From 9fbff2a0fe44cb3572662c909b7b8c19c27d62b2 Mon Sep 17 00:00:00 2001 From: Joe Littlejohn Date: Tue, 1 Apr 2014 11:16:21 +0100 Subject: [PATCH 1/2] Comment out tests that refer to non-existent vars --- test/oauth_server/server_test.clj | 188 +++++++++++++++--------------- 1 file changed, 94 insertions(+), 94 deletions(-) diff --git a/test/oauth_server/server_test.clj b/test/oauth_server/server_test.clj index 59a2367..892989a 100644 --- a/test/oauth_server/server_test.clj +++ b/test/oauth_server/server_test.clj @@ -120,101 +120,101 @@ :scheme :http :params {:file "vacation.jpg" :size "original"} :headers { :authorize "OAuth realm=\"http://sp.example.com/\", oauth_consumer_key=\"dpf43f3p2l4k3l03\", oauth_signature_method=\"PLAINTEXT\", oauth_signature=\"kd94hf93k423kf44%26\", oauth_timestamp=\"1191242096\", oauth_nonce=\"kllo9940pd9333jh\",oauth_version=\"1.0\""}}) :status))))) - -(deftest - #^{:doc "token request"} - request-token - (let [consumer (store/create-consumer :memory)] - (is (= 401 ((oc/request-token :memory {} ) :status))) - (is (= 401 ((oc/request-token :memory {:oauth-consumer consumer }) :status))) - (is (= 200 ((oc/request-token :memory {:oauth-consumer consumer :oauth-params {:oauth_callback "http://blabla.inv/callback"}}) :status))) - (is (= 200 ((oc/request-token :memory {:oauth-consumer consumer :oauth-params {:oauth_callback "oob"}}) :status))) - (let [token-body ((oc/request-token :memory - {:oauth-consumer consumer :oauth-params {:oauth_callback "http://blabla.inv/callback"}}) :body ) - token-params (os/parse-form-encoded token-body)] - (is (not (nil? token-body))) - (is (not (nil? token-params))) - (is (not (nil? (token-params :oauth_token)))) - (is (not (nil? (token-params :oauth_secret)))) - (is (= (token-params :oauth_callback_confirmed) "true")) - (is (nil? (token-params :oauth_verifier))) - (let [token (store/get-request-token :memory (token-params :oauth_token))] - (is (not (nil? token))) - (is (= (token :token) (token-params :oauth_token))) - (is (= (token :secret) (token-params :oauth_secret))) - (is (= (token :consumer) consumer)) - (is (not (nil? (token :verifier)))) - ) - )) - ) - -;; -(deftest - #^{:doc "integrated token request in app using example from http://oauth.net/core/1.0a/#anchor43"} - integrated-token-request - (let [oauth-app (os/wrap-oauth (os/oauth-token-manager app :memory ) :memory) - _ (store/store-consumer :memory {:key "dpf43f3p2l4k3l03" :secret "kd94hf93k423kf44"})] - (is (= 401 ((oauth-app {}) :status))) - (is (= 401 ((oauth-app {:headers { :authorize "Basic realm=\"Secure Area\""}}) :status))) - (is (= 401 ((oauth-app {:headers { :authorize "OAuth realm=\"https://photos.example.net/\", oauth_consumer_key=\"dpf43f3p2l4k3l03\", oauth_signature_method=\"HMAC-SHA1\", oauth_signature=\"fake\", oauth_timestamp=\"1191242090\", oauth_nonce=\"hsu94j3884jdopsl\", oauth_version=\"1.0\", oauth_callback=\"http%3A%2F%2Fprinter.example.com%2Frequest_token_ready\""}}) :status))) - (let [ response (oauth-app { - :request-method :post - :server-name "photos.example.net" - :uri "/oauth/request_token" - :scheme :https - :headers { :authorize "OAuth realm=\"https://photos.example.net/\", oauth_consumer_key=\"dpf43f3p2l4k3l03\", oauth_signature_method=\"PLAINTEXT\", oauth_signature=\"kd94hf93k423kf44%26\", oauth_timestamp=\"1191242090\", oauth_nonce=\"hsu94j3884jdopsl\", oauth_callback=\"http://printer.example.com/request_token_ready\" oauth_version=\"1.0\""}}) - token-body (response :body) - _ (println token-body) - token-params (os/parse-form-encoded (response :body))] - (is(= 200 (response :status))) - (is (not (nil? token-body))) - (is (not (nil? token-params))) - (is (not (nil? (token-params :oauth_token)))) - (is (not (nil? (token-params :oauth_secret)))) - (is (= (token-params :oauth_callback_confirmed) "true")) - (is (nil? (token-params :oauth_verifier))) - (let [token (store/get-request-token :memory (token-params :oauth_token))] - (is (not (nil? token))) - (is (= (token :token) (token-params :oauth_token))) - (is (= (token :secret) (token-params :oauth_secret))) - (is (= (token :consumer) (store/get-consumer :memory "dpf43f3p2l4k3l03"))) - (is (not (nil? (token :verifier)))) +(comment + (deftest + #^{:doc "token request"} + request-token + (let [consumer (store/create-consumer :memory)] + (is (= 401 ((oc/request-token :memory {} ) :status))) + (is (= 401 ((oc/request-token :memory {:oauth-consumer consumer }) :status))) + (is (= 200 ((oc/request-token :memory {:oauth-consumer consumer :oauth-params {:oauth_callback "http://blabla.inv/callback"}}) :status))) + (is (= 200 ((oc/request-token :memory {:oauth-consumer consumer :oauth-params {:oauth_callback "oob"}}) :status))) + (let [token-body ((oc/request-token :memory + {:oauth-consumer consumer :oauth-params {:oauth_callback "http://blabla.inv/callback"}}) :body ) + token-params (os/parse-form-encoded token-body)] + (is (not (nil? token-body))) + (is (not (nil? token-params))) + (is (not (nil? (token-params :oauth_token)))) + (is (not (nil? (token-params :oauth_secret)))) + (is (= (token-params :oauth_callback_confirmed) "true")) + (is (nil? (token-params :oauth_verifier))) + (let [token (store/get-request-token :memory (token-params :oauth_token))] + (is (not (nil? token))) + (is (= (token :token) (token-params :oauth_token))) + (is (= (token :secret) (token-params :oauth_secret))) + (is (= (token :consumer) consumer)) + (is (not (nil? (token :verifier)))) + ) )) - - )) - + )) -(deftest - #^{:doc "access token request"} - access-token - (let [consumer (store/create-consumer :memory) - request-token (store/create-request-token :memory consumer "http://test.com/callback") - ] - (is (= 401 ((os/access-token :memory {} ) :status))) - (is (= 401 ((os/access-token :memory { :oauth-consumer consumer }) :status))) - (is (= 401 ((os/access-token :memory { :oauth-consumer consumer :oauth-token request-token :oauth-params {:oauth_verifier (request-token :verifier)}}) :status))) - (is (= 401 ((os/access-token :memory { :oauth-consumer consumer :oauth-token request-token :oauth-params {:oauth_verifier (request-token :verifier)}}) :status))) - (do - (store/authorize-token :memory (request-token :token)) - (let [request-token (store/get-request-token :memory (request-token :token))] - (is (= 401 ((os/access-token :memory { :oauth-consumer consumer :oauth-token request-token :oauth-params {} }) :status))) - (is (= 401 ((os/access-token :memory { :oauth-consumer consumer :oauth-token request-token :oauth-params {:oauth_verifier "fake"}}) :status))) - (let [ token-response (os/access-token :memory {:oauth-consumer consumer :oauth-token request-token - :oauth-params {:oauth_verifier (request-token :verifier)}}) - token-params (os/parse-form-encoded (token-response :body))] - (is (= 200 (token-response :status))) - (is (not (nil? token-params))) - (is (not (nil? (token-params :oauth_token)))) - (is (not (nil? (token-params :oauth_secret)))) - (let [token (store/get-access-token :memory (token-params :oauth_token))] - (is (not (nil? token))) - (is (= (token :token) (token-params :oauth_token))) - (is (= (token :secret) (token-params :oauth_secret))) - (is (= (token :consumer) consumer)) - ) - )) - - ) - )) +(comment + (deftest + #^{:doc "integrated token request in app using example from http://oauth.net/core/1.0a/#anchor43"} + integrated-token-request + (let [oauth-app (os/wrap-oauth (os/oauth-token-manager app :memory ) :memory) + _ (store/store-consumer :memory {:key "dpf43f3p2l4k3l03" :secret "kd94hf93k423kf44"})] + (is (= 401 ((oauth-app {}) :status))) + (is (= 401 ((oauth-app {:headers { :authorize "Basic realm=\"Secure Area\""}}) :status))) + (is (= 401 ((oauth-app {:headers { :authorize "OAuth realm=\"https://photos.example.net/\", oauth_consumer_key=\"dpf43f3p2l4k3l03\", oauth_signature_method=\"HMAC-SHA1\", oauth_signature=\"fake\", oauth_timestamp=\"1191242090\", oauth_nonce=\"hsu94j3884jdopsl\", oauth_version=\"1.0\", oauth_callback=\"http%3A%2F%2Fprinter.example.com%2Frequest_token_ready\""}}) :status))) + (let [ response (oauth-app { + :request-method :post + :server-name "photos.example.net" + :uri "/oauth/request_token" + :scheme :https + :headers { :authorize "OAuth realm=\"https://photos.example.net/\", oauth_consumer_key=\"dpf43f3p2l4k3l03\", oauth_signature_method=\"PLAINTEXT\", oauth_signature=\"kd94hf93k423kf44%26\", oauth_timestamp=\"1191242090\", oauth_nonce=\"hsu94j3884jdopsl\", oauth_callback=\"http://printer.example.com/request_token_ready\" oauth_version=\"1.0\""}}) + token-body (response :body) + _ (println token-body) + token-params (os/parse-form-encoded (response :body))] + (is(= 200 (response :status))) + (is (not (nil? token-body))) + (is (not (nil? token-params))) + (is (not (nil? (token-params :oauth_token)))) + (is (not (nil? (token-params :oauth_secret)))) + (is (= (token-params :oauth_callback_confirmed) "true")) + (is (nil? (token-params :oauth_verifier))) + (let [token (store/get-request-token :memory (token-params :oauth_token))] + (is (not (nil? token))) + (is (= (token :token) (token-params :oauth_token))) + (is (= (token :secret) (token-params :oauth_secret))) + (is (= (token :consumer) (store/get-consumer :memory "dpf43f3p2l4k3l03"))) + (is (not (nil? (token :verifier)))) + )) + + ))) + +(comment + (deftest + #^{:doc "access token request"} + access-token + (let [consumer (store/create-consumer :memory) + request-token (store/create-request-token :memory consumer "http://test.com/callback") + ] + (is (= 401 ((os/access-token :memory {} ) :status))) + (is (= 401 ((os/access-token :memory { :oauth-consumer consumer }) :status))) + (is (= 401 ((os/access-token :memory { :oauth-consumer consumer :oauth-token request-token :oauth-params {:oauth_verifier (request-token :verifier)}}) :status))) + (is (= 401 ((os/access-token :memory { :oauth-consumer consumer :oauth-token request-token :oauth-params {:oauth_verifier (request-token :verifier)}}) :status))) + (do + (store/authorize-token :memory (request-token :token)) + (let [request-token (store/get-request-token :memory (request-token :token))] + (is (= 401 ((os/access-token :memory { :oauth-consumer consumer :oauth-token request-token :oauth-params {} }) :status))) + (is (= 401 ((os/access-token :memory { :oauth-consumer consumer :oauth-token request-token :oauth-params {:oauth_verifier "fake"}}) :status))) + (let [ token-response (os/access-token :memory {:oauth-consumer consumer :oauth-token request-token + :oauth-params {:oauth_verifier (request-token :verifier)}}) + token-params (os/parse-form-encoded (token-response :body))] + (is (= 200 (token-response :status))) + (is (not (nil? token-params))) + (is (not (nil? (token-params :oauth_token)))) + (is (not (nil? (token-params :oauth_secret)))) + (let [token (store/get-access-token :memory (token-params :oauth_token))] + (is (not (nil? token))) + (is (= (token :token) (token-params :oauth_token))) + (is (= (token :secret) (token-params :oauth_secret))) + (is (= (token :consumer) consumer)) + ) + )) + + ) + ))) From 83e436dd41b37618e51cef46bc43d987a1808aab Mon Sep 17 00:00:00 2001 From: Joe Littlejohn Date: Tue, 1 Apr 2014 11:21:10 +0100 Subject: [PATCH 2/2] Allow oauth params via the query string or form See http://tools.ietf.org/html/rfc5849#section-3.5.2 --- src/oauth_server/server.clj | 12 +++++-- test/oauth_server/server_test.clj | 52 ++++++++++++++++++++++--------- 2 files changed, 47 insertions(+), 17 deletions(-) diff --git a/src/oauth_server/server.clj b/src/oauth_server/server.clj index 8a2f62a..5215c25 100644 --- a/src/oauth_server/server.clj +++ b/src/oauth_server/server.clj @@ -16,8 +16,16 @@ (map (fn [x] {(keyword ( x 1)) (sig/url-decode (x 2))}) (re-seq #"(oauth_[^=, ]+)=\"([^\"]*)\"" auth))))) +(defn parse-oauth-requestparams + "Parses the oauth values from the form or query params" + [request] + (not-empty (select-keys (:params request) [:oauth_consumer_key :oauth_callback :oauth_nonce + :oauth_signature :oauth_signature_method :oauth_timestamp + :oauth_token :oauth_version]))) + (defn oauth-params [request] - (parse-oauth-header ((or (request :headers) {}) "authorization"))) + (or (parse-oauth-header ((or (request :headers) {}) "authorization")) + (parse-oauth-requestparams request))) (defn request-method [request] (upper-case (as-str (request :request-method)))) @@ -41,7 +49,7 @@ (apply dissoc (:params req) (keys (:route-params req)))) (defn request-parameters [request] - (merge (dissoc (oauth-params request) :oauth_signature) (params-without-route request))) + (dissoc (merge (oauth-params request) (params-without-route request)) :oauth_signature)) (defn request-base-string "creates a signature base string from a ring request" diff --git a/test/oauth_server/server_test.clj b/test/oauth_server/server_test.clj index 892989a..a88df9d 100644 --- a/test/oauth_server/server_test.clj +++ b/test/oauth_server/server_test.clj @@ -21,25 +21,47 @@ (is (= (os/parse-oauth-header "Basic realm=\"Secure Area\"") nil)) (is (= (os/parse-oauth-header "") nil)) (is (= (os/parse-oauth-header nil) nil)) -) + ) + +(deftest + #^{:doc "Test parsing of oauth values from request params."} + parse-oauth-requestparams + (is (= (os/parse-oauth-requestparams {:params {:oauth_consumer_key "0685bd9184jfhq22" + :oauth_token "ad180jjd733klru7" + :oauth_signature_method "HMAC-SHA1" + :oauth_signature "wOJIO9A2W5mFwDgiDvZbTSMK/PY=" + :oauth_timestamp "137131200" + :oauth_nonce "4572616e48616d6d65724c61686176" + :oauth_version "1.0" + :other-param "xxx"}}) + {:oauth_consumer_key "0685bd9184jfhq22" + :oauth_token "ad180jjd733klru7" + :oauth_signature_method "HMAC-SHA1" + :oauth_signature "wOJIO9A2W5mFwDgiDvZbTSMK/PY=" + :oauth_timestamp "137131200" + :oauth_nonce "4572616e48616d6d65724c61686176" + :oauth_version "1.0"}))) + (deftest - #^{:doc "Test extraction of oauth parameters."} + #^{:doc "Test extraction of oauth parameters."} oauth-params (is (= (os/oauth-params {:headers {}}) nil)) - (is (= (os/oauth-params {:headers {:authorize "Basic realm=\"Secure Area\""}}) nil)) - (is (= (os/oauth-params {:headers - { :authorize "OAuth realm=\"http://sp.example.com/\", oauth_consumer_key=\"0685bd9184jfhq22\", oauth_token=\"ad180jjd733klru7\", oauth_signature_method=\"HMAC-SHA1\", oauth_signature=\"wOJIO9A2W5mFwDgiDvZbTSMK%2FPY%3D\", oauth_timestamp=\"137131200\", oauth_nonce=\"4572616e48616d6d65724c61686176\",oauth_version=\"1.0\""}}) - { :oauth_consumer_key "0685bd9184jfhq22" - :oauth_token "ad180jjd733klru7" - :oauth_signature_method "HMAC-SHA1" - :oauth_signature "wOJIO9A2W5mFwDgiDvZbTSMK/PY=" - :oauth_timestamp "137131200" - :oauth_nonce "4572616e48616d6d65724c61686176" - :oauth_version "1.0" - })) - ) - + (is (= (os/oauth-params {:headers {"authorization" "Basic realm=\"Secure Area\""}}) nil)) + (is (= (os/oauth-params {:headers + { "authorization" "OAuth realm=\"http://sp.example.com/\", oauth_consumer_key=\"0685bd9184jfhq22\", oauth_token=\"ad180jjd733klru7\", oauth_signature_method=\"HMAC-SHA1\", oauth_signature=\"wOJIO9A2W5mFwDgiDvZbTSMK%2FPY%3D\", oauth_timestamp=\"137131200\", oauth_nonce=\"4572616e48616d6d65724c61686176\",oauth_version=\"1.0\""}}) + {:oauth_consumer_key "0685bd9184jfhq22" + :oauth_token "ad180jjd733klru7" + :oauth_signature_method "HMAC-SHA1" + :oauth_signature "wOJIO9A2W5mFwDgiDvZbTSMK/PY=" + :oauth_timestamp "137131200" + :oauth_nonce "4572616e48616d6d65724c61686176" + :oauth_version "1.0" + })) + (is (= (os/oauth-params {:headers {} + :params {:oauth_consumer_key "0685bd9184jfhq22"}}) + {:oauth_consumer_key "0685bd9184jfhq22"}))) + (deftest request-method (is (= "GET" (os/request-method {:request-method :get})))