Hello community, here is the log from the commit of package nodejs-oauth-sign for openSUSE:Factory checked in at 2015-06-30 10:17:54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/nodejs-oauth-sign (Old) and /work/SRC/openSUSE:Factory/.nodejs-oauth-sign.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "nodejs-oauth-sign" Changes: -------- --- /work/SRC/openSUSE:Factory/nodejs-oauth-sign/nodejs-oauth-sign.changes 2015-04-27 13:03:14.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.nodejs-oauth-sign.new/nodejs-oauth-sign.changes 2015-06-30 10:17:56.000000000 +0200 @@ -1,0 +2,5 @@ +Sat Jun 27 06:42:32 UTC 2015 - [email protected] + +- update version 0.8.0 + +------------------------------------------------------------------- Old: ---- oauth-sign-0.4.0.tgz New: ---- oauth-sign-0.8.0.tgz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ nodejs-oauth-sign.spec ++++++ --- /var/tmp/diff_new_pack.1pTsTe/_old 2015-06-30 10:17:56.000000000 +0200 +++ /var/tmp/diff_new_pack.1pTsTe/_new 2015-06-30 10:17:56.000000000 +0200 @@ -19,7 +19,7 @@ %define base_name oauth-sign Name: nodejs-oauth-sign -Version: 0.4.0 +Version: 0.8.0 Release: 0 Summary: OAuth 1 signing License: Apache-2.0 ++++++ oauth-sign-0.4.0.tgz -> oauth-sign-0.8.0.tgz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/package/index.js new/package/index.js --- old/package/index.js 2013-09-24 00:58:43.000000000 +0200 +++ new/package/index.js 2015-05-28 12:33:40.000000000 +0200 @@ -6,6 +6,10 @@ return crypto.createHmac('sha1', key).update(body).digest('base64') } +function rsa (key, body) { + return crypto.createSign("RSA-SHA1").update(body).sign(key, 'base64'); +} + function rfc3986 (str) { return encodeURIComponent(str) .replace(/!/g,'%21') @@ -26,6 +30,9 @@ if (Array.isArray(val)) for (var i = 0; i < val.length; i++) arr.push([key, val[i]]) + else if (typeof val === "object") + for (var prop in val) + arr.push([key + '[' + prop + ']', val[prop]]); else arr.push([key, val]) } @@ -37,7 +44,7 @@ return a > b ? 1 : a < b ? -1 : 0 } -function hmacsign (httpMethod, base_uri, params, consumer_secret, token_secret) { +function generateBase (httpMethod, base_uri, params) { // adapted from https://dev.twitter.com/docs/auth/oauth and // https://dev.twitter.com/docs/auth/creating-signature @@ -69,6 +76,11 @@ rfc3986(normalized) ].join('&') + return base +} + +function hmacsign (httpMethod, base_uri, params, consumer_secret, token_secret) { + var base = generateBase(httpMethod, base_uri, params) var key = [ consumer_secret || '', token_secret || '' @@ -77,5 +89,46 @@ return sha1(key, base) } +function rsasign (httpMethod, base_uri, params, private_key, token_secret) { + var base = generateBase(httpMethod, base_uri, params) + var key = private_key || '' + + return rsa(key, base) +} + +function plaintext (consumer_secret, token_secret) { + var key = [ + consumer_secret || '', + token_secret || '' + ].map(rfc3986).join('&') + + return key +} + +function sign (signMethod, httpMethod, base_uri, params, consumer_secret, token_secret) { + var method + var skipArgs = 1 + + switch (signMethod) { + case 'RSA-SHA1': + method = rsasign + break + case 'HMAC-SHA1': + method = hmacsign + break + case 'PLAINTEXT': + method = plaintext + skipArgs = 4 + break + default: + throw new Error("Signature method not supported: " + signMethod) + } + + return method.apply(null, [].slice.call(arguments, skipArgs)) +} + exports.hmacsign = hmacsign +exports.rsasign = rsasign +exports.plaintext = plaintext +exports.sign = sign exports.rfc3986 = rfc3986 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/package/package.json new/package/package.json --- old/package/package.json 2013-09-24 00:58:45.000000000 +0200 +++ new/package/package.json 2015-05-28 12:41:43.000000000 +0200 @@ -2,7 +2,8 @@ "author": "Mikeal Rogers <[email protected]> (http://www.futurealoof.com)", "name": "oauth-sign", "description": "OAuth 1 signing. Formerly a vendor lib in mikeal/request, now a standalone module.", - "version": "0.4.0", + "version": "0.8.0", + "license": "Apache-2.0", "repository": { "url": "https://github.com/mikeal/oauth-sign"; }, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/package/test.js new/package/test.js --- old/package/test.js 2013-09-24 00:58:43.000000000 +0200 +++ new/package/test.js 2015-05-28 12:33:40.000000000 +0200 @@ -1,4 +1,5 @@ -var hmacsign = require('./index').hmacsign +var oauth = require('./index') + , hmacsign = oauth.hmacsign , assert = require('assert') , qs = require('querystring') ; @@ -46,6 +47,21 @@ console.log('yOahq5m0YjDDjfjxHaXEsW9D+X0=') assert.equal(upsign, 'yOahq5m0YjDDjfjxHaXEsW9D+X0=') +// handle objects in params (useful for Wordpress REST API) +var upsign = hmacsign('POST', 'http://wordpress.com/wp-json', + { oauth_consumer_key: "GDdmIQH6jhtmLUypg82g" + , oauth_nonce: "oElnnMTQIZvqvlfXM56aBLAf5noGD0AQR3Fmi7Q6Y" + , oauth_signature_method: "HMAC-SHA1" + , oauth_token: "819797-Jxq8aYUDRmykzVKrgoLhXSq67TEa5ruc4GJC2rWimw" + , oauth_timestamp: "1272325550" + , oauth_version: "1.0" + , filter: { number: "-1" } + }, "MCD8BKwGdgPHvAuvgvz4EQpqDAtx89grbuNMRd7Eh98", "J6zix3FfA9LofH0awS24M3HcBYXO5nI1iYe8EfBA") + +console.log(upsign) +console.log('YrJFBdwnjuIitGpKrxLUplcuuUQ=') +assert.equal(upsign, 'YrJFBdwnjuIitGpKrxLUplcuuUQ=') + // example in rfc5849 var params = qs.parse('b5=%3D%253D&a3=a&c%40=&a2=r%20b' + '&' + 'c2&a3=2+q') params.oauth_consumer_key = '9djdj82h48djs9d2' @@ -61,3 +77,13 @@ console.log('r6/TJjbCOr97/+UU0NsvSne7s5g=') assert.equal(rfc5849sign, 'r6/TJjbCOr97/+UU0NsvSne7s5g=') + +// PLAINTEXT + +var plainSign = oauth.sign('PLAINTEXT', 'GET', 'http://dummy.com', {}, 'consumer_secret', 'token_secret') +console.log(plainSign) +assert.equal(plainSign, 'consumer_secret&token_secret') + +plainSign = oauth.plaintext('consumer_secret', 'token_secret') +console.log(plainSign) +assert.equal(plainSign, 'consumer_secret&token_secret')
