cerner-oauth1a 2.3.0 → 2.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +6 -0
- data/README.md +1 -1
- data/lib/cerner/oauth1a/access_token.rb +24 -46
- data/lib/cerner/oauth1a/access_token_agent.rb +1 -1
- data/lib/cerner/oauth1a/cache_rails.rb +1 -2
- data/lib/cerner/oauth1a/protocol.rb +24 -10
- data/lib/cerner/oauth1a/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 253284a714a5a69821159cef402c2e228c7d747a15f31dc4d8842bb7e44ee6fe
|
4
|
+
data.tar.gz: da348e1e5cfa763a78afd32e3bd252719670c3feb7bce4cad7995023cee384c4
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 28473811816dc086d4eacdd3eff65d0fe5455087f5e1e5c3fb0bfb3e04ba38a819707536e40968ad157c9efe1e8756bbd8f3f87cd620c796fd3da750a247efa7
|
7
|
+
data.tar.gz: ae958bbf7456257dbef524a1e6073d3f9ce0c7988516f24c18f7011b689d769e86d0340fdbca7de44daf0c1b0bdbcf14768112ab13fd6f3b8573846fe284e63f
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,9 @@
|
|
1
|
+
# v2.4.0
|
2
|
+
Handle nonce and timestamp as optional fields Per
|
3
|
+
https://tools.ietf.org/html/rfc5849#section-3.1, the oauth_timestamp and oauth_nonce
|
4
|
+
fields may be omitted when PLAINTEXT signatures are used. This commit make the APIs
|
5
|
+
related to those two fields treat the data as optional.
|
6
|
+
|
1
7
|
# v2.3.0
|
2
8
|
Added Protection Realm Equivalence feature to Cerner::OAuth1a::AccessTokenAgent,
|
3
9
|
which is used by Cerner::OAuth1a::AccessToken#authenticate when comparing realms.
|
data/README.md
CHANGED
@@ -2,7 +2,7 @@
|
|
2
2
|
|
3
3
|
[](https://travis-ci.com/cerner/cerner-oauth1a)
|
4
4
|
[](https://rubygems.org/gems/cerner-oauth1a)
|
5
|
-
[](https://awesomecode.io/repos/cerner/cerner-oauth1a)
|
6
6
|
|
7
7
|
A minimal dependency library for interacting with a Cerner OAuth 1.0a Access Token Service for
|
8
8
|
invoking Cerner OAuth 1.0a protected services or implementing Cerner OAuth 1.0a authentication.
|
@@ -6,7 +6,6 @@ require 'uri'
|
|
6
6
|
|
7
7
|
module Cerner
|
8
8
|
module OAuth1a
|
9
|
-
|
10
9
|
# Public: A Cerner OAuth 1.0a Access Token and related request parameters for use in Consumer or
|
11
10
|
# Service Provider use cases.
|
12
11
|
class AccessToken
|
@@ -29,10 +28,6 @@ module Cerner
|
|
29
28
|
missing_params = []
|
30
29
|
consumer_key = params[:oauth_consumer_key]
|
31
30
|
missing_params << :oauth_consumer_key if consumer_key.nil? || consumer_key.empty?
|
32
|
-
nonce = params[:oauth_nonce]
|
33
|
-
missing_params << :oauth_nonce if nonce.nil? || nonce.empty?
|
34
|
-
timestamp = params[:oauth_timestamp]
|
35
|
-
missing_params << :oauth_timestamp if timestamp.nil? || timestamp.empty?
|
36
31
|
token = params[:oauth_token]
|
37
32
|
missing_params << :oauth_token if token.nil? || token.empty?
|
38
33
|
signature_method = params[:oauth_signature_method]
|
@@ -44,8 +39,8 @@ module Cerner
|
|
44
39
|
|
45
40
|
AccessToken.new(
|
46
41
|
consumer_key: consumer_key,
|
47
|
-
nonce:
|
48
|
-
timestamp:
|
42
|
+
nonce: params[:oauth_nonce],
|
43
|
+
timestamp: params[:oauth_timestamp],
|
49
44
|
token: token,
|
50
45
|
signature_method: signature_method,
|
51
46
|
signature: signature,
|
@@ -59,9 +54,9 @@ module Cerner
|
|
59
54
|
attr_reader :consumer_key
|
60
55
|
# Returns a Time, but may be nil, which represents the moment when this token expires.
|
61
56
|
attr_reader :expires_at
|
62
|
-
# Returns a String with the Nonce (oauth_nonce) related to this token.
|
57
|
+
# Returns a String, but may be nil, with the Nonce (oauth_nonce) related to this token.
|
63
58
|
attr_reader :nonce
|
64
|
-
# Returns a Time, which represents the moment when this token was created (oauth_timestamp).
|
59
|
+
# Returns a Time, but may be nil, which represents the moment when this token was created (oauth_timestamp).
|
65
60
|
attr_reader :timestamp
|
66
61
|
# Returns a String with the Token (oauth_token).
|
67
62
|
attr_reader :token
|
@@ -86,8 +81,8 @@ module Cerner
|
|
86
81
|
# :expires_at - An optional Time representing the expiration moment or any
|
87
82
|
# object responding to to_i that represents the expiration
|
88
83
|
# moment as the number of seconds since the epoch.
|
89
|
-
# :nonce - The
|
90
|
-
# :timestamp - A
|
84
|
+
# :nonce - The optional String representing the nonce.
|
85
|
+
# :timestamp - A optional Time representing the creation moment or any
|
91
86
|
# object responding to to_i that represents the creation
|
92
87
|
# moment as the number of seconds since the epoch.
|
93
88
|
# :token - The required String representing the token.
|
@@ -95,26 +90,22 @@ module Cerner
|
|
95
90
|
# :signature_method - The optional String representing the signature method.
|
96
91
|
# Defaults to PLAINTEXT.
|
97
92
|
# :signature - The optional String representing the signature.
|
98
|
-
# Defaults to nil.
|
99
93
|
# :realm - The optional String representing the protection realm.
|
100
|
-
# Defaults to nil.
|
101
94
|
#
|
102
|
-
# Raises ArgumentError if consumer_key
|
95
|
+
# Raises ArgumentError if consumer_key or token is nil.
|
103
96
|
def initialize(
|
104
97
|
accessor_secret: nil,
|
105
98
|
consumer_key:,
|
106
99
|
expires_at: nil,
|
107
|
-
nonce
|
100
|
+
nonce: nil,
|
108
101
|
signature: nil,
|
109
102
|
signature_method: 'PLAINTEXT',
|
110
|
-
timestamp
|
103
|
+
timestamp: nil,
|
111
104
|
token:,
|
112
105
|
token_secret: nil,
|
113
106
|
realm: nil
|
114
107
|
)
|
115
108
|
raise ArgumentError, 'consumer_key is nil' unless consumer_key
|
116
|
-
raise ArgumentError, 'nonce is nil' unless nonce
|
117
|
-
raise ArgumentError, 'timestamp is nil' unless timestamp
|
118
109
|
raise ArgumentError, 'token is nil' unless token
|
119
110
|
|
120
111
|
@accessor_secret = accessor_secret || nil
|
@@ -125,7 +116,7 @@ module Cerner
|
|
125
116
|
@nonce = nonce
|
126
117
|
@signature = signature
|
127
118
|
@signature_method = signature_method || 'PLAINTEXT'
|
128
|
-
@timestamp = convert_to_time(timestamp)
|
119
|
+
@timestamp = timestamp ? convert_to_time(timestamp) : nil
|
129
120
|
@token = token
|
130
121
|
@token_secret = token_secret || nil
|
131
122
|
@realm = realm || nil
|
@@ -154,16 +145,16 @@ module Cerner
|
|
154
145
|
raise OAuthError.new('accessor_secret or token_secret is nil', nil, 'parameter_absent', nil, @realm)
|
155
146
|
end
|
156
147
|
|
157
|
-
tuples = {
|
158
|
-
|
159
|
-
|
160
|
-
|
161
|
-
|
162
|
-
|
163
|
-
|
164
|
-
|
165
|
-
|
166
|
-
|
148
|
+
tuples = {}
|
149
|
+
tuples[:realm] = @realm if @realm
|
150
|
+
tuples[:oauth_version] = '1.0'
|
151
|
+
tuples[:oauth_signature_method] = @signature_method
|
152
|
+
tuples[:oauth_signature] = sig
|
153
|
+
tuples[:oauth_consumer_key] = @consumer_key
|
154
|
+
tuples[:oauth_nonce] = @nonce if @nonce
|
155
|
+
tuples[:oauth_timestamp] = @timestamp.tv_sec if @timestamp
|
156
|
+
tuples[:oauth_token] = @token
|
157
|
+
|
167
158
|
@authorization_header = Protocol.generate_authorization_header(tuples)
|
168
159
|
end
|
169
160
|
|
@@ -291,7 +282,7 @@ module Cerner
|
|
291
282
|
def convert_to_time(time)
|
292
283
|
raise ArgumentError, 'time is nil' unless time
|
293
284
|
|
294
|
-
if time.is_a?
|
285
|
+
if time.is_a?(Time)
|
295
286
|
time.utc
|
296
287
|
else
|
297
288
|
Time.at(time.to_i).utc
|
@@ -316,26 +307,13 @@ module Cerner
|
|
316
307
|
|
317
308
|
expires_on = convert_to_time(expires_on)
|
318
309
|
now = convert_to_time(Time.now)
|
319
|
-
|
320
|
-
|
321
|
-
'token has expired',
|
322
|
-
nil,
|
323
|
-
'token_expired',
|
324
|
-
nil,
|
325
|
-
@realm
|
326
|
-
)
|
327
|
-
end
|
310
|
+
|
311
|
+
raise OAuthError.new('token has expired', nil, 'token_expired', nil, @realm) if now.tv_sec >= expires_on.tv_sec
|
328
312
|
end
|
329
313
|
|
330
314
|
def load_keys(access_token_agent, keys_version)
|
331
315
|
unless keys_version
|
332
|
-
raise OAuthError.new(
|
333
|
-
'token missing KeysVersion',
|
334
|
-
nil,
|
335
|
-
'oauth_parameters_rejected',
|
336
|
-
'oauth_token',
|
337
|
-
@realm
|
338
|
-
)
|
316
|
+
raise OAuthError.new('token missing KeysVersion', nil, 'oauth_parameters_rejected', 'oauth_token', @realm)
|
339
317
|
end
|
340
318
|
|
341
319
|
begin
|
@@ -233,7 +233,7 @@ module Cerner
|
|
233
233
|
def convert_to_http_uri(access_token_url)
|
234
234
|
raise ArgumentError, 'access_token_url is nil' unless access_token_url
|
235
235
|
|
236
|
-
if access_token_url.is_a?
|
236
|
+
if access_token_url.is_a?(URI)
|
237
237
|
uri = access_token_url
|
238
238
|
else
|
239
239
|
begin
|
@@ -2,12 +2,11 @@
|
|
2
2
|
|
3
3
|
module Cerner
|
4
4
|
module OAuth1a
|
5
|
-
|
6
5
|
# Internal: A Railtie that initializer the cache implementation to use Rails.cache.
|
7
6
|
# This will be picked up automatically if ::Rails and ::Rails.cache are defined.
|
8
7
|
class CacheRailtie < ::Rails::Railtie
|
9
8
|
initializer 'cerner-oauth1a.cache_initialization' do |_app|
|
10
|
-
::Rails.logger.info
|
9
|
+
::Rails.logger.info("#{CacheRailtie.name}: configuring cache to use Rails.cache")
|
11
10
|
Cerner::OAuth1a::Cache.instance = RailsCache.new(::Rails.cache)
|
12
11
|
end
|
13
12
|
end
|
@@ -78,11 +78,12 @@ module Cerner
|
|
78
78
|
realm = "realm=\"#{params.delete(:realm)}\"" if params[:realm]
|
79
79
|
realm += ', ' if realm && !params.empty?
|
80
80
|
|
81
|
-
encoded_params =
|
82
|
-
|
83
|
-
|
84
|
-
|
85
|
-
|
81
|
+
encoded_params =
|
82
|
+
params.map do |k, v|
|
83
|
+
k = URI.encode_www_form_component(k).gsub('+', '%20')
|
84
|
+
v = URI.encode_www_form_component(v).gsub('+', '%20')
|
85
|
+
"#{k}=\"#{v}\""
|
86
|
+
end
|
86
87
|
|
87
88
|
"OAuth #{realm}#{encoded_params.join(',')}"
|
88
89
|
end
|
@@ -100,8 +101,12 @@ module Cerner
|
|
100
101
|
# The values come from http://wiki.oauth.net/w/page/12238543/ProblemReporting
|
101
102
|
# and are mapped based on https://oauth.net/core/1.0/#rfc.section.10.
|
102
103
|
BAD_REQUEST_PROBLEMS = %w[
|
103
|
-
additional_authorization_required
|
104
|
-
|
104
|
+
additional_authorization_required
|
105
|
+
parameter_absent
|
106
|
+
parameter_rejected
|
107
|
+
signature_method_rejected
|
108
|
+
timestamp_refused
|
109
|
+
verifier_invalid
|
105
110
|
version_rejected
|
106
111
|
].freeze
|
107
112
|
|
@@ -109,9 +114,18 @@ module Cerner
|
|
109
114
|
# The values come from http://wiki.oauth.net/w/page/12238543/ProblemReporting
|
110
115
|
# and are mapped based on https://oauth.net/core/1.0/#rfc.section.10.
|
111
116
|
UNAUTHORIZED_PROBLEMS = %w[
|
112
|
-
consumer_key_refused
|
113
|
-
|
114
|
-
|
117
|
+
consumer_key_refused
|
118
|
+
consumer_key_rejected
|
119
|
+
consumer_key_unknown
|
120
|
+
nonce_used
|
121
|
+
permission_denied
|
122
|
+
permission_unknown
|
123
|
+
signature_invalid
|
124
|
+
token_expired
|
125
|
+
token_rejected
|
126
|
+
token_revoked
|
127
|
+
token_used
|
128
|
+
user_refused
|
115
129
|
].freeze
|
116
130
|
|
117
131
|
# Public: Converts a oauth_problem value to an HTTP Status using the
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cerner-oauth1a
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.
|
4
|
+
version: 2.4.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Nathan Beyer
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2019-05
|
11
|
+
date: 2019-12-05 00:00:00.000000000 Z
|
12
12
|
dependencies: []
|
13
13
|
description: |
|
14
14
|
A minimal dependency library for interacting with a Cerner OAuth 1.0a Access
|
@@ -53,7 +53,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
53
53
|
- !ruby/object:Gem::Version
|
54
54
|
version: '0'
|
55
55
|
requirements: []
|
56
|
-
rubygems_version: 3.0.
|
56
|
+
rubygems_version: 3.0.6
|
57
57
|
signing_key:
|
58
58
|
specification_version: 4
|
59
59
|
summary: Cerner OAuth 1.0a Consumer and Service Provider Library.
|