oauth 0.5.14 → 1.1.6

data/RUBOCOP.md

@@ -0,0 +1,71 @@
+# RuboCop Usage Guide
+
+## Overview
+
+A tale of two RuboCop plugin gems.
+
+### RuboCop Gradual
+
+This project uses `rubocop_gradual` instead of vanilla RuboCop for code style checking. The `rubocop_gradual` tool allows for gradual adoption of RuboCop rules by tracking violations in a lock file.
+
+### RuboCop LTS
+
+This project uses `rubocop-lts` to ensure, on a best-effort basis, compatibility with Ruby >= 1.9.2.
+RuboCop rules are meticulously configured by the `rubocop-lts` family of gems to ensure that a project is compatible with a specific version of Ruby. See: https://rubocop-lts.gitlab.io for more.
+
+## Checking RuboCop Violations
+
+To check for RuboCop violations in this project, always use:
+
+```bash
+bundle exec rake rubocop_gradual:check
+```
+
+**Do not use** the standard RuboCop commands like:
+- `bundle exec rubocop`
+- `rubocop`
+
+## Understanding the Lock File
+
+The `.rubocop_gradual.lock` file tracks all current RuboCop violations in the project. This allows the team to:
+
+1. Prevent new violations while gradually fixing existing ones
+2. Track progress on code style improvements
+3. Ensure CI builds don't fail due to pre-existing violations
+
+## Common Commands
+
+- **Check violations**
+    - `bundle exec rake rubocop_gradual`
+    - `bundle exec rake rubocop_gradual:check`
+- **(Safe) Autocorrect violations, and update lockfile if no new violations**
+  - `bundle exec rake rubocop_gradual:autocorrect`
+- **Force update the lock file (w/o autocorrect) to match violations present in code**
+  - `bundle exec rake rubocop_gradual:force_update`
+
+## Workflow
+
+1. Before submitting a PR, run `bundle exec rake rubocop_gradual:autocorrect`
+   a. or just the default `bundle exec rake`, as autocorrection is a pre-requisite of the default task.
+2. If there are new violations, either:
+   - Fix them in your code
+   - Run `bundle exec rake rubocop_gradual:force_update` to update the lock file (only for violations you can't fix immediately)
+3. Commit the updated `.rubocop_gradual.lock` file along with your changes
+
+## Never add inline RuboCop disables
+
+Do not add inline `rubocop:disable` / `rubocop:enable` comments anywhere in the codebase (including specs, except when following the few existing `rubocop:disable` patterns for a rule already being disabled elsewhere in the code). We handle exceptions in two supported ways:
+
+- Permanent/structural exceptions: prefer adjusting the RuboCop configuration (e.g., in `.rubocop.yml`) to exclude a rule for a path or file pattern when it makes sense project-wide.
+- Temporary exceptions while improving code: record the current violations in `.rubocop_gradual.lock` via the gradual workflow:
+  - `bundle exec rake rubocop_gradual:autocorrect` (preferred; will autocorrect what it can and update the lock only if no new violations were introduced)
+  - If needed, `bundle exec rake rubocop_gradual:force_update` (as a last resort when you cannot fix the newly reported violations immediately)
+
+In general, treat the rules as guidance to follow; fix violations rather than ignore them. For example, RSpec conventions in this project expect `described_class` to be used in specs that target a specific class under test.
+
+## Benefits of rubocop_gradual
+
+- Allows incremental adoption of code style rules
+- Prevents CI failures due to pre-existing violations
+- Provides a clear record of code style debt
+- Enables focused efforts on improving code quality over time

data/SECURITY.md

@@ -2,21 +2,20 @@
 
 ## Supported Versions
 
-| Version | Supported          |
-|---------|--------------------|
-| 0.6.x   | :white_check_mark: |
-| 0.5.x   | :white_check_mark: |
-| <= 0.5  | :x:                |
+| Version  | Supported |
+|----------|-----------|
+| 1.1.latest | ✅         |
 
-NOTE: Support for version 0.5.x will end in April, 2023
+## Security contact information
 
-## Reporting a Vulnerability
-
-To report a security vulnerability, please use the [Tidelift security contact](https://tidelift.com/security).
+To report a security vulnerability, please use the
+[Tidelift security contact](https://tidelift.com/security).
 Tidelift will coordinate the fix and disclosure.
 
-## OAuth for Enterprise
+## Additional Support
 
-Available as part of the Tidelift Subscription.
+If you are interested in support for versions older than the latest release,
+please consider sponsoring the project / maintainer @ https://liberapay.com/pboling/donate,
+or find other sponsorship links in the [README].
 
-The maintainers of oauth and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use. [Learn more.](https://tidelift.com/subscription/pkg/rubygems-oauth?utm_source=rubygems-oauth&utm_medium=referral&utm_campaign=enterprise&utm_term=repo)
+[README]: README.md

data/certs/pboling.pem

@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIEgDCCAuigAwIBAgIBATANBgkqhkiG9w0BAQsFADBDMRUwEwYDVQQDDAxwZXRl
+ci5ib2xpbmcxFTATBgoJkiaJk/IsZAEZFgVnbWFpbDETMBEGCgmSJomT8ixkARkW
+A2NvbTAeFw0yNTA1MDQxNTMzMDlaFw00NTA0MjkxNTMzMDlaMEMxFTATBgNVBAMM
+DHBldGVyLmJvbGluZzEVMBMGCgmSJomT8ixkARkWBWdtYWlsMRMwEQYKCZImiZPy
+LGQBGRYDY29tMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAruUoo0WA
+uoNuq6puKWYeRYiZekz/nsDeK5x/0IEirzcCEvaHr3Bmz7rjo1I6On3gGKmiZs61
+LRmQ3oxy77ydmkGTXBjruJB+pQEn7UfLSgQ0xa1/X3kdBZt6RmabFlBxnHkoaGY5
+mZuZ5+Z7walmv6sFD9ajhzj+oIgwWfnEHkXYTR8I6VLN7MRRKGMPoZ/yvOmxb2DN
+coEEHWKO9CvgYpW7asIihl/9GMpKiRkcYPm9dGQzZc6uTwom1COfW0+ZOFrDVBuV
+FMQRPswZcY4Wlq0uEBLPU7hxnCL9nKK6Y9IhdDcz1mY6HZ91WImNslOSI0S8hRpj
+yGOWxQIhBT3fqCBlRIqFQBudrnD9jSNpSGsFvbEijd5ns7Z9ZMehXkXDycpGAUj1
+to/5cuTWWw1JqUWrKJYoifnVhtE1o1DZ+LkPtWxHtz5kjDG/zR3MG0Ula0UOavlD
+qbnbcXPBnwXtTFeZ3C+yrWpE4pGnl3yGkZj9SMTlo9qnTMiPmuWKQDatAgMBAAGj
+fzB9MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgSwMB0GA1UdDgQWBBQE8uWvNbPVNRXZ
+HlgPbc2PCzC4bjAhBgNVHREEGjAYgRZwZXRlci5ib2xpbmdAZ21haWwuY29tMCEG
+A1UdEgQaMBiBFnBldGVyLmJvbGluZ0BnbWFpbC5jb20wDQYJKoZIhvcNAQELBQAD
+ggGBAJbnUwfJQFPkBgH9cL7hoBfRtmWiCvdqdjeTmi04u8zVNCUox0A4gT982DE9
+wmuN12LpdajxZONqbXuzZvc+nb0StFwmFYZG6iDwaf4BPywm2e/Vmq0YG45vZXGR
+L8yMDSK1cQXjmA+ZBKOHKWavxP6Vp7lWvjAhz8RFwqF9GuNIdhv9NpnCAWcMZtpm
+GUPyIWw/Cw/2wZp74QzZj6Npx+LdXoLTF1HMSJXZ7/pkxLCsB8m4EFVdb/IrW/0k
+kNSfjtAfBHO8nLGuqQZVH9IBD1i9K6aSs7pT6TW8itXUIlkIUI2tg5YzW6OFfPzq
+QekSkX3lZfY+HTSp/o+YvKkqWLUV7PQ7xh1ZYDtocpaHwgxe/j3bBqHE+CUPH2vA
+0V/FwdTRWcwsjVoOJTrYcff8pBZ8r2MvtAc54xfnnhGFzeRHfcltobgFxkAXdE6p
+DVjBtqT23eugOqQ73umLcYDZkc36vnqGxUBSsXrzY9pzV5gGr2I8YUxMqf6ATrZt
+L9nRqA==
+-----END CERTIFICATE-----

data/lib/oauth/auth_sanitizer.rb

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+module OAuth
+  AUTH_SANITIZER = begin
+    auth_sanitizer_requirement = Gem::Requirement.new("~> 0.1", ">= 0.1.3")
+    auth_sanitizer_spec = Gem.loaded_specs["auth-sanitizer"]
+    unless auth_sanitizer_spec && auth_sanitizer_requirement.satisfied_by?(auth_sanitizer_spec.version)
+      # :nocov:
+      auth_sanitizer_spec = Gem::Specification.find_by_name("auth-sanitizer", auth_sanitizer_requirement)
+      # :nocov:
+    end
+
+    auth_sanitizer_loader_path = File.join(
+      auth_sanitizer_spec.full_gem_path,
+      "lib/auth_sanitizer/loader.rb",
+    )
+    unless File.file?(auth_sanitizer_loader_path)
+      # :nocov:
+      raise LoadError, "oauth requires auth-sanitizer #{auth_sanitizer_requirement}; " \
+        "loader not found at #{auth_sanitizer_loader_path}"
+      # :nocov:
+    end
+
+    auth_sanitizer_loader_namespace = Module.new
+    auth_sanitizer_loader_namespace.module_eval(
+      File.read(auth_sanitizer_loader_path),
+      auth_sanitizer_loader_path,
+      1,
+    )
+
+    auth_sanitizer_loader_namespace
+      .const_get(:AuthSanitizer)
+      .const_get(:Loader)
+      .load_isolated
+  end
+end

data/lib/oauth/client/action_controller_request.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 if defined? ActionDispatch
   require "oauth/request_proxy/rack_request"
   require "oauth/request_proxy/action_dispatch_request"
@@ -24,27 +26,36 @@ module ActionController
   end
 
   class TestRequest
+    OAUTH_ENABLED_KEY = :oauth_action_controller_test_request_use_oauth
+
     class << self
-      attr_writer :use_oauth
-    end
+      def use_oauth=(value)
+        Thread.current[OAUTH_ENABLED_KEY] = value
+      end
 
-    def self.use_oauth?
-      @use_oauth
+      def use_oauth?
+        Thread.current[OAUTH_ENABLED_KEY]
+      end
     end
 
     def configure_oauth(consumer = nil, token = nil, options = {})
-      @oauth_options = { consumer: consumer,
-                         token: token,
-                         scheme: "header",
-                         signature_method: nil,
-                         nonce: nil,
-                         timestamp: nil }.merge(options)
+      @oauth_options = {
+        consumer: consumer,
+        token: token,
+        scheme: "header",
+        signature_method: nil,
+        nonce: nil,
+        timestamp: nil,
+      }.merge(options)
     end
 
     def apply_oauth!
       return unless ActionController::TestRequest.use_oauth? && @oauth_options
 
-      @oauth_helper = OAuth::Client::Helper.new(self, @oauth_options.merge(request_uri: (respond_to?(:fullpath) ? fullpath : request_uri)))
+      @oauth_helper = OAuth::Client::Helper.new(
+        self,
+        @oauth_options.merge(request_uri: (respond_to?(:fullpath) ? fullpath : request_uri)),
+      )
       @oauth_helper.amend_user_agent_header(env)
 
       send("set_oauth_#{@oauth_options[:scheme]}")
@@ -59,6 +70,7 @@ module ActionController
       @query_parameters.merge!(oauth_signature: @oauth_helper.signature)
     end
 
-    def set_oauth_query_string; end
+    def set_oauth_query_string
+    end
   end
 end

data/lib/oauth/client/em_http.rb

@@ -1,119 +1,126 @@
-require "em-http"
+# frozen_string_literal: true
+
 require "oauth/helper"
-require "oauth/request_proxy/em_http_request"
+require "oauth/optional"
 
-# Extensions for em-http so that we can use consumer.sign! with an EventMachine::HttpClient
-# instance. This is purely syntactic sugar.
-module EventMachine
-  class HttpClient
-    attr_reader :oauth_helper
+if OAuth::Optional.em_http_available?
+  require "oauth/request_proxy/em_http_request"
 
-    # Add the OAuth information to an HTTP request. Depending on the <tt>options[:scheme]</tt> setting
-    # this may add a header, additional query string parameters, or additional POST body parameters.
-    # The default scheme is +header+, in which the OAuth parameters as put into the +Authorization+
-    # header.
-    #
-    # * http - Configured Net::HTTP instance, ignored in this scenario except for getting host.
-    # * consumer - OAuth::Consumer instance
-    # * token - OAuth::Token instance
-    # * options - Request-specific options (e.g. +request_uri+, +consumer+, +token+, +scheme+,
-    #   +signature_method+, +nonce+, +timestamp+)
-    #
-    # This method also modifies the <tt>User-Agent</tt> header to add the OAuth gem version.
-    #
-    # See Also: {OAuth core spec version 1.0, section 5.4.1}[http://oauth.net/core/1.0#rfc.section.5.4.1]
-    def oauth!(http, consumer = nil, token = nil, options = {})
-      options = { request_uri: normalized_oauth_uri(http),
-                  consumer: consumer,
-                  token: token,
-                  scheme: "header",
-                  signature_method: nil,
-                  nonce: nil,
-                  timestamp: nil }.merge(options)
+  # Extensions for em-http so that we can use consumer.sign! with an EventMachine::HttpClient
+  # instance. This is purely syntactic sugar.
+  module EventMachine
+    class HttpClient
+      attr_reader :oauth_helper
 
-      @oauth_helper = OAuth::Client::Helper.new(self, options)
-      __send__(:"set_oauth_#{options[:scheme]}")
-    end
+      # Add the OAuth information to an HTTP request. Depending on the <tt>options[:scheme]</tt> setting
+      # this may add a header, additional query string parameters, or additional POST body parameters.
+      # The default scheme is +header+, in which the OAuth parameters as put into the +Authorization+
+      # header.
+      #
+      # * http - Configured Net::HTTP instance, ignored in this scenario except for getting host.
+      # * consumer - OAuth::Consumer instance
+      # * token - OAuth::Token instance
+      # * options - Request-specific options (e.g. +request_uri+, +consumer+, +token+, +scheme+,
+      #   +signature_method+, +nonce+, +timestamp+)
+      #
+      # This method also modifies the <tt>User-Agent</tt> header to add the OAuth gem version.
+      #
+      # See Also: {OAuth core spec version 1.0, section 5.4.1}[http://oauth.net/core/1.0#rfc.section.5.4.1]
+      def oauth!(http, consumer = nil, token = nil, options = {})
+        options = {
+          request_uri: normalized_oauth_uri(http),
+          consumer: consumer,
+          token: token,
+          scheme: "header",
+          signature_method: nil,
+          nonce: nil,
+          timestamp: nil,
+        }.merge(options)
 
-    # Create a string suitable for signing for an HTTP request. This process involves parameter
-    # normalization as specified in the OAuth specification. The exact normalization also depends
-    # on the <tt>options[:scheme]</tt> being used so this must match what will be used for the request
-    # itself. The default scheme is +header+, in which the OAuth parameters as put into the +Authorization+
-    # header.
-    #
-    # * http - Configured Net::HTTP instance
-    # * consumer - OAuth::Consumer instance
-    # * token - OAuth::Token instance
-    # * options - Request-specific options (e.g. +request_uri+, +consumer+, +token+, +scheme+,
-    #   +signature_method+, +nonce+, +timestamp+)
-    #
-    # See Also: {OAuth core spec version 1.0, section 9.1.1}[http://oauth.net/core/1.0#rfc.section.9.1.1]
-    def signature_base_string(http, consumer = nil, token = nil, options = {})
-      options = { request_uri: normalized_oauth_uri(http),
-                  consumer: consumer,
-                  token: token,
-                  scheme: "header",
-                  signature_method: nil,
-                  nonce: nil,
-                  timestamp: nil }.merge(options)
+        @oauth_helper = OAuth::Client::Helper.new(self, options)
+        __send__(:"set_oauth_#{options[:scheme]}")
+      end
 
-      OAuth::Client::Helper.new(self, options).signature_base_string
-    end
+      # Create a string suitable for signing for an HTTP request. This process involves parameter
+      # normalization as specified in the OAuth specification. The exact normalization also depends
+      # on the <tt>options[:scheme]</tt> being used so this must match what will be used for the request
+      # itself. The default scheme is +header+, in which the OAuth parameters as put into the +Authorization+
+      # header.
+      #
+      # * http - Configured Net::HTTP instance
+      # * consumer - OAuth::Consumer instance
+      # * token - OAuth::Token instance
+      # * options - Request-specific options (e.g. +request_uri+, +consumer+, +token+, +scheme+,
+      #   +signature_method+, +nonce+, +timestamp+)
+      #
+      # See Also: {OAuth core spec version 1.0, section 9.1.1}[http://oauth.net/core/1.0#rfc.section.9.1.1]
+      def signature_base_string(http, consumer = nil, token = nil, options = {})
+        options = {
+          request_uri: normalized_oauth_uri(http),
+          consumer: consumer,
+          token: token,
+          scheme: "header",
+          signature_method: nil,
+          nonce: nil,
+          timestamp: nil,
+        }.merge(options)
 
-    # This code was lifted from the em-http-request because it was removed from
-    # the gem June 19, 2010
-    # see: http://github.com/igrigorik/em-http-request/commit/d536fc17d56dbe55c487eab01e2ff9382a62598b
-    def normalize_uri
-      @normalized_uri ||= begin
-        uri = @conn.dup
-        encoded_query = encode_query(@conn, @req[:query])
-        path, query = encoded_query.split("?", 2)
-        uri.query = query unless encoded_query.empty?
-        uri.path  = path
-        uri
+        OAuth::Client::Helper.new(self, options).signature_base_string
       end
-    end
-
-    protected
 
-    def combine_query(path, query, uri_query)
-      combined_query = if query.is_a?(Hash)
-                         query.map { |k, v| encode_param(k, v) }.join("&")
-                       else
-                         query.to_s
+      # This code was lifted from the em-http-request because it was removed from
+      # the gem June 19, 2010
+      # see: http://github.com/igrigorik/em-http-request/commit/d536fc17d56dbe55c487eab01e2ff9382a62598b
+      def normalize_uri
+        @normalized_uri ||= begin
+          uri = @conn.dup
+          encoded_query = encode_query(@conn, @req[:query])
+          path, query = encoded_query.split("?", 2)
+          uri.query = query unless encoded_query.empty?
+          uri.path = path
+          uri
+        end
       end
-      unless uri_query.to_s.empty?
-        combined_query = [combined_query, uri_query].reject(&:empty?).join("&")
+
+      protected
+
+      def combine_query(path, query, uri_query)
+        combined_query = if query.is_a?(Hash)
+          query.map { |k, v| encode_param(k, v) }.join("&")
+        else
+          query.to_s
+        end
+        combined_query = [combined_query, uri_query].reject(&:empty?).join("&") unless uri_query.to_s.empty?
+        combined_query.to_s.empty? ? path : "#{path}?#{combined_query}"
       end
-      combined_query.to_s.empty? ? path : "#{path}?#{combined_query}"
-    end
 
-    # Since we expect to get the host etc details from the http instance (...),
-    # we create a fake url here. Surely this is a horrible, horrible idea?
-    def normalized_oauth_uri(http)
-      uri = URI.parse(normalize_uri.path)
-      uri.host = http.address
-      uri.port = http.port
+      # Since we expect to get the host etc details from the http instance (...),
+      # we create a fake url here. Surely this is a horrible, horrible idea?
+      def normalized_oauth_uri(http)
+        uri = URI.parse(normalize_uri.path)
+        uri.host = http.address
+        uri.port = http.port
 
-      uri.scheme = if http.respond_to?(:use_ssl?) && http.use_ssl?
-                     "https"
-                   else
-                     "http"
-                   end
-      uri.to_s
-    end
+        uri.scheme = if http.respond_to?(:use_ssl?) && http.use_ssl?
+          "https"
+        else
+          "http"
+        end
+        uri.to_s
+      end
 
-    def set_oauth_header
-      req[:head] ||= {}
-      req[:head].merge!("Authorization" => @oauth_helper.header)
-    end
+      def set_oauth_header
+        req[:head] ||= {}
+        req[:head].merge!("Authorization" => @oauth_helper.header)
+      end
 
-    def set_oauth_body
-      raise NotImplementedError, "please use the set_oauth_header method instead"
-    end
+      def set_oauth_body
+        raise NotImplementedError, "please use the set_oauth_header method instead"
+      end
 
-    def set_oauth_query_string
-      raise NotImplementedError, "please use the set_oauth_header method instead"
+      def set_oauth_query_string
+        raise NotImplementedError, "please use the set_oauth_header method instead"
+      end
     end
   end
 end

data/lib/oauth/client/helper.rb

@@ -1,98 +1,106 @@
+# frozen_string_literal: true
+
 require "oauth/client"
 require "oauth/consumer"
 require "oauth/helper"
 require "oauth/token"
 require "oauth/signature/hmac/sha1"
 
-module OAuth::Client
-  class Helper
-    include OAuth::Helper
+module OAuth
+  module Client
+    class Helper
+      include OAuth::Helper
 
-    def initialize(request, options = {})
-      @request = request
-      @options = options
-      @options[:signature_method] ||= "HMAC-SHA1"
-    end
+      def initialize(request, options = {})
+        @request = request
+        @options = options
+        @options[:signature_method] ||= "HMAC-SHA1"
+      end
 
-    attr_reader :options
+      attr_reader :options
 
-    def nonce
-      options[:nonce] ||= generate_key
-    end
+      def nonce
+        options[:nonce] ||= generate_key
+      end
 
-    def timestamp
-      options[:timestamp] ||= generate_timestamp
-    end
+      def timestamp
+        options[:timestamp] ||= generate_timestamp
+      end
 
-    def oauth_parameters
-      out = {
-        "oauth_body_hash"        => options[:body_hash],
-        "oauth_callback"         => options[:oauth_callback],
-        "oauth_consumer_key"     => options[:consumer].key,
-        "oauth_token"            => options[:token] ? options[:token].token : "",
-        "oauth_signature_method" => options[:signature_method],
-        "oauth_timestamp"        => timestamp,
-        "oauth_nonce"            => nonce,
-        "oauth_verifier"         => options[:oauth_verifier],
-        "oauth_version"          => (options[:oauth_version] || "1.0"),
-        "oauth_session_handle"   => options[:oauth_session_handle]
-      }
-      allowed_empty_params = options[:allow_empty_params]
-      if allowed_empty_params != true && !allowed_empty_params.is_a?(Array)
-        allowed_empty_params = allowed_empty_params == false ? [] : [allowed_empty_params]
+      def oauth_parameters
+        out = {
+          "oauth_body_hash" => options[:body_hash],
+          "oauth_callback" => options[:oauth_callback],
+          "oauth_consumer_key" => options[:consumer].key,
+          "oauth_token" => options[:token] ? options[:token].token : "",
+          "oauth_signature_method" => options[:signature_method],
+          "oauth_timestamp" => timestamp,
+          "oauth_nonce" => nonce,
+          "oauth_verifier" => options[:oauth_verifier],
+          "oauth_version" => options[:oauth_version] || "1.0",
+          "oauth_session_handle" => options[:oauth_session_handle],
+        }
+        allowed_empty_params = options[:allow_empty_params]
+        if allowed_empty_params != true && !allowed_empty_params.is_a?(Array)
+          allowed_empty_params = (allowed_empty_params == false) ? [] : [allowed_empty_params]
+        end
+        out.select! { |k, v| v.to_s != "" || allowed_empty_params == true || allowed_empty_params.include?(k) }
+        out
       end
-      out.select! { |k, v| v.to_s != "" || allowed_empty_params == true || allowed_empty_params.include?(k) }
-      out
-    end
 
-    def signature(extra_options = {})
-      OAuth::Signature.sign(@request, { uri: options[:request_uri],
-                                        consumer: options[:consumer],
-                                        token: options[:token],
-                                        unsigned_parameters: options[:unsigned_parameters] }.merge(extra_options))
-    end
+      def signature(extra_options = {})
+        OAuth::Signature.sign(@request, {
+          uri: options[:request_uri],
+          consumer: options[:consumer],
+          token: options[:token],
+          unsigned_parameters: options[:unsigned_parameters],
+        }.merge(extra_options))
+      end
 
-    def signature_base_string(extra_options = {})
-      OAuth::Signature.signature_base_string(@request, { uri: options[:request_uri],
-                                                         consumer: options[:consumer],
-                                                         token: options[:token],
-                                                         parameters: oauth_parameters }.merge(extra_options))
-    end
+      def signature_base_string(extra_options = {})
+        OAuth::Signature.signature_base_string(@request, {
+          uri: options[:request_uri],
+          consumer: options[:consumer],
+          token: options[:token],
+          parameters: oauth_parameters,
+        }.merge(extra_options))
+      end
 
-    def token_request?
-      @options[:token_request].eql?(true)
-    end
+      def token_request?
+        @options[:token_request].eql?(true)
+      end
 
-    def hash_body
-      @options[:body_hash] = OAuth::Signature.body_hash(@request, parameters: oauth_parameters)
-    end
+      def hash_body
+        @options[:body_hash] = OAuth::Signature.body_hash(@request, parameters: oauth_parameters)
+      end
 
-    def amend_user_agent_header(headers)
-      @oauth_ua_string ||= "OAuth gem v#{OAuth::VERSION}"
-      # Net::HTTP in 1.9 appends Ruby
-      if headers["User-Agent"] && headers["User-Agent"] != "Ruby"
-        headers["User-Agent"] += " (#{@oauth_ua_string})"
-      else
-        headers["User-Agent"] = @oauth_ua_string
+      def amend_user_agent_header(headers)
+        @oauth_ua_string ||= "OAuth gem v#{OAuth::Version::VERSION}"
+        # Net::HTTP in 1.9 appends Ruby
+        if headers["User-Agent"] && headers["User-Agent"] != "Ruby"
+          headers["User-Agent"] += " (#{@oauth_ua_string})"
+        else
+          headers["User-Agent"] = @oauth_ua_string
+        end
       end
-    end
 
-    def header
-      parameters = oauth_parameters
-      parameters["oauth_signature"] = signature(options.merge(parameters: parameters))
+      def header
+        parameters = oauth_parameters
+        parameters["oauth_signature"] = signature(options.merge(parameters: parameters))
 
-      header_params_str = parameters.sort.map { |k, v| "#{k}=\"#{escape(v)}\"" }.join(", ")
+        header_params_str = parameters.sort.map { |k, v| "#{k}=\"#{escape(v)}\"" }.join(", ")
 
-      realm = "realm=\"#{options[:realm]}\", " if options[:realm]
-      "OAuth #{realm}#{header_params_str}"
-    end
+        realm = "realm=\"#{options[:realm]}\", " if options[:realm]
+        "OAuth #{realm}#{header_params_str}"
+      end
 
-    def parameters
-      OAuth::RequestProxy.proxy(@request).parameters
-    end
+      def parameters
+        OAuth::RequestProxy.proxy(@request).parameters
+      end
 
-    def parameters_with_oauth
-      oauth_parameters.merge(parameters)
+      def parameters_with_oauth
+        oauth_parameters.merge(parameters)
+      end
     end
   end
 end