oauthenticator 1.3.0 → 1.3.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/CHANGELOG.md +23 -0
- data/README.md +9 -4
- data/Rakefile.rb +2 -1
- data/lib/oauthenticator/faraday_signer.rb +14 -3
- data/lib/oauthenticator/parse_authorization.rb +4 -4
- data/lib/oauthenticator/rack_authenticator.rb +4 -3
- data/lib/oauthenticator/version.rb +1 -1
- data/test/faraday_signer_test.rb +17 -0
- data/test/rack_authenticator_test.rb +4 -1
- data/test/signable_request_test.rb +2 -1
- metadata +23 -13
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
|
-
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: 16ab24b09d173ed8caca336faa49d9cc263513b5a1b918f656985dff431caa61
|
|
4
|
+
data.tar.gz: d3439a11045ed50fb9c72ccb85d137c72ea04b04189d58729b24ca365744937f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: bd14158bfbc8c6ff4f998226ae110d5d3c9d251fb011968dd5ddc7d3fd1d131450e5dce683e1590728218527ea2a9f31e82b17f81b674eb4ea391a4d68d0bdb0
|
|
7
|
+
data.tar.gz: 82aef9ae6b004bcd95b5cf6a96c198089195022b3a131ec1346a62a2c18d3db1b6b2eae54af4ba41e665ef57677dc72bed6a9f886615fdeb53e7351e0a697918
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,26 @@
|
|
|
1
|
+
# 1.3.5
|
|
2
|
+
|
|
3
|
+
- relax faraday and rack gem dependency constraints
|
|
4
|
+
|
|
5
|
+
# 1.3.4
|
|
6
|
+
|
|
7
|
+
- relax json gem dependency constraint
|
|
8
|
+
|
|
9
|
+
# 1.3.3
|
|
10
|
+
|
|
11
|
+
- env["oauth.signed_request"] contains the signed request. this makes any helper methods from the implemented
|
|
12
|
+
config methods module available and helps avoid code duplication (and sometimes duplicated db queries -
|
|
13
|
+
depending on implementation)
|
|
14
|
+
- fix irrelevant warning with Hash#reject called on hash with a default proc
|
|
15
|
+
|
|
16
|
+
# 1.3.2
|
|
17
|
+
|
|
18
|
+
- loosen dependency to allow rack 2.0
|
|
19
|
+
|
|
20
|
+
# 1.3.1
|
|
21
|
+
|
|
22
|
+
- set media type to the default that the adapter will use if it's not specified on a request that is expected to have a body
|
|
23
|
+
|
|
1
24
|
# 1.3.0
|
|
2
25
|
|
|
3
26
|
- Make error messages fully-human readable on their own (not requiring context of the error key)
|
data/README.md
CHANGED
|
@@ -1,5 +1,7 @@
|
|
|
1
1
|
# OAuthenticator
|
|
2
2
|
|
|
3
|
+
[](https://travis-ci.org/notEthan/oauthenticator)
|
|
4
|
+
|
|
3
5
|
OAuthenticator signs outgoing requests with OAuth 1.0.
|
|
4
6
|
|
|
5
7
|
OAuthenticator authenticates incoming OAuth 1.0 signed requests, primarily as a middleware, and forms useful
|
|
@@ -46,7 +48,10 @@ connection.get '/path'
|
|
|
46
48
|
```
|
|
47
49
|
|
|
48
50
|
Note that `:url_encoded` is only included to illustrate that other middleware should all go before
|
|
49
|
-
`:oauthenticator_signer`; the use of `:url_encoded` is not related to OAuthenticator.
|
|
51
|
+
`:oauthenticator_signer`; the use of `:url_encoded` is not related to OAuthenticator.
|
|
52
|
+
|
|
53
|
+
Note that for the RSA-SHA1 signature method, the token secret is the contents of the RSA certificate
|
|
54
|
+
used for signing the requests.
|
|
50
55
|
|
|
51
56
|
### Any other HTTP library
|
|
52
57
|
|
|
@@ -73,13 +78,13 @@ See the documentation for {OAuthenticator::SignableRequest} for more detailed in
|
|
|
73
78
|
|
|
74
79
|
### OAuth Request Body Hash
|
|
75
80
|
|
|
76
|
-
The [OAuth Request Body Hash](https://
|
|
81
|
+
The [OAuth Request Body Hash](https://tools.ietf.org/html/draft-eaton-oauth-bodyhash-00)
|
|
77
82
|
specification is supported. By default all signing of outgoing does include the body hash. This can be
|
|
78
83
|
disabled by setting the `:hash_body?` / `'hash_body?'` attribute to false when instantiating an
|
|
79
84
|
OAuthenticator::SignableRequest.
|
|
80
85
|
|
|
81
86
|
For info on when to include the body hash, see
|
|
82
|
-
[When to Include the Body Hash](https://
|
|
87
|
+
[When to Include the Body Hash](https://tools.ietf.org/html/draft-eaton-oauth-bodyhash-00#section-4.1.1).
|
|
83
88
|
|
|
84
89
|
## Authenticating incoming requests
|
|
85
90
|
|
|
@@ -193,7 +198,7 @@ methods it needs to function.
|
|
|
193
198
|
|
|
194
199
|
### OAuth Request Body Hash
|
|
195
200
|
|
|
196
|
-
The [OAuth Request Body Hash](https://
|
|
201
|
+
The [OAuth Request Body Hash](https://tools.ietf.org/html/draft-eaton-oauth-bodyhash-00)
|
|
197
202
|
specification is supported. Requests which include the oauth_body_hash parameter are authenticated according
|
|
198
203
|
to the spec.
|
|
199
204
|
|
data/Rakefile.rb
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
require 'oauthenticator'
|
|
2
1
|
require 'faraday'
|
|
2
|
+
require 'rack'
|
|
3
3
|
|
|
4
4
|
if Faraday.respond_to?(:register_middleware)
|
|
5
5
|
Faraday.register_middleware(:request, :oauthenticator_signer => proc { OAuthenticator::FaradaySigner })
|
|
@@ -30,7 +30,7 @@ module OAuthenticator
|
|
|
30
30
|
class FaradaySigner
|
|
31
31
|
# options are passed to {OAuthenticator::SignableRequest}.
|
|
32
32
|
#
|
|
33
|
-
# attributes of the request are added by the middleware, so you should not provide those as
|
|
33
|
+
# attributes of the request are added by the middleware, so you should not provide those as options
|
|
34
34
|
# (it would not make sense to do so on the connection level).
|
|
35
35
|
#
|
|
36
36
|
# These are the options you should or may provide (see {OAuthenticator::SignableRequest} for details of
|
|
@@ -49,14 +49,25 @@ module OAuthenticator
|
|
|
49
49
|
@options = options
|
|
50
50
|
end
|
|
51
51
|
|
|
52
|
+
# see also Faraday::Env::MethodsWithBodies
|
|
53
|
+
METHODS_WITH_BODIES = %w(post put patch options)
|
|
54
|
+
|
|
52
55
|
# do the thing
|
|
53
56
|
def call(request_env)
|
|
57
|
+
media_type = Rack::Request.new('CONTENT_TYPE' => request_env[:request_headers]['Content-Type']).media_type
|
|
54
58
|
request_attributes = {
|
|
55
59
|
:request_method => request_env[:method],
|
|
56
60
|
:uri => request_env[:url],
|
|
57
|
-
:media_type =>
|
|
61
|
+
:media_type => media_type,
|
|
58
62
|
:body => request_env[:body]
|
|
59
63
|
}
|
|
64
|
+
# the adapter will set the media type to form-encoded when not otherwise specified on
|
|
65
|
+
# requests it expects to have a body. see
|
|
66
|
+
# Net::HTTPGenericRequest#supply_default_content_type called in #send_request_with_body.
|
|
67
|
+
# other adapters do similarly, I think.
|
|
68
|
+
if METHODS_WITH_BODIES.include?(request_env[:method].to_s.downcase) && !request_attributes[:media_type]
|
|
69
|
+
request_attributes[:media_type] = 'application/x-www-form-urlencoded'
|
|
70
|
+
end
|
|
60
71
|
oauthenticator_signable_request = OAuthenticator::SignableRequest.new(@options.merge(request_attributes))
|
|
61
72
|
request_env[:request_headers]['Authorization'] = oauthenticator_signable_request.authorization
|
|
62
73
|
@app.call(request_env)
|
|
@@ -33,16 +33,16 @@ module OAuthenticator
|
|
|
33
33
|
header = header.to_s
|
|
34
34
|
scanner = StringScanner.new(header)
|
|
35
35
|
auth_parse_error = proc { |message| raise ParseError.new(message, {'Authorization' => [message]}) }
|
|
36
|
-
scanner.scan(/OAuth\s*/i) || auth_parse_error.call("Authorization scheme is not OAuth -
|
|
37
|
-
attributes =
|
|
38
|
-
while
|
|
36
|
+
scanner.scan(/OAuth\s*/i) || auth_parse_error.call("Authorization scheme is not OAuth - received: #{header}")
|
|
37
|
+
attributes = {}
|
|
38
|
+
while scanner.scan(/(\w+)="([^"]*)"\s*(,?)\s*/)
|
|
39
39
|
key = scanner[1]
|
|
40
40
|
value = scanner[2]
|
|
41
41
|
comma_follows = !scanner[3].empty?
|
|
42
42
|
if !comma_follows && !scanner.eos?
|
|
43
43
|
auth_parse_error.call("Could not parse Authorization header: #{header}\naround or after character #{scanner.pos}: #{scanner.rest}")
|
|
44
44
|
end
|
|
45
|
-
attributes[unescape(key)] << unescape(value)
|
|
45
|
+
(attributes[unescape(key)] ||= []) << unescape(value)
|
|
46
46
|
end
|
|
47
47
|
unless scanner.eos?
|
|
48
48
|
auth_parse_error.call("Could not parse Authorization header: #{header}\naround or after character #{scanner.pos}: #{scanner.rest}")
|
|
@@ -25,8 +25,8 @@ module OAuthenticator
|
|
|
25
25
|
#
|
|
26
26
|
# - `:realm` - 401 responses include a `WWW-Authenticate` with the realm set to the given value. default
|
|
27
27
|
# is an empty string.
|
|
28
|
-
def initialize(app, options={})
|
|
29
|
-
@app=app
|
|
28
|
+
def initialize(app, options = {})
|
|
29
|
+
@app = app
|
|
30
30
|
@options = options
|
|
31
31
|
unless @options[:config_methods].is_a?(Module)
|
|
32
32
|
raise ArgumentError, "options[:config_methods] must be a Module"
|
|
@@ -48,6 +48,7 @@ module OAuthenticator
|
|
|
48
48
|
unauthenticated_response(oauth_request.errors)
|
|
49
49
|
else
|
|
50
50
|
log_success(env, oauth_request)
|
|
51
|
+
env["oauth.signed_request"] = oauth_request
|
|
51
52
|
env["oauth.consumer_key"] = oauth_request.consumer_key
|
|
52
53
|
env["oauth.token"] = oauth_request.token
|
|
53
54
|
env["oauth.authenticated"] = true
|
|
@@ -60,7 +61,7 @@ module OAuthenticator
|
|
|
60
61
|
|
|
61
62
|
# the response for an unauthenticated request. the argument will be a hash with the key 'errors', whose
|
|
62
63
|
# value is a hash with string keys indicating attributes with errors, and values being arrays of strings
|
|
63
|
-
# indicating error messages on the attribute key
|
|
64
|
+
# indicating error messages on the attribute key.
|
|
64
65
|
def unauthenticated_response(errors)
|
|
65
66
|
# default to a blank realm, I suppose
|
|
66
67
|
realm = @options[:realm] || ''
|
data/test/faraday_signer_test.rb
CHANGED
|
@@ -46,6 +46,23 @@ describe OAuthenticator::FaradaySigner do
|
|
|
46
46
|
assert_response 200, '☺', response
|
|
47
47
|
end
|
|
48
48
|
|
|
49
|
+
it 'succeeds with charset' do
|
|
50
|
+
signing_options = {
|
|
51
|
+
:signature_method => 'HMAC-SHA1',
|
|
52
|
+
:consumer_key => consumer_key,
|
|
53
|
+
:consumer_secret => consumer_secret,
|
|
54
|
+
:token => token,
|
|
55
|
+
:token_secret => token_secret,
|
|
56
|
+
}
|
|
57
|
+
|
|
58
|
+
connection = Faraday.new(:url => 'http://example.com', :headers => {'Content-Type' => 'application/x-www-form-urlencoded; charset=UTF-8'}) do |faraday|
|
|
59
|
+
faraday.request :oauthenticator_signer, signing_options
|
|
60
|
+
faraday.adapter :rack, oapp
|
|
61
|
+
end
|
|
62
|
+
response = connection.post('/', 'a=b')
|
|
63
|
+
assert_response 200, '☺', response
|
|
64
|
+
end
|
|
65
|
+
|
|
49
66
|
it 'is unauthorized' do
|
|
50
67
|
signing_options = {
|
|
51
68
|
:signature_method => 'PLAINTEXT',
|
|
@@ -592,14 +592,16 @@ describe OAuthenticator::RackAuthenticator do
|
|
|
592
592
|
end
|
|
593
593
|
end
|
|
594
594
|
|
|
595
|
-
it 'sets oauth.authenticated, oauth.token, oauth.consumer_key' do
|
|
595
|
+
it 'sets oauth.authenticated, oauth.token, oauth.consumer_key, oauth.signed_request' do
|
|
596
596
|
oauth_authenticated = nil
|
|
597
597
|
oauth_token = nil
|
|
598
598
|
oauth_consumer_key = nil
|
|
599
|
+
oauth_signed_request = nil
|
|
599
600
|
testapp = proc do |env|
|
|
600
601
|
oauth_authenticated = env['oauth.authenticated']
|
|
601
602
|
oauth_token = env['oauth.token']
|
|
602
603
|
oauth_consumer_key = env['oauth.consumer_key']
|
|
604
|
+
oauth_signed_request = env['oauth.signed_request']
|
|
603
605
|
[200, {}, ['☺']]
|
|
604
606
|
end
|
|
605
607
|
otestapp = OAuthenticator::RackAuthenticator.new(testapp, :config_methods => OAuthenticatorTestConfigMethods)
|
|
@@ -607,6 +609,7 @@ describe OAuthenticator::RackAuthenticator do
|
|
|
607
609
|
assert_equal(token, oauth_token)
|
|
608
610
|
assert_equal(consumer_key, oauth_consumer_key)
|
|
609
611
|
assert_equal(true, oauth_authenticated)
|
|
612
|
+
assert_kind_of(OAuthenticator::SignedRequest, oauth_signed_request)
|
|
610
613
|
end
|
|
611
614
|
end
|
|
612
615
|
end
|
|
@@ -87,7 +87,7 @@ describe OAuthenticator::SignableRequest do
|
|
|
87
87
|
end
|
|
88
88
|
it 'does not generate timestamp' do
|
|
89
89
|
request = example_request(:signature_method => 'PLAINTEXT')
|
|
90
|
-
assert(!request.protocol_params.key?('
|
|
90
|
+
assert(!request.protocol_params.key?('oauth_timestamp'))
|
|
91
91
|
end
|
|
92
92
|
end
|
|
93
93
|
end
|
|
@@ -329,6 +329,7 @@ describe OAuthenticator::SignableRequest do
|
|
|
329
329
|
|
|
330
330
|
it 'excludes query and fragment' do
|
|
331
331
|
assert_equal('http://example.com/FooBar', example_request(:uri => 'http://example.com/FooBar?foo=bar#foobar').send(:base_string_uri))
|
|
332
|
+
assert_equal('http://example.com/FooBar', example_request(:uri => 'http://example.com/FooBar#foobar').send(:base_string_uri))
|
|
332
333
|
end
|
|
333
334
|
end
|
|
334
335
|
|
metadata
CHANGED
|
@@ -1,57 +1,69 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: oauthenticator
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.3.
|
|
4
|
+
version: 1.3.5
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Ethan
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2020-08-13 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rack
|
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
|
16
16
|
requirements:
|
|
17
|
-
- - "
|
|
17
|
+
- - ">="
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
19
|
version: '1.4'
|
|
20
|
+
- - "<"
|
|
21
|
+
- !ruby/object:Gem::Version
|
|
22
|
+
version: '3.0'
|
|
20
23
|
type: :runtime
|
|
21
24
|
prerelease: false
|
|
22
25
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
26
|
requirements:
|
|
24
|
-
- - "
|
|
27
|
+
- - ">="
|
|
25
28
|
- !ruby/object:Gem::Version
|
|
26
29
|
version: '1.4'
|
|
30
|
+
- - "<"
|
|
31
|
+
- !ruby/object:Gem::Version
|
|
32
|
+
version: '3.0'
|
|
27
33
|
- !ruby/object:Gem::Dependency
|
|
28
34
|
name: json
|
|
29
35
|
requirement: !ruby/object:Gem::Requirement
|
|
30
36
|
requirements:
|
|
31
|
-
- - "
|
|
37
|
+
- - ">="
|
|
32
38
|
- !ruby/object:Gem::Version
|
|
33
|
-
version: '
|
|
39
|
+
version: '0'
|
|
34
40
|
type: :runtime
|
|
35
41
|
prerelease: false
|
|
36
42
|
version_requirements: !ruby/object:Gem::Requirement
|
|
37
43
|
requirements:
|
|
38
|
-
- - "
|
|
44
|
+
- - ">="
|
|
39
45
|
- !ruby/object:Gem::Version
|
|
40
|
-
version: '
|
|
46
|
+
version: '0'
|
|
41
47
|
- !ruby/object:Gem::Dependency
|
|
42
48
|
name: faraday
|
|
43
49
|
requirement: !ruby/object:Gem::Requirement
|
|
44
50
|
requirements:
|
|
45
|
-
- - "
|
|
51
|
+
- - ">="
|
|
46
52
|
- !ruby/object:Gem::Version
|
|
47
53
|
version: '0.9'
|
|
54
|
+
- - "<"
|
|
55
|
+
- !ruby/object:Gem::Version
|
|
56
|
+
version: '2.0'
|
|
48
57
|
type: :runtime
|
|
49
58
|
prerelease: false
|
|
50
59
|
version_requirements: !ruby/object:Gem::Requirement
|
|
51
60
|
requirements:
|
|
52
|
-
- - "
|
|
61
|
+
- - ">="
|
|
53
62
|
- !ruby/object:Gem::Version
|
|
54
63
|
version: '0.9'
|
|
64
|
+
- - "<"
|
|
65
|
+
- !ruby/object:Gem::Version
|
|
66
|
+
version: '2.0'
|
|
55
67
|
- !ruby/object:Gem::Dependency
|
|
56
68
|
name: addressable
|
|
57
69
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -228,8 +240,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
228
240
|
- !ruby/object:Gem::Version
|
|
229
241
|
version: '0'
|
|
230
242
|
requirements: []
|
|
231
|
-
|
|
232
|
-
rubygems_version: 2.2.2
|
|
243
|
+
rubygems_version: 3.0.6
|
|
233
244
|
signing_key:
|
|
234
245
|
specification_version: 4
|
|
235
246
|
summary: OAuth 1.0 request signing and authentication
|
|
@@ -244,4 +255,3 @@ test_files:
|
|
|
244
255
|
- test/signed_request_test.rb
|
|
245
256
|
- test/test_config_methods.rb
|
|
246
257
|
- ".simplecov"
|
|
247
|
-
has_rdoc:
|