apigee-oauth 0.4.0

data/.gitignore

@@ -0,0 +1,2 @@
+pkg/*
+_site

data/HISTORY

@@ -0,0 +1,125 @@
+== 0.4.0 2010-04-22
+
+* Added computation of oauth_body_hash as per OAuth Request Body Hash 1.0
+  Draft 4 (Michael Reinsch)
+* Added the optional `oauth_session_handle` parameter for the Yahoo implementation (Will Bailey)
+* Better marshalling implementation (Yoan Blanc)
+* Added optional block to OAuth::Consumer.get_*_token (Neill Pearman)
+* Exclude `oauth_callback` with :exclude_callback (Neill Pearman)
+* Strip extraneous spaces and line breaks from access_token responses
+  (observed in the wild with Yahoo!'s OAuth+OpenID hybrid) (Eric Hartmann)
+* Stop double-escaping PLAINTEXT signatures (Jimmy Zimmerman)
+* OAuth::Client::Helper won't override the specified `oauth_version`
+  (Philip Kromer)
+* Support for Ruby 1.9 (Aaron Quint, Corey Donahoe, et al)
+* Fixed an encoding / multibyte issue (成田 一生)
+* Replaced hoe with Jeweler (Aaron Quint)
+* Support for Typhoeus (Bill Kocik)
+* Support for em-http (EventMachine) (Darcy Laycock)
+* Support for curb (André Luis Leal Cardoso Junior)
+* New website (Aaron Quint)
+
+== 0.3.6 2009-09-14
+
+* Added -B CLI option to use the :body authentication scheme (Seth)
+* Respect `--method` in `authorize` CLI command (Seth)
+* Support POST and PUT with raw bodies (Yu-Shan Fung et al)
+* Test clean-up (Xavier Shay, Hannes Tydén)
+* Added :ca_file consumer option to allow consumer specific certificate
+  override. (Pelle)
+
+== 0.3.5 2009-06-03
+
+* `query` CLI command to access protected resources (Seth)
+* Added -H, -Q CLI options for specifying the authentication scheme (Seth)
+* Added -O CLI option for specifying a file containing options (Seth)
+* Support streamable body contents for large request bodies (Seth Cousins)
+* Support for OAuth 1.0a (Seth)
+* Added proxy support to OAuth::Consumer (Marshall Huss)
+* Added --scope CLI option for Google's 'scope' parameter (Seth)
+
+== 0.3.4 2009-05-06
+
+* OAuth::Client::Helper uses OAuth::VERSION (chadisfaction)
+* Fix OAuth::RequestProxy::ActionControllerRequest's handling of params
+  (Tristan Groléat)
+
+== 0.3.3 2009-05-04
+
+* Corrected OAuth XMPP namespace (Seth)
+* Improved error handling for invalid Authorization headers (Matt Sanford)
+* Fixed signatures for non-ASCII under $KCODE other than 'u' (Matt Sanford)
+* Fixed edge cases in ActionControllerRequestProxy where params were being
+  incorrectly signed (Marcos Wright Kuhns)
+* Support for arguments in OAuth::Consumer#get_access_token (Matt Sanford)
+* Add gem version to user-agent header (Matt Sanford)
+* Handle input from aggressive form encoding libraries (Matt Wood)
+
+== 0.3.2 2009-03-23
+
+* 2xx statuses should be treated as success (Anders Conbere)
+* Support applications using the MethodOverride Rack middleware (László Bácsi)
+* `authorize` command for `oauth` CLI (Seth)
+* Initial support for Problem Reporting extension (Seth)
+* Verify SSL certificates if CA certificates are available (Seth)
+* Fixed ActionController parameter escaping behavior (Thiago Arrais, László
+  Bácsi, Brett Gibson, et al)
+* Fixed signature calculation when both options and a block were provided to
+  OAuth::Signature::Base#initialize (Seth)
+* Added help to the 'oauth' CLI (Seth)
+* Fixed a problem when attempting to normalize MockRequest URIs (Seth)
+
+== 0.3.1 2009-1-26
+
+* Fixed a problem with relative and absolute token request paths. (Michael
+  Wood)
+
+== 0.3.0 2009-1-25
+
+* Support ActionController::Request from Edge Rails (László Bácsi)
+* Correctly handle multi-valued parameters (Seth)
+* Added #normalized_parameters to OAuth::RequestProxy::Base (Pelle)
+* OAuth::Signature.sign and friends now yield the RequestProxy instead of the
+  token when the passed block's arity is 1. (Seth)
+* Token requests are made to the configured URL rather than generating a
+  potentially incorrect one.  (Kellan Elliott-McCrea)
+* Command-line app for generating signatures. (Seth)
+* Improved test-cases and compatibility for encoding issues. (Pelle)
+
+== 0.2.7 2008-9-10 The lets fix the last release release
+
+* Fixed plain text signatures (Andrew Arrow)
+* Fixed RSA requests using OAuthTokens. (Philip Lipu Tsai)
+
+== 0.2.6 2008-9-9 The lets RSA release
+
+* Improved support for Ruby 1.8.7 (Bill Kocik)
+* Fixed RSA verification to support RSA providers
+  now using Ruby and RSA
+* Improved RSA testing
+* Omit token when signing with RSA
+* Added support for 'private_key_file' option for RSA signatures (Chris Mear)
+* Fixed several edge cases where params were being incorrectly signed (Scott
+  Hill)
+* Fixed RSA signing (choonkeat)
+
+== 0.2.2 2008-2-22 Lets actually support SSL release
+
+* Use HTTPS when required.
+
+== 0.2 2008-1-19 All together now release
+
+This is a big release, where we have merged the efforts of various parties into one common library. 
+This means there are definitely some API changes you should be aware of. They should be minimal 
+but please have a look at the unit tests.
+
+== 0.1.2 2007-12-1
+
+* Fixed checks for missing OAuth params to improve performance
+* Includes Pat's fix for getting the realm out.
+
+== 0.1.1 2007-11-26
+
+* First release as a GEM
+* Moved all non-Rails functionality from the Rails plugin:
+  http://code.google.com/p/oauth-plugin/

data/LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2007 Blaine Cook, Larry Halff, Pelle Braendgaard
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.rdoc

@@ -0,0 +1,70 @@
+= Ruby OAuth
+
+== What
+
+This is a RubyGem for implementing both OAuth clients and servers in Ruby applications.
+
+See the OAuth specs http://oauth.net/core/1.0/
+
+== Installing
+
+  sudo gem install oauth
+
+The source code is now hosted on the OAuth GitHub Project http://github.com/oauth/oauth-ruby
+
+== The basics
+
+This is a ruby library which is intended to be used in creating Ruby Consumer and Service Provider applications. It is NOT a Rails plugin, but could easily be used for the foundation for such a Rails plugin.
+
+As a matter of fact it has been pulled out from an OAuth Rails Plugin http://code.google.com/p/oauth-plugin/ which now requires this GEM.
+
+== Demonstration of usage
+
+Create a new consumer instance by passing it a configuration hash:
+
+  @consumer = OAuth::Consumer.new("key","secret", :site => "https://agree2")
+
+Start the process by requesting a token
+
+  @request_token = @consumer.get_request_token
+  session[:request_token] = @request_token
+  redirect_to @request_token.authorize_url
+
+When user returns create an access_token
+
+  @access_token = @request_token.get_access_token
+  @photos = @access_token.get('/photos.xml')
+
+Now that you have an access token, you can use Typhoeus to interact with the OAuth provider if you choose.
+
+  oauth_params = {:consumer => oauth_consumer, :token => access_token}
+  hydra = Typhoeus::Hydra.new
+  req = Typhoeus::Request.new(uri, options) 
+  oauth_helper = OAuth::Client::Helper.new(req, oauth_params.merge(:request_uri => uri))
+  req.headers.merge!({"Authorization" => oauth_helper.header}) # Signs the request
+  hydra.queue(req)
+  hydra.run
+  @response = req.response
+
+
+== More Information
+
+* RDoc: http://rdoc.info/projects/oauth/oauth-ruby/
+* Mailing List/Google Group: http://groups.google.com/group/oauth-ruby
+
+== How to submit patches
+
+The source code is now hosted on the OAuth GitHub Project http://github.com/oauth/oauth-ruby
+
+To submit a patch, please fork the oauth project and create a patch with tests. Once you're happy with it send a pull request and post a message to the google group.
+
+== License
+
+This code is free to use under the terms of the MIT license. 
+
+== Contact
+
+OAuth Ruby has been created and maintained by a large number of talented individuals. 
+The current maintainer is Aaron Quint (quirkey).
+
+Comments are welcome. Send an email to via the OAuth Ruby mailing list http://groups.google.com/group/oauth-ruby

data/Rakefile

@@ -0,0 +1,35 @@
+%w[rubygems rake rake/clean rake/testtask fileutils].each { |f| require f }
+$LOAD_PATH << File.dirname(__FILE__) + '/lib'
+require 'apigee-oauth'
+
+begin
+  require 'jeweler'
+  Jeweler::Tasks.new do |s|
+    s.name = %q{apigee-oauth}
+    s.version = OAuth::VERSION
+    s.authors = ["Pelle Braendgaard", "Blaine Cook", "Larry Halff", "Jesse Clark", "Jon Crosby", "Seth Fitzsimmons", "Matt Sanford", "Aaron Quint"]
+    s.email = "oauth-ruby@googlegroups.com"
+    s.description = "OAuth Core Ruby implementation"
+    s.summary = s.description
+    s.rubyforge_project = %q{apigee-oauth}
+    s.add_development_dependency(%q<actionpack>, [">= 2.2.0", "<2.3.0"])
+    s.add_development_dependency(%q<rack>, [">= 1.0.0"])
+    s.add_development_dependency(%q<mocha>, [">= 0.9.8"])
+    s.add_development_dependency(%q<typhoeus>, [">= 0.1.13"])
+    s.add_development_dependency(%q<em-http-request>)
+    s.add_development_dependency(%q<curb>, [">= 0.6.6.0"])
+  end
+  Jeweler::GemcutterTasks.new
+rescue LoadError
+  puts "Jeweler (or a dependency) not available. Install it with: sudo gem install jeweler"
+end
+
+Rake::TestTask.new do |t|
+  t.libs << "test"
+  t.test_files = FileList['test/*test*.rb']
+  t.verbose = true
+end
+
+Dir['tasks/**/*.rake'].each { |t| load t }
+
+task :default => :test

data/TODO

@@ -0,0 +1,32 @@
+Common use-cases should be streamlined:
+
+* I have a URL that I want to sign (given consumer key/secret, optional
+  token/secret, optional nonce/timestamp).
+* I have a URL that I want to sign AND I want to see what the components
+  (e.g. signature base string, etc.) are while it's being signed (i.e. verbose
+  signing).
+* I have a URL that I want to sign and I only want the signature.
+* I have a URL that I want to sign and I want something suitable to put in
+  {the header, the querystring, XMPP}.
+* I want to make a query to an OAuth-enabled web service (with sensible
+  errors, if available).
+* I want to host an OAuth-enabled web service.
+* I want to test my OAuth-enabled web service (i.e. test helpers)
+
+Example applications for:
+* Ning
+* Fire Eagle
+* Google (blogger, contacts)
+* Twitter
+* YOS / YQL
+* Netflix
+
+In addition to providing best practices of use, these can also be part of
+the pre-release checks to make sure that there have been no regressions.
+
+Random TODOs:
+* finish CLI
+* sensible Exception hierarchy
+* Tokens as Modules
+* don't tie to Net::HTTP
+* Take a look at Curb HTTP Verbs

data/bin/oauth

@@ -0,0 +1,5 @@
+#!/usr/bin/env ruby
+
+require "oauth/cli"
+
+OAuth::CLI.execute(STDOUT, STDIN, STDERR, ARGV)

data/examples/yql.rb

@@ -0,0 +1,44 @@
+#!/usr/bin/env ruby -rubygems
+
+# Sample queries:
+#  ./yql.rb --consumer-key <key> --consumer-secret <secret> "show tables"
+#  ./yql.rb --consumer-key <key> --consumer-secret <secret> "select * from flickr.photos.search where text='Cat' limit 10"
+
+require 'oauth'
+require 'optparse'
+require 'json'
+require 'pp'
+
+options = {}
+
+option_parser = OptionParser.new do |opts|
+  opts.banner = "Usage: #{$0} [options] <query>"
+
+  opts.on("--consumer-key KEY", "Specifies the consumer key to use.") do |v|
+    options[:consumer_key] = v
+  end
+
+  opts.on("--consumer-secret SECRET", "Specifies the consumer secret to use.") do |v|
+    options[:consumer_secret] = v
+  end
+end
+
+option_parser.parse!
+query = ARGV.pop
+query = STDIN.read if query == "-"
+
+if options[:consumer_key].nil? || options[:consumer_secret].nil? || query.nil?
+  puts option_parser.help
+  exit 1
+end
+
+consumer = OAuth::Consumer.new \
+  options[:consumer_key],
+  options[:consumer_secret],
+  :site => "http://query.yahooapis.com"
+
+access_token = OAuth::AccessToken.new(consumer)
+
+response = access_token.request(:get, "/v1/yql?q=#{OAuth::Helper.escape(query)}&format=json")
+rsp = JSON.parse(response.body)
+pp rsp

data/lib/apigee-oauth.rb

@@ -0,0 +1,12 @@
+$LOAD_PATH << File.dirname(__FILE__) unless $LOAD_PATH.include?(File.dirname(__FILE__))
+
+module OAuth
+  VERSION = "0.4.0"
+end
+
+require 'oauth/oauth'
+require 'oauth/core_ext'
+
+require 'oauth/client/helper'
+require 'oauth/signature/hmac/sha1'
+require 'oauth/request_proxy/mock_request'

data/lib/digest/hmac.rb

@@ -0,0 +1,104 @@
+# = digest/hmac.rb
+#
+# An implementation of HMAC keyed-hashing algorithm
+#
+# == Overview 
+# 
+# This library adds a method named hmac() to Digest classes, which
+# creates a Digest class for calculating HMAC digests.
+#
+# == Examples
+#
+#   require 'digest/hmac'
+#
+#   # one-liner example
+#   puts Digest::HMAC.hexdigest("data", "hash key", Digest::SHA1)
+#
+#   # rather longer one
+#   hmac = Digest::HMAC.new("foo", Digest::RMD160)
+#
+#   buf = ""
+#   while stream.read(16384, buf)
+#     hmac.update(buf)
+#   end
+#
+#   puts hmac.bubblebabble
+#
+# == License
+#
+# Copyright (c) 2006 Akinori MUSHA <knu@iDaemons.org>
+#
+# Documentation by Akinori MUSHA
+#
+# All rights reserved.  You can redistribute and/or modify it under
+# the same terms as Ruby.
+#
+#   $Id: hmac.rb 14881 2008-01-04 07:26:14Z akr $
+#
+
+require 'digest'
+
+unless defined?(Digest::HMAC)
+  module Digest
+    class HMAC < Digest::Class
+      def initialize(key, digester)
+        @md = digester.new
+
+        block_len = @md.block_length
+
+        if key.bytesize > block_len
+          key = @md.digest(key)
+        end
+
+        ipad = Array.new(block_len).fill(0x36)
+        opad = Array.new(block_len).fill(0x5c)
+
+        key.bytes.each_with_index { |c, i|
+          ipad[i] ^= c
+          opad[i] ^= c
+        }
+
+        @key = key.freeze
+        @ipad = ipad.inject('') { |s, c| s << c.chr }.freeze
+        @opad = opad.inject('') { |s, c| s << c.chr }.freeze
+        @md.update(@ipad)
+      end
+
+      def initialize_copy(other)
+        @md = other.instance_eval { @md.clone }
+      end
+
+      def update(text)
+        @md.update(text)
+        self
+      end
+      alias << update
+
+      def reset
+        @md.reset
+        @md.update(@ipad)
+        self
+      end
+
+      def finish
+        d = @md.digest!
+        @md.update(@opad)
+        @md.update(d)
+        @md.digest!
+      end
+      private :finish
+
+      def digest_length
+        @md.digest_length
+      end
+
+      def block_length
+        @md.block_length
+      end
+
+      def inspect
+        sprintf('#<%s: key=%s, digest=%s>', self.class.name, @key.inspect, @md.inspect.sub(/^\#<(.*)>$/) { $1 });
+      end
+    end
+  end
+end