RubyGems - oauth - Versions diffs - 0.5.6 → 1.1.5 - Mend

oauth 0.5.6 → 1.1.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (71) hide show

checksums.yaml +4 -4
checksums.yaml.gz.sig +4 -0
data/CHANGELOG.md +848 -0
data/CITATION.cff +20 -0
data/CODE_OF_CONDUCT.md +134 -0
data/CONTRIBUTING.md +218 -0
data/FUNDING.md +77 -0
data/LICENSE.txt +22 -0
data/README.md +662 -0
data/REEK +2 -0
data/RUBOCOP.md +71 -0
data/SECURITY.md +24 -0
data/lib/oauth/auth_sanitizer.rb +36 -0
data/lib/oauth/client/action_controller_request.rb +33 -22
data/lib/oauth/client/em_http.rb +110 -103
data/lib/oauth/client/helper.rb +87 -82
data/lib/oauth/client/net_http.rb +140 -107
data/lib/oauth/client.rb +2 -0
data/lib/oauth/consumer.rb +222 -141
data/lib/oauth/errors/error.rb +2 -0
data/lib/oauth/errors/problem.rb +4 -1
data/lib/oauth/errors/unauthorized.rb +7 -1
data/lib/oauth/errors.rb +5 -3
data/lib/oauth/helper.rb +48 -18
data/lib/oauth/oauth.rb +31 -7
data/lib/oauth/oauth_test_helper.rb +6 -4
data/lib/oauth/optional.rb +20 -0
data/lib/oauth/request_proxy/action_controller_request.rb +53 -71
data/lib/oauth/request_proxy/action_dispatch_request.rb +42 -4
data/lib/oauth/request_proxy/base.rb +146 -131
data/lib/oauth/request_proxy/curb_request.rb +49 -43
data/lib/oauth/request_proxy/em_http_request.rb +60 -49
data/lib/oauth/request_proxy/jabber_request.rb +19 -9
data/lib/oauth/request_proxy/mock_request.rb +5 -3
data/lib/oauth/request_proxy/net_http.rb +61 -54
data/lib/oauth/request_proxy/rack_request.rb +31 -31
data/lib/oauth/request_proxy/rest_client_request.rb +55 -50
data/lib/oauth/request_proxy/typhoeus_request.rb +51 -45
data/lib/oauth/request_proxy.rb +21 -14
data/lib/oauth/server.rb +18 -12
data/lib/oauth/signature/base.rb +88 -71
data/lib/oauth/signature/hmac/sha1.rb +16 -10
data/lib/oauth/signature/hmac/sha256.rb +16 -10
data/lib/oauth/signature/plaintext.rb +18 -20
data/lib/oauth/signature/rsa/sha1.rb +53 -38
data/lib/oauth/signature.rb +41 -34
data/lib/oauth/token.rb +7 -5
data/lib/oauth/tokens/access_token.rb +6 -4
data/lib/oauth/tokens/consumer_token.rb +11 -7
data/lib/oauth/tokens/request_token.rb +17 -10
data/lib/oauth/tokens/server_token.rb +2 -1
data/lib/oauth/tokens/token.rb +15 -1
data/lib/oauth/version.rb +6 -1
data/lib/oauth.rb +18 -9
data/sig/oauth/consumer.rbs +9 -0
data/sig/oauth/signature/base.rbs +12 -0
data/sig/oauth/tokens/token.rbs +8 -0
data.tar.gz.sig +3 -0
metadata +301 -82
metadata.gz.sig +2 -0
data/LICENSE +0 -20
data/README.rdoc +0 -88
data/TODO +0 -32
data/bin/oauth +0 -11
data/lib/oauth/cli/authorize_command.rb +0 -71
data/lib/oauth/cli/base_command.rb +0 -208
data/lib/oauth/cli/help_command.rb +0 -22
data/lib/oauth/cli/query_command.rb +0 -25
data/lib/oauth/cli/sign_command.rb +0 -81
data/lib/oauth/cli/version_command.rb +0 -7
data/lib/oauth/cli.rb +0 -56

data/lib/oauth/signature/base.rb CHANGED Viewed

@@ -1,96 +1,113 @@
-require 'oauth/signature'
-require 'oauth/helper'
-require 'oauth/request_proxy/base'
-require 'base64'
-module OAuth::Signature
-  class Base
-    include OAuth::Helper
-    attr_accessor :options
-    attr_reader :token_secret, :consumer_secret, :request
-    def self.implements(signature_method = nil)
-      return @implements if signature_method.nil?
-      @implements = signature_method
-      OAuth::Signature.available_methods[@implements] = self
-    end
+# frozen_string_literal: true
+require "oauth/signature"
+require "oauth/helper"
+require "oauth/request_proxy/base"
+require "base64"
+module OAuth
+  module Signature
+    # Base class for OAuth signature implementations.
+    #
+    # Includes {OAuth::AUTH_SANITIZER::FilteredAttributes} so inspect output redacts
+    # secret-bearing fields captured during signature construction.
+    class Base
+      include OAuth::Helper
+      include OAuth::AUTH_SANITIZER::FilteredAttributes
+      # Signature construction options.
+      #
+      # @return [Hash]
+      attr_accessor :options
+      attr_reader :token_secret, :consumer_secret, :request
+      filtered_attributes :options, :consumer_secret, :token_secret
+      class << self
+        def implements(signature_method = nil)
+          return OAuth::Signature.available_methods.key(self) if signature_method.nil?
+          OAuth::Signature.available_methods[signature_method] = self
+        end
+      end
+      def initialize(request, options = {}, &block)
+        raise TypeError unless request.is_a?(OAuth::RequestProxy::Base)
-    def initialize(request, options = {}, &block)
-      raise TypeError unless request.kind_of?(OAuth::RequestProxy::Base)
-      @request = request
-      @options = options
+        @request = request
+        @options = options
-      ## consumer secret was determined beforehand
+        ## consumer secret was determined beforehand
-      @consumer_secret = options[:consumer].secret if options[:consumer]
+        @consumer_secret = options[:consumer].secret if options[:consumer]
-      # presence of :consumer_secret option will override any Consumer that's provided
-      @consumer_secret = options[:consumer_secret] if options[:consumer_secret]
+        # presence of :consumer_secret option will override any Consumer that's provided
+        @consumer_secret = options[:consumer_secret] if options[:consumer_secret]
-      ## token secret was determined beforehand
+        ## token secret was determined beforehand
-      @token_secret = options[:token].secret if options[:token]
+        @token_secret = options[:token].secret if options[:token]
-      # presence of :token_secret option will override any Token that's provided
-      @token_secret = options[:token_secret] if options[:token_secret]
+        # presence of :token_secret option will override any Token that's provided
+        @token_secret = options[:token_secret] if options[:token_secret]
-      # override secrets based on the values returned from the block (if any)
-      if block_given?
-        # consumer secret and token secret need to be looked up based on pieces of the request
-        secrets = yield block.arity == 1 ? request : [token, consumer_key, nonce, request.timestamp]
-        if secrets.is_a?(Array) && secrets.size == 2
-          @token_secret = secrets[0]
-          @consumer_secret = secrets[1]
+        # override secrets based on the values returned from the block (if any)
+        if block
+          # consumer secret and token secret need to be looked up based on pieces of the request
+          secrets = yield (block.arity == 1) ? request : [token, consumer_key, nonce, request.timestamp]
+          if secrets.is_a?(Array) && secrets.size == 2
+            @token_secret = secrets[0]
+            @consumer_secret = secrets[1]
+          end
         end
       end
-    end
-    def signature
-      Base64.encode64(digest).chomp.gsub(/\n/,'')
-    end
+      def signature
+        Base64.encode64(digest).chomp.delete("\n")
+      end
-    def ==(cmp_signature)
-      signature == cmp_signature
-    end
+      def ==(other)
+        check = signature.bytesize ^ other.bytesize
+        signature.bytes.zip(other.bytes) { |x, y| check |= x ^ y.to_i }
+        check.zero?
+      end
-    def verify
-      self == self.request.signature
-    end
+      def verify
+        self == request.signature
+      end
-    def signature_base_string
-      request.signature_base_string
-    end
+      def signature_base_string
+        request.signature_base_string
+      end
-    def body_hash
-      raise_instantiation_error
-    end
+      def body_hash
+        raise_instantiation_error
+      end
-    private
+      private
-    def token
-      request.token
-    end
+      def token
+        request.token
+      end
-    def consumer_key
-      request.consumer_key
-    end
+      def consumer_key
+        request.consumer_key
+      end
-    def nonce
-      request.nonce
-    end
+      def nonce
+        request.nonce
+      end
-    def secret
-      "#{escape(consumer_secret)}&#{escape(token_secret)}"
-    end
+      def secret
+        "#{escape(consumer_secret)}&#{escape(token_secret)}"
+      end
-    def digest
-      raise_instantiation_error
-    end
+      def digest
+        raise_instantiation_error
+      end
-    def raise_instantiation_error
-      raise NotImplementedError, "Cannot instantiate #{self.class.name} class directly."
+      def raise_instantiation_error
+        raise NotImplementedError, "Cannot instantiate #{self.class.name} class directly."
+      end
     end
   end
 end

data/lib/oauth/signature/hmac/sha1.rb CHANGED Viewed

@@ -1,17 +1,23 @@
-require 'oauth/signature/base'
+# frozen_string_literal: true
-module OAuth::Signature::HMAC
-  class SHA1 < OAuth::Signature::Base
-    implements 'hmac-sha1'
+require "oauth/signature/base"
-    def body_hash
-      Base64.encode64(OpenSSL::Digest::SHA1.digest(request.body || '')).chomp.gsub(/\n/,'')
-    end
+module OAuth
+  module Signature
+    module HMAC
+      class SHA1 < OAuth::Signature::Base
+        implements "hmac-sha1"
+        def body_hash
+          Base64.encode64(OpenSSL::Digest.digest("SHA1", request.body || "")).chomp.delete("\n")
+        end
-    private
+        private
-    def digest
-      OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha1'), secret, signature_base_string)
+        def digest
+          OpenSSL::HMAC.digest(OpenSSL::Digest.new("sha1"), secret, signature_base_string)
+        end
+      end
     end
   end
 end

data/lib/oauth/signature/hmac/sha256.rb CHANGED Viewed

@@ -1,17 +1,23 @@
-require 'oauth/signature/base'
+# frozen_string_literal: true
-module OAuth::Signature::HMAC
-  class SHA256 < OAuth::Signature::Base
-    implements 'hmac-sha256'
+require "oauth/signature/base"
-    def body_hash
-      Base64.encode64(OpenSSL::Digest::SHA256.digest(request.body || '')).chomp.gsub(/\n/,'')
-    end
+module OAuth
+  module Signature
+    module HMAC
+      class SHA256 < OAuth::Signature::Base
+        implements "hmac-sha256"
+        def body_hash
+          Base64.encode64(OpenSSL::Digest.digest("SHA256", request.body || "")).chomp.delete("\n")
+        end
-    private
+        private
-    def digest
-      OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha256'), secret, signature_base_string)
+        def digest
+          OpenSSL::HMAC.digest(OpenSSL::Digest.new("sha256"), secret, signature_base_string)
+        end
+      end
     end
   end
 end

data/lib/oauth/signature/plaintext.rb CHANGED Viewed

@@ -1,29 +1,27 @@
-require 'oauth/signature/base'
+# frozen_string_literal: true
-module OAuth::Signature
-  class PLAINTEXT < Base
-    implements 'plaintext'
+require "oauth/signature/base"
-    def signature
-      signature_base_string
-    end
+module OAuth
+  module Signature
+    class PLAINTEXT < Base
+      implements "plaintext"
-    def ==(cmp_signature)
-      signature.to_s == cmp_signature.to_s
-    end
+      def signature
+        signature_base_string
+      end
-    def signature_base_string
-      secret
-    end
-    def body_hash
-      nil
-    end
+      def ==(other)
+        signature.to_s == other.to_s
+      end
-    private
+      def signature_base_string
+        secret
+      end
-    def secret
-      super
+      def body_hash
+        nil
+      end
     end
   end
 end

data/lib/oauth/signature/rsa/sha1.rb CHANGED Viewed

@@ -1,50 +1,65 @@
-require 'oauth/signature/base'
+# frozen_string_literal: true
-module OAuth::Signature::RSA
-  class SHA1 < OAuth::Signature::Base
-    implements 'rsa-sha1'
+require "oauth/signature/base"
-    def ==(cmp_signature)
-      public_key.verify(OpenSSL::Digest::SHA1.new, Base64.decode64(cmp_signature.is_a?(Array) ? cmp_signature.first : cmp_signature), signature_base_string)
-    end
+module OAuth
+  module Signature
+    module RSA
+      class SHA1 < OAuth::Signature::Base
+        implements "rsa-sha1"
-    def public_key
-      if consumer_secret.is_a?(String)
-        decode_public_key
-      elsif consumer_secret.is_a?(OpenSSL::X509::Certificate)
-        consumer_secret.public_key
-      else
-        consumer_secret
-      end
-    end
+        def ==(other)
+          decoded = Base64.decode64(other.is_a?(Array) ? other.first : other)
+          public_key.verify(OpenSSL::Digest.new("SHA1"), decoded, signature_base_string)
+        end
-    def body_hash
-      Base64.encode64(OpenSSL::Digest::SHA1.digest(request.body || '')).chomp.gsub(/\n/,'')
-    end
+        def public_key
+          case consumer_secret
+          when String
+            decode_public_key
+          when OpenSSL::X509::Certificate
+            consumer_secret.public_key
+          else
+            consumer_secret
+          end
+        end
-    private
+        def body_hash
+          # Use SHA1 body hash with compatibility across OpenSSL versions
+          data = request.body || ""
+          begin
+            digest_bytes = OpenSSL::Digest.digest("SHA1", data)
+          rescue StandardError
+            digest_bytes = ::Digest::SHA1.digest(data)
+          end
+          Base64.encode64(digest_bytes).chomp.delete("\n")
+        end
-    def decode_public_key
-      case consumer_secret
-      when /-----BEGIN CERTIFICATE-----/
-        OpenSSL::X509::Certificate.new( consumer_secret).public_key
-      else
-        OpenSSL::PKey::RSA.new( consumer_secret)
-      end
-    end
+        private
-    def digest
-      private_key = OpenSSL::PKey::RSA.new(
-        if options[:private_key_file]
-          IO.read(options[:private_key_file])
-        elsif options[:private_key]
-          options[:private_key]
-        else
-          consumer_secret
+        def decode_public_key
+          case consumer_secret
+          when /-----BEGIN CERTIFICATE-----/
+            OpenSSL::X509::Certificate.new(consumer_secret).public_key
+          else
+            OpenSSL::PKey::RSA.new(consumer_secret)
+          end
         end
-      )
-      private_key.sign(OpenSSL::Digest::SHA1.new, signature_base_string)
+        def digest
+          private_key = OpenSSL::PKey::RSA.new(
+            if options[:private_key_file]
+              File.read(options[:private_key_file])
+            elsif options[:private_key]
+              options[:private_key]
+            else
+              consumer_secret
+            end,
+          )
+          private_key.sign(OpenSSL::Digest.new("SHA1"), signature_base_string)
+        end
+      end
     end
   end
 end

data/lib/oauth/signature.rb CHANGED Viewed

@@ -1,45 +1,52 @@
+# frozen_string_literal: true
 module OAuth
   module Signature
-    # Returns a list of available signature methods
-    def self.available_methods
-      @available_methods ||= {}
-    end
+    AVAILABLE_METHODS = {}
-    # Build a signature from a +request+.
-    #
-    # Raises UnknownSignatureMethod exception if the signature method is unknown.
-    def self.build(request, options = {}, &block)
-      request = OAuth::RequestProxy.proxy(request, options)
-      klass = available_methods[
-        (request.signature_method ||
-        ((c = request.options[:consumer]) && c.options[:signature_method]) ||
-        "").downcase]
-      raise UnknownSignatureMethod, request.signature_method unless klass
-      klass.new(request, options, &block)
-    end
+    class << self
+      # Returns a list of available signature methods
+      def available_methods
+        AVAILABLE_METHODS
+      end
-    # Sign a +request+
-    def self.sign(request, options = {}, &block)
-      self.build(request, options, &block).signature
-    end
+      # Build a signature from a +request+.
+      #
+      # Raises UnknownSignatureMethod exception if the signature method is unknown.
+      def build(request, options = {}, &block)
+        request = OAuth::RequestProxy.proxy(request, options)
+        klass = available_methods[
+          (request.signature_method ||
+          ((c = request.options[:consumer]) && c.options[:signature_method]) ||
+          "").downcase]
+        raise UnknownSignatureMethod, request.signature_method unless klass
-    # Verify the signature of +request+
-    def self.verify(request, options = {}, &block)
-      self.build(request, options, &block).verify
-    end
+        klass.new(request, options, &block)
+      end
-    # Create the signature base string for +request+. This string is the normalized parameter information.
-    #
-    # See Also: {OAuth core spec version 1.0, section 9.1.1}[http://oauth.net/core/1.0#rfc.section.9.1.1]
-    def self.signature_base_string(request, options = {}, &block)
-      self.build(request, options, &block).signature_base_string
-    end
+      # Sign a +request+
+      def sign(request, options = {}, &block)
+        build(request, options, &block).signature
+      end
+      # Verify the signature of +request+
+      def verify(request, options = {}, &block)
+        build(request, options, &block).verify
+      end
+      # Create the signature base string for +request+. This string is the normalized parameter information.
+      #
+      # See Also: {OAuth core spec version 1.0, section 9.1.1}[http://oauth.net/core/1.0#rfc.section.9.1.1]
+      def signature_base_string(request, options = {}, &block)
+        build(request, options, &block).signature_base_string
+      end
-    # Create the body hash for a request
-    def self.body_hash(request, options = {}, &block)
-      self.build(request, options, &block).body_hash
+      # Create the body hash for a request
+      def body_hash(request, options = {}, &block)
+        build(request, options, &block).body_hash
+      end
     end
-    class UnknownSignatureMethod < Exception; end
+    class UnknownSignatureMethod < RuntimeError; end
   end
 end

data/lib/oauth/token.rb CHANGED Viewed

@@ -1,7 +1,9 @@
+# frozen_string_literal: true
 # this exists for backwards-compatibility
-require 'oauth/tokens/token'
-require 'oauth/tokens/server_token'
-require 'oauth/tokens/consumer_token'
-require 'oauth/tokens/request_token'
-require 'oauth/tokens/access_token'
+require "oauth/tokens/token"
+require "oauth/tokens/server_token"
+require "oauth/tokens/consumer_token"
+require "oauth/tokens/request_token"
+require "oauth/tokens/access_token"

data/lib/oauth/tokens/access_token.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module OAuth
   # The Access Token is used for the actual "real" web service calls that you perform against the server
   class AccessToken < ConsumerToken
@@ -6,7 +8,7 @@ module OAuth
     def request(http_method, path, *arguments)
       request_uri = URI.parse(path)
       site_uri = consumer.uri
-      is_service_uri_different = (request_uri.absolute? && request_uri != site_uri)
+      is_service_uri_different = request_uri.absolute? && request_uri != site_uri
       begin
         consumer.uri(request_uri) if is_service_uri_different
         @response = super(http_method, path, *arguments)
@@ -43,7 +45,7 @@ module OAuth
     #   @response = @token.post('/people', nil, {'Accept' => 'application/xml' })
     #   @response = @token.post('/people', @person.to_xml, { 'Accept'=>'application/xml', 'Content-Type' => 'application/xml' })
     #
-    def post(path, body = '', headers = {})
+    def post(path, body = "", headers = {})
       request(:post, path, body, headers)
     end
@@ -55,7 +57,7 @@ module OAuth
     #   @response = @token.put('/people/123', nil, { 'Accept' => 'application/xml' })
     #   @response = @token.put('/people/123', @person.to_xml, { 'Accept' => 'application/xml', 'Content-Type' => 'application/xml' })
     #
-    def put(path, body = '', headers = {})
+    def put(path, body = "", headers = {})
       request(:put, path, body, headers)
     end
@@ -67,7 +69,7 @@ module OAuth
     #   @response = @token.patch('/people/123', nil, { 'Accept' => 'application/xml' })
     #   @response = @token.patch('/people/123', @person.to_xml, { 'Accept' => 'application/xml', 'Content-Type' => 'application/xml' })
     #
-    def patch(path, body = '', headers = {})
+    def patch(path, body = "", headers = {})
       request(:patch, path, body, headers)
     end

data/lib/oauth/tokens/consumer_token.rb CHANGED Viewed

@@ -1,19 +1,23 @@
+# frozen_string_literal: true
 module OAuth
   # Superclass for tokens used by OAuth Clients
   class ConsumerToken < Token
     attr_accessor :consumer, :params
-    attr_reader   :response
+    attr_reader :response
-    def self.from_hash(consumer, hash)
-      token = self.new(consumer, hash[:oauth_token], hash[:oauth_token_secret])
-      token.params = hash
-      token
+    class << self
+      def from_hash(consumer, hash)
+        token = new(consumer, hash[:oauth_token], hash[:oauth_token_secret])
+        token.params = hash
+        token
+      end
     end
-    def initialize(consumer, token="", secret="")
+    def initialize(consumer, token = "", secret = "")
       super(token, secret)
       @consumer = consumer
-      @params   = {}
+      @params = {}
     end
     # Make a signed request using given http_method to the path

data/lib/oauth/tokens/request_token.rb CHANGED Viewed

@@ -1,20 +1,21 @@
+# frozen_string_literal: true
 module OAuth
   # The RequestToken is used for the initial Request.
   # This is normally created by the Consumer object.
   class RequestToken < ConsumerToken
     # Generate an authorization URL for user authorization
     def authorize_url(params = nil)
-      return nil if self.token.nil?
+      return if token.nil?
-      params = (params || {}).merge(:oauth_token => self.token)
+      params = (params || {}).merge(oauth_token: token)
       build_url(consumer.authorize_url, params)
     end
     def authenticate_url(params = nil)
-      return nil if self.token.nil?
+      return if token.nil?
-      params = (params || {}).merge(:oauth_token => self.token)
+      params = (params || {}).merge(oauth_token: token)
       build_url(consumer.authenticate_url, params)
     end
@@ -24,20 +25,26 @@ module OAuth
     # exchange for AccessToken on server
     def get_access_token(options = {}, *arguments)
-      response = consumer.token_request(consumer.http_method, (consumer.access_token_url? ? consumer.access_token_url : consumer.access_token_path), self, options, *arguments)
+      response = consumer.token_request(
+        consumer.http_method,
+        (consumer.access_token_url? ? consumer.access_token_url : consumer.access_token_path),
+        self,
+        options,
+        *arguments,
+      )
       OAuth::AccessToken.from_hash(consumer, response)
     end
-  protected
+    protected
     # construct an authorization or authentication url
     def build_url(base_url, params)
       uri = URI.parse(base_url.to_s)
       queries = {}
-      queries = Hash[URI.decode_www_form(uri.query)] if uri.query
-      # TODO doesn't handle array values correctly
+      queries = URI.decode_www_form(uri.query).to_h if uri.query
+      # TODO: doesn't handle array values correctly
       queries.merge!(params) if params
-      uri.query = URI.encode_www_form(queries) if !queries.empty?
+      uri.query = URI.encode_www_form(queries) unless queries.empty?
       uri.to_s
     end
   end

data/lib/oauth/tokens/server_token.rb CHANGED Viewed

@@ -1,7 +1,8 @@
+# frozen_string_literal: true
 module OAuth
   # Used on the server for generating tokens
   class ServerToken < Token
     def initialize
       super(generate_key(16), generate_key)
     end