You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@shindig.apache.org by ch...@apache.org on 2009/04/21 14:56:35 UTC
svn commit: r767134 - in /incubator/shindig/trunk/php: src/gadgets/
src/gadgets/oauth/ src/gadgets/sample/ test/gadgets/
Author: chabotc
Date: Tue Apr 21 12:56:35 2009
New Revision: 767134
URL: http://svn.apache.org/viewvc?rev=767134&view=rev
Log:
SHINDIG-1026 by Pan Jie:
1. fix empty path warning message which will cause makeRequest failure and add an unittest to reproduce this issue.
2. change SigningFetcherTest->testFetchRequestForBodyHash to use example from OAuth Request Body Hash 1.0 Draft 4
3. remove BasicGadgetSpecFactory->fetcher
4. remove GadgetOAuthTokenStore::$SERVICE_NAME and other deprecated data member
5. add setStrictNoCache() and addIdentityParams() to OAuthFetcher for code reuse
Modified:
incubator/shindig/trunk/php/src/gadgets/SigningFetcher.php
incubator/shindig/trunk/php/src/gadgets/oauth/GadgetOAuthTokenStore.php
incubator/shindig/trunk/php/src/gadgets/oauth/OAuthFetcher.php
incubator/shindig/trunk/php/src/gadgets/oauth/OAuthFetcherFactory.php
incubator/shindig/trunk/php/src/gadgets/sample/BasicGadgetSpecFactory.php
incubator/shindig/trunk/php/test/gadgets/SigningFetcherTest.php
Modified: incubator/shindig/trunk/php/src/gadgets/SigningFetcher.php
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/php/src/gadgets/SigningFetcher.php?rev=767134&r1=767133&r2=767134&view=diff
==============================================================================
--- incubator/shindig/trunk/php/src/gadgets/SigningFetcher.php (original)
+++ incubator/shindig/trunk/php/src/gadgets/SigningFetcher.php Tue Apr 21 12:56:35 2009
@@ -186,7 +186,7 @@
// Careful here; the OAuth form encoding scheme is slightly different than
// the normal form encoding scheme, so we have to use the OAuth library
// formEncode method.
- $url = $parsedUri['scheme'] . '://' . $parsedUri['host'] . (isset($parsedUri['port']) ? ':' . $parsedUri['port'] : '') . $parsedUri['path'] . '?' . $newQuery;
+ $url = $parsedUri['scheme'] . '://' . $parsedUri['host'] . (isset($parsedUri['port']) ? ':' . $parsedUri['port'] : '') . (isset($parsedUri['path']) ? $parsedUri['path'] : '') . '?' . $newQuery;
$request->setUri($url);
if ($signBody) {
$request->setPostBody($postData);
Modified: incubator/shindig/trunk/php/src/gadgets/oauth/GadgetOAuthTokenStore.php
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/php/src/gadgets/oauth/GadgetOAuthTokenStore.php?rev=767134&r1=767133&r2=767134&view=diff
==============================================================================
--- incubator/shindig/trunk/php/src/gadgets/oauth/GadgetOAuthTokenStore.php (original)
+++ incubator/shindig/trunk/php/src/gadgets/oauth/GadgetOAuthTokenStore.php Tue Apr 21 12:56:35 2009
@@ -28,41 +28,24 @@
* Data Store.
*/
class GadgetOAuthTokenStore {
-
- /**
- * Internal class used to communicate results of parsing the gadget spec
- * between methods.
- */
- // name of the OAuth feature in the gadget spec
- public static $OAUTH_FEATURE = "oauth";
- // name of the Param that identifies the service name
- public static $SERVICE_NAME = "service_name";
- // name of the Param that identifies the access URL
- public static $ACCESS_URL = "access_url";
- // name of the optional Param that identifies the HTTP method for access URL
- public static $ACCESS_HTTP_METHOD = "access_method";
- // name of the Param that identifies the request URL
- public static $REQUEST_URL = "request_url";
- // name of the optional Param that identifies the HTTP method for request URL
- public static $REQUEST_HTTP_METHOD = "request_method";
- // name of the Param that identifies the user authorization URL
- public static $AUTHORIZE_URL = "authorize_url";
- // name of the Param that identifies the location of OAuth parameters
- public static $OAUTH_PARAM_LOCATION = "param_location";
- public static $AUTH_HEADER = "auth_header";
- public static $POST_BODY = "post_body";
- public static $URI_QUERY = "uri_query";
-
- //public static $DEFAULT_OAUTH_PARAM_LOCATION = AUTH_HEADER;
- public static $DEFAULT_OAUTH_PARAM_LOCATION = "auth_header"; //It has to be like the line above this.
- //TODO: Check why java use AUTH_HEADER
-
// we use POST if no HTTP method is specified for access and request URLs
// (user authorization always uses GET)
public static $DEFAULT_HTTP_METHOD = "POST";
+
+ /**
+ * @var OAuthStore
+ */
private $store;
+
+ /**
+ * @var GadgetSpec
+ */
private $gadgetSpec;
+
+ /**
+ * @var BasicGadgetSpecFactory
+ */
private $specFactory;
/**
Modified: incubator/shindig/trunk/php/src/gadgets/oauth/OAuthFetcher.php
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/php/src/gadgets/oauth/OAuthFetcher.php?rev=767134&r1=767133&r2=767134&view=diff
==============================================================================
--- incubator/shindig/trunk/php/src/gadgets/oauth/OAuthFetcher.php (original)
+++ incubator/shindig/trunk/php/src/gadgets/oauth/OAuthFetcher.php Tue Apr 21 12:56:35 2009
@@ -175,8 +175,7 @@
private function buildNonDataResponse() {
$response = new RemoteContentRequest($this->realRequest->getUrl());
$this->addResponseMetadata($response);
- $response->setResponseHeader('Pragma', 'no-cache');
- $response->setResponseHeader('Cache-Control', 'no-cache');
+ self::setStrictNoCache($response);
return $response;
}
@@ -301,10 +300,7 @@
//TODO The implementations of oauth differs from the one in JAVA. Fix the type OAuthMessage
$url = $accessor->consumer->callback_url->requestTokenURL;
$msgParams = array();
- $msgParams['opensocial_owner_id'] = $request->getToken()->getOwnerId();
- $msgParams['opensocial_viewer_id'] = $request->getToken()->getViewerId();
- $msgParams['opensocial_app_id'] = $request->getToken()->getAppId();
- $msgParams['opensocial_app_url'] = $request->getToken()->getAppUrl();
+ self::addIdentityParams($msgParams, $request->getToken());
$request = $this->newRequestMessageParams($url->url, $msgParams);
$reply = $this->sendOAuthMessage($request);
$reply->requireParameters(array(OAuth::$OAUTH_TOKEN, OAuth::$OAUTH_TOKEN_SECRET));
@@ -485,10 +481,7 @@
$url = $accessor->consumer->callback_url->accessTokenURL;
$msgParams = array();
$msgParams[OAuth::$OAUTH_TOKEN] = $accessor->requestToken;
- $msgParams['opensocial_owner_id'] = $request->getToken()->getOwnerId();
- $msgParams['opensocial_viewer_id'] = $request->getToken()->getViewerId();
- $msgParams['opensocial_app_id'] = $request->getToken()->getAppId();
- $msgParams['opensocial_app_url'] = $request->getToken()->getAppUrl();
+ self::addIdentityParams($msgParams, $request->getToken());
$request = $this->newRequestMessageParams($url->url, $msgParams);
$reply = $this->sendOAuthMessage($request);
$reply->requireParameters(array(OAuth::$OAUTH_TOKEN, OAuth::$OAUTH_TOKEN_SECRET));
@@ -632,4 +625,16 @@
public function multiFetchRequest(Array $requests) { // Do nothing
}
+
+ private static function addIdentityParams(array& $params, SecurityToken $token) {
+ $params['opensocial_owner_id'] = $token->getOwnerId();
+ $params['opensocial_viewer_id'] = $token->getViewerId();
+ $params['opensocial_app_id'] = $token->getAppId();
+ $params['opensocial_app_url'] = $token->getAppUrl();
+ }
+
+ private static function setStrictNoCache(RemoteContentRequest $response) {
+ $response->setResponseHeader('Pragma', 'no-cache');
+ $response->setResponseHeader('Cache-Control', 'no-cache');
+ }
}
Modified: incubator/shindig/trunk/php/src/gadgets/oauth/OAuthFetcherFactory.php
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/php/src/gadgets/oauth/OAuthFetcherFactory.php?rev=767134&r1=767133&r2=767134&view=diff
==============================================================================
--- incubator/shindig/trunk/php/src/gadgets/oauth/OAuthFetcherFactory.php (original)
+++ incubator/shindig/trunk/php/src/gadgets/oauth/OAuthFetcherFactory.php Tue Apr 21 12:56:35 2009
@@ -47,7 +47,7 @@
try {
$BBC = new BasicBlobCrypter();
$this->oauthCrypter = new BasicBlobCrypter(srand($BBC->MASTER_KEY_MIN_LEN));
- $specFactory = new BasicGadgetSpecFactory($fetcher);
+ $specFactory = new BasicGadgetSpecFactory();
$basicStore = new BasicGadgetOAuthTokenStore(new BasicOAuthStore(), $specFactory);
$basicStore->initFromConfigFile($fetcher);
$this->tokenStore = $basicStore;
Modified: incubator/shindig/trunk/php/src/gadgets/sample/BasicGadgetSpecFactory.php
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/php/src/gadgets/sample/BasicGadgetSpecFactory.php?rev=767134&r1=767133&r2=767134&view=diff
==============================================================================
--- incubator/shindig/trunk/php/src/gadgets/sample/BasicGadgetSpecFactory.php (original)
+++ incubator/shindig/trunk/php/src/gadgets/sample/BasicGadgetSpecFactory.php Tue Apr 21 12:56:35 2009
@@ -22,14 +22,8 @@
* Basic implementation of a gadget spec factory.
*/
class BasicGadgetSpecFactory {
-
- private $fetcher;
private $cache;
- public function __construct($fetcher) {
- $this->fetcher = $fetcher;
- }
-
public function getGadgetSpec(GadgetContext $context) {
return $this->getGadgetSpecUri($context->getUrl(), $context->getIgnoreCache());
}
Modified: incubator/shindig/trunk/php/test/gadgets/SigningFetcherTest.php
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/php/test/gadgets/SigningFetcherTest.php?rev=767134&r1=767133&r2=767134&view=diff
==============================================================================
--- incubator/shindig/trunk/php/test/gadgets/SigningFetcherTest.php (original)
+++ incubator/shindig/trunk/php/test/gadgets/SigningFetcherTest.php Tue Apr 21 12:56:35 2009
@@ -107,14 +107,32 @@
/**
* Tests SigningFetcher->fetchRequest
*/
- public function testFetchRequestForJson() {
+ public function testFetchRequestForBodyHash() {
$request = new RemoteContentRequest('http://example.org/signed');
$request->setAuthType(RemoteContentRequest::$AUTH_SIGNED);
$request->setToken(BasicSecurityToken::createFromValues('owner', 'viewer', 'app', 'domain', 'appUrl', '1', 'default'));
- $request->setPostBody('{key:value}');
- $request->setHeaders('Content-Type:application/json');
+ $request->setPostBody('Hello World!');
+ $request->setHeaders('Content-Type: text/plain');
$this->signingFetcher->fetchRequest($request);
- $this->verifySignedRequest($request);
+ $this->verifySignedRequest($request);
+ $url = parse_url($request->getUrl());
+ $query = array();
+ parse_str($url['query'], $query);
+ // test example 'Hello World!' and 'Lve95gjOVATpfV8EL5X4nxwjKHE=' are from
+ // OAuth Request Body Hash 1.0 Draft 4 Example
+ $this->assertEquals('Lve95gjOVATpfV8EL5X4nxwjKHE=', $query['oauth_body_hash']);
+ }
+
+ /**
+ * Tests SigningFetcher->fetchRequest
+ */
+ public function testFetchRequestWithEmptyPath() {
+ $request = new RemoteContentRequest('http://example.org');
+ $request->setAuthType(RemoteContentRequest::$AUTH_SIGNED);
+ $request->setToken(BasicSecurityToken::createFromValues('owner', 'viewer', 'app', 'domain', 'appUrl', '1', 'default'));
+ $request->setPostBody('key=value&anotherkey=value');
+ $this->signingFetcher->fetchRequest($request);
+ $this->verifySignedRequest($request);
}
private function verifySignedRequest(RemoteContentRequest $request) {
@@ -126,7 +144,7 @@
if ((stripos($contentType, 'application/x-www-form-urlencoded') !== false || $contentType == null)) {
parse_str($request->getPostBody(), $post);
} else {
- $this->assertEquals(sha1($request->getPostBody()), $query['oauth_body_hash']);
+ $this->assertEquals(base64_encode(sha1($request->getPostBody(), true)), $query['oauth_body_hash']);
}
$oauthRequest = OAuthRequest::from_request($request->getMethod(), $request->getUrl(), array_merge($query, $post));
$signature_method = new MockSignatureMethod();