairs.
-    signature_params = header.send(:signature_params)
-    assert_kind_of Array, signature_params
-    assert_equal [:attribute, 'param', 'url_param', 'url_param'], signature_params.map{|p| p.first}
-    assert_equal ['ATTRIBUTE', 'PARAM', '1', '2'], signature_params.map{|p| p.last}
-  end
-
-  def test_url_params
-    # A URL with no query parameters should produce empty +url_params+
-    header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friendships.json', {})
-    assert_equal [], header.send(:url_params)
-
-    # A URL with query parameters should return a hash having array values
-    # containing the given query parameters.
-    header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friendships.json?test=TEST', {})
-    url_params = header.send(:url_params)
-    assert_kind_of Array, url_params
-    assert_equal [['test', 'TEST']], url_params
-
-    # If a query parameter is repeated, the values should be sorted.
-    header = SimpleOAuth::Header.new(:get, 'https://api.twitter.com/1/statuses/friendships.json?test=1&test=2', {})
-    assert_equal [['test', '1'], ['test', '2']], header.send(:url_params)
-  end
-
-  def test_rsa_sha1_signature
-    # Sample request taken from:
-    # http://wiki.oauth.net/TestCases
-    options = {
-      :consumer_key => 'dpf43f3p2l4k3l03',
-      :consumer_secret => File.read('test/rsa_private_key'),
-      :nonce => '13917289812797014437',
-      :signature_method => 'RSA-SHA1',
-      :timestamp => '1196666512'
-    }
-    successful = 'OAuth oauth_consumer_key="dpf43f3p2l4k3l03", oauth_nonce="13917289812797014437", oauth_signature="jvTp%2FwX1TYtByB1m%2BPbyo0lnCOLIsyGCH7wke8AUs3BpnwZJtAuEJkvQL2%2F9n4s5wUmUl4aCI4BwpraNx4RtEXMe5qg5T1LVTGliMRpKasKsW%2F%2Fe%2BRinhejgCuzoH26dyF8iY2ZZ%2F5D1ilgeijhV%2FvBka5twt399mXwaYdCwFYE%3D", oauth_signature_method="RSA-SHA1", oauth_timestamp="1196666512", oauth_version="1.0"'
-    header = SimpleOAuth::Header.new(:get, 'http://photos.example.net/photos', {:file => 'vacaction.jpg', :size => 'original'}, options)
-    assert_equal successful, header.to_s
-  end
-
-  def test_private_key
-    # Pending
-  end
-
-  def plaintext_signature
-    # Sample request taken from:
-    # http://oauth.googlecode.com/svn/code/javascript/example/signature.html
-    options = {
-      :consumer_key => 'abcd',
-      :consumer_secret => 'efgh',
-      :nonce => 'oLKtec51GQy',
-      :signature_method => 'PLAINTEXT',
-      :timestamp => '1286977095',
-      :token => 'ijkl',
-      :token_secret => 'mnop'
-    }
-    successful = 'OAuth oauth_consumer_key="abcd", oauth_nonce="oLKtec51GQy", oauth_signature="efgh%26mnop", oauth_signature_method="PLAINTEXT", oauth_timestamp="1286977095", oauth_token="ijkl", oauth_version="1.0"'
-    header = SimpleOAuth::Header.new(:get, 'http://host.net/resource?name=value', {:name => 'value'}, options)
-    assert_equal successful, header.to_s
-  end
-end