oauth 0.5.8 → 0.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (57) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +63 -116
  3. data/CODE_OF_CONDUCT.md +0 -0
  4. data/CONTRIBUTING.md +0 -0
  5. data/LICENSE +0 -0
  6. data/README.md +250 -63
  7. data/SECURITY.md +7 -9
  8. data/TODO +0 -0
  9. data/bin/oauth +8 -4
  10. data/lib/oauth/cli/authorize_command.rb +57 -55
  11. data/lib/oauth/cli/base_command.rb +163 -157
  12. data/lib/oauth/cli/help_command.rb +9 -5
  13. data/lib/oauth/cli/query_command.rb +26 -17
  14. data/lib/oauth/cli/sign_command.rb +58 -55
  15. data/lib/oauth/cli/version_command.rb +8 -4
  16. data/lib/oauth/cli.rb +4 -2
  17. data/lib/oauth/client/action_controller_request.rb +17 -15
  18. data/lib/oauth/client/em_http.rb +31 -29
  19. data/lib/oauth/client/helper.rb +76 -75
  20. data/lib/oauth/client/net_http.rb +109 -102
  21. data/lib/oauth/client.rb +2 -0
  22. data/lib/oauth/consumer.rb +96 -88
  23. data/lib/oauth/errors/error.rb +2 -0
  24. data/lib/oauth/errors/problem.rb +3 -0
  25. data/lib/oauth/errors/unauthorized.rb +4 -0
  26. data/lib/oauth/errors.rb +2 -0
  27. data/lib/oauth/helper.rb +16 -12
  28. data/lib/oauth/oauth.rb +6 -4
  29. data/lib/oauth/oauth_test_helper.rb +2 -0
  30. data/lib/oauth/request_proxy/action_controller_request.rb +0 -0
  31. data/lib/oauth/request_proxy/action_dispatch_request.rb +0 -0
  32. data/lib/oauth/request_proxy/base.rb +2 -2
  33. data/lib/oauth/request_proxy/curb_request.rb +0 -0
  34. data/lib/oauth/request_proxy/em_http_request.rb +0 -0
  35. data/lib/oauth/request_proxy/jabber_request.rb +0 -0
  36. data/lib/oauth/request_proxy/mock_request.rb +1 -1
  37. data/lib/oauth/request_proxy/net_http.rb +8 -8
  38. data/lib/oauth/request_proxy/rack_request.rb +0 -0
  39. data/lib/oauth/request_proxy/rest_client_request.rb +2 -1
  40. data/lib/oauth/request_proxy/typhoeus_request.rb +0 -0
  41. data/lib/oauth/request_proxy.rb +7 -4
  42. data/lib/oauth/server.rb +12 -10
  43. data/lib/oauth/signature/base.rb +73 -66
  44. data/lib/oauth/signature/hmac/sha1.rb +15 -9
  45. data/lib/oauth/signature/hmac/sha256.rb +15 -9
  46. data/lib/oauth/signature/plaintext.rb +18 -20
  47. data/lib/oauth/signature/rsa/sha1.rb +46 -38
  48. data/lib/oauth/signature.rb +8 -5
  49. data/lib/oauth/token.rb +2 -0
  50. data/lib/oauth/tokens/access_token.rb +2 -0
  51. data/lib/oauth/tokens/consumer_token.rb +4 -2
  52. data/lib/oauth/tokens/request_token.rb +12 -10
  53. data/lib/oauth/tokens/server_token.rb +2 -1
  54. data/lib/oauth/tokens/token.rb +2 -0
  55. data/lib/oauth/version.rb +5 -1
  56. data/lib/oauth.rb +8 -2
  57. metadata +34 -32
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require "net/http"
2
4
  require "net/https"
3
5
  require "oauth/oauth"
@@ -16,8 +18,9 @@ module OAuth
16
18
  end
17
19
  end
18
20
 
19
- if !defined?(CA_FILE)
20
- CA_FILES = %W(/etc/ssl/certs/ca-certificates.crt /etc/pki/tls/certs/ca-bundle.crt /usr/share/curl/curl-ca-bundle.crt)
21
+ unless defined?(CA_FILE)
22
+ CA_FILES = %w[/etc/ssl/certs/ca-certificates.crt /etc/pki/tls/certs/ca-bundle.crt
23
+ /usr/share/curl/curl-ca-bundle.crt].freeze
21
24
  CA_FILES.each do |ca_file|
22
25
  if File.exist?(ca_file)
23
26
  CA_FILE = ca_file
@@ -29,15 +32,15 @@ module OAuth
29
32
 
30
33
  @@default_options = {
31
34
  # Signature method used by server. Defaults to HMAC-SHA1
32
- :signature_method => "HMAC-SHA1",
35
+ signature_method: "HMAC-SHA1",
33
36
 
34
37
  # default paths on site. These are the same as the defaults set up by the generators
35
- :request_token_path => "/oauth/request_token",
36
- :authenticate_path => "/oauth/authenticate",
37
- :authorize_path => "/oauth/authorize",
38
- :access_token_path => "/oauth/access_token",
38
+ request_token_path: "/oauth/request_token",
39
+ authenticate_path: "/oauth/authenticate",
40
+ authorize_path: "/oauth/authorize",
41
+ access_token_path: "/oauth/access_token",
39
42
 
40
- :proxy => nil,
43
+ proxy: nil,
41
44
  # How do we send the oauth values to the server see
42
45
  # https://oauth.net/core/1.0/#consumer_req_param for more info
43
46
  #
@@ -46,10 +49,10 @@ module OAuth
46
49
  # :header - via the Authorize header (Default) ( option 1. in spec)
47
50
  # :body - url form encoded in body of POST request ( option 2. in spec)
48
51
  # :query_string - via the query part of the url ( option 3. in spec)
49
- :scheme => :header,
52
+ scheme: :header,
50
53
 
51
54
  # Default http method used for OAuth Token Requests (defaults to :post)
52
- :http_method => :post,
55
+ http_method: :post,
53
56
 
54
57
  # Add a custom ca_file for consumer
55
58
  # :ca_file => '/etc/certs.pem'
@@ -59,9 +62,14 @@ module OAuth
59
62
  # nil, false - no debug output
60
63
  # true - uses $stdout
61
64
  # some_value - uses some_value
62
- :debug_output => nil,
65
+ debug_output: nil,
66
+
67
+ # Defaults to producing a body_hash as part of the signature but
68
+ # can be disabled since it's not officially part of the OAuth 1.0
69
+ # spec. Possible values are true and false
70
+ body_hash_enabled: true,
63
71
 
64
- :oauth_version => "1.0"
72
+ oauth_version: "1.0"
65
73
  }
66
74
 
67
75
  attr_accessor :options, :key, :secret
@@ -75,7 +83,8 @@ module OAuth
75
83
  # :http_method => :post,
76
84
  # :request_token_path => "/oauth/example/request_token.php",
77
85
  # :access_token_path => "/oauth/example/access_token.php",
78
- # :authorize_path => "/oauth/example/authorize.php"
86
+ # :authorize_path => "/oauth/example/authorize.php",
87
+ # :body_hash_enabled => false
79
88
  # })
80
89
  #
81
90
  # Start the process by requesting a token
@@ -94,10 +103,7 @@ module OAuth
94
103
  @secret = consumer_secret
95
104
 
96
105
  # ensure that keys are symbols
97
- @options = @@default_options.merge(options.inject({}) do |opts, (key, value)|
98
- opts[key.to_sym] = value
99
- opts
100
- end)
106
+ @options = @@default_options.merge(options.transform_keys(&:to_sym))
101
107
  end
102
108
 
103
109
  # The default http method
@@ -106,15 +112,13 @@ module OAuth
106
112
  end
107
113
 
108
114
  def debug_output
109
- @debug_output ||= begin
110
- case @options[:debug_output]
111
- when nil, false
112
- when true
113
- $stdout
114
- else
115
- @options[:debug_output]
116
- end
117
- end
115
+ @debug_output ||= case @options[:debug_output]
116
+ when nil, false
117
+ when true
118
+ $stdout
119
+ else
120
+ @options[:debug_output]
121
+ end
118
122
  end
119
123
 
120
124
  # The HTTP object for the site. The HTTP Object is what you get when you do Net::HTTP.new
@@ -127,13 +131,14 @@ module OAuth
127
131
  if custom_uri
128
132
  @uri = custom_uri
129
133
  @http = create_http # yike, oh well. less intrusive this way
130
- else # if no custom passed, we use existing, which, if unset, is set to site uri
134
+ else # if no custom passed, we use existing, which, if unset, is set to site uri
131
135
  @uri ||= URI.parse(site)
132
136
  end
133
137
  end
134
138
 
135
139
  def get_access_token(request_token, request_options = {}, *arguments, &block)
136
- response = token_request(http_method, (access_token_url? ? access_token_url : access_token_path), request_token, request_options, *arguments, &block)
140
+ response = token_request(http_method, (access_token_url? ? access_token_url : access_token_path), request_token,
141
+ request_options, *arguments, &block)
137
142
  OAuth::AccessToken.from_hash(self, response)
138
143
  end
139
144
 
@@ -154,20 +159,23 @@ module OAuth
154
159
  def get_request_token(request_options = {}, *arguments, &block)
155
160
  # if oauth_callback wasn't provided, it is assumed that oauth_verifiers
156
161
  # will be exchanged out of band
157
- request_options[:oauth_callback] ||= OAuth::OUT_OF_BAND unless request_options[:exclude_callback]
158
-
159
- if block_given?
160
- response = token_request(
161
- http_method,
162
- (request_token_url? ? request_token_url : request_token_path),
163
- nil,
164
- request_options,
165
- *arguments,
166
- &block
167
- )
168
- else
169
- response = token_request(http_method, (request_token_url? ? request_token_url : request_token_path), nil, request_options, *arguments)
162
+ unless request_options[:exclude_callback]
163
+ request_options[:oauth_callback] ||= OAuth::OUT_OF_BAND
170
164
  end
165
+
166
+ response = if block
167
+ token_request(
168
+ http_method,
169
+ (request_token_url? ? request_token_url : request_token_path),
170
+ nil,
171
+ request_options,
172
+ *arguments,
173
+ &block
174
+ )
175
+ else
176
+ token_request(http_method, (request_token_url? ? request_token_url : request_token_path), nil,
177
+ request_options, *arguments)
178
+ end
171
179
  OAuth::RequestToken.from_hash(self, response)
172
180
  end
173
181
 
@@ -182,7 +190,7 @@ module OAuth
182
190
  # @consumer.request(:post, '/people', @token, {}, @person.to_xml, { 'Content-Type' => 'application/xml' })
183
191
  #
184
192
  def request(http_method, path, token = nil, request_options = {}, *arguments)
185
- if path !~ /^\//
193
+ unless %r{^/}.match?(path)
186
194
  @http = create_http(path)
187
195
  _uri = URI.parse(path)
188
196
  path = "#{_uri.path}#{_uri.query ? "?#{_uri.query}" : ""}"
@@ -190,18 +198,19 @@ module OAuth
190
198
 
191
199
  # override the request with your own, this is useful for file uploads which Net::HTTP does not do
192
200
  req = create_signed_request(http_method, path, token, request_options, *arguments)
193
- return nil if block_given? and yield(req) == :done
201
+ return nil if block_given? && (yield(req) == :done)
202
+
194
203
  rsp = http.request(req)
195
204
  # check for an error reported by the Problem Reporting extension
196
205
  # (https://wiki.oauth.net/ProblemReporting)
197
206
  # note: a 200 may actually be an error; check for an oauth_problem key to be sure
198
207
  if !(headers = rsp.to_hash["www-authenticate"]).nil? &&
199
- (h = headers.select { |hdr| hdr =~ /^OAuth / }).any? &&
200
- h.first =~ /oauth_problem/
208
+ (h = headers.grep(/^OAuth /)).any? &&
209
+ h.first.include?("oauth_problem")
201
210
 
202
211
  # puts "Header: #{h.first}"
203
212
 
204
- # TODO doesn't handle broken responses from api.login.yahoo.com
213
+ # TODO: doesn't handle broken responses from api.login.yahoo.com
205
214
  # remove debug code when done
206
215
  params = OAuth::Helper.parse_header(h.first)
207
216
 
@@ -235,10 +244,9 @@ module OAuth
235
244
  # symbolize keys
236
245
  # TODO this could be considered unexpected behavior; symbols or not?
237
246
  # TODO this also drops subsequent values from multi-valued keys
238
- CGI.parse(response.body).inject({}) do |h,(k,v)|
247
+ CGI.parse(response.body).each_with_object({}) do |(k, v), h|
239
248
  h[k.strip.to_sym] = v.first
240
249
  h[k.strip] = v.first
241
- h
242
250
  end
243
251
  end
244
252
  when (300..399)
@@ -250,11 +258,11 @@ module OAuth
250
258
  response.error! if uri.path == path && our_uri.host == uri.host
251
259
 
252
260
  if uri.path == path && our_uri.host != uri.host
253
- options[:site] = "#{uri.scheme}://#{uri.host}"
254
- @http = create_http
261
+ options[:site] = "#{uri.scheme}://#{uri.host}"
262
+ @http = create_http
255
263
  end
256
264
 
257
- self.token_request(http_method, uri.path, token, request_options, arguments)
265
+ token_request(http_method, uri.path, token, request_options, arguments)
258
266
  when (400..499)
259
267
  raise OAuth::Unauthorized, response
260
268
  else
@@ -278,6 +286,7 @@ module OAuth
278
286
 
279
287
  def request_endpoint
280
288
  return nil if @options[:request_endpoint].nil?
289
+
281
290
  @options[:request_endpoint].to_s
282
291
  end
283
292
 
@@ -301,37 +310,37 @@ module OAuth
301
310
  @options[:access_token_path]
302
311
  end
303
312
 
304
- # TODO this is ugly, rewrite
313
+ # TODO: this is ugly, rewrite
305
314
  def request_token_url
306
- @options[:request_token_url] || site + request_token_path
315
+ @options[:request_token_url] || (site + request_token_path)
307
316
  end
308
317
 
309
318
  def request_token_url?
310
- @options.has_key?(:request_token_url)
319
+ @options.key?(:request_token_url)
311
320
  end
312
321
 
313
322
  def authenticate_url
314
- @options[:authenticate_url] || site + authenticate_path
323
+ @options[:authenticate_url] || (site + authenticate_path)
315
324
  end
316
325
 
317
326
  def authenticate_url?
318
- @options.has_key?(:authenticate_url)
327
+ @options.key?(:authenticate_url)
319
328
  end
320
329
 
321
330
  def authorize_url
322
- @options[:authorize_url] || site + authorize_path
331
+ @options[:authorize_url] || (site + authorize_path)
323
332
  end
324
333
 
325
334
  def authorize_url?
326
- @options.has_key?(:authorize_url)
335
+ @options.key?(:authorize_url)
327
336
  end
328
337
 
329
338
  def access_token_url
330
- @options[:access_token_url] || site + access_token_path
339
+ @options[:access_token_url] || (site + access_token_path)
331
340
  end
332
341
 
333
342
  def access_token_url?
334
- @options.has_key?(:access_token_url)
343
+ @options.key?(:access_token_url)
335
344
  end
336
345
 
337
346
  def proxy
@@ -342,12 +351,9 @@ module OAuth
342
351
 
343
352
  # Instantiates the http object
344
353
  def create_http(_url = nil)
354
+ _url = request_endpoint unless request_endpoint.nil?
345
355
 
346
- if !request_endpoint.nil?
347
- _url = request_endpoint
348
- end
349
-
350
- our_uri = if _url.nil? || _url[0] =~ /^\//
356
+ our_uri = if _url.nil? || _url[0] =~ %r{^/}
351
357
  URI.parse(site)
352
358
  else
353
359
  your_uri = URI.parse(_url)
@@ -364,7 +370,8 @@ module OAuth
364
370
  http_object = Net::HTTP.new(our_uri.host, our_uri.port)
365
371
  else
366
372
  proxy_uri = proxy.is_a?(URI) ? proxy : URI.parse(proxy)
367
- http_object = Net::HTTP.new(our_uri.host, our_uri.port, proxy_uri.host, proxy_uri.port, proxy_uri.user, proxy_uri.password)
373
+ http_object = Net::HTTP.new(our_uri.host, our_uri.port, proxy_uri.host, proxy_uri.port, proxy_uri.user,
374
+ proxy_uri.password)
368
375
  end
369
376
 
370
377
  http_object.use_ssl = (our_uri.scheme == "https")
@@ -372,19 +379,21 @@ module OAuth
372
379
  if @options[:no_verify]
373
380
  http_object.verify_mode = OpenSSL::SSL::VERIFY_NONE
374
381
  else
375
- ca_file = @options[:ca_file] || CA_FILE
376
- if ca_file
377
- http_object.ca_file = ca_file
378
- end
382
+ ca_file = @options[:ca_file] || CA_FILE
383
+ http_object.ca_file = ca_file if ca_file
379
384
  http_object.verify_mode = OpenSSL::SSL::VERIFY_PEER
380
385
  http_object.verify_depth = 5
381
386
  end
382
387
 
383
388
  http_object.read_timeout = http_object.open_timeout = @options[:timeout] || 60
384
- http_object.open_timeout = @options[:open_timeout] if @options[:open_timeout]
389
+ if @options[:open_timeout]
390
+ http_object.open_timeout = @options[:open_timeout]
391
+ end
385
392
  http_object.ssl_version = @options[:ssl_version] if @options[:ssl_version]
386
- http_object.cert = @options[:ssl_client_cert] if @options[:ssl_client_cert]
387
- http_object.key = @options[:ssl_client_key] if @options[:ssl_client_key]
393
+ if @options[:ssl_client_cert]
394
+ http_object.cert = @options[:ssl_client_cert]
395
+ end
396
+ http_object.key = @options[:ssl_client_key] if @options[:ssl_client_key]
388
397
  http_object.set_debug_output(debug_output) if debug_output
389
398
 
390
399
  http_object
@@ -394,36 +403,36 @@ module OAuth
394
403
  def create_http_request(http_method, path, *arguments)
395
404
  http_method = http_method.to_sym
396
405
 
397
- if [:post, :put, :patch].include?(http_method)
398
- data = arguments.shift
399
- end
406
+ data = arguments.shift if %i[post put patch].include?(http_method)
400
407
 
401
408
  # if the base site contains a path, add it now
402
409
  # only add if the site host matches the current http object's host
403
410
  # (in case we've specified a full url for token requests)
404
- uri = URI.parse(site)
405
- path = uri.path + path if uri.path && uri.path != "/" && uri.host == http.address
411
+ uri = URI.parse(site)
412
+ if uri.path && uri.path != "/" && uri.host == http.address
413
+ path = uri.path + path
414
+ end
406
415
 
407
416
  headers = arguments.first.is_a?(Hash) ? arguments.shift : {}
408
417
 
409
418
  case http_method
410
419
  when :post
411
- request = Net::HTTP::Post.new(path,headers)
420
+ request = Net::HTTP::Post.new(path, headers)
412
421
  request["Content-Length"] = "0" # Default to 0
413
422
  when :put
414
- request = Net::HTTP::Put.new(path,headers)
423
+ request = Net::HTTP::Put.new(path, headers)
415
424
  request["Content-Length"] = "0" # Default to 0
416
425
  when :patch
417
- request = Net::HTTP::Patch.new(path,headers)
426
+ request = Net::HTTP::Patch.new(path, headers)
418
427
  request["Content-Length"] = "0" # Default to 0
419
428
  when :get
420
- request = Net::HTTP::Get.new(path,headers)
429
+ request = Net::HTTP::Get.new(path, headers)
421
430
  when :delete
422
- request = Net::HTTP::Delete.new(path,headers)
431
+ request = Net::HTTP::Delete.new(path, headers)
423
432
  when :head
424
- request = Net::HTTP::Head.new(path,headers)
433
+ request = Net::HTTP::Head.new(path, headers)
425
434
  else
426
- raise ArgumentError, "Don't know how to handle http_method: :#{http_method.to_s}"
435
+ raise ArgumentError, "Don't know how to handle http_method: :#{http_method}"
427
436
  end
428
437
 
429
438
  if data.is_a?(Hash)
@@ -448,13 +457,12 @@ module OAuth
448
457
  request
449
458
  end
450
459
 
451
- def marshal_dump(*args)
452
- {:key => @key, :secret => @secret, :options => @options}
460
+ def marshal_dump(*_args)
461
+ { key: @key, secret: @secret, options: @options }
453
462
  end
454
463
 
455
464
  def marshal_load(data)
456
465
  initialize(data[:key], data[:secret], data[:options])
457
466
  end
458
-
459
467
  end
460
468
  end
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module OAuth
2
4
  class Error < StandardError
3
5
  end
@@ -1,6 +1,9 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module OAuth
2
4
  class Problem < OAuth::Unauthorized
3
5
  attr_reader :problem, :params
6
+
4
7
  def initialize(problem, request = nil, params = {})
5
8
  super(request)
6
9
  @problem = problem
@@ -1,7 +1,11 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module OAuth
2
4
  class Unauthorized < OAuth::Error
3
5
  attr_reader :request
6
+
4
7
  def initialize(request = nil)
8
+ super()
5
9
  @request = request
6
10
  end
7
11
 
data/lib/oauth/errors.rb CHANGED
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require "oauth/errors/error"
2
4
  require "oauth/errors/unauthorized"
3
5
  require "oauth/errors/problem"
data/lib/oauth/helper.rb CHANGED
@@ -1,9 +1,12 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "time"
1
4
  require "openssl"
2
5
  require "base64"
3
6
 
4
7
  module OAuth
5
8
  module Helper
6
- extend self
9
+ module_function
7
10
 
8
11
  # Escape +value+ by URL encoding all non-reserved character.
9
12
  #
@@ -24,13 +27,13 @@ module OAuth
24
27
 
25
28
  # Generate a random key of up to +size+ bytes. The value returned is Base64 encoded with non-word
26
29
  # characters removed.
27
- def generate_key(size=32)
30
+ def generate_key(size = 32)
28
31
  Base64.encode64(OpenSSL::Random.random_bytes(size)).gsub(/\W/, "")
29
32
  end
30
33
 
31
- alias_method :generate_nonce, :generate_key
34
+ alias generate_nonce generate_key
32
35
 
33
- def generate_timestamp #:nodoc:
36
+ def generate_timestamp # :nodoc:
34
37
  Time.now.to_i.to_s
35
38
  end
36
39
 
@@ -43,7 +46,8 @@ module OAuth
43
46
  # See Also: {OAuth core spec version 1.0, section 9.1.1}[http://oauth.net/core/1.0#rfc.section.9.1.1]
44
47
  def normalize(params)
45
48
  params.sort.map do |k, values|
46
- if values.is_a?(Array)
49
+ case values
50
+ when Array
47
51
  # make sure the array has an element so we don't lose the key
48
52
  values << nil if values.empty?
49
53
  # multiple values were provided for a single key
@@ -51,13 +55,13 @@ module OAuth
51
55
  normalize_nested_query(values, k)
52
56
  else
53
57
  values.sort.collect do |v|
54
- [escape(k),escape(v)] * "="
58
+ [escape(k), escape(v)].join("=")
55
59
  end
56
60
  end
57
- elsif values.is_a?(Hash)
61
+ when Hash
58
62
  normalize_nested_query(values, k)
59
63
  else
60
- [escape(k),escape(values)] * "="
64
+ [escape(k), escape(values)].join("=")
61
65
  end
62
66
  end * "&"
63
67
  end
@@ -76,7 +80,7 @@ module OAuth
76
80
  normalize_nested_query(v, prefix ? "#{prefix}[#{k}]" : k)
77
81
  end.flatten.sort
78
82
  else
79
- [escape(prefix), escape(value)] * "="
83
+ [escape(prefix), escape(value)].join("=")
80
84
  end
81
85
  end
82
86
 
@@ -90,16 +94,16 @@ module OAuth
90
94
  #
91
95
  def parse_header(header)
92
96
  # decompose
93
- params = header[6,header.length].split(/[,=&]/)
97
+ params = header[6, header.length].split(/[,=&]/)
94
98
 
95
99
  # odd number of arguments - must be a malformed header.
96
- raise OAuth::Problem.new("Invalid authorization header") if params.size % 2 != 0
100
+ raise OAuth::Problem, "Invalid authorization header" if params.size.odd?
97
101
 
98
102
  params.map! do |v|
99
103
  # strip and unescape
100
104
  val = unescape(v.strip)
101
105
  # strip quotes
102
- val.sub(/^\"(.*)\"$/, '\1')
106
+ val.sub(/^"(.*)"$/, '\1')
103
107
  end
104
108
 
105
109
  # convert into a Hash
data/lib/oauth/oauth.rb CHANGED
@@ -1,13 +1,15 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module OAuth
2
4
  # request tokens are passed between the consumer and the provider out of
3
5
  # band (i.e. callbacks cannot be used), per section 6.1.1
4
6
  OUT_OF_BAND = "oob"
5
7
 
6
8
  # required parameters, per sections 6.1.1, 6.3.1, and 7
7
- PARAMETERS = %w(oauth_callback oauth_consumer_key oauth_token
8
- oauth_signature_method oauth_timestamp oauth_nonce oauth_verifier
9
- oauth_version oauth_signature oauth_body_hash)
9
+ PARAMETERS = %w[oauth_callback oauth_consumer_key oauth_token
10
+ oauth_signature_method oauth_timestamp oauth_nonce oauth_verifier
11
+ oauth_version oauth_signature oauth_body_hash].freeze
10
12
 
11
13
  # reserved character regexp, per section 5.1
12
- RESERVED_CHARACTERS = /[^a-zA-Z0-9\-\.\_\~]/
14
+ RESERVED_CHARACTERS = /[^a-zA-Z0-9\-._~]/.freeze
13
15
  end
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require "action_controller"
2
4
  require "action_controller/test_process"
3
5
 
File without changes
File without changes
@@ -83,7 +83,7 @@ module OAuth
83
83
  end
84
84
 
85
85
  def oauth_parameters
86
- parameters.select { |k, _v| OAuth::PARAMETERS.include?(k) }.select { |_k, v| v != "" }
86
+ parameters.select { |k, v| OAuth::PARAMETERS.include?(k) && !v.nil? && v != "" }
87
87
  end
88
88
 
89
89
  def non_oauth_parameters
@@ -127,7 +127,7 @@ module OAuth
127
127
  end
128
128
 
129
129
  # URI, including OAuth parameters
130
- def signed_uri(with_oauth = true)
130
+ def signed_uri(with_oauth: true)
131
131
  if signed?
132
132
  params = if with_oauth
133
133
  parameters
File without changes
File without changes
File without changes
@@ -32,7 +32,7 @@ module OAuth
32
32
 
33
33
  def normalized_uri
34
34
  super
35
- rescue
35
+ rescue StandardError
36
36
  # if this is a non-standard URI, it may not parse properly
37
37
  # in that case, assume that it's already been normalized
38
38
  uri
@@ -38,13 +38,11 @@ module OAuth
38
38
  request_params = CGI.parse(query_string)
39
39
  # request_params.each{|k,v| request_params[k] = [nil] if v == []}
40
40
 
41
- if options[:parameters]
42
- options[:parameters].each do |k,v|
43
- if request_params.has_key?(k) && v
44
- request_params[k] << v
45
- else
46
- request_params[k] = [v]
47
- end
41
+ options[:parameters]&.each do |k, v|
42
+ if request_params.key?(k) && v
43
+ request_params[k] << v
44
+ else
45
+ request_params[k] = [v]
48
46
  end
49
47
  end
50
48
  request_params
@@ -71,7 +69,9 @@ module OAuth
71
69
  end
72
70
 
73
71
  def auth_header_params
74
- return nil unless request["Authorization"] && request["Authorization"][0, 5] == "OAuth"
72
+ unless request["Authorization"] && request["Authorization"][0, 5] == "OAuth"
73
+ return nil
74
+ end
75
75
 
76
76
  request["Authorization"]
77
77
  end
File without changes
@@ -38,7 +38,8 @@ module OAuth
38
38
 
39
39
  def post_parameters
40
40
  # Post params are only used if posting form data
41
- if method == "POST" || method == "PUT"
41
+ is_form_data = request.payload && request.payload.headers["Content-Type"] == "application/x-www-form-urlencoded"
42
+ if is_form_data && (method == "POST" || method == "PUT")
42
43
  OAuth::Helper.stringify_keys(query_string_to_hash(request.payload.to_s) || {})
43
44
  else
44
45
  {}
File without changes
@@ -1,24 +1,27 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module OAuth
2
4
  module RequestProxy
3
- def self.available_proxies #:nodoc:
5
+ def self.available_proxies # :nodoc:
4
6
  @available_proxies ||= {}
5
7
  end
6
8
 
7
9
  def self.proxy(request, options = {})
8
- return request if request.kind_of?(OAuth::RequestProxy::Base)
10
+ return request if request.is_a?(OAuth::RequestProxy::Base)
9
11
 
10
12
  klass = available_proxies[request.class]
11
13
 
12
14
  # Search for possible superclass matches.
13
15
  if klass.nil?
14
- request_parent = available_proxies.keys.find { |rc| request.kind_of?(rc) }
16
+ request_parent = available_proxies.keys.find { |rc| request.is_a?(rc) }
15
17
  klass = available_proxies[request_parent]
16
18
  end
17
19
 
18
20
  raise UnknownRequestType, request.class.to_s unless klass
21
+
19
22
  klass.new(request, options)
20
23
  end
21
24
 
22
- class UnknownRequestType < Exception; end
25
+ class UnknownRequestType < RuntimeError; end
23
26
  end
24
27
  end