Permalink
Browse files

Cleaned up xauth request generation, added a test and updated existing.

  • Loading branch information...
1 parent 0f5d3ae commit 28f68daf07f157f949fe3d7d87550734e0f5af22 @mattrepl committed Sep 2, 2012
Showing with 81 additions and 29 deletions.
  1. +34 −16 src/oauth/client.clj
  2. +11 −7 src/oauth/signature.clj
  3. +2 −6 test/oauth/client_test.clj
  4. +34 −0 test/oauth/client_xauth_test.clj
View
@@ -59,6 +59,14 @@ to approve the Consumer's access to their account."
(throw (new Exception (str "Got non-success code: " code ". "
"Content: " (:body m))))
m)))
+
+(defn build-request [oauth-params & [form-params]]
+ (let [req (merge
+ {:headers {"Authorization" (authorization-header
+ oauth-params)}}
+ (if form-params {:form-params form-params}))]
+ req))
+
(defn post-request-body-decoded [url & [req]]
#_(success-content
(http/post (:request-uri consumer)
@@ -69,19 +77,15 @@ to approve the Consumer's access to their account."
(:body (check-success-response
(httpclient/post url req)))))
-(defn- oauth-post-request-decoded [url oauth-params & [form-params]]
- (let [req (merge
- {:headers {"Authorization" (authorization-header
- oauth-params)}}
- (if form-params {:form-params form-params}))]
- (post-request-body-decoded url req)))
-
(defn credentials
"Return authorization credentials needed for access to protected resources.
The key-value pairs returned as a map will need to be added to the
Authorization HTTP header or added as query parameters to the request."
([consumer token token-secret request-method request-uri & [request-params]]
- (let [unsigned-oauth-params (sig/oauth-params consumer token)
+ (let [unsigned-oauth-params (sig/oauth-params consumer
+ (sig/rand-str 30)
+ (sig/msecs->secs (System/currentTimeMillis))
+ token)
unsigned-params (merge request-params
unsigned-oauth-params)
signature (sig/sign consumer
@@ -99,15 +103,17 @@ Authorization HTTP header or added as query parameters to the request."
(sig/base-string "POST" uri unsigned-params)
token-secret)
params (assoc unsigned-params :oauth_signature signature)]
- (oauth-post-request-decoded uri params))))
+ (post-request-body-decoded uri (build-request params)))))
(defn request-token
"Fetch request token for the consumer."
([consumer]
(request-token consumer nil))
([consumer callback-uri]
- (let [unsigned-params (sig/oauth-params consumer)
+ (let [unsigned-params (sig/oauth-params consumer
+ (sig/rand-str 30)
+ (sig/msecs->secs (System/currentTimeMillis)))
unsigned-params (if callback-uri
(assoc unsigned-params
:oauth_callback callback-uri)
@@ -123,18 +129,21 @@ Authorization HTTP header or added as query parameters to the request."
([consumer request-token verifier]
(let [unsigned-params (if verifier
(sig/oauth-params consumer
+ (sig/rand-str 30)
+ (sig/msecs->secs (System/currentTimeMillis))
(:oauth_token request-token)
verifier)
(sig/oauth-params consumer
+ (sig/rand-str 30)
+ (sig/msecs->secs (System/currentTimeMillis))
(:oauth_token
request-token)))
token-secret (:oauth_token_secret request-token)]
(get-oauth-token consumer (:access-uri consumer) unsigned-params token-secret))))
-(defn xauth-access-token
- "Request an access token with a username and password with xAuth."
- [consumer username password]
- (let [oauth-params (sig/oauth-params consumer)
+(defn build-xauth-access-token-request
+ [consumer username password nonce timestamp]
+ (let [oauth-params (sig/oauth-params consumer nonce timestamp)
post-params {:x_auth_username username
:x_auth_password password
:x_auth_mode "client_auth"}
@@ -145,5 +154,14 @@ Authorization HTTP header or added as query parameters to the request."
post-params)))
params (assoc oauth-params
:oauth_signature signature)]
- (oauth-post-request-decoded (:access-uri consumer)
- params post-params)))
+ (build-request params post-params)))
+
+(defn xauth-access-token
+ "Request an access token with a username and password with xAuth."
+ [consumer username password]
+ (post-request-body-decoded (:access-uri consumer)
+ (build-xauth-access-token-request consumer
+ username
+ password
+ (sig/rand-str 30)
+ (sig/msecs->secs (System/currentTimeMillis)))))
@@ -26,6 +26,10 @@
[length]
(. (new BigInteger (int (* 5 length)) ^java.util.Random secure-random) toString 32))
+(defn msecs->secs
+ "Convert milliseconds to seconds."
+ [millis]
+ (int (/ millis 1000)))
(def signature-methods {:hmac-sha1 "HMAC-SHA1"
:plaintext "PLAINTEXT"})
@@ -83,15 +87,15 @@ requires RFC 3986 encoding."
(defn oauth-params
"Build a map of parameters needed for OAuth requests."
- ([consumer]
+ ([consumer nonce timestamp]
{:oauth_consumer_key (:key consumer)
:oauth_signature_method (signature-methods (:signature-method consumer))
- :oauth_timestamp (int (/ (System/currentTimeMillis) 1000))
- :oauth_nonce (rand-str 30)
+ :oauth_timestamp timestamp
+ :oauth_nonce nonce
:oauth_version "1.0"})
- ([consumer token]
- (assoc (oauth-params consumer)
+ ([consumer nonce timestamp token]
+ (assoc (oauth-params consumer nonce timestamp)
:oauth_token token))
- ([consumer token verifier]
- (assoc (oauth-params consumer token)
+ ([consumer nonce timestamp token verifier]
+ (assoc (oauth-params consumer nonce timestamp token)
:oauth_verifier (str verifier))))
@@ -14,12 +14,10 @@
"https://api.twitter.com/oauth/authorize"
:hmac-sha1)
;; Ensure that the params from Twitter example are used.
- unsigned-params (merge (sig/oauth-params c)
+ unsigned-params (merge (sig/oauth-params c "QP70eNmVz8jvdPevU3oJD2AfF7R7odC2XJcn4XlZJqk" 1272323042)
{:oauth_callback "http://localhost:3005/the_dance/process_callback?service_provider_id=11"
:oauth_consumer_key "GDdmIQH6jhtmLUypg82g"
- :oauth_nonce "QP70eNmVz8jvdPevU3oJD2AfF7R7odC2XJcn4XlZJqk"
:oauth_signature_method "HMAC-SHA1"
- :oauth_timestamp "1272323042"
:oauth_version "1.0"})
signature (sig/sign c (sig/base-string "POST"
(:request-uri c)
@@ -39,12 +37,10 @@
"https://api.twitter.com/oauth/authorize"
:hmac-sha1)
;; Ensure that the params from Twitter example are used.
- unsigned-params (merge (sig/oauth-params c)
+ unsigned-params (merge (sig/oauth-params c "9zWH6qe0qG7Lc1telCn7FhUbLyVdjEaL3MO5uHxn8" 1272323047)
{:oauth_consumer_key "GDdmIQH6jhtmLUypg82g"
- :oauth_nonce "9zWH6qe0qG7Lc1telCn7FhUbLyVdjEaL3MO5uHxn8"
:oauth_signature_method "HMAC-SHA1"
:oauth_token "8ldIZyxQeVrFZXFOZH5tAwj6vzJYuLQpl0WUEYtWc"
- :oauth_timestamp "1272323047"
:oauth_verifier "pDNg57prOHapMbhv25RNf75lVRd6JDsni1AJJIDYoTY"
:oauth_version "1.0"})
signature (sig/sign c
@@ -0,0 +1,34 @@
+(ns oauth.client-xauth-test
+ (:require [oauth.client :as oc]
+ [oauth.signature :as sig])
+ (:use clojure.test))
+
+(def consumer (oc/make-consumer "JvyS7DO2qd6NNTsXJ4E7zA"
+ "9z6157pUbOBqtbm0A0q4r29Y2EYzIHlUwbF4Cl9c"
+ "https://api.twitter.com/oauth/request_token"
+ "https://api.twitter.com/oauth/access_token"
+ "https://api.twitter.com/oauth/authorize"
+ :hmac-sha1))
+
+(deftest xauth-base-string-test
+ (is (= "POST&https%3A%2F%2Fapi.twitter.com%2Foauth%2Faccess_token&oauth_consumer_key%3DJvyS7DO2qd6NNTsXJ4E7zA%26oauth_nonce%3D6AN2dKRzxyGhmIXUKSmp1JcB4pckM8rD3frKMTmVAo%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1284565601%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth%26x_auth_password%3Dtwitter-xauth%26x_auth_username%3Doauth_test_exec"
+ (sig/base-string "POST" "https://api.twitter.com/oauth/access_token"
+ (merge {:x_auth_username "oauth_test_exec"
+ :x_auth_password "twitter-xauth"
+ :x_auth_mode "client_auth"}
+ {:oauth_consumer_key "JvyS7DO2qd6NNTsXJ4E7zA"
+ :oauth_nonce "6AN2dKRzxyGhmIXUKSmp1JcB4pckM8rD3frKMTmVAo"
+ :oauth_timestamp "1284565601"
+ :oauth_version "1.0"
+ :oauth_signature_method "HMAC-SHA1"})))))
+
+(deftest build-xauth-access-token-request-test
+ (is (= {:form-params {:x_auth_username "oauth_test_exec",
+ :x_auth_password "twitter-xauth",
+ :x_auth_mode "client_auth"},
+ :headers {"Authorization" "OAuth oauth_signature=\"1L1oXQmawZAkQ47FHLwcOV%2Bkjwc%3D\", oauth_consumer_key=\"JvyS7DO2qd6NNTsXJ4E7zA\", oauth_signature_method=\"HMAC-SHA1\", oauth_timestamp=\"1284565601\", oauth_nonce=\"6AN2dKRzxyGhmIXUKSmp1JcB4pckM8rD3frKMTmVAo\", oauth_version=\"1.0\""}}
+ (oc/build-xauth-access-token-request consumer
+ "oauth_test_exec"
+ "twitter-xauth"
+ "6AN2dKRzxyGhmIXUKSmp1JcB4pckM8rD3frKMTmVAo"
+ 1284565601))))

0 comments on commit 28f68da

Please sign in to comment.