public virtual OAuthRequestToken GetRequestToken(string?callback)
{
if (_consumerKey == null || _consumerSecret == null)
{
throw new InvalidOperationException("_consumerKey == null || _consumerSecret == null");
}
var args = new FunctionArguments
(
_consumerKey,
_consumerSecret
);
var request = _requestTokenQuery.Invoke(args);
if (!callback.IsNullOrBlank())
{
request.AddParameter("oauth_callback", callback !);
}
var response = _oauth.Request(request);
SetResponse(response);
var query = OAuthWorkflow.ParseQuery(response.Content);
var oauth = new OAuthRequestToken
(
query["oauth_token"] ?? "?",
query["oauth_token_secret"] ?? "?",
Convert.ToBoolean(query["oauth_callback_confirmed"] ?? "false")
);
return(oauth);
}
/// <summary>
/// Modifies the request to ensure that the authentication requirements are met.
/// </summary>
/// <param name="client">Client executing this request</param>
/// <param name="request">Request to authenticate</param>
/// <param name="credentials">The credentials used for the authentication</param>
/// <returns>The task the authentication is performed on</returns>
public Task PreAuthenticate(IRestClient client, IRestRequest request, ICredentials credentials)
{
var workflow = new OAuthWorkflow
{
ConsumerKey = ConsumerKey,
ConsumerSecret = ConsumerSecret,
ParameterHandling = ParameterHandling,
SignatureProvider = SignatureProvider,
SignatureTreatment = SignatureTreatment,
Verifier = Verifier,
Version = Version,
CallbackUrl = CallbackUrl,
SessionHandle = SessionHandle,
Token = Token,
TokenSecret = TokenSecret,
ClientUsername = ClientUsername,
ClientPassword = ClientPassword,
CreateTimestampFunc = CreateTimestampFunc ?? OAuthTools.GetTimestamp,
RandomNumberGenerator = RandomNumberGenerator ?? OAuthTools.DefaultRandomNumberGenerator,
};
AddOAuthData(client, request, workflow);
#if USE_TASKEX
return(TaskEx.FromResult(0));
#else
return(Task.FromResult(0));
#endif
}
internal static OAuthWebQuery GetAccessTokenQuery(string requestToken, string RequestTokenSecret, string oAuthVerificationPin)
{
var oauth = new OAuthWorkflow
{
AccessTokenUrl = AppSettings.AccessTokenUri,
ConsumerKey = AppSettings.consumerKey,
ConsumerSecret = AppSettings.consumerKeySecret,
ParameterHandling = OAuthParameterHandling.HttpAuthorizationHeader,
SignatureMethod = OAuthSignatureMethod.HmacSha1,
Token = HttpUtility.UrlEncode(requestToken),
TokenSecret = RequestTokenSecret,
Verifier = oAuthVerificationPin,
Version = AppSettings.oAuthVersion //
};
var info = oauth.BuildAccessTokenInfo(WebMethod.Post);
////replace signature
//info.Signature = AppSettings.consumerKeySecret + "&" + oauth.TokenSecret;
//info.Signature = HttpUtility.UrlEncode(info.Signature);
////replace signature
var objOAuthWebQuery = new OAuthWebQuery(info, false);
objOAuthWebQuery.HasElevatedPermissions = true;
objOAuthWebQuery.SilverlightUserAgentHeader = "Hammock";
return(objOAuthWebQuery);
}
internal static OAuthWebQuery RefreshAccessTokenQuery()
{
var oauth = new OAuthWorkflow
{
AccessTokenUrl = AppSettings.AccessTokenUri,
ConsumerKey = AppSettings.consumerKey,
ConsumerSecret = AppSettings.consumerKeySecret,
ParameterHandling = OAuthParameterHandling.HttpAuthorizationHeader,
SignatureMethod = OAuthSignatureMethod.HmacSha1,
Token = MainUtil.GetKeyValue <string>("AccessToken"),
TokenSecret = MainUtil.GetKeyValue <string>("AccessTokenSecret"),
SessionHandle = MainUtil.GetKeyValue <string>("SessionHandle"),
Version = AppSettings.oAuthVersion //
};
var info = oauth.BuildAccessTokenInfo(WebMethod.Post);
////replace signature
//info.Signature = AppSettings.consumerKeySecret + "&" + oauth.TokenSecret;
//info.Signature = HttpUtility.UrlEncode(info.Signature);
////replace signature
info.Token = HttpUtility.UrlEncode(info.Token);
var sessionParameter = new WebPair("oauth_session_handle", MainUtil.GetKeyValue <string>("SessionHandle"));
var objOAuthWebQuery = new OAuthWebQuery(info, false);
objOAuthWebQuery.HasElevatedPermissions = true;
objOAuthWebQuery.SilverlightUserAgentHeader = "Hammock";
objOAuthWebQuery.Parameters.Add(sessionParameter);
return(objOAuthWebQuery);
}
public virtual OAuthAccessToken GetAccessToken(OAuthRequestToken requestToken, string?verifier)
{
if (_consumerKey == null || _consumerSecret == null)
{
throw new InvalidOperationException("_consumerKey == null || _consumerSecret == null");
}
var args = new FunctionArguments
(
_consumerKey,
_consumerSecret,
requestToken.Token,
requestToken.TokenSecret,
verifier
);
var request = _accessTokenQuery.Invoke(args);
var response = _oauth.Request(request);
SetResponse(response);
var query = OAuthWorkflow.ParseQuery(response.Content);
var accessToken = new OAuthAccessToken
(
query["oauth_token"] ?? "?",
query["oauth_token_secret"] ?? "?",
Convert.ToInt64(query["user_id"] ?? "0"),
query["screen_name"] ?? "?"
);
return(accessToken);
}
public virtual RestRequest PrepareEchoRequest(string realm = "http://api.twitter.com")
{
var args = new FunctionArguments
{
ConsumerKey = _consumerKey,
ConsumerSecret = _consumerSecret,
Token = _token,
TokenSecret = _tokenSecret
};
var request = _protectedResourceQuery.Invoke(args);
request.Method = WebMethod.Get;
request.Path = string.Concat("account/verify_credentials", FormatAsString);
var credentials = (OAuthCredentials)request.Credentials;
var url = request.BuildEndpoint(_oauth);
var workflow = new OAuthWorkflow(credentials);
var method = request.Method.HasValue ? request.Method.Value : WebMethod.Get;
var info = workflow.BuildProtectedResourceInfo(method, request.GetAllHeaders(), url);
var query = credentials.GetQueryFor(url, request, info, method, TraceEnabled);
((OAuthWebQuery)query).Realm = realm;
var auth = query.GetAuthorizationContent();
var echo = new RestRequest();
echo.AddHeader("X-Auth-Service-Provider", url);
echo.AddHeader("X-Verify-Credentials-Authorization", auth);
return(echo);
}
private static OAuthWebQuery GetRequestTokenQuery()
{
OAuthWorkflow oauthWorkflow = new OAuthWorkflow();
oauthWorkflow.ConsumerKey = "f5dowbYEtg4PfEOQZEdnHoHdT";
oauthWorkflow.ConsumerSecret = "cCosLgG0c7IeJL7qElkR9tMCMWPjDdMPDHGMY2QlOoHCbza09b";
oauthWorkflow.SignatureMethod = OAuthSignatureMethod.HmacSha1;
oauthWorkflow.ParameterHandling = OAuthParameterHandling.HttpAuthorizationHeader;
oauthWorkflow.RequestTokenUrl = "https://api.twitter.com/oauth/request_token";
oauthWorkflow.Version = "1.0a";
oauthWorkflow.CallbackUrl = "com.vk.vkclient://twitter-oauth/callback";
OAuthWebQuery oauthWebQuery = new OAuthWebQuery(oauthWorkflow.BuildRequestTokenInfo((WebMethod)0), false);
oauthWebQuery.HasElevatedPermissions = true;
return(oauthWebQuery);
}
public virtual void GetAccessToken(OAuthRequestToken requestToken, string?verifier, Action <OAuthAccessToken?, TwitterResponse> action)
{
if (_consumerKey == null || _consumerSecret == null || requestToken.TokenSecret == null)
{
throw new InvalidOperationException("_consumerKey == null || _consumerSecret == null || requestToken.TokenSecret == null");
}
var args = new FunctionArguments
(
_consumerKey,
_consumerSecret,
requestToken.Token,
requestToken.TokenSecret,
verifier
);
var request = _accessTokenQuery.Invoke(args);
_oauth.BeginRequest(request, (req, resp, state) =>
{
Exception?exception;
var entity = TryAsyncResponse(() =>
{
if (resp == null || resp.StatusCode != HttpStatusCode.OK)
{
return(null);
}
var query = OAuthWorkflow.ParseQuery(resp.Content);
var accessToken = new OAuthAccessToken
(
query["oauth_token"] ?? "?",
query["oauth_token_secret"] ?? "?",
Convert.ToInt64(query["user_id"] ?? "0"),
query["screen_name"] ?? "?"
);
return(accessToken);
},
out exception);
action(entity, new TwitterResponse(resp, exception));
}
);
}
public virtual void GetRequestToken(string callback, Action <OAuthRequestToken?, TwitterResponse> action)
{
if (_consumerKey == null || _consumerSecret == null)
{
throw new InvalidOperationException("_consumerKey == null || _consumerSecret == null");
}
var args = new FunctionArguments
(
_consumerKey,
_consumerSecret
);
var request = _requestTokenQuery.Invoke(args);
if (!callback.IsNullOrBlank())
{
request.AddParameter("oauth_callback", callback);
}
_oauth.BeginRequest(request,
(req, resp, state) =>
{
Exception?exception;
var entity = TryAsyncResponse(() =>
{
if (resp == null || resp.StatusCode != HttpStatusCode.OK)
{
return(null);
}
var query = OAuthWorkflow.ParseQuery(resp.Content);
var requestToken = new OAuthRequestToken
(
query["oauth_token"] ?? "?",
query["oauth_token_secret"] ?? "?",
Convert.ToBoolean(query["oauth_callback_confirmed"] ?? "false")
);
return(requestToken);
},
out exception);
action(entity, new TwitterResponse(resp, exception));
});
}
internal static OAuthWebQuery GetRequestTokenQuery()
{
var oauth = new OAuthWorkflow
{
ConsumerKey = Social.TwitterSettings.ConsumerKey,
ConsumerSecret = Social.TwitterSettings.ConsumerSecret,
SignatureMethod = OAuthSignatureMethod.HmacSha1,
ParameterHandling = OAuthParameterHandling.HttpAuthorizationHeader,
RequestTokenUrl = Social.TwitterSettings.RequestTokenUri,
Version = Social.TwitterSettings.OAuthVersion,
CallbackUrl = Social.TwitterSettings.CallbackUri
};
var info = oauth.BuildRequestTokenInfo(WebMethod.Get);
var objOAuthWebQuery = new OAuthWebQuery(info, false);
objOAuthWebQuery.HasElevatedPermissions = true;
objOAuthWebQuery.SilverlightUserAgentHeader = "Hammock";
return(objOAuthWebQuery);
}
public ValueTask Authenticate(RestClient client, RestRequest request)
{
var workflow = new OAuthWorkflow {
ConsumerKey = ConsumerKey,
ConsumerSecret = ConsumerSecret,
ParameterHandling = ParameterHandling,
SignatureMethod = SignatureMethod,
SignatureTreatment = SignatureTreatment,
Verifier = Verifier,
Version = Version,
CallbackUrl = CallbackUrl,
SessionHandle = SessionHandle,
Token = Token,
TokenSecret = TokenSecret,
ClientUsername = ClientUsername,
ClientPassword = ClientPassword
};
AddOAuthData(client, request, workflow);
return(default);
internal static OAuthWebQuery GetAccessTokenQuery(string requestToken, string RequestTokenSecret, string oAuthVerificationPin)
{
var oauth = new OAuthWorkflow
{
AccessTokenUrl = Social.TwitterSettings.AccessTokenUri,
ConsumerKey = Social.TwitterSettings.ConsumerKey,
ConsumerSecret = Social.TwitterSettings.ConsumerSecret,
ParameterHandling = OAuthParameterHandling.HttpAuthorizationHeader,
SignatureMethod = OAuthSignatureMethod.HmacSha1,
Token = requestToken,
Verifier = oAuthVerificationPin,
Version = Social.TwitterSettings.OAuthVersion
};
var info = oauth.BuildAccessTokenInfo(WebMethod.Post);
var objOAuthWebQuery = new OAuthWebQuery(info, false);
objOAuthWebQuery.HasElevatedPermissions = true;
objOAuthWebQuery.SilverlightUserAgentHeader = "Hammock";
return(objOAuthWebQuery);
}
public void Authenticate(IRestClient client, IRestRequest request)
{
OAuthWorkflow workflow = new OAuthWorkflow
{
ConsumerKey = this.ConsumerKey,
ConsumerSecret = this.ConsumerSecret,
ParameterHandling = this.ParameterHandling,
SignatureMethod = this.SignatureMethod,
SignatureTreatment = this.SignatureTreatment,
Verifier = this.Verifier,
Version = this.Version,
CallbackUrl = this.CallbackUrl,
SessionHandle = this.SessionHandle,
Token = this.Token,
TokenSecret = this.TokenSecret,
ClientUsername = this.ClientUsername,
ClientPassword = this.ClientPassword
};
this.AddOAuthData(client, request, workflow);
}
public void Authenticate(IRestClient client, IRestRequest request)
{
OAuthWorkflow oAuthWorkflow = new OAuthWorkflow();
oAuthWorkflow.ConsumerKey = ConsumerKey;
oAuthWorkflow.ConsumerSecret = ConsumerSecret;
oAuthWorkflow.ParameterHandling = ParameterHandling;
oAuthWorkflow.SignatureMethod = SignatureMethod;
oAuthWorkflow.SignatureTreatment = SignatureTreatment;
oAuthWorkflow.Verifier = Verifier;
oAuthWorkflow.Version = Version;
oAuthWorkflow.CallbackUrl = CallbackUrl;
oAuthWorkflow.SessionHandle = SessionHandle;
oAuthWorkflow.Token = Token;
oAuthWorkflow.TokenSecret = TokenSecret;
oAuthWorkflow.ClientUsername = ClientUsername;
oAuthWorkflow.ClientPassword = ClientPassword;
OAuthWorkflow workflow = oAuthWorkflow;
AddOAuthData(client, request, workflow);
}
/// <summary>
/// Modifies the request to ensure that the authentication requirements are met.
/// </summary>
/// <param name="client">Client executing this request</param>
/// <param name="request">Request to authenticate</param>
public void Authenticate(IRestClient client, IRestRequest request)
{
var workflow = new OAuthWorkflow
{
ConsumerKey = ConsumerKey,
ConsumerSecret = ConsumerSecret,
ParameterHandling = ParameterHandling,
SignatureMethod = SignatureMethod,
SignatureTreatment = SignatureTreatment,
Verifier = Verifier,
Version = Version,
CallbackUrl = CallbackUrl,
SessionHandle = SessionHandle,
Token = Token,
TokenSecret = TokenSecret,
ClientUsername = ClientUsername,
ClientPassword = ClientPassword,
CreateTimestampFunc = CreateTimestampFunc ?? OAuthTools.GetTimestamp,
};
AddOAuthData(client, request, workflow);
}
void AddOAuthData(IRestClient client, IRestRequest request, OAuthWorkflow workflow)
{
var requestUrl = client.BuildUriWithoutQueryParameters(request);
if (requestUrl.Contains('?'))
{
throw new ApplicationException(
"Using query parameters in the base URL is not supported for OAuth calls. Consider using AddDefaultQueryParameter instead."
);
}
var url = client.BuildUri(request).ToString();
var queryStringStart = url.IndexOf('?');
if (queryStringStart != -1)
{
url = url.Substring(0, queryStringStart);
}
var method = request.Method.ToString().ToUpperInvariant();
var parameters = new WebPairCollection();
private OAuthWebQuery GetAccessTokenQuery()
{
OAuthWorkflow oauthWorkflow = new OAuthWorkflow();
oauthWorkflow.ConsumerKey = "f5dowbYEtg4PfEOQZEdnHoHdT";
oauthWorkflow.ConsumerSecret = "cCosLgG0c7IeJL7qElkR9tMCMWPjDdMPDHGMY2QlOoHCbza09b";
oauthWorkflow.SignatureMethod = OAuthSignatureMethod.HmacSha1;
oauthWorkflow.ParameterHandling = OAuthParameterHandling.HttpAuthorizationHeader;
oauthWorkflow.AccessTokenUrl = "https://api.twitter.com/oauth/access_token";
oauthWorkflow.Version = "1.0a";
string oauthToken = this._oauthToken;
oauthWorkflow.Token = oauthToken;
string oauthVerifier = this._oauthVerifier;
oauthWorkflow.Verifier = oauthVerifier;
int num1 = 1;
OAuthWebQuery oauthWebQuery = new OAuthWebQuery(oauthWorkflow.BuildAccessTokenInfo((WebMethod)num1), false);
int num2 = 1;
oauthWebQuery.HasElevatedPermissions = num2 != 0;
return(oauthWebQuery);
}
/// <summary>
/// Modifies the request to ensure that the authentication requirements are met.
/// </summary>
/// <param name="client">Client executing this request</param>
/// <param name="request">Request to authenticate</param>
/// <param name="credentials">The credentials used for the authentication</param>
/// <returns>The task the authentication is performed on</returns>
public Task PreAuthenticate(IRestClient client, IRestRequest request, ICredentials credentials)
{
return(Task.Factory.StartNew(() =>
{
var workflow = new OAuthWorkflow
{
ConsumerKey = ConsumerKey,
ConsumerSecret = ConsumerSecret,
ParameterHandling = ParameterHandling,
SignatureProvider = SignatureProvider,
SignatureTreatment = SignatureTreatment,
Verifier = Verifier,
Version = Version,
CallbackUrl = CallbackUrl,
SessionHandle = SessionHandle,
Token = Token,
TokenSecret = TokenSecret,
ClientUsername = ClientUsername,
ClientPassword = ClientPassword,
CreateTimestampFunc = CreateTimestampFunc ?? OAuthTools.GetTimestamp
};
AddOAuthData(client, request, workflow);
}));
}
private void AddOAuthData(IRestClient client, IRestRequest request, OAuthWorkflow workflow)
{
string text = client.BuildUri(request).ToString();
int num = text.IndexOf('?');
if (num != -1)
{
text = text.Substring(0, num);
}
string method = request.Method.ToString().ToUpperInvariant();
WebParameterCollection webParameterCollection = new WebParameterCollection();
if (!request.AlwaysMultipartFormData && !request.Files.Any())
{
foreach (Parameter item in from p in client.DefaultParameters
where p.Type == ParameterType.GetOrPost || p.Type == ParameterType.QueryString
select p)
{
webParameterCollection.Add(new WebPair(item.Name, item.Value.ToString()));
}
foreach (Parameter item2 in from p in request.Parameters
where p.Type == ParameterType.GetOrPost || p.Type == ParameterType.QueryString
select p)
{
webParameterCollection.Add(new WebPair(item2.Name, item2.Value.ToString()));
}
}
else
{
foreach (Parameter item3 in from p in client.DefaultParameters
where (p.Type == ParameterType.GetOrPost || p.Type == ParameterType.QueryString) && p.Name.StartsWith("oauth_")
select p)
{
webParameterCollection.Add(new WebPair(item3.Name, item3.Value.ToString()));
}
foreach (Parameter item4 in from p in request.Parameters
where (p.Type == ParameterType.GetOrPost || p.Type == ParameterType.QueryString) && p.Name.StartsWith("oauth_")
select p)
{
webParameterCollection.Add(new WebPair(item4.Name, item4.Value.ToString()));
}
}
OAuthWebQueryInfo oAuthWebQueryInfo;
switch (Type)
{
case OAuthType.RequestToken:
workflow.RequestTokenUrl = text;
oAuthWebQueryInfo = workflow.BuildRequestTokenInfo(method, webParameterCollection);
break;
case OAuthType.AccessToken:
workflow.AccessTokenUrl = text;
oAuthWebQueryInfo = workflow.BuildAccessTokenInfo(method, webParameterCollection);
break;
case OAuthType.ClientAuthentication:
workflow.AccessTokenUrl = text;
oAuthWebQueryInfo = workflow.BuildClientAuthAccessTokenInfo(method, webParameterCollection);
break;
case OAuthType.ProtectedResource:
oAuthWebQueryInfo = workflow.BuildProtectedResourceInfo(method, webParameterCollection, text);
break;
default:
throw new ArgumentOutOfRangeException();
}
switch (ParameterHandling)
{
case OAuthParameterHandling.HttpAuthorizationHeader:
webParameterCollection.Add("oauth_signature", oAuthWebQueryInfo.Signature);
request.AddHeader("Authorization", GetAuthorizationHeader(webParameterCollection));
break;
case OAuthParameterHandling.UrlOrPostParameters:
webParameterCollection.Add("oauth_signature", oAuthWebQueryInfo.Signature);
foreach (WebPair item5 in from parameter in webParameterCollection
where !parameter.Name.IsNullOrBlank() && (parameter.Name.StartsWith("oauth_") || parameter.Name.StartsWith("x_auth_"))
select parameter)
{
request.AddParameter(item5.Name, HttpUtility.UrlDecode(item5.Value));
}
break;
default:
throw new ArgumentOutOfRangeException();
}
}
public void Authenticate(IRestClient client, IRestRequest request)
{
var workflow = new OAuthWorkflow
{
ConsumerKey = this.ConsumerKey,
ConsumerSecret = this.ConsumerSecret,
ParameterHandling = this.ParameterHandling,
SignatureMethod = this.SignatureMethod,
SignatureTreatment = this.SignatureTreatment,
Verifier = this.Verifier,
Version = this.Version,
CallbackUrl = this.CallbackUrl,
SessionHandle = this.SessionHandle,
Token = this.Token,
TokenSecret = this.TokenSecret,
ClientUsername = this.ClientUsername,
ClientPassword = this.ClientPassword
};
this.AddOAuthData(client, request, workflow);
}
private void AddOAuthData(IRestClient client, IRestRequest request, OAuthWorkflow workflow)
{
var url = client.BuildUri(request).ToString();
var queryStringStart = url.IndexOf('?');
if (queryStringStart != -1)
url = url.Substring(0, queryStringStart);
OAuthWebQueryInfo oauth;
#if PocketPC
var method = request.Method.ToString().ToUpper();
#else
var method = request.Method.ToString().ToUpperInvariant();
#endif
var parameters = new WebParameterCollection();
// include all GET and POST parameters before generating the signature
// according to the RFC 5849 - The OAuth 1.0 Protocol
// http://tools.ietf.org/html/rfc5849#section-3.4.1
// if this change causes trouble we need to introduce a flag indicating the specific OAuth implementation level,
// or implement a seperate class for each OAuth version
if (!request.AlwaysMultipartFormData && !request.Files.Any())
{
foreach (var p in client.DefaultParameters.Where(p => p.Type == ParameterType.GetOrPost || p.Type == ParameterType.QueryString))
{
parameters.Add(new WebPair(p.Name, p.Value.ToString()));
}
foreach (var p in request.Parameters.Where(p => p.Type == ParameterType.GetOrPost || p.Type == ParameterType.QueryString))
{
parameters.Add(new WebPair(p.Name, p.Value.ToString()));
}
}
else
{
// if we are sending a multipart request, only the "oauth_" parameters should be included in the signature
foreach (var p in client.DefaultParameters.Where(
p => (p.Type == ParameterType.GetOrPost || p.Type == ParameterType.QueryString) && p.Name.StartsWith("oauth_")))
{
parameters.Add(new WebPair(p.Name, p.Value.ToString()));
}
foreach (var p in request.Parameters.Where(
p => (p.Type == ParameterType.GetOrPost || p.Type == ParameterType.QueryString) && p.Name.StartsWith("oauth_")))
{
parameters.Add(new WebPair(p.Name, p.Value.ToString()));
}
}
switch (this.Type)
{
case OAuthType.RequestToken:
workflow.RequestTokenUrl = url;
oauth = workflow.BuildRequestTokenInfo(method, parameters);
break;
case OAuthType.AccessToken:
workflow.AccessTokenUrl = url;
oauth = workflow.BuildAccessTokenInfo(method, parameters);
break;
case OAuthType.ClientAuthentication:
workflow.AccessTokenUrl = url;
oauth = workflow.BuildClientAuthAccessTokenInfo(method, parameters);
break;
case OAuthType.ProtectedResource:
oauth = workflow.BuildProtectedResourceInfo(method, parameters, url);
break;
default:
throw new ArgumentOutOfRangeException();
}
switch (this.ParameterHandling)
{
case OAuthParameterHandling.HttpAuthorizationHeader:
parameters.Add("oauth_signature", oauth.Signature);
request.AddHeader("Authorization", this.GetAuthorizationHeader(parameters));
break;
case OAuthParameterHandling.UrlOrPostParameters:
parameters.Add("oauth_signature", oauth.Signature);
foreach (var parameter in parameters.Where(parameter =>
!parameter.Name.IsNullOrBlank() &&
(parameter.Name.StartsWith("oauth_") || parameter.Name.StartsWith("x_auth_"))))
{
request.AddParameter(parameter.Name, HttpUtility.UrlDecode(parameter.Value));
}
break;
default:
throw new ArgumentOutOfRangeException();
}
}
public void Create_Appropriate_OAuth1_Header_Signature_With_Querystring_Parameters()
{
const string consumerKey = "enterConsumerKeyHere";
const string consumerSecret = "enterConsumerSecretHere";
const string tokenAccess = "fooaccesstoken";
const string tokenSecret = "foosecrettoken";
const string baseUrl = "http://localhost:8888/oauth1_signature_test";
const string requestUrl = "youvegotmail";
const string qsParamName = "foo";
const string qsParamValue = "bar";
var authenticator = OAuth1Authenticator.ForProtectedResource(consumerKey, consumerSecret, tokenAccess, tokenSecret);
authenticator.ParameterHandling = OAuthParameterHandling.HttpAuthorizationHeader; // not sure this matters
var client = new RestClient(baseUrl);
// add the offending parameter in two different ways
var requestWithQs = new RestRequest(requestUrl + $"?{qsParamName}={qsParamValue}", Method.GET);
var requestWithParameter = new RestRequest(requestUrl, Method.GET);
requestWithParameter.AddParameter("foo", "bar");
authenticator.Authenticate(client, requestWithQs);
authenticator.Authenticate(client, requestWithParameter);
var headerWithQs = requestWithQs.Parameters.Single(p => p.Name == "Authorization");
var headerWithParameter = requestWithParameter.Parameters.Single(p => p.Name == "Authorization");
// just for eyeballing
Console.WriteLine("===== Manually added to QS =====");
var urlQs = client.BuildUri(requestWithQs);
Console.WriteLine(urlQs);
foreach (var p in requestWithQs.Parameters)
{
Console.WriteLine($"{p.Name} {p.Type} = {p.Value}");
}
Console.WriteLine("===== Added via Param =====");
var urlParams = client.BuildUri(requestWithParameter);
Console.WriteLine(urlParams);
foreach (var p in requestWithParameter.Parameters)
{
Console.WriteLine($"{p.Name} {p.Type} = {p.Value}");
}
// just because they're constructed differently
Assert.AreNotEqual(headerWithParameter, headerWithQs);
// really need to validate against something that checks the signature, like http://lti.tools/oauth/
// can we test it this way?
var oworkflow = new OAuthWorkflow
{
ConsumerKey = consumerKey,
ConsumerSecret = consumerSecret,
Token = tokenAccess,
TokenSecret = tokenSecret,
SignatureMethod = OAuthSignatureMethod.HmacSha1,
ParameterHandling = OAuthParameterHandling.HttpAuthorizationHeader,
SignatureTreatment = OAuthSignatureTreatment.Escaped,
};
var qsWebParams = new WebParameterCollection();
var infoQs = oworkflow.BuildProtectedResourceInfo("GET", qsWebParams, urlQs.AbsoluteUri);
var paramsWebParams = new WebParameterCollection();
var infoParams = oworkflow.BuildProtectedResourceInfo("GET", paramsWebParams, urlParams.AbsoluteUri);
// no, can't really test it because of nonce and timestamp, but can compare it to something that checks the signature, like http://lti.tools/oauth/
Assert.AreNotEqual(infoQs.Signature, infoParams.Signature);
Assert.Inconclusive("Unverifiable, must compare it to a signature checker like http://lti.tools/oauth/");
}
private void AddOAuthData(IRestClient client, IRestRequest request, OAuthWorkflow workflow)
{
var url = client.BuildUri(request, false).ToString();
OAuthWebQueryInfo oauth;
var method = request.Method.Method;
var parameters = new WebParameterCollection();
// include all GET and POST parameters before generating the signature
// according to the RFC 5849 - The OAuth 1.0 Protocol
// http://tools.ietf.org/html/rfc5849#section-3.4.1
// if this change causes trouble we need to introduce a flag indicating the specific OAuth implementation level,
// or implement a seperate class for each OAuth version
var useMultiPart = request.ContentCollectionMode == ContentCollectionMode.MultiPart ||
(request.ContentCollectionMode == ContentCollectionMode.MultiPartForFileParameters && (client.DefaultParameters.GetFileParameters().Any() || request.Parameters.GetFileParameters().Any()));
var requestParameters = client.MergeParameters(request).Where(x => x.Type == ParameterType.GetOrPost || x.Type == ParameterType.QueryString);
if (!useMultiPart)
{
foreach (var p in requestParameters)
{
parameters.Add(new WebPair(p.Name, p.Value.ToString()));
}
}
else
{
// if we are sending a multipart request, only the "oauth_" parameters should be included in the signature
foreach (var p in requestParameters.Where(p => p.Name.StartsWith("oauth_", StringComparison.Ordinal)))
{
parameters.Add(new WebPair(p.Name, p.Value.ToString()));
}
}
switch (Type)
{
case OAuthType.RequestToken:
workflow.RequestTokenUrl = url;
oauth = workflow.BuildRequestTokenInfo(method, parameters);
break;
case OAuthType.AccessToken:
workflow.AccessTokenUrl = url;
oauth = workflow.BuildAccessTokenInfo(method, parameters);
break;
case OAuthType.ClientAuthentication:
workflow.AccessTokenUrl = url;
oauth = workflow.BuildClientAuthAccessTokenInfo(method, parameters);
break;
case OAuthType.ProtectedResource:
oauth = workflow.BuildProtectedResourceInfo(method, parameters, url);
break;
default:
throw new ArgumentOutOfRangeException();
}
switch (ParameterHandling)
{
case OAuthParameterHandling.HttpAuthorizationHeader:
parameters.Add("oauth_signature", oauth.Signature);
request.AddHeader("Authorization", GetAuthorizationHeader(parameters));
break;
case OAuthParameterHandling.UrlOrPostParameters:
parameters.Add("oauth_signature", oauth.Signature);
foreach (var parameter in parameters.Where(
parameter => !string.IsNullOrEmpty(parameter.Name) &&
(parameter.Name.StartsWith("oauth_") || parameter.Name.StartsWith("x_auth_"))))
{
var v = parameter.Value;
v = Uri.UnescapeDataString(v.Replace('+', ' '));
request.AddParameter(parameter.Name, v);
}
break;
default:
throw new ArgumentOutOfRangeException();
}
}
private void AddOAuthData(IRestClient client, IRestRequest request, OAuthWorkflow workflow)
{
var url = client.BuildUri(request).ToString();
var queryStringStart = url.IndexOf('?');
if (queryStringStart != -1)
{
url = url.Substring(0, queryStringStart);
}
OAuthWebQueryInfo oauth;
var method = request.Method.ToString().ToUpperInvariant();
var parameters = new WebParameterCollection();
// include all GET and POST parameters before generating the signature
// according to the RFC 5849 - The OAuth 1.0 Protocol
// http://tools.ietf.org/html/rfc5849#section-3.4.1
// if this change causes trouble we need to introduce a flag indicating the specific OAuth implementation level,
// or implement a seperate class for each OAuth version
foreach (var p in client.DefaultParameters.Where(p => p.Type == ParameterType.GetOrPost))
{
parameters.Add(new WebPair(p.Name, p.Value.ToString()));
}
foreach (var p in request.Parameters.Where(p => p.Type == ParameterType.GetOrPost))
{
parameters.Add(new WebPair(p.Name, p.Value.ToString()));
}
switch (Type)
{
case OAuthType.RequestToken:
workflow.RequestTokenUrl = url;
oauth = workflow.BuildRequestTokenInfo(method, parameters);
break;
case OAuthType.AccessToken:
workflow.AccessTokenUrl = url;
oauth = workflow.BuildAccessTokenInfo(method, parameters);
break;
case OAuthType.ClientAuthentication:
workflow.AccessTokenUrl = url;
oauth = workflow.BuildClientAuthAccessTokenInfo(method, parameters);
break;
case OAuthType.ProtectedResource:
oauth = workflow.BuildProtectedResourceInfo(method, parameters, url);
break;
default:
throw new ArgumentOutOfRangeException();
}
switch (ParameterHandling)
{
case OAuthParameterHandling.HttpAuthorizationHeader:
parameters.Add("oauth_signature", oauth.Signature);
request.AddHeader("Authorization", GetAuthorizationHeader(parameters));
break;
case OAuthParameterHandling.UrlOrPostParameters:
parameters.Add("oauth_signature", oauth.Signature);
foreach (var parameter in parameters.Where(parameter => !parameter.Name.IsNullOrBlank() && parameter.Name.StartsWith("oauth_")))
{
request.AddParameter(parameter.Name, HttpUtility.UrlDecode(parameter.Value));
}
break;
default:
throw new ArgumentOutOfRangeException();
}
}
private void AddOAuthData(IRestClient client, IRestRequest request, OAuthWorkflow workflow)
{
var url = client.BuildUri(request).ToString();
OAuthWebQueryInfo oauth;
var method = request.Method.ToString().ToUpperInvariant();
var parameters = new WebParameterCollection();
// for non-GET style requests make sure params are part of oauth signature
if (request.Method != Method.GET && request.Method != Method.DELETE)
{
foreach (var p in request.Parameters.Where(p => p.Type == ParameterType.GetOrPost))
{
parameters.Add(new WebPair(p.Name, p.Value.ToString()));
}
}
switch (Type)
{
case OAuthType.RequestToken:
workflow.RequestTokenUrl = url;
oauth = workflow.BuildRequestTokenInfo(method, parameters);
break;
case OAuthType.AccessToken:
workflow.AccessTokenUrl = url;
oauth = workflow.BuildAccessTokenInfo(method, parameters);
break;
case OAuthType.ClientAuthentication:
workflow.AccessTokenUrl = url;
oauth = workflow.BuildClientAuthAccessTokenInfo(method, parameters);
break;
case OAuthType.ProtectedResource:
oauth = workflow.BuildProtectedResourceInfo(method, parameters, url);
break;
default:
throw new ArgumentOutOfRangeException();
}
switch (ParameterHandling)
{
case OAuthParameterHandling.HttpAuthorizationHeader:
parameters.Add("oauth_signature", oauth.Signature);
request.AddHeader("Authorization", GetAuthorizationHeader(parameters));
break;
case OAuthParameterHandling.UrlOrPostParameters:
parameters.Add("oauth_signature", HttpUtility.UrlDecode(oauth.Signature));
foreach (var parameter in parameters)
{
request.AddParameter(parameter.Name, parameter.Value);
}
break;
default:
throw new ArgumentOutOfRangeException();
}
}
private void AddOAuthData(IRestClient client, IRestRequest request, OAuthWorkflow workflow)
{
var requestUrl = client.BuildUriWithoutQueryParameters(request);
if (requestUrl.Contains('?'))
{
throw new ApplicationException("Using query parameters in the base URL is not supported for OAuth calls. Consider using AddDefaultQueryParameter instead.");
}
var url = client.BuildUri(request).ToString();
var queryStringStart = url.IndexOf('?');
if (queryStringStart != -1)
{
url = url.Substring(0, queryStringStart);
}
var method = request.Method.ToString().ToUpperInvariant();
var parameters = new WebParameterCollection();
// include all GET and POST parameters before generating the signature
// according to the RFC 5849 - The OAuth 1.0 Protocol
// http://tools.ietf.org/html/rfc5849#section-3.4.1
// if this change causes trouble we need to introduce a flag indicating the specific OAuth implementation level,
// or implement a seperate class for each OAuth version
if (!request.AlwaysMultipartFormData && !request.Files.Any())
{
parameters.AddRange(
client.DefaultParameters
.Where(p => p.Type == ParameterType.GetOrPost || p.Type == ParameterType.QueryString)
.Select(p => new WebPair(p.Name, p.Value.ToString())));
parameters.AddRange(
request.Parameters
.Where(p => p.Type == ParameterType.GetOrPost || p.Type == ParameterType.QueryString)
.Select(p => new WebPair(p.Name, p.Value.ToString())));
}
else
{
// if we are sending a multipart request, only the "oauth_" parameters should be included in the signature
parameters.AddRange(
client.DefaultParameters
.Where(p => (p.Type == ParameterType.GetOrPost || p.Type == ParameterType.QueryString) &&
p.Name.StartsWith("oauth_"))
.Select(p => new WebPair(p.Name, p.Value.ToString())));
parameters.AddRange(
request.Parameters
.Where(p => (p.Type == ParameterType.GetOrPost || p.Type == ParameterType.QueryString) &&
p.Name.StartsWith("oauth_"))
.Select(p => new WebPair(p.Name, p.Value.ToString())));
}
OAuthWebQueryInfo oauth;
switch (Type)
{
case OAuthType.RequestToken:
workflow.RequestTokenUrl = url;
oauth = workflow.BuildRequestTokenInfo(method, parameters);
break;
case OAuthType.AccessToken:
workflow.AccessTokenUrl = url;
oauth = workflow.BuildAccessTokenInfo(method, parameters);
break;
case OAuthType.ClientAuthentication:
workflow.AccessTokenUrl = url;
oauth = workflow.BuildClientAuthAccessTokenInfo(method, parameters);
break;
case OAuthType.ProtectedResource:
oauth = workflow.BuildProtectedResourceInfo(method, parameters, url);
break;
default:
throw new ArgumentOutOfRangeException();
}
switch (ParameterHandling)
{
case OAuthParameterHandling.HttpAuthorizationHeader:
parameters.Add("oauth_signature", oauth.Signature);
request.AddOrUpdateParameter("Authorization", GetAuthorizationHeader(parameters), ParameterType.HttpHeader);
break;
case OAuthParameterHandling.UrlOrPostParameters:
parameters.Add("oauth_signature", oauth.Signature);
var headers =
parameters.Where(p => !p.Name.IsNullOrBlank() &&
(p.Name.StartsWith("oauth_") || p.Name.StartsWith("x_auth_")))
.Select(p => new Parameter
{
Name = p.Name,
Value = HttpUtility.UrlDecode(p.Value),
Type = ParameterType.GetOrPost
});
foreach (var header in headers)
{
request.AddOrUpdateParameter(header);
}
break;
default:
throw new ArgumentOutOfRangeException();
}
}
void AddOAuthData(IRestClient client, IRestRequest request, OAuthWorkflow workflow)
{
var requestUrl = client.BuildUriWithoutQueryParameters(request);
if (requestUrl.Contains('?'))
{
throw new ApplicationException(
"Using query parameters in the base URL is not supported for OAuth calls. Consider using AddDefaultQueryParameter instead."
);
}
var url = client.BuildUri(request).ToString();
var queryStringStart = url.IndexOf('?');
if (queryStringStart != -1)
{
url = url.Substring(0, queryStringStart);
}
var method = request.Method.ToString().ToUpperInvariant();
var parameters = new WebPairCollection();
// include all GET and POST parameters before generating the signature
// according to the RFC 5849 - The OAuth 1.0 Protocol
// http://tools.ietf.org/html/rfc5849#section-3.4.1
// if this change causes trouble we need to introduce a flag indicating the specific OAuth implementation level,
// or implement a separate class for each OAuth version
bool BaseQuery(Parameter x)
=> x.Type == ParameterType.GetOrPost || x.Type == ParameterType.QueryString || x.Type == ParameterType.QueryStringWithoutEncode;
var query =
request.AlwaysMultipartFormData || request.Files.Count > 0
? x => BaseQuery(x) && x.Name.StartsWith("oauth_")
: (Func <Parameter, bool>)BaseQuery;
parameters.AddRange(client.DefaultParameters.Where(query).ToWebParameters());
parameters.AddRange(request.Parameters.Where(query).ToWebParameters());
if (Type == OAuthType.RequestToken)
{
workflow.RequestTokenUrl = url;
}
else
{
workflow.AccessTokenUrl = url;
}
var oauth = Type switch
{
OAuthType.RequestToken => workflow.BuildRequestTokenInfo(method, parameters),
OAuthType.AccessToken => workflow.BuildAccessTokenSignature(method, parameters),
OAuthType.ClientAuthentication => workflow.BuildClientAuthAccessTokenSignature(method, parameters),
OAuthType.ProtectedResource => workflow.BuildProtectedResourceSignature(method, parameters, url),
_ => throw new ArgumentOutOfRangeException()
};
parameters.Add("oauth_signature", oauth);
var oauthParameters = ParameterHandling switch
{
OAuthParameterHandling.HttpAuthorizationHeader => CreateHeaderParameters(),
OAuthParameterHandling.UrlOrPostParameters => CreateUrlParameters(),
_ =>
throw new ArgumentOutOfRangeException()
};
request.AddOrUpdateParameters(oauthParameters);
IEnumerable <Parameter> CreateHeaderParameters()
=> new[] { new Parameter("Authorization", GetAuthorizationHeader(parameters), ParameterType.HttpHeader) };
IEnumerable <Parameter> CreateUrlParameters()
=> parameters.Where(p => !p.Name.IsNullOrBlank() && (p.Name.StartsWith("oauth_") || p.Name.StartsWith("x_auth_")))
.Select(p => new Parameter(p.Name, HttpUtility.UrlDecode(p.Value), ParameterType.GetOrPost));
}
string GetAuthorizationHeader(WebPairCollection parameters)
{
var oathParameters =
parameters
.OrderBy(x => x, WebPair.Comparer)
.Where(
p =>
!p.Name.IsNullOrBlank() && !p.Value.IsNullOrBlank() &&
(p.Name.StartsWith("oauth_") || p.Name.StartsWith("x_auth_"))
)
.Select(x => $"{x.Name}=\"{x.Value}\"")
.ToList();
if (!Realm.IsNullOrBlank())
{
oathParameters.Insert(0, $"realm=\"{OAuthTools.UrlEncodeRelaxed(Realm)}\"");
}
return("OAuth " + string.Join(",", oathParameters));
}
}
