oauth 0.4.7 → 0.5.4

data/lib/oauth/client/net_http.rb

@@ -1,5 +1,4 @@
 require 'oauth/helper'
-require 'oauth/client/helper'
 require 'oauth/request_proxy/net_http'
 
 class Net::HTTPGenericRequest
@@ -21,7 +20,8 @@ class Net::HTTPGenericRequest
   # This method also modifies the <tt>User-Agent</tt> header to add the OAuth gem version.
   #
   # See Also: {OAuth core spec version 1.0, section 5.4.1}[http://oauth.net/core/1.0#rfc.section.5.4.1],
-  #           {OAuth Request Body Hash 1.0 Draft 4}[http://oauth.googlecode.com/svn/spec/ext/body_hash/1.0/drafts/4/spec.html]
+  #           {OAuth Request Body Hash 1.0 Draft 4}[http://oauth.googlecode.com/svn/spec/ext/body_hash/1.0/drafts/4/spec.html,
+  #                                                 http://oauth.googlecode.com/svn/spec/ext/body_hash/1.0/oauth-bodyhash.html#when_to_include]
   def oauth!(http, consumer = nil, token = nil, options = {})
     helper_options = oauth_helper_options(http, consumer, token, options)
     @oauth_helper = OAuth::Client::Helper.new(self, helper_options)
@@ -42,13 +42,14 @@ class Net::HTTPGenericRequest
   # * options - Request-specific options (e.g. +request_uri+, +consumer+, +token+, +scheme+,
   #   +signature_method+, +nonce+, +timestamp+)
   #
-  # See Also: {OAuth core spec version 1.0, section 9.1.1}[http://oauth.net/core/1.0#rfc.section.9.1.1],
-  #           {OAuth Request Body Hash 1.0 Draft 4}[http://oauth.googlecode.com/svn/spec/ext/body_hash/1.0/drafts/4/spec.html]
+  # See Also: {OAuth core spec version 1.0, section 5.4.1}[http://oauth.net/core/1.0#rfc.section.5.4.1],
+  #           {OAuth Request Body Hash 1.0 Draft 4}[http://oauth.googlecode.com/svn/spec/ext/body_hash/1.0/drafts/4/spec.html,
+  #                                                 http://oauth.googlecode.com/svn/spec/ext/body_hash/1.0/oauth-bodyhash.html#when_to_include]
   def signature_base_string(http, consumer = nil, token = nil, options = {})
     helper_options = oauth_helper_options(http, consumer, token, options)
-    oauth_helper = OAuth::Client::Helper.new(self, helper_options)
-    oauth_helper.hash_body if oauth_body_hash_required?
-    oauth_helper.signature_base_string
+    @oauth_helper = OAuth::Client::Helper.new(self, helper_options)
+    @oauth_helper.hash_body if oauth_body_hash_required?
+    @oauth_helper.signature_base_string
   end
 
 private
@@ -84,7 +85,7 @@ private
   end
 
   def oauth_body_hash_required?
-    request_body_permitted? && !content_type.to_s.downcase.start_with?("application/x-www-form-urlencoded")
+    !@oauth_helper.token_request? && request_body_permitted? && !content_type.to_s.downcase.start_with?("application/x-www-form-urlencoded")
   end
 
   def set_oauth_header

data/lib/oauth/consumer.rb

@@ -8,9 +8,9 @@ require 'cgi'
 module OAuth
   class Consumer
     # determine the certificate authority path to verify SSL certs
-    CA_FILES = %w(/etc/ssl/certs/ca-certificates.crt /usr/share/curl/curl-ca-bundle.crt)
+    CA_FILES = %W(#{ENV['SSL_CERT_FILE']} /etc/ssl/certs/ca-certificates.crt /etc/pki/tls/certs/ca-bundle.crt /usr/share/curl/curl-ca-bundle.crt)
     CA_FILES.each do |ca_file|
-      if File.exists?(ca_file)
+      if File.exist?(ca_file)
         CA_FILE = ca_file
         break
       end
@@ -43,6 +43,13 @@ module OAuth
       # Add a custom ca_file for consumer
       # :ca_file       => '/etc/certs.pem'
 
+      # Possible values:
+      #
+      # nil, false - no debug output
+      # true - uses $stdout
+      # some_value - uses some_value
+      :debug_output => nil,
+
       :oauth_version => "1.0"
     }
 
@@ -87,6 +94,18 @@ module OAuth
       @http_method ||= @options[:http_method] || :post
     end
 
+    def debug_output
+      @debug_output ||= begin
+        case @options[:debug_output]
+        when nil, false
+        when true
+          $stdout
+        else
+          @options[:debug_output]
+        end
+      end
+    end
+
     # The HTTP object for the site. The HTTP Object is what you get when you do Net::HTTP.new
     def http
       @http ||= create_http
@@ -191,6 +210,7 @@ module OAuth
 
     # Creates a request and parses the result as url_encoded. This is used internally for the RequestToken and AccessToken requests.
     def token_request(http_method, path, token = nil, request_options = {}, *arguments)
+      request_options[:token_request] ||= true
       response = request(http_method, path, token, request_options, *arguments)
       case response.code.to_i
 
@@ -209,7 +229,7 @@ module OAuth
         end
       when (300..399)
         # this is a redirect
-        uri = URI.parse(response.header['location'])
+        uri = URI.parse(response['location'])
         response.error! if uri.path == path # careful of those infinite redirects
         self.token_request(http_method, uri.path, token, request_options, arguments)
       when (400..499)
@@ -234,8 +254,8 @@ module OAuth
     end
 
     def request_endpoint
-  return nil if @options[:request_endpoint].nil?
-  @options[:request_endpoint].to_s
+      return nil if @options[:request_endpoint].nil?
+      @options[:request_endpoint].to_s
     end
 
     def scheme
@@ -320,6 +340,8 @@ module OAuth
 
       http_object.read_timeout = http_object.open_timeout = @options[:timeout] || 30
       http_object.open_timeout = @options[:open_timeout] if @options[:open_timeout]
+      http_object.ssl_version = @options[:ssl_version] if @options[:ssl_version]
+      http_object.set_debug_output(debug_output) if debug_output
 
       http_object
     end
@@ -328,13 +350,15 @@ module OAuth
     def create_http_request(http_method, path, *arguments)
       http_method = http_method.to_sym
 
-      if [:post, :put].include?(http_method)
+      if [:post, :put, :patch].include?(http_method)
         data = arguments.shift
       end
 
       # if the base site contains a path, add it now
-      uri = URI.parse(site)
-      path = uri.path + path if uri.path && uri.path != '/'
+      # only add if the site host matches the current http object's host
+      # (in case we've specified a full url for token requests)
+      uri  = URI.parse(site)
+      path = uri.path + path if uri.path && uri.path != '/' && uri.host == http.address
 
       headers = arguments.first.is_a?(Hash) ? arguments.shift : {}
 
@@ -345,6 +369,9 @@ module OAuth
       when :put
         request = Net::HTTP::Put.new(path,headers)
         request["Content-Length"] = '0' # Default to 0
+      when :patch
+        request = Net::HTTP::Patch.new(path,headers)
+        request["Content-Length"] = '0' # Default to 0
       when :get
         request = Net::HTTP::Get.new(path,headers)
       when :delete

data/lib/oauth/helper.rb

@@ -9,9 +9,17 @@ module OAuth
     #
     # See Also: {OAuth core spec version 1.0, section 5.1}[http://oauth.net/core/1.0#rfc.section.5.1]
     def escape(value)
-      URI::escape(value.to_s, OAuth::RESERVED_CHARACTERS)
+      _escape(value.to_s.to_str)
     rescue ArgumentError
-      URI::escape(value.to_s.force_encoding(Encoding::UTF_8), OAuth::RESERVED_CHARACTERS)
+      _escape(value.to_s.to_str.force_encoding(Encoding::UTF_8))
+    end
+
+    def _escape(string)
+      URI::DEFAULT_PARSER.escape(string, OAuth::RESERVED_CHARACTERS)
+    end
+
+    def unescape(value)
+      URI::DEFAULT_PARSER.unescape(value.gsub('+', '%2B'))
     end
 
     # Generate a random key of up to +size+ bytes. The value returned is Base64 encoded with non-word
@@ -49,7 +57,7 @@ module OAuth
         end
       end * "&"
     end
-    
+
     #Returns a string representation of the Hash like in URL query string
     # build_nested_query({:level_1 => {:level_2 => ['value_1','value_2']}}, 'prefix'))
     #   #=> ["prefix%5Blevel_1%5D%5Blevel_2%5D%5B%5D=value_1", "prefix%5Blevel_1%5D%5Blevel_2%5D%5B%5D=value_2"]
@@ -94,10 +102,6 @@ module OAuth
       Hash[*params.flatten]
     end
 
-    def unescape(value)
-      URI.unescape(value.gsub('+', '%2B'))
-    end
-
     def stringify_keys(hash)
       new_h = {}
       hash.each do |k, v|

data/lib/oauth/request_proxy/action_controller_request.rb

@@ -1,11 +1,35 @@
 require 'active_support'
+require "active_support/version"
 require 'action_controller'
-require 'action_controller/request'
 require 'uri'
 
+if
+  Gem::Version.new(ActiveSupport::VERSION::STRING) < Gem::Version.new("3")
+then # rails 2.x
+  require 'action_controller/request'
+  unless ActionController::Request::HTTP_METHODS.include?("patch")
+    ActionController::Request::HTTP_METHODS << "patch"
+    ActionController::Request::HTTP_METHOD_LOOKUP["PATCH"] = :patch
+    ActionController::Request::HTTP_METHOD_LOOKUP["patch"] = :patch
+  end
+
+elsif
+  Gem::Version.new(ActiveSupport::VERSION::STRING) < Gem::Version.new("4")
+then # rails 3.x
+  require 'action_dispatch/http/request'
+  unless ActionDispatch::Request::HTTP_METHODS.include?("patch")
+    ActionDispatch::Request::HTTP_METHODS << "patch"
+    ActionDispatch::Request::HTTP_METHOD_LOOKUP["PATCH"] = :patch
+    ActionDispatch::Request::HTTP_METHOD_LOOKUP["patch"] = :patch
+  end
+
+else # rails 4.x and later - already has patch
+  require 'action_dispatch/http/request'
+end
+
 module OAuth::RequestProxy
   class ActionControllerRequest < OAuth::RequestProxy::Base
-    proxies(defined?(ActionController::AbstractRequest) ? ActionController::AbstractRequest : ActionController::Request)
+    proxies(defined?(ActionDispatch::AbstractRequest) ? ActionDispatch::AbstractRequest : ActionDispatch::Request)
 
     def method
       request.method.to_s.upcase
@@ -43,7 +67,7 @@ module OAuth::RequestProxy
 
       params.
         join('&').split('&').
-        reject(&:blank?).
+        reject { |s| s.match(/\A\s*\z/) }.
         map { |p| p.split('=').map{|esc| CGI.unescape(esc)} }.
         reject { |kv| kv[0] == 'oauth_signature'}
     end

data/lib/oauth/request_proxy/action_dispatch_request.rb

@@ -0,0 +1,7 @@
+require 'oauth/request_proxy/rack_request'
+
+module OAuth::RequestProxy
+  class ActionDispatchRequest < OAuth::RequestProxy::RackRequest
+    proxies ActionDispatch::Request
+  end
+end

data/lib/oauth/request_proxy/base.rb

@@ -76,7 +76,7 @@ module OAuth::RequestProxy
     end
 
     def parameters_for_signature
-      parameters.reject { |k,v| k == "oauth_signature" || unsigned_parameters.include?(k)}
+      parameters.select { |k,v| not signature_and_unsigned_parameters.include?(k) }
     end
 
     def oauth_parameters
@@ -87,6 +87,10 @@ module OAuth::RequestProxy
       parameters.reject { |k,v| OAuth::PARAMETERS.include?(k) }
     end
 
+    def signature_and_unsigned_parameters
+      unsigned_parameters+["oauth_signature"]
+    end
+
     # See 9.1.2 in specs
     def normalized_uri
       u = URI.parse(uri)
@@ -143,10 +147,10 @@ module OAuth::RequestProxy
     end
 
     def query_string_blank?
-      if uri = request.request_uri
+      if uri = request.env['REQUEST_URI']
         uri.split('?', 2)[1].nil?
       else
-        request.query_string.blank?
+        request.query_string.match(/\A\s*\z/)
       end
     end
 

data/lib/oauth/request_proxy/net_http.rb

@@ -66,7 +66,7 @@ module OAuth::RequestProxy::Net
 
       def auth_header_params
         return nil unless request['Authorization'] && request['Authorization'][0,5] == 'OAuth'
-        auth_params = request['Authorization']
+        request['Authorization']
       end
     end
   end

data/lib/oauth/request_proxy/rest_client_request.rb

@@ -0,0 +1,62 @@
+require 'oauth/request_proxy/base'
+require 'rest-client'
+require 'uri'
+require 'cgi'
+
+module OAuth::RequestProxy::RestClient
+  class Request < OAuth::RequestProxy::Base
+    proxies RestClient::Request
+    
+      def method
+        request.method.to_s.upcase
+      end
+
+      def uri
+        request.url
+      end
+
+      def parameters
+        if options[:clobber_request]
+          options[:parameters] || {}
+        else
+          post_parameters.merge(query_params).merge(options[:parameters] || {})
+        end
+      end
+
+    protected
+
+      def query_params
+        query = URI.parse(request.url).query
+        query ? CGI.parse(query) : {}
+      end
+
+      def request_params
+      end
+      
+      def post_parameters
+        # Post params are only used if posting form data
+        if method == 'POST' || method == 'PUT'
+          OAuth::Helper.stringify_keys(query_string_to_hash(request.payload.to_s) || {})
+        else
+          {}
+        end
+      end
+      
+   private
+      
+      def query_string_to_hash(query)
+        keyvals = query.split('&').inject({}) do |result, q| 
+          k,v = q.split('=')
+          if !v.nil?
+             result.merge({k => v})
+          elsif !result.key?(k)
+            result.merge({k => true})
+          else
+            result
+          end
+        end
+        keyvals
+      end
+      
+  end
+end

data/lib/oauth/request_proxy/typhoeus_request.rb

@@ -11,7 +11,7 @@ module OAuth::RequestProxy::Typhoeus
     # oauth_params = {:consumer => oauth_consumer, :token => access_token}
     # req = Typhoeus::Request.new(uri, options)
     # oauth_helper = OAuth::Client::Helper.new(req, oauth_params.merge(:request_uri => uri))
-    # req.headers.merge!({"Authorization" => oauth_helper.header})
+    # req.options[:headers].merge!({"Authorization" => oauth_helper.header})
     # hydra = Typhoeus::Hydra.new()
     # hydra.queue(req)
     # hydra.run
@@ -19,7 +19,8 @@ module OAuth::RequestProxy::Typhoeus
     proxies Typhoeus::Request
 
     def method
-      request.method.to_s.upcase
+      request_method = request.options[:method].to_s.upcase
+      request_method.empty? ? 'GET' : request_method
     end
 
     def uri
@@ -44,7 +45,7 @@ module OAuth::RequestProxy::Typhoeus
     def post_parameters
       # Post params are only used if posting form data
       if method == 'POST'
-        OAuth::Helper.stringify_keys(request.params || {})
+        OAuth::Helper.stringify_keys(request.options[:params] || {})
       else
         {}
       end

data/lib/oauth/signature/base.rb

@@ -16,21 +16,6 @@ module OAuth::Signature
       OAuth::Signature.available_methods[@implements] = self
     end
 
-    def self.digest_class(digest_class = nil)
-      return @digest_class if digest_class.nil?
-      @digest_class = digest_class
-    end
-
-    def self.digest_klass(digest_klass = nil)
-      return @digest_klass if digest_klass.nil?
-      @digest_klass = digest_klass
-    end
-
-    def self.hash_class(hash_class = nil)
-      return @hash_class if hash_class.nil?
-      @hash_class = hash_class
-    end
-
     def initialize(request, options = {}, &block)
       raise TypeError unless request.kind_of?(OAuth::RequestProxy::Base)
       @request = request
@@ -66,7 +51,7 @@ module OAuth::Signature
     end
 
     def ==(cmp_signature)
-      Base64.decode64(signature) == Base64.decode64(cmp_signature)
+      signature == cmp_signature
     end
 
     def verify
@@ -78,14 +63,10 @@ module OAuth::Signature
     end
 
     def body_hash
-      if self.class.hash_class
-        Base64.encode64(self.class.hash_class.digest(request.body || '')).chomp.gsub(/\n/,'')
-      else
-        nil # no body hash algorithm defined, so don't generate one
-      end
+      raise_instantiation_error
     end
 
-  private
+    private
 
     def token
       request.token
@@ -104,7 +85,12 @@ module OAuth::Signature
     end
 
     def digest
-      self.class.digest_class.digest(signature_base_string)
+      raise_instantiation_error
     end
+
+    def raise_instantiation_error
+      raise NotImplementedError, "Cannot instantiate #{self.class.name} class directly."
+    end
+
   end
 end

data/lib/oauth/signature/hmac/sha1.rb

@@ -1,9 +1,17 @@
-require 'oauth/signature/hmac/base'
+require 'oauth/signature/base'
 
 module OAuth::Signature::HMAC
-  class SHA1 < Base
+  class SHA1 < OAuth::Signature::Base
     implements 'hmac-sha1'
-    digest_klass 'SHA1'
-    hash_class ::Digest::SHA1
+
+    def body_hash
+      Base64.encode64(OpenSSL::Digest::SHA1.digest(request.body || '')).chomp.gsub(/\n/,'')
+    end
+
+    private
+
+    def digest
+      OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha1'), secret, signature_base_string)
+    end
   end
 end