rest-core 0.7.2 → 0.8.0

data/CHANGES.md

@@ -1,5 +1,64 @@
 # CHANGES
 
+## rest-core 0.8.0 -- 2011-11-29
+
+Changes are mostly related to OAuth.
+
+### Incompatible changes
+
+* [OAuth1Header] `callback` is renamed to `oauth_callback`
+* [OAuth1Header] `verifier` is renamed to `oauth_verifier`
+
+* [Oauth2Header] The first argument is changed from `access_token` to
+  `access_token_type`. Previously, the access_token_type is "OAuth" which
+  is used in Mixi. But mostly, we might want to use "Bearer" (according to
+  [OAuth 2.0 spec][]) Argument for the access_token is changed to the second
+  argument.
+
+* [Defaults] Now we're no longer call `call` for any default values.
+  That is, if you're using this: `use s::Defaults, :data => lambda{{}}`
+  that would break. Previously, this middleware would call `call` on the
+  lambda so that `data` is default to a newly created hash. Now, it would
+  merely be default to the lambda. To make it work as before, please define
+  `def default_data; {}; end` in the client directly. Please see
+  `OAuth1Client` as an example.
+
+[OAuth 2.0 spec]: http://tools.ietf.org/html/draft-ietf-oauth-v2-22
+
+### Enhancement
+
+* [AuthBasic] Added a new middleware which could do [basic authentication][].
+
+* [OAuth1Header] Introduced `data` which is a hash and is used to store
+  tokens and other information sent from authorization servers.
+
+* [ClientOauth1] Now `authorize_url!` accepts opts which you can pass
+  `authorize_url!(:oauth_callback => 'http://localhost/callback')`.
+
+* [ClientOauth1] Introduced `authorize_url` which would not try to ask
+  for a request token, instead, it would use the current token as the
+  request token. If you don't understand what does this mean, then keep
+  using `authorize_url!`, which would call this underneath.
+
+* [ClientOauth1] Introduced `authorized?`
+* [ClientOauth1] Now it would set `data['authorized'] = 'true'` when
+  `authorize!` is called, and it is also used to check if we're authorized
+  or not in `authorized?`
+
+* [ClientOauth1] Introduced `data_json` and `data_json=` which allow you to
+  serialize and deserialize `data` with JSON along with a `sig` to check
+  if it hasn't been changed. You can put this into browser cookie. Because
+  of the `sig`, you would know if the user changed something in data without
+  using `consumer_secret` to generate a correct sig corresponded to the data.
+
+* [ClientOauth1] Introduced `oauth_token`, `oauth_token=`,
+  `oauth_token_secret`, `oauth_token_secret=`, `oauth_callback`,
+  and `oauth_callback=` which take the advantage of `data`.
+
+* [ClientOauth1] Introduced `default_data` which is a hash.
+
+[basic authentication]: http://en.wikipedia.org/wiki/Basic_access_authentication
+
 ## rest-core 0.7.2 -- 2011-11-04
 
 * Moved rib-rest-core to [rest-more][]
@@ -19,7 +78,7 @@ _rest-more_ if you want to use them.
 
 ## rest-core 0.4.0 -- 2011-09-26
 
-### Incompatible changes:
+### Incompatible changes
 
 * [dry] Now `RestCore::Ask` is renamed to `RestCore::Dry` for better
   understanding. Thanks miaout17
@@ -37,7 +96,7 @@ _rest-more_ if you want to use them.
   See *test_client.rb* for more detailed definition. If you don't understand
   this, don't worry, since then this won't affect you.
 
-### Compatible changes:
+### Compatible changes
 
 * [client] Introduced a new method `request_full` which is exactly the same
   as `request` but also returns various information from the app, including

data/README.md

@@ -5,7 +5,7 @@ by Cardinal Blue <http://cardinalblue.com>
 ## LINKS:
 
 * [github](https://github.com/cardinalblue/rest-core)
-* [rubygems](http://rubygems.org/gems/rest-core)
+* [rubygems](https://rubygems.org/gems/rest-core)
 * [rdoc](http://rdoc.info/projects/cardinalblue/rest-core)
 * [mailing list](http://groups.google.com/group/rest-core/topics)
 

data/lib/rest-core.rb

@@ -30,6 +30,7 @@ module RestCore
   autoload :ParseQuery    , 'rest-core/util/parse_query'
 
   # middlewares
+  autoload :AuthBasic     , 'rest-core/middleware/auth_basic'
   autoload :Bypass        , 'rest-core/middleware/bypass'
   autoload :Cache         , 'rest-core/middleware/cache'
   autoload :CommonLogger  , 'rest-core/middleware/common_logger'

data/lib/rest-core/client/universal.rb

@@ -8,7 +8,8 @@ RestCore::Universal = RestCore::Builder.client(:data) do
   use s::DefaultQuery  , {}
 
   use s::CommonLogger  , method(:puts)
-  use s::Cache         , {}, 600 do
+  use s::AuthBasic     , nil, nil
+  use s::Cache         ,  {}, 600 do
     use s::ErrorHandler, nil
     use s::ErrorDetectorHttp
     use s::JsonDecode  , false

data/lib/rest-core/client_oauth1.rb

@@ -4,22 +4,76 @@ require 'rest-core'
 module RestCore::ClientOauth1
   include RestCore
 
-  def authorize_url!
-    set_token(ParseQuery.parse_query(
-      post(request_token_path, {}, {}, {:json_decode => false})))
+  def authorize_url! opts={}
+    self.data = ParseQuery.parse_query(
+      post(request_token_path, {}, {}, {:json_decode => false}.merge(opts)))
 
-    url(authorize_path, :oauth_token => oauth_token, :format => false)
+    authorize_url
   end
 
-  def authorize! verifier
-    set_token(ParseQuery.parse_query(
-      post(access_token_path, {}, {}, {:verifier => verifier,
-                                       :json_decode => false})))
+  def authorize_url
+    url(authorize_path, :oauth_token => oauth_token)
+  end
+
+  def authorize! opts={}
+    self.data = ParseQuery.parse_query(
+      post(access_token_path, {}, {}, {:json_decode => false}.merge(opts)))
+
+    data['authorized'] = 'true'
+    data
+  end
+
+  def authorized?
+    !!(oauth_token && oauth_token_secret && data['authorized'])
+  end
+
+  def data_json
+    JsonDecode.json_encode(data.merge('sig' => calculate_sig))
+  end
+
+  def data_json= json
+    self.data = check_sig_and_return_data(JsonDecode.json_decode(json))
+  rescue JsonDecode.const_get(:ParseError)
+    self.data = nil
+  end
+
+  def oauth_token
+    data['oauth_token'] if data.kind_of?(Hash)
+  end
+  def oauth_token= token
+    data['oauth_token'] = token if data.kind_of?(Hash)
+  end
+  def oauth_token_secret
+    data['oauth_token_secret'] if data.kind_of?(Hash)
+  end
+  def oauth_token_secret= secret
+    data['oauth_token_secret'] = secret if data.kind_of?(Hash)
+  end
+  def oauth_callback
+    data['oauth_callback'] if data.kind_of?(Hash)
+  end
+  def oauth_callback= uri
+    data['oauth_callback'] = uri if data.kind_of?(Hash)
   end
 
   private
-  def set_token query
-    self.oauth_token        = query['oauth_token']
-    self.oauth_token_secret = query['oauth_token_secret']
+  def default_data
+    {}
+  end
+
+  def check_sig_and_return_data hash
+    hash if consumer_secret && hash.kind_of?(Hash) &&
+            calculate_sig(hash) == hash['sig']
+  end
+
+  def calculate_sig hash=data
+    base = hash.reject{ |(k, _)| k == 'sig' }.sort.map{ |(k, v)|
+      "#{escape(k.to_s)}=#{escape(v.to_s)}"
+    }.join('&')
+    Digest::MD5.hexdigest("#{escape(consumer_secret)}&#{base}")
+  end
+
+  def escape string
+    CGI.escape(string).gsub('+', '%20')
   end
 end

data/lib/rest-core/middleware/auth_basic.rb

@@ -0,0 +1,29 @@
+
+require 'rest-core/middleware'
+
+class RestCore::AuthBasic
+  def self.members; [:username, :password]; end
+  include RestCore::Middleware
+
+  def call env
+    if username(env)
+      if password(env)
+        app.call(env.merge(REQUEST_HEADERS =>
+          auth_basic_header(env).merge(env[REQUEST_HEADERS] || {})))
+      else
+        app.call(log(env, "AuthBasic: username provided: #{username(env)}," \
+                          " but password is missing."))
+      end
+    elsif password(env)
+      app.call(log(env, "AuthBasic: password provided: #{password(env)}," \
+                        " but username is missing."))
+    else
+      app.call(env)
+    end
+  end
+
+  def auth_basic_header env
+    {'Authorization' =>
+       "Basic #{["#{username(env)}:#{password(env)}"].pack('m').tr("\n",'')}"}
+  end
+end

data/lib/rest-core/middleware/defaults.rb

@@ -24,11 +24,7 @@ class RestCore::Defaults
   def method_missing msg, *args, &block
     env = args.first
     if env.kind_of?(Hash) && (d = defaults(env)) && d.key?(msg)
-      if (value = defaults(env)[msg]).respond_to?(:call)
-        value.call
-      else
-        value
-      end
+      defaults(env)[msg]
     else
       super
     end

data/lib/rest-core/middleware/oauth1_header.rb

@@ -9,7 +9,8 @@ class RestCore::Oauth1Header
   def self.members
     [:request_token_path, :access_token_path, :authorize_path,
      :consumer_key, :consumer_secret,
-     :callback, :verifier, :oauth_token, :oauth_token_secret]
+     :oauth_callback, :oauth_verifier,
+     :oauth_token, :oauth_token_secret, :data]
   end
   include RestCore::Middleware
   def call env
@@ -35,8 +36,8 @@ class RestCore::Oauth1Header
       'oauth_timestamp'        => Time.now.to_i.to_s,
       'oauth_nonce'            => nonce,
       'oauth_version'          => '1.0',
-      'oauth_callback'         => callback(env),
-      'oauth_verifier'         => verifier(env),
+      'oauth_callback'         => oauth_callback(env),
+      'oauth_verifier'         => oauth_verifier(env),
       'oauth_token'            => oauth_token(env))
 
     "OAuth #{header.map{ |(k, v)| "#{k}=\"#{v}\"" }.join(', ')}"

data/lib/rest-core/middleware/oauth2_header.rb

@@ -2,12 +2,13 @@
 require 'rest-core/middleware'
 
 class RestCore::Oauth2Header
-  def self.members; [:access_token]; end
+  def self.members; [:access_token_type, :access_token]; end
   include RestCore::Middleware
 
   def call env
     start_time = Time.now
-    headers = {'Authorization' => "OAuth #{access_token(env)}"}.
+    headers = {'Authorization' =>
+                 "#{access_token_type(env)} #{access_token(env)}"}.
                 merge(env[REQUEST_HEADERS] || {}) if access_token(env)
 
     event = Event::WithHeader.new(Time.now - start_time,

data/lib/rest-core/version.rb

@@ -1,4 +1,4 @@
 
 module RestCore
-  VERSION = '0.7.2'
+  VERSION = '0.8.0'
 end

data/rest-core.gemspec

@@ -2,13 +2,13 @@
 
 Gem::Specification.new do |s|
   s.name = "rest-core"
-  s.version = "0.7.2"
+  s.version = "0.8.0"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = [
   "Cardinal Blue",
   "Lin Jen-Shin (godfat)"]
-  s.date = "2011-11-04"
+  s.date = "2011-11-29"
   s.description = "Modular Ruby clients interface for REST APIs\n\nThere has been an explosion in the number of REST APIs available today.\nTo address the need for a way to access these APIs easily and elegantly,\nwe have developed [rest-core][], which consists of composable middleware\nthat allows you to build a REST client for any REST API. Or in the case of\ncommon APIs such as Facebook, Github, and Twitter, you can simply use the\ndedicated clients provided by [rest-more][].\n\n[rest-core]: http://github.com/cardinalblue/rest-core\n[rest-more]: http://github.com/cardinalblue/rest-more"
   s.email = ["dev (XD) cardinalblue.com"]
   s.files = [
@@ -38,6 +38,7 @@ Gem::Specification.new do |s|
   "lib/rest-core/error.rb",
   "lib/rest-core/event.rb",
   "lib/rest-core/middleware.rb",
+  "lib/rest-core/middleware/auth_basic.rb",
   "lib/rest-core/middleware/bypass.rb",
   "lib/rest-core/middleware/cache.rb",
   "lib/rest-core/middleware/common_logger.rb",
@@ -63,18 +64,24 @@ Gem::Specification.new do |s|
   "rest-core.gemspec",
   "task/.gitignore",
   "task/gemgem.rb",
+  "test/test_auth_basic.rb",
   "test/test_builder.rb",
   "test/test_client.rb",
+  "test/test_client_oauth1.rb",
   "test/test_oauth1_header.rb",
+  "test/test_universal.rb",
   "test/test_wrapper.rb"]
   s.homepage = "https://github.com/cardinalblue/rest-core"
   s.require_paths = ["lib"]
   s.rubygems_version = "1.8.11"
   s.summary = "Modular Ruby clients interface for REST APIs"
   s.test_files = [
+  "test/test_auth_basic.rb",
   "test/test_builder.rb",
   "test/test_client.rb",
+  "test/test_client_oauth1.rb",
   "test/test_oauth1_header.rb",
+  "test/test_universal.rb",
   "test/test_wrapper.rb"]
 
   if s.respond_to? :specification_version then

data/test/test_auth_basic.rb

@@ -0,0 +1,36 @@
+
+require 'rest-core/test'
+
+describe RestCore::AuthBasic do
+  before do
+    @auth = RestCore::AuthBasic.new(RestCore::Dry.new, nil, nil)
+  end
+
+  should 'do nothing' do
+    @auth.call({}).should.eq({})
+  end
+
+  should 'send Authorization header' do
+    @auth.instance_eval{@username = 'Aladdin'}
+    @auth.instance_eval{@password = 'open sesame'}
+
+    @auth.call({}).should.eq({RestCore::REQUEST_HEADERS =>
+      {'Authorization' => 'Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ=='}})
+
+    acc = {'Accept' => 'text/plain'}
+    env = {RestCore::REQUEST_HEADERS => acc}
+
+    @auth.call(env).should.eq({RestCore::REQUEST_HEADERS =>
+      {'Authorization' => 'Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ=='}.merge(acc)})
+  end
+
+  should 'leave a log if username are not both provided' do
+    @auth.instance_eval{@username = 'Aladdin'}
+    @auth.call({})[RestCore::LOG].size.should.eq 1
+  end
+
+  should 'leave a log if password are not both provided' do
+    @auth.instance_eval{@password = 'open sesame'}
+    @auth.call({})[RestCore::LOG].size.should.eq 1
+  end
+end

data/test/test_client_oauth1.rb

@@ -0,0 +1,64 @@
+
+require 'rest-core/test'
+
+describe RC::ClientOauth1 do
+  after do
+    WebMock.reset!
+    RR.verify
+  end
+
+  client = RC::Builder.client do
+    s = self.class # this is only for ruby 1.8!
+    use s::Oauth1Header
+  end
+
+  client.send(:include, RC::ClientOauth1)
+
+  should 'restore data with correct sig' do
+    data = {'a' => 'b', 'c' => 'd'}
+    sig = Digest::MD5.hexdigest('e&a=b&c=d')
+    data_sig = data.merge('sig' => sig)
+    data_json = RC::JsonDecode.json_encode(data_sig)
+    @client = client.new(:data => data, :consumer_secret => 'e')
+
+    @client.send(:calculate_sig).should.eq sig
+    @client.data_json.should.eq data_json
+
+    @client.data_json = data_json
+    @client.data.should.eq data_sig
+
+    @client.data_json = RC::JsonDecode.json_encode(
+      data_sig.merge('sig' => 'wrong'))
+    @client.data.should.eq({})
+
+    @client.data_json = data_json
+    @client.data.should.eq data_sig
+
+    @client.data_json = 'bad json'
+    @client.data.should.eq({})
+  end
+
+  should 'have correct default data' do
+    @client = client.new
+    @client.data.should.eq({})
+    @client.data = nil
+    @client.data['a'] = 'b'
+    @client.data['a'].should.eq 'b'
+  end
+
+  should 'authorize' do
+    stub_request(:post, 'http://localhost').
+      to_return(:body => 'oauth_token=abc')
+
+    stub_request(:post, 'http://nocalhost').
+      to_return(:body => 'user_id=123&haha=point')
+
+    @client = client.new(:request_token_path => 'http://localhost',
+                         :authorize_path     => 'http://mocalhost',
+                         :access_token_path  => 'http://nocalhost')
+
+    @client.authorize_url!.should.eq 'http://mocalhost?oauth_token=abc'
+    @client.authorize!.should.eq('user_id' => '123', 'haha' => 'point',
+                                 'authorized' => 'true')
+  end
+end

data/test/test_universal.rb

@@ -0,0 +1,19 @@
+
+require 'rest-core/test'
+
+describe RestCore::Universal do
+  should 'send Authorization header' do
+    u = RestCore::Universal.new(:log_method => false)
+    u.username = 'Aladdin'
+    u.password = 'open sesame'
+
+    u.request_full({}, u.dry)[RestCore::REQUEST_HEADERS].should.eq(
+      {'Authorization' => 'Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ=='})
+
+    acc = {'Accept' => 'text/plain'}
+    env = {RestCore::REQUEST_HEADERS => acc}
+
+    u.request_full(env, u.dry)[RestCore::REQUEST_HEADERS].should.eq(
+      {'Authorization' => 'Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ=='}.merge(acc))
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rest-core
 version: !ruby/object:Gem::Version
-  version: 0.7.2
+  version: 0.8.0
   prerelease: 
 platform: ruby
 authors:
@@ -10,11 +10,11 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2011-11-04 00:00:00.000000000 Z
+date: 2011-11-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rest-client
-  requirement: &2153817700 !ruby/object:Gem::Requirement
+  requirement: &2164286260 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -22,7 +22,7 @@ dependencies:
         version: '0'
   type: :runtime
   prerelease: false
-  version_requirements: *2153817700
+  version_requirements: *2164286260
 description: ! 'Modular Ruby clients interface for REST APIs
 
 
@@ -74,6 +74,7 @@ files:
 - lib/rest-core/error.rb
 - lib/rest-core/event.rb
 - lib/rest-core/middleware.rb
+- lib/rest-core/middleware/auth_basic.rb
 - lib/rest-core/middleware/bypass.rb
 - lib/rest-core/middleware/cache.rb
 - lib/rest-core/middleware/common_logger.rb
@@ -99,9 +100,12 @@ files:
 - rest-core.gemspec
 - task/.gitignore
 - task/gemgem.rb
+- test/test_auth_basic.rb
 - test/test_builder.rb
 - test/test_client.rb
+- test/test_client_oauth1.rb
 - test/test_oauth1_header.rb
+- test/test_universal.rb
 - test/test_wrapper.rb
 homepage: https://github.com/cardinalblue/rest-core
 licenses: []
@@ -128,7 +132,10 @@ signing_key:
 specification_version: 3
 summary: Modular Ruby clients interface for REST APIs
 test_files:
+- test/test_auth_basic.rb
 - test/test_builder.rb
 - test/test_client.rb
+- test/test_client_oauth1.rb
 - test/test_oauth1_header.rb
+- test/test_universal.rb
 - test/test_wrapper.rb