From 6fac3c2f0c86853764c58112b2a6cd554434ce68 Mon Sep 17 00:00:00 2001 From: Brad Date: Tue, 24 Mar 2020 10:32:01 -0600 Subject: [PATCH 1/2] Allow apps to generate a signatureBase directly --- auther.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/auther.go b/auther.go index a4b1252..fd638f8 100644 --- a/auther.go +++ b/auther.go @@ -275,10 +275,10 @@ func collectParameters(req *http.Request, oauthParams map[string]string) (map[st return params, nil } -// signatureBase combines the uppercase request method, percent encoded base +// SignatureBase combines the uppercase request method, percent encoded base // string URI, and normalizes the request parameters int a parameter string. // Returns the OAuth1 signature base string according to RFC5849 3.4.1. -func signatureBase(req *http.Request, params map[string]string) string { +func SignatureBase(req *http.Request, params map[string]string) string { method := strings.ToUpper(req.Method) baseURL := baseURI(req) parameterString := normalizedParameterString(params) From 8eea4379911fb0895f037cd18ba9d1cf2e545bee Mon Sep 17 00:00:00 2001 From: Brad Date: Tue, 24 Mar 2020 10:50:44 -0600 Subject: [PATCH 2/2] Update SignatureBase usages --- auther.go | 6 +++--- auther_test.go | 2 +- reference_test.go | 2 +- validator.go | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/auther.go b/auther.go index fd638f8..0715015 100644 --- a/auther.go +++ b/auther.go @@ -73,7 +73,7 @@ func (a *auther) setRequestTokenAuthHeader(req *http.Request) error { oauthParams[oauthBodyHash] = bodyHash } - signatureBase := signatureBase(req, params) + signatureBase := SignatureBase(req, params) signature, err := a.signer().Sign("", signatureBase) if err != nil { return err @@ -102,7 +102,7 @@ func (a *auther) setAccessTokenAuthHeader(req *http.Request, requestToken, reque oauthParams[oauthBodyHash] = bodyHash } - signatureBase := signatureBase(req, params) + signatureBase := SignatureBase(req, params) signature, err := a.signer().Sign(requestSecret, signatureBase) if err != nil { return err @@ -129,7 +129,7 @@ func (a *auther) setRequestAuthHeader(req *http.Request, accessToken *Token) err return err } - signatureBase := signatureBase(req, params) + signatureBase := SignatureBase(req, params) signature, err := a.signer().Sign(tokenSecret, signatureBase) if err != nil { return err diff --git a/auther_test.go b/auther_test.go index 84f0d3e..08edb94 100644 --- a/auther_test.go +++ b/auther_test.go @@ -250,7 +250,7 @@ func TestSignatureBase(t *testing.T) { } // assert that method is uppercased, base uri rules applied, queries added, joined by & for _, c := range cases { - base := signatureBase(c.req, c.params) + base := SignatureBase(c.req, c.params) assert.Equal(t, c.signatureBase, base) } } diff --git a/reference_test.go b/reference_test.go index 94afcfe..a0f7994 100644 --- a/reference_test.go +++ b/reference_test.go @@ -135,7 +135,7 @@ func TestTwitterSignatureBase(t *testing.T) { oauthParams := auther.commonOAuthParams() oauthParams[oauthTokenParam] = expectedTwitterOAuthToken params, err := collectParameters(req, oauthParams) - signatureBase := signatureBase(req, params) + signatureBase := SignatureBase(req, params) // assert that the signature base string matches the reference // checks that method is uppercased, url is encoded, parameter string is added, all joined by & expectedSignatureBase := "POST&https%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses%2Fupdate.json&include_entities%3Dtrue%26oauth_consumer_key%3Dxvz1evFS4wEEPTGEFPHBog%26oauth_nonce%3DkYjzVBB8Y0ZFabxSWbWovY3uYSQ2pTgmZeNu2VS4cg%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1318622958%26oauth_token%3D370773112-GmHxMAgYyLbNEtIKZeRNFsMKPR9EyMZeS9weJAEb%26oauth_version%3D1.0%26status%3DHello%2520Ladies%2520%252B%2520Gentlemen%252C%2520a%2520signed%2520OAuth%2520request%2521" diff --git a/validator.go b/validator.go index 32c3f76..7177a67 100644 --- a/validator.go +++ b/validator.go @@ -122,7 +122,7 @@ func (r providerRequest) checkSignature(signer Signer) error { if signer == nil { return errSignatureMismatch } - base := signatureBase(r.req, r.oauthParams) + base := SignatureBase(r.req, r.oauthParams) signature, err := signer.Sign("", base) if err != nil { return err