oauth 0.5.6 → 1.1.0

data/lib/oauth/client.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module OAuth
   module Client
   end

data/lib/oauth/consumer.rb

@@ -1,23 +1,26 @@
-require 'net/http'
-require 'net/https'
-require 'oauth/oauth'
-require 'oauth/client/net_http'
-require 'oauth/errors'
-require 'cgi'
+# frozen_string_literal: true
+
+require "net/http"
+require "net/https"
+require "oauth/oauth"
+require "oauth/client/net_http"
+require "oauth/errors"
+require "cgi"
 
 module OAuth
   class Consumer
     # determine the certificate authority path to verify SSL certs
-    if ENV['SSL_CERT_FILE']
-      if File.exist?(ENV['SSL_CERT_FILE'])
-        CA_FILE = ENV['SSL_CERT_FILE']
+    if ENV["SSL_CERT_FILE"]
+      if File.exist?(ENV["SSL_CERT_FILE"])
+        CA_FILE = ENV["SSL_CERT_FILE"]
       else
         raise "The SSL CERT provided does not exist."
       end
     end
 
-    if !defined?(CA_FILE)
-      CA_FILES = %W(/etc/ssl/certs/ca-certificates.crt /etc/pki/tls/certs/ca-bundle.crt /usr/share/curl/curl-ca-bundle.crt)
+    unless defined?(CA_FILE)
+      CA_FILES = %w[/etc/ssl/certs/ca-certificates.crt /etc/pki/tls/certs/ca-bundle.crt
+                    /usr/share/curl/curl-ca-bundle.crt].freeze
       CA_FILES.each do |ca_file|
         if File.exist?(ca_file)
           CA_FILE = ca_file
@@ -27,42 +30,49 @@ module OAuth
     end
     CA_FILE = nil unless defined?(CA_FILE)
 
-    @@default_options = {
-      # Signature method used by server. Defaults to HMAC-SHA1
-      :signature_method   => 'HMAC-SHA1',
-
-      # default paths on site. These are the same as the defaults set up by the generators
-      :request_token_path => '/oauth/request_token',
-      :authenticate_path  => '/oauth/authenticate',
-      :authorize_path     => '/oauth/authorize',
-      :access_token_path  => '/oauth/access_token',
-
-      :proxy              => nil,
-      # How do we send the oauth values to the server see
-      # http://oauth.net/core/1.0/#consumer_req_param for more info
-      #
-      # Possible values:
-      #
-      #   :header - via the Authorize header (Default) ( option 1. in spec)
-      #   :body - url form encoded in body of POST request ( option 2. in spec)
-      #   :query_string - via the query part of the url ( option 3. in spec)
-      :scheme        => :header,
-
-      # Default http method used for OAuth Token Requests (defaults to :post)
-      :http_method   => :post,
-
-      # Add a custom ca_file for consumer
-      # :ca_file       => '/etc/certs.pem'
-
-      # Possible values:
-      #
-      # nil, false - no debug output
-      # true - uses $stdout
-      # some_value - uses some_value
-      :debug_output => nil,
-
-      :oauth_version => "1.0"
-    }
+    @@default_options = SnakyHash::SymbolKeyed.new(
+      {
+        # Signature method used by server. Defaults to HMAC-SHA1
+        signature_method: "HMAC-SHA1",
+
+        # default paths on site. These are the same as the defaults set up by the generators
+        request_token_path: "/oauth/request_token",
+        authenticate_path: "/oauth/authenticate",
+        authorize_path: "/oauth/authorize",
+        access_token_path: "/oauth/access_token",
+
+        proxy: nil,
+        # How do we send the oauth values to the server see
+        # https://oauth.net/core/1.0/#consumer_req_param for more info
+        #
+        # Possible values:
+        #
+        #   :header - via the Authorize header (Default) ( option 1. in spec)
+        #   :body - url form encoded in body of POST request ( option 2. in spec)
+        #   :query_string - via the query part of the url ( option 3. in spec)
+        scheme: :header,
+
+        # Default http method used for OAuth Token Requests (defaults to :post)
+        http_method: :post,
+
+        # Add a custom ca_file for consumer
+        # :ca_file       => '/etc/certs.pem'
+
+        # Possible values:
+        #
+        # nil, false - no debug output
+        # true - uses $stdout
+        # some_value - uses some_value
+        debug_output: nil,
+
+        # Defaults to producing a body_hash as part of the signature but
+        # can be disabled since it's not officially part of the OAuth 1.0
+        # spec. Possible values are true and false
+        body_hash_enabled: true,
+
+        oauth_version: "1.0"
+      }
+    )
 
     attr_accessor :options, :key, :secret
     attr_writer   :site, :http
@@ -75,7 +85,8 @@ module OAuth
     #     :http_method        => :post,
     #     :request_token_path => "/oauth/example/request_token.php",
     #     :access_token_path  => "/oauth/example/access_token.php",
-    #     :authorize_path     => "/oauth/example/authorize.php"
+    #     :authorize_path     => "/oauth/example/authorize.php",
+    #     :body_hash_enabled  => false
     #    })
     #
     # Start the process by requesting a token
@@ -94,10 +105,8 @@ module OAuth
       @secret = consumer_secret
 
       # ensure that keys are symbols
-      @options = @@default_options.merge(options.inject({}) do |opts, (key, value)|
-        opts[key.to_sym] = value
-        opts
-      end)
+      snaky_options = SnakyHash::SymbolKeyed.new(options)
+      @options = @@default_options.merge(snaky_options)
     end
 
     # The default http method
@@ -106,15 +115,13 @@ module OAuth
     end
 
     def debug_output
-      @debug_output ||= begin
-        case @options[:debug_output]
-        when nil, false
-        when true
-          $stdout
-        else
-          @options[:debug_output]
-        end
-      end
+      @debug_output ||= case @options[:debug_output]
+                        when nil, false
+                        when true
+                          $stdout
+                        else
+                          @options[:debug_output]
+                        end
     end
 
     # The HTTP object for the site. The HTTP Object is what you get when you do Net::HTTP.new
@@ -127,13 +134,14 @@ module OAuth
       if custom_uri
         @uri  = custom_uri
         @http = create_http # yike, oh well. less intrusive this way
-      else  # if no custom passed, we use existing, which, if unset, is set to site uri
+      else # if no custom passed, we use existing, which, if unset, is set to site uri
         @uri ||= URI.parse(site)
       end
     end
 
     def get_access_token(request_token, request_options = {}, *arguments, &block)
-      response = token_request(http_method, (access_token_url? ? access_token_url : access_token_path), request_token, request_options, *arguments, &block)
+      response = token_request(http_method, (access_token_url? ? access_token_url : access_token_path), request_token,
+                               request_options, *arguments, &block)
       OAuth::AccessToken.from_hash(self, response)
     end
 
@@ -156,15 +164,19 @@ module OAuth
       # will be exchanged out of band
       request_options[:oauth_callback] ||= OAuth::OUT_OF_BAND unless request_options[:exclude_callback]
 
-      if block_given?
-        response = token_request(http_method,
-        (request_token_url? ? request_token_url : request_token_path),
-        nil,
-        request_options,
-        *arguments, &block)
-      else
-        response = token_request(http_method, (request_token_url? ? request_token_url : request_token_path), nil, request_options, *arguments)
-      end
+      response = if block
+                   token_request(
+                     http_method,
+                     (request_token_url? ? request_token_url : request_token_path),
+                     nil,
+                     request_options,
+                     *arguments,
+                     &block
+                   )
+                 else
+                   token_request(http_method, (request_token_url? ? request_token_url : request_token_path), nil,
+                                 request_options, *arguments)
+                 end
       OAuth::RequestToken.from_hash(self, response)
     end
 
@@ -179,7 +191,7 @@ module OAuth
     #   @consumer.request(:post, '/people', @token, {}, @person.to_xml, { 'Content-Type' => 'application/xml' })
     #
     def request(http_method, path, token = nil, request_options = {}, *arguments)
-      if path !~ /^\//
+      unless %r{^/}.match?(path)
         @http = create_http(path)
         _uri = URI.parse(path)
         path = "#{_uri.path}#{_uri.query ? "?#{_uri.query}" : ""}"
@@ -187,18 +199,19 @@ module OAuth
 
       # override the request with your own, this is useful for file uploads which Net::HTTP does not do
       req = create_signed_request(http_method, path, token, request_options, *arguments)
-      return nil if block_given? and yield(req) == :done
+      return nil if block_given? && (yield(req) == :done)
+
       rsp = http.request(req)
       # check for an error reported by the Problem Reporting extension
-      # (http://wiki.oauth.net/ProblemReporting)
+      # (https://wiki.oauth.net/ProblemReporting)
       # note: a 200 may actually be an error; check for an oauth_problem key to be sure
       if !(headers = rsp.to_hash["www-authenticate"]).nil? &&
-        (h = headers.select { |hdr| hdr =~ /^OAuth / }).any? &&
-        h.first =~ /oauth_problem/
+         (h = headers.grep(/^OAuth /)).any? &&
+         h.first.include?("oauth_problem")
 
         # puts "Header: #{h.first}"
 
-        # TODO doesn't handle broken responses from api.login.yahoo.com
+        # TODO: doesn't handle broken responses from api.login.yahoo.com
         # remove debug code when done
         params = OAuth::Helper.parse_header(h.first)
 
@@ -232,24 +245,25 @@ module OAuth
           # symbolize keys
           # TODO this could be considered unexpected behavior; symbols or not?
           # TODO this also drops subsequent values from multi-valued keys
-          CGI.parse(response.body).inject({}) do |h,(k,v)|
+          CGI.parse(response.body).each_with_object({}) do |(k, v), h|
             h[k.strip.to_sym] = v.first
             h[k.strip]        = v.first
-            h
           end
         end
       when (300..399)
-        # this is a redirect
-        uri = URI.parse(response['location'])
+        # Parse redirect to follow
+        uri = URI.parse(response["location"])
         our_uri = URI.parse(site)
 
+        # Guard against infinite redirects
+        response.error! if uri.path == path && our_uri.host == uri.host
+
         if uri.path == path && our_uri.host != uri.host
-            options[:site] = "#{uri.scheme}://#{uri.host}"
-            @http = create_http
+          options[:site] = "#{uri.scheme}://#{uri.host}"
+          @http = create_http
         end
 
-        response.error! if uri.path == path && our_uri.host == uri.host # careful of those infinite redirects
-        self.token_request(http_method, uri.path, token, request_options, arguments)
+        token_request(http_method, uri.path, token, request_options, arguments)
       when (400..499)
         raise OAuth::Unauthorized, response
       else
@@ -273,6 +287,7 @@ module OAuth
 
     def request_endpoint
       return nil if @options[:request_endpoint].nil?
+
       @options[:request_endpoint].to_s
     end
 
@@ -296,37 +311,37 @@ module OAuth
       @options[:access_token_path]
     end
 
-    # TODO this is ugly, rewrite
+    # TODO: this is ugly, rewrite
     def request_token_url
-      @options[:request_token_url] || site + request_token_path
+      @options[:request_token_url] || (site + request_token_path)
     end
 
     def request_token_url?
-      @options.has_key?(:request_token_url)
+      @options.key?(:request_token_url)
     end
 
     def authenticate_url
-      @options[:authenticate_url] || site + authenticate_path
+      @options[:authenticate_url] || (site + authenticate_path)
     end
 
     def authenticate_url?
-      @options.has_key?(:authenticate_url)
+      @options.key?(:authenticate_url)
     end
 
     def authorize_url
-      @options[:authorize_url] || site + authorize_path
+      @options[:authorize_url] || (site + authorize_path)
     end
 
     def authorize_url?
-      @options.has_key?(:authorize_url)
+      @options.key?(:authorize_url)
     end
 
     def access_token_url
-      @options[:access_token_url] || site + access_token_path
+      @options[:access_token_url] || (site + access_token_path)
     end
 
     def access_token_url?
-      @options.has_key?(:access_token_url)
+      @options.key?(:access_token_url)
     end
 
     def proxy
@@ -337,36 +352,36 @@ module OAuth
 
     # Instantiates the http object
     def create_http(_url = nil)
-
-
-      if !request_endpoint.nil?
-       _url = request_endpoint
-      end
-
-
-      if _url.nil? || _url[0] =~ /^\//
-        our_uri = URI.parse(site)
-      else
-        our_uri = URI.parse(_url)
-      end
-
+      _url = request_endpoint unless request_endpoint.nil?
+
+      our_uri = if _url.nil? || _url[0] =~ %r{^/}
+                  URI.parse(site)
+                else
+                  your_uri = URI.parse(_url)
+                  if your_uri.host.nil?
+                    # If the _url is a path, missing the leading slash, then it won't have a host,
+                    # and our_uri *must* have a host, so we parse site instead.
+                    URI.parse(site)
+                  else
+                    your_uri
+                  end
+                end
 
       if proxy.nil?
         http_object = Net::HTTP.new(our_uri.host, our_uri.port)
       else
         proxy_uri = proxy.is_a?(URI) ? proxy : URI.parse(proxy)
-        http_object = Net::HTTP.new(our_uri.host, our_uri.port, proxy_uri.host, proxy_uri.port, proxy_uri.user, proxy_uri.password)
+        http_object = Net::HTTP.new(our_uri.host, our_uri.port, proxy_uri.host, proxy_uri.port, proxy_uri.user,
+                                    proxy_uri.password)
       end
 
-      http_object.use_ssl = (our_uri.scheme == 'https')
+      http_object.use_ssl = (our_uri.scheme == "https")
 
       if @options[:no_verify]
         http_object.verify_mode = OpenSSL::SSL::VERIFY_NONE
       else
-        ca_file =  @options[:ca_file] || CA_FILE
-        if ca_file
-          http_object.ca_file = ca_file
-        end
+        ca_file = @options[:ca_file] || CA_FILE
+        http_object.ca_file = ca_file if ca_file
         http_object.verify_mode = OpenSSL::SSL::VERIFY_PEER
         http_object.verify_depth = 5
       end
@@ -374,6 +389,8 @@ module OAuth
       http_object.read_timeout = http_object.open_timeout = @options[:timeout] || 60
       http_object.open_timeout = @options[:open_timeout] if @options[:open_timeout]
       http_object.ssl_version = @options[:ssl_version] if @options[:ssl_version]
+      http_object.cert = @options[:ssl_client_cert] if @options[:ssl_client_cert]
+      http_object.key = @options[:ssl_client_key] if @options[:ssl_client_key]
       http_object.set_debug_output(debug_output) if debug_output
 
       http_object
@@ -383,41 +400,39 @@ module OAuth
     def create_http_request(http_method, path, *arguments)
       http_method = http_method.to_sym
 
-      if [:post, :put, :patch].include?(http_method)
-        data = arguments.shift
-      end
+      data = arguments.shift if %i[post put patch].include?(http_method)
 
       # if the base site contains a path, add it now
       # only add if the site host matches the current http object's host
       # (in case we've specified a full url for token requests)
-      uri  = URI.parse(site)
-      path = uri.path + path if uri.path && uri.path != '/' && uri.host == http.address
+      uri = URI.parse(site)
+      path = uri.path + path if uri.path && uri.path != "/" && uri.host == http.address
 
       headers = arguments.first.is_a?(Hash) ? arguments.shift : {}
 
       case http_method
       when :post
-        request = Net::HTTP::Post.new(path,headers)
-        request["Content-Length"] = '0' # Default to 0
+        request = Net::HTTP::Post.new(path, headers)
+        request["Content-Length"] = "0" # Default to 0
       when :put
-        request = Net::HTTP::Put.new(path,headers)
-        request["Content-Length"] = '0' # Default to 0
+        request = Net::HTTP::Put.new(path, headers)
+        request["Content-Length"] = "0" # Default to 0
       when :patch
-        request = Net::HTTP::Patch.new(path,headers)
-        request["Content-Length"] = '0' # Default to 0
+        request = Net::HTTP::Patch.new(path, headers)
+        request["Content-Length"] = "0" # Default to 0
       when :get
-        request = Net::HTTP::Get.new(path,headers)
+        request = Net::HTTP::Get.new(path, headers)
       when :delete
-        request =  Net::HTTP::Delete.new(path,headers)
+        request = Net::HTTP::Delete.new(path, headers)
       when :head
-        request = Net::HTTP::Head.new(path,headers)
+        request = Net::HTTP::Head.new(path, headers)
       else
-        raise ArgumentError, "Don't know how to handle http_method: :#{http_method.to_s}"
+        raise ArgumentError, "Don't know how to handle http_method: :#{http_method}"
       end
 
       if data.is_a?(Hash)
         request.body = OAuth::Helper.normalize(data)
-        request.content_type = 'application/x-www-form-urlencoded'
+        request.content_type = "application/x-www-form-urlencoded"
       elsif data
         if data.respond_to?(:read)
           request.body_stream = data
@@ -437,13 +452,12 @@ module OAuth
       request
     end
 
-    def marshal_dump(*args)
-      {:key => @key, :secret => @secret, :options => @options}
+    def marshal_dump(*_args)
+      { key: @key, secret: @secret, options: @options }
     end
 
     def marshal_load(data)
       initialize(data[:key], data[:secret], data[:options])
     end
-
   end
 end

data/lib/oauth/errors/error.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module OAuth
   class Error < StandardError
   end

data/lib/oauth/errors/problem.rb

@@ -1,6 +1,9 @@
+# frozen_string_literal: true
+
 module OAuth
   class Problem < OAuth::Unauthorized
     attr_reader :problem, :params
+
     def initialize(problem, request = nil, params = {})
       super(request)
       @problem = problem

data/lib/oauth/errors/unauthorized.rb

@@ -1,12 +1,18 @@
+# frozen_string_literal: true
+
 module OAuth
   class Unauthorized < OAuth::Error
     attr_reader :request
+
     def initialize(request = nil)
+      super()
       @request = request
     end
 
     def to_s
-      [request.code, request.message] * " "
+      return "401 Unauthorized" if request.nil?
+
+      "#{request.code} #{request.message}"
     end
   end
 end

data/lib/oauth/errors.rb

@@ -1,3 +1,5 @@
-require 'oauth/errors/error'
-require 'oauth/errors/unauthorized'
-require 'oauth/errors/problem'
+# frozen_string_literal: true
+
+require "oauth/errors/error"
+require "oauth/errors/unauthorized"
+require "oauth/errors/problem"

data/lib/oauth/helper.rb

@@ -1,9 +1,12 @@
-require 'openssl'
-require 'base64'
+# frozen_string_literal: true
+
+require "time"
+require "openssl"
+require "base64"
 
 module OAuth
   module Helper
-    extend self
+    module_function
 
     # Escape +value+ by URL encoding all non-reserved character.
     #
@@ -19,18 +22,18 @@ module OAuth
     end
 
     def unescape(value)
-      URI::DEFAULT_PARSER.unescape(value.gsub('+', '%2B'))
+      URI::DEFAULT_PARSER.unescape(value.gsub("+", "%2B"))
     end
 
     # Generate a random key of up to +size+ bytes. The value returned is Base64 encoded with non-word
     # characters removed.
-    def generate_key(size=32)
-      Base64.encode64(OpenSSL::Random.random_bytes(size)).gsub(/\W/, '')
+    def generate_key(size = 32)
+      Base64.encode64(OpenSSL::Random.random_bytes(size)).gsub(/\W/, "")
     end
 
-    alias_method :generate_nonce, :generate_key
+    alias generate_nonce generate_key
 
-    def generate_timestamp #:nodoc:
+    def generate_timestamp # :nodoc:
       Time.now.to_i.to_s
     end
 
@@ -43,22 +46,27 @@ module OAuth
     # See Also: {OAuth core spec version 1.0, section 9.1.1}[http://oauth.net/core/1.0#rfc.section.9.1.1]
     def normalize(params)
       params.sort.map do |k, values|
-        if values.is_a?(Array)
+        case values
+        when Array
           # make sure the array has an element so we don't lose the key
           values << nil if values.empty?
           # multiple values were provided for a single key
-          values.sort.collect do |v|
-            [escape(k),escape(v)] * "="
+          if values[0].is_a?(Hash)
+            normalize_nested_query(values, k)
+          else
+            values.sort.collect do |v|
+              [escape(k), escape(v)].join("=")
+            end
           end
-        elsif values.is_a?(Hash)
+        when Hash
           normalize_nested_query(values, k)
         else
-          [escape(k),escape(values)] * "="
+          [escape(k), escape(values)].join("=")
         end
       end * "&"
     end
 
-    #Returns a string representation of the Hash like in URL query string
+    # Returns a string representation of the Hash like in URL query string
     # build_nested_query({:level_1 => {:level_2 => ['value_1','value_2']}}, 'prefix'))
     #   #=> ["prefix%5Blevel_1%5D%5Blevel_2%5D%5B%5D=value_1", "prefix%5Blevel_1%5D%5Blevel_2%5D%5B%5D=value_2"]
     def normalize_nested_query(value, prefix = nil)
@@ -72,7 +80,7 @@ module OAuth
           normalize_nested_query(v, prefix ? "#{prefix}[#{k}]" : k)
         end.flatten.sort
       else
-        [escape(prefix), escape(value)] * "="
+        [escape(prefix), escape(value)].join("=")
       end
     end
 
@@ -86,16 +94,16 @@ module OAuth
     #
     def parse_header(header)
       # decompose
-      params = header[6,header.length].split(/[,=&]/)
+      params = header[6, header.length].split(/[,=&]/)
 
       # odd number of arguments - must be a malformed header.
-      raise OAuth::Problem.new("Invalid authorization header") if params.size % 2 != 0
+      raise OAuth::Problem, "Invalid authorization header" if params.size.odd?
 
       params.map! do |v|
         # strip and unescape
         val = unescape(v.strip)
         # strip quotes
-        val.sub(/^\"(.*)\"$/, '\1')
+        val.sub(/^"(.*)"$/, '\1')
       end
 
       # convert into a Hash

data/lib/oauth/oauth.rb

@@ -1,13 +1,15 @@
+# frozen_string_literal: true
+
 module OAuth
   # request tokens are passed between the consumer and the provider out of
   # band (i.e. callbacks cannot be used), per section 6.1.1
   OUT_OF_BAND = "oob"
 
   # required parameters, per sections 6.1.1, 6.3.1, and 7
-  PARAMETERS = %w(oauth_callback oauth_consumer_key oauth_token
-    oauth_signature_method oauth_timestamp oauth_nonce oauth_verifier
-    oauth_version oauth_signature oauth_body_hash)
+  PARAMETERS = %w[oauth_callback oauth_consumer_key oauth_token
+                  oauth_signature_method oauth_timestamp oauth_nonce oauth_verifier
+                  oauth_version oauth_signature oauth_body_hash].freeze
 
   # reserved character regexp, per section 5.1
-  RESERVED_CHARACTERS = /[^a-zA-Z0-9\-\.\_\~]/
+  RESERVED_CHARACTERS = /[^a-zA-Z0-9\-._~]/.freeze
 end