jkarlsson-gdata 1.1.1

data/lib/gdata/auth/clientlogin.rb

@@ -0,0 +1,102 @@
+# Copyright (C) 2008 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require 'cgi'
+
+module GData
+  module Auth
+    
+    # This class implements ClientLogin signatures for Data API requests.
+    # It can be used with a GData::Client::GData object.
+    class ClientLogin
+      
+      # The ClientLogin authentication handler
+      attr_accessor :auth_url
+      # One of 'HOSTED_OR_GOOGLE', 'GOOGLE', or 'HOSTED'. 
+      # See documentation here: 
+      # http://code.google.com/apis/accounts/docs/AuthForInstalledApps.html
+      attr_accessor :account_type
+      # The access token
+      attr_accessor :token
+      # The service name for the API you are working with
+      attr_accessor :service
+      
+      # Initialize the class with the service name of an API that you wish
+      # to request a token for.
+      def initialize(service, options = {})
+        if service.nil?
+          raise ArgumentError, "Service name cannot be nil"
+        end
+        
+        @service = service
+        
+        options.each do |key, value|
+          self.send("#{key}=", value)
+        end
+        
+        @auth_url ||= 'https://www.google.com/accounts/ClientLogin'
+        @account_type ||= 'HOSTED_OR_GOOGLE'
+      end
+      
+      # Retrieves a token for the given username and password.
+      # source identifies your application.
+      # login_token and login_captcha are used only if you are responding
+      # to a previously issued CAPTCHA challenge.
+      def get_token(username, password, source, login_token = nil, 
+          login_captcha = nil)
+        body = Hash.new
+        body['accountType'] = @account_type
+        body['Email'] = username
+        body['Passwd'] = password
+        body['service'] = @service
+        body['source'] = source
+        if login_token and login_captcha
+          body['logintoken'] = login_token
+          body['logincaptcha'] = login_captcha
+        end
+        
+        request = GData::HTTP::Request.new(@auth_url, :body => body, 
+          :method => :post)
+        service = GData::HTTP::DefaultService.new
+        response = service.make_request(request)
+        if response.status_code != 200
+          url = response.body[/Url=(.*)/,1]
+          error = response.body[/Error=(.*)/,1]
+          
+          if error == "CaptchaRequired"
+            captcha_token = response.body[/CaptchaToken=(.*)/,1]
+            captcha_url = response.body[/CaptchaUrl=(.*)/,1]
+            raise GData::Client::CaptchaError.new(captcha_token, captcha_url), 
+              "#{error} : #{url}"
+          end
+          
+          raise GData::Client::AuthorizationError.new(response)
+        end
+        
+        @token = response.body[/Auth=(.*)/,1]
+        return @token
+      end
+      
+      # Creates an appropriate Authorization header on a GData::HTTP::Request
+      # object.
+      def sign_request!(request)
+        if @token == nil
+          raise GData::Client::Error, "Cannot sign request without credentials"
+        end
+        
+        request.headers['Authorization'] = "GoogleLogin auth=#{@token}" 
+      end
+    end
+  end
+end

data/lib/gdata/auth/oauth.rb

@@ -0,0 +1,129 @@
+require 'openssl'
+require 'digest/sha1'
+require 'cgi'
+
+module GData
+  module Auth
+    class OAuth
+
+      attr_accessor :oauth_token, :oauth_secret, :consumer_key, :consumer_secret
+      attr_writer :use_body_hash
+
+      def initialize(options)
+        @oauth_token     = options[:oauth_token]
+        @oauth_secret    = options[:oauth_secret]
+        @consumer_key    = options[:consumer_key]
+        @consumer_secret = options[:consumer_secret]
+        @use_body_hash   = options[:use_body_hash]
+      end
+
+      def sign_request!(request)
+        header_parts = oauth_parameters(request)
+        header_parts['oauth_signature'] = calc_signature(request, header_parts)
+        request.headers['Authorization'] = "OAuth " + header_parts.map { |k,v| "#{k}=\"#{v}\"" }.sort.join(', ')
+      end
+
+      def use_body_hash?
+        !!@use_body_hash
+      end
+
+      private
+
+      def calc_signature(request, header_parts)
+        signature = OpenSSL::HMAC::digest(OpenSSL::Digest::Digest.new('sha1'), sig_key, base_string(request, header_parts))
+        signature = [signature].pack("m").chomp # base64 encode
+        signature = CGI::escape(signature) # url encode
+        signature
+      end
+
+      def sig_key
+        # When using HMAC-SHA1, signature key is consumer_secret and
+        # oauth_secret each encoded and separated with a '&'
+        [consumer_secret, oauth_secret].map { |part| CGI::escape(part) }.join('&')
+      end
+
+      def base_string(request, header_parts)
+        method = request.method.to_s.upcase
+        norm_ps = normalize_parameters(request, header_parts)
+
+        # Base string is method, base_url and normalized parameters,
+        # each url encoded and separated with a '&'
+        base_string = [method, base_url(request), norm_ps].map { |part| CGI::escape(part) }.join('&')
+        base_string
+      end
+
+      def base_url(request)
+        url = URI::parse(request.url)
+        base_url = '%s://%s%s' % [url.scheme, url.host, url.path]
+      end
+
+      def need_body_hash?(request)
+        return false unless use_body_hash?
+        c_type = request.headers['Content-Type']
+        is_form_urlencoded = c_type =~ /application\/x-www-form-urlencoded/
+        is_head = request.methods.to_s.upcase == 'HEAD'
+        is_get = request.methods.to_s.upcase == 'GET'
+
+        # Spec says body_hash should not be sent if req is formencoded
+        # or if req is HEAD or GET
+        !(is_form_urlencoded || is_head || is_get)
+      end
+
+      def oauth_parameters(request)
+        auth_headers = { 'oauth_consumer_key'     => CGI::escape(self.consumer_key),
+          'oauth_token'            => CGI::escape(self.oauth_token),
+          'oauth_signature_method' => "HMAC-SHA1",
+          'oauth_timestamp'        => Time.now.to_i,
+          'oauth_nonce'            => generate_nonce,
+          'oauth_version'          => "1.0"
+        }
+
+        if need_body_hash?(request)
+          auth_headers['oauth_body_hash'] = CGI::escape(calculate_body_hash(request))
+        end
+
+        auth_headers
+      end
+
+      # 2 ** 64, the largest 64 bit unsigned integer
+      BIG_INT_MAX = 18446744073709551616
+      def generate_nonce
+        Digest::SHA1.hexdigest(OpenSSL::BN.rand_range(BIG_INT_MAX).to_s)
+      end
+
+      def calculate_body_hash(request)
+        case request.body
+        when String
+          body = request.body
+        when GData::HTTP::MimeBody
+          body = ''
+          while (chunk = request.body.read(1024))
+            body << chunk
+          end
+          request.body.rewind
+        when nil
+          body = ''
+        else
+          body = request.body.to_s
+        end
+
+        body_hash = Digest::SHA1.digest(body)
+        body_hash = [body_hash].pack("m").chomp # base64 encode
+        body_hash
+      end
+
+      # NOTE: this will fail on formencoded bodies.
+      def normalize_parameters(request, oauth_params)
+        query_string = URI::parse(request.url).query
+        params = {}
+        if query_string
+          q_params = query_string.split('&')
+          q_params.each { |p| (k,v) = p.split('='); params[k] = v }
+        end
+        params.merge!(oauth_params)
+        params.sort_by { |k,v| k }.map { |p| p.join('=') }.join('&')
+      end
+
+    end
+  end
+end

data/lib/gdata/client.rb

@@ -0,0 +1,84 @@
+# Copyright (C) 2008 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require 'gdata/client/base'
+require 'gdata/client/apps'
+require 'gdata/client/blogger'
+require 'gdata/client/booksearch'
+require 'gdata/client/calendar'
+require 'gdata/client/contacts'
+require 'gdata/client/doclist'
+require 'gdata/client/finance'
+require 'gdata/client/gbase'
+require 'gdata/client/gmail'
+require 'gdata/client/health'
+require 'gdata/client/notebook'
+require 'gdata/client/photos'
+require 'gdata/client/spreadsheets'
+require 'gdata/client/webmaster_tools'
+require 'gdata/client/youtube'
+  
+module GData
+  module Client
+
+    # Base class for GData::Client errors
+    class Error < RuntimeError
+    end
+
+    # Base class for errors raised due to requests
+    class RequestError < Error
+
+      # The Net::HTTPResponse that caused this error.
+      attr_accessor :response
+
+      # Creates a new RequestError from Net::HTTPResponse +response+ with a
+      # message containing the error code and response body.
+      def initialize(response)
+        @response = response
+
+        super "request error #{response.status_code}: #{response.body}"
+      end
+
+    end
+
+    class AuthorizationError < RequestError
+    end
+    
+    class BadRequestError < RequestError
+    end
+    
+    # An error caused by ClientLogin issuing a CAPTCHA error.
+    class CaptchaError < RuntimeError
+      # The token identifying the CAPTCHA
+      attr_reader :token
+      # The URL to the CAPTCHA image
+      attr_reader :url
+      
+      def initialize(token, url)
+        @token = token
+        @url = url
+      end
+    end
+    
+    class ServerError < RequestError
+    end
+    
+    class UnknownError < RequestError
+    end
+    
+    class VersionConflictError < RequestError
+    end  
+    
+  end
+end

data/lib/gdata/client/apps.rb

@@ -0,0 +1,27 @@
+# Copyright (C) 2008 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+module GData
+  module Client
+    
+    # Client class to wrap working with the Apps Provisioning API.
+    class Apps < Base
+      
+      def initialize(options = {})
+        options[:clientlogin_service] ||= 'apps'
+        super(options)
+      end
+    end
+  end
+end

data/lib/gdata/client/base.rb

@@ -0,0 +1,187 @@
+# Copyright (C) 2008 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+module GData
+  module Client
+    
+    # A client object used to interact with different Google Data APIs.
+    class Base
+    
+      # A subclass of GData::Auth that handles authentication signing.
+      attr_accessor :auth_handler
+      # A subclass of GData::HTTP that handles making HTTP requests.
+      attr_accessor :http_service
+      # Headers to include in every request.
+      attr_accessor :headers
+      # The API version being used.
+      attr_accessor :version
+      # The default URL for ClientLogin.
+      attr_accessor :clientlogin_url
+      # A default service name for ClientLogin (overriden by subclasses).
+      attr_accessor :clientlogin_service
+      # The broadest AuthSub scope for working with an API.
+      # This is overriden by the service-specific subclasses.
+      attr_accessor :authsub_scope
+      # A short string identifying the current application.
+      attr_accessor :source
+      
+      def initialize(options = {})
+        options.each do |key, value|
+          self.send("#{key}=", value)
+        end
+        
+        @headers ||= {}
+        @http_service ||= GData::HTTP::DefaultService
+        @version ||= '2'
+        @source ||= 'AnonymousApp'
+      end
+      
+      # Sends an HTTP request with the given file as a stream
+      def make_file_request(method, url, file_path, mime_type, entry = nil)
+        if not File.readable?(file_path)
+          raise ArgumentError, "File #{file_path} is not readable."
+        end
+        file = File.open(file_path, 'rb')
+        @headers['Slug'] = File.basename(file_path)
+        if entry
+          @headers['MIME-Version'] = '1.0'
+          body = GData::HTTP::MimeBody.new(entry, file, mime_type)
+          @headers['Content-Type'] = body.content_type
+          response = self.make_request(method, url, body)
+        else
+          @headers['Content-Type'] = mime_type
+          response = self.make_request(method, url, file)
+        end
+        file.close
+        return response
+      end
+      
+      # Sends an HTTP request and return the response.
+      def make_request(method, url, body = '')
+        headers = self.prepare_headers
+        request = GData::HTTP::Request.new(url, :headers => headers, 
+          :method => method, :body => body)
+        
+        if @auth_handler and @auth_handler.respond_to?(:sign_request!)
+          @auth_handler.sign_request!(request)
+        end
+
+        service = http_service.new
+        response = service.make_request(request)
+        
+        case response.status_code  
+        when 200, 201, 302
+          #Do nothing, it's a success.
+        when 401, 403
+          raise AuthorizationError.new(response)
+        when 400
+          raise BadRequestError.new(response)
+        when 409
+          raise VersionConflictError.new(response)
+        when 500
+          raise ServerError.new(response)
+        else
+          raise UnknownError.new(response)
+        end
+        
+        return response
+      end
+      
+      # Performs an HTTP GET against the API.
+      def get(url)
+        return self.make_request(:get, url)
+      end
+      
+      # Performs an HTTP PUT against the API.
+      def put(url, body)
+        return self.make_request(:put, url, body)
+      end
+      
+      # Performs an HTTP PUT with the given file
+      def put_file(url, file_path, mime_type, entry = nil)
+        return self.make_file_request(:put, url, file_path, mime_type, entry)
+      end
+      
+      # Performs an HTTP POST against the API.
+      def post(url, body)
+        return self.make_request(:post, url, body)
+      end
+      
+      # Performs an HTTP POST with the given file
+      def post_file(url, file_path, mime_type, entry = nil)
+        return self.make_file_request(:post, url, file_path, mime_type, entry)
+      end
+      
+      # Performs an HTTP DELETE against the API.
+      def delete(url)
+        return self.make_request(:delete, url)
+      end
+      
+      # Constructs some necessary headers for every request.
+      def prepare_headers
+        headers = @headers
+        headers['GData-Version'] = @version
+        headers['User-Agent'] = GData::Auth::SOURCE_LIB_STRING + @source
+        # by default we assume we are sending Atom entries
+        if not headers.has_key?('Content-Type')
+          headers['Content-Type'] = 'application/atom+xml'
+        end
+        return headers
+      end
+      
+      # Performs ClientLogin for the service. See GData::Auth::ClientLogin
+      # for details.
+      def clientlogin(username, password, captcha_token = nil, 
+        captcha_answer = nil, service = nil, account_type = nil)
+        if service.nil?
+          service = @clientlogin_service
+        end
+        options = { :account_type => account_type }
+        self.auth_handler = GData::Auth::ClientLogin.new(service, options)
+        if @clientlogin_url
+          @auth_handler.auth_url = @clientlogin_url
+        end
+        source = GData::Auth::SOURCE_LIB_STRING + @source
+        @auth_handler.get_token(username, password, source, captcha_token, captcha_answer)
+      end
+      
+      def authsub_url(next_url, secure = false, session = true, domain = nil,
+        scope = nil)
+        if scope.nil?
+          scope = @authsub_scope
+        end
+        GData::Auth::AuthSub.get_url(next_url, scope, secure, session, domain)
+      end
+      
+      # Sets an AuthSub token for the service.
+      def authsub_token=(token)
+        self.auth_handler = GData::Auth::AuthSub.new(token)
+      end
+      
+      # Sets a private key to use with AuthSub requests.
+      def authsub_private_key=(key)
+        if @auth_handler.class == GData::Auth::AuthSub
+          @auth_handler.private_key = key
+        else
+          raise Error, "An AuthSub token must be set first."
+        end
+      end
+
+      # Sets OAuth info to use
+      def oauth_info=(options)
+        self.auth_handler = GData::Auth::OAuth.new(options)
+      end
+    end
+  end
+end