oauthenticator 1.1.0 → 1.2.0

checksums.yaml

@@ -1,7 +1,7 @@
----
-SHA1:
-  metadata.gz: 827942505f6a7a7454a54fec370230998566b31d
-  data.tar.gz: a2b80c738be4320eec657fea5b16d3b53ea06050
-SHA512:
-  metadata.gz: ce622ff45391f968819261955cfabf0f1a8f73a7d0956b1e63011b7e342d83259f198a2f4b0d3f3895dcb119e8e89e0bc78e6fbc02c36fa54dc2eecd01b545a7
-  data.tar.gz: 42c979625cb2411ecb257e2010c7038f346c0b839cd2d57c079f09db4cefb7f04eddceff664e78b9fe5a8529e1ab93a0841b0f9cffcfac71dbb356d6611d77b0
+--- 
+SHA1: 
+  metadata.gz: f69d23d4847799b28bcac89a56d812472727cf3d
+  data.tar.gz: ca253660ea69d85715f8ebe2427f45744e8aec57
+SHA512: 
+  metadata.gz: 7f2a35dc3501fa2542095db00906675fd0f77d40a3f0356e419a35399de4a3cd6ae7086b0420723529a271b6285b33efbdcf908e2b5c55109d81437fbf5fe7e2
+  data.tar.gz: b81c5679eb69fd602b0eb659e3be7c9f4b6df60792237a94aedcba0a47e231ecd9e6f5835fecc5a59b08ba50c42683160d2ca04a5957cccb800a6db5550622db

data/CHANGELOG.md

@@ -1,3 +1,8 @@
+# 1.2.0
+
+- OAuthenticator::RackTestSigner / OAuthenticator.signing_rack_test
+- don't try to use a nonce when not required and specified
+
 # 1.1.0
 
 - added OAuthenticator::NonceUsedError to address race condition between `#nonce_used?` and `#use_nonce!`

data/Rakefile.rb

@@ -9,3 +9,5 @@ task 'default' => 'test'
 require 'yard'
 YARD::Rake::YardocTask.new do |t|
 end
+
+require 'api_hammer/tasks'

data/lib/oauthenticator/faraday_signer.rb

@@ -1,3 +1,4 @@
+require 'oauthenticator'
 require 'faraday'
 
 if Faraday.respond_to?(:register_middleware)
@@ -57,10 +58,8 @@ module OAuthenticator
         :body => request_env[:body]
       }
       oauthenticator_signable_request = OAuthenticator::SignableRequest.new(@options.merge(request_attributes))
-      authorization = oauthenticator_signable_request.authorization
-      signed_request_headers = request_env[:request_headers].merge('Authorization' => authorization)
-      signed_request_env = request_env.merge(:request_headers => signed_request_headers)
-      @app.call(signed_request_env)
+      request_env[:request_headers]['Authorization'] = oauthenticator_signable_request.authorization
+      @app.call(request_env)
     end
   end
 end

data/lib/oauthenticator/rack_test_signer.rb

@@ -0,0 +1,51 @@
+module OAuthenticator
+  module RackTestSigner
+    # takes a block. for the duration of the block, requests made with Rack::Test will be signed
+    # with the given oauth_attrs. oauth_attrs are passed to {OAuthenticator::SignableRequest}. 
+    #
+    # attributes of the request are set from the Rack::Test request, so you should not provide those in 
+    # the outh_attrs.
+    #
+    # These are the options you should or may provide (see {OAuthenticator::SignableRequest} for details of 
+    # what options are required, what options have default or generated values, and what may be omitted):
+    #
+    # - signature_method
+    # - consumer_key
+    # - consumer_secret
+    # - token
+    # - token_secret
+    # - version
+    # - realm
+    # - hash_body?
+    def signing_rack_test(oauth_attrs, &block)
+      begin
+        Thread.current[:oauthenticator_rack_test_attributes] = oauth_attrs
+        return yield
+      ensure
+        Thread.current[:oauthenticator_rack_test_attributes] = nil
+      end
+    end
+  end
+
+  # you can run OAuthenticator.signing_rack_test(attrs) { stuff }
+  extend RackTestSigner
+end
+
+class Rack::Test::Session
+  actual_process_request = instance_method(:process_request)
+  define_method(:process_request) do |uri, env, &block|
+    oauth_attrs = Thread.current[:oauthenticator_rack_test_attributes]
+    if oauth_attrs
+      request = Rack::Request.new(env)
+
+      env['HTTP_AUTHORIZATION'] = OAuthenticator::SignableRequest.new(oauth_attrs.merge({
+        :request_method => request.request_method,
+        :uri => request.url,
+        :media_type => request.media_type,
+        :body => request.body,
+      })).authorization
+    end
+
+    actual_process_request.bind(self).call(uri, env, &block)
+  end
+end

data/lib/oauthenticator/signable_request.rb

@@ -1,5 +1,5 @@
 require 'openssl'
-require 'uri'
+require 'addressable/uri'
 require 'base64'
 require 'cgi'
 require 'strscan'
@@ -176,9 +176,9 @@ module OAuthenticator
     #
     # @return [String]
     def base_string_uri
-      URI.parse(@attributes['uri'].to_s).tap do |uri|
-        uri.scheme = uri.scheme.downcase
-        uri.host = uri.host.downcase
+      Addressable::URI.parse(@attributes['uri'].to_s).tap do |uri|
+        uri.scheme = uri.scheme.downcase if uri.scheme
+        uri.host = uri.host.downcase if uri.host
         uri.normalize!
         uri.fragment = nil
         uri.query = nil

data/lib/oauthenticator/signed_request.rb

@@ -219,10 +219,12 @@ module OAuthenticator
           throw(:errors, {'Authorization oauth_signature' => ['is invalid']})
         end
 
-        begin
-          use_nonce!
-        rescue NonceUsedError
-          throw(:errors, {'Authorization oauth_nonce' => ['has already been used']})
+        if nonce?
+          begin
+            use_nonce!
+          rescue NonceUsedError
+            throw(:errors, {'Authorization oauth_nonce' => ['has already been used']})
+          end
         end
 
         nil

data/lib/oauthenticator/version.rb

@@ -1,5 +1,5 @@
 # OAuthenticator 
 module OAuthenticator
   # OAuthenticator::VERSION
-  VERSION = "1.1.0"
+  VERSION = "1.2.0"
 end

data/test/rack_authenticator_test.rb

@@ -305,6 +305,25 @@ describe OAuthenticator::RackAuthenticator do
       %q(oauth_version="1.0")
     assert_response(200, '☺', *oapp.call(request.env))
   end
+  it 'does not try to use an omitted nonce with PLAINTEXT' do
+    Timecop.travel Time.at 1391021695
+    consumer # cause this to be created
+    request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'GET'))
+    request.env['HTTP_AUTHORIZATION'] = %q(OAuth oauth_consumer_key="test_client_app_key", ) +
+      #%q(oauth_nonce="c1c2bd8676d44e48691c8dceffa66a96", ) +
+      %q(oauth_signature="test_client_app_secret%26", ) +
+      %q(oauth_signature_method="PLAINTEXT", ) +
+      %q(oauth_timestamp="1391021695", ) +
+      %q(oauth_version="1.0")
+    test_config_methods_without_use_nonce = Module.new do
+      include OAuthenticatorTestConfigMethods
+      def use_nonce!
+        raise "#use_nonce! should not have been called"
+      end
+    end
+    app = OAuthenticator::RackAuthenticator.new(simpleapp, :config_methods => test_config_methods_without_use_nonce)
+    assert_response(200, '☺', *app.call(request.env))
+  end
   it 'has an already-used nonce' do
     Timecop.travel Time.at 1391021695
     consumer # cause this to be created

data/test/rack_test_signer_test.rb

@@ -0,0 +1,61 @@
+# encoding: utf-8
+proc { |p| $:.unshift(p) unless $:.any? { |lp| File.expand_path(lp) == p } }.call(File.expand_path('.', File.dirname(__FILE__)))
+require 'helper'
+
+require 'oauthenticator/rack_test_signer'
+
+# not going to test a ton here, since the rack test signer mostly just calls to SignableRequest which is 
+# rather well-tested 
+describe OAuthenticator::RackTestSigner do
+  def assert_response(expected_status, expected_body, rack_response)
+    assert_equal expected_status.to_i, rack_response.status.to_i, "Expected status to be #{expected_status.inspect}" +
+      "; got #{rack_response.status.inspect}. body was: #{rack_response.body}"
+    assert expected_body === rack_response.body, "Expected match for #{expected_body}; got #{rack_response.body}"
+  end
+
+  def app
+    oapp
+  end
+
+  # this will construct the rack test session for us
+  include Rack::Test::Methods
+
+  it 'succeeds' do
+    signing_options = {
+      :signature_method => 'PLAINTEXT',
+      :consumer_key => consumer_key,
+      :consumer_secret => consumer_secret,
+      :token => token,
+      :token_secret => token_secret,
+    }
+
+    response = OAuthenticator.signing_rack_test(signing_options) { get '/' }
+    assert_response 200, '☺', response
+  end
+
+  it 'succeeds with form-encoded with HMAC' do
+    signing_options = {
+      :signature_method => 'HMAC-SHA1',
+      :consumer_key => consumer_key,
+      :consumer_secret => consumer_secret,
+      :token => token,
+      :token_secret => token_secret,
+    }
+
+    response = OAuthenticator.signing_rack_test(signing_options) { put('/', :foo => {:bar => :baz}) }
+    assert_response 200, '☺', response
+  end
+
+  it 'is unauthorized' do
+    signing_options = {
+      :signature_method => 'PLAINTEXT',
+      :consumer_key => consumer_key,
+      :consumer_secret => 'nope',
+      :token => token,
+      :token_secret => 'definitelynot',
+    }
+
+    response = OAuthenticator.signing_rack_test(signing_options) { get '/' }
+    assert_response 401, /Authorization oauth_signature.*is invalid/m, response
+  end
+end

metadata

@@ -1,258 +1,188 @@
---- !ruby/object:Gem::Specification
+--- !ruby/object:Gem::Specification 
 name: oauthenticator
-version: !ruby/object:Gem::Version
-  version: 1.1.0
+version: !ruby/object:Gem::Version 
+  version: 1.2.0
 platform: ruby
-authors:
+authors: 
 - Ethan
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-05-01 00:00:00.000000000 Z
-dependencies:
-- !ruby/object:Gem::Dependency
+
+date: 2014-06-25 00:00:00 Z
+dependencies: 
+- !ruby/object:Gem::Dependency 
   name: rack
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :runtime
   prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: json
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        version: "1.4"
   type: :runtime
+  version_requirements: *id001
+- !ruby/object:Gem::Dependency 
+  name: json
   prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
+  requirement: &id002 !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        version: "1.8"
+  type: :runtime
+  version_requirements: *id002
+- !ruby/object:Gem::Dependency 
   name: faraday
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
+  prerelease: false
+  requirement: &id003 !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        version: "0.9"
   type: :runtime
+  version_requirements: *id003
+- !ruby/object:Gem::Dependency 
+  name: addressable
   prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
+  requirement: &id004 !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        version: "2.3"
+  type: :runtime
+  version_requirements: *id004
+- !ruby/object:Gem::Dependency 
   name: rake
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
   prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: minitest
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
+  requirement: &id005 !ruby/object:Gem::Requirement 
+    requirements: 
+    - &id006 
+      - ">="
+      - !ruby/object:Gem::Version 
+        version: "0"
   type: :development
+  version_requirements: *id005
+- !ruby/object:Gem::Dependency 
+  name: minitest
   prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: minitest-reporters
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: rack-test
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
+  requirement: &id007 !ruby/object:Gem::Requirement 
+    requirements: 
+    - *id006
   type: :development
+  version_requirements: *id007
+- !ruby/object:Gem::Dependency 
+  name: minitest-reporters
   prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: timecop
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
+  requirement: &id008 !ruby/object:Gem::Requirement 
+    requirements: 
+    - *id006
   type: :development
+  version_requirements: *id008
+- !ruby/object:Gem::Dependency 
+  name: rack-test
   prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: simplecov
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
+  requirement: &id009 !ruby/object:Gem::Requirement 
+    requirements: 
+    - *id006
   type: :development
+  version_requirements: *id009
+- !ruby/object:Gem::Dependency 
+  name: timecop
   prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: yard
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
+  requirement: &id010 !ruby/object:Gem::Requirement 
+    requirements: 
+    - *id006
   type: :development
+  version_requirements: *id010
+- !ruby/object:Gem::Dependency 
+  name: simplecov
   prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: rdiscount
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
+  requirement: &id011 !ruby/object:Gem::Requirement 
+    requirements: 
+    - *id006
   type: :development
+  version_requirements: *id011
+- !ruby/object:Gem::Dependency 
+  name: api_hammer
   prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: redcarpet
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
+  requirement: &id012 !ruby/object:Gem::Requirement 
+    requirements: 
+    - *id006
   type: :development
+  version_requirements: *id012
+- !ruby/object:Gem::Dependency 
+  name: yard
   prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: rdoc
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 3.9.0
+  requirement: &id013 !ruby/object:Gem::Requirement 
+    requirements: 
+    - *id006
   type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 3.9.0
+  version_requirements: *id013
 description: OAuthenticator signs and authenticates OAuth 1.0 requests
-email:
+email: 
 - ethan@unth
 executables: []
+
 extensions: []
+
 extra_rdoc_files: []
-files:
-- ".simplecov"
-- ".yardopts"
-- CHANGELOG.md
-- LICENSE.txt
-- README.md
-- Rakefile.rb
+
+files: 
 - lib/oauthenticator.rb
 - lib/oauthenticator/config_methods.rb
 - lib/oauthenticator/faraday_signer.rb
 - lib/oauthenticator/parse_authorization.rb
 - lib/oauthenticator/rack_authenticator.rb
+- lib/oauthenticator/rack_test_signer.rb
 - lib/oauthenticator/signable_request.rb
 - lib/oauthenticator/signed_request.rb
 - lib/oauthenticator/version.rb
+- .yardopts
+- LICENSE.txt
+- CHANGELOG.md
+- README.md
+- Rakefile.rb
 - test/config_methods_test.rb
 - test/faraday_signer_test.rb
 - test/helper.rb
 - test/parse_authorization_test.rb
 - test/rack_authenticator_test.rb
+- test/rack_test_signer_test.rb
 - test/signable_request_test.rb
 - test/signed_request_test.rb
 - test/test_config_methods.rb
+- .simplecov
 homepage: https://github.com/notEthan/oauthenticator
-licenses:
+licenses: 
 - MIT
 metadata: {}
+
 post_install_message: 
 rdoc_options: []
-require_paths:
+
+require_paths: 
 - lib
-required_ruby_version: !ruby/object:Gem::Requirement
-  requirements:
-  - - ">="
-    - !ruby/object:Gem::Version
-      version: '0'
-required_rubygems_version: !ruby/object:Gem::Requirement
-  requirements:
-  - - ">="
-    - !ruby/object:Gem::Version
-      version: '0'
+required_ruby_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - *id006
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - *id006
 requirements: []
+
 rubyforge_project: 
-rubygems_version: 2.2.2
+rubygems_version: 2.0.14
 signing_key: 
 specification_version: 4
 summary: OAuth 1.0 request signing and authentication
-test_files:
+test_files: 
 - test/config_methods_test.rb
 - test/faraday_signer_test.rb
 - test/helper.rb
 - test/parse_authorization_test.rb
 - test/rack_authenticator_test.rb
+- test/rack_test_signer_test.rb
 - test/signable_request_test.rb
 - test/signed_request_test.rb
 - test/test_config_methods.rb
-- ".simplecov"
-has_rdoc: 
+- .simplecov