From 7a2e9fb0aa0da7f7968ef1326b978e3419807405 Mon Sep 17 00:00:00 2001
From: simov <simeonvelichkov@gmail.com>
Date: Wed, 13 May 2015 14:06:31 +0300
Subject: [PATCH] Refresh the oauth_nonce on redirect (#1573) - Cache the
 initial oauth options passed to request in _oauth.params - On subsequent
 calls to init() use the cached _oauth.params   to invoke the oauth params
 generation logic again

---
 lib/oauth.js        |  2 ++
 request.js          |  2 ++
 tests/test-oauth.js | 32 ++++++++++++++++++++++++++++++++
 3 files changed, 36 insertions(+)

diff --git a/lib/oauth.js b/lib/oauth.js
index 14ffa8a53..84059724a 100644
--- a/lib/oauth.js
+++ b/lib/oauth.js
@@ -9,6 +9,7 @@ var qs = require('qs')
 
 function OAuth (request) {
   this.request = request
+  this.params = null
 }
 
 OAuth.prototype.buildParams = function (_oauth, uri, method, query, form, qsLib) {
@@ -90,6 +91,7 @@ OAuth.prototype.concatParams = function (oa, sep, wrap) {
 
 OAuth.prototype.onRequest = function (_oauth) {
   var self = this
+  self.params = _oauth
 
   var uri = self.request.uri || {}
     , method = self.request.method || ''
diff --git a/request.js b/request.js
index cb0eeb981..40eb1bdc4 100644
--- a/request.js
+++ b/request.js
@@ -628,6 +628,8 @@ Request.prototype.init = function (options) {
 
   if (options.oauth) {
     self.oauth(options.oauth)
+  } else if (self._oauth) {
+    self.oauth(self._oauth.params)
   }
 
   var protocol = self.proxy && !self.tunnel ? self.proxy.protocol : self.uri.protocol
diff --git a/tests/test-oauth.js b/tests/test-oauth.js
index 1562638cf..d4639951d 100644
--- a/tests/test-oauth.js
+++ b/tests/test-oauth.js
@@ -7,6 +7,7 @@ var oauth = require('oauth-sign')
   , request = require('../index')
   , tape = require('tape')
   , crypto = require('crypto')
+  , http = require('http')
 
 function getSignature(r) {
   var sign
@@ -587,3 +588,34 @@ tape('body_hash PLAINTEXT signature_method', function(t) {
   }, /oauth: PLAINTEXT signature_method not supported with body_hash signing/)
   t.end()
 })
+
+tape('refresh oauth_nonce on redirect', function(t) {
+  var oauth_nonce1, oauth_nonce2
+  var s = http.createServer(function (req, res) {
+    if (req.url === '/redirect') {
+      oauth_nonce1 = req.headers.authorization.replace(/.*oauth_nonce="([^"]+)".*/, '$1')
+      res.writeHead(302, {location:'http://localhost:6767/response'})
+      res.end()
+    } else if (req.url === '/response') {
+      oauth_nonce2 = req.headers.authorization.replace(/.*oauth_nonce="([^"]+)".*/, '$1')
+      res.writeHead(200, {'content-type':'text/plain'})
+      res.end()
+    }
+  })
+  s.listen(6767, function () {
+    var r = request.get(
+      { url: 'http://localhost:6767/redirect'
+      , oauth:
+        { consumer_key: 'consumer_key'
+        , consumer_secret: 'consumer_secret'
+        , token: 'token'
+        , token_secret: 'token_secret'
+        }
+      }, function (err, res, body) {
+        t.notEqual(oauth_nonce1, oauth_nonce2)
+        s.close(function () {
+          t.end()
+        })
+      })
+  })
+})