cerner-oauth1a 2.0.0.rc1 → 2.0.0.rc2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 93df035b09b74b1936a6b14305ffa17f80f079deeacd2af9ec1d3f9e8797cd35
-  data.tar.gz: b5b00bf3cae57f9948c117c77aa0a6a0723f8af81d085323788f24508af05309
+  metadata.gz: 64818192ce3e55c68d1dbf2a5cc77bf12225e5b5c80cbc3e121b5212f8e5adaa
+  data.tar.gz: dfff2b1c96e60e9b55dbe5ddd024fb80bfbfe6e30613a88bf564cacfe38f1589
 SHA512:
-  metadata.gz: 00b0f14065ff87925fb372f92b9365fdaaf00e26b737673b68bd2df4ace4cdb50e33ec5a26a32a695f8c9f5871280b9106f9c9edae5045182e9287cf7ad87f06
-  data.tar.gz: 46ce88a5cf635524e619f447c8a95f99d5c240b40213c74839c7c2d1fc261ec5e7f0b02485eee0ddb98525f744a46f09f52cca8c3686919a08a79f360dbfd2e7
+  metadata.gz: 2482f15305e156725b2989609ec9b4c01d1b0535e1641215f34a769495f453043c2d376f405150ff31bc6fa1e94fe7d64f71ae65a8c619d9b06857b130ac01e7
+  data.tar.gz: 9d5368c0f9662259fcd46ef8a3e53491406efc44a63580461be8b527f35df8578a6f23a7ef15b01ce08170581bccc0daee7d67524dda0f81aa58f9dec02a14bd

data/README.md

@@ -3,7 +3,6 @@
 [![Build Status](https://api.travis-ci.org/cerner/cerner-oauth1a.svg)](https://travis-ci.org/cerner/cerner-oauth1a)
 [![Gem Version](http://img.shields.io/gem/v/cerner-oauth1a.svg)](https://rubygems.org/gems/cerner-oauth1a)
 [![Code Climate](http://img.shields.io/codeclimate/github/cerner/cerner-oauth1a.svg)](https://codeclimate.com/github/cerner/cerner-oauth1a)
-[![Dependencies Status](http://img.shields.io/gemnasium/cerner/cerner-oauth1a.svg)](https://gemnasium.com/cerner/cerner-oauth1a)
 
 A minimal dependency library for interacting with a Cerner OAuth 1.0a Access Token Service for
 invoking Cerner OAuth 1.0a protected services or implementing Cerner OAuth 1.0a authentication.
@@ -76,7 +75,7 @@ implement that:
 
     # Optionally, extract additional parameters sent with the token, such as Consumer.Principal
     # (xoauth_principal)
-    consumer_principal = results[:"Consumer.Principal"]
+    consumer_principal = access_token.consumer_principal
 
 ## References
 * https://wiki.ucern.com/display/public/reference/Cerner%27s+OAuth+Specification

data/lib/cerner/oauth1a/access_token.rb

@@ -26,17 +26,17 @@ module Cerner
 
         missing_params = []
         consumer_key = params[:oauth_consumer_key]
-        missing_params << :oauth_consumer_key unless consumer_key&.empty?
+        missing_params << :oauth_consumer_key if consumer_key.nil? || consumer_key.empty?
         nonce = params[:oauth_nonce]
-        missing_params << :oauth_nonce unless nonce&.empty?
+        missing_params << :oauth_nonce if nonce.nil? || nonce.empty?
         timestamp = params[:oauth_timestamp]
-        missing_params << :oauth_timestamp unless timestamp&.empty?
+        missing_params << :oauth_timestamp if timestamp.nil? || timestamp.empty?
         token = params[:oauth_token]
-        missing_params << :oauth_token unless token&.empty?
+        missing_params << :oauth_token if token.nil? || token.empty?
         signature_method = params[:oauth_signature_method]
-        missing_params << :oauth_signature_method unless signature_method&.empty?
+        missing_params << :oauth_signature_method if signature_method.nil? || signature_method.empty?
         signature = params[:oauth_signature]
-        missing_params << :oauth_signature unless signature&.empty?
+        missing_params << :oauth_signature if signature.nil? || signature.empty?
 
         raise OAuthError.new('', nil, 'parameter_absent', missing_params) unless missing_params.empty?
 
@@ -50,24 +50,28 @@ module Cerner
         )
       end
 
-      # Returns the String Accessor Secret related to this token.
+      # Returns a String, but may be nil, with the Accessor Secret related to this token.
       attr_reader :accessor_secret
-      # Returns the String Consumer Key (oauth_consumer_key) related to this token.
+      # Returns a String with the Consumer Key (oauth_consumer_key) related to this token.
       attr_reader :consumer_key
-      # Returns the Time this token expires at.
+      # Returns a Time, but may be nil, which represents the moment when this token expires.
       attr_reader :expires_at
-      # Returns the String nonce (oauth_nonce) related to this token.
+      # Returns a String with the Nonce (oauth_nonce) related to this token.
       attr_reader :nonce
-      # Returns the Time this token was created (oauth_timestamp).
+      # Returns a Time, which represents the moment when this token was created (oauth_timestamp).
       attr_reader :timestamp
-      # Returns the String Token (oauth_token).
+      # Returns a String with the Token (oauth_token).
       attr_reader :token
-      # Returns the String Token Secret related to this token.
+      # Returns a String, but may be nil, with the Token Secret related to this token.
       attr_reader :token_secret
-      # Returns the String Signature Method (oauth_signature_method) related to this token.
+      # Returns a String with the Signature Method (oauth_signature_method) related to this token.
       attr_reader :signature_method
-      # Returns the String Signature (oauth_signature) related to this token.
+      # Returns a String, but may be nil, with the Signature (oauth_signature) related to this token.
       attr_reader :signature
+      # Returns a String with the Consumer Principal (Consumer.Principal param encoded within oauth_token).
+      # This value is only populated after a successful #authenticate and only if the #token (oauth_token)
+      # contains a 'Consumer.Principal' parameter.
+      attr_reader :consumer_principal
 
       # Public: Constructs an instance.
       #
@@ -108,6 +112,7 @@ module Cerner
         @accessor_secret = accessor_secret || nil
         @authorization_header = nil
         @consumer_key = consumer_key
+        @consumer_principal = nil
         @expires_at = expires_at ? convert_to_time(expires_at) : nil
         @nonce = nonce
         @signature = signature
@@ -159,7 +164,8 @@ module Cerner
       #                      appropriate credentials to retrieve secrets via
       #                      Cerner::OAuth1a::AccessTokenAgent#retrieve_keys.
       #
-      # Returns a Hash (symbolized keys) of any extra parameters in #token if authentication succeeds.
+      # Returns a Hash (symbolized keys) of any extra parameters within #token (oauth_token),
+      # if authentication succeeds. In most scenarios, the Hash will be empty.
       #
       # Raises ArgumentError if access_token_agent is nil
       # Raises Cerner::OAuth1a::OAuthError with an oauth_problem if authentication fails.
@@ -186,6 +192,8 @@ module Cerner
 
         verify_signature(keys, tuples.delete(:HMACSecrets))
 
+        @consumer_principal = tuples.delete(:"Consumer.Principal")
+
         tuples
       end
 
@@ -272,15 +280,19 @@ module Cerner
       #
       # Raises OAuthError if the parameter is invalid or expired
       def verify_expiration(expires_on)
-        raise OAuthError.new('token missing ExpiresOn', nil, 'oauth_parameters_rejected') unless expires_on
+        raise OAuthError.new('token missing ExpiresOn', nil, 'oauth_parameters_rejected', 'oauth_token') unless expires_on
         expires_on = convert_to_time(expires_on)
         now = convert_to_time(Time.now)
         raise OAuthError.new('token has expired', nil, 'token_expired') if now.tv_sec >= expires_on.tv_sec
       end
 
       def load_keys(access_token_agent, keys_version)
-        raise OAuthError.new('token missing KeysVersion', nil, 'oauth_parameters_rejected') unless keys_version
-        access_token_agent.retrieve_keys(keys_version)
+        raise OAuthError.new('token missing KeysVersion', nil, 'oauth_parameters_rejected', 'oauth_token') unless keys_version
+        begin
+          access_token_agent.retrieve_keys(keys_version)
+        rescue OAuthError
+          raise OAuthError.new('token references invalid keys version', nil, 'oauth_parameters_rejected', 'oauth_token')
+        end
       end
 
       # Internal: Used by #authenticate to verify the oauth_token value.
@@ -290,7 +302,7 @@ module Cerner
       # Raises OAuthError if the parameter is not authentic
       def verify_token(keys)
         unless keys.verify_rsasha1_signature(@token)
-          raise OAuthError.new('token is not authentic', nil, 'oauth_parameters_rejected')
+          raise OAuthError.new('token is not authentic', nil, 'oauth_parameters_rejected', 'oauth_token')
         end
       end
 
@@ -302,13 +314,13 @@ module Cerner
       # Raises OAuthError if there is no signature, the parameter is invalid or the signature does
       # not match the secrets
       def verify_signature(keys, hmac_secrets)
-        raise OAuthError.new('missing signature', nil, 'oauth_parameters_absent') unless @signature
-        raise OAuthError.new('missing HMACSecrets', nil, 'oauth_parameters_rejected') unless hmac_secrets
+        raise OAuthError.new('missing signature', nil, 'oauth_parameters_absent', 'oauth_signature') unless @signature
+        raise OAuthError.new('missing HMACSecrets', nil, 'oauth_parameters_rejected', 'oauth_token') unless hmac_secrets
 
         begin
           secrets = keys.decrypt_hmac_secrets(hmac_secrets)
         rescue ArgumentError, OpenSSL::PKey::RSAError => e
-          raise OAuthError.new("unable to decrypt HMACSecrets: #{e.message}", nil, 'oauth_parameters_rejected')
+          raise OAuthError.new("unable to decrypt HMACSecrets: #{e.message}", nil, 'oauth_parameters_rejected', 'oauth_token')
         end
 
         secrets_parts = Protocol.parse_url_query_string(secrets)

data/lib/cerner/oauth1a/access_token_agent.rb

@@ -14,7 +14,7 @@ require 'uri'
 
 module Cerner
   module OAuth1a
-    # Public: A user agent for interacting with the Cerner OAuth 1.0a Access Token service to acquire
+    # Public: A user agent (client) for interacting with the Cerner OAuth 1.0a Access Token service to acquire
     # consumer Access Tokens or service provider Keys.
     class AccessTokenAgent
       MIME_WWW_FORM_URL_ENCODED = 'application/x-www-form-urlencoded'
@@ -28,7 +28,9 @@ module Cerner
 
       # Public: Constructs an instance of the agent.
       #
-      # Caching - By default, AccessToken and Keys instances are maintained in a small, constrained
+      # _Caching_
+      #
+      # By default, AccessToken and Keys instances are maintained in a small, constrained
       # memory cache used by #retrieve and #retrieve_keys, respectively.
       #
       # The AccessToken cache keeps a maximum of 5 entries and prunes them when they expire. As the
@@ -253,7 +255,7 @@ module Cerner
 
       # Internal: Prepare a request for #retrieve_keys
       def retrieve_keys_prepare_request(keys_version)
-        request = Net::HTTP::Get.new("#{@access_token_url}/keys/#{keys_version}")
+        request = Net::HTTP::Get.new(URI("#{@access_token_url}/keys/#{keys_version}"))
         request['Accept'] = 'application/json'
         request['User-Agent'] = user_agent_string
         request['Authorization'] = retrieve.authorization_header

data/lib/cerner/oauth1a/version.rb

@@ -2,6 +2,6 @@
 
 module Cerner
   module OAuth1a
-    VERSION = '2.0.0.rc1'
+    VERSION = '2.0.0.rc2'
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cerner-oauth1a
 version: !ruby/object:Gem::Version
-  version: 2.0.0.rc1
+  version: 2.0.0.rc2
 platform: ruby
 authors:
 - Nathan Beyer
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-04-20 00:00:00.000000000 Z
+date: 2018-08-30 00:00:00.000000000 Z
 dependencies: []
 description: |
   A minimal dependency library for interacting with a Cerner OAuth 1.0a Access