Module: OohAuth::Request::VerificationMixin
- Defined in:
- lib/ooh-auth/request_verification_mixin.rb
Instance Method Summary collapse
-
#authenticating_client ⇒ Object
Returns the authenticating client referenced by the consumer key in the given request, or nil if no consumer key was given or if the given consumer key was invalid.
-
#authentication_token ⇒ Object
Returns the stored token referenced by the oauth_token header or parameter, or nil if none was found.
-
#build_signature ⇒ Object
Creates a signature for this request, returning the final hash required for insertion in a signed URL.
- #callback ⇒ Object
-
#consumer_key ⇒ Object
Returns the oauth_consumer_key from the Authorization header or the GET/POST params, or nil if not present.
-
#nonce ⇒ Object
Returns the oauth_nonce from the Authorization header or the GET/POST params, or nil if not present.
-
#normalise_signature_params ⇒ Object
Returns the signature_params as a normalised string in line with oauth.net/core/1.0#signing_process.
-
#oauth_headers ⇒ Object
Returns any given OAuth headers as specified in oauth.net/core/1.0#auth_header as a hash.
-
#oauth_merged_params ⇒ Object
Returns the params properly merged with the oauth headers if they were given.
-
#oauth_request? ⇒ Boolean
Returns TRUE if the request contains api-flavour parameters.
-
#oauth_version ⇒ Object
Returns the oauth_version from the Authorization header or the GET/POST params, or nil if not present, defaulting to “1.0” if not given.
-
#parse_oauth_headers ⇒ Object
Parses the given OAuth headers into a hash.
-
#signature ⇒ Object
Returns the oauth_signature from the Authorization header or the GET/POST params, or nil if not present.
-
#signature_base_string ⇒ Object
Creates a plaintext version of the signature base string ready to be run through any# of the support OAuth signature methods.
-
#signature_method ⇒ Object
Returns the requested signature signing mechanism from the auth headers, defaulting to HMAC-SHA1.
-
#signature_oauth_headers ⇒ Object
Returns the auth headers for duplicating the request signature, missing the realm variable as defined in oauth.net/core/1.0#signing_process.
-
#signature_params ⇒ Object
Scrubs route parameters from the known params, returning a hash of known GET and POST parameters.
-
#signature_secret ⇒ Object
Returns the signature secret, which is expected to be the HMAC encryption key for signed requests.
-
#signed? ⇒ Boolean
Attempts to verify the request’s signature using the strategy covered in signing.markdown.
-
#timestamp ⇒ Object
Returns the oauth_timestamp from the Authorization header or the GET/POST params, or nil if not present.
-
#token ⇒ Object
Returns the oauth_token from the Authorization header or the GET/POST params, or nil if not present.
Instance Method Details
#authenticating_client ⇒ Object
Returns the authenticating client referenced by the consumer key in the given request, or nil if no consumer key was given or if the given consumer key was invalid.
21 22 23 24 |
# File 'lib/ooh-auth/request_verification_mixin.rb', line 21 def authenticating_client #return false unless signed? @authenticating_client ||= OohAuth::AuthenticatingClient.first(:api_key=>consumer_key) end |
#authentication_token ⇒ Object
Returns the stored token referenced by the oauth_token header or parameter, or nil if none was found.
27 28 29 |
# File 'lib/ooh-auth/request_verification_mixin.rb', line 27 def authentication_token @authentication_token ||= OohAuth::Token.first(:token_key=>token) end |
#build_signature ⇒ Object
Creates a signature for this request, returning the final hash required for insertion in a signed URL.
42 43 44 45 46 47 48 49 50 51 52 |
# File 'lib/ooh-auth/request_verification_mixin.rb', line 42 def build_signature sig = case signature_method when "HMAC-SHA1" Base64.encode64(HMAC::SHA1.digest(signature_secret, signature_base_string)).chomp.gsub(/\n/,'') when "HMAC-MD5" Base64.encode64(HMAC::MD5.digest(signature_secret, signature_base_string)).chomp.gsub(/\n/,'') else false end Merb::Parse.escape(sig) end |
#callback ⇒ Object
149 150 151 |
# File 'lib/ooh-auth/request_verification_mixin.rb', line 149 def callback oauth_merged_params[:oauth_callback] end |
#consumer_key ⇒ Object
Returns the oauth_consumer_key from the Authorization header or the GET/POST params, or nil if not present.
124 125 126 |
# File 'lib/ooh-auth/request_verification_mixin.rb', line 124 def consumer_key oauth_merged_params[:oauth_consumer_key] end |
#nonce ⇒ Object
Returns the oauth_nonce from the Authorization header or the GET/POST params, or nil if not present.
145 146 147 |
# File 'lib/ooh-auth/request_verification_mixin.rb', line 145 def nonce oauth_merged_params[:oauth_nonce] end |
#normalise_signature_params ⇒ Object
Returns the signature_params as a normalised string in line with oauth.net/core/1.0#signing_process
78 79 80 |
# File 'lib/ooh-auth/request_verification_mixin.rb', line 78 def normalise_signature_params signature_params.sort.collect{|key, value| "#{key}=#{value}"}.join("&") end |
#oauth_headers ⇒ Object
Returns any given OAuth headers as specified in oauth.net/core/1.0#auth_header as a hash.
89 90 91 |
# File 'lib/ooh-auth/request_verification_mixin.rb', line 89 def oauth_headers @oauth_headers ||= parse_oauth_headers end |
#oauth_merged_params ⇒ Object
Returns the params properly merged with the oauth headers if they were given. OAuth headers take priority if a GET/POST parameter with the same name exists.
84 85 86 |
# File 'lib/ooh-auth/request_verification_mixin.rb', line 84 def oauth_merged_params params.merge(signature_oauth_headers) end |
#oauth_request? ⇒ Boolean
Returns TRUE if the request contains api-flavour parameters. At least an api_token and an api_signature must be present
15 16 17 |
# File 'lib/ooh-auth/request_verification_mixin.rb', line 15 def oauth_request? (consumer_key)? true : false end |
#oauth_version ⇒ Object
Returns the oauth_version from the Authorization header or the GET/POST params, or nil if not present, defaulting to “1.0” if not given.
154 155 156 |
# File 'lib/ooh-auth/request_verification_mixin.rb', line 154 def oauth_version oauth_merged_params[:oauth_version] || "1.0" end |
#parse_oauth_headers ⇒ Object
Parses the given OAuth headers into a hash. See oauth.net/core/1.0#auth_header for parsing method.
101 102 103 104 105 106 107 108 109 110 111 |
# File 'lib/ooh-auth/request_verification_mixin.rb', line 101 def parse_oauth_headers # Pull headers and return blank hash if no header variables found headers = env['AUTHORIZATION']; result = {}; return result unless headers && headers[0,5] == 'OAuth' # Headers found. Go ahead and match 'em headers.split(/,\n*\r*/).each do |param| phrase, key, value = param.match(/([A-Za-z0-9_\s]+)="([^"]+)"/).to_a.map{|v| v.strip} result[(key["OAuth"])? :realm : key.to_sym] = value end result end |
#signature ⇒ Object
Returns the oauth_signature from the Authorization header or the GET/POST params, or nil if not present.
134 135 136 137 |
# File 'lib/ooh-auth/request_verification_mixin.rb', line 134 def signature # FIXME merb keeps mangling this by replacing "+" with "\s" oauth_merged_params[:oauth_signature] end |
#signature_base_string ⇒ Object
Creates a plaintext version of the signature base string ready to be run through any# of the support OAuth signature methods. See oauth.net/core/1.0#signing_process for more information.
57 58 59 |
# File 'lib/ooh-auth/request_verification_mixin.rb', line 57 def signature_base_string "#{method.to_s.upcase}&#{full_uri}&#{normalise_signature_params}" end |
#signature_method ⇒ Object
Returns the requested signature signing mechanism from the auth headers, defaulting to HMAC-SHA1
119 120 121 |
# File 'lib/ooh-auth/request_verification_mixin.rb', line 119 def signature_method oauth_merged_params[:oauth_signature_method] || "HMAC-SHA1" end |
#signature_oauth_headers ⇒ Object
Returns the auth headers for duplicating the request signature, missing the realm variable as defined in oauth.net/core/1.0#signing_process
96 97 98 |
# File 'lib/ooh-auth/request_verification_mixin.rb', line 96 def signature_oauth_headers o = oauth_headers.dup; o.delete(:realm); o end |
#signature_params ⇒ Object
Scrubs route parameters from the known params, returning a hash of known GET and POST parameters. Basically, this returns the parameters needed in the signature key/value gibberish. FIXME unidentified request gremlins seeding params with mix of symbol and string keys, requiring to_s filth all over the match block.
70 71 72 73 74 |
# File 'lib/ooh-auth/request_verification_mixin.rb', line 70 def signature_params route, route_params = Merb::Router.route_for(self) #raise RuntimeError, route_params.inspect return oauth_merged_params.delete_if {|k,v| route_params.keys.map{|s|s.to_s}.include?(k.to_s) or k.to_s == "oauth_signature"} end |
#signature_secret ⇒ Object
Returns the signature secret, which is expected to be the HMAC encryption key for signed requests. If the request refers to a token, the token will be retrieved
63 64 65 |
# File 'lib/ooh-auth/request_verification_mixin.rb', line 63 def signature_secret "#{authenticating_client.secret}&#{authentication_token ? authentication_token.secret : nil}" rescue raise Merb::ControllerExceptions::NotAcceptable end |
#signed? ⇒ Boolean
Attempts to verify the request’s signature using the strategy covered in signing.markdown. Takes one argument, which is the authenticating client you wish to check the signature against. Returns a true on success, false on fail.
34 35 36 37 38 39 |
# File 'lib/ooh-auth/request_verification_mixin.rb', line 34 def signed? # Fail immediately if the request is not signed at all return false unless oauth_request? and authenticating_client # mash and compare with given signature self.signature == build_signature end |
#timestamp ⇒ Object
Returns the oauth_timestamp from the Authorization header or the GET/POST params, or nil if not present.
140 141 142 |
# File 'lib/ooh-auth/request_verification_mixin.rb', line 140 def oauth_merged_params[:oauth_timestamp] end |
#token ⇒ Object
Returns the oauth_token from the Authorization header or the GET/POST params, or nil if not present.
129 130 131 |
# File 'lib/ooh-auth/request_verification_mixin.rb', line 129 def token oauth_merged_params[:oauth_token] end |