oauthenticator 0.1.1 → 0.1.2

data/README.md

@@ -37,12 +37,12 @@ require 'oauthenticator'
 module AwesomeOAuthConfig
   # check for an existing nonce, coupled with the timestamp 
   def nonce_used?
-    OAuthNonces.where(:nonce => nonce, :timestamp => timestamp).any?
+    OAuthNonce.where(:nonce => nonce, :timestamp => timestamp).any?
   end
 
   # nonce is used, store it so that in the future #nonce_used? will return true correctly 
   def use_nonce!
-    OAuthNonces.create!(:nonce => nonce, :timestamp => timestamp)
+    OAuthNonce.create!(:nonce => nonce, :timestamp => timestamp)
   end
 
   # number seconds in the past and the future for which we'll consider a request authentic 

data/lib/oauthenticator/signed_request.rb

@@ -89,79 +89,94 @@ module OAuthenticator
         elsif authorization !~ /\Aoauth\s/i
           {'Authorization' => ["Authorization scheme is not OAuth; received Authorization: #{authorization}"]}
         else
-          errors = Hash.new { |h,k| h[k] = [] }
-
-          # timestamp
-          if !timestamp?
-            errors['Authorization oauth_timestamp'] << "is missing"
-          elsif timestamp !~ /\A\s*\d+\s*\z/
-            errors['Authorization oauth_timestamp'] << "is not an integer - got: #{timestamp}"
+          to_rescue = SimpleOAuth.const_defined?(:ParseError) ? SimpleOAuth::ParseError : StandardError
+          begin
+            oauth_header_params
+          rescue to_rescue
+            parse_exception = $!
+          end
+          if parse_exception
+            if parse_exception.class.name == 'SimpleOAuth::ParseError'
+              message = parse_exception.message
+            else
+              message = "Authorization header is not a properly-formed OAuth 1.0 header."
+            end
+            {'Authorization' => [message]}
           else
-            timestamp_i = timestamp.to_i
-            if timestamp_i < Time.now.to_i - timestamp_valid_past
-              errors['Authorization oauth_timestamp'] << "is too old: #{timestamp}"
-            elsif timestamp_i > Time.now.to_i + timestamp_valid_future
-              errors['Authorization oauth_timestamp'] << "is too far in the future: #{timestamp}"
+            errors = Hash.new { |h,k| h[k] = [] }
+
+            # timestamp
+            if !timestamp?
+              errors['Authorization oauth_timestamp'] << "is missing"
+            elsif timestamp !~ /\A\s*\d+\s*\z/
+              errors['Authorization oauth_timestamp'] << "is not an integer - got: #{timestamp}"
+            else
+              timestamp_i = timestamp.to_i
+              if timestamp_i < Time.now.to_i - timestamp_valid_past
+                errors['Authorization oauth_timestamp'] << "is too old: #{timestamp}"
+              elsif timestamp_i > Time.now.to_i + timestamp_valid_future
+                errors['Authorization oauth_timestamp'] << "is too far in the future: #{timestamp}"
+              end
             end
-          end
 
-          # oauth version
-          if version? && version != '1.0'
-            errors['Authorization oauth_version'] << "must be 1.0; got: #{version}"
-          end
+            # oauth version
+            if version? && version != '1.0'
+              errors['Authorization oauth_version'] << "must be 1.0; got: #{version}"
+            end
 
-          # she's filled with secrets
-          secrets = {}
+            # she's filled with secrets
+            secrets = {}
 
-          # consumer / client application
-          if !consumer_key?
-            errors['Authorization oauth_consumer_key'] << "is missing"
-          else
-            secrets[:consumer_secret] = consumer_secret
-            if !secrets[:consumer_secret]
-              errors['Authorization oauth_consumer_key'] << 'is invalid'
+            # consumer / client application
+            if !consumer_key?
+              errors['Authorization oauth_consumer_key'] << "is missing"
+            else
+              secrets[:consumer_secret] = consumer_secret
+              if !secrets[:consumer_secret]
+                errors['Authorization oauth_consumer_key'] << 'is invalid'
+              end
             end
-          end
 
-          # access token
-          if token?
-            secrets[:token_secret] = access_token_secret
-            if !secrets[:token_secret]
-              errors['Authorization oauth_token'] << 'is invalid'
-            elsif !access_token_belongs_to_consumer?
-              errors['Authorization oauth_token'] << 'does not belong to the specified consumer'
+            # access token
+            if token?
+              secrets[:token_secret] = access_token_secret
+              if !secrets[:token_secret]
+                errors['Authorization oauth_token'] << 'is invalid'
+              elsif !access_token_belongs_to_consumer?
+                errors['Authorization oauth_token'] << 'does not belong to the specified consumer'
+              end
             end
-          end
 
-          # nonce
-          if !nonce?
-            errors['Authorization oauth_nonce'] << "is missing"
-          elsif nonce_used?
-            errors['Authorization oauth_nonce'] << "has already been used"
-          end
+            # nonce
+            if !nonce?
+              errors['Authorization oauth_nonce'] << "is missing"
+            elsif nonce_used?
+              errors['Authorization oauth_nonce'] << "has already been used"
+            end
 
-          # signature method
-          if !signature_method?
-            errors['Authorization oauth_signature_method'] << "is missing"
-          elsif !allowed_signature_methods.any? { |sm| signature_method.downcase == sm.downcase }
-            errors['Authorization oauth_signature_method'] << "must be one of " +
-              "#{allowed_signature_methods.join(', ')}; got: #{signature_method}"
-          end
+            # signature method
+            if !signature_method?
+              errors['Authorization oauth_signature_method'] << "is missing"
+            elsif !allowed_signature_methods.any? { |sm| signature_method.downcase == sm.downcase }
+              errors['Authorization oauth_signature_method'] << "must be one of " +
+                "#{allowed_signature_methods.join(', ')}; got: #{signature_method}"
+            end
 
-          # signature
-          if !signature?
-            errors['Authorization oauth_signature'] << "is missing"
-          end
+            # signature
+            if !signature?
+              errors['Authorization oauth_signature'] << "is missing"
+            end
 
-          if errors.any?
-            errors
-          else
-            # proceed to check signature
-            if !simple_oauth_header.valid?(secrets)
-              {'Authorization oauth_signature' => ['is invalid']}
+            if errors.any?
+              errors
             else
-              use_nonce!
-              nil
+              # proceed to check signature
+              if !simple_oauth_header.valid?(secrets)
+                {'Authorization oauth_signature' => ['is invalid']}
+              else
+                use_nonce!
+                nil
+              end
             end
           end
         end

data/lib/oauthenticator/version.rb

@@ -1,3 +1,3 @@
 module OAuthenticator
-  VERSION = "0.1.1"
+  VERSION = "0.1.2"
 end

data/test/config_methods_test.rb

@@ -0,0 +1,41 @@
+# encoding: utf-8
+proc { |p| $:.unshift(p) unless $:.any? { |lp| File.expand_path(lp) == p } }.call(File.expand_path('.', File.dirname(__FILE__)))
+require 'helper'
+
+describe OAuthenticator::SignedRequest do
+  %w(timestamp_valid_period consumer_secret access_token_secret nonce_used? use_nonce! access_token_belongs_to_consumer?).each do |method_without_default|
+    it "complains when #{method_without_default} is not implemented" do
+      exc = assert_raises(NotImplementedError) do
+        OAuthenticator::SignedRequest.new({}).public_send(method_without_default)
+      end
+      assert_match /included in a subclass of OAuthenticator::SignedRequest/, exc.message
+    end
+    it "uses the method #{method_without_default} when implemented" do
+      called = false
+      mod = Module.new { define_method(method_without_default) { called = true } }
+      OAuthenticator::SignedRequest.including_config(mod).new({}).public_send(method_without_default)
+      assert called
+    end
+  end
+  it "complains when a method without a default is not implemented, using middleware" do
+    exc = assert_raises(NotImplementedError) do
+      OAuthenticator::Middleware.new(proc {}, {:config_methods => Module.new}).call({'HTTP_AUTHORIZATION' => %q(OAuth oauth_timestamp="1")})
+    end
+    assert_match /passed to OAuthenticator::Middleware using the option :config_methods./, exc.message
+  end
+  it "complains middleware is not given config methods" do
+    assert_raises(ArgumentError) do
+      OAuthenticator::Middleware.new(proc {})
+    end
+  end
+  it 'uses timestamp_valid_period if that is implemented but timestamp_valid_past or timestamp_valid_future is not' do
+    called = 0
+    mod = Module.new { define_method(:timestamp_valid_period) { called +=1 } }
+    OAuthenticator::SignedRequest.including_config(mod).new({}).public_send(:timestamp_valid_future)
+    OAuthenticator::SignedRequest.including_config(mod).new({}).public_send(:timestamp_valid_past)
+    assert_equal 2, called
+  end
+  it 'uses the default value for allowed signature methods' do
+    assert_equal OAuthenticator::SignedRequest::VALID_SIGNATURE_METHODS, OAuthenticator::SignedRequest.new({}).allowed_signature_methods
+  end
+end

data/test/helper.rb

@@ -0,0 +1,18 @@
+proc { |p| $:.unshift(p) unless $:.any? { |lp| File.expand_path(lp) == p } }.call(File.expand_path('../lib', File.dirname(__FILE__)))
+
+require 'simplecov'
+
+require 'debugger'
+Debugger.start
+
+# NO EXPECTATIONS 
+ENV["MT_NO_EXPECTATIONS"]
+
+require 'minitest/autorun'
+require 'minitest/reporters'
+Minitest::Reporters.use! Minitest::Reporters::SpecReporter.new
+
+require 'rack/test'
+require 'timecop'
+
+require 'oauthenticator'

data/test/oauthenticator_test.rb

@@ -1,21 +1,6 @@
 # encoding: utf-8
-
-require 'simplecov'
-
-require 'debugger'
-Debugger.start
-
-# NO EXPECTATIONS 
-ENV["MT_NO_EXPECTATIONS"]
-
-require 'minitest/autorun'
-require 'minitest/reporters'
-Minitest::Reporters.use! Minitest::Reporters::SpecReporter.new
-
-require 'rack/test'
-require 'timecop'
-
-require 'oauthenticator'
+proc { |p| $:.unshift(p) unless $:.any? { |lp| File.expand_path(lp) == p } }.call(File.expand_path('.', File.dirname(__FILE__)))
+require 'helper'
 
 # config methods for testing OAuthenticator. simple 
 module OAuthenticatorTestConfigMethods
@@ -182,6 +167,21 @@ describe OAuthenticator::Middleware do
     assert_response(401, /Authorization scheme is not OAuth/, *oapp.call({'HTTP_AUTHORIZATION' => 'Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ=='}))
   end
 
+  describe 'invalid Authorization header' do
+    if SimpleOAuth.const_defined?(:ParseError)
+      it 'does not prefix with oauth_' do
+        assert_response(401, /Could not parse Authorization header/, *oapp.call({'HTTP_AUTHORIZATION' => %q(OAuth client_app_key="test_client_app_key")}))
+      end
+      it 'has something unparseable' do
+        assert_response(401, /Could not parse Authorization header/, *oapp.call({'HTTP_AUTHORIZATION' => %q(OAuth <client-app-key>test_client_app_key</client-app-key>)}))
+      end
+    else
+      it 'has something unparseable' do
+        assert_response(401, /Authorization header is not a properly-formed OAuth 1.0 header./, *oapp.call({'HTTP_AUTHORIZATION' => %q(OAuth <client-app-key>test_client_app_key</client-app-key>)}))
+      end
+    end
+  end
+
   it 'omits timestamp' do
     Timecop.travel Time.at 1391021695
     consumer # cause this to be created

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: oauthenticator
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.1.2
   prerelease: 
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-03-08 00:00:00.000000000 Z
+date: 2014-03-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -222,7 +222,7 @@ dependencies:
 description: OAuthenticator authenticates OAuth 1.0 signed requests, primarily as
   a middleware, and forms useful error messages when authentication fails.
 email:
-- ethan@dishdigital
+- ethan@unth
 executables: []
 extensions: []
 extra_rdoc_files: []
@@ -235,7 +235,9 @@ files:
 - lib/oauthenticator/config_methods.rb
 - lib/oauthenticator/signed_request.rb
 - lib/oauthenticator/version.rb
+- test/helper.rb
 - test/oauthenticator_test.rb
+- test/config_methods_test.rb
 homepage: https://github.com/notEthan/oauthenticator
 licenses:
 - MIT
@@ -262,5 +264,7 @@ signing_key:
 specification_version: 3
 summary: OAuth 1.0 request authentication middleware
 test_files:
+- test/helper.rb
 - test/oauthenticator_test.rb
+- test/config_methods_test.rb
 has_rdoc: