apigee-oauth 0.4.0

data/lib/oauth/cli.rb

@@ -0,0 +1,378 @@
+require 'optparse'
+require 'oauth'
+
+module OAuth
+  class CLI
+    SUPPORTED_COMMANDS = {
+      "authorize" => "Obtain an access token and secret for a user",
+      "debug"     => "Verbosely generate an OAuth signature",
+      "query"     => "Query a protected resource",
+      "sign"      => "Generate an OAuth signature",
+      "version"   => "Display the current version of the library"
+    }
+
+    attr_reader :command
+    attr_reader :options
+    attr_reader :stdout, :stdin
+
+    def self.execute(stdout, stdin, stderr, arguments = [])
+      self.new.execute(stdout, stdin, stderr, arguments)
+    end
+
+    def initialize
+      @options = {}
+
+      # don't dump a backtrace on a ^C
+      trap(:INT) {
+        exit
+      }
+    end
+
+    def execute(stdout, stdin, stderr, arguments = [])
+      @stdout = stdout
+      @stdin  = stdin
+      @stderr = stderr
+      extract_command_and_parse_options(arguments)
+
+      if sufficient_options? && valid_command?
+        if command == "debug"
+          @command = "sign"
+          @options[:verbose] = true
+        end
+
+        case command
+        # TODO move command logic elsewhere
+        when "authorize"
+          begin
+            consumer = OAuth::Consumer.new \
+              options[:oauth_consumer_key],
+              options[:oauth_consumer_secret],
+              :access_token_url  => options[:access_token_url],
+              :authorize_url     => options[:authorize_url],
+              :request_token_url => options[:request_token_url],
+              :scheme            => options[:scheme],
+              :http_method       => options[:method].to_s.downcase.to_sym
+
+            # parameters for OAuth 1.0a
+            oauth_verifier = nil
+
+            # get a request token
+            request_token = consumer.get_request_token({ :oauth_callback => options[:oauth_callback] }, { "scope" => options[:scope] })
+
+            if request_token.callback_confirmed?
+              stdout.puts "Server appears to support OAuth 1.0a; enabling support."
+              options[:version] = "1.0a"
+            end
+
+            stdout.puts "Please visit this url to authorize:"
+            stdout.puts request_token.authorize_url
+
+            if options[:version] == "1.0a"
+              stdout.puts "Please enter the verification code provided by the SP (oauth_verifier):"
+              oauth_verifier = stdin.gets.chomp
+            else
+              stdout.puts "Press return to continue..."
+              stdin.gets
+            end
+
+            begin
+              # get an access token
+              access_token = request_token.get_access_token(:oauth_verifier => oauth_verifier)
+
+              stdout.puts "Response:"
+              access_token.params.each do |k,v|
+                stdout.puts "  #{k}: #{v}" unless k.is_a?(Symbol)
+              end
+            rescue OAuth::Unauthorized => e
+              stderr.puts "A problem occurred while attempting to obtain an access token:"
+              stderr.puts e
+              stderr.puts e.request.body
+            end
+          rescue OAuth::Unauthorized => e
+            stderr.puts "A problem occurred while attempting to authorize:"
+            stderr.puts e
+            stderr.puts e.request.body
+          end
+        when "query"
+          consumer = OAuth::Consumer.new \
+            options[:oauth_consumer_key],
+            options[:oauth_consumer_secret],
+            :scheme => options[:scheme]
+
+          access_token = OAuth::AccessToken.new(consumer, options[:oauth_token], options[:oauth_token_secret])
+
+          # append params to the URL
+          uri = URI.parse(options[:uri])
+          params = prepare_parameters.map { |k,v| v.map { |v2| "#{URI.encode(k)}=#{URI.encode(v2)}" } * "&" }
+          uri.query = [uri.query, *params].reject { |x| x.nil? } * "&"
+          p uri.to_s
+
+          response = access_token.request(options[:method].downcase.to_sym, uri.to_s)
+          puts "#{response.code} #{response.message}"
+          puts response.body
+        when "sign"
+          parameters = prepare_parameters
+
+          request = OAuth::RequestProxy.proxy \
+             "method"     => options[:method],
+             "uri"        => options[:uri],
+             "parameters" => parameters
+
+          if verbose?
+            stdout.puts "OAuth parameters:"
+            request.oauth_parameters.each do |k,v|
+              stdout.puts "  " + [k, v] * ": "
+            end
+            stdout.puts
+
+            if request.non_oauth_parameters.any?
+              stdout.puts "Parameters:"
+              request.non_oauth_parameters.each do |k,v|
+                stdout.puts "  " + [k, v] * ": "
+              end
+              stdout.puts
+            end
+          end
+
+          request.sign! \
+            :consumer_secret => options[:oauth_consumer_secret],
+            :token_secret    => options[:oauth_token_secret]
+
+          if verbose?
+            stdout.puts "Method: #{request.method}"
+            stdout.puts "URI: #{request.uri}"
+            stdout.puts "Normalized params: #{request.normalized_parameters}" unless options[:xmpp]
+            stdout.puts "Signature base string: #{request.signature_base_string}"
+
+            if options[:xmpp]
+              stdout.puts
+              stdout.puts "XMPP Stanza:"
+              stdout.puts <<-EOS
+  <oauth xmlns='urn:xmpp:oauth:0'>
+    <oauth_consumer_key>#{request.oauth_consumer_key}</oauth_consumer_key>
+    <oauth_token>#{request.oauth_token}</oauth_token>
+    <oauth_signature_method>#{request.oauth_signature_method}</oauth_signature_method>
+    <oauth_signature>#{request.oauth_signature}</oauth_signature>
+    <oauth_timestamp>#{request.oauth_timestamp}</oauth_timestamp>
+    <oauth_nonce>#{request.oauth_nonce}</oauth_nonce>
+    <oauth_version>#{request.oauth_version}</oauth_version>
+  </oauth>
+              EOS
+              stdout.puts
+              stdout.puts "Note: You may want to use bare JIDs in your URI."
+              stdout.puts
+            else
+              stdout.puts "OAuth Request URI: #{request.signed_uri}"
+              stdout.puts "Request URI: #{request.signed_uri(false)}"
+              stdout.puts "Authorization header: #{request.oauth_header(:realm => options[:realm])}"
+            end
+            stdout.puts "Signature:         #{request.oauth_signature}"
+            stdout.puts "Escaped signature: #{OAuth::Helper.escape(request.oauth_signature)}"
+          else
+            stdout.puts request.oauth_signature
+          end
+        when "version"
+          puts "OAuth for Ruby #{OAuth::VERSION}"
+        end
+      else
+        usage
+      end
+    end
+
+  protected
+
+    def extract_command_and_parse_options(arguments)
+      @command = arguments[-1]
+      parse_options(arguments[0..-1])
+    end
+
+    def option_parser(arguments = "")
+      # TODO add realm parameter
+      # TODO add user-agent parameter
+      option_parser = OptionParser.new do |opts|
+        opts.banner = "Usage: #{$0} [options] <command>"
+
+        # defaults
+        options[:oauth_nonce] = OAuth::Helper.generate_key
+        options[:oauth_signature_method] = "HMAC-SHA1"
+        options[:oauth_timestamp] = OAuth::Helper.generate_timestamp
+        options[:oauth_version] = "1.0"
+        options[:method] = :post
+        options[:params] = []
+        options[:scheme] = :header
+        options[:version] = "1.0"
+
+        ## Common Options
+
+        opts.on("-B", "--body", "Use the request body for OAuth parameters.") do
+          options[:scheme] = :body
+        end
+
+        opts.on("--consumer-key KEY", "Specifies the consumer key to use.") do |v|
+          options[:oauth_consumer_key] = v
+        end
+
+        opts.on("--consumer-secret SECRET", "Specifies the consumer secret to use.") do |v|
+          options[:oauth_consumer_secret] = v
+        end
+
+        opts.on("-H", "--header", "Use the 'Authorization' header for OAuth parameters (default).") do
+          options[:scheme] = :header
+        end
+
+        opts.on("-Q", "--query-string", "Use the query string for OAuth parameters.") do
+          options[:scheme] = :query_string
+        end
+
+        opts.on("-O", "--options FILE", "Read options from a file") do |v|
+          arguments.unshift(*open(v).readlines.map { |l| l.chomp.split(" ") }.flatten)
+        end
+
+        ## Options for signing and making requests
+
+        opts.separator("\n  options for signing and querying")
+
+        opts.on("--method METHOD", "Specifies the method (e.g. GET) to use when signing.") do |v|
+          options[:method] = v
+        end
+
+        opts.on("--nonce NONCE", "Specifies the none to use.") do |v|
+          options[:oauth_nonce] = v
+        end
+
+        opts.on("--parameters PARAMS", "Specifies the parameters to use when signing.") do |v|
+          options[:params] << v
+        end
+
+        opts.on("--signature-method METHOD", "Specifies the signature method to use; defaults to HMAC-SHA1.") do |v|
+          options[:oauth_signature_method] = v
+        end
+
+        opts.on("--secret SECRET", "Specifies the token secret to use.") do |v|
+          options[:oauth_token_secret] = v
+        end
+
+        opts.on("--timestamp TIMESTAMP", "Specifies the timestamp to use.") do |v|
+          options[:oauth_timestamp] = v
+        end
+
+        opts.on("--token TOKEN", "Specifies the token to use.") do |v|
+          options[:oauth_token] = v
+        end
+
+        opts.on("--realm REALM", "Specifies the realm to use.") do |v|
+          options[:realm] = v
+        end
+
+        opts.on("--uri URI", "Specifies the URI to use when signing.") do |v|
+          options[:uri] = v
+        end
+
+        opts.on(:OPTIONAL, "--version VERSION", "Specifies the OAuth version to use.") do |v|
+          if v
+            options[:oauth_version] = v
+          else
+            @command = "version"
+          end
+        end
+
+        opts.on("--no-version", "Omit oauth_version.") do
+          options[:oauth_version] = nil
+        end
+
+        opts.on("--xmpp", "Generate XMPP stanzas.") do
+          options[:xmpp] = true
+          options[:method] ||= "iq"
+        end
+
+        opts.on("-v", "--verbose", "Be verbose.") do
+          options[:verbose] = true
+        end
+
+        ## Options for authorization
+
+        opts.separator("\n  options for authorization")
+
+        opts.on("--access-token-url URL", "Specifies the access token URL.") do |v|
+          options[:access_token_url] = v
+        end
+
+        opts.on("--authorize-url URL", "Specifies the authorization URL.") do |v|
+          options[:authorize_url] = v
+        end
+
+        opts.on("--callback-url URL", "Specifies a callback URL.") do |v|
+          options[:oauth_callback] = v
+        end
+
+        opts.on("--request-token-url URL", "Specifies the request token URL.") do |v|
+          options[:request_token_url] = v
+        end
+
+        opts.on("--scope SCOPE", "Specifies the scope (Google-specific).") do |v|
+          options[:scope] = v
+        end
+      end
+    end
+
+    def parse_options(arguments)
+      option_parser(arguments).parse!(arguments)
+    end
+
+    def prepare_parameters
+      escaped_pairs = options[:params].collect do |pair|
+        if pair =~ /:/
+          Hash[*pair.split(":", 2)].collect do |k,v|
+            [CGI.escape(k.strip), CGI.escape(v.strip)] * "="
+          end
+        else
+          pair
+        end
+      end
+
+      querystring = escaped_pairs * "&"
+      cli_params = CGI.parse(querystring)
+
+      {
+        "oauth_consumer_key"     => options[:oauth_consumer_key],
+        "oauth_nonce"            => options[:oauth_nonce],
+        "oauth_timestamp"        => options[:oauth_timestamp],
+        "oauth_token"            => options[:oauth_token],
+        "oauth_signature_method" => options[:oauth_signature_method],
+        "oauth_version"          => options[:oauth_version]
+      }.reject { |k,v| v.nil? || v == "" }.merge(cli_params)
+    end
+
+    def sufficient_options?
+      case command
+      # TODO move command logic elsewhere
+      when "authorize"
+        options[:oauth_consumer_key] && options[:oauth_consumer_secret] &&
+          options[:access_token_url] && options[:authorize_url] &&
+          options[:request_token_url]
+      when "version"
+        true
+      else
+        options[:oauth_consumer_key] && options[:oauth_consumer_secret] &&
+          options[:method] && options[:uri]
+      end
+    end
+
+    def usage
+      stdout.puts option_parser.help
+      stdout.puts
+      stdout.puts "Available commands:"
+      SUPPORTED_COMMANDS.each do |command, desc|
+        puts "   #{command.ljust(15)}#{desc}"
+      end
+    end
+
+    def valid_command?
+      SUPPORTED_COMMANDS.keys.include?(command)
+    end
+
+    def verbose?
+      options[:verbose]
+    end
+  end
+end

data/lib/oauth/client.rb

@@ -0,0 +1,4 @@
+module OAuth
+  module Client
+  end
+end

data/lib/oauth/client/action_controller_request.rb

@@ -0,0 +1,54 @@
+require 'oauth/client/helper'
+require 'oauth/request_proxy/action_controller_request'
+require 'action_controller/test_process'
+
+module ActionController
+  class Base
+    def process_with_oauth(request, response=nil)
+      request.apply_oauth! if request.respond_to?(:apply_oauth!)
+      process_without_oauth(request, response)
+    end
+
+    alias_method_chain :process, :oauth
+  end
+
+  class TestRequest
+    def self.use_oauth=(bool)
+      @use_oauth = bool
+    end
+
+    def self.use_oauth?
+      @use_oauth
+    end
+
+    def configure_oauth(consumer = nil, token = nil, options = {})
+      @oauth_options = { :consumer  => consumer,
+                         :token     => token,
+                         :scheme    => 'header',
+                         :signature_method => nil,
+                         :nonce     => nil,
+                         :timestamp => nil }.merge(options)
+    end
+
+    def apply_oauth!
+      return unless ActionController::TestRequest.use_oauth? && @oauth_options
+
+      @oauth_helper = OAuth::Client::Helper.new(self, @oauth_options.merge(:request_uri => request_uri))
+      @oauth_helper.amend_user_agent_header(env)
+
+      self.send("set_oauth_#{@oauth_options[:scheme]}")
+    end
+
+    def set_oauth_header
+      env['Authorization'] = @oauth_helper.header
+    end
+
+    def set_oauth_parameters
+      @query_parameters = @oauth_helper.parameters_with_oauth
+      @query_parameters.merge!(:oauth_signature => @oauth_helper.signature)
+    end
+
+    def set_oauth_query_string
+    end
+  end
+end

data/lib/oauth/client/em_http.rb

@@ -0,0 +1,94 @@
+require 'em-http'
+require 'oauth/helper'
+require 'oauth/client/helper'
+require 'oauth/request_proxy/em_http_request'
+
+# Extensions for em-http so that we can use consumer.sign! with an EventMachine::HttpClient
+# instance. This is purely syntactic sugar.
+class EventMachine::HttpClient
+
+  attr_reader :oauth_helper
+
+  # Add the OAuth information to an HTTP request. Depending on the <tt>options[:scheme]</tt> setting
+  # this may add a header, additional query string parameters, or additional POST body parameters.
+  # The default scheme is +header+, in which the OAuth parameters as put into the +Authorization+
+  # header.
+  # 
+  # * http - Configured Net::HTTP instance, ignored in this scenario except for getting host.
+  # * consumer - OAuth::Consumer instance
+  # * token - OAuth::Token instance
+  # * options - Request-specific options (e.g. +request_uri+, +consumer+, +token+, +scheme+,
+  #   +signature_method+, +nonce+, +timestamp+)
+  #
+  # This method also modifies the <tt>User-Agent</tt> header to add the OAuth gem version.
+  #
+  # See Also: {OAuth core spec version 1.0, section 5.4.1}[http://oauth.net/core/1.0#rfc.section.5.4.1]
+  def oauth!(http, consumer = nil, token = nil, options = {})
+    options = { :request_uri      => normalized_oauth_uri(http),
+                :consumer         => consumer,
+                :token            => token,
+                :scheme           => 'header',
+                :signature_method => nil,
+                :nonce            => nil,
+                :timestamp        => nil }.merge(options)
+
+    @oauth_helper = OAuth::Client::Helper.new(self, options)
+    self.__send__(:"set_oauth_#{options[:scheme]}")
+  end
+
+  # Create a string suitable for signing for an HTTP request. This process involves parameter
+  # normalization as specified in the OAuth specification. The exact normalization also depends
+  # on the <tt>options[:scheme]</tt> being used so this must match what will be used for the request
+  # itself. The default scheme is +header+, in which the OAuth parameters as put into the +Authorization+
+  # header.
+  # 
+  # * http - Configured Net::HTTP instance
+  # * consumer - OAuth::Consumer instance
+  # * token - OAuth::Token instance
+  # * options - Request-specific options (e.g. +request_uri+, +consumer+, +token+, +scheme+,
+  #   +signature_method+, +nonce+, +timestamp+)
+  # 
+  # See Also: {OAuth core spec version 1.0, section 9.1.1}[http://oauth.net/core/1.0#rfc.section.9.1.1]
+  def signature_base_string(http, consumer = nil, token = nil, options = {})
+    options = { :request_uri      => normalized_oauth_uri(http),
+                :consumer         => consumer,
+                :token            => token,
+                :scheme           => 'header',
+                :signature_method => nil,
+                :nonce            => nil,
+                :timestamp        => nil }.merge(options)
+
+    OAuth::Client::Helper.new(self, options).signature_base_string
+  end
+
+  protected
+
+  # Since we expect to get the host etc details from the http instance (...),
+  # we create a fake url here. Surely this is a horrible, horrible idea?
+  def normalized_oauth_uri(http)
+    uri = URI.parse(normalize_uri.path)
+    uri.host = http.address
+    uri.port = http.port
+
+    if http.respond_to?(:use_ssl?) && http.use_ssl?
+      uri.scheme = "https"
+    else
+      uri.scheme = "http"
+    end
+    uri.to_s
+  end
+
+  def set_oauth_header
+    headers = (self.options[:head] ||= {})
+    headers['Authorization'] = @oauth_helper.header
+  end
+
+  def set_oauth_body
+    raise NotImplementedError, 'please use the set_oauth_header method instead'
+  end
+
+  def set_oauth_query_string
+    raise NotImplementedError, 'please use the set_oauth_header method instead'
+  end
+  
+end