rack-oauth 0.1.2

data/examples/rails-example/tmp/webrat-1257210564.html

@@ -0,0 +1,32 @@
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+  <title>Action Controller: Exception caught</title>
+  <style>
+    body { background-color: #fff; color: #333; }
+
+    body, p, ol, ul, td {
+      font-family: verdana, arial, helvetica, sans-serif;
+      font-size:   13px;
+      line-height: 18px;
+    }
+
+    pre {
+      background-color: #eee;
+      padding: 10px;
+      font-size: 11px;
+    }
+
+    a { color: #000; }
+    a:visited { color: #666; }
+    a:hover { color: #fff; background-color:#000; }
+  </style>
+</head>
+<body>
+
+<h1>Routing Error</h1>
+<p><pre>No route matches &quot;/foo/bar&quot; with {:method=&gt;:get}</pre></p>
+
+
+
+</body>
+</html>

data/examples/rails-example/tmp/webrat-1257210581.html

@@ -0,0 +1,32 @@
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+  <title>Action Controller: Exception caught</title>
+  <style>
+    body { background-color: #fff; color: #333; }
+
+    body, p, ol, ul, td {
+      font-family: verdana, arial, helvetica, sans-serif;
+      font-size:   13px;
+      line-height: 18px;
+    }
+
+    pre {
+      background-color: #eee;
+      padding: 10px;
+      font-size: 11px;
+    }
+
+    a { color: #000; }
+    a:visited { color: #666; }
+    a:hover { color: #fff; background-color:#000; }
+  </style>
+</head>
+<body>
+
+<h1>Routing Error</h1>
+<p><pre>No route matches &quot;/foo/bar&quot; with {:method=&gt;:get}</pre></p>
+
+
+
+</body>
+</html>

data/examples/rails-example/tmp/webrat-1257210600.html

@@ -0,0 +1,32 @@
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+  <title>Action Controller: Exception caught</title>
+  <style>
+    body { background-color: #fff; color: #333; }
+
+    body, p, ol, ul, td {
+      font-family: verdana, arial, helvetica, sans-serif;
+      font-size:   13px;
+      line-height: 18px;
+    }
+
+    pre {
+      background-color: #eee;
+      padding: 10px;
+      font-size: 11px;
+    }
+
+    a { color: #000; }
+    a:visited { color: #666; }
+    a:hover { color: #fff; background-color:#000; }
+  </style>
+</head>
+<body>
+
+<h1>Routing Error</h1>
+<p><pre>No route matches &quot;/foo/bar&quot; with {:method=&gt;:get}</pre></p>
+
+
+
+</body>
+</html>

data/examples/rails-example/tmp/webrat-1257210608.html

@@ -0,0 +1,32 @@
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+  <title>Action Controller: Exception caught</title>
+  <style>
+    body { background-color: #fff; color: #333; }
+
+    body, p, ol, ul, td {
+      font-family: verdana, arial, helvetica, sans-serif;
+      font-size:   13px;
+      line-height: 18px;
+    }
+
+    pre {
+      background-color: #eee;
+      padding: 10px;
+      font-size: 11px;
+    }
+
+    a { color: #000; }
+    a:visited { color: #666; }
+    a:hover { color: #fff; background-color:#000; }
+  </style>
+</head>
+<body>
+
+<h1>Routing Error</h1>
+<p><pre>No route matches &quot;/foo/bar&quot; with {:method=&gt;:get}</pre></p>
+
+
+
+</body>
+</html>

data/examples/sinatra-twitter.rb

@@ -0,0 +1,47 @@
+#! /usr/bin/env ruby
+%w( rubygems sinatra haml ).each {|lib| require lib }
+require File.dirname(__FILE__) + '/../lib/rack-oauth'
+
+use Rack::Session::Cookie
+
+use Rack::OAuth, :site => 'http://twitter.com', :key => '4JjFmhjfZyQ6rdbiql5A', 
+                 :secret => 'rv4ZaCgvxVPVjxHIDbMxTGFbIMxUa4KkIdPqL7HmaQo'
+
+helpers do
+
+  # todo ... make wrapper that handles ENV?
+  def oauth
+    Rack::OAuth.get(env)
+  end
+
+end
+
+get '/' do
+  haml :index
+end
+
+get '/creds' do
+  @user = oauth.request(env, '/account/verify_credentials.json') if oauth.verified?(env)
+  haml :index
+end
+
+get '/oauth_complete' do
+  redirect '/'
+end
+
+get '/logout' do
+  session.clear
+  redirect '/'
+end
+
+__END__
+
+@@ index
+
+%h1 Twitter OAuth Example
+
+- if @user
+  %p User:
+  %pre~ @user.to_yaml
+
+%pre~ session.to_yaml

data/examples/sinatra-twitter.ru

@@ -0,0 +1,2 @@
+require 'sinatra-twitter'
+run Sinatra::Application

data/lib/rack/oauth.rb

@@ -0,0 +1 @@
+require 'rack-oauth'

data/lib/rack-oauth.rb

@@ -0,0 +1,378 @@
+require 'rubygems'
+require 'rack'
+require 'oauth'
+
+# For some reason, getting the location our of a HeaderHash doesn't always work!
+#
+# sometimes you can see the header key/value in the HeaderHash, but you can't get it out!
+class Rack::Utils::HeaderHash
+  def [] key
+    if not has_key?(key)
+      hash = to_hash
+      hash.keys.each do |hash_key|
+        if hash_key.downcase == key.downcase
+          return hash[hash_key]
+        end
+      end
+    end
+    super
+  end
+end
+
+module Rack #:nodoc:
+
+  # Rack Middleware for integrating OAuth into your application
+  #
+  # Note: this *requires* that a Rack::Session middleware be enabled
+  #
+  class OAuth
+
+    # Helper methods intended to be included in your Rails controller or 
+    # in your Sinatra helpers block
+    module Methods
+      
+      # [Internal] this method returns the Rack 'env' for the current request.
+      #
+      # This looks for #env or #request.env by default.  If these don't return 
+      # something, then we raise an exception and you should override this method 
+      # so it returns the Rack env that we need.
+      def oauth_request_env
+        if respond_to?(:env)
+          env
+        elsif respond_to?(:request) and request.respond_to?(:env)
+          request.env
+        else
+          raise "Couldn't find 'env' ... please override #oauth_request_env"
+        end
+      end
+
+      # Returns the instance of Rack::OAuth given a name (defaults to the default Rack::OAuth name)
+      def oauth name = nil
+        oauth = Rack::OAuth.get(oauth_request_env, nil)
+        raise "Couldn't find Rack::OAuth instance with name #{ name }" unless oauth
+        oauth
+      end
+
+      # Makes a request using the stored access token for the current session.
+      #
+      # Without a user logged in to an OAuth provider in the current session, this won't work.
+      #
+      # This is *not* the method to use to fire off requests for saved access tokens.
+      def oauth_request *args
+        oauth.request oauth_request_env, *args
+      end
+
+      def oauth_request_with_access_token token, *args
+        oauth.request_with_access_token token, *args
+      end
+
+      # Get the access token object for the currently authorized session
+      def oauth_access_token name = nil
+        oauth(name).get_access_token(oauth_request_env)
+      end
+
+      # If Rack::OAuth#get_access_token is nil given the #oauth_request_env available
+      # (inotherwords, it's nil in our user's current session), then we didn't 
+      # log in.  If we have an access token for this particular session, then 
+      # we are logged in.
+      def logged_in? name = nil
+        !! oauth_access_token(name)
+      end
+
+      # Returns the path to rediret to for logging in via OAuth
+      def oauth_login_path name = nil
+        oauth(name).login_path
+      end
+
+    end
+
+    class << self
+
+      # The name we use for Rack::OAuth instances when a name is not given.
+      #
+      # This is 'default' by default
+      attr_accessor :default_instance_name
+
+      # Set this equal to true to enable 'test mode'
+      attr_accessor :test_mode_enabled
+      def enable_test_mode()  self.test_mode_enabled =  true  end
+      def disable_test_mode() self.test_mode_enabled =  false end
+      def test_mode?()             test_mode_enabled == true  end
+    end
+
+    @default_instance_name = 'default'
+
+    # Returns all of the Rack::OAuth instances found in this Rack 'env' Hash
+    def self.all env
+      env['rack.oauth']
+    end
+
+    # Simple helper to get an instance of Rack::OAuth by name found in this Rack 'env' Hash
+    def self.get env, name = nil
+      name = Rack::OAuth.default_instance_name if name.nil?
+      all(env)[name.to_s]
+    end
+
+    DEFAULT_OPTIONS = {
+      :login_path          => '/oauth_login',
+      :callback_path       => '/oauth_callback',
+      :redirect_to         => '/oauth_complete',
+      :rack_session        => 'rack.session',
+      :json_parser         => lambda {|json_string| require 'json'; JSON.parse(json_string); },
+      :access_token_getter => lambda {|key, oauth| oauth.get_access_token_via_instance_variable(key) },
+      :access_token_setter => lambda {|key, token, oauth| oauth.set_access_token_via_instance_variable(key, token) }
+    }
+
+    # A proc that accepts an argument for the KEY we're using to get an access token 
+    # that should return the actual access token object.
+    #
+    # A second parameter is passed to your block with the Rack::OAuth instance
+    #
+    # This allows you to override how access tokens are persisted
+    attr_accessor :access_token_getter
+    alias get  access_token_getter
+    alias get= access_token_getter=
+
+    # A proc that accepts an argument for the KEY we're using to set an access token 
+    # and a second argument with the actual access token object.
+    #
+    # A third parameter is passed to your block with the Rack::OAuth instance
+    #
+    # This allows you to override how access tokens are persisted
+    attr_accessor :access_token_setter
+    alias set  access_token_setter
+    alias set= access_token_setter=
+
+    # the URL that should initiate OAuth and redirect to the OAuth provider's login page
+    def login_path
+      ::File.join *[@login_path.to_s, name_unless_default].compact
+    end
+    attr_writer :login_path
+    alias login  login_path
+    alias login= login_path=
+
+    # the URL that the OAuth provider should callback to after OAuth login is complete
+    def callback_path
+      ::File.join *[@callback_path.to_s, name_unless_default].compact
+    end
+    attr_writer :callback_path
+    alias callback  callback_path
+    alias callback= callback_path=
+
+    # the URL that Rack::OAuth should redirect to after the OAuth has been completed (part of your app)
+    attr_accessor :redirect_to
+    alias redirect  redirect_to
+    alias redirect= redirect_to=
+
+    # the name of the Rack env variable used for the session
+    attr_accessor :rack_session
+
+    # [required] Your OAuth consumer key
+    attr_accessor :consumer_key
+    alias key  consumer_key
+    alias key= consumer_key=
+
+    # [required] Your OAuth consumer secret
+    attr_accessor :consumer_secret
+    alias secret  consumer_secret
+    alias secret= consumer_secret=
+
+    # [required] The site you want to request OAuth for, eg. 'http://twitter.com'
+    attr_accessor :consumer_site
+    alias site  consumer_site
+    alias site= consumer_site=
+
+    # a Proc that accepts a JSON string and returns a Ruby object.  Defaults to using the 'json' gem, if available.
+    attr_accessor :json_parser
+
+    # an arbitrary name for this instance of Rack::OAuth
+    def name
+      @name.to_s
+    end
+    attr_writer :name
+
+    def initialize app, *args
+      @app = app
+
+      options = args.pop
+      @name   = args.first || Rack::OAuth.default_instance_name
+      
+      DEFAULT_OPTIONS.each {|name, value| send "#{name}=", value }
+      options.each         {|name, value| send "#{name}=", value } if options
+
+      raise_validation_exception unless valid?
+    end
+
+    def call env
+      env['rack.oauth'] ||= {}
+      env['rack.oauth'][name] = self
+
+      case env['PATH_INFO']
+      when login_path;      do_login     env
+      when callback_path;   do_callback  env
+      else;                 @app.call    env
+      end
+    end
+
+    def do_login env
+
+      if Rack::OAuth.test_mode?
+        session(env)[:token]  = "Token" 
+        session(env)[:secret] = "Secret"
+        set_access_token env, "AccessToken"
+        return [ 302, { 'Content-Type' => 'text/html', 'Location' => redirect_to }, [] ]
+      end
+
+      request = consumer.get_request_token :oauth_callback => ::File.join("http://#{ env['HTTP_HOST'] }", callback_path)
+      session(env)[:token]  = request.token
+      session(env)[:secret] = request.secret
+      [ 302, { 'Content-Type' => 'text/html', 'Location' => request.authorize_url }, [] ]
+    end
+
+    def do_callback env
+      session(env)[:verifier] = Rack::Request.new(env).params['oauth_verifier']
+      request = ::OAuth::RequestToken.new consumer, session(env)[:token], session(env)[:secret]
+      access  = request.get_access_token :oauth_verifier => session(env)[:verifier]
+
+      # hold onto the access token
+      set_access_token env, access
+
+      [ 302, { 'Content-Type' => 'text/html', 'Location' => redirect_to }, [] ]
+    end
+
+    # Default implementation of access_token_getter
+    #
+    # Keeps tokens in an instance variable
+    def get_access_token_via_instance_variable key
+      @tokens[key] if @tokens
+    end
+
+    # Default implementation of access_token_setter
+    #
+    # Keeps tokens in an instance variable
+    def set_access_token_via_instance_variable key, token
+      @tokens ||= {}
+      @tokens[key] = token
+    end
+
+    # Returns the key to use (for this particular session) to get or set an 
+    # access token for this Rack env
+    #
+    # TODO this will very likely change as we want to be able to get or set 
+    #      access tokens using useful data like a user's name in the future
+    def key_for_env env
+      val = session(env)[:token] + session(env)[:secret] if session(env)[:token] and session(env)[:secret]
+      session(env)[:token] + session(env)[:secret] if session(env)[:token] and session(env)[:secret]
+    end
+
+    # Gets an Access Token by key using access_token_getter (for this specific ENV)
+    def get_access_token env
+      access_token_getter.call key_for_env(env), self
+    end
+
+    # Sets an Access Token by key and value using access_token_setter (for this specific ENV)
+    def set_access_token env, token
+      access_token_setter.call key_for_env(env), token, self
+    end
+
+    # Usage:
+    #
+    #   request '/account/verify_credentials.json'
+    #   request 'GET', '/account/verify_credentials.json'
+    #   request :post, '/statuses/update.json', :status => params[:tweet]
+    #
+    def request env, method, path = nil, *args
+      if method.to_s.start_with?('/')
+        path   = method
+        method = :get
+      end
+
+      return Rack::OAuth.mock_response_for(method, path) if Rack::OAuth.test_mode?
+
+      consumer.request method.to_s.downcase.to_sym, path, get_access_token(env), *args
+    end
+
+    # Same as #request but you can manually pass your own request token
+    def request_with_access_token token, method, path = nil, *args
+      if method.to_s.start_with?('/')
+        path   = method
+        method = :get
+      end
+
+      return Rack::OAuth.mock_response_for(method, path) if Rack::OAuth.test_mode?
+
+      consumer.request method.to_s.downcase.to_sym, path, token, *args
+    end
+
+    # Returns the mock response, if one has been set via #mock_request, for a method and path.
+    #
+    # Raises an exception if the response doesn't exist because we never want the test environment 
+    # to *actually* make real requests!
+    def self.mock_response_for method, path
+      unless @mock_responses and @mock_responses[path] and @mock_responses[path][method]
+        raise "No mock response created for #{ method.inspect } #{ path.inspect }"
+      else
+        return @mock_responses[path][method]
+      end
+    end
+
+    # Set the response that should be returned when a particular method and path are called.
+    #
+    # This is used when Rack::OAuth::test_mode? is true
+    def self.mock_request method, path, response = nil
+      if method.to_s.start_with?('/')
+        response = path
+        path     = method
+        method   = :get
+      end
+
+      @mock_responses ||= {}
+      @mock_responses[path] ||= {}
+      @mock_responses[path][method] = response
+    end
+
+    def verified? env
+      [ :token, :secret, :verifier ].all? { |required_session_key| session(env)[required_session_key] }
+    end
+
+    def consumer
+      @consumer ||= ::OAuth::Consumer.new consumer_key, consumer_secret, :site => consumer_site
+    end
+
+    def valid?
+      @errors = []
+      @errors << ":consumer_key option is required"    unless consumer_key
+      @errors << ":consumer_secret option is required" unless consumer_secret
+      @errors << ":consumer_site option is required"   unless consumer_site
+      @errors.empty?
+    end
+
+    def raise_validation_exception
+      raise @errors.join(', ')
+    end
+
+    # Returns a hash of session variables, specific to this instance of Rack::OAuth and the end-user
+    #
+    # All user-specific variables are stored in the session.
+    #
+    # The variables we currently keep track of are:
+    # - token
+    # - secret
+    # - verifier
+    #
+    # With all three of these, we can make arbitrary requests to our OAuth provider for this user.
+    def session env
+      raise "Rack env['rack.session'] is nil ... has a Rack::Session middleware be enabled?  " + 
+            "use :rack_session for custom key" if env[rack_session].nil?      
+      env[rack_session]['rack.oauth']       ||= {}
+      env[rack_session]['rack.oauth'][name] ||= {}
+    end
+
+    # Returns the #name of this Rack::OAuth unless the name is 'default', in which case it returns nil
+    def name_unless_default
+      name == Rack::OAuth.default_instance_name ? nil : name
+    end
+
+  end
+
+end

data/spec/data/authorized_access_token.yml

@@ -0,0 +1,58 @@
+--- !ruby/object:OAuth::AccessToken 
+consumer: !ruby/object:OAuth::Consumer 
+  http: !ruby/object:Net::HTTP 
+    address: twitter.com
+    close_on_empty_response: false
+    curr_http_version: "1.1"
+    debug_output: 
+    newimpl: true
+    open_timeout: 
+    port: 80
+    read_timeout: 60
+    seems_1_0_server: false
+    socket: 
+    ssl_context: !ruby/object:OpenSSL::SSL::SSLContext 
+      ca_file: /etc/ssl/certs/ca-certificates.crt
+      ca_path: 
+      cert: 
+      cert_store: 
+      client_ca: 
+      client_cert_cb: 
+      extra_chain_cert: 
+      key: 
+      options: 
+      session_get_cb: 
+      session_id_context: 
+      session_new_cb: 
+      session_remove_cb: 
+      timeout: 
+      tmp_dh_callback: 
+      verify_callback: 
+      verify_depth: 5
+      verify_mode: 1
+    started: false
+    use_ssl: false
+  http_method: :post
+  key: 4JjFmhjfZyQ6rdbiql5A
+  options: 
+    :http_method: :post
+    :scheme: :header
+    :oauth_version: "1.0"
+    :proxy: 
+    :request_token_path: /oauth/request_token
+    :authorize_path: /oauth/authorize
+    :site: http://twitter.com
+    :signature_method: HMAC-SHA1
+    :access_token_path: /oauth/access_token
+  secret: rv4ZaCgvxVPVjxHIDbMxTGFbIMxUa4KkIdPqL7HmaQo
+params: 
+  oauth_token_secret: K7Z5LHyweHKd3rPaaiHMUCaYQyAC0suWQcOPGfM
+  :user_id: "11043342"
+  user_id: "11043342"
+  :oauth_token_secret: K7Z5LHyweHKd3rPaaiHMUCaYQyAC0suWQcOPGfM
+  :screen_name: remitaylor
+  oauth_token: 11043342-rH2Rdn9AcLzVBIL3cnQqCJ96mb0Zp2XC56Qx4bsMB
+  :oauth_token: 11043342-rH2Rdn9AcLzVBIL3cnQqCJ96mb0Zp2XC56Qx4bsMB
+  screen_name: remitaylor
+secret: K7Z5LHyweHKd3rPaaiHMUCaYQyAC0suWQcOPGfM
+token: 11043342-rH2Rdn9AcLzVBIL3cnQqCJ96mb0Zp2XC56Qx4bsMB

data/spec/data/authorized_oauth_verifier.yml

@@ -0,0 +1 @@
+--- sCJz6SHIaQAUtAj4FOmTwwwpruV3fsGAWsrH3ynqQ

data/spec/data/authorized_request_secret.yml

@@ -0,0 +1 @@
+--- XnS8UEe2l4iKAYqPBFhQ0wfI0s3i2nLE1RjnC1CbA

data/spec/data/authorized_request_token.yml

@@ -0,0 +1 @@
+--- 6dhuchM6Wzh9PpNv0KGB0h3AxzHLZ2Vy9erSJsOAv4

data/spec/data/unauthorized_request_token.yml

@@ -0,0 +1,56 @@
+--- !ruby/object:OAuth::RequestToken 
+consumer: !ruby/object:OAuth::Consumer 
+  http: !ruby/object:Net::HTTP 
+    address: twitter.com
+    close_on_empty_response: false
+    curr_http_version: "1.1"
+    debug_output: 
+    newimpl: true
+    open_timeout: 
+    port: 80
+    read_timeout: 60
+    seems_1_0_server: false
+    socket: 
+    ssl_context: !ruby/object:OpenSSL::SSL::SSLContext 
+      ca_file: /etc/ssl/certs/ca-certificates.crt
+      ca_path: 
+      cert: 
+      cert_store: 
+      client_ca: 
+      client_cert_cb: 
+      extra_chain_cert: 
+      key: 
+      options: 
+      session_get_cb: 
+      session_id_context: 
+      session_new_cb: 
+      session_remove_cb: 
+      timeout: 
+      tmp_dh_callback: 
+      verify_callback: 
+      verify_depth: 5
+      verify_mode: 1
+    started: false
+    use_ssl: false
+  http_method: :post
+  key: 4JjFmhjfZyQ6rdbiql5A
+  options: 
+    :http_method: :post
+    :scheme: :header
+    :oauth_version: "1.0"
+    :proxy: 
+    :request_token_path: /oauth/request_token
+    :authorize_path: AUTH_PATH
+    :site: http://twitter.com
+    :signature_method: HMAC-SHA1
+    :access_token_path: /oauth/access_token
+  secret: rv4ZaCgvxVPVjxHIDbMxTGFbIMxUa4KkIdPqL7HmaQo
+params: 
+  oauth_callback_confirmed: "true"
+  oauth_token_secret: XnS8UEe2l4iKAYqPBFhQ0wfI0s3i2nLE1RjnC1CbA
+  :oauth_callback_confirmed: "true"
+  :oauth_token_secret: XnS8UEe2l4iKAYqPBFhQ0wfI0s3i2nLE1RjnC1CbA
+  oauth_token: 6dhuchM6Wzh9PpNv0KGB0h3AxzHLZ2Vy9erSJsOAv4
+  :oauth_token: 6dhuchM6Wzh9PpNv0KGB0h3AxzHLZ2Vy9erSJsOAv4
+secret: XnS8UEe2l4iKAYqPBFhQ0wfI0s3i2nLE1RjnC1CbA
+token: 6dhuchM6Wzh9PpNv0KGB0h3AxzHLZ2Vy9erSJsOAv4