File Coverage

blib/lib/Plack/Middleware/Auth/OAuth.pm

Criterion	Covered	Total	%
statement	52	54	96.3
branch	19	26	73.0
condition	10	14	71.4
subroutine	11	11	100.0
pod	2	4	50.0
total	94	109	86.2

line	stmt	bran	cond	sub	pod	time	code
1							package Plack::Middleware::Auth::OAuth;
2	3			3		6676	use strict;
	3					7
	3					114
3	3			3		20	use warnings;
	3					7
	3					146
4							our $VERSION = '0.06';
5
6	3			3		1335	use parent qw(Plack::Middleware);
	3					578
	3					18
7
8	3			3		58339	use Plack::Request;
	3					216115
	3					119
9	3					36	use Plack::Util::Accessor qw(
10							consumer_key
11							consumer_secret
12							validate_post
13							check_timestamp_cb
14							check_nonce_cb
15							unauthorized_cb
16							validate_only
17							secret_resolver_cb
18							strict
19	3			3		29	);
	3					6
20
21	3			3		13168	use OAuth::Lite::Util qw(parse_auth_header);
	3					26867
	3					320
22	3			3		3630	use OAuth::Lite::ServerUtil;
	3					32060
	3					39
23
24							sub prepare_app {
25	8			8	1	5811	my $self = shift;
26
27	8	100				37	if (!$self->secret_resolver_cb) {
28	7	50				310	die 'requires consumer_key' unless $self->consumer_key;
29	7	50				68	die 'requires consumer_secret' unless $self->consumer_secret;
30							}
31
32	8					53	for my $cb_method (qw/check_nonce_cb check_timestamp_cb unauthorized_cb secret_resolver_cb/) {
33	32	50	66			240	if ($self->$cb_method && ref $self->$cb_method ne 'CODE') {
34	0					0	die "$cb_method should be a code reference";
35							}
36							}
37
38							}
39
40							sub call {
41	14			14	1	60214	my ($self, $env) = @_;
42
43	14	100	100			41	return ($self->validate($env) \|\| $self->validate_only) ? $self->app->($env) : $self->unauthorized($env);
44							}
45
46							sub validate {
47	14			14	0	22	my ($self, $env) = @_;
48
49	14	100				82	my $auth = $env->{HTTP_AUTHORIZATION} or return;
50
51	8					33	my ($realm, $params) = parse_auth_header($auth);
52	8					1096	$env->{'psgix.oauth_realm'} = $realm;
53	8					21	$env->{'psgix.oauth_params'} = $params;
54
55	8					37	my $consumer_secret = $self->consumer_secret;
56	8	100				63	if ($self->secret_resolver_cb) {
57	2					17	$consumer_secret = $self->secret_resolver_cb->($params->{oauth_consumer_key}, $env);
58							}
59							else {
60	6	50				53	return unless $params->{oauth_consumer_key} eq $self->consumer_key;
61							}
62
63	8	50	33			78	return if $self->check_timestamp_cb && !$self->check_timestamp_cb->($params);
64	8	100	100			178	return if $self->check_nonce_cb && !$self->check_nonce_cb->($params);
65
66	7					115	my $req = Plack::Request->new($env);
67	7	50				83	my $req_params
68							= $self->validate_post ? $req->parameters : $req->query_parameters;
69	7					487	for my $k ($req_params->keys) {
70	0					0	$params->{$k} = [$req_params->get_all($k)];
71							}
72
73	7		50			69	my $util = OAuth::Lite::ServerUtil->new(strict => $self->strict \|\| 0);
74	7					227	$util->support_signature_method($params->{oauth_signature_method});
75	7	50				426	return unless $util->validate_params($params);
76
77	7					192	$env->{'psgix.oauth_authorized'} = $util->verify_signature(
78							method => $req->method,
79							url => $req->uri,
80							params => $params,
81							consumer_secret => $consumer_secret,
82							token_secret => $params->{oauth_token_secret},
83							);
84							}
85
86							sub unauthorized {
87	8			8	0	2060	my ($self, $env) = @_;
88
89	8	100				23	if ($self->unauthorized_cb) {
90	1					7	$self->unauthorized_cb->($env);
91							}
92							else {
93	7					44	my $body = 'Authorization required';
94							return [
95	7					69	401,
96							[
97							'Content-Type' => 'text/plain',
98							'Content-Lentgth' => length $body,
99							],
100							[$body],
101							];
102							}
103							}
104							1;
105							__END__