Module: OoAuth
- Defined in:
- lib/oo_auth.rb,
lib/oo_auth/nonce.rb,
lib/oo_auth/version.rb,
lib/oo_auth/constants.rb,
lib/oo_auth/signature.rb,
lib/oo_auth/credentials.rb,
lib/oo_auth/request_proxy.rb,
lib/oo_auth/nonce/redis_store.rb,
lib/oo_auth/configuration_error.rb,
lib/oo_auth/nonce/abstract_store.rb
Defined Under Namespace
Modules: Signature Classes: ConfigurationError, Credentials, Nonce, RequestProxy
Constant Summary collapse
- VERSION =
'0.1.0'
- OUT_OF_BAND =
request tokens are passed between the consumer and the provider out of band (i.e. callbacks cannot be used), per section 6.1.1
'oob'
- PARAMETERS =
FIXME: ordering required parameters, per sections 6.1.1, 6.3.1, and 7
%w(oauth_callback oauth_consumer_key oauth_token oauth_signature_method oauth_timestamp oauth_nonce oauth_verifier oauth_version oauth_signature oauth_body_hash)
- RESERVED_CHARACTERS =
reserved character regexp, per section 5.1
/[^a-zA-Z0-9\-\.\_\~]/
- SIGNATURE_METHOD =
OoAuth only supports HMAC-SHA1
'HMAC-SHA1'
- MAX_TIMESTAMP_DEVIATION =
5 * 60
Class Attribute Summary collapse
-
.authorization_store ⇒ Object
Define a lookup method for access token verification It should be callable (proc) or provide an
authorization
method, with the argument being the consumer key and token. -
.nonce_store ⇒ Object
Initialize with instance of store OoAuth.nonce_store = OoAuth::Nonce::RedisStore.new(namespace: ‘foo’).
Class Method Summary collapse
- .authorization(consumer_key, token) ⇒ Object
-
.authorize!(*args) ⇒ Object
Use this in your controllers to verify the OAuth signature of a request.
-
.encode(*components) ⇒ Object
cf.
-
.escape(value) ⇒ Object
Escape
value
by URL encoding all non-reserved character. -
.generate_key(size = 32) ⇒ Object
(also: generate_nonce)
Generate a random key of up to
size
bytes. -
.sign!(*args) ⇒ Object
Use this to sign Net::HTTP or ActionDispatch requests.
-
.timestamp ⇒ Object
Current UTC timestamp.
- .unescape(value) ⇒ Object
Class Attribute Details
.authorization_store ⇒ Object
Define a lookup method for access token verification It should be callable (proc) or provide an authorization
method, with the argument being the consumer key and token. The proc or method call should return
-
if the consumer key/token combination exists: an object which responding to
credentials
with an initialized instance of OoAuth::Credentials -
nil otherwise.
32 33 34 |
# File 'lib/oo_auth.rb', line 32 def @authorization_store end |
.nonce_store ⇒ Object
Initialize with instance of store OoAuth.nonce_store = OoAuth::Nonce::RedisStore.new(namespace: ‘foo’)
20 21 22 |
# File 'lib/oo_auth.rb', line 20 def nonce_store @nonce_store end |
Class Method Details
.authorization(consumer_key, token) ⇒ Object
66 67 68 69 70 71 72 73 74 |
# File 'lib/oo_auth.rb', line 66 def (consumer_key, token) if .respond_to?(:call) .call(consumer_key, token) elsif .respond_to?(:authorization) .(consumer_key, token) else fail ConfigurationError, 'authorization store not callable' end end |
.authorize!(*args) ⇒ Object
Use this in your controllers to verify the OAuth signature of a request.
85 86 87 88 89 90 |
# File 'lib/oo_auth.rb', line 85 def (*args) proxy = RequestProxy.new(*args) return unless = self.(proxy.consumer_key, proxy.token) return unless Signature.verify!(proxy, .credentials) end |
.encode(*components) ⇒ Object
57 58 59 |
# File 'lib/oo_auth.rb', line 57 def encode(*components) components.map { |component| OoAuth.escape(component) }.join('&') end |
.escape(value) ⇒ Object
Escape value
by URL encoding all non-reserved character.
See Also: OAuth core spec version 1.0, section 5.1
45 46 47 48 49 |
# File 'lib/oo_auth.rb', line 45 def escape(value) URI.escape(value.to_s, RESERVED_CHARACTERS) rescue ArgumentError URI.escape(value.to_s.force_encoding(Encoding::UTF_8), RESERVED_CHARACTERS) end |
.generate_key(size = 32) ⇒ Object Also known as: generate_nonce
Generate a random key of up to size
bytes. The value returned is Base64 encoded with non-word characters removed.
36 37 38 |
# File 'lib/oo_auth.rb', line 36 def generate_key(size = 32) Base64.encode64(OpenSSL::Random.random_bytes(size)).gsub(/\W/, '') end |
.sign!(*args) ⇒ Object
Use this to sign Net::HTTP or ActionDispatch requests
77 78 79 80 81 |
# File 'lib/oo_auth.rb', line 77 def sign!(*args) credentials = args.pop proxy = RequestProxy.new(*args) Signature.sign!(proxy, credentials) end |
.timestamp ⇒ Object
Current UTC timestamp
62 63 64 |
# File 'lib/oo_auth.rb', line 62 def Time.now.utc.to_i end |
.unescape(value) ⇒ Object
51 52 53 |
# File 'lib/oo_auth.rb', line 51 def unescape(value) URI.unescape(value.gsub('+', '%2B')) end |