oauth-instructure 0.4.8

data/lib/oauth/signature/sha1.rb

@@ -0,0 +1,13 @@
+require 'oauth/signature/base'
+require 'digest/sha1'
+
+module OAuth::Signature
+  class SHA1 < Base
+    implements 'sha1'
+    digest_class Digest::SHA1
+
+    def signature_base_string
+      secret + super
+    end
+  end
+end

data/lib/oauth/token.rb

@@ -0,0 +1,7 @@
+# this exists for backwards-compatibility
+
+require 'oauth/tokens/token'
+require 'oauth/tokens/server_token'
+require 'oauth/tokens/consumer_token'
+require 'oauth/tokens/request_token'
+require 'oauth/tokens/access_token'

data/lib/oauth/tokens/access_token.rb

@@ -0,0 +1,71 @@
+module OAuth
+  # The Access Token is used for the actual "real" web service calls that you perform against the server
+  class AccessToken < ConsumerToken
+    # The less intrusive way. Otherwise, if we are to do it correctly inside consumer,
+    # we need to restructure and touch more methods: request(), sign!(), etc.
+    def request(http_method, path, *arguments)
+      request_uri = URI.parse(path)
+      site_uri = consumer.uri
+      is_service_uri_different = (request_uri.absolute? && request_uri != site_uri)
+      begin
+        consumer.uri(request_uri) if is_service_uri_different
+        @response = super(http_method, path, *arguments)
+      ensure
+        # NOTE: reset for wholesomeness? meaning that we admit only AccessToken service calls may use different URIs?
+        # so reset in case consumer is still used for other token-management tasks subsequently?
+        consumer.uri(site_uri) if is_service_uri_different
+      end
+      @response
+    end
+
+    # Make a regular GET request using AccessToken
+    #
+    #   @response = @token.get('/people')
+    #   @response = @token.get('/people', { 'Accept'=>'application/xml' })
+    #
+    def get(path, headers = {})
+      request(:get, path, headers)
+    end
+
+    # Make a regular HEAD request using AccessToken
+    #
+    #   @response = @token.head('/people')
+    #
+    def head(path, headers = {})
+      request(:head, path, headers)
+    end
+
+    # Make a regular POST request using AccessToken
+    #
+    #   @response = @token.post('/people')
+    #   @response = @token.post('/people', { :name => 'Bob', :email => 'bob@mailinator.com' })
+    #   @response = @token.post('/people', { :name => 'Bob', :email => 'bob@mailinator.com' }, { 'Accept' => 'application/xml' })
+    #   @response = @token.post('/people', nil, {'Accept' => 'application/xml' })
+    #   @response = @token.post('/people', @person.to_xml, { 'Accept'=>'application/xml', 'Content-Type' => 'application/xml' })
+    #
+    def post(path, body = '', headers = {})
+      request(:post, path, body, headers)
+    end
+
+    # Make a regular PUT request using AccessToken
+    #
+    #   @response = @token.put('/people/123')
+    #   @response = @token.put('/people/123', { :name => 'Bob', :email => 'bob@mailinator.com' })
+    #   @response = @token.put('/people/123', { :name => 'Bob', :email => 'bob@mailinator.com' }, { 'Accept' => 'application/xml' })
+    #   @response = @token.put('/people/123', nil, { 'Accept' => 'application/xml' })
+    #   @response = @token.put('/people/123', @person.to_xml, { 'Accept' => 'application/xml', 'Content-Type' => 'application/xml' })
+    #
+    def put(path, body = '', headers = {})
+      request(:put, path, body, headers)
+    end
+
+    # Make a regular DELETE request using AccessToken
+    #
+    #   @response = @token.delete('/people/123')
+    #   @response = @token.delete('/people/123', { 'Accept' => 'application/xml' })
+    #
+    def delete(path, headers = {})
+      request(:delete, path, headers)
+    end
+  end
+end

data/lib/oauth/tokens/consumer_token.rb

@@ -0,0 +1,33 @@
+module OAuth
+  # Superclass for tokens used by OAuth Clients
+  class ConsumerToken < Token
+    attr_accessor :consumer, :params
+    attr_reader   :response
+
+    def self.from_hash(consumer, hash)
+      token = self.new(consumer, hash[:oauth_token], hash[:oauth_token_secret])
+      token.params = hash
+      token
+    end
+
+    def initialize(consumer, token="", secret="")
+      super(token, secret)
+      @consumer = consumer
+      @params   = {}
+    end
+
+    # Make a signed request using given http_method to the path
+    #
+    #   @token.request(:get,  '/people')
+    #   @token.request(:post, '/people', @person.to_xml, { 'Content-Type' => 'application/xml' })
+    #
+    def request(http_method, path, *arguments)
+      @response = consumer.request(http_method, path, self, {}, *arguments)
+    end
+
+    # Sign a request generated elsewhere using Net:HTTP::Post.new or friends
+    def sign!(request, options = {})
+      consumer.sign!(request, self, options)
+    end
+  end
+end

data/lib/oauth/tokens/request_token.rb

@@ -0,0 +1,32 @@
+module OAuth
+  # The RequestToken is used for the initial Request.
+  # This is normally created by the Consumer object.
+  class RequestToken < ConsumerToken
+
+    # Generate an authorization URL for user authorization
+    def authorize_url(params = nil)
+      params = (params || {}).merge(:oauth_token => self.token)
+      build_authorize_url(consumer.authorize_url, params)
+    end
+
+    def callback_confirmed?
+      params[:oauth_callback_confirmed] == "true"
+    end
+
+    # exchange for AccessToken on server
+    def get_access_token(options = {}, *arguments)
+      response = consumer.token_request(consumer.http_method, (consumer.access_token_url? ? consumer.access_token_url : consumer.access_token_path), self, options, *arguments)
+      OAuth::AccessToken.from_hash(consumer, response)
+    end
+
+  protected
+
+    # construct an authorization url
+    def build_authorize_url(base_url, params)
+      uri = URI.parse(base_url.to_s)
+      # TODO doesn't handle array values correctly
+      uri.query = params.map { |k,v| [k, CGI.escape(v)] * "=" } * "&"
+      uri.to_s
+    end
+  end
+end

data/lib/oauth/tokens/server_token.rb

@@ -0,0 +1,9 @@
+module OAuth
+  # Used on the server for generating tokens
+  class ServerToken < Token
+
+    def initialize
+      super(generate_key(16), generate_key)
+    end
+  end
+end

data/lib/oauth/tokens/token.rb

@@ -0,0 +1,17 @@
+module OAuth
+  # Superclass for the various tokens used by OAuth
+  class Token
+    include OAuth::Helper
+
+    attr_accessor :token, :secret
+
+    def initialize(token, secret)
+      @token = token
+      @secret = secret
+    end
+
+    def to_query
+      "oauth_token=#{escape(token)}&oauth_secret=#{escape(secret)}"
+    end
+  end
+end

data/oauth.gemspec

@@ -0,0 +1,148 @@
+# Generated by jeweler
+# DO NOT EDIT THIS FILE DIRECTLY
+# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |s|
+  s.name = "oauth-instructure"
+  s.version = "0.4.8"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Pelle Braendgaard", "Blaine Cook", "Larry Halff", "Jesse Clark", "Jon Crosby", "Seth Fitzsimmons", "Matt Sanford", "Aaron Quint"]
+  s.description = "OAuth Core Ruby implementation"
+  s.email = "oauth-ruby@googlegroups.com"
+  s.executables = ["oauth"]
+  s.extra_rdoc_files = [
+    "LICENSE",
+    "README.rdoc",
+    "TODO"
+  ]
+  s.files = [
+    ".gemtest",
+    "Gemfile",
+    "Gemfile.lock",
+    "HISTORY",
+    "LICENSE",
+    "README.rdoc",
+    "Rakefile",
+    "TODO",
+    "bin/oauth",
+    "examples/yql.rb",
+    "lib/digest/hmac.rb",
+    "lib/oauth.rb",
+    "lib/oauth/cli.rb",
+    "lib/oauth/client.rb",
+    "lib/oauth/client/action_pack.rb",
+    "lib/oauth/client/em_http.rb",
+    "lib/oauth/client/helper.rb",
+    "lib/oauth/client/net_http.rb",
+    "lib/oauth/consumer.rb",
+    "lib/oauth/core_ext.rb",
+    "lib/oauth/errors.rb",
+    "lib/oauth/errors/error.rb",
+    "lib/oauth/errors/problem.rb",
+    "lib/oauth/errors/unauthorized.rb",
+    "lib/oauth/helper.rb",
+    "lib/oauth/oauth.rb",
+    "lib/oauth/oauth_test_helper.rb",
+    "lib/oauth/request_proxy.rb",
+    "lib/oauth/request_proxy/action_controller_request.rb",
+    "lib/oauth/request_proxy/action_dispatch_request.rb",
+    "lib/oauth/request_proxy/base.rb",
+    "lib/oauth/request_proxy/curb_request.rb",
+    "lib/oauth/request_proxy/em_http_request.rb",
+    "lib/oauth/request_proxy/jabber_request.rb",
+    "lib/oauth/request_proxy/mock_request.rb",
+    "lib/oauth/request_proxy/net_http.rb",
+    "lib/oauth/request_proxy/rack_request.rb",
+    "lib/oauth/request_proxy/typhoeus_request.rb",
+    "lib/oauth/server.rb",
+    "lib/oauth/signature.rb",
+    "lib/oauth/signature/base.rb",
+    "lib/oauth/signature/hmac/base.rb",
+    "lib/oauth/signature/hmac/md5.rb",
+    "lib/oauth/signature/hmac/rmd160.rb",
+    "lib/oauth/signature/hmac/sha1.rb",
+    "lib/oauth/signature/hmac/sha2.rb",
+    "lib/oauth/signature/md5.rb",
+    "lib/oauth/signature/plaintext.rb",
+    "lib/oauth/signature/rsa/sha1.rb",
+    "lib/oauth/signature/sha1.rb",
+    "lib/oauth/token.rb",
+    "lib/oauth/tokens/access_token.rb",
+    "lib/oauth/tokens/consumer_token.rb",
+    "lib/oauth/tokens/request_token.rb",
+    "lib/oauth/tokens/server_token.rb",
+    "lib/oauth/tokens/token.rb",
+    "oauth.gemspec",
+    "tasks/deployment.rake",
+    "tasks/environment.rake",
+    "tasks/website.rake",
+    "test/cases/oauth_case.rb",
+    "test/cases/spec/1_0-final/test_construct_request_url.rb",
+    "test/cases/spec/1_0-final/test_normalize_request_parameters.rb",
+    "test/cases/spec/1_0-final/test_parameter_encodings.rb",
+    "test/cases/spec/1_0-final/test_signature_base_strings.rb",
+    "test/integration/consumer_test.rb",
+    "test/keys/rsa.cert",
+    "test/keys/rsa.pem",
+    "test/test_access_token.rb",
+    "test/test_action_controller_request_proxy.rb",
+    "test/test_consumer.rb",
+    "test/test_curb_request_proxy.rb",
+    "test/test_em_http_client.rb",
+    "test/test_em_http_request_proxy.rb",
+    "test/test_helper.rb",
+    "test/test_hmac_sha1.rb",
+    "test/test_net_http_client.rb",
+    "test/test_net_http_request_proxy.rb",
+    "test/test_oauth_helper.rb",
+    "test/test_rack_request_proxy.rb",
+    "test/test_request_token.rb",
+    "test/test_rsa_sha1.rb",
+    "test/test_server.rb",
+    "test/test_signature.rb",
+    "test/test_signature_base.rb",
+    "test/test_signature_plain_text.rb",
+    "test/test_token.rb",
+    "test/test_typhoeus_request_proxy.rb"
+  ]
+  s.require_paths = ["lib"]
+  s.rubyforge_project = "oauth"
+  s.rubygems_version = "1.8.23"
+  s.summary = "OAuth Core Ruby implementation"
+
+  if s.respond_to? :specification_version then
+    s.specification_version = 3
+
+    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
+      s.add_development_dependency(%q<rake>, [">= 0"])
+      s.add_development_dependency(%q<jeweler>, [">= 0"])
+      s.add_development_dependency(%q<actionpack>, [">= 2.3.5"])
+      s.add_development_dependency(%q<rack>, [">= 1.0.0"])
+      s.add_development_dependency(%q<mocha>, [">= 0.9.8"])
+      s.add_development_dependency(%q<typhoeus>, [">= 0.1.13"])
+      s.add_development_dependency(%q<em-http-request>, [">= 0.2.10"])
+      s.add_development_dependency(%q<curb>, [">= 0.6.6.0"])
+    else
+      s.add_dependency(%q<rake>, [">= 0"])
+      s.add_dependency(%q<jeweler>, [">= 0"])
+      s.add_dependency(%q<actionpack>, [">= 2.3.5"])
+      s.add_dependency(%q<rack>, [">= 1.0.0"])
+      s.add_dependency(%q<mocha>, [">= 0.9.8"])
+      s.add_dependency(%q<typhoeus>, [">= 0.1.13"])
+      s.add_dependency(%q<em-http-request>, [">= 0.2.10"])
+      s.add_dependency(%q<curb>, [">= 0.6.6.0"])
+    end
+  else
+    s.add_dependency(%q<rake>, [">= 0"])
+    s.add_dependency(%q<jeweler>, [">= 0"])
+    s.add_dependency(%q<actionpack>, [">= 2.3.5"])
+    s.add_dependency(%q<rack>, [">= 1.0.0"])
+    s.add_dependency(%q<mocha>, [">= 0.9.8"])
+    s.add_dependency(%q<typhoeus>, [">= 0.1.13"])
+    s.add_dependency(%q<em-http-request>, [">= 0.2.10"])
+    s.add_dependency(%q<curb>, [">= 0.6.6.0"])
+  end
+end
+

data/tasks/deployment.rake

@@ -0,0 +1,34 @@
+desc 'Release the website and new gem version'
+task :deploy => [:check_version, :website, :release] do
+  puts "Remember to create SVN tag:"
+  puts "svn copy svn+ssh://#{rubyforge_username}@rubyforge.org/var/svn/#{PATH}/trunk " +
+    "svn+ssh://#{rubyforge_username}@rubyforge.org/var/svn/#{PATH}/tags/REL-#{VERS} "
+  puts "Suggested comment:"
+  puts "Tagging release #{CHANGES}"
+end
+
+desc 'Runs tasks website_generate and install_gem as a local deployment of the gem'
+task :local_deploy => [:website_generate, :install_gem]
+
+task :check_version do
+  unless ENV['VERSION']
+    puts 'Must pass a VERSION=x.y.z release version'
+    exit
+  end
+  unless ENV['VERSION'] == VERS
+    puts "Please update your version.rb to match the release version, currently #{VERS}"
+    exit
+  end
+end
+
+desc 'Install the package as a gem, without generating documentation(ri/rdoc)'
+task :install_gem_no_doc => [:clean, :package] do
+  sh "#{'sudo ' unless Hoe::WINDOZE }gem install pkg/*.gem --no-rdoc --no-ri"
+end
+
+namespace :manifest do
+  desc 'Recreate Manifest.txt to include ALL files'
+  task :refresh do
+    `rake check_manifest | patch -p0 > Manifest.txt`
+  end
+end

data/tasks/environment.rake

@@ -0,0 +1,7 @@
+task :ruby_env do
+  RUBY_APP = if RUBY_PLATFORM =~ /java/
+    "jruby"
+  else
+    "ruby"
+  end unless defined? RUBY_APP
+end

data/tasks/website.rake

@@ -0,0 +1,17 @@
+desc 'Generate website files'
+task :website_generate => :ruby_env do
+  (Dir['website/**/*.txt'] - Dir['website/version*.txt']).each do |txt|
+    sh %{ #{RUBY_APP} script/txt2html #{txt} > #{txt.gsub(/txt$/,'html')} }
+  end
+end
+
+desc 'Upload website files to rubyforge'
+task :website_upload do
+  host = "#{rubyforge_username}@rubyforge.org"
+  remote_dir = "/var/www/gforge-projects/#{PATH}/"
+  local_dir = 'website'
+  sh %{rsync -aCv #{local_dir}/ #{host}:#{remote_dir}}
+end
+
+desc 'Generate and upload website files'
+task :website => [:website_generate, :website_upload, :publish_docs]

data/test/cases/oauth_case.rb

@@ -0,0 +1,19 @@
+require 'test/unit'
+require 'oauth/signature'
+require 'oauth/request_proxy/mock_request'
+
+
+class OAuthCase < Test::Unit::TestCase
+  # avoid whining about a lack of tests
+  def run(*args)
+    return if @method_name.to_s == "default_test"
+    super
+  end
+
+  protected
+
+  # Creates a fake request
+  def request(params={},method='GET',uri="http://photos.example.net/photos")
+    OAuth::RequestProxy.proxy({'parameters'=>params,'method'=>method,'uri'=>uri})
+  end
+end

data/test/cases/spec/1_0-final/test_construct_request_url.rb

@@ -0,0 +1,62 @@
+require File.expand_path('../../../oauth_case', __FILE__)
+
+# See http://oauth.net/core/1.0/#anchor14
+#
+#9.1.2.  Construct Request URL
+#
+#The Signature Base String includes the request absolute URL, tying the signature to a specific endpoint. The URL used in the Signature Base String MUST include the scheme, authority, and path, and MUST exclude the query and fragment as defined by [RFC3986] section 3.
+#
+#If the absolute request URL is not available to the Service Provider (it is always available to the Consumer), it can be constructed by combining the scheme being used, the HTTP Host header, and the relative HTTP request URL. If the Host header is not available, the Service Provider SHOULD use the host name communicated to the Consumer in the documentation or other means.
+#
+#The Service Provider SHOULD document the form of URL used in the Signature Base String to avoid ambiguity due to URL normalization. Unless specified, URL scheme and authority MUST be lowercase and include the port number; http default port 80 and https default port 443 MUST be excluded.
+#
+#For example, the request:
+#
+#                HTTP://Example.com:80/resource?id=123
+#Is included in the Signature Base String as:
+#
+#                http://example.com/resource
+
+
+class ConstructRequestUrlTest < OAuthCase
+
+  def test_from_spec
+    assert_request_url("http://example.com/resource","HTTP://Example.com:80/resource?id=123")
+  end
+
+  def test_simple_url_with_ending_slash
+    assert_request_url("http://example.com/","http://example.com/")
+  end
+
+  def test_simple_url_without_ending_slash
+    assert_request_url("http://example.com/","http://example.com")
+  end
+
+  def test_of_normalized_http
+    assert_request_url("http://example.com/resource","http://example.com/resource")
+  end
+
+  def test_of_https
+    assert_request_url("https://example.com/resource","HTTPS://Example.com:443/resource?id=123")
+  end
+
+  def test_of_normalized_https
+    assert_request_url("https://example.com/resource","https://example.com/resource")
+  end
+
+  def test_of_http_with_non_standard_port
+    assert_request_url("http://example.com:8080/resource","http://example.com:8080/resource")
+  end
+
+  def test_of_https_with_non_standard_port
+    assert_request_url("https://example.com:8080/resource","https://example.com:8080/resource")
+  end
+
+  protected
+
+
+  def assert_request_url(expected,given,message=nil)
+    assert_equal expected, request({},'GET',given).normalized_uri, message
+  end
+
+end