Adding a method to sign urls, desperately need to re-factor :(

2010-04-27 21:48:43 +01:00 · 2010-04-27 21:48:43 +01:00 · 09567154fd
commit 09567154fd
parent 337b6c7fa6
2 changed files with 61 additions and 5 deletions
--- a/lib/oauth.js
+++ b/lib/oauth.js
@ -272,6 +272,45 @@ exports.OAuth.prototype.getOAuthRequestToken= function(callback) {
  request.end();
 }

+exports.OAuth.prototype.signUrl= function(url, oauth_token, oauth_token_secret, method) {
+  var oauthParameters= {
+      "oauth_timestamp":        this._getTimestamp(),
+      "oauth_nonce":            this._getNonce(this._nonceSize),
+      "oauth_version":          this._version,
+      "oauth_signature_method": this._signatureMethod,
+      "oauth_consumer_key":     this._consumerKey
+  };
+
+  if( oauth_token ) {
+    oauthParameters["oauth_token"]= oauth_token;
+  }
+  if( method === undefined ) {
+    var method= "GET";
+  }
+
+  var parsedUrl= URL.parse( url, false );
+  if( parsedUrl.protocol == "http:" && !parsedUrl.port ) parsedUrl.port= 80;
+  if( parsedUrl.protocol == "https:" && !parsedUrl.port ) parsedUrl.port= 443;
+
+  if( parsedUrl.query ) {
+   var extraParameters= querystring.parse(parsedUrl.query);
+   for(var key in extraParameters ) {
+     oauthParameters[key]= extraParameters[key];
+   }
+  }
+
+  var sig= this._getSignature( method,  url,  this._normaliseRequestParams(oauthParameters), oauth_token_secret);
+  var orderedParameters= this._sortRequestParams( oauthParameters );
+  orderedParameters[orderedParameters.length]= ["oauth_signature", sig];
+
+  var query=""; 
+  for( var i= 0 ; i < orderedParameters.length; i++) {
+    query+= orderedParameters[i][0]+"="+ this._encodeData(orderedParameters[i][1]) + "&";
+  }
+  query= query.substring(0, query.length-1);
+
+  return parsedUrl.protocol + "//"+ parsedUrl.host + parsedUrl.pathname + "?" + query;
+};



--- a/spec/spec.oauth.js
+++ b/spec/spec.oauth.js
@ -26,10 +26,27 @@ describe 'node-oauth'
          oa._normalizeUrl("http://somehost.com").should_be "http://somehost.com/"
        end
      end
-      describe 'host headers for non default ports should contain the port'
-        before_each
+      describe 'Url signing'
+        it 'should provide a valid signature when no token present'
+          oa= new OAuth(null, null, "consumerkey", "consumersecret", "1.0", "HMAC-SHA1");
+          oa.stub('_getTimestamp').and_return("1272399856")
+          oa.stub('_getNonce').and_return("ybHPeOEkAUJ3k2wJT9Xb43MjtSgTvKqp")
+          oa.signUrl("http://somehost.com:3323/foo/poop?bar=foo").should_be ("http://somehost.com:3323/foo/poop?bar=foo&oauth_consumer_key=consumerkey&oauth_nonce=ybHPeOEkAUJ3k2wJT9Xb43MjtSgTvKqp&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1272399856&oauth_version=1.0&oauth_signature=7ytO8vPSLut2GzHjU9pn1SV9xjc%3D")
        end
-
+        it 'should provide a valid signature when a token is present'
+          oa= new OAuth(null, null, "consumerkey", "consumersecret", "1.0", "HMAC-SHA1");
+          oa.stub('_getTimestamp').and_return("1272399856")
+          oa.stub('_getNonce').and_return("ybHPeOEkAUJ3k2wJT9Xb43MjtSgTvKqp")
+          oa.signUrl("http://somehost.com:3323/foo/poop?bar=foo", "token").should_be ("http://somehost.com:3323/foo/poop?bar=foo&oauth_consumer_key=consumerkey&oauth_nonce=ybHPeOEkAUJ3k2wJT9Xb43MjtSgTvKqp&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1272399856&oauth_token=token&oauth_version=1.0&oauth_signature=9LwCuCWw5sURtpMroIolU3YwsdI%3D")
+        end
+        it 'should provide a valid signature when a token and a token secret is present'
+          oa= new OAuth(null, null, "consumerkey", "consumersecret", "1.0", "HMAC-SHA1");
+          oa.stub('_getTimestamp').and_return("1272399856")
+          oa.stub('_getNonce').and_return("ybHPeOEkAUJ3k2wJT9Xb43MjtSgTvKqp")
+          oa.signUrl("http://somehost.com:3323/foo/poop?bar=foo", "token", "tokensecret").should_be ("http://somehost.com:3323/foo/poop?bar=foo&oauth_consumer_key=consumerkey&oauth_nonce=ybHPeOEkAUJ3k2wJT9Xb43MjtSgTvKqp&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1272399856&oauth_token=token&oauth_version=1.0&oauth_signature=zeOR0Wsm6EG6XSg0Vw%2FsbpoSib8%3D")
+        end
+      end
+      describe 'host headers for non default ports should contain the port'
        describe 'when getProtectedResource is called'
          it 'should set the correct Host header when provided with an unusual port'
            oa2= new OAuth(null, null, null, null, null, "HMAC-SHA1");