mojodna-oauth 0.3.4 → 0.3.4.1

data/History.txt

@@ -1,3 +1,11 @@
+== 0.3.5
+
+* `query` CLI command to access protected resources (Seth)
+* Added -H, -Q CLI options for specifying the authorization scheme (Seth)
+* Added -O CLI option for specifying a file containing options (Seth)
+* Support streamable body contents for large request bodies (Seth Cousins)
+* Support for OAuth 1.0a (Seth)
+
 == 0.3.4 2009-05-06
 
 * OAuth::Client::Helper uses OAuth::VERSION (chadisfaction)

data/examples/yql.rb

@@ -39,6 +39,6 @@ consumer = OAuth::Consumer.new \
 
 access_token = OAuth::AccessToken.new(consumer)
 
-response = access_token.request(:get, url = "/v1/yql?q=#{OAuth::Helper.escape(query)}&format=json")
+response = access_token.request(:get, "/v1/yql?q=#{OAuth::Helper.escape(query)}&format=json")
 rsp = JSON.parse(response.body)
 pp rsp

data/lib/oauth/cli.rb

@@ -6,6 +6,7 @@ module OAuth
     SUPPORTED_COMMANDS = {
       "authorize" => "Obtain an access token and secret for a user",
       "debug"     => "Verbosely generate an OAuth signature",
+      "query"     => "Query a protected resource",
       "sign"      => "Generate an OAuth signature"
     }
 
@@ -41,38 +42,59 @@ module OAuth
         case command
         # TODO move command logic elsewhere
         when "authorize"
-          # Y! token authority requires realm=yahoo.com when headers are in use
-          # TODO remove :scheme when that's been fixed
-          # TODO determine endpoints w/ X-RDS-Simple
           consumer = OAuth::Consumer.new \
             options[:oauth_consumer_key],
             options[:oauth_consumer_secret],
             :access_token_url  => options[:access_token_url],
             :authorize_url     => options[:authorize_url],
             :request_token_url => options[:request_token_url],
-            :scheme            => :query_string
+            :scheme            => options[:scheme]
+
+          # parameters for OAuth 1.0a
+          oauth_verifier = nil
 
           # get a request token
-          request_token = consumer.get_request_token
+          request_token = consumer.get_request_token(:oauth_callback => options[:oauth_callback])
+
+          if request_token.callback_confirmed?
+            stdout.puts "Server appears to support OAuth 1.0a; enabling support."
+            options[:version] = "1.0a"
+          end
 
           stdout.puts "Please visit this url to authorize:"
           stdout.puts request_token.authorize_url
 
-          stdout.puts "Press return to continue..."
-          stdin.gets
+          if options[:version] == "1.0a"
+            stdout.puts "Please enter the verification code provided by the SP (oauth_verifier):"
+            oauth_verifier = stdin.gets.chomp
+          else
+            stdout.puts "Press return to continue..."
+            stdin.gets
+          end
 
           begin
             # get an access token
-            access_token = request_token.get_access_token
+            access_token = request_token.get_access_token(:oauth_verifier => oauth_verifier)
 
             stdout.puts "Response:"
             access_token.params.each do |k,v|
-              stdout.puts "  #{k}: #{v}"
+              stdout.puts "  #{k}: #{v}" unless k.is_a?(Symbol)
             end
           rescue OAuth::Unauthorized => e
             stderr.puts "A problem occurred while attempting to obtain an access token:"
             stderr.puts e
           end
+        when "query"
+          consumer = OAuth::Consumer.new \
+            options[:oauth_consumer_key],
+            options[:oauth_consumer_secret],
+            :scheme => options[:scheme]
+
+          access_token = OAuth::AccessToken.new(consumer, options[:oauth_token], options[:oauth_token_secret])
+
+          response = access_token.request(options[:method].downcase.to_sym, options[:uri])
+          puts "#{response.code} #{response.message}"
+          puts response.body
         when "sign"
           parameters = prepare_parameters
 
@@ -147,7 +169,9 @@ module OAuth
       parse_options(arguments[0..-1])
     end
 
-    def option_parser
+    def option_parser(arguments)
+      # TODO add realm parameter
+      # TODO add user-agent parameter
       option_parser = OptionParser.new do |opts|
         opts.banner = "Usage: #{$0} [options] <command>"
 
@@ -157,6 +181,8 @@ module OAuth
         options[:oauth_timestamp] = OAuth::Helper.generate_timestamp
         options[:oauth_version] = "1.0"
         options[:params] = []
+        options[:scheme] = :header
+        options[:version] = "1.0"
 
         ## Common Options
 
@@ -168,7 +194,19 @@ module OAuth
           options[:oauth_consumer_secret] = v
         end
 
-        ## Options for signing
+        opts.on("-H", "--header", "Use the 'Authorization' header for OAuth parameters (default).") do
+          options[:scheme] = :header
+        end
+
+        opts.on("-Q", "--query-string", "Use the query string for OAuth parameters.") do
+          options[:scheme] = :query_string
+        end
+
+        opts.on("-O", "--options FILE", "Read options from a file") do |v|
+          arguments.unshift(*open(v).readlines.map { |l| l.chomp.split(" ") }.flatten)
+        end
+
+        ## Options for signing and making requests
 
         opts.on("--method METHOD", "Specifies the method (e.g. GET) to use when signing.") do |v|
           options[:method] = v
@@ -233,6 +271,10 @@ module OAuth
           options[:authorize_url] = v
         end
 
+        opts.on("--callback-url URL", "Specifies a callback URL.") do |v|
+          options[:oauth_callback] = v
+        end
+
         opts.on("--request-token-url URL", "Specifies the request token URL.") do |v|
           options[:request_token_url] = v
         end
@@ -240,7 +282,7 @@ module OAuth
     end
 
     def parse_options(arguments)
-      option_parser.parse!(arguments)
+      option_parser(arguments).parse!(arguments)
     end
 
     def prepare_parameters

data/lib/oauth/client/helper.rb

@@ -29,11 +29,13 @@ module OAuth::Client
 
     def oauth_parameters
       {
+        'oauth_callback'         => options[:oauth_callback],
         'oauth_consumer_key'     => options[:consumer].key,
         'oauth_token'            => options[:token] ? options[:token].token : '',
         'oauth_signature_method' => options[:signature_method],
         'oauth_timestamp'        => timestamp,
         'oauth_nonce'            => nonce,
+        'oauth_verifier'         => options[:oauth_verifier],
         'oauth_version'          => '1.0'
       }.reject { |k,v| v.to_s == "" }
     end

data/lib/oauth/client/net_http.rb

@@ -11,6 +11,12 @@ class Net::HTTPRequest
   # this may add a header, additional query string parameters, or additional POST body parameters.
   # The default scheme is +header+, in which the OAuth parameters as put into the +Authorization+
   # header.
+  # 
+  # * http - Configured Net::HTTP instance
+  # * consumer - OAuth::Consumer instance
+  # * token - OAuth::Token instance
+  # * options - Request-specific options (e.g. +request_uri+, +consumer+, +token+, +scheme+,
+  #   +signature_method+, +nonce+, +timestamp+)
   #
   # This method also modifies the <tt>User-Agent</tt> header to add the OAuth gem version.
   #
@@ -34,7 +40,13 @@ class Net::HTTPRequest
   # on the <tt>options[:scheme]</tt> being used so this must match what will be used for the request
   # itself. The default scheme is +header+, in which the OAuth parameters as put into the +Authorization+
   # header.
-  #
+  # 
+  # * http - Configured Net::HTTP instance
+  # * consumer - OAuth::Consumer instance
+  # * token - OAuth::Token instance
+  # * options - Request-specific options (e.g. +request_uri+, +consumer+, +token+, +scheme+,
+  #   +signature_method+, +nonce+, +timestamp+)
+  # 
   # See Also: {OAuth core spec version 1.0, section 9.1.1}[http://oauth.net/core/1.0#rfc.section.9.1.1]
   def signature_base_string(http, consumer = nil, token = nil, options = {})
     options = { :request_uri      => oauth_full_request_uri(http),

data/lib/oauth/consumer.rb

@@ -97,18 +97,40 @@ module OAuth
       end
     end
 
+    def get_access_token(request_token, request_options = {}, *arguments)
+      response = token_request(http_method, (access_token_url? ? access_token_url : access_token_path), request_token, request_options, *arguments)
+      OAuth::AccessToken.from_hash(self, response)
+    end
+
     # Makes a request to the service for a new OAuth::RequestToken
     #
     #  @request_token = @consumer.get_request_token
     #
+    # To include OAuth parameters:
+    #
+    #  @request_token = @consumer.get_request_token \
+    #    :oauth_callback => "http://example.com/cb"
+    #
+    # To include application-specific parameters:
+    #
+    #  @request_token = @consumer.get_request_token({}, :foo => "bar")
+    #
+    # TODO oauth_callback should be a mandatory parameter
     def get_request_token(request_options = {}, *arguments)
+      # if oauth_callback wasn't provided, it is assumed that oauth_verifiers
+      # will be exchanged out of band
+      request_options[:oauth_callback] ||= OAuth::OUT_OF_BAND
+
       response = token_request(http_method, (request_token_url? ? request_token_url : request_token_path), nil, request_options, *arguments)
-      OAuth::RequestToken.new(self, response[:oauth_token], response[:oauth_token_secret])
+      OAuth::RequestToken.from_hash(self, response)
     end
 
     # Creates, signs and performs an http request.
     # It's recommended to use the OAuth::Token classes to set this up correctly.
-    # The arguments parameters are a hash or string encoded set of parameters if it's a post request as well as optional http headers.
+    # request_options take precedence over consumer-wide options when signing
+    #   a request.
+    # arguments are POST and PUT bodies (a Hash, string-encoded parameters, or
+    #   absent), followed by additional HTTP headers.
     #
     #   @consumer.request(:get,  '/people', @token, { :scheme => :query_string })
     #   @consumer.request(:post, '/people', @token, {}, @person.to_xml, { 'Content-Type' => 'application/xml' })
@@ -159,7 +181,14 @@ module OAuth
       case response.code.to_i
 
       when (200..299)
-        CGI.parse(response.body).inject({}) { |h,(k,v)| h[k.to_sym] = v.first; h }
+        # symbolize keys
+        # TODO this could be considered unexpected behavior; symbols or not?
+        # TODO this also drops subsequent values from multi-valued keys
+        CGI.parse(response.body).inject({}) do |h,(k,v)|
+          h[k.to_sym] = v.first
+          h[k]        = v.first
+          h
+        end
       when (300..399)
         # this is a redirect
         response.error!
@@ -280,8 +309,19 @@ module OAuth
       if data.is_a?(Hash)
         request.set_form_data(data)
       elsif data
-        request.body = data.to_s
-        request["Content-Length"] = request.body.length
+        if data.respond_to?(:read)
+          request.body_stream = data
+          if data.respond_to?(:length)
+            request["Content-Length"] = data.length
+          elsif data.respond_to?(:stat) && data.stat.respond_to?(:size)
+            request["Content-Length"] = data.stat.size
+          else
+            raise ArgumentError, "Don't know how to send a body_stream that doesn't respond to .length or .stat.size"
+          end
+        else
+          request.body = data.to_s
+          request["Content-Length"] = request.body.length
+        end
       end
 
       request

data/lib/oauth/oauth.rb

@@ -1,6 +1,10 @@
 module OAuth
+  # request tokens are passed between the consumer and the provider out of
+  # band (i.e. callbacks cannot be used), per section 6.1.1
+  OUT_OF_BAND = "oob"
+
   # required parameters, per sections 6.1.1, 6.3.1, and 7
-  PARAMETERS = %w(oauth_consumer_key oauth_token oauth_signature_method oauth_timestamp oauth_nonce oauth_version oauth_signature)
+  PARAMETERS = %w(oauth_callback oauth_consumer_key oauth_token oauth_signature_method oauth_timestamp oauth_nonce oauth_verifier oauth_version oauth_signature)
 
   # reserved character regexp, per section 5.1
   RESERVED_CHARACTERS = /[^a-zA-Z0-9\-\.\_\~]/

data/lib/oauth/request_proxy/base.rb

@@ -18,6 +18,10 @@ module OAuth::RequestProxy
 
     ## OAuth parameters
 
+    def oauth_callback
+      parameters['oauth_callback']
+    end
+
     def oauth_consumer_key
       parameters['oauth_consumer_key']
     end
@@ -48,6 +52,10 @@ module OAuth::RequestProxy
       parameters['oauth_token']
     end
 
+    def oauth_verifier
+      parameters['oauth_verifier']
+    end
+
     def oauth_version
       parameters["oauth_version"]
     end

data/lib/oauth/tokens/consumer_token.rb

@@ -13,6 +13,7 @@ module OAuth
     def initialize(consumer, token="", secret="")
       super(token, secret)
       @consumer = consumer
+      @params   = {}
     end
 
     # Make a signed request using given http_method to the path

data/lib/oauth/tokens/request_token.rb

@@ -9,6 +9,10 @@ module OAuth
       build_authorize_url(consumer.authorize_url, params)
     end
 
+    def callback_confirmed?
+      params[:oauth_callback_confirmed] == "true"
+    end
+
     # exchange for AccessToken on server
     def get_access_token(options = {}, *arguments)
       response = consumer.token_request(consumer.http_method, (consumer.access_token_url? ? consumer.access_token_url : consumer.access_token_path), self, options, *arguments)

data/lib/oauth/version.rb

@@ -1,3 +1,3 @@
 module OAuth #:nodoc:
-  VERSION = '0.3.4'
+  VERSION = '0.3.4.1'
 end

data/oauth.gemspec

@@ -2,7 +2,7 @@
 
 Gem::Specification.new do |s|
   s.name = %q{oauth}
-  s.version = "0.3.4"
+  s.version = "0.3.4.1"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Pelle Braendgaard", "Blaine Cook", "Larry Halff", "Jesse Clark", "Jon Crosby", "Seth Fitzsimmons", "Matt Sanford"]

data/test/test_consumer.rb

@@ -1,6 +1,7 @@
 require File.dirname(__FILE__) + '/test_helper'
 require 'oauth/consumer'
 require 'oauth/signature/rsa/sha1'
+require 'stringio'
 
 
 # This performs testing against Andy Smith's test server http://term.ie/oauth/example/
@@ -318,10 +319,43 @@ class ConsumerTest < Test::Unit::TestCase
       debug)
   end
 
+  def test_post_with_body_stream
+    @consumer=OAuth::Consumer.new( 
+        "key",
+        "secret",
+        {
+        :site=>"http://term.ie",
+        :request_token_path=>"/oauth/example/request_token.php",
+        :access_token_path=>"/oauth/example/access_token.php",
+        :authorize_path=>"/oauth/example/authorize.php"
+        })
+    
+    
+    @request_token=@consumer.get_request_token
+    @access_token=@request_token.get_access_token
+
+    request_body_string = "Hello, hello, hello"
+    request_body_stream = StringIO.new( request_body_string )
+
+    @response=@access_token.post("/oauth/example/echo_api.php",request_body_stream)
+    assert_not_nil @response
+    assert_equal "200",@response.code
+
+    request_body_file = File.open(__FILE__)
+
+    @response=@access_token.post("/oauth/example/echo_api.php",request_body_file)
+    assert_not_nil @response
+    assert_equal "200",@response.code
+
+    # unfortunately I don't know of a way to test that the body data was received correctly since the test server at http://term.ie
+    # echos back any non-oauth parameters but not the body.  However, this does test that the request is still correctly signed 
+    # (including the Content-Length header) and that the server received Content-Length bytes of body since it won't process the
+    # request & respond until the full body length is received.
+  end
+
   protected
 
   def request_parameters_to_s
     @request_parameters.map { |k,v| "#{k}=#{v}" }.join("&")
   end
-  
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: mojodna-oauth
 version: !ruby/object:Gem::Version 
-  version: 0.3.4
+  version: 0.3.4.1
 platform: ruby
 authors: 
 - Pelle Braendgaard