roauth 0.0.1

data/LICENSE

@@ -0,0 +1,19 @@
+Copyright (c) 2010 Alex MacCaw
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.markdown

@@ -0,0 +1,38 @@
+Based on SOAuth: http://github.com/tofumatt/SOAuth
+
+A *simple* OAuth library that supports OAuth header signing, and header verifying.
+  
+  gem install roauth
+
+Example Client:
+
+	uri = 'https://twitter.com/direct_messages.json'
+	oauth = {
+    :consumer_key    => "consumer_key",
+    :consumer_secret => "consumer_secret",
+    :access_key      => "access_key",
+    :access_secret   => "access_secret"
+	}
+	params = {
+		'count'    => "11",
+		'since_id' => "5000"
+	}
+	oauth_header = ROAuth.header(oauth, uri, params)
+
+	http_uri = URI.parse(uri)
+	request  = Net::HTTP.new(http_uri.host, http_uri.port)
+	request.get(uri.request_uri, {'Authorization', oauth_header})
+
+Example Server:
+  
+	oauth_header = ROAuth.parse(request.header['Authorization'])
+	
+	# Implementation specific
+	consumer     = Consumer.find_by_key(oauth_header[:consumer_key])
+	access_token = AccessToken.find_by_token(oauth_header[:access_key])
+	oauth = {
+	  :consumer_secret => consumer.secret,
+	  :access_secret   => access_token.secret
+	}
+	
+	ROAuth.verify(oauth, oauth_header, request.request_uri, params) #=> true/false

data/lib/roauth.rb

@@ -0,0 +1,102 @@
+require "base64"
+require "openssl"
+require "uri"
+
+module ROAuth
+  class UnsupportedSignatureMethod < Exception; end
+  class MissingOAuthParams < Exception; end
+  
+  # Supported {signature methods}[http://oauth.net/core/1.0/#signing_process];
+  SIGNATURE_METHODS = {"HMAC-SHA1" => OpenSSL::Digest::Digest.new("sha1")}
+  OAUTH_PARAMS      = [:consumer_key, :token, :signature_method, :version, :nonce, :timestamp]
+  
+  # Return an {OAuth "Authorization" HTTP header}[http://oauth.net/core/1.0/#auth_header] from request data
+  def header(oauth, uri, params = {}, http_method = :get)    
+    oauth[:signature_method] ||= "HMAC-SHA1"
+    oauth[:version]          ||= "1.0" # Assumed version, according to the spec
+    oauth[:nonce]            ||= Base64.encode64(OpenSSL::Random.random_bytes(32)).gsub(/\W/, '')
+    oauth[:timestamp]        ||= Time.now.to_i
+    oauth[:token]            ||= oauth.delete(:access_key)
+    oauth[:token_secret]     ||= oauth.delete(:access_secret)
+    
+    sig_params = params.dup
+    sig_params.merge!(oauth_params(oauth))
+    sig_params.merge!(:oauth_signature => escape(signature(oauth, uri, sig_params, http_method)))
+    
+    %{OAuth } + sig_params.map {|key, value| [key, value].join("=") }.join(", ")
+  end
+  
+  def parse(header)
+    header = header.dup
+    header = header.gsub!(/^OAuth\s/, "")
+    header = header.split(", ")
+    header = header.inject({}) {|hash, item|
+      key, value = item.split("=")
+      key.gsub!(/^oauth_/, "")
+      hash[key.to_sym] = unescape(value)
+      hash
+    }
+    header[:access_key] = header[:token]
+    header
+  end
+  
+  def verify(oauth, header, uri, params = {}, http_method = :get)
+    header = header.is_a?(String) ? parse(header) : header.dup
+    
+    client_signature = header.delete(:signature)
+    oauth[:consumer_key] ||= header[:consumer_key]
+    oauth[:token]        ||= header[:token]
+    
+    sig_params = params.dup
+    sig_params.merge!(oauth_params(header))
+    
+    client_signature == signature(oauth, uri, sig_params, http_method)
+  end
+  
+  protected
+    def oauth_params(oauth)
+      oauth = oauth.to_a.select {|key, value| 
+        OAUTH_PARAMS.include?(key) 
+      }
+      oauth.inject({}) {|hash, (key, value)| 
+        hash["oauth_#{key}"] = escape(value)
+        hash
+      }
+    end
+  
+    def signature(oauth, uri, params, http_method = :get)      
+      sig_base = http_method.to_s.upcase + "&" + escape(uri) + "&" + normalize(params)
+      digest   = SIGNATURE_METHODS[oauth[:signature_method]]
+      secret   = "#{escape(oauth[:consumer_secret])}&#{escape(oauth[:token_secret])}"
+      
+      puts "Secret: #{secret}"
+      puts "Sigbase: #{sig_base}"
+      
+      Base64.encode64(OpenSSL::HMAC.digest(digest, secret, sig_base)).chomp.gsub(/\n/, "")
+    end
+  
+    # Escape characters in a string according to the {OAuth spec}[http://oauth.net/core/1.0/]
+    def escape(value)
+      URI::escape(value.to_s, /[^a-zA-Z0-9\-\.\_\~]/) # Unreserved characters -- must not be encoded
+    end
+    
+    def unescape(value)
+      URI::unescape(value)
+    end
+  
+    # Normalize a string of parameters based on the {OAuth spec}[http://oauth.net/core/1.0/#rfc.section.9.1.1]
+    def normalize(params)
+      params.sort.map do |key, values|
+        if values.is_a?(Array)
+          # Multiple values were provided for a single key
+          # in a hash
+          values.sort.collect do |v|
+            [escape(key), escape(v)] * "%3D"
+          end
+        else
+          [escape(key), escape(values)] * "%3D"
+        end
+      end * "%26"
+    end    
+  extend self
+end

metadata

@@ -0,0 +1,58 @@
+--- !ruby/object:Gem::Specification 
+name: roauth
+version: !ruby/object:Gem::Version 
+  version: 0.0.1
+platform: ruby
+authors: 
+- Alex MacCaw
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2010-02-20 00:00:00 +00:00
+default_executable: 
+dependencies: []
+
+description: Simple Ruby OAuth library
+email: info@eribium.org
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- LICENSE
+- README.markdown
+files: 
+- LICENSE
+- README.markdown
+- lib/roauth.rb
+has_rdoc: true
+homepage: http://github.com/maccman/roauth
+licenses: []
+
+post_install_message: 
+rdoc_options: 
+- --charset=UTF-8
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.3.5
+signing_key: 
+specification_version: 3
+summary: Simple Ruby OAuth library
+test_files: []
+