oo_auth 0.1.0 → 1.0.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (10) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG +4 -0
  3. data/README.md +30 -2
  4. data/lib/oo_auth.rb +38 -3
  5. data/lib/oo_auth/constants.rb +11 -5
  6. data/lib/oo_auth/errors.rb +5 -0
  7. data/lib/oo_auth/signature.rb +21 -13
  8. data/lib/oo_auth/version.rb +1 -1
  9. metadata +23 -23
  10. data/lib/oo_auth/configuration_error.rb +0 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: fe4f72cf83013da415eb05cc8290d49e6c3843d2
4
- data.tar.gz: d5c7bbc222785702e4a8f9a31ef1ec6643d449e2
3
+ metadata.gz: 441d2379fc013ddf3adce0b440ef0567db4de48d
4
+ data.tar.gz: c592574f18c131f429c98891b39c8ddeb43e4ca4
5
5
  SHA512:
6
- metadata.gz: 5af4e5b5e6f7199d347c4649839b06322474eaf4beffb999b7561735c8e067dc9e60011840fdc62bbb29d3367ed713a0c1dd47fe07b05da057d3b62c25a66ade
7
- data.tar.gz: d2858ce8aba4946e5d002652b97965ac8ed4ec2ec21d4c6b71b4d0b4e70b3b3b8c805f5b24831cec6f1b42596019d670f7a0c91c119f8efb7ed554fa80fa85af
6
+ metadata.gz: b381458ece7b62946c65519decb18570ee99d1bcb947bdaa0730b07e93725effa0854a806525c95c717b07ceeb4c07eb67308f51f5de28d011b605d83e1f43e9
7
+ data.tar.gz: 957176994113082efd5233c225a7828023773b0cc3bc1a10dab98fe55ebb8711a4b2ad408fa075e2293bc114b85c1a3e63256df48bec38921e4c59b918df5c29
data/CHANGELOG CHANGED
@@ -1,3 +1,7 @@
1
+ 1.0.0 - 2015-11-16
2
+
3
+ * Support HMAC-SHA256
4
+
1
5
  0.0.1 - 2013-11-06
2
6
 
3
7
  * First release
data/README.md CHANGED
@@ -47,10 +47,12 @@ request['Authorization']
47
47
 
48
48
  ### OAuth provider
49
49
 
50
+ In your Rails API controller:
51
+
50
52
  ```ruby
51
53
  class ApiController < ApplicationController
52
54
 
53
- before_filter :oauth_required
55
+ before_action :oauth_required
54
56
 
55
57
  private
56
58
 
@@ -71,7 +73,7 @@ OoAuth requires your provider application to provide stores for authorization to
71
73
  and OAuth nonces. (You won't need these stores if you're only using OoAuth's client
72
74
  functionality.)
73
75
 
74
- OoAuth stores can be as simple lambdas or regular ruby objects.
76
+ OoAuth stores can be simple lambdas or regular ruby objects.
75
77
 
76
78
  ### Authorization store
77
79
 
@@ -139,6 +141,32 @@ require 'oo_auth/nonce/redis_store'
139
141
  OoAuth.nonce_store = OoAuth::Nonce::RedisStore.new(namespace: 'foobar')
140
142
  ```
141
143
 
144
+ ## Configuring signature methods
145
+
146
+ The available signature methods can be configured using a setter which accepts
147
+ signature method names as strings or symbols:
148
+
149
+ ```ruby
150
+ # config/initializers/oo_auth.rb
151
+ OoAuth.signature_methods = [:hmac_sha1, 'HMAC-SHA256', :hmac_sha512]
152
+ ```
153
+
154
+ The default signature method OoAuth will use to sign requests is `HMAC-SHA1`.
155
+ It can be set to any of the supported methods using
156
+
157
+ ```ruby
158
+ OoAuth.signature_method = :hmac_sha256
159
+ ```
160
+
161
+ As using `HMAC-SHA1` is no longer recommended, you can disable it altogether:
162
+
163
+ ```ruby
164
+ # disable HMAC-SHA1 completely
165
+ OoAuth.signature_methods = [:hmac_sha256]
166
+ ```
167
+
168
+ A provider configured this way will only accept `HMAC-SHA256` signatures.
169
+
142
170
  ## TODO
143
171
 
144
172
  * Support POST body signing for non-formencoded data
data/lib/oo_auth.rb CHANGED
@@ -5,7 +5,7 @@ require 'base64'
5
5
 
6
6
  require 'oo_auth/version'
7
7
  require 'oo_auth/constants'
8
- require 'oo_auth/configuration_error'
8
+ require 'oo_auth/errors'
9
9
  require 'oo_auth/nonce'
10
10
  require 'oo_auth/nonce/abstract_store'
11
11
  require 'oo_auth/request_proxy'
@@ -18,7 +18,6 @@ module OoAuth
18
18
  # Initialize with instance of store
19
19
  # OoAuth.nonce_store = OoAuth::Nonce::RedisStore.new(namespace: 'foo')
20
20
  attr_accessor :nonce_store
21
-
22
21
 
23
22
  # Define a lookup method for access token verification
24
23
  # It should be callable (proc) or provide an +authorization+ method,
@@ -31,6 +30,42 @@ module OoAuth
31
30
  # - nil otherwise.
32
31
  attr_accessor :authorization_store
33
32
 
33
+ def signature_methods
34
+ @signature_methods ||= SUPPORTED_SIGNATURE_METHODS
35
+ end
36
+
37
+ # Set the available signature methods
38
+ # You can either use strings or symbols, e.g.
39
+ # ['HMAC_SHA1', :hmac_sha256]
40
+ def signature_methods=(methods)
41
+ @signature_methods = methods.collect do |method|
42
+ method = method.to_s.upcase.sub('_', '-')
43
+ raise UnsupportedSignatureMethod, method.inspect unless SUPPORTED_SIGNATURE_METHODS.include?(method)
44
+ method
45
+ end
46
+ end
47
+
48
+ # Check if the signature method is valid, raise error if not
49
+ #
50
+ # Supported values:
51
+ # - 'HMAC-SHA1'
52
+ # - 'HMAC-SHA256'
53
+ # - 'HMAC-SHA512'
54
+ #
55
+ def verify_signature_method!(value)
56
+ raise UnsupportedSignatureMethod, value.inspect unless signature_methods.include?(value)
57
+ end
58
+
59
+ def signature_method
60
+ @signature_method ||= DEFAULT_SIGNATURE_METHOD
61
+ end
62
+
63
+ # Set the signature method to use
64
+ def signature_method=(value)
65
+ verify_signature_method!(value)
66
+ @signature_method = value
67
+ end
68
+
34
69
  # Generate a random key of up to +size+ bytes. The value returned is Base64 encoded with non-word
35
70
  # characters removed.
36
71
  def generate_key(size = 32)
@@ -78,7 +113,7 @@ module OoAuth
78
113
  credentials = args.pop
79
114
  proxy = RequestProxy.new(*args)
80
115
  Signature.sign!(proxy, credentials)
81
- end
116
+ end
82
117
 
83
118
  # Use this in your controllers to verify the OAuth signature
84
119
  # of a request.
data/lib/oo_auth/constants.rb CHANGED
@@ -1,5 +1,4 @@
1
1
  module OoAuth
2
-
3
2
  # request tokens are passed between the consumer and the provider out of
4
3
  # band (i.e. callbacks cannot be used), per section 6.1.1
5
4
  OUT_OF_BAND = 'oob'
@@ -11,9 +10,16 @@ module OoAuth
11
10
  # reserved character regexp, per section 5.1
12
11
  RESERVED_CHARACTERS = /[^a-zA-Z0-9\-\.\_\~]/
13
12
 
14
- # OoAuth only supports HMAC-SHA1
15
- SIGNATURE_METHOD = 'HMAC-SHA1'
13
+ # Supported signature methods
14
+ HMAC_SHA1 = 'HMAC-SHA1'
15
+ HMAC_SHA256 = 'HMAC-SHA256'
16
+ HMAC_SHA512 = 'HMAC-SHA512'
16
17
 
17
- MAX_TIMESTAMP_DEVIATION = 5 * 60
18
+ SUPPORTED_SIGNATURE_METHODS = { HMAC_SHA1 => OpenSSL::Digest::SHA1,
19
+ HMAC_SHA256 => OpenSSL::Digest::SHA256,
20
+ HMAC_SHA512 => OpenSSL::Digest::SHA512 }
18
21
 
19
- end
22
+ DEFAULT_SIGNATURE_METHOD = HMAC_SHA1
23
+
24
+ MAX_TIMESTAMP_DEVIATION = 5 * 60
25
+ end
data/lib/oo_auth/errors.rb ADDED
@@ -0,0 +1,5 @@
1
+ module OoAuth
2
+ class Error < StandardError; end
3
+ class ConfigurationError < Error; end
4
+ class UnsupportedSignatureMethod < Error; end
5
+ end
data/lib/oo_auth/signature.rb CHANGED
@@ -2,25 +2,21 @@ module OoAuth
2
2
  module Signature
3
3
 
4
4
  class << self
5
- def hmac_sha1_signature(base_string, consumer_secret, token_secret)
6
- Base64.strict_encode64(OpenSSL::HMAC.digest(OpenSSL::Digest::SHA1.new, OoAuth.encode(consumer_secret, token_secret), base_string))
7
- end
8
-
9
- def calculate_signature(proxy, credentials, params)
10
- hmac_sha1_signature(proxy.signature_base_string(params), credentials.consumer_secret, credentials.token_secret)
11
- end
12
-
13
- def sign!(proxy, credentials)
5
+
6
+ def sign!(proxy, credentials, signature_method = OoAuth.signature_method)
7
+ signature_method = signature_method.to_s.upcase.sub('_', '-') if signature_method.is_a?(Symbol)
8
+ OoAuth.verify_signature_method!(signature_method)
9
+
14
10
  params = {
15
11
  oauth_version: '1.0',
16
12
  oauth_nonce: OoAuth.generate_nonce,
17
13
  oauth_timestamp: OoAuth.timestamp,
18
- oauth_signature_method: SIGNATURE_METHOD,
14
+ oauth_signature_method: signature_method,
19
15
  oauth_consumer_key: credentials.consumer_key,
20
16
  oauth_token: credentials.token
21
17
  }
22
18
 
23
- params[:oauth_signature] = calculate_signature(proxy, credentials, params)
19
+ params[:oauth_signature] = calculate_signature(proxy, credentials, params, signature_method)
24
20
 
25
21
  proxy.authorization = authorization_header(params)
26
22
  end
@@ -28,7 +24,7 @@ module OoAuth
28
24
  # Check signature validity without remembering nonce - DO NOT use to authorize actual requests
29
25
  def valid?(proxy, credentials)
30
26
  verify_timestamp!(proxy) &&
31
- calculate_signature(proxy, credentials, proxy.oauth_params_without_signature) == proxy.signature
27
+ calculate_signature(proxy, credentials, proxy.oauth_params_without_signature, proxy.signature_method) == proxy.signature
32
28
  end
33
29
 
34
30
  # Verify signature and remember nonce - use this to authorize actual requests
@@ -50,6 +46,18 @@ module OoAuth
50
46
  'OAuth ' + params.map { |k, v| "#{OoAuth.escape(k)}=\"#{OoAuth.escape(v)}\"" }.join(', ')
51
47
  end
52
48
 
49
+ def calculate_signature(proxy, credentials, params, signature_method)
50
+ hmac_signature(signature_method, proxy.signature_base_string(params), credentials.consumer_secret, credentials.token_secret)
51
+ end
52
+
53
+ def hmac_signature(signature_method, base_string, consumer_secret, token_secret)
54
+ Base64.strict_encode64(OpenSSL::HMAC.digest(signature_algorithm(signature_method).new, OoAuth.encode(consumer_secret, token_secret), base_string))
55
+ end
56
+
57
+ def signature_algorithm(signature_method)
58
+ OoAuth.verify_signature_method!(signature_method)
59
+ SUPPORTED_SIGNATURE_METHODS[signature_method]
60
+ end
53
61
  end
54
62
  end
55
- end
63
+ end
data/lib/oo_auth/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module OoAuth
2
- VERSION = '0.1.0'
2
+ VERSION = '1.0.0'
3
3
  end
metadata CHANGED
@@ -1,83 +1,83 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: oo_auth
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 1.0.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Matthias Grosser
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2013-11-04 00:00:00.000000000 Z
11
+ date: 2015-11-16 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: byebug
15
15
  requirement: !ruby/object:Gem::Requirement
16
16
  requirements:
17
- - - '>='
17
+ - - ">="
18
18
  - !ruby/object:Gem::Version
19
19
  version: '0'
20
20
  type: :development
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
- - - '>='
24
+ - - ">="
25
25
  - !ruby/object:Gem::Version
26
26
  version: '0'
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: simplecov
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
- - - '>='
31
+ - - ">="
32
32
  - !ruby/object:Gem::Version
33
33
  version: '0'
34
34
  type: :development
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
- - - '>='
38
+ - - ">="
39
39
  - !ruby/object:Gem::Version
40
40
  version: '0'
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: rake
43
43
  requirement: !ruby/object:Gem::Requirement
44
44
  requirements:
45
- - - '>='
45
+ - - ">="
46
46
  - !ruby/object:Gem::Version
47
47
  version: 0.8.7
48
48
  type: :development
49
49
  prerelease: false
50
50
  version_requirements: !ruby/object:Gem::Requirement
51
51
  requirements:
52
- - - '>='
52
+ - - ">="
53
53
  - !ruby/object:Gem::Version
54
54
  version: 0.8.7
55
55
  - !ruby/object:Gem::Dependency
56
56
  name: minitest
57
57
  requirement: !ruby/object:Gem::Requirement
58
58
  requirements:
59
- - - ~>
59
+ - - "~>"
60
60
  - !ruby/object:Gem::Version
61
61
  version: '4.7'
62
62
  type: :development
63
63
  prerelease: false
64
64
  version_requirements: !ruby/object:Gem::Requirement
65
65
  requirements:
66
- - - ~>
66
+ - - "~>"
67
67
  - !ruby/object:Gem::Version
68
68
  version: '4.7'
69
69
  - !ruby/object:Gem::Dependency
70
70
  name: timecop
71
71
  requirement: !ruby/object:Gem::Requirement
72
72
  requirements:
73
- - - ~>
73
+ - - "~>"
74
74
  - !ruby/object:Gem::Version
75
75
  version: 0.6.3
76
76
  type: :development
77
77
  prerelease: false
78
78
  version_requirements: !ruby/object:Gem::Requirement
79
79
  requirements:
80
- - - ~>
80
+ - - "~>"
81
81
  - !ruby/object:Gem::Version
82
82
  version: 0.6.3
83
83
  description: Out Of Band OAuth
@@ -86,19 +86,19 @@ executables: []
86
86
  extensions: []
87
87
  extra_rdoc_files: []
88
88
  files:
89
+ - CHANGELOG
90
+ - LICENSE
91
+ - README.md
89
92
  - lib/oo_auth.rb
90
- - lib/oo_auth/request_proxy.rb
91
93
  - lib/oo_auth/constants.rb
92
- - lib/oo_auth/configuration_error.rb
93
- - lib/oo_auth/version.rb
94
94
  - lib/oo_auth/credentials.rb
95
+ - lib/oo_auth/errors.rb
95
96
  - lib/oo_auth/nonce.rb
96
- - lib/oo_auth/signature.rb
97
97
  - lib/oo_auth/nonce/abstract_store.rb
98
98
  - lib/oo_auth/nonce/redis_store.rb
99
- - LICENSE
100
- - README.md
101
- - CHANGELOG
99
+ - lib/oo_auth/request_proxy.rb
100
+ - lib/oo_auth/signature.rb
101
+ - lib/oo_auth/version.rb
102
102
  homepage: http://github.com/mtgrosser/oo_auth
103
103
  licenses:
104
104
  - MIT
@@ -109,17 +109,17 @@ require_paths:
109
109
  - lib
110
110
  required_ruby_version: !ruby/object:Gem::Requirement
111
111
  requirements:
112
- - - '>='
112
+ - - ">="
113
113
  - !ruby/object:Gem::Version
114
- version: '0'
114
+ version: '2.0'
115
115
  required_rubygems_version: !ruby/object:Gem::Requirement
116
116
  requirements:
117
- - - '>='
117
+ - - ">="
118
118
  - !ruby/object:Gem::Version
119
119
  version: '0'
120
120
  requirements: []
121
121
  rubyforge_project:
122
- rubygems_version: 2.0.3
122
+ rubygems_version: 2.4.5.1
123
123
  signing_key:
124
124
  specification_version: 4
125
125
  summary: OAuth without the callbacks
data/lib/oo_auth/configuration_error.rb DELETED
@@ -1,3 +0,0 @@
1
- module OoAuth
2
- class ConfigurationError < StandardError; end
3
- end