oauth 0.3.1 → 0.3.2

data/lib/oauth/server.rb

@@ -1,68 +1,66 @@
 require 'oauth/helper'
 require 'oauth/consumer'
+
 module OAuth
   # This is mainly used to create consumer credentials and can pretty much be ignored if you want to create your own
   class Server
     include OAuth::Helper
     attr_accessor :base_url
-    
-    @@server_paths={
-      :request_token_path=>"/oauth/request_token",
-      :authorize_path=>"/oauth/authorize",
-      :access_token_path=>"/oauth/access_token"
+
+    @@server_paths = {
+      :request_token_path => "/oauth/request_token",
+      :authorize_path     => "/oauth/authorize",
+      :access_token_path  => "/oauth/access_token"
     }
+
     # Create a new server instance
-    def initialize(base_url,paths={})
-      @base_url=base_url
-      @paths=@@server_paths.merge(paths)
+    def initialize(base_url, paths = {})
+      @base_url = base_url
+      @paths = @@server_paths.merge(paths)
     end
-        
-    def generate_credentials()
-      [generate_key(16),generate_key]
+
+    def generate_credentials
+      [generate_key(16), generate_key]
     end
-    
-    def generate_consumer_credentials(params={})
-      Consumer.new( *generate_credentials)
+
+    def generate_consumer_credentials(params = {})
+      Consumer.new(*generate_credentials)
     end
 
     # mainly for testing purposes
     def create_consumer
-      credentials=generate_credentials
-      Consumer.new( 
-        credentials[0],
-        credentials[1],
+      creds = generate_credentials
+      Consumer.new(creds[0], creds[1],
         {
-          :site=>base_url,
-          :request_token_path=>request_token_path,
-          :authorize_path=>authorize_path,
-          :access_token_path=>access_token_path
-      })
+          :site               => base_url,
+          :request_token_path => request_token_path,
+          :authorize_path     => authorize_path,
+          :access_token_path  => access_token_path
+        })
     end
-        
+
     def request_token_path
       @paths[:request_token_path]
     end
-    
+
     def request_token_url
-      base_url+request_token_path
+      base_url + request_token_path
     end
-    
+
     def authorize_path
       @paths[:authorize_path]
     end
-    
+
     def authorize_url
-      base_url+authorize_path
+      base_url + authorize_path
     end
-    
+
     def access_token_path
       @paths[:access_token_path]
     end
 
     def access_token_url
-      base_url+access_token_path
+      base_url + access_token_path
     end
-    
-    
   end
 end

data/lib/oauth/signature/base.rb

@@ -6,9 +6,10 @@ require 'base64'
 module OAuth::Signature
   class Base
     include OAuth::Helper
-    
+
     attr_accessor :options
-    
+    attr_reader :token_secret, :consumer_secret, :request
+
     def self.implements(signature_method)
       OAuth::Signature.available_methods[signature_method] = self
     end
@@ -18,32 +19,34 @@ module OAuth::Signature
       @digest_class = digest_class
     end
 
-    attr_reader :token_secret, :consumer_secret, :request
-
     def initialize(request, options = {}, &block)
       raise TypeError unless request.kind_of?(OAuth::RequestProxy::Base)
       @request = request
       @options = options
 
-      if block_given?
+      ## consumer secret was determined beforehand
 
-        # consumer secret and token secret need to be looked up based on pieces of the request
-        @token_secret, @consumer_secret = yield block.arity == 1 ? request : [token, consumer_key,nonce,request.timestamp]
+      @consumer_secret = options[:consumer].secret if options[:consumer]
 
-      else
-        ## consumer secret was determined beforehand
+      # presence of :consumer_secret option will override any Consumer that's provided
+      @consumer_secret = options[:consumer_secret] if options[:consumer_secret]
 
-        @consumer_secret = options[:consumer].secret if options[:consumer]
+      ## token secret was determined beforehand
 
-        # presence of :consumer_secret option will override any Consumer that's provided
-        @consumer_secret = options[:consumer_secret] if options[:consumer_secret]
+      @token_secret = options[:token].secret if options[:token]
 
-        ## token secret was determined beforehand
+      # presence of :token_secret option will override any Token that's provided
+      @token_secret = options[:token_secret] if options[:token_secret]
 
-        @token_secret = options[:token].secret if options[:token]
 
-        # presence of :token_secret option will override any Token that's provided
-        @token_secret = options[:token_secret] if options[:token_secret]
+      # override secrets based on the values returned from the block (if any)
+      if block_given?
+        # consumer secret and token secret need to be looked up based on pieces of the request
+        secrets = yield block.arity == 1 ? request : [token, consumer_key, nonce, request.timestamp]
+        if secrets.is_a?(Array) && secrets.size == 2
+          @token_secret = secrets[0]
+          @consumer_secret = secrets[1]
+        end
       end
     end
 
@@ -62,17 +65,17 @@ module OAuth::Signature
     def signature_base_string
       request.signature_base_string
     end
-    
-    private
+
+  private
 
     def token
       request.token
     end
-    
+
     def consumer_key
       request.consumer_key
     end
-    
+
     def nonce
       request.nonce
     end
@@ -84,6 +87,5 @@ module OAuth::Signature
     def digest
       self.class.digest_class.digest(signature_base_string)
     end
-
   end
 end

data/lib/oauth/signature/hmac/base.rb

@@ -3,7 +3,7 @@ require 'oauth/signature/base'
 module OAuth::Signature::HMAC
   class Base < OAuth::Signature::Base
 
-    private
+  private
 
     def digest
       self.class.digest_class.digest(secret, signature_base_string)

data/lib/oauth/signature/hmac/sha1.rb

@@ -1,5 +1,4 @@
 require 'oauth/signature/hmac/base'
-require 'rubygems'
 require 'hmac-sha1'
 
 module OAuth::Signature::HMAC

data/lib/oauth/signature/plaintext.rb

@@ -15,9 +15,9 @@ module OAuth::Signature
     def signature_base_string
       secret
     end
-    
+
     def secret
-      escape super
+      escape(super)
     end
   end
 end

data/lib/oauth/signature/rsa/sha1.rb

@@ -18,9 +18,9 @@ module OAuth::Signature::RSA
         consumer_secret
       end
     end
-    
-    private
-    
+
+  private
+
     def decode_public_key
       case consumer_secret
       when /-----BEGIN CERTIFICATE-----/
@@ -29,7 +29,7 @@ module OAuth::Signature::RSA
         OpenSSL::PKey::RSA.new( consumer_secret)
       end
     end
-    
+
     def digest
       private_key = OpenSSL::PKey::RSA.new(
         if options[:private_key_file]
@@ -38,6 +38,7 @@ module OAuth::Signature::RSA
           consumer_secret
         end
       )
+
       private_key.sign(OpenSSL::Digest::SHA1.new, signature_base_string)
     end
   end

data/lib/oauth/token.rb

@@ -1,137 +1,7 @@
-require 'oauth/helper'
-module OAuth
-  
-  # Superclass for the various tokens used by OAuth
-  
-  class Token
-    include OAuth::Helper
-    
-    attr_accessor :token, :secret
+# this exists for backwards-compatibility
 
-    def initialize(token, secret)
-      @token = token
-      @secret = secret
-    end
-    
-    def to_query
-      "oauth_token=#{escape(token)}&oauth_secret=#{escape(secret)}"
-    end
-    
-  end
-  
-  # Used on the server for generating tokens
-  class ServerToken<Token
-    
-    def initialize
-      super generate_key(16),generate_key
-    end
-  end
-  # Superclass for tokens used by OAuth Clients
-  class ConsumerToken<Token
-    attr_accessor :consumer
-
-    def initialize(consumer,token="",secret="")
-      super token,secret
-      @consumer=consumer
-    end
-    
-    # Make a signed request using given http_method to the path
-    #
-    #   @token.request(:get,'/people')
-    #   @token.request(:post,'/people',@person.to_xml,{ 'Content-Type' => 'application/xml' })
-    #
-    def request(http_method,path,*arguments)
-      response=consumer.request(http_method,path,self,{},*arguments)
-    end
-    
-    # Sign a request generated elsewhere using Net:HTTP::Post.new or friends
-    def sign!(request,options = {})
-      consumer.sign!(request,self,options)
-    end
-    
-  end
-
-  # The RequestToken is used for the initial Request.
-  # This is normally created by the Consumer object.
-  class RequestToken<ConsumerToken
-    
-    # Returns the authorization url that you need to use for redirecting the user
-    def authorize_url
-      consumer.authorize_url+"?oauth_token="+CGI.escape(token)
-    end
-    
-    # exchange for AccessToken on server
-    def get_access_token(options={})
-      response=consumer.token_request(consumer.http_method,(consumer.access_token_url? ? consumer.access_token_url : consumer.access_token_path),self,options)
-      OAuth::AccessToken.new(consumer,response[:oauth_token],response[:oauth_token_secret])
-    end
-  end
-  
-  # The Access Token is used for the actual "real" web service calls thatyou perform against the server
-  class AccessToken<ConsumerToken
-
-    # The less intrusive way. Otherwise, if we are to do it correctly inside consumer,
-    # we need to restructure and touch more methods: request(), sign!(), etc.
-    def request(http_method, path, *arguments)
-      request_uri = URI.parse(path)
-      site_uri = consumer.uri
-      is_service_uri_different = (request_uri.absolute? && request_uri != site_uri)
-      consumer.uri(request_uri) if is_service_uri_different
-      resp = super(http_method, path, *arguments)
-      # NOTE: reset for wholesomeness? meaning that we admit only AccessToken service calls may use different URIs?
-      # so reset in case consumer is still used for other token-management tasks subsequently?
-      consumer.uri(site_uri) if is_service_uri_different
-      resp
-    end
-    
-    # Make a regular get request using AccessToken
-    #
-    #   @response=@token.get('/people')
-    #   @response=@token.get('/people',{'Accept'=>'application/xml'})
-    #
-    def get(path,headers={})
-      request(:get,path,headers)
-    end
-    
-    # Make a regular head request using AccessToken
-    #
-    #   @response=@token.head('/people')
-    #
-    def head(path,headers={})
-      request(:head,path,headers)
-    end
-
-    # Make a regular post request using AccessToken
-    #
-    #   @response=@token.post('/people')
-    #   @response=@token.post('/people',{:name=>'Bob',:email=>'bob@mailinator.com'})
-    #   @response=@token.post('/people',{:name=>'Bob',:email=>'bob@mailinator.com'},{'Accept'=>'application/xml'})
-    #   @response=@token.post('/people',nil,{'Accept'=>'application/xml'})
-    #   @response=@token.post('/people',@person.to_xml,{'Accept'=>'application/xml','Content-Type' => 'application/xml'})
-    #
-    def post(path, body = '',headers={})
-      request(:post,path,body,headers)
-    end
-
-    # Make a regular put request using AccessToken
-    #
-    #   @response=@token.put('/people/123')
-    #   @response=@token.put('/people/123',{:name=>'Bob',:email=>'bob@mailinator.com'})
-    #   @response=@token.put('/people/123',{:name=>'Bob',:email=>'bob@mailinator.com'},{'Accept'=>'application/xml'})
-    #   @response=@token.put('/people/123',nil,{'Accept'=>'application/xml'})
-    #   @response=@token.put('/people/123',@person.to_xml,{'Accept'=>'application/xml','Content-Type' => 'application/xml'})
-    #
-    def put(path, body = '', headers={})
-      request(:put,path,body,headers)
-    end
-    
-    # Make a regular delete request using AccessToken
-    #
-    #   @response=@token.delete('/people/123')
-    #   @response=@token.delete('/people/123',{'Accept'=>'application/xml'})
-    #
-    def delete(path,headers={})
-      request(:delete,path,headers)
-    end
-  end
-end
+require 'oauth/tokens/token'
+require 'oauth/tokens/server_token'
+require 'oauth/tokens/consumer_token'
+require 'oauth/tokens/request_token'
+require 'oauth/tokens/access_token'

data/lib/oauth/tokens/access_token.rb

@@ -0,0 +1,68 @@
+module OAuth
+  # The Access Token is used for the actual "real" web service calls that you perform against the server
+  class AccessToken < ConsumerToken
+    # The less intrusive way. Otherwise, if we are to do it correctly inside consumer,
+    # we need to restructure and touch more methods: request(), sign!(), etc.
+    def request(http_method, path, *arguments)
+      request_uri = URI.parse(path)
+      site_uri = consumer.uri
+      is_service_uri_different = (request_uri.absolute? && request_uri != site_uri)
+      consumer.uri(request_uri) if is_service_uri_different
+      @response = super(http_method, path, *arguments)
+      # NOTE: reset for wholesomeness? meaning that we admit only AccessToken service calls may use different URIs?
+      # so reset in case consumer is still used for other token-management tasks subsequently?
+      consumer.uri(site_uri) if is_service_uri_different
+      @response
+    end
+
+    # Make a regular GET request using AccessToken
+    #
+    #   @response = @token.get('/people')
+    #   @response = @token.get('/people', { 'Accept'=>'application/xml' })
+    #
+    def get(path, headers = {})
+      request(:get, path, headers)
+    end
+
+    # Make a regular HEAD request using AccessToken
+    #
+    #   @response = @token.head('/people')
+    #
+    def head(path, headers = {})
+      request(:head, path, headers)
+    end
+
+    # Make a regular POST request using AccessToken
+    #
+    #   @response = @token.post('/people')
+    #   @response = @token.post('/people', { :name => 'Bob', :email => 'bob@mailinator.com' })
+    #   @response = @token.post('/people', { :name => 'Bob', :email => 'bob@mailinator.com' }, { 'Accept' => 'application/xml' })
+    #   @response = @token.post('/people', nil, {'Accept' => 'application/xml' })
+    #   @response = @token.post('/people', @person.to_xml, { 'Accept'=>'application/xml', 'Content-Type' => 'application/xml' })
+    #
+    def post(path, body = '', headers = {})
+      request(:post, path, body, headers)
+    end
+
+    # Make a regular PUT request using AccessToken
+    #
+    #   @response = @token.put('/people/123')
+    #   @response = @token.put('/people/123', { :name => 'Bob', :email => 'bob@mailinator.com' })
+    #   @response = @token.put('/people/123', { :name => 'Bob', :email => 'bob@mailinator.com' }, { 'Accept' => 'application/xml' })
+    #   @response = @token.put('/people/123', nil, { 'Accept' => 'application/xml' })
+    #   @response = @token.put('/people/123', @person.to_xml, { 'Accept' => 'application/xml', 'Content-Type' => 'application/xml' })
+    #
+    def put(path, body = '', headers = {})
+      request(:put, path, body, headers)
+    end
+
+    # Make a regular DELETE request using AccessToken
+    #
+    #   @response = @token.delete('/people/123')
+    #   @response = @token.delete('/people/123', { 'Accept' => 'application/xml' })
+    #
+    def delete(path, headers = {})
+      request(:delete, path, headers)
+    end
+  end
+end