public static bool Validate(string method, string url, string posted, string authorizationHeader, double numSecondsValid, Func<string, string> GetConsumerSecret, bool throwOnError = false, Func<string, string, string> GetTokenSecret = null) { method = method ?? "GET"; if (numSecondsValid < 0 || numSecondsValid > MaxNonceAge.TotalSeconds) throw new ArgumentException(string.Format("Must be more than 0 and less than {0} seconds", MaxNonceAge.TotalSeconds), "numSecondsValid"); var query = new Utilities.Query(url, posted); if (!authorizationHeader.IsNullOrEmpty()) { var authorization = ParseAuthorizationHeader(authorizationHeader); authorization.Keys.ForEach(key => query[key] = authorization[key]); } if (query["oauth_version"] != "1.0") { if (throwOnError) throw new System.Web.HttpException(401, "Invalid version specified"); } if (numSecondsValid > 0) { double timestamp = query["oauth_timestamp"].ToDouble(); double diff = Math.Abs(DateTime.UtcNow.GetSecondsSince1970() - timestamp); if (diff > numSecondsValid) { if (throwOnError) throw new System.Web.HttpException(401, "The timestamp is too old"); return false; } DateTime used = _NonceCache[query["oauth_nonce"]]; if (used.AddSeconds(numSecondsValid) > DateTime.UtcNow) { if (throwOnError) throw new System.Web.HttpException(401, "The nonce is not unique"); return false; } _NonceCache[query["oauth_nonce"]] = DateTime.UtcNow; } string hashAlgorithm = query["oauth_signature_method"]; int q = url.IndexOf('?'); string path = q == -1 ? url : url.Substring(0, q); string secret = GetConsumerSecret(query["oauth_consumer_key"].NotEmpty(query["client_id"])); string sig; try { var querystring = GetQueryString(query, true); sig = GetSignature(method, hashAlgorithm, secret, path, querystring, GetTokenSecret != null && query.ContainsKey("oauth_token") ? GetTokenSecret(query["oauth_token"], query["oauth_verifier"]) : null); } catch (Exception) { if (throwOnError) throw; return false; } var testSig = query["oauth_signature"]; if (sig != testSig) { if (throwOnError) throw new System.Web.HttpException(401, string.Format("The signature is invalid. {0}", GetQueryString(query, false))); return false; } return true; }
public void ParseQueryString() { var query = new OyAuth.Utilities.Query("http://test/?id=0&id=1&another=test", string.Empty); query["id"].Should().Equal("0,1"); query["another"].Should().Equal("test"); query = new OyAuth.Utilities.Query(string.Empty, "id=0&id=1&another=test"); query["id"].Should().Equal("0,1"); query["another"].Should().Equal("test"); query = new Utilities.Query(null, "test+test=test+test"); query["test test"].Should().Equal("test test"); }
public static Tuple<Utilities.Query, Utilities.Query, string> GetInfo(string method, string hashAlgorithm, ref string url, string posted, string consumerKey, string consumerSecret, string token, string verifier, string tokenSecret) { method = method ?? "GET"; hashAlgorithm = hashAlgorithm ?? HMACSHA1; string timestamp = DateTime.UtcNow.GetSecondsSince1970().ToString(); string nonce = GetNonce(); var query = new Utilities.Query(url, posted); var postedquery = new Utilities.Query(string.Empty, posted); int q = url.IndexOf('?'); if (q > -1) url = url.Substring(0, q); //add the oauth stuffs query["oauth_consumer_key"] = consumerKey; query["oauth_nonce"] = nonce; query["oauth_signature_method"] = hashAlgorithm; query["oauth_timestamp"] = timestamp; query["oauth_version"] = "1.0"; if (token != null) query["oauth_token"] = token; if (verifier != null) query["oauth_verifier"] = verifier; //put the querystring back together in alphabetical order string querystring = GetQueryString(query, true); string sig = GetSignature(method, hashAlgorithm, consumerSecret, url, querystring, tokenSecret); return Tuple.Create(query, postedquery, sig); }