Snappy

Merge lp:~mvo/snappy/snappy-oauth-quoting into lp:~snappy-dev/snappy/snappy-moved-to-github

snappy-oauth-quoting
Merge into snappy-moved-to-github

Proposed by Michael Vogt on 2015-06-03

Status:

Merged

Approved by:

Michael Vogt on 2015-06-09

Approved revision:

490

Merged at revision:

493

Proposed branch:

lp:~mvo/snappy/snappy-oauth-quoting

Merge into:

lp:~snappy-dev/snappy/snappy-moved-to-github

Diff against target:

268 lines (+164/-22)

6 files modified

gen-coverage.sh (+2/-0)
oauth/oauth.go (+80/-0)
oauth/oauth_test.go (+69/-0)
snappy/auth.go (+2/-19)
snappy/auth_test.go (+9/-2)
snappy/snapp.go (+2/-1)

To merge this branch:

bzr merge lp:~mvo/snappy/snappy-oauth-quoting

Undecided

Fix Released

Link a bug report

Reviewer	Date Requested	Status
Michael Vogt		Approve on 2015-06-09
John Lenton	2015-06-03	Approve on 2015-06-08
Review via email: mp+260909@code.launchpad.net

Commit Message

Fixes the missing oauth quoting and makes the code a bit nicer.

Description of the Change

This branch fixes the missing oauth quoting and (hopefully) makes the code a bit nicer.

We might consider backporting, but it seems that our SSO always hands out tokens that are ascii only we might be ok.

John Lenton (chipaca) wrote on 2015-06-04:

It looks like the “xxx: inefficient algorithm” quote and its associated needsEscape is duplicated.

review: Needs Fixing

John Lenton (chipaca) on 2015-06-04:

Michael Vogt (mvo) wrote on 2015-06-04:

Thanks a lot for the review! Silly me, I removed the obsolete old code that moved into the oauth/ module and improved the length checking (using the byte array now as you suggested).

John Lenton (chipaca) on 2015-06-08:

review: Approve

Snappy Tarmac (snappydevtarmac) wrote on 2015-06-08:

Download full text (5.1 KiB)

The attempt to merge lp:~mvo/snappy/snappy-oauth-quoting into lp:snappy failed. Below is the output from the failed tests.

Checking docs
Checking formatting
Installing godeps
Install golint
Obtaining dependencies
update code.google.com/p/go.crypto failed; trying to fetch newer version
update github.com/blakesmith/ar failed; trying to fetch newer version
code.google.com/p/go.crypto now at 69e2a90ed92d03812364aeb947b7068dc42e561e
update github.com/cheggaaa/pb failed; trying to fetch newer version
github.com/blakesmith/ar now at c9a977dd0cc1392b023382c7bfa5a22af8d3b730
update github.com/jessevdk/go-flags failed; trying to fetch newer version
github.com/cheggaaa/pb now at e8c7cc515bfde3e267957a3b110080ceed51354e
update github.com/mvo5/goconfigparser failed; trying to fetch newer version
github.com/jessevdk/go-flags now at 15347ef417a300349807983f15af9e65cd2e1b3a
update gopkg.in/check.v1 failed; trying to fetch newer version
github.com/mvo5/goconfigparser now at 26426272dda20cc76aa1fa44286dc743d2972fe8
update gopkg.in/yaml.v2 failed; trying to fetch newer version
gopkg.in/check.v1 now at 64131543e7896d5bcc6bd5a76287eb75ea96c673
gopkg.in/yaml.v2 now at 49c95bdc21843256fb6c4e0d370a05f24a0bf213
Building
Running tests from /home/tarmac/tmp/tmp.aROjIdAoai/src/launchpad.net/snappy
=== RUN Test
OK: 16 passed
--- PASS: Test (0.34 seconds)
PASS
coverage: 74.8% of statements
ok launchpad.net/snappy/clickdeb 0.349s coverage: 74.8% of statements
=== RUN Test
OK: 6 passed
--- PASS: Test (0.01 seconds)
PASS
coverage: 12.0% of statements
ok launchpad.net/snappy/cmd/snappy 0.020s coverage: 12.0% of statements
=== RUN Test
OK: 24 passed
--- PASS: Test (0.11 seconds)
PASS
coverage: 100.0% of statements
ok launchpad.net/snappy/coreconfig 0.113s coverage: 100.0% of statements
=== RUN Test
OK: 49 passed
--- PASS: Test (0.44 seconds)
PASS
coverage: 80.6% of statements
ok launchpad.net/snappy/helpers 0.456s coverage: 80.6% of statements
=== RUN Test
OK: 6 passed
--- PASS: Test (0.00 seconds)
PASS
coverage: 93.5% of statements
ok launchpad.net/snappy/logger 0.008s coverage: 93.5% of statements
=== RUN Test
OK: 38 passed
--- PASS: Test (0.16 seconds)
PASS
coverage: 82.2% of statements
ok launchpad.net/snappy/partition 0.166s coverage: 82.2% of statements
=== RUN Test
OK: 3 passed
--- PASS: Test (0.00 seconds)
PASS
coverage: 100.0% of statements
ok launchpad.net/snappy/pkg 0.005s coverage: 100.0% of statements
=== RUN Test
OK: 12 passed
--- PASS: Test (0.06 seconds)
PASS
coverage: 94.3% of statements
ok launchpad.net/snappy/policy 0.069s coverage: 94.3% of statements
=== RUN Test
OK: 3 passed
--- PASS: Test (0.00 seconds)
PASS
coverage: 84.8% of statements
ok launchpad.net/snappy/priv 0.006s coverage: 84.8% of statements
=== RUN Test
OK: 4 passed
--- PASS: Test (0.02 seconds)
PASS
coverage: 50.0% of statements
ok launchpad.net/snappy/progress 0.028s coverage: 50.0% of statements
=== RUN Test
OK: 6 passed
--- PASS: Test (0.00 seconds)
PASS
coverage: 100.0% of statements
ok launchpad.net/snappy/release 0.007s coverage: 100.0% of statements
=== RUN Test
OK: 257 passed
--- PASS: Test (7.83 seconds)
PASS
coverage: 80.6% of statements
ok launchpad.net/sn...

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Alan Meekins

Huang Jin

Michael Vogt

Snappy Developers

Yung Shen

 === modified file 'gen-coverage.sh'
 --- gen-coverage.sh	2015-04-18 18:50:20 +0000
 +++ gen-coverage.sh	2015-06-09 13:02:56 +0000
@@ -24,5 +24,7 @@
  	$GOPATH/bin/gocov test | $GOPATH/bin/gocov-html > $OUTPUTDIR/cov-priv.html)
  (cd release &&
  	$GOPATH/bin/gocov test | $GOPATH/bin/gocov-html > $OUTPUTDIR/cov-release.html)
++(cd oauth &&
++	$GOPATH/bin/gocov test | $GOPATH/bin/gocov-html > $OUTPUTDIR/cov-release.html)
  echo "Coverage html reports are available in $OUTPUTDIR"
 === added directory 'oauth'
 === added file 'oauth/oauth.go'
 --- oauth/oauth.go	1970-01-01 00:00:00 +0000
 +++ oauth/oauth.go	2015-06-09 13:02:56 +0000
@@ -0,0 +1,80 @@
++// -*- Mode: Go; indent-tabs-mode: t -*-
++
++/*
++ * Copyright (C) 2014-2015 Canonical Ltd
++ *
++ * This program is free software: you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License version 3 as
++ * published by the Free Software Foundation.
++ *
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
++ *
++ */
++
++package oauth
++
++import (
++	"bytes"
++	"fmt"
++	"time"
++
++	"launchpad.net/snappy/helpers"
++)
++
++// Token contains the sso token
++type Token struct {
++	TokenKey       string `json:"token_key"`
++	TokenSecret    string `json:"token_secret"`
++	ConsumerSecret string `json:"consumer_secret"`
++	ConsumerKey    string `json:"consumer_key"`
++}
++
++// see https://dev.twitter.com/oauth/overview/percent-encoding-parameters
++func needsEscape(c byte) bool {
++	return !(('A' <= c && c <= 'Z') ||
++		('a' <= c && c <= 'z') ||
++		('0' <= c && c <= '9') ||
++		(c == '-') ||
++		(c == '.') ||
++		(c == '_') ||
++		(c == '~'))
++}
++
++// quote will quote all bytes in the input string that oauth requries to
++// be quoted
++func quote(s string) string {
++	buf := bytes.NewBuffer(nil)
++	// set to worst case max size, to avoid reallocs
++	sin := []byte(s)
++	buf.Grow(len(sin) * 3)
++
++	for _, c := range sin {
++		if needsEscape(c) {
++			fmt.Fprintf(buf, "%%%02X", c)
++		} else {
++			fmt.Fprintf(buf, "%c", c)
++		}
++	}
++
++	return buf.String()
++}
++
++// FIXME: replace with a real oauth1 library - or wait until oauth2 becomes
++// available
++
++// MakePlaintextSignature makes a oauth v1 plaintext signature
++func MakePlaintextSignature(token *Token) string {
++	// hrm, rfc5849 says that nonce, timestamp are not used for PLAINTEXT
++	// but our sso server is unhappy without, so
++	nonce := helpers.MakeRandomString(60)
++	timestamp := time.Now().Unix()
++
++	s := fmt.Sprintf(`OAuth oauth_nonce="%s", oauth_timestamp="%v", oauth_version="1.0", oauth_signature_method="PLAINTEXT", oauth_consumer_key="%s", oauth_token="%s", oauth_signature="%s&%s"`, nonce, timestamp, quote(token.ConsumerKey), quote(token.TokenKey), quote(token.ConsumerSecret), quote(token.TokenSecret))
++	return s
++}
 === added file 'oauth/oauth_test.go'
 --- oauth/oauth_test.go	1970-01-01 00:00:00 +0000
 +++ oauth/oauth_test.go	2015-06-09 13:02:56 +0000
@@ -0,0 +1,69 @@
++// -*- Mode: Go; indent-tabs-mode: t -*-
++
++/*
++ * Copyright (C) 2014-2015 Canonical Ltd
++ *
++ * This program is free software: you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License version 3 as
++ * published by the Free Software Foundation.
++ *
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
++ *
++ */
++
++package oauth
++
++import (
++	"testing"
++
++	. "gopkg.in/check.v1"
++)
++
++func Test(t *testing.T) { TestingT(t) }
++
++type OAuthTestSuite struct{}
++
++var _ = Suite(&OAuthTestSuite{})
++
++func (s *OAuthTestSuite) TestMakePlaintextSignature(c *C) {
++	mockToken := Token{
++		ConsumerKey:    "consumer-key+",
++		ConsumerSecret: "consumer-secret+",
++		TokenKey:       "token-key+",
++		TokenSecret:    "token-secret+",
++	}
++	sig := MakePlaintextSignature(&mockToken)
++	c.Assert(sig, Matches, `OAuth oauth_nonce="[a-zA-Z]+", oauth_timestamp="[0-9]+", oauth_version="1.0", oauth_signature_method="PLAINTEXT", oauth_consumer_key="consumer-key%2B", oauth_token="token-key%2B", oauth_signature="consumer-secret%2B&token-secret%2B"`)
++}
++
++func (s *OAuthTestSuite) TestQuote(c *C) {
++	// see http://wiki.oauth.net/w/page/12238556/TestCases
++	c.Check(quote("abcABC123"), Equals, "abcABC123")
++	c.Check(quote("-._~"), Equals, "-._~")
++	c.Check(quote("%"), Equals, "%25")
++	c.Check(quote("+"), Equals, "%2B")
++	c.Check(quote("&=*"), Equals, "%26%3D%2A")
++	c.Check(quote("\u000A"), Equals, "%0A")
++	c.Check(quote("\u0020"), Equals, "%20")
++	c.Check(quote("\u007F"), Equals, "%7F")
++	c.Check(quote("\u0080"), Equals, "%C2%80")
++	c.Check(quote("\u3001"), Equals, "%E3%80%81")
++}
++
++func (s *OAuthTestSuite) TestNeedsEscape(c *C) {
++	for _, needed := range []byte{'?', '/', ':'} {
++		c.Check(needsEscape(needed), Equals, true)
++	}
++}
++
++func (s *OAuthTestSuite) TestNeedsNoEscape(c *C) {
++	for _, no := range []byte{'a', 'z', 'A', 'Z', '-', '.', '_', '~'} {
++		c.Check(needsEscape(no), Equals, false)
++	}
++}
 === modified file 'snappy/auth.go'
 --- snappy/auth.go	2015-05-28 11:58:30 +0000
 +++ snappy/auth.go	2015-06-09 13:02:56 +0000
@@ -26,9 +26,9 @@
  	"os"
  	"path/filepath"
  	"strings"
--	"time"
  	"launchpad.net/snappy/helpers"
++	"launchpad.net/snappy/oauth"
+ )
  var (
@@ -44,10 +44,7 @@
  	DateCreated string `json:"date_created"`
  	Href        string `json:"href"`
--	TokenKey       string `json:"token_key"`
--	TokenSecret    string `json:"token_secret"`
--	ConsumerSecret string `json:"consumer_secret"`
--	ConsumerKey    string `json:"consumer_key"`
++	oauth.Token
+ }
  type ssoMsg struct {
@@ -161,17 +158,3 @@
  	return &readStoreToken, nil
+ }
--
--// FIXME: replace with a real oauth1 library - or wait until oauth2 becomes
--// available
--//
--// minimal oauth v1 signature
--func makeOauthPlaintextSignature(req *http.Request, token *StoreToken) string {
--	// hrm, rfc5849 says that nonce, timestamp are not used for PLAINTEXT
--	// but our sso server is unhappy without, so
--	nonce := helpers.MakeRandomString(60)
--	timestamp := time.Now().Unix()
--
--	s := fmt.Sprintf(`OAuth oauth_nonce="%s", oauth_timestamp="%v", oauth_version="1.0", oauth_signature_method="PLAINTEXT", oauth_consumer_key="%s", oauth_token="%s", oauth_signature="%s%%26%s"`, nonce, timestamp, token.ConsumerKey, token.TokenKey, token.ConsumerSecret, token.TokenSecret)
--	return s
--}
 === modified file 'snappy/auth_test.go'
 --- snappy/auth_test.go	2015-06-02 20:46:07 +0000
 +++ snappy/auth_test.go	2015-06-09 13:02:56 +0000
@@ -28,6 +28,7 @@
  	"path/filepath"
  	"launchpad.net/snappy/helpers"
++	"launchpad.net/snappy/oauth"
  	. "gopkg.in/check.v1"
+ )
@@ -131,11 +132,17 @@
  func (s *SnapTestSuite) TestReadStoreToken(c *C) {
  	os.Setenv("HOME", s.tempdir)
--	mockStoreToken := StoreToken{TokenName: "meep"}
++	mockStoreToken := StoreToken{
++		TokenName: "meep",
++		Token: oauth.Token{
++			TokenKey:    "token-key",
++			TokenSecret: "token-secret",
++		},
++	}
  	err := WriteStoreToken(mockStoreToken)
  	c.Assert(err, IsNil)
  	readToken, err := ReadStoreToken()
  	c.Assert(err, IsNil)
--	c.Assert(readToken.TokenName, Equals, "meep")
++	c.Assert(readToken, DeepEquals, &mockStoreToken)
+ }
 === modified file 'snappy/snapp.go'
 --- snappy/snapp.go	2015-06-04 12:55:54 +0000
 +++ snappy/snapp.go	2015-06-09 13:02:56 +0000
@@ -41,6 +41,7 @@
  	"launchpad.net/snappy/clickdeb"
  	"launchpad.net/snappy/helpers"
  	"launchpad.net/snappy/logger"
++	"launchpad.net/snappy/oauth"
  	"launchpad.net/snappy/pkg"
  	"launchpad.net/snappy/policy"
  	"launchpad.net/snappy/progress"
@@ -1403,7 +1404,7 @@
  	// sso
  	ssoToken, err := ReadStoreToken()
  	if err == nil {
--		req.Header.Set("Authorization", makeOauthPlaintextSignature(req, ssoToken))
++		req.Header.Set("Authorization", oauth.MakePlaintextSignature(&ssoToken.Token))
+ 	}
+ }