Author: chabotc
Date: Thu Apr 2 09:38:50 2009
New Revision: 761217
URL: http://svn.apache.org/viewvc?rev=761217&view=rev
Log:
Patch by Pan Jie:
- fixes an array_merge in the signing fetcher that generates a warning on empty
post
- adds a unittest for signed fetch post request with header
"Content-Type:application/json"
Modified:
incubator/shindig/trunk/php/src/gadgets/SigningFetcher.php
incubator/shindig/trunk/php/test/gadgets/SigningFetcherTest.php
Modified: incubator/shindig/trunk/php/src/gadgets/SigningFetcher.php
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/php/src/gadgets/SigningFetcher.php?rev=761217&r1=761216&r2=761217&view=diff
==============================================================================
--- incubator/shindig/trunk/php/src/gadgets/SigningFetcher.php (original)
+++ incubator/shindig/trunk/php/src/gadgets/SigningFetcher.php Thu Apr 2
09:38:50 2009
@@ -141,7 +141,7 @@
}
$msgParams = array();
$msgParams = array_merge($msgParams, $queryParams);
- if ($signBody) {
+ if ($signBody && isset($postParams)) {
$msgParams = array_merge($msgParams, $postParams);
}
$this->addOpenSocialParams($msgParams, $request->getToken());
Modified: incubator/shindig/trunk/php/test/gadgets/SigningFetcherTest.php
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/php/test/gadgets/SigningFetcherTest.php?rev=761217&r1=761216&r2=761217&view=diff
==============================================================================
--- incubator/shindig/trunk/php/test/gadgets/SigningFetcherTest.php (original)
+++ incubator/shindig/trunk/php/test/gadgets/SigningFetcherTest.php Thu Apr 2
09:38:50 2009
@@ -101,15 +101,37 @@
$request->setToken(BasicSecurityToken::createFromValues('owner', 'viewer',
'app', 'domain', 'appUrl', '1', 'default'));
$request->setPostBody('key=value&anotherkey=value');
$this->signingFetcher->fetchRequest($request);
+ $this->verifySignedRequest($request);
+ }
+
+ /**
+ * Tests SigningFetcher->fetchRequest
+ */
+ public function testFetchRequestForJson() {
+ $request = new RemoteContentRequest('http://example.org/signed');
+ $request->setAuthType(RemoteContentRequest::$AUTH_SIGNED);
+ $request->setToken(BasicSecurityToken::createFromValues('owner', 'viewer',
'app', 'domain', 'appUrl', '1', 'default'));
+ $request->setPostBody('{key:value}');
+ $request->setHeaders('Content-Type:application/json');
+ $this->signingFetcher->fetchRequest($request);
+ $this->verifySignedRequest($request);
+ }
+ private function verifySignedRequest(RemoteContentRequest $request) {
$url = parse_url($request->getUrl());
+ $query = array();
parse_str($url['query'], $query);
- parse_str($request->getPostBody(), $post);
+ $post = array();
+ $contentType = $request->getHeader('Content-Type');
+ if ((stripos($contentType, 'application/x-www-form-urlencoded') !== false
|| $contentType == null)) {
+ parse_str($request->getPostBody(), $post);
+ } else {
+ $this->assertEquals(sha1($request->getPostBody()),
$query['oauth_body_hash']);
+ }
$oauthRequest = OAuthRequest::from_request($request->getMethod(),
$request->getUrl(), array_merge($query, $post));
$signature_method = new MockSignatureMethod();
$signature_valid = $signature_method->check_signature($oauthRequest, null,
null, $query['oauth_signature']);
$this->assertTrue($signature_valid);
}
-
}
