oauth 0.5.6 → 0.6.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +478 -0
- data/CODE_OF_CONDUCT.md +84 -0
- data/CONTRIBUTING.md +23 -0
- data/LICENSE +18 -17
- data/README.md +383 -0
- data/SECURITY.md +20 -0
- data/bin/oauth +10 -6
- data/lib/oauth/cli/authorize_command.rb +57 -55
- data/lib/oauth/cli/base_command.rb +163 -157
- data/lib/oauth/cli/help_command.rb +9 -5
- data/lib/oauth/cli/query_command.rb +26 -17
- data/lib/oauth/cli/sign_command.rb +58 -55
- data/lib/oauth/cli/version_command.rb +8 -4
- data/lib/oauth/cli.rb +21 -19
- data/lib/oauth/client/action_controller_request.rb +23 -21
- data/lib/oauth/client/em_http.rb +101 -99
- data/lib/oauth/client/helper.rb +83 -82
- data/lib/oauth/client/net_http.rb +112 -105
- data/lib/oauth/client.rb +2 -0
- data/lib/oauth/consumer.rb +157 -135
- data/lib/oauth/errors/error.rb +2 -0
- data/lib/oauth/errors/problem.rb +3 -0
- data/lib/oauth/errors/unauthorized.rb +7 -1
- data/lib/oauth/errors.rb +5 -3
- data/lib/oauth/helper.rb +26 -18
- data/lib/oauth/oauth.rb +6 -4
- data/lib/oauth/oauth_test_helper.rb +6 -4
- data/lib/oauth/request_proxy/action_controller_request.rb +56 -57
- data/lib/oauth/request_proxy/action_dispatch_request.rb +8 -4
- data/lib/oauth/request_proxy/base.rb +136 -132
- data/lib/oauth/request_proxy/curb_request.rb +49 -43
- data/lib/oauth/request_proxy/em_http_request.rb +59 -49
- data/lib/oauth/request_proxy/jabber_request.rb +12 -9
- data/lib/oauth/request_proxy/mock_request.rb +5 -3
- data/lib/oauth/request_proxy/net_http.rb +63 -54
- data/lib/oauth/request_proxy/rack_request.rb +35 -31
- data/lib/oauth/request_proxy/rest_client_request.rb +54 -50
- data/lib/oauth/request_proxy/typhoeus_request.rb +51 -45
- data/lib/oauth/request_proxy.rb +7 -4
- data/lib/oauth/server.rb +14 -12
- data/lib/oauth/signature/base.rb +80 -71
- data/lib/oauth/signature/hmac/sha1.rb +16 -10
- data/lib/oauth/signature/hmac/sha256.rb +16 -10
- data/lib/oauth/signature/plaintext.rb +18 -20
- data/lib/oauth/signature/rsa/sha1.rb +46 -38
- data/lib/oauth/signature.rb +8 -5
- data/lib/oauth/token.rb +7 -5
- data/lib/oauth/tokens/access_token.rb +5 -3
- data/lib/oauth/tokens/consumer_token.rb +4 -2
- data/lib/oauth/tokens/request_token.rb +12 -10
- data/lib/oauth/tokens/server_token.rb +2 -1
- data/lib/oauth/tokens/token.rb +2 -0
- data/lib/oauth/version.rb +5 -1
- data/lib/oauth.rb +17 -9
- metadata +94 -98
- data/README.rdoc +0 -88
@@ -1,121 +1,128 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "oauth/helper"
|
4
|
+
require "oauth/request_proxy/net_http"
|
5
|
+
|
6
|
+
module Net
|
7
|
+
class HTTPGenericRequest
|
8
|
+
include OAuth::Helper
|
9
|
+
|
10
|
+
attr_reader :oauth_helper
|
11
|
+
|
12
|
+
# Add the OAuth information to an HTTP request. Depending on the <tt>options[:scheme]</tt> setting
|
13
|
+
# this may add a header, additional query string parameters, or additional POST body parameters.
|
14
|
+
# The default scheme is +header+, in which the OAuth parameters as put into the +Authorization+
|
15
|
+
# header.
|
16
|
+
#
|
17
|
+
# * http - Configured Net::HTTP instance
|
18
|
+
# * consumer - OAuth::Consumer instance
|
19
|
+
# * token - OAuth::Token instance
|
20
|
+
# * options - Request-specific options (e.g. +request_uri+, +consumer+, +token+, +scheme+,
|
21
|
+
# +signature_method+, +nonce+, +timestamp+, +body_hash+)
|
22
|
+
#
|
23
|
+
# This method also modifies the <tt>User-Agent</tt> header to add the OAuth gem version.
|
24
|
+
#
|
25
|
+
# See Also: {OAuth core spec version 1.0, section 5.4.1}[http://oauth.net/core/1.0#rfc.section.5.4.1],
|
26
|
+
# {OAuth Request Body Hash 1.0 Draft 4}[http://oauth.googlecode.com/svn/spec/ext/body_hash/1.0/drafts/4/spec.html,
|
27
|
+
# http://oauth.googlecode.com/svn/spec/ext/body_hash/1.0/oauth-bodyhash.html#when_to_include]
|
28
|
+
def oauth!(http, consumer = nil, token = nil, options = {})
|
29
|
+
helper_options = oauth_helper_options(http, consumer, token, options)
|
30
|
+
@oauth_helper = OAuth::Client::Helper.new(self, helper_options)
|
31
|
+
@oauth_helper.amend_user_agent_header(self)
|
32
|
+
@oauth_helper.hash_body if oauth_body_hash_required?(helper_options)
|
33
|
+
send("set_oauth_#{helper_options[:scheme]}")
|
34
|
+
end
|
32
35
|
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
|
36
|
+
# Create a string suitable for signing for an HTTP request. This process involves parameter
|
37
|
+
# normalization as specified in the OAuth specification. The exact normalization also depends
|
38
|
+
# on the <tt>options[:scheme]</tt> being used so this must match what will be used for the request
|
39
|
+
# itself. The default scheme is +header+, in which the OAuth parameters as put into the +Authorization+
|
40
|
+
# header.
|
41
|
+
#
|
42
|
+
# * http - Configured Net::HTTP instance
|
43
|
+
# * consumer - OAuth::Consumer instance
|
44
|
+
# * token - OAuth::Token instance
|
45
|
+
# * options - Request-specific options (e.g. +request_uri+, +consumer+, +token+, +scheme+,
|
46
|
+
# +signature_method+, +nonce+, +timestamp+)
|
47
|
+
#
|
48
|
+
# See Also: {OAuth core spec version 1.0, section 5.4.1}[http://oauth.net/core/1.0#rfc.section.5.4.1],
|
49
|
+
# {OAuth Request Body Hash 1.0 Draft 4}[http://oauth.googlecode.com/svn/spec/ext/body_hash/1.0/drafts/4/spec.html,
|
50
|
+
# http://oauth.googlecode.com/svn/spec/ext/body_hash/1.0/oauth-bodyhash.html#when_to_include]
|
51
|
+
def signature_base_string(http, consumer = nil, token = nil, options = {})
|
52
|
+
helper_options = oauth_helper_options(http, consumer, token, options)
|
53
|
+
@oauth_helper = OAuth::Client::Helper.new(self, helper_options)
|
54
|
+
@oauth_helper.hash_body if oauth_body_hash_required?(helper_options)
|
55
|
+
@oauth_helper.signature_base_string
|
56
|
+
end
|
54
57
|
|
55
|
-
private
|
58
|
+
private
|
59
|
+
|
60
|
+
def oauth_helper_options(http, consumer, token, options)
|
61
|
+
{ request_uri: oauth_full_request_uri(http, options),
|
62
|
+
consumer: consumer,
|
63
|
+
token: token,
|
64
|
+
scheme: "header",
|
65
|
+
signature_method: nil,
|
66
|
+
nonce: nil,
|
67
|
+
timestamp: nil,
|
68
|
+
body_hash_enabled: true }.merge(options)
|
69
|
+
end
|
56
70
|
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
:scheme => 'header',
|
62
|
-
:signature_method => nil,
|
63
|
-
:nonce => nil,
|
64
|
-
:timestamp => nil }.merge(options)
|
65
|
-
end
|
71
|
+
def oauth_full_request_uri(http, options)
|
72
|
+
uri = URI.parse(path)
|
73
|
+
uri.host = http.address
|
74
|
+
uri.port = http.port
|
66
75
|
|
67
|
-
|
68
|
-
|
69
|
-
|
70
|
-
|
76
|
+
if options[:request_endpoint] && options[:site]
|
77
|
+
is_https = options[:site].match(%r{^https://})
|
78
|
+
uri.host = options[:site].gsub(%r{^https?://}, "")
|
79
|
+
uri.port ||= is_https ? 443 : 80
|
80
|
+
end
|
71
81
|
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
|
82
|
+
uri.scheme = if http.respond_to?(:use_ssl?) && http.use_ssl?
|
83
|
+
"https"
|
84
|
+
else
|
85
|
+
"http"
|
86
|
+
end
|
87
|
+
|
88
|
+
uri.to_s
|
76
89
|
end
|
77
90
|
|
78
|
-
|
79
|
-
|
80
|
-
else
|
81
|
-
uri.scheme = "http"
|
91
|
+
def oauth_body_hash_required?(options)
|
92
|
+
!@oauth_helper.token_request? && request_body_permitted? && !content_type.to_s.downcase.start_with?("application/x-www-form-urlencoded") && options[:body_hash_enabled]
|
82
93
|
end
|
83
94
|
|
84
|
-
|
85
|
-
|
95
|
+
def set_oauth_header
|
96
|
+
self["Authorization"] = @oauth_helper.header
|
97
|
+
end
|
86
98
|
|
87
|
-
|
88
|
-
|
89
|
-
|
99
|
+
# FIXME: if you're using a POST body and query string parameters, this method
|
100
|
+
# will move query string parameters into the body unexpectedly. This may
|
101
|
+
# cause problems with non-x-www-form-urlencoded bodies submitted to URLs
|
102
|
+
# containing query string params. If duplicate parameters are present in both
|
103
|
+
# places, all instances should be included when calculating the signature
|
104
|
+
# base string.
|
105
|
+
|
106
|
+
def set_oauth_body
|
107
|
+
# NOTE: OAuth::Helper and @oauth_helper are not the same, despite sharing all methods defined in OAuth::Helper
|
108
|
+
# see: https://stackoverflow.com/a/53447775/213191
|
109
|
+
set_form_data(OAuth::Helper.stringify_keys(@oauth_helper.parameters_with_oauth))
|
110
|
+
params_with_sig = @oauth_helper.parameters.merge(oauth_signature: @oauth_helper.signature)
|
111
|
+
set_form_data(OAuth::Helper.stringify_keys(params_with_sig))
|
112
|
+
end
|
90
113
|
|
91
|
-
|
92
|
-
|
93
|
-
|
114
|
+
def set_oauth_query_string
|
115
|
+
oauth_params_str = @oauth_helper.oauth_parameters.map { |k, v| [escape(k), escape(v)].join("=") }.join("&")
|
116
|
+
uri = URI.parse(path)
|
117
|
+
uri.query = if uri.query.to_s == ""
|
118
|
+
oauth_params_str
|
119
|
+
else
|
120
|
+
"#{uri.query}&#{oauth_params_str}"
|
121
|
+
end
|
94
122
|
|
95
|
-
|
96
|
-
# will move query string parameters into the body unexpectedly. This may
|
97
|
-
# cause problems with non-x-www-form-urlencoded bodies submitted to URLs
|
98
|
-
# containing query string params. If duplicate parameters are present in both
|
99
|
-
# places, all instances should be included when calculating the signature
|
100
|
-
# base string.
|
101
|
-
|
102
|
-
def set_oauth_body
|
103
|
-
self.set_form_data(@oauth_helper.stringify_keys(@oauth_helper.parameters_with_oauth))
|
104
|
-
params_with_sig = @oauth_helper.parameters.merge(:oauth_signature => @oauth_helper.signature)
|
105
|
-
self.set_form_data(@oauth_helper.stringify_keys(params_with_sig))
|
106
|
-
end
|
123
|
+
@path = uri.to_s
|
107
124
|
|
108
|
-
|
109
|
-
oauth_params_str = @oauth_helper.oauth_parameters.map { |k,v| [escape(k), escape(v)] * "=" }.join("&")
|
110
|
-
uri = URI.parse(path)
|
111
|
-
if uri.query.to_s == ""
|
112
|
-
uri.query = oauth_params_str
|
113
|
-
else
|
114
|
-
uri.query = uri.query + "&" + oauth_params_str
|
125
|
+
@path << "&oauth_signature=#{escape(oauth_helper.signature)}"
|
115
126
|
end
|
116
|
-
|
117
|
-
@path = uri.to_s
|
118
|
-
|
119
|
-
@path << "&oauth_signature=#{escape(oauth_helper.signature)}"
|
120
127
|
end
|
121
128
|
end
|