pelle / oauth Goto Github PK

View Code? Open in Web Editor NEW

307.0 6.0 86.0 402 KB

OAuth implementation for Ruby. Note official maintained version is now at http://github.com/mojodna/oauth

Home Page: http://oauth.net

License: MIT License

Ruby 100.00%

oauth's Introduction

Ruby OAuth¶ ↑

What¶ ↑

This is a RubyGem for implementing both OAuth clients and servers in Ruby applications.

See the OAuth specs oauth.net/core/1.0/

Installing¶ ↑

sudo gem install oauth

The source code is now hosted on the OAuth GitHub Project github.com/oauth/oauth-ruby

The basics¶ ↑

This is a ruby library which is intended to be used in creating Ruby Consumer and Service Provider applications. It is NOT a Rails plugin, but could easily be used for the foundation for such a Rails plugin.

As a matter of fact it has been pulled out from an OAuth Rails Plugin code.google.com/p/oauth-plugin/ which now requires this GEM.

Demonstration of usage¶ ↑

Create a new consumer instance by passing it a configuration hash:

@consumer = OAuth::Consumer.new("key","secret", :site => "https://agree2")

Start the process by requesting a token

@request_token = @consumer.get_request_token
session[:request_token] = @request_token
redirect_to @request_token.authorize_url

When user returns create an access_token

@access_token = @request_token.get_access_token
@photos = @access_token.get('/photos.xml')

Now that you have an access token, you can use Typhoeus to interact with the OAuth provider if you choose.

oauth_params = {:consumer => oauth_consumer, :token => access_token}
hydra = Typhoeus::Hydra.new
req = Typhoeus::Request.new(uri, options) 
oauth_helper = OAuth::Client::Helper.new(req, oauth_params.merge(:request_uri => uri))
req.headers.merge!({"Authorization" => oauth_helper.header}) # Signs the request
hydra.queue(req)
hydra.run
@response = req.response

More Information¶ ↑

RDoc: rdoc.info/projects/oauth/oauth-ruby/
Mailing List/Google Group: groups.google.com/group/oauth-ruby

How to submit patches¶ ↑

The source code is now hosted on the OAuth GitHub Project github.com/oauth/oauth-ruby

To submit a patch, please fork the oauth project and create a patch with tests. Once you’re happy with it send a pull request and post a message to the google group.

License¶ ↑

This code is free to use under the terms of the MIT license.

Contact¶ ↑

OAuth Ruby has been created and maintained by a large number of talented individuals. The current maintainer is Aaron Quint (quirkey).

Comments are welcome. Send an email to via the OAuth Ruby mailing list groups.google.com/group/oauth-ruby

oauth's People

Contributors

Stargazers

Watchers

Forkers

til jcrosby rwe-zz rwe-zz chrismear mojodna halorgium hchoroomi kellan acrosa technicalpickles moelee ryenski nov raybaxter djtek mpagalan sorah nandayadav krekoten petergabbay bartuer epictetus chromeragnarok corck isotope11 runeb oloed grepruby softestraj techmission ltk xian heybillfinn schiza gandralf clessor liuhuiqian ecoologic joshvar88 hwsyy allcentury ryanharkins gpkc daniel-nelson hhy5277

oauth's Issues

Indicate which parameters have been rejected on oauth failure

When a parameter_rejected error is returned, it would be nice if the error message displayed by the oauth gem would indicate which parameters have been rejected. I believe the modification should be made near this line, which will require hanging on to the request variable passed to the Problem class's initialization function.

Ability to increase Net::HTTP read_timeout

Requests that take a while to return end up timing out waiting for response. This can be problematic if the request takes more than the default timeout.

It would be nice to set a custom read_timeout for the Net::HTTP object created in consumer.rb#create_http

Here are some related resources:
http://www.ruby-doc.org/stdlib-1.9.3/libdoc/net/http/rdoc/Net/HTTP.html#method-i-read_timeout-3D
https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-talk/_byV2ua39fI

It would be handy to be able to do something like this:

@consumer = ::OAuth::Consumer.new(..., ..., { :timeout => 120 })

key generation should use secure random instead of random

Here is the link for that code:
https://github.com/pelle/oauth/blob/master/lib/oauth/helper.rb#l20

We should use SecureRandom for any key generation:
http://ruby-doc.org/stdlib-1.9.3/libdoc/securerandom/rdoc/SecureRandom.html

Documentation confusion

When learning the consumer side of this in IRB, I was confused by the readme code example:

  @access_token = @request_token.get_access_token

where for me it needed to be:

  @access_token = @request_token.get_access_token :oauth_verifier => '[verifier_from_provider_callback]'

Maybe I'm missing something?

Nice work on this, BTW!

Cheers,
Luke

Issue with OAuth and Enterprise Hosting

I found a problem this week when trying the OAuth gem in the new Engine Yard Flex setup, but equally the problem could occur with any setup where the application using load balancing.

In this case I was using OAuth to verify an incoming OAuth signed request from Myspace. The request comes into the webserver and is promptly load balanced and the request forwarded onto another port. We attempt to verify the incoming request by constructing the signature_base_string from the HTTP method, the hostname and port, and the incoming params. Obviously at this point the port is no longer the original port its the port that it has been forwarded on from. Hence it will never verify as the base_string is different to the one constructed from the secret the incoming params, etc.

While I have a workaround for this, I would hope this behaviour could be catered for in some additional config somehow although I have no idea how at this time. I will however create a fork.

Cheers

RobL

parameter normalisation issues

method OAuth::Helper::normalize doesn't correctly handle nested paramters.

Nesting parameters causes problems.

For example the following request has nested device[address], device[name], and device[app_user_id] query parameters.

    Parameters: {"oauth_consumer_key"=>"CONSUMER_KEY", 
                        "oauth_version"=>"1.0", 
                        "oauth_signature_method"=>"HMAC-SHA1",              
                        "oauth_signature"=>"Chcpg3KpWqXhz5gDlq9jjynZ5tA=", 
                        "oauth_timestamp"=>"1287146096", 
                        "oauth_nonce"=>"4319466586287469700", 
                        "oauth_callback"=>"dowser-android-app://callback", 
                        "device"=>{"name"=>"Nexus One", 
                                          "address"=>"0023769CF278"},               
                                          "app_user_id"=>"2066797975"
                        }

This produces the following signature string which has incorrectly handled and sorted the device parameters:

    GET&http%3A%2F%2Fmy.address%2Foauth%2Frequest_token.js&app_user_id%3D2066797975%26device%3D%257B%2522name%2522%253D%253E%2522Nexus%2520One%2522%252C%2520%2522address%2522%253D%253E%25220023769CF278%2522%257D%26oauth_callback%3Ddowser-android-app%253A%252F%252Fcallback%26oauth_consumer_key%3DCONSUMER_KEY%26oauth_nonce%3D4319466586287469700%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1287146096%26oauth_version%3D1.0

The signature string for this set of parameters should be :

    GET&http%3A%2F%2Fmy.address%2Foauth%2Frequest_token.js&app_user_id%3D2066797975%26device%255Baddress%255D%3D0023769CF278%26device%255Bname%255D%3DNexus%2520One%26oauth_callback%3Ddowser-android-app%253A%252F%252Fcallback%26oauth_consumer_key%3DCONSUMER_KEY%26oauth_nonce%3D4877467751290230394%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1287145526%26oauth_version%3D1.0

The following monkey patch fixes the problem for single level hashed parameters:

    module OAuth
      module Helper
        def normalize(params)
          params.sort.map do |k, values|
            if values.is_a?(Array)
              # multiple values were provided for a single key
              values.sort.collect do |v|
                [escape(k),escape(v)] * "="
              end          
            elsif values.is_a?(Hash)
              key = k
              values.sort.collect do |k, v|
                [escape("#{key}[#{k}]"),escape(v)] * "="
              end          
            else
              [escape(k),escape(values)] * "="
            end
          end * "&"
        end
      end
    end

no such file to load -- action_controller/request (LoadError)

I've upgraded to Rails 3 and one of my tests from your oauth_plugin controller isn't working. Doing a bit of digging around the problem appears to be in the oauth gem. I'm using the latest (0.4.3) oauth gem.

This line is in my spec file:

require 'oauth/client/action_controller_request'

Error:

/Users/Steve/.rvm/gems/ree-1.8.7-2010.02@rails3/gems/activesupport-3.0.0/lib/active_support/dependencies.rb:239:in require': no such file to load -- action_controller/request (LoadError) from /Users/Steve/.rvm/gems/ree-1.8.7-2010.02@rails3/gems/activesupport-3.0.0/lib/active_support/dependencies.rb:239:inrequire'
from /Users/Steve/.rvm/gems/ree-1.8.7-2010.02@rails3/gems/activesupport-3.0.0/lib/active_support/dependencies.rb:227:in load_dependency' from /Users/Steve/.rvm/gems/ree-1.8.7-2010.02@rails3/gems/activesupport-3.0.0/lib/active_support/dependencies.rb:239:inrequire'
from /Users/Steve/.rvm/gems/ree-1.8.7-2010.02@rails3/gems/oauth-0.4.3/lib/oauth/request_proxy/action_controller_request.rb:3
from /Users/Steve/.rvm/gems/ree-1.8.7-2010.02@rails3/gems/activesupport-3.0.0/lib/active_support/dependencies.rb:239:in require' from /Users/Steve/.rvm/gems/ree-1.8.7-2010.02@rails3/gems/activesupport-3.0.0/lib/active_support/dependencies.rb:239:inrequire'
from /Users/Steve/.rvm/gems/ree-1.8.7-2010.02@rails3/gems/activesupport-3.0.0/lib/active_support/dependencies.rb:227:in load_dependency' from /Users/Steve/.rvm/gems/ree-1.8.7-2010.02@rails3/gems/activesupport-3.0.0/lib/active_support/dependencies.rb:239:inrequire'
from /Users/Steve/.rvm/gems/ree-1.8.7-2010.02@rails3/gems/oauth-0.4.3/lib/oauth/client/action_controller_request.rb:2
from /Users/Steve/.rvm/gems/ree-1.8.7-2010.02@rails3/gems/activesupport-3.0.0/lib/active_support/dependencies.rb:239:in require' from /Users/Steve/.rvm/gems/ree-1.8.7-2010.02@rails3/gems/activesupport-3.0.0/lib/active_support/dependencies.rb:239:inrequire'
from /Users/Steve/.rvm/gems/ree-1.8.7-2010.02@rails3/gems/activesupport-3.0.0/lib/active_support/dependencies.rb:227:in load_dependency' from /Users/Steve/.rvm/gems/ree-1.8.7-2010.02@rails3/gems/activesupport-3.0.0/lib/active_support/dependencies.rb:239:inrequire'
from /Users/Steve/work/swom/spec/controllers/oauth_clients_controller_spec.rb:3
from /Users/Steve/.rvm/gems/ree-1.8.7-2010.02@rails3/gems/activesupport-3.0.0/lib/active_support/dependencies.rb:235:in load' from /Users/Steve/.rvm/gems/ree-1.8.7-2010.02@rails3/gems/activesupport-3.0.0/lib/active_support/dependencies.rb:235:inload'
from /Users/Steve/.rvm/gems/ree-1.8.7-2010.02@rails3/gems/activesupport-3.0.0/lib/active_support/dependencies.rb:227:in load_dependency' from /Users/Steve/.rvm/gems/ree-1.8.7-2010.02@rails3/gems/activesupport-3.0.0/lib/active_support/dependencies.rb:235:inload'
from /Users/Steve/.rvm/gems/ree-1.8.7-2010.02@rails3/gems/rspec-core-2.0.0.beta.20/lib/rspec/core/configuration.rb:302:in load_spec_files' from /Users/Steve/.rvm/gems/ree-1.8.7-2010.02@rails3/gems/rspec-core-2.0.0.beta.20/lib/rspec/core/configuration.rb:302:inmap'
from /Users/Steve/.rvm/gems/ree-1.8.7-2010.02@rails3/gems/rspec-core-2.0.0.beta.20/lib/rspec/core/configuration.rb:302:in load_spec_files' from /Users/Steve/.rvm/gems/ree-1.8.7-2010.02@rails3/gems/rspec-core-2.0.0.beta.20/lib/rspec/core/command_line.rb:18:inrun'
from /Users/Steve/.rvm/gems/ree-1.8.7-2010.02@rails3/gems/rspec-core-2.0.0.beta.20/lib/rspec/core/runner.rb:46:in run_in_process' from /Users/Steve/.rvm/gems/ree-1.8.7-2010.02@rails3/gems/rspec-core-2.0.0.beta.20/lib/rspec/core/runner.rb:37:inrun'
from /Users/Steve/.rvm/gems/ree-1.8.7-2010.02@rails3/gems/rspec-core-2.0.0.beta.20/lib/rspec/core/runner.rb:10:in `autorun'
from /Users/Steve/.rvm/gems/ree-1.8.7-2010.02@rails3/bin/rspec:19

Steve

Add json serialization support

eg:

OAuth::RequestToken.class_eval do
def to_json(*a)

puts 'to_json called in RequestToken'

    {
            'json_class'   => self.class.name,
            'data'         => instance_values
    }.to_json(*a)
end

end

OAuth::RequestToken.instance_eval do

def json_create(o)
    consumer = OAuth::Consumer.new(o['data']['consumer']['key'], o['data']['consumer']['secret'], o['data']['consumer']['options'])
    OAuth::RequestToken.from_hash(consumer, o['data']['params'].update({:oauth_token=>o['data']['params']['oauth_token'], :oauth_token_secret=>o['data']['params']['oauth_token_secret']}))
end

end

OAuth::AccessToken.class_eval do
def to_json(*a)

puts 'to_json called in RequestToken'

    {
            'json_class'   => self.class.name,
            'data'         => instance_values
    }.to_json(*a)
end

end

OAuth::AccessToken.instance_eval do

def json_create(o)
    consumer = OAuth::Consumer.new(o['data']['consumer']['key'], o['data']['consumer']['secret'], o['data']['consumer']['options'])
    OAuth::AccessToken.from_hash(consumer, o['data']['params'].update({:oauth_token=>o['data']['params']['oauth_token'], :oauth_token_secret=>o['data']['params']['oauth_token_secret']}))
end

end

Multipart FILE

How can we upload files using oauth ?

response = access_token.post("/foo",
{:file => '/bla/aaa' }, { 'Content-Type' => 'multipart/form-data'})

is not doing the trick

The signature is incorrectly calculated for Curb Requests

https://github.com/pelle/oauth/blob/master/lib/oauth/request_proxy/curb_request.rb#L18 contains

    def method
      nil
    end

And the method method (:)) is used in the signature calculating method. I monkey patched it to

OAuth::RequestProxy::Curl::Easy.class_eval do
  def method
    options[:method].to_s.upcase
  end
end

I'm not sure what's the proper solution is, but right now without the monkey patch the remote server throws the signature invalid error. I can provide the patch, but it's kinda trivial to make anyway.

Cheers.

Rails 3.1 (ouath gem not working)

Rails 3.1 and ouath are not working. I get this error in the console

WARNING: Can't verify CSRF token authenticity

Brian.

pelle / oauth Goto Github PK

oauth's Introduction

Ruby OAuth¶ ↑

What¶ ↑

Installing¶ ↑

The basics¶ ↑

Demonstration of usage¶ ↑

More Information¶ ↑

How to submit patches¶ ↑

License¶ ↑

Contact¶ ↑

oauth's People

Contributors

Stargazers

Watchers

Forkers

oauth's Issues

Nesting parameters causes problems.

puts 'to_json called in RequestToken'

puts 'to_json called in RequestToken'

Recommend Projects

Recommend Topics

Recommend Org