mojodna-oauth 0.3.1.1

data/lib/oauth/consumer.rb

@@ -0,0 +1,249 @@
+require 'net/http'
+require 'net/https'
+require 'oauth/client/net_http'
+module OAuth
+  class Consumer
+
+    @@default_options = {
+      # Signature method used by server. Defaults to HMAC-SHA1
+      :signature_method   => 'HMAC-SHA1',
+
+      # default paths on site. These are the same as the defaults set up by the generators
+      :request_token_path => '/oauth/request_token',
+      :authorize_path     => '/oauth/authorize',
+      :access_token_path  => '/oauth/access_token',
+
+      # How do we send the oauth values to the server see
+      # http://oauth.net/core/1.0/#consumer_req_param for more info
+      #
+      # Possible values:
+      #
+      #   :header - via the Authorize header (Default) ( option 1. in spec)
+      #   :body - url form encoded in body of POST request ( option 2. in spec)
+      #   :query_string - via the query part of the url ( option 3. in spec)
+      :scheme        => :header,
+
+      # Default http method used for OAuth Token Requests (defaults to :post)
+      :http_method   => :post,
+
+      :oauth_version => "1.0"
+    }
+
+    attr_accessor :options, :key, :secret
+    attr_writer   :site, :http
+
+    # Create a new consumer instance by passing it a configuration hash:
+    #
+    #   @consumer = OAuth::Consumer.new(key, secret, {
+    #     :site               => "http://term.ie",
+    #     :scheme             => :header,
+    #     :http_method        => :post,
+    #     :request_token_path => "/oauth/example/request_token.php",
+    #     :access_token_path  => "/oauth/example/access_token.php",
+    #     :authorize_path     => "/oauth/example/authorize.php"
+    #    })
+    #
+    # Start the process by requesting a token
+    #
+    #   @request_token = @consumer.get_request_token
+    #   session[:request_token] = @request_token
+    #   redirect_to @request_token.authorize_url
+    #
+    # When user returns create an access_token
+    #
+    #   @access_token = @request_token.get_access_token
+    #   @photos=@access_token.get('/photos.xml')
+    #
+    def initialize(consumer_key, consumer_secret, options = {})
+      @key    = consumer_key
+      @secret = consumer_secret
+
+      # ensure that keys are symbols
+      @options = @@default_options.merge(options.inject({}) { |options, (key, value)|
+        options[key.to_sym] = value
+        options
+      })
+    end
+
+    # The default http method
+    def http_method
+      @http_method ||= @options[:http_method] || :post
+    end
+
+    # The HTTP object for the site. The HTTP Object is what you get when you do Net::HTTP.new
+    def http
+      @http ||= create_http
+    end
+
+    # Contains the root URI for this site
+    def uri(custom_uri = nil)
+      if custom_uri
+        @uri  = custom_uri
+        @http = create_http # yike, oh well. less intrusive this way
+      else  # if no custom passed, we use existing, which, if unset, is set to site uri
+        @uri ||= URI.parse(site)
+      end
+    end
+
+    # Makes a request to the service for a new OAuth::RequestToken
+    #
+    #  @request_token = @consumer.get_request_token
+    #
+    def get_request_token(request_options = {}, *arguments)
+      response = token_request(http_method, (request_token_url? ? request_token_url : request_token_path), nil, request_options, *arguments)
+      OAuth::RequestToken.new(self, response[:oauth_token], response[:oauth_token_secret])
+    end
+
+    # Creates, signs and performs an http request.
+    # It's recommended to use the OAuth::Token classes to set this up correctly.
+    # The arguments parameters are a hash or string encoded set of parameters if it's a post request as well as optional http headers.
+    #
+    #   @consumer.request(:get,  '/people', @token, { :scheme => :query_string })
+    #   @consumer.request(:post, '/people', @token, {}, @person.to_xml, { 'Content-Type' => 'application/xml' })
+    #
+    def request(http_method, path, token = nil, request_options = {}, *arguments)
+      if path = ~/^\//
+        _http = http
+      else
+        _http = create_http(path)
+        _uri = URI.parse(path)
+        path = "#{_uri.path}#{_uri.query ? "?#{_uri.query}" : ""}"
+      end
+
+      _http.request(create_signed_request(http_method, path, token, request_options, *arguments))
+    end
+
+    # Creates and signs an http request.
+    # It's recommended to use the Token classes to set this up correctly
+    def create_signed_request(http_method, path, token = nil,request_options = {}, *arguments)
+      request = create_http_request(http_method, path, *arguments)
+      sign!(request, token, request_options)
+      request
+    end
+
+    # Creates a request and parses the result as url_encoded. This is used internally for the RequestToken and AccessToken requests.
+    def token_request(http_method, path, token = nil, request_options = {}, *arguments)
+      response = request(http_method, path, token, request_options, *arguments)
+      if response.code == "200"
+        CGI.parse(response.body).inject({}) { |h,(k,v)| h[k.to_sym] = v.first; h }
+      else
+        response.error!
+      end
+    end
+
+    # Sign the Request object. Use this if you have an externally generated http request object you want to sign.
+    def sign!(request, token=nil, request_options = {})
+      request.oauth!(http, self, token, options.merge(request_options))
+    end
+
+    # Return the signature_base_string
+    def signature_base_string(request, token=nil, request_options = {})
+      request.signature_base_string(http, self, token, options.merge(request_options))
+    end
+
+    def site
+      @options[:site].to_s
+    end
+
+    def scheme
+      @options[:scheme]
+    end
+
+    def request_token_path
+      @options[:request_token_path]
+    end
+
+    def authorize_path
+      @options[:authorize_path]
+    end
+
+    def access_token_path
+      @options[:access_token_path]
+    end
+
+    # TODO this is ugly, rewrite
+    def request_token_url
+      @options[:request_token_url] || site + request_token_path
+    end
+
+    def request_token_url?
+      @options[:request_token_url]!=nil
+    end
+
+    def authorize_url
+      @options[:authorize_url] || site + authorize_path
+    end
+
+    def authorize_url?
+      @options[:authorize_url]!=nil
+    end
+
+    def access_token_url
+      @options[:access_token_url] || site + access_token_path
+    end
+
+    def access_token_url?
+      @options[:access_token_url]!=nil
+    end
+
+  protected
+
+    # Instantiates the http object
+    def create_http(_url = nil)
+      if _url.nil? || _url[0] =~ /^\//
+        our_uri = URI.parse(site)
+      else
+        our_uri = URI.parse(_url)
+      end
+
+      http_object = Net::HTTP.new(our_uri.host, our_uri.port)
+      http_object.use_ssl = true if our_uri.scheme == "https"
+
+      http_object
+    end
+
+    # create the http request object for a given http_method and path
+    def create_http_request(http_method, path, *arguments)
+      http_method = http_method.to_sym
+
+      if [:post, :put].include?(http_method)
+        data = arguments.shift
+      end
+
+      headers = arguments.first.is_a?(Hash) ? arguments.shift : {}
+
+      case http_method
+      when :post
+        request = Net::HTTP::Post.new(path,headers)
+        request["Content-Length"] = 0 # Default to 0
+      when :put
+        request = Net::HTTP::Put.new(path,headers)
+        request["Content-Length"] = 0 # Default to 0
+      when :get
+        request = Net::HTTP::Get.new(path,headers)
+      when :delete
+        request =  Net::HTTP::Delete.new(path,headers)
+      when :head
+        request = Net::HTTP::Head.new(path,headers)
+      else
+        raise ArgumentError, "Don't know how to handle http_method: :#{http_method.to_s}"
+      end
+
+      if data.is_a?(Hash)
+        request.set_form_data(data)
+      elsif data
+        request.body = data.to_s
+        request["Content-Length"] = request.body.length
+      end
+
+      request
+    end
+
+    # Unset cached http instance because it cannot be marshalled when
+    # it has already been used and use_ssl is set to true
+    def marshal_dump(*args)
+      @http = nil
+      self
+    end
+  end
+end

data/lib/oauth/helper.rb

@@ -0,0 +1,17 @@
+require 'openssl'
+require 'base64'
+require 'cgi'
+
+module OAuth
+  module Helper
+    extend self
+
+    def escape(value)
+      CGI.escape(value.to_s).gsub("%7E", '~').gsub("+", "%20")
+    end
+
+    def generate_key(size=32)
+      Base64.encode64(OpenSSL::Random.random_bytes(size)).gsub(/\W/, '')
+    end
+  end
+end

data/lib/oauth/oauth_test_helper.rb

@@ -0,0 +1,25 @@
+require 'action_controller'
+require 'action_controller/test_process'
+
+module OAuth
+  module OAuthTestHelper
+    def mock_incoming_request_with_query(request)
+      incoming = ActionController::TestRequest.new(request.to_hash)
+      incoming.request_uri = request.path
+      incoming.host = request.uri.host
+      incoming.env["SERVER_PORT"] = request.uri.port
+      incoming.env['REQUEST_METHOD'] = request.http_method
+      incoming
+    end
+
+    def mock_incoming_request_with_authorize_header(request)
+      incoming = ActionController::TestRequest.new
+      incoming.request_uri = request.path
+      incoming.host = request.uri.host
+      incoming.env["HTTP_AUTHORIZATION"] = request.to_auth_string
+      incoming.env["SERVER_PORT"] = request.uri.port
+      incoming.env['REQUEST_METHOD'] = request.http_method
+      incoming
+    end
+  end
+end

data/lib/oauth/request_proxy/action_controller_request.rb

@@ -0,0 +1,62 @@
+require 'rubygems'
+require 'active_support'
+require 'action_controller/request'
+require 'oauth/request_proxy/base'
+require 'uri'
+
+module OAuth::RequestProxy
+  class ActionControllerRequest < OAuth::RequestProxy::Base
+    proxies(defined?(ActionController::AbstractRequest) ? ActionController::AbstractRequest : ActionController::Request)
+
+    def method
+      request.method.to_s.upcase
+    end
+
+    def uri
+      request.url
+    end
+
+    def parameters
+      if options[:clobber_request]
+        options[:parameters] || {}
+      else
+        params = request_params.merge(query_params).merge(header_params)
+        params.stringify_keys! if params.respond_to?(:stringify_keys!)
+        params.merge(options[:parameters] || {})
+      end
+    end
+
+    # Override from OAuth::RequestProxy::Base to avoid roundtrip
+    # conversion to Hash or Array and thus preserve the original
+    # parameter names
+    def parameters_for_signature
+      params = []
+      params << options[:parameters].to_query if options[:parameters]
+
+      unless options[:clobber_request]
+        params << header_params.to_query
+        params << request.query_string unless request.query_string.blank?
+        if request.content_type == Mime::Type.lookup("application/x-www-form-urlencoded")
+          params << CGI.unescape(request.raw_post)
+        end
+      end
+
+      params.
+        join('&').split('&').
+        reject { |kv| kv =~ /^oauth_signature=.*/}.
+        reject(&:blank?).
+        map { |p| p.split('=') }
+    end
+
+  protected
+
+    def query_params
+      request.query_parameters
+    end
+
+    def request_params
+      request.request_parameters
+    end
+
+  end
+end

data/lib/oauth/request_proxy/base.rb

@@ -0,0 +1,106 @@
+require 'oauth/request_proxy'
+require 'oauth/helper'
+
+module OAuth::RequestProxy
+  class Base
+    include OAuth::Helper
+
+    def self.proxies(klass)
+      OAuth::RequestProxy.available_proxies[klass] = self
+    end
+
+    attr_accessor :request, :options
+
+    def initialize(request, options = {})
+      @request = request
+      @options = options
+    end
+
+    def token
+      parameters['oauth_token']
+    end
+
+    def consumer_key
+      parameters['oauth_consumer_key']
+    end
+
+    def parameters_for_signature
+      p = parameters.dup
+      p.delete("oauth_signature")
+      p
+    end
+
+    def nonce
+      parameters['oauth_nonce']
+    end
+
+    def timestamp
+      parameters['oauth_timestamp']
+    end
+
+    def signature_method
+      case parameters['oauth_signature_method']
+      when Array
+        parameters['oauth_signature_method'].first
+      else
+        parameters['oauth_signature_method']
+      end
+    end
+
+    def signature
+      parameters['oauth_signature'] || ""
+    end
+
+    # See 9.1.2 in specs
+    def normalized_uri
+      u = URI.parse(uri)
+      "#{u.scheme.downcase}://#{u.host.downcase}#{(u.scheme.downcase == 'http' && u.port != 80) || (u.scheme.downcase == 'https' && u.port != 443) ? ":#{u.port}" : ""}#{(u.path && u.path != '') ? u.path : '/'}"
+    end
+
+    # See 9.1.1. in specs Normalize Request Parameters
+    def normalized_parameters
+      parameters_for_signature.sort.map do |k, values|
+
+        if values.is_a?(Array)
+          # multiple values were provided for a single key
+          values.sort.collect do |v|
+            [escape(k),escape(v)] * "="
+          end
+        else
+          [escape(k),escape(values)] * "="
+        end
+      end * "&"
+    end
+
+    # See 9.1 in specs
+    def signature_base_string
+      base = [method, normalized_uri, normalized_parameters]
+      base.map { |v| escape(v) }.join("&")
+    end
+
+  protected
+
+    def header_params
+      %w( X-HTTP_AUTHORIZATION Authorization HTTP_AUTHORIZATION ).each do |header|
+        next unless request.env.include?(header)
+
+        header = request.env[header]
+        next unless header[0,6] == 'OAuth '
+
+        oauth_param_string = header[6,header.length].split(/[,=]/)
+        oauth_param_string.map! { |v| unescape(v.strip) }
+        oauth_param_string.map! { |v| v =~ /^\".*\"$/ ? v[1..-2] : v }
+        oauth_params = Hash[*oauth_param_string.flatten]
+        oauth_params.reject! { |k,v| k !~ /^oauth_/ }
+
+        return oauth_params
+      end
+
+      return {}
+    end
+
+    def unescape(value)
+      URI.unescape(value.gsub('+', '%2B'))
+    end
+  end
+end

data/lib/oauth/request_proxy/jabber_request.rb

@@ -0,0 +1,41 @@
+require 'xmpp4r'
+require 'oauth/request_proxy/base'
+
+module OAuth
+  module RequestProxy
+    class JabberRequest < OAuth::RequestProxy::Base
+      proxies Jabber::Iq
+      proxies Jabber::Presence
+      proxies Jabber::Message
+
+      def parameters
+        return @params if @params
+
+        @params = {}
+
+        oauth = @request.get_elements('//oauth').first
+        return @params unless oauth
+
+        %w( oauth_token oauth_consumer_key oauth_signature_method oauth_signature
+            oauth_timestamp oauth_nonce oauth_version ).each do |param|
+          next unless element = oauth.first_element(param)
+          @params[param] = element.text
+        end
+
+        @params
+      end
+
+      def method
+        @request.name
+      end
+
+      def uri
+        [@request.from.strip.to_s, @request.to.strip.to_s].join("&")
+      end
+
+      def normalized_uri
+        uri
+      end
+    end
+  end
+end

data/lib/oauth/request_proxy/mock_request.rb

@@ -0,0 +1,44 @@
+require 'oauth/request_proxy/base'
+
+module OAuth
+  module RequestProxy
+    # RequestProxy for Hashes to facilitate simpler signature creation.
+    # Usage:
+    #   request = OAuth::RequestProxy.proxy \
+    #      "method" => "iq",
+    #      "uri"    => [from, to] * "&",
+    #      "parameters" => {
+    #        "oauth_consumer_key"     => oauth_consumer_key,
+    #        "oauth_token"            => oauth_token,
+    #        "oauth_signature_method" => "HMAC-SHA1"
+    #      }
+    #
+    #   signature = OAuth::Signature.sign \
+    #     request,
+    #     :consumer_secret => oauth_consumer_secret,
+    #     :token_secret    => oauth_token_secret,
+    class MockRequest < OAuth::RequestProxy::Base
+      proxies Hash
+
+      def parameters
+        @request["parameters"]
+      end
+
+      def method
+        @request["method"]
+      end
+
+      def normalized_uri
+        super
+      rescue
+        # if this is a non-standard URI, it may not parse properly
+        # in that case, assume that it's already been normalized
+        uri
+      end
+
+      def uri
+        @request["uri"]
+      end
+    end
+  end
+end

data/lib/oauth/request_proxy/net_http.rb

@@ -0,0 +1,65 @@
+require 'oauth/request_proxy/base'
+require 'net/http'
+require 'uri'
+require 'cgi'
+
+module OAuth::RequestProxy::Net
+  module HTTP
+    class HTTPRequest < OAuth::RequestProxy::Base
+      proxies ::Net::HTTPRequest
+
+      def method
+        request.method
+      end
+
+      def uri
+        uri = options[:uri]
+        uri.to_s
+      end
+
+      def parameters
+        if options[:clobber_request]
+          options[:parameters]
+        else
+          all_parameters
+        end
+      end
+
+    private
+
+      def all_parameters
+        request_params = CGI.parse(query_string)
+        if options[:parameters]
+          options[:parameters].each do |k,v|
+            if request_params.has_key?(k)
+              request_params[k] << v
+            else
+              request_params[k] = [v].flatten
+            end
+          end
+        end
+        request_params
+      end
+
+      def query_string
+        params = [ query_params, auth_header_params ]
+        is_form_urlencoded = request['Content-Type'] != nil && request['Content-Type'].downcase == 'application/x-www-form-urlencoded'
+        params << post_params if method.to_s.upcase == 'POST' && is_form_urlencoded
+        params.compact.join('&')
+      end
+
+      def query_params
+        URI.parse(request.path).query
+      end
+
+      def post_params
+        request.body
+      end
+
+      def auth_header_params
+        return nil unless request['Authorization'] && request['Authorization'][0,5] == 'OAuth'
+        auth_params = request['Authorization']
+      end
+    end
+  end
+end

data/lib/oauth/request_proxy/rack_request.rb

@@ -0,0 +1,40 @@
+require 'oauth/request_proxy/base'
+require 'uri'
+require 'rack'
+
+module OAuth::RequestProxy
+  class RackRequest < OAuth::RequestProxy::Base
+    proxies Rack::Request
+
+    def method
+      request.request_method
+    end
+
+    def uri
+      request.url
+    end
+
+    def parameters
+      if options[:clobber_request]
+        options[:parameters] || {}
+      else
+        params = request_params.merge(query_params).merge(header_params)
+        params.merge(options[:parameters] || {})
+      end
+    end
+
+    def signature
+      parameters['oauth_signature']
+    end
+
+  protected
+
+    def query_params
+      request.GET
+    end
+
+    def request_params
+      request.params
+    end
+  end
+end

data/lib/oauth/request_proxy.rb

@@ -0,0 +1,24 @@
+module OAuth
+  module RequestProxy
+    def self.available_proxies #:nodoc:
+      @available_proxies ||= {}
+    end
+
+    def self.proxy(request, options = {})
+      return request if request.kind_of?(OAuth::RequestProxy::Base)
+
+      klass = available_proxies[request.class]
+
+      # Search for possible superclass matches.
+      if klass.nil?
+        request_parent = available_proxies.keys.find { |rc| request.kind_of?(rc) }
+        klass = available_proxies[request_parent]
+      end
+
+      raise UnknownRequestType, request.class.to_s unless klass
+      klass.new(request, options)
+    end
+
+    class UnknownRequestType < Exception; end
+  end
+end