simplificator-withings 0.4.5 → 0.6.0

data/README.rdoc

@@ -4,6 +4,10 @@ This is a ruby implementation for the Withings API. Description of the API can b
 
 == Versions ==
 
+=== 0.6.0 ===
+
+OAuth implemented. This version is not compatible to previous releases.
+Authentication via userid/publickey is not supported anymore.
 
 === 0.4.5 ===
 E-Mail Address is downcased before hashing it (authentication)
@@ -35,16 +39,11 @@ The old method is still there but please update your code. It will be removed in
 == Installation
 
 gem install simplificator-withings
+gem install ruby-hmac
 
 == Authentication
 
-The WBS API provides a way to login by user_id and public_key. You can either ask your users to enter the user_id/public_key manually
-(they can be found in the sharing overlay on my.withings.com) or ask them for email/password once and then use those credentials
-to authenticate through the API (User.authenticate(email, password)). The User instance returned will have the
-user_id and public_key attributes populated and you can store them for further use.
-
-As soon as you have user_id/public_key available you can either use User.info or User.new to create a User instance. While User.info
-will make an API call to populate the attributes, User.new just requires user_id/public_key.
+The WBS API now uses OAuth. See the API documentation for details.
 
 == TODO
 
@@ -85,19 +84,9 @@ Require the API implementation
 All classes are name-spaced, if your other code allows you can include Withings
   include Withings
 
-A user can be authenticated with email address and password
-  user = User.userlist('<YOUR EMAIL ADDRESS>', '<YOUR PASSWORD>').first # or any other user which is returned
-
-Or you can fetch details if you have the user id and public key
-  user = User.info('<YOUR USER ID>', '<YOUR PUBLIC KEY>')
-
-If you already have user id and public key and you do not need further information on the user
-  user = User.new(:user_id => '<YOUR USER ID>', :public_key => '<YOUR PUBLIC_KEY>')
+A user can be authenticated using user id and oauth token/secret
+  user = User.authenticate('<YOUR USER ID>', '<YOUR OAUTH TOKEN>', '<YOUR OAUTH TOKEN SECRET>')
 
-enable/disable sharing, disabling it will reset the public key
-  user.share() # share all
-  user.share(Withings::SCALE, Withings::BLOOD_PRESSURE_MONITOR)
-  user.share(0)
 
 You can handle subscriptions through the API (all devices currently known => Scale + Blood Pressure Monitor)
   user.subscribe_notification('http://foo.bar.com', 'test subscription')
@@ -147,4 +136,4 @@ Thanks for these Gems.
 
 == Copyright
 
-Copyright (c) 2010 simplificator. See LICENSE for details.
+Copyright (c) 2012 simplificator. See LICENSE for details.

data/lib/withings/base.rb

@@ -1,6 +1,24 @@
 module Withings
   SCALE = 1
   BLOOD_PRESSURE_MONITOR = 4
+  
+  def self.consumer_secret=(value)
+    @consumer_secret = value
+  end
+  
+  def self.consumer_secret
+    raise 'Please specify consumer_secret' unless @consumer_secret
+    @consumer_secret
+  end
+  
+  def self.consumer_key=(value)
+    @consumer_key = value
+  end
+  
+  def self.consumer_key
+    raise 'Please specify consumer_key' unless @consumer_key
+    @consumer_key
+  end
 end
 
 # Copied over from ActiveSupport

data/lib/withings/connection.rb

@@ -14,19 +14,71 @@ class Withings::Connection
     @user = user
   end
 
-  def self.get_request(path, params)
+  def self.get_request(path, token, secret, params)
+    signature = Connection.sign(base_uri + path, params, token, secret)
+    params.merge!({:oauth_signature => signature})
+    
     response = self.get(path, :query => params)
     verify_response!(response, path, params)
   end
 
-  # Merges the params with public_key and user_id for authentication.
+
   def get_request(path, params)
-    params =  params.merge(:publickey => @user.public_key, :userid => @user.user_id)
+    params.merge!({:userid => @user.user_id})
+    signature = Connection.sign(self.class.base_uri + path, params, @user.oauth_token, @user.oauth_token_secret)
+    params.merge!({:oauth_signature => signature})
+    
     response = self.class.get(path, :query => params)
     self.class.verify_response!(response, path, params)
   end
-
+  
   protected
+  
+  def self.sign(url, params, token, secret)
+    params.merge!({
+      :oauth_consumer_key => Withings.consumer_key,
+      :oauth_nonce => oauth_nonce,
+      :oauth_signature_method => oauth_signature_method,
+      :oauth_timestamp => oauth_timestamp,
+      :oauth_version => oauth_version,
+      :oauth_token => token
+    })
+    calculate_oauth_signature('GET', url, params, secret)
+  end
+  
+  
+  def self.oauth_timestamp
+    Time.now.to_i
+  end
+  
+  def self.oauth_version
+    '1.0'
+  end
+  
+  def self.oauth_signature_method
+    'HMAC-SHA1'
+  end
+  
+  def self.oauth_nonce
+    rand(10 ** 30).to_s(16)
+  end
+  
+  def self.calculate_oauth_signature(method, url, params, oauth_token_secret)
+    # oauth signing is picky with sorting (based on a digest)
+    params = params.to_a.map() do |item| 
+      [item.first.to_s, item.last]
+    end.sort
+    
+    param_string = params.map() {|key, value| "#{key}=#{value}"}.join('&')
+    base_string = [method, CGI.escape(url), CGI.escape(param_string)].join('&')
+    
+    secret = [Withings.consumer_secret, oauth_token_secret].join('&')
+    
+    digest = HMAC::SHA1.digest(secret, base_string)
+    Base64.encode64(digest).chomp.gsub( /\n/, '' )
+  end
+  
+  
   # Verifies the status code in the JSON response and returns either the body element or raises ApiError
   def self.verify_response!(response, path, params)
     if response['status'] == 0
@@ -35,4 +87,18 @@ class Withings::Connection
       raise Withings::ApiError.new(response['status'], path, params)
     end
   end
-end
+end
+
+
+#http://wbsapi.withings.net/measure?action=getmeas&
+#oauth_consumer_key=7e563166232c6821742b4c277350494a455f392b353e5d49712a34762a&
+#oauth_nonce=f22d74f2209ddf0c6558a47c02841fb1&
+#oauth_signature=yAF9SgZa09SPl3H1Y5aAoXgyauc=&
+#oauth_token=c68567f1760552958d713e92088db9f5c5189754dfe4e92068971f4e25d64&
+#oauth_version=1.0&
+#userid=1229
+
+#User: Tobias Miesel
+#user_id: 666088
+#oauth_token: 284948c9b4b9cce1cc76bbb77283431d9bbb9b46beddfccb79241cc12
+#oauth_token_secret: 02f01f0e60182684676644ddbef2638e8e4de909f776340e1b5dd612dcbf

data/lib/withings/error.rb

@@ -3,12 +3,16 @@ class Withings::ApiError < StandardError
   STATUS_CODES = {
     100	  => lambda() {|status, path, params| "The hash '#{params[:hash]}' does not match the email '#{params[:email]}'"},
     247	  => lambda() {|status, path, params| "The userid '#{params[:userid]}' is invalid"},
+    249	  => lambda() {|status, path, params| "Called an action with invalid oauth credentials"},
     250	  => lambda() {|status, path, params| "The userid '#{params[:userid]}' and publickey '#{params[:publickey]}' do not match, or the user does not share its data"},
     264	  => lambda() {|status, path, params| "The email address '#{params[:email]}' is either unknown or invalid"},
+    284   => lambda() {|status, path, params| "Temporary Server Error" },
     286   => lambda() {|status, path, params| "No subscription for '#{params[:callbackurl]}' was found" },
     293	  => lambda() {|status, path, params| "The callback URL '#{params[:callbackurl]}' is either unknown or invalid"},
     294	  => lambda() {|status, path, params| "Could not delete subscription for '#{params[:callbackurl]}'"},
     304	  => lambda() {|status, path, params| "The comment '#{params[:comment]}' is invalid"},
+    342	  => lambda() {|status, path, params| "Failed to verify signature"},
+    343   => lambda() {|status, path, params| "No notification matching the criteria was found: '#{params[:callbackurl]}'"},
     2554	=> lambda() {|status, path, params| "Unknown action '#{params[:action]}' for '#{path}'"},
     2555	=> lambda() {|status, path, params| "An unknown error occurred"},
   }

data/lib/withings/user.rb

@@ -1,52 +1,27 @@
 class Withings::User
-  attr_reader :short_name, :public_key, :user_id, :birthdate, :fat_method, :first_name, :last_name, :gender
+  attr_reader :short_name, :user_id, :birthdate, :fat_method, :first_name, :last_name, :gender, :oauth_token, :oauth_token_secret
 
-
-  # Listing the users for this account
-  # 
-  def self.userlist(email, password)
-    response = Withings::Connection.get_request('/account', :action => :getuserslist, :email => email, :hash => auth_hash(email, password))
-    response['users'].map do |item|
-      Withings::User.new(item)
-    end
+  def self.authenticate(user_id, oauth_token, oauth_token_secret)
+    response = Withings::Connection.get_request('/user', oauth_token, oauth_token_secret, :action => :getbyuserid, :userid => user_id)
+    user_data = response['users'].detect { |item| item['id'] == user_id }
+    raise Withings::ApiError.new(2555, 'No user found', '') unless user_data
+    Withings::User.new(user_data.merge({:oauth_token => oauth_token, :oauth_token_secret => oauth_token_secret}))
   end
   
-  
-  # Authenticate a user by email/password
-  #
-  def self.authenticate(email, password)
-    $stderr.puts <<-EOS
-      User.authenticate(email, pwd) has been deprecated in favour of User.userlist(email, pwd) as there is no description or guarantee 
-      about the order the users are returned.
-      If you need the same behaviour as before: User.userlist(email, pwd).first
-    EOS
-    response = Withings::Connection.get_request('/account', :action => :getuserslist, :email => email, :hash => auth_hash(email, password))
-    Withings::User.new(response['users'].first)
-  end
-
-  def self.info(user_id, public_key)
-    response = Withings::Connection.get_request('/user', :action => :getbyuserid, :userid => user_id, :publickey => public_key)
-    Withings::User.new(response['users'].first.merge({'public_key' => public_key}))
-  end
-
-
-  #
-  # If you create a user yourself, then the only attributes of interest (required for calls to the API) are 'user_id' and 'public_key'
-  #
+  # If you create a user yourself, then the only attributes of interest (required for calls to the API) are 'user_id' and 'oauth_token' and 'oauth_token_secret'
   def initialize(params)
     params = params.stringify_keys
     @short_name = params['shortname']
     @first_name = params['firstname']
     @last_name = params['lastname']
-    @public_key = params['publickey']               || params['public_key']
     @user_id = params['id']                         || params['user_id']
-    @share = params['ispublic']
     @birthdate = Time.at(params['birthdate']) if params['birthdate']
     @gender = params['gender'] == 0 ? :male : params['gender'] == 1 ? :female : nil
     @fat_method = params['fatmethod']
+    @oauth_token = params['oauth_token']
+    @oauth_token_secret = params['oauth_token_secret']
   end
   
-  
   def subscribe_notification(callback_url, description, device = SCALE)
     connection.get_request('/notify', :action => :subscribe, :callbackurl => callback_url, :comment => description, :appli => device)
   end
@@ -89,16 +64,6 @@ class Withings::User
     end
   end
 
-  def share(*devices)
-    @share = devices_bitmask(devices)
-    connection.get_request('/user', :action => :update, :ispublic => @share)
-  end
-
-  # sharing enabled for a device?
-  def share?(device = Withings::SCALE | Withings::BLOOD_PRESSURE_MONITOR)
-    @share & device
-  end
-
   def to_s
     "[User #{short_name} / #{:user_id} / #{share?}]"
   end
@@ -114,14 +79,5 @@ class Withings::User
   def connection
     @connection ||= Withings::Connection.new(self)
   end
-
-  def self.auth_hash(email, password)
-    hashed_password = Digest::MD5.hexdigest(password)
-    Digest::MD5.hexdigest("#{email.downcase}:#{hashed_password}:#{once}")
-  end
-
-  def self.once()
-    Withings::Connection.get_request('/once', :action => :get)['once']
-  end
-
+  
 end

data/lib/withings.rb

@@ -1,5 +1,6 @@
 require 'httparty'
-require 'digest/md5'
+require 'cgi'
+require 'hmac-sha1'
 
 %w(base notification_description connection measurement_group error user).each do |part|
   require File.join(File.dirname(__FILE__), 'withings', part)

data/simplificator-withings.gemspec

@@ -2,7 +2,7 @@
 
 Gem::Specification.new do |s|
   s.name = %q{simplificator-withings}
-  s.version = "0.4.5"
+  s.version = "0.6.0"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["pascalbetz"]

data/test/users_test.rb

@@ -3,76 +3,9 @@ require 'helper'
 include Withings
 
 class UsersTest < Test::Unit::TestCase
-  context 'test connection calls' do
-    setup do
-      @user = User.new('user_id' => 12345, 'public_key' => 67890)
-    end
-    should 'update user' do
-      Withings::Connection.any_instance.expects(:get_request).with('/user', :action => :update, :ispublic => 1)
-      @user.share = true
-    end
-
-    should 'subscribe to notification' do
-      Withings::Connection.any_instance.expects(:get_request).with('/notify', :action => :subscribe, :callbackurl => 'http://schni.com', :comment => 'descri')
-      @user.subscribe_notification('http://schni.com', 'descri')
-    end
-
-    should 'revoke notification' do
-      Withings::Connection.any_instance.expects(:get_request).with('/notify', :action => :revoke, :callbackurl => 'http://schni.com')
-      @user.revoke_notification('http://schni.com')
-    end
-
-    context 'describe notification' do
-      setup do
-        Withings::Connection.
-          any_instance.expects(:get_request).with('/notify', :action => :get, :callbackurl => 'http://schni.com').
-          returns({'comment' => 'blabla', 'expires' => 1234})
-        @description = @user.describe_notification('http://schni.com')
-      end
-      should 'merge the callback url into the descripton' do
-        assert_equal 'http://schni.com', @description.callback_url
-      end
-
-      should 'contain the expires_at time' do
-        assert_equal Time.at(1234), @description.expires_at
-      end
-
-      should 'contain the description' do
-        assert_equal 'blabla', @description.description
-      end
-    end
-  end
-
-  context 'authentication by email' do
-    setup do
-      password = 'kongking'
-      email = 'king@kong.com'
-      once = 'abcdef'
-      hashed = Digest::MD5.hexdigest("#{email}:#{Digest::MD5.hexdigest(password)}:#{once}")
-      Connection.expects(:get_request).with('/once', :action => :get).returns({'once' => once})
-      Connection.expects(:get_request).with('/account', :action => :getuserslist, :email => email, :hash => hashed).
-        returns({'users' => [{}]})
-    end
-    should 'authenticate with hashed password' do
-      User.authenticate('king@kong.com', 'kongking')
-    end
-  end
-
-  context 'info by user_id' do
-    setup do
-      user_id = 'kongking'
-      public_key = 'abcdef'
-      Connection.expects(:get_request).with('/user', :action => :getbyuserid, :userid => user_id, :publickey => public_key).
-        returns({'users' => [{}]})
-    end
-    should 'authenticate with hashed password' do
-      User.info('kongking', 'abcdef')
-    end
-  end
-
   context 'measurement_groups' do
     setup do
-      @user = User.new(:user_id => 'lala', :public_key => 'lili')
+      @user = User.new(:user_id => 'lala')
       @returns = {'measuregrps' => []}
     end
     should 'not require parameters' do
@@ -131,28 +64,13 @@ class UsersTest < Test::Unit::TestCase
       assert_equal 'Pascal', User.new('lastname' => 'Pascal').last_name
     end
 
-    should 'assign public_key' do
-      assert_equal '1234', User.new('publickey' => '1234').public_key
-    end
-    should 'assign public_key with alternative key' do
-      assert_equal '1234', User.new('public_key' => '1234').public_key
-    end
-
     should 'assign user_id' do
       assert_equal '1234', User.new('id' => '1234').user_id
     end
     should 'assign user_id with alternative key' do
       assert_equal '1234', User.new('user_id' => '1234').user_id
     end
-
-
-    should 'assign share (to true)' do
-      assert_equal true, User.new('ispublic' => 1).share?
-    end
-    should 'assign share (to false)' do
-      assert_equal false, User.new('ispublic' => 0).share?
-    end
-
+    
     should 'assign gender (to true)' do
       assert_equal :male, User.new('gender' => 0).gender
     end

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: simplificator-withings
 version: !ruby/object:Gem::Version 
-  hash: 5
+  hash: 7
   prerelease: 
   segments: 
   - 0
-  - 4
-  - 5
-  version: 0.4.5
+  - 6
+  - 0
+  version: 0.6.0
 platform: ruby
 authors: 
 - pascalbetz
@@ -15,8 +15,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2011-04-18 00:00:00 +02:00
-default_executable: 
+date: 2011-04-18 00:00:00 Z
 dependencies: 
 - !ruby/object:Gem::Dependency 
   name: shoulda
@@ -84,7 +83,6 @@ files:
 - simplificator-withings.gemspec
 - test/helper.rb
 - test/users_test.rb
-has_rdoc: true
 homepage: http://github.com/simplificator/simplificator-withings
 licenses: []
 
@@ -114,7 +112,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
 requirements: []
 
 rubyforge_project: 
-rubygems_version: 1.4.2
+rubygems_version: 1.8.15
 signing_key: 
 specification_version: 3
 summary: API implementation for withings.com