oauth 0.2.7 → 0.3.0

data/History.txt

@@ -1,3 +1,17 @@
+Fix in plain text signatures to bug found by Andrew Arrow. Who contributed new new unit tests for plain text sigs.
+
+== 0.3.0
+
+* Support ActionController::Request from Edge Rails (László Bácsi)
+* Correctly handle multi-valued parameters (Seth)
+* Added #normalized_parameters to OAuth::RequestProxy::Base (Pelle)
+* OAuth::Signature.sign and friends now yield the RequestProxy instead of the
+  token when the passed block's arity is 1. (Seth)
+* Token requests are made to the configured URL rather than generating a
+  potentially incorrect one.  (Kellan Elliott-McCrea)
+* Command-line app for generating signatures. (Seth)
+* Improved test-cases and compatibility for encoding issues. (Pelle)
+
 == 0.2.7 2008-9-10 The lets fix the last release release
 
 There was an error in the RSA requests using oauth tokens. Thanks to Philip Lipu Tsai for noticing this.

data/Manifest.txt

@@ -1,20 +1,24 @@
 History.txt
 License.txt
 Manifest.txt
-README.txt
+README.rdoc
 Rakefile
-config/hoe.rb
-config/requirements.rb
+TODO
+bin/oauth
 lib/oauth.rb
+lib/oauth/cli.rb
 lib/oauth/client.rb
 lib/oauth/client/action_controller_request.rb
 lib/oauth/client/helper.rb
 lib/oauth/client/net_http.rb
 lib/oauth/consumer.rb
 lib/oauth/helper.rb
+lib/oauth/oauth_test_helper.rb
 lib/oauth/request_proxy.rb
 lib/oauth/request_proxy/action_controller_request.rb
 lib/oauth/request_proxy/base.rb
+lib/oauth/request_proxy/jabber_request.rb
+lib/oauth/request_proxy/mock_request.rb
 lib/oauth/request_proxy/net_http.rb
 lib/oauth/request_proxy/rack_request.rb
 lib/oauth/server.rb
@@ -31,13 +35,22 @@ lib/oauth/signature/rsa/sha1.rb
 lib/oauth/signature/sha1.rb
 lib/oauth/token.rb
 lib/oauth/version.rb
+oauth.gemspec
 script/destroy
 script/generate
 script/txt2html
 setup.rb
+specs.txt
 tasks/deployment.rake
 tasks/environment.rake
 tasks/website.rake
+test/cases/oauth_case.rb
+test/cases/spec/1_0-final/test_construct_request_url.rb
+test/cases/spec/1_0-final/test_normalize_request_parameters.rb
+test/cases/spec/1_0-final/test_parameter_encodings.rb
+test/cases/spec/1_0-final/test_signature_base_strings.rb
+test/keys/rsa.cert
+test/keys/rsa.pem
 test/test_action_controller_request_proxy.rb
 test/test_consumer.rb
 test/test_helper.rb
@@ -45,8 +58,11 @@ test/test_hmac_sha1.rb
 test/test_net_http_client.rb
 test/test_net_http_request_proxy.rb
 test/test_rack_request_proxy.rb
+test/test_rsa_sha1.rb
+test/test_server.rb
 test/test_signature.rb
 test/test_signature_base.rb
+test/test_signature_plain_text.rb
 test/test_token.rb
 website/index.html
 website/index.txt

data/Rakefile

@@ -1,4 +1,34 @@
-require 'config/requirements'
-require 'config/hoe' # setup Hoe + all gem configuration
-
-Dir['tasks/**/*.rake'].each { |rake| load rake }
+%w[rubygems rake rake/clean fileutils newgem rubigen].each { |f| require f }
+$LOAD_PATH << File.dirname(__FILE__) + '/lib'
+require 'oauth'
+require 'oauth/version'
+
+# Generate all the Rake tasks
+# Run 'rake -T' to see list of generated tasks (from gem root directory)
+$hoe = Hoe.new('oauth', OAuth::VERSION) do |p|
+  p.author = ['Pelle Braendgaard','Blaine Cook','Larry Halff','Jesse Clark','Jon Crosby', 'Seth Fitzsimmons']  
+  p.email = "pelleb@gmail.com"
+  p.description = "OAuth Core Ruby implementation"
+  p.summary = p.description
+  p.changes              = p.paragraphs_of("History.txt", 0..1).join("\n\n")
+  p.rubyforge_name       = p.name # TODO this is default value
+  p.url = "http://oauth.rubyforge.org"
+  
+  p.extra_deps         = [
+    ['ruby-hmac','>= 0.3.1']
+  ]
+  p.extra_dev_deps = [
+    ['newgem', ">= #{::Newgem::VERSION}"]
+  ]
+  
+  p.clean_globs |= %w[**/.DS_Store tmp *.log **/.*.sw? *.gem .config **/.DS_Store]
+  path = (p.rubyforge_name == p.name) ? p.rubyforge_name : "\#{p.rubyforge_name}/\#{p.name}"
+  p.remote_rdoc_dir = File.join(path.gsub(/^#{p.rubyforge_name}\/?/,''), 'rdoc')
+  p.rsync_args = '-av --delete --ignore-errors'
+end
+
+require 'newgem/tasks' # load /tasks/*.rake
+Dir['tasks/**/*.rake'].each { |t| load t }
+
+# TODO - want other tests/tasks run by default? Add them to the list
+# task :default => [:spec, :features]

data/TODO

@@ -0,0 +1,14 @@
+Common use-cases should be streamlined:
+
+* I have a URL that I want to sign (given consumer key/secret, optional
+  token/secret, optional nonce/timestamp).
+* I have a URL that I want to sign AND I want to see what the components
+  (e.g. signature base string, etc.) are while it's being signed (i.e. verbose
+  signing).
+* I have a URL that I want to sign and I only want the signature.
+* I have a URL that I want to sign and I want something suitable to put in
+  {the header, the querystring, XMPP}.
+* I want to make a query to an OAuth-enabled web service (with sensible
+  errors, if available).
+* I want to host an OAuth-enabled web service.
+* I want to test my OAuth-enabled web service (i.e. test helpers)

data/bin/oauth

@@ -0,0 +1,5 @@
+#!/usr/bin/env ruby
+
+require "oauth/cli"
+
+OAuth::CLI.execute(STDOUT, ARGV)

data/lib/oauth.rb

@@ -1,3 +1,3 @@
-$:.unshift File.dirname(__FILE__)
-
-module OAuth; end
+require 'oauth/client/helper'
+require 'oauth/signature/hmac/sha1'
+require 'oauth/request_proxy/mock_request'

data/lib/oauth/cli.rb

@@ -0,0 +1,130 @@
+require 'optparse'
+require 'oauth'
+
+module OAuth
+  class CLI
+    SUPPORTED_COMMANDS = %w(sign)
+
+    attr_reader :command
+    attr_reader :options
+    attr_reader :stdout
+
+    def self.execute(stdout, arguments = [])
+      self.new.execute(stdout, arguments)
+    end
+
+    def execute(stdout, arguments = [])
+      @stdout = stdout
+      extract_command_and_parse_options(arguments)
+
+      if sufficient_options? && valid_command?
+        case command
+        when "sign"
+          request = OAuth::RequestProxy.proxy \
+             "method"     => options[:method],
+             "uri"        => options[:uri],
+             "parameters" => prepare_parameters
+
+          # can't pass options unless they respond to :secret, so use this alternative
+          signature = OAuth::Signature.sign \
+            request,
+            :consumer_secret => options[:oauth_consumer_secret],
+            :token_secret    => options[:oauth_token_secret] do |request|
+
+            # while we have access to the request being signed, display some internals
+            if verbose?
+              stdout.puts "Method: #{request.method}"
+              stdout.puts "URI: #{request.uri}"
+              stdout.puts "Normalized params: #{request.normalized_parameters}"
+              stdout.puts "Signature base string: #{request.signature_base_string}"
+            end
+          end
+
+          if verbose?
+            stdout.puts "Signature:         #{signature}"
+            stdout.puts "Escaped signature: #{OAuth::Helper.escape(signature)}"
+          else
+            stdout.puts signature
+          end
+        end
+      else
+        usage
+      end
+    end
+
+    def extract_command_and_parse_options(arguments)
+      @command = arguments[-1]
+      parse_options(arguments[0..-1])
+    end
+
+    def parse_options(arguments)
+      @options = {}
+      OptionParser.new do |opts|
+        opts.banner = "Usage: #{$0} [options] <command>"
+
+        # defaults
+        options[:oauth_signature_method] = "HMAC-SHA1"
+
+        opts.on("--consumer-key KEY", "Specifies the consumer key to use.") do |v|
+          options[:oauth_consumer_key] = v
+        end
+
+        opts.on("--consumer-secret SECRET", "Specifies the consumer secret to use.") do |v|
+          options[:oauth_consumer_secret] = v
+        end
+
+        opts.on("--method METHOD", "Specifies the method (e.g. GET) to use when signing.") do |v|
+          options[:method] = v
+        end
+
+        opts.on("--parameters PARAMS", "Specifies the parameters to use when signing.") do |v|
+          options[:params] = v
+        end
+
+        opts.on("--signature-method METHOD", "Specifies the signature method to use; defaults to HMAC-SHA1.") do |v|
+          options[:oauth_signature_method] = v
+        end
+
+        opts.on("--secret SECRET", "Specifies the token secret to use.") do |v|
+          options[:oauth_token_secret] = v
+        end
+
+        opts.on("--token TOKEN", "Specifies the token to use.") do |v|
+          options[:oauth_token] = v
+        end
+
+        opts.on("--uri URI", "Specifies the URI to use when signing.") do |v|
+          options[:uri] = v
+        end
+
+        opts.on("-v", "--verbose", "Be verbose.") do
+          options[:verbose] = true
+        end
+      end.parse!(arguments)
+    end
+
+    def prepare_parameters
+      {
+        "oauth_consumer_key"     => options[:oauth_consumer_key],
+        "oauth_token"            => options[:oauth_token],
+        "oauth_signature_method" => options[:oauth_signature_method]
+      }.merge(CGI.parse(options[:params]))
+    end
+
+    def sufficient_options?
+      options[:oauth_consumer_key] && options[:oauth_consumer_secret] && options[:method] && options[:uri]
+    end
+
+    def usage
+      stdout.puts "Should be generated by OptionParser"
+    end
+
+    def valid_command?
+      SUPPORTED_COMMANDS.include?(command)
+    end
+
+    def verbose?
+      options[:verbose]
+    end
+  end
+end

data/lib/oauth/client/helper.rb

@@ -38,7 +38,7 @@ module OAuth::Client
         'oauth_timestamp'        => timestamp,
         'oauth_nonce'            => nonce,
         'oauth_version'          => '1.0'
-      }
+      }.reject { |k,v| v == "" }
     end
 
     def signature(extra_options = {})
@@ -60,7 +60,8 @@ module OAuth::Client
 
       header_params_str = parameters.map { |k,v| "#{k}=\"#{escape(v)}\"" }.join(', ')
 
-      return "OAuth realm=\"#{options[:realm]||''}\", #{header_params_str}"
+      realm = "realm=\"#{options[:realm]}\", " if options[:realm]
+      "OAuth #{realm}#{header_params_str}"
     end
 
     def parameters

data/lib/oauth/consumer.rb

@@ -91,7 +91,7 @@ module OAuth
     #  @request_token=@consumer.get_request_token
     #
     def get_request_token(request_options={}, *arguments)
-      response=token_request(http_method,request_token_path, nil, request_options, *arguments)
+      response=token_request(http_method,request_token_url, nil, request_options, *arguments)
       OAuth::RequestToken.new(self,response[:oauth_token],response[:oauth_token_secret])
     end
     

data/lib/oauth/helper.rb

@@ -1,7 +1,10 @@
 require 'openssl'
 require 'base64'
+require 'cgi'
 module OAuth
   module Helper
+    extend self
+
     def escape(value)
       CGI.escape(value.to_s).gsub("%7E", '~').gsub("+", "%20")
     end

data/lib/oauth/oauth_test_helper.rb

@@ -0,0 +1,26 @@
+require 'action_controller'
+require 'action_controller/test_process'
+module OAuth
+  module OAuthTestHelper
+    
+    def mock_incoming_request_with_query(request)
+      incoming=ActionController::TestRequest.new(request.to_hash)
+      incoming.request_uri=request.path
+      incoming.env["SERVER_PORT"]=request.uri.port
+      incoming.host=request.uri.host
+      incoming.env['REQUEST_METHOD']=request.http_method
+      incoming
+    end
+
+    def mock_incoming_request_with_authorize_header(request)
+      incoming=ActionController::TestRequest.new
+      incoming.env["HTTP_AUTHORIZATION"]=request.to_auth_string
+      incoming.request_uri=request.path
+      incoming.env["SERVER_PORT"]=request.uri.port
+      incoming.host=request.uri.host
+      incoming.env['REQUEST_METHOD']=request.http_method
+      incoming
+    end
+  
+  end
+end

data/lib/oauth/request_proxy/action_controller_request.rb

@@ -6,16 +6,14 @@ require 'uri'
 
 module OAuth::RequestProxy
   class ActionControllerRequest < OAuth::RequestProxy::Base
-    proxies ActionController::AbstractRequest
+    proxies(defined?(ActionController::AbstractRequest) ? ActionController::AbstractRequest : ActionController::Request)
 
     def method
       request.method.to_s.upcase
     end
 
     def uri
-      uri = URI.parse(request.protocol + request.host + request.port_string + request.path)
-      uri.query = nil
-      uri.to_s
+      request.url
     end
 
     def parameters

data/lib/oauth/request_proxy/base.rb

@@ -1,7 +1,10 @@
 require 'oauth/request_proxy'
+require 'oauth/helper'
 
 module OAuth::RequestProxy
   class Base
+    include OAuth::Helper
+
     def self.proxies(klass)
       OAuth::RequestProxy.available_proxies[klass] = self
     end
@@ -47,6 +50,34 @@ module OAuth::RequestProxy
       parameters['oauth_signature'] || ""
     end
     
+    # See 9.1.2 in specs
+    def normalized_uri
+      u=URI.parse(uri)
+      "#{u.scheme.downcase}://#{u.host.downcase}#{(u.scheme.downcase=='http'&&u.port!=80)||(u.scheme.downcase=='https'&&u.port!=443) ? ":#{u.port}" : ""}#{(u.path&&u.path!='') ? u.path : '/'}"
+    end
+    
+    # See 9.1.1. in specs Normalize Request Parameters
+    def normalized_parameters
+      parameters_for_signature.sort.map do |k, values|
+
+        if values.is_a?(Array)
+          # multiple values were provided for a single key
+          values.sort.collect do |v|
+            [escape(k),escape(v)] * "="
+          end
+        else
+          [escape(k),escape(values)] * "="
+        end
+      end * "&"
+    end
+    
+    # See 9.1 in specs
+    def signature_base_string
+      base = [method, normalized_uri, normalized_parameters]
+      base.map { |v| escape(v) }.join("&")
+    end
+    
+    
     protected
     
     def header_params

data/lib/oauth/request_proxy/jabber_request.rb

@@ -0,0 +1,42 @@
+require 'xmpp4r'
+require 'oauth/request_proxy/base'
+
+module OAuth
+  module RequestProxy
+    class JabberRequest < OAuth::RequestProxy::Base
+      proxies Jabber::Iq
+      proxies Jabber::Presence
+      proxies Jabber::Message
+
+      def parameters
+        return @params if @params
+
+        @params = {}
+
+        oauth = @request.get_elements('//oauth').first
+        return @params unless oauth
+
+        %w( oauth_token oauth_consumer_key oauth_signature_method oauth_signature
+            oauth_timestamp oauth_nonce oauth_version ).each do |param|
+          next unless element = oauth.first_element(param)
+          @params[param] = element.text
+        end
+
+        @params
+      end
+
+      def method
+        @request.name
+      end
+
+      def uri
+        [@request.from.strip.to_s, @request.to.strip.to_s].join("&")
+      end
+      
+      def normalized_uri
+        uri
+      end
+      
+    end
+  end
+end