oauth_weshays 0.4.8.pre

data/lib/oauth/oauth.rb

@@ -0,0 +1,13 @@
+module OAuth
+  # request tokens are passed between the consumer and the provider out of
+  # band (i.e. callbacks cannot be used), per section 6.1.1
+  OUT_OF_BAND = "oob"
+
+  # required parameters, per sections 6.1.1, 6.3.1, and 7
+  PARAMETERS = %w(oauth_callback oauth_consumer_key oauth_token
+    oauth_signature_method oauth_timestamp oauth_nonce oauth_verifier
+    oauth_version oauth_signature oauth_body_hash)
+
+  # reserved character regexp, per section 5.1
+  RESERVED_CHARACTERS = /[^a-zA-Z0-9\-\.\_\~]/
+end

data/lib/oauth/oauth_test_helper.rb

@@ -0,0 +1,25 @@
+require 'action_controller'
+require 'action_controller/test_process'
+
+module OAuth
+  module OAuthTestHelper
+    def mock_incoming_request_with_query(request)
+      incoming = ActionController::TestRequest.new(request.to_hash)
+      incoming.request_uri = request.path
+      incoming.host = request.uri.host
+      incoming.env["SERVER_PORT"] = request.uri.port
+      incoming.env['REQUEST_METHOD'] = request.http_method
+      incoming
+    end
+
+    def mock_incoming_request_with_authorize_header(request)
+      incoming = ActionController::TestRequest.new
+      incoming.request_uri = request.path
+      incoming.host = request.uri.host
+      incoming.env["HTTP_AUTHORIZATION"] = request.to_auth_string
+      incoming.env["SERVER_PORT"] = request.uri.port
+      incoming.env['REQUEST_METHOD'] = request.http_method
+      incoming
+    end
+  end
+end

data/lib/oauth/request_proxy/action_controller_request.rb

@@ -0,0 +1,62 @@
+require 'active_support'
+require 'action_controller'
+require 'action_controller/request'
+require 'uri'
+
+module OAuth::RequestProxy
+  class ActionControllerRequest < OAuth::RequestProxy::Base
+    proxies(defined?(ActionController::AbstractRequest) ? ActionController::AbstractRequest : ActionController::Request)
+
+    def method
+      request.method.to_s.upcase
+    end
+
+    def uri
+      request.url
+    end
+
+    def parameters
+      if options[:clobber_request]
+        options[:parameters] || {}
+      else
+        params = request_params.merge(query_params).merge(header_params)
+        params.stringify_keys! if params.respond_to?(:stringify_keys!)
+        params.merge(options[:parameters] || {})
+      end
+    end
+
+    # Override from OAuth::RequestProxy::Base to avoid roundtrip
+    # conversion to Hash or Array and thus preserve the original
+    # parameter names
+    def parameters_for_signature
+      params = []
+      params << options[:parameters].to_query if options[:parameters]
+
+      unless options[:clobber_request]
+        params << header_params.to_query
+        params << request.query_string unless query_string_blank?
+
+        if request.post? && request.content_type.to_s.downcase.start_with?("application/x-www-form-urlencoded")
+          params << request.raw_post
+        end
+      end
+
+      params.
+        join('&').split('&').
+        reject(&:blank?).
+        map { |p| p.split('=').map{|esc| CGI.unescape(esc)} }.
+        reject { |kv| kv[0] == 'oauth_signature'}
+    end
+
+  protected
+
+    def query_params
+      request.query_parameters
+    end
+
+    def request_params
+      request.request_parameters
+    end
+
+  end
+end

data/lib/oauth/request_proxy/base.rb

@@ -0,0 +1,174 @@
+require 'oauth/request_proxy'
+require 'oauth/helper'
+
+module OAuth::RequestProxy
+  class Base
+    include OAuth::Helper
+
+    def self.proxies(klass)
+      OAuth::RequestProxy.available_proxies[klass] = self
+    end
+
+    attr_accessor :request, :options, :unsigned_parameters
+
+    def initialize(request, options = {})
+      @request = request
+      @unsigned_parameters = (options[:unsigned_parameters] || []).map {|param| param.to_s}
+      @options = options
+    end
+
+    ## OAuth parameters
+
+    def oauth_callback
+      parameters['oauth_callback']
+    end
+
+    def oauth_consumer_key
+      parameters['oauth_consumer_key']
+    end
+
+    def oauth_nonce
+      parameters['oauth_nonce']
+    end
+
+    def oauth_signature
+      # TODO can this be nil?
+      [parameters['oauth_signature']].flatten.first || ""
+    end
+
+    def oauth_signature_method
+      case parameters['oauth_signature_method']
+      when Array
+        parameters['oauth_signature_method'].first
+      else
+        parameters['oauth_signature_method']
+      end
+    end
+
+    def oauth_timestamp
+      parameters['oauth_timestamp']
+    end
+
+    def oauth_token
+      parameters['oauth_token']
+    end
+
+    def oauth_verifier
+      parameters['oauth_verifier']
+    end
+
+    def oauth_version
+      parameters["oauth_version"]
+    end
+
+    # TODO deprecate these
+    alias_method :consumer_key,     :oauth_consumer_key
+    alias_method :token,            :oauth_token
+    alias_method :nonce,            :oauth_nonce
+    alias_method :timestamp,        :oauth_timestamp
+    alias_method :signature,        :oauth_signature
+    alias_method :signature_method, :oauth_signature_method
+
+    ## Parameter accessors
+
+    def parameters
+      raise NotImplementedError, "Must be implemented by subclasses"
+    end
+
+    def parameters_for_signature
+      parameters.reject { |k,v| k == "oauth_signature" || unsigned_parameters.include?(k)}
+    end
+
+    def oauth_parameters
+      parameters.select { |k,v| OAuth::PARAMETERS.include?(k) }.reject { |k,v| v == "" }
+    end
+
+    def non_oauth_parameters
+      parameters.reject { |k,v| OAuth::PARAMETERS.include?(k) }
+    end
+
+    # See 9.1.2 in specs
+    def normalized_uri
+      u = URI.parse(uri)
+      "#{u.scheme.downcase}://#{u.host.downcase}#{(u.scheme.downcase == 'http' && u.port != 80) || (u.scheme.downcase == 'https' && u.port != 443) ? ":#{u.port}" : ""}#{(u.path && u.path != '') ? u.path : '/'}"
+    end
+
+    # See 9.1.1. in specs Normalize Request Parameters
+    def normalized_parameters
+      normalize(parameters_for_signature)
+    end
+
+    def sign(options = {})
+      OAuth::Signature.sign(self, options)
+    end
+
+    def sign!(options = {})
+      parameters["oauth_signature"] = sign(options)
+      @signed = true
+      signature
+    end
+
+    # See 9.1 in specs
+    def signature_base_string
+      base = [method, normalized_uri, normalized_parameters]
+      base.map { |v| escape(v) }.join("&")
+    end
+
+    # Has this request been signed yet?
+    def signed?
+      @signed
+    end
+
+    # URI, including OAuth parameters
+    def signed_uri(with_oauth = true)
+      if signed?
+        if with_oauth
+          params = parameters
+        else
+          params = non_oauth_parameters
+        end
+
+        [uri, normalize(params)] * "?"
+      else
+        STDERR.puts "This request has not yet been signed!"
+      end
+    end
+
+    # Authorization header for OAuth
+    def oauth_header(options = {})
+      header_params_str = oauth_parameters.map { |k,v| "#{k}=\"#{escape(v)}\"" }.join(', ')
+
+      realm = "realm=\"#{options[:realm]}\", " if options[:realm]
+      "OAuth #{realm}#{header_params_str}"
+    end
+
+    def query_string_blank?
+      if uri = request.request_uri
+        uri.split('?', 2)[1].nil?
+      else
+        request.query_string.blank?
+      end
+    end
+
+  protected
+
+    def header_params
+      %w( X-HTTP_AUTHORIZATION Authorization HTTP_AUTHORIZATION ).each do |header|
+        next unless request.env.include?(header)
+
+        header = request.env[header]
+        next unless header[0,6] == 'OAuth '
+
+        # parse the header into a Hash
+        oauth_params = OAuth::Helper.parse_header(header)
+
+        # remove non-OAuth parameters
+        oauth_params.reject! { |k,v| k !~ /^oauth_/ }
+
+        return oauth_params
+      end
+
+      return {}
+    end
+  end
+end

data/lib/oauth/request_proxy/curb_request.rb

@@ -0,0 +1,55 @@
+  require 'oauth/request_proxy/base'
+require 'curb'
+require 'uri'
+require 'cgi'
+
+module OAuth::RequestProxy::Curl
+  class Easy < OAuth::RequestProxy::Base
+    # Proxy for signing Curl::Easy requests
+    # Usage example:
+    # oauth_params = {:consumer => oauth_consumer, :token => access_token}
+    # req = Curl::Easy.new(uri)
+    # oauth_helper = OAuth::Client::Helper.new(req, oauth_params.merge(:request_uri => uri))
+    # req.headers.merge!({"Authorization" => oauth_helper.header})
+    # req.http_get
+    # response = req.body_str
+    proxies ::Curl::Easy
+
+    def method
+      nil
+    end
+
+    def uri
+      options[:uri].to_s
+    end
+
+    def parameters
+      if options[:clobber_request]
+        options[:parameters]
+      else
+        post_parameters.merge(query_parameters).merge(options[:parameters] || {})
+      end
+    end
+
+    private
+
+    def query_parameters
+      query = URI.parse(request.url).query
+      return(query ? CGI.parse(query) : {})
+    end
+
+    def post_parameters
+      post_body = {}
+
+      # Post params are only used if posting form data
+      if (request.headers['Content-Type'] && request.headers['Content-Type'].to_s.downcase.start_with?("application/x-www-form-urlencoded"))
+
+        request.post_body.split("&").each do |str|
+          param = str.split("=")
+          post_body[param[0]] = param[1]
+        end
+      end
+      post_body
+    end
+  end
+end

data/lib/oauth/request_proxy/em_http_request.rb

@@ -0,0 +1,66 @@
+require 'oauth/request_proxy/base'
+# em-http also uses adddressable so there is no need to require uri.
+require 'em-http'
+require 'cgi'
+
+module OAuth::RequestProxy::EventMachine
+  class HttpRequest < OAuth::RequestProxy::Base
+
+    # A Proxy for use when you need to sign EventMachine::HttpClient instances.
+    # It needs to be called once the client is construct but before data is sent.
+    # Also see oauth/client/em-http
+    proxies ::EventMachine::HttpClient
+
+    # Request in this con
+
+    def method
+      request.method
+    end
+
+    def uri
+      request.normalize_uri.to_s
+    end
+
+    def parameters
+      if options[:clobber_request]
+        options[:parameters]
+      else
+        all_parameters
+      end
+    end
+
+    protected
+
+    def all_parameters
+      merged_parameters({}, post_parameters, query_parameters, options[:parameters])
+    end
+
+    def query_parameters
+      CGI.parse(request.normalize_uri.query.to_s)
+    end
+
+    def post_parameters
+      headers = request.options[:head] || {}
+      form_encoded = headers['Content-Type'].to_s.downcase.start_with?("application/x-www-form-urlencoded")
+      if ['POST', 'PUT'].include?(method) && form_encoded
+        CGI.parse(request.normalize_body.to_s)
+      else
+        {}
+      end
+    end
+
+    def merged_parameters(params, *extra_params)
+      extra_params.compact.each do |params_pairs|
+        params_pairs.each_pair do |key, value|
+          if params.has_key?(key)
+            params[key] += value
+          else
+            params[key] = [value].flatten
+          end
+        end
+      end
+      params
+    end
+
+  end
+end

data/lib/oauth/request_proxy/jabber_request.rb

@@ -0,0 +1,41 @@
+require 'xmpp4r'
+require 'oauth/request_proxy/base'
+
+module OAuth
+  module RequestProxy
+    class JabberRequest < OAuth::RequestProxy::Base
+      proxies Jabber::Iq
+      proxies Jabber::Presence
+      proxies Jabber::Message
+
+      def parameters
+        return @params if @params
+
+        @params = {}
+
+        oauth = @request.get_elements('//oauth').first
+        return @params unless oauth
+
+        %w( oauth_token oauth_consumer_key oauth_signature_method oauth_signature
+            oauth_timestamp oauth_nonce oauth_version ).each do |param|
+          next unless element = oauth.first_element(param)
+          @params[param] = element.text
+        end
+
+        @params
+      end
+
+      def method
+        @request.name
+      end
+
+      def uri
+        [@request.from.strip.to_s, @request.to.strip.to_s].join("&")
+      end
+
+      def normalized_uri
+        uri
+      end
+    end
+  end
+end

data/lib/oauth/request_proxy/mock_request.rb

@@ -0,0 +1,44 @@
+require 'oauth/request_proxy/base'
+
+module OAuth
+  module RequestProxy
+    # RequestProxy for Hashes to facilitate simpler signature creation.
+    # Usage:
+    #   request = OAuth::RequestProxy.proxy \
+    #      "method" => "iq",
+    #      "uri"    => [from, to] * "&",
+    #      "parameters" => {
+    #        "oauth_consumer_key"     => oauth_consumer_key,
+    #        "oauth_token"            => oauth_token,
+    #        "oauth_signature_method" => "HMAC-SHA1"
+    #      }
+    #
+    #   signature = OAuth::Signature.sign \
+    #     request,
+    #     :consumer_secret => oauth_consumer_secret,
+    #     :token_secret    => oauth_token_secret,
+    class MockRequest < OAuth::RequestProxy::Base
+      proxies Hash
+
+      def parameters
+        @request["parameters"]
+      end
+
+      def method
+        @request["method"]
+      end
+
+      def normalized_uri
+        super
+      rescue
+        # if this is a non-standard URI, it may not parse properly
+        # in that case, assume that it's already been normalized
+        uri
+      end
+
+      def uri
+        @request["uri"]
+      end
+    end
+  end
+end

data/lib/oauth/request_proxy/net_http.rb

@@ -0,0 +1,73 @@
+require 'oauth/request_proxy/base'
+require 'net/http'
+require 'uri'
+require 'cgi'
+
+module OAuth::RequestProxy::Net
+  module HTTP
+    class HTTPRequest < OAuth::RequestProxy::Base
+      proxies ::Net::HTTPGenericRequest
+
+      def method
+        request.method
+      end
+
+      def uri
+        options[:uri].to_s
+      end
+
+      def parameters
+        if options[:clobber_request]
+          options[:parameters]
+        else
+          all_parameters
+        end
+      end
+
+      def body
+        request.body
+      end
+
+    private
+
+      def all_parameters
+        request_params = CGI.parse(query_string)
+        # request_params.each{|k,v| request_params[k] = [nil] if v == []}
+
+        if options[:parameters]
+          options[:parameters].each do |k,v|
+            if request_params.has_key?(k) && v
+              request_params[k] << v
+            else
+              request_params[k] = [v]
+            end
+          end
+        end
+        request_params
+      end
+
+      def query_string
+        params = [ query_params, auth_header_params ]
+        params << post_params if (method.to_s.upcase == 'POST' || method.to_s.upcase == 'PUT') && form_url_encoded?
+        params.compact.join('&')
+      end
+
+      def form_url_encoded?
+        request['Content-Type'] != nil && request['Content-Type'].to_s.downcase.start_with?('application/x-www-form-urlencoded')
+      end
+
+      def query_params
+        URI.parse(request.path).query
+      end
+
+      def post_params
+        request.body
+      end
+
+      def auth_header_params
+        return nil unless request['Authorization'] && request['Authorization'][0,5] == 'OAuth'
+        auth_params = request['Authorization']
+      end
+    end
+  end
+end

data/lib/oauth/request_proxy/rack_request.rb

@@ -0,0 +1,44 @@
+require 'oauth/request_proxy/base'
+require 'uri'
+require 'rack'
+
+module OAuth::RequestProxy
+  class RackRequest < OAuth::RequestProxy::Base
+    proxies Rack::Request
+
+    def method
+      request.env["rack.methodoverride.original_method"] || request.request_method
+    end
+
+    def uri
+      request.url
+    end
+
+    def parameters
+      if options[:clobber_request]
+        options[:parameters] || {}
+      else
+        params = request_params.merge(query_params).merge(header_params)
+        params.merge(options[:parameters] || {})
+      end
+    end
+
+    def signature
+      parameters['oauth_signature']
+    end
+
+  protected
+
+    def query_params
+      request.GET
+    end
+
+    def request_params
+      if request.content_type and request.content_type.to_s.downcase.start_with?("application/x-www-form-urlencoded")
+        request.POST
+      else
+        {}
+      end
+    end
+  end
+end

data/lib/oauth/request_proxy/typhoeus_request.rb

@@ -0,0 +1,53 @@
+require 'oauth/request_proxy/base'
+require 'typhoeus'
+require 'typhoeus/request'
+require 'uri'
+require 'cgi'
+
+module OAuth::RequestProxy::Typhoeus
+  class Request < OAuth::RequestProxy::Base
+    # Proxy for signing Typhoeus::Request requests
+    # Usage example:
+    # oauth_params = {:consumer => oauth_consumer, :token => access_token}
+    # req = Typhoeus::Request.new(uri, options)
+    # oauth_helper = OAuth::Client::Helper.new(req, oauth_params.merge(:request_uri => uri))
+    # req.headers.merge!({"Authorization" => oauth_helper.header})
+    # hydra = Typhoeus::Hydra.new()
+    # hydra.queue(req)
+    # hydra.run
+    # response = req.response
+    proxies Typhoeus::Request
+
+    def method
+      request.options[:method].to_s.upcase
+    end
+
+    def uri
+      options[:uri].to_s
+    end
+
+    def parameters
+      if options[:clobber_request]
+        options[:parameters]
+      else
+        post_parameters.merge(query_parameters).merge(options[:parameters] || {})
+      end
+    end
+
+    private
+
+    def query_parameters
+      query = URI.parse(request.url).query
+      query ? CGI.parse(query) : {}
+    end
+
+    def post_parameters
+      # Post params are only used if posting form data
+      if method == 'POST'
+        OAuth::Helper.stringify_keys(request.params || {})
+      else
+        {}
+      end
+    end
+  end
+end

data/lib/oauth/request_proxy.rb

@@ -0,0 +1,24 @@
+module OAuth
+  module RequestProxy
+    def self.available_proxies #:nodoc:
+      @available_proxies ||= {}
+    end
+
+    def self.proxy(request, options = {})
+      return request if request.kind_of?(OAuth::RequestProxy::Base)
+
+      klass = available_proxies[request.class]
+
+      # Search for possible superclass matches.
+      if klass.nil?
+        request_parent = available_proxies.keys.find { |rc| request.kind_of?(rc) }
+        klass = available_proxies[request_parent]
+      end
+
+      raise UnknownRequestType, request.class.to_s unless klass
+      klass.new(request, options)
+    end
+
+    class UnknownRequestType < Exception; end
+  end
+end