rack-twitter-auth 0.1.5

data/examples/sinatra-twitter.ru

@@ -0,0 +1,2 @@
+require 'sinatra-twitter'
+run Sinatra::Application

data/lib/rack-oauth.rb

@@ -0,0 +1,289 @@
+require 'rubygems'
+require 'rack'
+require 'oauth'
+
+# For some reason, getting the location our of a HeaderHash doesn't always work!
+#
+# sometimes you can see the header key/value in the HeaderHash, but you can't get it out!
+class Rack::Utils::HeaderHash
+  def [] key
+    if not has_key?(key)
+      hash = to_hash
+      hash.keys.each do |hash_key|
+        if hash_key.downcase == key.downcase
+          return hash[hash_key]
+        end
+      end
+    end
+    super
+  end
+end
+
+module Rack #:nodoc:
+
+  # Rack Middleware for integrating OAuth into your application
+  #
+  # Note: this *requires* that a Rack::Session middleware be enabled
+  #
+  class OAuth
+
+    # Helper methods intended to be included in your Rails controller or 
+    # in your Sinatra helpers block
+    module Methods
+
+      # This is *the* method you want to call.
+      #
+      # After you're authorized and redirected back to your #redirect_to path, 
+      # you should be able to call get_access_token to get and hold onto 
+      # the access token for the user you've been authorized as.
+      #
+      # You can use the token to make GET/POST/etc requests
+      def get_access_token name = nil
+        oauth_instance(name).get_access_token(oauth_request_env)
+      end
+
+      # Same as #get_access_token but it clears the access token out of the session.
+      def get_access_token! name = nil
+        oauth_instance(name).get_access_token!(oauth_request_env)
+      end
+      
+      # [Internal] this method returns the Rack 'env' for the current request.
+      #
+      # This looks for #env or #request.env by default.  If these don't return 
+      # something, then we raise an exception and you should override this method 
+      # so it returns the Rack env that we need.
+      def oauth_request_env
+        if respond_to?(:env)
+          env
+        elsif respond_to?(:request) and request.respond_to?(:env)
+          request.env
+        else
+          raise "Couldn't find 'env' ... please override #oauth_request_env"
+        end
+      end
+
+      # Returns the instance of Rack::OAuth given a name (defaults to the default Rack::OAuth name)
+      def oauth_instance name = nil
+        oauth = Rack::OAuth.get(oauth_request_env, nil)
+        raise "Couldn't find Rack::OAuth instance with name #{ name }" unless oauth
+        oauth
+      end
+
+      # Returns the path to rediret to for logging in via OAuth
+      def oauth_login_path name = nil
+        oauth_instance(name).login_path
+      end
+
+    end
+
+    class << self
+
+      # The name we use for Rack::OAuth instances when a name is not given.
+      #
+      # This is 'default' by default
+      attr_accessor :default_instance_name
+
+      # Set this equal to true to enable 'test mode'
+      attr_accessor :test_mode_enabled
+      def enable_test_mode()  self.test_mode_enabled =  true  end
+      def disable_test_mode() self.test_mode_enabled =  false end
+      def test_mode?()             test_mode_enabled == true  end
+    end
+
+    @default_instance_name = 'default'
+
+    # Returns all of the Rack::OAuth instances found in this Rack 'env' Hash
+    def self.all env
+      env['rack.oauth']
+    end
+
+    # Simple helper to get an instance of Rack::OAuth by name found in this Rack 'env' Hash
+    def self.get env, name = nil
+      name = Rack::OAuth.default_instance_name if name.nil?
+      all(env)[name.to_s]
+    end
+
+    DEFAULT_OPTIONS = {
+      :login_path    => '/oauth_login',
+      :callback_path => '/oauth_callback',
+      :redirect_to   => '/oauth_complete',
+      :rack_session  => 'rack.session'
+    }
+
+    # the URL that should initiate OAuth and redirect to the OAuth provider's login page
+    def login_path
+      ::File.join *[@login_path.to_s, name_unless_default].compact
+    end
+    attr_writer :login_path
+    alias login  login_path
+    alias login= login_path=
+
+    # the URL that the OAuth provider should callback to after OAuth login is complete
+    def callback_path
+      ::File.join *[@callback_path.to_s, name_unless_default].compact
+    end
+    attr_writer :callback_path
+    alias callback  callback_path
+    alias callback= callback_path=
+
+    # the URL that Rack::OAuth should redirect to after the OAuth has been completed (part of your app)
+    attr_accessor :redirect_to
+    alias redirect  redirect_to
+    alias redirect= redirect_to=
+
+    # the name of the Rack env variable used for the session
+    attr_accessor :rack_session
+
+    # [required] Your OAuth consumer key
+    attr_accessor :consumer_key
+    alias key  consumer_key
+    alias key= consumer_key=
+
+    # [required] Your OAuth consumer secret
+    attr_accessor :consumer_secret
+    alias secret  consumer_secret
+    alias secret= consumer_secret=
+
+    # [required] The site you want to request OAuth for, eg. 'http://twitter.com'
+    attr_accessor :consumer_site
+    alias site  consumer_site
+    alias site= consumer_site=
+    
+    # for using "Sign in w/twitter"
+    attr_accessor :authentication
+
+    # an arbitrary name for this instance of Rack::OAuth
+    def name
+      @name.to_s
+    end
+    attr_writer :name
+
+    def initialize app, *args
+      @app = app
+
+      options = args.pop
+      @name   = args.first || Rack::OAuth.default_instance_name
+      
+      DEFAULT_OPTIONS.each {|name, value| send "#{name}=", value }
+      options.each         {|name, value| send "#{name}=", value } if options
+
+      raise_validation_exception unless valid?
+    end
+
+    def call env
+      # put this instance of Rack::OAuth in the env 
+      # so it's accessible from the application
+      env['rack.oauth'] ||= {}
+      env['rack.oauth'][name] = self
+
+      case env['PATH_INFO']
+      
+      # find out where to redirect to authorize for this oauth provider 
+      # and redirect there.  when the authorization is finished, 
+      # the provider will redirect back to our application's callback path
+      when login_path
+        do_login(env)
+
+      # the oauth provider has redirected back to us!  we should have a 
+      # verifier now that we can use, in combination with out token and 
+      # secret, to get an access token for this user
+      when callback_path
+        do_callback(env)
+
+      else
+        @app.call(env)
+      end
+    end
+
+    def do_login env
+      if Rack::OAuth.test_mode?
+        set_access_token env, OpenStruct.new(:params => { 'I am a' => 'fake token' })
+        return [ 302, { 'Content-Type' => 'text/html', 'Location' => redirect_to }, [] ]
+      end
+
+      # get request token and hold onto the token/secret (which we need later to get the access token)
+      request = consumer.get_request_token :oauth_callback => ::File.join("http://#{ env['HTTP_HOST'] }", callback_path)
+      session(env)[:token]  = request.token
+      session(env)[:secret] = request.secret
+
+      # redirect to the oauth provider's authorize url to authorize the user
+      path = request.authorize_url
+      path.gsub!('authorize', 'authenticate') if @authentication
+      [ 302, { 'Content-Type' => 'text/html', 'Location' => path }, [] ]
+    end
+
+    def do_callback env
+      # get access token and persist it in the session in a way that we can get it back out later
+      request = ::OAuth::RequestToken.new consumer, session(env)[:token], session(env)[:secret]
+      set_access_token env, request.get_access_token(:oauth_verifier => Rack::Request.new(env).params['oauth_verifier'])
+
+      # clear out the session variables (won't need these anymore)
+      session(env).delete(:token)
+      session(env).delete(:secret)
+
+      # we have an access token now ... redirect back to the user's application
+      [ 302, { 'Content-Type' => 'text/html', 'Location' => redirect_to }, [] ]
+    end
+
+    # Stores the access token in this env's session in a way that we can get it back out via #get_access_token(env)
+    def set_access_token env, token
+      session(env)[:access_token_params] = token.params
+    end
+
+    # See #set_access_token
+    def get_access_token env
+      params = session(env)[:access_token_params]
+      ::OAuth::AccessToken.from_hash consumer, params if params
+    end
+
+    # Same as #get_access_token but it clears the access token info out of the session
+    def get_access_token! env
+      params = session(env).delete(:access_token_params)
+      ::OAuth::AccessToken.from_hash consumer, params if params
+    end
+
+    def verified? env
+      [ :token, :secret, :verifier ].all? { |required_session_key| session(env)[required_session_key] }
+    end
+
+    def consumer
+      @consumer ||= ::OAuth::Consumer.new consumer_key, consumer_secret, :site => consumer_site
+    end
+
+    def valid?
+      @errors = []
+      @errors << ":consumer_key option is required"    unless consumer_key
+      @errors << ":consumer_secret option is required" unless consumer_secret
+      @errors << ":consumer_site option is required"   unless consumer_site
+      @errors.empty?
+    end
+
+    def raise_validation_exception
+      raise @errors.join(', ')
+    end
+
+    # Returns a hash of session variables, specific to this instance of Rack::OAuth and the end-user
+    #
+    # All user-specific variables are stored in the session.
+    #
+    # The variables we currently keep track of are:
+    # - token
+    # - secret
+    # - verifier
+    #
+    # With all three of these, we can make arbitrary requests to our OAuth provider for this user.
+    def session env
+      raise "Rack env['rack.session'] is nil ... has a Rack::Session middleware be enabled?  " + 
+            "use :rack_session for custom key" if env[rack_session].nil?      
+      env[rack_session]['rack.oauth']       ||= {}
+      env[rack_session]['rack.oauth'][name] ||= {}
+    end
+
+    # Returns the #name of this Rack::OAuth unless the name is 'default', in which case it returns nil
+    def name_unless_default
+      name == Rack::OAuth.default_instance_name ? nil : name
+    end
+
+  end
+
+end

data/lib/rack/oauth.rb

@@ -0,0 +1 @@
+require 'rack-oauth'

data/spec/data/unauthorized_request_token.yml

@@ -0,0 +1,56 @@
+--- !ruby/object:OAuth::RequestToken 
+consumer: !ruby/object:OAuth::Consumer 
+  http: !ruby/object:Net::HTTP 
+    address: twitter.com
+    close_on_empty_response: false
+    curr_http_version: "1.1"
+    debug_output: 
+    newimpl: true
+    open_timeout: 
+    port: 80
+    read_timeout: 60
+    seems_1_0_server: false
+    socket: 
+    ssl_context: !ruby/object:OpenSSL::SSL::SSLContext 
+      ca_file: /etc/ssl/certs/ca-certificates.crt
+      ca_path: 
+      cert: 
+      cert_store: 
+      client_ca: 
+      client_cert_cb: 
+      extra_chain_cert: 
+      key: 
+      options: 
+      session_get_cb: 
+      session_id_context: 
+      session_new_cb: 
+      session_remove_cb: 
+      timeout: 
+      tmp_dh_callback: 
+      verify_callback: 
+      verify_depth: 5
+      verify_mode: 1
+    started: false
+    use_ssl: false
+  http_method: :post
+  key: 4JjFmhjfZyQ6rdbiql5A
+  options: 
+    :http_method: :post
+    :scheme: :header
+    :oauth_version: "1.0"
+    :proxy: 
+    :request_token_path: /oauth/request_token
+    :authorize_path: AUTH_PATH
+    :site: http://twitter.com
+    :signature_method: HMAC-SHA1
+    :access_token_path: /oauth/access_token
+  secret: rv4ZaCgvxVPVjxHIDbMxTGFbIMxUa4KkIdPqL7HmaQo
+params: 
+  oauth_callback_confirmed: "true"
+  oauth_token_secret: XnS8UEe2l4iKAYqPBFhQ0wfI0s3i2nLE1RjnC1CbA
+  :oauth_callback_confirmed: "true"
+  :oauth_token_secret: XnS8UEe2l4iKAYqPBFhQ0wfI0s3i2nLE1RjnC1CbA
+  oauth_token: 6dhuchM6Wzh9PpNv0KGB0h3AxzHLZ2Vy9erSJsOAv4
+  :oauth_token: 6dhuchM6Wzh9PpNv0KGB0h3AxzHLZ2Vy9erSJsOAv4
+secret: XnS8UEe2l4iKAYqPBFhQ0wfI0s3i2nLE1RjnC1CbA
+token: 6dhuchM6Wzh9PpNv0KGB0h3AxzHLZ2Vy9erSJsOAv4

data/spec/rack_oauth_middleware_spec.rb

@@ -0,0 +1,156 @@
+require File.dirname(__FILE__) + '/spec_helper'
+
+# This is just testing to make sure that the basics of the middleware 
+# all work.  This does NOT actually test any of the OAuth functionality.
+describe Rack::OAuth, 'basic middlware usage' do
+
+  before do
+    @app = lambda {|env| [200, {}, ["Hello World"]] }
+  end
+
+  it 'should have a name' do
+    oauth = Rack::OAuth.new @app, :foo, :site => 'a', :key => 'b', :secret => 'c'
+    oauth.name.should == 'foo'
+  end
+
+  it 'name should default to "default"' do
+    oauth = Rack::OAuth.new @app, :site => 'a', :key => 'b', :secret => 'c'
+    oauth.name.should == 'default'
+  end
+
+  it 'should be able to access an instance of Rack::OAuth by name from within Rack application' do
+    app = lambda {|env| [200, {}, [ env['rack.oauth'].keys.inspect ]] }
+
+    oauth = Rack::OAuth.new app, :foo, :site => 'a', :key => 'b', :secret => 'c'
+    RackBox.request(Rack::Session::Cookie.new(oauth), '/').body.should include('foo')
+    RackBox.request(Rack::Session::Cookie.new(oauth), '/').body.should_not include('bar')
+
+    oauth = Rack::OAuth.new oauth, :bar, :site => 'a', :key => 'b', :secret => 'c'
+    RackBox.request(Rack::Session::Cookie.new(oauth), '/').body.should include('foo')
+    RackBox.request(Rack::Session::Cookie.new(oauth), '/').body.should include('bar')
+  end
+
+  it 'should be *really* easy to access the default instance of Rack::OAuth by name from within Rack application' do
+    app = lambda {|env| [200, {}, [ Rack::OAuth.get(env).inspect ]] }
+
+    oauth = Rack::OAuth.new app, :foo, :site => 'a', :key => 'b', :secret => 'c'
+    RackBox.request(Rack::Session::Cookie.new(oauth), '/').body.should == 'nil'
+
+    oauth = Rack::OAuth.new app, :site => 'a', :key => 'b', :secret => 'c'
+    RackBox.request(Rack::Session::Cookie.new(oauth), '/').body.should_not == 'nil'
+    RackBox.request(Rack::Session::Cookie.new(oauth), '/').body.should include('#<Rack::OAuth')
+  end
+
+  it 'should be easy to access an instance of Rack::OAuth by name from within Rack application' do
+    app = lambda {|env| [200, {}, [ Rack::OAuth.get(env, :bar).inspect ]] }
+
+    oauth = Rack::OAuth.new app, :foo, :site => 'a', :key => 'b', :secret => 'c'
+    RackBox.request(Rack::Session::Cookie.new(oauth), '/').body.should == 'nil'
+
+    oauth = Rack::OAuth.new oauth, :bar, :site => 'a', :key => 'b', :secret => 'c'
+    RackBox.request(Rack::Session::Cookie.new(oauth), '/').body.should_not == 'nil'
+    RackBox.request(Rack::Session::Cookie.new(oauth), '/').body.should include('#<Rack::OAuth')
+  end
+
+  it 'should be easy to access to all instances of Rack::OAuth for a Rack application' do
+    app = lambda {|env| [200, {}, [ Rack::OAuth.all(env).length ]] }
+
+    oauth = Rack::OAuth.new app, :foo, :site => 'a', :key => 'b', :secret => 'c'
+    RackBox.request(Rack::Session::Cookie.new(oauth), '/').body.should == '1'
+
+    oauth = Rack::OAuth.new oauth, :bar, :site => 'a', :key => 'b', :secret => 'c'
+    RackBox.request(Rack::Session::Cookie.new(oauth), '/').body.should == '2'
+
+    ## double check it's working as expected ...
+
+    app = lambda {|env| [200, {}, [ Rack::OAuth.all(env).keys ]] }
+
+    oauth = Rack::OAuth.new app, :foo, :site => 'a', :key => 'b', :secret => 'c'
+    RackBox.request(Rack::Session::Cookie.new(oauth), '/').body.should     include('foo')
+    RackBox.request(Rack::Session::Cookie.new(oauth), '/').body.should_not include('bar')
+
+    oauth = Rack::OAuth.new oauth, :bar, :site => 'a', :key => 'b', :secret => 'c'
+    RackBox.request(Rack::Session::Cookie.new(oauth), '/').body.should include('foo')
+    RackBox.request(Rack::Session::Cookie.new(oauth), '/').body.should include('bar')
+  end
+
+  it 'should be able to get the login path for an instance (so we can easily redirect from the app)' do
+    pending
+    oauth = Rack::OAuth.new app, :foo, :site => 'a', :key => 'b', :secret => 'c'
+    oauth.login_path
+    
+  end
+
+  # path getters should join the name of the Rack::OAuth.  setters shouldn't include the name.
+  it 'login path should be namespaced to the name of the Rack::OAuth instance' do
+    app = lambda {|env| [200, {}, ["Hello World"]] }
+
+    # the default name doesn't have its name appended.  we assume 'default' for this.
+    Rack::OAuth.new(app,       :site => 'a', :key => 'b', :secret => 'c').login_path.should == '/oauth_login'
+
+    Rack::OAuth.new(app, :foo, :site => 'a', :key => 'b', :secret => 'c').login_path.should == '/oauth_login/foo'
+
+    oauth = Rack::OAuth.new(app, :bar, :site => 'a', :key => 'b', :secret => 'c', :login_path => '/twitter_login')
+    oauth.login_path.should == '/twitter_login/bar'
+  end
+
+  it 'callback path should be namespaced to the name of the Rack::OAuth instance' do
+    app = lambda {|env| [200, {}, ["Hello World"]] }
+
+    # the default name doesn't have its name appended.  we assume 'default' for this.
+    Rack::OAuth.new(app,       :site => 'a', :key => 'b', :secret => 'c').callback_path.should == '/oauth_callback'
+
+    Rack::OAuth.new(app, :foo, :site => 'a', :key => 'b', :secret => 'c').callback_path.should == '/oauth_callback/foo'
+
+    oauth = Rack::OAuth.new(app, :bar, :site => 'a', :key => 'b', :secret => 'c', :callback_path => '/twitter_callback')
+    oauth.callback_path.should == '/twitter_callback/bar'
+  end
+
+  it 'redirect_to should NOT be namespaced to the name of the Rack::OAuth instance' do
+    app = lambda {|env| [200, {}, ["Hello World"]] }
+
+    # the default name doesn't have its name appended.  we assume 'default' for this.
+    Rack::OAuth.new(app,       :site => 'a', :key => 'b', :secret => 'c').redirect_to.should == '/oauth_complete'
+
+    Rack::OAuth.new(app, :foo, :site => 'a', :key => 'b', :secret => 'c').redirect_to.should == '/oauth_complete'
+
+    oauth = Rack::OAuth.new(app, :bar, :site => 'a', :key => 'b', :secret => 'c', :redirect_to => '/twitter_login_complete')
+    oauth.redirect_to.should == '/twitter_login_complete'
+  end
+
+  it 'session variables should all be namespaced to the name of the Rack::OAuth instance'
+
+  it 'should explodify with a helpful message if 2 Rack::OAuths are instantiated with the same name (?)'
+
+  describe 'Mocked requests / responses and whatnot' do
+
+    it 'the Rack::OAuth#consumer should persist through requests (confirm this is true because we need it to be true for mocking purposes)' do
+      app   = lambda {|env| [200, {}, [ Rack::OAuth.get(env).consumer.object_id.to_s ]] }
+      oauth = Rack::OAuth.new app, :site => 'a', :key => 'b', :secret => 'c'
+      
+      consumer_id = oauth.consumer.object_id
+
+      RackBox.request(Rack::Session::Cookie.new(oauth), '/').body.should include(consumer_id.to_s)
+      oauth.consumer.object_id.should == consumer_id
+
+      # do another request to make sure it stays the same
+      RackBox.request(Rack::Session::Cookie.new(oauth), '/').body.should include(consumer_id.to_s)
+      oauth.consumer.object_id.should == consumer_id
+    end
+
+    it 'should redirect to the authorize_url of the OAuth::RequestToken returned by consumer.get_request_token' do
+      app   = lambda {|env| [200, {}, ["Hello World"]] }
+      oauth = Rack::OAuth.new app, :site => 'a', :key => 'b', :secret => 'c'
+      
+      oauth.consumer.should_receive(:get_request_token).with(:oauth_callback => 'http://foo.com/oauth_callback').
+        and_return(mock_request_token(:authorize_path => '/silly_path'))
+
+      RackBox.request(Rack::Session::Cookie.new(oauth), '/oauth_login', 'HTTP_HOST' => 'foo.com').
+        headers['Location'].should =~ /^http:\/\/twitter\.com\/silly_path\?oauth_token=/
+    end
+
+    it 'should get an access token that can be used to make arbitrary requests if the callback_path is hit with the right variables given'
+
+  end
+
+end