New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
initial support for oauth_body_hash on json payloads #1543
Conversation
Your code is looking good, but I have a few comments:
|
Thanks for the feedback!
Let me know if you have any other thoughts :) |
@@ -630,6 +625,11 @@ Request.prototype.init = function (options) { | |||
} | |||
} | |||
|
|||
// Auth must happen last in case signing is dependent on other headers |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This comment should be moved back to the place where it was. It is related to all of the auth schemes not only oauth. Here you can write a short single line comment saying that oauth's body_hash might need the body.
Just added two comments in the code. Other than that I think it looks reasonable :) but without tests no one can really say if it works or not. |
@simov just added a test! |
@aesopwolf can you pull this branch into yours? First I simplified your test, then merged master, and finally added a test for manual built body_hash code Too bad coveralls is still not reporting back the coverage as it should but I think you need one more test for the case where the user is using |
Cool, I pulled your branch into mine. Also, I made it throw for PLAINTEXT because of this line from the spec:
|
Hmm, you forgot to push probably. |
I'm pretty sure I pushed. I see your commits in https://github.com/aesopwolf/request/commits/master unless I'm overlooking something? |
Something got lost in translation, what I'm saying is that you need one more test for the case when the |
gotcha, just added one. Does it make sense to have a test for PLAINTEXT though, considering that's an error case? |
The test should be actually this :) tape('body_hash PLAINTEXT signature_method', function(t) {
t.throws(function() {
request.post(
{ url: 'http://example.com'
, oauth:
{ consumer_secret: 'consumer_secret'
, body_hash: true
, signature_method: 'PLAINTEXT'
}
, json: {foo: 'bar'}
}, function (err, res, body) {
t.fail('body_hash is not allowed with PLAINTEXT signature_method')
t.end()
})
}, /oauth: PLAINTEXT signature_method not supported with body_hash signing/)
t.end()
}) I just searched in the project for tests that throws an error, can you update it and push again? Other than that this PR is starting to look good. As for having this test case - yes it makes sense. First we're saying that this behavior is expected. Second if someone makes refactoring in future and for some reason breaks that logic, he will be notified. |
Thanks, I wasn't aware of the Sounds good regarding having this test case. Thanks for clarifying that :) |
Initial support for oauth_body_hash on json payloads
Thanks for your work on this one @aesopwolf 👍 |
Woohoo! Thank you @simov 😀 |
Original thread to add oauth_body_hash signing.
This isn't quite ready. Just looking for feedback to see if things look right so far.
Still needs tests and also support for body payloads other than json
cc: @simov