|
|
|
@ -18,9 +18,9 @@ var oAuth = (function () {
|
|
|
|
|
// * in GET request
|
|
|
|
|
// * in header
|
|
|
|
|
me.parseTokens = function (req) {
|
|
|
|
|
var query_oauth = _.clone(req.method === 'POST' ? req.body : req.query);
|
|
|
|
|
var header_oauth = {};
|
|
|
|
|
var oauth_variables = ['oauth_body_hash',
|
|
|
|
|
var queryOauth = _.clone(req.method === 'POST' ? req.body : req.query);
|
|
|
|
|
var headerOauth = {};
|
|
|
|
|
var oauthVariables = ['oauth_body_hash',
|
|
|
|
|
'oauth_consumer_key',
|
|
|
|
|
'oauth_token',
|
|
|
|
|
'oauth_signature_method',
|
|
|
|
@ -30,22 +30,22 @@ var oAuth = (function () {
|
|
|
|
|
'oauth_version'];
|
|
|
|
|
|
|
|
|
|
// pull only oauth tokens out of query
|
|
|
|
|
var non_oauth = _.difference(_.keys(query_oauth), oauth_variables);
|
|
|
|
|
_.each(non_oauth, function (key) { delete query_oauth[key]; });
|
|
|
|
|
var nonOauth = _.difference(_.keys(queryOauth), oauthVariables);
|
|
|
|
|
_.each(nonOauth, function (key) { delete queryOauth[key]; });
|
|
|
|
|
|
|
|
|
|
// pull oauth tokens out of header
|
|
|
|
|
var header_string = req.headers.authorization;
|
|
|
|
|
if (!_.isUndefined(header_string)) {
|
|
|
|
|
_.each(oauth_variables, function (oauth_key) {
|
|
|
|
|
var matched_string = header_string.match(new RegExp(oauth_key + '=\"([^\"]+)\"'));
|
|
|
|
|
if (!_.isNull(matched_string)) {
|
|
|
|
|
header_oauth[oauth_key] = decodeURIComponent(matched_string[1]);
|
|
|
|
|
var headerString = req.headers.authorization;
|
|
|
|
|
if (!_.isUndefined(headerString)) {
|
|
|
|
|
_.each(oauthVariables, function (oauthKey) {
|
|
|
|
|
var matchedString = headerString.match(new RegExp(oauthKey + '="([^"]+)"'));
|
|
|
|
|
if (!_.isNull(matchedString)) {
|
|
|
|
|
headerOauth[oauthKey] = decodeURIComponent(matchedString[1]);
|
|
|
|
|
}
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// merge header and query oauth tokens. preference given to header oauth
|
|
|
|
|
return _.defaults(header_oauth, query_oauth);
|
|
|
|
|
return _.defaults(headerOauth, queryOauth);
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
// remove oauthy tokens from an object
|
|
|
|
@ -112,8 +112,8 @@ var oAuth = (function () {
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var consumer = OAuthUtil.createConsumer(oAuthHash.consumer_key, oAuthHash.consumer_secret);
|
|
|
|
|
var access_token = OAuthUtil.createToken(oAuthHash.access_token_token, oAuthHash.access_token_secret);
|
|
|
|
|
var signer = OAuthUtil.createHmac(consumer, access_token);
|
|
|
|
|
var accessToken = OAuthUtil.createToken(oAuthHash.access_token_token, oAuthHash.access_token_secret);
|
|
|
|
|
var signer = OAuthUtil.createHmac(consumer, accessToken);
|
|
|
|
|
|
|
|
|
|
var method = req.method;
|
|
|
|
|
var hostsToValidate = {};
|
|
|
|
@ -180,8 +180,8 @@ OAuthAuth.prototype.getCredentials = function () {
|
|
|
|
|
|
|
|
|
|
OAuthAuth.prototype.hasCredentials = function () {
|
|
|
|
|
if (this.isOAuthRequest === null) {
|
|
|
|
|
var passed_tokens = oAuth.parseTokens(this.req);
|
|
|
|
|
this.isOAuthRequest = !_.isEmpty(passed_tokens);
|
|
|
|
|
var passedTokens = oAuth.parseTokens(this.req);
|
|
|
|
|
this.isOAuthRequest = !_.isEmpty(passedTokens);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return this.isOAuthRequest;
|
|
|
|
|