rgigya 1.0.2 → 1.1.0

data/README.rdoc

@@ -23,8 +23,12 @@ You will need to setup your own dev site on the gigya platform for testing.
 
   require 'RGigya'
 
-  GIGYA_API_KEY = "<add api key here>"
-  GIGYA_API_SECRET = "<add api secret here>"
+  RGigya.config({
+    :api_key => "<add api key here>",
+    :api_secret => "<add api secret here>",
+    :use_ssl => false,
+    :domain => "us1"
+  })
 
   RGigya.socialize_notifyLogin({:siteUID => '1'})
 
@@ -34,8 +38,12 @@ You will need to setup your own dev site on the gigya platform for testing.
 Edit your config/environments/development.rb file and add the following constants
 
 
-  GIGYA_API_KEY = "<add api key here>"
-  GIGYA_API_SECRET = "<add api secret here>"
+  RGigya.config({
+    :api_key => "<add api key here>",
+    :api_secret => "<add api secret here>",
+    :use_ssl => false,
+    :domain => "us1"
+  })
 
 Then add your api calls in your controllers, models, libraries, etc.
 
@@ -90,7 +98,7 @@ Edit spec/spec_helper.rb
 === Running tests
 
   cd <root of the project>
-  rspec rgigya_spec.rb
+  rspec
   
   
 == Rails dummy site

data/VERSION

@@ -1 +1 @@
-1.0.2
+1.1.0

data/lib/rgigya/base.rb

@@ -0,0 +1,340 @@
+#
+# Quick sdk for the gigya api
+#
+# You can reference api calls at http://developers.gigya.com/037_API_reference
+#
+# Example call
+# RGigya.socialize_setStatus(:uid => @user.id,:status => 'hello')
+#
+# We split the method name by the underscore and then map 
+# the first token to the correct url
+# The example above calls the url https://socialize.gigya.com/socialize.setStatus
+#
+# @author Scott Sampson
+# @author Michael Orr
+
+
+#
+# Constants to be used for the gigya key and secret.  
+# These should be commented out and set in your environments for your rails project.
+# Uncomment below for testing without rails
+#
+# RGigya.config({
+#   :api_key => "12345",
+#   :api_secret => "12345,
+#   :use_ssl => false,
+#   :domain => "us1"
+# })
+
+
+
+module RGigya
+
+  # List of Available API methods
+  @@valid_methods = [:socialize, :gm, :comments, :accounts, :reports, :chat, :ds]
+  
+  # Used to compare when we get a bad signature, mainly for debugging but helpful
+  @@base_signature_string = ""
+  @@signature = ""
+      
+  #
+  # Custom Exceptions so we know it came from the library
+  # When in use please namespace them appropriately RGigya::ResponseError for readability
+  #
+  exceptions = %w[ UIDParamIsNil SiteUIDParamIsNil ResponseError BadParamsOrMethodName ErrorCodeReturned MissingApiKey MissingApiSecret]  
+  exceptions.each { |e| const_set(e, Class.new(StandardError)) }
+  RGigya::JSONParseError = Class.new(JSON::ParserError)
+  
+  class << self
+    
+    
+    #
+    # Sets the config data to be used in the api call
+    #
+    # @param [Hash] config_dat Hash of key value pairs passed to the gigya api
+    #
+    # @author Scott Sampson
+    def config(config_data)
+      @@api_key = config_data[:api_key]
+      @@api_secret = config_data[:api_secret]
+      @@use_ssl = config_data[:use_ssl] || false
+      @@domain = config_data[:domain] || "us1"
+      
+      verify_config_data
+    end
+    
+    # Validates that we have required config data
+    #
+    # @author Scott Sampson
+    def verify_config_data
+      if(!defined?(@@api_key)) 
+        raise RGigya::MissingApiKey, "Please provide a Gigya api key in the config data"
+      end
+      if(!defined?(@@api_secret)) 
+        raise RGigya::MissingApiSecret, "Please provide a Gigya api secret in the config data"
+      end
+    end
+    
+    #
+    # Adds the required params for all api calls
+    # 
+    def required_parameters
+      params =  "apiKey=#{CGI.escape(@@api_key)}"
+      params += "&secret=#{CGI.escape(@@api_secret)}"
+      params += "&format=json"
+    end
+    
+    #
+    # builds the url to be sent to the api
+    #
+    # @param [String] method The method name to be called in the gigya api
+    # @param [Hash] options Hash of key value pairs passed to the gigya api
+    #
+    # @return [String] the full url to be sent to the api
+    #
+    # @author Scott Sampson
+    def build_url(method, http_method, options = {})
+      if options && options.has_key?(:uid) && options[:uid].nil?
+        raise RGigya::UIDParamIsNil, ""
+      end
+      
+      if options && options.has_key?(:siteUID) && options[:siteUID].nil?
+        raise RGigya::SiteUIDParamIsNil, ""
+      end
+
+      method_type,method_name = method.split(".")
+      if(http_method == "GET") 
+        url = "https://#{method_type}.#{@@domain}.gigya.com/#{method}?#{required_parameters}"
+        if(options)
+          options.each do |key,value|
+            url += "&#{key}=#{CGI.escape(value.to_s)}"
+          end
+        end
+      else 
+        url = "http://#{method_type}.#{@@domain}.gigya.com/#{method}"
+      end
+      url
+    end
+    
+    #
+    # sends the https call to gigya and parses the result
+    # This is used for https get requests
+    # 
+    # @param [String] method The method name to be called in the gigya api
+    # @param [Hash] options Hash of key value pairs passed to the gigya api
+    #
+    # @return [Hash] hash of the api results in key/value format
+    #
+    # @author Scott Sampson
+    def parse_results_secure(method,options)
+      # options = {} if options.is_a?(String) && options.blank?
+      begin
+        response = HTTParty.get(build_url(method, "GET", options),{:timeout => 10})
+      rescue SocketError,Timeout::Error => e 
+        raise RGigya::ResponseError, e.message
+      end
+      return false if response.nil? || response.body == "Bad Request"
+
+      begin
+        doc = JSON(response.body)
+      rescue JSON::ParserError => e
+        raise RGigya::JSONParseError, e.message
+      end
+      doc
+    end
+    
+    
+    #
+    # Orders the params hash for the signature
+    # Changes boolean values to their string equivalent
+    # 
+    # @param [Hash] h Hash of key value pairs passed to the gigya api
+    #
+    # @return [Hash] hash of the params being passed to the gigya api with their keys in alpha order
+    #
+    # @author Scott Sampson
+    def prepare_for_signature(h)
+      ordered_hash = {} #insert order with hash is preserved since ruby 1.9.2
+      h = h.inject({}){|p,(k,v)| p[k.to_sym] = v; p}
+      h.keys.sort.each do |key|
+        value = h[key]
+        if(!!value == value) #duck typeing.......quack
+          ordered_hash[key] = value.to_s
+        else
+          ordered_hash[key] = value
+        end
+      end
+      return ordered_hash
+    end
+    
+    
+    #
+    # Adds Timestamp, nonce and signatures to the params hash
+    # 
+    # @param [String] request_uri the url we are using for the api call
+    # @param [Hash] params Hash of key value pairs passed to the gigya api
+    #
+    # @return [Hash] hash of the params being passed to the gigya api
+    # with timestamp, nonce and signature added
+    #
+    # @author Scott Sampson
+    def params_with_signature(request_uri,params)
+        timestamp = Time.now.utc.strftime("%s")
+        nonce  = SigUtils::current_time_in_milliseconds()
+        
+        params = {} if params.nil?
+        
+        params[:format] = "json"
+        params[:timestamp] = timestamp
+        params[:nonce] = nonce
+        params[:apiKey] = @@api_key
+        
+        normalized_url = CGI.escape(request_uri)
+        
+        query_string = CGI.escape(prepare_for_signature(params).to_query)
+                        
+        # signature_string = SECRET + request_uri + timestamp
+        @@base_signature_string = "POST&#{normalized_url}&#{query_string}"
+        
+        digest = SigUtils::calculate_signature(@@base_signature_string,@@api_secret)
+        @@signature = digest.to_s
+        params[:sig] = @@signature
+        return params
+    end
+    
+    #
+    # sends the http call with signature to gigya and parses the result
+    # This is for http post requests
+    # 
+    # @param [String] method The method name to be called in the gigya api
+    # @param [Hash] options Hash of key value pairs passed to the gigya api
+    #
+    # @return [Hash] hash of the api results in key/value format
+    #
+    # @author Scott Sampson
+    
+    def parse_results_with_signature(method, options)
+      request_uri = build_url(method, "POST", options)
+      begin        
+        response = HTTParty.post(request_uri, { :body => params_with_signature(request_uri,options) })
+      rescue URI::InvalidURIError
+        # need to treat this like method missing
+        return false
+      rescue SocketError,Timeout::Error => e
+        raise RGigya::ResponseError, e.message
+      end
+      
+      
+      begin
+        doc = JSON(response.body)
+      rescue JSON::ParserError => e
+        raise RGigya::JSONParseError, e.message
+      end
+      doc
+    end
+    
+    
+    #
+    # sends the api call to gigya and parses the result with appropriate method
+    # 
+    # @param [String] method The method name to be called in the gigya api
+    # @param [Hash] options Hash of key value pairs passed to the gigya api
+    #
+    # @return [Hash] hash of the api results in key/value format
+    #
+    # @author Scott Sampson
+    def parse_results(method, options = {})
+      verify_config_data
+      return @@use_ssl ? parse_results_secure(method,options) : parse_results_with_signature(method,options)
+    end
+    
+    #
+    # Error handling of the results
+    # 
+    # @param [String]  The method name to be called in the gigya api
+    # @param [Hash] results Hash of key value pairs returned by the results
+    #
+    # @return [String] hash of a successful api call
+    # 
+    # TODO:  Shouldn't fail so hard.  If there is a temporary connectivity problem we should fail more gracefully.
+    # You can find a list of response codes at http://developers.gigya.com/037_API_reference/zz_Response_Codes_and_Errors
+    #
+    # @author Scott Sampson
+    def check_for_errors(results)
+      case results['errorCode'].to_s
+        when '0'
+          return results
+        when '400124'
+          #Limit Reached error - don't fail so bad
+        when '400002'
+          raise RGigya::BadParamsOrMethodName, results['errorDetails']
+        when '403003'
+          log("RGigya returned Error code #{results['errorCode']}.\n\nError Message: #{results['errorMessage']}\n\nError Details: #{results['errorDetails']}\n\n")
+          log("Rgigya base_signature_string = #{@@base_signature_string}\n\n")
+          log("Gigya base_signature_string = #{results['baseString']}\n\n\n")
+          log("Rgigya signature = #{@@signature}\n\n")
+          log("Gigya signature = #{results['expectedSignature']}\n\n")
+          raise RGigya::ErrorCodeReturned, "returned Error code #{results['errorCode']}: #{results['errorMessage']}"
+        else 
+          log("RGigya returned Error code #{results['errorCode']}.\n\nError Message: #{results['errorMessage']}\n\nError Details: #{results['errorDetails']}")
+          raise RGigya::ErrorCodeReturned, "returned Error code #{results['errorCode']}: #{results['errorMessage']}"
+      end
+    end
+    
+    ##
+    # Override method_missing so we don't have to write all the dang methods
+    #
+    # @param [Symbol] sym The method symbol
+    # @param [*Array] args The splatted array of method arguments passed in
+    #
+    # @author Scott Sampson
+    def method_missing(sym, *args)
+      
+      method = sym.to_s.gsub("_",".")
+      method_type,method_name = method.split(".")
+      
+      if(@@valid_methods.include?(method_type.to_sym))
+        results = parse_results(method, args.first)
+      else 
+        results = false
+      end
+      
+      if results
+        return check_for_errors(results)
+      else 
+        super
+      end
+    end
+    
+    
+    ##
+    # Override respond_to? We can't really give an accurate return here
+    # I am only allowing those methods that start with the methods listed in the @@valid_methods array
+    #
+    # @param [Symbol] sym The method symbol
+    # @param [Boolean] include_private Whether you want to include private or not. 
+    #
+    # @author Scott Sampson
+    def respond_to?(sym, include_private = false)
+      method = sym.to_s.gsub("_",".")
+      method_type,method_name = method.split(".")
+      return @@valid_methods.include?(method_type.to_sym)
+    end
+    
+    
+        
+    #
+    # Custom log method, if we are in rails we should log any errors for debugging purposes
+    #
+    # @param [String] log_str string to log
+    #
+    # @author Scott Sampson
+    def log(log_str)
+      if Object.const_defined?('Rails')
+        Rails.logger.info(log_str)
+      else
+        puts log_str
+      end
+    end
+  end
+end

data/lib/rgigya/hash.rb

@@ -0,0 +1,19 @@
+#
+# Mixin for ruby's Hash class
+#
+#
+# @author Scott Sampson
+# @author Michael Orr
+
+class Hash
+  
+  
+  # returns a query string
+  # 
+  # @return [String] concated string of key value pairs in the hash
+  #
+  # @author Scott Sampson
+  def to_query
+    self.map{|k,v| "#{CGI.escape(k.to_s)}=#{CGI.escape(v)}"}.join("&")
+  end
+end

data/lib/rgigya/sig_utils.rb

@@ -0,0 +1,98 @@
+#
+# Utility class to help with signatures when sending api calls to gigya
+#
+#
+# @author Scott Sampson
+# @author Michael Orr
+
+
+#if you think about it as a namespace the include RGigya below doesn't seem weird at all
+module RGigya
+    
+  class SigUtils
+    include RGigya 
+      
+    class << self  
+    
+      # validates the signature from the api calls having to do with authentication
+      # http://developers.gigya.com/010_Developer_Guide/87_Security#Validate_the_UID_Signature_in_the_Social_Login_Process
+      # 
+      # @param [String] uid The id for the user who's friends you are getting
+      # @param [String] timestamp The signatureTimestamp passed along with api call
+      # @param [String] signature the UIDSignature we are verifying against
+      #
+      # @return [Boolean] true or false on whether the signature is valid
+      #
+      # @author Scott Sampson
+  	  def validate_user_signature(uid, timestamp, signature) 
+  	    base = "#{timestamp}_#{uid}"
+  	  	expected_signature = calculate_signature(base, @@api_secret)
+    		return expected_signature == signature
+  	  end
+	
+	
+	    # validates the signature from the api calls having to do with friends
+      # http://developers.gigya.com/010_Developer_Guide/87_Security#Validate_Friendship_Signatures_when_required
+      # 
+      # 
+      # @param [String] uid The id for the user who's friends you are getting
+      # @param [String] timestamp The signatureTimestamp passed along with each friend to verify the signature
+      # @param [String] friend_uid gigya's user_id for the friend
+      # @param [String] signature the friendshipSignature we are verifying against
+      #
+      # @return [Boolean] true or false on whether the signature is valid
+      #
+      # @author Scott Sampson
+  	  def validate_friend_signature(uid, timestamp, friend_uid, signature)
+    		base = "#{timestamp}_#{friend_uid}_#{uid}"
+    		expected_signature = calculate_signature(base, @@api_secret)
+    		return expected_signature == signature
+  		end
+  		
+      # generates the value for the session expiration cookie
+      # http://developers.gigya.com/010_Developer_Guide/87_Security#Defining_a_Session_Expiration_Cookie
+      # 
+      # You want to use this if you want to terminate a session in the future
+      # 
+      # @param [String] glt_cookie The login token received from Gigya after successful Login. 
+      #     Gigya stores the token in a cookie named: "glt_" + <Your API Key>
+      # @param [Integer] timeout_in_seconds The expiration time in seconds since Jan. 1st 1970 and in GMT/UTC timezone.
+      #
+      # @return [String] value you want to set in the cookie
+      #
+      # @author Scott Sampson
+  	  def get_dynamic_session_signature(glt_cookie, timeout_in_seconds)
+    		expiration_time_unix_ms = (current_time_in_milliseconds().to_i/1000) + timeout_in_seconds
+        expiration_time_unix = expiration_time_unix_ms.floor.to_s
+    		unsigned_expiration = "#{glt_cookie}_#{expiration_time_unix}"
+    		signed_expiration = calculate_signature(unsigned_expiration,@@api_secret)
+    		return "#{expiration_time_unix}_#{signed_expiration}"
+  	  end
+  	  
+  	  
+  	  # Returns the current utc time in milliseconds
+      # 
+      # @return [String] current time in milliseconds
+      #
+      # @author Scott Sampson
+  	  def current_time_in_milliseconds()
+        return DateTime.now.strftime("%Q")
+    	end
+	
+	    # Calulates the signature to be passed with the api calls
+      # 
+      # @param [Strsing] base string that we are basing the signature off of
+      # @param [String] key The key we are using the encode the signature
+      #
+      # @return [String] value of the signature
+      #
+      # @author Scott Sampson
+      def calculate_signature(base,key)
+        base = base.encode('UTF-8')
+        raw = OpenSSL::HMAC.digest('sha1',Base64.decode64(key), base)
+    		return Base64.encode64(raw).chomp.gsub(/\n/,'')
+    	end
+  	  
+    end
+  end
+end

data/lib/rgigya.rb

@@ -1,196 +1,6 @@
 require 'json'
 require 'httparty'
 require 'CGI'
-
-#
-# Quick sdk for the gigya api
-#
-# You can reference api calls at http://developers.gigya.com/037_API_reference
-#
-# Example call
-# RGigya.socialize_setStatus(:uid => @user.id,:status => 'hello')
-#
-# We split the method name by the underscore and then map 
-# the first token to the correct url using the @@urls class variable
-# The example above calls the url https://socialize.gigya.com/socialize.setStatus
-#
-# @author Scott Sampson
-
-
-#
-# Constants to be used for the gigya key and secret.  
-# These should be commented out and set in your environments for your rails project.
-# Uncomment below for testing without rails
-#
-# GIGYA_API_KEY = "12345"
-# GIGYA_API_SECRET = "12345"
-
-
-class RGigya
-  
-  # Mapping to different urls based on api groupings
-  @@urls = {
-    socialize: "https://socialize-api.gigya.com",
-    gm: "https://gm.gigya.com",
-    comments: "https://comments.gigya.com",
-    accounts: "https://accounts.gigya.com",
-    reports: "https://reports.gigya.com",
-    chat: "https://chat.gigya.com",
-    ds: "https://ds.gigya.com"
-  }
-  
-  #
-  # Custom Exceptions so we know it came from the library
-  # When in use please namespace them appropriately RGigya::ResponseError for readability
-  #
-  exceptions = %w[ UIDParamIsNil SiteUIDParamIsNil ResponseError BadParamsOrMethodName ErrorCodeReturned  ]  
-  exceptions.each { |e| const_set(e, Class.new(StandardError)) }
-  RGigya::JSONParseError = Class.new(JSON::ParserError)
-  
-  class << self
-    
-    #
-    # Adds the required params for all api calls
-    # 
-    def required_parameters
-      params =  "apiKey=#{CGI.escape(GIGYA_API_KEY)}"
-      params += "&secret=#{CGI.escape(GIGYA_API_SECRET)}"
-      params += "&format=json"
-    end
-    
-    #
-    # builds the url to be sent to the api
-    #
-    # @param [String] method The method name to be called in the gigya api
-    # @param [Hash] options Hash of key value pairs passed to the gigya api
-    #
-    # @return [String] the full url to be sent to the api
-    #
-    # @author Scott Sampson
-    def build_url(method, options = {})
-      if options && options.has_key?(:uid) && options[:uid].nil?
-        raise RGigya::UIDParamIsNil, ""
-      end
-      
-      if options && options.has_key?(:siteUID) && options[:siteUID].nil?
-        raise RGigya::SiteUIDParamIsNil, ""
-      end
-
-      method_type,method_name = method.split(".")
-      url = "#{@@urls[method_type.to_sym]}/#{method}?#{required_parameters}"
-      if(options)
-        options.each do |key,value|
-          url += "&#{key}=#{CGI.escape(value.to_s)}"
-        end
-      end
-      url
-    end
-    
-    #
-    # sends the https call to gigya and parses the result
-    # 
-    # @param [String] method The method name to be called in the gigya api
-    # @param [Hash] options Hash of key value pairs passed to the gigya api
-    #
-    # @return [Hash] hash of the api results in key/value format
-    #
-    # @author Scott Sampson
-    def parse_results(method, options = {})
-      # options = {} if options.is_a?(String) && options.blank?
-      begin
-        response = HTTParty.get(build_url(method, options),{:timeout => 10})
-      rescue SocketError,Timeout::Error => e 
-        raise RGigya::ResponseError, e.message
-      end
-      return false if response.nil? || response.body == "Bad Request"
-
-      begin
-        doc = JSON(response.body)
-      rescue JSON::ParserError => e
-        raise RGigya::JSONParseError, e.message
-      end
-      doc
-    end
-    
-    #
-    # Error handling of the results
-    # 
-    # @param [String]  The method name to be called in the gigya api
-    # @param [Hash] results Hash of key value pairs returned by the results
-    #
-    # @return [String] hash of a successful api call
-    # 
-    # TODO:  Shouldn't fail so hard.  If there is a temporary connectivity problem we should fail more gracefully.
-    # You can find a list of response codes at http://developers.gigya.com/037_API_reference/zz_Response_Codes_and_Errors
-    #
-    # @author Scott Sampson
-    def check_for_errors(results)
-      case results['errorCode'].to_s
-        when '0'
-          return results
-        when '400124'
-          #Limit Reached error - don't fail so bad
-        when '400002'
-          raise RGigya::BadParamsOrMethodName, results['errorDetails']
-        else 
-          log("RGigya returned Error code #{results['errorCode']}.\n\nError Message: #{results['errorMessage']}\n\nError Details: #{results['errorDetails']}")
-          raise RGigya::ErrorCodeReturned, "returned Error code #{results['errorCode']}: #{results['errorMessage']}"
-      end
-    end
-    
-    ##
-    # Override method_missing so we don't have to write all the dang methods
-    #
-    # @param [Symbol] sym The method symbol
-    # @param [*Array] args The splatted array of method arguments passed in
-    #
-    # @author Scott Sampson
-    def method_missing(sym, *args)
-      
-      method = sym.to_s.gsub("_",".")
-      method_type,method_name = method.split(".")
-      if(@@urls.has_key?(method_type.to_sym)) 
-        results = parse_results(method, args.first)
-      else 
-        results = false
-      end
-      
-      if results
-        return check_for_errors(results)
-      else 
-        super
-      end
-    end
-    
-    
-    ##
-    # Override respond_to? We can't really give an accurate return here
-    # I am only allowing those methods that start with those methods in the @urls hash
-    #
-    # @param [Symbol] sym The method symbol
-    # @param [Boolean] include_private Whether you want to include private or not. 
-    #
-    # @author Scott Sampson
-    def respond_to?(sym, include_private = false)
-      method = sym.to_s.gsub("_",".")
-      method_type,method_name = method.split(".")
-      return @@urls.has_key?(method_type.to_sym)
-    end
-    
-    
-        
-    ##
-    # Custom log method, if we are in rails we should log any errors for debugging purposes
-    #
-    # @param [String] log_str string to log
-    #
-    # @author Scott Sampson
-    def log(log_str)
-      if Object.const_defined?('Rails')
-        Rails.logger.info(log_str)
-      else
-        puts log_str
-      end
-    end
-  end
-end
+require File.dirname(__FILE__)+"/rgigya/base.rb"
+require File.dirname(__FILE__)+"/rgigya/sig_utils.rb"
+require File.dirname(__FILE__)+"/rgigya/hash.rb"