oauth 0.5.1 → 0.5.6

data/lib/oauth/client/net_http.rb

@@ -1,5 +1,4 @@
 require 'oauth/helper'
-require 'oauth/client/helper'
 require 'oauth/request_proxy/net_http'
 
 class Net::HTTPGenericRequest

data/lib/oauth/consumer.rb

@@ -8,11 +8,21 @@ require 'cgi'
 module OAuth
   class Consumer
     # determine the certificate authority path to verify SSL certs
-    CA_FILES = %W(#{ENV['SSL_CERT_FILE']} /etc/ssl/certs/ca-certificates.crt /etc/pki/tls/certs/ca-bundle.crt /usr/share/curl/curl-ca-bundle.crt)
-    CA_FILES.each do |ca_file|
-      if File.exist?(ca_file)
-        CA_FILE = ca_file
-        break
+    if ENV['SSL_CERT_FILE']
+      if File.exist?(ENV['SSL_CERT_FILE'])
+        CA_FILE = ENV['SSL_CERT_FILE']
+      else
+        raise "The SSL CERT provided does not exist."
+      end
+    end
+
+    if !defined?(CA_FILE)
+      CA_FILES = %W(/etc/ssl/certs/ca-certificates.crt /etc/pki/tls/certs/ca-bundle.crt /usr/share/curl/curl-ca-bundle.crt)
+      CA_FILES.each do |ca_file|
+        if File.exist?(ca_file)
+          CA_FILE = ca_file
+          break
+        end
       end
     end
     CA_FILE = nil unless defined?(CA_FILE)
@@ -23,6 +33,7 @@ module OAuth
 
       # default paths on site. These are the same as the defaults set up by the generators
       :request_token_path => '/oauth/request_token',
+      :authenticate_path  => '/oauth/authenticate',
       :authorize_path     => '/oauth/authorize',
       :access_token_path  => '/oauth/access_token',
 
@@ -43,6 +54,13 @@ module OAuth
       # Add a custom ca_file for consumer
       # :ca_file       => '/etc/certs.pem'
 
+      # Possible values:
+      #
+      # nil, false - no debug output
+      # true - uses $stdout
+      # some_value - uses some_value
+      :debug_output => nil,
+
       :oauth_version => "1.0"
     }
 
@@ -87,6 +105,18 @@ module OAuth
       @http_method ||= @options[:http_method] || :post
     end
 
+    def debug_output
+      @debug_output ||= begin
+        case @options[:debug_output]
+        when nil, false
+        when true
+          $stdout
+        else
+          @options[:debug_output]
+        end
+      end
+    end
+
     # The HTTP object for the site. The HTTP Object is what you get when you do Net::HTTP.new
     def http
       @http ||= create_http
@@ -210,8 +240,15 @@ module OAuth
         end
       when (300..399)
         # this is a redirect
-        uri = URI.parse(response.header['location'])
-        response.error! if uri.path == path # careful of those infinite redirects
+        uri = URI.parse(response['location'])
+        our_uri = URI.parse(site)
+
+        if uri.path == path && our_uri.host != uri.host
+            options[:site] = "#{uri.scheme}://#{uri.host}"
+            @http = create_http
+        end
+
+        response.error! if uri.path == path && our_uri.host == uri.host # careful of those infinite redirects
         self.token_request(http_method, uri.path, token, request_options, arguments)
       when (400..499)
         raise OAuth::Unauthorized, response
@@ -247,6 +284,10 @@ module OAuth
       @options[:request_token_path]
     end
 
+    def authenticate_path
+      @options[:authenticate_path]
+    end
+
     def authorize_path
       @options[:authorize_path]
     end
@@ -264,6 +305,14 @@ module OAuth
       @options.has_key?(:request_token_url)
     end
 
+    def authenticate_url
+      @options[:authenticate_url] || site + authenticate_path
+    end
+
+    def authenticate_url?
+      @options.has_key?(:authenticate_url)
+    end
+
     def authorize_url
       @options[:authorize_url] || site + authorize_path
     end
@@ -311,16 +360,21 @@ module OAuth
 
       http_object.use_ssl = (our_uri.scheme == 'https')
 
-      if @options[:ca_file] || CA_FILE
-        http_object.ca_file = @options[:ca_file] || CA_FILE
+      if @options[:no_verify]
+        http_object.verify_mode = OpenSSL::SSL::VERIFY_NONE
+      else
+        ca_file =  @options[:ca_file] || CA_FILE
+        if ca_file
+          http_object.ca_file = ca_file
+        end
         http_object.verify_mode = OpenSSL::SSL::VERIFY_PEER
         http_object.verify_depth = 5
-      else
-        http_object.verify_mode = OpenSSL::SSL::VERIFY_NONE
       end
 
-      http_object.read_timeout = http_object.open_timeout = @options[:timeout] || 30
+      http_object.read_timeout = http_object.open_timeout = @options[:timeout] || 60
       http_object.open_timeout = @options[:open_timeout] if @options[:open_timeout]
+      http_object.ssl_version = @options[:ssl_version] if @options[:ssl_version]
+      http_object.set_debug_output(debug_output) if debug_output
 
       http_object
     end
@@ -334,8 +388,10 @@ module OAuth
       end
 
       # if the base site contains a path, add it now
-      uri = URI.parse(site)
-      path = uri.path + path if uri.path && uri.path != '/'
+      # only add if the site host matches the current http object's host
+      # (in case we've specified a full url for token requests)
+      uri  = URI.parse(site)
+      path = uri.path + path if uri.path && uri.path != '/' && uri.host == http.address
 
       headers = arguments.first.is_a?(Hash) ? arguments.shift : {}
 

data/lib/oauth/helper.rb

@@ -9,9 +9,17 @@ module OAuth
     #
     # See Also: {OAuth core spec version 1.0, section 5.1}[http://oauth.net/core/1.0#rfc.section.5.1]
     def escape(value)
-      URI::escape(value.to_s.to_str, OAuth::RESERVED_CHARACTERS)
+      _escape(value.to_s.to_str)
     rescue ArgumentError
-      URI::escape(value.to_s.to_str.force_encoding(Encoding::UTF_8), OAuth::RESERVED_CHARACTERS)
+      _escape(value.to_s.to_str.force_encoding(Encoding::UTF_8))
+    end
+
+    def _escape(string)
+      URI::DEFAULT_PARSER.escape(string, OAuth::RESERVED_CHARACTERS)
+    end
+
+    def unescape(value)
+      URI::DEFAULT_PARSER.unescape(value.gsub('+', '%2B'))
     end
 
     # Generate a random key of up to +size+ bytes. The value returned is Base64 encoded with non-word
@@ -94,10 +102,6 @@ module OAuth
       Hash[*params.flatten]
     end
 
-    def unescape(value)
-      URI.unescape(value.gsub('+', '%2B'))
-    end
-
     def stringify_keys(hash)
       new_h = {}
       hash.each do |k, v|

data/lib/oauth/request_proxy/action_controller_request.rb

@@ -23,7 +23,7 @@ then # rails 3.x
     ActionDispatch::Request::HTTP_METHOD_LOOKUP["patch"] = :patch
   end
 
-else # rails 4.x - already has patch
+else # rails 4.x and later - already has patch
   require 'action_dispatch/http/request'
 end
 
@@ -60,7 +60,7 @@ module OAuth::RequestProxy
         params << header_params.to_query
         params << request.query_string unless query_string_blank?
 
-        if request.post? && request.content_type.to_s.downcase.start_with?("application/x-www-form-urlencoded")
+        if raw_post_signature?
           params << request.raw_post
         end
       end
@@ -72,6 +72,10 @@ module OAuth::RequestProxy
         reject { |kv| kv[0] == 'oauth_signature'}
     end
 
+    def raw_post_signature?
+      (request.post? || request.put?) && request.content_type.to_s.downcase.start_with?("application/x-www-form-urlencoded")
+    end
+
   protected
 
     def query_params

data/lib/oauth/request_proxy/action_dispatch_request.rb

@@ -0,0 +1,7 @@
+require 'oauth/request_proxy/rack_request'
+
+module OAuth::RequestProxy
+  class ActionDispatchRequest < OAuth::RequestProxy::RackRequest
+    proxies ActionDispatch::Request
+  end
+end

data/lib/oauth/request_proxy/base.rb

@@ -76,7 +76,7 @@ module OAuth::RequestProxy
     end
 
     def parameters_for_signature
-      parameters.reject { |k,v| k == "oauth_signature" || unsigned_parameters.include?(k)}
+      parameters.select { |k,v| not signature_and_unsigned_parameters.include?(k) }
     end
 
     def oauth_parameters
@@ -87,6 +87,10 @@ module OAuth::RequestProxy
       parameters.reject { |k,v| OAuth::PARAMETERS.include?(k) }
     end
 
+    def signature_and_unsigned_parameters
+      unsigned_parameters+["oauth_signature"]
+    end
+
     # See 9.1.2 in specs
     def normalized_uri
       u = URI.parse(uri)

data/lib/oauth/signature/hmac/sha256.rb

@@ -0,0 +1,17 @@
+require 'oauth/signature/base'
+
+module OAuth::Signature::HMAC
+  class SHA256 < OAuth::Signature::Base
+    implements 'hmac-sha256'
+
+    def body_hash
+      Base64.encode64(OpenSSL::Digest::SHA256.digest(request.body || '')).chomp.gsub(/\n/,'')
+    end
+
+    private
+
+    def digest
+      OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha256'), secret, signature_base_string)
+    end
+  end
+end

data/lib/oauth/tokens/request_token.rb

@@ -8,7 +8,14 @@ module OAuth
       return nil if self.token.nil?
 
       params = (params || {}).merge(:oauth_token => self.token)
-      build_authorize_url(consumer.authorize_url, params)
+      build_url(consumer.authorize_url, params)
+    end
+
+    def authenticate_url(params = nil)
+      return nil if self.token.nil?
+
+      params = (params || {}).merge(:oauth_token => self.token)
+      build_url(consumer.authenticate_url, params)
     end
 
     def callback_confirmed?
@@ -23,8 +30,8 @@ module OAuth
 
   protected
 
-    # construct an authorization url
-    def build_authorize_url(base_url, params)
+    # construct an authorization or authentication url
+    def build_url(base_url, params)
       uri = URI.parse(base_url.to_s)
       queries = {}
       queries = Hash[URI.decode_www_form(uri.query)] if uri.query

data/lib/oauth/version.rb

@@ -1,3 +1,3 @@
 module OAuth
-  VERSION = "0.5.1"
+  VERSION = "0.5.6"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: oauth
 version: !ruby/object:Gem::Version
-  version: 0.5.1
+  version: 0.5.6
 platform: ruby
 authors:
 - Pelle Braendgaard
@@ -15,7 +15,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-02-29 00:00:00.000000000 Z
+date: 2021-04-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
@@ -65,14 +65,14 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 4.0.2
+        version: '5.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 4.0.2
+        version: '5.0'
 - !ruby/object:Gem::Dependency
   name: iconv
   requirement: !ruby/object:Gem::Requirement
@@ -91,16 +91,16 @@ dependencies:
   name: rack
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '2.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: rack-test
   requirement: !ruby/object:Gem::Requirement
@@ -122,6 +122,9 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 0.9.12
+    - - "<="
+      - !ruby/object:Gem::Version
+        version: 1.1.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -129,6 +132,9 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 0.9.12
+    - - "<="
+      - !ruby/object:Gem::Version
+        version: 1.1.0
 - !ruby/object:Gem::Dependency
   name: typhoeus
   requirement: !ruby/object:Gem::Requirement
@@ -171,6 +177,62 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: codeclimate-test-reporter
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rest-client
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: 
 email: oauth-ruby@googlegroupspec.com
 executables:
@@ -187,13 +249,18 @@ files:
 - bin/oauth
 - lib/oauth.rb
 - lib/oauth/cli.rb
+- lib/oauth/cli/authorize_command.rb
+- lib/oauth/cli/base_command.rb
+- lib/oauth/cli/help_command.rb
+- lib/oauth/cli/query_command.rb
+- lib/oauth/cli/sign_command.rb
+- lib/oauth/cli/version_command.rb
 - lib/oauth/client.rb
 - lib/oauth/client/action_controller_request.rb
 - lib/oauth/client/em_http.rb
 - lib/oauth/client/helper.rb
 - lib/oauth/client/net_http.rb
 - lib/oauth/consumer.rb
-- lib/oauth/core_ext.rb
 - lib/oauth/errors.rb
 - lib/oauth/errors/error.rb
 - lib/oauth/errors/problem.rb
@@ -203,6 +270,7 @@ files:
 - lib/oauth/oauth_test_helper.rb
 - lib/oauth/request_proxy.rb
 - lib/oauth/request_proxy/action_controller_request.rb
+- lib/oauth/request_proxy/action_dispatch_request.rb
 - lib/oauth/request_proxy/base.rb
 - lib/oauth/request_proxy/curb_request.rb
 - lib/oauth/request_proxy/em_http_request.rb
@@ -216,6 +284,7 @@ files:
 - lib/oauth/signature.rb
 - lib/oauth/signature/base.rb
 - lib/oauth/signature/hmac/sha1.rb
+- lib/oauth/signature/hmac/sha256.rb
 - lib/oauth/signature/plaintext.rb
 - lib/oauth/signature/rsa/sha1.rb
 - lib/oauth/token.rb
@@ -225,38 +294,15 @@ files:
 - lib/oauth/tokens/server_token.rb
 - lib/oauth/tokens/token.rb
 - lib/oauth/version.rb
-- test/cases/oauth_case.rb
-- test/cases/spec/1_0-final/test_construct_request_url.rb
-- test/cases/spec/1_0-final/test_normalize_request_parameters.rb
-- test/cases/spec/1_0-final/test_parameter_encodings.rb
-- test/cases/spec/1_0-final/test_signature_base_strings.rb
-- test/integration/consumer_test.rb
-- test/test_access_token.rb
-- test/test_action_controller_request_proxy.rb
-- test/test_consumer.rb
-- test/test_curb_request_proxy.rb
-- test/test_em_http_client.rb
-- test/test_em_http_request_proxy.rb
-- test/test_helper.rb
-- test/test_hmac_sha1.rb
-- test/test_net_http_client.rb
-- test/test_net_http_request_proxy.rb
-- test/test_oauth_helper.rb
-- test/test_rack_request_proxy.rb
-- test/test_request_token.rb
-- test/test_rest_client_request_proxy.rb
-- test/test_rsa_sha1.rb
-- test/test_server.rb
-- test/test_signature.rb
-- test/test_signature_base.rb
-- test/test_signature_hmac_sha1.rb
-- test/test_signature_plain_text.rb
-- test/test_token.rb
-- test/test_typhoeus_request_proxy.rb
-homepage: 
+homepage: https://github.com/oauth-xx/oauth-ruby
 licenses:
 - MIT
-metadata: {}
+metadata:
+  bug_tracker_uri: https://github.com/oauth-xx/oauth-ruby/issues
+  changelog_uri: https://github.com/oauth-xx/oauth-ruby/blob/master/HISTORY
+  documentation_uri: https://rdoc.info/github/oauth-xx/oauth-ruby/master/frames
+  homepage_uri: https://github.com/oauth-xx/oauth-ruby
+  source_code_uri: https://github.com/oauth-xx/oauth-ruby
 post_install_message: 
 rdoc_options: []
 require_paths:
@@ -265,45 +311,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: '2.0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.5.1
+rubygems_version: 3.0.3
 signing_key: 
 specification_version: 4
 summary: OAuth Core Ruby implementation
-test_files:
-- test/test_rsa_sha1.rb
-- test/test_helper.rb
-- test/test_server.rb
-- test/test_em_http_client.rb
-- test/test_signature_hmac_sha1.rb
-- test/test_signature.rb
-- test/test_em_http_request_proxy.rb
-- test/test_net_http_client.rb
-- test/test_rest_client_request_proxy.rb
-- test/cases/oauth_case.rb
-- test/cases/spec/1_0-final/test_parameter_encodings.rb
-- test/cases/spec/1_0-final/test_signature_base_strings.rb
-- test/cases/spec/1_0-final/test_normalize_request_parameters.rb
-- test/cases/spec/1_0-final/test_construct_request_url.rb
-- test/test_hmac_sha1.rb
-- test/test_consumer.rb
-- test/test_rack_request_proxy.rb
-- test/test_signature_base.rb
-- test/test_typhoeus_request_proxy.rb
-- test/integration/consumer_test.rb
-- test/test_signature_plain_text.rb
-- test/test_curb_request_proxy.rb
-- test/test_token.rb
-- test/test_action_controller_request_proxy.rb
-- test/test_oauth_helper.rb
-- test/test_access_token.rb
-- test/test_request_token.rb
-- test/test_net_http_request_proxy.rb
-has_rdoc: 
+test_files: []