oauth 0.5.7.pre.pre1 → 0.5.9

data/SECURITY.md

@@ -0,0 +1,16 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 0.7.x   | :white_check_mark: |
+| 0.6.x   | :white_check_mark: |
+| 0.5.x   | :white_check_mark: |
+| <= 0.5  | :x:                |
+
+## Reporting a Vulnerability
+
+Peter Boling is the primary maintainer of the this gem.  Please find a way to [contact him directly][contact] to report the issue.  Include as much relevant information as possible.
+
+[contact]: https://railsbling.com/contact

data/lib/oauth/cli/authorize_command.rb

@@ -1,6 +1,5 @@
 class OAuth::CLI
   class AuthorizeCommand < BaseCommand
-
     def required_options
       [:uri]
     end
@@ -25,7 +24,7 @@ class OAuth::CLI
     def get_request_token
       consumer = get_consumer
       scope_options = options[:scope] ? { "scope" => options[:scope] } : {}
-      consumer.get_request_token({ :oauth_callback => options[:oauth_callback] }, scope_options)
+      consumer.get_request_token({ oauth_callback: options[:oauth_callback] }, scope_options)
     rescue OAuth::Unauthorized => e
       alert "A problem occurred while attempting to authorize:"
       alert e
@@ -36,14 +35,13 @@ class OAuth::CLI
       OAuth::Consumer.new \
         options[:oauth_consumer_key],
         options[:oauth_consumer_secret],
-        :access_token_url  => options[:access_token_url],
-        :authorize_url     => options[:authorize_url],
-        :request_token_url => options[:request_token_url],
-        :scheme            => options[:scheme],
-        :http_method       => options[:method].to_s.downcase.to_sym
+        access_token_url: options[:access_token_url],
+        authorize_url: options[:authorize_url],
+        request_token_url: options[:request_token_url],
+        scheme: options[:scheme],
+        http_method: options[:method].to_s.downcase.to_sym
     end
 
-
     def ask_user_for_verifier
       if options[:version] == "1.0a"
         puts "Please enter the verification code provided by the SP (oauth_verifier):"
@@ -56,10 +54,10 @@ class OAuth::CLI
     end
 
     def verbosely_get_access_token(request_token, oauth_verifier)
-      access_token = request_token.get_access_token(:oauth_verifier => oauth_verifier)
+      access_token = request_token.get_access_token(oauth_verifier: oauth_verifier)
 
       puts "Response:"
-      access_token.params.each do |k,v|
+      access_token.params.each do |k, v|
         puts "  #{k}: #{v}" unless k.is_a?(Symbol)
       end
     rescue OAuth::Unauthorized => e

data/lib/oauth/cli/base_command.rb

@@ -1,7 +1,9 @@
 class OAuth::CLI
   class BaseCommand
     def initialize(stdout, stdin, stderr, arguments)
-      @stdout, @stdin, @stderr = stdout, stdin, stderr
+      @stdout = stdout
+      @stdin = stdin
+      @stderr = stderr
 
       @options = {}
       option_parser.parse!(arguments)
@@ -38,11 +40,11 @@ class OAuth::CLI
       options[:verbose]
     end
 
-    def puts(string=nil)
+    def puts(string = nil)
       @stdout.puts(string)
     end
 
-    def alert(string=nil)
+    def alert(string = nil)
       @stderr.puts(string)
     end
 
@@ -50,8 +52,8 @@ class OAuth::CLI
       @parameters ||= begin
         escaped_pairs = options[:params].collect do |pair|
           if pair =~ /:/
-            Hash[*pair.split(":", 2)].collect do |k,v|
-              [CGI.escape(k.strip), CGI.escape(v.strip)] * "="
+            Hash[*pair.split(":", 2)].collect do |k, v|
+              [CGI.escape(k.strip), CGI.escape(v.strip)].join("=")
             end
           else
             pair
@@ -68,7 +70,7 @@ class OAuth::CLI
           "oauth_token"            => options[:oauth_token],
           "oauth_signature_method" => options[:oauth_signature_method],
           "oauth_version"          => options[:oauth_version]
-        }.reject { |_k,v| v.nil? || v == "" }.merge(cli_params)
+        }.reject { |_k, v| v.nil? || v == "" }.merge(cli_params)
       end
     end
 

data/lib/oauth/cli/query_command.rb

@@ -3,7 +3,7 @@ class OAuth::CLI
     extend OAuth::Helper
 
     def required_options
-      [:oauth_consumer_key, :oauth_consumer_secret, :oauth_token, :oauth_token_secret]
+      %i[oauth_consumer_key oauth_consumer_secret oauth_token oauth_token_secret]
     end
 
     def _run
@@ -13,8 +13,8 @@ class OAuth::CLI
 
       # append params to the URL
       uri = URI.parse(options[:uri])
-      params = parameters.map { |k,v| Array(v).map { |v2| "#{OAuth::Helper.escape(k)}=#{OAuth::Helper.escape(v2)}" } * "&" }
-      uri.query = [uri.query, *params].reject { |x| x.nil? } * "&"
+      params = parameters.map { |k, v| Array(v).map { |v2| "#{OAuth::Helper.escape(k)}=#{OAuth::Helper.escape(v2)}" } * "&" }
+      uri.query = [uri.query, *params].reject(&:nil?) * "&"
       puts uri.to_s
 
       response = access_token.request(options[:method].to_s.downcase.to_sym, uri.to_s)

data/lib/oauth/cli/sign_command.rb

@@ -1,23 +1,20 @@
 class OAuth::CLI
   class SignCommand < BaseCommand
-
     def required_options
-      [:oauth_consumer_key, :oauth_consumer_secret, :oauth_token, :oauth_token_secret]
+      %i[oauth_consumer_key oauth_consumer_secret oauth_token oauth_token_secret]
     end
 
     def _run
       request = OAuth::RequestProxy.proxy \
-         "method"     => options[:method],
-         "uri"        => options[:uri],
-         "parameters" => parameters
+        "method"     => options[:method],
+        "uri"        => options[:uri],
+        "parameters" => parameters
 
-      if verbose?
-        puts_verbose_parameters(request)
-      end
+      puts_verbose_parameters(request) if verbose?
 
       request.sign! \
-        :consumer_secret => options[:oauth_consumer_secret],
-        :token_secret    => options[:oauth_token_secret]
+        consumer_secret: options[:oauth_consumer_secret],
+        token_secret: options[:oauth_token_secret]
 
       if verbose?
         puts_verbose_request(request)
@@ -28,15 +25,15 @@ class OAuth::CLI
 
     def puts_verbose_parameters(request)
       puts "OAuth parameters:"
-      request.oauth_parameters.each do |k,v|
-        puts "  " + [k, v] * ": "
+      request.oauth_parameters.each do |k, v|
+        puts "  " + [k, v].join(": ")
       end
       puts
 
       if request.non_oauth_parameters.any?
         puts "Parameters:"
-        request.non_oauth_parameters.each do |k,v|
-          puts "  " + [k, v] * ": "
+        request.non_oauth_parameters.each do |k, v|
+          puts "  " + [k, v].join(": ")
         end
         puts
       end
@@ -58,7 +55,7 @@ class OAuth::CLI
       else
         puts "OAuth Request URI: #{request.signed_uri}"
         puts "Request URI: #{request.signed_uri(false)}"
-        puts "Authorization header: #{request.oauth_header(:realm => options[:realm])}"
+        puts "Authorization header: #{request.oauth_header(realm: options[:realm])}"
       end
       puts "Signature:         #{request.oauth_signature}"
       puts "Escaped signature: #{OAuth::Helper.escape(request.oauth_signature)}"

data/lib/oauth/cli.rb

@@ -18,8 +18,8 @@ module OAuth
       "v" => "version",
       "q" => "query",
       "a" => "authorize",
-      "s" => "sign",
-    }
+      "s" => "sign"
+    }.freeze
 
     def initialize(stdout, stdin, stderr, command, arguments)
       klass = get_command_class(parse_command(command))

data/lib/oauth/client/action_controller_request.rb

@@ -10,12 +10,12 @@ end
 module ActionController
   class Base
     if defined? ActionDispatch
-      def process_with_new_base_test(request, response=nil)
+      def process_with_new_base_test(request, response = nil)
         request.apply_oauth! if request.respond_to?(:apply_oauth!)
         super(request, response)
       end
     else
-      def process_with_oauth(request, response=nil)
+      def process_with_oauth(request, response = nil)
         request.apply_oauth! if request.respond_to?(:apply_oauth!)
         process_without_oauth(request, response)
       end
@@ -24,8 +24,8 @@ module ActionController
   end
 
   class TestRequest
-    def self.use_oauth=(bool)
-      @use_oauth = bool
+    class << self
+      attr_writer :use_oauth
     end
 
     def self.use_oauth?
@@ -33,21 +33,21 @@ module ActionController
     end
 
     def configure_oauth(consumer = nil, token = nil, options = {})
-      @oauth_options = { :consumer  => consumer,
-                         :token     => token,
-                         :scheme    => "header",
-                         :signature_method => nil,
-                         :nonce     => nil,
-                         :timestamp => nil }.merge(options)
+      @oauth_options = { consumer: consumer,
+                         token: token,
+                         scheme: "header",
+                         signature_method: nil,
+                         nonce: nil,
+                         timestamp: nil }.merge(options)
     end
 
     def apply_oauth!
       return unless ActionController::TestRequest.use_oauth? && @oauth_options
 
-      @oauth_helper = OAuth::Client::Helper.new(self, @oauth_options.merge(:request_uri => (respond_to?(:fullpath) ? fullpath : request_uri)))
+      @oauth_helper = OAuth::Client::Helper.new(self, @oauth_options.merge(request_uri: (respond_to?(:fullpath) ? fullpath : request_uri)))
       @oauth_helper.amend_user_agent_header(env)
 
-      self.send("set_oauth_#{@oauth_options[:scheme]}")
+      send("set_oauth_#{@oauth_options[:scheme]}")
     end
 
     def set_oauth_header
@@ -56,10 +56,9 @@ module ActionController
 
     def set_oauth_parameters
       @query_parameters = @oauth_helper.parameters_with_oauth
-      @query_parameters.merge!(:oauth_signature => @oauth_helper.signature)
+      @query_parameters.merge!(oauth_signature: @oauth_helper.signature)
     end
 
-    def set_oauth_query_string
-    end
+    def set_oauth_query_string; end
   end
 end

data/lib/oauth/client/em_http.rb

@@ -23,16 +23,16 @@ module EventMachine
     #
     # See Also: {OAuth core spec version 1.0, section 5.4.1}[http://oauth.net/core/1.0#rfc.section.5.4.1]
     def oauth!(http, consumer = nil, token = nil, options = {})
-      options = { :request_uri      => normalized_oauth_uri(http),
-                  :consumer         => consumer,
-                  :token            => token,
-                  :scheme           => "header",
-                  :signature_method => nil,
-                  :nonce            => nil,
-                  :timestamp        => nil }.merge(options)
+      options = { request_uri: normalized_oauth_uri(http),
+                  consumer: consumer,
+                  token: token,
+                  scheme: "header",
+                  signature_method: nil,
+                  nonce: nil,
+                  timestamp: nil }.merge(options)
 
       @oauth_helper = OAuth::Client::Helper.new(self, options)
-      self.__send__(:"set_oauth_#{options[:scheme]}")
+      __send__(:"set_oauth_#{options[:scheme]}")
     end
 
     # Create a string suitable for signing for an HTTP request. This process involves parameter
@@ -49,13 +49,13 @@ module EventMachine
     #
     # See Also: {OAuth core spec version 1.0, section 9.1.1}[http://oauth.net/core/1.0#rfc.section.9.1.1]
     def signature_base_string(http, consumer = nil, token = nil, options = {})
-      options = { :request_uri      => normalized_oauth_uri(http),
-                  :consumer         => consumer,
-                  :token            => token,
-                  :scheme           => "header",
-                  :signature_method => nil,
-                  :nonce            => nil,
-                  :timestamp        => nil }.merge(options)
+      options = { request_uri: normalized_oauth_uri(http),
+                  consumer: consumer,
+                  token: token,
+                  scheme: "header",
+                  signature_method: nil,
+                  nonce: nil,
+                  timestamp: nil }.merge(options)
 
       OAuth::Client::Helper.new(self, options).signature_base_string
     end
@@ -77,13 +77,13 @@ module EventMachine
     protected
 
     def combine_query(path, query, uri_query)
-      combined_query = if query.kind_of?(Hash)
-        query.map { |k, v| encode_param(k, v) }.join("&")
-      else
-        query.to_s
+      combined_query = if query.is_a?(Hash)
+                         query.map { |k, v| encode_param(k, v) }.join("&")
+                       else
+                         query.to_s
       end
-      if !uri_query.to_s.empty?
-        combined_query = [combined_query, uri_query].reject {|part| part.empty?}.join("&")
+      unless uri_query.to_s.empty?
+        combined_query = [combined_query, uri_query].reject(&:empty?).join("&")
       end
       combined_query.to_s.empty? ? path : "#{path}?#{combined_query}"
     end
@@ -95,17 +95,17 @@ module EventMachine
       uri.host = http.address
       uri.port = http.port
 
-      if http.respond_to?(:use_ssl?) && http.use_ssl?
-        uri.scheme = "https"
-      else
-        uri.scheme = "http"
-      end
+      uri.scheme = if http.respond_to?(:use_ssl?) && http.use_ssl?
+                     "https"
+                   else
+                     "http"
+                   end
       uri.to_s
     end
 
     def set_oauth_header
-      self.req[:head] ||= {}
-      self.req[:head].merge!("Authorization" => @oauth_helper.header)
+      req[:head] ||= {}
+      req[:head].merge!("Authorization" => @oauth_helper.header)
     end
 
     def set_oauth_body

data/lib/oauth/client/helper.rb

@@ -14,9 +14,7 @@ module OAuth::Client
       @options[:signature_method] ||= "HMAC-SHA1"
     end
 
-    def options
-      @options
-    end
+    attr_reader :options
 
     def nonce
       options[:nonce] ||= generate_key
@@ -40,26 +38,25 @@ module OAuth::Client
         "oauth_session_handle"   => options[:oauth_session_handle]
       }
       allowed_empty_params = options[:allow_empty_params]
-      if allowed_empty_params != true && !allowed_empty_params.kind_of?(Array)
+      if allowed_empty_params != true && !allowed_empty_params.is_a?(Array)
         allowed_empty_params = allowed_empty_params == false ? [] : [allowed_empty_params]
       end
-      out.select! { |k,v| v.to_s != "" || allowed_empty_params == true || allowed_empty_params.include?(k) }
+      out.select! { |k, v| v.to_s != "" || allowed_empty_params == true || allowed_empty_params.include?(k) }
       out
     end
 
     def signature(extra_options = {})
-      OAuth::Signature.sign(@request, { :uri      => options[:request_uri],
-                                        :consumer => options[:consumer],
-                                        :token    => options[:token],
-                                        :unsigned_parameters => options[:unsigned_parameters]
-      }.merge(extra_options) )
+      OAuth::Signature.sign(@request, { uri: options[:request_uri],
+                                        consumer: options[:consumer],
+                                        token: options[:token],
+                                        unsigned_parameters: options[:unsigned_parameters] }.merge(extra_options))
     end
 
     def signature_base_string(extra_options = {})
-      OAuth::Signature.signature_base_string(@request, { :uri        => options[:request_uri],
-                                                         :consumer   => options[:consumer],
-                                                         :token      => options[:token],
-                                                         :parameters => oauth_parameters}.merge(extra_options) )
+      OAuth::Signature.signature_base_string(@request, { uri: options[:request_uri],
+                                                         consumer: options[:consumer],
+                                                         token: options[:token],
+                                                         parameters: oauth_parameters }.merge(extra_options))
     end
 
     def token_request?
@@ -67,7 +64,7 @@ module OAuth::Client
     end
 
     def hash_body
-      @options[:body_hash] = OAuth::Signature.body_hash(@request, :parameters => oauth_parameters)
+      @options[:body_hash] = OAuth::Signature.body_hash(@request, parameters: oauth_parameters)
     end
 
     def amend_user_agent_header(headers)
@@ -82,9 +79,9 @@ module OAuth::Client
 
     def header
       parameters = oauth_parameters
-      parameters.merge!("oauth_signature" => signature(options.merge(:parameters => parameters)))
+      parameters["oauth_signature"] = signature(options.merge(parameters: parameters))
 
-      header_params_str = parameters.sort.map { |k,v| "#{k}=\"#{escape(v)}\"" }.join(", ")
+      header_params_str = parameters.sort.map { |k, v| "#{k}=\"#{escape(v)}\"" }.join(", ")
 
       realm = "realm=\"#{options[:realm]}\", " if options[:realm]
       "OAuth #{realm}#{header_params_str}"

data/lib/oauth/client/net_http.rb

@@ -27,7 +27,7 @@ class Net::HTTPGenericRequest
     @oauth_helper = OAuth::Client::Helper.new(self, helper_options)
     @oauth_helper.amend_user_agent_header(self)
     @oauth_helper.hash_body if oauth_body_hash_required?
-    self.send("set_oauth_#{helper_options[:scheme]}")
+    send("set_oauth_#{helper_options[:scheme]}")
   end
 
   # Create a string suitable for signing for an HTTP request. This process involves parameter
@@ -52,34 +52,34 @@ class Net::HTTPGenericRequest
     @oauth_helper.signature_base_string
   end
 
-private
+  private
 
   def oauth_helper_options(http, consumer, token, options)
-    { :request_uri      => oauth_full_request_uri(http,options),
-      :consumer         => consumer,
-      :token            => token,
-      :scheme           => "header",
-      :signature_method => nil,
-      :nonce            => nil,
-      :timestamp        => nil }.merge(options)
+    { request_uri: oauth_full_request_uri(http, options),
+      consumer: consumer,
+      token: token,
+      scheme: "header",
+      signature_method: nil,
+      nonce: nil,
+      timestamp: nil }.merge(options)
   end
 
-  def oauth_full_request_uri(http,options)
-    uri = URI.parse(self.path)
+  def oauth_full_request_uri(http, options)
+    uri = URI.parse(path)
     uri.host = http.address
     uri.port = http.port
 
     if options[:request_endpoint] && options[:site]
-      is_https = options[:site].match(%r(^https://))
-      uri.host = options[:site].gsub(%r(^https?://), "")
+      is_https = options[:site].match(%r{^https://})
+      uri.host = options[:site].gsub(%r{^https?://}, "")
       uri.port ||= is_https ? 443 : 80
     end
 
-    if http.respond_to?(:use_ssl?) && http.use_ssl?
-      uri.scheme = "https"
-    else
-      uri.scheme = "http"
-    end
+    uri.scheme = if http.respond_to?(:use_ssl?) && http.use_ssl?
+                   "https"
+                 else
+                   "http"
+                 end
 
     uri.to_s
   end
@@ -100,19 +100,19 @@ private
   # base string.
 
   def set_oauth_body
-    self.set_form_data(@oauth_helper.stringify_keys(@oauth_helper.parameters_with_oauth))
-    params_with_sig = @oauth_helper.parameters.merge(:oauth_signature => @oauth_helper.signature)
-    self.set_form_data(@oauth_helper.stringify_keys(params_with_sig))
+    set_form_data(@oauth_helper.stringify_keys(@oauth_helper.parameters_with_oauth))
+    params_with_sig = @oauth_helper.parameters.merge(oauth_signature: @oauth_helper.signature)
+    set_form_data(@oauth_helper.stringify_keys(params_with_sig))
   end
 
   def set_oauth_query_string
-    oauth_params_str = @oauth_helper.oauth_parameters.map { |k,v| [escape(k), escape(v)] * "=" }.join("&")
+    oauth_params_str = @oauth_helper.oauth_parameters.map { |k, v| [escape(k), escape(v)].join("=") }.join("&")
     uri = URI.parse(path)
-    if uri.query.to_s == ""
-      uri.query = oauth_params_str
-    else
-      uri.query = uri.query + "&" + oauth_params_str
-    end
+    uri.query = if uri.query.to_s == ""
+                  oauth_params_str
+                else
+                  uri.query + "&" + oauth_params_str
+                end
 
     @path = uri.to_s