soauth 0.1 → 0.2

data/README.markdown

@@ -1 +1,53 @@
-Use this library to create OAuth Authorization Headers using previously-obtained OAuth keys/secrets. Useful if you want to make your own HTTP request objects instead of using the ones created for you using the commonly-used OAuth gem.
+# SOAuth #
+## The "S" is for "Signs" ##
+
+*SOAuth* is a Ruby library that **creates HTTP headers for OAuth Authorization** using previously-obtained OAuth keys/secrets. Useful if you want to make your own HTTP request objects instead of using the ones created for you using the [commonly-used OAuth gem](http://github.com/mojodna/oauth).
+
+It should be noted that this was developed without edge cases in mind -- it was pretty much abstracted from my "by-hand" signing of OAuth requests in [Prey Fetcher](http://preyfetcher.com), so don't consider it production-quality code (though it [is running in production](http://preyfetcher.com)).
+
+Please fork away and send me a pull request if you think you can make it better or handle more use cases.
+
+## Installation ##
+
+Assuming you have [Gemcutter](http://gemcutter.org/) setup as a gem source, install like any other Ruby gem:
+
+	gem install soauth
+
+If you don't already have [Gemcutter](http://gemcutter.org/) setup as one of your gem sources, install SOAuth with the following command:
+
+	gem install soauth --source http://gemcutter.org/
+
+## Usage ##
+
+Create an OAuth header by specifying the URI of the resource you're requesting, your consumer key/secret + access key/secret in a hash, and -- optionally -- any GET params in another hash. Check it out:
+
+	uri = 'https://twitter.com/direct_messages.json'
+	oauth = {
+		:consumer_key => "consumer_key",
+		:consumer_secret => "consumer_secret",
+		:token => "access_key",
+		:token_secret => "access_secret"
+	}
+	params = {
+		'count' => "11",
+		'since_id' => "5000"
+	}
+	oauth_header = SOAuth.header(uri, oauth, params)
+
+Pretty straightforward. You can use whatever HTTP library you like, just use `oauth_header` as the "Authorization" HTTP header to your request (making sure the request info is the same info you passed to SOAuth). Say you were using **NET::HTTP**:
+
+	http_uri = URI.parse(uri)
+	request = Net::HTTP.new(http_uri.host, http_uri.port)
+	request.get(uri.request_uri, {'Authorization', oauth_header})
+
+## Why Would I Want This? ##
+
+There's already a pretty nice [OAuth library for Ruby out there](http://github.com/mojodna/oauth). But I didn't want to have to use the OAuth library just to make my Authorization headers, and I wanted to be able to plug those headers into whatever HTTP library I wanted (in my case, [Typhoeus](http://github.com/pauldix/typhoeus)). I found using the [OAuth gem](http://github.com/mojodna/oauth) incredibly clunky/overkill for signing requests by hand, so I made SOAuth.
+
+## License ##
+
+This program is free software; it is distributed under an [MIT-style License](http://fosspass.org/license/mit?author=Matthew+Riley+MacPherson&year=2010).
+
+---
+
+Copyright (c) 2010 [Matthew Riley MacPherson](http://lonelyvegan.com).

data/Rakefile

@@ -1,12 +1,11 @@
 require 'rake/rdoctask'
 
-# Make me some RDoc (use Allison, because it's pretty)
+# Make me some RDoc
 Rake::RDocTask.new do |rdoc|
-	files = ['README.markdown', 'LICENSE', 'lib/*.rb', 'test/*.rb']
-	rdoc.rdoc_files.add(files)
-	rdoc.main = 'README.markdown'
-	rdoc.title = 'SOAuth'
-	#rdoc.template = ''
-	rdoc.rdoc_dir = './doc'
-	rdoc.options << '--line-numbers' << '--inline-source'
+  files = ['README.markdown', 'LICENSE', 'lib/*.rb', 'test/*.rb']
+  rdoc.rdoc_files.add(files)
+  rdoc.main = 'README.markdown'
+  rdoc.title = 'SOAuth'
+  rdoc.rdoc_dir = './doc'
+  rdoc.options << '--line-numbers' << '--inline-source'
 end

data/lib/soauth.rb

@@ -3,69 +3,68 @@ require 'openssl'
 require 'uri'
 
 class SOAuth
-	
-	# Exception raised if signature signing method isn't supported
-	# by SOAuth
-	class UnsupportedSignatureMethod < Exception; end
-	# Exception raised when attempting to create a signature without
-	# required OAuth params
-	class MissingOAuthParams < Exception; end
-	
-	# Digest key for HMAC-SHA1 signing
-	DIGEST = OpenSSL::Digest::Digest.new('sha1')
-	# Supported {signature methods}[http://oauth.net/core/1.0/#signing_process];
-	# currently, only HMAC-SHA1 is supported
-	SUPPORTED_SIGNATURE_METHODS = ["HMAC-SHA1"]
   
-	# Return an {OAuth "Authorization" HTTP header}[http://oauth.net/core/1.0/#auth_header] from request data
-	def header(uri, oauth, params = {}, http_method = :get)
-		# Raise an exception if we're missing required OAuth params
-		raise MissingOAuthParams if !oauth.is_a?(Hash) || !oauth.has_key?(:consumer_key) || !oauth.has_key?(:consumer_secret) || !oauth.has_key?(:access_key) || !oauth.has_key?(:access_secret)
-		# Make sure we support the signature signing method specified
-		raise UnsupportedSignatureMethod unless !oauth[:signature_method] || SUPPORTED_SIGNATURE_METHODS.include?(oauth[:signature_method].to_s)
-		
-		oauth[:signature_method] ||= "HMAC-SHA1" # HMAC-SHA1 seems popular, so it's the default
-		oauth[:version] ||= "1.0" # Assumed version, according to the spec
-		oauth[:nonce] ||= Base64.encode64(OpenSSL::Random.random_bytes(32)).gsub(/\W/, '')
-		oauth[:timestamp] ||= Time.now.to_i
-		
-		# Make a copy of the params hash so we don't add in OAuth stuff
-		sig_params = params.dup
-		
-		oauth.each { |k, v|
-			# OAuth wants this to be "token"; change the hash key
-			if k == :access_key
-				sig_params['oauth_token'] = v
-			# Only use certain OAuth values for the base string
-			elsif [:consumer_key, :signature_method, :version, :nonce, :timestamp].include?(k)
-				sig_params['oauth_' + k.to_s] = v
-			end
-		}
-		
-		secret = "#{escape(oauth[:consumer_secret])}&#{escape(oauth[:access_secret])}"
-		sig_base = (http_method||'get').to_s.upcase + '&' + escape(uri) + '&' +	normalize(sig_params)
-		oauth_signature = Base64.encode64(OpenSSL::HMAC.digest(DIGEST, secret, sig_base)).chomp.gsub(/\n/,'')
-		
-		%{OAuth } + (%{oauth_realm="#{oauth[:realm]}", } unless !oauth[:realm]).to_s + %{oauth_consumer_key="#{oauth[:consumer_key]}", oauth_token="#{oauth[:access_key]}", oauth_signature_method="#{oauth[:signature_method]}", oauth_signature="#{escape(oauth_signature)}", oauth_timestamp="#{oauth[:timestamp]}", oauth_nonce="#{oauth[:nonce]}", oauth_version="#{oauth[:version]}"}
-	end
-	
-	# Utility class used to sign a request and return an
-	# {OAuth "Authorization" HTTP header}[http://oauth.net/core/1.0/#auth_header]
-	def self.header(uri, oauth, params = {}, http_method = :get)
-		new.header(uri, oauth, params, http_method)
-	end
-	
-	protected
-	
-	# Escape characters in a string according to the {OAuth spec}[http://oauth.net/core/1.0/]
-	def escape(value)
-		URI::escape(value.to_s, /[^a-zA-Z0-9\-\.\_\~]/) # Unreserved characters -- must not be encoded
-	end
-	
-	# Normalize a string of parameters based on the {OAuth spec}[http://oauth.net/core/1.0/#rfc.section.9.1.1]
+  # Exception raised if signature signing method isn't supported
+  # by SOAuth
+  class UnsupportedSignatureMethod < Exception; end
+  # Exception raised when attempting to create a signature without
+  # required OAuth params
+  class MissingOAuthParams < Exception; end
+  
+  # Digest key for HMAC-SHA1 signing
+  DIGEST = OpenSSL::Digest::Digest.new('sha1')
+  # Supported {signature methods}[http://oauth.net/core/1.0/#signing_process];
+  # currently, only HMAC-SHA1 is supported
+  SUPPORTED_SIGNATURE_METHODS = ["HMAC-SHA1"]
+  
+  # Return an {OAuth "Authorization" HTTP header}[http://oauth.net/core/1.0/#auth_header] from request data
+  def header(uri, oauth, params = {}, http_method = :get)
+    # Raise an exception if we're missing required OAuth params
+    raise MissingOAuthParams if !oauth.is_a?(Hash) || !oauth.has_key?(:consumer_key) || !oauth.has_key?(:consumer_secret) || !oauth.has_key?(:token) || !oauth.has_key?(:token_secret)
+    # Make sure we support the signature signing method specified
+    raise UnsupportedSignatureMethod unless !oauth[:signature_method] || SUPPORTED_SIGNATURE_METHODS.include?(oauth[:signature_method].to_s)
+    
+    oauth[:signature_method] ||= "HMAC-SHA1" # HMAC-SHA1 seems popular, so it's the default
+    oauth[:version] ||= "1.0" # Assumed version, according to the spec
+    oauth[:nonce] ||= Base64.encode64(OpenSSL::Random.random_bytes(32)).gsub(/\W/, '')
+    oauth[:timestamp] ||= Time.now.to_i
+    
+    # Make a copy of the params hash so we don't add in OAuth stuff
+    sig_params = params.dup
+    
+    oauth.each { |k, v|
+      # Only use certain OAuth values for the base string
+      if [:consumer_key, :token, :signature_method, :version, :nonce, :timestamp].include?(k)
+        sig_params['oauth_' + k.to_s] = v
+      end
+    }
+    
+    secret = "#{escape(oauth[:consumer_secret])}&#{escape(oauth[:token_secret])}"
+    sig_base = (http_method||'get').to_s.upcase + '&' + escape(uri) + '&' + normalize(sig_params)
+    oauth_signature = Base64.encode64(OpenSSL::HMAC.digest(DIGEST, secret, sig_base)).chomp.gsub(/\n/,'')
+    
+    oauth.merge!(:signature => oauth_signature)
+    
+    %{OAuth } + (oauth.map { |k, v| %{oauth_#{k}="#{escape(v)}", } unless [:consumer_secret, :token_secret].include?(k) }).to_s.chomp(", ")
+  end
+  
+  # Utility class used to sign a request and return an
+  # {OAuth "Authorization" HTTP header}[http://oauth.net/core/1.0/#auth_header]
+  def self.header(uri, oauth, params = {}, http_method = :get)
+    new.header(uri, oauth, params, http_method)
+  end
+  
+  protected
+  
+  # Escape characters in a string according to the {OAuth spec}[http://oauth.net/core/1.0/]
+  def escape(value)
+    URI::escape(value.to_s, /[^a-zA-Z0-9\-\.\_\~]/) # Unreserved characters -- must not be encoded
+  end
+  
+  # Normalize a string of parameters based on the {OAuth spec}[http://oauth.net/core/1.0/#rfc.section.9.1.1]
   def normalize(params)
     params.sort.map do |k, values|
-			
+      
       if values.is_a?(Array)
         # Multiple values were provided for a single key
         # in a hash
@@ -77,5 +76,5 @@ class SOAuth
       end
     end * "%26"
   end
-	
+  
 end

data/soauth.gemspec

@@ -2,15 +2,15 @@ require 'rake'
 
 Gem::Specification.new do |s|
   s.name = "soauth"
-  s.version = "0.1"
-  #s.date = Time.now.to_s
+  s.version = "0.2"
+  s.date = Time.now
   s.authors = ["Matthew Riley MacPherson"]
   s.email = "matt@lonelyvegan.com"
   s.has_rdoc = true
-  s.rdoc_options << '--title' << "SOAuth -- Ruby Library that creates HTTP headers for OAuth Authorization" << '--main' << 'README.markdown' << '--line-numbers'
-  s.summary = "Create OAuth \"Authorization\" HTTP Header using previously-obtained OAuth data"
+  s.rdoc_options << '--title' << "SOAuth -- Ruby library that creates HTTP headers for OAuth Authorization" << '--main' << 'README.markdown' << '--line-numbers'
+  s.summary = "Ruby library that creates HTTP headers for OAuth Authorization using previously-obtained OAuth keys/secrets"
   s.homepage = "http://github.com/tofumatt/soauth"
   s.files = FileList['lib/*.rb', '[A-Z]*', 'soauth.gemspec', 'test/*.rb'].to_a
-	s.test_file = 'test/soauth_test.rb'
-	s.add_development_dependency('mocha') # Used to run the tests, that's all...
+  s.test_file = 'test/soauth_test.rb'
+  s.add_development_dependency('mocha') # Used to run the tests, that's all...
 end

data/test/soauth_test.rb

@@ -6,51 +6,51 @@ require 'test/unit'
 require 'mocha'
 
 class SOAuthTest < Test::Unit::TestCase
-	
-	# Required OAuth parameters with dummy values -- these
-	# keys are the minimum number of keys required to generate
-	# an {OAuth "Authorization" HTTP header}[http://oauth.net/core/1.0/#auth_header]
-	OAUTH_REQ_PARAMS = {
-		:consumer_key => "consumer_key",
-		:consumer_secret => "consumer_secret",
-		:access_key => "access_key",
-		:access_secret => "access_secret"
-	}
-	
-	# Make sure the custom nonce is used
-	def test_custom_nonce
-		nonce = Base64.encode64(OpenSSL::Random.random_bytes(32)).gsub(/\W/, '')
-		
-	  oauth_params = OAUTH_REQ_PARAMS.merge(:nonce => nonce)
-	  assert_equal %{oauth_nonce="#{nonce}"}, %{oauth_nonce="#{SOAuth.header('http://lonelyvegan.com/', oauth_params).match(nonce)[0]}"}
-	end
-	
-	# Make sure the custom timestamp is used
-	def test_custom_nonce
-		now = Time.now.to_i
-		
-	  oauth_params = OAUTH_REQ_PARAMS.merge(:timestamp => now)
-	  assert_equal %{oauth_timestamp="#{now}"}, %{oauth_timestamp="#{SOAuth.header('http://lonelyvegan.com/', oauth_params).match(now.to_s)[0]}"}
-	end
-	
-	# Generate a header without an explicit OAuth version (assumes {version 1.0}[http://oauth.net/core/1.0/])
-	def test_no_version_specified
-		# No OAuth version specified
-		oauth_params = OAUTH_REQ_PARAMS
-		assert SOAuth.header('http://lonelyvegan.com/', OAUTH_REQ_PARAMS)
-	end
-	
-	# Generate a header without a {signature method}[http://oauth.net/core/1.0/#signing_process] (assumes "HMAC-SHA1")
-	def test_no_signature_method_specified
-		# No signature method specified
-		oauth_params = OAUTH_REQ_PARAMS
-		assert SOAuth.header('http://lonelyvegan.com/', OAUTH_REQ_PARAMS)
-	end
-	
-	# Only certain {signature methods}[http://oauth.net/core/1.0/#signing_process] are supported
-	def test_unsupported_signature_method
-		oauth_params = OAUTH_REQ_PARAMS.merge(:signature_method => "MD5")
-		assert_raises(SOAuth::UnsupportedSignatureMethod) { SOAuth.header('http://lonelyvegan.com/', oauth_params) }
-	end
-	
+  
+  # Required OAuth parameters with dummy values -- these
+  # keys are the minimum number of keys required to generate
+  # an {OAuth "Authorization" HTTP header}[http://oauth.net/core/1.0/#auth_header]
+  OAUTH_REQ_PARAMS = {
+    :consumer_key => "consumer_key",
+    :consumer_secret => "consumer_secret",
+    :token => "access_key",
+    :token_secret => "access_secret"
+  }
+  
+  # Make sure the custom nonce is used
+  def test_custom_nonce
+    nonce = Base64.encode64(OpenSSL::Random.random_bytes(32)).gsub(/\W/, '')
+    
+    oauth_params = OAUTH_REQ_PARAMS.merge(:nonce => nonce)
+    assert_equal %{oauth_nonce="#{nonce}"}, %{oauth_nonce="#{SOAuth.header('http://lonelyvegan.com/', oauth_params).match(nonce)[0]}"}
+  end
+  
+  # Make sure the custom timestamp is used
+  def test_custom_nonce
+    now = Time.now.to_i
+    
+    oauth_params = OAUTH_REQ_PARAMS.merge(:timestamp => now)
+    assert_equal %{oauth_timestamp="#{now}"}, %{oauth_timestamp="#{SOAuth.header('http://lonelyvegan.com/', oauth_params).match(now.to_s)[0]}"}
+  end
+  
+  # Generate a header without an explicit OAuth version (assumes {version 1.0}[http://oauth.net/core/1.0/])
+  def test_no_version_specified
+    # No OAuth version specified
+    oauth_params = OAUTH_REQ_PARAMS
+    assert SOAuth.header('http://lonelyvegan.com/', OAUTH_REQ_PARAMS)
+  end
+  
+  # Generate a header without a {signature method}[http://oauth.net/core/1.0/#signing_process] (assumes "HMAC-SHA1")
+  def test_no_signature_method_specified
+    # No signature method specified
+    oauth_params = OAUTH_REQ_PARAMS
+    assert SOAuth.header('http://lonelyvegan.com/', OAUTH_REQ_PARAMS)
+  end
+  
+  # Only certain {signature methods}[http://oauth.net/core/1.0/#signing_process] are supported
+  def test_unsupported_signature_method
+    oauth_params = OAUTH_REQ_PARAMS.merge(:signature_method => "MD5")
+    assert_raises(SOAuth::UnsupportedSignatureMethod) { SOAuth.header('http://lonelyvegan.com/', oauth_params) }
+  end
+  
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: soauth
 version: !ruby/object:Gem::Version 
-  version: "0.1"
+  version: "0.2"
 platform: ruby
 authors: 
 - Matthew Riley MacPherson
@@ -9,7 +9,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2010-01-04 00:00:00 -04:00
+date: 2010-01-06 00:00:00 -04:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -44,7 +44,7 @@ licenses: []
 post_install_message: 
 rdoc_options: 
 - --title
-- SOAuth -- Ruby Library that creates HTTP headers for OAuth Authorization
+- SOAuth -- Ruby library that creates HTTP headers for OAuth Authorization
 - --main
 - README.markdown
 - --line-numbers
@@ -68,6 +68,6 @@ rubyforge_project:
 rubygems_version: 1.3.5
 signing_key: 
 specification_version: 3
-summary: Create OAuth "Authorization" HTTP Header using previously-obtained OAuth data
+summary: Ruby library that creates HTTP headers for OAuth Authorization using previously-obtained OAuth keys/secrets
 test_files: 
 - test/soauth_test.rb