Module: Signet::OAuth1

Defined in:

lib/signet/oauth_1/credential.rb,
lib/signet/oauth_1.rb,
lib/signet/oauth_1/client.rb,
lib/signet/oauth_1/server.rb,
lib/signet/oauth_1/signature_methods/rsa_sha1.rb,
lib/signet/oauth_1/signature_methods/hmac_sha1.rb,
lib/signet/oauth_1/signature_methods/plaintext.rb

Overview

:nodoc:

Defined Under Namespace

Modules: HMACSHA1, PLAINTEXT, RSASHA1 Classes: Client, Credential, Server

Constant Summary

OUT_OF_BAND =

'oob'

Class Method Summary

• .encode(value) ⇒ String

  Converts a value to a percent-encoded String according to the rules given in RFC 5849.

• .extract_credential_key_option(credential_type, options) ⇒ String

  Processes an options Hash to find a credential key value.

• .extract_credential_secret_option(credential_type, options) ⇒ String

  Processes an options Hash to find a credential secret value.

• .generate_authorization_header(parameters, realm = nil) ⇒ String

  Generates an Authorization header from a parameter list according to the rules given in RFC 5849.

• .generate_authorization_uri(authorization_uri, options = {}) ⇒ String

  Appends the optional ‘oauth_token’ and ‘oauth_callback’ parameters to the base authorization URI.

• .generate_base_string(method, uri, parameters) ⇒ String

  Generates a signature base string according to the algorithm given in RFC 5849.

• .generate_nonce ⇒ String

  Returns a nonce suitable for use as an 'oauth_nonce' value.

• .generate_timestamp ⇒ String

  Returns a timestamp suitable for use as an 'oauth_timestamp' value.

• .normalize_parameters(parameters) ⇒ String

  Normalizes a set of OAuth parameters according to the algorithm given in RFC 5849.

• .parse_authorization_header(field_value) ⇒ Object

  Parses an Authorization header into its component parameters.

• .parse_form_encoded_credentials(body) ⇒ Signet::OAuth1::Credential

  Parses an application/x-www-form-urlencoded HTTP response body into an OAuth key/secret pair.

• .sign_parameters(method, uri, parameters, client_credential_secret, token_credential_secret = nil) ⇒ String

  Generates an OAuth signature using the signature method indicated in the parameter list.

• .unencode(value) ⇒ String

  Converts a percent-encoded String to an unencoded value.

• .unsigned_resource_parameters(options = {}) ⇒ Array

  Generates an OAuth parameter list to be used when requesting a protected resource.

• .unsigned_temporary_credential_parameters(options = {}) ⇒ Array

  Generates an OAuth parameter list to be used when obtaining a set of temporary credentials.

• .unsigned_token_credential_parameters(options = {}) ⇒ Array

  Generates an OAuth parameter list to be used when obtaining a set of token credentials.

Class Method Details

.encode(value) ⇒ String

Converts a value to a percent-encoded String according to the rules given in RFC 5849. All non-unreserved characters are percent-encoded.

Parameters:

• value (Symbol, #to_str) —

  The value to be encoded.

Returns:

• (String) —

  The percent-encoded value.

# File 'lib/signet/oauth_1.rb', line 18

def self.encode(value)
  value = value.to_s if value.kind_of?(Symbol)
  return Addressable::URI.encode_component(
    value,
    Addressable::URI::CharacterClasses::UNRESERVED
  )
end

.extract_credential_key_option(credential_type, options) ⇒ String

Processes an options Hash to find a credential key value. Allows for greater flexibility in configuration.

Parameters:

• credential_type (Symbol) —

  One of :client, :temporary, :token, :consumer, :request, or :access.

Returns:

• (String) —

  The credential key value.

# File 'lib/signet/oauth_1.rb', line 65

def self.extract_credential_key_option(credential_type, options)
  # Normalize key to String to allow indifferent access.
  options = options.inject({}) { |accu, (k, v)| accu[k.to_s] = v; accu }
  credential_key = "#{credential_type}_credential_key"
  credential = "#{credential_type}_credential"
  if options[credential_key]
    credential_key = options[credential_key]
  elsif options[credential]
    require 'signet/oauth_1/credential'
    if !options[credential].respond_to?(:key)
      raise TypeError,
        "Expected Signet::OAuth1::Credential, " +
        "got #{options[credential].class}."
    end
    credential_key = options[credential].key
  elsif options["client"]
    require 'signet/oauth_1/client'
    if !options["client"].kind_of?(::Signet::OAuth1::Client)
      raise TypeError,
        "Expected Signet::OAuth1::Client, got #{options["client"].class}."
    end
    credential_key = options["client"].send(credential_key)
  else
    credential_key = nil
  end
  if credential_key != nil && !credential_key.kind_of?(String)
    raise TypeError,
      "Expected String, got #{credential_key.class}."
  end
  return credential_key
end

.extract_credential_secret_option(credential_type, options) ⇒ String

Processes an options Hash to find a credential secret value. Allows for greater flexibility in configuration.

Parameters:

• credential_type (Symbol) —

  One of :client, :temporary, :token, :consumer, :request, or :access.

Returns:

• (String) —

  The credential secret value.

# File 'lib/signet/oauth_1.rb', line 107

def self.extract_credential_secret_option(credential_type, options)
  # Normalize key to String to allow indifferent access.
  options = options.inject({}) { |accu, (k, v)| accu[k.to_s] = v; accu }
  credential_secret = "#{credential_type}_credential_secret"
  credential = "#{credential_type}_credential"
  if options[credential_secret]
    credential_secret = options[credential_secret]
  elsif options[credential]
    require 'signet/oauth_1/credential'
    if !options[credential].respond_to?(:secret)
      raise TypeError,
        "Expected Signet::OAuth1::Credential, " +
        "got #{options[credential].class}."
    end
    credential_secret = options[credential].secret
  elsif options["client"]
    require 'signet/oauth_1/client'
    if !options["client"].kind_of?(::Signet::OAuth1::Client)
      raise TypeError,
        "Expected Signet::OAuth1::Client, got #{options["client"].class}."
    end
    credential_secret = options["client"].send(credential_secret)
  else
    credential_secret = nil
  end
  if credential_secret != nil && !credential_secret.kind_of?(String)
    raise TypeError,
      "Expected String, got #{credential_secret.class}."
  end
  return credential_secret
end

.generate_authorization_header(parameters, realm = nil) ⇒ String

Generates an Authorization header from a parameter list according to the rules given in RFC 5849.

Parameters:

• parameters (Enumerable) —

  The OAuth parameter list.

• realm (String) (defaults to: nil) —

  The Authorization realm. See RFC 2617.

Returns:

• (String) —

  The Authorization header.

# File 'lib/signet/oauth_1.rb', line 204

def self.generate_authorization_header(parameters, realm=nil)
  if !parameters.kind_of?(Enumerable) || parameters.kind_of?(String)
    raise TypeError, "Expected Enumerable, got #{parameters.class}."
  end
  parameter_list = parameters.map do |k, v|
    if k == 'realm'
      raise ArgumentError,
        'The "realm" parameter must be specified as a separate argument.'
    end
    "#{self.encode(k)}=\"#{self.encode(v)}\""
  end
  if realm
    realm = realm.gsub('"', '\"')
    parameter_list.unshift("realm=\"#{realm}\"")
  end
  return 'OAuth ' + parameter_list.join(", ")
end

.generate_authorization_uri(authorization_uri, options = {}) ⇒ String

Appends the optional ‘oauth_token’ and ‘oauth_callback’ parameters to the base authorization URI.

Parameters:

• authorization_uri (Addressable::URI, String, #to_str) —

  The base authorization URI.

Returns:

• (String) —

  The authorization URI to redirect the user to.

# File 'lib/signet/oauth_1.rb', line 359

def self.generate_authorization_uri(authorization_uri, options={})
  options = {
    :callback => nil,
    :additional_parameters => {}
  }.merge(options)
  temporary_credential_key =
    self.extract_credential_key_option(:temporary, options)
  parsed_uri = Addressable::URI.parse(authorization_uri).dup
  query_values = parsed_uri.query_values || {}
  if options[:additional_parameters]
    query_values = query_values.merge(
      options[:additional_parameters].inject({}) { |h,(k,v)| h[k]=v; h }
    )
  end
  if temporary_credential_key
    query_values['oauth_token'] = temporary_credential_key
  end
  if options[:callback]
    query_values['oauth_callback'] = options[:callback]
  end
  parsed_uri.query_values = query_values
  return parsed_uri.normalize.to_s
end

.generate_base_string(method, uri, parameters) ⇒ String

Generates a signature base string according to the algorithm given in RFC 5849. Joins the method, URI, and normalized parameter string with ‘&’ characters.

Parameters:

• method (String) —

  The HTTP method.

• uri (Addressable::URI, String, #to_str) —

  The URI.

• parameters (Enumerable) —

  The OAuth parameter list.

Returns:

• (String) —

  The signature base string.

# File 'lib/signet/oauth_1.rb', line 170

def self.generate_base_string(method, uri, parameters)
  if !parameters.kind_of?(Enumerable)
    raise TypeError, "Expected Enumerable, got #{parameters.class}."
  end
  method = method.to_s.upcase
  parsed_uri = Addressable::URI.parse(uri)
  uri = Addressable::URI.new(
    :scheme => parsed_uri.normalized_scheme,
    :authority => parsed_uri.normalized_authority,
    :path => parsed_uri.path,
    :query => parsed_uri.query,
    :fragment => parsed_uri.fragment
  )
  uri_parameters = uri.query_values.to_a
  uri = uri.omit(:query, :fragment).to_s
  merged_parameters =
    uri_parameters.concat(parameters.map { |k, v| [k, v] })
  parameter_string = self.normalize_parameters(merged_parameters)
  return [
    self.encode(method),
    self.encode(uri),
    self.encode(parameter_string)
  ].join('&')
end

.generate_nonce ⇒ String

Returns a nonce suitable for use as an 'oauth_nonce' value.

Returns:

• (String) —

  A random nonce.

# File 'lib/signet/oauth_1.rb', line 51

def self.generate_nonce()
  return SecureRandom.random_bytes(16).unpack('H*').join('')
end

.generate_timestamp ⇒ String

Returns a timestamp suitable for use as an 'oauth_timestamp' value.

Returns:

• (String) —

  The current timestamp.

# File 'lib/signet/oauth_1.rb', line 42

def self.generate_timestamp()
  return Time.now.to_i.to_s
end

.normalize_parameters(parameters) ⇒ String

Normalizes a set of OAuth parameters according to the algorithm given in RFC 5849. Sorts key/value pairs lexically by byte order, first by key, then by value, joins key/value pairs with the ‘=’ character, then joins the entire parameter list with ‘&’ characters.

Parameters:

• parameters (Enumerable) —

  The OAuth parameter list.

Returns:

• (String) —

  The normalized parameter list.

# File 'lib/signet/oauth_1.rb', line 148

def self.normalize_parameters(parameters)
  if !parameters.kind_of?(Enumerable)
    raise TypeError, "Expected Enumerable, got #{parameters.class}."
  end
  parameter_list = parameters.map do |k, v|
    next if k == "oauth_signature"
    # This is probably the wrong place to try to exclude the realm
    "#{self.encode(k)}=#{self.encode(v)}"
  end
  return parameter_list.compact.sort.join("&")
end

.parse_authorization_header(field_value) ⇒ Object

Parses an Authorization header into its component parameters. Parameter keys and values are decoded according to the rules given in RFC 5849.

# File 'lib/signet/oauth_1.rb', line 226

def self.parse_authorization_header(field_value)
  if !field_value.kind_of?(String)
    raise TypeError, "Expected String, got #{field_value.class}."
  end
  auth_scheme = field_value[/^([-._0-9a-zA-Z]+)/, 1]
  case auth_scheme
  when /^OAuth$/i
    # Other token types may be supported eventually
    pairs = Signet.parse_auth_param_list(field_value[/^OAuth\s+(.*)$/i, 1])
    return (pairs.inject([]) do |accu, (k, v)|
      if k != 'realm'
        k = self.unencode(k)
        v = self.unencode(v)
      end
      accu << [k, v]
      accu
    end)
  else
    raise ParseError,
      'Parsing non-OAuth Authorization headers is out of scope.'
  end
end

.parse_form_encoded_credentials(body) ⇒ Signet::OAuth1::Credential

Parses an application/x-www-form-urlencoded HTTP response body into an OAuth key/secret pair.

Parameters:

• body (String) —

  The response body.

Returns:

• (Signet::OAuth1::Credential) —

  The OAuth credentials.

# File 'lib/signet/oauth_1.rb', line 256

def self.parse_form_encoded_credentials(body)
  if !body.kind_of?(String)
    raise TypeError, "Expected String, got #{body.class}."
  end
  return Signet::OAuth1::Credential.new(
    Addressable::URI.form_unencode(body)
  )
end

.sign_parameters(method, uri, parameters, client_credential_secret, token_credential_secret = nil) ⇒ String

Generates an OAuth signature using the signature method indicated in the parameter list. Unsupported signature methods will result in a NotImplementedError exception being raised.

Parameters:

• method (String) —

  The HTTP method.

• uri (Addressable::URI, String, #to_str) —

  The URI.

• parameters (Enumerable) —

  The OAuth parameter list.

• client_credential_secret (String) —

  The client credential secret.

• token_credential_secret (String) (defaults to: nil) —

  The token credential secret. Omitted when unavailable.

Returns:

• (String) —

  The signature.

# File 'lib/signet/oauth_1.rb', line 278

def self.sign_parameters(method, uri, parameters,
    client_credential_secret, token_credential_secret=nil)
  # Technically, the token_credential_secret parameter here may actually
  # be a temporary credential secret when obtaining a token credential
  # for the first time
  base_string = self.generate_base_string(method, uri, parameters)
  parameters = parameters.inject({}) { |h,(k,v)| h[k.to_s]=v; h }
  signature_method = parameters['oauth_signature_method']
  case signature_method
  when 'HMAC-SHA1'
    require 'signet/oauth_1/signature_methods/hmac_sha1'
    return Signet::OAuth1::HMACSHA1.generate_signature(
      base_string, client_credential_secret, token_credential_secret
    )
  when 'RSA-SHA1'
    require 'signet/oauth_1/signature_methods/rsa_sha1'
    return Signet::OAuth1::RSASHA1.generate_signature(
      base_string, client_credential_secret, token_credential_secret
    )
  when 'PLAINTEXT'
    require 'signet/oauth_1/signature_methods/plaintext'
    return Signet::OAuth1::PLAINTEXT.generate_signature(
      base_string, client_credential_secret, token_credential_secret
    )
  else
    raise NotImplementedError,
      "Unsupported signature method: #{signature_method}"
  end
end

.unencode(value) ⇒ String

Converts a percent-encoded String to an unencoded value.

Parameters:

• value (#to_str) —

  The percent-encoded String to be unencoded.

Returns:

• (String) —

  The unencoded value.

# File 'lib/signet/oauth_1.rb', line 33

def self.unencode(value)
  return Addressable::URI.unencode_component(value)
end

.unsigned_resource_parameters(options = {}) ⇒ Array

Generates an OAuth parameter list to be used when requesting a protected resource.

Parameters:

• options (Hash) (defaults to: {}) —

  The configuration parameters for the request.

  • :client_credential_key - The client credential key.

  • :token_credential_key - The token credential key.

  • :signature_method - The signature method. Defaults to 'HMAC-SHA1'.

  • :two_legged - A switch for two-legged OAuth. Defaults to false.

Returns:

• (Array) —

  The parameter list as an Array of key/value pairs.

# File 'lib/signet/oauth_1.rb', line 448

def self.unsigned_resource_parameters(options={})
  options = {
    :signature_method => 'HMAC-SHA1',
    :two_legged => false
  }.merge(options)
  client_credential_key =
    self.extract_credential_key_option(:client, options)
  if client_credential_key == nil
    raise ArgumentError, "Missing :client_credential_key parameter."
  end
  unless options[:two_legged]
    token_credential_key =
      self.extract_credential_key_option(:token, options)
    if token_credential_key == nil
      raise ArgumentError, "Missing :token_credential_key parameter."
    end
  end
  parameters = [
    ["oauth_consumer_key", client_credential_key],
    ["oauth_signature_method", options[:signature_method]],
    ["oauth_timestamp", self.generate_timestamp()],
    ["oauth_nonce", self.generate_nonce()],
    ["oauth_version", "1.0"]
  ]
  unless options[:two_legged]
    parameters << ["oauth_token", token_credential_key]
  end
  # No additional parameters allowed here
  return parameters
end

.unsigned_temporary_credential_parameters(options = {}) ⇒ Array

Generates an OAuth parameter list to be used when obtaining a set of temporary credentials.

Parameters:

• options (Hash) (defaults to: {}) —

  The configuration parameters for the request.

  • :client_credential_key - The client credential key.

  • :callback - The OAuth callback. Defaults to OUT_OF_BAND.

  • :signature_method - The signature method. Defaults to 'HMAC-SHA1'.

  • :additional_parameters - Non-standard additional parameters.

Returns:

• (Array) —

  The parameter list as an Array of key/value pairs.

# File 'lib/signet/oauth_1.rb', line 325

def self.unsigned_temporary_credential_parameters(options={})
  options = {
    :callback => ::Signet::OAuth1::OUT_OF_BAND,
    :signature_method => 'HMAC-SHA1',
    :additional_parameters => []
  }.merge(options)
  client_credential_key =
    self.extract_credential_key_option(:client, options)
  if client_credential_key == nil
    raise ArgumentError, "Missing :client_credential_key parameter."
  end
  parameters = [
    ["oauth_consumer_key", client_credential_key],
    ["oauth_signature_method", options[:signature_method]],
    ["oauth_timestamp", self.generate_timestamp()],
    ["oauth_nonce", self.generate_nonce()],
    ["oauth_version", "1.0"],
    ["oauth_callback", options[:callback]]
  ]
  # Works for any Enumerable
  options[:additional_parameters].each do |key, value|
    parameters << [key, value]
  end
  return parameters
end

.unsigned_token_credential_parameters(options = {}) ⇒ Array

Generates an OAuth parameter list to be used when obtaining a set of token credentials.

Parameters:

• options (Hash) (defaults to: {}) —

  The configuration parameters for the request.

  • :client_credential_key - The client credential key.

  • :temporary_credential_key - The temporary credential key.

  • :verifier - The OAuth verifier.

  • :signature_method - The signature method. Defaults to 'HMAC-SHA1'.

Returns:

• (Array) —

  The parameter list as an Array of key/value pairs.

# File 'lib/signet/oauth_1.rb', line 400

def self.unsigned_token_credential_parameters(options={})
  options = {
    :signature_method => 'HMAC-SHA1',
    :verifier => nil
  }.merge(options)
  client_credential_key =
    self.extract_credential_key_option(:client, options)
  temporary_credential_key =
    self.extract_credential_key_option(:temporary, options)
  if client_credential_key == nil
    raise ArgumentError, "Missing :client_credential_key parameter."
  end
  if temporary_credential_key == nil
    raise ArgumentError, "Missing :temporary_credential_key parameter."
  end
  if options[:verifier] == nil
    raise ArgumentError, "Missing :verifier parameter."
  end
  parameters = [
    ["oauth_consumer_key", client_credential_key],
    ["oauth_token", temporary_credential_key],
    ["oauth_signature_method", options[:signature_method]],
    ["oauth_timestamp", self.generate_timestamp()],
    ["oauth_nonce", self.generate_nonce()],
    ["oauth_verifier", options[:verifier]],
    ["oauth_version", "1.0"]
  ]
  # No additional parameters allowed here
  return parameters
end