8398c9048d
code was modified slightly, so the code differs from the original downloadable 1.9.5 version
295 lines
9 KiB
JavaScript
295 lines
9 KiB
JavaScript
dojo.provide("dojox.io.OAuth");
|
|
dojo.require("dojox.encoding.digests.SHA1");
|
|
|
|
dojox.io.OAuth = new (function(){
|
|
// summary:
|
|
// Helper singleton for signing any kind of Ajax request using the OAuth 1.0 protocol.
|
|
// description:
|
|
// dojox.io.OAuth is a singleton class designed to allow anyone to sign a request,
|
|
// based on the OAuth 1.0 specification, made with any of the Dojo Toolkit's Ajax
|
|
// methods (such as dojo.xhr[verb], dojo.io.iframe, etc.).
|
|
//
|
|
// The main method of dojox.io.OAuth is the sign method (see documentation for .sign);
|
|
// the idea is that you will "sign" the kwArgs object you'd normally pass to any of
|
|
// the Ajax methods, and then pass the signed object along. As long as the token
|
|
// object used is valid (and the client's date and time are synced with a public
|
|
// time server), a signed object should be passed along correctly.
|
|
//
|
|
// dojox.io.OAuth does not deal with the OAuth handshake process at all.
|
|
//
|
|
// This object was developed against the Netflix API (OAuth-based service); see
|
|
// http://developer.netflix.com for more details.
|
|
var encode = this.encode = function(s){
|
|
if(!s){ return ""; }
|
|
return encodeURIComponent(s)
|
|
.replace(/\!/g, "%21")
|
|
.replace(/\*/g, "%2A")
|
|
.replace(/\'/g, "%27")
|
|
.replace(/\(/g, "%28")
|
|
.replace(/\)/g, "%29");
|
|
};
|
|
|
|
var decode = this.decode = function(str){
|
|
// summary:
|
|
// Break apart the passed string and decode.
|
|
// Some special cases are handled.
|
|
var a=[], list=str.split("&");
|
|
for(var i=0, l=list.length; i<l; i++){
|
|
var item=list[i];
|
|
if(list[i]==""){ continue; } // skip this one.
|
|
if(list[i].indexOf("=")>-1){
|
|
var tmp=list[i].split("=");
|
|
a.push([ decodeURIComponent(tmp[0]), decodeURIComponent(tmp[1]) ]);
|
|
} else {
|
|
a.push([ decodeURIComponent(list[i]), null ]);
|
|
}
|
|
}
|
|
return a;
|
|
};
|
|
|
|
function parseUrl(url){
|
|
// summary:
|
|
// Create a map out of the passed URL. Need to pull any
|
|
// query string parameters off the URL for the base signature string.
|
|
var keys = [
|
|
"source","protocol","authority","userInfo",
|
|
"user","password","host","port",
|
|
"relative","path","directory",
|
|
"file","query","anchor"
|
|
],
|
|
parser=/^(?:([^:\/?#]+):)?(?:\/\/((?:(([^:@]*):?([^:@]*))?@)?([^:\/?#]*)(?::(\d*))?))?((((?:[^?#\/]*\/)*)([^?#]*))(?:\?([^#]*))?(?:#(.*))?)/,
|
|
match=parser.exec(url),
|
|
map = {},
|
|
i=keys.length;
|
|
|
|
// create the base map first.
|
|
while(i--){ map[keys[i]] = match[i] || ""; }
|
|
|
|
// create the normalized version of the url and add it to the map
|
|
var p=map.protocol.toLowerCase(),
|
|
a=map.authority.toLowerCase(),
|
|
b=(p=="http"&&map.port==80)||(p=="https"&&map.port==443);
|
|
if(b){
|
|
if(a.lastIndexOf(":")>-1){
|
|
a=a.substring(0, a.lastIndexOf(":"));
|
|
}
|
|
}
|
|
var path=map.path||"/";
|
|
map.url=p+"://"+a+path;
|
|
|
|
// return the map
|
|
return map;
|
|
}
|
|
|
|
var tab="0123456789ABCDEFGHIJKLMNOPQRSTUVWXTZabcdefghiklmnopqrstuvwxyz";
|
|
function nonce(length){
|
|
var s="", tl=tab.length;
|
|
for(var i=0; i<length; i++){
|
|
s+=tab.charAt(Math.floor(Math.random()*tl));
|
|
}
|
|
return s;
|
|
}
|
|
function timestamp(){
|
|
return Math.floor(new Date().valueOf()/1000)-2;
|
|
}
|
|
function signature(data, key, type){
|
|
if(type && type!="PLAINTEXT" && type!="HMAC-SHA1"){
|
|
throw new Error("dojox.io.OAuth: the only supported signature encodings are PLAINTEXT and HMAC-SHA1.");
|
|
}
|
|
|
|
if(type=="PLAINTEXT"){
|
|
return key;
|
|
} else {
|
|
// assume SHA1 HMAC
|
|
return dojox.encoding.digests.SHA1._hmac(data, key);
|
|
}
|
|
}
|
|
|
|
function key(args){
|
|
// summary:
|
|
// return the key used to sign a message based on the token object.
|
|
return encode(args.consumer.secret)
|
|
+ "&"
|
|
+ (args.token && args.token.secret ? encode(args.token.secret) : "");
|
|
}
|
|
|
|
function addOAuth(/* dojo.__XhrArgs */args, /* dojox.io.__OAuthArgs */oaa){
|
|
// summary:
|
|
// Add the OAuth parameters to the query string/content.
|
|
var o = {
|
|
oauth_consumer_key: oaa.consumer.key,
|
|
oauth_nonce: nonce(16),
|
|
oauth_signature_method: oaa.sig_method || "HMAC-SHA1",
|
|
oauth_timestamp: timestamp(),
|
|
oauth_version: "1.0"
|
|
}
|
|
if(oaa.token){
|
|
o.oauth_token = oaa.token.key;
|
|
}
|
|
args.content = dojo.mixin(args.content||{}, o);
|
|
}
|
|
|
|
function convertArgs(args){
|
|
// summary:
|
|
// Because of the need to create a base string, we have to do
|
|
// some manual args preparation instead of relying on the internal
|
|
// Dojo xhr functions. But we'll let dojo.xhr assemble things
|
|
// as it normally would.
|
|
var miArgs = [{}], formObject;
|
|
|
|
if(args.form){
|
|
if(!args.content){ args.content = {}; }
|
|
var form = dojo.byId(args.form);
|
|
var actnNode = form.getAttributeNode("action");
|
|
args.url = args.url || (actnNode ? actnNode.value : null);
|
|
formObject = dojo.formToObject(form);
|
|
delete args.form;
|
|
}
|
|
if(formObject){ miArgs.push(formObject); }
|
|
if(args.content){ miArgs.push(args.content); }
|
|
|
|
// pull anything off the query string
|
|
var map = parseUrl(args.url);
|
|
if(map.query){
|
|
var tmp = dojo.queryToObject(map.query);
|
|
// re-encode the values. sigh
|
|
for(var p in tmp){ tmp[p] = encodeURIComponent(tmp[p]); }
|
|
miArgs.push(tmp);
|
|
}
|
|
args._url = map.url;
|
|
|
|
// now set up all the parameters as an array of 2 element arrays.
|
|
var a = [];
|
|
for(var i=0, l=miArgs.length; i<l; i++){
|
|
var item=miArgs[i];
|
|
for(var p in item){
|
|
if(dojo.isArray(item[p])){
|
|
// handle multiple values
|
|
for(var j=0, jl=item.length; j<jl; j++){
|
|
a.push([ p, item[j] ]);
|
|
}
|
|
} else {
|
|
a.push([ p, item[p] ]);
|
|
}
|
|
}
|
|
}
|
|
|
|
args._parameters = a;
|
|
return args;
|
|
}
|
|
|
|
function baseString(/* String */method, /* dojo.__XhrArgs */args, /* dojox.io.__OAuthArgs */oaa){
|
|
// create and return the base string out of the args.
|
|
addOAuth(args, oaa);
|
|
convertArgs(args);
|
|
|
|
var a = args._parameters;
|
|
|
|
// sort the parameters
|
|
a.sort(function(a,b){
|
|
if(a[0]>b[0]){ return 1; }
|
|
if(a[0]<b[0]){ return -1; }
|
|
if(a[1]>b[1]){ return 1; }
|
|
if(a[1]<b[1]){ return -1; }
|
|
return 0;
|
|
});
|
|
|
|
// encode.
|
|
var s = dojo.map(a, function(item){
|
|
return encode(item[0]) + "%3D" + encode(item[1]||"");
|
|
}).join("%26");
|
|
|
|
var baseString = method.toUpperCase()
|
|
+ "&" + encode(args._url)
|
|
+ "&" + s;
|
|
return baseString;
|
|
}
|
|
|
|
function sign(method, args, oaa){
|
|
// return the oauth_signature for this message.
|
|
var k = key(oaa),
|
|
message = baseString(method, args, oaa),
|
|
s = signature(message, k, oaa.sig_method || "HMAC-SHA1");
|
|
args.content["oauth_signature"] = s;
|
|
return args;
|
|
}
|
|
|
|
/*=====
|
|
dojox.io.OAuth.__AccessorArgs = function(key, secret){
|
|
// key: String
|
|
// The key or token issued to either the consumer or by the OAuth service.
|
|
// secret: String
|
|
// The secret (shared secret for consumers, issued secret by OAuth service).
|
|
this.key = key;
|
|
this.secret = secret;
|
|
};
|
|
dojox.io.OAuth.__OAuthArgs = function(consumer, sig_method, token){
|
|
// consumer: dojox.io.OAuth.__AccessorArgs
|
|
// The consumer information issued to your OpenAuth application.
|
|
// sig_method: String
|
|
// The method used to create the signature. Should be PLAINTEXT or HMAC-SHA1.
|
|
// token: dojox.io.OAuth.__AccessorArgs?
|
|
// The request token and secret issued by the OAuth service. If not
|
|
// issued yet, this should be null.
|
|
this.consumer = consumer;
|
|
this.token = token;
|
|
}
|
|
=====*/
|
|
|
|
/*
|
|
* Process goes something like this:
|
|
* 1. prepare the base string
|
|
* 2. create the key
|
|
* 3. create the signature based on the base string and the key
|
|
* 4. send the request using dojo.xhr[METHOD].
|
|
*/
|
|
|
|
this.sign = function(/* String*/method, /* dojo.__XhrArgs */args, /* dojox.io.OAuth.__OAuthArgs */oaa){
|
|
// summary:
|
|
// Given the OAuth access arguments, sign the kwArgs that you would pass
|
|
// to any dojo Ajax method (dojo.xhr*, dojo.io.iframe, dojo.io.script).
|
|
// example:
|
|
// Sign the kwArgs object for use with dojo.xhrGet:
|
|
// | var oaa = {
|
|
// | consumer: {
|
|
// | key: "foobar",
|
|
// | secret: "barbaz"
|
|
// | }
|
|
// | };
|
|
// |
|
|
// | var args = dojox.io.OAuth.sign("GET", myAjaxKwArgs, oaa);
|
|
// | dojo.xhrGet(args);
|
|
return sign(method, args, oaa);
|
|
};
|
|
|
|
|
|
// TODO: handle redirect requests?
|
|
this.xhr = function(/* String */method, /* dojo.__XhrArgs */args, /* dojox.io.OAuth.__OAuthArgs */oaa, /* Boolean? */hasBody){
|
|
/* summary:
|
|
* Make an XHR request that is OAuth signed.
|
|
* example:
|
|
* | var dfd = dojox.io.OAuth.xhrGet({
|
|
* | url: "http://someauthdomain.com/path?foo=bar",
|
|
* | load: function(response, ioArgs){ }
|
|
* | },
|
|
* | {
|
|
* | consumer:{ key: "lasdkf9asdnfsdf", secret: "9asdnfskdfysjr" }
|
|
* | });
|
|
*/
|
|
sign(method, args, oaa);
|
|
return dojo.xhr(method, args, hasBody);
|
|
};
|
|
|
|
this.xhrGet = function(/* dojo.__XhrArgs */args, /* dojox.io.OAuth.__OAuthArgs*/ oaa){
|
|
return this.xhr("GET", args, oaa);
|
|
};
|
|
this.xhrPost = this.xhrRawPost = function(/* dojo.__XhrArgs */args, /* dojox.io.OAuth.__OAuthArgs*/ oaa){
|
|
return this.xhr("POST", args, oaa, true);
|
|
};
|
|
this.xhrPut = this.xhrRawPut = function(/* dojo.__XhrArgs */args, /* dojox.io.OAuth.__OAuthArgs*/ oaa){
|
|
return this.xhr("PUT", args, oaa, true);
|
|
};
|
|
this.xhrDelete = function(/* dojo.__XhrArgs */args, /* dojox.io.OAuth.__OAuthArgs*/ oaa){
|
|
return this.xhr("DELETE", args, oaa);
|
|
};
|
|
})();
|