Module: OAuth::Helper
- Extended by:
- Helper
- Included in:
- Net::HTTPRequest, Client::Helper, Helper, RequestProxy::Base, Server, Signature::Base, Token
- Defined in:
- lib/oauth/helper.rb
Instance Method Summary collapse
-
#bytes(a) ⇒ Object
Creates a per byte enumerator for a string regardless of RUBY VERSION.
-
#escape(value) ⇒ Object
Escape
value
by URL encoding all non-reserved character. -
#generate_key(size = 32) ⇒ Object
(also: #generate_nonce)
Generate a random key of up to
size
bytes. -
#generate_timestamp ⇒ Object
:nodoc:.
-
#normalize(params) ⇒ Object
Normalize a
Hash
of parameter values. -
#parse_header(header) ⇒ Object
Parse an Authorization / WWW-Authenticate header into a hash.
-
#secure_equals(a, b) ⇒ Object
A secure version of equals meant to avoid timing attacks as specified here codahale.com/a-lesson-in-timing-attacks/.
- #unescape(value) ⇒ Object
Instance Method Details
#bytes(a) ⇒ Object
Creates a per byte enumerator for a string regardless of RUBY VERSION
91 92 93 94 95 96 97 98 |
# File 'lib/oauth/helper.rb', line 91 def bytes(a) return [] if a.nil? if a.respond_to?(:bytes) a.bytes else Enumerable::Enumerator.new(a, :each_byte) end end |
#escape(value) ⇒ Object
Escape value
by URL encoding all non-reserved character.
See Also: OAuth core spec version 1.0, section 5.1
12 13 14 |
# File 'lib/oauth/helper.rb', line 12 def escape(value) URI::escape(value.to_s, OAuth::RESERVED_CHARACTERS) end |
#generate_key(size = 32) ⇒ Object Also known as: generate_nonce
Generate a random key of up to size
bytes. The value returned is Base64 encoded with non-word characters removed.
18 19 20 |
# File 'lib/oauth/helper.rb', line 18 def generate_key(size=32) Base64.encode64(OpenSSL::Random.random_bytes(size)).gsub(/\W/, '') end |
#generate_timestamp ⇒ Object
:nodoc:
24 25 26 |
# File 'lib/oauth/helper.rb', line 24 def #:nodoc: Time.now.to_i.to_s end |
#normalize(params) ⇒ Object
Normalize a Hash
of parameter values. Parameters are sorted by name, using lexicographical byte value ordering. If two or more parameters share the same name, they are sorted by their value. Parameters are concatenated in their sorted order into a single string. For each parameter, the name is separated from the corresponding value by an “=” character, even if the value is empty. Each name-value pair is separated by an “&” character.
35 36 37 38 39 40 41 42 43 44 45 46 47 |
# File 'lib/oauth/helper.rb', line 35 def normalize(params) params.sort.map do |k, values| if values.is_a?(Array) # multiple values were provided for a single key values.sort.collect do |v| [escape(k),escape(v)] * "=" end else [escape(k),escape(values)] * "=" end end * "&" end |
#parse_header(header) ⇒ Object
Parse an Authorization / WWW-Authenticate header into a hash. Takes care of unescaping and removing surrounding quotes. Raises a OAuth::Problem if the header is not parsable into a valid hash. Does not validate the keys or values.
hash = parse_header(headers['Authorization'] || headers['WWW-Authenticate'])
hash['oauth_timestamp']
#=>"1234567890"
57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 |
# File 'lib/oauth/helper.rb', line 57 def parse_header(header) # decompose params = header[6,header.length].split(/[,=]/) # odd number of arguments - must be a malformed header. raise OAuth::Problem.new("Invalid authorization header") if params.size % 2 != 0 params.map! do |v| # strip and unescape val = unescape(v.strip) # strip quotes val.sub(/^\"(.*)\"$/, '\1') end # convert into a Hash Hash[*params.flatten] end |
#secure_equals(a, b) ⇒ Object
A secure version of equals meant to avoid timing attacks as specified here codahale.com/a-lesson-in-timing-attacks/
77 78 79 80 81 82 83 84 |
# File 'lib/oauth/helper.rb', line 77 def secure_equals(a,b) return a==b unless a.is_a?(String)&&b.is_a?(String) result = 0 bytes(a).zip(bytes(b)).each do |x,y| result |= (x ^ y) end (result == 0) && (a.length == b.length) end |
#unescape(value) ⇒ Object
86 87 88 |
# File 'lib/oauth/helper.rb', line 86 def unescape(value) URI.unescape(value.gsub('+', '%2B')) end |