metavida-oauth 0.3.2

data/lib/oauth/client/action_controller_request.rb

@@ -0,0 +1,53 @@
+require 'oauth/client/helper'
+require 'oauth/request_proxy/action_controller_request'
+require 'action_controller/test_process'
+
+module ActionController
+  class Base
+    def process_with_oauth(request, response=nil)
+      request.apply_oauth!
+      process_without_oauth(request, response)
+    end
+
+    alias_method_chain :process, :oauth
+  end
+
+  class TestRequest
+    def self.use_oauth=(bool)
+      @use_oauth = bool
+    end
+
+    def self.use_oauth?
+      @use_oauth
+    end
+
+    def configure_oauth(consumer = nil, token = nil, options = {})
+      @oauth_options = { :consumer  => consumer,
+                         :token     => token,
+                         :scheme    => 'header',
+                         :signature_method => nil,
+                         :nonce     => nil,
+                         :timestamp => nil }.merge(options)
+    end
+
+    def apply_oauth!
+      return unless ActionController::TestRequest.use_oauth? && @oauth_options
+
+      @oauth_helper = OAuth::Client::Helper.new(self, @oauth_options.merge(:request_uri => request_uri))
+
+      self.send("set_oauth_#{@oauth_options[:scheme]}")
+    end
+
+    def set_oauth_header
+      env['Authorization'] = @oauth_helper.header
+    end
+
+    def set_oauth_parameters
+      @query_parameters = @oauth_helper.parameters_with_oauth
+      @query_parameters.merge!(:oauth_signature => @oauth_helper.signature)
+    end
+
+    def set_oauth_query_string
+    end
+  end
+end

data/lib/oauth/client/helper.rb

@@ -0,0 +1,71 @@
+require 'oauth/client'
+require 'oauth/consumer'
+require 'oauth/helper'
+require 'oauth/token'
+require 'oauth/signature/hmac/sha1'
+
+module OAuth::Client
+  class Helper
+    include OAuth::Helper
+
+    def initialize(request, options = {})
+      @request = request
+      @options = options
+      @options[:signature_method] ||= 'HMAC-SHA1'
+    end
+
+    def options
+      @options
+    end
+
+    def nonce
+      options[:nonce] ||= generate_key
+    end
+
+    def timestamp
+      options[:timestamp] ||= generate_timestamp
+    end
+
+    def oauth_parameters
+      {
+        'oauth_consumer_key'     => options[:consumer].key,
+        'oauth_token'            => options[:token] ? options[:token].token : '',
+        'oauth_signature_method' => options[:signature_method],
+        'oauth_timestamp'        => timestamp,
+        'oauth_nonce'            => nonce,
+        'oauth_version'          => '1.0'
+      }.reject { |k,v| v.to_s == "" }
+    end
+
+    def signature(extra_options = {})
+      OAuth::Signature.sign(@request, { :uri      => options[:request_uri],
+                                        :consumer => options[:consumer],
+                                        :token    => options[:token] }.merge(extra_options) )
+    end
+
+    def signature_base_string(extra_options = {})
+      OAuth::Signature.signature_base_string(@request, { :uri        => options[:request_uri],
+                                                         :consumer   => options[:consumer],
+                                                         :token      => options[:token],
+                                                         :parameters => oauth_parameters}.merge(extra_options) )
+    end
+
+    def header
+      parameters = oauth_parameters
+      parameters.merge!('oauth_signature' => signature(options.merge(:parameters => parameters)))
+
+      header_params_str = parameters.map { |k,v| "#{k}=\"#{escape(v)}\"" }.join(', ')
+
+      realm = "realm=\"#{options[:realm]}\", " if options[:realm]
+      "OAuth #{realm}#{header_params_str}"
+    end
+
+    def parameters
+      OAuth::RequestProxy.proxy(@request).parameters
+    end
+
+    def parameters_with_oauth
+      oauth_parameters.merge(parameters)
+    end
+  end
+end

data/lib/oauth/client/net_http.rb

@@ -0,0 +1,78 @@
+require 'oauth/helper'
+require 'oauth/client/helper'
+require 'oauth/request_proxy/net_http'
+
+class Net::HTTPRequest
+  include OAuth::Helper
+
+  attr_reader :oauth_helper
+
+  def oauth!(http, consumer = nil, token = nil, options = {})
+    options = { :request_uri      => oauth_full_request_uri(http),
+                :consumer         => consumer,
+                :token            => token,
+                :scheme           => 'header',
+                :signature_method => nil,
+                :nonce            => nil,
+                :timestamp        => nil }.merge(options)
+
+    @oauth_helper = OAuth::Client::Helper.new(self, options)
+    self.send("set_oauth_#{options[:scheme]}")
+  end
+
+  def signature_base_string(http, consumer = nil, token = nil, options = {})
+    options = { :request_uri      => oauth_full_request_uri(http),
+                :consumer         => consumer,
+                :token            => token,
+                :scheme           => 'header',
+                :signature_method => nil,
+                :nonce            => nil,
+                :timestamp        => nil }.merge(options)
+
+    OAuth::Client::Helper.new(self, options).signature_base_string
+  end
+
+private
+
+  def oauth_full_request_uri(http)
+    uri = URI.parse(self.path)
+    uri.host = http.address
+    uri.port = http.port
+
+    if http.respond_to?(:use_ssl?) && http.use_ssl?
+      uri.scheme = "https"
+    else
+      uri.scheme = "http"
+    end
+
+    uri.to_s
+  end
+
+  def set_oauth_header
+    self['Authorization'] = @oauth_helper.header
+  end
+
+  # FIXME: if you're using a POST body and query string parameters, using this
+  # method will convert those parameters on the query string into parameters in
+  # the body. this is broken, and should be fixed.
+  def set_oauth_body
+    self.set_form_data(@oauth_helper.parameters_with_oauth)
+    params_with_sig = @oauth_helper.parameters.merge(:oauth_signature => @oauth_helper.signature)
+    self.set_form_data(params_with_sig)
+  end
+
+  def set_oauth_query_string
+    oauth_params_str = @oauth_helper.oauth_parameters.map { |k,v| [escape(k), escape(v)] * "=" }.join("&")
+
+    uri = URI.parse(path)
+    if uri.query.to_s == ""
+      uri.query = oauth_params_str
+    else
+      uri.query = uri.query + "&" + oauth_params_str
+    end
+
+    @path = uri.to_s
+
+    @path << "&oauth_signature=#{escape(oauth_helper.signature)}"
+  end
+end

data/lib/oauth/client.rb

@@ -0,0 +1,4 @@
+module OAuth
+  module Client
+  end
+end

data/lib/oauth/consumer.rb

@@ -0,0 +1,296 @@
+require 'net/http'
+require 'net/https'
+require 'oauth/client/net_http'
+require 'oauth/errors'
+
+module OAuth
+  class Consumer
+    # determine the certificate authority path to verify SSL certs
+    CA_FILES = %w(/etc/ssl/certs/ca-certificates.crt /usr/share/curl/curl-ca-bundle.crt)
+    CA_FILES.each do |ca_file|
+      if File.exists?(ca_file)
+        CA_FILE = ca_file
+        break
+      end
+    end
+    CA_FILE = nil unless defined?(CA_FILE)
+
+    @@default_options = {
+      # Signature method used by server. Defaults to HMAC-SHA1
+      :signature_method   => 'HMAC-SHA1',
+
+      # default paths on site. These are the same as the defaults set up by the generators
+      :request_token_path => '/oauth/request_token',
+      :authorize_path     => '/oauth/authorize',
+      :access_token_path  => '/oauth/access_token',
+
+      # How do we send the oauth values to the server see
+      # http://oauth.net/core/1.0/#consumer_req_param for more info
+      #
+      # Possible values:
+      #
+      #   :header - via the Authorize header (Default) ( option 1. in spec)
+      #   :body - url form encoded in body of POST request ( option 2. in spec)
+      #   :query_string - via the query part of the url ( option 3. in spec)
+      :scheme        => :header,
+
+      # Default http method used for OAuth Token Requests (defaults to :post)
+      :http_method   => :post,
+
+      :oauth_version => "1.0"
+    }
+
+    attr_accessor :options, :key, :secret
+    attr_writer   :site, :http
+
+    # Create a new consumer instance by passing it a configuration hash:
+    #
+    #   @consumer = OAuth::Consumer.new(key, secret, {
+    #     :site               => "http://term.ie",
+    #     :scheme             => :header,
+    #     :http_method        => :post,
+    #     :request_token_path => "/oauth/example/request_token.php",
+    #     :access_token_path  => "/oauth/example/access_token.php",
+    #     :authorize_path     => "/oauth/example/authorize.php"
+    #    })
+    #
+    # Start the process by requesting a token
+    #
+    #   @request_token = @consumer.get_request_token
+    #   session[:request_token] = @request_token
+    #   redirect_to @request_token.authorize_url
+    #
+    # When user returns create an access_token
+    #
+    #   @access_token = @request_token.get_access_token
+    #   @photos=@access_token.get('/photos.xml')
+    #
+    def initialize(consumer_key, consumer_secret, options = {})
+      @key    = consumer_key
+      @secret = consumer_secret
+
+      # ensure that keys are symbols
+      @options = @@default_options.merge(options.inject({}) { |options, (key, value)|
+        options[key.to_sym] = value
+        options
+      })
+    end
+
+    # The default http method
+    def http_method
+      @http_method ||= @options[:http_method] || :post
+    end
+
+    # The HTTP object for the site. The HTTP Object is what you get when you do Net::HTTP.new
+    def http
+      @http ||= create_http
+    end
+
+    # Contains the root URI for this site
+    def uri(custom_uri = nil)
+      if custom_uri
+        @uri  = custom_uri
+        @http = create_http # yike, oh well. less intrusive this way
+      else  # if no custom passed, we use existing, which, if unset, is set to site uri
+        @uri ||= URI.parse(site)
+      end
+    end
+
+    # Makes a request to the service for a new OAuth::RequestToken
+    #
+    #  @request_token = @consumer.get_request_token
+    #
+    def get_request_token(request_options = {}, *arguments)
+      response = token_request(http_method, (request_token_url? ? request_token_url : request_token_path), nil, request_options, *arguments)
+      OAuth::RequestToken.new(self, response[:oauth_token], response[:oauth_token_secret])
+    end
+
+    # Creates, signs and performs an http request.
+    # It's recommended to use the OAuth::Token classes to set this up correctly.
+    # The arguments parameters are a hash or string encoded set of parameters if it's a post request as well as optional http headers.
+    #
+    #   @consumer.request(:get,  '/people', @token, { :scheme => :query_string })
+    #   @consumer.request(:post, '/people', @token, {}, @person.to_xml, { 'Content-Type' => 'application/xml' })
+    #
+    def request(http_method, path, token = nil, request_options = {}, *arguments)
+      if path !~ /^\//
+        @http = create_http(path)
+        _uri = URI.parse(path)
+        path = "#{_uri.path}#{_uri.query ? "?#{_uri.query}" : ""}"
+      end
+
+      rsp = http.request(create_signed_request(http_method, path, token, request_options, *arguments))
+
+      # check for an error reported by the Problem Reporting extension
+      # (http://wiki.oauth.net/ProblemReporting)
+      # note: a 200 may actually be an error; check for an oauth_problem key to be sure
+      if !(headers = rsp.to_hash["www-authenticate"]).nil? &&
+        (h = headers.select { |h| h =~ /^OAuth / }).any? &&
+        h.first =~ /oauth_problem/
+
+        # puts "Header: #{h.first}"
+
+        # TODO doesn't handle broken responses from api.login.yahoo.com
+        # remove debug code when done
+        params = OAuth::Helper.parse_header(h.first)
+
+        # puts "Params: #{params.inspect}"
+        # puts "Body: #{rsp.body}"
+
+        raise OAuth::Problem.new(params.delete("oauth_problem"), rsp, params)
+      end
+
+      rsp
+    end
+
+    # Creates and signs an http request.
+    # It's recommended to use the Token classes to set this up correctly
+    def create_signed_request(http_method, path, token = nil, request_options = {}, *arguments)
+      request = create_http_request(http_method, path, *arguments)
+      sign!(request, token, request_options)
+      request
+    end
+
+    # Creates a request and parses the result as url_encoded. This is used internally for the RequestToken and AccessToken requests.
+    def token_request(http_method, path, token = nil, request_options = {}, *arguments)
+      response = request(http_method, path, token, request_options, *arguments)
+
+      case response.code.to_i
+
+      when (200..299)
+        CGI.parse(response.body).inject({}) { |h,(k,v)| h[k.to_sym] = v.first; h }
+      when (300..399)
+        # this is a redirect
+        response.error!
+      when (400..499)
+        raise OAuth::Unauthorized, response
+      else
+        response.error!
+      end
+    end
+
+    # Sign the Request object. Use this if you have an externally generated http request object you want to sign.
+    def sign!(request, token = nil, request_options = {})
+      request.oauth!(http, self, token, options.merge(request_options))
+    end
+
+    # Return the signature_base_string
+    def signature_base_string(request, token = nil, request_options = {})
+      request.signature_base_string(http, self, token, options.merge(request_options))
+    end
+
+    def site
+      @options[:site].to_s
+    end
+
+    def scheme
+      @options[:scheme]
+    end
+
+    def request_token_path
+      @options[:request_token_path]
+    end
+
+    def authorize_path
+      @options[:authorize_path]
+    end
+
+    def access_token_path
+      @options[:access_token_path]
+    end
+
+    # TODO this is ugly, rewrite
+    def request_token_url
+      @options[:request_token_url] || site + request_token_path
+    end
+
+    def request_token_url?
+      @options.has_key?(:request_token_url)
+    end
+
+    def authorize_url
+      @options[:authorize_url] || site + authorize_path
+    end
+
+    def authorize_url?
+      @options.has_key?(:authorize_url)
+    end
+
+    def access_token_url
+      @options[:access_token_url] || site + access_token_path
+    end
+
+    def access_token_url?
+      @options.has_key?(:access_token_url)
+    end
+
+  protected
+
+    # Instantiates the http object
+    def create_http(_url = nil)
+      if _url.nil? || _url[0] =~ /^\//
+        our_uri = URI.parse(site)
+      else
+        our_uri = URI.parse(_url)
+      end
+
+      http_object = Net::HTTP.new(our_uri.host, our_uri.port)
+
+      http_object.use_ssl = (our_uri.scheme == 'https')
+
+      if CA_FILE
+        http_object.ca_file = CA_FILE
+        http_object.verify_mode = OpenSSL::SSL::VERIFY_PEER
+        http_object.verify_depth = 5
+      else
+        http_object.verify_mode = OpenSSL::SSL::VERIFY_NONE
+      end
+
+      http_object
+    end
+
+    # create the http request object for a given http_method and path
+    def create_http_request(http_method, path, *arguments)
+      http_method = http_method.to_sym
+
+      if [:post, :put].include?(http_method)
+        data = arguments.shift
+      end
+
+      headers = arguments.first.is_a?(Hash) ? arguments.shift : {}
+
+      case http_method
+      when :post
+        request = Net::HTTP::Post.new(path,headers)
+        request["Content-Length"] = 0 # Default to 0
+      when :put
+        request = Net::HTTP::Put.new(path,headers)
+        request["Content-Length"] = 0 # Default to 0
+      when :get
+        request = Net::HTTP::Get.new(path,headers)
+      when :delete
+        request =  Net::HTTP::Delete.new(path,headers)
+      when :head
+        request = Net::HTTP::Head.new(path,headers)
+      else
+        raise ArgumentError, "Don't know how to handle http_method: :#{http_method.to_s}"
+      end
+
+      if data.is_a?(Hash)
+        request.set_form_data(data)
+      elsif data
+        request.body = data.to_s
+        request["Content-Length"] = request.body.length
+      end
+
+      request
+    end
+
+    # Unset cached http instance because it cannot be marshalled when
+    # it has already been used and use_ssl is set to true
+    def marshal_dump(*args)
+      @http = nil
+      self
+    end
+  end
+end

data/lib/oauth/errors/error.rb

@@ -0,0 +1,4 @@
+module OAuth
+  class Error < StandardError
+  end
+end

data/lib/oauth/errors/problem.rb

@@ -0,0 +1,14 @@
+module OAuth
+  class Problem < OAuth::Unauthorized
+    attr_reader :problem, :params
+    def initialize(problem, request = nil, params = {})
+      super(request)
+      @problem = problem
+      @params  = params
+    end
+
+    def to_s
+      problem
+    end
+  end
+end

data/lib/oauth/errors/unauthorized.rb

@@ -0,0 +1,12 @@
+module OAuth
+  class Unauthorized < OAuth::Error
+    attr_reader :request
+    def initialize(request = nil)
+      @request = request
+    end
+
+    def to_s
+      [request.code, request.message] * " "
+    end
+  end
+end

data/lib/oauth/errors.rb

@@ -0,0 +1,3 @@
+require 'oauth/errors/error'
+require 'oauth/errors/unauthorized'
+require 'oauth/errors/problem'

data/lib/oauth/helper.rb

@@ -0,0 +1,55 @@
+require 'openssl'
+require 'base64'
+
+module OAuth
+  module Helper
+    extend self
+
+    def escape(value)
+      URI::escape(value.to_s, OAuth::RESERVED_CHARACTERS)
+    end
+
+    def generate_key(size=32)
+      Base64.encode64(OpenSSL::Random.random_bytes(size)).gsub(/\W/, '')
+    end
+
+    alias_method :generate_nonce, :generate_key
+
+    def generate_timestamp
+      Time.now.to_i.to_s
+    end
+
+    def normalize(params)
+      params.sort.map do |k, values|
+
+        if values.is_a?(Array)
+          # multiple values were provided for a single key
+          values.sort.collect do |v|
+            [escape(k),escape(v)] * "="
+          end
+        else
+          [escape(k),escape(values)] * "="
+        end
+      end * "&"
+    end
+
+    # Parse an Authorization / WWW-Authenticate header into a hash
+    def parse_header(header)
+      # decompose
+      params = header[6,header.length].split(/[,=]/)
+
+      # strip and unescape
+      params.map! { |v| unescape(v.strip) }
+
+      # strip quotes
+      params.map! { |v| v =~ /^\".*\"$/ ? v[1..-2] : v }
+
+      # convert into a Hash
+      Hash[*params.flatten]
+    end
+
+    def unescape(value)
+      URI.unescape(value.gsub('+', '%2B'))
+    end
+  end
+end

data/lib/oauth/oauth.rb

@@ -0,0 +1,7 @@
+module OAuth
+  # required parameters, per sections 6.1.1, 6.3.1, and 7
+  PARAMETERS = %w(oauth_consumer_key oauth_token oauth_signature_method oauth_timestamp oauth_nonce oauth_version oauth_signature)
+
+  # reserved character regexp, per section 5.1
+  RESERVED_CHARACTERS = /[^\w\d\-\.\_\~]/
+end

data/lib/oauth/oauth_test_helper.rb

@@ -0,0 +1,25 @@
+require 'action_controller'
+require 'action_controller/test_process'
+
+module OAuth
+  module OAuthTestHelper
+    def mock_incoming_request_with_query(request)
+      incoming = ActionController::TestRequest.new(request.to_hash)
+      incoming.request_uri = request.path
+      incoming.host = request.uri.host
+      incoming.env["SERVER_PORT"] = request.uri.port
+      incoming.env['REQUEST_METHOD'] = request.http_method
+      incoming
+    end
+
+    def mock_incoming_request_with_authorize_header(request)
+      incoming = ActionController::TestRequest.new
+      incoming.request_uri = request.path
+      incoming.host = request.uri.host
+      incoming.env["HTTP_AUTHORIZATION"] = request.to_auth_string
+      incoming.env["SERVER_PORT"] = request.uri.port
+      incoming.env['REQUEST_METHOD'] = request.http_method
+      incoming
+    end
+  end
+end