diff --git a/Readme.md b/Readme.md index 73592ef..ce209be 100644 --- a/Readme.md +++ b/Readme.md @@ -2,10 +2,9 @@ node-oauth =========== A simple oauth API for node.js . This API allows users to authenticate against OAUTH providers, and thus act as OAuth consumers. It also has support for OAuth Echo, which is used for communicating with 3rd party media providers such as TwitPic and yFrog. -Tested against Twitter (http://twitter.com), term.ie (http://term.ie/oauth/example/), TwitPic, and Yahoo! +Tested against Twitter (http://twitter.com), term.ie (http://term.ie/oauth/example/), TwitPic, and Yahoo! -Also provides rudimentary OAuth2 support, tested against facebook connect and github. For more complete usage examples please take a look -at connect-auth (http://github.com/ciaranj/connect-auth) +Also provides rudimentary OAuth2 support, tested against facebook connect and github. For more complete usage examples please take a look at connect-auth (http://github.com/ciaranj/connect-auth) If you're running a node.js version more recent than 0.4 then you will need to use a version of node-oauth greater than or equal to 0.9.0. If you're running a node.js version in the 0.2x stable branch, then you will need to use version 0.8.4. @@ -21,13 +20,13 @@ Change History * 0.8.3 - Fixed an issue where the auth header code depended on the Array's toString method (Yohei Sasaki) Updated the getOAuthRequestToken method so we can access google's OAuth secured methods. Also re-implemented and fleshed out the test suite. * 0.8.2 - The request returning methods will now write the POST body if provided (Chris Anderson), the code responsible for manipulating the headers is a bit safe now when working with other code (Paul McKellar) and tweaked the package.json to use index.js instead of main.js * 0.8.1 - Added mechanism to get hold of a signed Node Request object, ready for attaching response listeners etc. (Perfect for streaming APIs) -* 0.8.0 - Standardised method capitalisation, the old getOauthAccessToken is now getOAuthAccessToken (Breaking change to existing code) +* 0.8.0 - Standardised method capitalisation, the old getOauthAccessToken is now getOAuthAccessToken (Breaking change to existing code) * 0.7.7 - Looks like non oauth_ parameters where appearing within the Authorization headers, which I believe to be inccorrect. * 0.7.6 - Added in oauth_verifier property to getAccessToken required for 1.0A * 0.7.5 - Added in a main.js to simplify the require'ing of OAuth * 0.7.4 - Minor change to add an error listener to the OAuth client (thanks troyk) * 0.7.3 - OAuth 2 now sends a Content-Length Http header to keep nginx happy :) -* 0.7.2 - Fixes some broken unit tests! +* 0.7.2 - Fixes some broken unit tests! * 0.7.0 - Introduces support for HTTPS end points and callback URLS for OAuth 1.0A and Oauth 2 (Please be aware that this was a breaking change to the constructor arguments order) Contributors diff --git a/lib/oauth.js b/lib/oauth.js index 11acf69..7630451 100644 --- a/lib/oauth.js +++ b/lib/oauth.js @@ -6,8 +6,8 @@ var crypto= require('crypto'), querystring= require('querystring'); exports.OAuth= function(requestUrl, accessUrl, consumerKey, consumerSecret, version, authorize_callback, signatureMethod, nonceSize, customHeaders) { - this._echo = false; - + this._isEcho = false; + this._requestUrl= requestUrl; this._accessUrl= accessUrl; this._consumerKey= consumerKey; @@ -30,14 +30,14 @@ exports.OAuth= function(requestUrl, accessUrl, consumerKey, consumerSecret, vers }; exports.OAuthEcho= function(realm, verify_credentials, consumerKey, consumerSecret, version, signatureMethod, nonceSize, customHeaders) { - this._echo = true; - + this._isEcho = true; + this._realm= realm; this._verifyCredentials = verify_credentials; this._consumerKey= consumerKey; this._consumerSecret= this._encodeData( consumerSecret ); this._version= version; - + if( signatureMethod != "PLAINTEXT" && signatureMethod != "HMAC-SHA1") throw new Error("Un-supported signature method: " + signatureMethod ); this._signatureMethod= signatureMethod; @@ -107,10 +107,10 @@ exports.OAuth.prototype._isParameterNameAnOAuthParameter= function(parameter) { // build the OAuth request authorization header exports.OAuth.prototype._buildAuthorizationHeaders= function(orderedParameters) { var authHeader="OAuth "; - if (this._echo) { + if( this._isEcho ) { authHeader += 'realm="' + this._realm + '",'; } - + for( var i= 0 ; i < orderedParameters.length; i++) { // Whilst the all the parameters should be included within the signature, only the oauth_ arguments // should appear within the authorization header. @@ -200,7 +200,7 @@ exports.OAuth.prototype._createSignature= function(signatureBase, tokenSecret) { hash= sha1.HMACSHA1(key, signatureBase); } } - return hash; + return hash; } exports.OAuth.prototype.NONCE_CHARS= ['a','b','c','d','e','f','g','h','i','j','k','l','m','n', 'o','p','q','r','s','t','u','v','w','x','y','z','A','B', @@ -250,16 +250,19 @@ exports.OAuth.prototype._prepareParameters= function( oauth_token, oauth_token_s if( oauth_token ) { oauthParameters["oauth_token"]= oauth_token; } - + var sig; - if (!this._echo) { + if( this._isEcho ) { + sig = this._getSignature( "GET", this._verifyCredentials, this._normaliseRequestParams(oauthParameters), oauth_token_secret); + } + else { if( extra_params ) { for( var key in extra_params ) { oauthParameters[key]= extra_params[key]; } } var parsedUrl= URL.parse( url, false ); - + if( parsedUrl.query ) { var key2; var extraParameters= querystring.parse(parsedUrl.query); @@ -275,10 +278,8 @@ exports.OAuth.prototype._prepareParameters= function( oauth_token, oauth_token_s } } } - + sig = this._getSignature( method, url, this._normaliseRequestParams(oauthParameters), oauth_token_secret); - } else { - sig = this._getSignature( "GET", this._verifyCredentials, this._normaliseRequestParams(oauthParameters), oauth_token_secret); } var orderedParameters= this._sortRequestParams( this._makeArrayOfArgumentsHash(oauthParameters) ); @@ -298,12 +299,13 @@ exports.OAuth.prototype._performSecureRequest= function( oauth_token, oauth_toke var headers= {}; var authorization = this._buildAuthorizationHeaders(orderedParameters); - if (this._echo) { + if ( this._isEcho ) { headers["X-Verify-Credentials-Authorization"]= authorization; - } else { + } + else { headers["Authorization"]= authorization; } - + headers["Host"] = parsedUrl.host for( var key in this._headers ) { diff --git a/package.json b/package.json index 0b2e3e5..22e066e 100644 --- a/package.json +++ b/package.json @@ -1,5 +1,5 @@ { "name" : "oauth" -, "description" : "Library for interacting with OAuth 1.0, 1.0A and 2. Provides simplified client access and allows for construction of more complex apis and OAuth providers." +, "description" : "Library for interacting with OAuth 1.0, 1.0A, 2 and Echo. Provides simplified client access and allows for construction of more complex apis and OAuth providers." , "version" : "0.9.1" , "directories" : { "lib" : "./lib" } , "main" : "index.js"