oauthenticator 1.4.0 → 1.4.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 98e9bd15e6f01dd9896f6d499d3141f56614f93fd13fc9ac000c24796e74c5c2
-  data.tar.gz: 5479b9b613a4a0b77758a325a007e258dbeaa9b9aaa430414223737870abb7b3
+  metadata.gz: 781f1dc15efaf29b18f10bd6d17658afaecb9569150d5bb8aa665a97e2970f1c
+  data.tar.gz: c233a50d0369b7f08ba951ced36fc71c1ab139ed8fb5ff8989f78f5d8882f696
 SHA512:
-  metadata.gz: 6920168511a6582d34d4f4201e9c9d2c24adce1968389dc72e8d33878477b2a78d378aa4a140a817790ef41a8983c8ab620c631c83e6790333d7a7a3df41beff
-  data.tar.gz: 4260c1569b7a47d3bc1e9c3e40fb559cda77f5f1e888edeef1cb5943a927afd600f99348d0e6483a0de53005ad14707cd5e307e5509e41a138590c8190f9456f
+  metadata.gz: 0f18da06cfbba676551ff8cdd0c534b77dde1a3c132645f473cfb1cfabd1adff9c1e75fbb964bad7b1c3614f1023252a6bc6dd0fbfb724695a7839e142f9a6b5
+  data.tar.gz: 04107cc48f5fd8f068393f81545c7007f050c9b3743d8716802f3339ced9d7cf989b119a9f87ed38796fc552f3dea8edbb5158e6b6b1cd21fda1ca87074ab41c

data/CHANGELOG.md

@@ -1,3 +1,8 @@
+# 1.4.1
+
+- compatible with rack 3
+- compatible with faraday 2
+
 # 1.4.0
 
 - support signature methods HMAC-SHA256, HMAC-SHA512

data/README.md

@@ -142,7 +142,7 @@ module AwesomeOAuthConfig
     %w(HMAC-SHA1 RSA-SHA1)
   end
 
-  # consumer secret, looked up by consumer key from awesome storage 
+  # consumer secret, looked up by consumer key from ActiveRecord storage
   def consumer_secret
     OAuthConsumer.where(:key => consumer_key).first.try(:secret)
   end
@@ -159,7 +159,7 @@ module AwesomeOAuthConfig
     # OAuthToken.where(:token => token, :consumer_key => consumer_key).any?
   end
 
-  # whether oauth_body_hash_is_required (this method defaults to false and may be omitted)
+  # whether oauth_body_hash is required (this method defaults to false and may be omitted)
   def body_hash_required?
     false
   end

data/lib/oauthenticator/parse_authorization.rb

@@ -57,25 +57,21 @@ module OAuthenticator
       return attributes.map { |k,v| {k => v.first} }.inject({}, &:update)
     end
 
+    # @private
+    URI_PARSER = URI.const_defined?(:DEFAULT_PARSER) ? URI::DEFAULT_PARSER : URI
+
     # escape a value
     # @param value [String] value
     # @return [String] escaped value
     def escape(value)
-      uri_parser.escape(value.to_s, /[^a-z0-9\-\.\_\~]/i)
+      URI_PARSER.escape(value.to_s, /[^a-z0-9\-\.\_\~]/i)
     end
 
     # unescape a value
     # @param value [String] escaped value
     # @return [String] unescaped value
     def unescape(value)
-      uri_parser.unescape(value.to_s)
-    end
-
-    private
-
-    # @return [Object] a parser that responds to #escape and #unescape
-    def uri_parser
-      @uri_parser ||= URI.const_defined?(:Parser) ? URI::Parser.new : URI
+      URI_PARSER.unescape(value.to_s)
     end
   end
 end

data/lib/oauthenticator/rack_authenticator.rb

@@ -9,7 +9,7 @@ module OAuthenticator
   # body a JSON object indicating errors encountered authenticating the request. The error object is 
   # structured like rails / ActiveResource:
   #
-  #     {'errors': {'attribute1': ['messageA', 'messageB'], 'attribute2': ['messageC']}}
+  #     {'errors' => {'attribute1' => ['messageA', 'messageB'], 'attribute2' => ['messageC']}}
   class RackAuthenticator
     # options:
     #

data/lib/oauthenticator/signable_request.rb

@@ -201,7 +201,7 @@ module OAuthenticator
 
     # section 3.4.1.3
     #
-    # @return [Array<Array<String> (size 2)>]
+    # @return [Array<Array<String, nil> (size 2)>]
     def normalized_request_params
       query_params + protocol_params.reject { |k,v| %w(realm oauth_signature).include?(k) }.to_a + entity_params
     end
@@ -281,7 +281,7 @@ module OAuthenticator
     #
     # @return [Boolean]
     def hash_body?
-      BODY_HASH_METHODS[signature_method] && !form_encoded? &&
+      BODY_HASH_METHODS.key?(signature_method) && !form_encoded? &&
         (@attributes.key?('hash_body?') ? @attributes['hash_body?'] : true)
     end
 

data/lib/oauthenticator/signed_request.rb

@@ -93,7 +93,7 @@ module OAuthenticator
     #
     # @return [nil, Hash<String, Array<String>>] either nil or a hash of errors
     def errors
-      return @errors if instance_variables.any? { |ivar| ivar.to_s == '@errors' }
+      return @errors if instance_variable_defined?('@errors')
       @errors = catch(:errors) do
         if authorization.nil?
           throw(:errors, {'Authorization' => ["Authorization header is missing"]})

data/lib/oauthenticator/version.rb

@@ -1,5 +1,5 @@
 # OAuthenticator 
 module OAuthenticator
   # OAuthenticator::VERSION
-  VERSION = "1.4.0"
+  VERSION = "1.4.1"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: oauthenticator
 version: !ruby/object:Gem::Version
-  version: 1.4.0
+  version: 1.4.1
 platform: ruby
 authors:
 - Ethan
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-01-13 00:00:00.000000000 Z
+date: 2023-02-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -19,7 +19,7 @@ dependencies:
         version: '1.4'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: '4.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -29,7 +29,7 @@ dependencies:
         version: '1.4'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: '4.0'
 - !ruby/object:Gem::Dependency
   name: json
   requirement: !ruby/object:Gem::Requirement
@@ -53,7 +53,7 @@ dependencies:
         version: '0.9'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '2.0'
+        version: '3.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -63,7 +63,7 @@ dependencies:
         version: '0.9'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '2.0'
+        version: '3.0'
 - !ruby/object:Gem::Dependency
   name: addressable
   requirement: !ruby/object:Gem::Requirement
@@ -78,118 +78,6 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '2.3'
-- !ruby/object:Gem::Dependency
-  name: rake
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: minitest
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: minitest-reporters
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: rack-test
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: timecop
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: simplecov
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: api_hammer
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: yard
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
 description: OAuthenticator signs and authenticates OAuth 1.0 requests
 email:
 - ethan@unth
@@ -197,12 +85,10 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- ".simplecov"
 - ".yardopts"
 - CHANGELOG.md
 - LICENSE.txt
 - README.md
-- Rakefile.rb
 - lib/oauthenticator.rb
 - lib/oauthenticator/config_methods.rb
 - lib/oauthenticator/faraday_signer.rb
@@ -212,20 +98,11 @@ files:
 - lib/oauthenticator/signable_request.rb
 - lib/oauthenticator/signed_request.rb
 - lib/oauthenticator/version.rb
-- test/config_methods_test.rb
-- test/faraday_signer_test.rb
-- test/helper.rb
-- test/parse_authorization_test.rb
-- test/rack_authenticator_test.rb
-- test/rack_test_signer_test.rb
-- test/signable_request_test.rb
-- test/signed_request_test.rb
-- test/test_config_methods.rb
 homepage: https://github.com/notEthan/oauthenticator
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -240,18 +117,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.6
-signing_key: 
+rubygems_version: 3.1.6
+signing_key:
 specification_version: 4
 summary: OAuth 1.0 request signing and authentication
-test_files:
-- test/config_methods_test.rb
-- test/faraday_signer_test.rb
-- test/helper.rb
-- test/parse_authorization_test.rb
-- test/rack_authenticator_test.rb
-- test/rack_test_signer_test.rb
-- test/signable_request_test.rb
-- test/signed_request_test.rb
-- test/test_config_methods.rb
-- ".simplecov"
+test_files: []

data/.simplecov

@@ -1 +0,0 @@
-SimpleCov.start

data/Rakefile.rb

@@ -1,14 +0,0 @@
-require 'rake/testtask'
-Rake::TestTask.new do |t|
-  t.name = 'test'
-  t.test_files = FileList['test/**/*_test.rb']
-  t.verbose = true
-end
-require 'wwtd/tasks'
-task 'default' => 'wwtd'
-
-require 'yard'
-YARD::Rake::YardocTask.new do |t|
-end
-
-require 'api_hammer/tasks'

data/test/config_methods_test.rb

@@ -1,44 +0,0 @@
-# encoding: utf-8
-proc { |p| $:.unshift(p) unless $:.any? { |lp| File.expand_path(lp) == p } }.call(File.expand_path('.', File.dirname(__FILE__)))
-require 'helper'
-
-describe OAuthenticator::SignedRequest do
-  %w(timestamp_valid_period consumer_secret token_secret nonce_used? use_nonce! token_belongs_to_consumer?).each do |method_without_default|
-    it "complains when #{method_without_default} is not implemented" do
-      exc = assert_raises(NotImplementedError) do
-        OAuthenticator::SignedRequest.new({}).public_send(method_without_default)
-      end
-      assert_match(/included in a subclass of OAuthenticator::SignedRequest/, exc.message)
-    end
-    it "uses the method #{method_without_default} when implemented" do
-      called = false
-      mod = Module.new { define_method(method_without_default) { called = true } }
-      OAuthenticator::SignedRequest.including_config(mod).new({}).public_send(method_without_default)
-      assert called
-    end
-  end
-  it "complains when a method without a default is not implemented, using RackAuthenticator" do
-    exc = assert_raises(NotImplementedError) do
-      OAuthenticator::RackAuthenticator.new(proc {}, {:config_methods => Module.new}).call({'HTTP_AUTHORIZATION' => %q(OAuth oauth_timestamp="1")})
-    end
-    assert_match(/passed to OAuthenticator::RackAuthenticator using the option :config_methods./, exc.message)
-  end
-  it "complains RackAuthenticator is not given config methods" do
-    assert_raises(ArgumentError) do
-      OAuthenticator::RackAuthenticator.new(proc {})
-    end
-  end
-  it 'uses timestamp_valid_period if that is implemented but timestamp_valid_past or timestamp_valid_future is not' do
-    called = 0
-    mod = Module.new { define_method(:timestamp_valid_period) { called +=1 } }
-    OAuthenticator::SignedRequest.including_config(mod).new({}).public_send(:timestamp_valid_future)
-    OAuthenticator::SignedRequest.including_config(mod).new({}).public_send(:timestamp_valid_past)
-    assert_equal 2, called
-  end
-  it 'uses the default value for allowed signature methods' do
-    assert_equal %w(RSA-SHA1 HMAC-SHA256 HMAC-SHA512 HMAC-SHA1 PLAINTEXT).sort, OAuthenticator::SignedRequest.new({}).allowed_signature_methods.sort
-  end
-  it 'uses default value for body_hash_required?' do
-    assert_equal false, OAuthenticator::SignedRequest.new({}).body_hash_required?
-  end
-end

data/test/faraday_signer_test.rb

@@ -1,82 +0,0 @@
-# encoding: utf-8
-proc { |p| $:.unshift(p) unless $:.any? { |lp| File.expand_path(lp) == p } }.call(File.expand_path('.', File.dirname(__FILE__)))
-require 'helper'
-
-# not going to test a ton here, since the Faraday middleware mostly just calls to SignableRequest which is 
-# rather well-tested 
-describe OAuthenticator::FaradaySigner do
-  def assert_response(expected_status, expected_body, faraday_response)
-    assert_equal expected_status.to_i, faraday_response.status.to_i, "Expected status to be #{expected_status.inspect}" +
-      "; got #{faraday_response.status.inspect}. body was: #{faraday_response.body}"
-    assert expected_body === faraday_response.body, "Expected match for #{expected_body}; got #{faraday_response.body}"
-  end
-
-  it 'succeeds' do
-    signing_options = {
-      :signature_method => 'PLAINTEXT',
-      :consumer_key => consumer_key,
-      :consumer_secret => consumer_secret,
-      :token => token,
-      :token_secret => token_secret,
-    }
-
-    connection = Faraday.new(:url => 'http://example.com') do |faraday|
-      faraday.request :oauthenticator_signer, signing_options
-      faraday.adapter :rack, oapp
-    end
-    response = connection.get '/'
-    assert_response 200, '☺', response
-  end
-
-  it 'succeeds with form-encoded with HMAC' do
-    signing_options = {
-      :signature_method => 'HMAC-SHA1',
-      :consumer_key => consumer_key,
-      :consumer_secret => consumer_secret,
-      :token => token,
-      :token_secret => token_secret,
-    }
-
-    connection = Faraday.new(:url => 'http://example.com') do |faraday|
-      faraday.request :url_encoded
-      faraday.request :oauthenticator_signer, signing_options
-      faraday.adapter :rack, oapp
-    end
-    response = connection.put('/', :foo => {:bar => :baz})
-    assert_response 200, '☺', response
-  end
-
-  it 'succeeds with charset' do
-    signing_options = {
-      :signature_method => 'HMAC-SHA1',
-      :consumer_key => consumer_key,
-      :consumer_secret => consumer_secret,
-      :token => token,
-      :token_secret => token_secret,
-    }
-
-    connection = Faraday.new(:url => 'http://example.com', :headers => {'Content-Type' => 'application/x-www-form-urlencoded; charset=UTF-8'}) do |faraday|
-      faraday.request :oauthenticator_signer, signing_options
-      faraday.adapter :rack, oapp
-    end
-    response = connection.post('/', 'a=b')
-    assert_response 200, '☺', response
-  end
-
-  it 'is unauthorized' do
-    signing_options = {
-      :signature_method => 'PLAINTEXT',
-      :consumer_key => consumer_key,
-      :consumer_secret => 'nope',
-      :token => token,
-      :token_secret => 'definitelynot',
-    }
-
-    connection = Faraday.new(:url => 'http://example.com') do |faraday|
-      faraday.request :oauthenticator_signer, signing_options
-      faraday.adapter :rack, oapp
-    end
-    response = connection.get '/'
-    assert_response 401, /Authorization oauth_signature.*is invalid/m, response
-  end
-end

data/test/helper.rb

@@ -1,30 +0,0 @@
-proc { |p| $:.unshift(p) unless $:.any? { |lp| File.expand_path(lp) == p } }.call(File.expand_path('../lib', File.dirname(__FILE__)))
-
-require 'simplecov'
-
-require 'byebug'
-
-# NO EXPECTATIONS 
-ENV["MT_NO_EXPECTATIONS"] = ''
-
-require 'minitest/autorun'
-require 'minitest/reporters'
-Minitest::Reporters.use! Minitest::Reporters::SpecReporter.new
-
-require 'rack/test'
-require 'timecop'
-
-require 'oauthenticator'
-
-require 'test_config_methods'
-
-class OAuthenticatorConfigSpec < Minitest::Spec
-  after do
-    Timecop.return
-  end
-
-  include TestHelperMethods
-end
-
-# register this to be the base class for specs instead of Minitest::Spec
-Minitest::Spec.register_spec_type(//, OAuthenticatorConfigSpec)

data/test/parse_authorization_test.rb

@@ -1,86 +0,0 @@
-# encoding: utf-8
-proc { |p| $:.unshift(p) unless $:.any? { |lp| File.expand_path(lp) == p } }.call(File.expand_path('.', File.dirname(__FILE__)))
-require 'helper'
-
-describe 'OAuthenticator.parse_authorization' do
-  let :spec_authorization do
-    %q(OAuth realm="Example",
-      oauth_consumer_key="9djdj82h48djs9d2",
-      oauth_token="kkk9d7dh3k39sjv7",
-      oauth_signature_method="HMAC-SHA1",
-      oauth_timestamp="137131201",
-      oauth_nonce="7d8f3e4a",
-      oauth_signature="r6%2FTJjbCOr97%2F%2BUU0NsvSne7s5g%3D"
-    )
-  end
-  let :spec_authorization_hash do
-    {
-      'realm' => "Example",
-      'oauth_consumer_key' => "9djdj82h48djs9d2",
-      'oauth_token' => "kkk9d7dh3k39sjv7",
-      'oauth_signature_method' => "HMAC-SHA1",
-      'oauth_timestamp' => "137131201",
-      'oauth_nonce' => "7d8f3e4a",
-      'oauth_signature' => "r6/TJjbCOr97/+UU0NsvSne7s5g=",
-    }
-  end
-
-  it 'parses the example in the spec' do
-    assert_equal(spec_authorization_hash, OAuthenticator.parse_authorization(spec_authorization))
-  end
-  it 'parses the authorization SignableRequest calculates' do
-    request = OAuthenticator::SignableRequest.new({
-      :request_method => 'POST',
-      :uri => 'http://example.com/request?b5=%3D%253D&a3=a&c%40=&a2=r%20b',
-      :media_type => 'application/x-www-form-urlencoded',
-      :body => 'c2&a3=2+q',
-      :authorization => spec_authorization_hash,
-      :consumer_secret => 'j49sk3j29djd',
-      :token_secret => 'dh893hdasih9',
-    })
-    assert_equal(spec_authorization_hash, OAuthenticator.parse_authorization(request.authorization))
-  end
-
-  describe 'optional linear white space' do
-    { :space =>           %q(OAuth a="b", c="d", e="f"),
-      :spaces =>          %q(OAuth a="b",    c="d",   e="f" ),
-      :tab =>             %q(OAuth a="b",	c="d",	e="f"),
-      :tabs =>            %q(OAuth a="b",		c="d",			e="f"),
-      :tabs_and_spaces => %q(OAuth a="b",		 c="d",   	e="f"),
-      :none =>            %q(OAuth a="b",c="d",e="f"),
-    }.map do |name, authorization|
-      it "parses with #{name}" do
-        assert_equal({'a' => 'b', 'c' => 'd', 'e' => 'f'}, OAuthenticator.parse_authorization(authorization))
-      end
-    end
-  end
-
-  it "handles commas inside quoted values" do
-    # note that this is invalid according to the spec; commas should be %-encoded, but this is accepted in 
-    # the interests of robustness and consistency (other characters are accepted when they should really be 
-    # escaped). 
-    header_with_commas = 'OAuth oauth_consumer_key="a,bcd", oauth_nonce="o,LKtec51GQy", oauth_signature="efgh%2Cmnop"'
-    assert_equal({'oauth_consumer_key' => "a,bcd", 'oauth_nonce' => "o,LKtec51GQy", 'oauth_signature' => "efgh,mnop"},
-      OAuthenticator.parse_authorization(header_with_commas))
-  end
-
-  it "raises ParseError on input without a comma between key/value pairs" do
-    assert_raises(OAuthenticator::ParseError) do
-      OAuthenticator.parse_authorization(%q(OAuth oauth_consumer_key="k" oauth_nonce="n"))
-    end
-  end
-
-  it "raises ParseError on malformed input" do
-    assert_raises(OAuthenticator::ParseError) { OAuthenticator.parse_authorization(%q(OAuth huh=/)) }
-  end
-
-  it "raises ParseError when the header does not start with 'OAuth '" do
-    assert_raises(OAuthenticator::ParseError) { OAuthenticator.parse_authorization(%q(FooAuth foo="baz")) }
-  end
-
-  it "raises DuplicatedParameter when the header contains duplicated parameters" do
-    assert_raises(OAuthenticator::DuplicatedParameters) do
-      OAuthenticator.parse_authorization(%q(OAuth oauth_nonce="a", oauth_nonce="b"))
-    end
-  end
-end