oauth 0.3.6 → 0.3.7.pre1

data/.gitignore

@@ -0,0 +1 @@
+pkg/*

data/History.txt

@@ -1,3 +1,19 @@
+== 0.3.7
+* Better marshalling implementation (Yoan Blanc)
+* Added optional block to OAuth::Consumer.get_*_token (Neill Pearman)
+* Exclude `oauth_callback` with :exclude_callback (Neill Pearman)
+* Strip extraneous spaces and line breaks from access_token responses
+  (observed in the wild with Yahoo!'s OAuth+OpenID hybrid) (Eric Hartmann)
+* Stop double-escaping PLAINTEXT signatures (Jimmy Zimmerman)
+* OAuth::Client::Helper won't override the specified `oauth_version`
+  (Philip Kromer)
+* Support for Ruby 1.9 (Aaron Quint, Corey Donahoe, et al)
+* Fixed an encoding / multibyte issue (成田 一生)
+* Replaced hoe with Jeweler (Aaron Quint)
+* Support for Typhoeus (Bill Kocik)
+* Support for em-http (EventMachine) (Darcy Laycock)
+* Support for curb (André Luis Leal Cardoso Junior)
+
 == 0.3.6 2009-09-14
 
 * Added -B CLI option to use the :body authentication scheme (Seth)

data/Manifest.txt

@@ -13,6 +13,7 @@ lib/oauth/client.rb
 lib/oauth/client/action_controller_request.rb
 lib/oauth/client/helper.rb
 lib/oauth/client/net_http.rb
+lib/oauth/client/em_http.rb
 lib/oauth/consumer.rb
 lib/oauth/errors.rb
 lib/oauth/errors/error.rb
@@ -27,6 +28,7 @@ lib/oauth/request_proxy/jabber_request.rb
 lib/oauth/request_proxy/mock_request.rb
 lib/oauth/request_proxy/net_http.rb
 lib/oauth/request_proxy/rack_request.rb
+lib/oauth/request_proxy/em_http_request.rb
 lib/oauth/server.rb
 lib/oauth/signature.rb
 lib/oauth/signature/base.rb

data/README.rdoc

@@ -37,8 +37,21 @@ When user returns create an access_token
   @access_token = @request_token.get_access_token
   @photos = @access_token.get('/photos.xml')
 
+Now that you have an access token, you can use Typhoeus to interact with the OAuth provider if you choose.
+
+  oauth_params = {:consumer => oauth_consumer, :token => access_token}
+  hydra = Typhoeus::Hydra.new
+  req = Typhoeus::Request.new(uri, options) 
+  oauth_helper = OAuth::Client::Helper.new(req, oauth_params.merge(:request_uri => uri))
+  req.headers.merge!({"Authorization" => oauth_helper.header}) # Signs the request
+  hydra.queue(req)
+  hydra.run
+  @response = req.response
+
 For more detailed instructions I have written this OAuth Client Tutorial http://stakeventures.com/articles/2008/02/23/developing-oauth-clients-in-ruby and "How to turn your rails site into an OAuth Provider ":http://stakeventures.com/articles/2007/11/26/how-to-turn-your-rails-site-into-an-oauth-provider .
 
+If you wish to use em-http-request, you can find an example "in the official em-http-request repository":http://github.com/igrigorik/em-http-request/blob/master/examples/oauth-tweet.rb
+
 Finally be sure to check out the OAuth RDoc Manual http://oauth.rubyforge.org/rdoc/ .
 
 == Documentation Wiki

data/Rakefile

@@ -1,36 +1,36 @@
-%w[rubygems rake rake/clean fileutils newgem rubigen hoe].each { |f| require f }
+%w[rubygems rake rake/clean rake/testtask fileutils].each { |f| require f }
 $LOAD_PATH << File.dirname(__FILE__) + '/lib'
 require 'oauth'
 require 'oauth/version'
 
-# Generate all the Rake tasks
-# Run 'rake -T' to see list of generated tasks (from gem root directory)
-$hoe = Hoe.new('oauth', OAuth::VERSION) do |p|
-  p.author = ['Pelle Braendgaard','Blaine Cook','Larry Halff','Jesse Clark','Jon Crosby', 'Seth Fitzsimmons']
-  p.email = "oauth-ruby@googlegroups.com"
-  p.description = "OAuth Core Ruby implementation"
-  p.summary = p.description
-  p.changes              = p.paragraphs_of("History.txt", 0..1).join("\n\n")
-  p.rubyforge_name       = p.name # TODO this is default value
-  p.url = "http://oauth.rubyforge.org"
-
-  p.extra_deps         = [
-    ['ruby-hmac','>= 0.3.1']
-  ]
-  p.extra_dev_deps = [
-    ['newgem', ">= #{::Newgem::VERSION}"],
-    ['actionpack'],
-    ['rack']
-  ]
+begin
+  require 'jeweler'
+  Jeweler::Tasks.new do |s|
+    s.name = %q{oauth}
+    s.version = OAuth::VERSION
+    s.date = %q{2009-08-10}
+    s.authors = ["Pelle Braendgaard", "Blaine Cook", "Larry Halff", "Jesse Clark", "Jon Crosby", "Seth Fitzsimmons", "Matt Sanford", "Aaron Quint"]
+    s.email = "oauth-ruby@googlegroups.com"
+    s.description = "OAuth Core Ruby implementation"
+    s.summary = s.description
+    s.rubyforge_project = %q{oauth}
+    s.add_development_dependency(%q<actionpack>, [">= 2.2.0"])
+    s.add_development_dependency(%q<rack>, [">= 1.0.0"])
+    s.add_development_dependency(%q<mocha>, [">= 0.9.8"])
+    s.add_development_dependency(%q<typhoeus>, [">= 0.1.13"])
+    s.add_development_dependency(%q<em-http-request>)
+  end
+  Jeweler::GemcutterTasks.new
+rescue LoadError
+  puts "Jeweler (or a dependency) not available. Install it with: sudo gem install jeweler"
+end
 
-  p.clean_globs |= %w[**/.DS_Store tmp *.log **/.*.sw? *.gem .config **/.DS_Store]
-  path = (p.rubyforge_name == p.name) ? p.rubyforge_name : "\#{p.rubyforge_name}/\#{p.name}"
-  p.remote_rdoc_dir = File.join(path.gsub(/^#{p.rubyforge_name}\/?/,''), 'rdoc')
-  p.rsync_args = '-av --delete --ignore-errors'
+Rake::TestTask.new do |t|
+  t.libs << "test"
+  t.test_files = FileList['test/*test*.rb']
+  t.verbose = true
 end
 
-require 'newgem/tasks' # load /tasks/*.rake
 Dir['tasks/**/*.rake'].each { |t| load t }
 
-# TODO - want other tests/tasks run by default? Add them to the list
-# task :default => [:spec, :features]
+task :default => :test

data/TODO

@@ -29,3 +29,4 @@ Random TODOs:
 * sensible Exception hierarchy
 * Tokens as Modules
 * don't tie to Net::HTTP
+* Take a look at Curb HTTP Verbs

data/lib/digest/hmac.rb

@@ -0,0 +1,104 @@
+# = digest/hmac.rb
+#
+# An implementation of HMAC keyed-hashing algorithm
+#
+# == Overview 
+# 
+# This library adds a method named hmac() to Digest classes, which
+# creates a Digest class for calculating HMAC digests.
+#
+# == Examples
+#
+#   require 'digest/hmac'
+#
+#   # one-liner example
+#   puts Digest::HMAC.hexdigest("data", "hash key", Digest::SHA1)
+#
+#   # rather longer one
+#   hmac = Digest::HMAC.new("foo", Digest::RMD160)
+#
+#   buf = ""
+#   while stream.read(16384, buf)
+#     hmac.update(buf)
+#   end
+#
+#   puts hmac.bubblebabble
+#
+# == License
+#
+# Copyright (c) 2006 Akinori MUSHA <knu@iDaemons.org>
+#
+# Documentation by Akinori MUSHA
+#
+# All rights reserved.  You can redistribute and/or modify it under
+# the same terms as Ruby.
+#
+#   $Id: hmac.rb 14881 2008-01-04 07:26:14Z akr $
+#
+
+require 'digest'
+
+unless defined?(Digest::HMAC)
+  module Digest
+    class HMAC < Digest::Class
+      def initialize(key, digester)
+        @md = digester.new
+
+        block_len = @md.block_length
+
+        if key.bytesize > block_len
+          key = @md.digest(key)
+        end
+
+        ipad = Array.new(block_len).fill(0x36)
+        opad = Array.new(block_len).fill(0x5c)
+
+        key.bytes.each_with_index { |c, i|
+          ipad[i] ^= c
+          opad[i] ^= c
+        }
+
+        @key = key.freeze
+        @ipad = ipad.inject('') { |s, c| s << c.chr }.freeze
+        @opad = opad.inject('') { |s, c| s << c.chr }.freeze
+        @md.update(@ipad)
+      end
+
+      def initialize_copy(other)
+        @md = other.instance_eval { @md.clone }
+      end
+
+      def update(text)
+        @md.update(text)
+        self
+      end
+      alias << update
+
+      def reset
+        @md.reset
+        @md.update(@ipad)
+        self
+      end
+
+      def finish
+        d = @md.digest!
+        @md.update(@opad)
+        @md.update(d)
+        @md.digest!
+      end
+      private :finish
+
+      def digest_length
+        @md.digest_length
+      end
+
+      def block_length
+        @md.block_length
+      end
+
+      def inspect
+        sprintf('#<%s: key=%s, digest=%s>', self.class.name, @key.inspect, @md.inspect.sub(/^\#<(.*)>$/) { $1 });
+      end
+    end
+  end
+end

data/lib/oauth.rb

@@ -1,4 +1,8 @@
+$LOAD_PATH << File.dirname(__FILE__) unless $LOAD_PATH.include?(File.dirname(__FILE__))
+
 require 'oauth/oauth'
+require 'oauth/core_ext'
+
 require 'oauth/client/helper'
 require 'oauth/signature/hmac/sha1'
-require 'oauth/request_proxy/mock_request'
+require 'oauth/request_proxy/mock_request'

data/lib/oauth/client/action_controller_request.rb

@@ -5,7 +5,7 @@ require 'action_controller/test_process'
 module ActionController
   class Base
     def process_with_oauth(request, response=nil)
-      request.apply_oauth!
+      request.apply_oauth! if request.respond_to?(:apply_oauth!)
       process_without_oauth(request, response)
     end
 

data/lib/oauth/client/em_http.rb

@@ -0,0 +1,94 @@
+require 'em-http'
+require 'oauth/helper'
+require 'oauth/client/helper'
+require 'oauth/request_proxy/em_http_request'
+
+# Extensions for em-http so that we can use consumer.sign! with an EventMachine::HttpClient
+# instance. This is purely syntactic sugar.
+class EventMachine::HttpClient
+
+  attr_reader :oauth_helper
+
+  # Add the OAuth information to an HTTP request. Depending on the <tt>options[:scheme]</tt> setting
+  # this may add a header, additional query string parameters, or additional POST body parameters.
+  # The default scheme is +header+, in which the OAuth parameters as put into the +Authorization+
+  # header.
+  # 
+  # * http - Configured Net::HTTP instance, ignored in this scenario except for getting host.
+  # * consumer - OAuth::Consumer instance
+  # * token - OAuth::Token instance
+  # * options - Request-specific options (e.g. +request_uri+, +consumer+, +token+, +scheme+,
+  #   +signature_method+, +nonce+, +timestamp+)
+  #
+  # This method also modifies the <tt>User-Agent</tt> header to add the OAuth gem version.
+  #
+  # See Also: {OAuth core spec version 1.0, section 5.4.1}[http://oauth.net/core/1.0#rfc.section.5.4.1]
+  def oauth!(http, consumer = nil, token = nil, options = {})
+    options = { :request_uri      => normalized_oauth_uri(http),
+                :consumer         => consumer,
+                :token            => token,
+                :scheme           => 'header',
+                :signature_method => nil,
+                :nonce            => nil,
+                :timestamp        => nil }.merge(options)
+
+    @oauth_helper = OAuth::Client::Helper.new(self, options)
+    self.__send__(:"set_oauth_#{options[:scheme]}")
+  end
+
+  # Create a string suitable for signing for an HTTP request. This process involves parameter
+  # normalization as specified in the OAuth specification. The exact normalization also depends
+  # on the <tt>options[:scheme]</tt> being used so this must match what will be used for the request
+  # itself. The default scheme is +header+, in which the OAuth parameters as put into the +Authorization+
+  # header.
+  # 
+  # * http - Configured Net::HTTP instance
+  # * consumer - OAuth::Consumer instance
+  # * token - OAuth::Token instance
+  # * options - Request-specific options (e.g. +request_uri+, +consumer+, +token+, +scheme+,
+  #   +signature_method+, +nonce+, +timestamp+)
+  # 
+  # See Also: {OAuth core spec version 1.0, section 9.1.1}[http://oauth.net/core/1.0#rfc.section.9.1.1]
+  def signature_base_string(http, consumer = nil, token = nil, options = {})
+    options = { :request_uri      => normalized_oauth_uri(http),
+                :consumer         => consumer,
+                :token            => token,
+                :scheme           => 'header',
+                :signature_method => nil,
+                :nonce            => nil,
+                :timestamp        => nil }.merge(options)
+
+    OAuth::Client::Helper.new(self, options).signature_base_string
+  end
+
+  protected
+
+  # Since we expect to get the host etc details from the http instance (...),
+  # we create a fake url here. Surely this is a horrible, horrible idea?
+  def normalized_oauth_uri(http)
+    uri = URI.parse(normalize_uri.path)
+    uri.host = http.address
+    uri.port = http.port
+
+    if http.respond_to?(:use_ssl?) && http.use_ssl?
+      uri.scheme = "https"
+    else
+      uri.scheme = "http"
+    end
+    uri.to_s
+  end
+
+  def set_oauth_header
+    headers = (self.options[:head] ||= {})
+    headers['Authorization'] = @oauth_helper.header
+  end
+
+  def set_oauth_body
+    raise NotImplementedError, 'please use the set_oauth_header method instead'
+  end
+
+  def set_oauth_query_string
+    raise NotImplementedError, 'please use the set_oauth_header method instead'
+  end
+  
+end

data/lib/oauth/client/helper.rb

@@ -36,14 +36,16 @@ module OAuth::Client
         'oauth_timestamp'        => timestamp,
         'oauth_nonce'            => nonce,
         'oauth_verifier'         => options[:oauth_verifier],
-        'oauth_version'          => '1.0'
+        'oauth_version'          => (options[:oauth_version] || '1.0')
       }.reject { |k,v| v.to_s == "" }
     end
 
     def signature(extra_options = {})
       OAuth::Signature.sign(@request, { :uri      => options[:request_uri],
                                         :consumer => options[:consumer],
-                                        :token    => options[:token] }.merge(extra_options) )
+                                        :token    => options[:token],
+                                        :unsigned_parameters => options[:unsigned_parameters]
+      }.merge(extra_options) )
     end
 
     def signature_base_string(extra_options = {})
@@ -55,7 +57,8 @@ module OAuth::Client
 
     def amend_user_agent_header(headers)
       @oauth_ua_string ||= "OAuth gem v#{OAuth::VERSION}"
-      if headers['User-Agent']
+      # Net::HTTP in 1.9 appends Ruby
+      if headers['User-Agent'] && headers['User-Agent'] != 'Ruby' 
         headers['User-Agent'] += " (#{@oauth_ua_string})"
       else
         headers['User-Agent'] = @oauth_ua_string
@@ -66,7 +69,7 @@ module OAuth::Client
       parameters = oauth_parameters
       parameters.merge!('oauth_signature' => signature(options.merge(:parameters => parameters)))
 
-      header_params_str = parameters.map { |k,v| "#{k}=\"#{escape(v)}\"" }.join(', ')
+      header_params_str = parameters.sort.map { |k,v| "#{k}=\"#{escape(v)}\"" }.join(', ')
 
       realm = "realm=\"#{options[:realm]}\", " if options[:realm]
       "OAuth #{realm}#{header_params_str}"

data/lib/oauth/client/net_http.rb

@@ -80,18 +80,21 @@ private
     self['Authorization'] = @oauth_helper.header
   end
 
-  # FIXME: if you're using a POST body and query string parameters, using this
-  # method will convert those parameters on the query string into parameters in
-  # the body. this is broken, and should be fixed.
+  # FIXME: if you're using a POST body and query string parameters, this method
+  # will move query string parameters into the body unexpectedly. This may
+  # cause problems with non-x-www-form-urlencoded bodies submitted to URLs
+  # containing query string params. If duplicate parameters are present in both
+  # places, all instances should be included when calculating the signature
+  # base string.
+
   def set_oauth_body
-    self.set_form_data(@oauth_helper.parameters_with_oauth)
+    self.set_form_data(@oauth_helper.stringify_keys(@oauth_helper.parameters_with_oauth))
     params_with_sig = @oauth_helper.parameters.merge(:oauth_signature => @oauth_helper.signature)
-    self.set_form_data(params_with_sig)
+    self.set_form_data(@oauth_helper.stringify_keys(params_with_sig))
   end
 
   def set_oauth_query_string
     oauth_params_str = @oauth_helper.oauth_parameters.map { |k,v| [escape(k), escape(v)] * "=" }.join("&")
-
     uri = URI.parse(path)
     if uri.query.to_s == ""
       uri.query = oauth_params_str

data/lib/oauth/consumer.rb

@@ -3,6 +3,7 @@ require 'net/https'
 require 'oauth/oauth'
 require 'oauth/client/net_http'
 require 'oauth/errors'
+require 'cgi'
 
 module OAuth
   class Consumer
@@ -75,9 +76,9 @@ module OAuth
       @secret = consumer_secret
 
       # ensure that keys are symbols
-      @options = @@default_options.merge(options.inject({}) { |options, (key, value)|
-        options[key.to_sym] = value
-        options
+      @options = @@default_options.merge(options.inject({}) { |opts, (key, value)|
+        opts[key.to_sym] = value
+        opts
       })
     end
 
@@ -101,8 +102,8 @@ module OAuth
       end
     end
 
-    def get_access_token(request_token, request_options = {}, *arguments)
-      response = token_request(http_method, (access_token_url? ? access_token_url : access_token_path), request_token, request_options, *arguments)
+    def get_access_token(request_token, request_options = {}, *arguments, &block)
+      response = token_request(http_method, (access_token_url? ? access_token_url : access_token_path), request_token, request_options, *arguments, &block)
       OAuth::AccessToken.from_hash(self, response)
     end
 
@@ -120,12 +121,20 @@ module OAuth
     #  @request_token = @consumer.get_request_token({}, :foo => "bar")
     #
     # TODO oauth_callback should be a mandatory parameter
-    def get_request_token(request_options = {}, *arguments)
+    def get_request_token(request_options = {}, *arguments, &block)
       # if oauth_callback wasn't provided, it is assumed that oauth_verifiers
       # will be exchanged out of band
-      request_options[:oauth_callback] ||= OAuth::OUT_OF_BAND
-
-      response = token_request(http_method, (request_token_url? ? request_token_url : request_token_path), nil, request_options, *arguments)
+      request_options[:oauth_callback] ||= OAuth::OUT_OF_BAND unless request_options[:exclude_callback]
+
+      if block_given?
+        response = token_request(http_method,
+                                 (request_token_url? ? request_token_url : request_token_path),
+                                 nil,
+                                 request_options,
+                                 *arguments, &block)
+      else
+        response = token_request(http_method, (request_token_url? ? request_token_url : request_token_path), nil, request_options, *arguments)
+      end
       OAuth::RequestToken.from_hash(self, response)
     end
 
@@ -146,13 +155,16 @@ module OAuth
         path = "#{_uri.path}#{_uri.query ? "?#{_uri.query}" : ""}"
       end
 
-      rsp = http.request(create_signed_request(http_method, path, token, request_options, *arguments))
+      # override the request with your own, this is useful for file uploads which Net::HTTP does not do
+      req = create_signed_request(http_method, path, token, request_options, *arguments)
+      return nil if block_given? and yield(req) == :done
+      rsp = http.request(req)
 
       # check for an error reported by the Problem Reporting extension
       # (http://wiki.oauth.net/ProblemReporting)
       # note: a 200 may actually be an error; check for an oauth_problem key to be sure
       if !(headers = rsp.to_hash["www-authenticate"]).nil? &&
-        (h = headers.select { |h| h =~ /^OAuth / }).any? &&
+        (h = headers.select { |hdr| hdr =~ /^OAuth / }).any? &&
         h.first =~ /oauth_problem/
 
         # puts "Header: #{h.first}"
@@ -181,17 +193,20 @@ module OAuth
     # Creates a request and parses the result as url_encoded. This is used internally for the RequestToken and AccessToken requests.
     def token_request(http_method, path, token = nil, request_options = {}, *arguments)
       response = request(http_method, path, token, request_options, *arguments)
-
       case response.code.to_i
 
       when (200..299)
-        # symbolize keys
-        # TODO this could be considered unexpected behavior; symbols or not?
-        # TODO this also drops subsequent values from multi-valued keys
-        CGI.parse(response.body).inject({}) do |h,(k,v)|
-          h[k.to_sym] = v.first
-          h[k]        = v.first
-          h
+        if block_given?
+          yield response.body
+        else
+          # symbolize keys
+          # TODO this could be considered unexpected behavior; symbols or not?
+          # TODO this also drops subsequent values from multi-valued keys
+          CGI.parse(response.body).inject({}) do |h,(k,v)|
+            h[k.strip.to_sym] = v.first
+            h[k.strip]        = v.first
+            h
+          end
         end
       when (300..399)
         # this is a redirect
@@ -298,7 +313,6 @@ module OAuth
 
       if [:post, :put].include?(http_method)
         data = arguments.shift
-        data.reject! { |k,v| v.nil? } if data.is_a?(Hash)
       end
 
       headers = arguments.first.is_a?(Hash) ? arguments.shift : {}
@@ -321,7 +335,9 @@ module OAuth
       end
 
       if data.is_a?(Hash)
-        request.set_form_data(data)
+        form_data = {}
+        data.each {|k,v| form_data[k.to_s] = v if !v.nil?} 
+        request.set_form_data(form_data)
       elsif data
         if data.respond_to?(:read)
           request.body_stream = data
@@ -341,11 +357,15 @@ module OAuth
       request
     end
 
-    # Unset cached http instance because it cannot be marshalled when
-    # it has already been used and use_ssl is set to true
     def marshal_dump(*args)
-      @http = nil
-      self
+      {:key => @key,
+       :secret => @secret,
+       :options => @options}
+    end
+
+    def marshal_load(data)
+      initialize(data[:key], data[:secret], data[:options])
     end
+
   end
 end