added support for OAuth 1.0A authentication

2025-10-28 11:31:53 +01:00 · 2014-11-10 22:15:02 +01:00
parent 420c3b55a7
commit 362eaad5cb
8 changed files with 958 additions and 5 deletions
--- a/Net/testsuite/src/HTTPTestSuite.cpp
+++ b/Net/testsuite/src/HTTPTestSuite.cpp
@@ -15,6 +15,7 @@
 #include "HTTPResponseTest.h"
 #include "HTTPCookieTest.h"
 #include "HTTPCredentialsTest.h"
+#include "OAuth10CredentialsTest.h"


 CppUnit::Test* HTTPTestSuite::suite()
@@ -25,6 +26,7 @@ CppUnit::Test* HTTPTestSuite::suite()
 	pSuite->addTest(HTTPResponseTest::suite());
 	pSuite->addTest(HTTPCookieTest::suite());
 	pSuite->addTest(HTTPCredentialsTest::suite());
+	pSuite->addTest(OAuth10CredentialsTest::suite());

 	return pSuite;
 }
--- a/Net/testsuite/src/OAuth10CredentialsTest.cpp
+++ b/Net/testsuite/src/OAuth10CredentialsTest.cpp
@@ -0,0 +1,266 @@
+//
+// OAuth10CredentialsTest.cpp
+//
+// $Id: //poco/1.4/Net/testsuite/src/HTTPCredentialsTest.cpp#3 $
+//
+// Copyright (c) 2014, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#include "OAuth10CredentialsTest.h"
+#include "CppUnit/TestCaller.h"
+#include "CppUnit/TestSuite.h"
+#include "Poco/Net/HTTPRequest.h"
+#include "Poco/Net/HTTPResponse.h"
+#include "Poco/Net/OAuth10Credentials.h"
+#include "Poco/Net/NetException.h"
+#include "Poco/Net/HTMLForm.h"
+#include "Poco/URI.h"
+
+
+using Poco::Net::HTTPRequest;
+using Poco::Net::HTTPResponse;
+using Poco::Net::OAuth10Credentials;
+using Poco::Net::NotAuthenticatedException;
+using Poco::Net::HTMLForm;
+using Poco::URI;
+
+
+OAuth10CredentialsTest::OAuth10CredentialsTest(const std::string& name): CppUnit::TestCase(name)
+{
+}
+
+
+OAuth10CredentialsTest::~OAuth10CredentialsTest()
+{
+}
+
+
+void OAuth10CredentialsTest::testCallback()
+{
+	// Note: Request taken from <https://dev.twitter.com/web/sign-in/implementing>
+	//
+	// POST /oauth/request_token HTTP/1.1
+	// Host: api.twitter.com
+	// Authorization: 
+	//         OAuth oauth_callback="http%3A%2F%2Flocalhost%2Fsign-in-with-twitter%2F",
+	//               oauth_consumer_key="cChZNFj6T5R0TigYB9yd1w",
+	//               oauth_nonce="ea9ec8429b68d6b77cd5600adbbb0456",
+	//               oauth_signature="F1Li3tvehgcraF8DMJ7OyxO4w9Y%3D",
+	//               oauth_signature_method="HMAC-SHA1",
+	//               oauth_timestamp="1318467427",
+	//               oauth_version="1.0"
+
+	
+	URI uri("https://api.twitter.com/oauth/request_token");
+	OAuth10Credentials creds("cChZNFj6T5R0TigYB9yd1w", "L8qq9PZyRg6ieKGEKhZolGC0vJWLw8iEJ88DRdyOg");
+	creds.setCallback("http://localhost/sign-in-with-twitter/");
+	creds.nonceAndTimestampForTesting("ea9ec8429b68d6b77cd5600adbbb0456", "1318467427");
+	HTTPRequest request(HTTPRequest::HTTP_POST, uri.getPathEtc());
+		
+	creds.authenticate(request, uri);
+
+	std::string auth = request.get("Authorization");	
+	assert (auth == "OAuth"
+		" oauth_consumer_key=\"cChZNFj6T5R0TigYB9yd1w\","
+		" oauth_nonce=\"ea9ec8429b68d6b77cd5600adbbb0456\","
+		" oauth_signature=\"F1Li3tvehgcraF8DMJ7OyxO4w9Y%3D\","
+		" oauth_signature_method=\"HMAC-SHA1\","
+		" oauth_timestamp=\"1318467427\","
+		" oauth_callback=\"http%3A%2F%2Flocalhost%2Fsign-in-with-twitter%2F\","
+		" oauth_version=\"1.0\"");
+}
+
+
+void OAuth10CredentialsTest::testParams()
+{
+	// Note: Request taken from <https://dev.twitter.com/oauth/overview/authorizing-requests>
+	// and <https://dev.twitter.com/oauth/overview/creating-signatures>.
+	// 
+	// POST /1/statuses/update.json?include_entities=true HTTP/1.1
+	// Content-Type: application/x-www-form-urlencoded
+	// Authorization: 
+	//         OAuth oauth_consumer_key="xvz1evFS4wEEPTGEFPHBog", 
+	//               oauth_nonce="kYjzVBB8Y0ZFabxSWbWovY3uYSQ2pTgmZeNu2VS4cg", 
+	//               oauth_signature="tnnArxj06cWHq44gCs1OSKk%2FjLY%3D", 
+	//               oauth_signature_method="HMAC-SHA1", 
+	//               oauth_timestamp="1318622958", 
+	//               oauth_token="370773112-GmHxMAgYyLbNEtIKZeRNFsMKPR9EyMZeS9weJAEb", 
+	//               oauth_version="1.0"
+	// Content-Length: 76
+	// Host: api.twitter.com
+	// 
+	// status=Hello%20Ladies%20%2b%20Gentlemen%2c%20a%20signed%20OAuth%20request%21
+
+	URI uri("https://api.twitter.com/1/statuses/update.json?include_entities=true");
+	OAuth10Credentials creds(
+		"xvz1evFS4wEEPTGEFPHBog", 
+		"kAcSOqF21Fu85e7zjz7ZN2U4ZRhfV3WpwPAoE3Z7kBw", 
+		"370773112-GmHxMAgYyLbNEtIKZeRNFsMKPR9EyMZeS9weJAEb", 
+		"LswwdoUaIvS8ltyTt5jkRh4J50vUPVVHtR2YPi5kE"
+	);
+	creds.nonceAndTimestampForTesting("kYjzVBB8Y0ZFabxSWbWovY3uYSQ2pTgmZeNu2VS4cg", "1318622958");
+	HTTPRequest request(HTTPRequest::HTTP_POST, uri.getPathEtc());
+	
+	HTMLForm params;
+	params.set("include_entities", "true");
+	params.set("status", "Hello Ladies + Gentlemen, a signed OAuth request!");
+	
+	creds.authenticate(request, uri, params);
+	
+	std::string auth = request.get("Authorization");
+	assert (auth == "OAuth"
+		" oauth_consumer_key=\"xvz1evFS4wEEPTGEFPHBog\","
+		" oauth_nonce=\"kYjzVBB8Y0ZFabxSWbWovY3uYSQ2pTgmZeNu2VS4cg\","
+		" oauth_signature=\"tnnArxj06cWHq44gCs1OSKk%2FjLY%3D\","
+		" oauth_signature_method=\"HMAC-SHA1\","
+		" oauth_timestamp=\"1318622958\","
+		" oauth_token=\"370773112-GmHxMAgYyLbNEtIKZeRNFsMKPR9EyMZeS9weJAEb\","
+		" oauth_version=\"1.0\"");
+}
+
+
+void OAuth10CredentialsTest::testRealm()
+{
+	// Note: Request taken from <https://dev.twitter.com/oauth/overview/authorizing-requests>
+	// and <https://dev.twitter.com/oauth/overview/creating-signatures>.
+	//
+	// POST /1/statuses/update.json?include_entities=true HTTP/1.1
+	// Content-Type: application/x-www-form-urlencoded
+	// Authorization: 
+	//         OAuth realm="Twitter API"
+	//               oauth_consumer_key="xvz1evFS4wEEPTGEFPHBog", 
+	//               oauth_nonce="kYjzVBB8Y0ZFabxSWbWovY3uYSQ2pTgmZeNu2VS4cg", 
+	//               oauth_signature="tnnArxj06cWHq44gCs1OSKk%2FjLY%3D", 
+	//               oauth_signature_method="HMAC-SHA1", 
+	//               oauth_timestamp="1318622958", 
+	//               oauth_token="370773112-GmHxMAgYyLbNEtIKZeRNFsMKPR9EyMZeS9weJAEb", 
+	//               oauth_version="1.0"
+	// Content-Length: 76
+	// Host: api.twitter.com
+	// 
+	// status=Hello%20Ladies%20%2b%20Gentlemen%2c%20a%20signed%20OAuth%20request%21
+
+	URI uri("https://api.twitter.com/1/statuses/update.json?include_entities=true");
+	OAuth10Credentials creds(
+		"xvz1evFS4wEEPTGEFPHBog", 
+		"kAcSOqF21Fu85e7zjz7ZN2U4ZRhfV3WpwPAoE3Z7kBw", 
+		"370773112-GmHxMAgYyLbNEtIKZeRNFsMKPR9EyMZeS9weJAEb", 
+		"LswwdoUaIvS8ltyTt5jkRh4J50vUPVVHtR2YPi5kE"
+	);
+	creds.setRealm("Twitter API");
+	creds.nonceAndTimestampForTesting("kYjzVBB8Y0ZFabxSWbWovY3uYSQ2pTgmZeNu2VS4cg", "1318622958");
+	HTTPRequest request(HTTPRequest::HTTP_POST, uri.getPathEtc());
+	
+	HTMLForm params;
+	params.set("include_entities", "true");
+	params.set("status", "Hello Ladies + Gentlemen, a signed OAuth request!");
+	
+	creds.authenticate(request, uri, params);
+	
+	std::string auth = request.get("Authorization");
+	assert (auth == "OAuth"
+		" realm=\"Twitter API\","
+		" oauth_consumer_key=\"xvz1evFS4wEEPTGEFPHBog\","
+		" oauth_nonce=\"kYjzVBB8Y0ZFabxSWbWovY3uYSQ2pTgmZeNu2VS4cg\","
+		" oauth_signature=\"tnnArxj06cWHq44gCs1OSKk%2FjLY%3D\","
+		" oauth_signature_method=\"HMAC-SHA1\","
+		" oauth_timestamp=\"1318622958\","
+		" oauth_token=\"370773112-GmHxMAgYyLbNEtIKZeRNFsMKPR9EyMZeS9weJAEb\","
+		" oauth_version=\"1.0\"");
+}
+
+
+void OAuth10CredentialsTest::testPlaintext()
+{
+	URI uri("https://api.twitter.com/oauth/request_token");
+	OAuth10Credentials creds("consumerKey", "consumerSecret");
+	creds.setCallback("http://localhost/sign-in-with-twitter/");
+	HTTPRequest request(HTTPRequest::HTTP_POST, uri.getPathEtc());
+		
+	creds.authenticate(request, uri, OAuth10Credentials::SIGN_PLAINTEXT);
+
+	std::string auth = request.get("Authorization");	
+	
+	assert (auth == "OAuth"
+		" oauth_consumer_key=\"consumerKey\","
+		" oauth_signature=\"consumerSecret%26\","
+		" oauth_signature_method=\"PLAINTEXT\","
+		" oauth_callback=\"http%3A%2F%2Flocalhost%2Fsign-in-with-twitter%2F\","
+		" oauth_version=\"1.0\"");
+}
+
+
+void OAuth10CredentialsTest::testVerify()
+{
+	URI uri("https://api.twitter.com/1/statuses/update.json?include_entities=true");
+	HTTPRequest request(HTTPRequest::HTTP_POST, uri.getPathEtc());
+	request.set("Authorization", "OAuth"
+		" oauth_consumer_key=\"xvz1evFS4wEEPTGEFPHBog\","
+		" oauth_nonce=\"kYjzVBB8Y0ZFabxSWbWovY3uYSQ2pTgmZeNu2VS4cg\","
+		" oauth_signature=\"tnnArxj06cWHq44gCs1OSKk%2FjLY%3D\","
+		" oauth_signature_method=\"HMAC-SHA1\","
+		" oauth_timestamp=\"1318622958\","
+		" oauth_token=\"370773112-GmHxMAgYyLbNEtIKZeRNFsMKPR9EyMZeS9weJAEb\","
+		" oauth_version=\"1.0\"");
+	
+	OAuth10Credentials creds(request);
+	assert (creds.getConsumerKey() == "xvz1evFS4wEEPTGEFPHBog");
+	assert (creds.getToken() == "370773112-GmHxMAgYyLbNEtIKZeRNFsMKPR9EyMZeS9weJAEb");
+	creds.setConsumerSecret("kAcSOqF21Fu85e7zjz7ZN2U4ZRhfV3WpwPAoE3Z7kBw");
+	creds.setTokenSecret("LswwdoUaIvS8ltyTt5jkRh4J50vUPVVHtR2YPi5kE");
+	
+	HTMLForm params;
+	params.read(uri.getRawQuery());
+	params.read("status=Hello%20Ladies%20%2b%20Gentlemen%2c%20a%20signed%20OAuth%20request%21");
+	
+	assert (creds.verify(request, uri, params));
+}
+
+
+void OAuth10CredentialsTest::testVerifyPlaintext()
+{
+	URI uri("https://api.twitter.com/oauth/request_token");
+	HTTPRequest request(HTTPRequest::HTTP_POST, uri.getPathEtc());
+	request.set("Authorization", "OAuth"
+		" oauth_consumer_key=\"consumerKey\","
+		" oauth_signature=\"consumerSecret%26\","
+		" oauth_signature_method=\"PLAINTEXT\","
+		" oauth_callback=\"http%3A%2F%2Flocalhost%2Fsign-in-with-twitter%2F\","
+		" oauth_version=\"1.0\"");
+	
+	OAuth10Credentials creds(request);
+	assert (creds.getConsumerKey() == "consumerKey");
+	creds.setConsumerSecret("consumerSecret");
+	
+	assert (creds.verify(request, uri));
+	assert (creds.getCallback() == "http://localhost/sign-in-with-twitter/");
+}
+
+
+void OAuth10CredentialsTest::setUp()
+{
+}
+
+
+void OAuth10CredentialsTest::tearDown()
+{
+}
+
+
+CppUnit::Test* OAuth10CredentialsTest::suite()
+{
+	CppUnit::TestSuite* pSuite = new CppUnit::TestSuite("OAuth10CredentialsTest");
+
+	CppUnit_addTest(pSuite, OAuth10CredentialsTest, testCallback);
+	CppUnit_addTest(pSuite, OAuth10CredentialsTest, testParams);
+	CppUnit_addTest(pSuite, OAuth10CredentialsTest, testRealm);
+	CppUnit_addTest(pSuite, OAuth10CredentialsTest, testPlaintext);
+	CppUnit_addTest(pSuite, OAuth10CredentialsTest, testVerify);
+	CppUnit_addTest(pSuite, OAuth10CredentialsTest, testVerifyPlaintext);
+
+	return pSuite;
+}
--- a/Net/testsuite/src/OAuth10CredentialsTest.h
+++ b/Net/testsuite/src/OAuth10CredentialsTest.h
@@ -0,0 +1,45 @@
+//
+// OAuth10CredentialsTest.h
+//
+// $Id$
+//
+// Definition of the OAuth10CredentialsTest class.
+//
+// Copyright (c) 2014, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#ifndef OAuth10CredentialsTest_INCLUDED
+#define OAuth10CredentialsTest_INCLUDED
+
+
+#include "Poco/Net/Net.h"
+#include "CppUnit/TestCase.h"
+
+
+class OAuth10CredentialsTest: public CppUnit::TestCase
+{
+public:
+	OAuth10CredentialsTest(const std::string& name);
+	~OAuth10CredentialsTest();
+
+	void testCallback();
+	void testParams();
+	void testRealm();
+	void testPlaintext();
+	void testVerify();
+	void testVerifyPlaintext();
+
+	void setUp();
+	void tearDown();
+
+	static CppUnit::Test* suite();
+
+private:
+};
+
+
+#endif // OAuth10CredentialsTest_INCLUDED