Commit 125136db authored by Taku YASUI's avatar Taku YASUI

Imported Upstream version 0.4.5

parents
source :rubygems
group :development do
gem 'rake'
gem 'jeweler'
end
group :test do
gem 'actionpack', '~>2.3.8'
gem 'mocha', '>=0.9.8'
gem 'typhoeus', '>=0.1.13'
gem 'em-http-request', "0.2.11"
gem 'curb', ">= 0.6.6.0"
gem 'webmock'
end
GEM
remote: http://rubygems.org/
specs:
actionpack (2.3.8)
activesupport (= 2.3.8)
rack (~> 1.1.0)
activesupport (2.3.8)
addressable (2.2.0)
crack (0.1.8)
curb (0.7.7.1)
em-http-request (0.2.11)
addressable (>= 2.0.0)
eventmachine (>= 0.12.9)
eventmachine (0.12.10)
gemcutter (0.4.1)
json_pure
git (1.2.5)
jeweler (1.4.0)
gemcutter (>= 0.1.0)
git (>= 1.2.5)
rubyforge (>= 2.0.0)
json_pure (1.4.3)
mocha (0.9.8)
rake
rack (1.1.0)
rake (0.8.7)
rubyforge (2.0.4)
json_pure (>= 1.1.7)
typhoeus (0.1.31)
rack
webmock (1.3.5)
addressable (>= 2.1.1)
crack (>= 0.1.7)
PLATFORMS
ruby
DEPENDENCIES
actionpack (~> 2.3.8)
curb (>= 0.6.6.0)
em-http-request (= 0.2.11)
jeweler
mocha (>= 0.9.8)
rake
typhoeus (>= 0.1.13)
webmock
=== 0.4.5 2011-06-25
* Add explicit require for rsa/sha1 (Juris Galang)
* Use webmock to mock all http-requests in tests (Adrian Feldman)
* Add gemtest support (Adrian Feldman)
* Fix POST Requests with Typhoeus proxy (niedhui)
* Mention Typhoeus require in the README (Kim Ahlström)
* Fix incorrect hardcoded port (Ian Taylor)
* Use Net::HTTPGenericRequest (Jakub Kuźma)
=== 0.4.4 2010-10-31
* Fix LoadError rescue in tests: return can't be used in this context (Hans de Graaff)
* HTTP headers should be strings. (seancribbs)
* ensure consumer uri gets set back to original config even if an error occurs (Brian Finney)
* Yahoo uses & to split records in OAuth headers (Brian Finney)
* Added support for Rails 3 in client/action_controller_request (Pelle)
== 0.4.3 2010-09-01
* Fix for em-http proxy (ichverstehe)
== 0.4.2 2010-08-13
* Fixed compatibility with Ruby 1.9.2 (ecavazos)
* Fixed the em-http request proxy (Joshua Hull)
* Fix for oauth proxy string manipulation (Jakub Suder)
* Added Bundler (rc) Gemfile for easier dev/testing
== 0.4.1 2010-06-16
* Added support for using OAuth with proxies (Marsh Gardiner)
* Rails 3 Compatibility fixes (Pelle Braendgaard)
* Fixed load errors on tests for missing (non-required) libraries
== 0.4.0 2010-04-22
* Added computation of oauth_body_hash as per OAuth Request Body Hash 1.0
Draft 4 (Michael Reinsch)
* Added the optional `oauth_session_handle` parameter for the Yahoo implementation (Will Bailey)
* Better marshalling implementation (Yoan Blanc)
* Added optional block to OAuth::Consumer.get_*_token (Neill Pearman)
* Exclude `oauth_callback` with :exclude_callback (Neill Pearman)
* Strip extraneous spaces and line breaks from access_token responses
(observed in the wild with Yahoo!'s OAuth+OpenID hybrid) (Eric Hartmann)
* Stop double-escaping PLAINTEXT signatures (Jimmy Zimmerman)
* OAuth::Client::Helper won't override the specified `oauth_version`
(Philip Kromer)
* Support for Ruby 1.9 (Aaron Quint, Corey Donahoe, et al)
* Fixed an encoding / multibyte issue (成田 一生)
* Replaced hoe with Jeweler (Aaron Quint)
* Support for Typhoeus (Bill Kocik)
* Support for em-http (EventMachine) (Darcy Laycock)
* Support for curb (André Luis Leal Cardoso Junior)
* New website (Aaron Quint)
== 0.3.6 2009-09-14
* Added -B CLI option to use the :body authentication scheme (Seth)
* Respect `--method` in `authorize` CLI command (Seth)
* Support POST and PUT with raw bodies (Yu-Shan Fung et al)
* Test clean-up (Xavier Shay, Hannes Tydén)
* Added :ca_file consumer option to allow consumer specific certificate
override. (Pelle)
== 0.3.5 2009-06-03
* `query` CLI command to access protected resources (Seth)
* Added -H, -Q CLI options for specifying the authentication scheme (Seth)
* Added -O CLI option for specifying a file containing options (Seth)
* Support streamable body contents for large request bodies (Seth Cousins)
* Support for OAuth 1.0a (Seth)
* Added proxy support to OAuth::Consumer (Marshall Huss)
* Added --scope CLI option for Google's 'scope' parameter (Seth)
== 0.3.4 2009-05-06
* OAuth::Client::Helper uses OAuth::VERSION (chadisfaction)
* Fix OAuth::RequestProxy::ActionControllerRequest's handling of params
(Tristan Groléat)
== 0.3.3 2009-05-04
* Corrected OAuth XMPP namespace (Seth)
* Improved error handling for invalid Authorization headers (Matt Sanford)
* Fixed signatures for non-ASCII under $KCODE other than 'u' (Matt Sanford)
* Fixed edge cases in ActionControllerRequestProxy where params were being
incorrectly signed (Marcos Wright Kuhns)
* Support for arguments in OAuth::Consumer#get_access_token (Matt Sanford)
* Add gem version to user-agent header (Matt Sanford)
* Handle input from aggressive form encoding libraries (Matt Wood)
== 0.3.2 2009-03-23
* 2xx statuses should be treated as success (Anders Conbere)
* Support applications using the MethodOverride Rack middleware (László Bácsi)
* `authorize` command for `oauth` CLI (Seth)
* Initial support for Problem Reporting extension (Seth)
* Verify SSL certificates if CA certificates are available (Seth)
* Fixed ActionController parameter escaping behavior (Thiago Arrais, László
Bácsi, Brett Gibson, et al)
* Fixed signature calculation when both options and a block were provided to
OAuth::Signature::Base#initialize (Seth)
* Added help to the 'oauth' CLI (Seth)
* Fixed a problem when attempting to normalize MockRequest URIs (Seth)
== 0.3.1 2009-1-26
* Fixed a problem with relative and absolute token request paths. (Michael
Wood)
== 0.3.0 2009-1-25
* Support ActionController::Request from Edge Rails (László Bácsi)
* Correctly handle multi-valued parameters (Seth)
* Added #normalized_parameters to OAuth::RequestProxy::Base (Pelle)
* OAuth::Signature.sign and friends now yield the RequestProxy instead of the
token when the passed block's arity is 1. (Seth)
* Token requests are made to the configured URL rather than generating a
potentially incorrect one. (Kellan Elliott-McCrea)
* Command-line app for generating signatures. (Seth)
* Improved test-cases and compatibility for encoding issues. (Pelle)
== 0.2.7 2008-9-10 The lets fix the last release release
* Fixed plain text signatures (Andrew Arrow)
* Fixed RSA requests using OAuthTokens. (Philip Lipu Tsai)
== 0.2.6 2008-9-9 The lets RSA release
* Improved support for Ruby 1.8.7 (Bill Kocik)
* Fixed RSA verification to support RSA providers
now using Ruby and RSA
* Improved RSA testing
* Omit token when signing with RSA
* Added support for 'private_key_file' option for RSA signatures (Chris Mear)
* Fixed several edge cases where params were being incorrectly signed (Scott
Hill)
* Fixed RSA signing (choonkeat)
== 0.2.2 2008-2-22 Lets actually support SSL release
* Use HTTPS when required.
== 0.2 2008-1-19 All together now release
This is a big release, where we have merged the efforts of various parties into one common library.
This means there are definitely some API changes you should be aware of. They should be minimal
but please have a look at the unit tests.
== 0.1.2 2007-12-1
* Fixed checks for missing OAuth params to improve performance
* Includes Pat's fix for getting the realm out.
== 0.1.1 2007-11-26
* First release as a GEM
* Moved all non-Rails functionality from the Rails plugin:
http://code.google.com/p/oauth-plugin/
Copyright (c) 2007 Blaine Cook, Larry Halff, Pelle Braendgaard
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
\ No newline at end of file
= Ruby OAuth
== What
This is a RubyGem for implementing both OAuth clients and servers in Ruby applications.
See the OAuth specs http://oauth.net/core/1.0/
== Installing
sudo gem install oauth
The source code is now hosted on the OAuth GitHub Project http://github.com/oauth/oauth-ruby
== The basics
This is a ruby library which is intended to be used in creating Ruby Consumer and Service Provider applications. It is NOT a Rails plugin, but could easily be used for the foundation for such a Rails plugin.
As a matter of fact it has been pulled out from an OAuth Rails Plugin http://code.google.com/p/oauth-plugin/ which now requires this GEM.
== Demonstration of usage
We need to specify the oauth_callback url explicitly, otherwise it defaults to "oob" (Out of Band)
@callback_url = "http://127.0.0.1:3000/oauth/callback"
Create a new consumer instance by passing it a configuration hash:
@consumer = OAuth::Consumer.new("key","secret", :site => "https://agree2")
Start the process by requesting a token
@request_token = @consumer.get_request_token(:oauth_callback => @callback_url)
session[:request_token] = @request_token
redirect_to @request_token.authorize_url(:oauth_callback => @callback_url)
When user returns create an access_token
@access_token = @request_token.get_access_token
@photos = @access_token.get('/photos.xml')
Now that you have an access token, you can use Typhoeus to interact with the OAuth provider if you choose.
require 'oauth/request_proxy/typhoeus_request'
oauth_params = {:consumer => oauth_consumer, :token => access_token}
hydra = Typhoeus::Hydra.new
req = Typhoeus::Request.new(uri, options)
oauth_helper = OAuth::Client::Helper.new(req, oauth_params.merge(:request_uri => uri))
req.headers.merge!({"Authorization" => oauth_helper.header}) # Signs the request
hydra.queue(req)
hydra.run
@response = req.response
== More Information
* RDoc: http://rdoc.info/projects/oauth/oauth-ruby/
* Mailing List/Google Group: http://groups.google.com/group/oauth-ruby
== How to submit patches
The source code is now hosted on the OAuth GitHub Project http://github.com/oauth/oauth-ruby
To submit a patch, please fork the oauth project and create a patch with tests. Once you're happy with it send a pull request and post a message to the google group.
== License
This code is free to use under the terms of the MIT license.
== Contact
OAuth Ruby has been created and maintained by a large number of talented individuals.
The current maintainer is Aaron Quint (quirkey).
Comments are welcome. Send an email to via the OAuth Ruby mailing list http://groups.google.com/group/oauth-ruby
\ No newline at end of file
%w[rubygems rake rake/clean rake/testtask fileutils].each { |f| require f }
$LOAD_PATH << File.dirname(__FILE__) + '/lib'
require 'oauth'
begin
require 'jeweler'
Jeweler::Tasks.new do |s|
s.name = %q{oauth}
s.version = OAuth::VERSION
s.authors = ["Pelle Braendgaard", "Blaine Cook", "Larry Halff", "Jesse Clark", "Jon Crosby", "Seth Fitzsimmons", "Matt Sanford", "Aaron Quint"]
s.email = "oauth-ruby@googlegroups.com"
s.description = "OAuth Core Ruby implementation"
s.summary = s.description
s.rubyforge_project = %q{oauth}
s.add_development_dependency(%q<actionpack>, [">=2.3.5"])
s.add_development_dependency(%q<rack>, [">= 1.0.0"])
s.add_development_dependency(%q<mocha>, [">= 0.9.8"])
s.add_development_dependency(%q<typhoeus>, [">= 0.1.13"])
s.add_development_dependency(%q<em-http-request>, [">= 0.2.10"])
s.add_development_dependency(%q<curb>, [">= 0.6.6.0"])
s.files.include '.gemtest'
end
Jeweler::GemcutterTasks.new
rescue LoadError
puts "Jeweler (or a dependency) not available. Install it with: sudo gem install jeweler"
end
Rake::TestTask.new do |t|
t.libs << "test"
t.test_files = FileList['test/**/*test*.rb']
t.verbose = true
end
Dir['tasks/**/*.rake'].each { |t| load t }
task :default => :test
Common use-cases should be streamlined:
* I have a URL that I want to sign (given consumer key/secret, optional
token/secret, optional nonce/timestamp).
* I have a URL that I want to sign AND I want to see what the components
(e.g. signature base string, etc.) are while it's being signed (i.e. verbose
signing).
* I have a URL that I want to sign and I only want the signature.
* I have a URL that I want to sign and I want something suitable to put in
{the header, the querystring, XMPP}.
* I want to make a query to an OAuth-enabled web service (with sensible
errors, if available).
* I want to host an OAuth-enabled web service.
* I want to test my OAuth-enabled web service (i.e. test helpers)
Example applications for:
* Ning
* Fire Eagle
* Google (blogger, contacts)
* Twitter
* YOS / YQL
* Netflix
In addition to providing best practices of use, these can also be part of
the pre-release checks to make sure that there have been no regressions.
Random TODOs:
* finish CLI
* sensible Exception hierarchy
* Tokens as Modules
* don't tie to Net::HTTP
* Take a look at Curb HTTP Verbs
\ No newline at end of file
#!/usr/bin/env ruby
require "oauth/cli"
OAuth::CLI.execute(STDOUT, STDIN, STDERR, ARGV)
\ No newline at end of file
#!/usr/bin/env ruby -rubygems
# Sample queries:
# ./yql.rb --consumer-key <key> --consumer-secret <secret> "show tables"
# ./yql.rb --consumer-key <key> --consumer-secret <secret> "select * from flickr.photos.search where text='Cat' limit 10"
require 'oauth'
require 'optparse'
require 'json'
require 'pp'
options = {}
option_parser = OptionParser.new do |opts|
opts.banner = "Usage: #{$0} [options] <query>"
opts.on("--consumer-key KEY", "Specifies the consumer key to use.") do |v|
options[:consumer_key] = v
end
opts.on("--consumer-secret SECRET", "Specifies the consumer secret to use.") do |v|
options[:consumer_secret] = v
end
end
option_parser.parse!
query = ARGV.pop
query = STDIN.read if query == "-"
if options[:consumer_key].nil? || options[:consumer_secret].nil? || query.nil?
puts option_parser.help
exit 1
end
consumer = OAuth::Consumer.new \
options[:consumer_key],
options[:consumer_secret],
:site => "http://query.yahooapis.com"
access_token = OAuth::AccessToken.new(consumer)
response = access_token.request(:get, "/v1/yql?q=#{OAuth::Helper.escape(query)}&format=json")
rsp = JSON.parse(response.body)
pp rsp
# = digest/hmac.rb
#
# An implementation of HMAC keyed-hashing algorithm
#
# == Overview
#
# This library adds a method named hmac() to Digest classes, which
# creates a Digest class for calculating HMAC digests.
#
# == Examples
#
# require 'digest/hmac'
#
# # one-liner example
# puts Digest::HMAC.hexdigest("data", "hash key", Digest::SHA1)
#
# # rather longer one
# hmac = Digest::HMAC.new("foo", Digest::RMD160)
#
# buf = ""
# while stream.read(16384, buf)
# hmac.update(buf)
# end
#
# puts hmac.bubblebabble
#
# == License
#
# Copyright (c) 2006 Akinori MUSHA <knu@iDaemons.org>
#
# Documentation by Akinori MUSHA
#
# All rights reserved. You can redistribute and/or modify it under
# the same terms as Ruby.
#
# $Id: hmac.rb 14881 2008-01-04 07:26:14Z akr $
#
require 'digest'
unless defined?(Digest::HMAC)
module Digest
class HMAC < Digest::Class
def initialize(key, digester)
@md = digester.new
block_len = @md.block_length
if key.bytesize > block_len
key = @md.digest(key)
end
ipad = Array.new(block_len).fill(0x36)
opad = Array.new(block_len).fill(0x5c)
key.bytes.each_with_index { |c, i|
ipad[i] ^= c
opad[i] ^= c
}
@key = key.freeze
@ipad = ipad.inject('') { |s, c| s << c.chr }.freeze
@opad = opad.inject('') { |s, c| s << c.chr }.freeze
@md.update(@ipad)
end
def initialize_copy(other)
@md = other.instance_eval { @md.clone }
end
def update(text)
@md.update(text)
self
end
alias << update
def reset
@md.reset
@md.update(@ipad)
self
end
def finish
d = @md.digest!
@md.update(@opad)
@md.update(d)
@md.digest!
end
private :finish
def digest_length
@md.digest_length
end
def block_length
@md.block_length
end
def inspect
sprintf('#<%s: key=%s, digest=%s>', self.class.name, @key.inspect, @md.inspect.sub(/^\#<(.*)>$/) { $1 });
end
end
end
end
$LOAD_PATH << File.dirname(__FILE__) unless $LOAD_PATH.include?(File.dirname(__FILE__))
module OAuth
VERSION = "0.4.5"
end
require 'oauth/oauth'
require 'oauth/core_ext'
require 'oauth/client/helper'
require 'oauth/signature/hmac/sha1'
require 'oauth/signature/rsa/sha1'
require 'oauth/request_proxy/mock_request'
This diff is collapsed.
module OAuth
module Client
end
end
require 'oauth/client/helper'
if defined? ActionDispatch
require 'oauth/request_proxy/rack_request'
require 'action_dispatch/testing/test_process'
else
require 'oauth/request_proxy/action_controller_request'
require 'action_controller/test_process'
end
module ActionController
class Base
if defined? ActionDispatch
def process_with_new_base_test(request, response=nil)
request.apply_oauth! if request.respond_to?(:apply_oauth!)
super(request, response)
end
else
def process_with_oauth(request, response=nil)
request.apply_oauth! if request.respond_to?(:apply_oauth!)
process_without_oauth(request, response)
end
alias_method_chain :process, :oauth
end
end
class TestRequest
def self.use_oauth=(bool)
@use_oauth = bool
end
def self.use_oauth?
@use_oauth
end
def configure_oauth(consumer = nil, token = nil, options = {})
@oauth_options = { :consumer => consumer,
:token => token,
:scheme => 'header',
:signature_method => nil,
:nonce => nil,
:timestamp => nil }.merge(options)
end
def apply_oauth!
return unless ActionController::TestRequest.use_oauth? && @oauth_options
@oauth_helper = OAuth::Client::Helper.new(self, @oauth_options.merge(:request_uri => (respond_to?(:fullpath) ? fullpath : request_uri)))
@oauth_helper.amend_user_agent_header(env)
self.send("set_oauth_#{@oauth_options[:scheme]}")
end
def set_oauth_header
env['Authorization'] = @oauth_helper.header
end
def set_oauth_parameters
@query_parameters = @oauth_helper.parameters_with_oauth
@query_parameters.merge!(:oauth_signature => @oauth_helper.signature)
end
def set_oauth_query_string
end
end
end
require 'em-http'
require 'oauth/helper'
require 'oauth/client/helper'
require 'oauth/request_proxy/em_http_request'
# Extensions for em-http so that we can use consumer.sign! with an EventMachine::HttpClient
# instance. This is purely syntactic sugar.
class EventMachine::HttpClient
attr_reader :oauth_helper
# Add the OAuth information to an HTTP request. Depending on the <tt>options[:scheme]</tt> setting
# this may add a header, additional query string parameters, or additional POST body parameters.
# The default scheme is +header+, in which the OAuth parameters as put into the +Authorization+
# header.
#
# * http - Configured Net::HTTP instance, ignored in this scenario except for getting host.
# * consumer - OAuth::Consumer instance
# * token - OAuth::Token instance
# * options - Request-specific options (e.g. +request_uri+, +consumer+, +token+, +scheme+,
# +signature_method+, +nonce+, +timestamp+)
#
# This method also modifies the <tt>User-Agent</tt> header to add the OAuth gem version.
#
# See Also: {OAuth core spec version 1.0, section 5.4.1}[http://oauth.net/core/1.0#rfc.section.5.4.1]
def oauth!(http, consumer = nil, token = nil, options = {})
options = { :request_uri => normalized_oauth_uri(http),
:consumer => consumer,
:token => token,
:scheme => 'header',
:signature_method => nil,
:nonce => nil,
:timestamp => nil }.merge(options)
@oauth_helper = OAuth::Client::Helper.new(self, options)
self.__send__(:"set_oauth_#{options[:scheme]}")
end
# Create a string suitable for signing for an HTTP request. This process involves parameter
# normalization as specified in the OAuth specification. The exact normalization also depends
# on the <tt>options[:scheme]</tt> being used so this must match what will be used for the request
# itself. The default scheme is +header+, in which the OAuth parameters as put into the +Authorization+
# header.
#
# * http - Configured Net::HTTP instance
# * consumer - OAuth::Consumer instance
# * token - OAuth::Token instance
# * options - Request-specific options (e.g. +request_uri+, +consumer+, +token+, +scheme+,
# +signature_method+, +nonce+, +timestamp+)
#
# See Also: {OAuth core spec version 1.0, section 9.1.1}[http://oauth.net/core/1.0#rfc.section.9.1.1]
def signature_base_string(http, consumer = nil, token = nil, options = {})
options = { :request_uri => normalized_oauth_uri(http),
:consumer => consumer,
:token => token,
:scheme => 'header',
:signature_method => nil,
:nonce => nil,
:timestamp => nil }.merge(options)
OAuth::Client::Helper.new(self, options).signature_base_string
end
# This code was lifted from the em-http-request because it was removed from
# the gem June 19, 2010
# see: http://github.com/igrigorik/em-http-request/commit/d536fc17d56dbe55c487eab01e2ff9382a62598b
def normalize_uri
@normalized_uri ||= begin
uri = @uri.dup
encoded_query = encode_query(@uri, @options[:query])
path, query = encoded_query.split("?", 2)
uri.query = query unless encoded_query.empty?
uri.path = path
uri
end
end
protected
def combine_query(path, query, uri_query)
combined_query = if query.kind_of?(Hash)
query.map { |k, v| encode_param(k, v) }.join('&')
else
query.to_s
end
if !uri_query.to_s.empty?
combined_query = [combined_query, uri_query].reject {|part| part.empty?}.join("&")
end
combined_query.to_s.empty? ? path : "#{path}?#{combined_query}"
end
# Since we expect to get the host etc details from the http instance (...),