File: header_body_hash_test.rb

package info (click to toggle)
ruby-simple-oauth 0.4.0-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 372 kB
  • sloc: ruby: 1,722; makefile: 4; sh: 4
file content (133 lines) | stat: -rw-r--r-- 4,624 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
 
require "test_helper"

module SimpleOAuth
  # Tests for oauth_body_hash extension (OAuth Body Hash, draft-eaton-oauth-bodyhash).
  class HeaderBodyHashTest < Minitest::Test
    include TestHelpers

    cover "SimpleOAuth::Header*"

    # .body_hash class method tests

    def test_body_hash_computes_sha1_hash_of_body
      body = '{"text": "Hello, World!"}'
      expected = Base64.strict_encode64(OpenSSL::Digest.digest("SHA1", body))

      assert_equal expected, SimpleOAuth::Header.body_hash(body)
    end

    def test_body_hash_returns_hash_of_empty_string_for_nil
      expected = Base64.strict_encode64(OpenSSL::Digest.digest("SHA1", ""))

      assert_equal expected, SimpleOAuth::Header.body_hash(nil)
    end

    def test_body_hash_supports_sha256_algorithm
      body = '{"text": "Hello, World!"}'
      expected = Base64.strict_encode64(OpenSSL::Digest.digest("SHA256", body))

      assert_equal expected, SimpleOAuth::Header.body_hash(body, "SHA256")
    end

    def test_body_hash_contains_no_newlines
      body = "x" * 1000
      hash = SimpleOAuth::Header.body_hash(body)

      refute_includes hash, "\n"
    end

    # .default_options with body tests

    def test_default_options_includes_body_hash_when_body_provided
      options = SimpleOAuth::Header.default_options('{"text": "test"}')

      assert_includes options.keys, :body_hash
    end

    def test_default_options_excludes_body_hash_when_no_body
      options = SimpleOAuth::Header.default_options

      refute_includes options.keys, :body_hash
    end

    def test_default_options_body_hash_matches_body_hash_method
      body = '{"status": "testing oauth_body_hash"}'
      options = SimpleOAuth::Header.default_options(body)
      expected = SimpleOAuth::Header.body_hash(body)

      assert_equal expected, options[:body_hash]
    end

    # Header#initialize with body tests

    def test_initialize_stores_body
      body = '{"text": "Hello"}'
      header = SimpleOAuth::Header.new(:post, "https://photos.example.net/upload", {}, {}, body)

      assert_equal body, header.body
    end

    def test_initialize_without_body_has_nil_body
      header = SimpleOAuth::Header.new(:get, "https://photos.example.net/photos", {})

      assert_nil header.body
    end

    def test_initialize_with_body_includes_body_hash_in_options
      body = '{"text": "Hello"}'
      header = SimpleOAuth::Header.new(:post, "https://photos.example.net/upload", {}, {}, body)

      assert_includes header.options.keys, :body_hash
    end

    def test_initialize_without_body_excludes_body_hash_from_options
      header = SimpleOAuth::Header.new(:get, "https://photos.example.net/photos", {})

      refute_includes header.options.keys, :body_hash
    end

    # oauth_body_hash in Authorization header tests

    def test_to_s_includes_oauth_body_hash_when_body_provided
      body = '{"text": "Hello"}'
      header = SimpleOAuth::Header.new(:post, "https://photos.example.net/upload", {},
        {consumer_key: RFC5849::CONSUMER_KEY, consumer_secret: RFC5849::CONSUMER_SECRET}, body)

      assert_includes header.to_s, "oauth_body_hash="
    end

    def test_to_s_excludes_oauth_body_hash_when_no_body
      header = SimpleOAuth::Header.new(:get, "https://photos.example.net/photos", {},
        consumer_key: RFC5849::CONSUMER_KEY, consumer_secret: RFC5849::CONSUMER_SECRET)

      refute_includes header.to_s, "oauth_body_hash="
    end

    def test_body_hash_is_included_in_signature_computation
      body = '{"text": "Hello"}'
      header1 = SimpleOAuth::Header.new(:post, "https://photos.example.net/upload", {},
        {consumer_key: RFC5849::CONSUMER_KEY, consumer_secret: RFC5849::CONSUMER_SECRET,
         nonce: "chapoH", timestamp: "137131202"}, body)

      different_body = '{"text": "Different"}'
      header2 = SimpleOAuth::Header.new(:post, "https://photos.example.net/upload", {},
        {consumer_key: RFC5849::CONSUMER_KEY, consumer_secret: RFC5849::CONSUMER_SECRET,
         nonce: "chapoH", timestamp: "137131202"}, different_body)

      # Different bodies should produce different signatures
      refute_equal header1.to_s, header2.to_s
    end

    # User can override body_hash in options

    def test_user_provided_body_hash_overrides_computed_hash
      body = '{"text": "Hello"}'
      custom_hash = "custom_hash_value"
      header = SimpleOAuth::Header.new(:post, "https://photos.example.net/upload", {},
        {consumer_key: RFC5849::CONSUMER_KEY, consumer_secret: RFC5849::CONSUMER_SECRET,
         body_hash: custom_hash}, body)

      assert_includes header.to_s, custom_hash
    end
  end
end