pelle-oauth 0.2.7 → 0.3.0

data/lib/oauth/request_proxy/base.rb

@@ -1,7 +1,10 @@
 require 'oauth/request_proxy'
+require 'oauth/helper'
 
 module OAuth::RequestProxy
   class Base
+    include OAuth::Helper
+
     def self.proxies(klass)
       OAuth::RequestProxy.available_proxies[klass] = self
     end
@@ -47,6 +50,34 @@ module OAuth::RequestProxy
       parameters['oauth_signature'] || ""
     end
     
+    # See 9.1.2 in specs
+    def normalized_uri
+      u=URI.parse(uri)
+      "#{u.scheme.downcase}://#{u.host.downcase}#{(u.scheme.downcase=='http'&&u.port!=80)||(u.scheme.downcase=='https'&&u.port!=443) ? ":#{u.port}" : ""}#{(u.path&&u.path!='') ? u.path : '/'}"
+    end
+    
+    # See 9.1.1. in specs Normalize Request Parameters
+    def normalized_parameters
+      parameters_for_signature.sort.map do |k, values|
+
+        if values.is_a?(Array)
+          # multiple values were provided for a single key
+          values.sort.collect do |v|
+            [escape(k),escape(v)] * "="
+          end
+        else
+          [escape(k),escape(values)] * "="
+        end
+      end * "&"
+    end
+    
+    # See 9.1 in specs
+    def signature_base_string
+      base = [method, normalized_uri, normalized_parameters]
+      base.map { |v| escape(v) }.join("&")
+    end
+    
+    
     protected
     
     def header_params

data/lib/oauth/request_proxy/jabber_request.rb

@@ -0,0 +1,42 @@
+require 'xmpp4r'
+require 'oauth/request_proxy/base'
+
+module OAuth
+  module RequestProxy
+    class JabberRequest < OAuth::RequestProxy::Base
+      proxies Jabber::Iq
+      proxies Jabber::Presence
+      proxies Jabber::Message
+
+      def parameters
+        return @params if @params
+
+        @params = {}
+
+        oauth = @request.get_elements('//oauth').first
+        return @params unless oauth
+
+        %w( oauth_token oauth_consumer_key oauth_signature_method oauth_signature
+            oauth_timestamp oauth_nonce oauth_version ).each do |param|
+          next unless element = oauth.first_element(param)
+          @params[param] = element.text
+        end
+
+        @params
+      end
+
+      def method
+        @request.name
+      end
+
+      def uri
+        [@request.from.strip.to_s, @request.to.strip.to_s].join("&")
+      end
+      
+      def normalized_uri
+        uri
+      end
+      
+    end
+  end
+end

data/lib/oauth/request_proxy/mock_request.rb

@@ -0,0 +1,36 @@
+require 'oauth/request_proxy/base'
+
+module OAuth
+  module RequestProxy
+    # RequestProxy for Hashes to facilitate simpler signature creation.
+    # Usage:
+    #   request = OAuth::RequestProxy.proxy \
+    #      "method" => "iq",
+    #      "uri"    => [from, to] * "&",
+    #      "parameters" => {
+    #        "oauth_consumer_key"     => oauth_consumer_key,
+    #        "oauth_token"            => oauth_token,
+    #        "oauth_signature_method" => "HMAC-SHA1"
+    #      }
+    #
+    #   signature = OAuth::Signature.sign \
+    #     request,
+    #     :consumer_secret => oauth_consumer_secret,
+    #     :token_secret    => oauth_token_secret,
+    class MockRequest < OAuth::RequestProxy::Base
+      proxies Hash
+
+      def parameters
+        @request["parameters"]
+      end
+
+      def method
+        @request["method"]
+      end
+
+      def uri
+        @request["uri"]
+      end
+    end
+  end
+end

data/lib/oauth/request_proxy/net_http.rb

@@ -14,8 +14,6 @@ module OAuth::RequestProxy::Net
 
       def uri
         uri = options[:uri]
-        uri = URI.parse(uri) unless uri.kind_of?(URI)
-        uri.query = nil
         uri.to_s
       end
 

data/lib/oauth/request_proxy/rack_request.rb

@@ -11,9 +11,7 @@ module OAuth::RequestProxy
     end
     
     def uri
-      uri = URI.parse(request.url)
-      uri.query = nil
-      uri.to_s
+      request.url
     end
 
     def parameters

data/lib/oauth/signature/base.rb

@@ -24,11 +24,26 @@ module OAuth::Signature
       raise TypeError unless request.kind_of?(OAuth::RequestProxy::Base)
       @request = request
       @options = options
+
       if block_given?
-        @token_secret, @consumer_secret = yield block.arity == 1 ? token : [token, consumer_key,nonce,request.timestamp]
+
+        # consumer secret and token secret need to be looked up based on pieces of the request
+        @token_secret, @consumer_secret = yield block.arity == 1 ? request : [token, consumer_key,nonce,request.timestamp]
+
       else
-        @consumer_secret = @options[:consumer].secret
-        @token_secret = @options[:token] ? @options[:token].secret : ''
+        ## consumer secret was determined beforehand
+
+        @consumer_secret = options[:consumer].secret if options[:consumer]
+
+        # presence of :consumer_secret option will override any Consumer that's provided
+        @consumer_secret = options[:consumer_secret] if options[:consumer_secret]
+
+        ## token secret was determined beforehand
+
+        @token_secret = options[:token].secret if options[:token]
+
+        # presence of :token_secret option will override any Token that's provided
+        @token_secret = options[:token_secret] if options[:token_secret]
       end
     end
 
@@ -45,11 +60,9 @@ module OAuth::Signature
     end
 
     def signature_base_string
-      normalized_params = request.parameters_for_signature.sort.map { |k,v| [escape(k), escape(v)] * "=" }.join("&")
-      base = [request.method, request.uri, normalized_params]
-      sbs = base.map { |v| escape(v) }.join("&")
+      request.signature_base_string
     end
-
+    
     private
 
     def token

data/lib/oauth/signature/plaintext.rb

@@ -9,7 +9,7 @@ module OAuth::Signature
     end
 
     def ==(cmp_signature)
-      signature == cmp_signature
+      signature == escape(cmp_signature)
     end
 
     def signature_base_string

data/lib/oauth/token.rb

@@ -30,7 +30,7 @@ module OAuth
   class ConsumerToken<Token
     attr_accessor :consumer
 
-    def initialize(consumer,token,secret)
+    def initialize(consumer,token="",secret="")
       super token,secret
       @consumer=consumer
     end
@@ -62,7 +62,7 @@ module OAuth
     
     # exchange for AccessToken on server
     def get_access_token(options={})
-      response=consumer.token_request(consumer.http_method,consumer.access_token_path,self,options)
+      response=consumer.token_request(consumer.http_method,consumer.access_token_url,self,options)
       OAuth::AccessToken.new(consumer,response[:oauth_token],response[:oauth_token_secret])
     end
   end
@@ -71,7 +71,7 @@ module OAuth
   class AccessToken<ConsumerToken
 
     # The less intrusive way. Otherwise, if we are to do it correctly inside consumer,
-    # we need to restructure and touch more methods: requst(), sign!(), etc.
+    # we need to restructure and touch more methods: request(), sign!(), etc.
     def request(http_method, path, *arguments)
       request_uri = URI.parse(path)
       site_uri = consumer.uri

data/lib/oauth/version.rb

@@ -1,9 +1,3 @@
-module Oauth #:nodoc:
-  module VERSION #:nodoc:
-    MAJOR = 0
-    MINOR = 2
-    TINY  = 7
-
-    STRING = [MAJOR, MINOR, TINY].join('.')
-  end
+module OAuth #:nodoc:
+  VERSION = '0.3.0'
 end

data/oauth.gemspec

@@ -0,0 +1,43 @@
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |s|
+  s.name = %q{oauth}
+  s.version = "0.3.0"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Pelle Braendgaard", "Blaine Cook", "Larry Halff", "Jesse Clark", "Jon Crosby", "Seth Fitzsimmons"]
+  s.date = %q{2009-01-25}
+  s.default_executable = %q{oauth}
+  s.description = %q{OAuth Core Ruby implementation}
+  s.email = %q{pelleb@gmail.com}
+  s.executables = ["oauth"]
+  s.extra_rdoc_files = ["History.txt", "License.txt", "Manifest.txt", "README.rdoc", "specs.txt", "website/index.txt"]
+  s.files = ["History.txt", "License.txt", "Manifest.txt", "README.rdoc", "Rakefile", "TODO", "bin/oauth", "lib/oauth.rb", "lib/oauth/cli.rb", "lib/oauth/client.rb", "lib/oauth/client/action_controller_request.rb", "lib/oauth/client/helper.rb", "lib/oauth/client/net_http.rb", "lib/oauth/consumer.rb", "lib/oauth/helper.rb", "lib/oauth/oauth_test_helper.rb", "lib/oauth/request_proxy.rb", "lib/oauth/request_proxy/action_controller_request.rb", "lib/oauth/request_proxy/base.rb", "lib/oauth/request_proxy/jabber_request.rb", "lib/oauth/request_proxy/mock_request.rb", "lib/oauth/request_proxy/net_http.rb", "lib/oauth/request_proxy/rack_request.rb", "lib/oauth/server.rb", "lib/oauth/signature.rb", "lib/oauth/signature/base.rb", "lib/oauth/signature/hmac/base.rb", "lib/oauth/signature/hmac/md5.rb", "lib/oauth/signature/hmac/rmd160.rb", "lib/oauth/signature/hmac/sha1.rb", "lib/oauth/signature/hmac/sha2.rb", "lib/oauth/signature/md5.rb", "lib/oauth/signature/plaintext.rb", "lib/oauth/signature/rsa/sha1.rb", "lib/oauth/signature/sha1.rb", "lib/oauth/token.rb", "lib/oauth/version.rb", "oauth.gemspec", "script/destroy", "script/generate", "script/txt2html", "setup.rb", "specs.txt", "tasks/deployment.rake", "tasks/environment.rake", "tasks/website.rake", "test/cases/oauth_case.rb", "test/cases/spec/1_0-final/test_construct_request_url.rb", "test/cases/spec/1_0-final/test_normalize_request_parameters.rb", "test/cases/spec/1_0-final/test_parameter_encodings.rb", "test/cases/spec/1_0-final/test_signature_base_strings.rb", "test/keys/rsa.cert", "test/keys/rsa.pem", "test/test_action_controller_request_proxy.rb", "test/test_consumer.rb", "test/test_helper.rb", "test/test_hmac_sha1.rb", "test/test_net_http_client.rb", "test/test_net_http_request_proxy.rb", "test/test_rack_request_proxy.rb", "test/test_rsa_sha1.rb", "test/test_server.rb", "test/test_signature.rb", "test/test_signature_base.rb", "test/test_signature_plain_text.rb", "test/test_token.rb", "website/index.html", "website/index.txt", "website/javascripts/rounded_corners_lite.inc.js", "website/stylesheets/screen.css", "website/template.rhtml"]
+  s.has_rdoc = true
+  s.homepage = %q{http://oauth.rubyforge.org}
+  s.rdoc_options = ["--main", "README.rdoc"]
+  s.require_paths = ["lib"]
+  s.rubyforge_project = %q{oauth}
+  s.rubygems_version = %q{1.3.1}
+  s.summary = %q{OAuth Core Ruby implementation}
+  s.test_files = ["test/cases/spec/1_0-final/test_construct_request_url.rb", "test/cases/spec/1_0-final/test_normalize_request_parameters.rb", "test/cases/spec/1_0-final/test_parameter_encodings.rb", "test/cases/spec/1_0-final/test_signature_base_strings.rb", "test/test_action_controller_request_proxy.rb", "test/test_consumer.rb", "test/test_helper.rb", "test/test_hmac_sha1.rb", "test/test_net_http_client.rb", "test/test_net_http_request_proxy.rb", "test/test_rack_request_proxy.rb", "test/test_rsa_sha1.rb", "test/test_server.rb", "test/test_signature.rb", "test/test_signature_base.rb", "test/test_signature_plain_text.rb", "test/test_token.rb"]
+
+  if s.respond_to? :specification_version then
+    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
+    s.specification_version = 2
+
+    if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
+      s.add_runtime_dependency(%q<ruby-hmac>, [">= 0.3.1"])
+      s.add_development_dependency(%q<newgem>, [">= 1.2.3"])
+      s.add_development_dependency(%q<hoe>, [">= 1.8.0"])
+    else
+      s.add_dependency(%q<ruby-hmac>, [">= 0.3.1"])
+      s.add_dependency(%q<newgem>, [">= 1.2.3"])
+      s.add_dependency(%q<hoe>, [">= 1.8.0"])
+    end
+  else
+    s.add_dependency(%q<ruby-hmac>, [">= 0.3.1"])
+    s.add_dependency(%q<newgem>, [">= 1.2.3"])
+    s.add_dependency(%q<hoe>, [">= 1.8.0"])
+  end
+end

data/script/txt2html

@@ -13,7 +13,7 @@ require 'syntax/convertors/html'
 require 'erb'
 require File.dirname(__FILE__) + '/../lib/oauth/version.rb'
 
-version  = Oauth::VERSION::STRING
+version  = OAuth::VERSION::STRING
 download = 'http://rubyforge.org/projects/oauth'
 
 class Fixnum

data/test/cases/oauth_case.rb

@@ -0,0 +1,19 @@
+require 'test/unit'
+require 'oauth/signature'
+require 'oauth/request_proxy/mock_request'
+
+
+class OAuthCase < Test::Unit::TestCase
+  # avoid whining about a lack of tests
+  def run(*args)
+    return if @method_name.to_s == "default_test"
+    super
+  end
+  
+  protected
+  
+  # Creates a fake request
+  def request(params={},method='GET',uri="http://photos.example.net/photos")
+    OAuth::RequestProxy.proxy({'parameters'=>params,'method'=>method,'uri'=>uri})
+  end
+end

data/test/cases/spec/1_0-final/test_construct_request_url.rb

@@ -0,0 +1,62 @@
+require File.dirname(__FILE__) + '/../../oauth_case'
+
+# See http://oauth.net/core/1.0/#anchor14
+#
+#9.1.2.  Construct Request URL
+#
+#The Signature Base String includes the request absolute URL, tying the signature to a specific endpoint. The URL used in the Signature Base String MUST include the scheme, authority, and path, and MUST exclude the query and fragment as defined by [RFC3986] section 3.
+#
+#If the absolute request URL is not available to the Service Provider (it is always available to the Consumer), it can be constructed by combining the scheme being used, the HTTP Host header, and the relative HTTP request URL. If the Host header is not available, the Service Provider SHOULD use the host name communicated to the Consumer in the documentation or other means.
+#
+#The Service Provider SHOULD document the form of URL used in the Signature Base String to avoid ambiguity due to URL normalization. Unless specified, URL scheme and authority MUST be lowercase and include the port number; http default port 80 and https default port 443 MUST be excluded.
+#
+#For example, the request:
+#
+#                HTTP://Example.com:80/resource?id=123
+#Is included in the Signature Base String as:
+#
+#                http://example.com/resource
+
+
+class ConstructRequestUrlTest < OAuthCase
+  
+  def test_from_spec
+    assert_request_url("http://example.com/resource","HTTP://Example.com:80/resource?id=123")
+  end
+  
+  def test_simple_url_with_ending_slash
+    assert_request_url("http://example.com/","http://example.com/")
+  end
+
+  def test_simple_url_without_ending_slash
+    assert_request_url("http://example.com/","http://example.com")
+  end
+  
+  def test_of_normalized_http
+    assert_request_url("http://example.com/resource","http://example.com/resource")
+  end
+
+  def test_of_https
+    assert_request_url("https://example.com/resource","HTTPS://Example.com:443/resource?id=123")
+  end
+
+  def test_of_normalized_http
+    assert_request_url("https://example.com/resource","https://example.com/resource")
+  end
+  
+  def test_of_http_with_non_standard_port
+    assert_request_url("http://example.com:8080/resource","http://example.com:8080/resource")
+  end
+  
+  def test_of_https_with_non_standard_port
+    assert_request_url("https://example.com:8080/resource","https://example.com:8080/resource")
+  end
+  
+  protected
+  
+  
+  def assert_request_url(expected,given,message=nil)
+    assert_equal expected, request({},'GET',given).normalized_uri, message
+  end
+  
+end

data/test/cases/spec/1_0-final/test_normalize_request_parameters.rb

@@ -0,0 +1,88 @@
+require File.dirname(__FILE__) + '/../../oauth_case'
+
+# See http://oauth.net/core/1.0/#anchor14
+#
+# 9.1.1.  Normalize Request Parameters
+# 
+# The request parameters are collected, sorted and concatenated into a normalized string:
+# 
+# Parameters in the OAuth HTTP Authorization header excluding the realm parameter.
+# Parameters in the HTTP POST request body (with a content-type of application/x-www-form-urlencoded).
+# HTTP GET parameters added to the URLs in the query part (as defined by [RFC3986] section 3).
+# The oauth_signature parameter MUST be excluded.
+# 
+# The parameters are normalized into a single string as follows:
+# 
+# Parameters are sorted by name, using lexicographical byte value ordering. 
+# If two or more parameters share the same name, they are sorted by their value. For example:
+#
+#   a=1, c=hi%20there, f=25, f=50, f=a, z=p, z=t
+# Parameters are concatenated in their sorted order into a single string. For each parameter, 
+# the name is separated from the corresponding value by an ‘=’ character (ASCII code 61), even 
+# if the value is empty. Each name-value pair is separated by an ‘&’ character (ASCII code 38). For example:
+#   a=1&c=hi%20there&f=25&f=50&f=a&z=p&z=t
+# 
+
+
+class NormalizeRequestParametersTest < OAuthCase
+  
+  def test_parameters_for_signature
+    params={'a'=>1, 'c'=>'hi there', 'f'=>'25', 'f'=>'50', 'f'=>'a', 'z'=>'p', 'z'=>'t'}
+    assert_equal params,request(params).parameters_for_signature
+  end
+
+
+  def test_parameters_for_signature_removes_oauth_signature
+    params={'a'=>1, 'c'=>'hi there', 'f'=>'25', 'f'=>'50', 'f'=>'a', 'z'=>'p', 'z'=>'t'}
+    assert_equal params,request(params.merge({'oauth_signature'=>'blalbla'})).parameters_for_signature
+  end
+  
+  def test_spec_example
+    assert_normalized 'a=1&c=hi%20there&f=25&f=50&f=a&z=p&z=t', { 'a' => 1, 'c' => 'hi there', 'f' => ['25', '50', 'a'], 'z' => ['p', 't'] }
+  end
+
+  def test_sorts_parameters_correctly
+    # values for 'f' are scrambled
+    assert_normalized 'a=1&c=hi%20there&f=5&f=70&f=a&z=p&z=t', { 'a' => 1, 'c' => 'hi there', 'f' => ['a', '70', '5'], 'z' => ['p', 't'] }
+  end
+
+  def test_empty
+    assert_normalized "",{}
+  end
+  
+  
+  # These are from the wiki http://wiki.oauth.net/TestCases
+  # in the section Normalize Request Parameters
+  # Parameters have already been x-www-form-urlencoded (i.e. + = <space>)
+  def test_wiki1
+    assert_normalized "name=",{"name"=>nil}
+  end
+  
+  def test_wiki2
+    assert_normalized "a=b",{'a'=>'b'}
+  end
+  
+  def test_wiki3
+    assert_normalized "a=b&c=d",{'a'=>'b','c'=>'d'}
+  end
+  
+  def test_wiki4
+    assert_normalized "a=x%20y&a=x%21y",{'a'=>["x!y","x y"]}
+    
+  end
+
+  def test_wiki5
+    assert_normalized "x=a&x%21y=a",{"x!y"=>'a','x'=>'a'}
+  end
+
+  protected
+  
+  
+  def assert_normalized(expected,params,message=nil)
+    assert_equal expected, normalize_request_parameters(params), message
+  end
+  
+  def normalize_request_parameters(params={})
+    request(params).normalized_parameters
+  end
+end