oauth 0.1.1 → 0.2.0

data/lib/oauth/signature/hmac/base.rb

@@ -0,0 +1,12 @@
+require 'oauth/signature/base'
+
+module OAuth::Signature::HMAC
+  class Base < OAuth::Signature::Base
+
+    private
+
+    def digest
+      self.class.digest_class.digest(secret, signature_base_string)
+    end
+  end
+end

data/lib/oauth/signature/hmac/md5.rb

@@ -0,0 +1,9 @@
+require 'oauth/signature/hmac/base'
+require 'hmac-md5'
+
+module OAuth::Signature::HMAC
+  class MD5 < Base
+    implements 'hmac-md5'
+    digest_class ::HMAC::MD5
+  end
+end

data/lib/oauth/signature/hmac/rmd160.rb

@@ -0,0 +1,9 @@
+require 'oauth/signature/hmac/base'
+require 'hmac-rmd160'
+
+module OAuth::Signature::HMAC
+  class RMD160 < Base
+    implements 'hmac-rmd160'
+    digest_class ::HMAC::RMD160
+  end
+end

data/lib/oauth/signature/hmac/sha1.rb

@@ -0,0 +1,10 @@
+require 'oauth/signature/hmac/base'
+require 'rubygems'
+require 'hmac-sha1'
+
+module OAuth::Signature::HMAC
+  class SHA1 < Base
+    implements 'hmac-sha1'
+    digest_class ::HMAC::SHA1
+  end
+end

data/lib/oauth/signature/hmac/sha2.rb

@@ -0,0 +1,9 @@
+require 'oauth/signature/hmac/base'
+require 'hmac-sha2'
+
+module OAuth::Signature::HMAC
+  class SHA2 < Base
+    implements 'hmac-sha2'
+    digest_class ::HMAC::SHA2
+  end
+end

data/lib/oauth/signature/md5.rb

@@ -0,0 +1,13 @@
+require 'oauth/signature/base'
+require 'digest/md5'
+
+module OAuth::Signature
+  class MD5 < Base
+    implements 'md5'
+    digest_class Digest::MD5
+
+    def signature_base_string
+      secret + super
+    end
+  end
+end

data/lib/oauth/signature/plaintext.rb

@@ -0,0 +1,19 @@
+require 'oauth/signature/base'
+
+module OAuth::Signature
+  class PLAINTEXT < Base
+    implements 'plaintext'
+
+    def signature
+      signature_base_string
+    end
+
+    def ==(cmp_signature)
+      signature == cmp_signature
+    end
+
+    def signature_base_string
+      secret
+    end
+  end
+end

data/lib/oauth/signature/rsa/sha1.rb

@@ -0,0 +1,20 @@
+require 'oauth/signature/base'
+require 'openssl'
+
+module OAuth::Signature::RSA
+  class SHA1 < OAuth::Signature::Base
+    implements 'rsa-sha1'
+
+    def ==(cmp_signature)
+      public_key = OpenSSL::PKey::RSA.new(request.consumer.secret)
+      public_key.verify(OpenSSL::Digest::SHA1.new, cmp_signature, signature_base_string)
+    end
+
+    private
+
+    def digest
+      private_key = OpenSSL::PKey::RSA.new(request.consumer.secret)
+      private_key.sign(OpenSSL::Digest::SHA1.new, signature_base_string)
+    end
+  end
+end

data/lib/oauth/signature/sha1.rb

@@ -0,0 +1,13 @@
+require 'oauth/signature/base'
+require 'digest/sha1'
+
+module OAuth::Signature
+  class SHA1 < Base
+    implements 'sha1'
+    digest_class Digest::SHA1
+
+    def signature_base_string
+      secret + super
+    end
+  end
+end

data/lib/oauth/token.rb

@@ -1,9 +1,10 @@
+require 'oauth/helper'
 module OAuth
   
   # Superclass for the various tokens used by OAuth
   
   class Token
-    include OAuth::Key
+    include OAuth::Helper
     
     attr_accessor :token, :secret
 
@@ -33,6 +34,21 @@ module OAuth
       super token,secret
       @consumer=consumer
     end
+    
+    # Make a signed request using given http_method to the path
+    #
+    #   @token.request(:get,'/people')
+    #   @token.request(:post,'/people',@person.to_xml,{ 'Content-Type' => 'application/xml' })
+    #
+    def request(http_method,path,*arguments)
+      response=consumer.request(http_method,path,self,{},*arguments)
+    end
+    
+    # Sign a request generated elsewhere using Net:HTTP::Post.new or friends
+    def sign!(request,options = {})
+      consumer.sign!(request,self,options)
+    end
+    
   end
 
   # The RequestToken is used for the initial Request.
@@ -45,9 +61,8 @@ module OAuth
     end
     
     # exchange for AccessToken on server
-    def get_access_token
-      request=consumer.create_request(consumer.http_method,consumer.access_token_path,{:oauth_token=>self.token})
-      response=request.perform_token_request(consumer.secret,self.secret)
+    def get_access_token(options={})
+      response=consumer.token_request(consumer.http_method,consumer.access_token_path,self,options)
       OAuth::AccessToken.new(consumer,response[:oauth_token],response[:oauth_token_secret])
     end
   end
@@ -55,29 +70,54 @@ module OAuth
   # The Access Token is used for the actual "real" web service calls thatyou perform against the server
   class AccessToken<ConsumerToken
     
+    # Make a regular get request using AccessToken
+    #
+    #   @response=@token.get('/people')
+    #   @response=@token.get('/people',{'Accept'=>'application/xml'})
+    #
     def get(path,headers={})
-      perform(:get,path,headers)
+      request(:get,path,headers)
     end
     
+    # Make a regular head request using AccessToken
+    #
+    #   @response=@token.head('/people')
+    #
     def head(path,headers={})
-      perform(:head,path,headers)
+      request(:head,path,headers)
     end
 
+    # Make a regular post request using AccessToken
+    #
+    #   @response=@token.post('/people')
+    #   @response=@token.post('/people',{:name=>'Bob',:email=>'bob@mailinator.com'})
+    #   @response=@token.post('/people',{:name=>'Bob',:email=>'bob@mailinator.com'},{'Accept'=>'application/xml'})
+    #   @response=@token.post('/people',nil,{'Accept'=>'application/xml'})
+    #   @response=@token.post('/people',@person.to_xml,{'Accept'=>'application/xml','Content-Type' => 'application/xml'})
+    #
     def post(path, body = '',headers={})
-      perform(:post,path,body,headers)
+      request(:post,path,body,headers)
     end
 
+    # Make a regular put request using AccessToken
+    #
+    #   @response=@token.put('/people/123')
+    #   @response=@token.put('/people/123',{:name=>'Bob',:email=>'bob@mailinator.com'})
+    #   @response=@token.put('/people/123',{:name=>'Bob',:email=>'bob@mailinator.com'},{'Accept'=>'application/xml'})
+    #   @response=@token.put('/people/123',nil,{'Accept'=>'application/xml'})
+    #   @response=@token.put('/people/123',@person.to_xml,{'Accept'=>'application/xml','Content-Type' => 'application/xml'})
+    #
     def put(path, body = '', headers={})
-      perform(:put,path,body,headers)
+      request(:put,path,body,headers)
     end
     
+    # Make a regular delete request using AccessToken
+    #
+    #   @response=@token.delete('/people/123')
+    #   @response=@token.delete('/people/123',{'Accept'=>'application/xml'})
+    #
     def delete(path,headers={})
-      perform(:delete,path,headers)
-    end
-
-    def perform(http_method,path,*arguments)
-      request=consumer.create_request(http_method,path,{:oauth_token=>self.token},*arguments)
-      response=request.perform(consumer.secret,self.secret)
+      request(:delete,path,headers)
     end
   end
 end

data/lib/oauth/version.rb

@@ -1,8 +1,8 @@
 module Oauth #:nodoc:
   module VERSION #:nodoc:
     MAJOR = 0
-    MINOR = 1
-    TINY  = 1
+    MINOR = 2
+    TINY  = 0
 
     STRING = [MAJOR, MINOR, TINY].join('.')
   end

data/test/test_action_controller_request_proxy.rb

@@ -0,0 +1,10 @@
+require File.dirname(__FILE__) + '/test_helper.rb'
+require 'oauth/request_proxy/action_controller_request.rb'
+
+class ActionControllerRequestProxyTest < Test::Unit::TestCase
+
+  def test_truth
+    assert true
+  end
+
+end

data/test/test_consumer.rb

@@ -1,41 +1,49 @@
 require 'test/unit'
-require 'oauth'
+require 'oauth/consumer'
 
 # This performs testing against Andy Smith's test server http://term.ie/oauth/example/
 # Thanks Andy.
 # This also means you have to be online to be able to run these.
 class ConsumerTest < Test::Unit::TestCase
   def setup
-    @consumer=OAuth::Consumer.new( {
-        :consumer_key=>"key",
-        :consumer_secret=>"secret",
-        :site=>"http://term.ie",
+    @consumer=OAuth::Consumer.new( 
+        'consumer_key_86cad9', '5888bf0345e5d237',
+        {
+        :site=>"http://blabla.bla",
         :request_token_path=>"/oauth/example/request_token.php",
         :access_token_path=>"/oauth/example/access_token.php",
         :authorize_path=>"/oauth/example/authorize.php",
-        :auth_method=>:query,
+        :scheme=>:header,
         :http_method=>:get
         })
+    @token = OAuth::ConsumerToken.new(@consumer,'token_411a7f', '3196ffd991c8ebdb')
+    @request_uri = URI.parse('http://example.com/test?key=value')
+    @request_parameters = { 'key' => 'value' }
+    @nonce = 225579211881198842005988698334675835446
+    @timestamp = "1199645624"
+    @consumer.http=Net::HTTP.new(@request_uri.host, @request_uri.port)
   end
   
   def test_initializer
-    assert_equal "key",@consumer.key
-    assert_equal "secret",@consumer.secret
-    assert_equal "http://term.ie",@consumer.site
+    assert_equal "consumer_key_86cad9",@consumer.key
+    assert_equal "5888bf0345e5d237",@consumer.secret
+    assert_equal "http://blabla.bla",@consumer.site
     assert_equal "/oauth/example/request_token.php",@consumer.request_token_path
     assert_equal "/oauth/example/access_token.php",@consumer.access_token_path
-    assert_equal "http://term.ie/oauth/example/request_token.php",@consumer.request_token_url
-    assert_equal "http://term.ie/oauth/example/access_token.php",@consumer.access_token_url
-    assert_equal :query,@consumer.auth_method
+    assert_equal "http://blabla.bla/oauth/example/request_token.php",@consumer.request_token_url
+    assert_equal "http://blabla.bla/oauth/example/access_token.php",@consumer.access_token_url
+    assert_equal "http://blabla.bla/oauth/example/authorize.php",@consumer.authorize_url
+    assert_equal :header,@consumer.scheme
     assert_equal :get,@consumer.http_method
   end
 
   def test_defaults
-    @consumer=OAuth::Consumer.new( {
-        :consumer_key=>"key",
-        :consumer_secret=>"secret",
-        :site=>"http://twitter.com"
-    })
+    @consumer=OAuth::Consumer.new(
+      "key",
+      "secret",
+      {
+          :site=>"http://twitter.com"
+      })
     assert_equal "key",@consumer.key
     assert_equal "secret",@consumer.secret
     assert_equal "http://twitter.com",@consumer.site
@@ -43,54 +51,126 @@ class ConsumerTest < Test::Unit::TestCase
     assert_equal "/oauth/access_token",@consumer.access_token_path
     assert_equal "http://twitter.com/oauth/request_token",@consumer.request_token_url
     assert_equal "http://twitter.com/oauth/access_token",@consumer.access_token_url
-    assert_equal :authorize,@consumer.auth_method
+    assert_equal "http://twitter.com/oauth/authorize",@consumer.authorize_url
+    assert_equal :header,@consumer.scheme
     assert_equal :post,@consumer.http_method 
   end
-  
-  def test_create_request
-    request=@consumer.create_request :get,'/oauth/example/request_token.php'
-    assert_equal 'http://term.ie/oauth/example/request_token.php',request.url
-    assert "key",request[:consumer_key]
-    assert !request.signed?
+
+  def test_override_paths
+    @consumer=OAuth::Consumer.new(
+      "key",
+      "secret",
+      {
+          :site=>"http://twitter.com",
+          :request_token_url=>"http://oauth.twitter.com/request_token",
+          :access_token_url=>"http://oauth.twitter.com/access_token",
+          :authorize_url=>"http://site.twitter.com/authorize"
+      })
+    assert_equal "key",@consumer.key
+    assert_equal "secret",@consumer.secret
+    assert_equal "http://twitter.com",@consumer.site
+    assert_equal "/oauth/request_token",@consumer.request_token_path
+    assert_equal "/oauth/access_token",@consumer.access_token_path
+    assert_equal "http://oauth.twitter.com/request_token",@consumer.request_token_url
+    assert_equal "http://oauth.twitter.com/access_token",@consumer.access_token_url
+    assert_equal "http://site.twitter.com/authorize",@consumer.authorize_url
+    assert_equal :header,@consumer.scheme
+    assert_equal :post,@consumer.http_method 
   end
-  
-  def test_create_post_request
-    request=@consumer.create_request(:post,'/oauth/example',{:oauth_token=>"token"},"BODY")
-    assert_equal "token",request[:oauth_token]
-    assert_equal "BODY",request.body
+
+  def test_that_signing_auth_headers_on_get_requests_works
+    request = Net::HTTP::Get.new(@request_uri.path + "?" + request_parameters_to_s)
+    @token.sign!(request, {:nonce => @nonce, :timestamp => @timestamp})
+    
+    assert_equal 'GET', request.method
+    assert_equal '/test?key=value', request.path
+    assert_equal "OAuth realm=\"\", oauth_nonce=\"225579211881198842005988698334675835446\", oauth_signature_method=\"HMAC-SHA1\", oauth_token=\"token_411a7f\", oauth_timestamp=\"1199645624\", oauth_consumer_key=\"consumer_key_86cad9\", oauth_signature=\"1oO2izFav1GP4kEH2EskwXkCRFg%3D\", oauth_version=\"1.0\"", request['authorization']
   end
 
-  def test_create_put_request
-    request=@consumer.create_request(:put,'/oauth/example',{:oauth_token=>"token"},"BODY")
-    assert_equal "token",request[:oauth_token]
-    assert_equal "BODY",request.body
+  def test_that_signing_auth_headers_on_post_requests_works
+    request = Net::HTTP::Post.new(@request_uri.path)
+    request.set_form_data( @request_parameters )
+    @token.sign!(request, {:nonce => @nonce, :timestamp => @timestamp})
+#    assert_equal "",request.oauth_helper.signature_base_string
+
+    assert_equal 'POST', request.method
+    assert_equal '/test', request.path
+    assert_equal 'key=value', request.body
+    assert_equal "OAuth realm=\"\", oauth_nonce=\"225579211881198842005988698334675835446\", oauth_signature_method=\"HMAC-SHA1\", oauth_token=\"token_411a7f\", oauth_timestamp=\"1199645624\", oauth_consumer_key=\"consumer_key_86cad9\", oauth_signature=\"26g7wHTtNO6ZWJaLltcueppHYiI%3D\", oauth_version=\"1.0\"", request['authorization']
   end
-  
-  def test_signed_request
-    request=@consumer.signed_request :get,'/oauth/example/request_token.php'
-    assert_equal 'http://term.ie/oauth/example/request_token.php',request.url
-    assert "key",request[:consumer_key]
-    assert request.signed?
-    assert request.verify?(@consumer.secret)        
+ 
+  def test_that_signing_post_params_works
+    request = Net::HTTP::Post.new(@request_uri.path)
+    request.set_form_data( @request_parameters )
+    @token.sign!(request, {:scheme => 'body', :nonce => @nonce, :timestamp => @timestamp})
+
+    assert_equal 'POST', request.method
+    assert_equal '/test', request.path
+    assert_equal "key=value&oauth_consumer_key=consumer_key_86cad9&oauth_nonce=225579211881198842005988698334675835446&oauth_signature=iMZaUTbQof%2fHMFyIde%2bOIkhW5is%3d&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1199645624&oauth_token=token_411a7f&oauth_version=1.0", request.body.split("&").sort.join("&")
+    assert_equal nil, request['authorization']
   end
-  
-  def test_create_signed_post_request
-    request=@consumer.signed_request(:post,'/oauth/example',{:oauth_token=>"token"},'token secret',"BODY")
-    assert_equal "token",request[:oauth_token]
-    assert_equal "BODY",request.body
-    assert request.signed?
-    assert request.verify?(@consumer.secret,'token secret')        
+
+  def test_that_using_auth_headers_on_get_on_create_signed_requests_works
+    request=@consumer.create_signed_request(:get,@request_uri.path+ "?" + request_parameters_to_s,@token,{:nonce => @nonce, :timestamp => @timestamp},@request_parameters)
+    
+    assert_equal 'GET', request.method
+    assert_equal '/test?key=value', request.path
+    assert_equal "OAuth realm=\"\", oauth_nonce=\"225579211881198842005988698334675835446\", oauth_signature_method=\"HMAC-SHA1\", oauth_token=\"token_411a7f\", oauth_timestamp=\"1199645624\", oauth_consumer_key=\"consumer_key_86cad9\", oauth_signature=\"1oO2izFav1GP4kEH2EskwXkCRFg%3D\", oauth_version=\"1.0\"", request['authorization']
+  end
+
+  def test_that_using_auth_headers_on_post_on_create_signed_requests_works
+    request=@consumer.create_signed_request(:post,@request_uri.path,@token,{:nonce => @nonce, :timestamp => @timestamp},@request_parameters,{})
+    assert_equal 'POST', request.method
+    assert_equal '/test', request.path
+    assert_equal 'key=value', request.body
+    assert_equal "OAuth realm=\"\", oauth_nonce=\"225579211881198842005988698334675835446\", oauth_signature_method=\"HMAC-SHA1\", oauth_token=\"token_411a7f\", oauth_timestamp=\"1199645624\", oauth_consumer_key=\"consumer_key_86cad9\", oauth_signature=\"26g7wHTtNO6ZWJaLltcueppHYiI%3D\", oauth_version=\"1.0\"", request['authorization']
+  end
+
+  def test_that_signing_post_params_works
+    request=@consumer.create_signed_request(:post,@request_uri.path,@token,{:scheme => 'body', :nonce => @nonce, :timestamp => @timestamp},@request_parameters,{})
+
+    assert_equal 'POST', request.method
+    assert_equal '/test', request.path
+    assert_equal "key=value&oauth_consumer_key=consumer_key_86cad9&oauth_nonce=225579211881198842005988698334675835446&oauth_signature=26g7wHTtNO6ZWJaLltcueppHYiI%3d&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1199645624&oauth_token=token_411a7f&oauth_version=1.0", request.body.split("&").sort.join("&")
+    assert_equal nil, request['authorization']
   end
   
-  def test_create_signed_put_request
-    request=@consumer.signed_request(:put,'/oauth/example',{:oauth_token=>"token"},'token secret',"BODY")
-    assert_equal "token",request[:oauth_token]
-    assert_equal "BODY",request.body
-    assert request.signed?
-    assert request.verify?(@consumer.secret,'token secret')        
+  def test_step_by_step_token_request
+    @consumer=OAuth::Consumer.new( 
+        "key",
+        "secret",
+        {
+        :site=>"http://term.ie",
+        :request_token_path=>"/oauth/example/request_token.php",
+        :access_token_path=>"/oauth/example/access_token.php",
+        :authorize_path=>"/oauth/example/authorize.php",
+        :scheme=>:header
+        })
+    options={:nonce=>'nonce',:timestamp=>Time.now.to_i.to_s}
+ 
+    request = Net::HTTP::Get.new("/oauth/example/request_token.php")
+    signature_base_string=@consumer.signature_base_string(request,nil,options)
+    assert_equal "GET&http%3A%2F%2Fterm.ie%2Foauth%2Fexample%2Frequest_token.php&oauth_consumer_key%3Dkey%26oauth_nonce%3D#{options[:nonce]}%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D#{options[:timestamp]}%26oauth_token%3D%26oauth_version%3D1.0",signature_base_string
+    @consumer.sign!(request, nil,options)
+
+    assert_equal 'GET', request.method
+    assert_equal nil, request.body
+    response=@consumer.http.request(request)
+    assert_equal "200",response.code
+    assert_equal "oauth_token=requestkey&oauth_token_secret=requestsecret",response.body
   end
   
-  def test_get_token_sequence
+  def test_get_token_sequence  
+    @consumer=OAuth::Consumer.new( 
+        "key",
+        "secret",
+        {
+        :site=>"http://term.ie",
+        :request_token_path=>"/oauth/example/request_token.php",
+        :access_token_path=>"/oauth/example/access_token.php",
+        :authorize_path=>"/oauth/example/authorize.php"
+        })
+    
     @request_token=@consumer.get_request_token
     assert_not_nil @request_token
     assert_equal "requestkey",@request_token.token
@@ -107,10 +187,17 @@ class ConsumerTest < Test::Unit::TestCase
     assert_equal "200",@response.code
     assert_equal( "ok=hello&test=this",@response.body)
     
-    @response=@access_token.post("/oauth/example/echo_api.php","ok=hello&test=this")
+    @response=@access_token.post("/oauth/example/echo_api.php",{'ok'=>'hello','test'=>'this'})
     assert_not_nil @response
     assert_equal "200",@response.code
-    assert_equal( "ok=hello&test=this",@response.body)
-    
+    assert_equal( "ok=hello&test=this",@response.body)    
   end
+  protected
+
+  def request_parameters_to_s
+    @request_parameters.map { |k,v| "#{k}=#{v}" }.join("&")
+  end
+
+  
 end
+