Class: OAuth::OAuthProxy::OAuthRequest

Inherits:
RequestProxy::Base
  • Object
show all
Defined in:
lib/lti2_commons/oauth_request.rb

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Instance Attribute Details

#acceptObject

Returns the value of attribute accept.



26
27
28
 
# File 'lib/lti2_commons/oauth_request.rb', line 26

def accept
  @accept
end

#bodyObject

Returns the value of attribute body.



26
27
28
 
# File 'lib/lti2_commons/oauth_request.rb', line 26

def body
  @body
end

#content_typeObject

Returns the value of attribute content_type.



26
27
28
 
# File 'lib/lti2_commons/oauth_request.rb', line 26

def content_type
  @content_type
end

Class Method Details

.collect_rack_parameters(rack_request) ⇒ Object 



28
29
30
31
32
33
34
35
36
37
38
 
# File 'lib/lti2_commons/oauth_request.rb', line 28

def self.collect_rack_parameters(rack_request)
  parameters = HashWithIndifferentAccess.new
  parameters.merge!(rack_request.query_parameters)
  parameters.merge!(self.parse_authorization_header(rack_request.headers['HTTP_AUTHORIZATION']))
  content_type = rack_request.headers['CONTENT_TYPE']
  accept = rack_request.headers['ACCEPT']
  if content_type == "application/x-www-form-urlencoded"
    parameters.merge!(rack_request.request_parameters)
  end
  parameters
end

.create_from_rack_request(rack_request) ⇒ Object 



40
41
42
43
44
45
46
47
48
49
50
 
# File 'lib/lti2_commons/oauth_request.rb', line 40

def self.create_from_rack_request(rack_request)
  parameters = self.collect_rack_parameters rack_request
  result = OAuth::OAuthProxy::OAuthRequest.new \
    "method" => rack_request.method,
    "uri" => rack_request.url, 
    "parameters" => parameters
  rack_request.body.rewind
  result.body = rack_request.body.read
  rack_request.body.rewind
  result
end

.parse_authorization_header(authorization_header) ⇒ Object 



52
53
54
55
56
57
58
59
60
61
62
63
64
 
# File 'lib/lti2_commons/oauth_request.rb', line 52

def self.parse_authorization_header(authorization_header)
  result = {}
  if authorization_header =~ /^OAuth/
    authorization_header[6..-1].split(',').inject({}) do |h,part|
      parts = part.split('=')
      name = parts[0].strip.intern
      value = parts[1..-1].join('=').strip
      value.gsub!(/\A['"]+|['"]+\Z/, "")
      result[name] = Rack::Utils.unescape(value)
    end
  end
  result
end

Instance Method Details

#compute_oauth_body_hash(content) ⇒ String

Creates the value of an OAuth body hash

Parameters:

  • launch_url (String)

    Content to be body signed

Returns:

  • (String)

    Signature base string (useful for debugging signature problems)



90
91
92
 
# File 'lib/lti2_commons/oauth_request.rb', line 90

def compute_oauth_body_hash content
  Base64.encode64(Digest::SHA1.digest content.chomp).gsub(/\n/,'')      
end

#copyObject

A shallow+1 copy



95
96
97
98
99
100
101
102
 
# File 'lib/lti2_commons/oauth_request.rb', line 95

def copy
  result = OAuth::OAuthProxy::OAuthRequest.new \
    "method" => self.method.dup,
    "uri" => self.uri.dup, 
    "parameters" => self.parameters.dup
  result.body = self.body.dup if self.body
  result
end

#is_timestamp_expired?(timestampString) ⇒ Boolean

Returns:

  • (Boolean) 


104
105
106
107
108
 
# File 'lib/lti2_commons/oauth_request.rb', line 104

def is_timestamp_expired?(timestampString)
  timestamp = Time.at(timestampString.to_i)
  now = Time::now
  (now - timestamp).abs > 300.seconds
end

#methodObject 



70
71
72
 
# File 'lib/lti2_commons/oauth_request.rb', line 70

def method
  @request["method"]
end

#normalized_uriObject 



74
75
76
77
78
79
80
 
# File 'lib/lti2_commons/oauth_request.rb', line 74

def normalized_uri
  super
rescue
  # if this is a non-standard URI, it may not parse properly
  # in that case, assume that it's already been normalized
  uri
end

#parametersObject 



66
67
68
 
# File 'lib/lti2_commons/oauth_request.rb', line 66

def parameters
  @request["parameters"]
end

#uriObject 



82
83
84
 
# File 'lib/lti2_commons/oauth_request.rb', line 82

def uri
  @request["uri"]
end

#verify_signature?(secret, nonce_cache, is_handle_error_not_raise_exception = true, ignore_timestamp_and_nonce = false) ⇒ Bool

Validates and OAuth request using the OAuth Gem - github.com/oauth/oauth-ruby

Returns:

  • (Bool)

    Whether the request was valid



113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
 
# File 'lib/lti2_commons/oauth_request.rb', line 113

def verify_signature?(secret, nonce_cache, is_handle_error_not_raise_exception=true, ignore_timestamp_and_nonce=false)
  test_request = self.copy
  test_signature = test_request.sign :consumer_secret => secret
  begin
    unless self.oauth_signature == test_signature
      # puts "Secret: #{secret}"
      puts "Verify_signature--send_signature: #{self.oauth_signature}  test_signature: #{test_signature}"
      puts "Verify signature_base_string: #{self.signature_base_string}"
      raise 'Invalid signature'
    end
    unless ignore_timestamp_and_nonce
      raise 'Timestamp expired' if is_timestamp_expired? self.oauth_timestamp
      raise 'Duplicate nonce to one already received' if nonce_cache.fetch self.oauth_nonce
    end
    nonce_cache.store self.oauth_nonce, "<who-cares>"
    
    # check body-signing if oaut_body_signature
    if self.body and self.parameters.has_key? 'oauth_body_hash'
      raise 'Invalid signature of message body' unless compute_oauth_body_hash(self.body) == self.parameters['oauth_body_hash']
    end
    true
  rescue Exception => e
    # Utils::log(e.message)
    if is_handle_error_not_raise_exception
      false
    else
      raise e.message
    end
  end
end