homeaway-api 1.2.0 → 1.3.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +18 -4
  3. data/lib/homeaway/api/domain/listing.rb +1 -1
  4. data/lib/homeaway/api/util/oauth.rb +38 -15
  5. data/lib/homeaway/api/version.rb +1 -1
  6. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 03191fa72b667f0ea2cfbbfb7898e8314888e572
4
- data.tar.gz: 358c23be39110cde5a6c91a86d6513e9f91f6a86
3
+ metadata.gz: ae07b41c5a30e8aeaa52452b030387757671c384
4
+ data.tar.gz: e623705ba17d366361fb316aa33b6d44a6691bea
5
5
  SHA512:
6
- metadata.gz: fa63f013b0c56621c4fdd1e0f017213087cfedbcac22f59f1ae95e9de04bc0c012a13d3207d23e9f4a8684ea62f9182ff8be6a8549df920e835dde2c992a7bca
7
- data.tar.gz: 4fab671b70eae3d34f52a808487f4141a7509dda0ecfc90e3a1ce99f2c674ee31ae9aa24ef8e68d549aa06b987438290734c5a72993f97c07931cc0848d19876
6
+ metadata.gz: 6a9aeb236d4d8cd2b1df1ef77c0d70a62543452523abe6dc5014c5eecc623044cd5e3440f85209ac58c7adef2f21067ae19d6975525712b05f83506e77e3e7d6
7
+ data.tar.gz: 4a1af1d23b854653bc45010535834c6b66574742b2480cfc1573e5f8236220eb257793fc394f9b506e9876f6807444fd879e1f29cb2c6729549c4265222f69a1
data/README.md CHANGED
@@ -39,13 +39,27 @@ This will automatically have your client authenticate with HomeAway. If you wish
39
39
  client.auth_url
40
40
  ```
41
41
 
42
- which will return back a URL as a String that the user of your application must be sent to. It is up to you to define how that takes place. Once your user goes to that url they will prompted to login with their HomeAway credentials. As soon as they do that and authorize your application to access their HomeAway data, the client's web browser will be redirected back to the redirect url that you specified when you created your client above. This url will have a code appended to it as a parameter named code. Once you are able to grab that code, you can use it with this gem:
42
+ which will return back a URL as a String that the user of your application must be sent to. It is up to you to define how that takes place.
43
+
44
+ _Note: You are recommended to save the `client.state` value. It is used to prevent your application from CSRF attacks ([http://homakov.blogspot.pt/2012/07/saferweb-most-common-oauth2.html](more details)). Saving it in the session is one way to achieve this, you will need to access this value again once the user is redirected back to your application and to ensure it's identicity with the one given then._
45
+
46
+ Example with a RubyOnRails controller:
47
+
48
+ ```ruby
49
+ session["homeaway-api.state"] = client.state
50
+ ```
51
+
52
+ Once your user goes to that url they will be prompted to login with their HomeAway credentials. As soon as they do that and authorize your application to access their HomeAway data, the client's web browser will be redirected back to the redirect url that you specified when you created your client above. This url will have the `code` and `state` parameters appended to it.
53
+
54
+ It's now time to ensure that this `state` parameter is present and identical to the previously saved `state` value. If this value have changed, it as then been tempered and certainly the reason of a CSRF attack, and should not perform the next step.
55
+
56
+ Once the `state` validated and you are able to grab that code, you can use it with this gem:
43
57
 
44
58
  ```ruby
45
59
  client.oauth_code = code_received_from_redirect_url
46
60
  ```
47
61
 
48
- As soon as you make that assignment, the client will contact HomeAway and obtain a token that can be used for interacting with the HomeAway for that user for that particular session. By default, this token has a 6 month expiration time.
62
+ As soon as you make that assignment, the client will contact HomeAway and obtain a token that can be used for interacting with the HomeAway account of that user. By default, this token has a 6 month expiration time.
49
63
 
50
64
  ### Using an existing token
51
65
 
@@ -85,10 +99,10 @@ Each of the operations is detailed in the generated Yard documentation for this
85
99
  ```ruby
86
100
  require 'homeaway_api'
87
101
  client = HomeAway::API::Client.new(client_id: your_client_id, client_secret: your_client_secret)
88
- response = @client.get_listing '123456', ['AVAILABILITY', 'RATES']
102
+ response = @client.listing '123456', ['AVAILABILITY', 'RATES']
89
103
  paginator = @client.search '4 bathrooms new york'
90
104
  paginator.each do |search_result|
91
- listing = @client.get_listing search_result.listing_id, ['DETAILS', 'RATES', 'LOCATION']
105
+ listing = @client.listing search_result.listing_id, ['DETAILS', 'RATES', 'LOCATION']
92
106
  puts listing
93
107
  end
94
108
  ```
data/lib/homeaway/api/domain/listing.rb CHANGED
@@ -26,7 +26,7 @@ module HomeAway
26
26
  # * X-HomeAway-DisplayLocale: If a locale is not specified in a query param, it will be searched for in the X-HomeAway-DisplayLocale Header. If it is not supplied in either area the default locale of the user will be selected if it exists. Otherwise the Accept-Language Header will be used.
27
27
  #
28
28
  # @param id [String] The id of the listing.
29
- # @option opts [String] :q Use the q parameter to fetch specific listing details.Valid options are AVAILABILITY, DETAILS, LOCATIONS, PHOTOS, RATES, REVIEWS If no value is given, the listing is returned with minimal content., can be an array of multiple values
29
+ # @option opts [String] :q Use the q parameter to fetch specific listing details. Valid options are AVAILABILITY, DETAILS, LOCATIONS, PHOTOS, RATES, REVIEWS. If no value is given, the listing is returned with minimal content. Can be an array of multiple values.
30
30
  # @return [HomeAway::API::Response] the result of the call to the API
31
31
  def listing(id, q=nil)
32
32
  params = {'id' => id.to_s}
data/lib/homeaway/api/util/oauth.rb CHANGED
@@ -25,9 +25,16 @@ module HomeAway
25
25
  Base64.strict_encode64 "#{@configuration.client_id}:#{@configuration.client_secret}"
26
26
  end
27
27
 
28
- # @private
28
+ # @return [String] the authorization URL you need to redirect a HomeAway user
29
+ # to grant you access to their account.
29
30
  def auth_url
30
- oauth_client_strategy.authorize_url
31
+ oauth_client_strategy.authorize_url(state: state)
32
+ end
33
+
34
+ # @return [String] a 48 characters long, securely random string, used to mitigate
35
+ # CSRF attacks during the authorization process.
36
+ def state
37
+ @_state ||= SecureRandom.hex(24)
31
38
  end
32
39
 
33
40
  # completes the oauth flow
@@ -42,7 +49,11 @@ module HomeAway
42
49
  @refresh_token = token.refresh_token
43
50
  @mode = :three_legged
44
51
  return true
45
- rescue => _
52
+ rescue => e
53
+ if e.is_a? OAuth2::Error
54
+ error_class = HomeAway::API::Errors.for_http_code e.response.status
55
+ raise error_class.new(JSON.parse(e.response.response.body))
56
+ end
46
57
  raise HomeAway::API::Errors::UnauthorizedError.new
47
58
  end
48
59
  end
@@ -57,7 +68,7 @@ module HomeAway
57
68
  OAuth2::Client.new(@configuration.client_id,
58
69
  @configuration.client_secret,
59
70
  :site => oauth_site,
60
- :raise_errors => false
71
+ :raise_errors => true
61
72
  )
62
73
  end
63
74
 
@@ -76,22 +87,34 @@ module HomeAway
76
87
  @refresh_token = token.refresh_token
77
88
  @mode = :two_legged
78
89
  return true
79
- rescue => _
90
+ rescue => e
91
+ if e.is_a? OAuth2::Error
92
+ error_class = HomeAway::API::Errors.for_http_code e.response.status
93
+ raise error_class.new(JSON.parse(e.response.response.body))
94
+ end
80
95
  raise HomeAway::API::Errors::UnauthorizedError.new
81
96
  end
82
97
  end
83
98
 
84
99
  def refresh
85
- token = OAuth2::AccessToken.new(oauth_client, nil, {:refresh_token => @refresh_token})
86
- params = {
87
- :headers => {'Authorization' => "Basic #{credentials}"}
88
- }
89
- token = token.refresh!(params)
90
- @token = token.token
91
- @token_expires = Time.at token.expires_at
92
- @refresh_token = token.refresh_token
93
- @mode = :three_legged
94
- true
100
+ begin
101
+ token = OAuth2::AccessToken.new(oauth_client, nil, {:refresh_token => @refresh_token})
102
+ params = {
103
+ :headers => {'Authorization' => "Basic #{credentials}"}
104
+ }
105
+ token = token.refresh!(params)
106
+ @token = token.token
107
+ @token_expires = Time.at token.expires_at
108
+ @refresh_token = token.refresh_token
109
+ @mode = :three_legged
110
+ return true
111
+ rescue => e
112
+ if e.is_a? OAuth2::Error
113
+ error_class = HomeAway::API::Errors.for_http_code e.response.status
114
+ raise error_class.new(JSON.parse(e.response.response.body))
115
+ end
116
+ raise HomeAway::API::Errors::UnauthorizedError.new
117
+ end
95
118
  end
96
119
  end
97
120
  end
data/lib/homeaway/api/version.rb CHANGED
@@ -15,6 +15,6 @@
15
15
 
16
16
  module HomeAway
17
17
  module API
18
- VERSION = '1.2.0'
18
+ VERSION = '1.3.0'
19
19
  end
20
20
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: homeaway-api
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.2.0
4
+ version: 1.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Charlie Meyer
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-05-10 00:00:00.000000000 Z
11
+ date: 2016-05-26 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: hashie