Snappy

Merge lp:~chipaca/snappy/fix-1461262 into lp:~snappy-dev/snappy/15.04-deprecated

  1. fix-1461262
  2. Merge into 15.04-deprecated
Proposed by John Lenton on 2015-07-06
Status: Merged
Approved by: John Lenton on 2015-07-06
Approved revision: 454
Merged at revision: 454
Proposed branch: lp:~chipaca/snappy/fix-1461262
Merge into: lp:~snappy-dev/snappy/15.04-deprecated
Diff against target: 268 lines (+164/-22)
6 files modified
gen-coverage.sh (+2/-0)
oauth/oauth.go (+80/-0)
oauth/oauth_test.go (+69/-0)
snappy/auth.go (+2/-19)
snappy/auth_test.go (+9/-2)
snappy/snapp.go (+2/-1)
To merge this branch: bzr merge lp:~chipaca/snappy/fix-1461262
Reviewer Review Type Date Requested Status
Ricardo Salveti (community) 2015-07-06 Approve on 2015-07-06
Review via email: mp+263917@code.launchpad.net

Commit Message

Cherry picked r493 to fix oauth quoting. Fixes LP:1461262.

To post a comment you must log in.
Ricardo Salveti (rsalveti) wrote :

Looks good, seems a simple cherry-pick.

review: Approve
Snappy Tarmac (snappydevtarmac) wrote :
Download full text (6.7 KiB)

The attempt to merge lp:~chipaca/snappy/fix-1461262 into lp:snappy/15.04 failed. Below is the output from the failed tests.

Checking formatting
Installing godeps
Install golint
Obtaining dependencies
update code.google.com/p/go.crypto failed; trying to fetch newer version
update github.com/blakesmith/ar failed; trying to fetch newer version
code.google.com/p/go.crypto now at 69e2a90ed92d03812364aeb947b7068dc42e561e
update github.com/cheggaaa/pb failed; trying to fetch newer version
github.com/blakesmith/ar now at c9a977dd0cc1392b023382c7bfa5a22af8d3b730
update github.com/jessevdk/go-flags failed; trying to fetch newer version
github.com/cheggaaa/pb now at e8c7cc515bfde3e267957a3b110080ceed51354e
update github.com/juju/loggo failed; trying to fetch newer version
github.com/jessevdk/go-flags now at 15347ef417a300349807983f15af9e65cd2e1b3a
update github.com/mvo5/goconfigparser failed; trying to fetch newer version
github.com/juju/loggo now at 4c7cbce140ca070eeb59a28f4bf9507e511711f9
update gopkg.in/yaml.v2 failed; trying to fetch newer version
github.com/mvo5/goconfigparser now at 26426272dda20cc76aa1fa44286dc743d2972fe8
update launchpad.net/gocheck failed; trying to fetch newer version
gopkg.in/yaml.v2 now at 49c95bdc21843256fb6c4e0d370a05f24a0bf213
launchpad.net/gocheck now at <email address hidden>
Building
Running tests from /home/tarmac/tmp/tmp.P97papwbg0/src/launchpad.net/snappy
=== RUN Test
OK: 10 passed
--- PASS: Test (0.42 seconds)
PASS
coverage: 79.9% of statements
ok launchpad.net/snappy/clickdeb 0.422s coverage: 79.9% of statements
=== RUN Test
OK: 6 passed
--- PASS: Test (0.07 seconds)
PASS
coverage: 12.7% of statements
ok launchpad.net/snappy/cmd/snappy 0.079s coverage: 12.7% of statements
=== RUN Test
OK: 24 passed
--- PASS: Test (0.12 seconds)
PASS
coverage: 100.0% of statements
ok launchpad.net/snappy/coreconfig 0.126s coverage: 100.0% of statements
=== RUN Test
OK: 33 passed
--- PASS: Test (1.42 seconds)
PASS
coverage: 74.0% of statements
ok launchpad.net/snappy/helpers 1.424s coverage: 74.0% of statements
=== RUN Test
OK: 7 passed
--- PASS: Test (0.04 seconds)
PASS
coverage: 92.5% of statements
ok launchpad.net/snappy/logger 0.044s coverage: 92.5% of statements
=== RUN Test
OK: 38 passed
--- PASS: Test (0.23 seconds)
PASS
coverage: 82.2% of statements
ok launchpad.net/snappy/partition 0.236s coverage: 82.2% of statements
=== RUN Test
OK: 12 passed
--- PASS: Test (0.08 seconds)
PASS
coverage: 87.8% of statements
ok launchpad.net/snappy/policy 0.087s coverage: 87.8% of statements
=== RUN Test
OK: 3 passed
--- PASS: Test (0.00 seconds)
PASS
coverage: 84.8% of statements
ok launchpad.net/snappy/priv 0.012s coverage: 84.8% of statements
=== RUN Test
OK: 4 passed
--- PASS: Test (0.01 seconds)
PASS
coverage: 50.0% of statements
ok launchpad.net/snappy/progress 0.017s coverage: 50.0% of statements
=== RUN Test
OK: 6 passed
--- PASS: Test (0.00 seconds)
PASS
coverage: 100.0% of statements
ok launchpad.net/snappy/release 0.006s coverage: 100.0% of statements
=== RUN Test
2015-07-06 18:33:22 ERROR snappy logger.go:199 hello-app.potato failed to install: a package by that name is already ...

Read more...

lp:~chipaca/snappy/fix-1461262 updated on 2015-07-06
454. By John Lenton on 2015-07-06

15.04 still on gocheck

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'gen-coverage.sh'
2--- gen-coverage.sh 2015-04-18 18:50:20 +0000
3+++ gen-coverage.sh 2015-07-06 19:00:33 +0000
4@@ -24,5 +24,7 @@
5 $GOPATH/bin/gocov test | $GOPATH/bin/gocov-html > $OUTPUTDIR/cov-priv.html)
6 (cd release &&
7 $GOPATH/bin/gocov test | $GOPATH/bin/gocov-html > $OUTPUTDIR/cov-release.html)
8+(cd oauth &&
9+ $GOPATH/bin/gocov test | $GOPATH/bin/gocov-html > $OUTPUTDIR/cov-release.html)
10
11 echo "Coverage html reports are available in $OUTPUTDIR"
12
13=== added directory 'oauth'
14=== added file 'oauth/oauth.go'
15--- oauth/oauth.go 1970-01-01 00:00:00 +0000
16+++ oauth/oauth.go 2015-07-06 19:00:33 +0000
17@@ -0,0 +1,80 @@
18+// -*- Mode: Go; indent-tabs-mode: t -*-
19+
20+/*
21+ * Copyright (C) 2014-2015 Canonical Ltd
22+ *
23+ * This program is free software: you can redistribute it and/or modify
24+ * it under the terms of the GNU General Public License version 3 as
25+ * published by the Free Software Foundation.
26+ *
27+ * This program is distributed in the hope that it will be useful,
28+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
29+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
30+ * GNU General Public License for more details.
31+ *
32+ * You should have received a copy of the GNU General Public License
33+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
34+ *
35+ */
36+
37+package oauth
38+
39+import (
40+ "bytes"
41+ "fmt"
42+ "time"
43+
44+ "launchpad.net/snappy/helpers"
45+)
46+
47+// Token contains the sso token
48+type Token struct {
49+ TokenKey string `json:"token_key"`
50+ TokenSecret string `json:"token_secret"`
51+ ConsumerSecret string `json:"consumer_secret"`
52+ ConsumerKey string `json:"consumer_key"`
53+}
54+
55+// see https://dev.twitter.com/oauth/overview/percent-encoding-parameters
56+func needsEscape(c byte) bool {
57+ return !(('A' <= c && c <= 'Z') ||
58+ ('a' <= c && c <= 'z') ||
59+ ('0' <= c && c <= '9') ||
60+ (c == '-') ||
61+ (c == '.') ||
62+ (c == '_') ||
63+ (c == '~'))
64+}
65+
66+// quote will quote all bytes in the input string that oauth requries to
67+// be quoted
68+func quote(s string) string {
69+ buf := bytes.NewBuffer(nil)
70+ // set to worst case max size, to avoid reallocs
71+ sin := []byte(s)
72+ buf.Grow(len(sin) * 3)
73+
74+ for _, c := range sin {
75+ if needsEscape(c) {
76+ fmt.Fprintf(buf, "%%%02X", c)
77+ } else {
78+ fmt.Fprintf(buf, "%c", c)
79+ }
80+ }
81+
82+ return buf.String()
83+}
84+
85+// FIXME: replace with a real oauth1 library - or wait until oauth2 becomes
86+// available
87+
88+// MakePlaintextSignature makes a oauth v1 plaintext signature
89+func MakePlaintextSignature(token *Token) string {
90+ // hrm, rfc5849 says that nonce, timestamp are not used for PLAINTEXT
91+ // but our sso server is unhappy without, so
92+ nonce := helpers.MakeRandomString(60)
93+ timestamp := time.Now().Unix()
94+
95+ s := fmt.Sprintf(`OAuth oauth_nonce="%s", oauth_timestamp="%v", oauth_version="1.0", oauth_signature_method="PLAINTEXT", oauth_consumer_key="%s", oauth_token="%s", oauth_signature="%s&%s"`, nonce, timestamp, quote(token.ConsumerKey), quote(token.TokenKey), quote(token.ConsumerSecret), quote(token.TokenSecret))
96+ return s
97+}
98
99=== added file 'oauth/oauth_test.go'
100--- oauth/oauth_test.go 1970-01-01 00:00:00 +0000
101+++ oauth/oauth_test.go 2015-07-06 19:00:33 +0000
102@@ -0,0 +1,69 @@
103+// -*- Mode: Go; indent-tabs-mode: t -*-
104+
105+/*
106+ * Copyright (C) 2014-2015 Canonical Ltd
107+ *
108+ * This program is free software: you can redistribute it and/or modify
109+ * it under the terms of the GNU General Public License version 3 as
110+ * published by the Free Software Foundation.
111+ *
112+ * This program is distributed in the hope that it will be useful,
113+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
114+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
115+ * GNU General Public License for more details.
116+ *
117+ * You should have received a copy of the GNU General Public License
118+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
119+ *
120+ */
121+
122+package oauth
123+
124+import (
125+ "testing"
126+
127+ . "launchpad.net/gocheck"
128+)
129+
130+func Test(t *testing.T) { TestingT(t) }
131+
132+type OAuthTestSuite struct{}
133+
134+var _ = Suite(&OAuthTestSuite{})
135+
136+func (s *OAuthTestSuite) TestMakePlaintextSignature(c *C) {
137+ mockToken := Token{
138+ ConsumerKey: "consumer-key+",
139+ ConsumerSecret: "consumer-secret+",
140+ TokenKey: "token-key+",
141+ TokenSecret: "token-secret+",
142+ }
143+ sig := MakePlaintextSignature(&mockToken)
144+ c.Assert(sig, Matches, `OAuth oauth_nonce="[a-zA-Z]+", oauth_timestamp="[0-9]+", oauth_version="1.0", oauth_signature_method="PLAINTEXT", oauth_consumer_key="consumer-key%2B", oauth_token="token-key%2B", oauth_signature="consumer-secret%2B&token-secret%2B"`)
145+}
146+
147+func (s *OAuthTestSuite) TestQuote(c *C) {
148+ // see http://wiki.oauth.net/w/page/12238556/TestCases
149+ c.Check(quote("abcABC123"), Equals, "abcABC123")
150+ c.Check(quote("-._~"), Equals, "-._~")
151+ c.Check(quote("%"), Equals, "%25")
152+ c.Check(quote("+"), Equals, "%2B")
153+ c.Check(quote("&=*"), Equals, "%26%3D%2A")
154+ c.Check(quote("\u000A"), Equals, "%0A")
155+ c.Check(quote("\u0020"), Equals, "%20")
156+ c.Check(quote("\u007F"), Equals, "%7F")
157+ c.Check(quote("\u0080"), Equals, "%C2%80")
158+ c.Check(quote("\u3001"), Equals, "%E3%80%81")
159+}
160+
161+func (s *OAuthTestSuite) TestNeedsEscape(c *C) {
162+ for _, needed := range []byte{'?', '/', ':'} {
163+ c.Check(needsEscape(needed), Equals, true)
164+ }
165+}
166+
167+func (s *OAuthTestSuite) TestNeedsNoEscape(c *C) {
168+ for _, no := range []byte{'a', 'z', 'A', 'Z', '-', '.', '_', '~'} {
169+ c.Check(needsEscape(no), Equals, false)
170+ }
171+}
172
173=== modified file 'snappy/auth.go'
174--- snappy/auth.go 2015-03-26 09:12:58 +0000
175+++ snappy/auth.go 2015-07-06 19:00:33 +0000
176@@ -24,9 +24,9 @@
177 "os"
178 "path/filepath"
179 "strings"
180- "time"
181
182 "launchpad.net/snappy/helpers"
183+ "launchpad.net/snappy/oauth"
184 )
185
186 var (
187@@ -42,10 +42,7 @@
188 DateCreated string `json:"date_created"`
189 Href string `json:"href"`
190
191- TokenKey string `json:"token_key"`
192- TokenSecret string `json:"token_secret"`
193- ConsumerSecret string `json:"consumer_secret"`
194- ConsumerKey string `json:"consumer_key"`
195+ oauth.Token
196 }
197
198 type ssoMsg struct {
199@@ -159,17 +156,3 @@
200
201 return &readStoreToken, nil
202 }
203-
204-// FIXME: replace with a real oauth1 library - or wait until oauth2 becomes
205-// available
206-//
207-// minimal oauth v1 signature
208-func makeOauthPlaintextSignature(req *http.Request, token *StoreToken) string {
209- // hrm, rfc5849 says that nonce, timestamp are not used for PLAINTEXT
210- // but our sso server is unhappy without, so
211- nonce := helpers.MakeRandomString(60)
212- timestamp := time.Now().Unix()
213-
214- s := fmt.Sprintf(`OAuth oauth_nonce="%s", oauth_timestamp="%v", oauth_version="1.0", oauth_signature_method="PLAINTEXT", oauth_consumer_key="%s", oauth_token="%s", oauth_signature="%s%%26%s"`, nonce, timestamp, token.ConsumerKey, token.TokenKey, token.ConsumerSecret, token.TokenSecret)
215- return s
216-}
217
218=== modified file 'snappy/auth_test.go'
219--- snappy/auth_test.go 2015-03-26 09:12:58 +0000
220+++ snappy/auth_test.go 2015-07-06 19:00:33 +0000
221@@ -26,6 +26,7 @@
222 "path/filepath"
223
224 "launchpad.net/snappy/helpers"
225+ "launchpad.net/snappy/oauth"
226
227 . "launchpad.net/gocheck"
228 )
229@@ -129,11 +130,17 @@
230
231 func (s *SnapTestSuite) TestReadStoreToken(c *C) {
232 os.Setenv("HOME", s.tempdir)
233- mockStoreToken := StoreToken{TokenName: "meep"}
234+ mockStoreToken := StoreToken{
235+ TokenName: "meep",
236+ Token: oauth.Token{
237+ TokenKey: "token-key",
238+ TokenSecret: "token-secret",
239+ },
240+ }
241 err := WriteStoreToken(mockStoreToken)
242 c.Assert(err, IsNil)
243
244 readToken, err := ReadStoreToken()
245 c.Assert(err, IsNil)
246- c.Assert(readToken.TokenName, Equals, "meep")
247+ c.Assert(readToken, DeepEquals, &mockStoreToken)
248 }
249
250=== modified file 'snappy/snapp.go'
251--- snappy/snapp.go 2015-06-03 19:34:38 +0000
252+++ snappy/snapp.go 2015-07-06 19:00:33 +0000
253@@ -38,6 +38,7 @@
254
255 "launchpad.net/snappy/clickdeb"
256 "launchpad.net/snappy/helpers"
257+ "launchpad.net/snappy/oauth"
258 "launchpad.net/snappy/policy"
259 "launchpad.net/snappy/progress"
260 "launchpad.net/snappy/release"
261@@ -1111,7 +1112,7 @@
262 // sso
263 ssoToken, err := ReadStoreToken()
264 if err == nil {
265- req.Header.Set("Authorization", makeOauthPlaintextSignature(req, ssoToken))
266+ req.Header.Set("Authorization", oauth.MakePlaintextSignature(&ssoToken.Token))
267 }
268 }
269

Subscribers

People subscribed via source and target branches

to all changes: