oauth 0.1.1 → 0.2.0

data/History.txt

@@ -1,3 +1,12 @@
+== 0.2 2007-1-19 All together now release
+
+This is a big release, where we have merged the efforts of various parties into one common library. This means there are definitely some API changes you should be aware of. They should be minimal but please have a look at the unit tests.
+
+== 0.1.2 2007-12-1
+
+* 1 Fixed a problem where incoming request didn't check whether oauth parameters where missing. While not giving unauthorized access it did cause extra processing where not necessary.
+* 2 Includes Pat's fix for getting the realm out.
+
 == 0.1.1 2007-11-26
 
 * 1 First release as a GEM

data/License.txt

@@ -1,4 +1,4 @@
-Copyright (c) 2007 Pelle Braendgaard
+Copyright (c) 2007 Blaine Cook, Larry Halff, Pelle Braendgaard
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

data/Manifest.txt

@@ -6,13 +6,28 @@ Rakefile
 config/hoe.rb
 config/requirements.rb
 lib/oauth.rb
+lib/oauth/client.rb
+lib/oauth/client/action_controller_request.rb
+lib/oauth/client/helper.rb
+lib/oauth/client/net_http.rb
 lib/oauth/consumer.rb
-lib/oauth/consumer_credentials.rb
-lib/oauth/key.rb
-lib/oauth/oauth_test_helper.rb
-lib/oauth/request.rb
+lib/oauth/helper.rb
+lib/oauth/request_proxy.rb
+lib/oauth/request_proxy/action_controller_request.rb
+lib/oauth/request_proxy/base.rb
+lib/oauth/request_proxy/net_http.rb
 lib/oauth/server.rb
 lib/oauth/signature.rb
+lib/oauth/signature/base.rb
+lib/oauth/signature/hmac/base.rb
+lib/oauth/signature/hmac/md5.rb
+lib/oauth/signature/hmac/rmd160.rb
+lib/oauth/signature/hmac/sha1.rb
+lib/oauth/signature/hmac/sha2.rb
+lib/oauth/signature/md5.rb
+lib/oauth/signature/plaintext.rb
+lib/oauth/signature/rsa/sha1.rb
+lib/oauth/signature/sha1.rb
 lib/oauth/token.rb
 lib/oauth/version.rb
 script/destroy
@@ -22,12 +37,15 @@ setup.rb
 tasks/deployment.rake
 tasks/environment.rake
 tasks/website.rake
+test/test_action_controller_request_proxy.rb
 test/test_consumer.rb
 test/test_helper.rb
-test/test_oauth.rb
-test/test_request.rb
-test/test_server.rb
+test/test_hmac_sha1.rb
+test/test_net_http_client.rb
+test/test_net_http_request_proxy.rb
 test/test_signature.rb
+test/test_signature_base.rb
+test/test_token.rb
 website/index.html
 website/index.txt
 website/javascripts/rounded_corners_lite.inc.js

data/config/hoe.rb

@@ -1,6 +1,6 @@
 require 'oauth/version'
 
-AUTHOR = 'Pelle Braendgaard'  # can also be an array of Authors
+AUTHOR = ['Pelle Braendgaard','Blaine Cook','Larry Halff']  # can also be an array of Authors
 EMAIL = "pelleb@gmail.com"
 DESCRIPTION = "OAuth Core Ruby implementation"
 GEM_NAME = 'oauth' # what ppl will type to install your gem

data/lib/oauth.rb

@@ -1,14 +1,3 @@
 $:.unshift File.dirname(__FILE__)
-require 'rubygems'
-require 'oauth/key'
-require 'oauth/request'
-require 'oauth/signature'
-require 'oauth/consumer_credentials'
-require 'oauth/consumer'
-require 'oauth/server'
-require 'oauth/token'
-require 'oauth/oauth_test_helper'
 
-module OAuth
-  
-end
+module OAuth; end

data/lib/oauth/client.rb

@@ -0,0 +1,4 @@
+module OAuth
+  module Client
+  end
+end

data/lib/oauth/client/action_controller_request.rb

@@ -0,0 +1,51 @@
+require 'oauth/client/helper'
+require 'oauth/request_proxy/action_controller_request'
+require 'action_controller/test_process'
+
+module ActionController
+  class Base
+    def process_with_oauth(request)
+      request.apply_oauth!
+    end
+
+    alias_method_chain :process, :oauth
+  end
+
+  class TestRequest
+    def self.use_oauth=(bool)
+      @use_oauth = bool
+    end
+
+    def self.use_oauth?
+      @use_oauth
+    end
+
+    def configure_oauth(consumer = nil, token = nil, options = {})
+      @options = { :consumer => consumer,
+                   :token => token,
+                   :scheme => 'header',
+                   :signature_method => nil,
+                   :nonce => nil,
+                   :timestamp => nil }.merge(options)
+    end
+
+    def apply_oauth!
+      return unless ActionController::TestRequest.use_oauth?
+      @oauth_helper = OAuth::Client::Helper.new(self, @options.merge( { :request_uri => request_uri } ))
+
+      self.send("set_oauth_#{options[:scheme]}")
+    end
+
+    def set_oauth_header
+      env['Authorization'] = @oauth_helper.header
+    end
+
+    def set_oauth_parameters
+      @query_parameters = @oauth_helper.parameters_with_oauth
+      @query_parameters.merge!( { :oauth_signature => @oauth_helper.signature } )
+    end
+    
+    def set_oauth_query_string
+    end
+  end
+end

data/lib/oauth/client/helper.rb

@@ -0,0 +1,74 @@
+require 'oauth/client'
+require 'oauth/consumer'
+require 'oauth/helper'
+require 'oauth/token'
+require 'oauth/signature/hmac/sha1'
+
+module OAuth::Client
+  class Helper
+    include OAuth::Helper
+    
+    def initialize(request, options = {})
+      @request = request
+      @options = options
+      @options[:signature_method] ||= 'HMAC-SHA1'
+    end
+
+    def options
+      @options
+    end
+
+    def nonce
+      options[:nonce] ||= generate_key
+    end
+
+    def timestamp
+      options[:timestamp] ||= generate_timestamp
+    end
+
+    def generate_timestamp
+      Time.now.to_i.to_s
+    end
+
+    def oauth_parameters
+      {
+        'oauth_consumer_key'     => options[:consumer].key,
+        'oauth_token'            => options[:token] ? options[:token].token : '',
+        'oauth_signature_method' => options[:signature_method],
+        'oauth_timestamp'        => timestamp,
+        'oauth_nonce'            => nonce,
+        'oauth_version'          => '1.0'
+      }
+    end
+
+    def signature(extra_options = {})
+      OAuth::Signature.sign(@request, { :uri      => options[:request_uri],
+                                                    :consumer => options[:consumer],
+                                                    :token    => options[:token] }.merge(extra_options) )
+    end
+
+    def signature_base_string(extra_options = {})
+      OAuth::Signature.signature_base_string(@request, { :uri      => options[:request_uri],
+                                                    :consumer => options[:consumer],
+                                                    :token    => options[:token],
+                                                    :parameters => oauth_parameters}.merge(extra_options) )
+    end
+
+    def header
+      parameters = oauth_parameters
+      parameters.merge!( { 'oauth_signature' => signature( { :parameters => parameters } ) } )
+
+      header_params_str = parameters.map { |k,v| "#{k}=\"#{escape(v)}\"" }.join(', ')
+
+      return "OAuth realm=\"#{options[:realm]||''}\", #{header_params_str}"
+    end
+
+    def parameters
+      OAuth::RequestProxy.proxy(@request).parameters
+    end
+
+    def parameters_with_oauth
+      oauth_parameters.merge( parameters )
+    end
+  end
+end

data/lib/oauth/client/net_http.rb

@@ -0,0 +1,72 @@
+require 'oauth/client/helper'
+require 'oauth/request_proxy/net_http'
+
+class Net::HTTPRequest
+  def oauth!(http, consumer = nil, token = nil, options = {})
+    options = { :request_uri => oauth_full_request_uri(http),
+                :consumer => consumer,
+                :token => token,
+                :scheme => 'header',
+                :signature_method => nil,
+                :nonce => nil,
+                :timestamp => nil }.merge(options)
+
+    @oauth_helper = OAuth::Client::Helper.new(self, options)
+    self.send("set_oauth_#{options[:scheme]}")
+  end
+
+  def signature_base_string(http, consumer = nil, token = nil, options = {})
+    options = { :request_uri => oauth_full_request_uri(http),
+                :consumer => consumer,
+                :token => token,
+                :scheme => 'header',
+                :signature_method => nil,
+                :nonce => nil,
+                :timestamp => nil }.merge(options)
+
+    OAuth::Client::Helper.new(self, options).signature_base_string
+  end
+  
+  def oauth_helper
+    @oauth_helper
+  end
+  private
+
+  def oauth_full_request_uri(http)
+    uri = URI.parse(self.path)
+    uri.host = http.address
+    uri.port = http.port
+    if http.respond_to?(:use_ssl?)
+      uri.scheme = http.use_ssl? ? 'https' : 'http'
+    end
+    uri.to_s
+  end
+
+  def set_oauth_header
+    self['Authorization'] = @oauth_helper.header
+  end
+
+  # FIXME: if you're using a POST body and query string parameters, using this
+  # method will convert those parameters on the query string into parameters in
+  # the body. this is broken, and should be fixed.
+  def set_oauth_body
+    self.set_form_data(@oauth_helper.parameters_with_oauth)
+    params_with_sig = @oauth_helper.parameters.merge(:oauth_signature => @oauth_helper.signature)
+    self.set_form_data(params_with_sig)
+  end
+
+  def set_oauth_query_string
+    oauth_params_str = @oauth_helper.oauth_parameters.map { |k,v| "#{k}=#{v}" }.join("&")
+
+    uri = URI.parse(path)
+    if !uri.query || uri.query == ''
+      uri.query = oauth_params_str
+    else
+      uri.query = uri.query + "&" + oauth_params_str
+    end
+
+    @path = uri.to_s
+
+    @path << "&oauth_signature=#{@oauth_helper.signature}"
+  end
+end

data/lib/oauth/consumer.rb

@@ -1,7 +1,9 @@
+require 'net/http'
+require 'oauth/client/net_http'
 module OAuth
-  class Consumer<ConsumerCredentials
+  class Consumer
     
-    @@default_params={
+    @@default_options={
       # Signature method used by server. Defaults to HMAC-SHA1
       :oauth_signature_method=>'HMAC-SHA1',
       
@@ -15,10 +17,10 @@ module OAuth
       #
       # Possible values:
       #
-      #   :authorize - via the Authorize header (Default) ( option 1. in spec)
-      #   :post - url form encoded in body of POST request ( option 2. in spec)
-      #   :query - via the query part of the url ( option 3. in spec)
-      :auth_method=>:authorize, 
+      #   :header - via the Authorize header (Default) ( option 1. in spec)
+      #   :body - url form encoded in body of POST request ( option 2. in spec)
+      #   :query_string - via the query part of the url ( option 3. in spec)
+      :scheme=>:header, 
       
       # Default http method used for OAuth Token Requests (defaults to :post)
       :http_method=>:post, 
@@ -26,15 +28,14 @@ module OAuth
       :oauth_version=>"1.0"
     }
     
-    attr_accessor :site,:params
+    attr_accessor :site,:options, :key, :secret,:http
+    
     
     # Create a new consumer instance by passing it a configuration hash:
     #
-    #   @consumer=OAuth::Consumer.new( {
-    #     :consumer_key=>"key",
-    #     :consumer_secret=>"secret",
+    #   @consumer=OAuth::Consumer.new( key,secret,{
     #     :site=>"http://term.ie",
-    #     :auth_method=>:authorize,
+    #     :scheme=>:header,
     #     :http_method=>:post,
     #     :request_token_path=>"/oauth/example/request_token.php",
     #     :access_token_path=>"/oauth/example/access_token.php",
@@ -43,81 +44,149 @@ module OAuth
     #
     # Start the process by requesting a token
     #
-    #   @request_token=@consumer.request_token
+    #   @request_token=@consumer.get_request_token
     #   session[:request_token]=@request_token
     #   redirect_to @request_token.authorize_url
     #
     # When user returns create an access_token
     #
-    #   @access_token=@request_token.access_token
-    #   @photos=@access_token.get('http://test.com/photos.xml')
+    #   @access_token=@request_token.get_access_token
+    #   @photos=@access_token.get('/photos.xml')
     #
     #
     
-    def initialize(params)
+    def initialize(consumer_key,consumer_secret,options={})
       # ensure that keys are symbols
-      @params=@@default_params.merge( params.inject({}) do |options, (key, value)|
+      @options=@@default_options.merge( options.inject({}) do |options, (key, value)|
         options[key.to_sym] = value
         options
       end)
-      super @params[:consumer_key],@params[:consumer_secret]
-      @site=@params[:site]
-      raise ArgumentError, 'Missing site URI' unless @site
+      @key = consumer_key
+      @secret = consumer_secret
     end
     
     def http_method
-      @http_method||=@params[:http_method]||:post
+      @http_method||=@options[:http_method]||:post
+    end
+    
+    def http
+      @http ||= Net::HTTP.new(uri.host, uri.port)
+    end
+    
+    # will change
+    def uri(url=nil)
+      @uri||=URI.parse(url||site)
     end
     
     # Get a Request Token
     def get_request_token
-      request=create_request(http_method,request_token_path)
-      response=request.perform_token_request(self.secret)
+      response=token_request(http_method,request_token_path)
       OAuth::RequestToken.new(self,response[:oauth_token],response[:oauth_token_secret])
     end
     
-    def create_request(http_method,path, oauth_params={},*arguments)
-      OAuth::Request.new(http_method,site,path,oauth_params.merge({
-        :oauth_consumer_key=>self.key,
-        :realm=>authorize_url,
-        :oauth_signature_method=>params[:oauth_signature_method],
-        :oauth_version=>params[:oauth_version],
-        :auth_method=>auth_method
-        }),*arguments)
+    # Creates, signs and performs an http request.
+    # It's recommended to use the Token classes to set this up correctly.
+    # The arguments parameters are a hash or string encoded set of parameters if it's a post request as well as optional http headers.
+    # 
+    #   @consumer.request(:get,'/people',@token,{:scheme=>:query_string})
+    #   @consumer.request(:post,'/people',@token,{},@person.to_xml,{ 'Content-Type' => 'application/xml' })
+    #
+    def request(http_method,path, token=nil,request_options={},*arguments)
+      http.request(create_signed_request(http_method,path,token,request_options,*arguments))
+    end
+    
+    # Creates and signs an http request.
+    # It's recommended to use the Token classes to set this up correctly
+    def create_signed_request(http_method,path, token=nil,request_options={},*arguments)
+      request=create_http_request(http_method,path,*arguments)
+      sign!(request,token,request_options)
+      request
+    end
+    
+    # Creates a request and parses the result as url_encoded. This is used internally for the RequestToken and AccessToken requests.
+    def token_request(http_method,path,token=nil,request_options={},*arguments)
+      response=request(http_method,path,token,request_options,*arguments)
+      if response.code=="200"
+        CGI.parse(response.body).inject({}){|h,(k,v)| h[k.to_sym]=v.first;h}
+      else 
+        response.error! 
+      end
     end
 
-    def signed_request(http_method, path, oauth_params={},token_secret=nil,*arguments)
-      request=create_request(http_method,path,oauth_params,*arguments)
-      request.sign(self.secret,token_secret)
-      request
+    # Sign the Request object. Use this if you have an externally generated http request object you want to sign.
+    def sign!(request,token=nil, request_options = {})
+      request.oauth!(http,self,token,{:scheme=>scheme}.merge(request_options))
     end
     
-    def auth_method
-      @params[:auth_method]
+    # Return the signature_base_string
+    def signature_base_string(request,token=nil, request_options = {})
+      request.signature_base_string(http,self,token,{:scheme=>scheme}.merge(request_options))
+    end
+
+    def site
+      @options[:site]
+    end
+
+    def scheme
+      @options[:scheme]
     end
     
     def request_token_path
-      @params[:request_token_path]
+      @options[:request_token_path]
     end
     
     def authorize_path
-      @params[:authorize_path]
+      @options[:authorize_path]
     end
     
     def access_token_path
-      @params[:access_token_path]
+      @options[:access_token_path]
     end
-
+    
+    # TODO this is ugly, rewrite
     def request_token_url
-      site+request_token_path
+      @options[:request_token_url]||site+request_token_path
     end
 
     def authorize_url
-      site+authorize_path
+      @options[:authorize_url]||site+authorize_path
     end
 
     def access_token_url
-      site+access_token_path
+      @options[:access_token_url]||site+access_token_path
     end
+
+    protected
+    
+    # create the http request object for a given http_method and path
+    def create_http_request(http_method,path,*arguments)
+      http_method=http_method.to_sym
+      if [:post,:put].include?(http_method)
+        data=arguments.shift
+      end
+      headers=(arguments.first.is_a?(Hash) ? arguments.shift : {})
+      case http_method
+      when :post
+        request=Net::HTTP::Post.new(path,headers)
+      when :put
+        request=Net::HTTP::Put.new(path,headers)
+      when :get
+        request=Net::HTTP::Get.new(path,headers)
+      when :delete
+        request=Net::HTTP::Delete.new(path,headers)
+      when :head
+        request=Net::HTTP::Head.new(path,headers)
+      else
+        raise ArgumentError, "Don't know how to handle http_method: :#{http_method.to_s}"
+      end
+      if data.is_a?(Hash)
+        request.set_form_data(data)
+      elsif data
+        request.body=data.to_s
+      end
+      request
+    end
+    
+    
   end
 end