oauth2 1.4.10 → 2.0.0.rc1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +73 -30
- data/README.md +120 -74
- data/SECURITY.md +5 -11
- data/lib/oauth2/access_token.rb +28 -19
- data/lib/oauth2/authenticator.rb +9 -4
- data/lib/oauth2/client.rb +74 -60
- data/lib/oauth2/error.rb +27 -18
- data/lib/oauth2/response.rb +61 -19
- data/lib/oauth2/snaky_hash.rb +8 -0
- data/lib/oauth2/strategy/assertion.rb +63 -38
- data/lib/oauth2/strategy/auth_code.rb +12 -1
- data/lib/oauth2/strategy/implicit.rb +7 -0
- data/lib/oauth2/version.rb +17 -19
- data/lib/oauth2.rb +14 -1
- metadata +64 -63
- data/lib/oauth2/mac_token.rb +0 -130
data/lib/oauth2/mac_token.rb
DELETED
|
@@ -1,130 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
require 'base64'
|
|
4
|
-
require 'digest'
|
|
5
|
-
require 'openssl'
|
|
6
|
-
require 'securerandom'
|
|
7
|
-
|
|
8
|
-
module OAuth2
|
|
9
|
-
class MACToken < AccessToken
|
|
10
|
-
# Generates a MACToken from an AccessToken and secret
|
|
11
|
-
#
|
|
12
|
-
# @param [AccessToken] token the OAuth2::Token instance
|
|
13
|
-
# @option [String] secret the secret key value
|
|
14
|
-
# @param [Hash] opts the options to create the Access Token with
|
|
15
|
-
# @see MACToken#initialize
|
|
16
|
-
def self.from_access_token(token, secret, options = {})
|
|
17
|
-
new(token.client, token.token, secret, token.params.merge(:refresh_token => token.refresh_token, :expires_in => token.expires_in, :expires_at => token.expires_at).merge(options))
|
|
18
|
-
end
|
|
19
|
-
|
|
20
|
-
attr_reader :secret, :algorithm
|
|
21
|
-
|
|
22
|
-
# Initalize a MACToken
|
|
23
|
-
#
|
|
24
|
-
# @param [Client] client the OAuth2::Client instance
|
|
25
|
-
# @param [String] token the Access Token value
|
|
26
|
-
# @option [String] secret the secret key value
|
|
27
|
-
# @param [Hash] opts the options to create the Access Token with
|
|
28
|
-
# @option opts [String] :refresh_token (nil) the refresh_token value
|
|
29
|
-
# @option opts [FixNum, String] :expires_in (nil) the number of seconds in which the AccessToken will expire
|
|
30
|
-
# @option opts [FixNum, String] :expires_at (nil) the epoch time in seconds in which AccessToken will expire
|
|
31
|
-
# @option opts [FixNum, String] :algorithm (hmac-sha-256) the algorithm to use for the HMAC digest (one of 'hmac-sha-256', 'hmac-sha-1')
|
|
32
|
-
def initialize(client, token, secret, opts = {})
|
|
33
|
-
@secret = secret
|
|
34
|
-
self.algorithm = opts.delete(:algorithm) || 'hmac-sha-256'
|
|
35
|
-
|
|
36
|
-
super(client, token, opts)
|
|
37
|
-
end
|
|
38
|
-
|
|
39
|
-
# Make a request with the MAC Token
|
|
40
|
-
#
|
|
41
|
-
# @param [Symbol] verb the HTTP request method
|
|
42
|
-
# @param [String] path the HTTP URL path of the request
|
|
43
|
-
# @param [Hash] opts the options to make the request with
|
|
44
|
-
# @see Client#request
|
|
45
|
-
def request(verb, path, opts = {}, &block)
|
|
46
|
-
url = client.connection.build_url(path, opts[:params]).to_s
|
|
47
|
-
|
|
48
|
-
opts[:headers] ||= {}
|
|
49
|
-
opts[:headers]['Authorization'] = header(verb, url)
|
|
50
|
-
|
|
51
|
-
@client.request(verb, path, opts, &block)
|
|
52
|
-
end
|
|
53
|
-
|
|
54
|
-
# Get the headers hash (always an empty hash)
|
|
55
|
-
def headers
|
|
56
|
-
{}
|
|
57
|
-
end
|
|
58
|
-
|
|
59
|
-
# Generate the MAC header
|
|
60
|
-
#
|
|
61
|
-
# @param [Symbol] verb the HTTP request method
|
|
62
|
-
# @param [String] url the HTTP URL path of the request
|
|
63
|
-
def header(verb, url)
|
|
64
|
-
timestamp = Time.now.utc.to_i
|
|
65
|
-
nonce = Digest::SHA256.hexdigest([timestamp, SecureRandom.hex].join(':'))
|
|
66
|
-
|
|
67
|
-
uri = URI.parse(url)
|
|
68
|
-
|
|
69
|
-
raise(ArgumentError, "could not parse \"#{url}\" into URI") unless uri.is_a?(URI::HTTP)
|
|
70
|
-
|
|
71
|
-
mac = signature(timestamp, nonce, verb, uri)
|
|
72
|
-
|
|
73
|
-
"MAC id=\"#{token}\", ts=\"#{timestamp}\", nonce=\"#{nonce}\", mac=\"#{mac}\""
|
|
74
|
-
end
|
|
75
|
-
|
|
76
|
-
# Generate the Base64-encoded HMAC digest signature
|
|
77
|
-
#
|
|
78
|
-
# @param [Fixnum] timestamp the timestamp of the request in seconds since epoch
|
|
79
|
-
# @param [String] nonce the MAC header nonce
|
|
80
|
-
# @param [Symbol] verb the HTTP request method
|
|
81
|
-
# @param [String] url the HTTP URL path of the request
|
|
82
|
-
def signature(timestamp, nonce, verb, uri)
|
|
83
|
-
signature = [
|
|
84
|
-
timestamp,
|
|
85
|
-
nonce,
|
|
86
|
-
verb.to_s.upcase,
|
|
87
|
-
uri.request_uri,
|
|
88
|
-
uri.host,
|
|
89
|
-
uri.port,
|
|
90
|
-
'', nil
|
|
91
|
-
].join("\n")
|
|
92
|
-
|
|
93
|
-
strict_encode64(OpenSSL::HMAC.digest(@algorithm, secret, signature))
|
|
94
|
-
end
|
|
95
|
-
|
|
96
|
-
# Set the HMAC algorithm
|
|
97
|
-
#
|
|
98
|
-
# @param [String] alg the algorithm to use (one of 'hmac-sha-1', 'hmac-sha-256')
|
|
99
|
-
def algorithm=(alg)
|
|
100
|
-
@algorithm = case alg.to_s
|
|
101
|
-
when 'hmac-sha-1'
|
|
102
|
-
begin
|
|
103
|
-
OpenSSL::Digest('SHA1').new
|
|
104
|
-
rescue StandardError
|
|
105
|
-
OpenSSL::Digest.new('SHA1')
|
|
106
|
-
end
|
|
107
|
-
when 'hmac-sha-256'
|
|
108
|
-
begin
|
|
109
|
-
OpenSSL::Digest('SHA256').new
|
|
110
|
-
rescue StandardError
|
|
111
|
-
OpenSSL::Digest.new('SHA256')
|
|
112
|
-
end
|
|
113
|
-
else
|
|
114
|
-
raise(ArgumentError, 'Unsupported algorithm')
|
|
115
|
-
end
|
|
116
|
-
end
|
|
117
|
-
|
|
118
|
-
private
|
|
119
|
-
|
|
120
|
-
# No-op since we need the verb and path
|
|
121
|
-
# and the MAC always goes in a header
|
|
122
|
-
def token=(_noop)
|
|
123
|
-
end
|
|
124
|
-
|
|
125
|
-
# Base64.strict_encode64 is not available on Ruby 1.8.7
|
|
126
|
-
def strict_encode64(str)
|
|
127
|
-
Base64.encode64(str).delete("\n")
|
|
128
|
-
end
|
|
129
|
-
end
|
|
130
|
-
end
|