File: header_instance_test.rb

package info (click to toggle)
ruby-simple-oauth 0.4.0-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 372 kB
  • sloc: ruby: 1,722; makefile: 4; sh: 4
file content (161 lines) | stat: -rw-r--r-- 6,488 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
 
require "test_helper"

module SimpleOAuth
  # Tests for Header instance methods using RFC 5849 examples.
  class HeaderInstanceTest < Minitest::Test
    include TestHelpers

    cover "SimpleOAuth::Header*"

    # RFC 5849 Section 3.4.1.2 - Base String URI construction
    # Uses example URLs from the spec for normalization tests

    # #initialize tests

    def test_initialize_stringifies_and_uppercases_request_method
      # RFC 5849 Section 3.4.1.1 - HTTP request method MUST be uppercase
      header = SimpleOAuth::Header.new(:get, "HTTPS://PHOTOS.example.net:443/photos?file=vacation.jpg#anchor", {})

      assert_equal "GET", header.method
    end

    def test_initialize_downcases_scheme_and_authority
      # RFC 5849 Section 3.4.1.2 - scheme and host are case-insensitive, normalized to lowercase
      header = SimpleOAuth::Header.new(:get, "HTTPS://PHOTOS.Example.Net:443/photos?file=vacation.jpg#anchor", {})

      assert_match %r{^https://photos\.example\.net/}, header.url
    end

    def test_initialize_ignores_query_and_fragment
      # RFC 5849 Section 3.4.1.2 - query and fragment excluded from base string URI
      header = SimpleOAuth::Header.new(:get, "HTTPS://PHOTOS.Example.Net:443/photos?file=vacation.jpg#anchor", {})

      assert_match %r{/photos$}, header.url
    end

    def test_initialize_stores_downcased_scheme_in_uri
      header = SimpleOAuth::Header.new(:get, "HTTPS://photos.example.net/photos", {})

      assert header.url.start_with?("https://")
    end

    def test_scheme_is_downcased_from_mixed_case
      header = SimpleOAuth::Header.new(:get, "HtTpS://photos.example.net/photos", {})

      refute_includes header.url, "HtTpS"
      assert_includes header.url, "https"
    end

    def test_initialize_accepts_object_with_to_s_method
      url_object = Object.new
      url_object.define_singleton_method(:to_s) { "https://photos.example.net/photos" }
      header = SimpleOAuth::Header.new(:get, url_object, {})

      assert_equal "https://photos.example.net/photos", header.url
    end

    def test_initialize_with_hash_subclass_uses_default_options
      class_with_hash_ancestor = Class.new(Hash)
      options = class_with_hash_ancestor.new
      options[:consumer_key] = RFC5849::CONSUMER_KEY

      header = SimpleOAuth::Header.new(:get, "https://photos.example.net/photos", {}, options)

      assert header.options.key?(:nonce)
      assert header.options.key?(:timestamp)
    end

    def test_initialize_converts_string_keys_to_symbols
      options = {"consumer_key" => RFC5849::CONSUMER_KEY, "consumer_secret" => RFC5849::CONSUMER_SECRET}

      header = SimpleOAuth::Header.new(:get, "https://photos.example.net/photos", {}, options)

      assert header.options.key?(:consumer_key)
      assert header.options.key?(:consumer_secret)
    end

    def test_initialize_preserves_values_when_converting_string_keys
      options = {"consumer_key" => RFC5849::CONSUMER_KEY, "consumer_secret" => RFC5849::CONSUMER_SECRET}

      header = SimpleOAuth::Header.new(:get, "https://photos.example.net/photos", {}, options)

      assert_equal RFC5849::CONSUMER_KEY, header.options[:consumer_key]
      assert_equal RFC5849::CONSUMER_SECRET, header.options[:consumer_secret]
    end

    # #normalized_attributes tests

    def test_normalized_attributes_returns_sorted_quoted_comma_separated_list
      header = SimpleOAuth::Header.new(:get, "https://photos.example.net/photos", {})
      stubbed_attrs = {d: 1, c: 2, b: 3, a: 4}
      header.define_singleton_method(:signed_attributes) { stubbed_attrs }

      assert_equal 'a="4", b="3", c="2", d="1"', header.send(:normalized_attributes)
    end

    def test_normalized_attributes_uri_encodes_values
      header = SimpleOAuth::Header.new(:get, "https://photos.example.net/photos", {})
      stubbed_attrs = {1 => "!", 2 => "@", 3 => "#", 4 => "$"}
      header.define_singleton_method(:signed_attributes) { stubbed_attrs }

      assert_equal '1="%21", 2="%40", 3="%23", 4="%24"', header.send(:normalized_attributes)
    end

    def test_normalized_attributes_converts_symbol_keys_to_strings_for_sorting
      header = SimpleOAuth::Header.new(:get, "https://photos.example.net/photos", {})
      stubbed_attrs = {z_key: "z", a_key: "a"}
      header.define_singleton_method(:signed_attributes) { stubbed_attrs }

      result = header.send(:normalized_attributes)

      assert_match(/^a_key=.*z_key=/, result)
    end

    # #signed_attributes tests

    def test_signed_attributes_includes_oauth_signature
      header = SimpleOAuth::Header.new(:get, "https://photos.example.net/photos", {})

      assert header.send(:signed_attributes).key?(:oauth_signature)
    end

    # #secret tests

    def test_secret_combines_consumer_and_token_secrets_with_ampersand
      # RFC 5849 Section 3.4.2 - HMAC-SHA1 key is consumer_secret&token_secret
      header = SimpleOAuth::Header.new(:get, "https://photos.example.net/photos", {},
        consumer_secret: RFC5849::CONSUMER_SECRET, token_secret: RFC5849::TOKEN_SECRET)

      assert_equal "#{RFC5849::CONSUMER_SECRET}&#{RFC5849::TOKEN_SECRET}", header.send(:secret)
    end

    def test_secret_uri_encodes_each_value_before_combination
      # Secrets with special characters should be percent-encoded
      header = SimpleOAuth::Header.new(:get, "https://photos.example.net/photos", {},
        consumer_secret: "CONSUM#R_SECRET", token_secret: "TOKEN_S#CRET")

      assert_equal "CONSUM%23R_SECRET&TOKEN_S%23CRET", header.send(:secret)
    end

    # #signature_base tests

    def test_signature_base_combines_method_url_and_params_with_ampersands
      # RFC 5849 Section 3.4.1 - signature base string format
      header = SimpleOAuth::Header.new(:get, "https://photos.example.net/photos", {})
      header.define_singleton_method(:method) { "METHOD" }
      header.define_singleton_method(:url) { "URL" }
      header.define_singleton_method(:normalized_params) { "NORMALIZED_PARAMS" }

      assert_equal "METHOD&URL&NORMALIZED_PARAMS", header.send(:signature_base)
    end

    def test_signature_base_uri_encodes_each_value
      header = SimpleOAuth::Header.new(:get, "https://photos.example.net/photos", {})
      header.define_singleton_method(:method) { "ME#HOD" }
      header.define_singleton_method(:url) { "U#L" }
      header.define_singleton_method(:normalized_params) { "NORMAL#ZED_PARAMS" }

      assert_equal "ME%23HOD&U%23L&NORMAL%23ZED_PARAMS", header.send(:signature_base)
    end
  end
end