Fixed the parameter ordering, and added support for repeated arguments. Fixes issue 14

lib/oauth.js

@@ -95,12 +95,26 @@ exports.OAuth.prototype._buildAuthorizationHeaders= function(orderedParameters)
   return authHeader;
 }
 
-// Takes a literal in, then returns a sorted array
+// Takes an object literal that represents the arguments, and returns an array
-exports.OAuth.prototype._sortRequestParams= function(argumentsHash) {
+// of argument/value pairs.
+exports.OAuth.prototype._makeArrayOfArgumentsHash= function(argumentsHash) {
   var argument_pairs= [];
   for(var key in argumentsHash ) {
-      argument_pairs[argument_pairs.length]= [key, argumentsHash[key]];
+       var value= argumentsHash[key];
+       if( Array.isArray(value) ) {
+         for(var i=0;i<value.length;i++) {
+           argument_pairs[argument_pairs.length]= [key, value[i]];
+         }
+       }
+       else {
+         argument_pairs[argument_pairs.length]= [key, value];
+       }
   }
+  return argument_pairs;  
+} 
+
+// Sorts the encoded key value pairs by encoded name, then encoded value
+exports.OAuth.prototype._sortRequestParams= function(argument_pairs) {
   // Sort by name, then value.
   argument_pairs.sort(function(a,b) {
       if ( a[0]== b[0] )  {
@@ -113,12 +127,22 @@ exports.OAuth.prototype._sortRequestParams= function(argumentsHash) {
 }
 
 exports.OAuth.prototype._normaliseRequestParams= function(arguments) {
-  var argument_pairs= this._sortRequestParams( arguments );
+  var argument_pairs= this._makeArrayOfArgumentsHash(arguments);
+  // First encode them #3.4.1.3.2 .1
+  for(var i=0;i<argument_pairs.length;i++) {
+    argument_pairs[i][0]= this._encodeData( argument_pairs[i][0] );
+    argument_pairs[i][1]= this._encodeData( argument_pairs[i][1] );
+  }
+  
+  // Then sort them #3.4.1.3.2 .2
+  argument_pairs= this._sortRequestParams( argument_pairs );
+  
+  // Then concatenate together #3.4.1.3.2 .3 & .4
   var args= "";
   for(var i=0;i<argument_pairs.length;i++) {
-      args+= this._encodeData( argument_pairs[i][0] );
+      args+= argument_pairs[i][0];
       args+= "="
-      args+= this._encodeData( argument_pairs[i][1] );
+      args+= argument_pairs[i][1];
       if( i < argument_pairs.length-1 ) args+= "&";
   }     
   return args;
@@ -196,7 +220,7 @@ exports.OAuth.prototype._prepareParameters= function( oauth_token, oauth_token_s
   }
 
   var sig= this._getSignature( method,  url,  this._normaliseRequestParams(oauthParameters), oauth_token_secret);
-  var orderedParameters= this._sortRequestParams( oauthParameters );
+  var orderedParameters= this._sortRequestParams( this._makeArrayOfArgumentsHash(oauthParameters) );
   orderedParameters[orderedParameters.length]= ["oauth_signature", sig];
   return orderedParameters;
 }

tests/oauth.js

@@ -24,6 +24,67 @@ vows.describe('OAuth').addBatch({
         assert.equal( oa._normalizeUrl("http://somehost.com"),  "http://somehost.com/")
       }
     },
+    'When making an array out of the arguments hash' : {
+      topic: new OAuth(null, null, null, null, null, null, "HMAC-SHA1"),
+      'flatten out arguments that are arrays' : function(oa) {
+        var parameters= {"z": "a",
+                      "a": ["1", "2"], 
+                      "1": "c" };
+        var parameterResults= oa._makeArrayOfArgumentsHash(parameters);
+        assert.equal(parameterResults.length, 4);
+        assert.equal(parameterResults[0][0], "1");
+        assert.equal(parameterResults[1][0], "z");
+        assert.equal(parameterResults[2][0], "a");
+        assert.equal(parameterResults[3][0], "a");
+      }
+    },
+    'When ordering the request parameters'  : {
+      topic: new OAuth(null, null, null, null, null, null, "HMAC-SHA1"),
+      'Order them by name' : function(oa) {
+        var parameters= {"z": "a",
+                      "a": "b", 
+                      "1": "c" };
+        var parameterResults= oa._sortRequestParams(oa._makeArrayOfArgumentsHash(parameters))
+        assert.equal(parameterResults[0][0], "1");
+        assert.equal(parameterResults[1][0], "a");        
+        assert.equal(parameterResults[2][0], "z");        
+      },
+      'If two parameter names are the same then order by the value': function(oa) {
+        var parameters= {"z": "a",
+                      "a": ["z", "b", "b", "a", "y"], 
+                      "1": "c" };
+        var parameterResults= oa._sortRequestParams(oa._makeArrayOfArgumentsHash(parameters))
+        assert.equal(parameterResults[0][0], "1");
+        assert.equal(parameterResults[1][0], "a");        
+        assert.equal(parameterResults[1][1], "a");        
+        assert.equal(parameterResults[2][0], "a");        
+        assert.equal(parameterResults[2][1], "b");        
+        assert.equal(parameterResults[3][0], "a");        
+        assert.equal(parameterResults[3][1], "b");        
+        assert.equal(parameterResults[4][0], "a");        
+        assert.equal(parameterResults[4][1], "y");        
+        assert.equal(parameterResults[5][0], "a");        
+        assert.equal(parameterResults[5][1], "z");        
+        assert.equal(parameterResults[6][0], "z");        
+      }
+    },
+    'When normalising the request parameters': {
+      topic: new OAuth(null, null, null, null, null, null, "HMAC-SHA1"),
+      'the resulting parameters should be encoded and ordered as per http://tools.ietf.org/html/rfc5849#section-3.1 (3.4.1.3.2)' : function(oa) {
+        var parameters= {"b5" : "=%3D",
+          "a3": ["a", "2 q"],
+          "c@": "",
+          "a2": "r b",
+          "oauth_consumer_key": "9djdj82h48djs9d2",
+          "oauth_token":"kkk9d7dh3k39sjv7",
+          "oauth_signature_method": "HMAC-SHA1",
+          "oauth_timestamp": "137131201",
+          "oauth_nonce": "7d8f3e4a",
+          "c2" :  ""};
+        var normalisedParameterString= oa._normaliseRequestParams(parameters);
+        assert.equal(normalisedParameterString, "a2=r%20b&a3=2%20q&a3=a&b5=%3D%253D&c%40=&c2=&oauth_consumer_key=9djdj82h48djs9d2&oauth_nonce=7d8f3e4a&oauth_signature_method=HMAC-SHA1&oauth_timestamp=137131201&oauth_token=kkk9d7dh3k39sjv7");
+      }
+    },
     'When signing a url': {
       topic: function() {
         var oa= new OAuth(null, null, "consumerkey", "consumersecret", "1.0", null, "HMAC-SHA1");