oauth 0.5.7 → 0.5.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +64 -104
- data/CODE_OF_CONDUCT.md +0 -0
- data/CONTRIBUTING.md +23 -0
- data/LICENSE +0 -0
- data/README.md +245 -96
- data/SECURITY.md +16 -0
- data/TODO +0 -0
- data/lib/oauth/cli/authorize_command.rb +8 -10
- data/lib/oauth/cli/base_command.rb +8 -6
- data/lib/oauth/cli/help_command.rb +0 -0
- data/lib/oauth/cli/query_command.rb +3 -3
- data/lib/oauth/cli/sign_command.rb +12 -15
- data/lib/oauth/cli/version_command.rb +0 -0
- data/lib/oauth/cli.rb +2 -2
- data/lib/oauth/client/action_controller_request.rb +14 -15
- data/lib/oauth/client/em_http.rb +28 -28
- data/lib/oauth/client/helper.rb +14 -17
- data/lib/oauth/client/net_http.rb +27 -27
- data/lib/oauth/client.rb +0 -0
- data/lib/oauth/consumer.rb +52 -62
- data/lib/oauth/errors/error.rb +0 -0
- data/lib/oauth/errors/problem.rb +0 -0
- data/lib/oauth/errors/unauthorized.rb +0 -0
- data/lib/oauth/errors.rb +0 -0
- data/lib/oauth/helper.rb +7 -7
- data/lib/oauth/oauth.rb +4 -4
- data/lib/oauth/oauth_test_helper.rb +0 -0
- data/lib/oauth/request_proxy/action_controller_request.rb +0 -0
- data/lib/oauth/request_proxy/action_dispatch_request.rb +0 -0
- data/lib/oauth/request_proxy/base.rb +3 -3
- data/lib/oauth/request_proxy/curb_request.rb +0 -0
- data/lib/oauth/request_proxy/em_http_request.rb +0 -0
- data/lib/oauth/request_proxy/jabber_request.rb +0 -0
- data/lib/oauth/request_proxy/mock_request.rb +0 -0
- data/lib/oauth/request_proxy/net_http.rb +2 -2
- data/lib/oauth/request_proxy/rack_request.rb +0 -0
- data/lib/oauth/request_proxy/rest_client_request.rb +2 -2
- data/lib/oauth/request_proxy/typhoeus_request.rb +0 -0
- data/lib/oauth/request_proxy.rb +3 -3
- data/lib/oauth/server.rb +8 -10
- data/lib/oauth/signature/base.rb +3 -4
- data/lib/oauth/signature/hmac/sha1.rb +1 -1
- data/lib/oauth/signature/hmac/sha256.rb +1 -1
- data/lib/oauth/signature/plaintext.rb +0 -0
- data/lib/oauth/signature/rsa/sha1.rb +3 -3
- data/lib/oauth/signature.rb +5 -5
- data/lib/oauth/token.rb +0 -0
- data/lib/oauth/tokens/access_token.rb +0 -0
- data/lib/oauth/tokens/consumer_token.rb +2 -2
- data/lib/oauth/tokens/request_token.rb +7 -8
- data/lib/oauth/tokens/server_token.rb +0 -1
- data/lib/oauth/tokens/token.rb +0 -0
- data/lib/oauth/version.rb +1 -1
- data/lib/oauth.rb +0 -0
- metadata +17 -182
|
@@ -10,12 +10,12 @@ end
|
|
|
10
10
|
module ActionController
|
|
11
11
|
class Base
|
|
12
12
|
if defined? ActionDispatch
|
|
13
|
-
def process_with_new_base_test(request, response=nil)
|
|
13
|
+
def process_with_new_base_test(request, response = nil)
|
|
14
14
|
request.apply_oauth! if request.respond_to?(:apply_oauth!)
|
|
15
15
|
super(request, response)
|
|
16
16
|
end
|
|
17
17
|
else
|
|
18
|
-
def process_with_oauth(request, response=nil)
|
|
18
|
+
def process_with_oauth(request, response = nil)
|
|
19
19
|
request.apply_oauth! if request.respond_to?(:apply_oauth!)
|
|
20
20
|
process_without_oauth(request, response)
|
|
21
21
|
end
|
|
@@ -24,8 +24,8 @@ module ActionController
|
|
|
24
24
|
end
|
|
25
25
|
|
|
26
26
|
class TestRequest
|
|
27
|
-
|
|
28
|
-
|
|
27
|
+
class << self
|
|
28
|
+
attr_writer :use_oauth
|
|
29
29
|
end
|
|
30
30
|
|
|
31
31
|
def self.use_oauth?
|
|
@@ -33,21 +33,21 @@ module ActionController
|
|
|
33
33
|
end
|
|
34
34
|
|
|
35
35
|
def configure_oauth(consumer = nil, token = nil, options = {})
|
|
36
|
-
@oauth_options = { :
|
|
37
|
-
:
|
|
38
|
-
:
|
|
39
|
-
:
|
|
40
|
-
:
|
|
41
|
-
:
|
|
36
|
+
@oauth_options = { consumer: consumer,
|
|
37
|
+
token: token,
|
|
38
|
+
scheme: "header",
|
|
39
|
+
signature_method: nil,
|
|
40
|
+
nonce: nil,
|
|
41
|
+
timestamp: nil }.merge(options)
|
|
42
42
|
end
|
|
43
43
|
|
|
44
44
|
def apply_oauth!
|
|
45
45
|
return unless ActionController::TestRequest.use_oauth? && @oauth_options
|
|
46
46
|
|
|
47
|
-
@oauth_helper = OAuth::Client::Helper.new(self, @oauth_options.merge(:
|
|
47
|
+
@oauth_helper = OAuth::Client::Helper.new(self, @oauth_options.merge(request_uri: (respond_to?(:fullpath) ? fullpath : request_uri)))
|
|
48
48
|
@oauth_helper.amend_user_agent_header(env)
|
|
49
49
|
|
|
50
|
-
|
|
50
|
+
send("set_oauth_#{@oauth_options[:scheme]}")
|
|
51
51
|
end
|
|
52
52
|
|
|
53
53
|
def set_oauth_header
|
|
@@ -56,10 +56,9 @@ module ActionController
|
|
|
56
56
|
|
|
57
57
|
def set_oauth_parameters
|
|
58
58
|
@query_parameters = @oauth_helper.parameters_with_oauth
|
|
59
|
-
@query_parameters.merge!(:
|
|
59
|
+
@query_parameters.merge!(oauth_signature: @oauth_helper.signature)
|
|
60
60
|
end
|
|
61
61
|
|
|
62
|
-
def set_oauth_query_string
|
|
63
|
-
end
|
|
62
|
+
def set_oauth_query_string; end
|
|
64
63
|
end
|
|
65
64
|
end
|
data/lib/oauth/client/em_http.rb
CHANGED
|
@@ -23,16 +23,16 @@ module EventMachine
|
|
|
23
23
|
#
|
|
24
24
|
# See Also: {OAuth core spec version 1.0, section 5.4.1}[http://oauth.net/core/1.0#rfc.section.5.4.1]
|
|
25
25
|
def oauth!(http, consumer = nil, token = nil, options = {})
|
|
26
|
-
options = { :
|
|
27
|
-
:
|
|
28
|
-
:
|
|
29
|
-
:
|
|
30
|
-
:
|
|
31
|
-
:
|
|
32
|
-
:
|
|
26
|
+
options = { request_uri: normalized_oauth_uri(http),
|
|
27
|
+
consumer: consumer,
|
|
28
|
+
token: token,
|
|
29
|
+
scheme: "header",
|
|
30
|
+
signature_method: nil,
|
|
31
|
+
nonce: nil,
|
|
32
|
+
timestamp: nil }.merge(options)
|
|
33
33
|
|
|
34
34
|
@oauth_helper = OAuth::Client::Helper.new(self, options)
|
|
35
|
-
|
|
35
|
+
__send__(:"set_oauth_#{options[:scheme]}")
|
|
36
36
|
end
|
|
37
37
|
|
|
38
38
|
# Create a string suitable for signing for an HTTP request. This process involves parameter
|
|
@@ -49,13 +49,13 @@ module EventMachine
|
|
|
49
49
|
#
|
|
50
50
|
# See Also: {OAuth core spec version 1.0, section 9.1.1}[http://oauth.net/core/1.0#rfc.section.9.1.1]
|
|
51
51
|
def signature_base_string(http, consumer = nil, token = nil, options = {})
|
|
52
|
-
options = { :
|
|
53
|
-
:
|
|
54
|
-
:
|
|
55
|
-
:
|
|
56
|
-
:
|
|
57
|
-
:
|
|
58
|
-
:
|
|
52
|
+
options = { request_uri: normalized_oauth_uri(http),
|
|
53
|
+
consumer: consumer,
|
|
54
|
+
token: token,
|
|
55
|
+
scheme: "header",
|
|
56
|
+
signature_method: nil,
|
|
57
|
+
nonce: nil,
|
|
58
|
+
timestamp: nil }.merge(options)
|
|
59
59
|
|
|
60
60
|
OAuth::Client::Helper.new(self, options).signature_base_string
|
|
61
61
|
end
|
|
@@ -77,13 +77,13 @@ module EventMachine
|
|
|
77
77
|
protected
|
|
78
78
|
|
|
79
79
|
def combine_query(path, query, uri_query)
|
|
80
|
-
combined_query = if query.
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
80
|
+
combined_query = if query.is_a?(Hash)
|
|
81
|
+
query.map { |k, v| encode_param(k, v) }.join("&")
|
|
82
|
+
else
|
|
83
|
+
query.to_s
|
|
84
84
|
end
|
|
85
|
-
|
|
86
|
-
combined_query = [combined_query, uri_query].reject
|
|
85
|
+
unless uri_query.to_s.empty?
|
|
86
|
+
combined_query = [combined_query, uri_query].reject(&:empty?).join("&")
|
|
87
87
|
end
|
|
88
88
|
combined_query.to_s.empty? ? path : "#{path}?#{combined_query}"
|
|
89
89
|
end
|
|
@@ -95,17 +95,17 @@ module EventMachine
|
|
|
95
95
|
uri.host = http.address
|
|
96
96
|
uri.port = http.port
|
|
97
97
|
|
|
98
|
-
if http.respond_to?(:use_ssl?) && http.use_ssl?
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
98
|
+
uri.scheme = if http.respond_to?(:use_ssl?) && http.use_ssl?
|
|
99
|
+
"https"
|
|
100
|
+
else
|
|
101
|
+
"http"
|
|
102
|
+
end
|
|
103
103
|
uri.to_s
|
|
104
104
|
end
|
|
105
105
|
|
|
106
106
|
def set_oauth_header
|
|
107
|
-
|
|
108
|
-
|
|
107
|
+
req[:head] ||= {}
|
|
108
|
+
req[:head].merge!("Authorization" => @oauth_helper.header)
|
|
109
109
|
end
|
|
110
110
|
|
|
111
111
|
def set_oauth_body
|
data/lib/oauth/client/helper.rb
CHANGED
|
@@ -14,9 +14,7 @@ module OAuth::Client
|
|
|
14
14
|
@options[:signature_method] ||= "HMAC-SHA1"
|
|
15
15
|
end
|
|
16
16
|
|
|
17
|
-
|
|
18
|
-
@options
|
|
19
|
-
end
|
|
17
|
+
attr_reader :options
|
|
20
18
|
|
|
21
19
|
def nonce
|
|
22
20
|
options[:nonce] ||= generate_key
|
|
@@ -40,26 +38,25 @@ module OAuth::Client
|
|
|
40
38
|
"oauth_session_handle" => options[:oauth_session_handle]
|
|
41
39
|
}
|
|
42
40
|
allowed_empty_params = options[:allow_empty_params]
|
|
43
|
-
if allowed_empty_params != true && !allowed_empty_params.
|
|
41
|
+
if allowed_empty_params != true && !allowed_empty_params.is_a?(Array)
|
|
44
42
|
allowed_empty_params = allowed_empty_params == false ? [] : [allowed_empty_params]
|
|
45
43
|
end
|
|
46
|
-
out.select! { |k,v| v.to_s != "" || allowed_empty_params == true || allowed_empty_params.include?(k) }
|
|
44
|
+
out.select! { |k, v| v.to_s != "" || allowed_empty_params == true || allowed_empty_params.include?(k) }
|
|
47
45
|
out
|
|
48
46
|
end
|
|
49
47
|
|
|
50
48
|
def signature(extra_options = {})
|
|
51
|
-
OAuth::Signature.sign(@request, { :
|
|
52
|
-
:
|
|
53
|
-
:
|
|
54
|
-
:
|
|
55
|
-
}.merge(extra_options) )
|
|
49
|
+
OAuth::Signature.sign(@request, { uri: options[:request_uri],
|
|
50
|
+
consumer: options[:consumer],
|
|
51
|
+
token: options[:token],
|
|
52
|
+
unsigned_parameters: options[:unsigned_parameters] }.merge(extra_options))
|
|
56
53
|
end
|
|
57
54
|
|
|
58
55
|
def signature_base_string(extra_options = {})
|
|
59
|
-
OAuth::Signature.signature_base_string(@request, { :
|
|
60
|
-
:
|
|
61
|
-
:
|
|
62
|
-
:
|
|
56
|
+
OAuth::Signature.signature_base_string(@request, { uri: options[:request_uri],
|
|
57
|
+
consumer: options[:consumer],
|
|
58
|
+
token: options[:token],
|
|
59
|
+
parameters: oauth_parameters }.merge(extra_options))
|
|
63
60
|
end
|
|
64
61
|
|
|
65
62
|
def token_request?
|
|
@@ -67,7 +64,7 @@ module OAuth::Client
|
|
|
67
64
|
end
|
|
68
65
|
|
|
69
66
|
def hash_body
|
|
70
|
-
@options[:body_hash] = OAuth::Signature.body_hash(@request, :
|
|
67
|
+
@options[:body_hash] = OAuth::Signature.body_hash(@request, parameters: oauth_parameters)
|
|
71
68
|
end
|
|
72
69
|
|
|
73
70
|
def amend_user_agent_header(headers)
|
|
@@ -82,9 +79,9 @@ module OAuth::Client
|
|
|
82
79
|
|
|
83
80
|
def header
|
|
84
81
|
parameters = oauth_parameters
|
|
85
|
-
parameters
|
|
82
|
+
parameters["oauth_signature"] = signature(options.merge(parameters: parameters))
|
|
86
83
|
|
|
87
|
-
header_params_str = parameters.sort.map { |k,v| "#{k}=\"#{escape(v)}\"" }.join(", ")
|
|
84
|
+
header_params_str = parameters.sort.map { |k, v| "#{k}=\"#{escape(v)}\"" }.join(", ")
|
|
88
85
|
|
|
89
86
|
realm = "realm=\"#{options[:realm]}\", " if options[:realm]
|
|
90
87
|
"OAuth #{realm}#{header_params_str}"
|
|
@@ -27,7 +27,7 @@ class Net::HTTPGenericRequest
|
|
|
27
27
|
@oauth_helper = OAuth::Client::Helper.new(self, helper_options)
|
|
28
28
|
@oauth_helper.amend_user_agent_header(self)
|
|
29
29
|
@oauth_helper.hash_body if oauth_body_hash_required?
|
|
30
|
-
|
|
30
|
+
send("set_oauth_#{helper_options[:scheme]}")
|
|
31
31
|
end
|
|
32
32
|
|
|
33
33
|
# Create a string suitable for signing for an HTTP request. This process involves parameter
|
|
@@ -52,34 +52,34 @@ class Net::HTTPGenericRequest
|
|
|
52
52
|
@oauth_helper.signature_base_string
|
|
53
53
|
end
|
|
54
54
|
|
|
55
|
-
private
|
|
55
|
+
private
|
|
56
56
|
|
|
57
57
|
def oauth_helper_options(http, consumer, token, options)
|
|
58
|
-
{ :
|
|
59
|
-
:
|
|
60
|
-
:
|
|
61
|
-
:
|
|
62
|
-
:
|
|
63
|
-
:
|
|
64
|
-
:
|
|
58
|
+
{ request_uri: oauth_full_request_uri(http, options),
|
|
59
|
+
consumer: consumer,
|
|
60
|
+
token: token,
|
|
61
|
+
scheme: "header",
|
|
62
|
+
signature_method: nil,
|
|
63
|
+
nonce: nil,
|
|
64
|
+
timestamp: nil }.merge(options)
|
|
65
65
|
end
|
|
66
66
|
|
|
67
|
-
def oauth_full_request_uri(http,options)
|
|
68
|
-
uri = URI.parse(
|
|
67
|
+
def oauth_full_request_uri(http, options)
|
|
68
|
+
uri = URI.parse(path)
|
|
69
69
|
uri.host = http.address
|
|
70
70
|
uri.port = http.port
|
|
71
71
|
|
|
72
72
|
if options[:request_endpoint] && options[:site]
|
|
73
|
-
is_https = options[:site].match(%r
|
|
74
|
-
uri.host = options[:site].gsub(%r
|
|
73
|
+
is_https = options[:site].match(%r{^https://})
|
|
74
|
+
uri.host = options[:site].gsub(%r{^https?://}, "")
|
|
75
75
|
uri.port ||= is_https ? 443 : 80
|
|
76
76
|
end
|
|
77
77
|
|
|
78
|
-
if http.respond_to?(:use_ssl?) && http.use_ssl?
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
78
|
+
uri.scheme = if http.respond_to?(:use_ssl?) && http.use_ssl?
|
|
79
|
+
"https"
|
|
80
|
+
else
|
|
81
|
+
"http"
|
|
82
|
+
end
|
|
83
83
|
|
|
84
84
|
uri.to_s
|
|
85
85
|
end
|
|
@@ -100,19 +100,19 @@ private
|
|
|
100
100
|
# base string.
|
|
101
101
|
|
|
102
102
|
def set_oauth_body
|
|
103
|
-
|
|
104
|
-
params_with_sig = @oauth_helper.parameters.merge(:
|
|
105
|
-
|
|
103
|
+
set_form_data(@oauth_helper.stringify_keys(@oauth_helper.parameters_with_oauth))
|
|
104
|
+
params_with_sig = @oauth_helper.parameters.merge(oauth_signature: @oauth_helper.signature)
|
|
105
|
+
set_form_data(@oauth_helper.stringify_keys(params_with_sig))
|
|
106
106
|
end
|
|
107
107
|
|
|
108
108
|
def set_oauth_query_string
|
|
109
|
-
oauth_params_str = @oauth_helper.oauth_parameters.map { |k,v| [escape(k), escape(v)]
|
|
109
|
+
oauth_params_str = @oauth_helper.oauth_parameters.map { |k, v| [escape(k), escape(v)].join("=") }.join("&")
|
|
110
110
|
uri = URI.parse(path)
|
|
111
|
-
if uri.query.to_s == ""
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
|
|
111
|
+
uri.query = if uri.query.to_s == ""
|
|
112
|
+
oauth_params_str
|
|
113
|
+
else
|
|
114
|
+
uri.query + "&" + oauth_params_str
|
|
115
|
+
end
|
|
116
116
|
|
|
117
117
|
@path = uri.to_s
|
|
118
118
|
|
data/lib/oauth/client.rb
CHANGED
|
File without changes
|
data/lib/oauth/consumer.rb
CHANGED
|
@@ -16,8 +16,8 @@ module OAuth
|
|
|
16
16
|
end
|
|
17
17
|
end
|
|
18
18
|
|
|
19
|
-
|
|
20
|
-
CA_FILES = %
|
|
19
|
+
unless defined?(CA_FILE)
|
|
20
|
+
CA_FILES = %w[/etc/ssl/certs/ca-certificates.crt /etc/pki/tls/certs/ca-bundle.crt /usr/share/curl/curl-ca-bundle.crt].freeze
|
|
21
21
|
CA_FILES.each do |ca_file|
|
|
22
22
|
if File.exist?(ca_file)
|
|
23
23
|
CA_FILE = ca_file
|
|
@@ -29,15 +29,15 @@ module OAuth
|
|
|
29
29
|
|
|
30
30
|
@@default_options = {
|
|
31
31
|
# Signature method used by server. Defaults to HMAC-SHA1
|
|
32
|
-
:
|
|
32
|
+
signature_method: "HMAC-SHA1",
|
|
33
33
|
|
|
34
34
|
# default paths on site. These are the same as the defaults set up by the generators
|
|
35
|
-
:
|
|
36
|
-
:
|
|
37
|
-
:
|
|
38
|
-
:
|
|
35
|
+
request_token_path: "/oauth/request_token",
|
|
36
|
+
authenticate_path: "/oauth/authenticate",
|
|
37
|
+
authorize_path: "/oauth/authorize",
|
|
38
|
+
access_token_path: "/oauth/access_token",
|
|
39
39
|
|
|
40
|
-
:
|
|
40
|
+
proxy: nil,
|
|
41
41
|
# How do we send the oauth values to the server see
|
|
42
42
|
# https://oauth.net/core/1.0/#consumer_req_param for more info
|
|
43
43
|
#
|
|
@@ -46,10 +46,10 @@ module OAuth
|
|
|
46
46
|
# :header - via the Authorize header (Default) ( option 1. in spec)
|
|
47
47
|
# :body - url form encoded in body of POST request ( option 2. in spec)
|
|
48
48
|
# :query_string - via the query part of the url ( option 3. in spec)
|
|
49
|
-
:
|
|
49
|
+
scheme: :header,
|
|
50
50
|
|
|
51
51
|
# Default http method used for OAuth Token Requests (defaults to :post)
|
|
52
|
-
:
|
|
52
|
+
http_method: :post,
|
|
53
53
|
|
|
54
54
|
# Add a custom ca_file for consumer
|
|
55
55
|
# :ca_file => '/etc/certs.pem'
|
|
@@ -59,9 +59,9 @@ module OAuth
|
|
|
59
59
|
# nil, false - no debug output
|
|
60
60
|
# true - uses $stdout
|
|
61
61
|
# some_value - uses some_value
|
|
62
|
-
:
|
|
62
|
+
debug_output: nil,
|
|
63
63
|
|
|
64
|
-
:
|
|
64
|
+
oauth_version: "1.0"
|
|
65
65
|
}
|
|
66
66
|
|
|
67
67
|
attr_accessor :options, :key, :secret
|
|
@@ -94,9 +94,8 @@ module OAuth
|
|
|
94
94
|
@secret = consumer_secret
|
|
95
95
|
|
|
96
96
|
# ensure that keys are symbols
|
|
97
|
-
@options = @@default_options.merge(options.
|
|
97
|
+
@options = @@default_options.merge(options.each_with_object({}) do |(key, value), opts|
|
|
98
98
|
opts[key.to_sym] = value
|
|
99
|
-
opts
|
|
100
99
|
end)
|
|
101
100
|
end
|
|
102
101
|
|
|
@@ -127,7 +126,7 @@ module OAuth
|
|
|
127
126
|
if custom_uri
|
|
128
127
|
@uri = custom_uri
|
|
129
128
|
@http = create_http # yike, oh well. less intrusive this way
|
|
130
|
-
else
|
|
129
|
+
else # if no custom passed, we use existing, which, if unset, is set to site uri
|
|
131
130
|
@uri ||= URI.parse(site)
|
|
132
131
|
end
|
|
133
132
|
end
|
|
@@ -156,18 +155,18 @@ module OAuth
|
|
|
156
155
|
# will be exchanged out of band
|
|
157
156
|
request_options[:oauth_callback] ||= OAuth::OUT_OF_BAND unless request_options[:exclude_callback]
|
|
158
157
|
|
|
159
|
-
if block_given?
|
|
160
|
-
|
|
161
|
-
|
|
162
|
-
|
|
163
|
-
|
|
164
|
-
|
|
165
|
-
|
|
166
|
-
|
|
167
|
-
|
|
168
|
-
|
|
169
|
-
|
|
170
|
-
|
|
158
|
+
response = if block_given?
|
|
159
|
+
token_request(
|
|
160
|
+
http_method,
|
|
161
|
+
(request_token_url? ? request_token_url : request_token_path),
|
|
162
|
+
nil,
|
|
163
|
+
request_options,
|
|
164
|
+
*arguments,
|
|
165
|
+
&block
|
|
166
|
+
)
|
|
167
|
+
else
|
|
168
|
+
token_request(http_method, (request_token_url? ? request_token_url : request_token_path), nil, request_options, *arguments)
|
|
169
|
+
end
|
|
171
170
|
OAuth::RequestToken.from_hash(self, response)
|
|
172
171
|
end
|
|
173
172
|
|
|
@@ -190,18 +189,18 @@ module OAuth
|
|
|
190
189
|
|
|
191
190
|
# override the request with your own, this is useful for file uploads which Net::HTTP does not do
|
|
192
191
|
req = create_signed_request(http_method, path, token, request_options, *arguments)
|
|
193
|
-
return nil if block_given?
|
|
192
|
+
return nil if block_given? && (yield(req) == :done)
|
|
194
193
|
rsp = http.request(req)
|
|
195
194
|
# check for an error reported by the Problem Reporting extension
|
|
196
195
|
# (https://wiki.oauth.net/ProblemReporting)
|
|
197
196
|
# note: a 200 may actually be an error; check for an oauth_problem key to be sure
|
|
198
197
|
if !(headers = rsp.to_hash["www-authenticate"]).nil? &&
|
|
199
|
-
|
|
200
|
-
|
|
198
|
+
(h = headers.select { |hdr| hdr =~ /^OAuth / }).any? &&
|
|
199
|
+
h.first =~ /oauth_problem/
|
|
201
200
|
|
|
202
201
|
# puts "Header: #{h.first}"
|
|
203
202
|
|
|
204
|
-
# TODO doesn't handle broken responses from api.login.yahoo.com
|
|
203
|
+
# TODO: doesn't handle broken responses from api.login.yahoo.com
|
|
205
204
|
# remove debug code when done
|
|
206
205
|
params = OAuth::Helper.parse_header(h.first)
|
|
207
206
|
|
|
@@ -235,10 +234,9 @@ module OAuth
|
|
|
235
234
|
# symbolize keys
|
|
236
235
|
# TODO this could be considered unexpected behavior; symbols or not?
|
|
237
236
|
# TODO this also drops subsequent values from multi-valued keys
|
|
238
|
-
CGI.parse(response.body).
|
|
237
|
+
CGI.parse(response.body).each_with_object({}) do |(k, v), h|
|
|
239
238
|
h[k.strip.to_sym] = v.first
|
|
240
239
|
h[k.strip] = v.first
|
|
241
|
-
h
|
|
242
240
|
end
|
|
243
241
|
end
|
|
244
242
|
when (300..399)
|
|
@@ -250,11 +248,11 @@ module OAuth
|
|
|
250
248
|
response.error! if uri.path == path && our_uri.host == uri.host
|
|
251
249
|
|
|
252
250
|
if uri.path == path && our_uri.host != uri.host
|
|
253
|
-
|
|
254
|
-
|
|
251
|
+
options[:site] = "#{uri.scheme}://#{uri.host}"
|
|
252
|
+
@http = create_http
|
|
255
253
|
end
|
|
256
254
|
|
|
257
|
-
|
|
255
|
+
token_request(http_method, uri.path, token, request_options, arguments)
|
|
258
256
|
when (400..499)
|
|
259
257
|
raise OAuth::Unauthorized, response
|
|
260
258
|
else
|
|
@@ -301,13 +299,13 @@ module OAuth
|
|
|
301
299
|
@options[:access_token_path]
|
|
302
300
|
end
|
|
303
301
|
|
|
304
|
-
# TODO this is ugly, rewrite
|
|
302
|
+
# TODO: this is ugly, rewrite
|
|
305
303
|
def request_token_url
|
|
306
304
|
@options[:request_token_url] || site + request_token_path
|
|
307
305
|
end
|
|
308
306
|
|
|
309
307
|
def request_token_url?
|
|
310
|
-
@options.
|
|
308
|
+
@options.key?(:request_token_url)
|
|
311
309
|
end
|
|
312
310
|
|
|
313
311
|
def authenticate_url
|
|
@@ -315,7 +313,7 @@ module OAuth
|
|
|
315
313
|
end
|
|
316
314
|
|
|
317
315
|
def authenticate_url?
|
|
318
|
-
@options.
|
|
316
|
+
@options.key?(:authenticate_url)
|
|
319
317
|
end
|
|
320
318
|
|
|
321
319
|
def authorize_url
|
|
@@ -323,7 +321,7 @@ module OAuth
|
|
|
323
321
|
end
|
|
324
322
|
|
|
325
323
|
def authorize_url?
|
|
326
|
-
@options.
|
|
324
|
+
@options.key?(:authorize_url)
|
|
327
325
|
end
|
|
328
326
|
|
|
329
327
|
def access_token_url
|
|
@@ -331,7 +329,7 @@ module OAuth
|
|
|
331
329
|
end
|
|
332
330
|
|
|
333
331
|
def access_token_url?
|
|
334
|
-
@options.
|
|
332
|
+
@options.key?(:access_token_url)
|
|
335
333
|
end
|
|
336
334
|
|
|
337
335
|
def proxy
|
|
@@ -342,10 +340,7 @@ module OAuth
|
|
|
342
340
|
|
|
343
341
|
# Instantiates the http object
|
|
344
342
|
def create_http(_url = nil)
|
|
345
|
-
|
|
346
|
-
if !request_endpoint.nil?
|
|
347
|
-
_url = request_endpoint
|
|
348
|
-
end
|
|
343
|
+
_url = request_endpoint unless request_endpoint.nil?
|
|
349
344
|
|
|
350
345
|
our_uri = if _url.nil? || _url[0] =~ /^\//
|
|
351
346
|
URI.parse(site)
|
|
@@ -372,10 +367,8 @@ module OAuth
|
|
|
372
367
|
if @options[:no_verify]
|
|
373
368
|
http_object.verify_mode = OpenSSL::SSL::VERIFY_NONE
|
|
374
369
|
else
|
|
375
|
-
ca_file =
|
|
376
|
-
if ca_file
|
|
377
|
-
http_object.ca_file = ca_file
|
|
378
|
-
end
|
|
370
|
+
ca_file = @options[:ca_file] || CA_FILE
|
|
371
|
+
http_object.ca_file = ca_file if ca_file
|
|
379
372
|
http_object.verify_mode = OpenSSL::SSL::VERIFY_PEER
|
|
380
373
|
http_object.verify_depth = 5
|
|
381
374
|
end
|
|
@@ -394,9 +387,7 @@ module OAuth
|
|
|
394
387
|
def create_http_request(http_method, path, *arguments)
|
|
395
388
|
http_method = http_method.to_sym
|
|
396
389
|
|
|
397
|
-
if [
|
|
398
|
-
data = arguments.shift
|
|
399
|
-
end
|
|
390
|
+
data = arguments.shift if %i[post put patch].include?(http_method)
|
|
400
391
|
|
|
401
392
|
# if the base site contains a path, add it now
|
|
402
393
|
# only add if the site host matches the current http object's host
|
|
@@ -408,22 +399,22 @@ module OAuth
|
|
|
408
399
|
|
|
409
400
|
case http_method
|
|
410
401
|
when :post
|
|
411
|
-
request = Net::HTTP::Post.new(path,headers)
|
|
402
|
+
request = Net::HTTP::Post.new(path, headers)
|
|
412
403
|
request["Content-Length"] = "0" # Default to 0
|
|
413
404
|
when :put
|
|
414
|
-
request = Net::HTTP::Put.new(path,headers)
|
|
405
|
+
request = Net::HTTP::Put.new(path, headers)
|
|
415
406
|
request["Content-Length"] = "0" # Default to 0
|
|
416
407
|
when :patch
|
|
417
|
-
request = Net::HTTP::Patch.new(path,headers)
|
|
408
|
+
request = Net::HTTP::Patch.new(path, headers)
|
|
418
409
|
request["Content-Length"] = "0" # Default to 0
|
|
419
410
|
when :get
|
|
420
|
-
request = Net::HTTP::Get.new(path,headers)
|
|
411
|
+
request = Net::HTTP::Get.new(path, headers)
|
|
421
412
|
when :delete
|
|
422
|
-
request =
|
|
413
|
+
request = Net::HTTP::Delete.new(path, headers)
|
|
423
414
|
when :head
|
|
424
|
-
request = Net::HTTP::Head.new(path,headers)
|
|
415
|
+
request = Net::HTTP::Head.new(path, headers)
|
|
425
416
|
else
|
|
426
|
-
raise ArgumentError, "Don't know how to handle http_method: :#{http_method
|
|
417
|
+
raise ArgumentError, "Don't know how to handle http_method: :#{http_method}"
|
|
427
418
|
end
|
|
428
419
|
|
|
429
420
|
if data.is_a?(Hash)
|
|
@@ -448,13 +439,12 @@ module OAuth
|
|
|
448
439
|
request
|
|
449
440
|
end
|
|
450
441
|
|
|
451
|
-
def marshal_dump(*
|
|
452
|
-
{:
|
|
442
|
+
def marshal_dump(*_args)
|
|
443
|
+
{ key: @key, secret: @secret, options: @options }
|
|
453
444
|
end
|
|
454
445
|
|
|
455
446
|
def marshal_load(data)
|
|
456
447
|
initialize(data[:key], data[:secret], data[:options])
|
|
457
448
|
end
|
|
458
|
-
|
|
459
449
|
end
|
|
460
450
|
end
|
data/lib/oauth/errors/error.rb
CHANGED
|
File without changes
|
data/lib/oauth/errors/problem.rb
CHANGED
|
File without changes
|
|
File without changes
|
data/lib/oauth/errors.rb
CHANGED
|
File without changes
|
data/lib/oauth/helper.rb
CHANGED
|
@@ -24,11 +24,11 @@ module OAuth
|
|
|
24
24
|
|
|
25
25
|
# Generate a random key of up to +size+ bytes. The value returned is Base64 encoded with non-word
|
|
26
26
|
# characters removed.
|
|
27
|
-
def generate_key(size=32)
|
|
27
|
+
def generate_key(size = 32)
|
|
28
28
|
Base64.encode64(OpenSSL::Random.random_bytes(size)).gsub(/\W/, "")
|
|
29
29
|
end
|
|
30
30
|
|
|
31
|
-
|
|
31
|
+
alias generate_nonce generate_key
|
|
32
32
|
|
|
33
33
|
def generate_timestamp #:nodoc:
|
|
34
34
|
Time.now.to_i.to_s
|
|
@@ -51,13 +51,13 @@ module OAuth
|
|
|
51
51
|
normalize_nested_query(values, k)
|
|
52
52
|
else
|
|
53
53
|
values.sort.collect do |v|
|
|
54
|
-
[escape(k),escape(v)]
|
|
54
|
+
[escape(k), escape(v)].join("=")
|
|
55
55
|
end
|
|
56
56
|
end
|
|
57
57
|
elsif values.is_a?(Hash)
|
|
58
58
|
normalize_nested_query(values, k)
|
|
59
59
|
else
|
|
60
|
-
[escape(k),escape(values)]
|
|
60
|
+
[escape(k), escape(values)].join("=")
|
|
61
61
|
end
|
|
62
62
|
end * "&"
|
|
63
63
|
end
|
|
@@ -76,7 +76,7 @@ module OAuth
|
|
|
76
76
|
normalize_nested_query(v, prefix ? "#{prefix}[#{k}]" : k)
|
|
77
77
|
end.flatten.sort
|
|
78
78
|
else
|
|
79
|
-
[escape(prefix), escape(value)]
|
|
79
|
+
[escape(prefix), escape(value)].join("=")
|
|
80
80
|
end
|
|
81
81
|
end
|
|
82
82
|
|
|
@@ -90,10 +90,10 @@ module OAuth
|
|
|
90
90
|
#
|
|
91
91
|
def parse_header(header)
|
|
92
92
|
# decompose
|
|
93
|
-
params = header[6,header.length].split(/[,=&]/)
|
|
93
|
+
params = header[6, header.length].split(/[,=&]/)
|
|
94
94
|
|
|
95
95
|
# odd number of arguments - must be a malformed header.
|
|
96
|
-
raise OAuth::Problem
|
|
96
|
+
raise OAuth::Problem, "Invalid authorization header" if params.size.odd?
|
|
97
97
|
|
|
98
98
|
params.map! do |v|
|
|
99
99
|
# strip and unescape
|