Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Cleaned up xauth request generation, added a test and updated existing.

  • Loading branch information...
commit 28f68daf07f157f949fe3d7d87550734e0f5af22 1 parent 0f5d3ae
Matt Revelle authored
50  src/oauth/client.clj
@@ -59,6 +59,14 @@ to approve the Consumer's access to their account."
59 59
       (throw (new Exception (str "Got non-success code: " code ". "
60 60
                                  "Content: " (:body m))))
61 61
       m)))
  62
+
  63
+(defn build-request [oauth-params & [form-params]]
  64
+  (let [req (merge
  65
+             {:headers {"Authorization" (authorization-header
  66
+                                         oauth-params)}}
  67
+             (if form-params {:form-params form-params}))]
  68
+    req))
  69
+
62 70
 (defn post-request-body-decoded [url & [req]]
63 71
   #_(success-content
64 72
      (http/post (:request-uri consumer)
@@ -69,19 +77,15 @@ to approve the Consumer's access to their account."
69 77
    (:body (check-success-response
70 78
            (httpclient/post url req)))))
71 79
 
72  
-(defn- oauth-post-request-decoded [url oauth-params & [form-params]]
73  
-  (let [req (merge
74  
-             {:headers {"Authorization" (authorization-header
75  
-                                         oauth-params)}}
76  
-             (if form-params {:form-params form-params}))]
77  
-    (post-request-body-decoded url req)))
78  
-
79 80
 (defn credentials
80 81
   "Return authorization credentials needed for access to protected resources.
81 82
 The key-value pairs returned as a map will need to be added to the
82 83
 Authorization HTTP header or added as query parameters to the request."
83 84
   ([consumer token token-secret request-method request-uri & [request-params]]
84  
-     (let [unsigned-oauth-params (sig/oauth-params consumer token)
  85
+     (let [unsigned-oauth-params (sig/oauth-params consumer
  86
+                                                   (sig/rand-str 30)
  87
+                                                   (sig/msecs->secs (System/currentTimeMillis))
  88
+                                                   token)
85 89
            unsigned-params (merge request-params
86 90
                                   unsigned-oauth-params)
87 91
            signature (sig/sign consumer
@@ -99,7 +103,7 @@ Authorization HTTP header or added as query parameters to the request."
99 103
                                (sig/base-string "POST" uri unsigned-params)
100 104
                                token-secret)
101 105
            params (assoc unsigned-params :oauth_signature signature)]
102  
-       (oauth-post-request-decoded uri params))))
  106
+       (post-request-body-decoded uri (build-request params)))))
103 107
 
104 108
 (defn request-token
105 109
   "Fetch request token for the consumer."
@@ -107,7 +111,9 @@ Authorization HTTP header or added as query parameters to the request."
107 111
      (request-token consumer nil))
108 112
 
109 113
   ([consumer callback-uri]
110  
-     (let [unsigned-params (sig/oauth-params consumer)
  114
+     (let [unsigned-params (sig/oauth-params consumer
  115
+                                             (sig/rand-str 30)
  116
+                                             (sig/msecs->secs (System/currentTimeMillis)))
111 117
            unsigned-params (if callback-uri
112 118
                              (assoc unsigned-params
113 119
                                :oauth_callback callback-uri)
@@ -123,18 +129,21 @@ Authorization HTTP header or added as query parameters to the request."
123 129
   ([consumer request-token verifier]
124 130
      (let [unsigned-params (if verifier
125 131
                              (sig/oauth-params consumer
  132
+                                               (sig/rand-str 30)
  133
+                                               (sig/msecs->secs (System/currentTimeMillis))
126 134
                                                (:oauth_token request-token)
127 135
                                                verifier)
128 136
                              (sig/oauth-params consumer
  137
+                                               (sig/rand-str 30)
  138
+                                               (sig/msecs->secs (System/currentTimeMillis))
129 139
                                                (:oauth_token
130 140
                                                 request-token)))
131 141
            token-secret (:oauth_token_secret request-token)]
132 142
        (get-oauth-token consumer (:access-uri consumer) unsigned-params token-secret))))
133 143
 
134  
-(defn xauth-access-token
135  
-  "Request an access token with a username and password with xAuth."
136  
-  [consumer username password]
137  
-  (let [oauth-params (sig/oauth-params consumer)
  144
+(defn build-xauth-access-token-request
  145
+  [consumer username password nonce timestamp]
  146
+  (let [oauth-params (sig/oauth-params consumer nonce timestamp)
138 147
         post-params {:x_auth_username username
139 148
                      :x_auth_password password
140 149
                      :x_auth_mode "client_auth"}
@@ -145,5 +154,14 @@ Authorization HTTP header or added as query parameters to the request."
145 154
                                                     post-params)))
146 155
         params (assoc oauth-params
147 156
                  :oauth_signature signature)]
148  
-    (oauth-post-request-decoded (:access-uri consumer)
149  
-                                params post-params)))
  157
+    (build-request params post-params)))
  158
+
  159
+(defn xauth-access-token
  160
+  "Request an access token with a username and password with xAuth."
  161
+  [consumer username password]
  162
+  (post-request-body-decoded (:access-uri consumer)
  163
+                             (build-xauth-access-token-request consumer
  164
+                                                               username
  165
+                                                               password
  166
+                                                               (sig/rand-str 30)
  167
+                                                               (sig/msecs->secs (System/currentTimeMillis)))))
18  src/oauth/signature.clj
@@ -26,6 +26,10 @@
26 26
   [length]
27 27
   (. (new BigInteger (int (* 5 length)) ^java.util.Random secure-random) toString 32))
28 28
 
  29
+(defn msecs->secs
  30
+  "Convert milliseconds to seconds."
  31
+  [millis]
  32
+  (int (/ millis 1000)))
29 33
 
30 34
 (def signature-methods {:hmac-sha1 "HMAC-SHA1"
31 35
                         :plaintext "PLAINTEXT"})
@@ -83,15 +87,15 @@ requires RFC 3986 encoding."
83 87
 
84 88
 (defn oauth-params
85 89
   "Build a map of parameters needed for OAuth requests."
86  
-  ([consumer]
  90
+  ([consumer nonce timestamp]
87 91
      {:oauth_consumer_key (:key consumer)
88 92
       :oauth_signature_method (signature-methods (:signature-method consumer))
89  
-      :oauth_timestamp (int (/ (System/currentTimeMillis) 1000))
90  
-      :oauth_nonce (rand-str 30)
  93
+      :oauth_timestamp timestamp
  94
+      :oauth_nonce nonce
91 95
       :oauth_version "1.0"})
92  
-  ([consumer token]
93  
-     (assoc (oauth-params consumer)
  96
+  ([consumer nonce timestamp token]
  97
+     (assoc (oauth-params consumer nonce timestamp)
94 98
        :oauth_token token))
95  
-  ([consumer token verifier]
96  
-     (assoc (oauth-params consumer token)
  99
+  ([consumer nonce timestamp token verifier]
  100
+     (assoc (oauth-params consumer nonce timestamp token)
97 101
        :oauth_verifier (str verifier))))
8  test/oauth/client_test.clj
@@ -14,12 +14,10 @@
14 14
                             "https://api.twitter.com/oauth/authorize"
15 15
                             :hmac-sha1)
16 16
         ;; Ensure that the params from Twitter example are used.
17  
-        unsigned-params (merge (sig/oauth-params c)
  17
+        unsigned-params (merge (sig/oauth-params c "QP70eNmVz8jvdPevU3oJD2AfF7R7odC2XJcn4XlZJqk" 1272323042)
18 18
                                {:oauth_callback "http://localhost:3005/the_dance/process_callback?service_provider_id=11"
19 19
                                 :oauth_consumer_key "GDdmIQH6jhtmLUypg82g"
20  
-                                :oauth_nonce "QP70eNmVz8jvdPevU3oJD2AfF7R7odC2XJcn4XlZJqk"
21 20
                                 :oauth_signature_method "HMAC-SHA1"
22  
-                                :oauth_timestamp "1272323042"
23 21
                                 :oauth_version "1.0"})
24 22
         signature (sig/sign c (sig/base-string "POST"
25 23
                                                (:request-uri c)
@@ -39,12 +37,10 @@
39 37
                             "https://api.twitter.com/oauth/authorize"
40 38
                             :hmac-sha1)
41 39
         ;; Ensure that the params from Twitter example are used.
42  
-        unsigned-params (merge (sig/oauth-params c)
  40
+        unsigned-params (merge (sig/oauth-params c "9zWH6qe0qG7Lc1telCn7FhUbLyVdjEaL3MO5uHxn8" 1272323047)
43 41
                                {:oauth_consumer_key "GDdmIQH6jhtmLUypg82g"
44  
-                                :oauth_nonce "9zWH6qe0qG7Lc1telCn7FhUbLyVdjEaL3MO5uHxn8"
45 42
                                 :oauth_signature_method "HMAC-SHA1"
46 43
                                 :oauth_token "8ldIZyxQeVrFZXFOZH5tAwj6vzJYuLQpl0WUEYtWc"
47  
-                                :oauth_timestamp "1272323047"
48 44
                                 :oauth_verifier "pDNg57prOHapMbhv25RNf75lVRd6JDsni1AJJIDYoTY"
49 45
                                 :oauth_version "1.0"})
50 46
         signature (sig/sign c
34  test/oauth/client_xauth_test.clj
... ...
@@ -0,0 +1,34 @@
  1
+(ns oauth.client-xauth-test
  2
+  (:require [oauth.client :as oc]
  3
+            [oauth.signature :as sig])
  4
+  (:use clojure.test))
  5
+
  6
+(def consumer (oc/make-consumer "JvyS7DO2qd6NNTsXJ4E7zA"
  7
+                                "9z6157pUbOBqtbm0A0q4r29Y2EYzIHlUwbF4Cl9c"
  8
+                                "https://api.twitter.com/oauth/request_token"
  9
+                                "https://api.twitter.com/oauth/access_token"
  10
+                                "https://api.twitter.com/oauth/authorize"
  11
+                                :hmac-sha1))
  12
+
  13
+(deftest xauth-base-string-test
  14
+  (is (= "POST&https%3A%2F%2Fapi.twitter.com%2Foauth%2Faccess_token&oauth_consumer_key%3DJvyS7DO2qd6NNTsXJ4E7zA%26oauth_nonce%3D6AN2dKRzxyGhmIXUKSmp1JcB4pckM8rD3frKMTmVAo%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1284565601%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth%26x_auth_password%3Dtwitter-xauth%26x_auth_username%3Doauth_test_exec"
  15
+         (sig/base-string "POST" "https://api.twitter.com/oauth/access_token"
  16
+                          (merge {:x_auth_username "oauth_test_exec"
  17
+                                  :x_auth_password "twitter-xauth"
  18
+                                  :x_auth_mode "client_auth"}
  19
+                                 {:oauth_consumer_key "JvyS7DO2qd6NNTsXJ4E7zA"
  20
+                                  :oauth_nonce "6AN2dKRzxyGhmIXUKSmp1JcB4pckM8rD3frKMTmVAo"
  21
+                                  :oauth_timestamp "1284565601"
  22
+                                  :oauth_version "1.0"
  23
+                                  :oauth_signature_method "HMAC-SHA1"})))))
  24
+
  25
+(deftest build-xauth-access-token-request-test
  26
+  (is (= {:form-params {:x_auth_username "oauth_test_exec",
  27
+                        :x_auth_password "twitter-xauth",
  28
+                        :x_auth_mode "client_auth"},
  29
+          :headers {"Authorization" "OAuth oauth_signature=\"1L1oXQmawZAkQ47FHLwcOV%2Bkjwc%3D\", oauth_consumer_key=\"JvyS7DO2qd6NNTsXJ4E7zA\", oauth_signature_method=\"HMAC-SHA1\", oauth_timestamp=\"1284565601\", oauth_nonce=\"6AN2dKRzxyGhmIXUKSmp1JcB4pckM8rD3frKMTmVAo\", oauth_version=\"1.0\""}}
  30
+         (oc/build-xauth-access-token-request consumer
  31
+                                              "oauth_test_exec"
  32
+                                              "twitter-xauth"
  33
+                                              "6AN2dKRzxyGhmIXUKSmp1JcB4pckM8rD3frKMTmVAo"
  34
+                                              1284565601))))

0 notes on commit 28f68da

Please sign in to comment.
Something went wrong with that request. Please try again.