omnicontacts 0.1.0

data/.gitignore

@@ -0,0 +1 @@
+coverage

data/Gemfile

@@ -0,0 +1,3 @@
+source 'http://rubygems.org'
+
+gemspec

data/Gemfile.lock

@@ -0,0 +1,39 @@
+PATH
+  remote: .
+  specs:
+    omnicontacts (0.1.0)
+      json
+      rack
+
+GEM
+  remote: http://rubygems.org/
+  specs:
+    diff-lcs (1.1.3)
+    json (1.6.5)
+    multi_json (1.1.0)
+    rack (1.4.1)
+    rack-test (0.6.1)
+      rack (>= 1.0)
+    rake (0.9.2.2)
+    rspec (2.8.0)
+      rspec-core (~> 2.8.0)
+      rspec-expectations (~> 2.8.0)
+      rspec-mocks (~> 2.8.0)
+    rspec-core (2.8.0)
+    rspec-expectations (2.8.0)
+      diff-lcs (~> 1.1.2)
+    rspec-mocks (2.8.0)
+    simplecov (0.6.1)
+      multi_json (~> 1.0)
+      simplecov-html (~> 0.5.3)
+    simplecov-html (0.5.3)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  omnicontacts!
+  rack-test
+  rake
+  rspec
+  simplecov

data/README.md

@@ -0,0 +1,83 @@
+= OmniContacts
+
+Inspired by the popular OmniAuth, OmniContacts is a library that enables users of an application to import contacts from their email accounts.
+The current version allows to import contacts from the three most popular web email providers: Gmail, Yahoo and Hotmail.
+OmniContacts is a Rack middleware, therefore you can use it with Rails, Sinatra and with any other Rack-based framework.
+
+OmniContacts uses the OAuth protocol to communicate with the contacts provider. Yahoo still uses OAuth 1.0, while both Gmail and Hotmail support OAuth 2.0.
+In order to use OmniContacts, it is therefore necessary to first register your application with the providers you want to use and to obtain client_id and client_secret.
+
+== Usage
+
+Add OmniContacts as a dependency:
+```ruby
+gem "omnicontacts"
+```
+
+As for OmniAuth, there is a Builder facilitating the usage of multiple contacts importers. In the case of a Rails application, the following code could be placed at `config/initializers/omnicontacts.rb`:
+
+```ruby
+require "omnicontacts"
+
+Rails.application.middleware.use OmniContacts::Builder do
+  importer :gmail, "client_id", "client_secret", {:redirect_path => "/oauth2callback", :ssl_ca_file => "/etc/ssl/certs/curl-ca-bundle.crt"}
+  importer :yahoo, "consumer_id", "consumer_secret", {:callback_path => '/callback'}
+  importer :hotmail, "client_id", "client_secret"
+end
+
+```
+
+Every importer expects `client_id` and `client_secret` as mandatory, while `:redirect_path` and `:ssl_ca_file` are optional.
+Since Yahoo implements the version 1.0 of the OAuth protocol, naming is slightly different. Instead of `:redirect_path` you should use `:callback_path` as key in the hash providing the optional parameters.
+While `:ssl_ca_file` is optional, it is highly recommended to set it on production environments for obvious security reasons.
+On the other hand it makes things much easier to leave the default value for `:redirect_path` and `:callback path`, the reason of which will be clear after reading the following section.
+
+== Integrating with your Application
+
+To use OmniContacts you only need to redirect users to `/contacts/:importer`, where `:importer` can be google, yahoo or hotmail. Once the user has authorized your application, he will be redirected back to your website, to the path specified in `:redirect_path` (or `:callback_path` for yahoo). The user is redirected to `/contacts/:importer/callback` by default, which therefore makes things much simpler to not specify any value for `:redirect_path` or `:callback_path`.
+The list of contacts can be accessed via the `omnicontacts.contacts` key in the environment hash. The list of contacts is a simple array of hashes. Each hash has two keys: `:email` and `:name`, containing the email and the name of the contact respectively.
+
+```ruby
+def contacts_callback
+  @contacts = request.env['omnicontacts.contacts']
+  puts "List of contacts obtained from #{params[:importer]}:"
+  @contacts.each do |contact|
+    puts "Contact found: name => #{contact[:name]}, email => #{contact[:email]}"
+  end
+end
+```
+
+If the user does not authorize your application to access his/her contacts list, or any other inconvenience occurs, he/she is redirected to `/contacts/failure`. The query string will contain a parameter named `error_message` which specifies why the list of contacts could not be retrieved. `error_message` can have one of the following values: `not_authorized`, `timeout` and `internal_error`.
+
+==  Tips and tricks
+
+OmniContacts supports OAuth 1.0 and OAuth 2.0 token refresh, but for both it needs to persist data between requests. OmniContacts stores access tokens in the session. If you hit the 4KB cookie storage limit you better opt for the Memcache or the Active Record storage.
+
+Gmail requires you to register the redirect_path on their website along with your application. Make sure to use the same value present in the configuration file, or `/contacts/gmail/callback` if using the default.
+
+Yahoo requires you to configure the Permissions your application requires. Make sure to go the Yahoo website and to select Read permission for Contacts.
+
+Hotmail does not accept requests from localhost. This can be quite annoying during development, but unfortunately this is the way it is.
+Hotmail presents another "peculiar" feature. Their API returns a Contact object, which does not contain an e-mail field! However, if the contact has either name, family name or both set to null, than there is a field called name which does contain the e-mail address. To summarize, a  Hotmail contact will only be returned if the name field contains a valid e-mail address, otherwise it will be skipped. Another consequence is that OmniContacts can provide contacts with only the `:email` key set.
+
+## License
+
+Copyright (c) 2012 Diego81
+
+Permission is hereby granted, free of charge, to any person obtaining a
+copy of this software and associated documentation files (the "Software"),
+to deal in the Software without restriction, including without limitation
+the rights to use, copy, modify, merge, publish, distribute, sublicense,
+and/or sell copies of the Software, and to permit persons to whom the
+Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included
+in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.

data/Rakefile

@@ -0,0 +1,6 @@
+require 'bundler'
+Bundler::GemHelper.install_tasks
+require 'rspec/core/rake_task'
+RSpec::Core::RakeTask.new(:spec)
+task :default => :spec
+task :test => :spec

data/lib/omnicontacts.rb

@@ -0,0 +1,12 @@
+require "rack"
+
+module OmniContacts
+
+  VERSION = "0.1.0"
+
+  autoload :Builder, "omnicontacts/builder"
+  autoload :Importer, "omnicontacts/importer"
+
+  class AuthorizationError < RuntimeError
+  end
+end

data/lib/omnicontacts/authorization/oauth1.rb

@@ -0,0 +1,122 @@
+require "omnicontacts/http_utils"
+require "base64"
+
+# This module represent a OAuth 1.0 Client.
+#
+# Classes including the module must implement
+# the following methods:
+# * auth_host ->  the host of the authorization server
+# * auth_token_path -> the path to query to obtain a request token
+# * consumer_key -> the registered consumer key of the client
+# * consumer_secret -> the registered consumer secret of the client
+# * callback -> the callback to include during the redirection step
+# * auth_path -> the path on the authorization server to redirect the user to
+# * access_token_path -> the path to query in order to obtain the access token
+module OmniContacts
+  module Authorization
+    module OAuth1 
+      include HTTPUtils
+
+      OAUTH_VERSION = "1.0"
+
+      # Obtain an authorization token from the server.
+      # The token is returned in an array along with the relative authorization token secret.
+      def fetch_authorization_token
+        request_token_response = https_post(auth_host, auth_token_path, request_token_req_params)
+        values_from_query_string(request_token_response, ["oauth_token", "oauth_token_secret"])
+      end
+
+      private
+
+      def request_token_req_params
+        {
+          :oauth_consumer_key => consumer_key,
+          :oauth_nonce => encode(random_string),
+          :oauth_signature_method => "PLAINTEXT",
+          :oauth_signature => encode(consumer_secret + "&"),
+          :oauth_timestamp => timestamp,
+          :oauth_version => OAUTH_VERSION,
+          :oauth_callback => callback
+        }
+      end
+
+      def random_string
+        (0...50).map{ ('a'..'z').to_a[rand(26)] }.join
+      end
+
+      def timestamp
+        Time.now.to_i.to_s 
+      end
+
+      def values_from_query_string query_string, keys_to_extract
+        map = query_string_to_map(query_string)
+        keys_to_extract.collect do |key|
+          if map.has_key?(key)
+            map[key]
+          else
+            raise "No value found for #{key} in #{query_string}"
+          end
+        end
+      end
+
+      public
+
+      # Returns the url the user has to be redirected to do in order grant permission to the client application.
+      def authorization_url auth_token
+        "https://" + auth_host + auth_path + "?oauth_token=" + auth_token
+      end
+
+      # Fetches the access token from the authorization server.
+      # The method expects the authorization token, the authorization token secret and the authorization verifier.
+      # The result comprises the access token, the access token secret and a list of additional fields extracted from the server's response.
+      # The list of additional fields to extract is specified as last parameter
+      def fetch_access_token auth_token, auth_token_secret, auth_verifier, additional_fields_to_extract = []
+        access_token_resp = https_post(auth_host, access_token_path, access_token_req_params(auth_token, auth_token_secret, auth_verifier))      
+        values_from_query_string(access_token_resp, ( ["oauth_token", "oauth_token_secret"] + additional_fields_to_extract) )
+      end
+
+      private 
+
+      def access_token_req_params auth_token, auth_token_secret, auth_verifier
+        {
+          :oauth_consumer_key => consumer_key,
+          :oauth_nonce => encode(random_string),
+          :oauth_signature_method => "PLAINTEXT",
+          :oauth_signature => encode(consumer_secret + "&" + auth_token_secret),
+          :oauth_version => OAUTH_VERSION,
+          :oauth_timestamp => timestamp,
+          :oauth_token => auth_token,
+          :oauth_verifier => auth_verifier
+        }
+      end
+
+      public
+
+      # Calculates a signature using HMAC-SHA1 according to the OAuth 1.0 specifications.
+      # 
+      # The base string is given is a RFC 3986 encoded concatenation of:
+      # * Uppercase HTTP method
+      # * An '&'
+      # * A url without any parameters
+      # * An '&'
+      # * All parameters to use in the request encoded themselves and sorted by key.
+      #
+      # The signature key is given by the concatenation of:
+      # * RFC 3986 encoded consumer secret
+      # * An  '&'
+      # * RFC 3986 encoded token secret
+      def oauth_signature method, url, params, secret
+        encoded_method = encode(method.upcase)
+        encoded_url = encode(url)
+        # params must be in alphabetical order
+        encoded_params = encode(to_query_string(params.sort))
+        base_string = encoded_method + '&' + encoded_url + '&' + encoded_params
+        key = encode(consumer_secret) + '&' + secret
+        hmac_sha1 = OpenSSL::HMAC.digest('sha1', key, base_string)
+        # base64 encode results must be stripped
+        encode(Base64.encode64(hmac_sha1).strip)
+      end
+
+    end
+  end
+end

data/lib/omnicontacts/authorization/oauth2.rb

@@ -0,0 +1,84 @@
+require "omnicontacts/http_utils"
+require "json"
+
+# This module represents an OAuth 2.0 client.
+#
+# Classes including the module must implement
+# the following methods:
+# * auth_host -> the host of the authorization server
+# * authorize_path -> the path on the authorization server the redirect the use to
+# * client_id -> the registered client id of the client
+# * client_secret -> the registered client secret of the client
+# * redirect_path -> the path the authorization server has to redirect the user back after authorization
+# * auth_token_path -> the path to query once the user has granted permission to the application
+# * scope -> the scope necessary to acquire the contacts list.
+module OmniContacts
+  module Authorization
+    module OAuth2
+      include HTTPUtils
+
+      # Calculates the URL the user has to be redirected to in order to authorize
+      # the application to access his contacts list.
+      def authorization_url
+        "https://" + auth_host + authorize_path + "?" + authorize_url_params
+      end
+
+      private
+
+      def authorize_url_params
+        to_query_string({
+          :client_id => client_id,
+          :scope => encode(scope),
+          :response_type => "code",
+          :access_type => "offline",
+          :approval_prompt => "force",
+          :redirect_uri => encode(redirect_uri)
+        })    
+      end
+
+      public
+
+      # Fetches the access token from the authorization server using the given authorization code.
+      def fetch_access_token code
+        access_token_from_response https_post(auth_host, auth_token_path, token_req_params(code))
+      end
+
+      private
+
+      def token_req_params code
+        {
+          :client_id => client_id,
+          :client_secret => client_secret,
+          :code => code,
+          :redirect_uri => encode(redirect_uri),
+          :grant_type => "authorization_code"
+        }
+      end
+
+      def access_token_from_response response
+        json = JSON.parse(response)
+        raise json["error"] if json["error"]
+        [ json["access_token"], json["token_type"], json["refresh_token"] ]
+      end
+
+      public
+
+      # Refreshes the access token using the provided refresh_token.
+      def refresh_access_token refresh_token
+        access_token_from_response https_post(auth_host, auth_token_path, refresh_token_req_params(refresh_token))
+      end
+
+      private
+
+      def refresh_token_req_params refresh_token
+        {
+          :client_id => client_id,
+          :client_secret => client_secret,
+          :refresh_token => refresh_token,
+          :grant_type => "refresh_token"
+        }
+        
+      end
+    end
+  end
+end

data/lib/omnicontacts/builder.rb

@@ -0,0 +1,30 @@
+require "omnicontacts"
+
+module OmniContacts
+  class Builder < Rack::Builder
+    def initialize(app,&block)
+      if rack14?
+        super
+      else
+        @app = app
+        super(&block)
+      end
+    end
+
+    def rack14?
+      Rack.release.split('.')[1].to_i >= 4
+    end
+
+    def importer importer, *args
+      middleware = OmniContacts::Importer.const_get(importer.to_s.capitalize)
+      use middleware, *args
+    rescue NameError
+      raise LoadError, "Could not find importer #{importer}."
+    end
+
+    def call env
+      @ins << @app unless @ins.include?(@app)
+      to_app.call(env)
+    end
+  end
+end

data/lib/omnicontacts/http_utils.rb

@@ -0,0 +1,88 @@
+require "net/http"
+require "cgi"
+require "openssl"
+
+# This module contains a set of utility methods  related to the HTTP protocol.
+module OmniContacts
+  module HTTPUtils
+
+    SSL_PORT = 443
+
+    module_function
+
+    def query_string_to_map query_string 
+      query_string.split('&').reduce({}) do |memo, key_value|
+        (key,value) = key_value.split('=')
+        memo[key]= value
+        memo
+      end 
+    end 
+
+    def to_query_string map
+      map.collect do |key, value|
+        key.to_s + "=" + value
+      end.join("&")
+    end
+
+    # Encodes the given input according to RFC 3986
+    def encode to_encode
+      CGI.escape(to_encode)
+    end
+
+    # Calculates the url of the host from a Rack environment.
+    # The result is in the form scheme://host:port
+    # If port is 80 the result is scheme://host
+    # According to Rack specification the HTTP_HOST variable is preferred over SERVER_NAME.
+    def host_url_from_rack_env env
+      port = ( (env["SERVER_PORT"] == 80) && "") || ":#{env['SERVER_PORT']}"  
+      host = (env["HTTP_HOST"]) || (env["SERVER_NAME"] + port)
+      env["rack.url_scheme"] + "://" + host
+    end
+
+    # Classes including the module must respond to the ssl_ca_file message in order to use the following methods.
+    # The response will be the path to the CA file to use when making https requests.
+    # If the result of ssl_ca_file is nil no file is used. In this case a warn message is logged.
+    private
+
+    # Executes an HTTP GET request. 
+    # It raises a RuntimeError if the response code is not equal to 200
+    def http_get host, path, params
+      connection = Net::HTTP.new(host)
+      process_http_response connection.request_get(path + "?" + to_query_string(params))
+    end
+
+    # Executes an HTTP POST request over SSL
+    # It raises a RuntimeError if the response code is not equal to 200
+    def https_post host,path, params
+      https_connection host do |connection| 
+        connection.request_post(path, to_query_string(params))
+      end
+    end
+
+    # Executes an HTTP GET request over SSL
+    # It raises a RuntimeError if the response code is not equal to 200
+    def https_get host, path, params, headers =[]
+      https_connection host  do |connection|
+        connection.request_get(path + "?" + to_query_string(params), headers)
+      end
+    end
+
+    def https_connection (host)
+      connection = Net::HTTP.new(host, SSL_PORT)
+      connection.use_ssl = true
+      if ssl_ca_file
+        connection.ca_file = ssl_ca_file
+      else
+        logger << "No SSL ca file provided. It is highly reccomended to use one in production envinronments" if respond_to?(:logger) && logger
+        connection.verify_mode = OpenSSL::SSL::VERIFY_NONE
+      end
+      process_http_response(yield(connection))
+    end
+
+    def process_http_response response
+      raise response.body if response.code != "200"
+      response.body
+    end
+
+  end
+end