implemented OAuthListener with basic tests

vimishor · vimishor · commit b56b7078c2cc · 2014-02-24T13:18:37.000+02:00
diff --git a/lib/Bitbucket/API/Http/Listener/OAuthListener.php b/lib/Bitbucket/API/Http/Listener/OAuthListener.php
@@ -23,6 +23,10 @@
  */
 class OAuthListener implements ListenerInterface
 {
+    const ENDPOINT_REQUEST_TOKEN    = 'oauth/request_token';
+    const ENDPOINT_ACCESS_TOKEN     = 'oauth/access_token';
+    const ENDPOINT_AUTHORIZE        = 'oauth/authenticate';
+
     /**
      * @var array
      */
@@ -34,7 +38,7 @@ class OAuthListener implements ListenerInterface
         'oauth_signature_method'    => 'HMAC-SHA1',
         'oauth_callback'            => '',
         'oauth_verifier'            => '',
-        'oauth_version'             => ''
+        'oauth_version'             => '1.0'
     );
 
     /**
@@ -64,7 +68,7 @@ public function __construct(
 
         $this->token = (!is_null($token)) ?
             $token :
-            !isset($this->config['oauth_token']) ?
+            empty($this->config['oauth_token']) ?
                 new OAuth1\Token\NullToken :
                 new OAuth1\Token\Token($this->config['oauth_token'], $this->config['oauth_token_secret'])
         ;
@@ -89,14 +93,104 @@ public function getName()
      * {@inheritDoc}
      */
     public function preSend(RequestInterface $request)
-    {}
+    {
+        $params = $this->getParametersToSign($request);
+        $req    = OAuth1\Request\Request::fromConsumerAndToken(
+            $this->consumer, $this->token, $request->getMethod(), $request->getUrl(), $params
+        );
+
+        $req->signRequest($this->signature, $this->consumer, $this->token);
+
+        $request->addHeader($req->toHeader());
+    }
 
     /**
      * {@inheritDoc}
      */
     public function postSend(RequestInterface $request, MessageInterface $response)
     {}
 
+    /**
+     * Include OAuth and request body parameters
+     *
+     * @access protected
+     * @param  RequestInterface $request
+     * @return array
+     *
+     * @see http://oauth.net/core/1.0/#sig_norm_param
+     */
+    protected function getParametersToSign(RequestInterface $request)
+    {
+        return array_merge($this->getOAuthParameters($request), $this->getContentAsParameters($request));
+    }
+
+    /**
+     * Include/exclude optional parameters
+     *
+     * The exclusion/inclusion is based on current request resource
+     *
+     * @access protected
+     * @param  RequestInterface $request
+     * @return array
+     */
+    protected function getOAuthParameters(RequestInterface $request)
+    {
+        $params = $this->filterOAuthParameters(array('oauth_token', 'oauth_version'));
+
+        if ($this->isEndpointRequested(self::ENDPOINT_REQUEST_TOKEN, $request)) {
+            $params = $this->filterOAuthParameters(array('oauth_callback'));
+        } elseif ($this->isEndpointRequested(self::ENDPOINT_ACCESS_TOKEN, $request)) {
+            $params = $this->filterOAuthParameters(array('oauth_token', 'oauth_verifier'));
+        }
+
+        return $params;
+    }
+
+    /**
+     * White list based filter
+     *
+     * @param  array $include
+     * @return array
+     */
+    protected function filterOAuthParameters(array $include)
+    {
+        $final = array();
+
+        foreach ($include as $key => $value) {
+            if (!empty($this->config[$value])) {
+                $final[$value] = $this->config[$value];
+            }
+        }
+
+        return $final;
+    }
+
+    /**
+     * Transform request content to associative array
+     *
+     * @access protected
+     * @param  RequestInterface $request
+     * @return array
+     */
+    protected function getContentAsParameters(RequestInterface $request)
+    {
+        parse_str($request->getContent(), $parts);
+
+        return $parts;
+    }
+
+    /**
+     * Check if specified endpoint is in current request
+     *
+     * @param  string           $endpoint
+     * @param  RequestInterface $request
+     * @return bool
+     */
+    protected function isEndpointRequested($endpoint, RequestInterface $request)
+    {
+        return strpos($request->getResource(), $endpoint) !== false;
+    }
+
     /**
      * Bitbucket supports only HMAC-SHA1 and PlainText signatures.
      *
diff --git a/test/Bitbucket/Tests/API/Http/Listener/OAuthListenerTest.php b/test/Bitbucket/Tests/API/Http/Listener/OAuthListenerTest.php
@@ -0,0 +1,87 @@
+<?php
+
+namespace Bitbucket\Tests\API\Http\Listener;
+
+use Bitbucket\Tests\API as Tests;
+use Bitbucket\API\Http\Listener\OAuthListener;
+use Bitbucket\API\Http\Client;
+
+/**
+ * @author  Alexandru G.    <alex@gentle.ro>
+ */
+class OAuthListenerTest extends Tests\TestCase
+{
+    public function testInvalidSignatureShouldFallbackToHmacSha1()
+    {
+        $oauth      = new OAuthListener(array('oauth_signature_method' => 'dummy'));
+        $reflection = new \ReflectionClass($oauth);
+        $property   = $reflection->getProperty('signature');
+
+        $property->setAccessible(true);
+
+        $this->assertInstanceOf('JacobKiers\OAuth\SignatureMethod\HmacSha1', $property->getValue($oauth));
+    }
+
+    public function testTokenInstantiateForOneLegged()
+    {
+        $oauth = new OAuthListener(array(
+            'oauth_consumer_key'    => 'aaa',
+            'oauth_consumer_secret' => 'bbb'
+        ));
+
+        $reflection = new \ReflectionClass($oauth);
+        $property   = $reflection->getProperty('token');
+
+        $property->setAccessible(true);
+
+        $this->assertInstanceOf('JacobKiers\OAuth\Token\NullToken', $property->getValue($oauth));
+    }
+
+    public function testTokenInstantiateforThreeLegged()
+    {
+        $oauth = new OAuthListener(array(
+            'oauth_consumer_key'        => 'aaa',
+            'oauth_consumer_secret'     => 'bbb',
+            'oauth_token'               => 'ccc',
+            'oauth_token_secret'        => 'ddd'
+        ));
+
+        $reflection = new \ReflectionClass($oauth);
+        $property   = $reflection->getProperty('token');
+
+        $property->setAccessible(true);
+
+        $this->assertInstanceOf('JacobKiers\OAuth\Token\Token', $property->getValue($oauth));
+    }
+
+    public function testFilterOAuthParameters()
+    {
+        $method = $this->getMethod('\Bitbucket\API\Http\Listener\OAuthListener', 'filterOAuthParameters');
+        $actual = $method->invokeArgs(new OAuthListener(array()),  array(array('invalid_option', 'oauth_version')));
+
+        $this->assertArrayHasKey('oauth_version', $actual);
+        $this->assertArrayNotHasKey('invalid_option', $actual);
+    }
+
+    public function testMakeSureRequestIncludesOAuthHeader()
+    {
+        $oauth_params = array(
+            'oauth_consumer_key'      => 'aaa',
+            'oauth_consumer_secret'   => 'bbb'
+        );
+        $listener   = new OAuthListener($oauth_params);
+        $bb         = new \Bitbucket\API\Api($this->getBrowserMock());
+
+        $bb->getClient()->addListener($listener);
+
+        $bb->requestGet('/dummy');
+
+        $auth_header = $bb->getClient()->getLastRequest()->getHeader('Authorization');
+
+        $this->assertContains('OAuth', $auth_header);
+        $this->assertContains(
+            sprintf('oauth_consumer_key="%s"', $oauth_params['oauth_consumer_key']),
+            $auth_header
+        );
+    }
+} 
