wiki-cafe/node-oauth
0
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Extra params when passed as a POST will now properly get set as the POST body rather than be discarded as previously

Browse Source
This commit is contained in:
ciaranj 2010-10-31 23:15:22 +00:00
parent bd90236624
commit b6f7e03061
2 changed files with 144 additions and 93 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
lib/oauth.js
View File

@ -70,14 +70,24 @@ exports.OAuth.prototype._normalizeUrl= function(url) {
return parsedUrl.protocol + "//" + parsedUrl.hostname + port + parsedUrl.pathname; return parsedUrl.protocol + "//" + parsedUrl.hostname + port + parsedUrl.pathname;
} }
// Is the parameter considered an OAuth parameter
exports.OAuth.prototype._isParameterNameAnOAuthParameter= function(parameter) {
var m = parameter.match('^oauth_');
if( m && ( m[0] === "oauth_" ) ) {
return true;
}
else {
return false;
}
};
// build the OAuth request authorization header // build the OAuth request authorization header
exports.OAuth.prototype._buildAuthorizationHeaders= function(orderedParameters) { exports.OAuth.prototype._buildAuthorizationHeaders= function(orderedParameters) {
var authHeader="OAuth "; var authHeader="OAuth ";
for( var i= 0 ; i < orderedParameters.length; i++) { for( var i= 0 ; i < orderedParameters.length; i++) {
// Whilst the all the parameters should be included within the signature, only the oauth_ arguments // Whilst the all the parameters should be included within the signature, only the oauth_ arguments
// should appear within the authorization header. // should appear within the authorization header.
var m = orderedParameters[i][0].match('^oauth_'); if( this._isParameterNameAnOAuthParameter(orderedParameters[i][0]) ) {
if( m && ( m[0] === "oauth_" || m[0] === 'scope' ) ) {
authHeader+= this._encodeData(orderedParameters[i][0])+"=\""+ this._encodeData(orderedParameters[i][1])+"\","; authHeader+= this._encodeData(orderedParameters[i][0])+"=\""+ this._encodeData(orderedParameters[i][1])+"\",";
} }
} }
@ -220,6 +230,17 @@ exports.OAuth.prototype._performSecureRequest= function( oauth_token, oauth_toke
} }
} }
// Filter out any passed extra_params that are really to do with OAuth
for(var key in extra_params) {
if( this._isParameterNameAnOAuthParameter( key ) ) {
delete extra_params[key];
}
}
if( method == "POST" && ( post_body == null && extra_params != null) ) {
post_body= querystring.stringify(extra_params);
}
headers["Content-length"]= post_body ? post_body.length : 0; //Probably going to fail if not posting ascii headers["Content-length"]= post_body ? post_body.length : 0; //Probably going to fail if not posting ascii
headers["Content-Type"]= post_content_type; headers["Content-Type"]= post_content_type;
@ -270,7 +291,7 @@ exports.OAuth.prototype.getOAuthAccessToken= function(oauth_token, oauth_token_s
extraParams.oauth_verifier= oauth_verifier; extraParams.oauth_verifier= oauth_verifier;
} }
this._performSecureRequest( oauth_token, oauth_token_secret, "GET", this._accessUrl, extraParams, "", null, function(error, data, response) { this._performSecureRequest( oauth_token, oauth_token_secret, "GET", this._accessUrl, extraParams, null, null, function(error, data, response) {
if( error ) callback(error); if( error ) callback(error);
else { else {
var results= querystring.parse( data ); var results= querystring.parse( data );
@ -301,7 +322,7 @@ exports.OAuth.prototype.post= function(url, oauth_token, oauth_token_secret, pos
if( typeof post_body != "string" ) { if( typeof post_body != "string" ) {
post_content_type= "application/x-www-form-urlencoded" post_content_type= "application/x-www-form-urlencoded"
extra_params= post_body; extra_params= post_body;
post_body= querystring.stringify(post_body); post_body= null;
} }
return this._performSecureRequest( oauth_token, oauth_token_secret, "POST", url, extra_params, post_body, post_content_type, callback ); return this._performSecureRequest( oauth_token, oauth_token_secret, "POST", url, extra_params, post_body, post_content_type, callback );
} }
@ -316,7 +337,7 @@ exports.OAuth.prototype.getOAuthRequestToken= function(extraParams, callback) {
if( this._authorize_callback ) { if( this._authorize_callback ) {
extraParams["oauth_callback"]= this._authorize_callback; extraParams["oauth_callback"]= this._authorize_callback;
} }
this._performSecureRequest( null, null, "POST", this._requestUrl, extraParams, "", null, function(error, data, response) { this._performSecureRequest( null, null, "POST", this._requestUrl, extraParams, null, null, function(error, data, response) {
if( error ) callback(error); if( error ) callback(error);
else { else {
var results= querystring.parse(data); var results= querystring.parse(data);

44
tests/oauth.js
View File

@ -110,21 +110,31 @@ vows.describe('OAuth').addBatch({
'using the POST method' : { 'using the POST method' : {
'Any passed extra_params should form part of the POST body': function(oa) { 'Any passed extra_params should form part of the POST body': function(oa) {
var post_body_written= false; var post_body_written= false;
var _oldRequest= oa.request; var op= oa._createClient;
oa.request= function(method, path, headers) { try {
oa._createClient= function() {
return { return {
write: function(post_body) { request: function(method, path, headers) {
return {
write: function(post_body){
post_body_written= true; post_body_written= true;
assert.equal(post_body,"FOO"); assert.equal(post_body,"scope=foobar%2C1%2C2");
},
socket: {addListener: function(){}},
addListener: function() {},
end: function() {}
} }
} }
} }
// oa._performSecureRequest("token", "token_secret", 'POST', 'http://foo.com/protected_resource', {"scope": "foobar"}); }
oa.request= _oldRequest; oa._performSecureRequest("token", "token_secret", 'POST', 'http://foo.com/protected_resource', {"scope": "foobar,1,2"});
assert.equal(post_body_written, true); assert.equal(post_body_written, true);
} }
finally {
oa._createClient= op;
}
}
} }
// exports.OAuth.prototype._performSecureRequest= function( oauth_token, oauth_token_secret, method, url, extra_params, post_body, post_content_type, callback ) {
}, },
'When performing a secure' : { 'When performing a secure' : {
topic: new OAuth("http://foo.com/RequestToken", topic: new OAuth("http://foo.com/RequestToken",
@ -144,6 +154,7 @@ vows.describe('OAuth').addBatch({
"it should call the internal request's end method and return nothing": function(oa) { "it should call the internal request's end method and return nothing": function(oa) {
var callbackCalled= false; var callbackCalled= false;
var op= oa._createClient; var op= oa._createClient;
try {
oa._createClient= function() { oa._createClient= function() {
return { return {
request: function(method, path, headers) { request: function(method, path, headers) {
@ -161,12 +172,16 @@ vows.describe('OAuth').addBatch({
var request= oa.post("http://foo.com/blah", "token", "token_secret", "BLAH", "text/plain", function(e,d){}) var request= oa.post("http://foo.com/blah", "token", "token_secret", "BLAH", "text/plain", function(e,d){})
assert.equal(callbackCalled, true); assert.equal(callbackCalled, true);
assert.isUndefined(request); assert.isUndefined(request);
}
finally {
oa._createClient= op; oa._createClient= op;
} }
}
}, },
'if the post_body is not a string' : { 'if the post_body is not a string' : {
"It should be url encoded and the content type set to be x-www-form-urlencoded" : function(oa) { "It should be url encoded and the content type set to be x-www-form-urlencoded" : function(oa) {
var op= oa._createClient; var op= oa._createClient;
try {
var callbackCalled= false; var callbackCalled= false;
oa._createClient= function() { oa._createClient= function() {
return { return {
@ -186,13 +201,17 @@ vows.describe('OAuth').addBatch({
} }
var request= oa.post("http://foo.com/blah", "token", "token_secret", {"foo":"1,2,3", "bar":"1+2"}) var request= oa.post("http://foo.com/blah", "token", "token_secret", {"foo":"1,2,3", "bar":"1+2"})
assert.equal(callbackCalled, true); assert.equal(callbackCalled, true);
}
finally {
oa._createClient= op; oa._createClient= op;
} }
}
}, },
'if the post_body is a string' : { 'if the post_body is a string' : {
"and no post_content_type is specified" : { "and no post_content_type is specified" : {
"It should be written as is, with a content length specified, and the encoding should be set to be x-www-form-urlencoded" : function(oa) { "It should be written as is, with a content length specified, and the encoding should be set to be x-www-form-urlencoded" : function(oa) {
var op= oa._createClient; var op= oa._createClient;
try {
var callbackCalled= false; var callbackCalled= false;
oa._createClient= function() { oa._createClient= function() {
return { return {
@ -213,12 +232,16 @@ vows.describe('OAuth').addBatch({
} }
var request= oa.post("http://foo.com/blah", "token", "token_secret", "foo=1%2C2%2C3&bar=1%2B2") var request= oa.post("http://foo.com/blah", "token", "token_secret", "foo=1%2C2%2C3&bar=1%2B2")
assert.equal(callbackCalled, true); assert.equal(callbackCalled, true);
}
finally {
oa._createClient= op; oa._createClient= op;
} }
}
}, },
"and a post_content_type is specified" : { "and a post_content_type is specified" : {
"It should be written as is, with a content length specified, and the encoding should be set to be as specified" : function(oa) { "It should be written as is, with a content length specified, and the encoding should be set to be as specified" : function(oa) {
var op= oa._createClient; var op= oa._createClient;
try {
var callbackCalled= false; var callbackCalled= false;
oa._createClient= function() { oa._createClient= function() {
return { return {
@ -239,10 +262,13 @@ vows.describe('OAuth').addBatch({
} }
var request= oa.post("http://foo.com/blah", "token", "token_secret", "foo=1%2C2%2C3&bar=1%2B2", "unicorn/encoded") var request= oa.post("http://foo.com/blah", "token", "token_secret", "foo=1%2C2%2C3&bar=1%2B2", "unicorn/encoded")
assert.equal(callbackCalled, true); assert.equal(callbackCalled, true);
}
finally {
oa._createClient= op; oa._createClient= op;
} }
} }
} }
}
}, },
'GET' : { 'GET' : {
'if no callback is passed' : { 'if no callback is passed' : {
@ -257,6 +283,7 @@ vows.describe('OAuth').addBatch({
"it should call the internal request's end method and return nothing": function(oa) { "it should call the internal request's end method and return nothing": function(oa) {
var callbackCalled= false; var callbackCalled= false;
var op= oa._createClient; var op= oa._createClient;
try {
oa._createClient= function() { oa._createClient= function() {
return { return {
request: function(method, path, headers) { request: function(method, path, headers) {
@ -273,8 +300,11 @@ vows.describe('OAuth').addBatch({
var request= oa.get("http://foo.com/blah", "token", "token_secret", function(e,d) {}) var request= oa.get("http://foo.com/blah", "token", "token_secret", function(e,d) {})
assert.equal(callbackCalled, true); assert.equal(callbackCalled, true);
assert.isUndefined(request); assert.isUndefined(request);
}
finally {
oa._createClient= op; oa._createClient= op;
} }
}
}, },
} }
} }