Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Add testcase from Oauth wiki for HMAC-SHA1
Almost done Oauth1 authentication.
  • Loading branch information
markstory committed Dec 31, 2012
1 parent c49fa25 commit 6323936
Show file tree
Hide file tree
Showing 2 changed files with 89 additions and 12 deletions.
30 changes: 20 additions & 10 deletions lib/Cake/Network/Http/Auth/Oauth.php
Expand Up @@ -105,21 +105,24 @@ protected function _plaintext($request, $credentials) {
* @param array $credentials
*/
protected function _hmacSha1($request, $credentials) {
$nonce = isset($credentials['nonce']) ? $credentials['nonce'] : uniqid();
$timestamp = isset($credentials['timestamp']) ? $credentials['timestamp'] : time();
$values = [
'oauth_version' => '1.0',
'oauth_nonce' => uniqid(),
'oauth_timestamp' => time(),
'oauth_nonce' => $nonce,
'oauth_timestamp' => $timestamp,
'oauth_signature_method' => 'HMAC-SHA1',
'oauth_token' => $credentials['token'],
'oauth_consumer_key' => $credentials['consumerKey'],
];
$baseString = $this->_baseString($request, $values);
$baseString = $this->baseString($request, $values);

if (isset($credentials['realm'])) {
$values['oauth_realm'] = $credentials['realm'];
}
$key = [$credentials['consumerSecret'], $value['tokenSecret']];
$key = array_map([$this, 'encode'], $key);
$key = [$credentials['consumerSecret'], $credentials['tokenSecret']];
$key = array_map([$this, '_encode'], $key);
$key = implode('&', $key);

$values['oauth_signature'] = base64_encode(
hash_hmac('sha1', $baseString, $key, true)
Expand Down Expand Up @@ -194,16 +197,23 @@ protected function _normalizedParams($request, $oauthValues) {
$query = parse_url($request->url(), PHP_URL_QUERY);
parse_str($query, $queryArgs);

$args = array_merge($queryArgs, $oauthValues);
$keys = array_map([$this, '_encode'], array_keys($args));
$values = array_map([$this, '_encode'], array_values($args));
$args = array_combine($keys, $values);
$post = [];
$body = $request->body();
$contentType = $request->header('content-type');

if (is_array($body)) {
$post = $body;
}

$args = array_merge($queryArgs, $oauthValues, $post);
uksort($args, 'strcmp');

$pairs = [];
foreach ($args as $k => $val) {
$pairs[] = "$k=$val";
if (is_array($val)) {
} else {
$pairs[] = "$k=$val";
}
}
return implode('&', $pairs);
}
Expand Down
71 changes: 69 additions & 2 deletions lib/Cake/Test/TestCase/Network/Http/Auth/OauthTest.php
Expand Up @@ -118,17 +118,84 @@ public function testBaseStringWithQueryString() {
);
}

/**
* Ensure that post data is sorted and encoded.
*
* @return void
*/
public function testBaseStringWithPostData() {
$this->markTestIncomplete();
$request = new Request();
$request->url('http://example.com/search?q=pogo')
->method(Request::METHOD_POST)
->body([
'address' => 'post',
'tags' => ['cake', 'oauth'],
'zed' => 'last'
]);

$auth = new Oauth();
$values = [
'oauth_version' => '1.0',
'oauth_nonce' => uniqid(),
'oauth_timestamp' => time(),
'oauth_signature_method' => 'HMAC-SHA1',
'oauth_token' => 'token',
'oauth_consumer_key' => 'consumer-key',
];
$result = $auth->baseString($request, $values);

$this->assertContains('POST&', $result, 'method was missing.');
$this->assertContains(
'http%3A%2F%2Fexample.com%2Fsearch&',
$result
);
$this->assertContains(
'&address%3Dpost' .
'%26oauth_consumer_key%3Dconsumer-key' .
'%26oauth_nonce%3D' . $values['oauth_nonce'] .
'%26oauth_signature_method%3DHMAC-SHA1' .
'%26oauth_timestamp%3D' . $values['oauth_timestamp'] .
'%26oauth_token%3Dtoken' .
'%26oauth_version%3D1.0' .
'%26q%3Dpogo' .
'%26zed%3Dlast',
$result
);
}

/**
* Test HMAC-SHA1 signing
*
* Hash result + parameters taken from
* http://wiki.oauth.net/w/page/12238556/TestCases
*
* @return void
*/
public function testHmacSigning() {
$this->markTestIncomplete();
$request = new Request();
$request->url('http://photos.example.net/photos')
->body([
'file' => 'vacation.jpg',
'size' => 'original'
]);

$options = [
'consumerKey' => 'dpf43f3p2l4k3l03',
'consumerSecret' => 'kd94hf93k423kf44',
'tokenSecret' => 'pfkkdhi9sl3r4s00',
'token' => 'nnch734d00sl2jdk',
'nonce' => 'kllo9940pd9333jh',
'timestamp' => '1191242096'
];
$auth = new Oauth();
$auth->authentication($request, $options);

$result = $request->header('Authorization');
$expected = 'tR3+Ty81lMeYAr/Fid0kMTYa/WM=';
$this->assertContains(
'oauth_signature="' . $expected . '"',
urldecode($result)
);
}

}

0 comments on commit 6323936

Please sign in to comment.