From 36eded6a2ec7410b350b919fa8fe9eccee22e5ca Mon Sep 17 00:00:00 2001 From: ciaranj Date: Tue, 20 Apr 2010 22:37:28 +0100 Subject: [PATCH] Added in support for PLAINTEXT Signature methods. --- ...ie.oauth.js => term.ie.oauth-HMAC-SHA1.js} | 0 examples/term.ie.oauth-PLAINTEXT.js | 31 +++++++++++++++++++ lib/oauth.js | 27 ++++++++++------ 3 files changed, 48 insertions(+), 10 deletions(-) rename examples/{term.ie.oauth.js => term.ie.oauth-HMAC-SHA1.js} (100%) create mode 100644 examples/term.ie.oauth-PLAINTEXT.js diff --git a/examples/term.ie.oauth.js b/examples/term.ie.oauth-HMAC-SHA1.js similarity index 100% rename from examples/term.ie.oauth.js rename to examples/term.ie.oauth-HMAC-SHA1.js diff --git a/examples/term.ie.oauth-PLAINTEXT.js b/examples/term.ie.oauth-PLAINTEXT.js new file mode 100644 index 0000000..3f4f1bf --- /dev/null +++ b/examples/term.ie.oauth-PLAINTEXT.js @@ -0,0 +1,31 @@ +var sys= require('sys') + +var OAuth= require('../lib/oauth').OAuth; + +var oa= new OAuth("http://term.ie/oauth/example/request_token.php?foo=bar", + "http://term.ie/oauth/example/access_token.php", + null, + "key", + "secret", + "1.0", + "PLAINTEXT") + +oa.getOAuthRequestToken(function(error, oauth_token, oauth_token_secret, authorize_url, results){ + if(error) sys.puts('error :' + error) + else { + sys.puts('oauth_token :' + oauth_token) + sys.puts('oauth_token_secret :' + oauth_token_secret) + sys.puts('requestoken results :' + sys.inspect(results)) + sys.puts("Requesting access token") + oa.getOauthAccessToken(oauth_token, oauth_token_secret, function(error, oauth_access_token, oauth_access_token_secret, results2) { + sys.puts('oauth_access_token :' + oauth_access_token) + sys.puts('oauth_token_secret :' + oauth_access_token_secret) + sys.puts('accesstoken results :' + sys.inspect(results2)) + sys.puts("Requesting access token") + var data= ""; + oa.getProtectedResource("http://term.ie/oauth/example/echo_api.php?foo=bar&too=roo", "GET", oauth_access_token, oauth_access_token_secret, function (error, data, response) { + sys.puts(data); + }); + }); + } +}) \ No newline at end of file diff --git a/lib/oauth.js b/lib/oauth.js index 9e0af61..0f4f0cc 100644 --- a/lib/oauth.js +++ b/lib/oauth.js @@ -10,6 +10,9 @@ exports.OAuth= function(requestUrl, accessUrl, authorizeUrl, consumerKey, consum this._consumerKey= consumerKey; this._consumerSecret= this._encodeData( consumerSecret ); this._version= version; + + if( signatureMethod != "PLAINTEXT" && signatureMethod != "HMAC-SHA1") + throw new Error("Un-supported signature method: " + signatureMethod ) this._signatureMethod= signatureMethod; this._nonceSize= nonceSize || 32; }; @@ -22,8 +25,7 @@ exports.OAuth.prototype._encodeData= function(toEncode){ if( toEncode == null || toEncode == "" ) return "" else { var result= encodeURIComponent(toEncode); - - // Fix the mismatch between OAuth's RFC2396's and Javascript's beliefs in what is right and wrong ;) + // Fix the mismatch between OAuth's RFC3986's and Javascript's beliefs in what is right and wrong ;) return result.replace(/\!/g, "%21") .replace(/\'/g, "%27") .replace(/\(/g, "%28") @@ -94,15 +96,20 @@ exports.OAuth.prototype._createSignatureBase= function(method, url, parameters) exports.OAuth.prototype._createSignature= function(signatureBase, tokenSecret) { if( tokenSecret === undefined ) var tokenSecret= ""; else tokenSecret= this._encodeData( tokenSecret ); - + // consumerSecret is already encoded var key= this._consumerSecret + "&" + tokenSecret; //TODO: whilst we support different signature methods being passed // we currenting only do SHA1-HMAC - var hash= sha1.HMACSHA1(key, signatureBase); - signature = this._encodeData(hash); + var hash= "" + if( this._signatureMethod == "PLAINTEXT" ) { + hash= this._encodeData(key); + } + else { + hash= sha1.HMACSHA1(key, signatureBase); + } - return signature; + return hash; } exports.OAuth.prototype.NONCE_CHARS= ['a','b','c','d','e','f','g','h','i','j','k','l','m','n', 'o','p','q','r','s','t','u','v','w','x','y','z','A','B', @@ -147,13 +154,13 @@ exports.OAuth.prototype._performSecureRequest= function( oauth_token, oauth_toke } } - var sig= this._getSignature( method, url, this._normaliseRequestParams(oauthParameters), oauth_token_secret); + var sig= this._getSignature( method, url, this._normaliseRequestParams(oauthParameters), oauth_token_secret); var orderedParameters= this._sortRequestParams( oauthParameters ); orderedParameters[orderedParameters.length]= ["oauth_signature", sig]; var query=""; for( var i= 0 ; i < orderedParameters.length; i++) { - query+= orderedParameters[i][0]+"="+ orderedParameters[i][1] + "&"; + query+= orderedParameters[i][0]+"="+ this._encodeData(orderedParameters[i][1]) + "&"; } query= query.substring(0, query.length-1); @@ -222,7 +229,7 @@ exports.OAuth.prototype.getOAuthRequestToken= function(callback) { // build request authorization header var authHeader="OAuth "; for( var i= 0 ; i < orderedParameters.length; i++) { - authHeader+= orderedParameters[i][0]+"=\""+orderedParameters[i][1] +"\","; + authHeader+= orderedParameters[i][0]+"=\""+ this._encodeData(orderedParameters[i][1])+"\","; } authHeader= authHeader.substring(0, authHeader.length-1); @@ -233,7 +240,7 @@ exports.OAuth.prototype.getOAuthRequestToken= function(callback) { headers["User-Agent"]= "Express authentication" headers["Content-length"]= 0 headers["Content-Type"]= "application/x-www-form-urlencoded" - + var oauthProvider= http.createClient(parsedUrl.port, parsedUrl.hostname); var request = oauthProvider.request(method, parsedUrl.pathname, headers); var data="";