oauthenticator 1.1.0 → 1.2.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
- ---
2
- SHA1:
3
- metadata.gz: 827942505f6a7a7454a54fec370230998566b31d
4
- data.tar.gz: a2b80c738be4320eec657fea5b16d3b53ea06050
5
- SHA512:
6
- metadata.gz: ce622ff45391f968819261955cfabf0f1a8f73a7d0956b1e63011b7e342d83259f198a2f4b0d3f3895dcb119e8e89e0bc78e6fbc02c36fa54dc2eecd01b545a7
7
- data.tar.gz: 42c979625cb2411ecb257e2010c7038f346c0b839cd2d57c079f09db4cefb7f04eddceff664e78b9fe5a8529e1ab93a0841b0f9cffcfac71dbb356d6611d77b0
1
+ ---
2
+ SHA1:
3
+ metadata.gz: f69d23d4847799b28bcac89a56d812472727cf3d
4
+ data.tar.gz: ca253660ea69d85715f8ebe2427f45744e8aec57
5
+ SHA512:
6
+ metadata.gz: 7f2a35dc3501fa2542095db00906675fd0f77d40a3f0356e419a35399de4a3cd6ae7086b0420723529a271b6285b33efbdcf908e2b5c55109d81437fbf5fe7e2
7
+ data.tar.gz: b81c5679eb69fd602b0eb659e3be7c9f4b6df60792237a94aedcba0a47e231ecd9e6f5835fecc5a59b08ba50c42683160d2ca04a5957cccb800a6db5550622db
data/CHANGELOG.md CHANGED
@@ -1,3 +1,8 @@
1
+ # 1.2.0
2
+
3
+ - OAuthenticator::RackTestSigner / OAuthenticator.signing_rack_test
4
+ - don't try to use a nonce when not required and specified
5
+
1
6
  # 1.1.0
2
7
 
3
8
  - added OAuthenticator::NonceUsedError to address race condition between `#nonce_used?` and `#use_nonce!`
data/Rakefile.rb CHANGED
@@ -9,3 +9,5 @@ task 'default' => 'test'
9
9
  require 'yard'
10
10
  YARD::Rake::YardocTask.new do |t|
11
11
  end
12
+
13
+ require 'api_hammer/tasks'
@@ -1,3 +1,4 @@
1
+ require 'oauthenticator'
1
2
  require 'faraday'
2
3
 
3
4
  if Faraday.respond_to?(:register_middleware)
@@ -57,10 +58,8 @@ module OAuthenticator
57
58
  :body => request_env[:body]
58
59
  }
59
60
  oauthenticator_signable_request = OAuthenticator::SignableRequest.new(@options.merge(request_attributes))
60
- authorization = oauthenticator_signable_request.authorization
61
- signed_request_headers = request_env[:request_headers].merge('Authorization' => authorization)
62
- signed_request_env = request_env.merge(:request_headers => signed_request_headers)
63
- @app.call(signed_request_env)
61
+ request_env[:request_headers]['Authorization'] = oauthenticator_signable_request.authorization
62
+ @app.call(request_env)
64
63
  end
65
64
  end
66
65
  end
@@ -0,0 +1,51 @@
1
+ module OAuthenticator
2
+ module RackTestSigner
3
+ # takes a block. for the duration of the block, requests made with Rack::Test will be signed
4
+ # with the given oauth_attrs. oauth_attrs are passed to {OAuthenticator::SignableRequest}.
5
+ #
6
+ # attributes of the request are set from the Rack::Test request, so you should not provide those in
7
+ # the outh_attrs.
8
+ #
9
+ # These are the options you should or may provide (see {OAuthenticator::SignableRequest} for details of
10
+ # what options are required, what options have default or generated values, and what may be omitted):
11
+ #
12
+ # - signature_method
13
+ # - consumer_key
14
+ # - consumer_secret
15
+ # - token
16
+ # - token_secret
17
+ # - version
18
+ # - realm
19
+ # - hash_body?
20
+ def signing_rack_test(oauth_attrs, &block)
21
+ begin
22
+ Thread.current[:oauthenticator_rack_test_attributes] = oauth_attrs
23
+ return yield
24
+ ensure
25
+ Thread.current[:oauthenticator_rack_test_attributes] = nil
26
+ end
27
+ end
28
+ end
29
+
30
+ # you can run OAuthenticator.signing_rack_test(attrs) { stuff }
31
+ extend RackTestSigner
32
+ end
33
+
34
+ class Rack::Test::Session
35
+ actual_process_request = instance_method(:process_request)
36
+ define_method(:process_request) do |uri, env, &block|
37
+ oauth_attrs = Thread.current[:oauthenticator_rack_test_attributes]
38
+ if oauth_attrs
39
+ request = Rack::Request.new(env)
40
+
41
+ env['HTTP_AUTHORIZATION'] = OAuthenticator::SignableRequest.new(oauth_attrs.merge({
42
+ :request_method => request.request_method,
43
+ :uri => request.url,
44
+ :media_type => request.media_type,
45
+ :body => request.body,
46
+ })).authorization
47
+ end
48
+
49
+ actual_process_request.bind(self).call(uri, env, &block)
50
+ end
51
+ end
@@ -1,5 +1,5 @@
1
1
  require 'openssl'
2
- require 'uri'
2
+ require 'addressable/uri'
3
3
  require 'base64'
4
4
  require 'cgi'
5
5
  require 'strscan'
@@ -176,9 +176,9 @@ module OAuthenticator
176
176
  #
177
177
  # @return [String]
178
178
  def base_string_uri
179
- URI.parse(@attributes['uri'].to_s).tap do |uri|
180
- uri.scheme = uri.scheme.downcase
181
- uri.host = uri.host.downcase
179
+ Addressable::URI.parse(@attributes['uri'].to_s).tap do |uri|
180
+ uri.scheme = uri.scheme.downcase if uri.scheme
181
+ uri.host = uri.host.downcase if uri.host
182
182
  uri.normalize!
183
183
  uri.fragment = nil
184
184
  uri.query = nil
@@ -219,10 +219,12 @@ module OAuthenticator
219
219
  throw(:errors, {'Authorization oauth_signature' => ['is invalid']})
220
220
  end
221
221
 
222
- begin
223
- use_nonce!
224
- rescue NonceUsedError
225
- throw(:errors, {'Authorization oauth_nonce' => ['has already been used']})
222
+ if nonce?
223
+ begin
224
+ use_nonce!
225
+ rescue NonceUsedError
226
+ throw(:errors, {'Authorization oauth_nonce' => ['has already been used']})
227
+ end
226
228
  end
227
229
 
228
230
  nil
@@ -1,5 +1,5 @@
1
1
  # OAuthenticator
2
2
  module OAuthenticator
3
3
  # OAuthenticator::VERSION
4
- VERSION = "1.1.0"
4
+ VERSION = "1.2.0"
5
5
  end
@@ -305,6 +305,25 @@ describe OAuthenticator::RackAuthenticator do
305
305
  %q(oauth_version="1.0")
306
306
  assert_response(200, '☺', *oapp.call(request.env))
307
307
  end
308
+ it 'does not try to use an omitted nonce with PLAINTEXT' do
309
+ Timecop.travel Time.at 1391021695
310
+ consumer # cause this to be created
311
+ request = Rack::Request.new(Rack::MockRequest.env_for('/', :method => 'GET'))
312
+ request.env['HTTP_AUTHORIZATION'] = %q(OAuth oauth_consumer_key="test_client_app_key", ) +
313
+ #%q(oauth_nonce="c1c2bd8676d44e48691c8dceffa66a96", ) +
314
+ %q(oauth_signature="test_client_app_secret%26", ) +
315
+ %q(oauth_signature_method="PLAINTEXT", ) +
316
+ %q(oauth_timestamp="1391021695", ) +
317
+ %q(oauth_version="1.0")
318
+ test_config_methods_without_use_nonce = Module.new do
319
+ include OAuthenticatorTestConfigMethods
320
+ def use_nonce!
321
+ raise "#use_nonce! should not have been called"
322
+ end
323
+ end
324
+ app = OAuthenticator::RackAuthenticator.new(simpleapp, :config_methods => test_config_methods_without_use_nonce)
325
+ assert_response(200, '☺', *app.call(request.env))
326
+ end
308
327
  it 'has an already-used nonce' do
309
328
  Timecop.travel Time.at 1391021695
310
329
  consumer # cause this to be created
@@ -0,0 +1,61 @@
1
+ # encoding: utf-8
2
+ proc { |p| $:.unshift(p) unless $:.any? { |lp| File.expand_path(lp) == p } }.call(File.expand_path('.', File.dirname(__FILE__)))
3
+ require 'helper'
4
+
5
+ require 'oauthenticator/rack_test_signer'
6
+
7
+ # not going to test a ton here, since the rack test signer mostly just calls to SignableRequest which is
8
+ # rather well-tested
9
+ describe OAuthenticator::RackTestSigner do
10
+ def assert_response(expected_status, expected_body, rack_response)
11
+ assert_equal expected_status.to_i, rack_response.status.to_i, "Expected status to be #{expected_status.inspect}" +
12
+ "; got #{rack_response.status.inspect}. body was: #{rack_response.body}"
13
+ assert expected_body === rack_response.body, "Expected match for #{expected_body}; got #{rack_response.body}"
14
+ end
15
+
16
+ def app
17
+ oapp
18
+ end
19
+
20
+ # this will construct the rack test session for us
21
+ include Rack::Test::Methods
22
+
23
+ it 'succeeds' do
24
+ signing_options = {
25
+ :signature_method => 'PLAINTEXT',
26
+ :consumer_key => consumer_key,
27
+ :consumer_secret => consumer_secret,
28
+ :token => token,
29
+ :token_secret => token_secret,
30
+ }
31
+
32
+ response = OAuthenticator.signing_rack_test(signing_options) { get '/' }
33
+ assert_response 200, '☺', response
34
+ end
35
+
36
+ it 'succeeds with form-encoded with HMAC' do
37
+ signing_options = {
38
+ :signature_method => 'HMAC-SHA1',
39
+ :consumer_key => consumer_key,
40
+ :consumer_secret => consumer_secret,
41
+ :token => token,
42
+ :token_secret => token_secret,
43
+ }
44
+
45
+ response = OAuthenticator.signing_rack_test(signing_options) { put('/', :foo => {:bar => :baz}) }
46
+ assert_response 200, '☺', response
47
+ end
48
+
49
+ it 'is unauthorized' do
50
+ signing_options = {
51
+ :signature_method => 'PLAINTEXT',
52
+ :consumer_key => consumer_key,
53
+ :consumer_secret => 'nope',
54
+ :token => token,
55
+ :token_secret => 'definitelynot',
56
+ }
57
+
58
+ response = OAuthenticator.signing_rack_test(signing_options) { get '/' }
59
+ assert_response 401, /Authorization oauth_signature.*is invalid/m, response
60
+ end
61
+ end
metadata CHANGED
@@ -1,258 +1,188 @@
1
- --- !ruby/object:Gem::Specification
1
+ --- !ruby/object:Gem::Specification
2
2
  name: oauthenticator
3
- version: !ruby/object:Gem::Version
4
- version: 1.1.0
3
+ version: !ruby/object:Gem::Version
4
+ version: 1.2.0
5
5
  platform: ruby
6
- authors:
6
+ authors:
7
7
  - Ethan
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2014-05-01 00:00:00.000000000 Z
12
- dependencies:
13
- - !ruby/object:Gem::Dependency
11
+
12
+ date: 2014-06-25 00:00:00 Z
13
+ dependencies:
14
+ - !ruby/object:Gem::Dependency
14
15
  name: rack
15
- requirement: !ruby/object:Gem::Requirement
16
- requirements:
17
- - - ">="
18
- - !ruby/object:Gem::Version
19
- version: '0'
20
- type: :runtime
21
16
  prerelease: false
22
- version_requirements: !ruby/object:Gem::Requirement
23
- requirements:
24
- - - ">="
25
- - !ruby/object:Gem::Version
26
- version: '0'
27
- - !ruby/object:Gem::Dependency
28
- name: json
29
- requirement: !ruby/object:Gem::Requirement
30
- requirements:
31
- - - ">="
32
- - !ruby/object:Gem::Version
33
- version: '0'
17
+ requirement: &id001 !ruby/object:Gem::Requirement
18
+ requirements:
19
+ - - ~>
20
+ - !ruby/object:Gem::Version
21
+ version: "1.4"
34
22
  type: :runtime
23
+ version_requirements: *id001
24
+ - !ruby/object:Gem::Dependency
25
+ name: json
35
26
  prerelease: false
36
- version_requirements: !ruby/object:Gem::Requirement
37
- requirements:
38
- - - ">="
39
- - !ruby/object:Gem::Version
40
- version: '0'
41
- - !ruby/object:Gem::Dependency
27
+ requirement: &id002 !ruby/object:Gem::Requirement
28
+ requirements:
29
+ - - ~>
30
+ - !ruby/object:Gem::Version
31
+ version: "1.8"
32
+ type: :runtime
33
+ version_requirements: *id002
34
+ - !ruby/object:Gem::Dependency
42
35
  name: faraday
43
- requirement: !ruby/object:Gem::Requirement
44
- requirements:
45
- - - ">="
46
- - !ruby/object:Gem::Version
47
- version: '0'
36
+ prerelease: false
37
+ requirement: &id003 !ruby/object:Gem::Requirement
38
+ requirements:
39
+ - - ~>
40
+ - !ruby/object:Gem::Version
41
+ version: "0.9"
48
42
  type: :runtime
43
+ version_requirements: *id003
44
+ - !ruby/object:Gem::Dependency
45
+ name: addressable
49
46
  prerelease: false
50
- version_requirements: !ruby/object:Gem::Requirement
51
- requirements:
52
- - - ">="
53
- - !ruby/object:Gem::Version
54
- version: '0'
55
- - !ruby/object:Gem::Dependency
47
+ requirement: &id004 !ruby/object:Gem::Requirement
48
+ requirements:
49
+ - - ~>
50
+ - !ruby/object:Gem::Version
51
+ version: "2.3"
52
+ type: :runtime
53
+ version_requirements: *id004
54
+ - !ruby/object:Gem::Dependency
56
55
  name: rake
57
- requirement: !ruby/object:Gem::Requirement
58
- requirements:
59
- - - ">="
60
- - !ruby/object:Gem::Version
61
- version: '0'
62
- type: :development
63
56
  prerelease: false
64
- version_requirements: !ruby/object:Gem::Requirement
65
- requirements:
66
- - - ">="
67
- - !ruby/object:Gem::Version
68
- version: '0'
69
- - !ruby/object:Gem::Dependency
70
- name: minitest
71
- requirement: !ruby/object:Gem::Requirement
72
- requirements:
73
- - - ">="
74
- - !ruby/object:Gem::Version
75
- version: '0'
57
+ requirement: &id005 !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - &id006
60
+ - ">="
61
+ - !ruby/object:Gem::Version
62
+ version: "0"
76
63
  type: :development
64
+ version_requirements: *id005
65
+ - !ruby/object:Gem::Dependency
66
+ name: minitest
77
67
  prerelease: false
78
- version_requirements: !ruby/object:Gem::Requirement
79
- requirements:
80
- - - ">="
81
- - !ruby/object:Gem::Version
82
- version: '0'
83
- - !ruby/object:Gem::Dependency
84
- name: minitest-reporters
85
- requirement: !ruby/object:Gem::Requirement
86
- requirements:
87
- - - ">="
88
- - !ruby/object:Gem::Version
89
- version: '0'
90
- type: :development
91
- prerelease: false
92
- version_requirements: !ruby/object:Gem::Requirement
93
- requirements:
94
- - - ">="
95
- - !ruby/object:Gem::Version
96
- version: '0'
97
- - !ruby/object:Gem::Dependency
98
- name: rack-test
99
- requirement: !ruby/object:Gem::Requirement
100
- requirements:
101
- - - ">="
102
- - !ruby/object:Gem::Version
103
- version: '0'
68
+ requirement: &id007 !ruby/object:Gem::Requirement
69
+ requirements:
70
+ - *id006
104
71
  type: :development
72
+ version_requirements: *id007
73
+ - !ruby/object:Gem::Dependency
74
+ name: minitest-reporters
105
75
  prerelease: false
106
- version_requirements: !ruby/object:Gem::Requirement
107
- requirements:
108
- - - ">="
109
- - !ruby/object:Gem::Version
110
- version: '0'
111
- - !ruby/object:Gem::Dependency
112
- name: timecop
113
- requirement: !ruby/object:Gem::Requirement
114
- requirements:
115
- - - ">="
116
- - !ruby/object:Gem::Version
117
- version: '0'
76
+ requirement: &id008 !ruby/object:Gem::Requirement
77
+ requirements:
78
+ - *id006
118
79
  type: :development
80
+ version_requirements: *id008
81
+ - !ruby/object:Gem::Dependency
82
+ name: rack-test
119
83
  prerelease: false
120
- version_requirements: !ruby/object:Gem::Requirement
121
- requirements:
122
- - - ">="
123
- - !ruby/object:Gem::Version
124
- version: '0'
125
- - !ruby/object:Gem::Dependency
126
- name: simplecov
127
- requirement: !ruby/object:Gem::Requirement
128
- requirements:
129
- - - ">="
130
- - !ruby/object:Gem::Version
131
- version: '0'
84
+ requirement: &id009 !ruby/object:Gem::Requirement
85
+ requirements:
86
+ - *id006
132
87
  type: :development
88
+ version_requirements: *id009
89
+ - !ruby/object:Gem::Dependency
90
+ name: timecop
133
91
  prerelease: false
134
- version_requirements: !ruby/object:Gem::Requirement
135
- requirements:
136
- - - ">="
137
- - !ruby/object:Gem::Version
138
- version: '0'
139
- - !ruby/object:Gem::Dependency
140
- name: yard
141
- requirement: !ruby/object:Gem::Requirement
142
- requirements:
143
- - - ">="
144
- - !ruby/object:Gem::Version
145
- version: '0'
92
+ requirement: &id010 !ruby/object:Gem::Requirement
93
+ requirements:
94
+ - *id006
146
95
  type: :development
96
+ version_requirements: *id010
97
+ - !ruby/object:Gem::Dependency
98
+ name: simplecov
147
99
  prerelease: false
148
- version_requirements: !ruby/object:Gem::Requirement
149
- requirements:
150
- - - ">="
151
- - !ruby/object:Gem::Version
152
- version: '0'
153
- - !ruby/object:Gem::Dependency
154
- name: rdiscount
155
- requirement: !ruby/object:Gem::Requirement
156
- requirements:
157
- - - ">="
158
- - !ruby/object:Gem::Version
159
- version: '0'
100
+ requirement: &id011 !ruby/object:Gem::Requirement
101
+ requirements:
102
+ - *id006
160
103
  type: :development
104
+ version_requirements: *id011
105
+ - !ruby/object:Gem::Dependency
106
+ name: api_hammer
161
107
  prerelease: false
162
- version_requirements: !ruby/object:Gem::Requirement
163
- requirements:
164
- - - ">="
165
- - !ruby/object:Gem::Version
166
- version: '0'
167
- - !ruby/object:Gem::Dependency
168
- name: redcarpet
169
- requirement: !ruby/object:Gem::Requirement
170
- requirements:
171
- - - ">="
172
- - !ruby/object:Gem::Version
173
- version: '0'
108
+ requirement: &id012 !ruby/object:Gem::Requirement
109
+ requirements:
110
+ - *id006
174
111
  type: :development
112
+ version_requirements: *id012
113
+ - !ruby/object:Gem::Dependency
114
+ name: yard
175
115
  prerelease: false
176
- version_requirements: !ruby/object:Gem::Requirement
177
- requirements:
178
- - - ">="
179
- - !ruby/object:Gem::Version
180
- version: '0'
181
- - !ruby/object:Gem::Dependency
182
- name: rdoc
183
- requirement: !ruby/object:Gem::Requirement
184
- requirements:
185
- - - "~>"
186
- - !ruby/object:Gem::Version
187
- version: 3.9.0
116
+ requirement: &id013 !ruby/object:Gem::Requirement
117
+ requirements:
118
+ - *id006
188
119
  type: :development
189
- prerelease: false
190
- version_requirements: !ruby/object:Gem::Requirement
191
- requirements:
192
- - - "~>"
193
- - !ruby/object:Gem::Version
194
- version: 3.9.0
120
+ version_requirements: *id013
195
121
  description: OAuthenticator signs and authenticates OAuth 1.0 requests
196
- email:
122
+ email:
197
123
  - ethan@unth
198
124
  executables: []
125
+
199
126
  extensions: []
127
+
200
128
  extra_rdoc_files: []
201
- files:
202
- - ".simplecov"
203
- - ".yardopts"
204
- - CHANGELOG.md
205
- - LICENSE.txt
206
- - README.md
207
- - Rakefile.rb
129
+
130
+ files:
208
131
  - lib/oauthenticator.rb
209
132
  - lib/oauthenticator/config_methods.rb
210
133
  - lib/oauthenticator/faraday_signer.rb
211
134
  - lib/oauthenticator/parse_authorization.rb
212
135
  - lib/oauthenticator/rack_authenticator.rb
136
+ - lib/oauthenticator/rack_test_signer.rb
213
137
  - lib/oauthenticator/signable_request.rb
214
138
  - lib/oauthenticator/signed_request.rb
215
139
  - lib/oauthenticator/version.rb
140
+ - .yardopts
141
+ - LICENSE.txt
142
+ - CHANGELOG.md
143
+ - README.md
144
+ - Rakefile.rb
216
145
  - test/config_methods_test.rb
217
146
  - test/faraday_signer_test.rb
218
147
  - test/helper.rb
219
148
  - test/parse_authorization_test.rb
220
149
  - test/rack_authenticator_test.rb
150
+ - test/rack_test_signer_test.rb
221
151
  - test/signable_request_test.rb
222
152
  - test/signed_request_test.rb
223
153
  - test/test_config_methods.rb
154
+ - .simplecov
224
155
  homepage: https://github.com/notEthan/oauthenticator
225
- licenses:
156
+ licenses:
226
157
  - MIT
227
158
  metadata: {}
159
+
228
160
  post_install_message:
229
161
  rdoc_options: []
230
- require_paths:
162
+
163
+ require_paths:
231
164
  - lib
232
- required_ruby_version: !ruby/object:Gem::Requirement
233
- requirements:
234
- - - ">="
235
- - !ruby/object:Gem::Version
236
- version: '0'
237
- required_rubygems_version: !ruby/object:Gem::Requirement
238
- requirements:
239
- - - ">="
240
- - !ruby/object:Gem::Version
241
- version: '0'
165
+ required_ruby_version: !ruby/object:Gem::Requirement
166
+ requirements:
167
+ - *id006
168
+ required_rubygems_version: !ruby/object:Gem::Requirement
169
+ requirements:
170
+ - *id006
242
171
  requirements: []
172
+
243
173
  rubyforge_project:
244
- rubygems_version: 2.2.2
174
+ rubygems_version: 2.0.14
245
175
  signing_key:
246
176
  specification_version: 4
247
177
  summary: OAuth 1.0 request signing and authentication
248
- test_files:
178
+ test_files:
249
179
  - test/config_methods_test.rb
250
180
  - test/faraday_signer_test.rb
251
181
  - test/helper.rb
252
182
  - test/parse_authorization_test.rb
253
183
  - test/rack_authenticator_test.rb
184
+ - test/rack_test_signer_test.rb
254
185
  - test/signable_request_test.rb
255
186
  - test/signed_request_test.rb
256
187
  - test/test_config_methods.rb
257
- - ".simplecov"
258
- has_rdoc:
188
+ - .simplecov