homeaway-api 1.2.0 → 1.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +18 -4
- data/lib/homeaway/api/domain/listing.rb +1 -1
- data/lib/homeaway/api/util/oauth.rb +38 -15
- data/lib/homeaway/api/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: ae07b41c5a30e8aeaa52452b030387757671c384
|
4
|
+
data.tar.gz: e623705ba17d366361fb316aa33b6d44a6691bea
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 6a9aeb236d4d8cd2b1df1ef77c0d70a62543452523abe6dc5014c5eecc623044cd5e3440f85209ac58c7adef2f21067ae19d6975525712b05f83506e77e3e7d6
|
7
|
+
data.tar.gz: 4a1af1d23b854653bc45010535834c6b66574742b2480cfc1573e5f8236220eb257793fc394f9b506e9876f6807444fd879e1f29cb2c6729549c4265222f69a1
|
data/README.md
CHANGED
@@ -39,13 +39,27 @@ This will automatically have your client authenticate with HomeAway. If you wish
|
|
39
39
|
client.auth_url
|
40
40
|
```
|
41
41
|
|
42
|
-
which will return back a URL as a String that the user of your application must be sent to. It is up to you to define how that takes place.
|
42
|
+
which will return back a URL as a String that the user of your application must be sent to. It is up to you to define how that takes place.
|
43
|
+
|
44
|
+
_Note: You are recommended to save the `client.state` value. It is used to prevent your application from CSRF attacks ([http://homakov.blogspot.pt/2012/07/saferweb-most-common-oauth2.html](more details)). Saving it in the session is one way to achieve this, you will need to access this value again once the user is redirected back to your application and to ensure it's identicity with the one given then._
|
45
|
+
|
46
|
+
Example with a RubyOnRails controller:
|
47
|
+
|
48
|
+
```ruby
|
49
|
+
session["homeaway-api.state"] = client.state
|
50
|
+
```
|
51
|
+
|
52
|
+
Once your user goes to that url they will be prompted to login with their HomeAway credentials. As soon as they do that and authorize your application to access their HomeAway data, the client's web browser will be redirected back to the redirect url that you specified when you created your client above. This url will have the `code` and `state` parameters appended to it.
|
53
|
+
|
54
|
+
It's now time to ensure that this `state` parameter is present and identical to the previously saved `state` value. If this value have changed, it as then been tempered and certainly the reason of a CSRF attack, and should not perform the next step.
|
55
|
+
|
56
|
+
Once the `state` validated and you are able to grab that code, you can use it with this gem:
|
43
57
|
|
44
58
|
```ruby
|
45
59
|
client.oauth_code = code_received_from_redirect_url
|
46
60
|
```
|
47
61
|
|
48
|
-
As soon as you make that assignment, the client will contact HomeAway and obtain a token that can be used for interacting with the HomeAway
|
62
|
+
As soon as you make that assignment, the client will contact HomeAway and obtain a token that can be used for interacting with the HomeAway account of that user. By default, this token has a 6 month expiration time.
|
49
63
|
|
50
64
|
### Using an existing token
|
51
65
|
|
@@ -85,10 +99,10 @@ Each of the operations is detailed in the generated Yard documentation for this
|
|
85
99
|
```ruby
|
86
100
|
require 'homeaway_api'
|
87
101
|
client = HomeAway::API::Client.new(client_id: your_client_id, client_secret: your_client_secret)
|
88
|
-
response = @client.
|
102
|
+
response = @client.listing '123456', ['AVAILABILITY', 'RATES']
|
89
103
|
paginator = @client.search '4 bathrooms new york'
|
90
104
|
paginator.each do |search_result|
|
91
|
-
listing = @client.
|
105
|
+
listing = @client.listing search_result.listing_id, ['DETAILS', 'RATES', 'LOCATION']
|
92
106
|
puts listing
|
93
107
|
end
|
94
108
|
```
|
@@ -26,7 +26,7 @@ module HomeAway
|
|
26
26
|
# * X-HomeAway-DisplayLocale: If a locale is not specified in a query param, it will be searched for in the X-HomeAway-DisplayLocale Header. If it is not supplied in either area the default locale of the user will be selected if it exists. Otherwise the Accept-Language Header will be used.
|
27
27
|
#
|
28
28
|
# @param id [String] The id of the listing.
|
29
|
-
# @option opts [String] :q Use the q parameter to fetch specific listing details.Valid options are AVAILABILITY, DETAILS, LOCATIONS, PHOTOS, RATES, REVIEWS If no value is given, the listing is returned with minimal content
|
29
|
+
# @option opts [String] :q Use the q parameter to fetch specific listing details. Valid options are AVAILABILITY, DETAILS, LOCATIONS, PHOTOS, RATES, REVIEWS. If no value is given, the listing is returned with minimal content. Can be an array of multiple values.
|
30
30
|
# @return [HomeAway::API::Response] the result of the call to the API
|
31
31
|
def listing(id, q=nil)
|
32
32
|
params = {'id' => id.to_s}
|
@@ -25,9 +25,16 @@ module HomeAway
|
|
25
25
|
Base64.strict_encode64 "#{@configuration.client_id}:#{@configuration.client_secret}"
|
26
26
|
end
|
27
27
|
|
28
|
-
# @
|
28
|
+
# @return [String] the authorization URL you need to redirect a HomeAway user
|
29
|
+
# to grant you access to their account.
|
29
30
|
def auth_url
|
30
|
-
oauth_client_strategy.authorize_url
|
31
|
+
oauth_client_strategy.authorize_url(state: state)
|
32
|
+
end
|
33
|
+
|
34
|
+
# @return [String] a 48 characters long, securely random string, used to mitigate
|
35
|
+
# CSRF attacks during the authorization process.
|
36
|
+
def state
|
37
|
+
@_state ||= SecureRandom.hex(24)
|
31
38
|
end
|
32
39
|
|
33
40
|
# completes the oauth flow
|
@@ -42,7 +49,11 @@ module HomeAway
|
|
42
49
|
@refresh_token = token.refresh_token
|
43
50
|
@mode = :three_legged
|
44
51
|
return true
|
45
|
-
rescue =>
|
52
|
+
rescue => e
|
53
|
+
if e.is_a? OAuth2::Error
|
54
|
+
error_class = HomeAway::API::Errors.for_http_code e.response.status
|
55
|
+
raise error_class.new(JSON.parse(e.response.response.body))
|
56
|
+
end
|
46
57
|
raise HomeAway::API::Errors::UnauthorizedError.new
|
47
58
|
end
|
48
59
|
end
|
@@ -57,7 +68,7 @@ module HomeAway
|
|
57
68
|
OAuth2::Client.new(@configuration.client_id,
|
58
69
|
@configuration.client_secret,
|
59
70
|
:site => oauth_site,
|
60
|
-
:raise_errors =>
|
71
|
+
:raise_errors => true
|
61
72
|
)
|
62
73
|
end
|
63
74
|
|
@@ -76,22 +87,34 @@ module HomeAway
|
|
76
87
|
@refresh_token = token.refresh_token
|
77
88
|
@mode = :two_legged
|
78
89
|
return true
|
79
|
-
rescue =>
|
90
|
+
rescue => e
|
91
|
+
if e.is_a? OAuth2::Error
|
92
|
+
error_class = HomeAway::API::Errors.for_http_code e.response.status
|
93
|
+
raise error_class.new(JSON.parse(e.response.response.body))
|
94
|
+
end
|
80
95
|
raise HomeAway::API::Errors::UnauthorizedError.new
|
81
96
|
end
|
82
97
|
end
|
83
98
|
|
84
99
|
def refresh
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
|
89
|
-
|
90
|
-
|
91
|
-
|
92
|
-
|
93
|
-
|
94
|
-
|
100
|
+
begin
|
101
|
+
token = OAuth2::AccessToken.new(oauth_client, nil, {:refresh_token => @refresh_token})
|
102
|
+
params = {
|
103
|
+
:headers => {'Authorization' => "Basic #{credentials}"}
|
104
|
+
}
|
105
|
+
token = token.refresh!(params)
|
106
|
+
@token = token.token
|
107
|
+
@token_expires = Time.at token.expires_at
|
108
|
+
@refresh_token = token.refresh_token
|
109
|
+
@mode = :three_legged
|
110
|
+
return true
|
111
|
+
rescue => e
|
112
|
+
if e.is_a? OAuth2::Error
|
113
|
+
error_class = HomeAway::API::Errors.for_http_code e.response.status
|
114
|
+
raise error_class.new(JSON.parse(e.response.response.body))
|
115
|
+
end
|
116
|
+
raise HomeAway::API::Errors::UnauthorizedError.new
|
117
|
+
end
|
95
118
|
end
|
96
119
|
end
|
97
120
|
end
|
data/lib/homeaway/api/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: homeaway-api
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.3.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Charlie Meyer
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2016-05-
|
11
|
+
date: 2016-05-26 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: hashie
|