rack-oauth2-revibe 1.0.7
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.document +5 -0
- data/.gitignore +22 -0
- data/.rspec +2 -0
- data/.travis.yml +3 -0
- data/Gemfile +7 -0
- data/LICENSE +20 -0
- data/README.rdoc +78 -0
- data/Rakefile +25 -0
- data/VERSION +1 -0
- data/lib/rack/oauth2.rb +67 -0
- data/lib/rack/oauth2/access_token.rb +36 -0
- data/lib/rack/oauth2/access_token/authenticator.rb +24 -0
- data/lib/rack/oauth2/access_token/bearer.rb +11 -0
- data/lib/rack/oauth2/access_token/legacy.rb +23 -0
- data/lib/rack/oauth2/access_token/mac.rb +103 -0
- data/lib/rack/oauth2/access_token/mac/sha256_hex_verifier.rb +17 -0
- data/lib/rack/oauth2/access_token/mac/signature.rb +34 -0
- data/lib/rack/oauth2/access_token/mac/verifier.rb +44 -0
- data/lib/rack/oauth2/client.rb +139 -0
- data/lib/rack/oauth2/client/error.rb +14 -0
- data/lib/rack/oauth2/client/grant.rb +30 -0
- data/lib/rack/oauth2/client/grant/authorization_code.rb +12 -0
- data/lib/rack/oauth2/client/grant/client_credentials.rb +10 -0
- data/lib/rack/oauth2/client/grant/facebook_token.rb +12 -0
- data/lib/rack/oauth2/client/grant/password.rb +11 -0
- data/lib/rack/oauth2/client/grant/refresh_token.rb +11 -0
- data/lib/rack/oauth2/debugger.rb +3 -0
- data/lib/rack/oauth2/debugger/request_filter.rb +30 -0
- data/lib/rack/oauth2/server.rb +4 -0
- data/lib/rack/oauth2/server/abstract.rb +4 -0
- data/lib/rack/oauth2/server/abstract/error.rb +69 -0
- data/lib/rack/oauth2/server/abstract/handler.rb +20 -0
- data/lib/rack/oauth2/server/abstract/request.rb +29 -0
- data/lib/rack/oauth2/server/abstract/response.rb +15 -0
- data/lib/rack/oauth2/server/authorize.rb +117 -0
- data/lib/rack/oauth2/server/authorize/code.rb +39 -0
- data/lib/rack/oauth2/server/authorize/error.rb +71 -0
- data/lib/rack/oauth2/server/authorize/extension.rb +12 -0
- data/lib/rack/oauth2/server/authorize/extension/code_and_token.rb +39 -0
- data/lib/rack/oauth2/server/authorize/token.rb +43 -0
- data/lib/rack/oauth2/server/resource.rb +55 -0
- data/lib/rack/oauth2/server/resource/bearer.rb +47 -0
- data/lib/rack/oauth2/server/resource/bearer/error.rb +24 -0
- data/lib/rack/oauth2/server/resource/error.rb +81 -0
- data/lib/rack/oauth2/server/resource/mac.rb +36 -0
- data/lib/rack/oauth2/server/resource/mac/error.rb +24 -0
- data/lib/rack/oauth2/server/token.rb +87 -0
- data/lib/rack/oauth2/server/token/authorization_code.rb +28 -0
- data/lib/rack/oauth2/server/token/client_credentials.rb +23 -0
- data/lib/rack/oauth2/server/token/error.rb +54 -0
- data/lib/rack/oauth2/server/token/extension.rb +12 -0
- data/lib/rack/oauth2/server/token/extension/jwt.rb +37 -0
- data/lib/rack/oauth2/server/token/facebook_token.rb +27 -0
- data/lib/rack/oauth2/server/token/password.rb +27 -0
- data/lib/rack/oauth2/server/token/refresh_token.rb +26 -0
- data/lib/rack/oauth2/util.rb +58 -0
- data/rack-oauth2.gemspec +30 -0
- data/spec/helpers/time.rb +19 -0
- data/spec/helpers/webmock_helper.rb +41 -0
- data/spec/mock_response/blank +0 -0
- data/spec/mock_response/errors/invalid_request.json +4 -0
- data/spec/mock_response/resources/fake.txt +1 -0
- data/spec/mock_response/tokens/_Bearer.json +6 -0
- data/spec/mock_response/tokens/bearer.json +6 -0
- data/spec/mock_response/tokens/legacy.json +5 -0
- data/spec/mock_response/tokens/legacy.txt +1 -0
- data/spec/mock_response/tokens/legacy_without_expires_in.txt +1 -0
- data/spec/mock_response/tokens/mac.json +8 -0
- data/spec/mock_response/tokens/unknown.json +6 -0
- data/spec/rack/oauth2/access_token/authenticator_spec.rb +43 -0
- data/spec/rack/oauth2/access_token/bearer_spec.rb +18 -0
- data/spec/rack/oauth2/access_token/legacy_spec.rb +23 -0
- data/spec/rack/oauth2/access_token/mac/sha256_hex_verifier_spec.rb +28 -0
- data/spec/rack/oauth2/access_token/mac/signature_spec.rb +59 -0
- data/spec/rack/oauth2/access_token/mac/verifier_spec.rb +25 -0
- data/spec/rack/oauth2/access_token/mac_spec.rb +141 -0
- data/spec/rack/oauth2/access_token_spec.rb +69 -0
- data/spec/rack/oauth2/client/error_spec.rb +18 -0
- data/spec/rack/oauth2/client/grant/authorization_code_spec.rb +37 -0
- data/spec/rack/oauth2/client/grant/client_credentials_spec.rb +7 -0
- data/spec/rack/oauth2/client/grant/password_spec.rb +33 -0
- data/spec/rack/oauth2/client/grant/refresh_token_spec.rb +21 -0
- data/spec/rack/oauth2/client_spec.rb +287 -0
- data/spec/rack/oauth2/debugger/request_filter_spec.rb +33 -0
- data/spec/rack/oauth2/oauth2_spec.rb +74 -0
- data/spec/rack/oauth2/server/abstract/error_spec.rb +59 -0
- data/spec/rack/oauth2/server/authorize/code_spec.rb +57 -0
- data/spec/rack/oauth2/server/authorize/error_spec.rb +103 -0
- data/spec/rack/oauth2/server/authorize/extensions/code_and_token_spec.rb +60 -0
- data/spec/rack/oauth2/server/authorize/token_spec.rb +73 -0
- data/spec/rack/oauth2/server/authorize_spec.rb +214 -0
- data/spec/rack/oauth2/server/resource/bearer/error_spec.rb +52 -0
- data/spec/rack/oauth2/server/resource/bearer_spec.rb +123 -0
- data/spec/rack/oauth2/server/resource/error_spec.rb +147 -0
- data/spec/rack/oauth2/server/resource/mac/error_spec.rb +52 -0
- data/spec/rack/oauth2/server/resource/mac_spec.rb +119 -0
- data/spec/rack/oauth2/server/resource_spec.rb +23 -0
- data/spec/rack/oauth2/server/token/authorization_code_spec.rb +43 -0
- data/spec/rack/oauth2/server/token/client_credentials_spec.rb +23 -0
- data/spec/rack/oauth2/server/token/error_spec.rb +77 -0
- data/spec/rack/oauth2/server/token/password_spec.rb +37 -0
- data/spec/rack/oauth2/server/token/refresh_token_spec.rb +34 -0
- data/spec/rack/oauth2/server/token_spec.rb +134 -0
- data/spec/rack/oauth2/util_spec.rb +97 -0
- data/spec/spec_helper.rb +14 -0
- metadata +326 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: eb673ece85c217f808219e25cb844b64e9acfa1c
|
4
|
+
data.tar.gz: 447b5a4aeec11412d93b313815a698c7337af582
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: e199c1ef254aa41a17177c9fc46b8c5883fc4c551316e59cc8936c7c5283bc7932ae117f8777a96b18f0909ce42dc95b2f4989a68a1eb5d245400fd24b8c91ab
|
7
|
+
data.tar.gz: 24a55fd879d6246141877c335771c222aee501ae20d774fba2b0ed87f712c79719aeae6dde2ae372dfd1106db2f0fa83b25230c53b46d9a18adceb3365dfc6f1
|
data/.document
ADDED
data/.gitignore
ADDED
data/.rspec
ADDED
data/.travis.yml
ADDED
data/Gemfile
ADDED
data/LICENSE
ADDED
@@ -0,0 +1,20 @@
|
|
1
|
+
Copyright (c) 2010 nov matake
|
2
|
+
|
3
|
+
Permission is hereby granted, free of charge, to any person obtaining
|
4
|
+
a copy of this software and associated documentation files (the
|
5
|
+
"Software"), to deal in the Software without restriction, including
|
6
|
+
without limitation the rights to use, copy, modify, merge, publish,
|
7
|
+
distribute, sublicense, and/or sell copies of the Software, and to
|
8
|
+
permit persons to whom the Software is furnished to do so, subject to
|
9
|
+
the following conditions:
|
10
|
+
|
11
|
+
The above copyright notice and this permission notice shall be
|
12
|
+
included in all copies or substantial portions of the Software.
|
13
|
+
|
14
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
15
|
+
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
16
|
+
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
17
|
+
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
18
|
+
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
19
|
+
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
20
|
+
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
data/README.rdoc
ADDED
@@ -0,0 +1,78 @@
|
|
1
|
+
= rack-oauth2
|
2
|
+
|
3
|
+
OAuth 2.0 Server & Client Library.
|
4
|
+
Both Bearer and MAC token type are supported.
|
5
|
+
|
6
|
+
{<img src="https://secure.travis-ci.org/nov/rack-oauth2.png" />}[http://travis-ci.org/nov/rack-oauth2]
|
7
|
+
|
8
|
+
The OAuth 2.0 Authorization Framework (RFC 6749)
|
9
|
+
http://www.rfc-editor.org/rfc/rfc6749.txt
|
10
|
+
|
11
|
+
The OAuth 2.0 Authorization Framework: Bearer Token Usage (RFC 6750)
|
12
|
+
http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-06
|
13
|
+
|
14
|
+
HTTP Authentication: MAC Access Authentication (draft 01)
|
15
|
+
http://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01
|
16
|
+
|
17
|
+
== Installation
|
18
|
+
|
19
|
+
gem install rack-oauth2
|
20
|
+
|
21
|
+
== Resources
|
22
|
+
|
23
|
+
* View Source on GitHub (https://github.com/nov/rack-oauth2)
|
24
|
+
* Report Issues on GitHub (https://github.com/nov/rack-oauth2/issues)
|
25
|
+
* Subscribe Update Info (https://www.facebook.com/rackoauth2)
|
26
|
+
* Q&A on Google Groups (https://groups.google.com/group/rack-oauth2)
|
27
|
+
|
28
|
+
== Sample Server Application (Rails3)
|
29
|
+
|
30
|
+
=== Bearer
|
31
|
+
|
32
|
+
Running on Heroku
|
33
|
+
https://rack-oauth2-sample.heroku.com
|
34
|
+
|
35
|
+
Source on GitHub
|
36
|
+
https://github.com/nov/rack-oauth2-sample
|
37
|
+
|
38
|
+
=== MAC
|
39
|
+
|
40
|
+
Running on Heroku
|
41
|
+
https://rack-oauth2-sample-mac.heroku.com
|
42
|
+
|
43
|
+
Source on GitHub
|
44
|
+
https://github.com/nov/rack-oauth2-sample-mac
|
45
|
+
|
46
|
+
== Sample Client
|
47
|
+
|
48
|
+
=== Common between Bearer and MAC
|
49
|
+
|
50
|
+
Authorization Request (request_type: 'code' and 'token')
|
51
|
+
https://gist.github.com/862393
|
52
|
+
|
53
|
+
Token Request (grant_type: 'client_credentials', 'password', 'authorization_code' and 'refresh_token')
|
54
|
+
https://gist.github.com/883541
|
55
|
+
|
56
|
+
=== Bearer
|
57
|
+
|
58
|
+
Resource Request (request both for resource owner resource and for client resource)
|
59
|
+
https://gist.github.com/883575
|
60
|
+
|
61
|
+
=== MAC
|
62
|
+
|
63
|
+
Resource Request (request both for resource owner resource and for client resource)
|
64
|
+
https://gist.github.com/933885
|
65
|
+
|
66
|
+
== Note on Patches/Pull Requests
|
67
|
+
|
68
|
+
* Fork the project.
|
69
|
+
* Make your feature addition or bug fix.
|
70
|
+
* Add tests for it. This is important so I don't break it in a
|
71
|
+
future version unintentionally.
|
72
|
+
* Commit, do not mess with rakefile, version, or history.
|
73
|
+
(if you want to have your own version, that is fine but bump version in a commit by itself I can ignore when I pull)
|
74
|
+
* Send me a pull request. Bonus points for topic branches.
|
75
|
+
|
76
|
+
== Copyright
|
77
|
+
|
78
|
+
Copyright (c) 2010 nov matake. See LICENSE for details.
|
data/Rakefile
ADDED
@@ -0,0 +1,25 @@
|
|
1
|
+
require 'bundler'
|
2
|
+
Bundler::GemHelper.install_tasks
|
3
|
+
|
4
|
+
require 'rspec/core/rake_task'
|
5
|
+
RSpec::Core::RakeTask.new(:spec)
|
6
|
+
|
7
|
+
if RUBY_VERSION >= '1.9'
|
8
|
+
namespace :cover_me do
|
9
|
+
desc "Generates and opens code coverage report."
|
10
|
+
task :report do
|
11
|
+
require 'cover_me'
|
12
|
+
CoverMe.complete!
|
13
|
+
end
|
14
|
+
end
|
15
|
+
task :spec do
|
16
|
+
Rake::Task['cover_me:report'].invoke unless ENV['TRAVIS_RUBY_VERSION']
|
17
|
+
end
|
18
|
+
else
|
19
|
+
RSpec::Core::RakeTask.new(:rcov) do |spec|
|
20
|
+
spec.rcov = true
|
21
|
+
spec.rcov_opts = ['-Ilib -Ispec --exclude spec,gems']
|
22
|
+
end
|
23
|
+
end
|
24
|
+
|
25
|
+
task :default => :spec
|
data/VERSION
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
1.0.7
|
data/lib/rack/oauth2.rb
ADDED
@@ -0,0 +1,67 @@
|
|
1
|
+
require 'rack'
|
2
|
+
require 'multi_json'
|
3
|
+
require 'httpclient'
|
4
|
+
require 'logger'
|
5
|
+
require 'active_support/core_ext'
|
6
|
+
require 'attr_required'
|
7
|
+
require 'attr_optional'
|
8
|
+
|
9
|
+
module Rack
|
10
|
+
module OAuth2
|
11
|
+
VERSION = ::File.read(
|
12
|
+
::File.join(::File.dirname(__FILE__), '../../VERSION')
|
13
|
+
)
|
14
|
+
|
15
|
+
def self.logger
|
16
|
+
@@logger
|
17
|
+
end
|
18
|
+
def self.logger=(logger)
|
19
|
+
@@logger = logger
|
20
|
+
end
|
21
|
+
self.logger = ::Logger.new(STDOUT)
|
22
|
+
self.logger.progname = 'Rack::OAuth2'
|
23
|
+
|
24
|
+
def self.debugging?
|
25
|
+
@@debugging
|
26
|
+
end
|
27
|
+
def self.debugging=(boolean)
|
28
|
+
@@debugging = boolean
|
29
|
+
end
|
30
|
+
def self.debug!
|
31
|
+
self.debugging = true
|
32
|
+
end
|
33
|
+
def self.debug(&block)
|
34
|
+
original = self.debugging?
|
35
|
+
self.debugging = true
|
36
|
+
yield
|
37
|
+
ensure
|
38
|
+
self.debugging = original
|
39
|
+
end
|
40
|
+
self.debugging = false
|
41
|
+
|
42
|
+
def self.http_client(agent_name = "Rack::OAuth2 (#{VERSION})", &local_http_config)
|
43
|
+
_http_client_ = HTTPClient.new(
|
44
|
+
:agent_name => agent_name
|
45
|
+
)
|
46
|
+
http_config.try(:call, _http_client_)
|
47
|
+
local_http_config.try(:call, _http_client_) unless local_http_config.nil?
|
48
|
+
_http_client_.request_filter << Debugger::RequestFilter.new if debugging?
|
49
|
+
_http_client_
|
50
|
+
end
|
51
|
+
|
52
|
+
def self.http_config(&block)
|
53
|
+
@@http_config ||= block
|
54
|
+
end
|
55
|
+
|
56
|
+
def self.reset_http_config!
|
57
|
+
@@http_config = nil
|
58
|
+
end
|
59
|
+
|
60
|
+
end
|
61
|
+
end
|
62
|
+
|
63
|
+
require 'rack/oauth2/util'
|
64
|
+
require 'rack/oauth2/server'
|
65
|
+
require 'rack/oauth2/client'
|
66
|
+
require 'rack/oauth2/access_token'
|
67
|
+
require 'rack/oauth2/debugger'
|
@@ -0,0 +1,36 @@
|
|
1
|
+
module Rack
|
2
|
+
module OAuth2
|
3
|
+
class AccessToken
|
4
|
+
include AttrRequired, AttrOptional
|
5
|
+
attr_required :access_token, :token_type, :httpclient
|
6
|
+
attr_optional :refresh_token, :expires_in, :scope
|
7
|
+
delegate :get, :post, :put, :delete, :to => :httpclient
|
8
|
+
|
9
|
+
def initialize(attributes = {})
|
10
|
+
(required_attributes + optional_attributes).each do |key|
|
11
|
+
self.send :"#{key}=", attributes[key]
|
12
|
+
end
|
13
|
+
@token_type = self.class.name.demodulize.underscore.to_sym
|
14
|
+
@httpclient = Rack::OAuth2.http_client("#{self.class} (#{VERSION})") do |config|
|
15
|
+
config.request_filter << Authenticator.new(self)
|
16
|
+
end
|
17
|
+
attr_missing!
|
18
|
+
end
|
19
|
+
|
20
|
+
def token_response(options = {})
|
21
|
+
{
|
22
|
+
:access_token => access_token,
|
23
|
+
:refresh_token => refresh_token,
|
24
|
+
:token_type => token_type,
|
25
|
+
:expires_in => expires_in,
|
26
|
+
:scope => Array(scope).join(' ')
|
27
|
+
}
|
28
|
+
end
|
29
|
+
end
|
30
|
+
end
|
31
|
+
end
|
32
|
+
|
33
|
+
require 'rack/oauth2/access_token/authenticator'
|
34
|
+
require 'rack/oauth2/access_token/bearer'
|
35
|
+
require 'rack/oauth2/access_token/mac'
|
36
|
+
require 'rack/oauth2/access_token/legacy'
|
@@ -0,0 +1,24 @@
|
|
1
|
+
module Rack
|
2
|
+
module OAuth2
|
3
|
+
class AccessToken
|
4
|
+
class Authenticator
|
5
|
+
def initialize(token)
|
6
|
+
@token = token
|
7
|
+
end
|
8
|
+
|
9
|
+
# Callback called in HTTPClient (before sending a request)
|
10
|
+
# request:: HTTP::Message
|
11
|
+
def filter_request(request)
|
12
|
+
@token.authenticate(request)
|
13
|
+
end
|
14
|
+
|
15
|
+
# Callback called in HTTPClient (after received a response)
|
16
|
+
# response:: HTTP::Message
|
17
|
+
# request:: HTTP::Message
|
18
|
+
def filter_response(response, request)
|
19
|
+
# nothing to do
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
@@ -0,0 +1,23 @@
|
|
1
|
+
module Rack
|
2
|
+
module OAuth2
|
3
|
+
class AccessToken
|
4
|
+
class Legacy < AccessToken
|
5
|
+
def initialize(attributes = {})
|
6
|
+
super
|
7
|
+
self.expires_in = (
|
8
|
+
self.expires_in ||
|
9
|
+
attributes[:expires]
|
10
|
+
).try(:to_i)
|
11
|
+
end
|
12
|
+
|
13
|
+
def to_s # This is for fb_graph
|
14
|
+
self.access_token
|
15
|
+
end
|
16
|
+
|
17
|
+
def authenticate(request)
|
18
|
+
request.header["Authorization"] = "OAuth #{access_token}"
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
@@ -0,0 +1,103 @@
|
|
1
|
+
module Rack
|
2
|
+
module OAuth2
|
3
|
+
class AccessToken
|
4
|
+
class MAC < AccessToken
|
5
|
+
attr_required :mac_key, :mac_algorithm
|
6
|
+
attr_optional :ts, :ext_verifier, :ts_expires_in
|
7
|
+
attr_reader :nonce, :signature, :ext
|
8
|
+
|
9
|
+
def initialize(attributes = {})
|
10
|
+
super(attributes)
|
11
|
+
@issued_at = Time.now.utc
|
12
|
+
@ts_expires_in ||= 5.minutes
|
13
|
+
end
|
14
|
+
|
15
|
+
def token_response
|
16
|
+
super.merge(
|
17
|
+
:mac_key => mac_key,
|
18
|
+
:mac_algorithm => mac_algorithm
|
19
|
+
)
|
20
|
+
end
|
21
|
+
|
22
|
+
def verify!(request)
|
23
|
+
if self.ext_verifier.present?
|
24
|
+
body = request.body.read
|
25
|
+
request.body.rewind # for future use
|
26
|
+
|
27
|
+
self.ext_verifier.new(
|
28
|
+
:raw_body => body,
|
29
|
+
:algorithm => self.mac_algorithm
|
30
|
+
).verify!(request.ext)
|
31
|
+
end
|
32
|
+
|
33
|
+
now = Time.now.utc.to_i
|
34
|
+
now = @ts.to_i if @ts.present?
|
35
|
+
|
36
|
+
raise Rack::OAuth2::AccessToken::MAC::Verifier::VerificationFailed.new("Request ts expired") if now - request.ts.to_i > @ts_expires_in.to_i
|
37
|
+
|
38
|
+
Signature.new(
|
39
|
+
:secret => self.mac_key,
|
40
|
+
:algorithm => self.mac_algorithm,
|
41
|
+
:nonce => request.nonce,
|
42
|
+
:method => request.request_method,
|
43
|
+
:request_uri => request.fullpath,
|
44
|
+
:host => request.host,
|
45
|
+
:port => request.port,
|
46
|
+
:ts => request.ts,
|
47
|
+
:ext => request.ext
|
48
|
+
).verify!(request.signature)
|
49
|
+
rescue Verifier::VerificationFailed => e
|
50
|
+
request.invalid_token! e.message
|
51
|
+
end
|
52
|
+
|
53
|
+
def authenticate(request)
|
54
|
+
@nonce = generate_nonce
|
55
|
+
@ts_generated = @ts || Time.now.utc
|
56
|
+
|
57
|
+
if self.ext_verifier.present?
|
58
|
+
@ext = self.ext_verifier.new(
|
59
|
+
:raw_body => request.body,
|
60
|
+
:algorithm => self.mac_algorithm
|
61
|
+
).calculate
|
62
|
+
end
|
63
|
+
|
64
|
+
@signature = Signature.new(
|
65
|
+
:secret => self.mac_key,
|
66
|
+
:algorithm => self.mac_algorithm,
|
67
|
+
:nonce => self.nonce,
|
68
|
+
:method => request.header.request_method,
|
69
|
+
:request_uri => request.header.create_query_uri,
|
70
|
+
:host => request.header.request_uri.host,
|
71
|
+
:port => request.header.request_uri.port,
|
72
|
+
:ts => @ts_generated,
|
73
|
+
:ext => @ext
|
74
|
+
).calculate
|
75
|
+
|
76
|
+
request.header['Authorization'] = authorization_header
|
77
|
+
end
|
78
|
+
|
79
|
+
private
|
80
|
+
|
81
|
+
def authorization_header
|
82
|
+
header = "MAC id=\"#{access_token}\""
|
83
|
+
header << ", nonce=\"#{nonce}\""
|
84
|
+
header << ", ts=\"#{@ts_generated.to_i}\""
|
85
|
+
header << ", mac=\"#{signature}\""
|
86
|
+
header << ", ext=\"#{ext}\"" if @ext.present?
|
87
|
+
header
|
88
|
+
end
|
89
|
+
|
90
|
+
def generate_nonce
|
91
|
+
[
|
92
|
+
(Time.now.utc - @issued_at).to_i,
|
93
|
+
SecureRandom.hex
|
94
|
+
].join(':')
|
95
|
+
end
|
96
|
+
end
|
97
|
+
end
|
98
|
+
end
|
99
|
+
end
|
100
|
+
|
101
|
+
require 'rack/oauth2/access_token/mac/verifier'
|
102
|
+
require 'rack/oauth2/access_token/mac/sha256_hex_verifier'
|
103
|
+
require 'rack/oauth2/access_token/mac/signature'
|