Class: OAuth::OAuthProxy::OAuthRequest

Inherits:

RequestProxy::Base

• Object
• RequestProxy::Base
• OAuth::OAuthProxy::OAuthRequest

Defined in:

lib/lti2_commons/lib/lti2_commons/oauth_request.rb

Instance Attribute Summary

• #accept ⇒ Object

  Returns the value of attribute accept.

• #body ⇒ Object

  Returns the value of attribute body.

• #content_type ⇒ Object

  Returns the value of attribute content_type.

Class Method Summary

• .collect_rack_parameters(rack_request) ⇒ Object
• .create_from_rack_request(rack_request) ⇒ Object
• .parse_authorization_header(authorization_header) ⇒ Object

Instance Method Summary

• #compute_oauth_body_hash(content) ⇒ String

  Creates the value of an OAuth body hash.

• #copy ⇒ Object

  A shallow+1 copy.

• #final_uri ⇒ Object
• #is_timestamp_expired?(timestampString) ⇒ Boolean
• #log(msg) ⇒ Object
• #method ⇒ Object
• #normalized_uri ⇒ Object
• #parameters ⇒ Object
• #uri ⇒ Object
• #verify_signature?(secret, nonce_cache, is_handle_error_not_raise_exception = true, ignore_timestamp_and_nonce = false) ⇒ Bool

  Validates an OAuth request using the OAuth Gem - github.com/oauth/oauth-ruby.

• #verify_signature_always?(secret, nonce_cache, is_handle_error_not_raise_exception = true, ignore_timestamp_and_nonce = false) ⇒ Bool

  Runs validation logic but always returns true.

Instance Attribute Details

#accept ⇒ Object

Returns the value of attribute accept.

# File 'lib/lti2_commons/lib/lti2_commons/oauth_request.rb', line 30

def accept
  @accept
end

#body ⇒ Object

Returns the value of attribute body.

# File 'lib/lti2_commons/lib/lti2_commons/oauth_request.rb', line 30

def body
  @body
end

#content_type ⇒ Object

Returns the value of attribute content_type.

# File 'lib/lti2_commons/lib/lti2_commons/oauth_request.rb', line 30

def content_type
  @content_type
end

Class Method Details

.collect_rack_parameters(rack_request) ⇒ Object

# File 'lib/lti2_commons/lib/lti2_commons/oauth_request.rb', line 32

def self.collect_rack_parameters(rack_request)
  parameters = HashWithIndifferentAccess.new
  parameters.merge!(rack_request.query_parameters)
  parameters.merge!(self.parse_authorization_header(rack_request.headers['HTTP_AUTHORIZATION']))
  @content_type = rack_request.headers['CONTENT_TYPE']
  @accept = rack_request.headers['ACCEPT']
  if @content_type == 'application/x-www-form-urlencoded'
    parameters.merge!(rack_request.request_parameters)
  end
  parameters
end

.create_from_rack_request(rack_request) ⇒ Object

# File 'lib/lti2_commons/lib/lti2_commons/oauth_request.rb', line 44

def self.create_from_rack_request(rack_request)
  parameters = self.collect_rack_parameters(rack_request)
  result = OAuth::OAuthProxy::OAuthRequest.new(
    'method' => rack_request.method,
    'uri' => rack_request.url,
    'parameters' => parameters
  )
  rack_request.body.rewind
  result.body = rack_request.body.read
  rack_request.body.rewind
  result
end

.parse_authorization_header(authorization_header) ⇒ Object

# File 'lib/lti2_commons/lib/lti2_commons/oauth_request.rb', line 57

def self.parse_authorization_header(authorization_header)
  result = {}
  if authorization_header =~ /^OAuth/
    authorization_header[6..-1].split(',').inject({}) do |_h, part|
      parts = part.split('=')
      name = parts[0].strip.intern
      value = parts[1..-1].join('=').strip
      value.gsub!(/\A['"]+|['"]+\Z/, '')
      result[name] = Rack::Utils.unescape(value) unless name == :realm
    end
  end
  Rails.logger.info "AuthHdr_Parms: #{result.inspect}"
  result
end

Instance Method Details

#compute_oauth_body_hash(content) ⇒ String

Creates the value of an OAuth body hash

Parameters:

• launch_url (String) —

  Content to be body signed

Returns:

• (String) —

  Signature base string (useful for debugging signature problems)

# File 'lib/lti2_commons/lib/lti2_commons/oauth_request.rb', line 105

def compute_oauth_body_hash(content)
  Base64.encode64(Digest::SHA1.digest(content.chomp)).gsub(/\n/, '')
end

#copy ⇒ Object

A shallow+1 copy

# File 'lib/lti2_commons/lib/lti2_commons/oauth_request.rb', line 111

def copy
  result = OAuth::OAuthProxy::OAuthRequest.new(
    'method' => self.method.dup,
    'uri' => self.uri.dup,
    'parameters' => self.parameters.dup
  )
  result.body = self.body.dup if self.body
  result
end

#final_uri ⇒ Object

# File 'lib/lti2_commons/lib/lti2_commons/oauth_request.rb', line 72

def final_uri
  @request['final_uri']
end

#is_timestamp_expired?(timestampString) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/lti2_commons/lib/lti2_commons/oauth_request.rb', line 121

def is_timestamp_expired?(timestampString)
  timestamp = Time.at(timestampString.to_i)
  now = Time.now
  (now - timestamp).abs > CLOCK_SKEW_ALLOWANCE_IN_SECS
end

#log(msg) ⇒ Object

# File 'lib/lti2_commons/lib/lti2_commons/oauth_request.rb', line 76

def log(msg)
  Rails.logger.info(msg)
end

#method ⇒ Object

# File 'lib/lti2_commons/lib/lti2_commons/oauth_request.rb', line 84

def method
  @request['method']
end

#normalized_uri ⇒ Object

# File 'lib/lti2_commons/lib/lti2_commons/oauth_request.rb', line 88

def normalized_uri
  super
rescue
  # if this is a non-standard URI, it may not parse properly
  # in that case, assume that it's already been normalized
  uri
end

#parameters ⇒ Object

# File 'lib/lti2_commons/lib/lti2_commons/oauth_request.rb', line 80

def parameters
  @request['parameters']
end

#uri ⇒ Object

# File 'lib/lti2_commons/lib/lti2_commons/oauth_request.rb', line 96

def uri
  @request['uri']
end

#verify_signature?(secret, nonce_cache, is_handle_error_not_raise_exception = true, ignore_timestamp_and_nonce = false) ⇒ Bool

Validates an OAuth request using the OAuth Gem - github.com/oauth/oauth-ruby

Returns:

• (Bool) —

  Whether the request was valid

# File 'lib/lti2_commons/lib/lti2_commons/oauth_request.rb', line 130

def verify_signature?(secret, nonce_cache, is_handle_error_not_raise_exception = true, ignore_timestamp_and_nonce = false)
  log 'in verify_signature'
  test_request = self.copy
  test_signature = test_request.sign(consumer_secret: secret)
  # log "DEBUG: signed"
  begin
    unless self.oauth_signature == test_signature
      log "Secret: #{secret}"
      log "Verify_signature--send_signature: #{self.oauth_signature}  test_signature: #{test_signature}"
      log "Verify signature_base_string: #{self.signature_base_string}"
      fail 'Invalid signature'
    end
    unless ignore_timestamp_and_nonce
      fail 'Timestamp expired' if is_timestamp_expired? self.oauth_timestamp
      fail 'Duplicate nonce to one already received' if nonce_cache.fetch(self.oauth_nonce)
    end
    nonce_cache.store(self.oauth_nonce, '<who-cares>')

    # check body-signing if oauth_body_signature
    if self.body && self.parameters.key?('oauth_body_hash')
      fail 'Invalid signature of message body' unless compute_oauth_body_hash(self.body) == self.parameters['oauth_body_hash']
    end
    [true, test_request.signature_base_string]
  rescue Exception => e
    log(e.message)
    if is_handle_error_not_raise_exception
      [false, test_request.signature_base_string]
    else
      raise e.message
    end
  end
end

#verify_signature_always?(secret, nonce_cache, is_handle_error_not_raise_exception = true, ignore_timestamp_and_nonce = false) ⇒ Bool

Runs validation logic but always returns true

Returns:

• (Bool) —

  Whether the request was valid

# File 'lib/lti2_commons/lib/lti2_commons/oauth_request.rb', line 167

def verify_signature_always?(secret, nonce_cache, is_handle_error_not_raise_exception = true,
    ignore_timestamp_and_nonce = false)
  test_request = self.copy
  test_signature = test_request.sign(consumer_secret: secret)
  log "TC Signature: #{test_signature}"
  log "TP Signature: #{self.oauth_signature}"
  log "Signature_Base_String: #{test_request.signature_base_string}"
  # log "Authorization_Header: #{request.headers['Authorization']}"
  [self.oauth_signature == test_signature, test_request.signature_base_string]
end