File: header_validation_test.rb

package info (click to toggle)
ruby-simple-oauth 0.4.0-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 372 kB
  • sloc: ruby: 1,722; makefile: 4; sh: 4
file content (86 lines) | stat: -rw-r--r-- 3,487 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
 
require "test_helper"

module SimpleOAuth
  # Tests for signature validation using RFC 5849 credentials.
  class HeaderValidationTest < Minitest::Test
    include TestHelpers

    cover "SimpleOAuth::Header*"

    # #valid? tests - HMAC-SHA1

    def test_valid_hmac_sha1_is_not_valid_without_secrets
      header = build_header(token_secret: RFC5849::TOKEN_SECRET)
      parsed_header = SimpleOAuth::Header.new(:get, RFC5849::PHOTOS_URL, {}, header)

      refute_predicate parsed_header, :valid?
    end

    def test_valid_hmac_sha1_is_valid_with_secrets
      secrets = {consumer_secret: RFC5849::CONSUMER_SECRET, token_secret: RFC5849::TOKEN_SECRET}
      header = build_header(token_secret: RFC5849::TOKEN_SECRET)
      parsed_header = SimpleOAuth::Header.new(:get, RFC5849::PHOTOS_URL, {}, header)

      assert parsed_header.valid?(secrets)
    end

    # #valid? tests - RSA-SHA1

    def test_valid_rsa_sha1_raises_type_error_without_private_key
      header = build_header(consumer_secret: rsa_private_key, signature_method: "RSA-SHA1")
      parsed_header = SimpleOAuth::Header.new(:get, RFC5849::PHOTOS_URL, {}, header)

      assert_raises(TypeError) { parsed_header.valid? }
    end

    def test_valid_rsa_sha1_is_valid_with_private_key
      secrets = {consumer_secret: rsa_private_key}
      header = build_header(consumer_secret: rsa_private_key, signature_method: "RSA-SHA1")
      parsed_header = SimpleOAuth::Header.new(:get, RFC5849::PHOTOS_URL, {}, header)

      assert parsed_header.valid?(secrets)
    end

    # #valid? tests - PLAINTEXT

    def test_valid_plaintext_is_not_valid_without_secrets
      # RFC 5849 Section 2.1 - PLAINTEXT example credentials
      secrets = {consumer_secret: RFC5849::PlaintextExample::CONSUMER_SECRET,
                 token_secret: RFC5849::PlaintextExample::TOKEN_SECRET}
      header = SimpleOAuth::Header.new(:get, "http://server.example.com/resource", {},
        secrets.merge(signature_method: "PLAINTEXT"))
      parsed_header = SimpleOAuth::Header.new(:get, "http://server.example.com/resource", {}, header)

      refute_predicate parsed_header, :valid?
    end

    def test_valid_plaintext_is_valid_with_secrets
      # RFC 5849 Section 2.1 - PLAINTEXT example credentials
      secrets = {consumer_secret: RFC5849::PlaintextExample::CONSUMER_SECRET,
                 token_secret: RFC5849::PlaintextExample::TOKEN_SECRET}
      header = SimpleOAuth::Header.new(:get, "http://server.example.com/resource", {},
        secrets.merge(signature_method: "PLAINTEXT"))
      parsed_header = SimpleOAuth::Header.new(:get, "http://server.example.com/resource", {}, header)

      assert parsed_header.valid?(secrets)
    end

    def test_valid_restores_original_options_after_validation
      secrets = {consumer_secret: RFC5849::CONSUMER_SECRET, token_secret: RFC5849::TOKEN_SECRET}
      header = build_header(token_secret: RFC5849::TOKEN_SECRET)
      parsed_header = SimpleOAuth::Header.new(:get, RFC5849::PHOTOS_URL, {}, header)
      original_options = parsed_header.options.dup

      parsed_header.valid?(secrets)

      assert_equal original_options, parsed_header.options
    end

    def test_valid_returns_false_when_signature_does_not_match
      header = build_header(token_secret: RFC5849::TOKEN_SECRET)
      parsed_header = SimpleOAuth::Header.new(:get, RFC5849::PHOTOS_URL, {}, header)

      refute parsed_header.valid?(consumer_secret: "WRONG_SECRET", token_secret: "WRONG_TOKEN")
    end
  end
end