Author: bittercoder

Artifacts/DevDefinedLogo_24High.png

@@ -1,3 +1,11 @@
+31st July 2009
+--------------
+
+Fixed bug that allowed oauth_token_secret to be transmitted from the consumer to the provider.
+Fixed bug that meant provider would not work with plain text signature method, unless oauth_token_secret was sent by the client.
+Fixed the ExampleConsumerSite and ExampleProviderSite to implement a working OAuth 1.0a exchange of tokens etc.
+Apply General code cleanup.
+
 30th July 2009
 --------------
 

Artifacts/DevDefinedOAuthBackground.png

@@ -28,6 +28,7 @@
 using System.IO;
 using System.Net;
 using System.Security.Cryptography.X509Certificates;
+using System.Web;
 using DevDefined.OAuth.Consumer;
 using DevDefined.OAuth.Framework;
 using NUnit.Framework;
@@ -124,13 +125,13 @@ public void RequestContacts()
           Assert.IsTrue(html.Contains("Authorized") || html.Contains("successfully granted"));
 
           int index = html.IndexOf("verification code:");
-          
+
           Assert.IsTrue(index > 0);
 
           int startIndex = html.IndexOf("<B>", index, StringComparison.InvariantCultureIgnoreCase);
           int endIndex = html.IndexOf("</B>", startIndex + 1, StringComparison.InvariantCultureIgnoreCase);
 
-          verificationCode = html.Substring(startIndex+3, endIndex-(startIndex+3));
+          verificationCode = html.Substring(startIndex + 3, endIndex - (startIndex + 3));
         }
 
         // this will implicitly set AccessToken on the current session... 
@@ -155,6 +156,78 @@ public void RequestContacts()
       }
     }
 
+
+    [Test]
+    public void DenyCallback()
+    {
+      // this test does a full end-to-end integration (request token, user authoriazation, exchanging request token
+      // for an access token and then using then access token to retrieve some data).
+
+      // the access token is directly associated with a google user, by them logging in and granting access
+      // for your request - thus the client is never exposed to the users credentials (not even their login).
+
+      var consumerContext = new OAuthConsumerContext
+      {
+        ConsumerKey = "weitu.googlepages.com",
+        SignatureMethod = SignatureMethod.RsaSha1,
+        Key = certificate.PrivateKey
+      };
+
+      var consumer = new OAuthSession(consumerContext, "https://www.google.com/accounts/OAuthGetRequestToken",
+                              "https://www.google.com/accounts/accounts/OAuthAuthorizeToken",
+                              "https://www.google.com/accounts/OAuthGetAccessToken ", "http://localhost:1897/callback.aspx")
+        .WithQueryParameters(new { scope = "https://www.google.com/m8/feeds" })
+        .RequiresCallbackConfirmation();
+
+      using (With.NoCertificateValidation())
+      {
+        IToken requestToken = consumer.GetRequestToken();
+
+        string userAuthorize = consumer.GetUserAuthorizationUrlForToken(requestToken, null);
+
+        string verificationCode;
+
+        using (var ie = new IE(userAuthorize))
+        {
+          Link overrideLink = ie.Link("overridelink");
+          if (overrideLink.Exists) overrideLink.Click();
+
+          if (ie.Form("gaia_loginform").Exists)
+          {
+            ie.TextField("Email").Value = "[email protected]";
+            ie.TextField("Passwd").Value = "oauth_password";
+            ie.Form("gaia_loginform").Submit();
+          }
+ ie.Button("deny").Click();
+
+          Console.WriteLine(ie.Url);
+
+          verificationCode = new OAuthContextBuilder().FromUri("GET", ie.Uri).Verifier;                  
+        }
+
+        // this will implicitly set AccessToken on the current session... 
+
+        IToken accessToken = consumer.ExchangeRequestTokenForAccessToken(requestToken, verificationCode);
+
+        try
+        {
+          string responseText = consumer.Request().Get().ForUrl("https://www.google.com/m8/feeds/contacts/default/base").ToString();
+
+          Assert.IsTrue(responseText.Contains("[email protected]"));
+        }
+        catch (WebException webEx)
+        {
+          var response = (HttpWebResponse) webEx.Response;
+          using (var reader = new StreamReader(response.GetResponseStream()))
+          {
+            Console.WriteLine(reader.ReadToEnd());
+          }
+          Assert.Fail();
+        }
+      }      
+    }
+
+
     [Test]
     public void RequestTokenForRsaSha1()
     {

Artifacts/DevDefinedOAuthTitle.png

@@ -27,24 +27,12 @@
 using DevDefined.OAuth.Consumer;
 using DevDefined.OAuth.Framework;
 using NUnit.Framework;
-using Rhino.Mocks;
 
 namespace DevDefined.OAuth.Tests.Consumer
 {
   [TestFixture]
   public class OAuthSessionTests
   {
-    [Test]
-    public void GetUserAuthorizationUriForTokenWithCallback()
-    {
-      var session = new OAuthSession(new OAuthConsumerContext(), "http://localhost/request",
-                                     "http://localhost/userauth", "http://localhost/access");
-      string actual = session.GetUserAuthorizationUrlForToken(new TokenBase {Token = "token"},
-                                                              "http://localhost/callback");
-      Assert.AreEqual(
-        "http://localhost/userauth?oauth_token=token&oauth_callback=http%3A%2F%2Flocalhost%2Fcallback", actual);
-    }
-
     [Test]
     public void GetRequestTokenForConsumerWithCallbackUrl()
     {
@@ -53,39 +41,50 @@ public void GetRequestTokenForConsumerWithCallbackUrl()
       var session = new OAuthSession(consumerContext, "http://localhost/request",
                                      "http://localhost/userauth", "http://localhost/access", "http://localhost/callback");
 
-      var description = session.BuildRequestTokenContext("POST").GetRequestDescription();
+      RequestDescription description = session.BuildRequestTokenContext("POST").GetRequestDescription();
 
       Assert.IsTrue(description.Body.Contains("oauth_callback=http%3A%2F%2Flocalhost%2Fcallback"));
     }
 
     [Test]
     public void GetRequestTokenForConsumerWithoutCallbackUrl()
     {
-      var consumerContext = new OAuthConsumerContext { ConsumerKey = "key" };
+      var consumerContext = new OAuthConsumerContext {ConsumerKey = "key"};
 
       var session = new OAuthSession(consumerContext, "http://localhost/request",
                                      "http://localhost/userauth", "http://localhost/access");
 
-      var description = session.BuildRequestTokenContext("POST").GetRequestDescription();
+      RequestDescription description = session.BuildRequestTokenContext("POST").GetRequestDescription();
 
       Assert.IsTrue(description.Body.Contains("oauth_callback=oob"));
     }
 
     [Test]
     public void GetRequestTokenForMethodGetDoesNotPopulateBody()
     {
-      var consumerContext = new OAuthConsumerContext { ConsumerKey = "key" };
+      var consumerContext = new OAuthConsumerContext {ConsumerKey = "key"};
 
       var session = new OAuthSession(consumerContext, "http://localhost/request",
                                      "http://localhost/userauth", "http://localhost/access");
 
-      var description = session.BuildRequestTokenContext("GET").GetRequestDescription();
+      RequestDescription description = session.BuildRequestTokenContext("GET").GetRequestDescription();
 
       Assert.IsNull(description.Body);
       Assert.IsNull(description.ContentType);
       Assert.AreEqual("GET", description.Method);
     }
 
+    [Test]
+    public void GetUserAuthorizationUriForTokenWithCallback()
+    {
+      var session = new OAuthSession(new OAuthConsumerContext(), "http://localhost/request",
+                                     "http://localhost/userauth", "http://localhost/access");
+      string actual = session.GetUserAuthorizationUrlForToken(new TokenBase {Token = "token"},
+                                                              "http://localhost/callback");
+      Assert.AreEqual(
+        "http://localhost/userauth?oauth_token=token&oauth_callback=http%3A%2F%2Flocalhost%2Fcallback", actual);
+    }
+
     [Test]
     public void GetUserAuthorizationUriForTokenWithoutCallback()
     {
@@ -94,5 +93,59 @@ public void GetUserAuthorizationUriForTokenWithoutCallback()
       string actual = session.GetUserAuthorizationUrlForToken(new TokenBase {Token = "token"}, null);
       Assert.AreEqual("http://localhost/userauth?oauth_token=token", actual);
     }
+
+    [Test]
+    public void TokenSecretNotIncludedInAuthorizationHeaderForPostRequestWithUseAuthorizationHeaders()
+    {
+      var session = new OAuthSession(new OAuthConsumerContext {ConsumerKey = "consumer", UseHeaderForOAuthParameters = true}, "http://localhost/request",
+                                     "http://localhost/userauth", "http://localhost/access");
+
+      var accessToken = new TokenBase {ConsumerKey = "consumer", Token = "token", TokenSecret = "secret"};
+
+      RequestDescription description = session
+        .Request(accessToken)
+        .Post()
+        .ForUrl("http://localhost/")
+        .SignWithToken()
+        .GetRequestDescription();
+
+      Assert.IsFalse(description.Headers["Authorization"].Contains(Parameters.OAuth_Token_Secret));
+    }
+
+    [Test]
+    public void TokenSecretNotIncludedInBodyParametersForPostRequest()
+    {
+      var session = new OAuthSession(new OAuthConsumerContext {ConsumerKey = "consumer"}, "http://localhost/request",
+                                     "http://localhost/userauth", "http://localhost/access");
+
+      var accessToken = new TokenBase {ConsumerKey = "consumer", Token = "token", TokenSecret = "secret"};
+
+      RequestDescription description = session
+        .Request(accessToken)
+        .Post()
+        .ForUrl("http://localhost/")
+        .SignWithToken()
+        .GetRequestDescription();
+
+      Assert.IsFalse(description.Body.Contains(Parameters.OAuth_Token_Secret));
+    }
+
+    [Test]
+    public void TokenSecretNotIncludedInQueryParametersForGetRequest()
+    {
+      var session = new OAuthSession(new OAuthConsumerContext {ConsumerKey = "consumer"}, "http://localhost/request",
+                                     "http://localhost/userauth", "http://localhost/access");
+
+      var accessToken = new TokenBase {ConsumerKey = "consumer", Token = "token", TokenSecret = "secret"};
+
+      RequestDescription description = session
+        .Request(accessToken)
+        .Get()
+        .ForUrl("http://localhost/")
+        .SignWithToken()
+        .GetRequestDescription();
+
+      Assert.IsFalse(description.Url.ToString().Contains(Parameters.OAuth_Token_Secret));
+    }
   }
 }

Changes.txt

@@ -92,7 +92,7 @@ public void MakeAuthenticatedCallForTokenRsaSha1WithPostAndHeaders()
       session.AccessToken = new TokenBase {ConsumerKey = "key", Token = "accesskey", TokenSecret = "accesssecret"};
       session.ConsumerContext.UseHeaderForOAuthParameters = true;
 
-      var context = session.Request().Post().ForUrl("http://term.ie/oauth/example/echo_api.php")
+      IConsumerRequest context = session.Request().Post().ForUrl("http://term.ie/oauth/example/echo_api.php")
         .WithFormParameters(new {success = "true"})
         .SignWithToken();
 

DevDefined.OAuth.Tests/Consumer/GoogleIntegrationTests.cs

@@ -21,6 +21,7 @@
     <DefineConstants>DEBUG;TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>4</WarningLevel>
+    <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
   </PropertyGroup>
   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
     <DebugType>pdbonly</DebugType>

DevDefined.OAuth.Tests/Consumer/OAuthSessionTests.cs

@@ -100,5 +100,63 @@ public void FormatVersionRangeReport()
 
       Assert.AreEqual("oauth_problem=version_rejected&oauth_acceptable_versions=1.0-2.0", report.ToString());
     }
+
+    [Test]
+    public void PopulateFromFormattedMissingParameterReport()
+    {
+      string formatted = "oauth_problem=parameter_absent&oauth_parameters_absent=oauth_nonce";
+
+      var report = new OAuthProblemReport(formatted);
+
+      Assert.AreEqual(OAuthProblems.ParameterAbset, report.Problem);
+      Assert.Contains(Parameters.OAuth_Nonce, report.ParametersAbsent);
+    }
+
+    [Test]
+    public void PopulateFromFormattedRejectedParameterReport()
+    {
+      string formatted = "oauth_problem=parameter_rejected&oauth_parameters_rejected=oauth_timestamp";
+
+      var report = new OAuthProblemReport(formatted);
+
+      Assert.AreEqual(OAuthProblems.ParameterRejected, report.Problem);
+      Assert.Contains(Parameters.OAuth_Timestamp, report.ParametersRejected);
+    }
+
+    [Test]
+    public void PopulateFromFormattedReportWithAdvice()
+    {
+      string formatted =
+        "oauth_problem=consumer_key_refused&oauth_problem_advice=The%20supplied%20consumer%20key%20has%20been%20black-listed%20due%20to%20complaints.";
+
+      var report = new OAuthProblemReport(formatted);
+
+      Assert.AreEqual(report.Problem, OAuthProblems.ConsumerKeyRefused);
+      Assert.AreEqual("The supplied consumer key has been black-listed due to complaints.", report.ProblemAdvice);
+    }
+
+    [Test]
+    public void PopulateFromFormattedTimestampRangeReport()
+    {
+      string formatted = "oauth_problem=timestamp_refused&oauth_acceptable_timestamps=1199098800-1230721200";
+
+      var report = new OAuthProblemReport(formatted);
+
+      Assert.AreEqual(OAuthProblems.TimestampRefused, report.Problem);
+      Assert.AreEqual(new DateTime(2008, 1, 1), report.AcceptableTimeStampsFrom);
+      Assert.AreEqual(new DateTime(2009, 1, 1), report.AcceptableTimeStampsTo);
+    }
+
+    [Test]
+    public void PopulateFromFormattedVersionRangeReport()
+    {
+      string formatted = "oauth_problem=version_rejected&oauth_acceptable_versions=1.0-2.0";
+
+      var report = new OAuthProblemReport(formatted);
+
+      Assert.AreEqual(OAuthProblems.VersionRejected, report.Problem);
+      Assert.AreEqual("1.0", report.AcceptableVersionFrom);
+      Assert.AreEqual("2.0", report.AcceptableVersionTo);
+    }
   }
 }

DevDefined.OAuth.Tests/Consumer/TermIeConsumerIntegrationTests.cs

@@ -42,9 +42,9 @@ public void OutsideAfterRange()
                                                   () => new DateTime(2008, 1, 1, 12, 0, 0));
 
       var context = new OAuthContext
-                      {
-                        Timestamp = new DateTime(2008, 1, 1, 13, 0, 1).Epoch().ToString()
-                      };
+        {
+          Timestamp = new DateTime(2008, 1, 1, 13, 0, 1).Epoch().ToString()
+        };
 
       inspector.InspectContext(ProviderPhase.GrantRequestToken, context);
     }
@@ -57,9 +57,9 @@ public void OutsideBeforeRange()
                                                   () => new DateTime(2008, 1, 1, 12, 0, 0));
 
       var context = new OAuthContext
-                      {
-                        Timestamp = new DateTime(2008, 1, 1, 10, 59, 59).Epoch().ToString()
-                      };
+        {
+          Timestamp = new DateTime(2008, 1, 1, 10, 59, 59).Epoch().ToString()
+        };
 
       inspector.InspectContext(ProviderPhase.GrantRequestToken, context);
     }
@@ -71,9 +71,9 @@ public void WithAfterRange()
                                                   () => new DateTime(2008, 1, 1, 12, 0, 0));
 
       var context = new OAuthContext
-                      {
-                        Timestamp = new DateTime(2008, 1, 1, 13, 0, 0).Epoch().ToString()
-                      };
+        {
+          Timestamp = new DateTime(2008, 1, 1, 13, 0, 0).Epoch().ToString()
+        };
 
       inspector.InspectContext(ProviderPhase.GrantRequestToken, context);
     }
@@ -85,9 +85,9 @@ public void WithinBeforeRange()
                                                   () => new DateTime(2008, 1, 1, 12, 0, 0));
 
       var context = new OAuthContext
-                      {
-                        Timestamp = new DateTime(2008, 1, 1, 11, 0, 0).Epoch().ToString()
-                      };
+        {
+          Timestamp = new DateTime(2008, 1, 1, 11, 0, 0).Epoch().ToString()
+        };
 
       inspector.InspectContext(ProviderPhase.GrantRequestToken, context);
     }