Author: chabotc
Date: Wed Apr 1 09:52:41 2009
New Revision: 760832
URL: http://svn.apache.org/viewvc?rev=760832&view=rev
Log:
Patch by Pan Jie:
- Adds support for the headers option to makeRequest
- Fixes the signing fetcher to use the get query params and post body from the
$request object and not from the superglobal vars ($_GET/$_POST)
- Add's tests for the signing fetcher
Added:
incubator/shindig/trunk/php/test/gadgets/SigningFetcherTest.php
Modified:
incubator/shindig/trunk/php/src/common/RemoteContentRequest.php
incubator/shindig/trunk/php/src/gadgets/GadgetFeatureRegistry.php
incubator/shindig/trunk/php/src/gadgets/ProxyBase.php
incubator/shindig/trunk/php/src/gadgets/SigningFetcher.php
Modified: incubator/shindig/trunk/php/src/common/RemoteContentRequest.php
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/php/src/common/RemoteContentRequest.php?rev=760832&r1=760831&r2=760832&view=diff
==============================================================================
--- incubator/shindig/trunk/php/src/common/RemoteContentRequest.php (original)
+++ incubator/shindig/trunk/php/src/common/RemoteContentRequest.php Wed Apr 1
09:52:41 2009
@@ -172,7 +172,14 @@
}
public function getMethod() {
- return $this->method;
+ if ($this->method) {
+ return $this->method;
+ }
+ if ($this->postBody) {
+ return 'POST';
+ } else {
+ return 'GET';
+ }
}
public function setMethod($method) {
Modified: incubator/shindig/trunk/php/src/gadgets/GadgetFeatureRegistry.php
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/php/src/gadgets/GadgetFeatureRegistry.php?rev=760832&r1=760831&r2=760832&view=diff
==============================================================================
--- incubator/shindig/trunk/php/src/gadgets/GadgetFeatureRegistry.php (original)
+++ incubator/shindig/trunk/php/src/gadgets/GadgetFeatureRegistry.php Wed Apr
1 09:52:41 2009
@@ -138,6 +138,9 @@
}
// And make sure non-core features depend on core.
foreach ($this->features as $key => $entry) {
+ if ($entry == null) {
+ continue;
+ }
if (strtolower(substr($entry['name'], 0, strlen('core'))) != 'core') {
$this->features[$key]['deps'] = array_merge($entry['deps'],
$this->coreFeatures);
}
Modified: incubator/shindig/trunk/php/src/gadgets/ProxyBase.php
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/php/src/gadgets/ProxyBase.php?rev=760832&r1=760831&r2=760832&view=diff
==============================================================================
--- incubator/shindig/trunk/php/src/gadgets/ProxyBase.php (original)
+++ incubator/shindig/trunk/php/src/gadgets/ProxyBase.php Wed Apr 1 09:52:41
2009
@@ -94,6 +94,9 @@
$token = $this->context->extractAndValidateToken($signer);
$request->setToken($token);
}
+ if (isset($_POST['headers'])) {
+ $request->setHeaders($_POST['headers']);
+ }
return $request;
}
Modified: incubator/shindig/trunk/php/src/gadgets/SigningFetcher.php
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/php/src/gadgets/SigningFetcher.php?rev=760832&r1=760831&r2=760832&view=diff
==============================================================================
--- incubator/shindig/trunk/php/src/gadgets/SigningFetcher.php (original)
+++ incubator/shindig/trunk/php/src/gadgets/SigningFetcher.php Wed Apr 1
09:52:41 2009
@@ -114,22 +114,16 @@
// any OAuth or OpenSocial parameters injected by the client
$parsedUri = parse_url($url);
$resource = $url;
- $queryParams = $this->sanitize($_GET);
- $postParams = $this->sanitize($_POST);
- // The data that is supposed to be posted to the target page is
contained in the postData field
- // in the $_POST to the Shindig proxy server
- // Here we parse it and put it into the $postDataParams array which then
is merged into the postParams
- // to be used for the GET/POST request and the building of the signature
- $postDataParams = array();
- if (isset($_POST['postData']) && count($postDataParts = split('&',
urldecode($_POST['postData']))) > 0) {
- foreach ($postDataParts as $postDataPart) {
- $position = strpos($postDataPart, '=');
- $key = substr($postDataPart, 0, $position);
- $value = substr($postDataPart, $position + 1);
- $postDataParams[$key] = $value;
- }
+ $queryParams = array();
+ if (isset($parsedUri['query'])) {
+ parse_str($parsedUri['query'], $queryParams);
+ $queryParams = $this->sanitize($queryParams);
+ }
+ $postParams = array();
+ if ($request->getPostBody()) {
+ parse_str($request->getPostBody(), $postParams);
+ $postParams = $this->sanitize($postParams);
}
- $postParams = array_merge($postParams, $this->sanitize($postDataParams));
$msgParams = array();
$msgParams = array_merge($msgParams, $queryParams);
$msgParams = array_merge($msgParams, $postParams);
@@ -176,11 +170,7 @@
// the normal form encoding scheme, so we have to use the OAuth library
// formEncode method.
$url = $parsedUri['scheme'] . '://' . $parsedUri['host'] .
(isset($parsedUri['port']) ? ':' . $parsedUri['port'] : '') .
$parsedUri['path'] . '?' . $newQuery;
- // The headers are transmitted in the POST-data array in the field
'headers'
- // if no post should be made, the value should be false for this
parameter
- $postHeaders = ((isset($_POST['headers']) && $method == 'POST') ?
$_POST['headers'] : false);
$request->setUri($url);
- $request->setHeaders($postHeaders);
$request->setPostBody($postData);
} catch (Exception $e) {
throw new GadgetException($e);
Added: incubator/shindig/trunk/php/test/gadgets/SigningFetcherTest.php
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/php/test/gadgets/SigningFetcherTest.php?rev=760832&view=auto
==============================================================================
--- incubator/shindig/trunk/php/test/gadgets/SigningFetcherTest.php (added)
+++ incubator/shindig/trunk/php/test/gadgets/SigningFetcherTest.php Wed Apr 1
09:52:41 2009
@@ -0,0 +1,115 @@
+<?php
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+require_once 'src/gadgets/oauth/OAuth.php';
+
+class MockSignatureMethod extends OAuthSignatureMethod_RSA_SHA1 {
+ protected function fetch_public_cert(&$request) {
+ return <<<EOD
+-----BEGIN CERTIFICATE-----
+MIICsDCCAhmgAwIBAgIJALlpyqPEjwvvMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQwHhcNMDkwNDAxMDgzMzQzWhcNMTIwMzMxMDgzMzQzWjBF
+MQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50
+ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
+gQD8pipiScqep1T8e531ieuseKR1GPaVWmduMBXzrIhMYfD2x+hWy6ocGkcNxVIE
+dopIo238YtSde/T3JiSE/Ho5uQ/os4mzVM+uZSkNyknZkzEmCkIg+kz6P91SMF5j
+ioxdRcT0rg7d+DvsUd2Gt3UPdMf1GtcBGd8bxfjuNQQtyQIDAQABo4GnMIGkMB0G
+A1UdDgQWBBQNTYnsqvzJ192fs03xJhjwlIVOQTB1BgNVHSMEbjBsgBQNTYnsqvzJ
+192fs03xJhjwlIVOQaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUt
+U3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJALlpyqPE
+jwvvMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEA2HUzlfAvZ1ELSa1V
+k1QBQQWEnXI7ST7jtsqflyErJW2SekMu0ReLAeVqYkVfeJG/7FZ18i7/LMOEV6uY
+3k3kOKRcgbfa/k1j3siRbpNdyD3qzGxo3ggtE32P7l8IdWLkWcMvkAqfROXhay5W
+nbpJMipy62GBW7yBbG+ypSasgI0=
+-----END CERTIFICATE-----
+EOD;
+ }
+}
+
+/**
+ * SigningFetcher test case.
+ */
+class SigningFetcherTest extends PHPUnit_Framework_TestCase {
+
+ /**
+ * @var SigningFetcher
+ */
+ private $signingFetcher;
+
+ /**
+ * Prepares the environment before running a test.
+ */
+ protected function setUp() {
+ parent::setUp();
+ $private_key = <<<EOD
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,2BB1348F45867303
+
+9+e/kJCKUTnJLrNYY1iSjX+e6IVPo31dN20ab3O1BknT5c28PLjJbQkJz479VCX8
+zJen/OyugesHXiQe5skPaG6+xwWGnztIxjHCLT5WtRE755UT3K83IeDde1zsK9xy
+Iy8aRZbfBKCkgriIRNgD496gaVgEOGljEhCCIBLWERNZntcGmaBmN6CUdg75uuTI
+HMX+2cA68yzRx31cU6EYdzB2vN93aLNuPI1u2ebFe7kuNYhW3d9Bc5MJh7iQdOfO
+Yf94Xuic+2vIvwxi30Htz0wTBmTdEolDsSWzuyj7pjtUa0zZqaawCwLMYJFtz8lm
+M2c5PXv8VvLBFIsTXWdy5+qDWMeROl1PaSDQ7HfAq8BtwNqV2yMKLE6cwHIWbYr/
+lyIcBEhAZ8jfM81AWCgyAyeGSi4xGoCljxptExEwVzBJGjH93Ly6M7tjLBLmEQJM
+nGmcY/3lmSMQIbxHV4ktXukPMrYYaTu5DW9jE+sNUHj+iUN/jJMTdOGh8zUtOQTs
+qGuZBJbmjxdfSogCBL3f+JqOtRYUIIsZWEgb/AC10PC4pBit+9Cs9Z1LDMynFjKH
+kGX/qgro2rPLiqR8o2dI/wCIa5sJhUT5vFC5N+Jn0jyhROK+eom4yEF0xX3DxSZY
+iiclKgIOL/iB7FYEYFO17kUjFj8g53QWKh4tML/UG4GTIetNjD2u8wbobE7SxzZf
+HHJXc4OblK/6GVpLn7yxZ5/EG7vtX/R4aPA70VFSkJYUd0xHWjUihss+9/TSIj/K
+Cgpm3sdinamuC5b40tVhFhrfZyfUlqmssjU1nOsbnS+EqFgQJimbDg==
+-----END RSA PRIVATE KEY-----
+EOD;
+ $rsa_private_key = @openssl_pkey_get_private($private_key, 'shindig');
+ $basicFetcher = $this->getMock('RemoteContentFetcher');
+ $this->signingFetcher = SigningFetcher::makeFromPrivateKey($basicFetcher,
'http://shindig/public.cer', $rsa_private_key);
+ }
+
+ /**
+ * Cleans up the environment after running a test.
+ */
+ protected function tearDown() {
+ $this->Substitutions = null;
+ parent::tearDown();
+ }
+
+ /**
+ * Tests SigningFetcher->fetchRequest
+ */
+ public function testFetchRequest() {
+ $request = new RemoteContentRequest('http://example.org/signed');
+ $request->setAuthType(RemoteContentRequest::$AUTH_SIGNED);
+ $request->setToken(BasicSecurityToken::createFromValues('owner', 'viewer',
'app', 'domain', 'appUrl', '1', 'default'));
+ $request->setPostBody('key=value&anotherkey=value');
+ $this->signingFetcher->fetchRequest($request);
+
+ $url = parse_url($request->getUrl());
+ parse_str($url['query'], $query);
+ parse_str($request->getPostBody(), $post);
+ $oauthRequest = OAuthRequest::from_request($request->getMethod(),
$request->getUrl(), array_merge($query, $post));
+ $signature_method = new MockSignatureMethod();
+ $signature_valid = $signature_method->check_signature($oauthRequest, null,
null, $query['oauth_signature']);
+ $this->assertTrue($signature_valid);
+ }
+
+}
+
