Author: etnu
Date: Tue Apr 15 00:49:58 2008
New Revision: 648154
URL: http://svn.apache.org/viewvc?rev=648154&view=rev
Log:
Applying various OAuth patches contributed by Brian Eaton & Dirk Balfanz.
Specific issues covered:
SHINDIG-159
SHINDIG-183
SHINDIG-184
SHINDIG-191
Thank you both very much!
Added:
incubator/shindig/trunk/features/oauth/
incubator/shindig/trunk/features/oauth/feature.xml
incubator/shindig/trunk/javascript/samplecontainer/examples/new.gif (with
props)
Modified:
incubator/shindig/trunk/features/core.io/io.js
incubator/shindig/trunk/features/features.txt
incubator/shindig/trunk/java/gadgets/pom.xml
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/RemoteContentRequest.java
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/BasicOAuthStore.java
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/GadgetOAuthTokenStore.java
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthFetcher.java
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthFetcherFactory.java
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthStore.java
incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/BasicOAuthStoreTest.java
incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/GadgetTokenStoreTest.java
incubator/shindig/trunk/javascript/samplecontainer/examples/oauth.xml
Modified: incubator/shindig/trunk/features/core.io/io.js
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/features/core.io/io.js?rev=648154&r1=648153&r2=648154&view=diff
==============================================================================
--- incubator/shindig/trunk/features/core.io/io.js (original)
+++ incubator/shindig/trunk/features/core.io/io.js Tue Apr 15 00:49:58 2008
@@ -131,40 +131,43 @@
approvalUrl: data.approvalUrl,
errors: []
};
- switch (params.CONTENT_TYPE) {
- case "JSON":
- case "FEED":
- resp.data = gadgets.json.parse(resp.text);
- if (!resp.data) {
- resp.errors.push("failed to parse JSON");
- resp.data = null;
- }
- break;
- case "DOM":
- var dom;
- if (window.ActiveXObject) {
- dom = new ActiveXObject("Microsoft.XMLDOM");
- dom.async = false;
- dom.validateOnParse = false;
- dom.resolveExternals = false;
- if (!dom.loadXML(resp.text)) {
- resp.errors.push("failed to parse XML");
- } else {
- resp.data = dom;
+
+ if (resp.text) {
+ switch (params.CONTENT_TYPE) {
+ case "JSON":
+ case "FEED":
+ resp.data = gadgets.json.parse(resp.text);
+ if (!resp.data) {
+ resp.errors.push("failed to parse JSON");
+ resp.data = null;
}
- } else {
- var parser = new DOMParser();
- dom = parser.parseFromString(resp.text, "text/xml");
- if ("parsererror" === dom.documentElement.nodeName) {
- resp.errors.push("failed to parse XML");
+ break;
+ case "DOM":
+ var dom;
+ if (window.ActiveXObject) {
+ dom = new ActiveXObject("Microsoft.XMLDOM");
+ dom.async = false;
+ dom.validateOnParse = false;
+ dom.resolveExternals = false;
+ if (!dom.loadXML(resp.text)) {
+ resp.errors.push("failed to parse XML");
+ } else {
+ resp.data = dom;
+ }
} else {
- resp.data = dom;
+ var parser = new DOMParser();
+ dom = parser.parseFromString(resp.text, "text/xml");
+ if ("parsererror" === dom.documentElement.nodeName) {
+ resp.errors.push("failed to parse XML");
+ } else {
+ resp.data = dom;
+ }
}
- }
- break;
- default:
- resp.data = resp.text;
- break;
+ break;
+ default:
+ resp.data = resp.text;
+ break;
+ }
}
return resp;
Modified: incubator/shindig/trunk/features/features.txt
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/features/features.txt?rev=648154&r1=648153&r2=648154&view=diff
==============================================================================
--- incubator/shindig/trunk/features/features.txt (original)
+++ incubator/shindig/trunk/features/features.txt Tue Apr 15 00:49:58 2008
@@ -15,3 +15,4 @@
features/skins/feature.xml
features/tabs/feature.xml
features/views/feature.xml
+features/oauth/feature.xml
Added: incubator/shindig/trunk/features/oauth/feature.xml
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/features/oauth/feature.xml?rev=648154&view=auto
==============================================================================
--- incubator/shindig/trunk/features/oauth/feature.xml (added)
+++ incubator/shindig/trunk/features/oauth/feature.xml Tue Apr 15 00:49:58 2008
@@ -0,0 +1,25 @@
+<?xml version="1.0"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations under the License.
+-->
+<feature>
+<!--
+Required configuration:
+-->
+
+ <name>oauth</name>
+</feature>
Modified: incubator/shindig/trunk/java/gadgets/pom.xml
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/pom.xml?rev=648154&r1=648153&r2=648154&view=diff
==============================================================================
--- incubator/shindig/trunk/java/gadgets/pom.xml (original)
+++ incubator/shindig/trunk/java/gadgets/pom.xml Tue Apr 15 00:49:58 2008
@@ -63,12 +63,12 @@
</webResources>
</configuration>
<executions>
- <execution>
- <phase>package</phase>
- <goals>
- <goal>war</goal>
- </goals>
- </execution>
+ <execution>
+ <phase>package</phase>
+ <goals>
+ <goal>war</goal>
+ </goals>
+ </execution>
</executions>
</plugin>
<plugin>
@@ -297,7 +297,7 @@
<dependency>
<groupId>net.oauth</groupId>
<artifactId>core</artifactId>
- <version>20080229</version>
+ <version>20080328</version>
<scope>compile</scope>
</dependency>
<dependency>
Modified:
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/RemoteContentRequest.java
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/RemoteContentRequest.java?rev=648154&r1=648153&r2=648154&view=diff
==============================================================================
---
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/RemoteContentRequest.java
(original)
+++
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/RemoteContentRequest.java
Tue Apr 15 00:49:58 2008
@@ -70,7 +70,7 @@
}
private final String contentType;
- private final static String DEFAULT_CONTENT_TYPE
+ public final static String DEFAULT_CONTENT_TYPE
= "application/x-www-form-urlencoded; charset=utf-8";
/**
Modified:
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/BasicOAuthStore.java
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/BasicOAuthStore.java?rev=648154&r1=648153&r2=648154&view=diff
==============================================================================
---
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/BasicOAuthStore.java
(original)
+++
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/BasicOAuthStore.java
Tue Apr 15 00:49:58 2008
@@ -128,6 +128,7 @@
AccessorInfo result = new AccessorInfo();
result.setHttpMethod(provInfo.getHttpMethod());
+ result.setParamLocation(provInfo.getParamLocation());
ConsumerKeyAndSecret consumerKeyAndSecret = provInfo.getKeyAndSecret();
Modified:
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/GadgetOAuthTokenStore.java
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/GadgetOAuthTokenStore.java?rev=648154&r1=648153&r2=648154&view=diff
==============================================================================
---
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/GadgetOAuthTokenStore.java
(original)
+++
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/GadgetOAuthTokenStore.java
Tue Apr 15 00:49:58 2008
@@ -76,6 +76,15 @@
// name of the Param that identifies the user authorization URL
public static final String AUTHORIZE_URL = "authorize_url";
+ // name of the Param that identifies the location of OAuth parameters
+ public static final String OAUTH_PARAM_LOCATION = "param_location";
+
+ public static final String AUTH_HEADER = "auth_header";
+ public static final String POST_BODY = "post_body";
+ public static final String URI_QUERY = "uri_query";
+
+ public static final String DEFAULT_OAUTH_PARAM_LOCATION = AUTH_HEADER;
+
// we use POST if no HTTP method is specified for access and request URLs
// (user authorization always uses GET)
private static final String DEFAULT_HTTP_METHOD = "POST";
@@ -279,8 +288,44 @@
message);
}
+ String paramLocationStr = getOAuthParameter(oauthParams,
+ OAUTH_PARAM_LOCATION,
+ true);
+ if (paramLocationStr == null) {
+ paramLocationStr = DEFAULT_OAUTH_PARAM_LOCATION;
+ }
+
+ OAuthStore.OAuthParamLocation paramLocation;
+ if (paramLocationStr.equalsIgnoreCase(POST_BODY)) {
+ paramLocation = OAuthStore.OAuthParamLocation.POST_BODY;
+ } else if (paramLocationStr.equalsIgnoreCase(AUTH_HEADER)) {
+ paramLocation = OAuthStore.OAuthParamLocation.AUTH_HEADER;
+ } else if (paramLocationStr.equalsIgnoreCase(URI_QUERY)) {
+ paramLocation = OAuthStore.OAuthParamLocation.URI_QUERY;
+ } else {
+ String message = new StringBuilder()
+ .append("unknown OAuth param location in gadget spec: ")
+ .append(paramLocationStr)
+ .toString();
+ log.warning(message);
+ throw new GadgetException(GadgetException.Code.INVALID_PARAMETER,
+ message);
+ }
+
+ if (httpMethod == OAuthStore.HttpMethod.GET &&
+ paramLocation == OAuthStore.OAuthParamLocation.POST_BODY) {
+ String message = new StringBuilder()
+ .append("found incompatible param_location requirement of ")
+ .append("POST_BODY and http method GET.")
+ .toString();
+ log.warning(message);
+ throw new GadgetException(GadgetException.Code.INVALID_PARAMETER,
+ message);
+ }
+
OAuthStore.ProviderInfo provInfo = new OAuthStore.ProviderInfo();
provInfo.setHttpMethod(httpMethod);
+ provInfo.setParamLocation(paramLocation);
// TODO: for now, we'll just set the signature type to HMAC_SHA1
// as this will be ignored later on when retrieving consumer information.
Modified:
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthFetcher.java
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthFetcher.java?rev=648154&r1=648153&r2=648154&view=diff
==============================================================================
---
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthFetcher.java
(original)
+++
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthFetcher.java
Tue Apr 15 00:49:58 2008
@@ -25,6 +25,7 @@
import org.apache.shindig.gadgets.RemoteContent;
import org.apache.shindig.gadgets.RemoteContentFetcher;
import org.apache.shindig.gadgets.RemoteContentRequest;
+import org.apache.shindig.gadgets.RemoteContentRequest.Options;
import org.apache.shindig.util.BlobCrypter;
import org.apache.shindig.util.BlobCrypterException;
@@ -55,7 +56,7 @@
private static final String ACCESS_TOKEN_KEY = "a";
private static final String ACCESS_TOKEN_SECRET_KEY = "as";
private static final String OWNER_KEY = "o";
-
+
// names for the JSON values we return to the client
public static final String CLIENT_STATE = "oauthState";
public static final String APPROVAL_URL = "approvalUrl";
@@ -229,7 +230,7 @@
return (accessorInfo.getAccessor().requestToken == null
&& accessorInfo.getAccessor().accessToken == null);
}
-
+
/**
* Make sure the user is authorized to approve access tokens. At the moment
* we restrict this to page owner's viewing their own pages.
@@ -309,22 +310,94 @@
return newRequestMessage(method, url, params);
}
+ private String getAuthorizationHeader(
+ List<Map.Entry<String, String>> oauthParams) {
+ StringBuilder result = new StringBuilder("OAuth ");
+
+ boolean first = true;
+ for (Map.Entry<String, String> parameter : oauthParams) {
+ if (!first) {
+ result.append(", ");
+ } else {
+ first = false;
+ }
+ result.append(OAuth.percentEncode(parameter.getKey()))
+ .append("=\"")
+ .append(OAuth.percentEncode(parameter.getValue()))
+ .append('"');
+ }
+ return result.toString();
+ }
+
+ private RemoteContentRequest createRemoteContentRequest(
+ List<Map.Entry<String, String>> oauthParams, String method,
+ String url, Map<String, List<String>> headers, String contentType,
+ String postBody, Options options)
+ throws IOException, URISyntaxException, GadgetException {
+
+ OAuthStore.OAuthParamLocation paramLocation =
+ accessorInfo.getParamLocation();
+
+ HashMap<String, List<String>> newHeaders =
+ new HashMap<String, List<String>>();
+
+ // paramLocation could be overriden by a run-time parameter to fetchRequest
+
+ switch (paramLocation) {
+ case AUTH_HEADER:
+ if (headers != null) {
+ newHeaders.putAll(headers);
+ }
+ List<String> authHeader = new ArrayList<String>();
+ authHeader.add(getAuthorizationHeader(oauthParams));
+ newHeaders.put("Authorization", authHeader);
+ break;
+
+ case POST_BODY:
+ if (!OAuth.isFormEncoded(contentType)) {
+ throw new GadgetException(GadgetException.Code.INVALID_PARAMETER,
+ "OAuth param location can only be post_body if post body if of "
+
+ "type x-www-form-urlencoded");
+ }
+ if (postBody == null || postBody.length() == 0) {
+ postBody = OAuth.formEncode(oauthParams);
+ } else {
+ postBody = new StringBuilder()
+ .append(postBody)
+ .append("&")
+ .append(OAuth.formEncode(oauthParams))
+ .toString();
+ }
+ break;
+
+ case URI_QUERY:
+ url = OAuth.addParameters(url, oauthParams);
+ break;
+ }
+
+ byte[] postBodyBytes = (postBody == null)
+ ? null
+ : postBody.getBytes("UTF-8");
+
+ return new RemoteContentRequest(method, new URI(url), newHeaders,
+ postBodyBytes, options);
+ }
+
/**
* Sends OAuth request token and access token messages.
*/
private OAuthMessage sendOAuthMessage(OAuthMessage request)
throws IOException, URISyntaxException, GadgetException {
- String params = "";
- String url = request.URL;
- if (accessorInfo.getHttpMethod() == OAuthStore.HttpMethod.GET) {
- url = OAuth.addParameters(url, request.getParameters());
- } else {
- params = OAuth.formEncode(request.getParameters());
- }
RemoteContentRequest rcr =
- new RemoteContentRequest(request.method, new URI(url), null,
- params.getBytes(), RemoteContentRequest.DEFAULT_OPTIONS);
+ createRemoteContentRequest(filterOAuthParams(request),
+ request.method,
+ request.URL,
+ null,
+ RemoteContentRequest.DEFAULT_CONTENT_TYPE,
+ null,
+ RemoteContentRequest.DEFAULT_OPTIONS);
+
RemoteContent content = nextFetcher.fetch(rcr);
OAuthMessage reply = new OAuthMessage(null, null, null);
reply.addParameters(OAuth.decodeForm(content.getResponseAsString()));
@@ -431,7 +504,9 @@
private RemoteContent fetchData() throws GadgetException {
try {
List<OAuth.Parameter> msgParams =
- OAuth.decodeForm(realRequest.getPostBodyAsString());
+ OAuth.isFormEncoded(realRequest.getContentType())
+ ? OAuth.decodeForm(realRequest.getPostBodyAsString())
+ : new ArrayList<OAuth.Parameter>();
String method = realRequest.getMethod();
@@ -439,22 +514,16 @@
OAuthMessage oauthRequest = newRequestMessage(
method, realRequest.getUri().toASCIIString(), msgParams);
- // Convert the signed message to a RemoteContentRequest
- String url = oauthRequest.URL;
- byte postBytes[] = null;
- if (method.equals("POST")) {
- postBytes = OAuth.formEncode(oauthRequest.getParameters()).getBytes();
- } else {
- url = OAuth.addParameters(url, oauthRequest.getParameters());
- }
+ return nextFetcher.fetch(
+ createRemoteContentRequest(
+ filterOAuthParams(oauthRequest),
+ realRequest.getMethod(),
+ realRequest.getUri().toASCIIString(),
+ realRequest.getAllHeaders(),
+ realRequest.getContentType(),
+ realRequest.getPostBodyAsString(),
+ realRequest.getOptions()));
- RemoteContentRequest rcr = new RemoteContentRequest(
- realRequest.getMethod(),
- new URI(url),
- realRequest.getAllHeaders(),
- postBytes,
- realRequest.getOptions());
- return nextFetcher.fetch(rcr);
} catch (UnsupportedEncodingException e) {
throw new GadgetException(GadgetException.Code.INTERNAL_SERVER_ERROR, e);
} catch (IOException e) {
@@ -465,7 +534,37 @@
throw new GadgetException(GadgetException.Code.INTERNAL_SERVER_ERROR, e);
}
}
-
+
+ /**
+ * Extracts only those parameters from an OAuthMessage that are
OAuth-related.
+ * An OAuthMessage may hold a whole bunch of non-OAuth-related parameters
+ * because they were all needed for signing. But when constructing a request
+ * we need to be able to extract just the OAuth-related parameters because
+ * they, and only they, may have to be put into an Authorization: header or
+ * some such thing.
+ *
+ * @param message the OAuthMessage object, which holds non-OAuth parameters
+ * such as foo=bar (which may have been in the original URI query part, or
+ * perhaps in the POST body), as well as OAuth-related parameters (such as
+ * oauth_timestamp or oauth_signature).
+ *
+ * @return a list that contains only the oauth_related parameters.
+ *
+ * @throws IOException
+ */
+ private List<Map.Entry<String, String>>
+ filterOAuthParams(OAuthMessage message) throws IOException {
+ List<Map.Entry<String, String>> result =
+ new ArrayList<Map.Entry<String, String>>();
+ for (Map.Entry<String, String> param : message.getParameters()) {
+ if (param.getKey().toLowerCase().startsWith("oauth")
+ || param.getKey().toLowerCase().startsWith("xoauth")) {
+ result.add(param);
+ }
+ }
+ return result;
+ }
+
@Override
public Map<String, String> getResponseMetadata() {
Map<String, String> extra = new HashMap<String, String>();
Modified:
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthFetcherFactory.java
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthFetcherFactory.java?rev=648154&r1=648153&r2=648154&view=diff
==============================================================================
---
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthFetcherFactory.java
(original)
+++
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthFetcherFactory.java
Tue Apr 15 00:49:58 2008
@@ -28,6 +28,9 @@
import com.google.inject.Inject;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
/**
* Produces OAuth content fetchers for input tokens.
*/
@@ -39,20 +42,28 @@
/** persistent storage for OAuth tokens */
protected GadgetOAuthTokenStore tokenStore;
+ private static final Logger logger
+ = Logger.getLogger(OAuthFetcherFactory.class.getName());
+
/**
* Initialize the OAuth factory with a default implementation of
* BlobCrypter and consumer keys/secrets read from oauth.js
*/
@Inject
- public OAuthFetcherFactory(@GadgetSpecFetcher RemoteContentFetcher fetcher)
- throws GadgetException {
- this.oauthCrypter = new BasicBlobCrypter(
- Crypto.getRandomBytes(BasicBlobCrypter.MASTER_KEY_MIN_LEN));
-
- BasicGadgetOAuthTokenStore basicStore =
- new BasicGadgetOAuthTokenStore(new BasicOAuthStore());
- basicStore.initFromConfigFile(fetcher);
- tokenStore = basicStore;
+ public OAuthFetcherFactory(@GadgetSpecFetcher RemoteContentFetcher fetcher) {
+ try {
+ this.oauthCrypter = new BasicBlobCrypter(
+ Crypto.getRandomBytes(BasicBlobCrypter.MASTER_KEY_MIN_LEN));
+
+ BasicGadgetOAuthTokenStore basicStore =
+ new BasicGadgetOAuthTokenStore(new BasicOAuthStore());
+ basicStore.initFromConfigFile(fetcher);
+ tokenStore = basicStore;
+ } catch (Throwable t) {
+ // Since this happens at startup, we don't want to kill the server just
+ // because we can't initialize the OAuth config.
+ logger.log(Level.WARNING, "Failed to initialize OAuth", t);
+ }
}
/**
Modified:
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthStore.java
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthStore.java?rev=648154&r1=648153&r2=648154&view=diff
==============================================================================
---
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthStore.java
(original)
+++
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthStore.java
Tue Apr 15 00:49:58 2008
@@ -151,11 +151,24 @@
public static enum HttpMethod { GET, POST }
public static enum SignatureType {HMAC_SHA1, RSA_SHA1, PLAINTEXT}
public static enum KeyType { HMAC_SYMMETRIC, RSA_PRIVATE }
+ public static enum OAuthParamLocation {
+ AUTH_HEADER,
+ POST_BODY,
+ URI_QUERY
+ }
public static class AccessorInfo {
OAuthAccessor accessor;
HttpMethod httpMethod;
SignatureType signatureType;
+ OAuthParamLocation paramLocation;
+
+ public OAuthParamLocation getParamLocation() {
+ return paramLocation;
+ }
+ public void setParamLocation(OAuthParamLocation paramLocation) {
+ this.paramLocation = paramLocation;
+ }
public OAuthAccessor getAccessor() {
return accessor;
}
@@ -245,12 +258,19 @@
private OAuthServiceProvider provider;
private HttpMethod httpMethod;
private SignatureType signatureType;
+ private OAuthParamLocation paramLocation;
// this can be null if we have not negotiated a consumer key and secret
// yet with the provider, or if we decided that we want to use a global
// public key
private ConsumerKeyAndSecret keyAndSecret;
+ public OAuthParamLocation getParamLocation() {
+ return paramLocation;
+ }
+ public void setParamLocation(OAuthParamLocation paramLocation) {
+ this.paramLocation = paramLocation;
+ }
public ConsumerKeyAndSecret getKeyAndSecret() {
return keyAndSecret;
}
Modified:
incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/BasicOAuthStoreTest.java
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/BasicOAuthStoreTest.java?rev=648154&r1=648153&r2=648154&view=diff
==============================================================================
---
incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/BasicOAuthStoreTest.java
(original)
+++
incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/BasicOAuthStoreTest.java
Tue Apr 15 00:49:58 2008
@@ -86,6 +86,7 @@
info.setHttpMethod(OAuthStore.HttpMethod.GET);
info.setSignatureType(OAuthStore.SignatureType.HMAC_SHA1);
info.setProvider(provider);
+ info.setParamLocation(OAuthStore.OAuthParamLocation.AUTH_HEADER);
////////////////////////////////////////////////////////////////////////////
// first, the case where we don't have a consumer key/secret
@@ -104,6 +105,10 @@
OAuthAccessor accessor = accessorInfo.getAccessor();
+ assertSame(info.getHttpMethod(), accessorInfo.getHttpMethod());
+ assertSame(OAuthStore.OAuthParamLocation.AUTH_HEADER,
+ accessorInfo.getParamLocation());
+
assertEquals("accesstoken", accessor.accessToken);
assertEquals("tokensecret", accessor.tokenSecret);
assertEquals(defaultKey, accessor.consumer.consumerKey);
@@ -141,6 +146,7 @@
"negotiatedsecret",
OAuthStore.KeyType.HMAC_SYMMETRIC);
info.setKeyAndSecret(kas);
+ info.setParamLocation(OAuthStore.OAuthParamLocation.POST_BODY);
control.reset();
control.checkOrder(false);
@@ -153,6 +159,9 @@
accessorInfo = noDefaultStore.getOAuthAccessor(tokenKey);
control.verify();
+
+ assertSame(OAuthStore.OAuthParamLocation.POST_BODY,
+ accessorInfo.getParamLocation());
accessor = accessorInfo.getAccessor();
Modified:
incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/GadgetTokenStoreTest.java
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/GadgetTokenStoreTest.java?rev=648154&r1=648153&r2=648154&view=diff
==============================================================================
---
incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/GadgetTokenStoreTest.java
(original)
+++
incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/GadgetTokenStoreTest.java
Tue Apr 15 00:49:58 2008
@@ -60,6 +60,10 @@
" GET\n" +
" </Param>\n" +
" \n" +
+ " <Param name=\"param_location\">\n" +
+ " uri_query\n" +
+ " </Param>\n" +
+ " \n" +
" <Param name=\"authorize_url\">\n" +
" http://www.netflix.com.notreally/authorize\n"; +
" </Param>\n" +
@@ -97,6 +101,8 @@
sb.append(expectedInfo.getProvider().userAuthorizationURL);
sb.append(", http_method: ");
sb.append(expectedInfo.getHttpMethod());
+ sb.append(", param_location: ");
+ sb.append(expectedInfo.getParamLocation());
sb.append(", signature_type: ");
sb.append(expectedInfo.getSignatureType());
sb.append(')');
@@ -110,6 +116,8 @@
OAuthStore.ProviderInfo actualInfo = (OAuthStore.ProviderInfo)actual;
return (actualInfo.getHttpMethod() == expectedInfo.getHttpMethod())
+ && (actualInfo.getParamLocation()
+ == expectedInfo.getParamLocation())
&& (actualInfo.getSignatureType()
== expectedInfo.getSignatureType())
&& actualInfo.getProvider().accessTokenURL.equals(
@@ -250,6 +258,8 @@
assertEquals(OAuthStore.HttpMethod.GET, provInfo.getHttpMethod());
assertEquals(OAuthStore.SignatureType.HMAC_SHA1,
provInfo.getSignatureType());
+ assertEquals(OAuthStore.OAuthParamLocation.URI_QUERY,
+ provInfo.getParamLocation());
// now, let's change the spec a bit
Added: incubator/shindig/trunk/javascript/samplecontainer/examples/new.gif
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/javascript/samplecontainer/examples/new.gif?rev=648154&view=auto
==============================================================================
Binary file - no diff available.
Propchange: incubator/shindig/trunk/javascript/samplecontainer/examples/new.gif
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Modified: incubator/shindig/trunk/javascript/samplecontainer/examples/oauth.xml
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/javascript/samplecontainer/examples/oauth.xml?rev=648154&r1=648153&r2=648154&view=diff
==============================================================================
--- incubator/shindig/trunk/javascript/samplecontainer/examples/oauth.xml
(original)
+++ incubator/shindig/trunk/javascript/samplecontainer/examples/oauth.xml Tue
Apr 15 00:49:58 2008
@@ -2,7 +2,7 @@
<Module>
<ModulePrefs title="Pankow Gadget">
- <Optional feature="oauth">
+ <Require feature="oauth">
<Param name="service_name">
demo
</Param>
@@ -23,7 +23,7 @@
<Param name="authorize_url">
http://localhost:9090/oauth-provider/authorize
</Param>
- </Optional>
+ </Require>
</ModulePrefs>
<Content type="html">
