oauth 0.5.13 → 1.0.0

data/lib/oauth/helper.rb

@@ -1,9 +1,12 @@
+# frozen_string_literal: true
+
+require "time"
 require "openssl"
 require "base64"
 
 module OAuth
   module Helper
-    extend self
+    module_function
 
     # Escape +value+ by URL encoding all non-reserved character.
     #
@@ -30,7 +33,7 @@ module OAuth
 
     alias generate_nonce generate_key
 
-    def generate_timestamp #:nodoc:
+    def generate_timestamp # :nodoc:
       Time.now.to_i.to_s
     end
 
@@ -43,7 +46,8 @@ module OAuth
     # See Also: {OAuth core spec version 1.0, section 9.1.1}[http://oauth.net/core/1.0#rfc.section.9.1.1]
     def normalize(params)
       params.sort.map do |k, values|
-        if values.is_a?(Array)
+        case values
+        when Array
           # make sure the array has an element so we don't lose the key
           values << nil if values.empty?
           # multiple values were provided for a single key
@@ -54,7 +58,7 @@ module OAuth
               [escape(k), escape(v)].join("=")
             end
           end
-        elsif values.is_a?(Hash)
+        when Hash
           normalize_nested_query(values, k)
         else
           [escape(k), escape(values)].join("=")
@@ -99,7 +103,7 @@ module OAuth
         # strip and unescape
         val = unescape(v.strip)
         # strip quotes
-        val.sub(/^\"(.*)\"$/, '\1')
+        val.sub(/^"(.*)"$/, '\1')
       end
 
       # convert into a Hash

data/lib/oauth/oauth.rb

@@ -1,7 +1,9 @@
+# frozen_string_literal: true
+
 module OAuth
   # request tokens are passed between the consumer and the provider out of
   # band (i.e. callbacks cannot be used), per section 6.1.1
-  OUT_OF_BAND = "oob".freeze
+  OUT_OF_BAND = "oob"
 
   # required parameters, per sections 6.1.1, 6.3.1, and 7
   PARAMETERS = %w[oauth_callback oauth_consumer_key oauth_token
@@ -9,5 +11,5 @@ module OAuth
                   oauth_version oauth_signature oauth_body_hash].freeze
 
   # reserved character regexp, per section 5.1
-  RESERVED_CHARACTERS = /[^a-zA-Z0-9\-\.\_\~]/
+  RESERVED_CHARACTERS = /[^a-zA-Z0-9\-._~]/.freeze
 end

data/lib/oauth/oauth_test_helper.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require "action_controller"
 require "action_controller/test_process"
 

data/lib/oauth/request_proxy/action_controller_request.rb

@@ -1,36 +1,15 @@
 # frozen_string_literal: true
 
 require "active_support"
-require "active_support/version"
 require "action_controller"
 require "uri"
 
-if Gem::Version.new(ActiveSupport::VERSION::STRING) < Gem::Version.new("3")
-  # rails 2.x
-  require "action_controller/request"
-  unless ActionController::Request::HTTP_METHODS.include?("patch")
-    ActionController::Request::HTTP_METHODS << "patch"
-    ActionController::Request::HTTP_METHOD_LOOKUP["PATCH"] = :patch
-    ActionController::Request::HTTP_METHOD_LOOKUP["patch"] = :patch
-  end
-
-elsif Gem::Version.new(ActiveSupport::VERSION::STRING) < Gem::Version.new("4")
-  # rails 3.x
-  require "action_dispatch/http/request"
-  unless ActionDispatch::Request::HTTP_METHODS.include?("patch")
-    ActionDispatch::Request::HTTP_METHODS << "patch"
-    ActionDispatch::Request::HTTP_METHOD_LOOKUP["PATCH"] = :patch
-    ActionDispatch::Request::HTTP_METHOD_LOOKUP["patch"] = :patch
-  end
-
-else # rails 4.x and later - already has patch
-  require "action_dispatch/http/request"
-end
+require "action_dispatch/http/request"
 
 module OAuth
   module RequestProxy
     class ActionControllerRequest < OAuth::RequestProxy::Base
-      proxies(defined?(::ActionDispatch::AbstractRequest) ? ::ActionDispatch::AbstractRequest : ::ActionDispatch::Request)
+      proxies(::ActionDispatch::Request)
 
       def method
         request.method.to_s.upcase
@@ -50,7 +29,7 @@ module OAuth
         end
       end
 
-      # Override from OAuth::RequestProxy::Base to avoid roundtrip
+      # Override from OAuth::RequestProxy::Base to avoid round-trip
       # conversion to Hash or Array and thus preserve the original
       # parameter names
       def parameters_for_signature

data/lib/oauth/request_proxy/base.rb

@@ -83,11 +83,11 @@ module OAuth
       end
 
       def oauth_parameters
-        parameters.select { |k, _v| OAuth::PARAMETERS.include?(k) }.reject { |_k, v| v == "" }
+        parameters.select { |k, v| OAuth::PARAMETERS.include?(k) && !v.nil? && v != "" }
       end
 
       def non_oauth_parameters
-        parameters.reject { |k, _v| OAuth::PARAMETERS.include?(k) }
+        parameters.select { |k, _v| !OAuth::PARAMETERS.include?(k) }
       end
 
       def signature_and_unsigned_parameters
@@ -127,7 +127,7 @@ module OAuth
       end
 
       # URI, including OAuth parameters
-      def signed_uri(with_oauth = true)
+      def signed_uri(with_oauth: true)
         if signed?
           params = if with_oauth
                      parameters

data/lib/oauth/request_proxy/mock_request.rb

@@ -32,7 +32,7 @@ module OAuth
 
       def normalized_uri
         super
-      rescue
+      rescue StandardError
         # if this is a non-standard URI, it may not parse properly
         # in that case, assume that it's already been normalized
         uri

data/lib/oauth/request_proxy/net_http.rb

@@ -38,13 +38,11 @@ module OAuth
             request_params = CGI.parse(query_string)
             # request_params.each{|k,v| request_params[k] = [nil] if v == []}
 
-            if options[:parameters]
-              options[:parameters].each do |k, v|
-                if request_params.key?(k) && v
-                  request_params[k] << v
-                else
-                  request_params[k] = [v]
-                end
+            options[:parameters]&.each do |k, v|
+              if request_params.key?(k) && v
+                request_params[k] << v
+              else
+                request_params[k] = [v]
               end
             end
             request_params

data/lib/oauth/request_proxy/rest_client_request.rb

@@ -38,7 +38,8 @@ module OAuth
 
         def post_parameters
           # Post params are only used if posting form data
-          if method == "POST" || method == "PUT"
+          is_form_data = request.payload && request.payload.headers["Content-Type"] == "application/x-www-form-urlencoded"
+          if is_form_data && (method == "POST" || method == "PUT")
             OAuth::Helper.stringify_keys(query_string_to_hash(request.payload.to_s) || {})
           else
             {}
@@ -51,9 +52,9 @@ module OAuth
           query.split("&").inject({}) do |result, q|
             k, v = q.split("=")
             if !v.nil?
-              result.merge(k => v)
+              result.merge({ k => v })
             elsif !result.key?(k)
-              result.merge(k => true)
+              result.merge({ k => true })
             else
               result
             end

data/lib/oauth/request_proxy.rb

@@ -1,6 +1,8 @@
+# frozen_string_literal: true
+
 module OAuth
   module RequestProxy
-    def self.available_proxies #:nodoc:
+    def self.available_proxies # :nodoc:
       @available_proxies ||= {}
     end
 
@@ -16,6 +18,7 @@ module OAuth
       end
 
       raise UnknownRequestType, request.class.to_s unless klass
+
       klass.new(request, options)
     end
 

data/lib/oauth/server.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require "oauth/helper"
 require "oauth/consumer"
 
@@ -31,10 +33,12 @@ module OAuth
     def create_consumer
       creds = generate_credentials
       Consumer.new(creds[0], creds[1],
-                   site: base_url,
-                   request_token_path: request_token_path,
-                   authorize_path: authorize_path,
-                   access_token_path: access_token_path)
+                   {
+                     site: base_url,
+                     request_token_path: request_token_path,
+                     authorize_path: authorize_path,
+                     access_token_path: access_token_path
+                   })
     end
 
     def request_token_path

data/lib/oauth/signature/base.rb

@@ -1,97 +1,103 @@
+# frozen_string_literal: true
+
 require "oauth/signature"
 require "oauth/helper"
 require "oauth/request_proxy/base"
 require "base64"
 
-module OAuth::Signature
-  class Base
-    include OAuth::Helper
+module OAuth
+  module Signature
+    class Base
+      include OAuth::Helper
 
-    attr_accessor :options
-    attr_reader :token_secret, :consumer_secret, :request
+      attr_accessor :options
+      attr_reader :token_secret, :consumer_secret, :request
 
-    def self.implements(signature_method = nil)
-      return @implements if signature_method.nil?
-      @implements = signature_method
-      OAuth::Signature.available_methods[@implements] = self
-    end
+      def self.implements(signature_method = nil)
+        return @implements if signature_method.nil?
+
+        @implements = signature_method
+        OAuth::Signature.available_methods[@implements] = self
+      end
 
-    def initialize(request, options = {}, &block)
-      raise TypeError unless request.is_a?(OAuth::RequestProxy::Base)
-      @request = request
-      @options = options
+      def initialize(request, options = {}, &block)
+        raise TypeError unless request.is_a?(OAuth::RequestProxy::Base)
 
-      ## consumer secret was determined beforehand
+        @request = request
+        @options = options
 
-      @consumer_secret = options[:consumer].secret if options[:consumer]
+        ## consumer secret was determined beforehand
 
-      # presence of :consumer_secret option will override any Consumer that's provided
-      @consumer_secret = options[:consumer_secret] if options[:consumer_secret]
+        @consumer_secret = options[:consumer].secret if options[:consumer]
 
-      ## token secret was determined beforehand
+        # presence of :consumer_secret option will override any Consumer that's provided
+        @consumer_secret = options[:consumer_secret] if options[:consumer_secret]
 
-      @token_secret = options[:token].secret if options[:token]
+        ## token secret was determined beforehand
 
-      # presence of :token_secret option will override any Token that's provided
-      @token_secret = options[:token_secret] if options[:token_secret]
+        @token_secret = options[:token].secret if options[:token]
 
-      # override secrets based on the values returned from the block (if any)
-      if block_given?
-        # consumer secret and token secret need to be looked up based on pieces of the request
-        secrets = yield block.arity == 1 ? request : [token, consumer_key, nonce, request.timestamp]
-        if secrets.is_a?(Array) && secrets.size == 2
-          @token_secret = secrets[0]
-          @consumer_secret = secrets[1]
+        # presence of :token_secret option will override any Token that's provided
+        @token_secret = options[:token_secret] if options[:token_secret]
+
+        # override secrets based on the values returned from the block (if any)
+        if block
+          # consumer secret and token secret need to be looked up based on pieces of the request
+          secrets = yield block.arity == 1 ? request : [token, consumer_key, nonce, request.timestamp]
+          if secrets.is_a?(Array) && secrets.size == 2
+            @token_secret = secrets[0]
+            @consumer_secret = secrets[1]
+          end
         end
       end
-    end
 
-    def signature
-      Base64.encode64(digest).chomp.delete("\n")
-    end
+      def signature
+        Base64.encode64(digest).chomp.delete("\n")
+      end
 
-    def ==(cmp_signature)
-      check = signature.bytesize ^ cmp_signature.bytesize
-      signature.bytes.zip(cmp_signature.bytes) { |x, y| check |= x ^ y.to_i }
-      check.zero?
-    end
+      def ==(other)
+        check = signature.bytesize ^ other.bytesize
+        signature.bytes.zip(other.bytes) { |x, y| check |= x ^ y.to_i }
+        check.zero?
+      end
 
-    def verify
-      self == request.signature
-    end
+      def verify
+        self == request.signature
+      end
 
-    def signature_base_string
-      request.signature_base_string
-    end
+      def signature_base_string
+        request.signature_base_string
+      end
 
-    def body_hash
-      raise_instantiation_error
-    end
+      def body_hash
+        raise_instantiation_error
+      end
 
-    private
+      private
 
-    def token
-      request.token
-    end
+      def token
+        request.token
+      end
 
-    def consumer_key
-      request.consumer_key
-    end
+      def consumer_key
+        request.consumer_key
+      end
 
-    def nonce
-      request.nonce
-    end
+      def nonce
+        request.nonce
+      end
 
-    def secret
-      "#{escape(consumer_secret)}&#{escape(token_secret)}"
-    end
+      def secret
+        "#{escape(consumer_secret)}&#{escape(token_secret)}"
+      end
 
-    def digest
-      raise_instantiation_error
-    end
+      def digest
+        raise_instantiation_error
+      end
 
-    def raise_instantiation_error
-      raise NotImplementedError, "Cannot instantiate #{self.class.name} class directly."
+      def raise_instantiation_error
+        raise NotImplementedError, "Cannot instantiate #{self.class.name} class directly."
+      end
     end
   end
 end

data/lib/oauth/signature/hmac/sha1.rb

@@ -1,17 +1,23 @@
+# frozen_string_literal: true
+
 require "oauth/signature/base"
 
-module OAuth::Signature::HMAC
-  class SHA1 < OAuth::Signature::Base
-    implements "hmac-sha1"
+module OAuth
+  module Signature
+    module HMAC
+      class SHA1 < OAuth::Signature::Base
+        implements "hmac-sha1"
 
-    def body_hash
-      Base64.encode64(OpenSSL::Digest::SHA1.digest(request.body || "")).chomp.delete("\n")
-    end
+        def body_hash
+          Base64.encode64(OpenSSL::Digest.digest("SHA1", request.body || "")).chomp.delete("\n")
+        end
 
-    private
+        private
 
-    def digest
-      OpenSSL::HMAC.digest(OpenSSL::Digest.new("sha1"), secret, signature_base_string)
+        def digest
+          OpenSSL::HMAC.digest(OpenSSL::Digest.new("sha1"), secret, signature_base_string)
+        end
+      end
     end
   end
 end

data/lib/oauth/signature/hmac/sha256.rb

@@ -1,17 +1,23 @@
+# frozen_string_literal: true
+
 require "oauth/signature/base"
 
-module OAuth::Signature::HMAC
-  class SHA256 < OAuth::Signature::Base
-    implements "hmac-sha256"
+module OAuth
+  module Signature
+    module HMAC
+      class SHA256 < OAuth::Signature::Base
+        implements "hmac-sha256"
 
-    def body_hash
-      Base64.encode64(OpenSSL::Digest::SHA256.digest(request.body || "")).chomp.delete("\n")
-    end
+        def body_hash
+          Base64.encode64(OpenSSL::Digest.digest("SHA256", request.body || "")).chomp.delete("\n")
+        end
 
-    private
+        private
 
-    def digest
-      OpenSSL::HMAC.digest(OpenSSL::Digest.new("sha256"), secret, signature_base_string)
+        def digest
+          OpenSSL::HMAC.digest(OpenSSL::Digest.new("sha256"), secret, signature_base_string)
+        end
+      end
     end
   end
 end

data/lib/oauth/signature/plaintext.rb

@@ -1,29 +1,27 @@
-require "oauth/signature/base"
+# frozen_string_literal: true
 
-module OAuth::Signature
-  class PLAINTEXT < Base
-    implements "plaintext"
+require "oauth/signature/base"
 
-    def signature
-      signature_base_string
-    end
+module OAuth
+  module Signature
+    class PLAINTEXT < Base
+      implements "plaintext"
 
-    def ==(cmp_signature)
-      signature.to_s == cmp_signature.to_s
-    end
+      def signature
+        signature_base_string
+      end
 
-    def signature_base_string
-      secret
-    end
-
-    def body_hash
-      nil
-    end
+      def ==(other)
+        signature.to_s == other.to_s
+      end
 
-    private
+      def signature_base_string
+        secret
+      end
 
-    def secret
-      super
+      def body_hash
+        nil
+      end
     end
   end
 end

data/lib/oauth/signature/rsa/sha1.rb

@@ -1,50 +1,58 @@
-require "oauth/signature/base"
+# frozen_string_literal: true
 
-module OAuth::Signature::RSA
-  class SHA1 < OAuth::Signature::Base
-    implements "rsa-sha1"
+require "oauth/signature/base"
 
-    def ==(cmp_signature)
-      public_key.verify(OpenSSL::Digest::SHA1.new, Base64.decode64(cmp_signature.is_a?(Array) ? cmp_signature.first : cmp_signature), signature_base_string)
-    end
+module OAuth
+  module Signature
+    module RSA
+      class SHA1 < OAuth::Signature::Base
+        implements "rsa-sha1"
 
-    def public_key
-      if consumer_secret.is_a?(String)
-        decode_public_key
-      elsif consumer_secret.is_a?(OpenSSL::X509::Certificate)
-        consumer_secret.public_key
-      else
-        consumer_secret
-      end
-    end
+        def ==(other)
+          public_key.verify(OpenSSL::Digest.new("SHA1"),
+                            Base64.decode64(other.is_a?(Array) ? other.first : other), signature_base_string)
+        end
 
-    def body_hash
-      Base64.encode64(OpenSSL::Digest::SHA1.digest(request.body || "")).chomp.delete("\n")
-    end
+        def public_key
+          case consumer_secret
+          when String
+            decode_public_key
+          when OpenSSL::X509::Certificate
+            consumer_secret.public_key
+          else
+            consumer_secret
+          end
+        end
 
-    private
+        def body_hash
+          Base64.encode64(OpenSSL::Digest.digest("SHA1", request.body || "")).chomp.delete("\n")
+        end
 
-    def decode_public_key
-      case consumer_secret
-      when /-----BEGIN CERTIFICATE-----/
-        OpenSSL::X509::Certificate.new(consumer_secret).public_key
-      else
-        OpenSSL::PKey::RSA.new(consumer_secret)
-      end
-    end
+        private
 
-    def digest
-      private_key = OpenSSL::PKey::RSA.new(
-        if options[:private_key_file]
-          IO.read(options[:private_key_file])
-        elsif options[:private_key]
-          options[:private_key]
-        else
-          consumer_secret
+        def decode_public_key
+          case consumer_secret
+          when /-----BEGIN CERTIFICATE-----/
+            OpenSSL::X509::Certificate.new(consumer_secret).public_key
+          else
+            OpenSSL::PKey::RSA.new(consumer_secret)
+          end
         end
-      )
 
-      private_key.sign(OpenSSL::Digest::SHA1.new, signature_base_string)
+        def digest
+          private_key = OpenSSL::PKey::RSA.new(
+            if options[:private_key_file]
+              File.read(options[:private_key_file])
+            elsif options[:private_key]
+              options[:private_key]
+            else
+              consumer_secret
+            end
+          )
+
+          private_key.sign(OpenSSL::Digest.new("SHA1"), signature_base_string)
+        end
+      end
     end
   end
 end

data/lib/oauth/signature.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module OAuth
   module Signature
     # Returns a list of available signature methods
@@ -15,6 +17,7 @@ module OAuth
         ((c = request.options[:consumer]) && c.options[:signature_method]) ||
         "").downcase]
       raise UnknownSignatureMethod, request.signature_method unless klass
+
       klass.new(request, options, &block)
     end
 

data/lib/oauth/token.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # this exists for backwards-compatibility
 
 require "oauth/tokens/token"

data/lib/oauth/tokens/access_token.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module OAuth
   # The Access Token is used for the actual "real" web service calls that you perform against the server
   class AccessToken < ConsumerToken

data/lib/oauth/tokens/consumer_token.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module OAuth
   # Superclass for tokens used by OAuth Clients
   class ConsumerToken < Token