cerner-oauth1a 2.0.0.rc1 → 2.0.0.rc2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 93df035b09b74b1936a6b14305ffa17f80f079deeacd2af9ec1d3f9e8797cd35
4
- data.tar.gz: b5b00bf3cae57f9948c117c77aa0a6a0723f8af81d085323788f24508af05309
3
+ metadata.gz: 64818192ce3e55c68d1dbf2a5cc77bf12225e5b5c80cbc3e121b5212f8e5adaa
4
+ data.tar.gz: dfff2b1c96e60e9b55dbe5ddd024fb80bfbfe6e30613a88bf564cacfe38f1589
5
5
  SHA512:
6
- metadata.gz: 00b0f14065ff87925fb372f92b9365fdaaf00e26b737673b68bd2df4ace4cdb50e33ec5a26a32a695f8c9f5871280b9106f9c9edae5045182e9287cf7ad87f06
7
- data.tar.gz: 46ce88a5cf635524e619f447c8a95f99d5c240b40213c74839c7c2d1fc261ec5e7f0b02485eee0ddb98525f744a46f09f52cca8c3686919a08a79f360dbfd2e7
6
+ metadata.gz: 2482f15305e156725b2989609ec9b4c01d1b0535e1641215f34a769495f453043c2d376f405150ff31bc6fa1e94fe7d64f71ae65a8c619d9b06857b130ac01e7
7
+ data.tar.gz: 9d5368c0f9662259fcd46ef8a3e53491406efc44a63580461be8b527f35df8578a6f23a7ef15b01ce08170581bccc0daee7d67524dda0f81aa58f9dec02a14bd
data/README.md CHANGED
@@ -3,7 +3,6 @@
3
3
  [![Build Status](https://api.travis-ci.org/cerner/cerner-oauth1a.svg)](https://travis-ci.org/cerner/cerner-oauth1a)
4
4
  [![Gem Version](http://img.shields.io/gem/v/cerner-oauth1a.svg)](https://rubygems.org/gems/cerner-oauth1a)
5
5
  [![Code Climate](http://img.shields.io/codeclimate/github/cerner/cerner-oauth1a.svg)](https://codeclimate.com/github/cerner/cerner-oauth1a)
6
- [![Dependencies Status](http://img.shields.io/gemnasium/cerner/cerner-oauth1a.svg)](https://gemnasium.com/cerner/cerner-oauth1a)
7
6
 
8
7
  A minimal dependency library for interacting with a Cerner OAuth 1.0a Access Token Service for
9
8
  invoking Cerner OAuth 1.0a protected services or implementing Cerner OAuth 1.0a authentication.
@@ -76,7 +75,7 @@ implement that:
76
75
 
77
76
  # Optionally, extract additional parameters sent with the token, such as Consumer.Principal
78
77
  # (xoauth_principal)
79
- consumer_principal = results[:"Consumer.Principal"]
78
+ consumer_principal = access_token.consumer_principal
80
79
 
81
80
  ## References
82
81
  * https://wiki.ucern.com/display/public/reference/Cerner%27s+OAuth+Specification
@@ -26,17 +26,17 @@ module Cerner
26
26
 
27
27
  missing_params = []
28
28
  consumer_key = params[:oauth_consumer_key]
29
- missing_params << :oauth_consumer_key unless consumer_key&.empty?
29
+ missing_params << :oauth_consumer_key if consumer_key.nil? || consumer_key.empty?
30
30
  nonce = params[:oauth_nonce]
31
- missing_params << :oauth_nonce unless nonce&.empty?
31
+ missing_params << :oauth_nonce if nonce.nil? || nonce.empty?
32
32
  timestamp = params[:oauth_timestamp]
33
- missing_params << :oauth_timestamp unless timestamp&.empty?
33
+ missing_params << :oauth_timestamp if timestamp.nil? || timestamp.empty?
34
34
  token = params[:oauth_token]
35
- missing_params << :oauth_token unless token&.empty?
35
+ missing_params << :oauth_token if token.nil? || token.empty?
36
36
  signature_method = params[:oauth_signature_method]
37
- missing_params << :oauth_signature_method unless signature_method&.empty?
37
+ missing_params << :oauth_signature_method if signature_method.nil? || signature_method.empty?
38
38
  signature = params[:oauth_signature]
39
- missing_params << :oauth_signature unless signature&.empty?
39
+ missing_params << :oauth_signature if signature.nil? || signature.empty?
40
40
 
41
41
  raise OAuthError.new('', nil, 'parameter_absent', missing_params) unless missing_params.empty?
42
42
 
@@ -50,24 +50,28 @@ module Cerner
50
50
  )
51
51
  end
52
52
 
53
- # Returns the String Accessor Secret related to this token.
53
+ # Returns a String, but may be nil, with the Accessor Secret related to this token.
54
54
  attr_reader :accessor_secret
55
- # Returns the String Consumer Key (oauth_consumer_key) related to this token.
55
+ # Returns a String with the Consumer Key (oauth_consumer_key) related to this token.
56
56
  attr_reader :consumer_key
57
- # Returns the Time this token expires at.
57
+ # Returns a Time, but may be nil, which represents the moment when this token expires.
58
58
  attr_reader :expires_at
59
- # Returns the String nonce (oauth_nonce) related to this token.
59
+ # Returns a String with the Nonce (oauth_nonce) related to this token.
60
60
  attr_reader :nonce
61
- # Returns the Time this token was created (oauth_timestamp).
61
+ # Returns a Time, which represents the moment when this token was created (oauth_timestamp).
62
62
  attr_reader :timestamp
63
- # Returns the String Token (oauth_token).
63
+ # Returns a String with the Token (oauth_token).
64
64
  attr_reader :token
65
- # Returns the String Token Secret related to this token.
65
+ # Returns a String, but may be nil, with the Token Secret related to this token.
66
66
  attr_reader :token_secret
67
- # Returns the String Signature Method (oauth_signature_method) related to this token.
67
+ # Returns a String with the Signature Method (oauth_signature_method) related to this token.
68
68
  attr_reader :signature_method
69
- # Returns the String Signature (oauth_signature) related to this token.
69
+ # Returns a String, but may be nil, with the Signature (oauth_signature) related to this token.
70
70
  attr_reader :signature
71
+ # Returns a String with the Consumer Principal (Consumer.Principal param encoded within oauth_token).
72
+ # This value is only populated after a successful #authenticate and only if the #token (oauth_token)
73
+ # contains a 'Consumer.Principal' parameter.
74
+ attr_reader :consumer_principal
71
75
 
72
76
  # Public: Constructs an instance.
73
77
  #
@@ -108,6 +112,7 @@ module Cerner
108
112
  @accessor_secret = accessor_secret || nil
109
113
  @authorization_header = nil
110
114
  @consumer_key = consumer_key
115
+ @consumer_principal = nil
111
116
  @expires_at = expires_at ? convert_to_time(expires_at) : nil
112
117
  @nonce = nonce
113
118
  @signature = signature
@@ -159,7 +164,8 @@ module Cerner
159
164
  # appropriate credentials to retrieve secrets via
160
165
  # Cerner::OAuth1a::AccessTokenAgent#retrieve_keys.
161
166
  #
162
- # Returns a Hash (symbolized keys) of any extra parameters in #token if authentication succeeds.
167
+ # Returns a Hash (symbolized keys) of any extra parameters within #token (oauth_token),
168
+ # if authentication succeeds. In most scenarios, the Hash will be empty.
163
169
  #
164
170
  # Raises ArgumentError if access_token_agent is nil
165
171
  # Raises Cerner::OAuth1a::OAuthError with an oauth_problem if authentication fails.
@@ -186,6 +192,8 @@ module Cerner
186
192
 
187
193
  verify_signature(keys, tuples.delete(:HMACSecrets))
188
194
 
195
+ @consumer_principal = tuples.delete(:"Consumer.Principal")
196
+
189
197
  tuples
190
198
  end
191
199
 
@@ -272,15 +280,19 @@ module Cerner
272
280
  #
273
281
  # Raises OAuthError if the parameter is invalid or expired
274
282
  def verify_expiration(expires_on)
275
- raise OAuthError.new('token missing ExpiresOn', nil, 'oauth_parameters_rejected') unless expires_on
283
+ raise OAuthError.new('token missing ExpiresOn', nil, 'oauth_parameters_rejected', 'oauth_token') unless expires_on
276
284
  expires_on = convert_to_time(expires_on)
277
285
  now = convert_to_time(Time.now)
278
286
  raise OAuthError.new('token has expired', nil, 'token_expired') if now.tv_sec >= expires_on.tv_sec
279
287
  end
280
288
 
281
289
  def load_keys(access_token_agent, keys_version)
282
- raise OAuthError.new('token missing KeysVersion', nil, 'oauth_parameters_rejected') unless keys_version
283
- access_token_agent.retrieve_keys(keys_version)
290
+ raise OAuthError.new('token missing KeysVersion', nil, 'oauth_parameters_rejected', 'oauth_token') unless keys_version
291
+ begin
292
+ access_token_agent.retrieve_keys(keys_version)
293
+ rescue OAuthError
294
+ raise OAuthError.new('token references invalid keys version', nil, 'oauth_parameters_rejected', 'oauth_token')
295
+ end
284
296
  end
285
297
 
286
298
  # Internal: Used by #authenticate to verify the oauth_token value.
@@ -290,7 +302,7 @@ module Cerner
290
302
  # Raises OAuthError if the parameter is not authentic
291
303
  def verify_token(keys)
292
304
  unless keys.verify_rsasha1_signature(@token)
293
- raise OAuthError.new('token is not authentic', nil, 'oauth_parameters_rejected')
305
+ raise OAuthError.new('token is not authentic', nil, 'oauth_parameters_rejected', 'oauth_token')
294
306
  end
295
307
  end
296
308
 
@@ -302,13 +314,13 @@ module Cerner
302
314
  # Raises OAuthError if there is no signature, the parameter is invalid or the signature does
303
315
  # not match the secrets
304
316
  def verify_signature(keys, hmac_secrets)
305
- raise OAuthError.new('missing signature', nil, 'oauth_parameters_absent') unless @signature
306
- raise OAuthError.new('missing HMACSecrets', nil, 'oauth_parameters_rejected') unless hmac_secrets
317
+ raise OAuthError.new('missing signature', nil, 'oauth_parameters_absent', 'oauth_signature') unless @signature
318
+ raise OAuthError.new('missing HMACSecrets', nil, 'oauth_parameters_rejected', 'oauth_token') unless hmac_secrets
307
319
 
308
320
  begin
309
321
  secrets = keys.decrypt_hmac_secrets(hmac_secrets)
310
322
  rescue ArgumentError, OpenSSL::PKey::RSAError => e
311
- raise OAuthError.new("unable to decrypt HMACSecrets: #{e.message}", nil, 'oauth_parameters_rejected')
323
+ raise OAuthError.new("unable to decrypt HMACSecrets: #{e.message}", nil, 'oauth_parameters_rejected', 'oauth_token')
312
324
  end
313
325
 
314
326
  secrets_parts = Protocol.parse_url_query_string(secrets)
@@ -14,7 +14,7 @@ require 'uri'
14
14
 
15
15
  module Cerner
16
16
  module OAuth1a
17
- # Public: A user agent for interacting with the Cerner OAuth 1.0a Access Token service to acquire
17
+ # Public: A user agent (client) for interacting with the Cerner OAuth 1.0a Access Token service to acquire
18
18
  # consumer Access Tokens or service provider Keys.
19
19
  class AccessTokenAgent
20
20
  MIME_WWW_FORM_URL_ENCODED = 'application/x-www-form-urlencoded'
@@ -28,7 +28,9 @@ module Cerner
28
28
 
29
29
  # Public: Constructs an instance of the agent.
30
30
  #
31
- # Caching - By default, AccessToken and Keys instances are maintained in a small, constrained
31
+ # _Caching_
32
+ #
33
+ # By default, AccessToken and Keys instances are maintained in a small, constrained
32
34
  # memory cache used by #retrieve and #retrieve_keys, respectively.
33
35
  #
34
36
  # The AccessToken cache keeps a maximum of 5 entries and prunes them when they expire. As the
@@ -253,7 +255,7 @@ module Cerner
253
255
 
254
256
  # Internal: Prepare a request for #retrieve_keys
255
257
  def retrieve_keys_prepare_request(keys_version)
256
- request = Net::HTTP::Get.new("#{@access_token_url}/keys/#{keys_version}")
258
+ request = Net::HTTP::Get.new(URI("#{@access_token_url}/keys/#{keys_version}"))
257
259
  request['Accept'] = 'application/json'
258
260
  request['User-Agent'] = user_agent_string
259
261
  request['Authorization'] = retrieve.authorization_header
@@ -2,6 +2,6 @@
2
2
 
3
3
  module Cerner
4
4
  module OAuth1a
5
- VERSION = '2.0.0.rc1'
5
+ VERSION = '2.0.0.rc2'
6
6
  end
7
7
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cerner-oauth1a
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.0.0.rc1
4
+ version: 2.0.0.rc2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Nathan Beyer
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-04-20 00:00:00.000000000 Z
11
+ date: 2018-08-30 00:00:00.000000000 Z
12
12
  dependencies: []
13
13
  description: |
14
14
  A minimal dependency library for interacting with a Cerner OAuth 1.0a Access