signet 0.5.1 → 0.6.0

checksums.yaml

@@ -1,7 +1,15 @@
 ---
-SHA1:
-  metadata.gz: a90553898c900b623be7bcd66492052606823e88
-  data.tar.gz: 79d812b9a1bf1c00a548b48a5434dd8a3f40cb39
+!binary "U0hBMQ==":
+  metadata.gz: !binary |-
+    ODJiNTkyYjQ1OGRkNDY2Y2RjNDZiY2U1YjJhNWI3MWFmNmU5OTNiNw==
+  data.tar.gz: !binary |-
+    MGUyODYzMjdmODI4Y2U4YjE5YTMyYzY2ZDU1ZWE3ZGFlYjZmNjRlMw==
 SHA512:
-  metadata.gz: b41031268b8c1e10cea6cc132edcb85954c398927ecd7c364c401fab64930758c47a87d4ffb4b1c196f6c6e9dedd3a2cf893d939910440649f560c39555b0546
-  data.tar.gz: be0549ccf4f39e5d7d0a67b209884c798bfcec5bda4618a27e6e96579cec21ff54d76f08c64cf606925cf9c04015c72c678f3066b3cfa75daf60648ae8bb6c29
+  metadata.gz: !binary |-
+    YTIyZGY5MDFjYmM4OWQwOWQzNTBjM2ZmNTNiNjg2ODBlYzAzMTdkOWQ4MWRh
+    OGQ4NTcxMjhkMGYxZmQyZGVhZTk5YzI3N2IyN2JmYjM0OTIyYTc2Yzc2ZTAw
+    MmRiZDRjZjM2NzFkMjdhYTEyNzQ5YTBlMjljZGU5NDA0YzRjZTc=
+  data.tar.gz: !binary |-
+    MWY0ZWJhNDg2MWQ1YjlkODQ5ZmQzMzBjNmRjZWVhYjA5N2JkZjU5YjRkMjU2
+    ZTBkNzNmZGQ5NDU4YjgyZjMxM2FiODdhZjM3YjE4OWZkYzBhZTk2ZGMxZWM5
+    YmE4YzU2YzI2M2E0NGIzZDI5ODMzYWJhMzM5MjkzMmQ5MjM5NTM=

data/CHANGELOG.md

@@ -1,3 +1,10 @@
+# 0.6.0
+
+* Drop support for ruby versions < 1.9.3
+* Update gem dependencies and lock down versions tighter
+* Allow form encoded responses when exchanging OAuth 2 authorization codes
+* Normalize options keys for indifferent access
+
 # 0.5.1
 
 * Allow Hash objects to be used to initialize authorization URI

data/Gemfile

@@ -1,22 +1,5 @@
 source 'https://rubygems.org'
 
-gem 'addressable', '>= 2.3.1'
-gem 'faraday', '>= 0.9.0.rc5'
-gem 'multi_json', '>= 1.0.0'
-gem 'jwt', '>= 0.1.5'
-gem 'extlib', '>= 0.9.15'
-gem 'jruby-openssl', :platforms => :jruby
-
-group :development do
-  gem 'launchy', '>= 2.1.1'
-  gem 'yard'
-  gem 'kramdown'
-end
+gemspec
 
-
-group :test, :development do
-  gem 'json', '~> 1.7.7'
-  gem 'rake', '>= 0.9.0'
-  gem 'rspec', '>= 2.11.0'
-  gem 'rcov', '>= 0.9.9', :platform => :mri_18
-end
+gem 'jruby-openssl', :platforms => :jruby

data/lib/signet/oauth_2/client.rb

@@ -153,26 +153,27 @@ module Signet
       # @see Signet::OAuth2::Client#initialize
       # @see Signet::OAuth2::Client#update_token!
       def update!(options={})
-        # Normalize key to String to allow indifferent access.
-        options = options.inject({}) { |accu, (k, v)| accu[k.to_s] = v; accu }
-        self.authorization_uri = options["authorization_uri"] if options.has_key?("authorization_uri")
-        self.token_credential_uri = options["token_credential_uri"] if options.has_key?("token_credential_uri")
-        self.client_id = options["client_id"] if options.has_key?("client_id")
-        self.client_secret = options["client_secret"] if options.has_key?("client_secret")
-        self.scope = options["scope"] if options.has_key?("scope")
-        self.state = options["state"] if options.has_key?("state")
-        self.code = options["code"] if options.has_key?("code")
-        self.redirect_uri = options["redirect_uri"] if options.has_key?("redirect_uri")
-        self.username = options["username"] if options.has_key?("username")
-        self.password = options["password"] if options.has_key?("password")
-        self.issuer = options["issuer"] if options.has_key?("issuer")
-        self.person = options["person"] if options.has_key?("person")
-        self.sub = options["sub"] if options.has_key?("sub")
-        self.expiry = options["expiry"] || 60
-        self.audience = options["audience"] if options.has_key?("audience")
-        self.signing_key = options["signing_key"] if options.has_key?("signing_key")
-        self.extension_parameters = options["extension_parameters"] || {}
-        self.additional_parameters = options["additional_parameters"] || {}
+        # Normalize all keys to symbols to allow indifferent access.
+        options = deep_hash_normalize(options)
+
+        self.authorization_uri = options[:authorization_uri] if options.has_key?(:authorization_uri)
+        self.token_credential_uri = options[:token_credential_uri] if options.has_key?(:token_credential_uri)
+        self.client_id = options[:client_id] if options.has_key?(:client_id)
+        self.client_secret = options[:client_secret] if options.has_key?(:client_secret)
+        self.scope = options[:scope] if options.has_key?(:scope)
+        self.state = options[:state] if options.has_key?(:state)
+        self.code = options[:code] if options.has_key?(:code)
+        self.redirect_uri = options[:redirect_uri] if options.has_key?(:redirect_uri)
+        self.username = options[:username] if options.has_key?(:username)
+        self.password = options[:password] if options.has_key?(:password)
+        self.issuer = options[:issuer] if options.has_key?(:issuer)
+        self.person = options[:person] if options.has_key?(:person)
+        self.sub = options[:sub] if options.has_key?(:sub)
+        self.expiry = options[:expiry] || 60
+        self.audience = options[:audience] if options.has_key?(:audience)
+        self.signing_key = options[:signing_key] if options.has_key?(:signing_key)
+        self.extension_parameters = options[:extension_parameters] || {}
+        self.additional_parameters = options[:additional_parameters] || {}
         self.update_token!(options)
         return self
       end
@@ -206,19 +207,20 @@ module Signet
       # @see Signet::OAuth2::Client#initialize
       # @see Signet::OAuth2::Client#update!
       def update_token!(options={})
-        # Normalize key to String to allow indifferent access.
-        options = options.inject({}) { |accu, (k, v)| accu[k.to_s] = v; accu }
+        # Normalize all keys to symbols to allow indifferent access internally
+        options = deep_hash_normalize(options)
 
-        self.expires_in = options["expires_in"] if options.has_key?("expires_in")
-        self.expires_at = options["expires_at"] if options.has_key?("expires_at")
+        self.expires_in = options[:expires] if options.has_key?(:expires)
+        self.expires_in = options[:expires_in] if options.has_key?(:expires_in)
+        self.expires_at = options[:expires_at] if options.has_key?(:expires_at)
 
         # By default, the token is issued at `Time.now` when `expires_in` is
         # set, but this can be used to supply a more precise time.
-        self.issued_at = options["issued_at"] if options.has_key?("issued_at")
+        self.issued_at = options[:issued_at] if options.has_key?(:issued_at)
 
-        self.access_token = options["access_token"] if options.has_key?("access_token")
-        self.refresh_token = options["refresh_token"] if options.has_key?("refresh_token")
-        self.id_token = options["id_token"] if options.has_key?("id_token")
+        self.access_token = options[:access_token] if options.has_key?(:access_token)
+        self.refresh_token = options[:refresh_token] if options.has_key?(:refresh_token)
+        self.id_token = options[:id_token] if options.has_key?(:id_token)
 
         return self
       end
@@ -230,6 +232,9 @@ module Signet
       #
       # @see Signet::OAuth2.generate_authorization_uri
       def authorization_uri(options={})
+        # Normalize external input
+        options = deep_hash_normalize(options)
+
         return nil if @authorization_uri == nil
         unless options[:response_type]
           options[:response_type] = :code
@@ -272,15 +277,7 @@ module Signet
       # @param [Addressable::URI, Hash, String, #to_str] new_authorization_uri
       #   The authorization URI.
       def authorization_uri=(new_authorization_uri)
-        if new_authorization_uri != nil
-          new_authorization_uri = Addressable::URI.send(
-            new_authorization_uri.kind_of?(Hash) ? :new : :parse,
-            new_authorization_uri
-          )
-          @authorization_uri = new_authorization_uri
-        else
-          @authorization_uri = nil
-        end
+        @authorization_uri = coerce_uri(new_authorization_uri)
       end
 
       ##
@@ -297,14 +294,16 @@ module Signet
       # @param [Addressable::URI, Hash, String, #to_str] new_token_credential_uri
       #   The token credential URI.
       def token_credential_uri=(new_token_credential_uri)
-        if new_token_credential_uri != nil
-          new_token_credential_uri = Addressable::URI.send(
-            new_token_credential_uri.kind_of?(Hash) ? :new : :parse,
-            new_token_credential_uri
-          )
-          @token_credential_uri = new_token_credential_uri
-        else
-          @token_credential_uri = nil
+        @token_credential_uri = coerce_uri(new_token_credential_uri)
+      end
+
+      # Addressable expects URIs formatted as hashes to come in with symbols as keys. 
+      # Returns nil implicitly for the nil case.
+      def coerce_uri(incoming_uri)
+        if incoming_uri.is_a? Hash
+          Addressable::URI.new(deep_hash_normalize(incoming_uri))
+        elsif incoming_uri
+          Addressable::URI.parse(incoming_uri)
         end
       end
 
@@ -692,14 +691,14 @@ module Signet
       #
       # @return [String] The decoded ID token.
       def decoded_id_token(public_key=nil)
-        decoded = JWT.decode(self.id_token, public_key, !!public_key)
-        if !decoded.has_key?('aud')
+        payload, header = JWT.decode(self.id_token, public_key, !!public_key)
+        if !payload.has_key?('aud')
           raise Signet::UnsafeOperationError, 'No ID token audience declared.'
-        elsif decoded['aud'] != self.client_id
+        elsif payload['aud'] != self.client_id
           raise Signet::UnsafeOperationError,
             'ID token audience did not match Client ID.'
         end
-        return decoded
+        return payload
       end
 
       ##
@@ -827,6 +826,8 @@ module Signet
       end
 
       def to_jwt(options={})
+        options = deep_hash_normalize(options)
+
         now = Time.new
         skew = options[:skew] || 60
         assertion = {
@@ -881,6 +882,8 @@ module Signet
       #
       # @return [Array] The request object.
       def generate_access_token_request(options={})
+        options = deep_hash_normalize(options)
+
         if self.token_credential_uri == nil
           raise ArgumentError, 'Missing token endpoint URI.'
         end
@@ -926,13 +929,16 @@ module Signet
       end
 
       def fetch_access_token(options={})
+        options = deep_hash_normalize(options)
+
         options[:connection] ||= Faraday.default_connection
         request = self.generate_access_token_request(options)
         request_env = request.to_env(options[:connection])
         request_env[:request] ||= request
         response = options[:connection].app.call(request_env)
         if response.status.to_i == 200
-          return ::Signet::OAuth2.parse_json_credentials(response.body)
+          content_type = response.headers['content-type']
+          return ::Signet::OAuth2.parse_credentials(response.body, content_type)
         elsif [400, 401, 403].include?(response.status.to_i)
           message = 'Authorization failed.'
           if response.body.to_s.strip.length > 0
@@ -953,6 +959,8 @@ module Signet
       end
 
       def fetch_access_token!(options={})
+        options = deep_hash_normalize(options)
+
         token_hash = self.fetch_access_token(options)
         if token_hash
           # No-op for grant types other than `authorization_code`.
@@ -968,6 +976,8 @@ module Signet
       ##
       # Refresh the access token, if possible
       def refresh!(options={})
+        options = deep_hash_normalize(options)
+
         self.fetch_access_token!(options)
       end
 
@@ -993,6 +1003,8 @@ module Signet
       #
       # @return [Faraday::Request] The request object.
       def generate_authenticated_request(options={})
+        options = deep_hash_normalize(options)
+
         if self.access_token == nil
           raise ArgumentError, 'Missing access token.'
         end
@@ -1081,6 +1093,8 @@ module Signet
       #
       # @return [Array] The response object.
       def fetch_protected_resource(options={})
+        options = deep_hash_normalize(options)
+
         options[:connection] ||= Faraday.default_connection
         request = self.generate_authenticated_request(options)
         request_env = request.to_env(options[:connection])
@@ -1116,7 +1130,25 @@ module Signet
       def uri_is_oob?(uri)
         return uri.to_s == 'urn:ietf:wg:oauth:2.0:oob' || uri.to_s == 'oob'
       end
+      
+      # Convert all keys in this hash (nested) to symbols for uniform retrieval
+      def recursive_hash_normalize_keys(val)
+        if val.is_a? Hash
+          deep_hash_normalize(val)
+        else
+          val
+        end
+      end
+
+      def deep_hash_normalize(old_hash)
+        old_hash.inject(formatted_hash={}) do |formatted_hash,(k,v)|
 
+          formatted_hash[k.to_sym] = recursive_hash_normalize_keys(v)
+          formatted_hash
+        end
+
+        formatted_hash
+      end
     end
   end
 end

data/lib/signet/oauth_2.rb

@@ -74,11 +74,18 @@ module Signet #:nodoc:
       return Signet.parse_auth_param_list(challenge_string)
     end
 
-    def self.parse_json_credentials(body)
+    def self.parse_credentials(body, content_type)
       if !body.kind_of?(String)
         raise TypeError, "Expected String, got #{body.class}."
       end
-      return MultiJson.load(body)
+      case content_type
+      when /^application\/json.*/
+        return MultiJson.load(body)
+      when /^application\/x-www-form-urlencoded.*/
+        return Hash[Addressable::URI.form_unencode(body)]
+      else
+        raise ArgumentError, "Invalid content type '#{content_type}'"
+      end
     end
 
     ##

data/lib/signet/version.rb

@@ -17,8 +17,8 @@ unless defined? Signet::VERSION
   module Signet
     module VERSION
       MAJOR = 0
-      MINOR = 5
-      TINY  = 1
+      MINOR = 6
+      TINY  = 0
 
       STRING = [MAJOR, MINOR, TINY].join('.')
     end

data/signet.gemspec

@@ -0,0 +1,38 @@
+# -*- encoding: utf-8 -*-
+# stub: signet 0.5.1 ruby lib
+require File.join(File.dirname(__FILE__), 'lib/signet', 'version')
+
+Gem::Specification.new do |s|
+  s.name = "signet"
+  s.version = Signet::VERSION::STRING
+
+  s.required_rubygems_version = ">= 1.3.5"
+  s.require_paths = ["lib"]
+  s.authors = ["Bob Aman", "Steven Bazyl"]
+  s.license = "Apache-2.0"
+  s.description = "Signet is an OAuth 1.0 / OAuth 2.0 implementation.\n"
+  s.email = "sbazyl@google.com"
+  s.extra_rdoc_files = ["README.md"]
+  s.files = %w(signet.gemspec Rakefile LICENSE CHANGELOG.md README.md Gemfile)
+  s.files += Dir.glob("lib/**/*.rb")
+  s.files += Dir.glob("spec/**/*.{rb,opts}")
+  s.files += Dir.glob("vendor/**/*.rb")
+  s.files += Dir.glob("tasks/**/*")
+  s.files += Dir.glob("website/**/*")
+  s.homepage = "https://github.com/google/signet/"
+  s.rdoc_options = ["--main", "README.md"]
+  s.summary = "Signet is an OAuth 1.0 / OAuth 2.0 implementation."
+
+  s.add_runtime_dependency 'addressable', '~> 2.3'
+  s.add_runtime_dependency 'faraday', '~> 0.9'
+  s.add_runtime_dependency 'multi_json', '~> 1.10'
+  s.add_runtime_dependency 'jwt', '~> 1.0'
+  s.add_runtime_dependency 'extlib', '~> 0.9'
+
+  s.add_development_dependency 'rake', '~> 10.0'
+  s.add_development_dependency 'yard', '~> 0.8'
+  s.add_development_dependency 'rspec', '~> 3.1'
+  s.add_development_dependency 'launchy', '~> 2.4'
+  s.add_development_dependency 'kramdown', '~> 1.5'
+  s.add_development_dependency 'simplecov', '~> 0.9'
+end