pelle-oauth 0.2.7 → 0.3.0
Sign up to get free protection for your applications and to get access to all the features.
- data/History.txt +14 -0
- data/Manifest.txt +19 -3
- data/README.rdoc +73 -0
- data/Rakefile +34 -4
- data/TODO +14 -0
- data/bin/oauth +5 -0
- data/lib/oauth.rb +3 -3
- data/lib/oauth/cli.rb +130 -0
- data/lib/oauth/client/helper.rb +3 -2
- data/lib/oauth/consumer.rb +1 -1
- data/lib/oauth/helper.rb +3 -0
- data/lib/oauth/oauth_test_helper.rb +26 -0
- data/lib/oauth/request_proxy/action_controller_request.rb +2 -4
- data/lib/oauth/request_proxy/base.rb +31 -0
- data/lib/oauth/request_proxy/jabber_request.rb +42 -0
- data/lib/oauth/request_proxy/mock_request.rb +36 -0
- data/lib/oauth/request_proxy/net_http.rb +0 -2
- data/lib/oauth/request_proxy/rack_request.rb +1 -3
- data/lib/oauth/signature/base.rb +20 -7
- data/lib/oauth/signature/plaintext.rb +1 -1
- data/lib/oauth/token.rb +3 -3
- data/lib/oauth/version.rb +2 -8
- data/oauth.gemspec +43 -0
- data/script/txt2html +1 -1
- data/test/cases/oauth_case.rb +19 -0
- data/test/cases/spec/1_0-final/test_construct_request_url.rb +62 -0
- data/test/cases/spec/1_0-final/test_normalize_request_parameters.rb +88 -0
- data/test/cases/spec/1_0-final/test_parameter_encodings.rb +86 -0
- data/test/cases/spec/1_0-final/test_signature_base_strings.rb +77 -0
- data/test/keys/rsa.cert +11 -0
- data/test/keys/rsa.pem +16 -0
- data/test/test_action_controller_request_proxy.rb +2 -1
- data/test/test_consumer.rb +17 -18
- data/test/test_helper.rb +8 -0
- data/test/test_net_http_client.rb +7 -7
- data/test/test_net_http_request_proxy.rb +3 -3
- data/test/test_rack_request_proxy.rb +3 -3
- data/test/test_rsa_sha1.rb +59 -0
- data/test/test_signature_plain_text.rb +31 -0
- data/website/index.html +1 -1
- metadata +53 -14
- data/config/hoe.rb +0 -71
- data/config/requirements.rb +0 -17
data/History.txt
CHANGED
@@ -1,3 +1,17 @@
|
|
1
|
+
Fix in plain text signatures to bug found by Andrew Arrow. Who contributed new new unit tests for plain text sigs.
|
2
|
+
|
3
|
+
== 0.3.0
|
4
|
+
|
5
|
+
* Support ActionController::Request from Edge Rails (László Bácsi)
|
6
|
+
* Correctly handle multi-valued parameters (Seth)
|
7
|
+
* Added #normalized_parameters to OAuth::RequestProxy::Base (Pelle)
|
8
|
+
* OAuth::Signature.sign and friends now yield the RequestProxy instead of the
|
9
|
+
token when the passed block's arity is 1. (Seth)
|
10
|
+
* Token requests are made to the configured URL rather than generating a
|
11
|
+
potentially incorrect one. (Kellan Elliott-McCrea)
|
12
|
+
* Command-line app for generating signatures. (Seth)
|
13
|
+
* Improved test-cases and compatibility for encoding issues. (Pelle)
|
14
|
+
|
1
15
|
== 0.2.7 2008-9-10 The lets fix the last release release
|
2
16
|
|
3
17
|
There was an error in the RSA requests using oauth tokens. Thanks to Philip Lipu Tsai for noticing this.
|
data/Manifest.txt
CHANGED
@@ -1,20 +1,24 @@
|
|
1
1
|
History.txt
|
2
2
|
License.txt
|
3
3
|
Manifest.txt
|
4
|
-
README.
|
4
|
+
README.rdoc
|
5
5
|
Rakefile
|
6
|
-
|
7
|
-
|
6
|
+
TODO
|
7
|
+
bin/oauth
|
8
8
|
lib/oauth.rb
|
9
|
+
lib/oauth/cli.rb
|
9
10
|
lib/oauth/client.rb
|
10
11
|
lib/oauth/client/action_controller_request.rb
|
11
12
|
lib/oauth/client/helper.rb
|
12
13
|
lib/oauth/client/net_http.rb
|
13
14
|
lib/oauth/consumer.rb
|
14
15
|
lib/oauth/helper.rb
|
16
|
+
lib/oauth/oauth_test_helper.rb
|
15
17
|
lib/oauth/request_proxy.rb
|
16
18
|
lib/oauth/request_proxy/action_controller_request.rb
|
17
19
|
lib/oauth/request_proxy/base.rb
|
20
|
+
lib/oauth/request_proxy/jabber_request.rb
|
21
|
+
lib/oauth/request_proxy/mock_request.rb
|
18
22
|
lib/oauth/request_proxy/net_http.rb
|
19
23
|
lib/oauth/request_proxy/rack_request.rb
|
20
24
|
lib/oauth/server.rb
|
@@ -31,13 +35,22 @@ lib/oauth/signature/rsa/sha1.rb
|
|
31
35
|
lib/oauth/signature/sha1.rb
|
32
36
|
lib/oauth/token.rb
|
33
37
|
lib/oauth/version.rb
|
38
|
+
oauth.gemspec
|
34
39
|
script/destroy
|
35
40
|
script/generate
|
36
41
|
script/txt2html
|
37
42
|
setup.rb
|
43
|
+
specs.txt
|
38
44
|
tasks/deployment.rake
|
39
45
|
tasks/environment.rake
|
40
46
|
tasks/website.rake
|
47
|
+
test/cases/oauth_case.rb
|
48
|
+
test/cases/spec/1_0-final/test_construct_request_url.rb
|
49
|
+
test/cases/spec/1_0-final/test_normalize_request_parameters.rb
|
50
|
+
test/cases/spec/1_0-final/test_parameter_encodings.rb
|
51
|
+
test/cases/spec/1_0-final/test_signature_base_strings.rb
|
52
|
+
test/keys/rsa.cert
|
53
|
+
test/keys/rsa.pem
|
41
54
|
test/test_action_controller_request_proxy.rb
|
42
55
|
test/test_consumer.rb
|
43
56
|
test/test_helper.rb
|
@@ -45,8 +58,11 @@ test/test_hmac_sha1.rb
|
|
45
58
|
test/test_net_http_client.rb
|
46
59
|
test/test_net_http_request_proxy.rb
|
47
60
|
test/test_rack_request_proxy.rb
|
61
|
+
test/test_rsa_sha1.rb
|
62
|
+
test/test_server.rb
|
48
63
|
test/test_signature.rb
|
49
64
|
test/test_signature_base.rb
|
65
|
+
test/test_signature_plain_text.rb
|
50
66
|
test/test_token.rb
|
51
67
|
website/index.html
|
52
68
|
website/index.txt
|
data/README.rdoc
ADDED
@@ -0,0 +1,73 @@
|
|
1
|
+
= Ruby OAuth GEM
|
2
|
+
|
3
|
+
== What
|
4
|
+
|
5
|
+
This is a RubyGem for implementing both OAuth clients and servers in Ruby applications.
|
6
|
+
|
7
|
+
See the OAuth specs http://oauth.net/core/1.0/
|
8
|
+
|
9
|
+
== Installing
|
10
|
+
|
11
|
+
sudo gem install oauth
|
12
|
+
|
13
|
+
You can also install it from the oauth rubyforge project http://rubyforge.org/projects/oauth/.
|
14
|
+
|
15
|
+
The source code is now hosted on the OAuth GitHub Project http://github.com/pelle/oauth/tree/master
|
16
|
+
|
17
|
+
== The basics
|
18
|
+
|
19
|
+
This is a ruby library which is intended to be used in creating Ruby Consumer and Service Provider applications. It is NOT a Rails plugin, but could easily be used for the foundation for such a Rails plugin.
|
20
|
+
|
21
|
+
As a matter of fact it has been pulled out from an OAuth Rails Plugin http://code.google.com/p/oauth-plugin/ which now requires this GEM.
|
22
|
+
|
23
|
+
== Demonstration of usage
|
24
|
+
|
25
|
+
Create a new consumer instance by passing it a configuration hash:
|
26
|
+
|
27
|
+
@consumer=OAuth::Consumer.new( "key","secret", {
|
28
|
+
:site=>"https://agree2"
|
29
|
+
})
|
30
|
+
|
31
|
+
Start the process by requesting a token
|
32
|
+
|
33
|
+
@request_token=@consumer.get_request_token
|
34
|
+
session[:request_token]=@request_token
|
35
|
+
redirect_to @request_token.authorize_url
|
36
|
+
|
37
|
+
When user returns create an access_token
|
38
|
+
|
39
|
+
@access_token=@request_token.get_access_token
|
40
|
+
@photos=@access_token.get('/photos.xml')
|
41
|
+
|
42
|
+
For more detailed instructions I have written this OAuth Client Tutorial http://stakeventures.com/articles/2008/02/23/developing-oauth-clients-in-ruby and "How to turn your rails site into an OAuth Provider ":http://stakeventures.com/articles/2007/11/26/how-to-turn-your-rails-site-into-an-oauth-provider .
|
43
|
+
|
44
|
+
Finally be sure to check out the OAuth RDoc Manual http://oauth.rubyforge.org/rdoc/ .
|
45
|
+
|
46
|
+
== Documentation Wiki
|
47
|
+
|
48
|
+
There is some documentation on the Google Code project for the "OAuth Rails Plugin":http://code.google.com/p/oauth-plugin/ :
|
49
|
+
|
50
|
+
* RequestToken http://code.google.com/p/oauth-plugin/wiki/RequestToken
|
51
|
+
* AccessToken http://code.google.com/p/oauth-plugin/wiki/AccessToken
|
52
|
+
|
53
|
+
== Forum
|
54
|
+
|
55
|
+
http://groups.google.com/group/oauth-ruby
|
56
|
+
|
57
|
+
|
58
|
+
== How to submit patches
|
59
|
+
|
60
|
+
Read the "8 steps for fixing other people's code" http://drnicwilliams.com/2007/06/01/8-steps-for-fixing-other-peoples-code/.
|
61
|
+
|
62
|
+
The source code is now hosted on the OAuth GitHub Project http://github.com/pelle/oauth/tree/master
|
63
|
+
|
64
|
+
To submit a patch, please fork the oauth project and create a patch with tests. Once you're happy with it send a pull request and post a message to the google group.
|
65
|
+
|
66
|
+
== License
|
67
|
+
|
68
|
+
This code is free to use under the terms of the MIT license.
|
69
|
+
|
70
|
+
== Contact
|
71
|
+
|
72
|
+
Comments are welcome. Send an email to "Pelle Braendgaard" pelleb@gmail.com email via the OAuth Ruby mailing list http://groups.google.com/group/oauth-ruby
|
73
|
+
|
data/Rakefile
CHANGED
@@ -1,4 +1,34 @@
|
|
1
|
-
require
|
2
|
-
|
3
|
-
|
4
|
-
|
1
|
+
%w[rubygems rake rake/clean fileutils newgem rubigen].each { |f| require f }
|
2
|
+
$LOAD_PATH << File.dirname(__FILE__) + '/lib'
|
3
|
+
require 'oauth'
|
4
|
+
require 'oauth/version'
|
5
|
+
|
6
|
+
# Generate all the Rake tasks
|
7
|
+
# Run 'rake -T' to see list of generated tasks (from gem root directory)
|
8
|
+
$hoe = Hoe.new('oauth', OAuth::VERSION) do |p|
|
9
|
+
p.author = ['Pelle Braendgaard','Blaine Cook','Larry Halff','Jesse Clark','Jon Crosby', 'Seth Fitzsimmons']
|
10
|
+
p.email = "pelleb@gmail.com"
|
11
|
+
p.description = "OAuth Core Ruby implementation"
|
12
|
+
p.summary = p.description
|
13
|
+
p.changes = p.paragraphs_of("History.txt", 0..1).join("\n\n")
|
14
|
+
p.rubyforge_name = p.name # TODO this is default value
|
15
|
+
p.url = "http://oauth.rubyforge.org"
|
16
|
+
|
17
|
+
p.extra_deps = [
|
18
|
+
['ruby-hmac','>= 0.3.1']
|
19
|
+
]
|
20
|
+
p.extra_dev_deps = [
|
21
|
+
['newgem', ">= #{::Newgem::VERSION}"]
|
22
|
+
]
|
23
|
+
|
24
|
+
p.clean_globs |= %w[**/.DS_Store tmp *.log **/.*.sw? *.gem .config **/.DS_Store]
|
25
|
+
path = (p.rubyforge_name == p.name) ? p.rubyforge_name : "\#{p.rubyforge_name}/\#{p.name}"
|
26
|
+
p.remote_rdoc_dir = File.join(path.gsub(/^#{p.rubyforge_name}\/?/,''), 'rdoc')
|
27
|
+
p.rsync_args = '-av --delete --ignore-errors'
|
28
|
+
end
|
29
|
+
|
30
|
+
require 'newgem/tasks' # load /tasks/*.rake
|
31
|
+
Dir['tasks/**/*.rake'].each { |t| load t }
|
32
|
+
|
33
|
+
# TODO - want other tests/tasks run by default? Add them to the list
|
34
|
+
# task :default => [:spec, :features]
|
data/TODO
ADDED
@@ -0,0 +1,14 @@
|
|
1
|
+
Common use-cases should be streamlined:
|
2
|
+
|
3
|
+
* I have a URL that I want to sign (given consumer key/secret, optional
|
4
|
+
token/secret, optional nonce/timestamp).
|
5
|
+
* I have a URL that I want to sign AND I want to see what the components
|
6
|
+
(e.g. signature base string, etc.) are while it's being signed (i.e. verbose
|
7
|
+
signing).
|
8
|
+
* I have a URL that I want to sign and I only want the signature.
|
9
|
+
* I have a URL that I want to sign and I want something suitable to put in
|
10
|
+
{the header, the querystring, XMPP}.
|
11
|
+
* I want to make a query to an OAuth-enabled web service (with sensible
|
12
|
+
errors, if available).
|
13
|
+
* I want to host an OAuth-enabled web service.
|
14
|
+
* I want to test my OAuth-enabled web service (i.e. test helpers)
|
data/bin/oauth
ADDED
data/lib/oauth.rb
CHANGED
@@ -1,3 +1,3 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
|
1
|
+
require 'oauth/client/helper'
|
2
|
+
require 'oauth/signature/hmac/sha1'
|
3
|
+
require 'oauth/request_proxy/mock_request'
|
data/lib/oauth/cli.rb
ADDED
@@ -0,0 +1,130 @@
|
|
1
|
+
require 'optparse'
|
2
|
+
require 'oauth'
|
3
|
+
|
4
|
+
module OAuth
|
5
|
+
class CLI
|
6
|
+
SUPPORTED_COMMANDS = %w(sign)
|
7
|
+
|
8
|
+
attr_reader :command
|
9
|
+
attr_reader :options
|
10
|
+
attr_reader :stdout
|
11
|
+
|
12
|
+
def self.execute(stdout, arguments = [])
|
13
|
+
self.new.execute(stdout, arguments)
|
14
|
+
end
|
15
|
+
|
16
|
+
def execute(stdout, arguments = [])
|
17
|
+
@stdout = stdout
|
18
|
+
extract_command_and_parse_options(arguments)
|
19
|
+
|
20
|
+
if sufficient_options? && valid_command?
|
21
|
+
case command
|
22
|
+
when "sign"
|
23
|
+
request = OAuth::RequestProxy.proxy \
|
24
|
+
"method" => options[:method],
|
25
|
+
"uri" => options[:uri],
|
26
|
+
"parameters" => prepare_parameters
|
27
|
+
|
28
|
+
# can't pass options unless they respond to :secret, so use this alternative
|
29
|
+
signature = OAuth::Signature.sign \
|
30
|
+
request,
|
31
|
+
:consumer_secret => options[:oauth_consumer_secret],
|
32
|
+
:token_secret => options[:oauth_token_secret] do |request|
|
33
|
+
|
34
|
+
# while we have access to the request being signed, display some internals
|
35
|
+
if verbose?
|
36
|
+
stdout.puts "Method: #{request.method}"
|
37
|
+
stdout.puts "URI: #{request.uri}"
|
38
|
+
stdout.puts "Normalized params: #{request.normalized_parameters}"
|
39
|
+
stdout.puts "Signature base string: #{request.signature_base_string}"
|
40
|
+
end
|
41
|
+
end
|
42
|
+
|
43
|
+
if verbose?
|
44
|
+
stdout.puts "Signature: #{signature}"
|
45
|
+
stdout.puts "Escaped signature: #{OAuth::Helper.escape(signature)}"
|
46
|
+
else
|
47
|
+
stdout.puts signature
|
48
|
+
end
|
49
|
+
end
|
50
|
+
else
|
51
|
+
usage
|
52
|
+
end
|
53
|
+
end
|
54
|
+
|
55
|
+
def extract_command_and_parse_options(arguments)
|
56
|
+
@command = arguments[-1]
|
57
|
+
parse_options(arguments[0..-1])
|
58
|
+
end
|
59
|
+
|
60
|
+
def parse_options(arguments)
|
61
|
+
@options = {}
|
62
|
+
OptionParser.new do |opts|
|
63
|
+
opts.banner = "Usage: #{$0} [options] <command>"
|
64
|
+
|
65
|
+
# defaults
|
66
|
+
options[:oauth_signature_method] = "HMAC-SHA1"
|
67
|
+
|
68
|
+
opts.on("--consumer-key KEY", "Specifies the consumer key to use.") do |v|
|
69
|
+
options[:oauth_consumer_key] = v
|
70
|
+
end
|
71
|
+
|
72
|
+
opts.on("--consumer-secret SECRET", "Specifies the consumer secret to use.") do |v|
|
73
|
+
options[:oauth_consumer_secret] = v
|
74
|
+
end
|
75
|
+
|
76
|
+
opts.on("--method METHOD", "Specifies the method (e.g. GET) to use when signing.") do |v|
|
77
|
+
options[:method] = v
|
78
|
+
end
|
79
|
+
|
80
|
+
opts.on("--parameters PARAMS", "Specifies the parameters to use when signing.") do |v|
|
81
|
+
options[:params] = v
|
82
|
+
end
|
83
|
+
|
84
|
+
opts.on("--signature-method METHOD", "Specifies the signature method to use; defaults to HMAC-SHA1.") do |v|
|
85
|
+
options[:oauth_signature_method] = v
|
86
|
+
end
|
87
|
+
|
88
|
+
opts.on("--secret SECRET", "Specifies the token secret to use.") do |v|
|
89
|
+
options[:oauth_token_secret] = v
|
90
|
+
end
|
91
|
+
|
92
|
+
opts.on("--token TOKEN", "Specifies the token to use.") do |v|
|
93
|
+
options[:oauth_token] = v
|
94
|
+
end
|
95
|
+
|
96
|
+
opts.on("--uri URI", "Specifies the URI to use when signing.") do |v|
|
97
|
+
options[:uri] = v
|
98
|
+
end
|
99
|
+
|
100
|
+
opts.on("-v", "--verbose", "Be verbose.") do
|
101
|
+
options[:verbose] = true
|
102
|
+
end
|
103
|
+
end.parse!(arguments)
|
104
|
+
end
|
105
|
+
|
106
|
+
def prepare_parameters
|
107
|
+
{
|
108
|
+
"oauth_consumer_key" => options[:oauth_consumer_key],
|
109
|
+
"oauth_token" => options[:oauth_token],
|
110
|
+
"oauth_signature_method" => options[:oauth_signature_method]
|
111
|
+
}.merge(CGI.parse(options[:params]))
|
112
|
+
end
|
113
|
+
|
114
|
+
def sufficient_options?
|
115
|
+
options[:oauth_consumer_key] && options[:oauth_consumer_secret] && options[:method] && options[:uri]
|
116
|
+
end
|
117
|
+
|
118
|
+
def usage
|
119
|
+
stdout.puts "Should be generated by OptionParser"
|
120
|
+
end
|
121
|
+
|
122
|
+
def valid_command?
|
123
|
+
SUPPORTED_COMMANDS.include?(command)
|
124
|
+
end
|
125
|
+
|
126
|
+
def verbose?
|
127
|
+
options[:verbose]
|
128
|
+
end
|
129
|
+
end
|
130
|
+
end
|
data/lib/oauth/client/helper.rb
CHANGED
@@ -38,7 +38,7 @@ module OAuth::Client
|
|
38
38
|
'oauth_timestamp' => timestamp,
|
39
39
|
'oauth_nonce' => nonce,
|
40
40
|
'oauth_version' => '1.0'
|
41
|
-
}
|
41
|
+
}.reject { |k,v| v == "" }
|
42
42
|
end
|
43
43
|
|
44
44
|
def signature(extra_options = {})
|
@@ -60,7 +60,8 @@ module OAuth::Client
|
|
60
60
|
|
61
61
|
header_params_str = parameters.map { |k,v| "#{k}=\"#{escape(v)}\"" }.join(', ')
|
62
62
|
|
63
|
-
|
63
|
+
realm = "realm=\"#{options[:realm]}\", " if options[:realm]
|
64
|
+
"OAuth #{realm}#{header_params_str}"
|
64
65
|
end
|
65
66
|
|
66
67
|
def parameters
|
data/lib/oauth/consumer.rb
CHANGED
@@ -91,7 +91,7 @@ module OAuth
|
|
91
91
|
# @request_token=@consumer.get_request_token
|
92
92
|
#
|
93
93
|
def get_request_token(request_options={}, *arguments)
|
94
|
-
response=token_request(http_method,
|
94
|
+
response=token_request(http_method,request_token_url, nil, request_options, *arguments)
|
95
95
|
OAuth::RequestToken.new(self,response[:oauth_token],response[:oauth_token_secret])
|
96
96
|
end
|
97
97
|
|
data/lib/oauth/helper.rb
CHANGED
@@ -0,0 +1,26 @@
|
|
1
|
+
require 'action_controller'
|
2
|
+
require 'action_controller/test_process'
|
3
|
+
module OAuth
|
4
|
+
module OAuthTestHelper
|
5
|
+
|
6
|
+
def mock_incoming_request_with_query(request)
|
7
|
+
incoming=ActionController::TestRequest.new(request.to_hash)
|
8
|
+
incoming.request_uri=request.path
|
9
|
+
incoming.env["SERVER_PORT"]=request.uri.port
|
10
|
+
incoming.host=request.uri.host
|
11
|
+
incoming.env['REQUEST_METHOD']=request.http_method
|
12
|
+
incoming
|
13
|
+
end
|
14
|
+
|
15
|
+
def mock_incoming_request_with_authorize_header(request)
|
16
|
+
incoming=ActionController::TestRequest.new
|
17
|
+
incoming.env["HTTP_AUTHORIZATION"]=request.to_auth_string
|
18
|
+
incoming.request_uri=request.path
|
19
|
+
incoming.env["SERVER_PORT"]=request.uri.port
|
20
|
+
incoming.host=request.uri.host
|
21
|
+
incoming.env['REQUEST_METHOD']=request.http_method
|
22
|
+
incoming
|
23
|
+
end
|
24
|
+
|
25
|
+
end
|
26
|
+
end
|
@@ -6,16 +6,14 @@ require 'uri'
|
|
6
6
|
|
7
7
|
module OAuth::RequestProxy
|
8
8
|
class ActionControllerRequest < OAuth::RequestProxy::Base
|
9
|
-
proxies ActionController::AbstractRequest
|
9
|
+
proxies(defined?(ActionController::AbstractRequest) ? ActionController::AbstractRequest : ActionController::Request)
|
10
10
|
|
11
11
|
def method
|
12
12
|
request.method.to_s.upcase
|
13
13
|
end
|
14
14
|
|
15
15
|
def uri
|
16
|
-
|
17
|
-
uri.query = nil
|
18
|
-
uri.to_s
|
16
|
+
request.url
|
19
17
|
end
|
20
18
|
|
21
19
|
def parameters
|