Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
var http = require('http')
function getSignature (r) {
var sign
r.headers.Authorization.slice('OAuth '.length).replace(/, /g, ',').split(',').forEach(function (v) {
if (v.slice(0, 'oauth_signature="'.length) === 'oauth_signature="') {
sign = v.slice('oauth_signature="'.length, -1)
}
})
return decodeURIComponent(sign)
}
// Tests from Twitter documentation https://dev.twitter.com/docs/auth/oauth
var hmacsign = oauth.hmacsign
var hmacsign256 = oauth.hmacsign256
var rsasign = oauth.rsasign
var rsaPrivatePEM = fs.readFileSync(path.join(__dirname, 'ssl', 'test.key'))
var reqsign
var reqsign256
var reqsignRSA
var accsign
var accsign256
var accsignRSA
var upsign
var upsign256
var upsignRSA
tape('reqsign', function (t) {
reqsign = hmacsign('POST', 'https://api.twitter.com/oauth/request_token',
{ oauth_callback: 'http://localhost:3005/the_dance/process_callback?service_provider_id=11',
oauth_consumer_key: 'GDdmIQH6jhtmLUypg82g',
function getSignature (r) {
var sign
r.headers.Authorization.slice('OAuth '.length).replace(/, /g, ',').split(',').forEach(function (v) {
if (v.slice(0, 'oauth_signature="'.length) === 'oauth_signature="') {
sign = v.slice('oauth_signature="'.length, -1)
}
})
return decodeURIComponent(sign)
}
// Tests from Twitter documentation https://dev.twitter.com/docs/auth/oauth
var hmacsign = oauth.hmacsign
var hmacsign256 = oauth.hmacsign256
var rsasign = oauth.rsasign
var rsaPrivatePEM = fs.readFileSync(path.join(__dirname, 'ssl', 'test.key'))
var reqsign
var reqsign256
var reqsignRSA
var accsign
var accsign256
var accsignRSA
var upsign
var upsign256
var upsignRSA
tape('reqsign', function (t) {
reqsign = hmacsign('POST', 'https://api.twitter.com/oauth/request_token',
{ oauth_callback: 'http://localhost:3005/the_dance/process_callback?service_provider_id=11',
oauth_consumer_key: 'GDdmIQH6jhtmLUypg82g',
oauth_nonce: 'QP70eNmVz8jvdPevU3oJD2AfF7R7odC2XJcn4XlZJqk',
var key = "A5qDB88mg7pnBXOYSz3rzdhYVtxHu2B6";
var timestamp = Math.round(Date.now() / 1000);
var method = 'POST';
var params ={
"oauth_consumer_key": key,
"oauth_timestamp": timestamp,
"oauth_signature_method": "HMAC-SHA1",
"oauth_version": "1.0",
"ext_user_username": "umar",
"lti_message_type": "basic-lti-launch-request",
"lti_version": "LTI-1p0",
"resource_link_id": "resourceLinkId",
};
//Prepare oauth signature
let signature = oauth.hmacsign(method, ltiURL1, params, secret);
params.oauth_signature = signature;
console.log("params.oauth_signature="+params.oauth_signature);
this.context.executeAction(addLTI, {
ltiURL1: ltiURL1,
params: params
});
/*
let post_data = querystring.stringify(params);
console.log("post_data="+post_data);
// An object of options to indicate where to post to
let post_options = {
var baseurl = this.uri.protocol + '//' + this.uri.host + this.uri.pathname
var signature = oauth.hmacsign(this.method, baseurl, oa, consumer_secret, token_secret)
// oa.oauth_signature = signature
for (var i in form) {
if ( i.slice(0, 'oauth_') in _oauth) {
// skip
} else {
delete oa['oauth_'+i]
if (i !== 'x_auth_mode') delete oa[i]
}
}
oa.oauth_timestamp = timestamp
this.headers.Authorization =
'OAuth '+Object.keys(oa).sort().map(function (i) {return i+'="'+oauth.rfc3986(oa[i])+'"'}).join(',')
this.headers.Authorization += ',oauth_signature="' + oauth.rfc3986(signature) + '"'
return this
}
Request.prototype.jar = function (jar) {
var baseurl = this.uri.protocol + '//' + this.uri.host + this.uri.pathname
var signature = oauth.hmacsign(this.method, baseurl, oa, consumer_secret, token_secret)
// oa.oauth_signature = signature
for (var i in form) {
if ( i.slice(0, 'oauth_') in _oauth) {
// skip
} else {
delete oa['oauth_'+i]
if (i !== 'x_auth_mode') delete oa[i]
}
}
oa.oauth_timestamp = timestamp
this.headers.Authorization =
'OAuth '+Object.keys(oa).sort().map(function (i) {return i+'="'+oauth.rfc3986(oa[i])+'"'}).join(',')
this.headers.Authorization += ',oauth_signature="' + oauth.rfc3986(signature) + '"'
return this
}
Request.prototype.jar = function (jar) {
var baseurl = this.uri.protocol + '//' + this.uri.host + this.uri.pathname
var signature = oauth.hmacsign(this.method, baseurl, oa, consumer_secret, token_secret)
// oa.oauth_signature = signature
for (var i in form) {
if ( i.slice(0, 'oauth_') in _oauth) {
// skip
} else {
delete oa['oauth_'+i]
if (i !== 'x_auth_mode') delete oa[i]
}
}
oa.oauth_timestamp = timestamp
this.headers.Authorization =
'OAuth '+Object.keys(oa).sort().map(function (i) {return i+'="'+oauth.rfc3986(oa[i])+'"'}).join(',')
this.headers.Authorization += ',oauth_signature="' + oauth.rfc3986(signature) + '"'
return this
}
Request.prototype.jar = function (jar) {
var consumer_secret_or_private_key = oa.oauth_consumer_secret || oa.oauth_private_key // eslint-disable-line camelcase
delete oa.oauth_consumer_secret
delete oa.oauth_private_key
var token_secret = oa.oauth_token_secret // eslint-disable-line camelcase
delete oa.oauth_token_secret
var realm = oa.oauth_realm
delete oa.oauth_realm
delete oa.oauth_transport_method
var baseurl = uri.protocol + '//' + uri.host + uri.pathname
var params = qsLib.parse([].concat(query, form, qsLib.stringify(oa)).join('&'))
oa.oauth_signature = oauth.sign(
oa.oauth_signature_method,
method,
baseurl,
params,
consumer_secret_or_private_key, // eslint-disable-line camelcase
token_secret // eslint-disable-line camelcase
)
if (realm) {
oa.realm = realm
}
return oa
}
var consumer_secret_or_private_key = oa.oauth_consumer_secret || oa.oauth_private_key // eslint-disable-line camelcase
delete oa.oauth_consumer_secret
delete oa.oauth_private_key
var token_secret = oa.oauth_token_secret // eslint-disable-line camelcase
delete oa.oauth_token_secret
var realm = oa.oauth_realm
delete oa.oauth_realm
delete oa.oauth_transport_method
var baseurl = uri.protocol + '//' + uri.host + uri.pathname
var params = qsLib.parse([].concat(query, form, qsLib.stringify(oa)).join('&'))
oa.oauth_signature = oauth.sign(
oa.oauth_signature_method,
method,
baseurl,
params,
consumer_secret_or_private_key, // eslint-disable-line camelcase
token_secret // eslint-disable-line camelcase
)
if (realm) {
oa.realm = realm
}
return oa
}
for (var i in form) oa[i] = form[i]
for (var i in _oauth) oa['oauth_'+i] = _oauth[i]
if (!oa.oauth_version) oa.oauth_version = '1.0'
if (!oa.oauth_timestamp) oa.oauth_timestamp = Math.floor( Date.now() / 1000 ).toString()
if (!oa.oauth_nonce) oa.oauth_nonce = uuid().replace(/-/g, '')
oa.oauth_signature_method = 'HMAC-SHA1'
var consumer_secret = oa.oauth_consumer_secret
delete oa.oauth_consumer_secret
var token_secret = oa.oauth_token_secret
delete oa.oauth_token_secret
var timestamp = oa.oauth_timestamp
var baseurl = this.uri.protocol + '//' + this.uri.host + this.uri.pathname
var signature = oauth.hmacsign(this.method, baseurl, oa, consumer_secret, token_secret)
// oa.oauth_signature = signature
for (var i in form) {
if ( i.slice(0, 'oauth_') in _oauth) {
// skip
} else {
delete oa['oauth_'+i]
if (i !== 'x_auth_mode') delete oa[i]
}
}
oa.oauth_timestamp = timestamp
this.headers.Authorization =
'OAuth '+Object.keys(oa).sort().map(function (i) {return i+'="'+oauth.rfc3986(oa[i])+'"'}).join(',')
this.headers.Authorization += ',oauth_signature="' + oauth.rfc3986(signature) + '"'
return this
}
}
// Const { secret, launchUrl } = tool; // The URL under which the LTI tool reside and the LTI oauth secret
const launchParams = new LtiLaunchParams(
tool,
version.hilary.version,
group.tenant.alias,
group.displayName,
group.isManager,
groupId,
principal
);
// eslint-disable-next-line camelcase
launchParams.oauth_signature = oauth.hmacsign(
'POST',
tool.launchUrl,
launchParams,
tool.secret,
''
);
// Scrub out OAUTH parameters from tool
delete tool.secret;
delete tool.consumerKey;
// Add isManager and owner
tool.isManager = principal.isGlobalAdmin || principal.isTenantAdmin;
tool.owner = group;
return callback(null, new LtiToolLaunchParams(tool, launchParams));
});