oauth 0.3.4 → 0.3.5

data/History.txt

@@ -1,3 +1,13 @@
+== 0.3.5 2009-06-03
+
+* `query` CLI command to access protected resources (Seth)
+* Added -H, -Q CLI options for specifying the authorization scheme (Seth)
+* Added -O CLI option for specifying a file containing options (Seth)
+* Support streamable body contents for large request bodies (Seth Cousins)
+* Support for OAuth 1.0a (Seth)
+* Added proxy support to OAuth::Consumer (Marshall Huss)
+* Added --scope CLI option for Google's 'scope' parameter (Seth)
+
 == 0.3.4 2009-05-06
 
 * OAuth::Client::Helper uses OAuth::VERSION (chadisfaction)

data/examples/yql.rb

@@ -39,6 +39,6 @@ consumer = OAuth::Consumer.new \
 
 access_token = OAuth::AccessToken.new(consumer)
 
-response = access_token.request(:get, url = "/v1/yql?q=#{OAuth::Helper.escape(query)}&format=json")
+response = access_token.request(:get, "/v1/yql?q=#{OAuth::Helper.escape(query)}&format=json")
 rsp = JSON.parse(response.body)
 pp rsp

data/lib/oauth/cli.rb

@@ -6,7 +6,9 @@ module OAuth
     SUPPORTED_COMMANDS = {
       "authorize" => "Obtain an access token and secret for a user",
       "debug"     => "Verbosely generate an OAuth signature",
-      "sign"      => "Generate an OAuth signature"
+      "query"     => "Query a protected resource",
+      "sign"      => "Generate an OAuth signature",
+      "version"   => "Display the current version of the library"
     }
 
     attr_reader :command
@@ -41,38 +43,66 @@ module OAuth
         case command
         # TODO move command logic elsewhere
         when "authorize"
-          # Y! token authority requires realm=yahoo.com when headers are in use
-          # TODO remove :scheme when that's been fixed
-          # TODO determine endpoints w/ X-RDS-Simple
-          consumer = OAuth::Consumer.new \
-            options[:oauth_consumer_key],
-            options[:oauth_consumer_secret],
-            :access_token_url  => options[:access_token_url],
-            :authorize_url     => options[:authorize_url],
-            :request_token_url => options[:request_token_url],
-            :scheme            => :query_string
+          begin
+            consumer = OAuth::Consumer.new \
+              options[:oauth_consumer_key],
+              options[:oauth_consumer_secret],
+              :access_token_url  => options[:access_token_url],
+              :authorize_url     => options[:authorize_url],
+              :request_token_url => options[:request_token_url],
+              :scheme            => options[:scheme]
+
+            # parameters for OAuth 1.0a
+            oauth_verifier = nil
+
+            # get a request token
+            request_token = consumer.get_request_token({ :oauth_callback => options[:oauth_callback] }, { :scope => options[:scope] })
+
+            if request_token.callback_confirmed?
+              stdout.puts "Server appears to support OAuth 1.0a; enabling support."
+              options[:version] = "1.0a"
+            end
 
-          # get a request token
-          request_token = consumer.get_request_token
+            stdout.puts "Please visit this url to authorize:"
+            stdout.puts request_token.authorize_url
 
-          stdout.puts "Please visit this url to authorize:"
-          stdout.puts request_token.authorize_url
+            if options[:version] == "1.0a"
+              stdout.puts "Please enter the verification code provided by the SP (oauth_verifier):"
+              oauth_verifier = stdin.gets.chomp
+            else
+              stdout.puts "Press return to continue..."
+              stdin.gets
+            end
 
-          stdout.puts "Press return to continue..."
-          stdin.gets
+            begin
+              # get an access token
+              access_token = request_token.get_access_token(:oauth_verifier => oauth_verifier)
 
-          begin
-            # get an access token
-            access_token = request_token.get_access_token
-
-            stdout.puts "Response:"
-            access_token.params.each do |k,v|
-              stdout.puts "  #{k}: #{v}"
+              stdout.puts "Response:"
+              access_token.params.each do |k,v|
+                stdout.puts "  #{k}: #{v}" unless k.is_a?(Symbol)
+              end
+            rescue OAuth::Unauthorized => e
+              stderr.puts "A problem occurred while attempting to obtain an access token:"
+              stderr.puts e
+              stderr.puts e.request.body
             end
           rescue OAuth::Unauthorized => e
-            stderr.puts "A problem occurred while attempting to obtain an access token:"
+            stderr.puts "A problem occurred while attempting to authorize:"
             stderr.puts e
+            stderr.puts e.request.body
           end
+        when "query"
+          consumer = OAuth::Consumer.new \
+            options[:oauth_consumer_key],
+            options[:oauth_consumer_secret],
+            :scheme => options[:scheme]
+
+          access_token = OAuth::AccessToken.new(consumer, options[:oauth_token], options[:oauth_token_secret])
+
+          response = access_token.request(options[:method].downcase.to_sym, options[:uri])
+          puts "#{response.code} #{response.message}"
+          puts response.body
         when "sign"
           parameters = prepare_parameters
 
@@ -134,6 +164,8 @@ module OAuth
           else
             stdout.puts request.oauth_signature
           end
+        when "version"
+          puts "OAuth for Ruby #{OAuth::VERSION}"
         end
       else
         usage
@@ -147,7 +179,9 @@ module OAuth
       parse_options(arguments[0..-1])
     end
 
-    def option_parser
+    def option_parser(arguments = "")
+      # TODO add realm parameter
+      # TODO add user-agent parameter
       option_parser = OptionParser.new do |opts|
         opts.banner = "Usage: #{$0} [options] <command>"
 
@@ -157,6 +191,8 @@ module OAuth
         options[:oauth_timestamp] = OAuth::Helper.generate_timestamp
         options[:oauth_version] = "1.0"
         options[:params] = []
+        options[:scheme] = :header
+        options[:version] = "1.0"
 
         ## Common Options
 
@@ -168,7 +204,21 @@ module OAuth
           options[:oauth_consumer_secret] = v
         end
 
-        ## Options for signing
+        opts.on("-H", "--header", "Use the 'Authorization' header for OAuth parameters (default).") do
+          options[:scheme] = :header
+        end
+
+        opts.on("-Q", "--query-string", "Use the query string for OAuth parameters.") do
+          options[:scheme] = :query_string
+        end
+
+        opts.on("-O", "--options FILE", "Read options from a file") do |v|
+          arguments.unshift(*open(v).readlines.map { |l| l.chomp.split(" ") }.flatten)
+        end
+
+        ## Options for signing and making requests
+
+        opts.separator("\n  options for signing and querying")
 
         opts.on("--method METHOD", "Specifies the method (e.g. GET) to use when signing.") do |v|
           options[:method] = v
@@ -206,8 +256,12 @@ module OAuth
           options[:uri] = v
         end
 
-        opts.on("--version VERSION", "Specifies the OAuth version to use.") do |v|
-          options[:oauth_version] = v
+        opts.on(:OPTIONAL, "--version VERSION", "Specifies the OAuth version to use.") do |v|
+          if v
+            options[:oauth_version] = v
+          else
+            @command = "version"
+          end
         end
 
         opts.on("--no-version", "Omit oauth_version.") do
@@ -225,6 +279,8 @@ module OAuth
 
         ## Options for authorization
 
+        opts.separator("\n  options for authorization")
+
         opts.on("--access-token-url URL", "Specifies the access token URL.") do |v|
           options[:access_token_url] = v
         end
@@ -233,14 +289,22 @@ module OAuth
           options[:authorize_url] = v
         end
 
+        opts.on("--callback-url URL", "Specifies a callback URL.") do |v|
+          options[:oauth_callback] = v
+        end
+
         opts.on("--request-token-url URL", "Specifies the request token URL.") do |v|
           options[:request_token_url] = v
         end
+
+        opts.on("--scope SCOPE", "Specifies the scope (Google-specific).") do |v|
+          options[:scope] = v
+        end
       end
     end
 
     def parse_options(arguments)
-      option_parser.parse!(arguments)
+      option_parser(arguments).parse!(arguments)
     end
 
     def prepare_parameters
@@ -274,6 +338,8 @@ module OAuth
         options[:oauth_consumer_key] && options[:oauth_consumer_secret] &&
           options[:access_token_url] && options[:authorize_url] &&
           options[:request_token_url]
+      when "version"
+        true
       else
         options[:oauth_consumer_key] && options[:oauth_consumer_secret] &&
           options[:method] && options[:uri]

data/lib/oauth/client/helper.rb

@@ -29,11 +29,13 @@ module OAuth::Client
 
     def oauth_parameters
       {
+        'oauth_callback'         => options[:oauth_callback],
         'oauth_consumer_key'     => options[:consumer].key,
         'oauth_token'            => options[:token] ? options[:token].token : '',
         'oauth_signature_method' => options[:signature_method],
         'oauth_timestamp'        => timestamp,
         'oauth_nonce'            => nonce,
+        'oauth_verifier'         => options[:oauth_verifier],
         'oauth_version'          => '1.0'
       }.reject { |k,v| v.to_s == "" }
     end

data/lib/oauth/client/net_http.rb

@@ -11,6 +11,12 @@ class Net::HTTPRequest
   # this may add a header, additional query string parameters, or additional POST body parameters.
   # The default scheme is +header+, in which the OAuth parameters as put into the +Authorization+
   # header.
+  # 
+  # * http - Configured Net::HTTP instance
+  # * consumer - OAuth::Consumer instance
+  # * token - OAuth::Token instance
+  # * options - Request-specific options (e.g. +request_uri+, +consumer+, +token+, +scheme+,
+  #   +signature_method+, +nonce+, +timestamp+)
   #
   # This method also modifies the <tt>User-Agent</tt> header to add the OAuth gem version.
   #
@@ -34,7 +40,13 @@ class Net::HTTPRequest
   # on the <tt>options[:scheme]</tt> being used so this must match what will be used for the request
   # itself. The default scheme is +header+, in which the OAuth parameters as put into the +Authorization+
   # header.
-  #
+  # 
+  # * http - Configured Net::HTTP instance
+  # * consumer - OAuth::Consumer instance
+  # * token - OAuth::Token instance
+  # * options - Request-specific options (e.g. +request_uri+, +consumer+, +token+, +scheme+,
+  #   +signature_method+, +nonce+, +timestamp+)
+  # 
   # See Also: {OAuth core spec version 1.0, section 9.1.1}[http://oauth.net/core/1.0#rfc.section.9.1.1]
   def signature_base_string(http, consumer = nil, token = nil, options = {})
     options = { :request_uri      => oauth_full_request_uri(http),

data/lib/oauth/consumer.rb

@@ -25,6 +25,7 @@ module OAuth
       :authorize_path     => '/oauth/authorize',
       :access_token_path  => '/oauth/access_token',
 
+      :proxy              => nil,
       # How do we send the oauth values to the server see
       # http://oauth.net/core/1.0/#consumer_req_param for more info
       #
@@ -97,18 +98,40 @@ module OAuth
       end
     end
 
+    def get_access_token(request_token, request_options = {}, *arguments)
+      response = token_request(http_method, (access_token_url? ? access_token_url : access_token_path), request_token, request_options, *arguments)
+      OAuth::AccessToken.from_hash(self, response)
+    end
+
     # Makes a request to the service for a new OAuth::RequestToken
     #
     #  @request_token = @consumer.get_request_token
     #
+    # To include OAuth parameters:
+    #
+    #  @request_token = @consumer.get_request_token \
+    #    :oauth_callback => "http://example.com/cb"
+    #
+    # To include application-specific parameters:
+    #
+    #  @request_token = @consumer.get_request_token({}, :foo => "bar")
+    #
+    # TODO oauth_callback should be a mandatory parameter
     def get_request_token(request_options = {}, *arguments)
+      # if oauth_callback wasn't provided, it is assumed that oauth_verifiers
+      # will be exchanged out of band
+      request_options[:oauth_callback] ||= OAuth::OUT_OF_BAND
+
       response = token_request(http_method, (request_token_url? ? request_token_url : request_token_path), nil, request_options, *arguments)
-      OAuth::RequestToken.new(self, response[:oauth_token], response[:oauth_token_secret])
+      OAuth::RequestToken.from_hash(self, response)
     end
 
     # Creates, signs and performs an http request.
     # It's recommended to use the OAuth::Token classes to set this up correctly.
-    # The arguments parameters are a hash or string encoded set of parameters if it's a post request as well as optional http headers.
+    # request_options take precedence over consumer-wide options when signing
+    #   a request.
+    # arguments are POST and PUT bodies (a Hash, string-encoded parameters, or
+    #   absent), followed by additional HTTP headers.
     #
     #   @consumer.request(:get,  '/people', @token, { :scheme => :query_string })
     #   @consumer.request(:post, '/people', @token, {}, @person.to_xml, { 'Content-Type' => 'application/xml' })
@@ -159,7 +182,14 @@ module OAuth
       case response.code.to_i
 
       when (200..299)
-        CGI.parse(response.body).inject({}) { |h,(k,v)| h[k.to_sym] = v.first; h }
+        # symbolize keys
+        # TODO this could be considered unexpected behavior; symbols or not?
+        # TODO this also drops subsequent values from multi-valued keys
+        CGI.parse(response.body).inject({}) do |h,(k,v)|
+          h[k.to_sym] = v.first
+          h[k]        = v.first
+          h
+        end
       when (300..399)
         # this is a redirect
         response.error!
@@ -225,6 +255,10 @@ module OAuth
       @options.has_key?(:access_token_url)
     end
 
+    def proxy
+      @options[:proxy]
+    end
+
   protected
 
     # Instantiates the http object
@@ -235,7 +269,12 @@ module OAuth
         our_uri = URI.parse(_url)
       end
 
-      http_object = Net::HTTP.new(our_uri.host, our_uri.port)
+      if proxy.nil?
+        http_object = Net::HTTP.new(our_uri.host, our_uri.port)
+      else
+        proxy_uri = proxy.is_a?(URI) ? proxy : URI.parse(proxy)
+        http_object = Net::HTTP.new(our_uri.host, our_uri.port, proxy_uri.host, proxy_uri.port, proxy_uri.user, proxy_uri.password)
+      end
 
       http_object.use_ssl = (our_uri.scheme == 'https')
 
@@ -255,7 +294,7 @@ module OAuth
       http_method = http_method.to_sym
 
       if [:post, :put].include?(http_method)
-        data = arguments.shift
+        data = (arguments.shift || {}).reject { |k,v| v.nil? }
       end
 
       headers = arguments.first.is_a?(Hash) ? arguments.shift : {}
@@ -280,8 +319,19 @@ module OAuth
       if data.is_a?(Hash)
         request.set_form_data(data)
       elsif data
-        request.body = data.to_s
-        request["Content-Length"] = request.body.length
+        if data.respond_to?(:read)
+          request.body_stream = data
+          if data.respond_to?(:length)
+            request["Content-Length"] = data.length
+          elsif data.respond_to?(:stat) && data.stat.respond_to?(:size)
+            request["Content-Length"] = data.stat.size
+          else
+            raise ArgumentError, "Don't know how to send a body_stream that doesn't respond to .length or .stat.size"
+          end
+        else
+          request.body = data.to_s
+          request["Content-Length"] = request.body.length
+        end
       end
 
       request

data/lib/oauth/oauth.rb

@@ -1,6 +1,10 @@
 module OAuth
+  # request tokens are passed between the consumer and the provider out of
+  # band (i.e. callbacks cannot be used), per section 6.1.1
+  OUT_OF_BAND = "oob"
+
   # required parameters, per sections 6.1.1, 6.3.1, and 7
-  PARAMETERS = %w(oauth_consumer_key oauth_token oauth_signature_method oauth_timestamp oauth_nonce oauth_version oauth_signature)
+  PARAMETERS = %w(oauth_callback oauth_consumer_key oauth_token oauth_signature_method oauth_timestamp oauth_nonce oauth_verifier oauth_version oauth_signature)
 
   # reserved character regexp, per section 5.1
   RESERVED_CHARACTERS = /[^a-zA-Z0-9\-\.\_\~]/

data/lib/oauth/request_proxy/action_controller_request.rb

@@ -1,4 +1,5 @@
 require 'active_support'
+require 'action_controller'
 require 'action_controller/request'
 require 'oauth/request_proxy/base'
 require 'uri'

data/lib/oauth/request_proxy/base.rb

@@ -18,6 +18,10 @@ module OAuth::RequestProxy
 
     ## OAuth parameters
 
+    def oauth_callback
+      parameters['oauth_callback']
+    end
+
     def oauth_consumer_key
       parameters['oauth_consumer_key']
     end
@@ -48,6 +52,10 @@ module OAuth::RequestProxy
       parameters['oauth_token']
     end
 
+    def oauth_verifier
+      parameters['oauth_verifier']
+    end
+
     def oauth_version
       parameters["oauth_version"]
     end

data/lib/oauth/tokens/consumer_token.rb

@@ -13,6 +13,7 @@ module OAuth
     def initialize(consumer, token="", secret="")
       super(token, secret)
       @consumer = consumer
+      @params   = {}
     end
 
     # Make a signed request using given http_method to the path

data/lib/oauth/tokens/request_token.rb

@@ -9,6 +9,10 @@ module OAuth
       build_authorize_url(consumer.authorize_url, params)
     end
 
+    def callback_confirmed?
+      params[:oauth_callback_confirmed] == "true"
+    end
+
     # exchange for AccessToken on server
     def get_access_token(options = {}, *arguments)
       response = consumer.token_request(consumer.http_method, (consumer.access_token_url? ? consumer.access_token_url : consumer.access_token_path), self, options, *arguments)

data/lib/oauth/version.rb

@@ -1,3 +1,3 @@
 module OAuth #:nodoc:
-  VERSION = '0.3.4'
+  VERSION = '0.3.5'
 end

data/oauth.gemspec

@@ -2,11 +2,11 @@
 
 Gem::Specification.new do |s|
   s.name = %q{oauth}
-  s.version = "0.3.4"
+  s.version = "0.3.5"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Pelle Braendgaard", "Blaine Cook", "Larry Halff", "Jesse Clark", "Jon Crosby", "Seth Fitzsimmons", "Matt Sanford"]
-  s.date = %q{2009-05-06}
+  s.date = %q{2009-06-03}
   s.default_executable = %q{oauth}
   s.description = %q{OAuth Core Ruby implementation}
   s.email = %q{oauth-ruby@googlegroups.com}

data/test/test_consumer.rb

@@ -1,6 +1,7 @@
 require File.dirname(__FILE__) + '/test_helper'
 require 'oauth/consumer'
 require 'oauth/signature/rsa/sha1'
+require 'stringio'
 
 
 # This performs testing against Andy Smith's test server http://term.ie/oauth/example/
@@ -12,6 +13,7 @@ class ConsumerTest < Test::Unit::TestCase
         'consumer_key_86cad9', '5888bf0345e5d237',
         {
         :site=>"http://blabla.bla",
+        :proxy=>"http://user:password@proxy.bla:8080",
         :request_token_path=>"/oauth/example/request_token.php",
         :access_token_path=>"/oauth/example/access_token.php",
         :authorize_path=>"/oauth/example/authorize.php",
@@ -30,6 +32,7 @@ class ConsumerTest < Test::Unit::TestCase
     assert_equal "consumer_key_86cad9",@consumer.key
     assert_equal "5888bf0345e5d237",@consumer.secret
     assert_equal "http://blabla.bla",@consumer.site
+    assert_equal "http://user:password@proxy.bla:8080",@consumer.proxy
     assert_equal "/oauth/example/request_token.php",@consumer.request_token_path
     assert_equal "/oauth/example/access_token.php",@consumer.access_token_path
     assert_equal "http://blabla.bla/oauth/example/request_token.php",@consumer.request_token_url
@@ -49,6 +52,7 @@ class ConsumerTest < Test::Unit::TestCase
     assert_equal "key",@consumer.key
     assert_equal "secret",@consumer.secret
     assert_equal "http://twitter.com",@consumer.site
+    assert_nil    @consumer.proxy
     assert_equal "/oauth/request_token",@consumer.request_token_path
     assert_equal "/oauth/access_token",@consumer.access_token_path
     assert_equal "http://twitter.com/oauth/request_token",@consumer.request_token_url
@@ -318,10 +322,43 @@ class ConsumerTest < Test::Unit::TestCase
       debug)
   end
 
+  def test_post_with_body_stream
+    @consumer=OAuth::Consumer.new( 
+        "key",
+        "secret",
+        {
+        :site=>"http://term.ie",
+        :request_token_path=>"/oauth/example/request_token.php",
+        :access_token_path=>"/oauth/example/access_token.php",
+        :authorize_path=>"/oauth/example/authorize.php"
+        })
+    
+    
+    @request_token=@consumer.get_request_token
+    @access_token=@request_token.get_access_token
+
+    request_body_string = "Hello, hello, hello"
+    request_body_stream = StringIO.new( request_body_string )
+
+    @response=@access_token.post("/oauth/example/echo_api.php",request_body_stream)
+    assert_not_nil @response
+    assert_equal "200",@response.code
+
+    request_body_file = File.open(__FILE__)
+
+    @response=@access_token.post("/oauth/example/echo_api.php",request_body_file)
+    assert_not_nil @response
+    assert_equal "200",@response.code
+
+    # unfortunately I don't know of a way to test that the body data was received correctly since the test server at http://term.ie
+    # echos back any non-oauth parameters but not the body.  However, this does test that the request is still correctly signed 
+    # (including the Content-Length header) and that the server received Content-Length bytes of body since it won't process the
+    # request & respond until the full body length is received.
+  end
+
   protected
 
   def request_parameters_to_s
     @request_parameters.map { |k,v| "#{k}=#{v}" }.join("&")
   end
-  
 end

data/website/index.html

@@ -33,7 +33,7 @@
     <h1>Ruby OAuth GEM</h1>
     <div id="version" class="clickable" onclick='document.location = "http://rubyforge.org/projects/oauth"; return false'>
       <p>Get Version</p>
-      <a href="http://rubyforge.org/projects/oauth" class="numbers">0.3.4</a>
+      <a href="http://rubyforge.org/projects/oauth" class="numbers">0.3.5</a>
     </div>
     <h2>What</h2>
 <p>This is a RubyGem for implementing both OAuth clients and servers in Ruby applications.</p>

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: oauth
 version: !ruby/object:Gem::Version 
-  version: 0.3.4
+  version: 0.3.5
 platform: ruby
 authors: 
 - Pelle Braendgaard
@@ -14,7 +14,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2009-05-06 00:00:00 +05:30
+date: 2009-06-03 00:00:00 -07:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency