pelle-oauth 0.3.1 → 0.3.5

data/lib/oauth/client/action_controller_request.rb

@@ -4,9 +4,9 @@ require 'action_controller/test_process'
 
 module ActionController
   class Base
-    def process_with_oauth(request,response=nil)
+    def process_with_oauth(request, response=nil)
       request.apply_oauth!
-      process_without_oauth(request,response)
+      process_without_oauth(request, response)
     end
 
     alias_method_chain :process, :oauth
@@ -18,21 +18,23 @@ module ActionController
     end
 
     def self.use_oauth?
-      @use_oauth 
+      @use_oauth
     end
 
     def configure_oauth(consumer = nil, token = nil, options = {})
-      @oauth_options = { :consumer => consumer,
-                   :token => token,
-                   :scheme => 'header',
-                   :signature_method => nil,
-                   :nonce => nil,
-                   :timestamp => nil }.merge(options)
+      @oauth_options = { :consumer  => consumer,
+                         :token     => token,
+                         :scheme    => 'header',
+                         :signature_method => nil,
+                         :nonce     => nil,
+                         :timestamp => nil }.merge(options)
     end
 
     def apply_oauth!
       return unless ActionController::TestRequest.use_oauth? && @oauth_options
-      @oauth_helper = OAuth::Client::Helper.new(self, @oauth_options.merge( { :request_uri => request_uri } ))
+
+      @oauth_helper = OAuth::Client::Helper.new(self, @oauth_options.merge(:request_uri => request_uri))
+      @oauth_helper.amend_user_agent_header(env)
 
       self.send("set_oauth_#{@oauth_options[:scheme]}")
     end
@@ -43,9 +45,9 @@ module ActionController
 
     def set_oauth_parameters
       @query_parameters = @oauth_helper.parameters_with_oauth
-      @query_parameters.merge!( { :oauth_signature => @oauth_helper.signature } )
+      @query_parameters.merge!(:oauth_signature => @oauth_helper.signature)
     end
-    
+
     def set_oauth_query_string
     end
   end

data/lib/oauth/client/helper.rb

@@ -2,12 +2,13 @@ require 'oauth/client'
 require 'oauth/consumer'
 require 'oauth/helper'
 require 'oauth/token'
+require 'oauth/version'
 require 'oauth/signature/hmac/sha1'
 
 module OAuth::Client
   class Helper
     include OAuth::Helper
-    
+
     def initialize(request, options = {})
       @request = request
       @options = options
@@ -26,37 +27,44 @@ module OAuth::Client
       options[:timestamp] ||= generate_timestamp
     end
 
-    def generate_timestamp
-      Time.now.to_i.to_s
-    end
-
     def oauth_parameters
       {
+        'oauth_callback'         => options[:oauth_callback],
         'oauth_consumer_key'     => options[:consumer].key,
         'oauth_token'            => options[:token] ? options[:token].token : '',
         'oauth_signature_method' => options[:signature_method],
         'oauth_timestamp'        => timestamp,
         'oauth_nonce'            => nonce,
+        'oauth_verifier'         => options[:oauth_verifier],
         'oauth_version'          => '1.0'
-      }.reject { |k,v| v == "" }
+      }.reject { |k,v| v.to_s == "" }
     end
 
     def signature(extra_options = {})
       OAuth::Signature.sign(@request, { :uri      => options[:request_uri],
-                                                    :consumer => options[:consumer],
-                                                    :token    => options[:token] }.merge(extra_options) )
+                                        :consumer => options[:consumer],
+                                        :token    => options[:token] }.merge(extra_options) )
     end
 
     def signature_base_string(extra_options = {})
-      OAuth::Signature.signature_base_string(@request, { :uri      => options[:request_uri],
-                                                    :consumer => options[:consumer],
-                                                    :token    => options[:token],
-                                                    :parameters => oauth_parameters}.merge(extra_options) )
+      OAuth::Signature.signature_base_string(@request, { :uri        => options[:request_uri],
+                                                         :consumer   => options[:consumer],
+                                                         :token      => options[:token],
+                                                         :parameters => oauth_parameters}.merge(extra_options) )
+    end
+
+    def amend_user_agent_header(headers)
+      @oauth_ua_string ||= "OAuth gem v#{OAuth::VERSION}"
+      if headers['User-Agent']
+        headers['User-Agent'] += " (#{@oauth_ua_string})"
+      else
+        headers['User-Agent'] = @oauth_ua_string
+      end
     end
 
     def header
       parameters = oauth_parameters
-      parameters.merge!( { 'oauth_signature' => signature( options.merge({ :parameters => parameters }) ) } )
+      parameters.merge!('oauth_signature' => signature(options.merge(:parameters => parameters)))
 
       header_params_str = parameters.map { |k,v| "#{k}=\"#{escape(v)}\"" }.join(', ')
 
@@ -69,7 +77,7 @@ module OAuth::Client
     end
 
     def parameters_with_oauth
-      oauth_parameters.merge( parameters )
+      oauth_parameters.merge(parameters)
     end
   end
 end

data/lib/oauth/client/net_http.rb

@@ -5,43 +5,74 @@ require 'oauth/request_proxy/net_http'
 class Net::HTTPRequest
   include OAuth::Helper
 
+  attr_reader :oauth_helper
+
+  # Add the OAuth information to an HTTP request. Depending on the <tt>options[:scheme]</tt> setting
+  # this may add a header, additional query string parameters, or additional POST body parameters.
+  # The default scheme is +header+, in which the OAuth parameters as put into the +Authorization+
+  # header.
+  # 
+  # * http - Configured Net::HTTP instance
+  # * consumer - OAuth::Consumer instance
+  # * token - OAuth::Token instance
+  # * options - Request-specific options (e.g. +request_uri+, +consumer+, +token+, +scheme+,
+  #   +signature_method+, +nonce+, +timestamp+)
+  #
+  # This method also modifies the <tt>User-Agent</tt> header to add the OAuth gem version.
+  #
+  # See Also: {OAuth core spec version 1.0, section 5.4.1}[http://oauth.net/core/1.0#rfc.section.5.4.1]
   def oauth!(http, consumer = nil, token = nil, options = {})
-    options = { :request_uri => oauth_full_request_uri(http),
-                :consumer => consumer,
-                :token => token,
-                :scheme => 'header',
+    options = { :request_uri      => oauth_full_request_uri(http),
+                :consumer         => consumer,
+                :token            => token,
+                :scheme           => 'header',
                 :signature_method => nil,
-                :nonce => nil,
-                :timestamp => nil }.merge(options)
+                :nonce            => nil,
+                :timestamp        => nil }.merge(options)
 
     @oauth_helper = OAuth::Client::Helper.new(self, options)
+    @oauth_helper.amend_user_agent_header(self)
     self.send("set_oauth_#{options[:scheme]}")
   end
 
+  # Create a string suitable for signing for an HTTP request. This process involves parameter
+  # normalization as specified in the OAuth specification. The exact normalization also depends
+  # on the <tt>options[:scheme]</tt> being used so this must match what will be used for the request
+  # itself. The default scheme is +header+, in which the OAuth parameters as put into the +Authorization+
+  # header.
+  # 
+  # * http - Configured Net::HTTP instance
+  # * consumer - OAuth::Consumer instance
+  # * token - OAuth::Token instance
+  # * options - Request-specific options (e.g. +request_uri+, +consumer+, +token+, +scheme+,
+  #   +signature_method+, +nonce+, +timestamp+)
+  # 
+  # See Also: {OAuth core spec version 1.0, section 9.1.1}[http://oauth.net/core/1.0#rfc.section.9.1.1]
   def signature_base_string(http, consumer = nil, token = nil, options = {})
-    options = { :request_uri => oauth_full_request_uri(http),
-                :consumer => consumer,
-                :token => token,
-                :scheme => 'header',
+    options = { :request_uri      => oauth_full_request_uri(http),
+                :consumer         => consumer,
+                :token            => token,
+                :scheme           => 'header',
                 :signature_method => nil,
-                :nonce => nil,
-                :timestamp => nil }.merge(options)
+                :nonce            => nil,
+                :timestamp        => nil }.merge(options)
 
     OAuth::Client::Helper.new(self, options).signature_base_string
   end
-  
-  def oauth_helper
-    @oauth_helper
-  end
-  private
+
+private
 
   def oauth_full_request_uri(http)
     uri = URI.parse(self.path)
     uri.host = http.address
     uri.port = http.port
-    if http.respond_to?(:use_ssl?)
-      uri.scheme = http.use_ssl? ? 'https' : 'http'
+
+    if http.respond_to?(:use_ssl?) && http.use_ssl?
+      uri.scheme = "https"
+    else
+      uri.scheme = "http"
     end
+
     uri.to_s
   end
 
@@ -59,10 +90,10 @@ class Net::HTTPRequest
   end
 
   def set_oauth_query_string
-    oauth_params_str = @oauth_helper.oauth_parameters.map { |k,v| "#{k}=#{v}" }.join("&")
+    oauth_params_str = @oauth_helper.oauth_parameters.map { |k,v| [escape(k), escape(v)] * "=" }.join("&")
 
     uri = URI.parse(path)
-    if !uri.query || uri.query == ''
+    if uri.query.to_s == ""
       uri.query = oauth_params_str
     else
       uri.query = uri.query + "&" + oauth_params_str
@@ -70,6 +101,6 @@ class Net::HTTPRequest
 
     @path = uri.to_s
 
-    @path << "&oauth_signature=#{escape(@oauth_helper.signature)}"
+    @path << "&oauth_signature=#{escape(oauth_helper.signature)}"
   end
 end

data/lib/oauth/consumer.rb

@@ -1,19 +1,32 @@
 require 'net/http'
 require 'net/https'
+require 'oauth/oauth'
 require 'oauth/client/net_http'
+require 'oauth/errors'
+
 module OAuth
   class Consumer
-    
-    @@default_options={
+    # determine the certificate authority path to verify SSL certs
+    CA_FILES = %w(/etc/ssl/certs/ca-certificates.crt /usr/share/curl/curl-ca-bundle.crt)
+    CA_FILES.each do |ca_file|
+      if File.exists?(ca_file)
+        CA_FILE = ca_file
+        break
+      end
+    end
+    CA_FILE = nil unless defined?(CA_FILE)
+
+    @@default_options = {
       # Signature method used by server. Defaults to HMAC-SHA1
-      :signature_method => 'HMAC-SHA1',
-      
+      :signature_method   => 'HMAC-SHA1',
+
       # default paths on site. These are the same as the defaults set up by the generators
-      :request_token_path=>'/oauth/request_token',
-      :authorize_path=>'/oauth/authorize',
-      :access_token_path=>'/oauth/access_token',
-      
-      # How do we send the oauth values to the server see 
+      :request_token_path => '/oauth/request_token',
+      :authorize_path     => '/oauth/authorize',
+      :access_token_path  => '/oauth/access_token',
+
+      :proxy              => nil,
+      # How do we send the oauth values to the server see
       # http://oauth.net/core/1.0/#consumer_req_param for more info
       #
       # Possible values:
@@ -21,123 +34,179 @@ module OAuth
       #   :header - via the Authorize header (Default) ( option 1. in spec)
       #   :body - url form encoded in body of POST request ( option 2. in spec)
       #   :query_string - via the query part of the url ( option 3. in spec)
-      :scheme=>:header, 
-      
+      :scheme        => :header,
+
       # Default http method used for OAuth Token Requests (defaults to :post)
-      :http_method=>:post, 
-      
-      :oauth_version=>"1.0"
+      :http_method   => :post,
+
+      :oauth_version => "1.0"
     }
-    
-    attr_accessor :site,:options, :key, :secret,:http
-    
-    
+
+    attr_accessor :options, :key, :secret
+    attr_writer   :site, :http
+
     # Create a new consumer instance by passing it a configuration hash:
     #
-    #   @consumer=OAuth::Consumer.new( key,secret,{
-    #     :site=>"http://term.ie",
-    #     :scheme=>:header,
-    #     :http_method=>:post,
-    #     :request_token_path=>"/oauth/example/request_token.php",
-    #     :access_token_path=>"/oauth/example/access_token.php",
-    #     :authorize_path=>"/oauth/example/authorize.php"
+    #   @consumer = OAuth::Consumer.new(key, secret, {
+    #     :site               => "http://term.ie",
+    #     :scheme             => :header,
+    #     :http_method        => :post,
+    #     :request_token_path => "/oauth/example/request_token.php",
+    #     :access_token_path  => "/oauth/example/access_token.php",
+    #     :authorize_path     => "/oauth/example/authorize.php"
     #    })
     #
     # Start the process by requesting a token
     #
-    #   @request_token=@consumer.get_request_token
-    #   session[:request_token]=@request_token
+    #   @request_token = @consumer.get_request_token
+    #   session[:request_token] = @request_token
     #   redirect_to @request_token.authorize_url
     #
     # When user returns create an access_token
     #
-    #   @access_token=@request_token.get_access_token
+    #   @access_token = @request_token.get_access_token
     #   @photos=@access_token.get('/photos.xml')
     #
-    #
-    
-    def initialize(consumer_key,consumer_secret,options={})
+    def initialize(consumer_key, consumer_secret, options = {})
+      @key    = consumer_key
+      @secret = consumer_secret
+
       # ensure that keys are symbols
-      @options=@@default_options.merge( options.inject({}) do |options, (key, value)|
+      @options = @@default_options.merge(options.inject({}) { |options, (key, value)|
         options[key.to_sym] = value
         options
-      end)
-      @key = consumer_key
-      @secret = consumer_secret
+      })
     end
-    
+
     # The default http method
     def http_method
-      @http_method||=@options[:http_method]||:post
+      @http_method ||= @options[:http_method] || :post
     end
-    
+
     # The HTTP object for the site. The HTTP Object is what you get when you do Net::HTTP.new
     def http
       @http ||= create_http
     end
-    
+
     # Contains the root URI for this site
-    def uri(custom_uri=nil)
+    def uri(custom_uri = nil)
       if custom_uri
-        @uri = custom_uri
+        @uri  = custom_uri
         @http = create_http # yike, oh well. less intrusive this way
       else  # if no custom passed, we use existing, which, if unset, is set to site uri
         @uri ||= URI.parse(site)
       end
     end
-    
+
+    def get_access_token(request_token, request_options = {}, *arguments)
+      response = token_request(http_method, (access_token_url? ? access_token_url : access_token_path), request_token, request_options, *arguments)
+      OAuth::AccessToken.from_hash(self, response)
+    end
+
     # Makes a request to the service for a new OAuth::RequestToken
-    #   
-    #  @request_token=@consumer.get_request_token
     #
-    def get_request_token(request_options={}, *arguments)
-      response=token_request(http_method,(request_token_url? ? request_token_url : request_token_path), nil, request_options, *arguments)
-      OAuth::RequestToken.new(self,response[:oauth_token],response[:oauth_token_secret])
+    #  @request_token = @consumer.get_request_token
+    #
+    # To include OAuth parameters:
+    #
+    #  @request_token = @consumer.get_request_token \
+    #    :oauth_callback => "http://example.com/cb"
+    #
+    # To include application-specific parameters:
+    #
+    #  @request_token = @consumer.get_request_token({}, :foo => "bar")
+    #
+    # TODO oauth_callback should be a mandatory parameter
+    def get_request_token(request_options = {}, *arguments)
+      # if oauth_callback wasn't provided, it is assumed that oauth_verifiers
+      # will be exchanged out of band
+      request_options[:oauth_callback] ||= OAuth::OUT_OF_BAND
+
+      response = token_request(http_method, (request_token_url? ? request_token_url : request_token_path), nil, request_options, *arguments)
+      OAuth::RequestToken.from_hash(self, response)
     end
-    
+
     # Creates, signs and performs an http request.
     # It's recommended to use the OAuth::Token classes to set this up correctly.
-    # The arguments parameters are a hash or string encoded set of parameters if it's a post request as well as optional http headers.
-    # 
-    #   @consumer.request(:get,'/people',@token,{:scheme=>:query_string})
-    #   @consumer.request(:post,'/people',@token,{},@person.to_xml,{ 'Content-Type' => 'application/xml' })
+    # request_options take precedence over consumer-wide options when signing
+    #   a request.
+    # arguments are POST and PUT bodies (a Hash, string-encoded parameters, or
+    #   absent), followed by additional HTTP headers.
     #
-    def request(http_method,path, token=nil,request_options={},*arguments)
-      if path=~/^\//
-        _http=http
-      else
-        _http=create_http(path)
-        _uri=URI.parse(path)
-        path="#{_uri.path}#{_uri.query ? "?#{_uri.query}" : ""}"
+    #   @consumer.request(:get,  '/people', @token, { :scheme => :query_string })
+    #   @consumer.request(:post, '/people', @token, {}, @person.to_xml, { 'Content-Type' => 'application/xml' })
+    #
+    def request(http_method, path, token = nil, request_options = {}, *arguments)
+      if path !~ /^\//
+        @http = create_http(path)
+        _uri = URI.parse(path)
+        path = "#{_uri.path}#{_uri.query ? "?#{_uri.query}" : ""}"
       end
-      _http.request(create_signed_request(http_method,path,token,request_options,*arguments))
+
+      rsp = http.request(create_signed_request(http_method, path, token, request_options, *arguments))
+
+      # check for an error reported by the Problem Reporting extension
+      # (http://wiki.oauth.net/ProblemReporting)
+      # note: a 200 may actually be an error; check for an oauth_problem key to be sure
+      if !(headers = rsp.to_hash["www-authenticate"]).nil? &&
+        (h = headers.select { |h| h =~ /^OAuth / }).any? &&
+        h.first =~ /oauth_problem/
+
+        # puts "Header: #{h.first}"
+
+        # TODO doesn't handle broken responses from api.login.yahoo.com
+        # remove debug code when done
+        params = OAuth::Helper.parse_header(h.first)
+
+        # puts "Params: #{params.inspect}"
+        # puts "Body: #{rsp.body}"
+
+        raise OAuth::Problem.new(params.delete("oauth_problem"), rsp, params)
+      end
+
+      rsp
     end
-    
+
     # Creates and signs an http request.
     # It's recommended to use the Token classes to set this up correctly
-    def create_signed_request(http_method,path, token=nil,request_options={},*arguments)
-      request=create_http_request(http_method,path,*arguments)
-      sign!(request,token,request_options)
+    def create_signed_request(http_method, path, token = nil, request_options = {}, *arguments)
+      request = create_http_request(http_method, path, *arguments)
+      sign!(request, token, request_options)
       request
     end
-    
+
     # Creates a request and parses the result as url_encoded. This is used internally for the RequestToken and AccessToken requests.
-    def token_request(http_method,path,token=nil,request_options={},*arguments)
-      response=request(http_method,path,token,request_options,*arguments)
-      if response.code=="200"
-        CGI.parse(response.body).inject({}){|h,(k,v)| h[k.to_sym]=v.first;h}
-      else 
-        response.error! 
+    def token_request(http_method, path, token = nil, request_options = {}, *arguments)
+      response = request(http_method, path, token, request_options, *arguments)
+
+      case response.code.to_i
+
+      when (200..299)
+        # symbolize keys
+        # TODO this could be considered unexpected behavior; symbols or not?
+        # TODO this also drops subsequent values from multi-valued keys
+        CGI.parse(response.body).inject({}) do |h,(k,v)|
+          h[k.to_sym] = v.first
+          h[k]        = v.first
+          h
+        end
+      when (300..399)
+        # this is a redirect
+        response.error!
+      when (400..499)
+        raise OAuth::Unauthorized, response
+      else
+        response.error!
       end
     end
 
     # Sign the Request object. Use this if you have an externally generated http request object you want to sign.
-    def sign!(request,token=nil, request_options = {})
+    def sign!(request, token = nil, request_options = {})
       request.oauth!(http, self, token, options.merge(request_options))
     end
-    
+
     # Return the signature_base_string
-    def signature_base_string(request,token=nil, request_options = {})
+    def signature_base_string(request, token = nil, request_options = {})
       request.signature_base_string(http, self, token, options.merge(request_options))
     end
 
@@ -148,90 +217,127 @@ module OAuth
     def scheme
       @options[:scheme]
     end
-    
+
     def request_token_path
       @options[:request_token_path]
     end
-    
+
     def authorize_path
       @options[:authorize_path]
     end
-    
+
     def access_token_path
       @options[:access_token_path]
     end
-    
+
     # TODO this is ugly, rewrite
     def request_token_url
-      @options[:request_token_url]||site+request_token_path
+      @options[:request_token_url] || site + request_token_path
     end
 
     def request_token_url?
-      @options[:request_token_url]!=nil
+      @options.has_key?(:request_token_url)
     end
-    
+
     def authorize_url
-      @options[:authorize_url]||site+authorize_path
+      @options[:authorize_url] || site + authorize_path
     end
-    
+
     def authorize_url?
-      @options[:authorize_url]!=nil
+      @options.has_key?(:authorize_url)
     end
 
     def access_token_url
-      @options[:access_token_url]||site+access_token_path
+      @options[:access_token_url] || site + access_token_path
     end
 
     def access_token_url?
-      @options[:access_token_url]!=nil
+      @options.has_key?(:access_token_url)
+    end
+
+    def proxy
+      @options[:proxy]
     end
 
-    protected
-    
-    #Instantiates the http object
-    def create_http(_url=nil)
-      if _url.nil?||_url[0]=~/^\//
-        our_uri=URI.parse(site)
+  protected
+
+    # Instantiates the http object
+    def create_http(_url = nil)
+      if _url.nil? || _url[0] =~ /^\//
+        our_uri = URI.parse(site)
+      else
+        our_uri = URI.parse(_url)
+      end
+
+      if proxy.nil?
+        http_object = Net::HTTP.new(our_uri.host, our_uri.port)
+      else
+        proxy_uri = proxy.is_a?(URI) ? proxy : URI.parse(proxy)
+        http_object = Net::HTTP.new(our_uri.host, our_uri.port, proxy_uri.host, proxy_uri.port, proxy_uri.user, proxy_uri.password)
+      end
+
+      http_object.use_ssl = (our_uri.scheme == 'https')
+
+      if CA_FILE
+        http_object.ca_file = CA_FILE
+        http_object.verify_mode = OpenSSL::SSL::VERIFY_PEER
+        http_object.verify_depth = 5
       else
-        our_uri=URI.parse(_url)
+        http_object.verify_mode = OpenSSL::SSL::VERIFY_NONE
       end
-      http_object=Net::HTTP.new(our_uri.host, our_uri.port)
-      http_object.use_ssl = true if our_uri.scheme=="https"
+
       http_object
     end
-    
+
     # create the http request object for a given http_method and path
-    def create_http_request(http_method,path,*arguments)
-      http_method=http_method.to_sym
-      if [:post,:put].include?(http_method)
-        data=arguments.shift
+    def create_http_request(http_method, path, *arguments)
+      http_method = http_method.to_sym
+
+      if [:post, :put].include?(http_method)
+        data = arguments.shift
+        data.reject! { |k,v| v.nil? } if data.is_a?(Hash)
       end
-      headers=(arguments.first.is_a?(Hash) ? arguments.shift : {})
+
+      headers = arguments.first.is_a?(Hash) ? arguments.shift : {}
+
       case http_method
       when :post
-        request=Net::HTTP::Post.new(path,headers)
-        request["Content-Length"]=0 # Default to 0
+        request = Net::HTTP::Post.new(path,headers)
+        request["Content-Length"] = 0 # Default to 0
       when :put
-        request=Net::HTTP::Put.new(path,headers)
-        request["Content-Length"]=0 # Default to 0
+        request = Net::HTTP::Put.new(path,headers)
+        request["Content-Length"] = 0 # Default to 0
       when :get
-        request=Net::HTTP::Get.new(path,headers)
+        request = Net::HTTP::Get.new(path,headers)
       when :delete
-        request=Net::HTTP::Delete.new(path,headers)
+        request =  Net::HTTP::Delete.new(path,headers)
       when :head
-        request=Net::HTTP::Head.new(path,headers)
+        request = Net::HTTP::Head.new(path,headers)
       else
         raise ArgumentError, "Don't know how to handle http_method: :#{http_method.to_s}"
       end
+
       if data.is_a?(Hash)
         request.set_form_data(data)
       elsif data
-        request.body=data.to_s
-        request["Content-Length"]=request.body.length
+        if data.respond_to?(:read)
+          request.body_stream = data
+          if data.respond_to?(:length)
+            request["Content-Length"] = data.length
+          elsif data.respond_to?(:stat) && data.stat.respond_to?(:size)
+            request["Content-Length"] = data.stat.size
+          else
+            raise ArgumentError, "Don't know how to send a body_stream that doesn't respond to .length or .stat.size"
+          end
+        else
+          request.body = data.to_s
+          request["Content-Length"] = request.body.length
+        end
       end
+
       request
     end
-    
+
     # Unset cached http instance because it cannot be marshalled when
     # it has already been used and use_ssl is set to true
     def marshal_dump(*args)