oauth 0.5.4 → 0.5.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 5bc9d7d87cd97024d39e6cd354fd2dc1ae44f4d1
-  data.tar.gz: d3992c9bb4d3142d2a7d4e70f76836fbe1b94b56
+SHA256:
+  metadata.gz: 9bd785e08f2a318da373f07b79fe6583ed3e8c26bcc92c5e1513ee615ea0f037
+  data.tar.gz: 3e9f81feb37166f4fec398d20e8b4de882b6e1e2304f893c033b920ab737616a
 SHA512:
-  metadata.gz: 2e5602e42f41ed1312cddd17ce4ef9473fcac93152e64c16e6e30c151171e15702394e74534657e2b67b6b51f20767b698e877a707a144cf5d904445074e8ce9
-  data.tar.gz: fc164eae28c093eb3e777e469d70bf2527cd058c6772b304866fbdd7df686048307e65ad4c9c786db75035153e34b21755af7a1eecc094227c40f2dee388d0d2
+  metadata.gz: 6bc060045ecb7ca1c47263f4bab7fde62c3a173ccf7ea6e1dacc5ac4e814ecea88e4b2f594f6bd2a7d80f9393e1295b1a5cbc85f3eb74c35cbb348da6f32cfe6
+  data.tar.gz: c96c9abd68f71cca8d33db21e3d68f1c7fe98898dba924fd440bf882280d99d39beb7a0751be913bb0f18872875ca8098792733f1717ff8d127156a99a69f039

data/README.rdoc

@@ -2,7 +2,7 @@
 
 == Status
 
-{<img src="https://travis-ci.org/oauth-xx/oauth-ruby.svg?branch=master" alt="Build Status" />}[https://travis-ci.org/oauth-xx/oauth-ruby]
+{<img src="https://travis-ci.org/oauth-xx/oauth-ruby.svg?branch=master" alt="Build Status" />}[https://travis-ci.com/github/oauth-xx/oauth-ruby]
 
 
 
@@ -28,26 +28,28 @@ As a matter of fact it has been pulled out from an OAuth Rails GEM (https://ruby
 
 We need to specify the oauth_callback url explicitly, otherwise it defaults to "oob" (Out of Band)
 
-  @callback_url = "http://127.0.0.1:3000/oauth/callback"
+  callback_url = "http://127.0.0.1:3000/oauth/callback"
 
-Create a new consumer instance by passing it a configuration hash:
+Create a new `OAuth::Consumer` instance by passing it a configuration hash:
 
-  @consumer = OAuth::Consumer.new("key","secret", :site => "https://agree2")
+  oauth_consumer = OAuth::Consumer.new("key", "secret", :site => "https://agree2")
 
 Start the process by requesting a token
 
-  @request_token = @consumer.get_request_token(:oauth_callback => @callback_url)
+  request_token = oauth_consumer.get_request_token(:oauth_callback => callback_url)
 
   session[:token] = request_token.token
   session[:token_secret] = request_token.secret
-  redirect_to @request_token.authorize_url(:oauth_callback => @callback_url)
+  redirect_to request_token.authorize_url(:oauth_callback => callback_url)
 
 When user returns create an access_token
 
   hash = { oauth_token: session[:token], oauth_token_secret: session[:token_secret]}
-  request_token  = OAuth::RequestToken.from_hash(@consumer, hash)
-  @access_token = @request_token.get_access_token
-  @photos = @access_token.get('/photos.xml')
+  request_token  = OAuth::RequestToken.from_hash(oauth_consumer, hash)
+  access_token = request_token.get_access_token
+  # For 3-legged authorization, flow oauth_verifier is passed as param in callback
+  # access_token = request_token.get_access_token(oauth_verifier: params[:oauth_verifier])
+  @photos = access_token.get('/photos.xml')
 
 Now that you have an access token, you can use Typhoeus to interact with the OAuth provider if you choose.
 

data/lib/oauth.rb

@@ -7,5 +7,6 @@ require 'oauth/oauth'
 
 require 'oauth/client/helper'
 require 'oauth/signature/hmac/sha1'
+require 'oauth/signature/hmac/sha256'
 require 'oauth/signature/rsa/sha1'
 require 'oauth/request_proxy/mock_request'

data/lib/oauth/client/helper.rb

@@ -27,7 +27,7 @@ module OAuth::Client
     end
 
     def oauth_parameters
-      {
+      out = {
         'oauth_body_hash'        => options[:body_hash],
         'oauth_callback'         => options[:oauth_callback],
         'oauth_consumer_key'     => options[:consumer].key,
@@ -38,7 +38,13 @@ module OAuth::Client
         'oauth_verifier'         => options[:oauth_verifier],
         'oauth_version'          => (options[:oauth_version] || '1.0'),
         'oauth_session_handle'   => options[:oauth_session_handle]
-      }.reject { |k,v| v.to_s == "" }
+      }
+      allowed_empty_params = options[:allow_empty_params]
+      if allowed_empty_params != true && !allowed_empty_params.kind_of?(Array)
+        allowed_empty_params = allowed_empty_params == false ? [] : [allowed_empty_params]
+      end
+      out.select! { |k,v| v.to_s != '' || allowed_empty_params == true || allowed_empty_params.include?(k) }
+      out
     end
 
     def signature(extra_options = {})

data/lib/oauth/consumer.rb

@@ -8,11 +8,21 @@ require 'cgi'
 module OAuth
   class Consumer
     # determine the certificate authority path to verify SSL certs
-    CA_FILES = %W(#{ENV['SSL_CERT_FILE']} /etc/ssl/certs/ca-certificates.crt /etc/pki/tls/certs/ca-bundle.crt /usr/share/curl/curl-ca-bundle.crt)
-    CA_FILES.each do |ca_file|
-      if File.exist?(ca_file)
-        CA_FILE = ca_file
-        break
+    if ENV['SSL_CERT_FILE']
+      if File.exist?(ENV['SSL_CERT_FILE'])
+        CA_FILE = ENV['SSL_CERT_FILE']
+      else
+        raise "The SSL CERT provided does not exist."
+      end
+    end
+
+    if !defined?(CA_FILE)
+      CA_FILES = %W(/etc/ssl/certs/ca-certificates.crt /etc/pki/tls/certs/ca-bundle.crt /usr/share/curl/curl-ca-bundle.crt)
+      CA_FILES.each do |ca_file|
+        if File.exist?(ca_file)
+          CA_FILE = ca_file
+          break
+        end
       end
     end
     CA_FILE = nil unless defined?(CA_FILE)
@@ -23,6 +33,7 @@ module OAuth
 
       # default paths on site. These are the same as the defaults set up by the generators
       :request_token_path => '/oauth/request_token',
+      :authenticate_path  => '/oauth/authenticate',
       :authorize_path     => '/oauth/authorize',
       :access_token_path  => '/oauth/access_token',
 
@@ -230,7 +241,14 @@ module OAuth
       when (300..399)
         # this is a redirect
         uri = URI.parse(response['location'])
-        response.error! if uri.path == path # careful of those infinite redirects
+        our_uri = URI.parse(site)
+
+        if uri.path == path && our_uri.host != uri.host
+            options[:site] = "#{uri.scheme}://#{uri.host}"
+            @http = create_http
+        end
+
+        response.error! if uri.path == path && our_uri.host == uri.host # careful of those infinite redirects
         self.token_request(http_method, uri.path, token, request_options, arguments)
       when (400..499)
         raise OAuth::Unauthorized, response
@@ -266,6 +284,10 @@ module OAuth
       @options[:request_token_path]
     end
 
+    def authenticate_path
+      @options[:authenticate_path]
+    end
+
     def authorize_path
       @options[:authorize_path]
     end
@@ -283,6 +305,14 @@ module OAuth
       @options.has_key?(:request_token_url)
     end
 
+    def authenticate_url
+      @options[:authenticate_url] || site + authenticate_path
+    end
+
+    def authenticate_url?
+      @options.has_key?(:authenticate_url)
+    end
+
     def authorize_url
       @options[:authorize_url] || site + authorize_path
     end
@@ -330,15 +360,18 @@ module OAuth
 
       http_object.use_ssl = (our_uri.scheme == 'https')
 
-      if @options[:ca_file] || CA_FILE
-        http_object.ca_file = @options[:ca_file] || CA_FILE
+      if @options[:no_verify]
+        http_object.verify_mode = OpenSSL::SSL::VERIFY_NONE
+      else
+        ca_file =  @options[:ca_file] || CA_FILE
+        if ca_file
+          http_object.ca_file = ca_file
+        end
         http_object.verify_mode = OpenSSL::SSL::VERIFY_PEER
         http_object.verify_depth = 5
-      else
-        http_object.verify_mode = OpenSSL::SSL::VERIFY_NONE
       end
 
-      http_object.read_timeout = http_object.open_timeout = @options[:timeout] || 30
+      http_object.read_timeout = http_object.open_timeout = @options[:timeout] || 60
       http_object.open_timeout = @options[:open_timeout] if @options[:open_timeout]
       http_object.ssl_version = @options[:ssl_version] if @options[:ssl_version]
       http_object.set_debug_output(debug_output) if debug_output

data/lib/oauth/request_proxy/action_controller_request.rb

@@ -60,7 +60,7 @@ module OAuth::RequestProxy
         params << header_params.to_query
         params << request.query_string unless query_string_blank?
 
-        if request.post? && request.content_type.to_s.downcase.start_with?("application/x-www-form-urlencoded")
+        if raw_post_signature?
           params << request.raw_post
         end
       end
@@ -72,6 +72,10 @@ module OAuth::RequestProxy
         reject { |kv| kv[0] == 'oauth_signature'}
     end
 
+    def raw_post_signature?
+      (request.post? || request.put?) && request.content_type.to_s.downcase.start_with?("application/x-www-form-urlencoded")
+    end
+
   protected
 
     def query_params

data/lib/oauth/signature/hmac/sha256.rb

@@ -0,0 +1,17 @@
+require 'oauth/signature/base'
+
+module OAuth::Signature::HMAC
+  class SHA256 < OAuth::Signature::Base
+    implements 'hmac-sha256'
+
+    def body_hash
+      Base64.encode64(OpenSSL::Digest::SHA256.digest(request.body || '')).chomp.gsub(/\n/,'')
+    end
+
+    private
+
+    def digest
+      OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha256'), secret, signature_base_string)
+    end
+  end
+end

data/lib/oauth/tokens/request_token.rb

@@ -8,7 +8,14 @@ module OAuth
       return nil if self.token.nil?
 
       params = (params || {}).merge(:oauth_token => self.token)
-      build_authorize_url(consumer.authorize_url, params)
+      build_url(consumer.authorize_url, params)
+    end
+
+    def authenticate_url(params = nil)
+      return nil if self.token.nil?
+
+      params = (params || {}).merge(:oauth_token => self.token)
+      build_url(consumer.authenticate_url, params)
     end
 
     def callback_confirmed?
@@ -23,8 +30,8 @@ module OAuth
 
   protected
 
-    # construct an authorization url
-    def build_authorize_url(base_url, params)
+    # construct an authorization or authentication url
+    def build_url(base_url, params)
       uri = URI.parse(base_url.to_s)
       queries = {}
       queries = Hash[URI.decode_www_form(uri.query)] if uri.query

data/lib/oauth/version.rb

@@ -1,3 +1,3 @@
 module OAuth
-  VERSION = "0.5.4"
+  VERSION = "0.5.6"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: oauth
 version: !ruby/object:Gem::Version
-  version: 0.5.4
+  version: 0.5.6
 platform: ruby
 authors:
 - Pelle Braendgaard
@@ -15,7 +15,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-12-08 00:00:00.000000000 Z
+date: 2021-04-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
@@ -122,6 +122,9 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 0.9.12
+    - - "<="
+      - !ruby/object:Gem::Version
+        version: 1.1.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -129,6 +132,9 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 0.9.12
+    - - "<="
+      - !ruby/object:Gem::Version
+        version: 1.1.0
 - !ruby/object:Gem::Dependency
   name: typhoeus
   requirement: !ruby/object:Gem::Requirement
@@ -278,6 +284,7 @@ files:
 - lib/oauth/signature.rb
 - lib/oauth/signature/base.rb
 - lib/oauth/signature/hmac/sha1.rb
+- lib/oauth/signature/hmac/sha256.rb
 - lib/oauth/signature/plaintext.rb
 - lib/oauth/signature/rsa/sha1.rb
 - lib/oauth/token.rb
@@ -287,10 +294,15 @@ files:
 - lib/oauth/tokens/server_token.rb
 - lib/oauth/tokens/token.rb
 - lib/oauth/version.rb
-homepage: 
+homepage: https://github.com/oauth-xx/oauth-ruby
 licenses:
 - MIT
-metadata: {}
+metadata:
+  bug_tracker_uri: https://github.com/oauth-xx/oauth-ruby/issues
+  changelog_uri: https://github.com/oauth-xx/oauth-ruby/blob/master/HISTORY
+  documentation_uri: https://rdoc.info/github/oauth-xx/oauth-ruby/master/frames
+  homepage_uri: https://github.com/oauth-xx/oauth-ruby
+  source_code_uri: https://github.com/oauth-xx/oauth-ruby
 post_install_message: 
 rdoc_options: []
 require_paths:
@@ -306,8 +318,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.2.2
+rubygems_version: 3.0.3
 signing_key: 
 specification_version: 4
 summary: OAuth Core Ruby implementation