cerner-oauth1a 1.0.1 → 2.0.0.rc1

data/lib/cerner/oauth1a/oauth_error.rb

@@ -1,25 +1,91 @@
+# frozen_string_literal: true
+
+require 'cerner/oauth1a/protocol'
+require 'uri'
+
 module Cerner
   module OAuth1a
     # Public: An OAuth-specific error.
     class OAuthError < StandardError
-      # Returns the HTTP Response Code, if any, associated with this error.
+      # Returns the HTTP Response Code, if any, associated with this error. May be nil.
       attr_reader :http_response_code
-      # Returns the OAuth Problem string, if any, associated with this error.
+
+      # Returns the OAuth Problem string, if any, associated with this error. May be nil.
       # See http://oauth.pbwiki.com/ProblemReporting for more information.
       attr_reader :oauth_problem
 
+      # Returns an Array of OAuth parameter names, if any, related to #oauth_problem.
+      # May be nil.
+      attr_reader :oauth_parameters
+
       # Public: Construct an instance with a message, optional HTTP response code
       # and optional OAuth Problem string.
       #
       # message            - A descriptive message, passed to the super class.
       # http_response_code - The HTTP response code associated with the error. Optional.
       # oauth_problem      - The OAuth Problem string associated with the error. Optional.
-      def initialize(message, http_response_code=nil, oauth_problem=nil)
+      # oauth_parameters   - A String/Symbol or Array of Strings/Symbols containing the names of parameters that
+      #                      are absent or rejected. This is should only be used when oauth_problem
+      #                      is 'parameter_absent' or 'parameter_rejected' Optional.
+      def initialize(
+        message,
+        http_response_code = nil,
+        oauth_problem = nil,
+        oauth_parameters = nil
+      )
         @http_response_code = http_response_code
         @oauth_problem = oauth_problem
-        message += " HTTP #{@http_response_code}" if @http_response_code
-        message += " OAuth Problem #{@oauth_problem}" if @oauth_problem
-        super message
+        @oauth_parameters = oauth_parameters ? Array(oauth_parameters) : nil
+
+        parts = []
+        parts << message if message
+        parts << "HTTP #{@http_response_code}" if @http_response_code
+        parts << "OAuth Problem #{@oauth_problem}" if @oauth_problem
+        parts << "OAuth Parameters [#{@oauth_parameters.join(', ')}]" if @oauth_parameters
+        super(parts.empty? ? nil : parts.join(' '))
+      end
+
+      # Public: Generates an HTTP WWW-Authenticate header value based from the
+      # data in this OAuthError.
+      #
+      # Returns the generated value or nil if there is no #oauth_problem and #oauth_parameters.
+      def to_http_www_authenticate_header
+        params = {}
+        params[:oauth_problem] = @oauth_problem if @oauth_problem
+
+        if @oauth_problem && @oauth_parameters
+          case @oauth_problem
+          when 'parameter_absent'
+            params[:oauth_parameters_absent] = format_parameters(@oauth_parameters)
+          when 'parameter_rejected'
+            params[:oauth_parameters_rejected] = format_parameters(@oauth_parameters)
+          end
+        end
+
+        Protocol.generate_www_authenticate_header(params)
+      end
+
+      # Public: Provides an HTTP Status Symbol based on the #oauth_problem using
+      # Protocol.convert_problem_to_http_status.
+      #
+      # default - The Symbol to return if #oauth_problem contains an unknown value.
+      #           Defaults to :unauthorized.
+      #
+      # Returns :unauthorized, :bad_request or the value passed in default parameter.
+      def to_http_status(default = :unauthorized)
+        Protocol.convert_problem_to_http_status(@oauth_problem, default)
+      end
+
+      private
+
+      # Internal: Formats a list of parameter names according to the OAuth
+      # Problem extension.
+      #
+      # params - An Array of Strings.
+      #
+      # Returns a formatted String.
+      def format_parameters(params)
+        params.map { |p| URI.encode_www_form_component(p).gsub('+', '%20') }.join('&')
       end
     end
   end

data/lib/cerner/oauth1a/protocol.rb

@@ -0,0 +1,132 @@
+# frozen_string_literal: true
+
+require 'uri'
+
+module Cerner
+  module OAuth1a
+    # Public: OAuth 1.0a protocol utilities.
+    module Protocol
+      # Public: Parses a URL-encoded query string into a Hash with symbolized keys.
+      #
+      # query - String containing a URL-encoded query string to parse.
+      #
+      # Returns a Hash with symbolized keys matching the query parameter names.
+      #
+      # Raises ArgumentError if query is nil.
+      def self.parse_url_query_string(query)
+        raise ArgumentError, 'query is nil' unless query
+
+        Hash[URI.decode_www_form(query).map { |pair| [pair[0].to_sym, pair[1]] }]
+      end
+
+      # Public: Parses an OAuth HTTP Authorization scheme value, which can manifest
+      # in either an HTTP Authorization or WWW-Authenticate header.
+      #
+      # Reference: https://oauth.net/core/1.0a/#auth_header
+      #
+      # value - String containing the value to parse. If nil or doesn't begin with
+      #         'OAuth ', then an empty Hash will be returned.
+      #
+      # Examples
+      #
+      #   header = 'OAuth oauth_version="1.0", oauth_token="XYZ"'
+      #   Cerner::OAuth1a::Protocol.parse_authorization_header(header)
+      #   # => {:oauth_version=>"1.0", :oauth_token=>"XYZ"}
+      #
+      #   header = 'OAuth realm="https://test.host", oauth_problem="token_expired"'
+      #   Cerner::OAuth1a::Protocol.parse_www_authenticate_header(header)
+      #   # => {:realm=>"https://test.host", :oauth_problem=>"token_expired"}
+      #
+      # Returns a Hash with symbolized keys of all of the parameters.
+      def self.parse_authorization_header(value)
+        params = {}
+        return params unless value
+
+        value = value.strip
+        return params unless value.size > 6 && value[0..5].casecmp?('OAuth ')
+
+        value.scan(/([^,\s=]*)=\"([^\"]*)\"/).each do |pair|
+          k = URI.decode_www_form_component(pair[0])
+          v = URI.decode_www_form_component(pair[1])
+          params[k.to_sym] = v
+        end
+
+        params
+      end
+
+      # Public: Generates an OAuth HTTP Authorization scheme value, which can be
+      # in either an HTTP Authorization or WWW-Authenticate header.
+      #
+      # Reference: https://oauth.net/core/1.0a/#auth_header
+      #
+      # params - Hash containing the key-value pairs to build the value with.
+      #
+      # Examples
+      #
+      #   params = { oauth_version: '1.0', oauth_token: 'XYZ' }
+      #   Cerner::OAuth1a::Protocol.generate_authorization_header(params)
+      #   # => "OAuth oauth_version=\"1.0\",oauth_token=\"XYZ\""
+      #
+      #   params = { realm: 'https://test.host', oauth_problem: 'token_expired' }
+      #   Cerner::OAuth1a::Protocol.generate_www_authenticate_header(params)
+      #   # => "OAuth realm=\"https%3A%2F%2Ftest.host\",oauth_problem=\"token_expired\""
+      #
+      # Returns the String containing the generated value or nil if params is nil or empty.
+      def self.generate_authorization_header(params)
+        return nil unless params && !params.empty?
+
+        encoded_params = params.map do |k, v|
+          k = URI.encode_www_form_component(k).gsub('+', '%20')
+          v = URI.encode_www_form_component(v).gsub('+', '%20')
+          "#{k}=\"#{v}\""
+        end
+
+        'OAuth ' + encoded_params.join(',')
+      end
+
+      # Alias the parse and generate methods
+      class << self
+        # Public: Alias for Protocol.parse_authorization_header
+        alias parse_www_authenticate_header parse_authorization_header
+
+        # Public: Alias for Protocol.generate_www_authenticate_header
+        alias generate_www_authenticate_header generate_authorization_header
+      end
+
+      # Public: The oauth_problem values that are mapped to HTTP 400 Bad Request.
+      # The values come from http://wiki.oauth.net/w/page/12238543/ProblemReporting
+      # and are mapped based on https://oauth.net/core/1.0/#rfc.section.10.
+      BAD_REQUEST_PROBLEMS = %w[
+        additional_authorization_required parameter_absent parameter_rejected
+        signature_method_rejected timestamp_refused verifier_invalid
+        version_rejected
+      ].freeze
+
+      # Public: The oauth_problem values that are mapped to HTTP 401 Unauthorized.
+      # The values come from http://wiki.oauth.net/w/page/12238543/ProblemReporting
+      # and are mapped based on https://oauth.net/core/1.0/#rfc.section.10.
+      UNAUTHORIZED_PROBLEMS = %w[
+        consumer_key_refused consumer_key_rejected consumer_key_unknown
+        nonce_used permission_denied permission_unknown signature_invalid
+        token_expired token_rejected token_revoked token_used user_refused
+      ].freeze
+
+      # Public: Converts a oauth_problem value to an HTTP Status using the
+      # mappings in ::BAD_REQUEST_PROBLEMS and ::UNAUTHORIZED_PROBLEMS.
+      #
+      # problem - A String containing the oauth_problem value.
+      # default - An optional Symbol containing the value to return if an
+      #           unknown problem value is passed. Defaults to :unauthorized.
+      #
+      # Returns :unauthorized, :bad_request or the value passed in the default
+      #   parameter.
+      def self.convert_problem_to_http_status(problem, default = :unauthorized)
+        return default unless problem
+        problem = problem.to_s
+        return :unauthorized if UNAUTHORIZED_PROBLEMS.include?(problem)
+        return :bad_request if BAD_REQUEST_PROBLEMS.include?(problem)
+        default
+      end
+    end
+  end
+end

data/lib/cerner/oauth1a/version.rb

@@ -1,5 +1,7 @@
+# frozen_string_literal: true
+
 module Cerner
   module OAuth1a
-    VERSION = '1.0.1'
+    VERSION = '2.0.0.rc1'
   end
 end

metadata

@@ -1,17 +1,19 @@
 --- !ruby/object:Gem::Specification
 name: cerner-oauth1a
 version: !ruby/object:Gem::Version
-  version: 1.0.1
+  version: 2.0.0.rc1
 platform: ruby
 authors:
 - Nathan Beyer
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-01-05 00:00:00.000000000 Z
+date: 2018-04-20 00:00:00.000000000 Z
 dependencies: []
-description: A minimal dependency client library for two-legged OAuth 1.0a service
-  providers, such as Cerner's OAuth 1.0a provider.
+description: |
+  A minimal dependency library for interacting with a Cerner OAuth 1.0a Access
+  Token Service for invoking Cerner OAuth 1.0a protected services or implementing
+  Cerner OAuth 1.0a authentication.
 email:
 - nbeyer@gmail.com
 executables: []
@@ -26,7 +28,10 @@ files:
 - lib/cerner/oauth1a.rb
 - lib/cerner/oauth1a/access_token.rb
 - lib/cerner/oauth1a/access_token_agent.rb
+- lib/cerner/oauth1a/cache.rb
+- lib/cerner/oauth1a/keys.rb
 - lib/cerner/oauth1a/oauth_error.rb
+- lib/cerner/oauth1a/protocol.rb
 - lib/cerner/oauth1a/version.rb
 homepage: http://github.com/cerner/cerner-oauth1a
 licenses:
@@ -40,16 +45,16 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '2.2'
+      version: '2.4'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - ">"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.6.8
+rubygems_version: 2.7.6
 signing_key: 
 specification_version: 4
-summary: B2B/two-legged OAuth 1.0a service client.
+summary: Cerner OAuth 1.0a Consumer and Service Provider Library.
 test_files: []