cerner-oauth1a 2.3.0 → 2.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 97551b442a5cf8e81197726dd7a076fd49ed7e33c5fd2bbf87e27e6368abea4b
-  data.tar.gz: de3ec59f5a000715440492c550bebe4f9d3490ce53fd9d88490a08f7539d7208
+  metadata.gz: 253284a714a5a69821159cef402c2e228c7d747a15f31dc4d8842bb7e44ee6fe
+  data.tar.gz: da348e1e5cfa763a78afd32e3bd252719670c3feb7bce4cad7995023cee384c4
 SHA512:
-  metadata.gz: a98454061208707ddab9eb7a79b867f8acbcd88fa2d42c9e68411a04fa645004e20d282e39efec0f9e91a7a57d88551588324c933e76b8336313a38c24747964
-  data.tar.gz: 6573bfbd3c6ff73b83b957b9b6e784486079b194c9d09c1c4803b16f0336b51376d39ddab369ffdfe5d13ffaa129ecb727256c27f4683169250f7c01fa9498bd
+  metadata.gz: 28473811816dc086d4eacdd3eff65d0fe5455087f5e1e5c3fb0bfb3e04ba38a819707536e40968ad157c9efe1e8756bbd8f3f87cd620c796fd3da750a247efa7
+  data.tar.gz: ae958bbf7456257dbef524a1e6073d3f9ce0c7988516f24c18f7011b689d769e86d0340fdbca7de44daf0c1b0bdbcf14768112ab13fd6f3b8573846fe284e63f

data/CHANGELOG.md

@@ -1,3 +1,9 @@
+# v2.4.0
+Handle nonce and timestamp as optional fields Per
+https://tools.ietf.org/html/rfc5849#section-3.1, the oauth_timestamp and oauth_nonce
+fields may be omitted when PLAINTEXT signatures are used. This commit make the APIs
+related to those two fields treat the data as optional.
+
 # v2.3.0
 Added Protection Realm Equivalence feature to Cerner::OAuth1a::AccessTokenAgent,
 which is used by Cerner::OAuth1a::AccessToken#authenticate when comparing realms.

data/README.md

@@ -2,7 +2,7 @@
 
 [![Build Status](https://api.travis-ci.com/cerner/cerner-oauth1a.svg)](https://travis-ci.com/cerner/cerner-oauth1a)
 [![Gem Version](http://img.shields.io/gem/v/cerner-oauth1a.svg)](https://rubygems.org/gems/cerner-oauth1a)
-[![Code Climate](http://img.shields.io/codeclimate/github/cerner/cerner-oauth1a.svg)](https://codeclimate.com/github/cerner/cerner-oauth1a)
+[![AwesomeCode Status](https://awesomecode.io/projects/48ece237-ac9c-49c9-859a-3a825968339b/status)](https://awesomecode.io/repos/cerner/cerner-oauth1a)
 
 A minimal dependency library for interacting with a Cerner OAuth 1.0a Access Token Service for
 invoking Cerner OAuth 1.0a protected services or implementing Cerner OAuth 1.0a authentication.

data/lib/cerner/oauth1a/access_token.rb

@@ -6,7 +6,6 @@ require 'uri'
 
 module Cerner
   module OAuth1a
-
     # Public: A Cerner OAuth 1.0a Access Token and related request parameters for use in Consumer or
     # Service Provider use cases.
     class AccessToken
@@ -29,10 +28,6 @@ module Cerner
         missing_params = []
         consumer_key = params[:oauth_consumer_key]
         missing_params << :oauth_consumer_key if consumer_key.nil? || consumer_key.empty?
-        nonce = params[:oauth_nonce]
-        missing_params << :oauth_nonce if nonce.nil? || nonce.empty?
-        timestamp = params[:oauth_timestamp]
-        missing_params << :oauth_timestamp if timestamp.nil? || timestamp.empty?
         token = params[:oauth_token]
         missing_params << :oauth_token if token.nil? || token.empty?
         signature_method = params[:oauth_signature_method]
@@ -44,8 +39,8 @@ module Cerner
 
         AccessToken.new(
           consumer_key: consumer_key,
-          nonce: nonce,
-          timestamp: timestamp,
+          nonce: params[:oauth_nonce],
+          timestamp: params[:oauth_timestamp],
           token: token,
           signature_method: signature_method,
           signature: signature,
@@ -59,9 +54,9 @@ module Cerner
       attr_reader :consumer_key
       # Returns a Time, but may be nil, which represents the moment when this token expires.
       attr_reader :expires_at
-      # Returns a String with the Nonce (oauth_nonce) related to this token.
+      # Returns a String, but may be nil, with the Nonce (oauth_nonce) related to this token.
       attr_reader :nonce
-      # Returns a Time, which represents the moment when this token was created (oauth_timestamp).
+      # Returns a Time, but may be nil, which represents the moment when this token was created (oauth_timestamp).
       attr_reader :timestamp
       # Returns a String with the Token (oauth_token).
       attr_reader :token
@@ -86,8 +81,8 @@ module Cerner
       #             :expires_at       - An optional Time representing the expiration moment or any
       #                                 object responding to to_i that represents the expiration
       #                                 moment as the number of seconds since the epoch.
-      #             :nonce            - The required String representing the nonce.
-      #             :timestamp        - A required Time representing the creation moment or any
+      #             :nonce            - The optional String representing the nonce.
+      #             :timestamp        - A optional Time representing the creation moment or any
       #                                 object responding to to_i that represents the creation
       #                                 moment as the number of seconds since the epoch.
       #             :token            - The required String representing the token.
@@ -95,26 +90,22 @@ module Cerner
       #             :signature_method - The optional String representing the signature method.
       #                                 Defaults to PLAINTEXT.
       #             :signature        - The optional String representing the signature.
-      #                                 Defaults to nil.
       #             :realm            - The optional String representing the protection realm.
-      #                                 Defaults to nil.
       #
-      # Raises ArgumentError if consumer_key, nonce, timestamp, token or signature_method is nil.
+      # Raises ArgumentError if consumer_key or token is nil.
       def initialize(
         accessor_secret: nil,
         consumer_key:,
         expires_at: nil,
-        nonce:,
+        nonce: nil,
         signature: nil,
         signature_method: 'PLAINTEXT',
-        timestamp:,
+        timestamp: nil,
         token:,
         token_secret: nil,
         realm: nil
       )
         raise ArgumentError, 'consumer_key is nil' unless consumer_key
-        raise ArgumentError, 'nonce is nil' unless nonce
-        raise ArgumentError, 'timestamp is nil' unless timestamp
         raise ArgumentError, 'token is nil' unless token
 
         @accessor_secret = accessor_secret || nil
@@ -125,7 +116,7 @@ module Cerner
         @nonce = nonce
         @signature = signature
         @signature_method = signature_method || 'PLAINTEXT'
-        @timestamp = convert_to_time(timestamp)
+        @timestamp = timestamp ? convert_to_time(timestamp) : nil
         @token = token
         @token_secret = token_secret || nil
         @realm = realm || nil
@@ -154,16 +145,16 @@ module Cerner
           raise OAuthError.new('accessor_secret or token_secret is nil', nil, 'parameter_absent', nil, @realm)
         end
 
-        tuples = {
-          realm: @realm,
-          oauth_version: '1.0',
-          oauth_signature_method: @signature_method,
-          oauth_signature: sig,
-          oauth_consumer_key: @consumer_key,
-          oauth_nonce: @nonce,
-          oauth_timestamp: @timestamp.tv_sec,
-          oauth_token: @token
-        }
+        tuples = {}
+        tuples[:realm] = @realm if @realm
+        tuples[:oauth_version] = '1.0'
+        tuples[:oauth_signature_method] = @signature_method
+        tuples[:oauth_signature] = sig
+        tuples[:oauth_consumer_key] = @consumer_key
+        tuples[:oauth_nonce] = @nonce if @nonce
+        tuples[:oauth_timestamp] = @timestamp.tv_sec if @timestamp
+        tuples[:oauth_token] = @token
+
         @authorization_header = Protocol.generate_authorization_header(tuples)
       end
 
@@ -291,7 +282,7 @@ module Cerner
       def convert_to_time(time)
         raise ArgumentError, 'time is nil' unless time
 
-        if time.is_a? Time
+        if time.is_a?(Time)
           time.utc
         else
           Time.at(time.to_i).utc
@@ -316,26 +307,13 @@ module Cerner
 
         expires_on = convert_to_time(expires_on)
         now = convert_to_time(Time.now)
-        if now.tv_sec >= expires_on.tv_sec
-          raise OAuthError.new(
-            'token has expired',
-            nil,
-            'token_expired',
-            nil,
-            @realm
-          )
-        end
+
+        raise OAuthError.new('token has expired', nil, 'token_expired', nil, @realm) if now.tv_sec >= expires_on.tv_sec
       end
 
       def load_keys(access_token_agent, keys_version)
         unless keys_version
-          raise OAuthError.new(
-            'token missing KeysVersion',
-            nil,
-            'oauth_parameters_rejected',
-            'oauth_token',
-            @realm
-          )
+          raise OAuthError.new('token missing KeysVersion', nil, 'oauth_parameters_rejected', 'oauth_token', @realm)
         end
 
         begin

data/lib/cerner/oauth1a/access_token_agent.rb

@@ -233,7 +233,7 @@ module Cerner
       def convert_to_http_uri(access_token_url)
         raise ArgumentError, 'access_token_url is nil' unless access_token_url
 
-        if access_token_url.is_a? URI
+        if access_token_url.is_a?(URI)
           uri = access_token_url
         else
           begin

data/lib/cerner/oauth1a/cache_rails.rb

@@ -2,12 +2,11 @@
 
 module Cerner
   module OAuth1a
-
     # Internal: A Railtie that initializer the cache implementation to use Rails.cache.
     # This will be picked up automatically if ::Rails and ::Rails.cache are defined.
     class CacheRailtie < ::Rails::Railtie
       initializer 'cerner-oauth1a.cache_initialization' do |_app|
-        ::Rails.logger.info "#{CacheRailtie.name}: configuring cache to use Rails.cache"
+        ::Rails.logger.info("#{CacheRailtie.name}: configuring cache to use Rails.cache")
         Cerner::OAuth1a::Cache.instance = RailsCache.new(::Rails.cache)
       end
     end

data/lib/cerner/oauth1a/protocol.rb

@@ -78,11 +78,12 @@ module Cerner
         realm = "realm=\"#{params.delete(:realm)}\"" if params[:realm]
         realm += ', ' if realm && !params.empty?
 
-        encoded_params = params.map do |k, v|
-          k = URI.encode_www_form_component(k).gsub('+', '%20')
-          v = URI.encode_www_form_component(v).gsub('+', '%20')
-          "#{k}=\"#{v}\""
-        end
+        encoded_params =
+          params.map do |k, v|
+            k = URI.encode_www_form_component(k).gsub('+', '%20')
+            v = URI.encode_www_form_component(v).gsub('+', '%20')
+            "#{k}=\"#{v}\""
+          end
 
         "OAuth #{realm}#{encoded_params.join(',')}"
       end
@@ -100,8 +101,12 @@ module Cerner
       # The values come from http://wiki.oauth.net/w/page/12238543/ProblemReporting
       # and are mapped based on https://oauth.net/core/1.0/#rfc.section.10.
       BAD_REQUEST_PROBLEMS = %w[
-        additional_authorization_required parameter_absent parameter_rejected
-        signature_method_rejected timestamp_refused verifier_invalid
+        additional_authorization_required
+        parameter_absent
+        parameter_rejected
+        signature_method_rejected
+        timestamp_refused
+        verifier_invalid
         version_rejected
       ].freeze
 
@@ -109,9 +114,18 @@ module Cerner
       # The values come from http://wiki.oauth.net/w/page/12238543/ProblemReporting
       # and are mapped based on https://oauth.net/core/1.0/#rfc.section.10.
       UNAUTHORIZED_PROBLEMS = %w[
-        consumer_key_refused consumer_key_rejected consumer_key_unknown
-        nonce_used permission_denied permission_unknown signature_invalid
-        token_expired token_rejected token_revoked token_used user_refused
+        consumer_key_refused
+        consumer_key_rejected
+        consumer_key_unknown
+        nonce_used
+        permission_denied
+        permission_unknown
+        signature_invalid
+        token_expired
+        token_rejected
+        token_revoked
+        token_used
+        user_refused
       ].freeze
 
       # Public: Converts a oauth_problem value to an HTTP Status using the

data/lib/cerner/oauth1a/version.rb

@@ -2,6 +2,6 @@
 
 module Cerner
   module OAuth1a
-    VERSION = '2.3.0'
+    VERSION = '2.4.0'
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cerner-oauth1a
 version: !ruby/object:Gem::Version
-  version: 2.3.0
+  version: 2.4.0
 platform: ruby
 authors:
 - Nathan Beyer
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-05-30 00:00:00.000000000 Z
+date: 2019-12-05 00:00:00.000000000 Z
 dependencies: []
 description: |
   A minimal dependency library for interacting with a Cerner OAuth 1.0a Access
@@ -53,7 +53,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
+rubygems_version: 3.0.6
 signing_key: 
 specification_version: 4
 summary: Cerner OAuth 1.0a Consumer and Service Provider Library.