summaryrefslogtreecommitdiff
path: root/vendor/guzzle/guzzle/tests/Guzzle/Tests/Plugin/Oauth/OauthPluginTest.php
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/guzzle/guzzle/tests/Guzzle/Tests/Plugin/Oauth/OauthPluginTest.php')
-rw-r--r--vendor/guzzle/guzzle/tests/Guzzle/Tests/Plugin/Oauth/OauthPluginTest.php345
1 files changed, 345 insertions, 0 deletions
diff --git a/vendor/guzzle/guzzle/tests/Guzzle/Tests/Plugin/Oauth/OauthPluginTest.php b/vendor/guzzle/guzzle/tests/Guzzle/Tests/Plugin/Oauth/OauthPluginTest.php
new file mode 100644
index 0000000..3892fb6
--- /dev/null
+++ b/vendor/guzzle/guzzle/tests/Guzzle/Tests/Plugin/Oauth/OauthPluginTest.php
@@ -0,0 +1,345 @@
+<?php
+
+namespace Guzzle\Tests\Plugin\Oauth;
+
+use Guzzle\Http\Message\RequestFactory;
+use Guzzle\Http\QueryAggregator\CommaAggregator;
+use Guzzle\Plugin\Oauth\OauthPlugin;
+use Guzzle\Common\Event;
+
+/**
+ * @covers Guzzle\Plugin\Oauth\OauthPlugin
+ */
+class OauthPluginTest extends \Guzzle\Tests\GuzzleTestCase
+{
+ const TIMESTAMP = '1327274290';
+ const NONCE = 'e7aa11195ca58349bec8b5ebe351d3497eb9e603';
+
+ protected $config = array(
+ 'consumer_key' => 'foo',
+ 'consumer_secret' => 'bar',
+ 'token' => 'count',
+ 'token_secret' => 'dracula'
+ );
+
+ protected function getRequest()
+ {
+ return RequestFactory::getInstance()->create('POST', 'http://www.test.com/path?a=b&c=d', null, array(
+ 'e' => 'f'
+ ));
+ }
+
+ public function testSubscribesToEvents()
+ {
+ $events = OauthPlugin::getSubscribedEvents();
+ $this->assertArrayHasKey('request.before_send', $events);
+ }
+
+ public function testAcceptsConfigurationData()
+ {
+ $p = new OauthPlugin($this->config);
+
+ // Access the config object
+ $class = new \ReflectionClass($p);
+ $property = $class->getProperty('config');
+ $property->setAccessible(true);
+ $config = $property->getValue($p);
+
+ $this->assertEquals('foo', $config['consumer_key']);
+ $this->assertEquals('bar', $config['consumer_secret']);
+ $this->assertEquals('count', $config['token']);
+ $this->assertEquals('dracula', $config['token_secret']);
+ $this->assertEquals('1.0', $config['version']);
+ $this->assertEquals('HMAC-SHA1', $config['signature_method']);
+ $this->assertEquals('header', $config['request_method']);
+ }
+
+ public function testCreatesStringToSignFromPostRequest()
+ {
+ $p = new OauthPlugin($this->config);
+ $request = $this->getRequest();
+ $signString = $p->getStringToSign($request, self::TIMESTAMP, self::NONCE);
+
+ $this->assertContains('&e=f', rawurldecode($signString));
+
+ $expectedSignString =
+ // Method and URL
+ 'POST&http%3A%2F%2Fwww.test.com%2Fpath' .
+ // Sorted parameters from query string and body
+ '&a%3Db%26c%3Dd%26e%3Df%26oauth_consumer_key%3Dfoo' .
+ '%26oauth_nonce%3De7aa11195ca58349bec8b5ebe351d3497eb9e603%26' .
+ 'oauth_signature_method%3DHMAC-SHA1' .
+ '%26oauth_timestamp%3D' . self::TIMESTAMP . '%26oauth_token%3Dcount%26oauth_version%3D1.0';
+
+ $this->assertEquals($expectedSignString, $signString);
+ }
+
+ public function testCreatesStringToSignIgnoringPostFields()
+ {
+ $config = $this->config;
+ $config['disable_post_params'] = true;
+ $p = new OauthPlugin($config);
+ $request = $this->getRequest();
+ $sts = rawurldecode($p->getStringToSign($request, self::TIMESTAMP, self::NONCE));
+ $this->assertNotContains('&e=f', $sts);
+ }
+
+ public function testCreatesStringToSignFromPostRequestWithCustomContentType()
+ {
+ $p = new OauthPlugin($this->config);
+ $request = $this->getRequest();
+ $request->setHeader('Content-Type', 'Foo');
+ $this->assertEquals(
+ // Method and URL
+ 'POST&http%3A%2F%2Fwww.test.com%2Fpath' .
+ // Sorted parameters from query string and body
+ '&a%3Db%26c%3Dd%26oauth_consumer_key%3Dfoo' .
+ '%26oauth_nonce%3D'. self::NONCE .'%26' .
+ 'oauth_signature_method%3DHMAC-SHA1' .
+ '%26oauth_timestamp%3D' . self::TIMESTAMP . '%26oauth_token%3Dcount%26oauth_version%3D1.0',
+ $p->getStringToSign($request, self::TIMESTAMP, self::NONCE)
+ );
+ }
+
+ /**
+ * @depends testCreatesStringToSignFromPostRequest
+ */
+ public function testConvertsBooleansToStrings()
+ {
+ $p = new OauthPlugin($this->config);
+ $request = $this->getRequest();
+ $request->getQuery()->set('a', true);
+ $request->getQuery()->set('c', false);
+ $this->assertContains('&a%3Dtrue%26c%3Dfalse', $p->getStringToSign($request, self::TIMESTAMP, self::NONCE));
+ }
+
+ public function testCreatesStringToSignFromPostRequestWithNullValues()
+ {
+ $config = array(
+ 'consumer_key' => 'foo',
+ 'consumer_secret' => 'bar',
+ 'token' => null,
+ 'token_secret' => 'dracula'
+ );
+
+ $p = new OauthPlugin($config);
+ $request = $this->getRequest();
+ $signString = $p->getStringToSign($request, self::TIMESTAMP, self::NONCE);
+
+ $this->assertContains('&e=f', rawurldecode($signString));
+
+ $expectedSignString = // Method and URL
+ 'POST&http%3A%2F%2Fwww.test.com%2Fpath' .
+ // Sorted parameters from query string and body
+ '&a%3Db%26c%3Dd%26e%3Df%26oauth_consumer_key%3Dfoo' .
+ '%26oauth_nonce%3De7aa11195ca58349bec8b5ebe351d3497eb9e603%26' .
+ 'oauth_signature_method%3DHMAC-SHA1' .
+ '%26oauth_timestamp%3D' . self::TIMESTAMP . '%26oauth_version%3D1.0';
+
+ $this->assertEquals($expectedSignString, $signString);
+ }
+
+ /**
+ * @depends testCreatesStringToSignFromPostRequest
+ */
+ public function testMultiDimensionalArray()
+ {
+ $p = new OauthPlugin($this->config);
+ $request = $this->getRequest();
+ $request->getQuery()->set('a', array('b' => array('e' => 'f', 'c' => 'd')));
+ $this->assertContains('a%255Bb%255D%255Bc%255D%3Dd%26a%255Bb%255D%255Be%255D%3Df%26c%3Dd%26e%3Df%26', $p->getStringToSign($request, self::TIMESTAMP, self::NONCE));
+ }
+
+ /**
+ * @depends testMultiDimensionalArray
+ */
+ public function testMultiDimensionalArrayWithNonDefaultQueryAggregator()
+ {
+ $p = new OauthPlugin($this->config);
+ $request = $this->getRequest();
+ $aggregator = new CommaAggregator();
+ $query = $request->getQuery()->setAggregator($aggregator)
+ ->set('g', array('h', 'i', 'j'))
+ ->set('k', array('l'))
+ ->set('m', array('n', 'o'));
+ $this->assertContains('a%3Db%26c%3Dd%26e%3Df%26g%3Dh%2Ci%2Cj%26k%3Dl%26m%3Dn%2Co', $p->getStringToSign($request, self::TIMESTAMP, self::NONCE));
+ }
+
+ /**
+ * @depends testCreatesStringToSignFromPostRequest
+ */
+ public function testSignsStrings()
+ {
+ $p = new OauthPlugin(array_merge($this->config, array(
+ 'signature_callback' => function($string, $key) {
+ return "_{$string}|{$key}_";
+ }
+ )));
+ $request = $this->getRequest();
+ $sig = $p->getSignature($request, self::TIMESTAMP, self::NONCE);
+ $this->assertEquals(
+ '_POST&http%3A%2F%2Fwww.test.com%2Fpath&a%3Db%26c%3Dd%26e%3Df%26oauth_consumer_key%3Dfoo' .
+ '%26oauth_nonce%3D'. self::NONCE .'%26oauth_signature_method%3DHMAC-SHA1' .
+ '%26oauth_timestamp%3D' . self::TIMESTAMP . '%26oauth_token%3Dcount%26oauth_version%3D1.0|' .
+ 'bar&dracula_',
+ base64_decode($sig)
+ );
+ }
+
+ /**
+ * Test that the Oauth is signed correctly and that extra strings haven't been added
+ * to the authorization header.
+ */
+ public function testSignsOauthRequests()
+ {
+ $p = new OauthPlugin($this->config);
+ $event = new Event(array(
+ 'request' => $this->getRequest(),
+ 'timestamp' => self::TIMESTAMP
+ ));
+ $params = $p->onRequestBeforeSend($event);
+
+ $this->assertTrue($event['request']->hasHeader('Authorization'));
+
+ $authorizationHeader = (string)$event['request']->getHeader('Authorization');
+
+ $this->assertStringStartsWith('OAuth ', $authorizationHeader);
+
+ $stringsToCheck = array(
+ 'oauth_consumer_key="foo"',
+ 'oauth_nonce="'.urlencode($params['oauth_nonce']).'"',
+ 'oauth_signature="'.urlencode($params['oauth_signature']).'"',
+ 'oauth_signature_method="HMAC-SHA1"',
+ 'oauth_timestamp="' . self::TIMESTAMP . '"',
+ 'oauth_token="count"',
+ 'oauth_version="1.0"',
+ );
+
+ $totalLength = strlen('OAuth ');
+
+ //Separator is not used before first parameter.
+ $separator = '';
+
+ foreach ($stringsToCheck as $stringToCheck) {
+ $this->assertContains($stringToCheck, $authorizationHeader);
+ $totalLength += strlen($separator);
+ $totalLength += strlen($stringToCheck);
+ $separator = ', ';
+ }
+
+ // Technically this test is not universally valid. It would be allowable to have extra \n characters
+ // in the Authorization header. However Guzzle does not do this, so we just perform a simple check
+ // on length to validate the Authorization header is composed of only the strings above.
+ $this->assertEquals($totalLength, strlen($authorizationHeader), 'Authorization has extra characters i.e. contains extra elements compared to stringsToCheck.');
+ }
+
+ public function testSignsOauthQueryStringRequest()
+ {
+ $config = array_merge(
+ $this->config,
+ array('request_method' => OauthPlugin::REQUEST_METHOD_QUERY)
+ );
+
+ $p = new OauthPlugin($config);
+ $event = new Event(array(
+ 'request' => $this->getRequest(),
+ 'timestamp' => self::TIMESTAMP
+ ));
+ $params = $p->onRequestBeforeSend($event);
+
+ $this->assertFalse($event['request']->hasHeader('Authorization'));
+
+ $stringsToCheck = array(
+ 'a=b',
+ 'c=d',
+ 'oauth_consumer_key=foo',
+ 'oauth_nonce='.urlencode($params['oauth_nonce']),
+ 'oauth_signature='.urlencode($params['oauth_signature']),
+ 'oauth_signature_method=HMAC-SHA1',
+ 'oauth_timestamp='.self::TIMESTAMP,
+ 'oauth_token=count',
+ 'oauth_version=1.0',
+ );
+
+ $queryString = (string) $event['request']->getQuery();
+
+ $totalLength = strlen('?');
+
+ //Separator is not used before first parameter.
+ $separator = '';
+
+ foreach ($stringsToCheck as $stringToCheck) {
+ $this->assertContains($stringToCheck, $queryString);
+ $totalLength += strlen($separator);
+ $totalLength += strlen($stringToCheck);
+ $separator = '&';
+ }
+
+ // Removes the last query string separator '&'
+ $totalLength -= 1;
+
+ $this->assertEquals($totalLength, strlen($queryString), 'Query string has extra characters i.e. contains extra elements compared to stringsToCheck.');
+ }
+
+ /**
+ * @expectedException \InvalidArgumentException
+ */
+ public function testInvalidArgumentExceptionOnMethodError()
+ {
+ $config = array_merge(
+ $this->config,
+ array('request_method' => 'FakeMethod')
+ );
+
+ $p = new OauthPlugin($config);
+ $event = new Event(array(
+ 'request' => $this->getRequest(),
+ 'timestamp' => self::TIMESTAMP
+ ));
+
+ $p->onRequestBeforeSend($event);
+ }
+
+ public function testDoesNotAddFalseyValuesToAuthorization()
+ {
+ unset($this->config['token']);
+ $p = new OauthPlugin($this->config);
+ $event = new Event(array('request' => $this->getRequest(), 'timestamp' => self::TIMESTAMP));
+ $p->onRequestBeforeSend($event);
+ $this->assertTrue($event['request']->hasHeader('Authorization'));
+ $this->assertNotContains('oauth_token=', (string) $event['request']->getHeader('Authorization'));
+ }
+
+ public function testOptionalOauthParametersAreNotAutomaticallyAdded()
+ {
+ // The only required Oauth parameters are the consumer key and secret. That is enough credentials
+ // for signing oauth requests.
+ $config = array(
+ 'consumer_key' => 'foo',
+ 'consumer_secret' => 'bar',
+ );
+
+ $plugin = new OauthPlugin($config);
+ $event = new Event(array(
+ 'request' => $this->getRequest(),
+ 'timestamp' => self::TIMESTAMP
+ ));
+
+ $timestamp = $plugin->getTimestamp($event);
+ $request = $event['request'];
+ $nonce = $plugin->generateNonce($request);
+
+ $paramsToSign = $plugin->getParamsToSign($request, $timestamp, $nonce);
+
+ $optionalParams = array(
+ 'callback' => 'oauth_callback',
+ 'token' => 'oauth_token',
+ 'verifier' => 'oauth_verifier',
+ 'token_secret' => 'token_secret'
+ );
+
+ foreach ($optionalParams as $optionName => $oauthName) {
+ $this->assertArrayNotHasKey($oauthName, $paramsToSign, "Optional Oauth param '$oauthName' was not set via config variable '$optionName', but it is listed in getParamsToSign().");
+ }
+ }
+}