Skip to content

Commit ec16299

Browse files
WyriHaximusWyriHaximus
committed
Harden request signer's tests ensuring mutations won't cause issues
1 parent 9b7c026 commit ec16299

File tree

1 file changed

+59
-4
lines changed

1 file changed

+59
-4
lines changed

tests/RequestSigning/RequestSignerTest.php

Lines changed: 59 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@
77
use ApiClients\Tools\Psr7\Oauth1\Definition\ConsumerSecret;
88
use ApiClients\Tools\Psr7\Oauth1\Definition\TokenSecret;
99
use ApiClients\Tools\Psr7\Oauth1\RequestSigning\RequestSigner;
10+
use ApiClients\Tools\Psr7\Oauth1\Signature\HmacSha1Signature;
1011
use GuzzleHttp\Psr7\Request;
1112

1213
class RequestSignerTest extends \PHPUnit_Framework_TestCase
@@ -39,12 +40,22 @@ public function testSign()
3940
'oauth_token' => false,
4041
'oauth_signature' => false,
4142
];
43+
$captureValues = [
44+
'oauth_consumer_key' => '',
45+
'oauth_nonce' => '',
46+
'oauth_signature_method' => '',
47+
'oauth_timestamp' => '',
48+
'oauth_version' => '',
49+
'oauth_token' => '',
50+
'oauth_signature' => '',
51+
];
4252
$request = new Request(
4353
'POST',
4454
'httpx://example.com/',
4555
[
4656
'Content-Type' => 'application/x-www-form-urlencoded',
47-
]
57+
],
58+
'foo=bar'
4859
);
4960
$requestSigner = (new RequestSigner(
5061
new ConsumerKey('consumer_key'),
@@ -67,13 +78,32 @@ public function testSign()
6778
foreach ($headerChunks as $headerChunk) {
6879
list($key, $value) = explode('=', $headerChunk);
6980
$this->assertTrue(isset($expectedHeaderParts[$key]));
81+
if (isset($captureValues[$key])) {
82+
$captureValues[$key] = rawurldecode(str_replace('"', '', $value));
83+
}
7084
$expectedHeaderParts[$key] = true;
7185
}
7286

7387
foreach ($expectedHeaderParts as $expectedHeaderPart) {
7488
$this->assertInternalType('bool', $expectedHeaderPart);
7589
$this->assertTrue($expectedHeaderPart);
7690
}
91+
92+
$signature = $captureValues['oauth_signature'];
93+
unset($captureValues['oauth_signature']);
94+
95+
$this->assertSame(
96+
(new HmacSha1Signature(
97+
new ConsumerSecret('consumer_secret')
98+
))->withTokenSecret(
99+
new TokenSecret('token_secret')
100+
)->sign(
101+
$request->getUri(),
102+
array_merge(['foo' => 'bar'], $captureValues),
103+
'POST'
104+
),
105+
$signature
106+
);
77107
}
78108

79109
public function testSignToRequestAuthorization()
@@ -88,12 +118,20 @@ public function testSignToRequestAuthorization()
88118
'oauth_callback' => false,
89119
'oauth_signature' => false,
90120
];
121+
$captureValues = [
122+
'oauth_consumer_key' => '',
123+
'oauth_nonce' => '',
124+
'oauth_signature_method' => '',
125+
'oauth_timestamp' => '',
126+
'oauth_version' => '',
127+
'oauth_callback' => '',
128+
'oauth_signature' => '',
129+
];
91130
$request = new Request(
92131
'POST',
93132
'httpx://example.com/',
94-
[
95-
'Content-Type' => 'application/x-www-form-urlencoded',
96-
]
133+
[],
134+
'foo=bar'
97135
);
98136
$requestSigner = new RequestSigner(
99137
new ConsumerKey('consumer_key'),
@@ -113,12 +151,29 @@ public function testSignToRequestAuthorization()
113151
foreach ($headerChunks as $headerChunk) {
114152
list($key, $value) = explode('=', $headerChunk);
115153
$this->assertTrue(isset($expectedHeaderParts[$key]));
154+
if (isset($captureValues[$key])) {
155+
$captureValues[$key] = rawurldecode(str_replace('"', '', $value));
156+
}
116157
$expectedHeaderParts[$key] = true;
117158
}
118159

119160
foreach ($expectedHeaderParts as $expectedHeaderPart) {
120161
$this->assertInternalType('bool', $expectedHeaderPart);
121162
$this->assertTrue($expectedHeaderPart);
122163
}
164+
165+
$signature = $captureValues['oauth_signature'];
166+
unset($captureValues['oauth_signature']);
167+
168+
$this->assertSame(
169+
(new HmacSha1Signature(
170+
new ConsumerSecret('consumer_secret')
171+
))->sign(
172+
$request->getUri(),
173+
$captureValues,
174+
'POST'
175+
),
176+
$signature
177+
);
123178
}
124179
}

0 commit comments

Comments
 (0)