oauth 0.5.6 → 1.1.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (57) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +504 -0
  3. data/CODE_OF_CONDUCT.md +84 -0
  4. data/CONTRIBUTING.md +40 -0
  5. data/LICENSE +19 -17
  6. data/README.md +390 -0
  7. data/SECURITY.md +26 -0
  8. data/lib/oauth/client/action_controller_request.rb +23 -21
  9. data/lib/oauth/client/em_http.rb +99 -99
  10. data/lib/oauth/client/helper.rb +83 -82
  11. data/lib/oauth/client/net_http.rb +112 -105
  12. data/lib/oauth/client.rb +2 -0
  13. data/lib/oauth/consumer.rb +147 -133
  14. data/lib/oauth/errors/error.rb +2 -0
  15. data/lib/oauth/errors/problem.rb +3 -0
  16. data/lib/oauth/errors/unauthorized.rb +7 -1
  17. data/lib/oauth/errors.rb +5 -3
  18. data/lib/oauth/helper.rb +26 -18
  19. data/lib/oauth/oauth.rb +6 -4
  20. data/lib/oauth/oauth_test_helper.rb +6 -4
  21. data/lib/oauth/request_proxy/action_controller_request.rb +49 -71
  22. data/lib/oauth/request_proxy/action_dispatch_request.rb +8 -4
  23. data/lib/oauth/request_proxy/base.rb +136 -132
  24. data/lib/oauth/request_proxy/curb_request.rb +49 -43
  25. data/lib/oauth/request_proxy/em_http_request.rb +59 -49
  26. data/lib/oauth/request_proxy/jabber_request.rb +12 -9
  27. data/lib/oauth/request_proxy/mock_request.rb +5 -3
  28. data/lib/oauth/request_proxy/net_http.rb +61 -54
  29. data/lib/oauth/request_proxy/rack_request.rb +35 -31
  30. data/lib/oauth/request_proxy/rest_client_request.rb +54 -50
  31. data/lib/oauth/request_proxy/typhoeus_request.rb +51 -45
  32. data/lib/oauth/request_proxy.rb +7 -4
  33. data/lib/oauth/server.rb +14 -12
  34. data/lib/oauth/signature/base.rb +78 -71
  35. data/lib/oauth/signature/hmac/sha1.rb +16 -10
  36. data/lib/oauth/signature/hmac/sha256.rb +16 -10
  37. data/lib/oauth/signature/plaintext.rb +18 -20
  38. data/lib/oauth/signature/rsa/sha1.rb +46 -38
  39. data/lib/oauth/signature.rb +8 -5
  40. data/lib/oauth/token.rb +7 -5
  41. data/lib/oauth/tokens/access_token.rb +5 -3
  42. data/lib/oauth/tokens/consumer_token.rb +4 -2
  43. data/lib/oauth/tokens/request_token.rb +12 -10
  44. data/lib/oauth/tokens/server_token.rb +2 -1
  45. data/lib/oauth/tokens/token.rb +2 -0
  46. data/lib/oauth/version.rb +5 -1
  47. data/lib/oauth.rb +17 -9
  48. metadata +105 -98
  49. data/README.rdoc +0 -88
  50. data/bin/oauth +0 -11
  51. data/lib/oauth/cli/authorize_command.rb +0 -71
  52. data/lib/oauth/cli/base_command.rb +0 -208
  53. data/lib/oauth/cli/help_command.rb +0 -22
  54. data/lib/oauth/cli/query_command.rb +0 -25
  55. data/lib/oauth/cli/sign_command.rb +0 -81
  56. data/lib/oauth/cli/version_command.rb +0 -7
  57. data/lib/oauth/cli.rb +0 -56
@@ -1,66 +1,76 @@
1
- require 'oauth/request_proxy/base'
2
- # em-http also uses adddressable so there is no need to require uri.
3
- require 'em-http'
4
- require 'cgi'
5
-
6
- module OAuth::RequestProxy::EventMachine
7
- class HttpRequest < OAuth::RequestProxy::Base
1
+ # frozen_string_literal: true
8
2
 
9
- # A Proxy for use when you need to sign EventMachine::HttpClient instances.
10
- # It needs to be called once the client is construct but before data is sent.
11
- # Also see oauth/client/em-http
12
- proxies ::EventMachine::HttpClient
3
+ require "oauth/request_proxy/base"
4
+ # em-http also uses adddressable so there is no need to require uri.
5
+ require "em-http"
6
+ require "cgi"
13
7
 
14
- # Request in this con
8
+ module OAuth
9
+ module RequestProxy
10
+ module EventMachine
11
+ class HttpRequest < OAuth::RequestProxy::Base
12
+ # A Proxy for use when you need to sign EventMachine::HttpClient instances.
13
+ # It needs to be called once the client is construct but before data is sent.
14
+ # Also see oauth/client/em-http
15
+ proxies ::EventMachine::HttpClient
15
16
 
16
- def method
17
- request.method
18
- end
17
+ # Request in this con
19
18
 
20
- def uri
21
- request.normalize_uri.to_s
22
- end
19
+ def method
20
+ request.req[:method]
21
+ end
23
22
 
24
- def parameters
25
- if options[:clobber_request]
26
- options[:parameters]
27
- else
28
- all_parameters
29
- end
30
- end
23
+ def uri
24
+ request.conn.normalize.to_s
25
+ end
31
26
 
32
- protected
27
+ def parameters
28
+ if options[:clobber_request]
29
+ options[:parameters]
30
+ else
31
+ all_parameters
32
+ end
33
+ end
33
34
 
34
- def all_parameters
35
- merged_parameters({}, post_parameters, query_parameters, options[:parameters])
36
- end
35
+ protected
37
36
 
38
- def query_parameters
39
- CGI.parse(request.normalize_uri.query.to_s)
40
- end
37
+ def all_parameters
38
+ merged_parameters({}, post_parameters, query_parameters, options[:parameters])
39
+ end
41
40
 
42
- def post_parameters
43
- headers = request.options[:head] || {}
44
- form_encoded = headers['Content-Type'].to_s.downcase.start_with?("application/x-www-form-urlencoded")
45
- if ['POST', 'PUT'].include?(method) && form_encoded
46
- CGI.parse(request.normalize_body.to_s)
47
- else
48
- {}
49
- end
50
- end
41
+ def query_parameters
42
+ quer = request.req[:query]
43
+ hash_quer = if quer.respond_to?(:merge)
44
+ quer
45
+ else
46
+ CGI.parse(quer.to_s)
47
+ end
48
+ CGI.parse(request.conn.query.to_s).merge(hash_quer)
49
+ end
51
50
 
52
- def merged_parameters(params, *extra_params)
53
- extra_params.compact.each do |params_pairs|
54
- params_pairs.each_pair do |key, value|
55
- if params.has_key?(key)
56
- params[key] += value
51
+ def post_parameters
52
+ headers = request.req[:head] || {}
53
+ form_encoded = headers["Content-Type"].to_s.downcase.start_with?("application/x-www-form-urlencoded")
54
+ if %w[POST PUT].include?(method) && form_encoded
55
+ CGI.parse(request.normalize_body(request.req[:body]).to_s)
57
56
  else
58
- params[key] = [value].flatten
57
+ {}
59
58
  end
60
59
  end
60
+
61
+ def merged_parameters(params, *extra_params)
62
+ extra_params.compact.each do |params_pairs|
63
+ params_pairs.each_pair do |key, value|
64
+ if params.key?(key)
65
+ params[key.to_s] += value
66
+ else
67
+ params[key.to_s] = [value].flatten
68
+ end
69
+ end
70
+ end
71
+ params
72
+ end
61
73
  end
62
- params
63
74
  end
64
-
65
75
  end
66
76
  end
@@ -1,24 +1,27 @@
1
- require 'xmpp4r'
2
- require 'oauth/request_proxy/base'
1
+ # frozen_string_literal: true
2
+
3
+ require "xmpp4r"
4
+ require "oauth/request_proxy/base"
3
5
 
4
6
  module OAuth
5
7
  module RequestProxy
6
8
  class JabberRequest < OAuth::RequestProxy::Base
7
- proxies Jabber::Iq
8
- proxies Jabber::Presence
9
- proxies Jabber::Message
9
+ proxies ::Jabber::Iq
10
+ proxies ::Jabber::Presence
11
+ proxies ::Jabber::Message
10
12
 
11
13
  def parameters
12
14
  return @params if @params
13
15
 
14
16
  @params = {}
15
17
 
16
- oauth = @request.get_elements('//oauth').first
18
+ oauth = @request.get_elements("//oauth").first
17
19
  return @params unless oauth
18
20
 
19
- %w( oauth_token oauth_consumer_key oauth_signature_method oauth_signature
20
- oauth_timestamp oauth_nonce oauth_version ).each do |param|
21
- next unless element = oauth.first_element(param)
21
+ %w[ oauth_token oauth_consumer_key oauth_signature_method oauth_signature
22
+ oauth_timestamp oauth_nonce oauth_version ].each do |param|
23
+ next unless (element = oauth.first_element(param))
24
+
22
25
  @params[param] = element.text
23
26
  end
24
27
 
@@ -1,4 +1,6 @@
1
- require 'oauth/request_proxy/base'
1
+ # frozen_string_literal: true
2
+
3
+ require "oauth/request_proxy/base"
2
4
 
3
5
  module OAuth
4
6
  module RequestProxy
@@ -18,7 +20,7 @@ module OAuth
18
20
  # :consumer_secret => oauth_consumer_secret,
19
21
  # :token_secret => oauth_token_secret,
20
22
  class MockRequest < OAuth::RequestProxy::Base
21
- proxies Hash
23
+ proxies ::Hash
22
24
 
23
25
  def parameters
24
26
  @request["parameters"]
@@ -30,7 +32,7 @@ module OAuth
30
32
 
31
33
  def normalized_uri
32
34
  super
33
- rescue
35
+ rescue StandardError
34
36
  # if this is a non-standard URI, it may not parse properly
35
37
  # in that case, assume that it's already been normalized
36
38
  uri
@@ -1,72 +1,79 @@
1
- require 'oauth/request_proxy/base'
2
- require 'net/http'
3
- require 'uri'
4
- require 'cgi'
1
+ # frozen_string_literal: true
5
2
 
6
- module OAuth::RequestProxy::Net
7
- module HTTP
8
- class HTTPRequest < OAuth::RequestProxy::Base
9
- proxies ::Net::HTTPGenericRequest
3
+ require "oauth/request_proxy/base"
4
+ require "net/http"
5
+ require "uri"
6
+ require "cgi"
10
7
 
11
- def method
12
- request.method
13
- end
8
+ module OAuth
9
+ module RequestProxy
10
+ module Net
11
+ module HTTP
12
+ class HTTPRequest < OAuth::RequestProxy::Base
13
+ proxies ::Net::HTTPGenericRequest
14
14
 
15
- def uri
16
- options[:uri].to_s
17
- end
15
+ def method
16
+ request.method
17
+ end
18
18
 
19
- def parameters
20
- if options[:clobber_request]
21
- options[:parameters]
22
- else
23
- all_parameters
24
- end
25
- end
19
+ def uri
20
+ options[:uri].to_s
21
+ end
26
22
 
27
- def body
28
- request.body
29
- end
23
+ def parameters
24
+ if options[:clobber_request]
25
+ options[:parameters]
26
+ else
27
+ all_parameters
28
+ end
29
+ end
30
30
 
31
- private
31
+ def body
32
+ request.body
33
+ end
32
34
 
33
- def all_parameters
34
- request_params = CGI.parse(query_string)
35
- # request_params.each{|k,v| request_params[k] = [nil] if v == []}
35
+ private
36
36
 
37
- if options[:parameters]
38
- options[:parameters].each do |k,v|
39
- if request_params.has_key?(k) && v
40
- request_params[k] << v
41
- else
42
- request_params[k] = [v]
37
+ def all_parameters
38
+ request_params = CGI.parse(query_string)
39
+ # request_params.each{|k,v| request_params[k] = [nil] if v == []}
40
+
41
+ options[:parameters]&.each do |k, v|
42
+ if request_params.key?(k) && v
43
+ request_params[k] << v
44
+ else
45
+ request_params[k] = [v]
46
+ end
43
47
  end
48
+ request_params
44
49
  end
45
- end
46
- request_params
47
- end
48
50
 
49
- def query_string
50
- params = [ query_params, auth_header_params ]
51
- params << post_params if (method.to_s.upcase == 'POST' || method.to_s.upcase == 'PUT') && form_url_encoded?
52
- params.compact.join('&')
53
- end
51
+ def query_string
52
+ params = [query_params, auth_header_params]
53
+ if (method.to_s.casecmp("POST").zero? || method.to_s.casecmp("PUT").zero?) && form_url_encoded?
54
+ params << post_params
55
+ end
56
+ params.compact.join("&")
57
+ end
54
58
 
55
- def form_url_encoded?
56
- request['Content-Type'] != nil && request['Content-Type'].to_s.downcase.start_with?('application/x-www-form-urlencoded')
57
- end
59
+ def form_url_encoded?
60
+ !request["Content-Type"].nil? && request["Content-Type"].to_s.downcase.start_with?("application/x-www-form-urlencoded")
61
+ end
58
62
 
59
- def query_params
60
- URI.parse(request.path).query
61
- end
63
+ def query_params
64
+ URI.parse(request.path).query
65
+ end
62
66
 
63
- def post_params
64
- request.body
65
- end
67
+ def post_params
68
+ request.body
69
+ end
66
70
 
67
- def auth_header_params
68
- return nil unless request['Authorization'] && request['Authorization'][0,5] == 'OAuth'
69
- request['Authorization']
71
+ def auth_header_params
72
+ return nil unless request["Authorization"] && request["Authorization"][0, 5] == "OAuth"
73
+
74
+ request["Authorization"]
75
+ end
76
+ end
70
77
  end
71
78
  end
72
79
  end
@@ -1,43 +1,47 @@
1
- require 'oauth/request_proxy/base'
2
- require 'uri'
3
- require 'rack'
1
+ # frozen_string_literal: true
4
2
 
5
- module OAuth::RequestProxy
6
- class RackRequest < OAuth::RequestProxy::Base
7
- proxies Rack::Request
3
+ require "oauth/request_proxy/base"
4
+ require "uri"
5
+ require "rack"
8
6
 
9
- def method
10
- request.env["rack.methodoverride.original_method"] || request.request_method
11
- end
7
+ module OAuth
8
+ module RequestProxy
9
+ class RackRequest < OAuth::RequestProxy::Base
10
+ proxies ::Rack::Request
12
11
 
13
- def uri
14
- request.url
15
- end
12
+ def method
13
+ request.env["rack.methodoverride.original_method"] || request.request_method
14
+ end
16
15
 
17
- def parameters
18
- if options[:clobber_request]
19
- options[:parameters] || {}
20
- else
21
- params = request_params.merge(query_params).merge(header_params)
22
- params.merge(options[:parameters] || {})
16
+ def uri
17
+ request.url
23
18
  end
24
- end
25
19
 
26
- def signature
27
- parameters['oauth_signature']
28
- end
20
+ def parameters
21
+ if options[:clobber_request]
22
+ options[:parameters] || {}
23
+ else
24
+ params = request_params.merge(query_params).merge(header_params)
25
+ params.merge(options[:parameters] || {})
26
+ end
27
+ end
29
28
 
30
- protected
29
+ def signature
30
+ parameters["oauth_signature"]
31
+ end
31
32
 
32
- def query_params
33
- request.GET
34
- end
33
+ protected
34
+
35
+ def query_params
36
+ request.GET
37
+ end
35
38
 
36
- def request_params
37
- if request.content_type and request.content_type.to_s.downcase.start_with?("application/x-www-form-urlencoded")
38
- request.POST
39
- else
40
- {}
39
+ def request_params
40
+ if request.content_type && request.content_type.to_s.downcase.start_with?("application/x-www-form-urlencoded")
41
+ request.POST
42
+ else
43
+ {}
44
+ end
41
45
  end
42
46
  end
43
47
  end
@@ -1,62 +1,66 @@
1
- require 'oauth/request_proxy/base'
2
- require 'rest-client'
3
- require 'uri'
4
- require 'cgi'
5
-
6
- module OAuth::RequestProxy::RestClient
7
- class Request < OAuth::RequestProxy::Base
8
- proxies RestClient::Request
9
-
10
- def method
11
- request.method.to_s.upcase
12
- end
1
+ # frozen_string_literal: true
13
2
 
14
- def uri
15
- request.url
16
- end
3
+ require "oauth/request_proxy/base"
4
+ require "rest-client"
5
+ require "uri"
6
+ require "cgi"
7
+
8
+ module OAuth
9
+ module RequestProxy
10
+ module RestClient
11
+ class Request < OAuth::RequestProxy::Base
12
+ proxies ::RestClient::Request
17
13
 
18
- def parameters
19
- if options[:clobber_request]
20
- options[:parameters] || {}
21
- else
22
- post_parameters.merge(query_params).merge(options[:parameters] || {})
14
+ def method
15
+ request.method.to_s.upcase
23
16
  end
24
- end
25
17
 
26
- protected
18
+ def uri
19
+ request.url
20
+ end
27
21
 
28
- def query_params
29
- query = URI.parse(request.url).query
30
- query ? CGI.parse(query) : {}
31
- end
22
+ def parameters
23
+ if options[:clobber_request]
24
+ options[:parameters] || {}
25
+ else
26
+ post_parameters.merge(query_params).merge(options[:parameters] || {})
27
+ end
28
+ end
32
29
 
33
- def request_params
34
- end
35
-
36
- def post_parameters
37
- # Post params are only used if posting form data
38
- if method == 'POST' || method == 'PUT'
39
- OAuth::Helper.stringify_keys(query_string_to_hash(request.payload.to_s) || {})
40
- else
41
- {}
30
+ protected
31
+
32
+ def query_params
33
+ query = URI.parse(request.url).query
34
+ query ? CGI.parse(query) : {}
42
35
  end
43
- end
44
-
45
- private
46
-
47
- def query_string_to_hash(query)
48
- keyvals = query.split('&').inject({}) do |result, q|
49
- k,v = q.split('=')
50
- if !v.nil?
51
- result.merge({k => v})
52
- elsif !result.key?(k)
53
- result.merge({k => true})
36
+
37
+ def request_params; end
38
+
39
+ def post_parameters
40
+ # Post params are only used if posting form data
41
+ is_form_data = request.payload && request.payload.headers["Content-Type"] == "application/x-www-form-urlencoded"
42
+ if is_form_data && (method == "POST" || method == "PUT")
43
+ OAuth::Helper.stringify_keys(query_string_to_hash(request.payload.to_s) || {})
54
44
  else
55
- result
45
+ {}
46
+ end
47
+ end
48
+
49
+ private
50
+
51
+ def query_string_to_hash(query)
52
+ query.split("&").inject({}) do |result, q|
53
+ k, v = q.split("=")
54
+ if !v.nil?
55
+ result.merge({ k => v })
56
+ elsif !result.key?(k)
57
+ result.merge({ k => true })
58
+ else
59
+ result
60
+ end
56
61
  end
57
62
  end
58
- keyvals
59
63
  end
60
-
64
+ end
61
65
  end
62
- end
66
+ end
@@ -1,53 +1,59 @@
1
- require 'oauth/request_proxy/base'
2
- require 'typhoeus'
3
- require 'typhoeus/request'
4
- require 'uri'
5
- require 'cgi'
6
-
7
- module OAuth::RequestProxy::Typhoeus
8
- class Request < OAuth::RequestProxy::Base
9
- # Proxy for signing Typhoeus::Request requests
10
- # Usage example:
11
- # oauth_params = {:consumer => oauth_consumer, :token => access_token}
12
- # req = Typhoeus::Request.new(uri, options)
13
- # oauth_helper = OAuth::Client::Helper.new(req, oauth_params.merge(:request_uri => uri))
14
- # req.options[:headers].merge!({"Authorization" => oauth_helper.header})
15
- # hydra = Typhoeus::Hydra.new()
16
- # hydra.queue(req)
17
- # hydra.run
18
- # response = req.response
19
- proxies Typhoeus::Request
20
-
21
- def method
22
- request_method = request.options[:method].to_s.upcase
23
- request_method.empty? ? 'GET' : request_method
24
- end
1
+ # frozen_string_literal: true
25
2
 
26
- def uri
27
- options[:uri].to_s
28
- end
3
+ require "oauth/request_proxy/base"
4
+ require "typhoeus"
5
+ require "typhoeus/request"
6
+ require "uri"
7
+ require "cgi"
29
8
 
30
- def parameters
31
- if options[:clobber_request]
32
- options[:parameters]
33
- else
34
- post_parameters.merge(query_parameters).merge(options[:parameters] || {})
35
- end
36
- end
9
+ module OAuth
10
+ module RequestProxy
11
+ module Typhoeus
12
+ class Request < OAuth::RequestProxy::Base
13
+ # Proxy for signing Typhoeus::Request requests
14
+ # Usage example:
15
+ # oauth_params = {:consumer => oauth_consumer, :token => access_token}
16
+ # req = Typhoeus::Request.new(uri, options)
17
+ # oauth_helper = OAuth::Client::Helper.new(req, oauth_params.merge(:request_uri => uri))
18
+ # req.options[:headers].merge!({"Authorization" => oauth_helper.header})
19
+ # hydra = Typhoeus::Hydra.new()
20
+ # hydra.queue(req)
21
+ # hydra.run
22
+ # response = req.response
23
+ proxies ::Typhoeus::Request
37
24
 
38
- private
25
+ def method
26
+ request_method = request.options[:method].to_s.upcase
27
+ request_method.empty? ? "GET" : request_method
28
+ end
39
29
 
40
- def query_parameters
41
- query = URI.parse(request.url).query
42
- query ? CGI.parse(query) : {}
43
- end
30
+ def uri
31
+ options[:uri].to_s
32
+ end
33
+
34
+ def parameters
35
+ if options[:clobber_request]
36
+ options[:parameters]
37
+ else
38
+ post_parameters.merge(query_parameters).merge(options[:parameters] || {})
39
+ end
40
+ end
41
+
42
+ private
43
+
44
+ def query_parameters
45
+ query = URI.parse(request.url).query
46
+ query ? CGI.parse(query) : {}
47
+ end
44
48
 
45
- def post_parameters
46
- # Post params are only used if posting form data
47
- if method == 'POST'
48
- OAuth::Helper.stringify_keys(request.options[:params] || {})
49
- else
50
- {}
49
+ def post_parameters
50
+ # Post params are only used if posting form data
51
+ if method == "POST"
52
+ OAuth::Helper.stringify_keys(request.options[:params] || {})
53
+ else
54
+ {}
55
+ end
56
+ end
51
57
  end
52
58
  end
53
59
  end
@@ -1,24 +1,27 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module OAuth
2
4
  module RequestProxy
3
- def self.available_proxies #:nodoc:
5
+ def self.available_proxies # :nodoc:
4
6
  @available_proxies ||= {}
5
7
  end
6
8
 
7
9
  def self.proxy(request, options = {})
8
- return request if request.kind_of?(OAuth::RequestProxy::Base)
10
+ return request if request.is_a?(OAuth::RequestProxy::Base)
9
11
 
10
12
  klass = available_proxies[request.class]
11
13
 
12
14
  # Search for possible superclass matches.
13
15
  if klass.nil?
14
- request_parent = available_proxies.keys.find { |rc| request.kind_of?(rc) }
16
+ request_parent = available_proxies.keys.find { |rc| request.is_a?(rc) }
15
17
  klass = available_proxies[request_parent]
16
18
  end
17
19
 
18
20
  raise UnknownRequestType, request.class.to_s unless klass
21
+
19
22
  klass.new(request, options)
20
23
  end
21
24
 
22
- class UnknownRequestType < Exception; end
25
+ class UnknownRequestType < RuntimeError; end
23
26
  end
24
27
  end