wiki-cafe/node-oauth
0
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Extra params when passed as a POST will now properly get set as the POST body rather than be discarded as previously

Browse Source
This commit is contained in:
ciaranj 2010-10-31 23:15:22 +00:00
parent bd90236624
commit b6f7e03061
2 changed files with 144 additions and 93 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
lib/oauth.js
View File

@ -51,8 +51,8 @@ exports.OAuth.prototype._decodeData= function(toDecode) {
} }
exports.OAuth.prototype._getSignature= function(method, url, parameters, tokenSecret) { exports.OAuth.prototype._getSignature= function(method, url, parameters, tokenSecret) {
var signatureBase= this._createSignatureBase(method, url, parameters); var signatureBase= this._createSignatureBase(method, url, parameters);
return this._createSignature( signatureBase, tokenSecret ); return this._createSignature( signatureBase, tokenSecret );
} }
exports.OAuth.prototype._normalizeUrl= function(url) { exports.OAuth.prototype._normalizeUrl= function(url) {
@ -70,14 +70,24 @@ exports.OAuth.prototype._normalizeUrl= function(url) {
return parsedUrl.protocol + "//" + parsedUrl.hostname + port + parsedUrl.pathname; return parsedUrl.protocol + "//" + parsedUrl.hostname + port + parsedUrl.pathname;
} }
// Is the parameter considered an OAuth parameter
exports.OAuth.prototype._isParameterNameAnOAuthParameter= function(parameter) {
var m = parameter.match('^oauth_');
if( m && ( m[0] === "oauth_" ) ) {
return true;
}
else {
return false;
}
};
// build the OAuth request authorization header // build the OAuth request authorization header
exports.OAuth.prototype._buildAuthorizationHeaders= function(orderedParameters) { exports.OAuth.prototype._buildAuthorizationHeaders= function(orderedParameters) {
var authHeader="OAuth "; var authHeader="OAuth ";
for( var i= 0 ; i < orderedParameters.length; i++) { for( var i= 0 ; i < orderedParameters.length; i++) {
// Whilst the all the parameters should be included within the signature, only the oauth_ arguments // Whilst the all the parameters should be included within the signature, only the oauth_ arguments
// should appear within the authorization header. // should appear within the authorization header.
var m = orderedParameters[i][0].match('^oauth_'); if( this._isParameterNameAnOAuthParameter(orderedParameters[i][0]) ) {
if( m && ( m[0] === "oauth_" || m[0] === 'scope' ) ) {
authHeader+= this._encodeData(orderedParameters[i][0])+"=\""+ this._encodeData(orderedParameters[i][1])+"\","; authHeader+= this._encodeData(orderedParameters[i][0])+"=\""+ this._encodeData(orderedParameters[i][1])+"\",";
} }
} }
@ -220,6 +230,17 @@ exports.OAuth.prototype._performSecureRequest= function( oauth_token, oauth_toke
} }
} }
// Filter out any passed extra_params that are really to do with OAuth
for(var key in extra_params) {
if( this._isParameterNameAnOAuthParameter( key ) ) {
delete extra_params[key];
}
}
if( method == "POST" && ( post_body == null && extra_params != null) ) {
post_body= querystring.stringify(extra_params);
}
headers["Content-length"]= post_body ? post_body.length : 0; //Probably going to fail if not posting ascii headers["Content-length"]= post_body ? post_body.length : 0; //Probably going to fail if not posting ascii
headers["Content-Type"]= post_content_type; headers["Content-Type"]= post_content_type;
@ -270,7 +291,7 @@ exports.OAuth.prototype.getOAuthAccessToken= function(oauth_token, oauth_token_s
extraParams.oauth_verifier= oauth_verifier; extraParams.oauth_verifier= oauth_verifier;
} }
this._performSecureRequest( oauth_token, oauth_token_secret, "GET", this._accessUrl, extraParams, "", null, function(error, data, response) { this._performSecureRequest( oauth_token, oauth_token_secret, "GET", this._accessUrl, extraParams, null, null, function(error, data, response) {
if( error ) callback(error); if( error ) callback(error);
else { else {
var results= querystring.parse( data ); var results= querystring.parse( data );
@ -301,7 +322,7 @@ exports.OAuth.prototype.post= function(url, oauth_token, oauth_token_secret, pos
if( typeof post_body != "string" ) { if( typeof post_body != "string" ) {
post_content_type= "application/x-www-form-urlencoded" post_content_type= "application/x-www-form-urlencoded"
extra_params= post_body; extra_params= post_body;
post_body= querystring.stringify(post_body); post_body= null;
} }
return this._performSecureRequest( oauth_token, oauth_token_secret, "POST", url, extra_params, post_body, post_content_type, callback ); return this._performSecureRequest( oauth_token, oauth_token_secret, "POST", url, extra_params, post_body, post_content_type, callback );
} }
@ -316,7 +337,7 @@ exports.OAuth.prototype.getOAuthRequestToken= function(extraParams, callback) {
if( this._authorize_callback ) { if( this._authorize_callback ) {
extraParams["oauth_callback"]= this._authorize_callback; extraParams["oauth_callback"]= this._authorize_callback;
} }
this._performSecureRequest( null, null, "POST", this._requestUrl, extraParams, "", null, function(error, data, response) { this._performSecureRequest( null, null, "POST", this._requestUrl, extraParams, null, null, function(error, data, response) {
if( error ) callback(error); if( error ) callback(error);
else { else {
var results= querystring.parse(data); var results= querystring.parse(data);

202
tests/oauth.js
View File

@ -110,21 +110,31 @@ vows.describe('OAuth').addBatch({
'using the POST method' : { 'using the POST method' : {
'Any passed extra_params should form part of the POST body': function(oa) { 'Any passed extra_params should form part of the POST body': function(oa) {
var post_body_written= false; var post_body_written= false;
var _oldRequest= oa.request; var op= oa._createClient;
oa.request= function(method, path, headers) { try {
return { oa._createClient= function() {
write: function(post_body) { return {
post_body_written= true; request: function(method, path, headers) {
assert.equal(post_body,"FOO"); return {
write: function(post_body){
post_body_written= true;
assert.equal(post_body,"scope=foobar%2C1%2C2");
},
socket: {addListener: function(){}},
addListener: function() {},
end: function() {}
}
}
} }
} }
oa._performSecureRequest("token", "token_secret", 'POST', 'http://foo.com/protected_resource', {"scope": "foobar,1,2"});
assert.equal(post_body_written, true);
}
finally {
oa._createClient= op;
} }
// oa._performSecureRequest("token", "token_secret", 'POST', 'http://foo.com/protected_resource', {"scope": "foobar"});
oa.request= _oldRequest;
assert.equal(post_body_written, true);
} }
} }
// exports.OAuth.prototype._performSecureRequest= function( oauth_token, oauth_token_secret, method, url, extra_params, post_body, post_content_type, callback ) {
}, },
'When performing a secure' : { 'When performing a secure' : {
topic: new OAuth("http://foo.com/RequestToken", topic: new OAuth("http://foo.com/RequestToken",
@ -144,102 +154,118 @@ vows.describe('OAuth').addBatch({
"it should call the internal request's end method and return nothing": function(oa) { "it should call the internal request's end method and return nothing": function(oa) {
var callbackCalled= false; var callbackCalled= false;
var op= oa._createClient; var op= oa._createClient;
oa._createClient= function() { try {
return { oa._createClient= function() {
request: function(method, path, headers) { return {
return { request: function(method, path, headers) {
write: function(){}, return {
socket: {addListener: function(){}}, write: function(){},
addListener: function() {}, socket: {addListener: function(){}},
end: function() { addListener: function() {},
callbackCalled= true; end: function() {
callbackCalled= true;
}
} }
} }
} }
} }
var request= oa.post("http://foo.com/blah", "token", "token_secret", "BLAH", "text/plain", function(e,d){})
assert.equal(callbackCalled, true);
assert.isUndefined(request);
}
finally {
oa._createClient= op;
} }
var request= oa.post("http://foo.com/blah", "token", "token_secret", "BLAH", "text/plain", function(e,d){})
assert.equal(callbackCalled, true);
assert.isUndefined(request);
oa._createClient= op;
} }
}, },
'if the post_body is not a string' : { 'if the post_body is not a string' : {
"It should be url encoded and the content type set to be x-www-form-urlencoded" : function(oa) { "It should be url encoded and the content type set to be x-www-form-urlencoded" : function(oa) {
var op= oa._createClient; var op= oa._createClient;
var callbackCalled= false; try {
oa._createClient= function() { var callbackCalled= false;
return { oa._createClient= function() {
request: function(method, path, headers) { return {
assert.equal(headers["Content-Type"], "application/x-www-form-urlencoded") request: function(method, path, headers) {
return { assert.equal(headers["Content-Type"], "application/x-www-form-urlencoded")
socket: {addListener: function(){}}, return {
write: function(data) { socket: {addListener: function(){}},
callbackCalled= true; write: function(data) {
assert.equal(data, "foo=1%2C2%2C3&bar=1%2B2"); callbackCalled= true;
}, assert.equal(data, "foo=1%2C2%2C3&bar=1%2B2");
addListener: function() {}, },
end: function() {} addListener: function() {},
end: function() {}
}
} }
} }
} }
var request= oa.post("http://foo.com/blah", "token", "token_secret", {"foo":"1,2,3", "bar":"1+2"})
assert.equal(callbackCalled, true);
}
finally {
oa._createClient= op;
} }
var request= oa.post("http://foo.com/blah", "token", "token_secret", {"foo":"1,2,3", "bar":"1+2"})
assert.equal(callbackCalled, true);
oa._createClient= op;
} }
}, },
'if the post_body is a string' : { 'if the post_body is a string' : {
"and no post_content_type is specified" : { "and no post_content_type is specified" : {
"It should be written as is, with a content length specified, and the encoding should be set to be x-www-form-urlencoded" : function(oa) { "It should be written as is, with a content length specified, and the encoding should be set to be x-www-form-urlencoded" : function(oa) {
var op= oa._createClient; var op= oa._createClient;
var callbackCalled= false; try {
oa._createClient= function() { var callbackCalled= false;
return { oa._createClient= function() {
request: function(method, path, headers) { return {
assert.equal(headers["Content-Type"], "application/x-www-form-urlencoded"); request: function(method, path, headers) {
assert.equal(headers["Content-length"], 23); assert.equal(headers["Content-Type"], "application/x-www-form-urlencoded");
return { assert.equal(headers["Content-length"], 23);
socket: {addListener: function(){}}, return {
write: function(data) { socket: {addListener: function(){}},
callbackCalled= true; write: function(data) {
assert.equal(data, "foo=1%2C2%2C3&bar=1%2B2"); callbackCalled= true;
}, assert.equal(data, "foo=1%2C2%2C3&bar=1%2B2");
addListener: function() {}, },
end: function() {} addListener: function() {},
end: function() {}
}
} }
} }
} }
var request= oa.post("http://foo.com/blah", "token", "token_secret", "foo=1%2C2%2C3&bar=1%2B2")
assert.equal(callbackCalled, true);
}
finally {
oa._createClient= op;
} }
var request= oa.post("http://foo.com/blah", "token", "token_secret", "foo=1%2C2%2C3&bar=1%2B2")
assert.equal(callbackCalled, true);
oa._createClient= op;
} }
}, },
"and a post_content_type is specified" : { "and a post_content_type is specified" : {
"It should be written as is, with a content length specified, and the encoding should be set to be as specified" : function(oa) { "It should be written as is, with a content length specified, and the encoding should be set to be as specified" : function(oa) {
var op= oa._createClient; var op= oa._createClient;
var callbackCalled= false; try {
oa._createClient= function() { var callbackCalled= false;
return { oa._createClient= function() {
request: function(method, path, headers) { return {
assert.equal(headers["Content-Type"], "unicorn/encoded"); request: function(method, path, headers) {
assert.equal(headers["Content-length"], 23); assert.equal(headers["Content-Type"], "unicorn/encoded");
return { assert.equal(headers["Content-length"], 23);
socket: {addListener: function(){}}, return {
write: function(data) { socket: {addListener: function(){}},
callbackCalled= true; write: function(data) {
assert.equal(data, "foo=1%2C2%2C3&bar=1%2B2"); callbackCalled= true;
}, assert.equal(data, "foo=1%2C2%2C3&bar=1%2B2");
addListener: function() {}, },
end: function() {} addListener: function() {},
end: function() {}
}
} }
} }
} }
var request= oa.post("http://foo.com/blah", "token", "token_secret", "foo=1%2C2%2C3&bar=1%2B2", "unicorn/encoded")
assert.equal(callbackCalled, true);
}
finally {
oa._createClient= op;
} }
var request= oa.post("http://foo.com/blah", "token", "token_secret", "foo=1%2C2%2C3&bar=1%2B2", "unicorn/encoded")
assert.equal(callbackCalled, true);
oa._createClient= op;
} }
} }
} }
@ -248,7 +274,7 @@ vows.describe('OAuth').addBatch({
'if no callback is passed' : { 'if no callback is passed' : {
'it should return a request object': function(oa) { 'it should return a request object': function(oa) {
var request= oa.get("http://foo.com/blah", "token", "token_secret") var request= oa.get("http://foo.com/blah", "token", "token_secret")
assert.isObject(request); assert.isObject(request);
assert.equal(request.method, "GET"); assert.equal(request.method, "GET");
request.end(); request.end();
} }
@ -257,23 +283,27 @@ vows.describe('OAuth').addBatch({
"it should call the internal request's end method and return nothing": function(oa) { "it should call the internal request's end method and return nothing": function(oa) {
var callbackCalled= false; var callbackCalled= false;
var op= oa._createClient; var op= oa._createClient;
oa._createClient= function() { try {
return { oa._createClient= function() {
request: function(method, path, headers) { return {
return { request: function(method, path, headers) {
socket: {addListener: function(){}}, return {
addListener: function() {}, socket: {addListener: function(){}},
end: function() { addListener: function() {},
callbackCalled= true; end: function() {
callbackCalled= true;
}
} }
} }
} }
} }
var request= oa.get("http://foo.com/blah", "token", "token_secret", function(e,d) {})
assert.equal(callbackCalled, true);
assert.isUndefined(request);
}
finally {
oa._createClient= op;
} }
var request= oa.get("http://foo.com/blah", "token", "token_secret", function(e,d) {})
assert.equal(callbackCalled, true);
assert.isUndefined(request);
oa._createClient= op;
} }
}, },
} }