From 8df3db566a3a937b45ebf11adb90d265e6f5e2d4 Mon Sep 17 00:00:00 2001
From: Andreas Baumann <mail@andreasbaumann.cc>
Date: Sun, 17 Nov 2019 20:45:02 +0100
Subject: initial checking of customized version 1.0rc9

---
 .../Guzzle/Tests/Plugin/Oauth/OauthPluginTest.php  | 345 +++++++++++++++++++++
 1 file changed, 345 insertions(+)
 create mode 100644 vendor/guzzle/guzzle/tests/Guzzle/Tests/Plugin/Oauth/OauthPluginTest.php

(limited to 'vendor/guzzle/guzzle/tests/Guzzle/Tests/Plugin/Oauth/OauthPluginTest.php')

diff --git a/vendor/guzzle/guzzle/tests/Guzzle/Tests/Plugin/Oauth/OauthPluginTest.php b/vendor/guzzle/guzzle/tests/Guzzle/Tests/Plugin/Oauth/OauthPluginTest.php
new file mode 100644
index 0000000..3892fb6
--- /dev/null
+++ b/vendor/guzzle/guzzle/tests/Guzzle/Tests/Plugin/Oauth/OauthPluginTest.php
@@ -0,0 +1,345 @@
+<?php
+
+namespace Guzzle\Tests\Plugin\Oauth;
+
+use Guzzle\Http\Message\RequestFactory;
+use Guzzle\Http\QueryAggregator\CommaAggregator;
+use Guzzle\Plugin\Oauth\OauthPlugin;
+use Guzzle\Common\Event;
+
+/**
+ * @covers Guzzle\Plugin\Oauth\OauthPlugin
+ */
+class OauthPluginTest extends \Guzzle\Tests\GuzzleTestCase
+{
+    const TIMESTAMP = '1327274290';
+    const NONCE = 'e7aa11195ca58349bec8b5ebe351d3497eb9e603';
+
+    protected $config = array(
+        'consumer_key'    => 'foo',
+        'consumer_secret' => 'bar',
+        'token'           => 'count',
+        'token_secret'    => 'dracula'
+    );
+
+    protected function getRequest()
+    {
+        return RequestFactory::getInstance()->create('POST', 'http://www.test.com/path?a=b&c=d', null, array(
+            'e' => 'f'
+        ));
+    }
+
+    public function testSubscribesToEvents()
+    {
+        $events = OauthPlugin::getSubscribedEvents();
+        $this->assertArrayHasKey('request.before_send', $events);
+    }
+
+    public function testAcceptsConfigurationData()
+    {
+        $p = new OauthPlugin($this->config);
+
+        // Access the config object
+        $class = new \ReflectionClass($p);
+        $property = $class->getProperty('config');
+        $property->setAccessible(true);
+        $config = $property->getValue($p);
+
+        $this->assertEquals('foo', $config['consumer_key']);
+        $this->assertEquals('bar', $config['consumer_secret']);
+        $this->assertEquals('count', $config['token']);
+        $this->assertEquals('dracula', $config['token_secret']);
+        $this->assertEquals('1.0', $config['version']);
+        $this->assertEquals('HMAC-SHA1', $config['signature_method']);
+        $this->assertEquals('header', $config['request_method']);
+    }
+
+    public function testCreatesStringToSignFromPostRequest()
+    {
+        $p = new OauthPlugin($this->config);
+        $request = $this->getRequest();
+        $signString = $p->getStringToSign($request, self::TIMESTAMP, self::NONCE);
+
+        $this->assertContains('&e=f', rawurldecode($signString));
+
+        $expectedSignString =
+            // Method and URL
+            'POST&http%3A%2F%2Fwww.test.com%2Fpath' .
+            // Sorted parameters from query string and body
+            '&a%3Db%26c%3Dd%26e%3Df%26oauth_consumer_key%3Dfoo' .
+            '%26oauth_nonce%3De7aa11195ca58349bec8b5ebe351d3497eb9e603%26' .
+            'oauth_signature_method%3DHMAC-SHA1' .
+            '%26oauth_timestamp%3D' . self::TIMESTAMP . '%26oauth_token%3Dcount%26oauth_version%3D1.0';
+
+        $this->assertEquals($expectedSignString, $signString);
+    }
+
+    public function testCreatesStringToSignIgnoringPostFields()
+    {
+        $config = $this->config;
+        $config['disable_post_params'] = true;
+        $p = new OauthPlugin($config);
+        $request = $this->getRequest();
+        $sts = rawurldecode($p->getStringToSign($request, self::TIMESTAMP, self::NONCE));
+        $this->assertNotContains('&e=f', $sts);
+    }
+
+    public function testCreatesStringToSignFromPostRequestWithCustomContentType()
+    {
+        $p = new OauthPlugin($this->config);
+        $request = $this->getRequest();
+        $request->setHeader('Content-Type', 'Foo');
+        $this->assertEquals(
+            // Method and URL
+            'POST&http%3A%2F%2Fwww.test.com%2Fpath' .
+            // Sorted parameters from query string and body
+            '&a%3Db%26c%3Dd%26oauth_consumer_key%3Dfoo' .
+            '%26oauth_nonce%3D'. self::NONCE .'%26' .
+            'oauth_signature_method%3DHMAC-SHA1' .
+            '%26oauth_timestamp%3D' . self::TIMESTAMP . '%26oauth_token%3Dcount%26oauth_version%3D1.0',
+            $p->getStringToSign($request, self::TIMESTAMP, self::NONCE)
+        );
+    }
+
+    /**
+     * @depends testCreatesStringToSignFromPostRequest
+     */
+    public function testConvertsBooleansToStrings()
+    {
+        $p = new OauthPlugin($this->config);
+        $request = $this->getRequest();
+        $request->getQuery()->set('a', true);
+        $request->getQuery()->set('c', false);
+        $this->assertContains('&a%3Dtrue%26c%3Dfalse', $p->getStringToSign($request, self::TIMESTAMP, self::NONCE));
+    }
+
+    public function testCreatesStringToSignFromPostRequestWithNullValues()
+    {
+        $config = array(
+            'consumer_key'    => 'foo',
+            'consumer_secret' => 'bar',
+            'token'           => null,
+            'token_secret'    => 'dracula'
+        );
+
+        $p          = new OauthPlugin($config);
+        $request    = $this->getRequest();
+        $signString = $p->getStringToSign($request, self::TIMESTAMP, self::NONCE);
+
+        $this->assertContains('&e=f', rawurldecode($signString));
+
+        $expectedSignString = // Method and URL
+                'POST&http%3A%2F%2Fwww.test.com%2Fpath' .
+                // Sorted parameters from query string and body
+                '&a%3Db%26c%3Dd%26e%3Df%26oauth_consumer_key%3Dfoo' .
+                '%26oauth_nonce%3De7aa11195ca58349bec8b5ebe351d3497eb9e603%26' .
+                'oauth_signature_method%3DHMAC-SHA1' .
+                '%26oauth_timestamp%3D' . self::TIMESTAMP . '%26oauth_version%3D1.0';
+
+        $this->assertEquals($expectedSignString, $signString);
+    }
+
+    /**
+     * @depends testCreatesStringToSignFromPostRequest
+     */
+    public function testMultiDimensionalArray()
+    {
+        $p = new OauthPlugin($this->config);
+        $request = $this->getRequest();
+        $request->getQuery()->set('a', array('b' => array('e' => 'f', 'c' => 'd')));
+        $this->assertContains('a%255Bb%255D%255Bc%255D%3Dd%26a%255Bb%255D%255Be%255D%3Df%26c%3Dd%26e%3Df%26', $p->getStringToSign($request, self::TIMESTAMP, self::NONCE));
+    }
+
+    /**
+     * @depends testMultiDimensionalArray
+     */
+    public function testMultiDimensionalArrayWithNonDefaultQueryAggregator()
+    {
+        $p = new OauthPlugin($this->config);
+        $request = $this->getRequest();
+        $aggregator = new CommaAggregator();
+        $query = $request->getQuery()->setAggregator($aggregator)
+            ->set('g', array('h', 'i', 'j'))
+            ->set('k', array('l'))
+            ->set('m', array('n', 'o'));
+        $this->assertContains('a%3Db%26c%3Dd%26e%3Df%26g%3Dh%2Ci%2Cj%26k%3Dl%26m%3Dn%2Co', $p->getStringToSign($request, self::TIMESTAMP, self::NONCE));
+    }
+
+    /**
+     * @depends testCreatesStringToSignFromPostRequest
+     */
+    public function testSignsStrings()
+    {
+        $p = new OauthPlugin(array_merge($this->config, array(
+            'signature_callback' => function($string, $key) {
+                return "_{$string}|{$key}_";
+            }
+        )));
+        $request = $this->getRequest();
+        $sig = $p->getSignature($request, self::TIMESTAMP, self::NONCE);
+        $this->assertEquals(
+            '_POST&http%3A%2F%2Fwww.test.com%2Fpath&a%3Db%26c%3Dd%26e%3Df%26oauth_consumer_key%3Dfoo' .
+            '%26oauth_nonce%3D'. self::NONCE .'%26oauth_signature_method%3DHMAC-SHA1' .
+            '%26oauth_timestamp%3D' . self::TIMESTAMP . '%26oauth_token%3Dcount%26oauth_version%3D1.0|' .
+            'bar&dracula_',
+            base64_decode($sig)
+        );
+    }
+
+    /**
+     * Test that the Oauth is signed correctly and that extra strings haven't been added
+     * to the authorization header.
+     */
+    public function testSignsOauthRequests()
+    {
+        $p = new OauthPlugin($this->config);
+        $event = new Event(array(
+            'request' => $this->getRequest(),
+            'timestamp' => self::TIMESTAMP
+        ));
+        $params = $p->onRequestBeforeSend($event);
+
+        $this->assertTrue($event['request']->hasHeader('Authorization'));
+
+        $authorizationHeader = (string)$event['request']->getHeader('Authorization');
+
+        $this->assertStringStartsWith('OAuth ', $authorizationHeader);
+
+        $stringsToCheck = array(
+            'oauth_consumer_key="foo"',
+            'oauth_nonce="'.urlencode($params['oauth_nonce']).'"',
+            'oauth_signature="'.urlencode($params['oauth_signature']).'"',
+            'oauth_signature_method="HMAC-SHA1"',
+            'oauth_timestamp="' . self::TIMESTAMP . '"',
+            'oauth_token="count"',
+            'oauth_version="1.0"',
+        );
+
+        $totalLength = strlen('OAuth ');
+
+        //Separator is not used before first parameter.
+        $separator = '';
+
+        foreach ($stringsToCheck as $stringToCheck) {
+            $this->assertContains($stringToCheck, $authorizationHeader);
+            $totalLength += strlen($separator);
+            $totalLength += strlen($stringToCheck);
+            $separator = ', ';
+        }
+
+        // Technically this test is not universally valid. It would be allowable to have extra \n characters
+        // in the Authorization header. However Guzzle does not do this, so we just perform a simple check
+        // on length to validate the Authorization header is composed of only the strings above.
+        $this->assertEquals($totalLength, strlen($authorizationHeader), 'Authorization has extra characters i.e. contains extra elements compared to stringsToCheck.');
+    }
+
+    public function testSignsOauthQueryStringRequest()
+    {
+        $config = array_merge(
+            $this->config,
+            array('request_method' => OauthPlugin::REQUEST_METHOD_QUERY)
+        );
+
+        $p = new OauthPlugin($config);
+        $event = new Event(array(
+            'request' => $this->getRequest(),
+            'timestamp' => self::TIMESTAMP
+        ));
+        $params = $p->onRequestBeforeSend($event);
+
+        $this->assertFalse($event['request']->hasHeader('Authorization'));
+
+        $stringsToCheck = array(
+            'a=b',
+            'c=d',
+            'oauth_consumer_key=foo',
+            'oauth_nonce='.urlencode($params['oauth_nonce']),
+            'oauth_signature='.urlencode($params['oauth_signature']),
+            'oauth_signature_method=HMAC-SHA1',
+            'oauth_timestamp='.self::TIMESTAMP,
+            'oauth_token=count',
+            'oauth_version=1.0',
+        );
+
+        $queryString = (string) $event['request']->getQuery();
+
+        $totalLength = strlen('?');
+
+        //Separator is not used before first parameter.
+        $separator = '';
+
+        foreach ($stringsToCheck as $stringToCheck) {
+            $this->assertContains($stringToCheck, $queryString);
+            $totalLength += strlen($separator);
+            $totalLength += strlen($stringToCheck);
+            $separator = '&';
+        }
+
+        // Removes the last query string separator '&'
+        $totalLength -= 1;
+
+        $this->assertEquals($totalLength, strlen($queryString), 'Query string has extra characters i.e. contains extra elements compared to stringsToCheck.');
+    }
+
+    /**
+     * @expectedException \InvalidArgumentException
+     */
+    public function testInvalidArgumentExceptionOnMethodError()
+    {
+        $config = array_merge(
+            $this->config,
+            array('request_method' => 'FakeMethod')
+        );
+
+        $p = new OauthPlugin($config);
+        $event = new Event(array(
+            'request' => $this->getRequest(),
+            'timestamp' => self::TIMESTAMP
+        ));
+
+        $p->onRequestBeforeSend($event);
+    }
+
+    public function testDoesNotAddFalseyValuesToAuthorization()
+    {
+        unset($this->config['token']);
+        $p = new OauthPlugin($this->config);
+        $event = new Event(array('request' => $this->getRequest(), 'timestamp' => self::TIMESTAMP));
+        $p->onRequestBeforeSend($event);
+        $this->assertTrue($event['request']->hasHeader('Authorization'));
+        $this->assertNotContains('oauth_token=', (string) $event['request']->getHeader('Authorization'));
+    }
+
+    public function testOptionalOauthParametersAreNotAutomaticallyAdded()
+    {
+        // The only required Oauth parameters are the consumer key and secret. That is enough credentials
+        // for signing oauth requests.
+         $config = array(
+            'consumer_key'    => 'foo',
+            'consumer_secret' => 'bar',
+        );
+
+        $plugin = new OauthPlugin($config);
+        $event = new Event(array(
+            'request' => $this->getRequest(),
+            'timestamp' => self::TIMESTAMP
+        ));
+
+        $timestamp = $plugin->getTimestamp($event);
+        $request = $event['request'];
+        $nonce = $plugin->generateNonce($request);
+
+        $paramsToSign = $plugin->getParamsToSign($request, $timestamp, $nonce);
+
+        $optionalParams = array(
+            'callback'      => 'oauth_callback',
+            'token'         => 'oauth_token',
+            'verifier'      => 'oauth_verifier',
+            'token_secret'  => 'token_secret'
+        );
+
+        foreach ($optionalParams as $optionName => $oauthName) {
+            $this->assertArrayNotHasKey($oauthName, $paramsToSign, "Optional Oauth param '$oauthName' was not set via config variable '$optionName', but it is listed in getParamsToSign().");
+        }
+    }
+}
-- 
cgit v1.2.3-54-g00ecf