roauth 0.0.2 → 0.0.3

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. data/.gitignore +1 -0
  2. data/VERSION +1 -1
  3. data/lib/roauth.rb +37 -27
  4. data/roauth.gemspec +4 -4
  5. metadata +6 -4
data/.gitignore CHANGED
@@ -1 +1,2 @@
1
1
  pkg
2
+ *.gem
data/VERSION CHANGED
@@ -1 +1 @@
1
- 0.0.2
1
+ 0.0.3
data/lib/roauth.rb CHANGED
@@ -5,28 +5,31 @@ require "uri"
5
5
  module ROAuth
6
6
  class UnsupportedSignatureMethod < Exception; end
7
7
  class MissingOAuthParams < Exception; end
8
-
8
+
9
9
  # Supported {signature methods}[http://oauth.net/core/1.0/#signing_process];
10
10
  SIGNATURE_METHODS = {"HMAC-SHA1" => OpenSSL::Digest::Digest.new("sha1")}
11
- OAUTH_PARAMS = [:consumer_key, :token, :signature_method, :version, :nonce, :timestamp]
12
-
11
+ OAUTH_PARAMS = [:consumer_key, :token, :signature_method, :version, :nonce, :timestamp, :body_hash, :callback]
12
+
13
13
  # Return an {OAuth "Authorization" HTTP header}[http://oauth.net/core/1.0/#auth_header] from request data
14
- def header(oauth, uri, params = {}, http_method = :get)
14
+ def header(oauth, uri, params = {}, http_method = :get)
15
+ oauth = oauth.dup
15
16
  oauth[:signature_method] ||= "HMAC-SHA1"
16
17
  oauth[:version] ||= "1.0" # Assumed version, according to the spec
17
18
  oauth[:nonce] ||= Base64.encode64(OpenSSL::Random.random_bytes(32)).gsub(/\W/, '')
18
19
  oauth[:timestamp] ||= Time.now.to_i
19
20
  oauth[:token] ||= oauth.delete(:access_key)
20
21
  oauth[:token_secret] ||= oauth.delete(:access_secret)
21
-
22
+
22
23
  sig_params = oauth_params(oauth)
23
24
  sig_params[:oauth_signature] = escape(
24
25
  signature(oauth, uri, sig_params.merge(params), http_method)
25
- )
26
-
27
- %{OAuth } + sig_params.map {|key, value| [key, value].join("=") }.join(", ")
26
+ )
27
+ sorted_sig_params = sig_params.sort_by{|k,v| [k.to_s, v.to_s] }
28
+ authorization_params = sorted_sig_params.map {|key, value| [key, "\"#{value}\""].join("=") }.join(", ")
29
+
30
+ %{OAuth } + authorization_params
28
31
  end
29
-
32
+
30
33
  def parse(header)
31
34
  header = header.dup
32
35
  header = header.gsub!(/^OAuth\s/, "")
@@ -34,59 +37,66 @@ module ROAuth
34
37
  header = header.inject({}) {|hash, item|
35
38
  key, value = item.split("=")
36
39
  key.gsub!(/^oauth_/, "")
40
+ value.gsub!(/(^"|"$)/, "")
37
41
  hash[key.to_sym] = unescape(value)
38
42
  hash
39
43
  }
40
44
  header[:access_key] = header[:token]
41
45
  header
42
46
  end
43
-
47
+
44
48
  def verify(oauth, header, uri, params = {}, http_method = :get)
45
49
  header = header.is_a?(String) ? parse(header) : header.dup
46
-
50
+
47
51
  client_signature = header.delete(:signature)
48
52
  oauth[:consumer_key] ||= header[:consumer_key]
49
53
  oauth[:token] ||= header[:token]
50
54
  oauth[:token_secret] ||= oauth.delete(:access_secret)
51
55
  oauth[:signature_method] ||= "HMAC-SHA1"
52
56
  oauth[:version] ||= "1.0"
53
-
57
+
54
58
  sig_params = params.dup
55
59
  sig_params.merge!(oauth_params(header))
56
-
60
+
57
61
  client_signature == signature(oauth, uri, sig_params, http_method)
58
62
  end
59
-
63
+
60
64
  protected
61
65
  def oauth_params(oauth)
62
- oauth = oauth.to_a.select {|key, value|
63
- OAUTH_PARAMS.include?(key)
66
+ oauth = oauth.to_a.select {|key, value|
67
+ OAUTH_PARAMS.include?(key)
64
68
  }
65
- oauth.inject({}) {|hash, (key, value)|
69
+ oauth.inject({}) {|hash, (key, value)|
66
70
  hash["oauth_#{key}"] = escape(value)
67
71
  hash
68
72
  }
69
73
  end
70
-
71
- def signature(oauth, uri, params, http_method = :get)
74
+
75
+ def signature(oauth, uri, params, http_method = :get)
76
+ uri = URI.parse(uri)
77
+ uri.query = nil
78
+ uri = uri.to_s
79
+
72
80
  sig_base = http_method.to_s.upcase + "&" + escape(uri) + "&" + normalize(params)
73
81
  digest = SIGNATURE_METHODS[oauth[:signature_method]]
74
82
  secret = "#{escape(oauth[:consumer_secret])}&#{escape(oauth[:token_secret])}"
75
-
83
+
76
84
  Base64.encode64(OpenSSL::HMAC.digest(digest, secret, sig_base)).chomp.gsub(/\n/, "")
77
85
  end
78
-
86
+
79
87
  # Escape characters in a string according to the {OAuth spec}[http://oauth.net/core/1.0/]
80
88
  def escape(value)
81
- URI::escape(value.to_s, /[^a-zA-Z0-9\-\.\_\~]/) # Unreserved characters -- must not be encoded
89
+ URI.escape(value.to_s, /[^a-zA-Z0-9\-\.\_\~]/) # Unreserved characters -- must not be encoded
82
90
  end
83
-
91
+
84
92
  def unescape(value)
85
- URI::unescape(value)
93
+ URI.unescape(value)
86
94
  end
87
-
95
+
88
96
  # Normalize a string of parameters based on the {OAuth spec}[http://oauth.net/core/1.0/#rfc.section.9.1.1]
89
97
  def normalize(params)
98
+ # Stringify keys - so we can compare them
99
+ params.keys.each {|key| params[key.to_s] = params.delete(key) }
90
100
  params.sort.map do |key, values|
91
101
  if values.is_a?(Array)
92
102
  # Multiple values were provided for a single key
@@ -98,6 +108,6 @@ module ROAuth
98
108
  [escape(key), escape(values)] * "%3D"
99
109
  end
100
110
  end * "%26"
101
- end
111
+ end
102
112
  extend self
103
- end
113
+ end
data/roauth.gemspec CHANGED
@@ -5,11 +5,11 @@
5
5
 
6
6
  Gem::Specification.new do |s|
7
7
  s.name = %q{roauth}
8
- s.version = "0.0.2"
8
+ s.version = "0.0.3"
9
9
 
10
10
  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
11
11
  s.authors = ["Alex MacCaw"]
12
- s.date = %q{2010-03-18}
12
+ s.date = %q{2010-08-16}
13
13
  s.description = %q{Simple Ruby OAuth library}
14
14
  s.email = %q{info@eribium.org}
15
15
  s.extra_rdoc_files = [
@@ -28,14 +28,14 @@ Gem::Specification.new do |s|
28
28
  s.homepage = %q{http://github.com/maccman/roauth}
29
29
  s.rdoc_options = ["--charset=UTF-8"]
30
30
  s.require_paths = ["lib"]
31
- s.rubygems_version = %q{1.3.6}
31
+ s.rubygems_version = %q{1.3.7}
32
32
  s.summary = %q{Simple Ruby OAuth library}
33
33
 
34
34
  if s.respond_to? :specification_version then
35
35
  current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
36
36
  s.specification_version = 3
37
37
 
38
- if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
38
+ if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
39
39
  else
40
40
  end
41
41
  else
metadata CHANGED
@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
5
5
  segments:
6
6
  - 0
7
7
  - 0
8
- - 2
9
- version: 0.0.2
8
+ - 3
9
+ version: 0.0.3
10
10
  platform: ruby
11
11
  authors:
12
12
  - Alex MacCaw
@@ -14,7 +14,7 @@ autorequire:
14
14
  bindir: bin
15
15
  cert_chain: []
16
16
 
17
- date: 2010-03-18 00:00:00 +00:00
17
+ date: 2010-08-16 00:00:00 +01:00
18
18
  default_executable:
19
19
  dependencies: []
20
20
 
@@ -45,6 +45,7 @@ rdoc_options:
45
45
  require_paths:
46
46
  - lib
47
47
  required_ruby_version: !ruby/object:Gem::Requirement
48
+ none: false
48
49
  requirements:
49
50
  - - ">="
50
51
  - !ruby/object:Gem::Version
@@ -52,6 +53,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
52
53
  - 0
53
54
  version: "0"
54
55
  required_rubygems_version: !ruby/object:Gem::Requirement
56
+ none: false
55
57
  requirements:
56
58
  - - ">="
57
59
  - !ruby/object:Gem::Version
@@ -61,7 +63,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
61
63
  requirements: []
62
64
 
63
65
  rubyforge_project:
64
- rubygems_version: 1.3.6
66
+ rubygems_version: 1.3.7
65
67
  signing_key:
66
68
  specification_version: 3
67
69
  summary: Simple Ruby OAuth library