oauthenticator 0.1.0 → 0.1.1

Sign up to get free protection for your applications and to get access to all the features.
data/.yardopts ADDED
@@ -0,0 +1 @@
1
+ --main README.md --markup=markdown {lib}/**/*.rb
data/LICENSE.txt ADDED
@@ -0,0 +1,22 @@
1
+ Copyright (c) 2014 Ethan
2
+
3
+ MIT License
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining
6
+ a copy of this software and associated documentation files (the
7
+ "Software"), to deal in the Software without restriction, including
8
+ without limitation the rights to use, copy, modify, merge, publish,
9
+ distribute, sublicense, and/or sell copies of the Software, and to
10
+ permit persons to whom the Software is furnished to do so, subject to
11
+ the following conditions:
12
+
13
+ The above copyright notice and this permission notice shall be
14
+ included in all copies or substantial portions of the Software.
15
+
16
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
17
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
18
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
19
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
20
+ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
21
+ OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
22
+ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,106 @@
1
+ # OAuthenticator
2
+
3
+ OAuthenticator authenticates OAuth 1.0 signed requests, primarily as a middleware, and forms useful error
4
+ messages when authentication fails.
5
+
6
+ ## Config Methods module
7
+
8
+ There are many ways (infinite, really) in which certain parts of the OAuth spec may be implemented. In order
9
+ to flexibly accomodate the general case of OAuth authentication, OAuthenticator leaves certain parts of the
10
+ implementation up to the user. The user configures this by creating a module implementing what is needed,
11
+ which will be passed to OAuthenticator.
12
+
13
+ For more information on the details of the methods which must or may be implemented, please see the
14
+ documentation for the module OAuthenticator::SignedRequest::ConfigMethods, which defines stub methods for
15
+ each recognized method, with method documentation relating to your implementation.
16
+
17
+ A simple, contrived example follows, which approximately resembles what you might implement. It is not useful
18
+ on its own but will be used in following examples for usage of Middleware and SignedRequest.
19
+
20
+ ```ruby
21
+ require 'oauthenticator'
22
+
23
+ # we'll suppose that there exist the following ActiveRecord classes with the named attributes (all of which
24
+ # are strings), for this example:
25
+ #
26
+ # - OAuthNonce:
27
+ # - nonce
28
+ # - timestamp
29
+ # - OAuthConsumer
30
+ # - key
31
+ # - secret
32
+ # - OAuthAccessToken
33
+ # - token
34
+ # - secret
35
+ # - consumer_key
36
+
37
+ module AwesomeOAuthConfig
38
+ # check for an existing nonce, coupled with the timestamp
39
+ def nonce_used?
40
+ OAuthNonces.where(:nonce => nonce, :timestamp => timestamp).any?
41
+ end
42
+
43
+ # nonce is used, store it so that in the future #nonce_used? will return true correctly
44
+ def use_nonce!
45
+ OAuthNonces.create!(:nonce => nonce, :timestamp => timestamp)
46
+ end
47
+
48
+ # number seconds in the past and the future for which we'll consider a request authentic
49
+ def timestamp_valid_period
50
+ 25
51
+ end
52
+
53
+ # no plaintext for us!
54
+ def allowed_signature_methods
55
+ %w(HMAC-SHA1 RSA-SHA1)
56
+ end
57
+
58
+ # consumer secret, looked up by consumer key from awesome storage
59
+ def consumer_secret
60
+ OAuthConsumer.where(:key => consumer_key).first.try(:secret)
61
+ end
62
+
63
+ # access token secret, looked up by access token
64
+ def access_token_secret
65
+ AccessToken.where(:token => token).first.try(:secret)
66
+ end
67
+
68
+ # whether the access token belongs to the consumer
69
+ def access_token_belongs_to_consumer?
70
+ AccessToken.where(:token => token).first.try(:consumer_key) == consumer_key
71
+ # alternately, AccessToken.where(:token => token, :consumer_key => consumer_key).any?
72
+ end
73
+ end
74
+ ```
75
+
76
+ You may also find it enlightening to peruse `test/oauthenticator_test.rb`. About the first thing it does is
77
+ set up some very simple storage in memory, and define a module of config methods which are used through the
78
+ tests.
79
+
80
+ ## OAuthenticator::Middleware
81
+
82
+ The middleware is used by passing the above-mentioned module on the :config_methods key to initialize the
83
+ middleware:
84
+
85
+ ```ruby
86
+ # config.ru
87
+
88
+ use OAuthenticator::Middleware, :config_methods => AwesomeOAuthConfig
89
+ run proc { |env| [200, {'Content-Type' => 'text/plain'}, ['access granted!']] }
90
+ ```
91
+
92
+ The authentication can also be bypassed with a proc on the :bypass key; see the documentation for
93
+ OAuthenticator::Middleware for the details of that.
94
+
95
+ ## OAuthenticator::SignedRequest
96
+
97
+ The OAuthenticator::SignedRequest class may be used independently of the middleware, though it must also be
98
+ passed your module of config methods to include. It is used like:
99
+
100
+ ```ruby
101
+ OAuthenticator::SignedRequest.including_config(AwesomeOAuthConfig).new(request_attributes)
102
+ ```
103
+
104
+ See the documentation of OAuthenticator::SignedRequest for how the class is used, once it includes the methods
105
+ it needs to function.
106
+
@@ -1,3 +1,3 @@
1
1
  module OAuthenticator
2
- VERSION = "0.1.0"
2
+ VERSION = "0.1.1"
3
3
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: oauthenticator
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 0.1.1
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -227,6 +227,9 @@ executables: []
227
227
  extensions: []
228
228
  extra_rdoc_files: []
229
229
  files:
230
+ - .yardopts
231
+ - LICENSE.txt
232
+ - README.md
230
233
  - lib/oauthenticator.rb
231
234
  - lib/oauthenticator/middleware.rb
232
235
  - lib/oauthenticator/config_methods.rb