oauth-plugin 0.4.0.pre4 → 0.4.0.pre5

data/lib/oauth/models/consumers/services/twitter_token.rb

@@ -1,17 +1,24 @@
-require 'twitter'
 class TwitterToken < ConsumerToken
-  TWITTER_SETTINGS={:site=>"http://twitter.com"}
-  def self.consumer
-    @consumer||=OAuth::Consumer.new credentials[:key],credentials[:secret],TWITTER_SETTINGS
+  TWITTER_SETTINGS={
+    :site => "https://api.twitter.com",
+    :request_token_path => "/oauth/request_token",
+    :authorize_path => "/oauth/authorize",
+    :access_token_path => "/oauth/access_token",
+  }
+  
+  def self.consumer(options={})
+    @consumer ||= OAuth::Consumer.new(credentials[:key], credentials[:secret], TWITTER_SETTINGS.merge(options))
   end
   
   def client
-    unless @client
-      @twitter_oauth=Twitter::OAuth.new TwitterToken.consumer.key,TwitterToken.consumer.secret
-      @twitter_oauth.authorize_from_access token,secret
-      @client=Twitter::Base.new(@twitter_oauth)
+    @client ||= begin 
+      if credentials[:client].to_sym==:oauth_gem  
+        super
+      else
+        require 'twitter'
+        Twitter::Client.new(:consumer_key => TwitterToken.consumer.key, :consumer_secret => TwitterToken.consumer.secret)
+      end
     end
-    
-    @client
   end
-end
+  
+end

data/lib/oauth/models/consumers/token.rb

@@ -7,7 +7,7 @@ module Oauth
       module Token
         def self.included(model)
           model.class_eval do
-            validates_presence_of :user, :token, :secret                      
+            validates_presence_of :user, :token
           end
 
           model.send(:include, InstanceMethods)
@@ -26,7 +26,6 @@ module Oauth
           end
 
           def get_request_token(callback_url)
-            Rails.logger.info "OAUTH_CONSUMER #{consumer.inspect}"
             consumer.get_request_token(:oauth_callback=>callback_url)
           end
 
@@ -39,13 +38,18 @@ module Oauth
           end
           
           def find_or_create_from_access_token(user,access_token)
+            secret = access_token.respond_to?(:secret) ? access_token.secret : nil
             if user
-              user.consumer_tokens.first(:conditions=>{:type=>self.to_s,:token=>access_token.token}) ||
-                user.consumer_tokens.create!(:type=>self.to_s,:token=>access_token.token, :secret=>access_token.secret)
+              token = self.find_or_initialize_by_user_id_and_token(user.id, access_token.token)
             else
-              ConsumerToken.first( :conditions =>{ :token=>access_token.token,:type=>self.to_s}) ||
-                create(:type=>self.to_s,:token=>access_token.token, :secret=>access_token.secret)
+              token = self.find_or_initialize_by_token(access_token.token)
             end
+            
+            # set or update the secret
+            token.secret = secret
+            token.save! if token.new_record? or token.changed?
+
+            token
           end
           
           def build_user_from_token

data/lib/oauth/rack/oauth_filter.rb

@@ -1,6 +1,8 @@
 require "rack"
 require "rack/request"
-require "oauth/signature"
+require "oauth"
+require "oauth/request_proxy/rack_request"
+
 module OAuth
   module Rack
     
@@ -22,29 +24,72 @@ module OAuth
       def call(env)        
         request = ::Rack::Request.new(env)
         env["oauth_plugin"]=true
-        if ClientApplication.verify_request(request) do |request_proxy|
+        strategies = []
+        if token_string = oauth2_token(request)
+          token = Oauth2Token.find_by_token(token_string) if token_string
+          if token
+            env["oauth.token"] = token
+            env["oauth.version"] = 2
+            strategies << :oauth20_token
+            strategies << :token            
+          end
+
+        elsif oauth1_verify(request) do |request_proxy|
             client_application = ClientApplication.find_by_key(request_proxy.consumer_key)
             env["oauth.client_application_candidate"] = client_application
-            # Store this temporarily in client_application object for use in request token generation 
+            # Store this temporarily in client_application object for use in request token generation
             client_application.token_callback_url=request_proxy.oauth_callback if request_proxy.oauth_callback
+
+            oauth_token = nil
             
-            oauth_token = client_application.tokens.first(:conditions=>{:token => request_proxy.token})
-            if oauth_token.respond_to?(:provided_oauth_verifier=)
-              oauth_token.provided_oauth_verifier=request_proxy.oauth_verifier 
+            if request_proxy.token
+              oauth_token = client_application.tokens.first(:conditions=>{:token => request_proxy.token})
+              if oauth_token.respond_to?(:provided_oauth_verifier=)
+                oauth_token.provided_oauth_verifier=request_proxy.oauth_verifier 
+              end
+              env["oauth.token_candidate"] = oauth_token
             end
-            env["oauth.token_candidate"] = oauth_token
             # return the token secret and the consumer secret
             [(oauth_token.nil? ? nil : oauth_token.secret), (client_application.nil? ? nil : client_application.secret)]
+        end
+          if env["oauth.token_candidate"]
+            env["oauth.token"] = env["oauth.token_candidate"]
+            strategies << :oauth10_token
+            if env["oauth.token"].is_a?(::RequestToken)
+              strategies << :oauth10_request_token
+            elsif env["oauth.token"].is_a?(::AccessToken)
+              strategies << :token
+              strategies << :oauth10_access_token
+            end
+          else
+            strategies << :two_legged
           end
-          env["oauth.token"] = env["oauth.token_candidate"]
           env["oauth.client_application"] = env["oauth.client_application_candidate"]
-#          Rails.logger.info "oauth.token = #{env["oauth.token"].inspect}"
+          env["oauth.version"] = 1
+
         end
+        env["oauth.strategies"] = strategies unless strategies.empty?
         env["oauth.client_application_candidate"] = nil
         env["oauth.token_candidate"] = nil
-        response = @app.call(env)
+        @app.call(env)
       end
-    end
-    
+
+      def oauth1_verify(request, options = {}, &block)
+        begin 
+          signature = OAuth::Signature.build(request, options, &block)
+          return false unless OauthNonce.remember(signature.request.nonce, signature.request.timestamp)
+          value = signature.verify
+          value
+        rescue OAuth::Signature::UnknownSignatureMethod => e
+          false
+        end
+      end
+
+      def oauth2_token(request)
+        request.params["oauth_token"] ||
+          request.env["HTTP_AUTHORIZATION"] &&
+            request.env["HTTP_AUTHORIZATION"][/^(OAuth|Token) ([^\s]*)$/] && $2
+      end
+    end      
   end
 end

data/oauth-plugin.gemspec

@@ -23,9 +23,17 @@ Gem::Specification.new do |s|
   s.rubyforge_project = %q{oauth}
   s.rubygems_version = %q{1.3.7}
   s.summary = %q{Ruby on Rails Plugin for OAuth Provider and Consumer}
-  s.add_development_dependency "twitter"
   s.add_development_dependency "opentransact"
-
-  s.add_dependency(%q<oauth>, [">= 0.4.4"])
+  s.add_development_dependency "rspec", "~> 2.4.0"
+  s.add_development_dependency "fakeweb"
+  s.add_development_dependency "fuubar"
+  s.add_development_dependency "guard-rspec"
+  s.add_development_dependency "growl"
+  s.add_development_dependency "rack-test"
+  
+  s.add_dependency "multi_json"
+  s.add_dependency("oauth", ["~> 0.4.4"])
+  s.add_dependency("rack")
+  s.add_dependency("oauth2")
 end
 

data/spec/rack/oauth_filter_spec.rb

@@ -0,0 +1,136 @@
+require 'spec_helper'
+require 'rack/test'
+require 'oauth/rack/oauth_filter'
+require 'multi_json'
+require 'forwardable'
+class OAuthEcho
+  def call(env)
+    response = {}
+    response[:oauth_token] = env["oauth.token"].token if env["oauth.token"]
+    response[:client_application] = env["oauth.client_application"].key if env["oauth.client_application"]
+    response[:oauth_version] = env["oauth.version"] if env["oauth.version"]
+    response[:strategies] = env["oauth.strategies"] if env["oauth.strategies"]
+     [200 ,{"Accept"=>"application/json"}, [MultiJson.encode(response)] ]
+  end
+end
+
+describe OAuth::Rack::OAuthFilter do
+  include Rack::Test::Methods
+
+  def app
+    @app ||= OAuth::Rack::OAuthFilter.new(OAuthEcho.new)
+  end
+
+  it "should pass through without oauth" do
+    get '/'
+    last_response.should be_ok
+    response = MultiJson.decode(last_response.body)
+    response.should == {}
+  end
+
+  it "should sign with consumer" do
+    get '/',{},{"HTTP_AUTHORIZATION"=>'OAuth oauth_consumer_key="my_consumer", oauth_nonce="amrLDyFE2AMztx5fOYDD1OEqWps6Mc2mAR5qyO44Rj8", oauth_signature="KCSg0RUfVFUcyhrgJo580H8ey0c%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1295039581", oauth_version="1.0"'}
+    last_response.should be_ok
+    response = MultiJson.decode(last_response.body)
+    response.should == {"client_application" => "my_consumer", "oauth_version"=>1, "strategies"=>["two_legged"]}
+  end
+
+  it "should sign with oauth 1 access token" do
+    client_application = ClientApplication.new "my_consumer"
+    ClientApplication.stub!(:find_by_key).and_return(client_application)
+    client_application.tokens.stub!(:first).and_return(AccessToken.new("my_token"))
+    get '/',{},{"HTTP_AUTHORIZATION"=>'OAuth oauth_consumer_key="my_consumer", oauth_nonce="oiFHXoN0172eigBBUfgaZLdQg7ycGekv8iTdfkCStY", oauth_signature="y35B2DqTWaNlzNX0p4wv%2FJAGzg8%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1295040394", oauth_token="my_token", oauth_version="1.0"'}
+    last_response.should be_ok
+    response = MultiJson.decode(last_response.body)
+    response.should == {"client_application" => "my_consumer", "oauth_token"=>"my_token","oauth_version"=>1, "strategies"=>["oauth10_token","token","oauth10_access_token"]}
+  end
+
+  it "should sign with oauth 1 request token" do
+    client_application = ClientApplication.new "my_consumer"
+    ClientApplication.stub!(:find_by_key).and_return(client_application)
+    client_application.tokens.stub!(:first).and_return(RequestToken.new("my_token"))
+    get '/',{},{"HTTP_AUTHORIZATION"=>'OAuth oauth_consumer_key="my_consumer", oauth_nonce="oiFHXoN0172eigBBUfgaZLdQg7ycGekv8iTdfkCStY", oauth_signature="y35B2DqTWaNlzNX0p4wv%2FJAGzg8%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1295040394", oauth_token="my_token", oauth_version="1.0"'}
+    last_response.should be_ok
+    response = MultiJson.decode(last_response.body)
+    response.should == {"client_application" => "my_consumer", "oauth_token"=>"my_token","oauth_version"=>1, "strategies"=>["oauth10_token","oauth10_request_token"]}
+  end
+
+  it "should authenticate with oauth2 auth header" do
+    get '/',{},{"HTTP_AUTHORIZATION"=>"OAuth my_token"}
+    last_response.should be_ok
+    response = MultiJson.decode(last_response.body)
+    response.should == {"oauth_token" => "my_token", "oauth_version"=>2, "strategies"=>["oauth20_token","token"]}
+  end
+
+  it "should authenticate with pre draft 10 oauth2 auth header" do
+    get '/',{},{"HTTP_AUTHORIZATION"=>"Token my_token"}
+    last_response.should be_ok
+    response = MultiJson.decode(last_response.body)
+    response.should == {"oauth_token" => "my_token", "oauth_version"=>2, "strategies"=>["oauth20_token","token"]}
+  end
+
+  it "should authenticate with oauth2 query parameter" do
+    get '/?oauth_token=my_token'
+    last_response.should be_ok
+    response = MultiJson.decode(last_response.body)
+    response.should == {"oauth_token" => "my_token", "oauth_version"=>2, "strategies"=>["oauth20_token","token"]}
+  end
+
+  it "should authenticate with oauth2 post parameter" do
+    post '/', :oauth_token=>'my_token'
+    last_response.should be_ok
+    response = MultiJson.decode(last_response.body)
+    response.should == {"oauth_token" => "my_token", "oauth_version"=>2, "strategies"=>["oauth20_token","token"]}
+  end
+
+
+  # Dummy implementation
+  class ClientApplication
+    attr_accessor :key
+
+    def self.find_by_key(key)
+      ClientApplication.new(key)
+    end
+
+    def initialize(key)
+      @key = key
+    end
+
+    def tokens
+      @tokens||=[]
+    end
+
+    def secret
+      "secret"
+    end
+  end
+
+  class OauthToken
+    attr_accessor :token
+
+    def self.find_by_token(token)
+      OauthToken.new(token)
+    end
+
+    def initialize(token)
+      @token = token
+    end
+
+    def secret
+      "secret"
+    end
+  end
+
+  class Oauth2Token < OauthToken ; end
+  class AccessToken < OauthToken ; end
+  class RequestToken < OauthToken ; end
+
+  class OauthNonce
+    # Always remember
+    def self.remember(nonce,timestamp)
+      true
+    end
+  end
+
+
+end

data/spec/spec_helper.rb

@@ -0,0 +1,3 @@
+$LOAD_PATH.unshift(File.dirname(__FILE__))
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+require 'rspec'

metadata

@@ -1,13 +1,8 @@
 --- !ruby/object:Gem::Specification 
 name: oauth-plugin
 version: !ruby/object:Gem::Version 
-  prerelease: true
-  segments: 
-  - 0
-  - 4
-  - 0
-  - pre4
-  version: 0.4.0.pre4
+  prerelease: 6
+  version: 0.4.0.pre5
 platform: ruby
 authors: 
 - Pelle Braendgaard
@@ -19,46 +14,126 @@ date: 2010-12-08 00:00:00 -05:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
-  name: twitter
+  name: opentransact
   prerelease: false
   requirement: &id001 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
-        segments: 
-        - 0
         version: "0"
   type: :development
   version_requirements: *id001
 - !ruby/object:Gem::Dependency 
-  name: opentransact
+  name: rspec
   prerelease: false
   requirement: &id002 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
-    - - ">="
+    - - ~>
       - !ruby/object:Gem::Version 
-        segments: 
-        - 0
-        version: "0"
+        version: 2.4.0
   type: :development
   version_requirements: *id002
 - !ruby/object:Gem::Dependency 
-  name: oauth
+  name: fakeweb
   prerelease: false
   requirement: &id003 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
-        segments: 
-        - 0
-        - 4
-        - 4
+        version: "0"
+  type: :development
+  version_requirements: *id003
+- !ruby/object:Gem::Dependency 
+  name: fuubar
+  prerelease: false
+  requirement: &id004 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: "0"
+  type: :development
+  version_requirements: *id004
+- !ruby/object:Gem::Dependency 
+  name: guard-rspec
+  prerelease: false
+  requirement: &id005 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: "0"
+  type: :development
+  version_requirements: *id005
+- !ruby/object:Gem::Dependency 
+  name: growl
+  prerelease: false
+  requirement: &id006 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: "0"
+  type: :development
+  version_requirements: *id006
+- !ruby/object:Gem::Dependency 
+  name: rack-test
+  prerelease: false
+  requirement: &id007 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: "0"
+  type: :development
+  version_requirements: *id007
+- !ruby/object:Gem::Dependency 
+  name: multi_json
+  prerelease: false
+  requirement: &id008 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: "0"
+  type: :runtime
+  version_requirements: *id008
+- !ruby/object:Gem::Dependency 
+  name: oauth
+  prerelease: false
+  requirement: &id009 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
         version: 0.4.4
   type: :runtime
-  version_requirements: *id003
+  version_requirements: *id009
+- !ruby/object:Gem::Dependency 
+  name: rack
+  prerelease: false
+  requirement: &id010 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: "0"
+  type: :runtime
+  version_requirements: *id010
+- !ruby/object:Gem::Dependency 
+  name: oauth2
+  prerelease: false
+  requirement: &id011 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: "0"
+  type: :runtime
+  version_requirements: *id011
 description: Rails plugin for implementing an OAuth Provider or Consumer
 email: oauth-ruby@googlegroups.com
 executables: []
@@ -71,6 +146,8 @@ files:
 - .gitignore
 - CHANGELOG
 - Gemfile
+- Gemfile.lock
+- Guardfile
 - MIT-LICENSE
 - README.rdoc
 - Rakefile
@@ -105,10 +182,6 @@ files:
 - generators/oauth_provider/templates/clients_controller_spec.rb
 - generators/oauth_provider/templates/clients_controller_test.rb
 - generators/oauth_provider/templates/controller.rb
-- generators/oauth_provider/templates/controller_spec.rb
-- generators/oauth_provider/templates/controller_spec_helper.rb
-- generators/oauth_provider/templates/controller_test.rb
-- generators/oauth_provider/templates/controller_test_helper.rb
 - generators/oauth_provider/templates/edit.html.erb
 - generators/oauth_provider/templates/edit.html.haml
 - generators/oauth_provider/templates/index.html.erb
@@ -197,8 +270,6 @@ files:
 - lib/generators/rspec/templates/client_application_spec.rb
 - lib/generators/rspec/templates/client_applications.yml
 - lib/generators/rspec/templates/clients_controller_spec.rb
-- lib/generators/rspec/templates/controller_spec.rb
-- lib/generators/rspec/templates/controller_spec_helper.rb
 - lib/generators/rspec/templates/oauth2_token_spec.rb
 - lib/generators/rspec/templates/oauth2_verifier_spec.rb
 - lib/generators/rspec/templates/oauth_nonce_spec.rb
@@ -209,8 +280,6 @@ files:
 - lib/generators/test_unit/templates/client_application_test.rb
 - lib/generators/test_unit/templates/client_applications.yml
 - lib/generators/test_unit/templates/clients_controller_test.rb
-- lib/generators/test_unit/templates/controller_test.rb
-- lib/generators/test_unit/templates/controller_test_helper.rb
 - lib/generators/test_unit/templates/oauth_nonce_test.rb
 - lib/generators/test_unit/templates/oauth_nonces.yml
 - lib/generators/test_unit/templates/oauth_token_test.rb
@@ -224,6 +293,7 @@ files:
 - lib/oauth/models/consumers/services/agree2_token.rb
 - lib/oauth/models/consumers/services/fireeagle_token.rb
 - lib/oauth/models/consumers/services/google_token.rb
+- lib/oauth/models/consumers/services/oauth2_token.rb
 - lib/oauth/models/consumers/services/opentransact_token.rb
 - lib/oauth/models/consumers/services/picomoney_token.rb
 - lib/oauth/models/consumers/services/twitter_token.rb
@@ -232,6 +302,8 @@ files:
 - lib/oauth/rack/oauth_filter.rb
 - oauth-plugin.gemspec
 - rails/init.rb
+- spec/rack/oauth_filter_spec.rb
+- spec/spec_helper.rb
 - tasks/oauth_tasks.rake
 - uninstall.rb
 has_rdoc: true
@@ -248,25 +320,20 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements: 
   - - ">="
     - !ruby/object:Gem::Version 
-      segments: 
-      - 0
       version: "0"
 required_rubygems_version: !ruby/object:Gem::Requirement 
   none: false
   requirements: 
   - - ">"
     - !ruby/object:Gem::Version 
-      segments: 
-      - 1
-      - 3
-      - 1
       version: 1.3.1
 requirements: []
 
 rubyforge_project: oauth
-rubygems_version: 1.3.7
+rubygems_version: 1.6.2
 signing_key: 
 specification_version: 3
 summary: Ruby on Rails Plugin for OAuth Provider and Consumer
-test_files: []
-
+test_files: 
+- spec/rack/oauth_filter_spec.rb
+- spec/spec_helper.rb