signet 0.4.4 → 0.4.5
Sign up to get free protection for your applications and to get access to all the features.
- data/CHANGELOG.md +5 -0
- data/Gemfile +2 -1
- data/Gemfile.lock +53 -0
- data/lib/signet.rb +4 -4
- data/lib/signet/errors.rb +5 -5
- data/lib/signet/oauth_1.rb +14 -14
- data/lib/signet/oauth_1/client.rb +43 -43
- data/lib/signet/oauth_1/server.rb +1 -1
- data/lib/signet/oauth_2.rb +5 -6
- data/lib/signet/oauth_2/client.rb +74 -58
- data/lib/signet/version.rb +1 -1
- data/spec/signet/oauth_1/services/google_spec.rb +2 -2
- data/spec/signet/oauth_2/client_spec.rb +21 -1
- data/tasks/yard.rake +2 -1
- metadata +21 -20
data/CHANGELOG.md
CHANGED
data/Gemfile
CHANGED
data/Gemfile.lock
ADDED
@@ -0,0 +1,53 @@
|
|
1
|
+
GEM
|
2
|
+
remote: http://rubygems.org/
|
3
|
+
specs:
|
4
|
+
addressable (2.3.2)
|
5
|
+
bouncy-castle-java (1.5.0146.1)
|
6
|
+
diff-lcs (1.1.3)
|
7
|
+
extlib (0.9.16)
|
8
|
+
faraday (0.8.4)
|
9
|
+
multipart-post (~> 1.1)
|
10
|
+
ffi (1.1.5-java)
|
11
|
+
jruby-openssl (0.8.2)
|
12
|
+
bouncy-castle-java (>= 1.5.0146.1)
|
13
|
+
jwt (0.1.5)
|
14
|
+
multi_json (>= 1.0)
|
15
|
+
kramdown (0.14.1)
|
16
|
+
launchy (2.1.2)
|
17
|
+
addressable (~> 2.3)
|
18
|
+
launchy (2.1.2-java)
|
19
|
+
addressable (~> 2.3)
|
20
|
+
ffi (~> 1.1.1)
|
21
|
+
spoon (~> 0.0.1)
|
22
|
+
multi_json (1.5.0)
|
23
|
+
multipart-post (1.1.5)
|
24
|
+
rake (10.0.3)
|
25
|
+
rcov (1.0.0)
|
26
|
+
rspec (2.12.0)
|
27
|
+
rspec-core (~> 2.12.0)
|
28
|
+
rspec-expectations (~> 2.12.0)
|
29
|
+
rspec-mocks (~> 2.12.0)
|
30
|
+
rspec-core (2.12.2)
|
31
|
+
rspec-expectations (2.12.1)
|
32
|
+
diff-lcs (~> 1.1.3)
|
33
|
+
rspec-mocks (2.12.1)
|
34
|
+
spoon (0.0.1)
|
35
|
+
yard (0.8.3)
|
36
|
+
|
37
|
+
PLATFORMS
|
38
|
+
java
|
39
|
+
ruby
|
40
|
+
|
41
|
+
DEPENDENCIES
|
42
|
+
addressable (>= 2.3.1)
|
43
|
+
extlib (>= 0.9.15)
|
44
|
+
faraday (~> 0.8.1)
|
45
|
+
jruby-openssl
|
46
|
+
jwt (>= 0.1.5)
|
47
|
+
kramdown
|
48
|
+
launchy (>= 2.1.1)
|
49
|
+
multi_json (>= 1.0.0)
|
50
|
+
rake (>= 0.9.0)
|
51
|
+
rcov (>= 0.9.9)
|
52
|
+
rspec (>= 2.11.0)
|
53
|
+
yard
|
data/lib/signet.rb
CHANGED
@@ -19,12 +19,12 @@ module Signet #:nodoc:
|
|
19
19
|
# Production rules from:
|
20
20
|
# http://tools.ietf.org/html/draft-ietf-httpbis-p1-messaging-12
|
21
21
|
token = /[-!#$\%&'*+.^_`|~0-9a-zA-Z]+/
|
22
|
-
d_qdtext = /[\s\x21\x23-\x5B\x5D-\x7E\x80-\xFF]/
|
23
|
-
d_quoted_pair = /\\[\s\x21-\x7E\x80-\xFF]/
|
22
|
+
d_qdtext = /[\s\x21\x23-\x5B\x5D-\x7E\x80-\xFF]/n
|
23
|
+
d_quoted_pair = /\\[\s\x21-\x7E\x80-\xFF]/n
|
24
24
|
d_qs = /"(?:#{d_qdtext}|#{d_quoted_pair})*"/
|
25
25
|
# Production rules that allow for more liberal parsing, i.e. single quotes
|
26
|
-
s_qdtext = /[\s\x21-\x26\x28-\x5B\x5D-\x7E\x80-\xFF]/
|
27
|
-
s_quoted_pair = /\\[\s\x21-\x7E\x80-\xFF]/
|
26
|
+
s_qdtext = /[\s\x21-\x26\x28-\x5B\x5D-\x7E\x80-\xFF]/n
|
27
|
+
s_quoted_pair = /\\[\s\x21-\x7E\x80-\xFF]/n
|
28
28
|
s_qs = /'(?:#{s_qdtext}|#{s_quoted_pair})*'/
|
29
29
|
# Combine the above production rules to find valid auth-param pairs.
|
30
30
|
auth_param = /((?:#{token})\s*=\s*(?:#{d_qs}|#{s_qs}|#{token}))/
|
data/lib/signet/errors.rb
CHANGED
@@ -43,16 +43,16 @@ module Signet
|
|
43
43
|
# A message describing the error.
|
44
44
|
# @param [Hash] options
|
45
45
|
# The configuration parameters for the request.
|
46
|
-
# - <code>:request</code>
|
46
|
+
# - <code>:request</code> -
|
47
47
|
# A Faraday::Request object. Optional.
|
48
|
-
# - <code>:response</code>
|
48
|
+
# - <code>:response</code> -
|
49
49
|
# A Faraday::Response object. Optional.
|
50
|
-
# - <code>:code</code>
|
50
|
+
# - <code>:code</code> -
|
51
51
|
# An error code.
|
52
|
-
# - <code>:description</code>
|
52
|
+
# - <code>:description</code> -
|
53
53
|
# Human-readable text intended to be used to assist in resolving the
|
54
54
|
# error condition.
|
55
|
-
# - <code>:uri</code>
|
55
|
+
# - <code>:uri</code> -
|
56
56
|
# A URI identifying a human-readable web page with additional
|
57
57
|
# information about the error, indended for the resource owner.
|
58
58
|
def initialize(message, options={})
|
data/lib/signet/oauth_1.rb
CHANGED
@@ -169,7 +169,7 @@ module Signet #:nodoc:
|
|
169
169
|
# '&' characters.
|
170
170
|
#
|
171
171
|
# @param [String] method The HTTP method.
|
172
|
-
# @param [Addressable::URI, String, #to_str] The URI.
|
172
|
+
# @param [Addressable::URI, String, #to_str] uri The URI.
|
173
173
|
# @param [Enumerable] parameters The OAuth parameter list.
|
174
174
|
#
|
175
175
|
# @return [String] The signature base string.
|
@@ -274,7 +274,7 @@ module Signet #:nodoc:
|
|
274
274
|
# <code>NotImplementedError</code> exception being raised.
|
275
275
|
#
|
276
276
|
# @param [String] method The HTTP method.
|
277
|
-
# @param [Addressable::URI, String, #to_str] The URI.
|
277
|
+
# @param [Addressable::URI, String, #to_str] uri The URI.
|
278
278
|
# @param [Enumerable] parameters The OAuth parameter list.
|
279
279
|
# @param [String] client_credential_secret The client credential secret.
|
280
280
|
# @param [String] token_credential_secret
|
@@ -307,13 +307,13 @@ module Signet #:nodoc:
|
|
307
307
|
#
|
308
308
|
# @param [Hash] options
|
309
309
|
# The configuration parameters for the request.
|
310
|
-
# - <code>:client_credential_key</code>
|
310
|
+
# - <code>:client_credential_key</code> -
|
311
311
|
# The client credential key.
|
312
|
-
# - <code>:callback</code>
|
312
|
+
# - <code>:callback</code> -
|
313
313
|
# The OAuth callback. Defaults to {Signet::OAuth1::OUT_OF_BAND}.
|
314
|
-
# - <code>:signature_method</code>
|
314
|
+
# - <code>:signature_method</code> -
|
315
315
|
# The signature method. Defaults to <code>'HMAC-SHA1'</code>.
|
316
|
-
# - <code>:additional_parameters</code>
|
316
|
+
# - <code>:additional_parameters</code> -
|
317
317
|
# Non-standard additional parameters.
|
318
318
|
#
|
319
319
|
# @return [Array]
|
@@ -382,13 +382,13 @@ module Signet #:nodoc:
|
|
382
382
|
#
|
383
383
|
# @param [Hash] options
|
384
384
|
# The configuration parameters for the request.
|
385
|
-
# - <code>:client_credential_key</code>
|
385
|
+
# - <code>:client_credential_key</code> -
|
386
386
|
# The client credential key.
|
387
|
-
# - <code>:temporary_credential_key</code>
|
387
|
+
# - <code>:temporary_credential_key</code> -
|
388
388
|
# The temporary credential key.
|
389
|
-
# - <code>:verifier</code>
|
389
|
+
# - <code>:verifier</code> -
|
390
390
|
# The OAuth verifier.
|
391
|
-
# - <code>:signature_method</code>
|
391
|
+
# - <code>:signature_method</code> -
|
392
392
|
# The signature method. Defaults to <code>'HMAC-SHA1'</code>.
|
393
393
|
#
|
394
394
|
# @return [Array]
|
@@ -430,13 +430,13 @@ module Signet #:nodoc:
|
|
430
430
|
#
|
431
431
|
# @param [Hash] options
|
432
432
|
# The configuration parameters for the request.
|
433
|
-
# - <code>:client_credential_key</code>
|
433
|
+
# - <code>:client_credential_key</code> -
|
434
434
|
# The client credential key.
|
435
|
-
# - <code>:token_credential_key</code>
|
435
|
+
# - <code>:token_credential_key</code> -
|
436
436
|
# The token credential key.
|
437
|
-
# - <code>:signature_method</code>
|
437
|
+
# - <code>:signature_method</code> -
|
438
438
|
# The signature method. Defaults to <code>'HMAC-SHA1'</code>.
|
439
|
-
# - <code>:two_legged</code>
|
439
|
+
# - <code>:two_legged</code> -
|
440
440
|
# A switch for two-legged OAuth. Defaults to <code>false</code>.
|
441
441
|
#
|
442
442
|
# @return [Array]
|
@@ -31,17 +31,17 @@ module Signet
|
|
31
31
|
#
|
32
32
|
# @param [Hash] options
|
33
33
|
# The configuration parameters for the client.
|
34
|
-
# - <code>:temporary_credential_uri</code>
|
34
|
+
# - <code>:temporary_credential_uri</code> -
|
35
35
|
# The OAuth temporary credentials URI.
|
36
|
-
# - <code>:authorization_uri</code>
|
36
|
+
# - <code>:authorization_uri</code> -
|
37
37
|
# The OAuth authorization URI.
|
38
|
-
# - <code>:token_credential_uri</code>
|
38
|
+
# - <code>:token_credential_uri</code> -
|
39
39
|
# The OAuth token credentials URI.
|
40
|
-
# - <code>:client_credential_key</code>
|
40
|
+
# - <code>:client_credential_key</code> -
|
41
41
|
# The OAuth client credential key.
|
42
|
-
# - <code>:client_credential_secret</code>
|
42
|
+
# - <code>:client_credential_secret</code> -
|
43
43
|
# The OAuth client credential secret.
|
44
|
-
# - <code>:callback</code>
|
44
|
+
# - <code>:callback</code> - The OAuth callback. Defaults to 'oob'.
|
45
45
|
#
|
46
46
|
# @example
|
47
47
|
# client = Signet::OAuth1::Client.new(
|
@@ -515,11 +515,11 @@ module Signet
|
|
515
515
|
#
|
516
516
|
# @param [Hash] options
|
517
517
|
# The configuration parameters for the request.
|
518
|
-
# - <code>:signature_method</code>
|
518
|
+
# - <code>:signature_method</code> -
|
519
519
|
# The signature method. Defaults to <code>'HMAC-SHA1'</code>.
|
520
|
-
# - <code>:additional_parameters</code>
|
520
|
+
# - <code>:additional_parameters</code> -
|
521
521
|
# Non-standard additional parameters.
|
522
|
-
# - <code>:realm</code>
|
522
|
+
# - <code>:realm</code> -
|
523
523
|
# The Authorization realm. See RFC 2617.
|
524
524
|
#
|
525
525
|
# @return [Array] The request object.
|
@@ -584,13 +584,13 @@ module Signet
|
|
584
584
|
#
|
585
585
|
# @param [Hash] options
|
586
586
|
# The configuration parameters for the request.
|
587
|
-
# - <code>:signature_method</code>
|
587
|
+
# - <code>:signature_method</code> -
|
588
588
|
# The signature method. Defaults to <code>'HMAC-SHA1'</code>.
|
589
|
-
# - <code>:additional_parameters</code>
|
589
|
+
# - <code>:additional_parameters</code> -
|
590
590
|
# Non-standard additional parameters.
|
591
|
-
# - <code>:realm</code>
|
591
|
+
# - <code>:realm</code> -
|
592
592
|
# The Authorization realm. See RFC 2617.
|
593
|
-
# - <code>:connection</code>
|
593
|
+
# - <code>:connection</code> -
|
594
594
|
# The HTTP connection to use.
|
595
595
|
# Must be of type <code>Faraday::Connection</code>.
|
596
596
|
#
|
@@ -639,13 +639,13 @@ module Signet
|
|
639
639
|
#
|
640
640
|
# @param [Hash] options
|
641
641
|
# The configuration parameters for the request.
|
642
|
-
# - <code>:signature_method</code>
|
642
|
+
# - <code>:signature_method</code> -
|
643
643
|
# The signature method. Defaults to <code>'HMAC-SHA1'</code>.
|
644
|
-
# - <code>:additional_parameters</code>
|
644
|
+
# - <code>:additional_parameters</code> -
|
645
645
|
# Non-standard additional parameters.
|
646
|
-
# - <code>:realm</code>
|
646
|
+
# - <code>:realm</code> -
|
647
647
|
# The Authorization realm. See RFC 2617.
|
648
|
-
# - <code>:connection</code>
|
648
|
+
# - <code>:connection</code> -
|
649
649
|
# The HTTP connection to use.
|
650
650
|
# Must be of type <code>Faraday::Connection</code>.
|
651
651
|
#
|
@@ -669,11 +669,11 @@ module Signet
|
|
669
669
|
#
|
670
670
|
# @param [Hash] options
|
671
671
|
# The configuration parameters for the request.
|
672
|
-
# - <code>:verifier</code>
|
672
|
+
# - <code>:verifier</code> -
|
673
673
|
# The OAuth verifier provided by the server. Required.
|
674
|
-
# - <code>:signature_method</code>
|
674
|
+
# - <code>:signature_method</code> -
|
675
675
|
# The signature method. Defaults to <code>'HMAC-SHA1'</code>.
|
676
|
-
# - <code>:realm</code>
|
676
|
+
# - <code>:realm</code> -
|
677
677
|
# The Authorization realm. See RFC 2617.
|
678
678
|
#
|
679
679
|
# @return [Array] The request object.
|
@@ -741,13 +741,13 @@ module Signet
|
|
741
741
|
#
|
742
742
|
# @param [Hash] options
|
743
743
|
# The configuration parameters for the request.
|
744
|
-
# - <code>:verifier</code>
|
744
|
+
# - <code>:verifier</code> -
|
745
745
|
# The OAuth verifier provided by the server. Required.
|
746
|
-
# - <code>:signature_method</code>
|
746
|
+
# - <code>:signature_method</code> -
|
747
747
|
# The signature method. Defaults to <code>'HMAC-SHA1'</code>.
|
748
|
-
# - <code>:realm</code>
|
748
|
+
# - <code>:realm</code> -
|
749
749
|
# The Authorization realm. See RFC 2617.
|
750
|
-
# - <code>:connection</code>
|
750
|
+
# - <code>:connection</code> -
|
751
751
|
# The HTTP connection to use.
|
752
752
|
# Must be of type <code>Faraday::Connection</code>.
|
753
753
|
#
|
@@ -794,13 +794,13 @@ module Signet
|
|
794
794
|
#
|
795
795
|
# @param [Hash] options
|
796
796
|
# The configuration parameters for the request.
|
797
|
-
# - <code>:signature_method</code>
|
797
|
+
# - <code>:signature_method</code> -
|
798
798
|
# The signature method. Defaults to <code>'HMAC-SHA1'</code>.
|
799
|
-
# - <code>:additional_parameters</code>
|
799
|
+
# - <code>:additional_parameters</code> -
|
800
800
|
# Non-standard additional parameters.
|
801
|
-
# - <code>:realm</code>
|
801
|
+
# - <code>:realm</code> -
|
802
802
|
# The Authorization realm. See RFC 2617.
|
803
|
-
# - <code>:connection</code>
|
803
|
+
# - <code>:connection</code> -
|
804
804
|
# The HTTP connection to use.
|
805
805
|
# Must be of type <code>Faraday::Connection</code>.
|
806
806
|
#
|
@@ -822,19 +822,19 @@ module Signet
|
|
822
822
|
#
|
823
823
|
# @param [Hash] options
|
824
824
|
# The configuration parameters for the request.
|
825
|
-
# - <code>:request</code>
|
825
|
+
# - <code>:request</code> -
|
826
826
|
# A pre-constructed request to sign.
|
827
|
-
# - <code>:method</code>
|
827
|
+
# - <code>:method</code> -
|
828
828
|
# The HTTP method for the request. Defaults to :get.
|
829
|
-
# - <code>:uri</code>
|
829
|
+
# - <code>:uri</code> -
|
830
830
|
# The URI for the request.
|
831
|
-
# - <code>:headers</code>
|
831
|
+
# - <code>:headers</code> -
|
832
832
|
# The HTTP headers for the request.
|
833
|
-
# - <code>:body</code>
|
833
|
+
# - <code>:body</code> -
|
834
834
|
# The HTTP body for the request.
|
835
|
-
# - <code>:signature_method</code>
|
835
|
+
# - <code>:signature_method</code> -
|
836
836
|
# The signature method. Defaults to <code>'HMAC-SHA1'</code>.
|
837
|
-
# - <code>:realm</code>
|
837
|
+
# - <code>:realm</code> -
|
838
838
|
# The Authorization realm. See RFC 2617.
|
839
839
|
#
|
840
840
|
# @return [Array] The request object.
|
@@ -947,21 +947,21 @@ module Signet
|
|
947
947
|
#
|
948
948
|
# @param [Hash] options
|
949
949
|
# The configuration parameters for the request.
|
950
|
-
# - <code>:request</code>
|
950
|
+
# - <code>:request</code> -
|
951
951
|
# A pre-constructed request to sign.
|
952
|
-
# - <code>:method</code>
|
952
|
+
# - <code>:method</code> -
|
953
953
|
# The HTTP method for the request. Defaults to :get.
|
954
|
-
# - <code>:uri</code>
|
954
|
+
# - <code>:uri</code> -
|
955
955
|
# The URI for the request.
|
956
|
-
# - <code>:headers</code>
|
956
|
+
# - <code>:headers</code> -
|
957
957
|
# The HTTP headers for the request.
|
958
|
-
# - <code>:body</code>
|
958
|
+
# - <code>:body</code> -
|
959
959
|
# The HTTP body for the request.
|
960
|
-
# - <code>:signature_method</code>
|
960
|
+
# - <code>:signature_method</code> -
|
961
961
|
# The signature method. Defaults to <code>'HMAC-SHA1'</code>.
|
962
|
-
# - <code>:realm</code>
|
962
|
+
# - <code>:realm</code> -
|
963
963
|
# The Authorization realm. See RFC 2617.
|
964
|
-
# - <code>:connection</code>
|
964
|
+
# - <code>:connection</code> -
|
965
965
|
# The HTTP connection to use.
|
966
966
|
# Must be of type <code>Faraday::Connection</code>.
|
967
967
|
#
|
@@ -126,7 +126,7 @@ module Signet
|
|
126
126
|
##
|
127
127
|
# Determine if the verifier is valid by calling the Proc in {#verifier}.
|
128
128
|
#
|
129
|
-
# @param [String] Key provided to the {#verifier} Proc.
|
129
|
+
# @param [String] verifier Key provided to the {#verifier} Proc.
|
130
130
|
# @return [Boolean] if the verifier Proc returns anything other than
|
131
131
|
# <code>nil</code> or <code>false</code>.
|
132
132
|
def find_verifier(verifier)
|
data/lib/signet/oauth_2.rb
CHANGED
@@ -103,13 +103,12 @@ module Signet #:nodoc:
|
|
103
103
|
end
|
104
104
|
|
105
105
|
##
|
106
|
-
# Generates
|
107
|
-
# client password.
|
106
|
+
# Generates an authorization header for an access token
|
108
107
|
#
|
109
|
-
# @param [String]
|
110
|
-
# The
|
111
|
-
# @param [
|
112
|
-
#
|
108
|
+
# @param [String] access_token
|
109
|
+
# The access token.
|
110
|
+
# @param [Hash] auth_params
|
111
|
+
# Additonal parameters to be encoded in the header
|
113
112
|
#
|
114
113
|
# @return [String]
|
115
114
|
# The value for the HTTP Basic Authorization header.
|
@@ -33,47 +33,47 @@ module Signet
|
|
33
33
|
#
|
34
34
|
# @param [Hash] options
|
35
35
|
# The configuration parameters for the client.
|
36
|
-
# - <code>:authorization_uri</code>
|
36
|
+
# - <code>:authorization_uri</code> -
|
37
37
|
# The authorization server's HTTP endpoint capable of
|
38
38
|
# authenticating the end-user and obtaining authorization.
|
39
|
-
# - <code>:token_credential_uri</code>
|
39
|
+
# - <code>:token_credential_uri</code> -
|
40
40
|
# The authorization server's HTTP endpoint capable of issuing
|
41
41
|
# tokens and refreshing expired tokens.
|
42
|
-
# - <code>:client_id</code>
|
42
|
+
# - <code>:client_id</code> -
|
43
43
|
# A unique identifier issued to the client to identify itself to the
|
44
44
|
# authorization server.
|
45
|
-
# - <code>:client_secret</code>
|
45
|
+
# - <code>:client_secret</code> -
|
46
46
|
# A shared symmetric secret issued by the authorization server,
|
47
47
|
# which is used to authenticate the client.
|
48
|
-
# - <code>:scope</code>
|
48
|
+
# - <code>:scope</code> -
|
49
49
|
# The scope of the access request, expressed either as an Array
|
50
50
|
# or as a space-delimited String.
|
51
|
-
# - <code>:state</code>
|
51
|
+
# - <code>:state</code> -
|
52
52
|
# An arbitrary string designed to allow the client to maintain state.
|
53
|
-
# - <code>:code</code>
|
53
|
+
# - <code>:code</code> -
|
54
54
|
# The authorization code received from the authorization server.
|
55
|
-
# - <code>:redirect_uri</code>
|
55
|
+
# - <code>:redirect_uri</code> -
|
56
56
|
# The redirection URI used in the initial request.
|
57
|
-
# - <code>:username</code>
|
57
|
+
# - <code>:username</code> -
|
58
58
|
# The resource owner's username.
|
59
|
-
# - <code>:password</code>
|
59
|
+
# - <code>:password</code> -
|
60
60
|
# The resource owner's password.
|
61
|
-
# - <code>:issuer</code>
|
61
|
+
# - <code>:issuer</code> -
|
62
62
|
# Issuer ID when using assertion profile
|
63
63
|
# - <code>:person</code> -
|
64
64
|
# Target user for assertions
|
65
65
|
# - <code>:expiry</code> -
|
66
66
|
# Number of seconds assertions are valid for
|
67
|
-
# - <code>:signing_key</code>
|
67
|
+
# - <code>:signing_key</code> -
|
68
68
|
# Signing key when using assertion profile
|
69
|
-
# - <code>:refresh_token</code>
|
69
|
+
# - <code>:refresh_token</code> -
|
70
70
|
# The refresh token associated with the access token
|
71
71
|
# to be refreshed.
|
72
|
-
# - <code>:access_token</code>
|
72
|
+
# - <code>:access_token</code> -
|
73
73
|
# The current access token for this client.
|
74
|
-
# - <code>:id_token</code>
|
74
|
+
# - <code>:id_token</code> -
|
75
75
|
# The current ID token for this client.
|
76
|
-
# - <code>:extension_parameters</code>
|
76
|
+
# - <code>:extension_parameters</code> -
|
77
77
|
# When using an extension grant type, this the set of parameters used
|
78
78
|
# by that extension.
|
79
79
|
#
|
@@ -99,49 +99,49 @@ module Signet
|
|
99
99
|
#
|
100
100
|
# @param [Hash] options
|
101
101
|
# The configuration parameters for the client.
|
102
|
-
# - <code>:authorization_uri</code>
|
102
|
+
# - <code>:authorization_uri</code> -
|
103
103
|
# The authorization server's HTTP endpoint capable of
|
104
104
|
# authenticating the end-user and obtaining authorization.
|
105
|
-
# - <code>:token_credential_uri</code>
|
105
|
+
# - <code>:token_credential_uri</code> -
|
106
106
|
# The authorization server's HTTP endpoint capable of issuing
|
107
107
|
# tokens and refreshing expired tokens.
|
108
|
-
# - <code>:client_id</code>
|
108
|
+
# - <code>:client_id</code> -
|
109
109
|
# A unique identifier issued to the client to identify itself to the
|
110
110
|
# authorization server.
|
111
|
-
# - <code>:client_secret</code>
|
111
|
+
# - <code>:client_secret</code> -
|
112
112
|
# A shared symmetric secret issued by the authorization server,
|
113
113
|
# which is used to authenticate the client.
|
114
|
-
# - <code>:scope</code>
|
114
|
+
# - <code>:scope</code> -
|
115
115
|
# The scope of the access request, expressed either as an Array
|
116
116
|
# or as a space-delimited String.
|
117
|
-
# - <code>:state</code>
|
117
|
+
# - <code>:state</code> -
|
118
118
|
# An arbitrary string designed to allow the client to maintain state.
|
119
|
-
# - <code>:code</code>
|
119
|
+
# - <code>:code</code> -
|
120
120
|
# The authorization code received from the authorization server.
|
121
|
-
# - <code>:redirect_uri</code>
|
121
|
+
# - <code>:redirect_uri</code> -
|
122
122
|
# The redirection URI used in the initial request.
|
123
|
-
# - <code>:username</code>
|
123
|
+
# - <code>:username</code> -
|
124
124
|
# The resource owner's username.
|
125
|
-
# - <code>:password</code>
|
125
|
+
# - <code>:password</code> -
|
126
126
|
# The resource owner's password.
|
127
|
-
# - <code>:issuer</code>
|
127
|
+
# - <code>:issuer</code> -
|
128
128
|
# Issuer ID when using assertion profile
|
129
|
-
# - <code>:audience</code>
|
129
|
+
# - <code>:audience</code> -
|
130
130
|
# Target audience for assertions
|
131
131
|
# - <code>:person</code> -
|
132
132
|
# Target user for assertions
|
133
133
|
# - <code>:expiry</code> -
|
134
134
|
# Number of seconds assertions are valid for
|
135
|
-
# - <code>:signing_key</code>
|
135
|
+
# - <code>:signing_key</code> -
|
136
136
|
# Signing key when using assertion profile
|
137
|
-
# - <code>:refresh_token</code>
|
137
|
+
# - <code>:refresh_token</code> -
|
138
138
|
# The refresh token associated with the access token
|
139
139
|
# to be refreshed.
|
140
|
-
# - <code>:access_token</code>
|
140
|
+
# - <code>:access_token</code> -
|
141
141
|
# The current access token for this client.
|
142
|
-
# - <code>:id_token</code>
|
142
|
+
# - <code>:id_token</code> -
|
143
143
|
# The current ID token for this client.
|
144
|
-
# - <code>:extension_parameters</code>
|
144
|
+
# - <code>:extension_parameters</code> -
|
145
145
|
# When using an extension grant type, this the set of parameters used
|
146
146
|
# by that extension.
|
147
147
|
#
|
@@ -182,16 +182,16 @@ module Signet
|
|
182
182
|
#
|
183
183
|
# @param [Hash] options
|
184
184
|
# The configuration parameters related to the token.
|
185
|
-
# - <code>:refresh_token</code>
|
185
|
+
# - <code>:refresh_token</code> -
|
186
186
|
# The refresh token associated with the access token
|
187
187
|
# to be refreshed.
|
188
|
-
# - <code>:access_token</code>
|
188
|
+
# - <code>:access_token</code> -
|
189
189
|
# The current access token for this client.
|
190
|
-
# - <code>:id_token</code>
|
190
|
+
# - <code>:id_token</code> -
|
191
191
|
# The current ID token for this client.
|
192
|
-
# - <code>:expires_in</code>
|
192
|
+
# - <code>:expires_in</code> -
|
193
193
|
# The time in seconds until access token expiration.
|
194
|
-
# - <code>:issued_at</code>
|
194
|
+
# - <code>:issued_at</code> -
|
195
195
|
# The timestamp that the token was issued at.
|
196
196
|
#
|
197
197
|
# @example
|
@@ -429,7 +429,8 @@ module Signet
|
|
429
429
|
# The redirect URI.
|
430
430
|
def redirect_uri=(new_redirect_uri)
|
431
431
|
new_redirect_uri = Addressable::URI.parse(new_redirect_uri)
|
432
|
-
|
432
|
+
#TODO - Better solution to allow google postmessage flow. For now, make an exception to the spec.
|
433
|
+
if new_redirect_uri == nil|| new_redirect_uri.absolute? || uri_is_postmessage?(new_redirect_uri)
|
433
434
|
@redirect_uri = new_redirect_uri
|
434
435
|
else
|
435
436
|
raise ArgumentError, "Redirect URI must be an absolute URI."
|
@@ -506,7 +507,7 @@ module Signet
|
|
506
507
|
# Sets the target audience ID when issuing assertions.
|
507
508
|
# Used only by the assertion grant type.
|
508
509
|
#
|
509
|
-
# @param [String]
|
510
|
+
# @param [String] new_audience
|
510
511
|
# Target audience ID
|
511
512
|
def audience=(new_audience)
|
512
513
|
@audience = new_audience
|
@@ -517,8 +518,8 @@ module Signet
|
|
517
518
|
# Used only by the assertion grant type.
|
518
519
|
#
|
519
520
|
# @return [String] Target user for impersonation.
|
520
|
-
def
|
521
|
-
return @
|
521
|
+
def principal
|
522
|
+
return @principal
|
522
523
|
end
|
523
524
|
|
524
525
|
##
|
@@ -527,10 +528,13 @@ module Signet
|
|
527
528
|
#
|
528
529
|
# @param [String] new_person
|
529
530
|
# Target user for impersonation
|
530
|
-
def
|
531
|
-
@
|
531
|
+
def principal=(new_person)
|
532
|
+
@principal = new_person
|
532
533
|
end
|
533
534
|
|
535
|
+
alias_method :person, :principal
|
536
|
+
alias_method :person=, :principal=
|
537
|
+
|
534
538
|
##
|
535
539
|
# Returns the number of seconds assertions are valid for
|
536
540
|
# Used only by the assertion grant type.
|
@@ -732,6 +736,7 @@ module Signet
|
|
732
736
|
return self.expires_at != nil && Time.now >= self.expires_at
|
733
737
|
end
|
734
738
|
|
739
|
+
|
735
740
|
##
|
736
741
|
# Removes all credentials from the client.
|
737
742
|
def clear_credentials!
|
@@ -745,6 +750,7 @@ module Signet
|
|
745
750
|
@expires_in = nil
|
746
751
|
end
|
747
752
|
|
753
|
+
|
748
754
|
##
|
749
755
|
# Returns the inferred grant type, based on the current state of the
|
750
756
|
# client object. Returns `"none"` if the client has insufficient
|
@@ -803,7 +809,7 @@ module Signet
|
|
803
809
|
#
|
804
810
|
# @param [Hash] options
|
805
811
|
# The configuration parameters for the request.
|
806
|
-
# - <code>:code</code>
|
812
|
+
# - <code>:code</code> -
|
807
813
|
# The authorization code.
|
808
814
|
#
|
809
815
|
# @return [Array] The request object.
|
@@ -902,19 +908,19 @@ module Signet
|
|
902
908
|
#
|
903
909
|
# @param [Hash] options
|
904
910
|
# The configuration parameters for the request.
|
905
|
-
# - <code>:request</code>
|
911
|
+
# - <code>:request</code> -
|
906
912
|
# A pre-constructed request. An OAuth 2 Authorization header
|
907
913
|
# will be added to it, as well as an explicit Cache-Control
|
908
914
|
# `no-store` directive.
|
909
|
-
# - <code>:method</code>
|
915
|
+
# - <code>:method</code> -
|
910
916
|
# The HTTP method for the request. Defaults to 'GET'.
|
911
|
-
# - <code>:uri</code>
|
917
|
+
# - <code>:uri</code> -
|
912
918
|
# The URI for the request.
|
913
|
-
# - <code>:headers</code>
|
919
|
+
# - <code>:headers</code> -
|
914
920
|
# The HTTP headers for the request.
|
915
|
-
# - <code>:body</code>
|
921
|
+
# - <code>:body</code> -
|
916
922
|
# The HTTP body for the request.
|
917
|
-
# - <code>:realm</code>
|
923
|
+
# - <code>:realm</code> -
|
918
924
|
# The Authorization realm. See RFC 2617.
|
919
925
|
#
|
920
926
|
# @return [Faraday::Request] The request object.
|
@@ -971,21 +977,21 @@ module Signet
|
|
971
977
|
#
|
972
978
|
# @param [Hash] options
|
973
979
|
# The configuration parameters for the request.
|
974
|
-
# - <code>:request</code>
|
980
|
+
# - <code>:request</code> -
|
975
981
|
# A pre-constructed request. An OAuth 2 Authorization header
|
976
982
|
# will be added to it, as well as an explicit Cache-Control
|
977
983
|
# `no-store` directive.
|
978
|
-
# - <code>:method</code>
|
984
|
+
# - <code>:method</code> -
|
979
985
|
# The HTTP method for the request. Defaults to 'GET'.
|
980
|
-
# - <code>:uri</code>
|
986
|
+
# - <code>:uri</code> -
|
981
987
|
# The URI for the request.
|
982
|
-
# - <code>:headers</code>
|
988
|
+
# - <code>:headers</code> -
|
983
989
|
# The HTTP headers for the request.
|
984
|
-
# - <code>:body</code>
|
990
|
+
# - <code>:body</code> -
|
985
991
|
# The HTTP body for the request.
|
986
|
-
# - <code>:realm</code>
|
992
|
+
# - <code>:realm</code> -
|
987
993
|
# The Authorization realm. See RFC 2617.
|
988
|
-
# - <code>:connection</code>
|
994
|
+
# - <code>:connection</code> -
|
989
995
|
# The HTTP connection to use.
|
990
996
|
# Must be of type <code>Faraday::Connection</code>.
|
991
997
|
#
|
@@ -1026,6 +1032,16 @@ module Signet
|
|
1026
1032
|
return response
|
1027
1033
|
end
|
1028
1034
|
end
|
1035
|
+
|
1036
|
+
private
|
1037
|
+
|
1038
|
+
##
|
1039
|
+
# Check if URI is Google's postmessage flow (not a valid redirect_uri by spec, but allowed)
|
1040
|
+
# @private
|
1041
|
+
def uri_is_postmessage?(uri)
|
1042
|
+
return uri.to_s.casecmp('postmessage') == 0
|
1043
|
+
end
|
1044
|
+
|
1029
1045
|
end
|
1030
1046
|
end
|
1031
1047
|
end
|
data/lib/signet/version.rb
CHANGED
@@ -100,7 +100,7 @@ describe Signet::OAuth1::Client, 'configured for standard Google APIs' do
|
|
100
100
|
@client.token_credential_secret = '12345'
|
101
101
|
@client.fetch_protected_resource(
|
102
102
|
:uri =>
|
103
|
-
'
|
103
|
+
'https://www.google.com/m8/feeds/'
|
104
104
|
)
|
105
105
|
end).should raise_error(Signet::AuthorizationError)
|
106
106
|
end
|
@@ -232,7 +232,7 @@ describe Signet::OAuth1::Client, 'configured for two-legged OAuth' do
|
|
232
232
|
(lambda do
|
233
233
|
@client.fetch_protected_resource(
|
234
234
|
:uri =>
|
235
|
-
'
|
235
|
+
'https://www.google.com/m8/feeds/'
|
236
236
|
)
|
237
237
|
end).should raise_error(Signet::AuthorizationError)
|
238
238
|
end
|
@@ -71,7 +71,14 @@ describe Signet::OAuth2::Client, 'unconfigured' do
|
|
71
71
|
@client = Signet::OAuth2::Client.new(:redirect_uri => '/relative/path')
|
72
72
|
end).should raise_error(ArgumentError)
|
73
73
|
end
|
74
|
-
|
74
|
+
|
75
|
+
it 'should allow "postmessage" as a redirect URI (Google hack)' do
|
76
|
+
@client.authorization_uri = 'https://example.com/authorize'
|
77
|
+
@client.client_id = 's6BhdRkqt3'
|
78
|
+
@client.redirect_uri = 'postmessage'
|
79
|
+
@client.authorization_uri.query_values['redirect_uri'].should == 'postmessage'
|
80
|
+
end
|
81
|
+
|
75
82
|
it 'should have no authorization_uri' do
|
76
83
|
@client.authorization_uri.should == nil
|
77
84
|
end
|
@@ -165,6 +172,19 @@ describe Signet::OAuth2::Client, 'configured for assertions profile' do
|
|
165
172
|
end
|
166
173
|
|
167
174
|
it 'should generate valid JWTs for impersonation' do
|
175
|
+
@client.principal = 'user@example.com'
|
176
|
+
jwt = @client.to_jwt
|
177
|
+
jwt.should_not == nil
|
178
|
+
|
179
|
+
claim = JWT.decode(jwt, @key.public_key, true)
|
180
|
+
claim["iss"].should == 'app@example.com'
|
181
|
+
claim["prn"].should == 'user@example.com'
|
182
|
+
claim["scope"].should == 'https://www.googleapis.com/auth/userinfo.profile'
|
183
|
+
claim["aud"].should == 'https://accounts.google.com/o/oauth2/token'
|
184
|
+
end
|
185
|
+
|
186
|
+
|
187
|
+
it 'should generate valid JWTs for impersonation using deprecated person attribute' do
|
168
188
|
@client.person = 'user@example.com'
|
169
189
|
jwt = @client.to_jwt
|
170
190
|
jwt.should_not == nil
|
data/tasks/yard.rake
CHANGED
@@ -11,7 +11,8 @@ namespace :doc do
|
|
11
11
|
yardoc.name = 'yard'
|
12
12
|
yardoc.options = ['--verbose', '--markup', 'markdown']
|
13
13
|
yardoc.files = [
|
14
|
-
'lib/**/*.rb', 'ext/**/*.c', '
|
14
|
+
'lib/**/*.rb', 'ext/**/*.c', '-',
|
15
|
+
'README.md', 'CHANGELOG.md', 'LICENSE'
|
15
16
|
]
|
16
17
|
end
|
17
18
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: signet
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.4.
|
4
|
+
version: 0.4.5
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -9,11 +9,11 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date:
|
12
|
+
date: 2013-01-18 00:00:00.000000000Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: addressable
|
16
|
-
requirement: &
|
16
|
+
requirement: &70325836933680 !ruby/object:Gem::Requirement
|
17
17
|
none: false
|
18
18
|
requirements:
|
19
19
|
- - ! '>='
|
@@ -21,10 +21,10 @@ dependencies:
|
|
21
21
|
version: 2.2.3
|
22
22
|
type: :runtime
|
23
23
|
prerelease: false
|
24
|
-
version_requirements: *
|
24
|
+
version_requirements: *70325836933680
|
25
25
|
- !ruby/object:Gem::Dependency
|
26
26
|
name: faraday
|
27
|
-
requirement: &
|
27
|
+
requirement: &70325836932980 !ruby/object:Gem::Requirement
|
28
28
|
none: false
|
29
29
|
requirements:
|
30
30
|
- - ~>
|
@@ -32,10 +32,10 @@ dependencies:
|
|
32
32
|
version: 0.8.1
|
33
33
|
type: :runtime
|
34
34
|
prerelease: false
|
35
|
-
version_requirements: *
|
35
|
+
version_requirements: *70325836932980
|
36
36
|
- !ruby/object:Gem::Dependency
|
37
37
|
name: multi_json
|
38
|
-
requirement: &
|
38
|
+
requirement: &70325836931580 !ruby/object:Gem::Requirement
|
39
39
|
none: false
|
40
40
|
requirements:
|
41
41
|
- - ! '>='
|
@@ -43,10 +43,10 @@ dependencies:
|
|
43
43
|
version: 1.0.0
|
44
44
|
type: :runtime
|
45
45
|
prerelease: false
|
46
|
-
version_requirements: *
|
46
|
+
version_requirements: *70325836931580
|
47
47
|
- !ruby/object:Gem::Dependency
|
48
48
|
name: jwt
|
49
|
-
requirement: &
|
49
|
+
requirement: &70325836928460 !ruby/object:Gem::Requirement
|
50
50
|
none: false
|
51
51
|
requirements:
|
52
52
|
- - ! '>='
|
@@ -54,10 +54,10 @@ dependencies:
|
|
54
54
|
version: 0.1.5
|
55
55
|
type: :runtime
|
56
56
|
prerelease: false
|
57
|
-
version_requirements: *
|
57
|
+
version_requirements: *70325836928460
|
58
58
|
- !ruby/object:Gem::Dependency
|
59
59
|
name: rake
|
60
|
-
requirement: &
|
60
|
+
requirement: &70325836921580 !ruby/object:Gem::Requirement
|
61
61
|
none: false
|
62
62
|
requirements:
|
63
63
|
- - ! '>='
|
@@ -65,10 +65,10 @@ dependencies:
|
|
65
65
|
version: 0.9.0
|
66
66
|
type: :development
|
67
67
|
prerelease: false
|
68
|
-
version_requirements: *
|
68
|
+
version_requirements: *70325836921580
|
69
69
|
- !ruby/object:Gem::Dependency
|
70
70
|
name: rspec
|
71
|
-
requirement: &
|
71
|
+
requirement: &70325836921000 !ruby/object:Gem::Requirement
|
72
72
|
none: false
|
73
73
|
requirements:
|
74
74
|
- - ! '>='
|
@@ -76,10 +76,10 @@ dependencies:
|
|
76
76
|
version: 2.11.0
|
77
77
|
type: :development
|
78
78
|
prerelease: false
|
79
|
-
version_requirements: *
|
79
|
+
version_requirements: *70325836921000
|
80
80
|
- !ruby/object:Gem::Dependency
|
81
81
|
name: launchy
|
82
|
-
requirement: &
|
82
|
+
requirement: &70325836920220 !ruby/object:Gem::Requirement
|
83
83
|
none: false
|
84
84
|
requirements:
|
85
85
|
- - ! '>='
|
@@ -87,7 +87,7 @@ dependencies:
|
|
87
87
|
version: 2.1.1
|
88
88
|
type: :development
|
89
89
|
prerelease: false
|
90
|
-
version_requirements: *
|
90
|
+
version_requirements: *70325836920220
|
91
91
|
description: ! 'Signet is an OAuth 1.0 / OAuth 2.0 implementation.
|
92
92
|
|
93
93
|
'
|
@@ -100,17 +100,17 @@ files:
|
|
100
100
|
- lib/compat/digest/hmac.rb
|
101
101
|
- lib/compat/multi_json.rb
|
102
102
|
- lib/compat/securerandom.rb
|
103
|
+
- lib/signet.rb
|
103
104
|
- lib/signet/errors.rb
|
105
|
+
- lib/signet/oauth_1.rb
|
104
106
|
- lib/signet/oauth_1/client.rb
|
105
107
|
- lib/signet/oauth_1/credential.rb
|
106
108
|
- lib/signet/oauth_1/server.rb
|
107
109
|
- lib/signet/oauth_1/signature_methods/hmac_sha1.rb
|
108
|
-
- lib/signet/oauth_1.rb
|
109
|
-
- lib/signet/oauth_2/client.rb
|
110
110
|
- lib/signet/oauth_2.rb
|
111
|
+
- lib/signet/oauth_2/client.rb
|
111
112
|
- lib/signet/ssl_config.rb
|
112
113
|
- lib/signet/version.rb
|
113
|
-
- lib/signet.rb
|
114
114
|
- spec/force_compat/digest/hmac.rb
|
115
115
|
- spec/force_compat/securerandom.rb
|
116
116
|
- spec/signet/oauth_1/client_spec.rb
|
@@ -134,9 +134,10 @@ files:
|
|
134
134
|
- website/index.html
|
135
135
|
- CHANGELOG.md
|
136
136
|
- Gemfile
|
137
|
+
- Gemfile.lock
|
137
138
|
- LICENSE
|
138
|
-
- Rakefile
|
139
139
|
- README.md
|
140
|
+
- Rakefile
|
140
141
|
homepage: http://code.google.com/p/oauth-signet/
|
141
142
|
licenses: []
|
142
143
|
post_install_message:
|