oauth2 0.9.4 → 1.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 1f08c4d28879362b39b7c95041febcf876970cc6
-  data.tar.gz: 22b630f65b3bae6df564836c8c67dfe81172c309
+  metadata.gz: 5a7e97c3a76d87a0499aa0cd5f9b908df43f5b91
+  data.tar.gz: 390e6188e44d5e7eb909a29141b63dc05276608d
 SHA512:
-  metadata.gz: cf71ffafcd8e2fc3abc2efca44cbafabec97b35a61cdf76ddbc0297f1fb9bbf72bb8ba6432cd443324a052bb837c1fec89080684877f655a410d8f1f988b429b
-  data.tar.gz: 0933fed7b3e4c8a4f58c5dab2f8bd71ff0252999023a4825d0e7249aeb6e0f2c77164669f3278ac2f358f47939c2f1779e02cf4170a5c119a7c753803ae38b40
+  metadata.gz: fe86948ffabdc2334b89db64fb4cb6c98a65f93198b543b380cab70c9d18daa47fcf92272678f5794caf23827e8e4e93f3d053d106d98a0438b4f1befb86301b
+  data.tar.gz: c5a507967b19c5019aaa4fd8f52448c78b4d13ada1041705d0f6526bc96b2b04311e063f7f5f98cd4a6520c61ab79eb841626c6e6dcf510bdb7a94c801e52ba1

data/README.md

@@ -12,10 +12,7 @@
 [codeclimate]: https://codeclimate.com/github/intridea/oauth2
 [coveralls]: https://coveralls.io/r/intridea/oauth2
 
-A Ruby wrapper for the OAuth 2.0 specification. This is a work in progress,
-being built first to solve the pragmatic process of connecting to existing
-OAuth 2.0 endpoints (e.g. Facebook) with the goal of building it up to meet
-the entire specification over time.
+A Ruby wrapper for the OAuth 2.0 specification.
 
 ## Installation
     gem install oauth2

data/Rakefile

@@ -19,10 +19,10 @@ end
 
 begin
   require 'rubocop/rake_task'
-  Rubocop::RakeTask.new
+  RuboCop::RakeTask.new
 rescue LoadError
   task :rubocop do
-    $stderr.puts 'Rubocop is disabled'
+    $stderr.puts 'RuboCop is disabled'
   end
 end
 
@@ -33,7 +33,7 @@ end
 
 require 'yardstick/rake/verify'
 Yardstick::Rake::Verify.new do |verify|
-  verify.threshold = 58.9
+  verify.threshold = 58.8
 end
 
 task :default => [:spec, :rubocop, :verify_measurements]

data/lib/oauth2.rb

@@ -7,4 +7,5 @@ require 'oauth2/strategy/password'
 require 'oauth2/strategy/client_credentials'
 require 'oauth2/strategy/assertion'
 require 'oauth2/access_token'
+require 'oauth2/mac_token'
 require 'oauth2/response'

data/lib/oauth2/mac_token.rb

@@ -0,0 +1,124 @@
+require 'base64'
+require 'digest'
+require 'openssl'
+require 'securerandom'
+
+module OAuth2
+  class MACToken < AccessToken
+    # Generates a MACToken from an AccessToken and secret
+    #
+    # @param [AccessToken] token the OAuth2::Token instance
+    # @option [String] secret the secret key value
+    # @param [Hash] opts the options to create the Access Token with
+    # @see MACToken#initialize
+    def self.from_access_token(token, secret, options = {})
+      new(token.client, token.token, secret, token.params.merge(
+        :refresh_token => token.refresh_token,
+        :expires_in => token.expires_in,
+        :expires_at => token.expires_at
+      ).merge(options))
+    end
+
+    attr_reader :secret, :algorithm
+
+    # Initalize a MACToken
+    #
+    # @param [Client] client the OAuth2::Client instance
+    # @param [String] token the Access Token value
+    # @option [String] secret the secret key value
+    # @param [Hash] opts the options to create the Access Token with
+    # @option opts [String] :refresh_token (nil) the refresh_token value
+    # @option opts [FixNum, String] :expires_in (nil) the number of seconds in which the AccessToken will expire
+    # @option opts [FixNum, String] :expires_at (nil) the epoch time in seconds in which AccessToken will expire
+    # @option opts [FixNum, String] :algorithm (hmac-sha-256) the algorithm to use for the HMAC digest (one of 'hmac-sha-256', 'hmac-sha-1')
+    def initialize(client, token, secret, opts = {})
+      @secret = secret
+      self.algorithm = opts.delete(:algorithm) || 'hmac-sha-256'
+
+      super(client, token, opts)
+    end
+
+    # Make a request with the MAC Token
+    #
+    # @param [Symbol] verb the HTTP request method
+    # @param [String] path the HTTP URL path of the request
+    # @param [Hash] opts the options to make the request with
+    # @see Client#request
+    def request(verb, path, opts = {}, &block)
+      url = client.connection.build_url(path, opts[:params]).to_s
+
+      opts[:headers] ||= {}
+      opts[:headers].merge!('Authorization' => header(verb, url))
+
+      @client.request(verb, path, opts, &block)
+    end
+
+    # Get the headers hash (always an empty hash)
+    def headers
+      {}
+    end
+
+    # Generate the MAC header
+    #
+    # @param [Symbol] verb the HTTP request method
+    # @param [String] url the HTTP URL path of the request
+    def header(verb, url)
+      timestamp = Time.now.utc.to_i
+      nonce = Digest::MD5.hexdigest([timestamp, SecureRandom.hex].join(':'))
+
+      uri = URI.parse(url)
+
+      fail(ArgumentError, "could not parse \"#{url}\" into URI") unless uri.is_a?(URI::HTTP)
+
+      mac = signature(timestamp, nonce, verb, uri)
+
+      "MAC id=\"#{token}\", ts=\"#{timestamp}\", nonce=\"#{nonce}\", mac=\"#{mac}\""
+    end
+
+    # Generate the Base64-encoded HMAC digest signature
+    #
+    # @param [Fixnum] timestamp the timestamp of the request in seconds since epoch
+    # @param [String] nonce the MAC header nonce
+    # @param [Symbol] verb the HTTP request method
+    # @param [String] url the HTTP URL path of the request
+    def signature(timestamp, nonce, verb, uri)
+      signature = [
+        timestamp,
+        nonce,
+        verb.to_s.upcase,
+        uri.request_uri,
+        uri.host,
+        uri.port,
+        '', nil
+      ].join("\n")
+
+      strict_encode64(OpenSSL::HMAC.digest(@algorithm, secret, signature))
+    end
+
+    # Set the HMAC algorithm
+    #
+    # @param [String] alg the algorithm to use (one of 'hmac-sha-1', 'hmac-sha-256')
+    def algorithm=(alg)
+      @algorithm = case alg.to_s
+        when 'hmac-sha-1'
+          OpenSSL::Digest::SHA1.new
+        when 'hmac-sha-256'
+          OpenSSL::Digest::SHA256.new
+        else
+          fail(ArgumentError, 'Unsupported algorithm')
+        end
+    end
+
+  private
+
+    # No-op since we need the verb and path
+    # and the MAC always goes in a header
+    def token=(_)
+    end
+
+    # Base64.strict_encode64 is not available on Ruby 1.8.7
+    def strict_encode64(str)
+      Base64.encode64(str).gsub("\n", '')
+    end
+  end
+end

data/lib/oauth2/version.rb

@@ -1,8 +1,8 @@
 module OAuth2
   class Version
-    MAJOR = 0
-    MINOR = 9
-    PATCH = 4
+    MAJOR = 1
+    MINOR = 0
+    PATCH = 0
     PRE = nil
 
     class << self

data/oauth2.gemspec

@@ -11,7 +11,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency 'rack', '~> 1.2'
   spec.add_development_dependency 'bundler', '~> 1.0'
   spec.authors       = ['Michael Bleigh', 'Erik Michaels-Ober']
-  spec.description   = %q(A Ruby wrapper for the OAuth 2.0 protocol built with a similar style to the original OAuth spec.)
+  spec.description   = 'A Ruby wrapper for the OAuth 2.0 protocol built with a similar style to the original OAuth spec.'
   spec.email         = ['michael@intridea.com', 'sferik@gmail.com']
   spec.files         = %w(.document CONTRIBUTING.md LICENSE.md README.md Rakefile oauth2.gemspec)
   spec.files        += Dir.glob('lib/**/*.rb')
@@ -21,7 +21,7 @@ Gem::Specification.new do |spec|
   spec.name          = 'oauth2'
   spec.require_paths = %w(lib)
   spec.required_rubygems_version = '>= 1.3.5'
-  spec.summary       = %q(A Ruby wrapper for the OAuth 2.0 protocol.)
+  spec.summary       = 'A Ruby wrapper for the OAuth 2.0 protocol.'
   spec.test_files    = Dir.glob('spec/**/*')
   spec.version       = OAuth2::Version
 end

data/spec/helper.rb

@@ -8,13 +8,12 @@ SimpleCov.formatter = SimpleCov::Formatter::MultiFormatter[
 
 SimpleCov.start do
   add_filter '/spec/'
-  minimum_coverage(95.29)
+  minimum_coverage(95.33)
 end
 
 require 'oauth2'
 require 'addressable/uri'
 require 'rspec'
-require 'rspec/autorun'
 
 RSpec.configure do |config|
   config.expect_with :rspec do |c|
@@ -39,3 +38,5 @@ def capture_output(&block)
   end
   result
 end
+
+VERBS = [:get, :post, :put, :delete]

data/spec/oauth2/access_token_spec.rb

@@ -1,10 +1,7 @@
 require 'helper'
 
-VERBS = [:get, :post, :put, :delete]
-
 describe AccessToken do
   let(:token) { 'monkey' }
-  let(:token_body) { MultiJson.encode(:access_token => 'foo', :expires_in => 600, :refresh_token => 'bar') }
   let(:refresh_body) { MultiJson.encode(:access_token => 'refreshed_foo', :expires_in => 600, :refresh_token => 'refresh_bar') }
   let(:client) do
     Client.new('abc', 'def', :site => 'https://api.example.com') do |builder|

data/spec/oauth2/client_spec.rb

@@ -120,8 +120,8 @@ describe OAuth2::Client do
     end
 
     it 'outputs to $stdout when OAUTH_DEBUG=true' do
-      ENV.stub(:[]).with('http_proxy').and_return(nil)
-      ENV.stub(:[]).with('OAUTH_DEBUG').and_return('true')
+      allow(ENV).to receive(:[]).with('http_proxy').and_return(nil)
+      allow(ENV).to receive(:[]).with('OAUTH_DEBUG').and_return('true')
       output = capture_output do
         subject.request(:get, '/success')
       end

data/spec/oauth2/mac_token_spec.rb

@@ -0,0 +1,119 @@
+require 'helper'
+
+describe MACToken do
+  let(:token) { 'monkey' }
+  let(:client) do
+    Client.new('abc', 'def', :site => 'https://api.example.com') do |builder|
+      builder.request :url_encoded
+      builder.adapter :test do |stub|
+        VERBS.each do |verb|
+          stub.send(verb, '/token/header') { |env| [200, {}, env[:request_headers]['Authorization']] }
+        end
+      end
+    end
+  end
+
+  subject { MACToken.new(client, token, 'abc123') }
+
+  describe '#initialize' do
+    it 'assigns client and token' do
+      expect(subject.client).to eq(client)
+      expect(subject.token).to eq(token)
+    end
+
+    it 'assigns secret' do
+      expect(subject.secret).to eq('abc123')
+    end
+
+    it 'defaults algorithm to hmac-sha-256' do
+      expect(subject.algorithm).to be_instance_of(OpenSSL::Digest::SHA256)
+    end
+
+    it 'handles hmac-sha-256' do
+      mac = MACToken.new(client, token, 'abc123', :algorithm => 'hmac-sha-256')
+      expect(mac.algorithm).to be_instance_of(OpenSSL::Digest::SHA256)
+    end
+
+    it 'handles hmac-sha-1' do
+      mac = MACToken.new(client, token, 'abc123', :algorithm => 'hmac-sha-1')
+      expect(mac.algorithm).to be_instance_of(OpenSSL::Digest::SHA1)
+    end
+
+    it 'raises on improper algorithm' do
+      expect { MACToken.new(client, token, 'abc123', :algorithm => 'invalid-sha') }.to raise_error(ArgumentError)
+    end
+  end
+
+  describe '#request' do
+    VERBS.each do |verb|
+      it "sends the token in the Authorization header for a #{verb.to_s.upcase} request" do
+        expect(subject.post('/token/header').body).to include("MAC id=\"#{token}\"")
+      end
+    end
+  end
+
+  describe '#header' do
+    it 'does not generate the same header twice' do
+      header = subject.header('get', 'https://www.example.com/hello')
+      duplicate_header = subject.header('get', 'https://www.example.com/hello')
+
+      expect(header).to_not eq(duplicate_header)
+    end
+
+    it 'generates the proper format' do
+      header = subject.header('get', 'https://www.example.com/hello?a=1')
+      expect(header).to match(/MAC id="#{token}", ts="[0-9]+", nonce="[^"]+", mac="[^"]+"/)
+    end
+
+    it 'passes ArgumentError with an invalid url' do
+      expect { subject.header('get', 'this-is-not-valid') }.to raise_error(ArgumentError)
+    end
+
+    it 'passes URI::InvalidURIError through' do
+      expect { subject.header('get', nil) }.to raise_error(URI::InvalidURIError)
+    end
+  end
+
+  describe '#signature' do
+    it 'generates properly' do
+      signature = subject.signature(0, 'random-string', 'get', URI('https://www.google.com'))
+      expect(signature).to eq('rMDjVA3VJj3v1OmxM29QQljKia6msl5rjN83x3bZmi8=')
+    end
+  end
+
+  describe '#headers' do
+    it 'is an empty hash' do
+      expect(subject.headers).to eq({})
+    end
+  end
+
+  describe '.from_access_token' do
+    let(:access_token) do
+      AccessToken.new(
+        client, token,
+        :expires_at => 1,
+        :expires_in => 1,
+        :refresh_token => 'abc',
+        :random => 1
+      )
+    end
+
+    subject { MACToken.from_access_token(access_token, 'hello') }
+
+    it 'initializes client, token, and secret properly' do
+      expect(subject.client).to eq(client)
+      expect(subject.token).to eq(token)
+      expect(subject.secret).to eq('hello')
+    end
+
+    it 'initializes configuration options' do
+      expect(subject.expires_at).to eq(1)
+      expect(subject.expires_in).to eq(1)
+      expect(subject.refresh_token).to eq('abc')
+    end
+
+    it 'initializes params' do
+      expect(subject.params).to eq(:random => 1)
+    end
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: oauth2
 version: !ruby/object:Gem::Version
-  version: 0.9.4
+  version: 1.0.0
 platform: ruby
 authors:
 - Michael Bleigh
@@ -9,96 +9,96 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-05-24 00:00:00.000000000 Z
+date: 2014-07-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0.8'
-    - - <
+    - - "<"
       - !ruby/object:Gem::Version
         version: '0.10'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0.8'
-    - - <
+    - - "<"
       - !ruby/object:Gem::Version
         version: '0.10'
 - !ruby/object:Gem::Dependency
   name: jwt
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.0'
 - !ruby/object:Gem::Dependency
   name: multi_json
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.3'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.3'
 - !ruby/object:Gem::Dependency
   name: multi_xml
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '0.5'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '0.5'
 - !ruby/object:Gem::Dependency
   name: rack
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.2'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.0'
 description: A Ruby wrapper for the OAuth 2.0 protocol built with a similar style
@@ -110,34 +110,36 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- .document
+- ".document"
 - CONTRIBUTING.md
 - LICENSE.md
 - README.md
 - Rakefile
-- oauth2.gemspec
 - lib/oauth2.rb
 - lib/oauth2/access_token.rb
 - lib/oauth2/client.rb
 - lib/oauth2/error.rb
+- lib/oauth2/mac_token.rb
 - lib/oauth2/response.rb
-- lib/oauth2/version.rb
-- lib/oauth2/strategy/implicit.rb
-- lib/oauth2/strategy/password.rb
 - lib/oauth2/strategy/assertion.rb
 - lib/oauth2/strategy/auth_code.rb
 - lib/oauth2/strategy/base.rb
 - lib/oauth2/strategy/client_credentials.rb
+- lib/oauth2/strategy/implicit.rb
+- lib/oauth2/strategy/password.rb
+- lib/oauth2/version.rb
+- oauth2.gemspec
 - spec/helper.rb
 - spec/oauth2/access_token_spec.rb
 - spec/oauth2/client_spec.rb
+- spec/oauth2/mac_token_spec.rb
 - spec/oauth2/response_spec.rb
-- spec/oauth2/strategy/auth_code_spec.rb
-- spec/oauth2/strategy/password_spec.rb
-- spec/oauth2/strategy/implicit_spec.rb
-- spec/oauth2/strategy/client_credentials_spec.rb
 - spec/oauth2/strategy/assertion_spec.rb
+- spec/oauth2/strategy/auth_code_spec.rb
 - spec/oauth2/strategy/base_spec.rb
+- spec/oauth2/strategy/client_credentials_spec.rb
+- spec/oauth2/strategy/implicit_spec.rb
+- spec/oauth2/strategy/password_spec.rb
 homepage: http://github.com/intridea/oauth2
 licenses:
 - MIT
@@ -148,17 +150,17 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: 1.3.5
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.0.14
+rubygems_version: 2.2.2
 signing_key: 
 specification_version: 4
 summary: A Ruby wrapper for the OAuth 2.0 protocol.
@@ -166,11 +168,12 @@ test_files:
 - spec/helper.rb
 - spec/oauth2/access_token_spec.rb
 - spec/oauth2/client_spec.rb
+- spec/oauth2/mac_token_spec.rb
 - spec/oauth2/response_spec.rb
-- spec/oauth2/strategy/auth_code_spec.rb
-- spec/oauth2/strategy/password_spec.rb
-- spec/oauth2/strategy/implicit_spec.rb
-- spec/oauth2/strategy/client_credentials_spec.rb
 - spec/oauth2/strategy/assertion_spec.rb
+- spec/oauth2/strategy/auth_code_spec.rb
 - spec/oauth2/strategy/base_spec.rb
+- spec/oauth2/strategy/client_credentials_spec.rb
+- spec/oauth2/strategy/implicit_spec.rb
+- spec/oauth2/strategy/password_spec.rb
 has_rdoc: