monkeyhelper-oauth 0.3.1 → 0.3.5

data/lib/oauth/request_proxy/base.rb

@@ -16,70 +16,133 @@ module OAuth::RequestProxy
       @options = options
     end
 
-    def token
-      parameters['oauth_token']
-    end
+    ## OAuth parameters
 
-    def consumer_key
-      parameters['oauth_consumer_key']
+    def oauth_callback
+      parameters['oauth_callback']
     end
 
-    def parameters_for_signature
-      p = parameters.dup
-      p.delete("oauth_signature")
-      p
+    def oauth_consumer_key
+      parameters['oauth_consumer_key']
     end
 
-    def nonce
+    def oauth_nonce
       parameters['oauth_nonce']
     end
 
-    def timestamp
-      parameters['oauth_timestamp']
+    def oauth_signature
+      # TODO can this be nil?
+      parameters['oauth_signature'] || ""
     end
 
-    def signature_method
+    def oauth_signature_method
       case parameters['oauth_signature_method']
-      when Array: parameters['oauth_signature_method'].first
+      when Array
+        parameters['oauth_signature_method'].first
       else
         parameters['oauth_signature_method']
       end
     end
 
-    def signature
-      parameters['oauth_signature'] || ""
+    def oauth_timestamp
+      parameters['oauth_timestamp']
+    end
+
+    def oauth_token
+      parameters['oauth_token']
+    end
+
+    def oauth_verifier
+      parameters['oauth_verifier']
+    end
+
+    def oauth_version
+      parameters["oauth_version"]
+    end
+
+    # TODO deprecate these
+    alias_method :consumer_key,     :oauth_consumer_key
+    alias_method :token,            :oauth_token
+    alias_method :nonce,            :oauth_nonce
+    alias_method :timestamp,        :oauth_timestamp
+    alias_method :signature,        :oauth_signature
+    alias_method :signature_method, :oauth_signature_method
+
+    ## Parameter accessors
+
+    def parameters
+      raise NotImplementedError, "Must be implemented by subclasses"
     end
-    
+
+    def parameters_for_signature
+      parameters.reject { |k,v| k == "oauth_signature" }
+    end
+
+    def oauth_parameters
+      parameters.select { |k,v| OAuth::PARAMETERS.include?(k) }.reject { |k,v| v == "" }
+    end
+
+    def non_oauth_parameters
+      parameters.reject { |k,v| OAuth::PARAMETERS.include?(k) }
+    end
+
     # See 9.1.2 in specs
     def normalized_uri
-      u=URI.parse(uri)
-      "#{u.scheme.downcase}://#{u.host.downcase}#{(u.scheme.downcase=='http'&&u.port!=80)||(u.scheme.downcase=='https'&&u.port!=443) ? ":#{u.port}" : ""}#{(u.path&&u.path!='') ? u.path : '/'}"
+      u = URI.parse(uri)
+      "#{u.scheme.downcase}://#{u.host.downcase}#{(u.scheme.downcase == 'http' && u.port != 80) || (u.scheme.downcase == 'https' && u.port != 443) ? ":#{u.port}" : ""}#{(u.path && u.path != '') ? u.path : '/'}"
     end
-    
+
     # See 9.1.1. in specs Normalize Request Parameters
     def normalized_parameters
-      parameters_for_signature.sort.map do |k, values|
+      normalize(parameters_for_signature)
+    end
 
-        if values.is_a?(Array)
-          # multiple values were provided for a single key
-          values.sort.collect do |v|
-            [escape(k),escape(v)] * "="
-          end
-        else
-          [escape(k),escape(values)] * "="
-        end
-      end * "&"
+    def sign(options = {})
+      OAuth::Signature.sign(self, options)
     end
-    
+
+    def sign!(options = {})
+      parameters["oauth_signature"] = sign(options)
+      @signed = true
+      signature
+    end
+
     # See 9.1 in specs
     def signature_base_string
       base = [method, normalized_uri, normalized_parameters]
       base.map { |v| escape(v) }.join("&")
     end
-    
-    
-    protected
-    
+
+    # Has this request been signed yet?
+    def signed?
+      @signed
+    end
+
+    # URI, including OAuth parameters
+    def signed_uri(with_oauth = true)
+      if signed?
+        if with_oauth
+          params = parameters
+        else
+          params = non_oauth_parameters
+        end
+
+        [uri, normalize(params)] * "?"
+      else
+        STDERR.puts "This request has not yet been signed!"
+      end
+    end
+
+    # Authorization header for OAuth
+    def oauth_header(options = {})
+      header_params_str = oauth_parameters.map { |k,v| "#{k}=\"#{escape(v)}\"" }.join(', ')
+
+      realm = "realm=\"#{options[:realm]}\", " if options[:realm]
+      "OAuth #{realm}#{header_params_str}"
+    end
+
+  protected
+
     def header_params
       %w( X-HTTP_AUTHORIZATION Authorization HTTP_AUTHORIZATION ).each do |header|
         next unless request.env.include?(header)
@@ -87,10 +150,10 @@ module OAuth::RequestProxy
         header = request.env[header]
         next unless header[0,6] == 'OAuth '
 
-        oauth_param_string = header[6,header.length].split(/[,=]/)
-        oauth_param_string.map! { |v| unescape(v.strip) }
-        oauth_param_string.map! { |v| v =~ /^\".*\"$/ ? v[1..-2] : v }
-        oauth_params = Hash[*oauth_param_string.flatten]
+        # parse the header into a Hash
+        oauth_params = OAuth::Helper.parse_header(header)
+
+        # remove non-OAuth parameters
         oauth_params.reject! { |k,v| k !~ /^oauth_/ }
 
         return oauth_params
@@ -98,10 +161,5 @@ module OAuth::RequestProxy
 
       return {}
     end
-    
-    def unescape(value)
-      URI.unescape(value.gsub('+', '%2B'))
-    end
-    
   end
 end

data/lib/oauth/request_proxy/jabber_request.rb

@@ -32,11 +32,10 @@ module OAuth
       def uri
         [@request.from.strip.to_s, @request.to.strip.to_s].join("&")
       end
-      
+
       def normalized_uri
         uri
       end
-      
     end
   end
 end

data/lib/oauth/request_proxy/mock_request.rb

@@ -28,6 +28,14 @@ module OAuth
         @request["method"]
       end
 
+      def normalized_uri
+        super
+      rescue
+        # if this is a non-standard URI, it may not parse properly
+        # in that case, assume that it's already been normalized
+        uri
+      end
+
       def uri
         @request["uri"]
       end

data/lib/oauth/request_proxy/net_http.rb

@@ -25,7 +25,7 @@ module OAuth::RequestProxy::Net
         end
       end
 
-      private
+    private
 
       def all_parameters
         request_params = CGI.parse(query_string)
@@ -47,7 +47,7 @@ module OAuth::RequestProxy::Net
         params << post_params if method.to_s.upcase == 'POST' && is_form_urlencoded
         params.compact.join('&')
       end
-      
+
       def query_params
         URI.parse(request.path).query
       end

data/lib/oauth/request_proxy/rack_request.rb

@@ -5,11 +5,11 @@ require 'rack'
 module OAuth::RequestProxy
   class RackRequest < OAuth::RequestProxy::Base
     proxies Rack::Request
-    
+
     def method
-      request.request_method
+      request.env["rack.methodoverride.original_method"] || request.request_method
     end
-    
+
     def uri
       request.url
     end
@@ -22,12 +22,12 @@ module OAuth::RequestProxy
         params.merge(options[:parameters] || {})
       end
     end
-    
+
     def signature
       parameters['oauth_signature']
     end
-    
-    protected
+
+  protected
 
     def query_params
       request.GET
@@ -37,4 +37,4 @@ module OAuth::RequestProxy
       request.params
     end
   end
-end
+end

data/lib/oauth/server.rb

@@ -1,68 +1,66 @@
 require 'oauth/helper'
 require 'oauth/consumer'
+
 module OAuth
   # This is mainly used to create consumer credentials and can pretty much be ignored if you want to create your own
   class Server
     include OAuth::Helper
     attr_accessor :base_url
-    
-    @@server_paths={
-      :request_token_path=>"/oauth/request_token",
-      :authorize_path=>"/oauth/authorize",
-      :access_token_path=>"/oauth/access_token"
+
+    @@server_paths = {
+      :request_token_path => "/oauth/request_token",
+      :authorize_path     => "/oauth/authorize",
+      :access_token_path  => "/oauth/access_token"
     }
+
     # Create a new server instance
-    def initialize(base_url,paths={})
-      @base_url=base_url
-      @paths=@@server_paths.merge(paths)
+    def initialize(base_url, paths = {})
+      @base_url = base_url
+      @paths = @@server_paths.merge(paths)
     end
-        
-    def generate_credentials()
-      [generate_key(16),generate_key]
+
+    def generate_credentials
+      [generate_key(16), generate_key]
     end
-    
-    def generate_consumer_credentials(params={})
-      Consumer.new( *generate_credentials)
+
+    def generate_consumer_credentials(params = {})
+      Consumer.new(*generate_credentials)
     end
 
     # mainly for testing purposes
     def create_consumer
-      credentials=generate_credentials
-      Consumer.new( 
-        credentials[0],
-        credentials[1],
+      creds = generate_credentials
+      Consumer.new(creds[0], creds[1],
         {
-          :site=>base_url,
-          :request_token_path=>request_token_path,
-          :authorize_path=>authorize_path,
-          :access_token_path=>access_token_path
-      })
+          :site               => base_url,
+          :request_token_path => request_token_path,
+          :authorize_path     => authorize_path,
+          :access_token_path  => access_token_path
+        })
     end
-        
+
     def request_token_path
       @paths[:request_token_path]
     end
-    
+
     def request_token_url
-      base_url+request_token_path
+      base_url + request_token_path
     end
-    
+
     def authorize_path
       @paths[:authorize_path]
     end
-    
+
     def authorize_url
-      base_url+authorize_path
+      base_url + authorize_path
     end
-    
+
     def access_token_path
       @paths[:access_token_path]
     end
 
     def access_token_url
-      base_url+access_token_path
+      base_url + access_token_path
     end
-    
-    
   end
 end

data/lib/oauth/signature/base.rb

@@ -6,9 +6,10 @@ require 'base64'
 module OAuth::Signature
   class Base
     include OAuth::Helper
-    
+
     attr_accessor :options
-    
+    attr_reader :token_secret, :consumer_secret, :request
+
     def self.implements(signature_method)
       OAuth::Signature.available_methods[signature_method] = self
     end
@@ -18,32 +19,34 @@ module OAuth::Signature
       @digest_class = digest_class
     end
 
-    attr_reader :token_secret, :consumer_secret, :request
-
     def initialize(request, options = {}, &block)
       raise TypeError unless request.kind_of?(OAuth::RequestProxy::Base)
       @request = request
       @options = options
 
-      if block_given?
+      ## consumer secret was determined beforehand
 
-        # consumer secret and token secret need to be looked up based on pieces of the request
-        @token_secret, @consumer_secret = yield block.arity == 1 ? request : [token, consumer_key,nonce,request.timestamp]
+      @consumer_secret = options[:consumer].secret if options[:consumer]
 
-      else
-        ## consumer secret was determined beforehand
+      # presence of :consumer_secret option will override any Consumer that's provided
+      @consumer_secret = options[:consumer_secret] if options[:consumer_secret]
 
-        @consumer_secret = options[:consumer].secret if options[:consumer]
+      ## token secret was determined beforehand
 
-        # presence of :consumer_secret option will override any Consumer that's provided
-        @consumer_secret = options[:consumer_secret] if options[:consumer_secret]
+      @token_secret = options[:token].secret if options[:token]
 
-        ## token secret was determined beforehand
+      # presence of :token_secret option will override any Token that's provided
+      @token_secret = options[:token_secret] if options[:token_secret]
 
-        @token_secret = options[:token].secret if options[:token]
 
-        # presence of :token_secret option will override any Token that's provided
-        @token_secret = options[:token_secret] if options[:token_secret]
+      # override secrets based on the values returned from the block (if any)
+      if block_given?
+        # consumer secret and token secret need to be looked up based on pieces of the request
+        secrets = yield block.arity == 1 ? request : [token, consumer_key, nonce, request.timestamp]
+        if secrets.is_a?(Array) && secrets.size == 2
+          @token_secret = secrets[0]
+          @consumer_secret = secrets[1]
+        end
       end
     end
 
@@ -62,17 +65,17 @@ module OAuth::Signature
     def signature_base_string
       request.signature_base_string
     end
-    
-    private
+
+  private
 
     def token
       request.token
     end
-    
+
     def consumer_key
       request.consumer_key
     end
-    
+
     def nonce
       request.nonce
     end
@@ -84,6 +87,5 @@ module OAuth::Signature
     def digest
       self.class.digest_class.digest(signature_base_string)
     end
-
   end
 end

data/lib/oauth/signature/hmac/base.rb

@@ -3,7 +3,7 @@ require 'oauth/signature/base'
 module OAuth::Signature::HMAC
   class Base < OAuth::Signature::Base
 
-    private
+  private
 
     def digest
       self.class.digest_class.digest(secret, signature_base_string)

data/lib/oauth/signature/hmac/sha1.rb

@@ -1,5 +1,4 @@
 require 'oauth/signature/hmac/base'
-require 'rubygems'
 require 'hmac-sha1'
 
 module OAuth::Signature::HMAC

data/lib/oauth/signature/plaintext.rb

@@ -15,9 +15,9 @@ module OAuth::Signature
     def signature_base_string
       secret
     end
-    
+
     def secret
-      escape super
+      escape(super)
     end
   end
 end

data/lib/oauth/signature/rsa/sha1.rb

@@ -18,9 +18,9 @@ module OAuth::Signature::RSA
         consumer_secret
       end
     end
-    
-    private
-    
+
+  private
+
     def decode_public_key
       case consumer_secret
       when /-----BEGIN CERTIFICATE-----/
@@ -29,7 +29,7 @@ module OAuth::Signature::RSA
         OpenSSL::PKey::RSA.new( consumer_secret)
       end
     end
-    
+
     def digest
       private_key = OpenSSL::PKey::RSA.new(
         if options[:private_key_file]
@@ -38,6 +38,7 @@ module OAuth::Signature::RSA
           consumer_secret
         end
       )
+
       private_key.sign(OpenSSL::Digest::SHA1.new, signature_base_string)
     end
   end

data/lib/oauth/signature.rb

@@ -1,9 +1,13 @@
 module OAuth
   module Signature
+    # Returns a list of available signature methods
     def self.available_methods
       @available_methods ||= {}
     end
 
+    # Build a signature from a +request+.
+    #
+    # Raises UnknownSignatureMethod exception if the signature method is unknown.
     def self.build(request, options = {}, &block)
       request = OAuth::RequestProxy.proxy(request, options)
       klass = available_methods[(request.signature_method || "").downcase]
@@ -11,14 +15,19 @@ module OAuth
       klass.new(request, options, &block)
     end
 
+    # Sign a +request+
     def self.sign(request, options = {}, &block)
       self.build(request, options, &block).signature
     end
 
+    # Verify the signature of +request+
     def self.verify(request, options = {}, &block)
       self.build(request, options, &block).verify
     end
 
+    # Create the signature base string for +request+. This string is the normalized parameter information.
+    #
+    # See Also: {OAuth core spec version 1.0, section 9.1.1}[http://oauth.net/core/1.0#rfc.section.9.1.1]
     def self.signature_base_string(request, options = {}, &block)
       self.build(request, options, &block).signature_base_string
     end