erc-contacts 0.3.0

data/lib/contacts/consumer.rb

@@ -0,0 +1,123 @@
+module Contacts
+  class Consumer
+    #
+    # Configure this consumer from the given hash.
+    #
+    def self.configure(configuration)
+      @configuration = Util.symbolize_keys(configuration)
+    end
+
+    #
+    # The configuration for this consumer.
+    #
+    def self.configuration
+      @configuration
+    end
+
+    #
+    # Define an instance-level reader for the named configuration
+    # attribute.
+    #
+    # Example:
+    #
+    #     class MyConsumer < Consumer
+    #       configuration_attribute :app_id
+    #     end
+    #
+    #     MyConsumer.configure(:app_id => 'foo')
+    #     consumer = MyConsumer.new
+    #     consumer.app_id    # "foo"
+    #
+    def self.configuration_attribute(name)
+      class_eval <<-EOS
+        def #{name}
+          self.class.configuration[:#{name}]
+        end
+      EOS
+    end
+
+    def initialize(options={})
+    end
+
+    #
+    # Return a string of serialized data.
+    #
+    # You may reconstruct the consumer by passing this string to
+    # .deserialize.
+    #
+    def serialize
+      params_to_query(serializable_data)
+    end
+
+    #
+    # Create a consumer from the given +string+ of serialized data.
+    #
+    # The serialized data should have been returned by #serialize.
+    #
+    def self.deserialize(string)
+      data = string ? query_to_params(string) : {}
+      consumer = new
+      consumer.initialize_serialized(data) if data
+      consumer
+    end
+
+    #
+    # Authorize the consumer's token from the given
+    # parameters. +params+ is the request parameters the user is
+    # redirected to your site with.
+    #
+    # Return true if authorization is successful, false otherwise. If
+    # unsuccessful, an error message is set in #error. Authorization
+    # may fail, for example, if the user denied access, or the
+    # authorization is forged.
+    #
+    def authorize(params)
+      raise NotImplementedError, 'abstract'
+    end
+
+    #
+    # An error message for the last call to #authorize.
+    #
+    attr_accessor :error
+
+    #
+    # Return the list of contacts, or nil if none could be retrieved.
+    #
+    def contacts
+      raise NotImplementedError, 'abstract'
+    end
+
+    protected
+
+    def initialize_serialized(data)
+      raise NotImplementedError, 'abstract'
+    end
+
+    def serialized_data
+      raise NotImplementedError, 'abstract'
+    end
+
+    def self.params_to_query(params)
+      params.map do |key, value|
+        "#{CGI.escape(key.to_s)}=#{CGI.escape(value.to_s)}"
+      end.join('&')
+    end
+
+    def self.query_to_params(data)
+      params={}
+      data.split(/&/).each do |pair|
+        key, value = *pair.split(/=/)
+        params[CGI.unescape(key)] = value ? CGI.unescape(value) : ''
+      end
+      params
+    end
+
+    def params_to_query(params)
+      self.class.params_to_query(params)
+    end
+
+    def query_to_params(data)
+      self.class.query_to_params(data)
+    end
+  end
+end

data/lib/contacts/google.rb

@@ -0,0 +1,85 @@
+require 'contacts'
+require 'nokogiri'
+
+module Contacts
+  class Google < OAuthConsumer
+    CONSUMER_OPTIONS = Util.frozen_hash(
+      :site => "https://www.google.com",
+      :request_token_path => "/accounts/OAuthGetRequestToken",
+      :access_token_path => "/accounts/OAuthGetAccessToken",
+      :authorize_path => "/accounts/OAuthAuthorizeToken"
+    )
+
+    REQUEST_TOKEN_PARAMS = {'scope' => "https://www.google.com/m8/feeds/"}
+
+    def initialize(options={})
+      super(CONSUMER_OPTIONS, REQUEST_TOKEN_PARAMS)
+    end
+
+    # retrieve the contacts for the user's account
+    #
+    # The options it takes are:
+    #
+    #   - limit - the max number of results to return
+    #     ("max-results"). Defaults to 200
+    #   - offset - the index to start returning results for pagination ("start-index")
+    #   - projection - defaults to thin
+    #       http://code.google.com/apis/contacts/docs/3.0/reference.html#Projections
+    def contacts(options={})
+      return nil if @access_token.nil?
+      params = {:limit => 200}.update(options)
+      google_params = translate_parameters(params)
+      query = params_to_query(google_params)
+      projection = options[:projection] || "thin"
+      begin
+        response = @access_token.get("https://www.google.com/m8/feeds/contacts/default/#{projection}?#{query}")
+      rescue OAuth::Unauthorized => error
+        # Token probably expired.
+        @error = error.message
+        return nil
+      end
+      parse_contacts(response.body)
+    end
+
+    private
+
+    def translate_parameters(params)
+      params.inject({}) do |all, pair|
+        key, value = pair
+        unless value.nil?
+          key = case key
+                when :limit
+                  'max-results'
+                when :offset
+                  value = value.to_i + 1
+                  'start-index'
+                when :order
+                  all['sortorder'] = 'descending' if params[:descending].nil?
+                  'orderby'
+                when :descending
+                  value = value ? 'descending' : 'ascending'
+                  'sortorder'
+                when :updated_after
+                  value = value.strftime("%Y-%m-%dT%H:%M:%S%Z") if value.respond_to? :strftime
+                  'updated-min'
+                else key
+                end
+
+          all[key] = value
+        end
+        all
+      end
+    end
+
+    def parse_contacts(body)
+      document = Nokogiri::XML(body)
+      document.search('/xmlns:feed/xmlns:entry').map do |entry|
+        emails = entry.search('./gd:email[@address]').map{|e| e['address'].to_s}
+        next if emails.empty?
+        title = entry.at('title') and
+          name = title.inner_text
+        Contact.new(emails, name)
+      end.compact
+    end
+  end
+end

data/lib/contacts/oauth_consumer.rb

@@ -0,0 +1,71 @@
+require 'oauth'
+
+module Contacts
+  class OAuthConsumer < Consumer
+    configuration_attribute :consumer_key
+    configuration_attribute :consumer_secret
+    configuration_attribute :return_url
+
+    def initialize(consumer_options, request_token_params)
+      @consumer_options = consumer_options
+      @request_token_params = request_token_params
+    end
+
+    def initialize_serialized(data)
+      value = data['request_token'] and
+        @request_token = deserialize_oauth_token(consumer, value)
+      value = data['access_token'] and
+        @access_token = deserialize_oauth_token(consumer, value)
+    end
+
+    def serializable_data
+      data = {}
+      data['access_token'] = serialize_oauth_token(@access_token) if @access_token
+      data['request_token'] = serialize_oauth_token(@request_token) if @request_token
+      data
+    end
+
+    attr_accessor :request_token
+    attr_accessor :access_token
+
+    def authentication_url(target = self.return_url)
+      @request_token = consumer.get_request_token({:oauth_callback => target}, @request_token_params)
+      @request_token.authorize_url
+    end
+
+    def authorize(params)
+      begin
+        @access_token = @request_token.get_access_token(:oauth_verifier => params['oauth_verifier'])
+      rescue OAuth::Unauthorized => error
+        @error = error.message
+      end
+    end
+
+    private
+
+    def consumer
+      @consumer ||= OAuth::Consumer.new(consumer_key, consumer_secret, @consumer_options)
+    end
+
+    #
+    # Marshal sucks for persistence. This provides a prettier, more
+    # future-proof persistable representation of a token.
+    #
+    def serialize_oauth_token(token)
+      params = {
+        'version' => '1',  # serialization format
+        'type' => token.is_a?(OAuth::AccessToken) ? 'access' : 'request',
+        'oauth_token' => token.token,
+        'oauth_token_secret' => token.secret,
+      }
+      params_to_query(params)
+    end
+
+    def deserialize_oauth_token(consumer, data)
+      params = query_to_params(data)
+      klass = params['type'] == 'access' ? OAuth::AccessToken : OAuth::RequestToken
+      token = klass.new(consumer, params.delete('oauth_token'), params.delete('oauth_token_secret'))
+      token
+    end
+  end
+end

data/lib/contacts/railtie.rb

@@ -0,0 +1,14 @@
+require 'contacts'
+require 'rails'
+
+module Contacts
+  class Railtie < Rails::Railtie
+    initializer "setup configuration" do
+      config_file = Rails.root.join("config", "contacts.yml")
+      if config_file.file?
+        configuration = YAML.load(ERB.new(config_file.read).result)[Rails.env]
+        Contacts.configure(configuration) if configuration.present?
+      end
+    end
+  end
+end

data/lib/contacts/util.rb

@@ -0,0 +1,24 @@
+module Contacts
+  module Util
+    #
+    # Freeze the given hash, and any hash values recursively.
+    #
+    def self.frozen_hash(hash={})
+      hash.freeze
+      hash.keys.each{|k| k.freeze}
+      hash.values.each{|v| v.freeze}
+      hash
+    end
+
+    #
+    # Return a copy of +hash+ with the keys turned into Symbols.
+    #
+    def self.symbolize_keys(hash)
+      result = {}
+      hash.each do |key, value|
+        result[key.to_sym] = value
+      end
+      result
+    end
+  end
+end

data/lib/contacts/version.rb

@@ -0,0 +1,10 @@
+module Contacts
+  module VERSION #:nodoc:
+    MAJOR = 0
+    MINOR = 2
+    TINY  = 5
+    PATCH = 5
+
+    STRING = [MAJOR, MINOR, TINY, PATCH].join('.')
+  end
+end

data/lib/contacts/windows_live.rb

@@ -0,0 +1,192 @@
+require 'contacts'
+require 'nokogiri'
+
+module Contacts
+  class WindowsLive < Consumer
+    configuration_attribute :application_id
+    configuration_attribute :secret_key
+    configuration_attribute :privacy_policy_url
+    configuration_attribute :return_url
+
+    #
+    # If this is set, then #authentication_url will force the given
+    # +target+ URL to have this origin (= scheme + host + port). This
+    # should match the domain that your Windows Live project is
+    # configured to live on.
+    #
+    # Instead of calling #authorize(params) when the user returns, you
+    # will need to call #forced_redirect_url(params) to redirect the
+    # user to the true contacts handler. #forced_redirect_url will
+    # handle construction of the query string based on the incoming
+    # parameters.
+    #
+    # The intended use is for development mode on localhost, which
+    # Windows Live forbids redirection to. Instead, you may register
+    # your app to live on "http://myapp.local", set :force_origin =>
+    # 'http://myapp.local:3000', and map the domain to 127.0.0.1 via
+    # your local hosts file. Your handlers will then look something
+    # like:
+    #
+    #     def handler
+    #       if ENV['HTTP_METHOD'] == 'POST'
+    #         consumer = Contacts::WindowsLive.new
+    #         redirect_to consumer.authentication_url(session)
+    #       else
+    #         consumer = Contacts::WindowsLive.deserialize(session[:consumer])
+    #         consumer.authorize(params)
+    #         contacts = consumer.contacts
+    #       end
+    #     end
+    #
+    # Since only the origin is forced -- not the path part of the URL
+    # -- the handler typically redirects to itself. The second time
+    # through it is a GET request.
+    #
+    # Default: nil
+    #
+    # Example: http://myapp.local
+    #
+    configuration_attribute :force_origin
+
+    attr_accessor :token_expires_at, :delegation_token
+    
+    def initialize(options={})
+      @token_expires_at = nil
+      @location_id = nil
+      @delegation_token = nil
+    end
+
+    def initialize_serialized(data)
+      @token_expires_at = Time.at(data['token_expires_at'].to_i)
+      @location_id = data['location_id']
+      @delegation_token = data['delegation_token']
+    end
+
+    def serializable_data
+      data = {}
+      data['token_expires_at'] = @token_expires_at.to_i if @token_expires_at
+      data['location_id'] = @location_id if @location_id
+      data['delegation_token'] = @delegation_token if @delegation_token
+      data
+    end
+
+    def authentication_url(target=self.return_url, options={})
+      if force_origin
+        context = target
+        target = force_origin + URI.parse(target).path
+      end
+
+      url = "https://consent.live.com/Delegation.aspx"
+      query = {
+        'ps' => 'Contacts.Invite',
+        'ru' => target,
+        'pl' => privacy_policy_url,
+        'app' => app_verifier,
+      }
+      query['appctx'] = context if context
+      "#{url}?#{params_to_query(query)}"
+    end
+
+    def forced_redirect_url(params)
+      target_origin = params['appctx'] and
+        "#{target_origin}?#{params_to_query(params)}"
+    end
+
+    def authorize(params)
+      consent_token_data = params['ConsentToken'] or
+        raise Error, "no ConsentToken from Windows Live"
+      eact = backwards_query_to_params(consent_token_data)['eact'] or
+        raise Error, "missing eact from Windows Live"
+      query = decode_eact(eact)
+      consent_authentic?(query) or
+        raise Error, "inauthentic Windows Live consent"
+      params = query_to_params(query)
+      @token_expires_at = Time.at(params['exp'].to_i)
+      @location_id = params['lid']
+      @delegation_token = params['delt']
+      true
+    rescue Error => error
+      @error = error.message
+      false
+    end
+
+    def contacts(options={})
+      return nil if @delegation_token.nil? || @token_expires_at < Time.now
+      # TODO: Handle expired token.
+      xml = request_contacts
+      parse_xml(xml)
+    end
+
+    private
+
+    def signature_key
+      OpenSSL::Digest::SHA256.digest("SIGNATURE#{secret_key}")[0...16]
+    end
+
+    def encryption_key
+      OpenSSL::Digest::SHA256.digest("ENCRYPTION#{secret_key}")[0...16]
+    end
+
+    def app_verifier
+      token = params_to_query({
+        'appid' => application_id,
+        'ts' => Time.now.to_i,
+      })
+      token << "&sig=#{CGI.escape(Base64.encode64(sign(token)))}"
+    end
+
+    def sign(token)
+      OpenSSL::HMAC.digest(OpenSSL::Digest::SHA256.new, signature_key, token)
+    end
+
+    def decode_eact(eact)
+      token = Base64.decode64(CGI.unescape(eact))
+      iv, crypted = token[0...16], token[16..-1]
+      cipher = OpenSSL::Cipher::AES128.new("CBC")
+      cipher.decrypt
+      cipher.iv = iv
+      cipher.key = encryption_key
+      cipher.update(crypted) + cipher.final
+    end
+
+    def consent_authentic?(query)
+      body, encoded_signature = query.split(/&sig=/)
+      signature = Base64.decode64(CGI.unescape(encoded_signature))
+      sign(body) == signature
+    end
+
+    #
+    # Like #query_to_params, but do the unescaping *before* the
+    # splitting on '&' and '=', like Microsoft does it.
+    #
+    def backwards_query_to_params(data)
+      params={}
+      CGI.unescape(data).split(/&/).each do |pair|
+        key, value = *pair.split(/=/)
+        params[key] = value ? value : ''
+      end
+      params
+    end
+
+    def request_contacts
+      http = Net::HTTP.new('livecontacts.services.live.com', 443)
+      http.use_ssl = true
+      url = "/users/@L@#{@location_id}/rest/invitationsbyemail"
+      authorization = "DelegatedToken dt=\"#{@delegation_token}\""
+      http.get(url, {"Authorization" => authorization}).body
+    end
+
+    def parse_xml(xml)
+      document = Nokogiri::XML(xml)
+      document.search('/LiveContacts/Contacts/Contact').map do |contact|
+        email = contact.at('PreferredEmail').inner_text.strip
+        names = []
+        element = contact.at('Profiles/Personal/FirstName') and
+          names << element.inner_text.strip
+        element = contact.at('Profiles/Personal/LastName') and
+          names << element.inner_text.strip
+        Contact.new(email,names.join(' '))
+      end
+    end
+  end
+end