Snappy

Merge lp:~mvo/snappy/snappy-oauth-quoting into lp:~snappy-dev/snappy/snappy-moved-to-github

  1. snappy-oauth-quoting
  2. Merge into snappy-moved-to-github
Proposed by Michael Vogt
Status: Merged
Approved by: Michael Vogt
Approved revision: 490
Merged at revision: 493
Proposed branch: lp:~mvo/snappy/snappy-oauth-quoting
Merge into: lp:~snappy-dev/snappy/snappy-moved-to-github
Diff against target: 268 lines (+164/-22)
6 files modified
gen-coverage.sh (+2/-0)
oauth/oauth.go (+80/-0)
oauth/oauth_test.go (+69/-0)
snappy/auth.go (+2/-19)
snappy/auth_test.go (+9/-2)
snappy/snapp.go (+2/-1)
To merge this branch: bzr merge lp:~mvo/snappy/snappy-oauth-quoting
Reviewer Review Type Date Requested Status
Michael Vogt (community) Approve
John Lenton (community) Approve
Review via email: mp+260909@code.launchpad.net

Commit message

Fixes the missing oauth quoting and makes the code a bit nicer.

Description of the change

This branch fixes the missing oauth quoting and (hopefully) makes the code a bit nicer.

We might consider backporting, but it seems that our SSO always hands out tokens that are ascii only we might be ok.

To post a comment you must log in.
Revision history for this message
John Lenton (chipaca) wrote :

It looks like the “xxx: inefficient algorithm” quote and its associated needsEscape is duplicated.

review: Needs Fixing
Revision history for this message
John Lenton (chipaca) :
Revision history for this message
Michael Vogt (mvo) wrote :

Thanks a lot for the review! Silly me, I removed the obsolete old code that moved into the oauth/ module and improved the length checking (using the byte array now as you suggested).

Revision history for this message
John Lenton (chipaca) :
review: Approve
Revision history for this message
Snappy Tarmac (snappydevtarmac) wrote :
Download full text (5.1 KiB)

The attempt to merge lp:~mvo/snappy/snappy-oauth-quoting into lp:snappy failed. Below is the output from the failed tests.

Checking docs
Checking formatting
Installing godeps
Install golint
Obtaining dependencies
update code.google.com/p/go.crypto failed; trying to fetch newer version
update github.com/blakesmith/ar failed; trying to fetch newer version
code.google.com/p/go.crypto now at 69e2a90ed92d03812364aeb947b7068dc42e561e
update github.com/cheggaaa/pb failed; trying to fetch newer version
github.com/blakesmith/ar now at c9a977dd0cc1392b023382c7bfa5a22af8d3b730
update github.com/jessevdk/go-flags failed; trying to fetch newer version
github.com/cheggaaa/pb now at e8c7cc515bfde3e267957a3b110080ceed51354e
update github.com/mvo5/goconfigparser failed; trying to fetch newer version
github.com/jessevdk/go-flags now at 15347ef417a300349807983f15af9e65cd2e1b3a
update gopkg.in/check.v1 failed; trying to fetch newer version
github.com/mvo5/goconfigparser now at 26426272dda20cc76aa1fa44286dc743d2972fe8
update gopkg.in/yaml.v2 failed; trying to fetch newer version
gopkg.in/check.v1 now at 64131543e7896d5bcc6bd5a76287eb75ea96c673
gopkg.in/yaml.v2 now at 49c95bdc21843256fb6c4e0d370a05f24a0bf213
Building
Running tests from /home/tarmac/tmp/tmp.aROjIdAoai/src/launchpad.net/snappy
=== RUN Test
OK: 16 passed
--- PASS: Test (0.34 seconds)
PASS
coverage: 74.8% of statements
ok launchpad.net/snappy/clickdeb 0.349s coverage: 74.8% of statements
=== RUN Test
OK: 6 passed
--- PASS: Test (0.01 seconds)
PASS
coverage: 12.0% of statements
ok launchpad.net/snappy/cmd/snappy 0.020s coverage: 12.0% of statements
=== RUN Test
OK: 24 passed
--- PASS: Test (0.11 seconds)
PASS
coverage: 100.0% of statements
ok launchpad.net/snappy/coreconfig 0.113s coverage: 100.0% of statements
=== RUN Test
OK: 49 passed
--- PASS: Test (0.44 seconds)
PASS
coverage: 80.6% of statements
ok launchpad.net/snappy/helpers 0.456s coverage: 80.6% of statements
=== RUN Test
OK: 6 passed
--- PASS: Test (0.00 seconds)
PASS
coverage: 93.5% of statements
ok launchpad.net/snappy/logger 0.008s coverage: 93.5% of statements
=== RUN Test
OK: 38 passed
--- PASS: Test (0.16 seconds)
PASS
coverage: 82.2% of statements
ok launchpad.net/snappy/partition 0.166s coverage: 82.2% of statements
=== RUN Test
OK: 3 passed
--- PASS: Test (0.00 seconds)
PASS
coverage: 100.0% of statements
ok launchpad.net/snappy/pkg 0.005s coverage: 100.0% of statements
=== RUN Test
OK: 12 passed
--- PASS: Test (0.06 seconds)
PASS
coverage: 94.3% of statements
ok launchpad.net/snappy/policy 0.069s coverage: 94.3% of statements
=== RUN Test
OK: 3 passed
--- PASS: Test (0.00 seconds)
PASS
coverage: 84.8% of statements
ok launchpad.net/snappy/priv 0.006s coverage: 84.8% of statements
=== RUN Test
OK: 4 passed
--- PASS: Test (0.02 seconds)
PASS
coverage: 50.0% of statements
ok launchpad.net/snappy/progress 0.028s coverage: 50.0% of statements
=== RUN Test
OK: 6 passed
--- PASS: Test (0.00 seconds)
PASS
coverage: 100.0% of statements
ok launchpad.net/snappy/release 0.007s coverage: 100.0% of statements
=== RUN Test
OK: 257 passed
--- PASS: Test (7.83 seconds)
PASS
coverage: 80.6% of statements
ok launchpad.net/sn...

Read more...

lp:~mvo/snappy/snappy-oauth-quoting updated
488. By Michael Vogt

merged lp:snappy

489. By Michael Vogt

oauth/oauth_test.go: oauth/oauth_test.go->gopkg.in/check.v1

490. By Michael Vogt

gen-coverage.sh: add oauth to coverage check

Revision history for this message
Michael Vogt (mvo) :
review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'gen-coverage.sh'
2--- gen-coverage.sh 2015-04-18 18:50:20 +0000
3+++ gen-coverage.sh 2015-06-09 13:02:56 +0000
4@@ -24,5 +24,7 @@
5 $GOPATH/bin/gocov test | $GOPATH/bin/gocov-html > $OUTPUTDIR/cov-priv.html)
6 (cd release &&
7 $GOPATH/bin/gocov test | $GOPATH/bin/gocov-html > $OUTPUTDIR/cov-release.html)
8+(cd oauth &&
9+ $GOPATH/bin/gocov test | $GOPATH/bin/gocov-html > $OUTPUTDIR/cov-release.html)
10
11 echo "Coverage html reports are available in $OUTPUTDIR"
12
13=== added directory 'oauth'
14=== added file 'oauth/oauth.go'
15--- oauth/oauth.go 1970-01-01 00:00:00 +0000
16+++ oauth/oauth.go 2015-06-09 13:02:56 +0000
17@@ -0,0 +1,80 @@
18+// -*- Mode: Go; indent-tabs-mode: t -*-
19+
20+/*
21+ * Copyright (C) 2014-2015 Canonical Ltd
22+ *
23+ * This program is free software: you can redistribute it and/or modify
24+ * it under the terms of the GNU General Public License version 3 as
25+ * published by the Free Software Foundation.
26+ *
27+ * This program is distributed in the hope that it will be useful,
28+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
29+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
30+ * GNU General Public License for more details.
31+ *
32+ * You should have received a copy of the GNU General Public License
33+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
34+ *
35+ */
36+
37+package oauth
38+
39+import (
40+ "bytes"
41+ "fmt"
42+ "time"
43+
44+ "launchpad.net/snappy/helpers"
45+)
46+
47+// Token contains the sso token
48+type Token struct {
49+ TokenKey string `json:"token_key"`
50+ TokenSecret string `json:"token_secret"`
51+ ConsumerSecret string `json:"consumer_secret"`
52+ ConsumerKey string `json:"consumer_key"`
53+}
54+
55+// see https://dev.twitter.com/oauth/overview/percent-encoding-parameters
56+func needsEscape(c byte) bool {
57+ return !(('A' <= c && c <= 'Z') ||
58+ ('a' <= c && c <= 'z') ||
59+ ('0' <= c && c <= '9') ||
60+ (c == '-') ||
61+ (c == '.') ||
62+ (c == '_') ||
63+ (c == '~'))
64+}
65+
66+// quote will quote all bytes in the input string that oauth requries to
67+// be quoted
68+func quote(s string) string {
69+ buf := bytes.NewBuffer(nil)
70+ // set to worst case max size, to avoid reallocs
71+ sin := []byte(s)
72+ buf.Grow(len(sin) * 3)
73+
74+ for _, c := range sin {
75+ if needsEscape(c) {
76+ fmt.Fprintf(buf, "%%%02X", c)
77+ } else {
78+ fmt.Fprintf(buf, "%c", c)
79+ }
80+ }
81+
82+ return buf.String()
83+}
84+
85+// FIXME: replace with a real oauth1 library - or wait until oauth2 becomes
86+// available
87+
88+// MakePlaintextSignature makes a oauth v1 plaintext signature
89+func MakePlaintextSignature(token *Token) string {
90+ // hrm, rfc5849 says that nonce, timestamp are not used for PLAINTEXT
91+ // but our sso server is unhappy without, so
92+ nonce := helpers.MakeRandomString(60)
93+ timestamp := time.Now().Unix()
94+
95+ s := fmt.Sprintf(`OAuth oauth_nonce="%s", oauth_timestamp="%v", oauth_version="1.0", oauth_signature_method="PLAINTEXT", oauth_consumer_key="%s", oauth_token="%s", oauth_signature="%s&%s"`, nonce, timestamp, quote(token.ConsumerKey), quote(token.TokenKey), quote(token.ConsumerSecret), quote(token.TokenSecret))
96+ return s
97+}
98
99=== added file 'oauth/oauth_test.go'
100--- oauth/oauth_test.go 1970-01-01 00:00:00 +0000
101+++ oauth/oauth_test.go 2015-06-09 13:02:56 +0000
102@@ -0,0 +1,69 @@
103+// -*- Mode: Go; indent-tabs-mode: t -*-
104+
105+/*
106+ * Copyright (C) 2014-2015 Canonical Ltd
107+ *
108+ * This program is free software: you can redistribute it and/or modify
109+ * it under the terms of the GNU General Public License version 3 as
110+ * published by the Free Software Foundation.
111+ *
112+ * This program is distributed in the hope that it will be useful,
113+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
114+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
115+ * GNU General Public License for more details.
116+ *
117+ * You should have received a copy of the GNU General Public License
118+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
119+ *
120+ */
121+
122+package oauth
123+
124+import (
125+ "testing"
126+
127+ . "gopkg.in/check.v1"
128+)
129+
130+func Test(t *testing.T) { TestingT(t) }
131+
132+type OAuthTestSuite struct{}
133+
134+var _ = Suite(&OAuthTestSuite{})
135+
136+func (s *OAuthTestSuite) TestMakePlaintextSignature(c *C) {
137+ mockToken := Token{
138+ ConsumerKey: "consumer-key+",
139+ ConsumerSecret: "consumer-secret+",
140+ TokenKey: "token-key+",
141+ TokenSecret: "token-secret+",
142+ }
143+ sig := MakePlaintextSignature(&mockToken)
144+ c.Assert(sig, Matches, `OAuth oauth_nonce="[a-zA-Z]+", oauth_timestamp="[0-9]+", oauth_version="1.0", oauth_signature_method="PLAINTEXT", oauth_consumer_key="consumer-key%2B", oauth_token="token-key%2B", oauth_signature="consumer-secret%2B&token-secret%2B"`)
145+}
146+
147+func (s *OAuthTestSuite) TestQuote(c *C) {
148+ // see http://wiki.oauth.net/w/page/12238556/TestCases
149+ c.Check(quote("abcABC123"), Equals, "abcABC123")
150+ c.Check(quote("-._~"), Equals, "-._~")
151+ c.Check(quote("%"), Equals, "%25")
152+ c.Check(quote("+"), Equals, "%2B")
153+ c.Check(quote("&=*"), Equals, "%26%3D%2A")
154+ c.Check(quote("\u000A"), Equals, "%0A")
155+ c.Check(quote("\u0020"), Equals, "%20")
156+ c.Check(quote("\u007F"), Equals, "%7F")
157+ c.Check(quote("\u0080"), Equals, "%C2%80")
158+ c.Check(quote("\u3001"), Equals, "%E3%80%81")
159+}
160+
161+func (s *OAuthTestSuite) TestNeedsEscape(c *C) {
162+ for _, needed := range []byte{'?', '/', ':'} {
163+ c.Check(needsEscape(needed), Equals, true)
164+ }
165+}
166+
167+func (s *OAuthTestSuite) TestNeedsNoEscape(c *C) {
168+ for _, no := range []byte{'a', 'z', 'A', 'Z', '-', '.', '_', '~'} {
169+ c.Check(needsEscape(no), Equals, false)
170+ }
171+}
172
173=== modified file 'snappy/auth.go'
174--- snappy/auth.go 2015-05-28 11:58:30 +0000
175+++ snappy/auth.go 2015-06-09 13:02:56 +0000
176@@ -26,9 +26,9 @@
177 "os"
178 "path/filepath"
179 "strings"
180- "time"
181
182 "launchpad.net/snappy/helpers"
183+ "launchpad.net/snappy/oauth"
184 )
185
186 var (
187@@ -44,10 +44,7 @@
188 DateCreated string `json:"date_created"`
189 Href string `json:"href"`
190
191- TokenKey string `json:"token_key"`
192- TokenSecret string `json:"token_secret"`
193- ConsumerSecret string `json:"consumer_secret"`
194- ConsumerKey string `json:"consumer_key"`
195+ oauth.Token
196 }
197
198 type ssoMsg struct {
199@@ -161,17 +158,3 @@
200
201 return &readStoreToken, nil
202 }
203-
204-// FIXME: replace with a real oauth1 library - or wait until oauth2 becomes
205-// available
206-//
207-// minimal oauth v1 signature
208-func makeOauthPlaintextSignature(req *http.Request, token *StoreToken) string {
209- // hrm, rfc5849 says that nonce, timestamp are not used for PLAINTEXT
210- // but our sso server is unhappy without, so
211- nonce := helpers.MakeRandomString(60)
212- timestamp := time.Now().Unix()
213-
214- s := fmt.Sprintf(`OAuth oauth_nonce="%s", oauth_timestamp="%v", oauth_version="1.0", oauth_signature_method="PLAINTEXT", oauth_consumer_key="%s", oauth_token="%s", oauth_signature="%s%%26%s"`, nonce, timestamp, token.ConsumerKey, token.TokenKey, token.ConsumerSecret, token.TokenSecret)
215- return s
216-}
217
218=== modified file 'snappy/auth_test.go'
219--- snappy/auth_test.go 2015-06-02 20:46:07 +0000
220+++ snappy/auth_test.go 2015-06-09 13:02:56 +0000
221@@ -28,6 +28,7 @@
222 "path/filepath"
223
224 "launchpad.net/snappy/helpers"
225+ "launchpad.net/snappy/oauth"
226
227 . "gopkg.in/check.v1"
228 )
229@@ -131,11 +132,17 @@
230
231 func (s *SnapTestSuite) TestReadStoreToken(c *C) {
232 os.Setenv("HOME", s.tempdir)
233- mockStoreToken := StoreToken{TokenName: "meep"}
234+ mockStoreToken := StoreToken{
235+ TokenName: "meep",
236+ Token: oauth.Token{
237+ TokenKey: "token-key",
238+ TokenSecret: "token-secret",
239+ },
240+ }
241 err := WriteStoreToken(mockStoreToken)
242 c.Assert(err, IsNil)
243
244 readToken, err := ReadStoreToken()
245 c.Assert(err, IsNil)
246- c.Assert(readToken.TokenName, Equals, "meep")
247+ c.Assert(readToken, DeepEquals, &mockStoreToken)
248 }
249
250=== modified file 'snappy/snapp.go'
251--- snappy/snapp.go 2015-06-04 12:55:54 +0000
252+++ snappy/snapp.go 2015-06-09 13:02:56 +0000
253@@ -41,6 +41,7 @@
254 "launchpad.net/snappy/clickdeb"
255 "launchpad.net/snappy/helpers"
256 "launchpad.net/snappy/logger"
257+ "launchpad.net/snappy/oauth"
258 "launchpad.net/snappy/pkg"
259 "launchpad.net/snappy/policy"
260 "launchpad.net/snappy/progress"
261@@ -1403,7 +1404,7 @@
262 // sso
263 ssoToken, err := ReadStoreToken()
264 if err == nil {
265- req.Header.Set("Authorization", makeOauthPlaintextSignature(req, ssoToken))
266+ req.Header.Set("Authorization", oauth.MakePlaintextSignature(&ssoToken.Token))
267 }
268 }
269

Subscribers

People subscribed via source and target branches