Class: GData::Auth::AuthSub

Inherits:

Object

• Object
• GData::Auth::AuthSub

Defined in:

lib/gdata/auth/authsub.rb

Overview

This class implements AuthSub signatures for Data API requests. It can be used with a GData::Client::GData object.

Constant Summary

REQUEST_HANDLER =

The URL of AuthSubRequest.

'https://www.google.com/accounts/AuthSubRequest'

SESSION_HANDLER =

The URL of AuthSubSessionToken.

'https://www.google.com/accounts/AuthSubSessionToken'

REVOKE_HANDLER =

The URL of AuthSubRevokeToken.

'https://www.google.com/accounts/AuthSubRevokeToken'

INFO_HANDLER =

The URL of AuthSubInfo.

'https://www.google.com/accounts/AuthSubTokenInfo'

BIG_INT_MAX =

2 ** 64, the largest 64 bit unsigned integer

18446744073709551616

Instance Attribute Summary

• #private_key ⇒ Object

  Private RSA key used to sign secure requests.

• #token ⇒ Object

  AuthSub access token.

Class Method Summary

• .get_url(next_url, scope, secure = false, session = true, domain = nil) ⇒ Object

  Return the proper URL for an AuthSub approval page with the requested scope.

Instance Method Summary

• #info ⇒ Object

  Return some information about the current token.

• #initialize(token, options = {}) ⇒ AuthSub constructor

  Initialize the class with a new token.

• #revoke ⇒ Object

  Revoke the token.

• #sign_request!(request) ⇒ Object

  Sign a GData::Http::Request object with a valid AuthSub Authorization header.

• #upgrade ⇒ Object

  Upgrade the current token into a session token.

Constructor Details

#initialize(token, options = {}) ⇒ AuthSub

Initialize the class with a new token. Optionally pass a private key or custom URLs.

# File 'lib/gdata/auth/authsub.rb', line 44

def initialize(token, options = {})
  if token.nil?
    raise ArgumentError, "Token cannot be nil."
  elsif token.class != String
    raise ArgumentError, "Token must be a String."
  end
  
  @token = token
  
  options.each do |key, value|
    self.send("#{key}=", value)
  end
end

Instance Attribute Details

#private_key ⇒ Object

Private RSA key used to sign secure requests.

# File 'lib/gdata/auth/authsub.rb', line 40

def private_key
  @private_key
end

#token ⇒ Object

AuthSub access token.

# File 'lib/gdata/auth/authsub.rb', line 38

def token
  @token
end

Class Method Details

.get_url(next_url, scope, secure = false, session = true, domain = nil) ⇒ Object

Return the proper URL for an AuthSub approval page with the requested scope. next_url should be a URL that points back to your code that will receive the token. domain is optionally a Google Apps domain.

# File 'lib/gdata/auth/authsub.rb', line 145

def self.get_url(next_url, scope, secure = false, session = true, 
    domain = nil)
  next_url = CGI.escape(next_url)
  scope = CGI.escape(scope)
  secure = secure ? 1 : 0
  session = session ? 1 : 0
  body = "next=#{next_url}&scope=#{scope}&session=#{session}" +
         "&secure=#{secure}"
  if domain
    domain = CGI.escape(domain)
    body = "#{body}&hd=#{domain}"
  end
  return "#{REQUEST_HANDLER}?#{body}"
end

Instance Method Details

#info ⇒ Object

Return some information about the current token. If the current token is a one-time use token, this operation will use it up!

# File 'lib/gdata/auth/authsub.rb', line 113

def info
  request = GData::HTTP::Request.new(INFO_HANDLER)
  sign_request!(request)
  service = GData::HTTP::DefaultService.new
  response = service.make_request(request)
  if response.status_code != 200
    raise GData::Client::AuthorizationError.new(response)
  end
  
  result = {}
  result[:target] = response.body[/Target=(.*)/,1]
  result[:scope] = response.body[/Scope=(.*)/,1]
  result[:secure] = response.body[/Secure=(.*)/,1]
  return result
 
end

#revoke ⇒ Object

Revoke the token.

# File 'lib/gdata/auth/authsub.rb', line 131

def revoke
  request = GData::HTTP::Request.new(REVOKE_HANDLER)
  sign_request!(request)
  service = GData::HTTP::DefaultService.new
  response = service.make_request(request)
  if response.status_code != 200
    raise GData::Client::AuthorizationError.new(response)
  end

end

#sign_request!(request) ⇒ Object

Sign a GData::Http::Request object with a valid AuthSub Authorization header.

# File 'lib/gdata/auth/authsub.rb', line 79

def sign_request!(request)
  header = "AuthSub token=\"#{@token}\""
  
  if @private_key
    time = Time.now.to_i
    nonce = OpenSSL::BN.rand_range(BIG_INT_MAX)
    method = request.method.to_s.upcase
    data = "#{method} #{request.url} #{time} #{nonce}"
    sig = @private_key.sign(OpenSSL::Digest::SHA1.new, data)
    sig = Base64.encode64(sig).gsub(/\n/, '')
    header = "#{header} sigalg=\"rsa-sha1\" data=\"#{data}\""
    header = "#{header} sig=\"#{sig}\""
  end
  
  request.headers['Authorization'] = header
end

#upgrade ⇒ Object

Upgrade the current token into a session token.

# File 'lib/gdata/auth/authsub.rb', line 97

def upgrade
  request = GData::HTTP::Request.new(SESSION_HANDLER)
  sign_request!(request)
  service = GData::HTTP::DefaultService.new
  response = service.make_request(request)
  if response.status_code != 200
    raise GData::Client::AuthorizationError.new(response)
  end
  
  @token = response.body[/Token=(.*)/,1]
  return @token
  
end