Module: OoAuth

Defined in:
lib/oo_auth.rb,
lib/oo_auth/nonce.rb,
lib/oo_auth/errors.rb,
lib/oo_auth/version.rb,
lib/oo_auth/constants.rb,
lib/oo_auth/signature.rb,
lib/oo_auth/credentials.rb,
lib/oo_auth/request_proxy.rb,
lib/oo_auth/nonce/redis_store.rb,
lib/oo_auth/nonce/abstract_store.rb

Defined Under Namespace

Modules: Signature Classes: ConfigurationError, Credentials, Error, Nonce, RequestProxy, UnsupportedSignatureMethod

Constant Summary collapse

VERSION = 
'1.0.1'
OUT_OF_BAND =

request tokens are passed between the consumer and the provider out of band (i.e. callbacks cannot be used), per section 6.1.1

'oob'
PARAMETERS =

FIXME: ordering required parameters, per sections 6.1.1, 6.3.1, and 7

%w(oauth_callback oauth_consumer_key oauth_token oauth_signature_method oauth_timestamp oauth_nonce oauth_verifier oauth_version oauth_signature oauth_body_hash)
RESERVED_CHARACTERS =

reserved character regexp, per section 5.1

/[^a-zA-Z0-9\-\.\_\~]/
HMAC_SHA1 =

Supported signature methods

'HMAC-SHA1'
HMAC_SHA256 = 
'HMAC-SHA256'
HMAC_SHA512 = 
'HMAC-SHA512'
SUPPORTED_SIGNATURE_METHODS = 
{ HMAC_SHA1   => OpenSSL::Digest::SHA1,
HMAC_SHA256 => OpenSSL::Digest::SHA256,
HMAC_SHA512 => OpenSSL::Digest::SHA512 }
DEFAULT_SIGNATURE_METHOD = 
HMAC_SHA1
MAX_TIMESTAMP_DEVIATION = 
5 * 60

Class Attribute Summary collapse

Class Method Summary collapse

Class Attribute Details

.authorization_storeObject

Define a lookup method for access token verification It should be callable (proc) or provide an authorization method, with the argument being the consumer key and token. The proc or method call should return

  • if the consumer key/token combination exists: an object which responding to credentials with an initialized instance of OoAuth::Credentials

  • nil otherwise.



31
32
33
 
# File 'lib/oo_auth.rb', line 31

def authorization_store
  @authorization_store
end

.nonce_storeObject

Initialize with instance of store OoAuth.nonce_store = OoAuth::Nonce::RedisStore.new(namespace: ‘foo’)



20
21
22
 
# File 'lib/oo_auth.rb', line 20

def nonce_store
  @nonce_store
end

Class Method Details

.authorization(consumer_key, token) ⇒ Object 



101
102
103
104
105
106
107
108
109
 
# File 'lib/oo_auth.rb', line 101

def authorization(consumer_key, token)
  if authorization_store.respond_to?(:call)
    authorization_store.call(consumer_key, token)
  elsif authorization_store.respond_to?(:authorization)
    authorization_store.authorization(consumer_key, token)
  else
    fail ConfigurationError, 'authorization store not callable'
  end
end

.authorize!(*args) ⇒ Object

Use this in your controllers to verify the OAuth signature of a request.



120
121
122
123
124
125
 
# File 'lib/oo_auth.rb', line 120

def authorize!(*args)
  proxy = RequestProxy.new(*args)
  return unless authorization = self.authorization(proxy.consumer_key, proxy.token)
  return unless Signature.verify!(proxy, authorization.credentials)
  authorization
end

.encode(*components) ⇒ Object

cf. tools.ietf.org/html/rfc5849#section-3.4.1.1 cf. tools.ietf.org/html/rfc5849#section-3.4.4



92
93
94
 
# File 'lib/oo_auth.rb', line 92

def encode(*components)
  components.map { |component| OoAuth.escape(component) }.join('&')
end

.escape(value) ⇒ Object

Escape value by URL encoding all non-reserved character.

See Also: OAuth core spec version 1.0, section 5.1



80
81
82
83
84
 
# File 'lib/oo_auth.rb', line 80

def escape(value)
  URI.escape(value.to_s, RESERVED_CHARACTERS)
rescue ArgumentError
  URI.escape(value.to_s.force_encoding(Encoding::UTF_8), RESERVED_CHARACTERS)
end

.generate_key(size = 32) ⇒ Object Also known as: generate_nonce

Generate a random key of up to size bytes. The value returned is Base64 encoded with non-word characters removed.



71
72
73
 
# File 'lib/oo_auth.rb', line 71

def generate_key(size = 32)
  Base64.encode64(OpenSSL::Random.random_bytes(size)).gsub(/\W/, '')
end

.sign!(*args) ⇒ Object

Use this to sign Net::HTTP or ActionDispatch requests



112
113
114
115
116
 
# File 'lib/oo_auth.rb', line 112

def sign!(*args)
  credentials = args.pop
  proxy = RequestProxy.new(*args)
  Signature.sign!(proxy, credentials)
end

.signature_methodObject 



59
60
61
 
# File 'lib/oo_auth.rb', line 59

def signature_method
  @signature_method ||= DEFAULT_SIGNATURE_METHOD
end

.signature_method=(value) ⇒ Object

Set the signature method to use



64
65
66
67
 
# File 'lib/oo_auth.rb', line 64

def signature_method=(value)
  verify_signature_method!(value)
  @signature_method = value
end

.signature_methodsObject 



33
34
35
 
# File 'lib/oo_auth.rb', line 33

def signature_methods
  @signature_methods ||= SUPPORTED_SIGNATURE_METHODS
end

.signature_methods=(methods) ⇒ Object

Set the available signature methods You can either use strings or symbols, e.g.

‘HMAC_SHA1’, :hmac_sha256 


40
41
42
43
44
45
46
 
# File 'lib/oo_auth.rb', line 40

def signature_methods=(methods)
  @signature_methods = methods.collect do |method|
    method = method.to_s.upcase.sub('_', '-')
    raise UnsupportedSignatureMethod, method.inspect unless SUPPORTED_SIGNATURE_METHODS.include?(method)
    method
  end
end

.timestampObject

Current UTC timestamp



97
98
99
 
# File 'lib/oo_auth.rb', line 97

def timestamp
  Time.now.utc.to_i
end

.unescape(value) ⇒ Object 



86
87
88
 
# File 'lib/oo_auth.rb', line 86

def unescape(value)
  URI.unescape(value.gsub('+', '%2B'))
end

.verify_signature_method!(value) ⇒ Object

Check if the signature method is valid, raise error if not

Supported values:

  • ‘HMAC-SHA1’

  • ‘HMAC-SHA256’

  • ‘HMAC-SHA512’

Raises:



55
56
57
 
# File 'lib/oo_auth.rb', line 55

def verify_signature_method!(value)
  raise UnsupportedSignatureMethod, value.inspect unless signature_methods.include?(value)
end