oauth 0.5.14 → 1.1.6

data/lib/oauth/request_proxy.rb

@@ -1,22 +1,29 @@
+# frozen_string_literal: true
+
 module OAuth
   module RequestProxy
-    def self.available_proxies #:nodoc:
-      @available_proxies ||= {}
-    end
+    AVAILABLE_PROXIES = {}
 
-    def self.proxy(request, options = {})
-      return request if request.is_a?(OAuth::RequestProxy::Base)
+    class << self
+      def available_proxies # :nodoc:
+        AVAILABLE_PROXIES
+      end
 
-      klass = available_proxies[request.class]
+      def proxy(request, options = {})
+        return request if request.is_a?(OAuth::RequestProxy::Base)
 
-      # Search for possible superclass matches.
-      if klass.nil?
-        request_parent = available_proxies.keys.find { |rc| request.is_a?(rc) }
-        klass = available_proxies[request_parent]
-      end
+        klass = available_proxies[request.class]
 
-      raise UnknownRequestType, request.class.to_s unless klass
-      klass.new(request, options)
+        # Search for possible superclass matches.
+        if klass.nil?
+          request_parent = available_proxies.keys.find { |rc| request.is_a?(rc) }
+          klass = available_proxies[request_parent]
+        end
+
+        raise UnknownRequestType, request.class.to_s unless klass
+
+        klass.new(request, options)
+      end
     end
 
     class UnknownRequestType < RuntimeError; end

data/lib/oauth/server.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require "oauth/helper"
 require "oauth/consumer"
 
@@ -5,12 +7,13 @@ module OAuth
   # This is mainly used to create consumer credentials and can pretty much be ignored if you want to create your own
   class Server
     include OAuth::Helper
+
     attr_accessor :base_url
 
     @@server_paths = {
       request_token_path: "/oauth/request_token",
       authorize_path: "/oauth/authorize",
-      access_token_path: "/oauth/access_token"
+      access_token_path: "/oauth/access_token",
     }
 
     # Create a new server instance
@@ -30,11 +33,16 @@ module OAuth
     # mainly for testing purposes
     def create_consumer
       creds = generate_credentials
-      Consumer.new(creds[0], creds[1],
-                   site: base_url,
-                   request_token_path: request_token_path,
-                   authorize_path: authorize_path,
-                   access_token_path: access_token_path)
+      Consumer.new(
+        creds[0],
+        creds[1],
+        {
+          site: base_url,
+          request_token_path: request_token_path,
+          authorize_path: authorize_path,
+          access_token_path: access_token_path,
+        },
+      )
     end
 
     def request_token_path

data/lib/oauth/signature/base.rb

@@ -1,97 +1,113 @@
+# frozen_string_literal: true
+
 require "oauth/signature"
 require "oauth/helper"
 require "oauth/request_proxy/base"
 require "base64"
 
-module OAuth::Signature
-  class Base
-    include OAuth::Helper
+module OAuth
+  module Signature
+    # Base class for OAuth signature implementations.
+    #
+    # Includes {OAuth::AUTH_SANITIZER::FilteredAttributes} so inspect output redacts
+    # secret-bearing fields captured during signature construction.
+    class Base
+      include OAuth::Helper
+      include OAuth::AUTH_SANITIZER::FilteredAttributes
+
+      # Signature construction options.
+      #
+      # @return [Hash]
+      attr_accessor :options
+      attr_reader :token_secret, :consumer_secret, :request
+      filtered_attributes :options, :consumer_secret, :token_secret
+
+      class << self
+        def implements(signature_method = nil)
+          return OAuth::Signature.available_methods.key(self) if signature_method.nil?
+
+          OAuth::Signature.available_methods[signature_method] = self
+        end
+      end
 
-    attr_accessor :options
-    attr_reader :token_secret, :consumer_secret, :request
+      def initialize(request, options = {}, &block)
+        raise TypeError unless request.is_a?(OAuth::RequestProxy::Base)
 
-    def self.implements(signature_method = nil)
-      return @implements if signature_method.nil?
-      @implements = signature_method
-      OAuth::Signature.available_methods[@implements] = self
-    end
+        @request = request
+        @options = options
 
-    def initialize(request, options = {}, &block)
-      raise TypeError unless request.is_a?(OAuth::RequestProxy::Base)
-      @request = request
-      @options = options
+        ## consumer secret was determined beforehand
 
-      ## consumer secret was determined beforehand
+        @consumer_secret = options[:consumer].secret if options[:consumer]
 
-      @consumer_secret = options[:consumer].secret if options[:consumer]
+        # presence of :consumer_secret option will override any Consumer that's provided
+        @consumer_secret = options[:consumer_secret] if options[:consumer_secret]
 
-      # presence of :consumer_secret option will override any Consumer that's provided
-      @consumer_secret = options[:consumer_secret] if options[:consumer_secret]
+        ## token secret was determined beforehand
 
-      ## token secret was determined beforehand
+        @token_secret = options[:token].secret if options[:token]
 
-      @token_secret = options[:token].secret if options[:token]
+        # presence of :token_secret option will override any Token that's provided
+        @token_secret = options[:token_secret] if options[:token_secret]
 
-      # presence of :token_secret option will override any Token that's provided
-      @token_secret = options[:token_secret] if options[:token_secret]
-
-      # override secrets based on the values returned from the block (if any)
-      if block_given?
-        # consumer secret and token secret need to be looked up based on pieces of the request
-        secrets = yield block.arity == 1 ? request : [token, consumer_key, nonce, request.timestamp]
-        if secrets.is_a?(Array) && secrets.size == 2
-          @token_secret = secrets[0]
-          @consumer_secret = secrets[1]
+        # override secrets based on the values returned from the block (if any)
+        if block
+          # consumer secret and token secret need to be looked up based on pieces of the request
+          secrets = yield (block.arity == 1) ? request : [token, consumer_key, nonce, request.timestamp]
+          if secrets.is_a?(Array) && secrets.size == 2
+            @token_secret = secrets[0]
+            @consumer_secret = secrets[1]
+          end
         end
       end
-    end
 
-    def signature
-      Base64.encode64(digest).chomp.delete("\n")
-    end
+      def signature
+        Base64.encode64(digest).chomp.delete("\n")
+      end
 
-    def ==(cmp_signature)
-      check = signature.bytesize ^ cmp_signature.bytesize
-      signature.bytes.zip(cmp_signature.bytes) { |x, y| check |= x ^ y.to_i }
-      check.zero?
-    end
+      def ==(other)
+        check = signature.bytesize ^ other.bytesize
+        signature.bytes.zip(other.bytes) { |x, y| check |= x ^ y.to_i }
+        check.zero?
+      end
 
-    def verify
-      self == request.signature
-    end
+      def verify
+        self == request.signature
+      end
 
-    def signature_base_string
-      request.signature_base_string
-    end
+      def signature_base_string
+        request.signature_base_string
+      end
 
-    def body_hash
-      raise_instantiation_error
-    end
+      def body_hash
+        raise_instantiation_error
+      end
 
-    private
+      private
 
-    def token
-      request.token
-    end
+      def token
+        request.token
+      end
 
-    def consumer_key
-      request.consumer_key
-    end
+      def consumer_key
+        request.consumer_key
+      end
 
-    def nonce
-      request.nonce
-    end
+      def nonce
+        request.nonce
+      end
 
-    def secret
-      "#{escape(consumer_secret)}&#{escape(token_secret)}"
-    end
+      def secret
+        "#{escape(consumer_secret)}&#{escape(token_secret)}"
+      end
 
-    def digest
-      raise_instantiation_error
-    end
+      def digest
+        raise_instantiation_error
+      end
 
-    def raise_instantiation_error
-      raise NotImplementedError, "Cannot instantiate #{self.class.name} class directly."
+      def raise_instantiation_error
+        raise NotImplementedError, "Cannot instantiate #{self.class.name} class directly."
+      end
     end
   end
 end

data/lib/oauth/signature/hmac/sha1.rb

@@ -1,17 +1,23 @@
+# frozen_string_literal: true
+
 require "oauth/signature/base"
 
-module OAuth::Signature::HMAC
-  class SHA1 < OAuth::Signature::Base
-    implements "hmac-sha1"
+module OAuth
+  module Signature
+    module HMAC
+      class SHA1 < OAuth::Signature::Base
+        implements "hmac-sha1"
 
-    def body_hash
-      Base64.encode64(OpenSSL::Digest::SHA1.digest(request.body || "")).chomp.delete("\n")
-    end
+        def body_hash
+          Base64.encode64(OpenSSL::Digest.digest("SHA1", request.body || "")).chomp.delete("\n")
+        end
 
-    private
+        private
 
-    def digest
-      OpenSSL::HMAC.digest(OpenSSL::Digest.new("sha1"), secret, signature_base_string)
+        def digest
+          OpenSSL::HMAC.digest(OpenSSL::Digest.new("sha1"), secret, signature_base_string)
+        end
+      end
     end
   end
 end

data/lib/oauth/signature/hmac/sha256.rb

@@ -1,17 +1,23 @@
+# frozen_string_literal: true
+
 require "oauth/signature/base"
 
-module OAuth::Signature::HMAC
-  class SHA256 < OAuth::Signature::Base
-    implements "hmac-sha256"
+module OAuth
+  module Signature
+    module HMAC
+      class SHA256 < OAuth::Signature::Base
+        implements "hmac-sha256"
 
-    def body_hash
-      Base64.encode64(OpenSSL::Digest::SHA256.digest(request.body || "")).chomp.delete("\n")
-    end
+        def body_hash
+          Base64.encode64(OpenSSL::Digest.digest("SHA256", request.body || "")).chomp.delete("\n")
+        end
 
-    private
+        private
 
-    def digest
-      OpenSSL::HMAC.digest(OpenSSL::Digest.new("sha256"), secret, signature_base_string)
+        def digest
+          OpenSSL::HMAC.digest(OpenSSL::Digest.new("sha256"), secret, signature_base_string)
+        end
+      end
     end
   end
 end

data/lib/oauth/signature/plaintext.rb

@@ -1,29 +1,27 @@
-require "oauth/signature/base"
+# frozen_string_literal: true
 
-module OAuth::Signature
-  class PLAINTEXT < Base
-    implements "plaintext"
+require "oauth/signature/base"
 
-    def signature
-      signature_base_string
-    end
+module OAuth
+  module Signature
+    class PLAINTEXT < Base
+      implements "plaintext"
 
-    def ==(cmp_signature)
-      signature.to_s == cmp_signature.to_s
-    end
+      def signature
+        signature_base_string
+      end
 
-    def signature_base_string
-      secret
-    end
-
-    def body_hash
-      nil
-    end
+      def ==(other)
+        signature.to_s == other.to_s
+      end
 
-    private
+      def signature_base_string
+        secret
+      end
 
-    def secret
-      super
+      def body_hash
+        nil
+      end
     end
   end
 end

data/lib/oauth/signature/rsa/sha1.rb

@@ -1,50 +1,65 @@
-require "oauth/signature/base"
+# frozen_string_literal: true
 
-module OAuth::Signature::RSA
-  class SHA1 < OAuth::Signature::Base
-    implements "rsa-sha1"
+require "oauth/signature/base"
 
-    def ==(cmp_signature)
-      public_key.verify(OpenSSL::Digest::SHA1.new, Base64.decode64(cmp_signature.is_a?(Array) ? cmp_signature.first : cmp_signature), signature_base_string)
-    end
+module OAuth
+  module Signature
+    module RSA
+      class SHA1 < OAuth::Signature::Base
+        implements "rsa-sha1"
 
-    def public_key
-      if consumer_secret.is_a?(String)
-        decode_public_key
-      elsif consumer_secret.is_a?(OpenSSL::X509::Certificate)
-        consumer_secret.public_key
-      else
-        consumer_secret
-      end
-    end
+        def ==(other)
+          decoded = Base64.decode64(other.is_a?(Array) ? other.first : other)
+          public_key.verify(OpenSSL::Digest.new("SHA1"), decoded, signature_base_string)
+        end
 
-    def body_hash
-      Base64.encode64(OpenSSL::Digest::SHA1.digest(request.body || "")).chomp.delete("\n")
-    end
+        def public_key
+          case consumer_secret
+          when String
+            decode_public_key
+          when OpenSSL::X509::Certificate
+            consumer_secret.public_key
+          else
+            consumer_secret
+          end
+        end
 
-    private
+        def body_hash
+          # Use SHA1 body hash with compatibility across OpenSSL versions
+          data = request.body || ""
+          begin
+            digest_bytes = OpenSSL::Digest.digest("SHA1", data)
+          rescue StandardError
+            digest_bytes = ::Digest::SHA1.digest(data)
+          end
+          Base64.encode64(digest_bytes).chomp.delete("\n")
+        end
 
-    def decode_public_key
-      case consumer_secret
-      when /-----BEGIN CERTIFICATE-----/
-        OpenSSL::X509::Certificate.new(consumer_secret).public_key
-      else
-        OpenSSL::PKey::RSA.new(consumer_secret)
-      end
-    end
+        private
 
-    def digest
-      private_key = OpenSSL::PKey::RSA.new(
-        if options[:private_key_file]
-          IO.read(options[:private_key_file])
-        elsif options[:private_key]
-          options[:private_key]
-        else
-          consumer_secret
+        def decode_public_key
+          case consumer_secret
+          when /-----BEGIN CERTIFICATE-----/
+            OpenSSL::X509::Certificate.new(consumer_secret).public_key
+          else
+            OpenSSL::PKey::RSA.new(consumer_secret)
+          end
         end
-      )
 
-      private_key.sign(OpenSSL::Digest::SHA1.new, signature_base_string)
+        def digest
+          private_key = OpenSSL::PKey::RSA.new(
+            if options[:private_key_file]
+              File.read(options[:private_key_file])
+            elsif options[:private_key]
+              options[:private_key]
+            else
+              consumer_secret
+            end,
+          )
+
+          private_key.sign(OpenSSL::Digest.new("SHA1"), signature_base_string)
+        end
+      end
     end
   end
 end

data/lib/oauth/signature.rb

@@ -1,43 +1,50 @@
+# frozen_string_literal: true
+
 module OAuth
   module Signature
-    # Returns a list of available signature methods
-    def self.available_methods
-      @available_methods ||= {}
-    end
+    AVAILABLE_METHODS = {}
 
-    # Build a signature from a +request+.
-    #
-    # Raises UnknownSignatureMethod exception if the signature method is unknown.
-    def self.build(request, options = {}, &block)
-      request = OAuth::RequestProxy.proxy(request, options)
-      klass = available_methods[
-        (request.signature_method ||
-        ((c = request.options[:consumer]) && c.options[:signature_method]) ||
-        "").downcase]
-      raise UnknownSignatureMethod, request.signature_method unless klass
-      klass.new(request, options, &block)
-    end
+    class << self
+      # Returns a list of available signature methods
+      def available_methods
+        AVAILABLE_METHODS
+      end
 
-    # Sign a +request+
-    def self.sign(request, options = {}, &block)
-      build(request, options, &block).signature
-    end
+      # Build a signature from a +request+.
+      #
+      # Raises UnknownSignatureMethod exception if the signature method is unknown.
+      def build(request, options = {}, &block)
+        request = OAuth::RequestProxy.proxy(request, options)
+        klass = available_methods[
+          (request.signature_method ||
+          ((c = request.options[:consumer]) && c.options[:signature_method]) ||
+          "").downcase]
+        raise UnknownSignatureMethod, request.signature_method unless klass
 
-    # Verify the signature of +request+
-    def self.verify(request, options = {}, &block)
-      build(request, options, &block).verify
-    end
+        klass.new(request, options, &block)
+      end
 
-    # Create the signature base string for +request+. This string is the normalized parameter information.
-    #
-    # See Also: {OAuth core spec version 1.0, section 9.1.1}[http://oauth.net/core/1.0#rfc.section.9.1.1]
-    def self.signature_base_string(request, options = {}, &block)
-      build(request, options, &block).signature_base_string
-    end
+      # Sign a +request+
+      def sign(request, options = {}, &block)
+        build(request, options, &block).signature
+      end
+
+      # Verify the signature of +request+
+      def verify(request, options = {}, &block)
+        build(request, options, &block).verify
+      end
+
+      # Create the signature base string for +request+. This string is the normalized parameter information.
+      #
+      # See Also: {OAuth core spec version 1.0, section 9.1.1}[http://oauth.net/core/1.0#rfc.section.9.1.1]
+      def signature_base_string(request, options = {}, &block)
+        build(request, options, &block).signature_base_string
+      end
 
-    # Create the body hash for a request
-    def self.body_hash(request, options = {}, &block)
-      build(request, options, &block).body_hash
+      # Create the body hash for a request
+      def body_hash(request, options = {}, &block)
+        build(request, options, &block).body_hash
+      end
     end
 
     class UnknownSignatureMethod < RuntimeError; end

data/lib/oauth/token.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # this exists for backwards-compatibility
 
 require "oauth/tokens/token"

data/lib/oauth/tokens/access_token.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module OAuth
   # The Access Token is used for the actual "real" web service calls that you perform against the server
   class AccessToken < ConsumerToken
@@ -6,7 +8,7 @@ module OAuth
     def request(http_method, path, *arguments)
       request_uri = URI.parse(path)
       site_uri = consumer.uri
-      is_service_uri_different = (request_uri.absolute? && request_uri != site_uri)
+      is_service_uri_different = request_uri.absolute? && request_uri != site_uri
       begin
         consumer.uri(request_uri) if is_service_uri_different
         @response = super(http_method, path, *arguments)

data/lib/oauth/tokens/consumer_token.rb

@@ -1,19 +1,23 @@
+# frozen_string_literal: true
+
 module OAuth
   # Superclass for tokens used by OAuth Clients
   class ConsumerToken < Token
     attr_accessor :consumer, :params
-    attr_reader   :response
+    attr_reader :response
 
-    def self.from_hash(consumer, hash)
-      token = new(consumer, hash[:oauth_token], hash[:oauth_token_secret])
-      token.params = hash
-      token
+    class << self
+      def from_hash(consumer, hash)
+        token = new(consumer, hash[:oauth_token], hash[:oauth_token_secret])
+        token.params = hash
+        token
+      end
     end
 
     def initialize(consumer, token = "", secret = "")
       super(token, secret)
       @consumer = consumer
-      @params   = {}
+      @params = {}
     end
 
     # Make a signed request using given http_method to the path

data/lib/oauth/tokens/request_token.rb

@@ -1,17 +1,19 @@
+# frozen_string_literal: true
+
 module OAuth
   # The RequestToken is used for the initial Request.
   # This is normally created by the Consumer object.
   class RequestToken < ConsumerToken
     # Generate an authorization URL for user authorization
     def authorize_url(params = nil)
-      return nil if token.nil?
+      return if token.nil?
 
       params = (params || {}).merge(oauth_token: token)
       build_url(consumer.authorize_url, params)
     end
 
     def authenticate_url(params = nil)
-      return nil if token.nil?
+      return if token.nil?
 
       params = (params || {}).merge(oauth_token: token)
       build_url(consumer.authenticate_url, params)
@@ -23,7 +25,13 @@ module OAuth
 
     # exchange for AccessToken on server
     def get_access_token(options = {}, *arguments)
-      response = consumer.token_request(consumer.http_method, (consumer.access_token_url? ? consumer.access_token_url : consumer.access_token_path), self, options, *arguments)
+      response = consumer.token_request(
+        consumer.http_method,
+        (consumer.access_token_url? ? consumer.access_token_url : consumer.access_token_path),
+        self,
+        options,
+        *arguments,
+      )
       OAuth::AccessToken.from_hash(consumer, response)
     end
 
@@ -33,7 +41,7 @@ module OAuth
     def build_url(base_url, params)
       uri = URI.parse(base_url.to_s)
       queries = {}
-      queries = Hash[URI.decode_www_form(uri.query)] if uri.query
+      queries = URI.decode_www_form(uri.query).to_h if uri.query
       # TODO: doesn't handle array values correctly
       queries.merge!(params) if params
       uri.query = URI.encode_www_form(queries) unless queries.empty?