oauth 0.5.14 → 0.6.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (47) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +13 -31
  3. data/CONTRIBUTING.md +2 -2
  4. data/README.md +65 -61
  5. data/SECURITY.md +5 -13
  6. data/bin/oauth +8 -4
  7. data/lib/oauth/cli/authorize_command.rb +58 -54
  8. data/lib/oauth/cli/base_command.rb +163 -159
  9. data/lib/oauth/cli/help_command.rb +9 -5
  10. data/lib/oauth/cli/query_command.rb +26 -17
  11. data/lib/oauth/cli/sign_command.rb +58 -52
  12. data/lib/oauth/cli/version_command.rb +8 -4
  13. data/lib/oauth/cli.rb +2 -0
  14. data/lib/oauth/client/action_controller_request.rb +4 -1
  15. data/lib/oauth/client/em_http.rb +3 -1
  16. data/lib/oauth/client/helper.rb +76 -72
  17. data/lib/oauth/client/net_http.rb +111 -104
  18. data/lib/oauth/client.rb +2 -0
  19. data/lib/oauth/consumer.rb +50 -32
  20. data/lib/oauth/errors/error.rb +2 -0
  21. data/lib/oauth/errors/problem.rb +3 -0
  22. data/lib/oauth/errors/unauthorized.rb +4 -0
  23. data/lib/oauth/errors.rb +2 -0
  24. data/lib/oauth/helper.rb +9 -5
  25. data/lib/oauth/oauth.rb +4 -2
  26. data/lib/oauth/oauth_test_helper.rb +2 -0
  27. data/lib/oauth/request_proxy/base.rb +4 -4
  28. data/lib/oauth/request_proxy/mock_request.rb +1 -1
  29. data/lib/oauth/request_proxy/net_http.rb +8 -8
  30. data/lib/oauth/request_proxy/rest_client_request.rb +4 -3
  31. data/lib/oauth/request_proxy.rb +4 -1
  32. data/lib/oauth/server.rb +8 -4
  33. data/lib/oauth/signature/base.rb +73 -65
  34. data/lib/oauth/signature/hmac/sha1.rb +15 -9
  35. data/lib/oauth/signature/hmac/sha256.rb +15 -9
  36. data/lib/oauth/signature/plaintext.rb +18 -20
  37. data/lib/oauth/signature/rsa/sha1.rb +46 -38
  38. data/lib/oauth/signature.rb +3 -0
  39. data/lib/oauth/token.rb +2 -0
  40. data/lib/oauth/tokens/access_token.rb +2 -0
  41. data/lib/oauth/tokens/consumer_token.rb +2 -0
  42. data/lib/oauth/tokens/request_token.rb +5 -2
  43. data/lib/oauth/tokens/server_token.rb +2 -0
  44. data/lib/oauth/tokens/token.rb +2 -0
  45. data/lib/oauth/version.rb +5 -1
  46. data/lib/oauth.rb +8 -2
  47. metadata +28 -56
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 334e5edeb6b74be69160efd1cc960196392fcf985a62b8c710145ede65cd3415
4
- data.tar.gz: fae47eb03c869e02c8fa845ea4e1666e370eff8aa9892921772b0d4ebd7eb119
3
+ metadata.gz: 4bbf3f3a460e4b7cd04184248e8321897a3b6b1e7d7b46803f943fffdd512543
4
+ data.tar.gz: 6aec1401ce4db1d54b643a11aeab44604a46382151bcd43ba19914fbc0b7d705
5
5
  SHA512:
6
- metadata.gz: f537bd3debfe5141c04aa4346c2bc4f6eea15f743f3d0bacde99c9b3102d839d8ea58c3195e0b163056b28706cae3351208fc29fbd9e05e906890fe2927cdf39
7
- data.tar.gz: f2a8741d3e3d297dbacc2f974608939c7cd37b22631ad7001a14c7d6b67c4656c875c31442ec100fce1f84936086d72b35b2c330bd33708518e9dbf3539564bc
6
+ metadata.gz: 3df8309921280baa7577d3fcc5417c2408cd9b97c90f68ecb871a3ae3d7d42f7374417ca2a4d0002ef3a1a25325d16b7d3cdec52c771e78711e13dcfbd86309c
7
+ data.tar.gz: 0b36611a495fde3b0ec4116486a0d9122d2ab336681704d5baeebbb7cdd68710b420c98196c84d6ab43940beec662ec6d563dd799bea6117b4c3e58a854d16b3
data/CHANGELOG.md CHANGED
@@ -13,34 +13,19 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
13
13
 
14
14
  ### Removed
15
15
 
16
- ## [0.5.14] 2022-08-29
17
- The "hopeful last 0.5.x" Release
18
-
19
- ### Fixed
20
- * More typos fixed
21
-
22
- ## [0.5.13] 2022-08-23
23
- The "I think I caught 'em all!" Release
24
-
25
- ### Fixed
26
- * Typo oauth2 => oauth as gem name in one more place.
27
-
28
- ## [0.5.12] 2022-08-23
29
- The "Typoes are just the worst!" Release
30
-
31
- ### Fixed
32
- * Typo oauth2 => oauth as gem name in a couple places.
33
-
34
- ## [0.5.11] 2022-08-23
35
- The "Is this the last release with a silly name?" Release
36
-
16
+ ## [0.6.0] 2022-08-23
37
17
  ### Added
38
- * Post install note about EOL approaching in April, 2023
18
+ * New option `body_hash_enabled` which defaults to true to maintain backward compatibility with prior releases. Setting to `false` disables generation of a `oauth_body_hash` component as part of the signature computation.
19
+ * Improved documentation of support policy via Tidelift
20
+ * Stop testing against active_support v2
39
21
 
40
22
  ### Changed
41
- * Improved documentation
42
- * Switched branch references from master to main
43
- * CI builds are now all green!
23
+ * Utilize version_gem extracted from oauth2 gem for VERSION
24
+ * Added new `OAuth::Version` namespace
25
+ * VERSION constant now at `OAuth::Version::VERSION`
26
+
27
+ ### Removed
28
+ * Ruby 2.0, 2.1, 2.2, and 2.3 are no longer valid install targets
44
29
 
45
30
  ## [0.5.10] 2022-05-04
46
31
  The "Can it be the end of the line for 0.5.x?" Release
@@ -317,7 +302,7 @@ The "Can it be the end of the line for 0.5.x?" Release
317
302
 
318
303
  ## [0.3.4] 2009-05-06
319
304
  ### Changed
320
- * OAuth::Client::Helper uses OAuth::VERSION (chadisfaction)
305
+ * OAuth::Client::Helper uses OAuth::Version::VERSION (chadisfaction)
321
306
 
322
307
  ### Fixed
323
308
  * Fix OAuth::RequestProxy::ActionControllerRequest's handling of params (Tristan Groléat)
@@ -415,11 +400,8 @@ but please have a look at the unit tests.
415
400
  * Moved all non-Rails functionality from the Rails plugin:
416
401
  http://code.google.com/p/oauth-plugin/
417
402
 
418
- [Unreleased]: https://github.com/oauth-xx/oauth-ruby/compare/v0.5.14...v0.5-maintenance
419
- [0.5.14]: https://github.com/oauth-xx/oauth-ruby/releases/tag/v0.5.14
420
- [0.5.13]: https://github.com/oauth-xx/oauth-ruby/releases/tag/v0.5.13
421
- [0.5.12]: https://github.com/oauth-xx/oauth-ruby/releases/tag/v0.5.12
422
- [0.5.11]: https://github.com/oauth-xx/oauth-ruby/releases/tag/v0.5.11
403
+ [Unreleased]: https://github.com/oauth-xx/oauth-ruby/compare/v0.6.0...v0.6-maintenance
404
+ [0.6.0]: https://github.com/oauth-xx/oauth-ruby/releases/tag/v0.6.0
423
405
  [0.5.10]: https://github.com/oauth-xx/oauth-ruby/releases/tag/v0.5.10
424
406
  [0.5.9]: https://github.com/oauth-xx/oauth-ruby/releases/tag/v0.5.9
425
407
  [0.5.8]: https://github.com/oauth-xx/oauth-ruby/releases/tag/v0.5.8
data/CONTRIBUTING.md CHANGED
@@ -16,8 +16,8 @@ Made with [contributors-img][contrib-rocks].
16
16
 
17
17
  [comment]: <> (Following links are used by README, CONTRIBUTING, Homepage)
18
18
 
19
- [conduct]: https://github.com/oauth-xx/oauth-ruby/blob/main/CODE_OF_CONDUCT.md
20
- [contributing]: https://github.com/oauth-xx/oauth-ruby/blob/main/CONTRIBUTING.md
19
+ [conduct]: https://github.com/oauth-xx/oauth-ruby/blob/master/CODE_OF_CONDUCT.md
20
+ [contributing]: https://github.com/oauth-xx/oauth-ruby/blob/master/CONTRIBUTING.md
21
21
  [contributors]: https://github.com/oauth-xx/oauth-ruby/graphs/contributors
22
22
  [mailinglist]: http://groups.google.com/group/oauth-ruby
23
23
  [source]: https://github.com/oauth-xx/oauth-ruby/
data/README.md CHANGED
@@ -1,9 +1,9 @@
1
1
  <p align="center">
2
2
  <a href="http://oauth.net/core/1.0/" target="_blank" rel="noopener">
3
- <img width="124px" src="https://github.com/oauth-xx/oauth-ruby/raw/main/docs/images/logo/Oauth_logo.svg?raw=true" alt="OAuth 1.0 Logo by Chris Messina, CC BY-SA 3.0, via Wikimedia Commons">
3
+ <img width="124px" src="https://github.com/oauth-xx/oauth-ruby/raw/master/docs/images/logo/Oauth_logo.svg?raw=true" alt="OAuth 1.0 Logo by Chris Messina, CC BY-SA 3.0, via Wikimedia Commons">
4
4
  </a>
5
5
  <a href="https://www.ruby-lang.org/" target="_blank" rel="noopener">
6
- <img width="124px" src="https://github.com/oauth-xx/oauth-ruby/raw/main/docs/images/logo/ruby-logo-198px.svg?raw=true" alt="Yukihiro Matsumoto, Ruby Visual Identity Team, CC BY-SA 2.5">
6
+ <img width="124px" src="https://github.com/oauth-xx/oauth-ruby/raw/master/docs/images/logo/ruby-logo-198px.svg?raw=true" alt="Yukihiro Matsumoto, Ruby Visual Identity Team, CC BY-SA 2.5">
7
7
  </a>
8
8
  </p>
9
9
 
@@ -20,12 +20,6 @@ See the sibling `oauth2` gem for OAuth 2.0 implementations in Ruby.
20
20
  [oauth1-spec]: http://oauth.net/core/1.0/
21
21
  [sibling-gem]: https://github.com/oauth-xx/oauth-ruby
22
22
 
23
- **NOTE**
24
-
25
- This README, on branch `v0.5-maintenance`, targets 0.5.x series releases.
26
- The v0.5.x series of releases will be EOL no later than April, 2023.
27
- For later releases please see the `main` branch README.
28
-
29
23
  ## Status
30
24
 
31
25
  <!--
@@ -55,15 +49,15 @@ appended indicators:
55
49
  ♻️ - URL needs to be updated from SASS integration. Find / Replace is insufficient.
56
50
  -->
57
51
 
58
- | | Project | bundle add oauth |
59
- |:----|-----------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
60
- | 1️⃣ | name, license, docs | [![RubyGems.org][⛳️name-img]][⛳️gem] [![License: MIT][🖇src-license-img]][🖇src-license] [![FOSSA][🏘fossa-img]][🏘fossa] [![RubyDoc.info][🚎yard-img]][🚎yard] [![InchCI][🖐inch-ci-img]][🚎yard] |
61
- | 2️⃣ | version & activity | [![Gem Version][⛳️version-img]][⛳️gem] [![Total Downloads][🖇DL-total-img]][⛳️gem] [![Download Rank][🏘DL-rank-img]][⛳️gem] [![Source Code][🚎src-home-img]][🚎src-home] [![Open PRs][🖐prs-o-img]][🖐prs-o] [![Closed PRs][🧮prs-c-img]][🧮prs-c] |
62
- | 3️⃣ | maintenance & linting | [![Maintainability][⛳cclim-maint-img♻️]][⛳cclim-maint] [![Helpers][🖇triage-help-img]][🖇triage-help] [![Depfu][🏘depfu-img♻️]][🏘depfu♻️] [![Contributors][🚎contributors-img]][🚎contributors] [![Style][🖐style-wf-img]][🖐style-wf] [![Kloc Roll][🧮kloc-img]][🧮kloc] |
63
- | 4️⃣ | testing | [![Open Issues][⛳iss-o-img]][⛳iss-o] [![Closed Issues][🖇iss-c-img]][🖇iss-c] [![Supported][🏘sup-wf-img]][🏘sup-wf] [![Heads][🚎heads-wf-img]][🚎heads-wf] [![Unofficial Support][🖐uns-wf-img]][🖐uns-wf] [![MacOS][🧮mac-wf-img]][🧮mac-wf] [![Windows][📗win-wf-img]][📗win-wf] |
64
- | 5️⃣ | coverage & security | [![CodeClimate][⛳cclim-cov-img♻️]][⛳cclim-cov] [![CodeCov][🖇codecov-img♻️]][🖇codecov] [![Coveralls][🏘coveralls-img]][🏘coveralls] [![Security Policy][🚎sec-pol-img]][🚎sec-pol] [![CodeQL][🖐codeQL-img]][🖐codeQL] [![Code Coverage][🧮cov-wf-img]][🧮cov-wf] |
65
- | 6️⃣ | resources | [![Discussion][⛳gh-discussions-img]][⛳gh-discussions] [![Get help on Codementor][🖇codementor-img]][🖇codementor] [![Chat][🏘chat-img]][🏘chat] [![Blog][🚎blog-img]][🚎blog] [![Blog][🖐wiki-img]][🖐wiki] |
66
- | 7️⃣ | spread 💖 | [![Liberapay Patrons][⛳liberapay-img]][⛳liberapay] [![Sponsor Me][🖇sponsor-img]][🖇sponsor] [![Tweet @ Peter][🏘tweet-img]][🏘tweet] [🌏][aboutme] [👼][angelme] [💻][coderme] |
52
+ | | Project | bundle add oauth2 |
53
+ |:----|-----------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
54
+ | 1️⃣ | name, license, docs | [![RubyGems.org][⛳️name-img]][⛳️gem] [![License: MIT][🖇src-license-img]][🖇src-license] [![FOSSA][🏘fossa-img]][🏘fossa] [![RubyDoc.info][🚎yard-img]][🚎yard] [![InchCI][🖐inch-ci-img]][🚎yard] |
55
+ | 2️⃣ | version & activity | [![Gem Version][⛳️version-img]][⛳️gem] [![Total Downloads][🖇DL-total-img]][⛳️gem] [![Download Rank][🏘DL-rank-img]][⛳️gem] [![Source Code][🚎src-home-img]][🚎src-home] [![Open PRs][🖐prs-o-img]][🖐prs-o] [![Closed PRs][🧮prs-c-img]][🧮prs-c] <!--[![Next Version][📗next-img]][📗next]--> |
56
+ | 3️⃣ | maintenance & linting | [![Maintainability][⛳cclim-maint-img♻️]][⛳cclim-maint] [![Helpers][🖇triage-help-img]][🖇triage-help] [![Depfu][🏘depfu-img♻️]][🏘depfu♻️] [![Contributors][🚎contributors-img]][🚎contributors] [![Style][🖐style-wf-img]][🖐style-wf] [![Kloc Roll][🧮kloc-img]][🧮kloc] |
57
+ | 4️⃣ | testing | [![Open Issues][⛳iss-o-img]][⛳iss-o] [![Closed Issues][🖇iss-c-img]][🖇iss-c] [![Supported][🏘sup-wf-img]][🏘sup-wf] [![Heads][🚎heads-wf-img]][🚎heads-wf] [![Unofficial Support][🖐uns-wf-img]][🖐uns-wf] [![MacOS][🧮mac-wf-img]][🧮mac-wf] [![Windows][📗win-wf-img]][📗win-wf] |
58
+ | 5️⃣ | coverage & security | [![CodeClimate][⛳cclim-cov-img♻️]][⛳cclim-cov] [![CodeCov][🖇codecov-img♻️]][🖇codecov] [![Coveralls][🏘coveralls-img]][🏘coveralls] [![Security Policy][🚎sec-pol-img]][🚎sec-pol] [![CodeQL][🖐codeQL-img]][🖐codeQL] [![Code Coverage][🧮cov-wf-img]][🧮cov-wf] |
59
+ | 6️⃣ | resources | [![Discussion][⛳gh-discussions-img]][⛳gh-discussions] [![Get help on Codementor][🖇codementor-img]][🖇codementor] [![Chat][🏘chat-img]][🏘chat] [![Blog][🚎blog-img]][🚎blog] [![Blog][🖐wiki-img]][🖐wiki] |
60
+ | 7️⃣ | spread 💖 | [![Liberapay Patrons][⛳liberapay-img]][⛳liberapay] [![Sponsor Me][🖇sponsor-img]][🖇sponsor] [![Tweet @ Peter][🏘tweet-img]][🏘tweet] [🌏][aboutme] [👼][angelme] [💻][coderme] |
67
61
 
68
62
  <!--
69
63
  The link tokens in the following sections should be kept ordered by the row and badge numbering scheme
@@ -126,11 +120,11 @@ The link tokens in the following sections should be kept ordered by the row and
126
120
  <!-- 5️⃣ coverage & security -->
127
121
  [⛳cclim-cov]: https://codeclimate.com/github/oauth-xx/oauth-ruby/test_coverage
128
122
  [⛳cclim-cov-img♻️]: https://api.codeclimate.com/v1/badges/3cf23270c21e8791d788/test_coverage
129
- [🖇codecov-img♻️]: https://codecov.io/gh/oauth-xx/oauth-ruby/branch/main/graph/badge.svg?token=4ZNAWNxrf9
123
+ [🖇codecov-img♻️]: https://codecov.io/gh/oauth-xx/oauth-ruby/branch/master/graph/badge.svg?token=4ZNAWNxrf9
130
124
  [🖇codecov]: https://codecov.io/gh/oauth-xx/oauth-ruby
131
- [🏘coveralls]: https://coveralls.io/github/oauth-xx/oauth-ruby?branch=main
132
- [🏘coveralls-img]: https://coveralls.io/repos/github/oauth-xx/oauth-ruby/badge.svg?branch=main
133
- [🚎sec-pol]: https://github.com/oauth-xx/oauth-ruby/blob/main/SECURITY.md
125
+ [🏘coveralls]: https://coveralls.io/github/oauth-xx/oauth-ruby?branch=master
126
+ [🏘coveralls-img]: https://coveralls.io/repos/github/oauth-xx/oauth-ruby/badge.svg?branch=master
127
+ [🚎sec-pol]: https://github.com/oauth-xx/oauth-ruby/blob/master/SECURITY.md
134
128
  [🚎sec-pol-img]: https://img.shields.io/badge/security-policy-brightgreen.svg?style=flat
135
129
  [🖐codeQL]: https://github.com/oauth-xx/oauth-ruby/security/code-scanning
136
130
  [🖐codeQL-img]: https://github.com/oauth-xx/oauth-ruby/actions/workflows/codeql-analysis.yml/badge.svg
@@ -187,12 +181,14 @@ For more see [SECURITY.md][🚎sec-pol].
187
181
  ## Compatibility
188
182
 
189
183
  Targeted ruby compatibility is non-EOL versions of Ruby, currently 2.7, 3.0, and
190
- 3.1. Ruby is limited to 2.0+ in the gemspec on this `v0.5-maintenance` branch.
184
+ 3.1. Ruby is limited to 2.4+ in the gemspec, and this will change with minor version bumps,
185
+ while the gem is still in 0.x, in accordance with the SemVer spec.
191
186
 
192
- The `v0.6-maintenance` branch targets 0.6.x releases.
193
- See `v0.5-maintenance` branch for older rubies.
187
+ The `master` branch now targets 1.0.x releases.
188
+ See `v0.6-maintenance` branch for Ruby >= 2.4.
189
+ See `v0.5-maintenance` branch for Ruby >= 2.0.
194
190
 
195
- NOTE: No further releases of the 0.5.x series are anticipated.
191
+ NOTE: If there is another 0.5.x release it is anticipated to be the last of the 0.5.x series.
196
192
 
197
193
  <details>
198
194
  <summary>Ruby Engine Compatibility Policy</summary>
@@ -222,17 +218,18 @@ fashion. If critical issues for a particular implementation exist at the time
222
218
  of a major release, support for that Ruby version may be dropped.
223
219
  </details>
224
220
 
225
- | | Ruby OAuth Version | Maintenance Branch | 🚂 Compatibility | Official 💎 | Unofficial 💎 | Incidental 💎 |
226
- |:----|--------------------|--------------------|------------------------|----------------------|-------------------------|---------------|
227
- | 1️⃣ | 1.0.x | `main` | Rails 6, 7 | 2.7, 3.0, 3.1 | sorry, not sorry | nope |
228
- | 2️⃣ | 0.6.x | `v0.6-maintenance` | Rails 5, 6, 7 | 2.7, 3.0, 3.1 | 2.5, 2.6 | 2.4 |
229
- | 3️⃣ | 0.5.x | `v0.5-maintenance` | Rails 2, 3, 4, 5, 6, 7 | 2.7, 3.0, 3.1 | 2.2, 2.3, 2.4, 2.5, 2.6 | 2.0, 2.1 |
230
- | 4️⃣ | older | N/A | | Best of luck to you! | Please upgrade! | noop |
221
+ | | Ruby OAuth Version | Maintenance Branch | 🚂 Compatibility | Official 💎 | Unofficial 💎 | Incidental 💎 |
222
+ |:----|--------------------|--------------------|------------------------|----------------------|------------------------------|---------------|
223
+ | 1️⃣ | 1.0.x | `master` | Rails 6, 7 | 2.7, 3.0, 3.1 | sorry, not sorry | nope |
224
+ | 2️⃣ | 0.6.x | `v0.6-maintenance` | Rails 5, 6, 7 | 2.7, 3.0, 3.1 | 2.5, 2.6 | 2.4 |
225
+ | 3️⃣ | 0.5.x | `v0.5-maintenance` | Rails 2, 3, 4, 5, 6, 7 | 2.7, 3.0, 3.1 | 2.1, 2.2, 2.3, 2.4, 2.5, 2.6 | 2.0 |
226
+ | 4️⃣ | older | N/A | | Best of luck to you! | Please upgrade! | noop |
231
227
 
232
- NOTE: Support for version 0.5.x will end in April, 2023
233
228
  NOTE: Once 1.0 is released, the 0.x series will only receive critical bug and security updates.
234
229
  See [SECURITY.md][🚎sec-pol]
235
230
 
231
+ 🚂 NOTE: See notes on Rails in next section.
232
+
236
233
  ## Basics
237
234
 
238
235
  This is a ruby library which is intended to be used in creating Ruby Consumer
@@ -244,7 +241,7 @@ gem. After extraction that gem was made to depend on this gem.
244
241
 
245
242
  Unfortunately, this gem does have some Rails related bits that are
246
243
  **optional** to load. You don't need Rails! The Rails bits may be pulled out
247
- into a separate gem with the release of version 1.0 of this gem.
244
+ into a separate gem after the release of version 1.0 of this gem.
248
245
 
249
246
  ## Usage
250
247
 
@@ -257,38 +254,46 @@ callback_url = "http://127.0.0.1:3000/oauth/callback"
257
254
 
258
255
  Create a new `OAuth::Consumer` instance by passing it a configuration hash:
259
256
 
260
- oauth_consumer = OAuth::Consumer.new("key", "secret", :site => "https://agree2")
257
+ ```ruby
258
+ oauth_consumer = OAuth::Consumer.new("key", "secret", site: "https://agree2")
259
+ ```
261
260
 
262
261
  Start the process by requesting a token
263
262
 
264
- request_token = oauth_consumer.get_request_token(:oauth_callback => callback_url)
263
+ ```ruby
264
+ request_token = oauth_consumer.get_request_token(oauth_callback: callback_url)
265
265
 
266
- session[:token] = request_token.token
267
- session[:token_secret] = request_token.secret
268
- redirect_to request_token.authorize_url(:oauth_callback => callback_url)
266
+ session[:token] = request_token.token
267
+ session[:token_secret] = request_token.secret
268
+ redirect_to request_token.authorize_url(oauth_callback: callback_url)
269
+ ```
269
270
 
270
271
  When user returns create an access_token
271
272
 
272
- hash = { oauth_token: session[:token], oauth_token_secret: session[:token_secret]}
273
- request_token = OAuth::RequestToken.from_hash(oauth_consumer, hash)
274
- access_token = request_token.get_access_token
275
- # For 3-legged authorization, flow oauth_verifier is passed as param in callback
276
- # access_token = request_token.get_access_token(oauth_verifier: params[:oauth_verifier])
277
- @photos = access_token.get('/photos.xml')
273
+ ```ruby
274
+ hash = { oauth_token: session[:token], oauth_token_secret: session[:token_secret] }
275
+ request_token = OAuth::RequestToken.from_hash(oauth_consumer, hash)
276
+ access_token = request_token.get_access_token
277
+ # For 3-legged authorization, flow oauth_verifier is passed as param in callback
278
+ # access_token = request_token.get_access_token(oauth_verifier: params[:oauth_verifier])
279
+ @photos = access_token.get("/photos.xml")
280
+ ```
278
281
 
279
282
  Now that you have an access token, you can use Typhoeus to interact with the
280
283
  OAuth provider if you choose.
281
284
 
282
- require 'typhoeus'
283
- require 'oauth/request_proxy/typhoeus_request'
284
- oauth_params = {:consumer => oauth_consumer, :token => access_token}
285
- hydra = Typhoeus::Hydra.new
286
- req = Typhoeus::Request.new(uri, options) # :method needs to be specified in options
287
- oauth_helper = OAuth::Client::Helper.new(req, oauth_params.merge(:request_uri => uri))
288
- req.options[:headers].merge!({"Authorization" => oauth_helper.header}) # Signs the request
289
- hydra.queue(req)
290
- hydra.run
291
- @response = req.response
285
+ ```ruby
286
+ require "typhoeus"
287
+ require "oauth/request_proxy/typhoeus_request"
288
+ oauth_params = { consumer: oauth_consumer, token: access_token }
289
+ hydra = Typhoeus::Hydra.new
290
+ req = Typhoeus::Request.new(uri, options) # :method needs to be specified in options
291
+ oauth_helper = OAuth::Client::Helper.new(req, oauth_params.merge(request_uri: uri))
292
+ req.options[:headers]["Authorization"] = oauth_helper.header # Signs the request
293
+ hydra.queue(req)
294
+ hydra.run
295
+ @response = req.response
296
+ ```
292
297
 
293
298
  ## More Information
294
299
 
@@ -316,13 +321,12 @@ immediately released that restores compatibility. Breaking changes to the public
316
321
  major versions. Compatibility with a major and minor versions of Ruby will only be changed with a major version bump.
317
322
 
318
323
  As a result of this policy, you can (and should) specify a dependency on this gem using
319
- the [Pessimistic Version Constraint][pvc] with two digits of precision once it hits a 1.0 release.
320
- While on 0.x releases three digits of precision should be used.
324
+ the [Pessimistic Version Constraint][pvc] with two digits of precision.
321
325
 
322
326
  For example:
323
327
 
324
328
  ```ruby
325
- spec.add_dependency "oauth", "~> 0.5.14"
329
+ spec.add_dependency "oauth", "~> 0.6.0"
326
330
  ```
327
331
 
328
332
  ## License
@@ -340,8 +344,8 @@ Comments are welcome. Contact the [OAuth Ruby mailing list (Google Group)][maili
340
344
 
341
345
  [comment]: <> (Following links are used by README, CONTRIBUTING, Homepage)
342
346
 
343
- [conduct]: https://github.com/oauth-xx/oauth-ruby/blob/main/CODE_OF_CONDUCT.md
344
- [contributing]: https://github.com/oauth-xx/oauth-ruby/blob/main/CONTRIBUTING.md
347
+ [conduct]: https://github.com/oauth-xx/oauth-ruby/blob/master/CODE_OF_CONDUCT.md
348
+ [contributing]: https://github.com/oauth-xx/oauth-ruby/blob/master/CONTRIBUTING.md
345
349
  [contributors]: https://github.com/oauth-xx/oauth-ruby/graphs/contributors
346
350
  [mailinglist]: http://groups.google.com/group/oauth-ruby
347
351
  [source]: https://github.com/oauth-xx/oauth-ruby/
@@ -363,11 +367,11 @@ Comments are welcome. Contact the [OAuth Ruby mailing list (Google Group)][maili
363
367
  [followme-img]: https://img.shields.io/twitter/follow/galtzo.svg?style=social&label=Follow
364
368
  [gh_discussions]: https://github.com/oauth-xx/oauth-ruby/discussions
365
369
  [gh_sponsors]: https://github.com/sponsors/pboling
366
- [license]: https://github.com/oauth-xx/oauth-ruby/blob/main/LICENSE
370
+ [license]: https://github.com/oauth-xx/oauth-ruby/blob/master/LICENSE
367
371
  [license-ref]: https://opensource.org/licenses/MIT
368
372
  [liberapay_donate]: https://liberapay.com/pboling/donate
369
373
  [pvc]: http://guides.rubygems.org/patterns/#pessimistic-version-constraint
370
374
  [rubygems]: https://rubygems.org/gems/oauth
371
- [security]: https://github.com/oauth-xx/oauth-ruby/blob/main/SECURITY.md
375
+ [security]: https://github.com/oauth-xx/oauth-ruby/blob/master/SECURITY.md
372
376
  [semver]: http://semver.org/
373
377
  [tweetme]: http://twitter.com/galtzo
data/SECURITY.md CHANGED
@@ -2,21 +2,13 @@
2
2
 
3
3
  ## Supported Versions
4
4
 
5
- | Version | Supported |
6
- |---------|--------------------|
7
- | 0.6.x | :white_check_mark: |
8
- | 0.5.x | :white_check_mark: |
9
- | <= 0.5 | :x: |
10
-
11
- NOTE: Support for version 0.5.x will end in April, 2023
5
+ | Version | Supported |
6
+ |--------------------| ------------------ |
7
+ | 0.6.x (unreleased) | :white_check_mark: |
8
+ | 0.5.x | :white_check_mark: |
9
+ | <= 0.5 | :x: |
12
10
 
13
11
  ## Reporting a Vulnerability
14
12
 
15
13
  To report a security vulnerability, please use the [Tidelift security contact](https://tidelift.com/security).
16
14
  Tidelift will coordinate the fix and disclosure.
17
-
18
- ## OAuth for Enterprise
19
-
20
- Available as part of the Tidelift Subscription.
21
-
22
- The maintainers of oauth and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use. [Learn more.](https://tidelift.com/subscription/pkg/rubygems-oauth?utm_source=rubygems-oauth&utm_medium=referral&utm_campaign=enterprise&utm_term=repo)
data/bin/oauth CHANGED
@@ -1,11 +1,15 @@
1
1
  #!/usr/bin/env ruby
2
+ # frozen_string_literal: true
2
3
 
3
- require_relative "../lib/oauth"
4
+ require "oauth"
4
5
  require "oauth/cli"
5
6
 
6
- Signal.trap("INT") { puts; exit(1) } # don't dump a backtrace on a ^C
7
-
7
+ # don't dump a backtrace on a ^C
8
+ Signal.trap("INT") do
9
+ puts
10
+ exit(1)
11
+ end
8
12
  ARGV << "help" if ARGV.empty?
9
13
  command = ARGV.shift
10
14
 
11
- OAuth::CLI.new(STDOUT, STDIN, STDERR, command, ARGV).run
15
+ OAuth::CLI.new($stdout, $stdin, $stderr, command, ARGV).run
@@ -1,69 +1,73 @@
1
- class OAuth::CLI
2
- class AuthorizeCommand < BaseCommand
3
- def required_options
4
- [:uri]
5
- end
6
-
7
- def _run
8
- request_token = get_request_token
1
+ # frozen_string_literal: true
9
2
 
10
- if request_token.callback_confirmed?
11
- puts "Server appears to support OAuth 1.0a; enabling support."
12
- options[:version] = "1.0a"
3
+ module OAuth
4
+ class CLI
5
+ class AuthorizeCommand < BaseCommand
6
+ def required_options
7
+ [:uri]
13
8
  end
14
9
 
15
- puts "Please visit this url to authorize:"
16
- puts request_token.authorize_url
10
+ def _run
11
+ request_token = get_request_token
17
12
 
18
- # parameters for OAuth 1.0a
19
- oauth_verifier = ask_user_for_verifier
13
+ if request_token.callback_confirmed?
14
+ puts "Server appears to support OAuth 1.0a; enabling support."
15
+ options[:version] = "1.0a"
16
+ end
20
17
 
21
- verbosely_get_access_token(request_token, oauth_verifier)
22
- end
18
+ puts "Please visit this url to authorize:"
19
+ puts request_token.authorize_url
23
20
 
24
- def get_request_token
25
- consumer = get_consumer
26
- scope_options = options[:scope] ? { "scope" => options[:scope] } : {}
27
- consumer.get_request_token({ oauth_callback: options[:oauth_callback] }, scope_options)
28
- rescue OAuth::Unauthorized => e
29
- alert "A problem occurred while attempting to authorize:"
30
- alert e
31
- alert e.request.body
32
- end
21
+ # parameters for OAuth 1.0a
22
+ oauth_verifier = ask_user_for_verifier
33
23
 
34
- def get_consumer
35
- OAuth::Consumer.new \
36
- options[:oauth_consumer_key],
37
- options[:oauth_consumer_secret],
38
- access_token_url: options[:access_token_url],
39
- authorize_url: options[:authorize_url],
40
- request_token_url: options[:request_token_url],
41
- scheme: options[:scheme],
42
- http_method: options[:method].to_s.downcase.to_sym
43
- end
24
+ verbosely_get_access_token(request_token, oauth_verifier)
25
+ end
44
26
 
45
- def ask_user_for_verifier
46
- if options[:version] == "1.0a"
47
- puts "Please enter the verification code provided by the SP (oauth_verifier):"
48
- @stdin.gets.chomp
49
- else
50
- puts "Press return to continue..."
51
- @stdin.gets
52
- nil
27
+ def get_request_token
28
+ consumer = get_consumer
29
+ scope_options = options[:scope] ? { "scope" => options[:scope] } : {}
30
+ consumer.get_request_token({ oauth_callback: options[:oauth_callback] }, scope_options)
31
+ rescue OAuth::Unauthorized => e
32
+ alert "A problem occurred while attempting to authorize:"
33
+ alert e
34
+ alert e.request.body
35
+ end
36
+
37
+ def get_consumer
38
+ OAuth::Consumer.new \
39
+ options[:oauth_consumer_key],
40
+ options[:oauth_consumer_secret],
41
+ access_token_url: options[:access_token_url],
42
+ authorize_url: options[:authorize_url],
43
+ request_token_url: options[:request_token_url],
44
+ scheme: options[:scheme],
45
+ http_method: options[:method].to_s.downcase.to_sym
46
+ end
47
+
48
+ def ask_user_for_verifier
49
+ if options[:version] == "1.0a"
50
+ puts "Please enter the verification code provided by the SP (oauth_verifier):"
51
+ @stdin.gets.chomp
52
+ else
53
+ puts "Press return to continue..."
54
+ @stdin.gets
55
+ nil
56
+ end
53
57
  end
54
- end
55
58
 
56
- def verbosely_get_access_token(request_token, oauth_verifier)
57
- access_token = request_token.get_access_token(oauth_verifier: oauth_verifier)
59
+ def verbosely_get_access_token(request_token, oauth_verifier)
60
+ access_token = request_token.get_access_token(oauth_verifier: oauth_verifier)
58
61
 
59
- puts "Response:"
60
- access_token.params.each do |k, v|
61
- puts " #{k}: #{v}" unless k.is_a?(Symbol)
62
+ puts "Response:"
63
+ access_token.params.each do |k, v|
64
+ puts " #{k}: #{v}" unless k.is_a?(Symbol)
65
+ end
66
+ rescue OAuth::Unauthorized => e
67
+ alert "A problem occurred while attempting to obtain an access token:"
68
+ alert e
69
+ alert e.request.body
62
70
  end
63
- rescue OAuth::Unauthorized => e
64
- alert "A problem occurred while attempting to obtain an access token:"
65
- alert e
66
- alert e.request.body
67
71
  end
68
72
  end
69
73
  end