oauth 0.5.5 → 0.5.10
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +415 -0
- data/CODE_OF_CONDUCT.md +84 -0
- data/CONTRIBUTING.md +23 -0
- data/LICENSE +18 -17
- data/README.md +372 -0
- data/SECURITY.md +16 -0
- data/bin/oauth +2 -2
- data/lib/oauth/cli/authorize_command.rb +8 -10
- data/lib/oauth/cli/base_command.rb +9 -7
- data/lib/oauth/cli/query_command.rb +3 -3
- data/lib/oauth/cli/sign_command.rb +12 -15
- data/lib/oauth/cli.rb +19 -19
- data/lib/oauth/client/action_controller_request.rb +20 -21
- data/lib/oauth/client/em_http.rb +99 -99
- data/lib/oauth/client/helper.rb +33 -36
- data/lib/oauth/client/net_http.rb +30 -30
- data/lib/oauth/consumer.rb +90 -89
- data/lib/oauth/errors/unauthorized.rb +3 -1
- data/lib/oauth/errors.rb +3 -3
- data/lib/oauth/helper.rb +17 -13
- data/lib/oauth/oauth.rb +4 -4
- data/lib/oauth/oauth_test_helper.rb +4 -4
- data/lib/oauth/request_proxy/action_controller_request.rb +56 -53
- data/lib/oauth/request_proxy/action_dispatch_request.rb +8 -4
- data/lib/oauth/request_proxy/base.rb +136 -132
- data/lib/oauth/request_proxy/curb_request.rb +49 -43
- data/lib/oauth/request_proxy/em_http_request.rb +59 -49
- data/lib/oauth/request_proxy/jabber_request.rb +12 -9
- data/lib/oauth/request_proxy/mock_request.rb +4 -2
- data/lib/oauth/request_proxy/net_http.rb +63 -54
- data/lib/oauth/request_proxy/rack_request.rb +35 -31
- data/lib/oauth/request_proxy/rest_client_request.rb +53 -50
- data/lib/oauth/request_proxy/typhoeus_request.rb +51 -45
- data/lib/oauth/request_proxy.rb +3 -3
- data/lib/oauth/server.rb +10 -12
- data/lib/oauth/signature/base.rb +10 -9
- data/lib/oauth/signature/hmac/sha1.rb +4 -4
- data/lib/oauth/signature/hmac/sha256.rb +17 -0
- data/lib/oauth/signature/plaintext.rb +2 -2
- data/lib/oauth/signature/rsa/sha1.rb +5 -5
- data/lib/oauth/signature.rb +5 -5
- data/lib/oauth/token.rb +5 -5
- data/lib/oauth/tokens/access_token.rb +3 -3
- data/lib/oauth/tokens/consumer_token.rb +2 -2
- data/lib/oauth/tokens/request_token.rb +7 -8
- data/lib/oauth/tokens/server_token.rb +0 -1
- data/lib/oauth/version.rb +1 -1
- data/lib/oauth.rb +8 -6
- metadata +47 -99
- data/README.rdoc +0 -88
@@ -1,178 +1,182 @@
|
|
1
|
-
|
2
|
-
require 'oauth/helper'
|
1
|
+
# frozen_string_literal: true
|
3
2
|
|
4
|
-
|
5
|
-
|
6
|
-
include OAuth::Helper
|
3
|
+
require "oauth/request_proxy"
|
4
|
+
require "oauth/helper"
|
7
5
|
|
8
|
-
|
9
|
-
|
10
|
-
|
6
|
+
module OAuth
|
7
|
+
module RequestProxy
|
8
|
+
class Base
|
9
|
+
include OAuth::Helper
|
11
10
|
|
12
|
-
|
11
|
+
def self.proxies(klass)
|
12
|
+
OAuth::RequestProxy.available_proxies[klass] = self
|
13
|
+
end
|
13
14
|
|
14
|
-
|
15
|
-
@request = request
|
16
|
-
@unsigned_parameters = (options[:unsigned_parameters] || []).map {|param| param.to_s}
|
17
|
-
@options = options
|
18
|
-
end
|
15
|
+
attr_accessor :request, :options, :unsigned_parameters
|
19
16
|
|
20
|
-
|
17
|
+
def initialize(request, options = {})
|
18
|
+
@request = request
|
19
|
+
@unsigned_parameters = (options[:unsigned_parameters] || []).map(&:to_s)
|
20
|
+
@options = options
|
21
|
+
end
|
21
22
|
|
22
|
-
|
23
|
-
parameters['oauth_callback']
|
24
|
-
end
|
23
|
+
## OAuth parameters
|
25
24
|
|
26
|
-
|
27
|
-
|
28
|
-
|
25
|
+
def oauth_callback
|
26
|
+
parameters["oauth_callback"]
|
27
|
+
end
|
29
28
|
|
30
|
-
|
31
|
-
|
32
|
-
|
29
|
+
def oauth_consumer_key
|
30
|
+
parameters["oauth_consumer_key"]
|
31
|
+
end
|
33
32
|
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
end
|
33
|
+
def oauth_nonce
|
34
|
+
parameters["oauth_nonce"]
|
35
|
+
end
|
38
36
|
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
parameters['oauth_signature_method'].first
|
43
|
-
else
|
44
|
-
parameters['oauth_signature_method']
|
37
|
+
def oauth_signature
|
38
|
+
# TODO: can this be nil?
|
39
|
+
[parameters["oauth_signature"]].flatten.first || ""
|
45
40
|
end
|
46
|
-
end
|
47
41
|
|
48
|
-
|
49
|
-
|
50
|
-
|
42
|
+
def oauth_signature_method
|
43
|
+
case parameters["oauth_signature_method"]
|
44
|
+
when Array
|
45
|
+
parameters["oauth_signature_method"].first
|
46
|
+
else
|
47
|
+
parameters["oauth_signature_method"]
|
48
|
+
end
|
49
|
+
end
|
51
50
|
|
52
|
-
|
53
|
-
|
54
|
-
|
51
|
+
def oauth_timestamp
|
52
|
+
parameters["oauth_timestamp"]
|
53
|
+
end
|
55
54
|
|
56
|
-
|
57
|
-
|
58
|
-
|
55
|
+
def oauth_token
|
56
|
+
parameters["oauth_token"]
|
57
|
+
end
|
59
58
|
|
60
|
-
|
61
|
-
|
62
|
-
|
59
|
+
def oauth_verifier
|
60
|
+
parameters["oauth_verifier"]
|
61
|
+
end
|
63
62
|
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
alias_method :nonce, :oauth_nonce
|
68
|
-
alias_method :timestamp, :oauth_timestamp
|
69
|
-
alias_method :signature, :oauth_signature
|
70
|
-
alias_method :signature_method, :oauth_signature_method
|
63
|
+
def oauth_version
|
64
|
+
parameters["oauth_version"]
|
65
|
+
end
|
71
66
|
|
72
|
-
|
67
|
+
# TODO: deprecate these
|
68
|
+
alias consumer_key oauth_consumer_key
|
69
|
+
alias token oauth_token
|
70
|
+
alias nonce oauth_nonce
|
71
|
+
alias timestamp oauth_timestamp
|
72
|
+
alias signature oauth_signature
|
73
|
+
alias signature_method oauth_signature_method
|
73
74
|
|
74
|
-
|
75
|
-
raise NotImplementedError, "Must be implemented by subclasses"
|
76
|
-
end
|
75
|
+
## Parameter accessors
|
77
76
|
|
78
|
-
|
79
|
-
|
80
|
-
|
77
|
+
def parameters
|
78
|
+
raise NotImplementedError, "Must be implemented by subclasses"
|
79
|
+
end
|
81
80
|
|
82
|
-
|
83
|
-
|
84
|
-
|
81
|
+
def parameters_for_signature
|
82
|
+
parameters.reject { |k, _v| signature_and_unsigned_parameters.include?(k) }
|
83
|
+
end
|
85
84
|
|
86
|
-
|
87
|
-
|
88
|
-
|
85
|
+
def oauth_parameters
|
86
|
+
parameters.select { |k, _v| OAuth::PARAMETERS.include?(k) }.reject { |_k, v| v == "" }
|
87
|
+
end
|
89
88
|
|
90
|
-
|
91
|
-
|
92
|
-
|
89
|
+
def non_oauth_parameters
|
90
|
+
parameters.reject { |k, _v| OAuth::PARAMETERS.include?(k) }
|
91
|
+
end
|
93
92
|
|
94
|
-
|
95
|
-
|
96
|
-
|
97
|
-
"#{u.scheme.downcase}://#{u.host.downcase}#{(u.scheme.downcase == 'http' && u.port != 80) || (u.scheme.downcase == 'https' && u.port != 443) ? ":#{u.port}" : ""}#{(u.path && u.path != '') ? u.path : '/'}"
|
98
|
-
end
|
93
|
+
def signature_and_unsigned_parameters
|
94
|
+
unsigned_parameters + ["oauth_signature"]
|
95
|
+
end
|
99
96
|
|
100
|
-
|
101
|
-
|
102
|
-
|
103
|
-
|
97
|
+
# See 9.1.2 in specs
|
98
|
+
def normalized_uri
|
99
|
+
u = URI.parse(uri)
|
100
|
+
"#{u.scheme.downcase}://#{u.host.downcase}#{(u.scheme.casecmp("http").zero? && u.port != 80) || (u.scheme.casecmp("https").zero? && u.port != 443) ? ":#{u.port}" : ""}#{u.path && u.path != "" ? u.path : "/"}"
|
101
|
+
end
|
104
102
|
|
105
|
-
|
106
|
-
|
107
|
-
|
103
|
+
# See 9.1.1. in specs Normalize Request Parameters
|
104
|
+
def normalized_parameters
|
105
|
+
normalize(parameters_for_signature)
|
106
|
+
end
|
108
107
|
|
109
|
-
|
110
|
-
|
111
|
-
|
112
|
-
signature
|
113
|
-
end
|
108
|
+
def sign(options = {})
|
109
|
+
OAuth::Signature.sign(self, options)
|
110
|
+
end
|
114
111
|
|
115
|
-
|
116
|
-
|
117
|
-
|
118
|
-
|
119
|
-
|
112
|
+
def sign!(options = {})
|
113
|
+
parameters["oauth_signature"] = sign(options)
|
114
|
+
@signed = true
|
115
|
+
signature
|
116
|
+
end
|
120
117
|
|
121
|
-
|
122
|
-
|
123
|
-
|
124
|
-
|
118
|
+
# See 9.1 in specs
|
119
|
+
def signature_base_string
|
120
|
+
base = [method, normalized_uri, normalized_parameters]
|
121
|
+
base.map { |v| escape(v) }.join("&")
|
122
|
+
end
|
123
|
+
|
124
|
+
# Has this request been signed yet?
|
125
|
+
def signed?
|
126
|
+
@signed
|
127
|
+
end
|
128
|
+
|
129
|
+
# URI, including OAuth parameters
|
130
|
+
def signed_uri(with_oauth = true)
|
131
|
+
if signed?
|
132
|
+
params = if with_oauth
|
133
|
+
parameters
|
134
|
+
else
|
135
|
+
non_oauth_parameters
|
136
|
+
end
|
125
137
|
|
126
|
-
|
127
|
-
def signed_uri(with_oauth = true)
|
128
|
-
if signed?
|
129
|
-
if with_oauth
|
130
|
-
params = parameters
|
138
|
+
[uri, normalize(params)].join("?")
|
131
139
|
else
|
132
|
-
|
140
|
+
warn "This request has not yet been signed!"
|
133
141
|
end
|
134
|
-
|
135
|
-
[uri, normalize(params)] * "?"
|
136
|
-
else
|
137
|
-
STDERR.puts "This request has not yet been signed!"
|
138
142
|
end
|
139
|
-
end
|
140
143
|
|
141
|
-
|
142
|
-
|
143
|
-
|
144
|
+
# Authorization header for OAuth
|
145
|
+
def oauth_header(options = {})
|
146
|
+
header_params_str = oauth_parameters.map { |k, v| "#{k}=\"#{escape(v)}\"" }.join(", ")
|
144
147
|
|
145
|
-
|
146
|
-
|
147
|
-
|
148
|
+
realm = "realm=\"#{options[:realm]}\", " if options[:realm]
|
149
|
+
"OAuth #{realm}#{header_params_str}"
|
150
|
+
end
|
148
151
|
|
149
|
-
|
150
|
-
|
151
|
-
|
152
|
-
|
153
|
-
|
152
|
+
def query_string_blank?
|
153
|
+
if (uri = request.env["REQUEST_URI"])
|
154
|
+
uri.split("?", 2)[1].nil?
|
155
|
+
else
|
156
|
+
request.query_string.match(/\A\s*\z/)
|
157
|
+
end
|
154
158
|
end
|
155
|
-
end
|
156
159
|
|
157
|
-
|
160
|
+
protected
|
158
161
|
|
159
|
-
|
160
|
-
|
161
|
-
|
162
|
+
def header_params
|
163
|
+
%w[X-HTTP_AUTHORIZATION Authorization HTTP_AUTHORIZATION].each do |header|
|
164
|
+
next unless request.env.include?(header)
|
162
165
|
|
163
|
-
|
164
|
-
|
166
|
+
header = request.env[header]
|
167
|
+
next unless header[0, 6] == "OAuth "
|
165
168
|
|
166
|
-
|
167
|
-
|
169
|
+
# parse the header into a Hash
|
170
|
+
oauth_params = OAuth::Helper.parse_header(header)
|
168
171
|
|
169
|
-
|
170
|
-
|
172
|
+
# remove non-OAuth parameters
|
173
|
+
oauth_params.select! { |k, _v| k =~ /^oauth_/ }
|
171
174
|
|
172
|
-
|
173
|
-
|
175
|
+
return oauth_params
|
176
|
+
end
|
174
177
|
|
175
|
-
|
178
|
+
{}
|
179
|
+
end
|
176
180
|
end
|
177
181
|
end
|
178
182
|
end
|
@@ -1,55 +1,61 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
require
|
4
|
-
require
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "oauth/request_proxy/base"
|
4
|
+
require "curb"
|
5
|
+
require "uri"
|
6
|
+
require "cgi"
|
7
|
+
|
8
|
+
module OAuth
|
9
|
+
module RequestProxy
|
10
|
+
module Curl
|
11
|
+
class Easy < OAuth::RequestProxy::Base
|
12
|
+
# Proxy for signing Curl::Easy requests
|
13
|
+
# Usage example:
|
14
|
+
# oauth_params = {:consumer => oauth_consumer, :token => access_token}
|
15
|
+
# req = Curl::Easy.new(uri)
|
16
|
+
# oauth_helper = OAuth::Client::Helper.new(req, oauth_params.merge(:request_uri => uri))
|
17
|
+
# req.headers.merge!({"Authorization" => oauth_helper.header})
|
18
|
+
# req.http_get
|
19
|
+
# response = req.body_str
|
20
|
+
proxies ::Curl::Easy
|
21
|
+
|
22
|
+
def method
|
23
|
+
nil
|
24
|
+
end
|
21
25
|
|
22
|
-
|
23
|
-
|
24
|
-
|
26
|
+
def uri
|
27
|
+
options[:uri].to_s
|
28
|
+
end
|
25
29
|
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
30
|
+
def parameters
|
31
|
+
if options[:clobber_request]
|
32
|
+
options[:parameters]
|
33
|
+
else
|
34
|
+
post_parameters.merge(query_parameters).merge(options[:parameters] || {})
|
35
|
+
end
|
36
|
+
end
|
33
37
|
|
34
|
-
|
38
|
+
private
|
35
39
|
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
+
def query_parameters
|
41
|
+
query = URI.parse(request.url).query
|
42
|
+
(query ? CGI.parse(query) : {})
|
43
|
+
end
|
40
44
|
|
41
|
-
|
42
|
-
|
45
|
+
def post_parameters
|
46
|
+
post_body = {}
|
43
47
|
|
44
|
-
|
45
|
-
|
48
|
+
# Post params are only used if posting form data
|
49
|
+
if request.headers["Content-Type"] && request.headers["Content-Type"].to_s.downcase.start_with?("application/x-www-form-urlencoded")
|
46
50
|
|
47
|
-
|
48
|
-
|
49
|
-
|
51
|
+
request.post_body.split("&").each do |str|
|
52
|
+
param = str.split("=")
|
53
|
+
post_body[param[0]] = param[1]
|
54
|
+
end
|
55
|
+
end
|
56
|
+
post_body
|
50
57
|
end
|
51
58
|
end
|
52
|
-
post_body
|
53
59
|
end
|
54
60
|
end
|
55
61
|
end
|
@@ -1,66 +1,76 @@
|
|
1
|
-
|
2
|
-
# em-http also uses adddressable so there is no need to require uri.
|
3
|
-
require 'em-http'
|
4
|
-
require 'cgi'
|
5
|
-
|
6
|
-
module OAuth::RequestProxy::EventMachine
|
7
|
-
class HttpRequest < OAuth::RequestProxy::Base
|
1
|
+
# frozen_string_literal: true
|
8
2
|
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
3
|
+
require "oauth/request_proxy/base"
|
4
|
+
# em-http also uses adddressable so there is no need to require uri.
|
5
|
+
require "em-http"
|
6
|
+
require "cgi"
|
13
7
|
|
14
|
-
|
8
|
+
module OAuth
|
9
|
+
module RequestProxy
|
10
|
+
module EventMachine
|
11
|
+
class HttpRequest < OAuth::RequestProxy::Base
|
12
|
+
# A Proxy for use when you need to sign EventMachine::HttpClient instances.
|
13
|
+
# It needs to be called once the client is construct but before data is sent.
|
14
|
+
# Also see oauth/client/em-http
|
15
|
+
proxies ::EventMachine::HttpClient
|
15
16
|
|
16
|
-
|
17
|
-
request.method
|
18
|
-
end
|
17
|
+
# Request in this con
|
19
18
|
|
20
|
-
|
21
|
-
|
22
|
-
|
19
|
+
def method
|
20
|
+
request.req[:method]
|
21
|
+
end
|
23
22
|
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
else
|
28
|
-
all_parameters
|
29
|
-
end
|
30
|
-
end
|
23
|
+
def uri
|
24
|
+
request.conn.normalize.to_s
|
25
|
+
end
|
31
26
|
|
32
|
-
|
27
|
+
def parameters
|
28
|
+
if options[:clobber_request]
|
29
|
+
options[:parameters]
|
30
|
+
else
|
31
|
+
all_parameters
|
32
|
+
end
|
33
|
+
end
|
33
34
|
|
34
|
-
|
35
|
-
merged_parameters({}, post_parameters, query_parameters, options[:parameters])
|
36
|
-
end
|
35
|
+
protected
|
37
36
|
|
38
|
-
|
39
|
-
|
40
|
-
|
37
|
+
def all_parameters
|
38
|
+
merged_parameters({}, post_parameters, query_parameters, options[:parameters])
|
39
|
+
end
|
41
40
|
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
41
|
+
def query_parameters
|
42
|
+
quer = request.req[:query]
|
43
|
+
hash_quer = if quer.respond_to?(:merge)
|
44
|
+
quer
|
45
|
+
else
|
46
|
+
CGI.parse(quer.to_s)
|
47
|
+
end
|
48
|
+
CGI.parse(request.conn.query.to_s).merge(hash_quer)
|
49
|
+
end
|
51
50
|
|
52
|
-
|
53
|
-
|
54
|
-
|
55
|
-
if
|
56
|
-
|
51
|
+
def post_parameters
|
52
|
+
headers = request.req[:head] || {}
|
53
|
+
form_encoded = headers["Content-Type"].to_s.downcase.start_with?("application/x-www-form-urlencoded")
|
54
|
+
if %w[POST PUT].include?(method) && form_encoded
|
55
|
+
CGI.parse(request.normalize_body(request.req[:body]).to_s)
|
57
56
|
else
|
58
|
-
|
57
|
+
{}
|
59
58
|
end
|
60
59
|
end
|
60
|
+
|
61
|
+
def merged_parameters(params, *extra_params)
|
62
|
+
extra_params.compact.each do |params_pairs|
|
63
|
+
params_pairs.each_pair do |key, value|
|
64
|
+
if params.key?(key)
|
65
|
+
params[key.to_s] += value
|
66
|
+
else
|
67
|
+
params[key.to_s] = [value].flatten
|
68
|
+
end
|
69
|
+
end
|
70
|
+
end
|
71
|
+
params
|
72
|
+
end
|
61
73
|
end
|
62
|
-
params
|
63
74
|
end
|
64
|
-
|
65
75
|
end
|
66
76
|
end
|
@@ -1,24 +1,27 @@
|
|
1
|
-
|
2
|
-
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "xmpp4r"
|
4
|
+
require "oauth/request_proxy/base"
|
3
5
|
|
4
6
|
module OAuth
|
5
7
|
module RequestProxy
|
6
8
|
class JabberRequest < OAuth::RequestProxy::Base
|
7
|
-
proxies Jabber::Iq
|
8
|
-
proxies Jabber::Presence
|
9
|
-
proxies Jabber::Message
|
9
|
+
proxies ::Jabber::Iq
|
10
|
+
proxies ::Jabber::Presence
|
11
|
+
proxies ::Jabber::Message
|
10
12
|
|
11
13
|
def parameters
|
12
14
|
return @params if @params
|
13
15
|
|
14
16
|
@params = {}
|
15
17
|
|
16
|
-
oauth = @request.get_elements(
|
18
|
+
oauth = @request.get_elements("//oauth").first
|
17
19
|
return @params unless oauth
|
18
20
|
|
19
|
-
%w
|
20
|
-
oauth_timestamp oauth_nonce oauth_version
|
21
|
-
next unless element = oauth.first_element(param)
|
21
|
+
%w[ oauth_token oauth_consumer_key oauth_signature_method oauth_signature
|
22
|
+
oauth_timestamp oauth_nonce oauth_version ].each do |param|
|
23
|
+
next unless (element = oauth.first_element(param))
|
24
|
+
|
22
25
|
@params[param] = element.text
|
23
26
|
end
|
24
27
|
|
@@ -1,4 +1,6 @@
|
|
1
|
-
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "oauth/request_proxy/base"
|
2
4
|
|
3
5
|
module OAuth
|
4
6
|
module RequestProxy
|
@@ -18,7 +20,7 @@ module OAuth
|
|
18
20
|
# :consumer_secret => oauth_consumer_secret,
|
19
21
|
# :token_secret => oauth_token_secret,
|
20
22
|
class MockRequest < OAuth::RequestProxy::Base
|
21
|
-
proxies Hash
|
23
|
+
proxies ::Hash
|
22
24
|
|
23
25
|
def parameters
|
24
26
|
@request["parameters"]
|