mirror of
https://github.com/guzzle/guzzle.git
synced 2025-02-24 18:13:00 +01:00
Merge remote-tracking branch 'danack/OauthOptionalVariables'
This commit is contained in:
Michael Dowling
commit
195f8458b7
@ -68,18 +68,8 @@ class OauthPlugin implements EventSubscriberInterface
|
||||
$timestamp = $this->getTimestamp($event);
|
||||
$request = $event['request'];
|
||||
$nonce = $this->generateNonce($request);
|
||||
|
||||
$authorizationParams = array(
|
||||
'oauth_callback' => $this->config['callback'],
|
||||
'oauth_consumer_key' => $this->config['consumer_key'],
|
||||
'oauth_nonce' => $nonce,
|
||||
'oauth_signature' => $this->getSignature($request, $timestamp, $nonce),
|
||||
'oauth_signature_method' => $this->config['signature_method'],
|
||||
'oauth_timestamp' => $timestamp,
|
||||
'oauth_token' => $this->config['token'],
|
||||
'oauth_verifier' => $this->config['verifier'],
|
||||
'oauth_version' => $this->config['version'],
|
||||
);
|
||||
$authorizationParams = $this->getOauthParams($timestamp, $nonce);
|
||||
$authorizationParams['oauth_signature'] = $this->getSignature($request, $timestamp, $nonce);
|
||||
|
||||
$request->setHeader(
|
||||
'Authorization',
|
||||
@ -152,8 +142,43 @@ class OauthPlugin implements EventSubscriberInterface
|
||||
}
|
||||
|
||||
/**
|
||||
* Parameters sorted and filtered in order to properly sign a request
|
||||
*
|
||||
* Get the oauth parameters as named by the oauth spec
|
||||
*
|
||||
* @param $timestamp
|
||||
* @param $nonce
|
||||
* @return Collection
|
||||
*/
|
||||
protected function getOauthParams($timestamp, $nonce){
|
||||
$params = new Collection(array(
|
||||
'oauth_consumer_key' => $this->config['consumer_key'],
|
||||
'oauth_nonce' => $nonce,
|
||||
'oauth_signature_method' => $this->config['signature_method'],
|
||||
'oauth_timestamp' => $timestamp,
|
||||
));
|
||||
|
||||
//Optional parameters should not be set if they have not been set in the config as
|
||||
//the parameter may be considered invalid by the Oauth service.
|
||||
$optionalParams = array(
|
||||
'callback' => 'oauth_callback',
|
||||
'token' => 'oauth_token',
|
||||
'verifier' => 'oauth_verifier',
|
||||
'version' => 'oauth_version'
|
||||
);
|
||||
|
||||
foreach ($optionalParams as $optionName => $oauthName) {
|
||||
if (isset($this->config[$optionName]) == true) {
|
||||
$params[$oauthName] = $this->config[$optionName];
|
||||
}
|
||||
}
|
||||
return $params;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get all of the parameters required to sign a request including:
|
||||
* * The oauth params
|
||||
* * The request GET params
|
||||
* * The params passed in the POST body (with a content-type of application/x-www-form-urlencoded)
|
||||
*
|
||||
* @param RequestInterface $request Request to generate a signature for
|
||||
* @param integer $timestamp Timestamp to use for nonce
|
||||
* @param string $nonce
|
||||
@ -162,16 +187,7 @@ class OauthPlugin implements EventSubscriberInterface
|
||||
*/
|
||||
public function getParamsToSign(RequestInterface $request, $timestamp, $nonce)
|
||||
{
|
||||
$params = new Collection(array(
|
||||
'oauth_consumer_key' => $this->config['consumer_key'],
|
||||
'oauth_nonce' => $nonce,
|
||||
'oauth_signature_method' => $this->config['signature_method'],
|
||||
'oauth_timestamp' => $timestamp,
|
||||
'oauth_token' => $this->config['token'],
|
||||
'oauth_version' => $this->config['version'],
|
||||
'oauth_callback' => $this->config['callback'],
|
||||
'oauth_verifier' => $this->config['verifier']
|
||||
));
|
||||
$params = $this->getOauthParams($timestamp, $nonce);
|
||||
|
||||
// Add query string parameters
|
||||
$params->merge($request->getQuery());
|
||||
|
||||
@ -169,6 +169,10 @@ class OauthPluginTest extends \Guzzle\Tests\GuzzleTestCase
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Test that the Oauth is signed correctly and that extra strings haven't been added
|
||||
* to the authorization header.
|
||||
*/
|
||||
public function testSignsOauthRequests()
|
||||
{
|
||||
$p = new OauthPlugin($this->config);
|
||||
@ -180,15 +184,36 @@ class OauthPluginTest extends \Guzzle\Tests\GuzzleTestCase
|
||||
|
||||
$this->assertTrue($event['request']->hasHeader('Authorization'));
|
||||
|
||||
$this->assertEquals('OAuth oauth_consumer_key="foo", '
|
||||
. 'oauth_nonce="'.urlencode($params['oauth_nonce']).'", '
|
||||
. 'oauth_signature="'.urlencode($params['oauth_signature']).'", '
|
||||
. 'oauth_signature_method="HMAC-SHA1", '
|
||||
. 'oauth_timestamp="' . self::TIMESTAMP . '", '
|
||||
. 'oauth_token="count", '
|
||||
. 'oauth_version="1.0"',
|
||||
(string) $event['request']->getHeader('Authorization')
|
||||
$authorizationHeader = (string)$event['request']->getHeader('Authorization');
|
||||
|
||||
$this->assertStringStartsWith("OAuth ", $authorizationHeader);
|
||||
|
||||
$stringsToCheck = array(
|
||||
'oauth_consumer_key="foo"',
|
||||
'oauth_nonce="'.urlencode($params['oauth_nonce']).'"',
|
||||
'oauth_signature="'.urlencode($params['oauth_signature']).'"',
|
||||
'oauth_signature_method="HMAC-SHA1"',
|
||||
'oauth_timestamp="' . self::TIMESTAMP . '"',
|
||||
'oauth_token="count"',
|
||||
'oauth_version="1.0"',
|
||||
);
|
||||
|
||||
$totalLength = strlen("OAuth ");
|
||||
|
||||
//Separator is not used before first parameter.
|
||||
$separator = "";
|
||||
|
||||
foreach ($stringsToCheck as $stringToCheck) {
|
||||
$this->assertContains($stringToCheck, $authorizationHeader);
|
||||
$totalLength += strlen($separator);
|
||||
$totalLength += strlen($stringToCheck);
|
||||
$separator = ", ";
|
||||
}
|
||||
|
||||
//Technically this test is not universally valid. It would be allowable to have extra \n characters
|
||||
//in the Authorization header. However Guzzle does not do this, so we just perform a simple check
|
||||
//on length to validate the Authorization header is composed of only the strings above.
|
||||
$this->assertEquals($totalLength, strlen($authorizationHeader), "Authorization has extra characters i.e. contains extra elements compared to stringsToCheck.");
|
||||
}
|
||||
|
||||
public function testDoesNotAddFalseyValuesToAuthorization()
|
||||
@ -200,4 +225,37 @@ class OauthPluginTest extends \Guzzle\Tests\GuzzleTestCase
|
||||
$this->assertTrue($event['request']->hasHeader('Authorization'));
|
||||
$this->assertNotContains('oauth_token=', (string) $event['request']->getHeader('Authorization'));
|
||||
}
|
||||
|
||||
public function testOptionalOauthParametersAreNotAutomaticallyAdded()
|
||||
{
|
||||
//The only required Oauth parameters are the consumer key and secret. That is enough credentials
|
||||
//for signing oauth requests.
|
||||
$config = array(
|
||||
'consumer_key' => 'foo',
|
||||
'consumer_secret' => 'bar',
|
||||
);
|
||||
|
||||
$plugin = new OauthPlugin($config);
|
||||
$event = new Event(array(
|
||||
'request' => $this->getRequest(),
|
||||
'timestamp' => self::TIMESTAMP
|
||||
));
|
||||
|
||||
$timestamp = $plugin->getTimestamp($event);
|
||||
$request = $event['request'];
|
||||
$nonce = $plugin->generateNonce($request);
|
||||
|
||||
$paramsToSign = $plugin->getParamsToSign($request, $timestamp, $nonce);
|
||||
|
||||
$optionalParams = array(
|
||||
'callback' => 'oauth_callback',
|
||||
'token' => 'oauth_token',
|
||||
'verifier' => 'oauth_verifier',
|
||||
'token_secret' => 'token_secret'
|
||||
);
|
||||
|
||||
foreach ($optionalParams as $optionName => $oauthName) {
|
||||
$this->assertArrayNotHasKey($oauthName, $paramsToSign, "Optional Oauth param '$oauthName' was not set via config variable '$optionName', but it is listed in getParamsToSign().");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user