soauth 0.1

data/LICENSE

@@ -0,0 +1,19 @@
+Copyright (c) 2010 Matthew Riley MacPherson
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.markdown

@@ -0,0 +1 @@
+Use this library to create OAuth Authorization Headers using previously-obtained OAuth keys/secrets. Useful if you want to make your own HTTP request objects instead of using the ones created for you using the commonly-used OAuth gem.

data/Rakefile

@@ -0,0 +1,12 @@
+require 'rake/rdoctask'
+
+# Make me some RDoc (use Allison, because it's pretty)
+Rake::RDocTask.new do |rdoc|
+	files = ['README.markdown', 'LICENSE', 'lib/*.rb', 'test/*.rb']
+	rdoc.rdoc_files.add(files)
+	rdoc.main = 'README.markdown'
+	rdoc.title = 'SOAuth'
+	#rdoc.template = ''
+	rdoc.rdoc_dir = './doc'
+	rdoc.options << '--line-numbers' << '--inline-source'
+end

data/lib/soauth.rb

@@ -0,0 +1,81 @@
+require 'base64'
+require 'openssl'
+require 'uri'
+
+class SOAuth
+	
+	# Exception raised if signature signing method isn't supported
+	# by SOAuth
+	class UnsupportedSignatureMethod < Exception; end
+	# Exception raised when attempting to create a signature without
+	# required OAuth params
+	class MissingOAuthParams < Exception; end
+	
+	# Digest key for HMAC-SHA1 signing
+	DIGEST = OpenSSL::Digest::Digest.new('sha1')
+	# Supported {signature methods}[http://oauth.net/core/1.0/#signing_process];
+	# currently, only HMAC-SHA1 is supported
+	SUPPORTED_SIGNATURE_METHODS = ["HMAC-SHA1"]
+  
+	# Return an {OAuth "Authorization" HTTP header}[http://oauth.net/core/1.0/#auth_header] from request data
+	def header(uri, oauth, params = {}, http_method = :get)
+		# Raise an exception if we're missing required OAuth params
+		raise MissingOAuthParams if !oauth.is_a?(Hash) || !oauth.has_key?(:consumer_key) || !oauth.has_key?(:consumer_secret) || !oauth.has_key?(:access_key) || !oauth.has_key?(:access_secret)
+		# Make sure we support the signature signing method specified
+		raise UnsupportedSignatureMethod unless !oauth[:signature_method] || SUPPORTED_SIGNATURE_METHODS.include?(oauth[:signature_method].to_s)
+		
+		oauth[:signature_method] ||= "HMAC-SHA1" # HMAC-SHA1 seems popular, so it's the default
+		oauth[:version] ||= "1.0" # Assumed version, according to the spec
+		oauth[:nonce] ||= Base64.encode64(OpenSSL::Random.random_bytes(32)).gsub(/\W/, '')
+		oauth[:timestamp] ||= Time.now.to_i
+		
+		# Make a copy of the params hash so we don't add in OAuth stuff
+		sig_params = params.dup
+		
+		oauth.each { |k, v|
+			# OAuth wants this to be "token"; change the hash key
+			if k == :access_key
+				sig_params['oauth_token'] = v
+			# Only use certain OAuth values for the base string
+			elsif [:consumer_key, :signature_method, :version, :nonce, :timestamp].include?(k)
+				sig_params['oauth_' + k.to_s] = v
+			end
+		}
+		
+		secret = "#{escape(oauth[:consumer_secret])}&#{escape(oauth[:access_secret])}"
+		sig_base = (http_method||'get').to_s.upcase + '&' + escape(uri) + '&' +	normalize(sig_params)
+		oauth_signature = Base64.encode64(OpenSSL::HMAC.digest(DIGEST, secret, sig_base)).chomp.gsub(/\n/,'')
+		
+		%{OAuth } + (%{oauth_realm="#{oauth[:realm]}", } unless !oauth[:realm]).to_s + %{oauth_consumer_key="#{oauth[:consumer_key]}", oauth_token="#{oauth[:access_key]}", oauth_signature_method="#{oauth[:signature_method]}", oauth_signature="#{escape(oauth_signature)}", oauth_timestamp="#{oauth[:timestamp]}", oauth_nonce="#{oauth[:nonce]}", oauth_version="#{oauth[:version]}"}
+	end
+	
+	# Utility class used to sign a request and return an
+	# {OAuth "Authorization" HTTP header}[http://oauth.net/core/1.0/#auth_header]
+	def self.header(uri, oauth, params = {}, http_method = :get)
+		new.header(uri, oauth, params, http_method)
+	end
+	
+	protected
+	
+	# Escape characters in a string according to the {OAuth spec}[http://oauth.net/core/1.0/]
+	def escape(value)
+		URI::escape(value.to_s, /[^a-zA-Z0-9\-\.\_\~]/) # Unreserved characters -- must not be encoded
+	end
+	
+	# Normalize a string of parameters based on the {OAuth spec}[http://oauth.net/core/1.0/#rfc.section.9.1.1]
+  def normalize(params)
+    params.sort.map do |k, values|
+			
+      if values.is_a?(Array)
+        # Multiple values were provided for a single key
+        # in a hash
+        values.sort.collect do |v|
+          [escape(k), escape(v)] * "%3D"
+        end
+      else
+        [escape(k), escape(values)] * "%3D"
+      end
+    end * "%26"
+  end
+	
+end

data/soauth.gemspec

@@ -0,0 +1,16 @@
+require 'rake'
+
+Gem::Specification.new do |s|
+  s.name = "soauth"
+  s.version = "0.1"
+  #s.date = Time.now.to_s
+  s.authors = ["Matthew Riley MacPherson"]
+  s.email = "matt@lonelyvegan.com"
+  s.has_rdoc = true
+  s.rdoc_options << '--title' << "SOAuth -- Ruby Library that creates HTTP headers for OAuth Authorization" << '--main' << 'README.markdown' << '--line-numbers'
+  s.summary = "Create OAuth \"Authorization\" HTTP Header using previously-obtained OAuth data"
+  s.homepage = "http://github.com/tofumatt/soauth"
+  s.files = FileList['lib/*.rb', '[A-Z]*', 'soauth.gemspec', 'test/*.rb'].to_a
+	s.test_file = 'test/soauth_test.rb'
+	s.add_development_dependency('mocha') # Used to run the tests, that's all...
+end

data/test/soauth_test.rb

@@ -0,0 +1,56 @@
+$LOAD_PATH << File.expand_path("#{File.dirname(__FILE__)}/../lib")
+require 'soauth'
+
+require 'rubygems'
+require 'test/unit'
+require 'mocha'
+
+class SOAuthTest < Test::Unit::TestCase
+	
+	# Required OAuth parameters with dummy values -- these
+	# keys are the minimum number of keys required to generate
+	# an {OAuth "Authorization" HTTP header}[http://oauth.net/core/1.0/#auth_header]
+	OAUTH_REQ_PARAMS = {
+		:consumer_key => "consumer_key",
+		:consumer_secret => "consumer_secret",
+		:access_key => "access_key",
+		:access_secret => "access_secret"
+	}
+	
+	# Make sure the custom nonce is used
+	def test_custom_nonce
+		nonce = Base64.encode64(OpenSSL::Random.random_bytes(32)).gsub(/\W/, '')
+		
+	  oauth_params = OAUTH_REQ_PARAMS.merge(:nonce => nonce)
+	  assert_equal %{oauth_nonce="#{nonce}"}, %{oauth_nonce="#{SOAuth.header('http://lonelyvegan.com/', oauth_params).match(nonce)[0]}"}
+	end
+	
+	# Make sure the custom timestamp is used
+	def test_custom_nonce
+		now = Time.now.to_i
+		
+	  oauth_params = OAUTH_REQ_PARAMS.merge(:timestamp => now)
+	  assert_equal %{oauth_timestamp="#{now}"}, %{oauth_timestamp="#{SOAuth.header('http://lonelyvegan.com/', oauth_params).match(now.to_s)[0]}"}
+	end
+	
+	# Generate a header without an explicit OAuth version (assumes {version 1.0}[http://oauth.net/core/1.0/])
+	def test_no_version_specified
+		# No OAuth version specified
+		oauth_params = OAUTH_REQ_PARAMS
+		assert SOAuth.header('http://lonelyvegan.com/', OAUTH_REQ_PARAMS)
+	end
+	
+	# Generate a header without a {signature method}[http://oauth.net/core/1.0/#signing_process] (assumes "HMAC-SHA1")
+	def test_no_signature_method_specified
+		# No signature method specified
+		oauth_params = OAUTH_REQ_PARAMS
+		assert SOAuth.header('http://lonelyvegan.com/', OAUTH_REQ_PARAMS)
+	end
+	
+	# Only certain {signature methods}[http://oauth.net/core/1.0/#signing_process] are supported
+	def test_unsupported_signature_method
+		oauth_params = OAUTH_REQ_PARAMS.merge(:signature_method => "MD5")
+		assert_raises(SOAuth::UnsupportedSignatureMethod) { SOAuth.header('http://lonelyvegan.com/', oauth_params) }
+	end
+	
+end

metadata

@@ -0,0 +1,73 @@
+--- !ruby/object:Gem::Specification 
+name: soauth
+version: !ruby/object:Gem::Version 
+  version: "0.1"
+platform: ruby
+authors: 
+- Matthew Riley MacPherson
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2010-01-04 00:00:00 -04:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: mocha
+  type: :development
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: "0"
+    version: 
+description: 
+email: matt@lonelyvegan.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: []
+
+files: 
+- lib/soauth.rb
+- LICENSE
+- Rakefile
+- README.markdown
+- soauth.gemspec
+- test/soauth_test.rb
+has_rdoc: true
+homepage: http://github.com/tofumatt/soauth
+licenses: []
+
+post_install_message: 
+rdoc_options: 
+- --title
+- SOAuth -- Ruby Library that creates HTTP headers for OAuth Authorization
+- --main
+- README.markdown
+- --line-numbers
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.3.5
+signing_key: 
+specification_version: 3
+summary: Create OAuth "Authorization" HTTP Header using previously-obtained OAuth data
+test_files: 
+- test/soauth_test.rb