Add support for HMAC-SHA256 (builds on PR#388) (#498)

* Add support for HMAC-SHA256

* Add explicit declaration of HMAC-SHA1 and point HMAC at it

To avoid confusion, HMAC constant name should explicitly state which SHA variant is used, but for backwards compatibility, SIGNATURE_HMAC is still needed

* add support for HMAC-SHA256 including tests and comments

* constructor tests verify client built with correct signer method

1 files changed, 38 insertions, 2 deletions

diff --git a/tests/oauth1/rfc5849/test_client.py b/tests/oauth1/rfc5849/test_client.py
index dcb4c3d..777efc2 100644
--- a/tests/oauth1/rfc5849/test_client.py
+++ b/tests/oauth1/rfc5849/test_client.py
@@ -2,7 +2,8 @@
 from __future__ import absolute_import, unicode_literals
 
 from oauthlib.common import Request
-from oauthlib.oauth1 import (SIGNATURE_PLAINTEXT, SIGNATURE_RSA,
+from oauthlib.oauth1 import (SIGNATURE_PLAINTEXT, SIGNATURE_HMAC_SHA1,
+                             SIGNATURE_HMAC_SHA256, SIGNATURE_RSA,
                              SIGNATURE_TYPE_BODY, SIGNATURE_TYPE_QUERY)
 from oauthlib.oauth1.rfc5849 import Client, bytes_type
 
@@ -62,13 +63,48 @@ class ClientConstructorTests(TestCase):
             self.assertIsInstance(k, bytes_type)
             self.assertIsInstance(v, bytes_type)
 
+    def test_hmac_sha1(self):
+        client = Client('client_key')
+        # instance is using the correct signer method
+        self.assertEqual(Client.SIGNATURE_METHODS[SIGNATURE_HMAC_SHA1],
+                         client.SIGNATURE_METHODS[client.signature_method])
+
+    def test_hmac_sha256(self):
+        client = Client('client_key', signature_method=SIGNATURE_HMAC_SHA256)
+        # instance is using the correct signer method
+        self.assertEqual(Client.SIGNATURE_METHODS[SIGNATURE_HMAC_SHA256],
+                         client.SIGNATURE_METHODS[client.signature_method])
+
     def test_rsa(self):
         client = Client('client_key', signature_method=SIGNATURE_RSA)
-        self.assertIsNone(client.rsa_key)  # don't need an RSA key to instantiate
+        # instance is using the correct signer method
+        self.assertEqual(Client.SIGNATURE_METHODS[SIGNATURE_RSA],
+                         client.SIGNATURE_METHODS[client.signature_method])
+        # don't need an RSA key to instantiate
+        self.assertIsNone(client.rsa_key)
 
 
 class SignatureMethodTest(TestCase):
 
+    def test_hmac_sha1_method(self):
+        client = Client('client_key', timestamp='1234567890', nonce='abc')
+        u, h, b = client.sign('http://example.com')
+        correct = ('OAuth oauth_nonce="abc", oauth_timestamp="1234567890", '
+                   'oauth_version="1.0", oauth_signature_method="HMAC-SHA1", '
+                   'oauth_consumer_key="client_key", '
+                   'oauth_signature="hH5BWYVqo7QI4EmPBUUe9owRUUQ%3D"')
+        self.assertEqual(h['Authorization'], correct)
+
+    def test_hmac_sha256_method(self):
+        client = Client('client_key', signature_method=SIGNATURE_HMAC_SHA256,
+                        timestamp='1234567890', nonce='abc')
+        u, h, b = client.sign('http://example.com')
+        correct = ('OAuth oauth_nonce="abc", oauth_timestamp="1234567890", '
+                   'oauth_version="1.0", oauth_signature_method="HMAC-SHA256", '
+                   'oauth_consumer_key="client_key", '
+                   'oauth_signature="JzgJWBxX664OiMW3WE4MEjtYwOjI%2FpaUWHqtdHe68Es%3D"')
+        self.assertEqual(h['Authorization'], correct)
+
     def test_rsa_method(self):
         private_key = (
             "-----BEGIN RSA PRIVATE KEY-----\nMIICXgIBAAKBgQDk1/bxy"