You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shindig.apache.org by be...@apache.org on 2008/09/18 08:58:54 UTC
svn commit: r696577 - in /incubator/shindig/trunk/java/gadgets/src:
main/java/org/apache/shindig/gadgets/oauth/
test/java/org/apache/shindig/gadgets/oauth/
Author: beaton
Date: Wed Sep 17 23:58:53 2008
New Revision: 696577
URL: http://svn.apache.org/viewvc?rev=696577&view=rev
Log:
Non-form-encoded posts were failing.
Modified:
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthFetcher.java
incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/FakeOAuthServiceProvider.java
incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/MakeRequestClient.java
incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/OAuthFetcherTest.java
Modified: incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthFetcher.java
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthFetcher.java?rev=696577&r1=696576&r2=696577&view=diff
==============================================================================
--- incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthFetcher.java (original)
+++ incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthFetcher.java Wed Sep 17 23:58:53 2008
@@ -412,7 +412,9 @@
String query = target.getQuery();
target.setQuery(null);
params.addAll(sanitize(OAuth.decodeForm(query)));
- params.addAll(sanitize(OAuth.decodeForm(base.getPostBodyAsString())));
+ if (OAuth.isFormEncoded(base.getHeader("Content-Type"))) {
+ params.addAll(sanitize(OAuth.decodeForm(base.getPostBodyAsString())));
+ }
addIdentityParams(params);
Modified: incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/FakeOAuthServiceProvider.java
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/FakeOAuthServiceProvider.java?rev=696577&r1=696576&r2=696577&view=diff
==============================================================================
--- incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/FakeOAuthServiceProvider.java (original)
+++ incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/FakeOAuthServiceProvider.java Wed Sep 17 23:58:53 2008
@@ -26,6 +26,7 @@
import net.oauth.SimpleOAuthValidator;
import net.oauth.signature.RSA_SHA1;
+import org.apache.commons.codec.binary.Base64;
import org.apache.shindig.common.crypto.Crypto;
import org.apache.shindig.gadgets.GadgetException;
import org.apache.shindig.gadgets.http.HttpFetcher;
@@ -34,6 +35,9 @@
import org.apache.shindig.gadgets.http.HttpResponseBuilder;
import org.apache.shindig.gadgets.oauth.AccessorInfo.OAuthParamLocation;
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.InputStream;
import java.io.IOException;
import java.util.ArrayList;
import java.util.HashMap;
@@ -45,6 +49,8 @@
public static final String BODY_ECHO_HEADER = "X-Echoed-Body";
+ public static final String RAW_BODY_ECHO_HEADER = "X-Echoed-Raw-Body";
+
public static final String AUTHZ_ECHO_HEADER = "X-Echoed-Authz";
public final static String SP_HOST = "http://www.example.com";
@@ -277,21 +283,32 @@
}
// Parse body
- String body = request.getPostBodyAsString();
if (request.getMethod().equals("POST")) {
String type = request.getHeader("Content-Type");
- if (!"application/x-www-form-urlencoded".equals(type)) {
- throw new RuntimeException("Wrong content-type header: " + type);
- }
- info.body = body;
- params.addAll(OAuth.decodeForm(request.getPostBodyAsString()));
- }
-
- // If we're not configured to pass oauth parameters in the post body, double check
- // that they didn't end up there.
- if (!validParamLocations.contains(OAuthParamLocation.POST_BODY)) {
- if (body.contains("oauth_")) {
- throw new RuntimeException("Found unexpected post body data" + body);
+ if ("application/x-www-form-urlencoded".equals(type)) {
+ String body = request.getPostBodyAsString();
+ info.body = body;
+ params.addAll(OAuth.decodeForm(request.getPostBodyAsString()));
+ // If we're not configured to pass oauth parameters in the post body, double check
+ // that they didn't end up there.
+ if (!validParamLocations.contains(OAuthParamLocation.POST_BODY)) {
+ if (body.contains("oauth_")) {
+ throw new RuntimeException("Found unexpected post body data" + body);
+ }
+ }
+ } else {
+ try {
+ InputStream is = request.getPostBody();
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ byte[] buf = new byte[1024];
+ int read;
+ while ((read = is.read(buf, 0, buf.length)) != -1) {
+ baos.write(buf, 0, read);
+ }
+ info.rawBody = baos.toByteArray();
+ } catch (IOException e) {
+ throw new RuntimeException(e);
+ }
}
}
@@ -307,6 +324,7 @@
public OAuthMessage message;
public String aznHeader;
public String body;
+ public byte[] rawBody;
}
/**
@@ -489,6 +507,9 @@
if (info.body != null) {
resp.setHeader(BODY_ECHO_HEADER, info.body);
}
+ if (info.rawBody != null) {
+ resp.setHeader(RAW_BODY_ECHO_HEADER, new String(Base64.encodeBase64(info.rawBody)));
+ }
return resp.create();
}
Modified: incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/MakeRequestClient.java
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/MakeRequestClient.java?rev=696577&r1=696576&r2=696577&view=diff
==============================================================================
--- incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/MakeRequestClient.java (original)
+++ incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/MakeRequestClient.java Wed Sep 17 23:58:53 2008
@@ -107,6 +107,24 @@
}
/**
+ * Send an OAuth POST with binary data in the binary.
+ */
+ public HttpResponse sendRawPost(String target, String type, byte[] body) throws Exception {
+ HttpRequest request = new HttpRequest(Uri.parse(target));
+ request.setOAuthArguments(recallState());
+ OAuthFetcher dest = new OAuthFetcher(fetcherConfig, serviceProvider, request);
+ request.setMethod("POST");
+ if (type != null) {
+ request.setHeader("Content-Type", type);
+ }
+ request.setPostBody(body);
+ request.setSecurityToken(securityToken);
+ HttpResponse response = dest.fetch(request);
+ saveState(response);
+ return response;
+ }
+
+ /**
* Create arguments simulating authz=OAUTH.
*/
public OAuthArguments makeNonSocialOAuthArguments() {
Modified: incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/OAuthFetcherTest.java
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/OAuthFetcherTest.java?rev=696577&r1=696576&r2=696577&view=diff
==============================================================================
--- incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/OAuthFetcherTest.java (original)
+++ incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/OAuthFetcherTest.java Wed Sep 17 23:58:53 2008
@@ -27,10 +27,12 @@
import net.oauth.OAuth;
import net.oauth.OAuth.Parameter;
+import org.apache.commons.codec.binary.Base64;
import org.apache.shindig.auth.BasicSecurityToken;
import org.apache.shindig.auth.SecurityToken;
import org.apache.shindig.common.cache.DefaultCacheProvider;
import org.apache.shindig.common.crypto.BasicBlobCrypter;
+import org.apache.shindig.common.util.CharsetUtil;
import org.apache.shindig.gadgets.FakeGadgetSpecFactory;
import org.apache.shindig.gadgets.GadgetException;
import org.apache.shindig.gadgets.RequestSigningException;
@@ -44,6 +46,7 @@
import org.junit.Before;
import org.junit.Test;
+import java.util.Arrays;
import java.util.List;
import java.util.Map;
@@ -651,6 +654,33 @@
}
@Test
+ public void testPostBinaryData() throws Exception {
+ byte[] raw = new byte[] { 0, 1, 2, 3, 4, 5 };
+ MakeRequestClient client = makeSignedFetchClient("o", "v", "http://www.example.com/app");
+ HttpResponse resp = client.sendRawPost(FakeOAuthServiceProvider.RESOURCE_URL, null, raw);
+ List<Parameter> queryParams = OAuth.decodeForm(resp.getResponseAsString());
+ assertTrue(contains(queryParams, "opensocial_owner_id", "o"));
+ assertTrue(contains(queryParams, OAuth.OAUTH_CONSUMER_KEY, "signedfetch"));
+ String echoed = resp.getHeader(FakeOAuthServiceProvider.RAW_BODY_ECHO_HEADER);
+ byte[] echoedBytes = Base64.decodeBase64(CharsetUtil.getUtf8Bytes(echoed));
+ assertTrue(Arrays.equals(raw, echoedBytes));
+ }
+
+ @Test
+ public void testPostWeirdContentType() throws Exception {
+ byte[] raw = new byte[] { 0, 1, 2, 3, 4, 5 };
+ MakeRequestClient client = makeSignedFetchClient("o", "v", "http://www.example.com/app");
+ HttpResponse resp = client.sendRawPost(FakeOAuthServiceProvider.RESOURCE_URL,
+ "funky-content", raw);
+ List<Parameter> queryParams = OAuth.decodeForm(resp.getResponseAsString());
+ assertTrue(contains(queryParams, "opensocial_owner_id", "o"));
+ assertTrue(contains(queryParams, OAuth.OAUTH_CONSUMER_KEY, "signedfetch"));
+ String echoed = resp.getHeader(FakeOAuthServiceProvider.RAW_BODY_ECHO_HEADER);
+ byte[] echoedBytes = Base64.decodeBase64(CharsetUtil.getUtf8Bytes(echoed));
+ assertTrue(Arrays.equals(raw, echoedBytes));
+ }
+
+ @Test
public void testSignedFetch_error401() throws Exception {
assertEquals(0, base.getAccessTokenRemoveCount());
serviceProvider.setConsumersThrottled(true);