oauth 0.1.1

data/History.txt

@@ -0,0 +1,4 @@
+== 0.1.1 2007-11-26
+
+* 1 First release as a GEM
+  * Moved all non rails functions into this GEM from the Rails plugin http://code.google.com/p/oauth-plugin/

data/License.txt

@@ -0,0 +1,20 @@
+Copyright (c) 2007 Pelle Braendgaard
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/Manifest.txt

@@ -0,0 +1,35 @@
+History.txt
+License.txt
+Manifest.txt
+README.txt
+Rakefile
+config/hoe.rb
+config/requirements.rb
+lib/oauth.rb
+lib/oauth/consumer.rb
+lib/oauth/consumer_credentials.rb
+lib/oauth/key.rb
+lib/oauth/oauth_test_helper.rb
+lib/oauth/request.rb
+lib/oauth/server.rb
+lib/oauth/signature.rb
+lib/oauth/token.rb
+lib/oauth/version.rb
+script/destroy
+script/generate
+script/txt2html
+setup.rb
+tasks/deployment.rake
+tasks/environment.rake
+tasks/website.rake
+test/test_consumer.rb
+test/test_helper.rb
+test/test_oauth.rb
+test/test_request.rb
+test/test_server.rb
+test/test_signature.rb
+website/index.html
+website/index.txt
+website/javascripts/rounded_corners_lite.inc.js
+website/stylesheets/screen.css
+website/template.rhtml

data/README.txt

@@ -0,0 +1 @@
+README

data/Rakefile

@@ -0,0 +1,4 @@
+require 'config/requirements'
+require 'config/hoe' # setup Hoe + all gem configuration
+
+Dir['tasks/**/*.rake'].each { |rake| load rake }

data/config/hoe.rb

@@ -0,0 +1,71 @@
+require 'oauth/version'
+
+AUTHOR = 'Pelle Braendgaard'  # can also be an array of Authors
+EMAIL = "pelleb@gmail.com"
+DESCRIPTION = "OAuth Core Ruby implementation"
+GEM_NAME = 'oauth' # what ppl will type to install your gem
+RUBYFORGE_PROJECT = 'oauth' # The unix name for your project
+HOMEPATH = "http://#{RUBYFORGE_PROJECT}.rubyforge.org"
+DOWNLOAD_PATH = "http://rubyforge.org/projects/#{RUBYFORGE_PROJECT}"
+
+@config_file = "~/.rubyforge/user-config.yml"
+@config = nil
+RUBYFORGE_USERNAME = "unknown"
+def rubyforge_username
+  unless @config
+    begin
+      @config = YAML.load(File.read(File.expand_path(@config_file)))
+    rescue
+      puts <<-EOS
+ERROR: No rubyforge config file found: #{@config_file}
+Run 'rubyforge setup' to prepare your env for access to Rubyforge
+ - See http://newgem.rubyforge.org/rubyforge.html for more details
+      EOS
+      exit
+    end
+  end
+  RUBYFORGE_USERNAME.replace @config["username"]
+end
+
+
+REV = nil 
+# UNCOMMENT IF REQUIRED: 
+# REV = `svn info`.each {|line| if line =~ /^Revision:/ then k,v = line.split(': '); break v.chomp; else next; end} rescue nil
+VERS = Oauth::VERSION::STRING + (REV ? ".#{REV}" : "")
+RDOC_OPTS = ['--quiet', '--title', 'oauth documentation',
+    "--opname", "index.html",
+    "--line-numbers", 
+    "--main", "README",
+    "--inline-source"]
+
+class Hoe
+  def extra_deps 
+    @extra_deps.reject! { |x| Array(x).first == 'hoe' } 
+    @extra_deps
+  end 
+end
+
+# Generate all the Rake tasks
+# Run 'rake -T' to see list of generated tasks (from gem root directory)
+hoe = Hoe.new(GEM_NAME, VERS) do |p|
+  p.author = AUTHOR 
+  p.description = DESCRIPTION
+  p.email = EMAIL
+  p.summary = DESCRIPTION
+  p.url = HOMEPATH
+  p.rubyforge_name = RUBYFORGE_PROJECT if RUBYFORGE_PROJECT
+  p.test_globs = ["test/**/test_*.rb"]
+  p.clean_globs |= ['**/.*.sw?', '*.gem', '.config', '**/.DS_Store']  #An array of file patterns to delete on clean.
+  
+  # == Optional
+  p.changes = p.paragraphs_of("History.txt", 0..1).join("\n\n")
+  p.extra_deps = [['ruby-hmac','>= 0.3.1'] ]    # An array of rubygem dependencies [name, version], e.g. [ ['active_support', '>= 1.3.1'] ]
+  
+  #p.spec_extras = {}    # A hash of extra values to set in the gemspec.
+  
+end
+
+CHANGES = hoe.paragraphs_of('History.txt', 0..1).join("\\n\\n")
+PATH    = (RUBYFORGE_PROJECT == GEM_NAME) ? RUBYFORGE_PROJECT : "#{RUBYFORGE_PROJECT}/#{GEM_NAME}"
+hoe.remote_rdoc_dir = File.join(PATH.gsub(/^#{RUBYFORGE_PROJECT}\/?/,''), 'rdoc')
+hoe.rsync_args = '-av --delete --ignore-errors'

data/config/requirements.rb

@@ -0,0 +1,17 @@
+require 'fileutils'
+include FileUtils
+
+require 'rubygems'
+%w[rake hoe newgem rubigen].each do |req_gem|
+  begin
+    require req_gem
+  rescue LoadError
+    puts "This Rakefile requires the '#{req_gem}' RubyGem."
+    puts "Installation: gem install #{req_gem} -y"
+    exit
+  end
+end
+
+$:.unshift(File.join(File.dirname(__FILE__), %w[.. lib]))
+
+require 'oauth'

data/lib/oauth.rb

@@ -0,0 +1,14 @@
+$:.unshift File.dirname(__FILE__)
+require 'rubygems'
+require 'oauth/key'
+require 'oauth/request'
+require 'oauth/signature'
+require 'oauth/consumer_credentials'
+require 'oauth/consumer'
+require 'oauth/server'
+require 'oauth/token'
+require 'oauth/oauth_test_helper'
+
+module OAuth
+  
+end

data/lib/oauth/consumer.rb

@@ -0,0 +1,123 @@
+module OAuth
+  class Consumer<ConsumerCredentials
+    
+    @@default_params={
+      # Signature method used by server. Defaults to HMAC-SHA1
+      :oauth_signature_method=>'HMAC-SHA1',
+      
+      # default paths on site. These are the same as the defaults set up by the generators
+      :request_token_path=>'/oauth/request_token',
+      :authorize_path=>'/oauth/authorize',
+      :access_token_path=>'/oauth/access_token',
+      
+      # How do we send the oauth values to the server see 
+      # http://oauth.googlecode.com/svn/spec/branches/1.0/drafts/6/spec.html#consumer_req_param for more info
+      #
+      # Possible values:
+      #
+      #   :authorize - via the Authorize header (Default) ( option 1. in spec)
+      #   :post - url form encoded in body of POST request ( option 2. in spec)
+      #   :query - via the query part of the url ( option 3. in spec)
+      :auth_method=>:authorize, 
+      
+      # Default http method used for OAuth Token Requests (defaults to :post)
+      :http_method=>:post, 
+      
+      :oauth_version=>"1.0"
+    }
+    
+    attr_accessor :site,:params
+    
+    # Create a new consumer instance by passing it a configuration hash:
+    #
+    #   @consumer=OAuth::Consumer.new( {
+    #     :consumer_key=>"key",
+    #     :consumer_secret=>"secret",
+    #     :site=>"http://term.ie",
+    #     :auth_method=>:authorize,
+    #     :http_method=>:post,
+    #     :request_token_path=>"/oauth/example/request_token.php",
+    #     :access_token_path=>"/oauth/example/access_token.php",
+    #     :authorize_path=>"/oauth/example/authorize.php"
+    #    })
+    #
+    # Start the process by requesting a token
+    #
+    #   @request_token=@consumer.request_token
+    #   session[:request_token]=@request_token
+    #   redirect_to @request_token.authorize_url
+    #
+    # When user returns create an access_token
+    #
+    #   @access_token=@request_token.access_token
+    #   @photos=@access_token.get('http://test.com/photos.xml')
+    #
+    #
+    
+    def initialize(params)
+      # ensure that keys are symbols
+      @params=@@default_params.merge( params.inject({}) do |options, (key, value)|
+        options[key.to_sym] = value
+        options
+      end)
+      super @params[:consumer_key],@params[:consumer_secret]
+      @site=@params[:site]
+      raise ArgumentError, 'Missing site URI' unless @site
+    end
+    
+    def http_method
+      @http_method||=@params[:http_method]||:post
+    end
+    
+    # Get a Request Token
+    def get_request_token
+      request=create_request(http_method,request_token_path)
+      response=request.perform_token_request(self.secret)
+      OAuth::RequestToken.new(self,response[:oauth_token],response[:oauth_token_secret])
+    end
+    
+    def create_request(http_method,path, oauth_params={},*arguments)
+      OAuth::Request.new(http_method,site,path,oauth_params.merge({
+        :oauth_consumer_key=>self.key,
+        :realm=>authorize_url,
+        :oauth_signature_method=>params[:oauth_signature_method],
+        :oauth_version=>params[:oauth_version],
+        :auth_method=>auth_method
+        }),*arguments)
+    end
+
+    def signed_request(http_method, path, oauth_params={},token_secret=nil,*arguments)
+      request=create_request(http_method,path,oauth_params,*arguments)
+      request.sign(self.secret,token_secret)
+      request
+    end
+    
+    def auth_method
+      @params[:auth_method]
+    end
+    
+    def request_token_path
+      @params[:request_token_path]
+    end
+    
+    def authorize_path
+      @params[:authorize_path]
+    end
+    
+    def access_token_path
+      @params[:access_token_path]
+    end
+
+    def request_token_url
+      site+request_token_path
+    end
+
+    def authorize_url
+      site+authorize_path
+    end
+
+    def access_token_url
+      site+access_token_path
+    end
+  end
+end

data/lib/oauth/consumer_credentials.rb

@@ -0,0 +1,12 @@
+module OAuth
+  class ConsumerCredentials
+    attr_accessor :key, :secret
+
+    def initialize(key, secret)
+      @key = key
+      @secret = secret
+      raise ArgumentError, 'Missing consumer credentials ("key and/or secret")' unless @key && @secret
+    end
+  end
+  
+end

data/lib/oauth/key.rb

@@ -0,0 +1,15 @@
+require 'openssl'
+require 'base64'
+module OAuth
+  module Key
+    def generate_key(size=32)
+      Base64.encode64(OpenSSL::Random.random_bytes(size)).gsub(/\W/,'')
+    end
+    
+    # Based on Blaine's example from the Oauth mailing list
+    def escape(value)
+      CGI.escape(value.to_s).gsub("%7E", "~").gsub("+", "%20")
+    end
+    
+  end
+end

data/lib/oauth/oauth_test_helper.rb

@@ -0,0 +1,24 @@
+module OAuth
+  module OAuthTestHelper
+    
+    def mock_incoming_request_with_query(request)
+      incoming=ActionController::TestRequest.new(request.to_hash)
+      incoming.request_uri=request.path
+      incoming.env["SERVER_PORT"]=request.uri.port
+      incoming.host=request.uri.host
+      incoming.env['REQUEST_METHOD']=request.http_method
+      incoming
+    end
+
+    def mock_incoming_request_with_authorize_header(request)
+      incoming=ActionController::TestRequest.new
+      incoming.env["HTTP_AUTHORIZATION"]=request.to_auth_string
+      incoming.request_uri=request.path
+      incoming.env["SERVER_PORT"]=request.uri.port
+      incoming.host=request.uri.host
+      incoming.env['REQUEST_METHOD']=request.http_method
+      incoming
+    end
+  
+  end
+end

data/lib/oauth/request.rb

@@ -0,0 +1,258 @@
+require 'uri'
+require 'cgi'
+require 'open-uri'
+require 'net/http' 
+module OAuth
+  # This encapsulates all the request details for OAuth.
+  #
+  # On the consumer side you shouldn't use this directly but rather Use consumer.get_request_token for the initial token
+  # and access token for actual web service calls
+  #
+  # On the service provider side there are various interesting methods.
+  #
+  # To find the consumer_key for a request in a rails app do:
+  # 
+  #   @consumer_key=OAuth::Request.extract_consumer_key(request)
+  #
+  # To extract an OAuth::Request for a rails request in a rails app do:
+  #
+  #   @oauth_request=OAuth::Request.incoming(request)
+  #   @token=AccessToken.find_by_token @oauth_request.token
+  #   return @oauth_request.verify?(@token.client_application.secret,@token.secret)
+  #
+  # This example assumes an ActiveRecord Model called AccessToken with a token and a secret column.
+  # This is associated with a ActiveRecord Model ClientApplication (the consumer), which has a key and secret column.
+  #
+  class Request
+    include OAuth::Key
+    
+    attr_accessor :oauth_params,:headers,:site,:path,:realm,:body,:auth_method
+    
+    @@default_oauth_params={:oauth_signature_method=>'HMAC-SHA1',:oauth_version=>"1.0",:realm=>''}
+    
+    def initialize(http_method,site,path,oauth_params={},*arguments)
+      # ensure that keys are symbols
+      @oauth_params=@@default_oauth_params.merge( oauth_params.inject({}) do |options, (key, value)|
+        options[key.to_sym] = value
+        options
+      end)
+      self.http_method=http_method
+      self.site=site
+      self.path=path
+      self.realm=@oauth_params.delete(:realm)
+      self.auth_method=@oauth_params.delete(:auth_method)||:authorize
+      self.body=arguments.shift if ['POST','PUT'].include?(self.http_method)
+      self.headers=arguments.shift||{}
+      self.headers['Content-Type']||='application/x-www-form-urlencoded' if ['POST','PUT'].include?(self.http_method)
+
+      self[:oauth_timestamp]=create_timestamp unless self.timestamp
+      self[:oauth_nonce]=generate_key(24) unless self.nonce
+      
+      # Default to Authorize header if http method doesn't support the specified auth_method
+      if ['GET','HEAD','DELETE'].include?(self.http_method)
+        self.auth_method=:authorize unless self.auth_method==:query
+      else
+        self.auth_method=:authorize unless self.auth_method==:post
+      end
+
+    end
+    
+    # Use to extract the consumer key from a http request object
+    # This is intended for use on the server
+    def self.extract_consumer_key(http_request)
+      auth=http_request.env["HTTP_AUTHORIZATION"]
+      if auth && auth[0..5]=="OAuth "&&auth=~/ oauth_consumer_key="([^, ]+)"/
+        $1
+      else
+        http_request.parameters[:oauth_consumer_key]
+      end
+    end
+    
+    # This takes a rails like Request and returns an OAuth request object
+    def self.incoming(http_request)
+      auth=http_request.env["HTTP_AUTHORIZATION"]
+      if auth && auth[0..5]=="OAuth "
+        parameters=auth[6,auth.size].scan(/ ([^= ]+)="([^"]*)",?/).inject({}) do |h,(k,v)| 
+          h[k.to_sym]=CGI.unescape(v)
+          h
+        end
+        _path=http_request.request_uri
+      else
+        parameters=http_request.query_parameters#.reject{|k,v| ['controller','action'].include?(k)}
+#        non_oauth=to_name_value_pair_array(http_request.query_parameters.reject(){|k,v| k.to_s=~/oauth_/}).join(/&/)
+        _path=http_request.request_uri
+#        _path=http_request.path+'?'+non_auth
+      end
+      if http_request.post?||http_request.put?
+        Request.new(http_request.method,"http://#{http_request.host_with_port}",_path,parameters,http_request.raw_post,{'Content-Type'=>http_request.content_type})
+      else
+        Request.new(http_request.method,"http://#{http_request.host_with_port}",_path,parameters)
+      end
+    end
+        
+    def perform(consumer_secret,token_secret=nil)
+      http_klass=(uri.scheme=="https" ? Net::HTTPS : Net::HTTP)
+      http_klass.start(uri.host,uri.port) do |http|
+        sign(consumer_secret,token_secret)
+        
+        case auth_method
+        when :query
+          _path="#{uri.path}?#{to_query}"
+        when :post
+          self.body=to_query
+        else
+          headers['Authorization']=to_auth_string
+        end
+        _path||=path
+        # TODO if realm is set use auth header
+        if (['POST','PUT'].include?(http_method))
+#          headers['Content-Length']=body.size.to_s unless body.nil?          
+          http.send(http_method.downcase.to_sym,_path,body,headers)
+        else # any request without a body
+          http.send(http_method.downcase.to_sym,_path,headers)
+        end
+      end
+    end
+    
+    def perform_token_request(consumer_secret,token_secret=nil)
+      response=perform(consumer_secret,token_secret)
+      if response.code=="200"
+        CGI.parse(response.body).inject({}){|h,(k,v)| h[k.to_sym]=v.first;h}
+      else 
+        response.error! 
+      end 
+    end
+    
+    def http_method=(value)
+      @http_method=value.to_s.strip.upcase
+    end
+    
+    def http_method
+      @http_method
+    end
+    
+    def content_type
+      @content_type||=headers['Content-Type']
+    end
+    
+    def site=(_site)
+      @site=_site.downcase
+      @uri=nil # invalidate uri
+      @site
+    end
+    
+    def path=(_path)
+      @path=_path
+      @uri=nil # invalidate uri
+      @path
+    end
+
+    def uri
+      @uri||=URI.parse(url)
+    end
+    
+    def url
+      (site+path)
+    end
+    
+    # produces a hash of the query or post parameters depending on http method
+    def http_parameters
+      @http_params||=parse_url_form_encoded( body||uri.query||'') 
+    end
+    
+    def parse_url_form_encoded(string)
+      CGI.parse(string).inject({}){|h,(k,v)| h[k.to_sym]=v[0];h}
+    end
+    
+    def normalized_url
+      uri=URI.split(url)
+      if uri[3].nil?||(uri[3]=='80'&&uri[0]=='http')||(uri[3]=='443'&&uri[0]=='https')
+        port=""
+      else
+        port=":#{uri[3]}"
+      end
+      "#{uri[0]}://#{uri[2]}#{port}#{uri[5]}"
+    end
+    
+    def [](key)
+      oauth_params[key.to_sym]
+    end
+    
+    def []=(key,value)
+      oauth_params[key.to_sym]=value
+    end
+    
+    def timestamp
+      self[:oauth_timestamp]
+    end
+    
+    def create_timestamp
+      Time.now.utc.to_i.to_s
+    end
+    
+    def nonce
+      self[:oauth_nonce]
+    end
+
+    def token
+      self[:oauth_token]
+    end
+    
+    def to_name_value_pair_array(hash,with={})
+      hash.merge(with).collect{|(key,value)| "#{escape(key.to_s)}=#{escape(value)}"}.sort
+    end
+
+    def to_hash(with={})
+      oauth_params.merge(http_parameters).merge(with)
+    end
+    
+    def to_query(with={})
+      (to_name_value_pair_array(to_hash(with))).sort.join("&")
+    end
+
+    def to_query_without_signature(with={})
+      (to_name_value_pair_array(oauth_params_without_signature,with)).sort.join("&")
+    end
+
+    def to_auth_string
+      "OAuth realm=\"#{realm}\", "+oauth_params.collect{|(key,value)| "#{escape(key.to_s)}=\"#{escape(value)}\""}.sort.join(", ")
+    end
+    
+    def to_base_string(secret)
+      to_query({:oauth_secret=>secret})
+    end
+
+    def oauth_params_without_signature
+      to_hash.reject{|key,value| key.to_sym==:oauth_signature}
+    end
+    
+    def signature
+      self[:oauth_signature]
+    end
+
+    def signature=(_signature)
+      self[:oauth_signature]=_signature
+    end
+    
+    def signature_method
+      self[:oauth_signature_method]
+    end
+        
+    def signature_method=(_signature_method)
+      self[:oauth_signature_method]=_signature_method
+    end
+
+    def signed?
+      signature!=nil
+    end
+    
+    def sign(consumer_secret,token_secret=nil)
+      OAuth::Signature.create(self,consumer_secret,token_secret).sign!
+    end
+    
+    def verify?(consumer_secret,token_secret=nil)
+      OAuth::Signature.create(self,consumer_secret,token_secret).verify?
+    end
+    
+  end
+end