Fixed issue #1

jaaufauvre · jaaufauvre · commit 97f9c2b5aaf7 · 2019-04-26T18:10:33.000+01:00
diff --git a/Mastercard.Developer.OAuth1Signer.Core/OAuth.cs b/Mastercard.Developer.OAuth1Signer.Core/OAuth.cs
@@ -71,8 +71,11 @@ internal static Dictionary<string, List<string>> ExtractQueryParams(string uri)
                 return queryParamCollection;
             }
 
-            var queryParameterString = uri.Substring(beginIndex);
-            var queryParams = queryParameterString.Split('&', '?');
+            var rawQueryString = uri.Substring(beginIndex);
+            var decodedQueryString = Uri.UnescapeDataString(rawQueryString);
+            bool mustEncode = !decodedQueryString.Equals(rawQueryString);
+
+            var queryParams = rawQueryString.Split('&', '?');
             foreach (var queryParam in queryParams)
             {
                 if (string.IsNullOrEmpty(queryParam))
@@ -83,8 +86,8 @@ internal static Dictionary<string, List<string>> ExtractQueryParams(string uri)
                 var separatorIndex = queryParam.IndexOf('=');
                 var key = separatorIndex < 0 ? queryParam : Uri.UnescapeDataString(queryParam.Substring(0, separatorIndex));
                 var value = separatorIndex < 0 ? string.Empty : Uri.UnescapeDataString(queryParam.Substring(separatorIndex + 1));
-                var encodedKey = ToUriRfc3986(key);
-                var encodedValue = ToUriRfc3986(value);
+                var encodedKey = mustEncode ? ToUriRfc3986(key) : key;
+                var encodedValue = mustEncode ? ToUriRfc3986(value) : value;
 
                 if (!queryParamCollection.ContainsKey(encodedKey))
                 {
diff --git a/Mastercard.Developer.OAuth1Signer.Tests/NetCore/OAuthTest.cs b/Mastercard.Developer.OAuth1Signer.Tests/NetCore/OAuthTest.cs
@@ -10,27 +10,102 @@ namespace Mastercard.Developer.OAuth1Signer.Tests.NetCore
     [TestClass]
     public class OAuthTest
     {
-        [TestMethod]
-        public void TestExtractQueryParams_ShouldExtractEncodedParams()
-        {
-            var queryParams = OAuth.ExtractQueryParams("https://sandbox.api.mastercard.com?param1=plus+value&param2=colon:value&param3=a space~");
-            Assert.AreEqual(3, queryParams.Count);
-            Assert.IsFalse(new List<string> { "plus%2Bvalue" }.Except(queryParams["param1"]).Any());
-            Assert.IsFalse(new List<string> { "colon%3Avalue" }.Except(queryParams["param2"]).Any());
-            Assert.IsFalse(new List<string> { "a%20space~" }.Except(queryParams["param3"]).Any());
-        }
-
         [TestMethod]
         public void TestExtractQueryParams_ShouldSupportDuplicateKeysAndEmptyValues()
         {
-            var queryParams = OAuth.ExtractQueryParams("https://sandbox.api.mastercard.com/audiences/v1/getcountries?offset=0&offset=1&length=10&empty&odd=");
+            // GIVEN
+            const string uri = "https://sandbox.api.mastercard.com/audiences/v1/getcountries?offset=0&offset=1&length=10&empty&odd=";
+
+            // WHEN
+            var queryParams = OAuth.ExtractQueryParams(uri);
+
+            // THEN
             Assert.AreEqual(4, queryParams.Count);
             Assert.IsFalse(new List<string> { "10" }.Except(queryParams["length"]).Any());
             Assert.IsFalse(new List<string> { "0", "1" }.Except(queryParams["offset"]).Any());
             Assert.IsFalse(new List<string> { string.Empty }.Except(queryParams["empty"]).Any());
             Assert.IsFalse(new List<string> { string.Empty }.Except(queryParams["odd"]).Any());
         }
 
+        [TestMethod]
+        public void TestExtractQueryParams_ShouldSupportRfcExample()
+        {
+            // GIVEN
+            const string uri = "https://example.com/request?b5=%3D%253D&a3=a&c%40=&a2=r%20b"; // See: https://tools.ietf.org/html/rfc5849#section-3.4.1.3.1
+
+            // WHEN
+            var queryParams = OAuth.ExtractQueryParams(uri);
+
+            // THEN
+            Assert.AreEqual(4, queryParams.Count);
+            Assert.IsFalse(new List<string> { "%3D%253D" }.Except(queryParams["b5"]).Any());
+            Assert.IsFalse(new List<string> { "a" }.Except(queryParams["a3"]).Any());
+            Assert.IsFalse(new List<string> { string.Empty }.Except(queryParams["c%40"]).Any());
+            Assert.IsFalse(new List<string> { "r%20b" }.Except(queryParams["a2"]).Any());
+        }
+
+        [TestMethod]
+        public void TestExtractQueryParams_ShouldNotEncodeParams_WhenUriStringWithDecodedParams()
+        {
+            // GIVEN
+            const string uri = "https://example.com/request?colon=:&plus=+&comma=,";
+
+            // WHEN
+            var queryParams = OAuth.ExtractQueryParams(uri);
+
+            // THEN
+            Assert.AreEqual(3, queryParams.Count);
+            Assert.IsFalse(new List<string> { ":" }.Except(queryParams["colon"]).Any());
+            Assert.IsFalse(new List<string> { "+" }.Except(queryParams["plus"]).Any());
+            Assert.IsFalse(new List<string> { "," }.Except(queryParams["comma"]).Any());
+        }
+
+        [TestMethod]
+        public void TestExtractQueryParams_ShouldEncodeParams_WhenUriStringWithEncodedParams()
+        {
+            // GIVEN
+            const string uri = "https://example.com/request?colon=%3A&plus=%2B&comma=%2C";
+
+            // WHEN
+            var queryParams = OAuth.ExtractQueryParams(uri);
+
+            // THEN
+            Assert.AreEqual(3, queryParams.Count);
+            Assert.IsFalse(new List<string> { "%3A" }.Except(queryParams["colon"]).Any());
+            Assert.IsFalse(new List<string> { "%2B" }.Except(queryParams["plus"]).Any());
+            Assert.IsFalse(new List<string> { "%2C" }.Except(queryParams["comma"]).Any());
+        }
+
+        [TestMethod]
+        public void TestParameterEncoding_ShouldCreateExpectedSignatureBaseString_WhenQueryParamsEncodedInUri()
+        {
+            // GIVEN
+            const string uri = "https://example.com/?param=token1%3Atoken2";
+
+            // WHEN
+            var queryParams = OAuth.ExtractQueryParams(uri);
+            var paramString = OAuth.GetOAuthParamString(queryParams, new Dictionary<string, string>());
+            var baseString = OAuth.GetSignatureBaseString("https://example.com", "GET", paramString);
+
+            // THEN
+            Assert.AreEqual("GET&https%3A%2F%2Fexample.com&param%3Dtoken1%253Atoken2", baseString);
+        }
+
+        [TestMethod]
+        public void TestParameterEncoding_ShouldCreateExpectedSignatureBaseString_WhenQueryParamsNotEncodedInUri()
+        {
+            // GIVEN
+            const string uri = "https://example.com/?param=token1:token2";
+
+            // WHEN
+            var queryParams = OAuth.ExtractQueryParams(uri);
+            var paramString = OAuth.GetOAuthParamString(queryParams, new Dictionary<string, string>());
+            var baseString = OAuth.GetSignatureBaseString("https://example.com", "GET", paramString);
+
+            // THEN
+            Assert.AreEqual("GET&https%3A%2F%2Fexample.com&param%3Dtoken1%3Atoken2", baseString);
+        }
+
         [TestMethod]
         public void TestGetBodyHash()
         {
