Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refresh the oauth_nonce on redirect (#1573) #1574

Merged
merged 2 commits into from May 17, 2015
Merged

Refresh the oauth_nonce on redirect (#1573) #1574

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
12ff833
Refresh the oauth_nonce on redirect (#1573)
simov May 13, 2015
195d4c0
Refresh oauth_nonce only when redirecting to the same hostname
simov May 14, 2015
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
2 changes: 2 additions & 0 deletions lib/oauth.js
View file
Open in desktop
Expand Up @@ -9,6 +9,7 @@ var qs = require('qs')

function OAuth (request) {
this.request = request
this.params = null
}

OAuth.prototype.buildParams = function (_oauth, uri, method, query, form, qsLib) {
Expand Down Expand Up @@ -90,6 +91,7 @@ OAuth.prototype.concatParams = function (oa, sep, wrap) {

OAuth.prototype.onRequest = function (_oauth) {
var self = this
self.params = _oauth

var uri = self.request.uri || {}
, method = self.request.method || ''
Expand Down
2 changes: 2 additions & 0 deletions request.js
View file
Open in desktop
Expand Up @@ -628,6 +628,8 @@ Request.prototype.init = function (options) {

if (options.oauth) {
self.oauth(options.oauth)
} else if (self._oauth.params && self.hasHeader('authorization')) {
self.oauth(self._oauth.params)
}

var protocol = self.proxy && !self.tunnel ? self.proxy.protocol : self.uri.protocol
Expand Down
65 changes: 65 additions & 0 deletions tests/test-oauth.js
View file
Open in desktop
Expand Up @@ -7,6 +7,7 @@ var oauth = require('oauth-sign')
, request = require('../index')
, tape = require('tape')
, crypto = require('crypto')
, http = require('http')

function getSignature(r) {
var sign
Expand Down Expand Up @@ -587,3 +588,67 @@ tape('body_hash PLAINTEXT signature_method', function(t) {
}, /oauth: PLAINTEXT signature_method not supported with body_hash signing/)
t.end()
})

tape('refresh oauth_nonce on redirect', function(t) {
var oauth_nonce1, oauth_nonce2
var s = http.createServer(function (req, res) {
if (req.url === '/redirect') {
oauth_nonce1 = req.headers.authorization.replace(/.*oauth_nonce="([^"]+)".*/, '$1')
res.writeHead(302, {location:'http://localhost:6767/response'})
res.end()
} else if (req.url === '/response') {
oauth_nonce2 = req.headers.authorization.replace(/.*oauth_nonce="([^"]+)".*/, '$1')
res.writeHead(200, {'content-type':'text/plain'})
res.end()
}
})
s.listen(6767, function () {
request.get(
{ url: 'http://localhost:6767/redirect'
, oauth:
{ consumer_key: 'consumer_key'
, consumer_secret: 'consumer_secret'
, token: 'token'
, token_secret: 'token_secret'
}
}, function (err, res, body) {
t.equal(err, null)
t.notEqual(oauth_nonce1, oauth_nonce2)
s.close(function () {
t.end()
})
})
})
})

tape('no credentials on external redirect', function(t) {
var s1 = http.createServer(function (req, res) {
res.writeHead(302, {location:'http://127.0.0.1:6768'})
res.end()
})
var s2 = http.createServer(function (req, res) {
res.writeHead(200, {'content-type':'text/plain'})
res.end()
})
s1.listen(6767, function () {
s2.listen(6768, function () {
request.get(
{ url: 'http://localhost:6767'
, oauth:
{ consumer_key: 'consumer_key'
, consumer_secret: 'consumer_secret'
, token: 'token'
, token_secret: 'token_secret'
}
}, function (err, res, body) {
t.equal(err, null)
t.equal(res.request.headers.Authorization, undefined)
s1.close(function () {
s2.close(function () {
t.end()
})
})
})
})
})
})