From 09567154fd04cf6d6e4e4f8d8f64feaabf7da1fd Mon Sep 17 00:00:00 2001
From: ciaranj <ciaranj@gmail.com>
Date: Tue, 27 Apr 2010 21:48:43 +0100
Subject: [PATCH] Adding a method to sign urls, desperately need to re-factor
 :(

---
 lib/oauth.js       | 43 +++++++++++++++++++++++++++++++++++++++++--
 spec/spec.oauth.js | 23 ++++++++++++++++++++---
 2 files changed, 61 insertions(+), 5 deletions(-)

diff --git a/lib/oauth.js b/lib/oauth.js
index 055e96c..5159448 100644
--- a/lib/oauth.js
+++ b/lib/oauth.js
@@ -160,8 +160,8 @@ exports.OAuth.prototype._performSecureRequest= function( oauth_token, oauth_toke
    }
   }
 
-  var sig= this._getSignature( method,  url,  this._normaliseRequestParams(oauthParameters), oauth_token_secret); 
-  var orderedParameters= this._sortRequestParams( oauthParameters );  
+  var sig= this._getSignature( method,  url,  this._normaliseRequestParams(oauthParameters), oauth_token_secret);
+  var orderedParameters= this._sortRequestParams( oauthParameters );
   orderedParameters[orderedParameters.length]= ["oauth_signature", sig];
   
   var query=""; 
@@ -272,6 +272,45 @@ exports.OAuth.prototype.getOAuthRequestToken= function(callback) {
   request.end();
 }
 
+exports.OAuth.prototype.signUrl= function(url, oauth_token, oauth_token_secret, method) {
+  var oauthParameters= {
+      "oauth_timestamp":        this._getTimestamp(),
+      "oauth_nonce":            this._getNonce(this._nonceSize),
+      "oauth_version":          this._version,
+      "oauth_signature_method": this._signatureMethod,
+      "oauth_consumer_key":     this._consumerKey
+  };
+
+  if( oauth_token ) {
+    oauthParameters["oauth_token"]= oauth_token;
+  }
+  if( method === undefined ) {
+    var method= "GET";
+  }
+
+  var parsedUrl= URL.parse( url, false );
+  if( parsedUrl.protocol == "http:" && !parsedUrl.port ) parsedUrl.port= 80;
+  if( parsedUrl.protocol == "https:" && !parsedUrl.port ) parsedUrl.port= 443;
+
+  if( parsedUrl.query ) {
+   var extraParameters= querystring.parse(parsedUrl.query);
+   for(var key in extraParameters ) {
+     oauthParameters[key]= extraParameters[key];
+   }
+  }
+
+  var sig= this._getSignature( method,  url,  this._normaliseRequestParams(oauthParameters), oauth_token_secret);
+  var orderedParameters= this._sortRequestParams( oauthParameters );
+  orderedParameters[orderedParameters.length]= ["oauth_signature", sig];
+
+  var query=""; 
+  for( var i= 0 ; i < orderedParameters.length; i++) {
+    query+= orderedParameters[i][0]+"="+ this._encodeData(orderedParameters[i][1]) + "&";
+  }
+  query= query.substring(0, query.length-1);
+
+  return parsedUrl.protocol + "//"+ parsedUrl.host + parsedUrl.pathname + "?" + query;
+};
 
 
 
diff --git a/spec/spec.oauth.js b/spec/spec.oauth.js
index 47e698a..9e946bc 100644
--- a/spec/spec.oauth.js
+++ b/spec/spec.oauth.js
@@ -26,10 +26,27 @@ describe 'node-oauth'
           oa._normalizeUrl("http://somehost.com").should_be "http://somehost.com/"
         end
       end
-      describe 'host headers for non default ports should contain the port'
-        before_each
+      describe 'Url signing'
+        it 'should provide a valid signature when no token present'
+          oa= new OAuth(null, null, "consumerkey", "consumersecret", "1.0", "HMAC-SHA1");
+          oa.stub('_getTimestamp').and_return("1272399856")
+          oa.stub('_getNonce').and_return("ybHPeOEkAUJ3k2wJT9Xb43MjtSgTvKqp")
+          oa.signUrl("http://somehost.com:3323/foo/poop?bar=foo").should_be ("http://somehost.com:3323/foo/poop?bar=foo&oauth_consumer_key=consumerkey&oauth_nonce=ybHPeOEkAUJ3k2wJT9Xb43MjtSgTvKqp&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1272399856&oauth_version=1.0&oauth_signature=7ytO8vPSLut2GzHjU9pn1SV9xjc%3D")
         end
-
+        it 'should provide a valid signature when a token is present'
+          oa= new OAuth(null, null, "consumerkey", "consumersecret", "1.0", "HMAC-SHA1");
+          oa.stub('_getTimestamp').and_return("1272399856")
+          oa.stub('_getNonce').and_return("ybHPeOEkAUJ3k2wJT9Xb43MjtSgTvKqp")
+          oa.signUrl("http://somehost.com:3323/foo/poop?bar=foo", "token").should_be ("http://somehost.com:3323/foo/poop?bar=foo&oauth_consumer_key=consumerkey&oauth_nonce=ybHPeOEkAUJ3k2wJT9Xb43MjtSgTvKqp&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1272399856&oauth_token=token&oauth_version=1.0&oauth_signature=9LwCuCWw5sURtpMroIolU3YwsdI%3D")
+        end
+        it 'should provide a valid signature when a token and a token secret is present'
+          oa= new OAuth(null, null, "consumerkey", "consumersecret", "1.0", "HMAC-SHA1");
+          oa.stub('_getTimestamp').and_return("1272399856")
+          oa.stub('_getNonce').and_return("ybHPeOEkAUJ3k2wJT9Xb43MjtSgTvKqp")
+          oa.signUrl("http://somehost.com:3323/foo/poop?bar=foo", "token", "tokensecret").should_be ("http://somehost.com:3323/foo/poop?bar=foo&oauth_consumer_key=consumerkey&oauth_nonce=ybHPeOEkAUJ3k2wJT9Xb43MjtSgTvKqp&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1272399856&oauth_token=token&oauth_version=1.0&oauth_signature=zeOR0Wsm6EG6XSg0Vw%2FsbpoSib8%3D")
+        end
+      end
+      describe 'host headers for non default ports should contain the port'
         describe 'when getProtectedResource is called'
           it 'should set the correct Host header when provided with an unusual port'
             oa2= new OAuth(null, null, null, null, null, "HMAC-SHA1");