proletarian-oauth 0.3.2

data/lib/oauth/consumer.rb

@@ -0,0 +1,246 @@
+require 'net/http'
+require 'net/https'
+require 'oauth/client/net_http'
+module OAuth
+  class Consumer
+    
+    @@default_options={
+      # Signature method used by server. Defaults to HMAC-SHA1
+      :signature_method => 'HMAC-SHA1',
+      
+      # default paths on site. These are the same as the defaults set up by the generators
+      :request_token_path=>'/oauth/request_token',
+      :authorize_path=>'/oauth/authorize',
+      :access_token_path=>'/oauth/access_token',
+      
+      # How do we send the oauth values to the server see 
+      # http://oauth.net/core/1.0/#consumer_req_param for more info
+      #
+      # Possible values:
+      #
+      #   :header - via the Authorize header (Default) ( option 1. in spec)
+      #   :body - url form encoded in body of POST request ( option 2. in spec)
+      #   :query_string - via the query part of the url ( option 3. in spec)
+      :scheme=>:header, 
+      
+      # Default http method used for OAuth Token Requests (defaults to :post)
+      :http_method=>:post, 
+      
+      :oauth_version=>"1.0"
+    }
+    
+    attr_accessor :site,:options, :key, :secret,:http
+    
+    
+    # Create a new consumer instance by passing it a configuration hash:
+    #
+    #   @consumer=OAuth::Consumer.new( key,secret,{
+    #     :site=>"http://term.ie",
+    #     :scheme=>:header,
+    #     :http_method=>:post,
+    #     :request_token_path=>"/oauth/example/request_token.php",
+    #     :access_token_path=>"/oauth/example/access_token.php",
+    #     :authorize_path=>"/oauth/example/authorize.php"
+    #    })
+    #
+    # Start the process by requesting a token
+    #
+    #   @request_token=@consumer.get_request_token
+    #   session[:request_token]=@request_token
+    #   redirect_to @request_token.authorize_url
+    #
+    # When user returns create an access_token
+    #
+    #   @access_token=@request_token.get_access_token
+    #   @photos=@access_token.get('/photos.xml')
+    #
+    #
+    
+    def initialize(consumer_key,consumer_secret,options={})
+      # ensure that keys are symbols
+      @options=@@default_options.merge( options.inject({}) do |options, (key, value)|
+        options[key.to_sym] = value
+        options
+      end)
+      @key = consumer_key
+      @secret = consumer_secret
+    end
+    
+    # The default http method
+    def http_method
+      @http_method||=@options[:http_method]||:post
+    end
+    
+    # The HTTP object for the site. The HTTP Object is what you get when you do Net::HTTP.new
+    def http
+      @http ||= create_http
+    end
+    
+    # Contains the root URI for this site
+    def uri(custom_uri=nil)
+      if custom_uri
+        @uri = custom_uri
+        @http = create_http # yike, oh well. less intrusive this way
+      else  # if no custom passed, we use existing, which, if unset, is set to site uri
+        @uri ||= URI.parse(site)
+      end
+    end
+    
+    # Makes a request to the service for a new OAuth::RequestToken
+    #   
+    #  @request_token=@consumer.get_request_token
+    #
+    def get_request_token(request_options={}, *arguments)
+      response=token_request(http_method,(request_token_url? ? request_token_url : request_token_path), nil, request_options, *arguments)
+      OAuth::RequestToken.new(self,response[:oauth_token],response[:oauth_token_secret])
+    end
+    
+    # Creates, signs and performs an http request.
+    # It's recommended to use the OAuth::Token classes to set this up correctly.
+    # The arguments parameters are a hash or string encoded set of parameters if it's a post request as well as optional http headers.
+    # 
+    #   @consumer.request(:get,'/people',@token,{:scheme=>:query_string})
+    #   @consumer.request(:post,'/people',@token,{},@person.to_xml,{ 'Content-Type' => 'application/xml' })
+    #
+    def request(http_method,path, token=nil,request_options={},*arguments)
+      if path=~/^\//
+        _http=http
+      else
+        _http=create_http(path)
+        _uri=URI.parse(path)
+        path="#{_uri.path}#{_uri.query ? "?#{_uri.query}" : ""}"
+      end
+      _http.request(create_signed_request(http_method,path,token,request_options,*arguments))
+    end
+    
+    # Creates and signs an http request.
+    # It's recommended to use the Token classes to set this up correctly
+    def create_signed_request(http_method,path, token=nil,request_options={},*arguments)
+      request=create_http_request(http_method,path,*arguments)
+      sign!(request,token,request_options)
+      request
+    end
+    
+    # Creates a request and parses the result as url_encoded. This is used internally for the RequestToken and AccessToken requests.
+    def token_request(http_method,path,token=nil,request_options={},*arguments)
+      response=request(http_method,path,token,request_options,*arguments)
+      if response.code=="200"
+        CGI.parse(response.body).inject({}){|h,(k,v)| h[k.to_sym]=v.first;h}
+      else 
+        response.error! 
+      end
+    end
+
+    # Sign the Request object. Use this if you have an externally generated http request object you want to sign.
+    def sign!(request,token=nil, request_options = {})
+      request.oauth!(http, self, token, options.merge(request_options))
+    end
+    
+    # Return the signature_base_string
+    def signature_base_string(request,token=nil, request_options = {})
+      request.signature_base_string(http, self, token, options.merge(request_options))
+    end
+
+    def site
+      @options[:site].to_s
+    end
+
+    def scheme
+      @options[:scheme]
+    end
+    
+    def request_token_path
+      @options[:request_token_path]
+    end
+    
+    def authorize_path
+      @options[:authorize_path]
+    end
+
+    def authentication_path
+      'yabadadooo!!!!'
+    end
+    
+    def access_token_path
+      @options[:access_token_path]
+    end
+    
+    # TODO this is ugly, rewrite
+    def request_token_url
+      @options[:request_token_url]||site+request_token_path
+    end
+
+    def request_token_url?
+      @options[:request_token_url]!=nil
+    end
+    
+    def authorize_url
+      @options[:authorize_url]||site+authorize_path
+    end
+    
+    def authorize_url?
+      @options[:authorize_url]!=nil
+    end
+
+    def access_token_url
+      @options[:access_token_url]||site+access_token_path
+    end
+
+    def access_token_url?
+      @options[:access_token_url]!=nil
+    end
+
+    protected
+    
+    #Instantiates the http object
+    def create_http(_url=nil)
+      if _url.nil?||_url[0]=~/^\//
+        our_uri=URI.parse(site)
+      else
+        our_uri=URI.parse(_url)
+      end
+      http_object=Net::HTTP.new(our_uri.host, our_uri.port)
+      http_object.use_ssl = true if our_uri.scheme=="https"
+      http_object
+    end
+    
+    # create the http request object for a given http_method and path
+    def create_http_request(http_method,path,*arguments)
+      http_method=http_method.to_sym
+      if [:post,:put].include?(http_method)
+        data=arguments.shift
+      end
+      headers=(arguments.first.is_a?(Hash) ? arguments.shift : {})
+      case http_method
+      when :post
+        request=Net::HTTP::Post.new(path,headers)
+        request["Content-Length"]=0 # Default to 0
+      when :put
+        request=Net::HTTP::Put.new(path,headers)
+        request["Content-Length"]=0 # Default to 0
+      when :get
+        request=Net::HTTP::Get.new(path,headers)
+      when :delete
+        request=Net::HTTP::Delete.new(path,headers)
+      when :head
+        request=Net::HTTP::Head.new(path,headers)
+      else
+        raise ArgumentError, "Don't know how to handle http_method: :#{http_method.to_s}"
+      end
+      if data.is_a?(Hash)
+        request.set_form_data(data)
+      elsif data
+        request.body=data.to_s
+        request["Content-Length"]=request.body.length
+      end
+      request
+    end
+    
+    # Unset cached http instance because it cannot be marshalled when
+    # it has already been used and use_ssl is set to true
+    def marshal_dump(*args)
+      @http = nil
+      self
+    end
+  end
+end

data/lib/oauth/helper.rb

@@ -0,0 +1,17 @@
+require 'openssl'
+require 'base64'
+require 'cgi'
+module OAuth
+  module Helper
+    extend self
+
+    def escape(value)
+      CGI.escape(value.to_s).gsub("%7E", '~').gsub("+", "%20")
+    end
+    
+    def generate_key(size=32)
+      Base64.encode64(OpenSSL::Random.random_bytes(size)).gsub(/\W/,'')
+    end    
+    
+  end
+end

data/lib/oauth/oauth_test_helper.rb

@@ -0,0 +1,26 @@
+require 'action_controller'
+require 'action_controller/test_process'
+module OAuth
+  module OAuthTestHelper
+    
+    def mock_incoming_request_with_query(request)
+      incoming=ActionController::TestRequest.new(request.to_hash)
+      incoming.request_uri=request.path
+      incoming.env["SERVER_PORT"]=request.uri.port
+      incoming.host=request.uri.host
+      incoming.env['REQUEST_METHOD']=request.http_method
+      incoming
+    end
+
+    def mock_incoming_request_with_authorize_header(request)
+      incoming=ActionController::TestRequest.new
+      incoming.env["HTTP_AUTHORIZATION"]=request.to_auth_string
+      incoming.request_uri=request.path
+      incoming.env["SERVER_PORT"]=request.uri.port
+      incoming.host=request.uri.host
+      incoming.env['REQUEST_METHOD']=request.http_method
+      incoming
+    end
+  
+  end
+end

data/lib/oauth/request_proxy/action_controller_request.rb

@@ -0,0 +1,62 @@
+require 'rubygems'
+require 'active_support'
+require 'action_controller/request'
+require 'oauth/request_proxy/base'
+require 'uri'
+
+module OAuth::RequestProxy
+  class ActionControllerRequest < OAuth::RequestProxy::Base
+    proxies(defined?(ActionController::AbstractRequest) ? ActionController::AbstractRequest : ActionController::Request)
+
+    def method
+      request.method.to_s.upcase
+    end
+
+    def uri
+      request.url
+    end
+
+    def parameters
+      if options[:clobber_request]
+        options[:parameters] || {}
+      else
+        params = request_params.merge(query_params).merge(header_params)
+        params.stringify_keys! if params.respond_to?(:stringify_keys!)
+        params.merge(options[:parameters] || {})
+      end
+    end
+    
+    # Override from OAuth::RequestProxy::Base to avoid roundtrip
+    # conversion to Hash or Array and thus preserve the original
+    # parameter names
+    def parameters_for_signature
+      params = []
+      params << options[:parameters].to_query if options[:parameters]
+
+      unless options[:clobber_request]
+        params << header_params.to_query
+        params << request.query_string unless request.query_string.blank?
+        if request.content_type == Mime::Type.lookup("application/x-www-form-urlencoded")
+          params << CGI.unescape(request.raw_post)
+        end
+      end
+      
+      params.
+        join('&').split('&').
+        reject { |kv| kv =~ /^oauth_signature=.*/}.
+        reject(&:blank?).
+        map { |p| p.split('=') }
+    end
+
+    protected
+
+    def query_params
+      request.query_parameters
+    end
+
+    def request_params
+      request.request_parameters
+    end
+
+  end
+end

data/lib/oauth/request_proxy/base.rb

@@ -0,0 +1,107 @@
+require 'oauth/request_proxy'
+require 'oauth/helper'
+
+module OAuth::RequestProxy
+  class Base
+    include OAuth::Helper
+
+    def self.proxies(klass)
+      OAuth::RequestProxy.available_proxies[klass] = self
+    end
+
+    attr_accessor :request, :options
+
+    def initialize(request, options = {})
+      @request = request
+      @options = options
+    end
+
+    def token
+      parameters['oauth_token']
+    end
+
+    def consumer_key
+      parameters['oauth_consumer_key']
+    end
+
+    def parameters_for_signature
+      p = parameters.dup
+      p.delete("oauth_signature")
+      p
+    end
+
+    def nonce
+      parameters['oauth_nonce']
+    end
+
+    def timestamp
+      parameters['oauth_timestamp']
+    end
+
+    def signature_method
+      case parameters['oauth_signature_method']
+      when Array: parameters['oauth_signature_method'].first
+      else
+        parameters['oauth_signature_method']
+      end
+    end
+
+    def signature
+      parameters['oauth_signature'] || ""
+    end
+    
+    # See 9.1.2 in specs
+    def normalized_uri
+      u=URI.parse(uri)
+      "#{u.scheme.downcase}://#{u.host.downcase}#{(u.scheme.downcase=='http'&&u.port!=80)||(u.scheme.downcase=='https'&&u.port!=443) ? ":#{u.port}" : ""}#{(u.path&&u.path!='') ? u.path : '/'}"
+    end
+    
+    # See 9.1.1. in specs Normalize Request Parameters
+    def normalized_parameters
+      parameters_for_signature.sort.map do |k, values|
+
+        if values.is_a?(Array)
+          # multiple values were provided for a single key
+          values.sort.collect do |v|
+            [escape(k),escape(v)] * "="
+          end
+        else
+          [escape(k),escape(values)] * "="
+        end
+      end * "&"
+    end
+    
+    # See 9.1 in specs
+    def signature_base_string
+      base = [method, normalized_uri, normalized_parameters]
+      base.map { |v| escape(v) }.join("&")
+    end
+    
+    
+    protected
+    
+    def header_params
+      %w( X-HTTP_AUTHORIZATION Authorization HTTP_AUTHORIZATION ).each do |header|
+        next unless request.env.include?(header)
+
+        header = request.env[header]
+        next unless header[0,6] == 'OAuth '
+
+        oauth_param_string = header[6,header.length].split(/[,=]/)
+        oauth_param_string.map! { |v| unescape(v.strip) }
+        oauth_param_string.map! { |v| v =~ /^\".*\"$/ ? v[1..-2] : v }
+        oauth_params = Hash[*oauth_param_string.flatten]
+        oauth_params.reject! { |k,v| k !~ /^oauth_/ }
+
+        return oauth_params
+      end
+
+      return {}
+    end
+    
+    def unescape(value)
+      URI.unescape(value.gsub('+', '%2B'))
+    end
+    
+  end
+end

data/lib/oauth/request_proxy/jabber_request.rb

@@ -0,0 +1,42 @@
+require 'xmpp4r'
+require 'oauth/request_proxy/base'
+
+module OAuth
+  module RequestProxy
+    class JabberRequest < OAuth::RequestProxy::Base
+      proxies Jabber::Iq
+      proxies Jabber::Presence
+      proxies Jabber::Message
+
+      def parameters
+        return @params if @params
+
+        @params = {}
+
+        oauth = @request.get_elements('//oauth').first
+        return @params unless oauth
+
+        %w( oauth_token oauth_consumer_key oauth_signature_method oauth_signature
+            oauth_timestamp oauth_nonce oauth_version ).each do |param|
+          next unless element = oauth.first_element(param)
+          @params[param] = element.text
+        end
+
+        @params
+      end
+
+      def method
+        @request.name
+      end
+
+      def uri
+        [@request.from.strip.to_s, @request.to.strip.to_s].join("&")
+      end
+      
+      def normalized_uri
+        uri
+      end
+      
+    end
+  end
+end

data/lib/oauth/request_proxy/mock_request.rb

@@ -0,0 +1,36 @@
+require 'oauth/request_proxy/base'
+
+module OAuth
+  module RequestProxy
+    # RequestProxy for Hashes to facilitate simpler signature creation.
+    # Usage:
+    #   request = OAuth::RequestProxy.proxy \
+    #      "method" => "iq",
+    #      "uri"    => [from, to] * "&",
+    #      "parameters" => {
+    #        "oauth_consumer_key"     => oauth_consumer_key,
+    #        "oauth_token"            => oauth_token,
+    #        "oauth_signature_method" => "HMAC-SHA1"
+    #      }
+    #
+    #   signature = OAuth::Signature.sign \
+    #     request,
+    #     :consumer_secret => oauth_consumer_secret,
+    #     :token_secret    => oauth_token_secret,
+    class MockRequest < OAuth::RequestProxy::Base
+      proxies Hash
+
+      def parameters
+        @request["parameters"]
+      end
+
+      def method
+        @request["method"]
+      end
+
+      def uri
+        @request["uri"]
+      end
+    end
+  end
+end

data/lib/oauth/request_proxy/net_http.rb

@@ -0,0 +1,65 @@
+require 'oauth/request_proxy/base'
+require 'net/http'
+require 'uri'
+require 'cgi'
+
+module OAuth::RequestProxy::Net
+  module HTTP
+    class HTTPRequest < OAuth::RequestProxy::Base
+      proxies ::Net::HTTPRequest
+
+      def method
+        request.method
+      end
+
+      def uri
+        uri = options[:uri]
+        uri.to_s
+      end
+
+      def parameters
+        if options[:clobber_request]
+          options[:parameters]
+        else
+          all_parameters
+        end
+      end
+
+      private
+
+      def all_parameters
+        request_params = CGI.parse(query_string)
+        if options[:parameters]
+          options[:parameters].each do |k,v|
+            if request_params.has_key?(k)
+              request_params[k] << v
+            else
+              request_params[k] = [v].flatten
+            end
+          end
+        end
+        request_params
+      end
+
+      def query_string
+        params = [ query_params, auth_header_params ]
+        is_form_urlencoded = request['Content-Type'] != nil && request['Content-Type'].downcase == 'application/x-www-form-urlencoded'
+        params << post_params if method.to_s.upcase == 'POST' && is_form_urlencoded
+        params.compact.join('&')
+      end
+      
+      def query_params
+        URI.parse(request.path).query
+      end
+
+      def post_params
+        request.body
+      end
+
+      def auth_header_params
+        return nil unless request['Authorization'] && request['Authorization'][0,5] == 'OAuth'
+        auth_params = request['Authorization']
+      end
+    end
+  end
+end

data/lib/oauth/request_proxy/rack_request.rb

@@ -0,0 +1,40 @@
+require 'oauth/request_proxy/base'
+require 'uri'
+require 'rack'
+
+module OAuth::RequestProxy
+  class RackRequest < OAuth::RequestProxy::Base
+    proxies Rack::Request
+    
+    def method
+      request.request_method
+    end
+    
+    def uri
+      request.url
+    end
+
+    def parameters
+      if options[:clobber_request]
+        options[:parameters] || {}
+      else
+        params = request_params.merge(query_params).merge(header_params)
+        params.merge(options[:parameters] || {})
+      end
+    end
+    
+    def signature
+      parameters['oauth_signature']
+    end
+    
+    protected
+
+    def query_params
+      request.GET
+    end
+
+    def request_params
+      request.params
+    end
+  end
+end

data/lib/oauth/request_proxy.rb

@@ -0,0 +1,24 @@
+module OAuth
+  module RequestProxy
+    def self.available_proxies #:nodoc:
+      @available_proxies ||= {}
+    end
+
+    def self.proxy(request, options = {})
+      return request if request.kind_of?(OAuth::RequestProxy::Base)
+
+      klass = available_proxies[request.class]
+
+      # Search for possible superclass matches.
+      if klass.nil?
+        request_parent = available_proxies.keys.find { |rc| request.kind_of?(rc) }
+        klass = available_proxies[request_parent]
+      end
+
+      raise UnknownRequestType, request.class.to_s unless klass
+      klass.new(request, options)
+    end
+
+    class UnknownRequestType < Exception; end
+  end
+end