Class: OAuth::Consumer

Inherits:

Object

• Object
• OAuth::Consumer

Defined in:

lib/oauth/consumer.rb

Constant Summary

CA_FILES =

determine the certificate authority path to verify SSL certs

%w(/etc/ssl/certs/ca-certificates.crt /usr/share/curl/curl-ca-bundle.crt)

CA_FILE =

nil

@@default_options =

{
  # Signature method used by server. Defaults to HMAC-SHA1
  :signature_method   => 'HMAC-SHA1',
   # default paths on site. These are the same as the defaults set up by the generators
  :request_token_path => '/oauth/request_token',
  :authorize_path     => '/oauth/authorize',
  :access_token_path  => '/oauth/access_token',
   # How do we send the oauth values to the server see
  # http://oauth.net/core/1.0/#consumer_req_param for more info
  #
  # Possible values:
  #
  #   :header - via the Authorize header (Default) ( option 1. in spec)
  #   :body - url form encoded in body of POST request ( option 2. in spec)
  #   :query_string - via the query part of the url ( option 3. in spec)
  :scheme        => :header,
   # Default http method used for OAuth Token Requests (defaults to :post)
  :http_method   => :post,
   :oauth_version => "1.0"
}

Instance Attribute Summary

• #http ⇒ Object

  The HTTP object for the site.

• #key ⇒ Object

  Returns the value of attribute key.

• #options ⇒ Object

  Returns the value of attribute options.

• #secret ⇒ Object

  Returns the value of attribute secret.

• #site ⇒ Object

Instance Method Summary

• #access_token_path ⇒ Object
• #access_token_url ⇒ Object
• #access_token_url? ⇒ Boolean
• #authorize_path ⇒ Object
• #authorize_url ⇒ Object
• #authorize_url? ⇒ Boolean
• #create_signed_request(http_method, path, token = nil, request_options = {}, *arguments) ⇒ Object

  Creates and signs an http request.

• #get_access_token(request_token, request_options = {}, *arguments) ⇒ Object
• #get_request_token(request_options = {}, *arguments) ⇒ Object

  Makes a request to the service for a new OAuth::RequestToken.

• #http_method ⇒ Object

  The default http method.

• #initialize(consumer_key, consumer_secret, options = {}) ⇒ Consumer constructor

  Create a new consumer instance by passing it a configuration hash:.

• #request(http_method, path, token = nil, request_options = {}, *arguments) ⇒ Object

  Creates, signs and performs an http request.

• #request_token_path ⇒ Object
• #request_token_url ⇒ Object

  TODO this is ugly, rewrite.

• #request_token_url? ⇒ Boolean
• #scheme ⇒ Object
• #sign!(request, token = nil, request_options = {}) ⇒ Object

  Sign the Request object.

• #signature_base_string(request, token = nil, request_options = {}) ⇒ Object

  Return the signature_base_string.

• #token_request(http_method, path, token = nil, request_options = {}, *arguments) ⇒ Object

  Creates a request and parses the result as url_encoded.

• #uri(custom_uri = nil) ⇒ Object

  Contains the root URI for this site.

Constructor Details

#initialize(consumer_key, consumer_secret, options = {}) ⇒ Consumer

Create a new consumer instance by passing it a configuration hash:

@consumer = OAuth::Consumer.new(key, secret, {
  :site               => "http://term.ie",
  :scheme             => :header,
  :http_method        => :post,
  :request_token_path => "/oauth/example/request_token.php",
  :access_token_path  => "/oauth/example/access_token.php",
  :authorize_path     => "/oauth/example/authorize.php"
 })

Start the process by requesting a token

@request_token = @consumer.get_request_token
session[:request_token] = @request_token
redirect_to @request_token.authorize_url

When user returns create an access_token

@access_token = @request_token.get_access_token
@photos=@access_token.get('/photos.xml')

# File 'lib/oauth/consumer.rb', line 69

def initialize(consumer_key, consumer_secret, options = {})
  @key    = consumer_key
  @secret = consumer_secret

  # ensure that keys are symbols
  @options = @@default_options.merge(options.inject({}) { |options, (key, value)|
    options[key.to_sym] = value
    options
  })
end

Instance Attribute Details

#http ⇒ Object

The HTTP object for the site. The HTTP Object is what you get when you do Net::HTTP.new

# File 'lib/oauth/consumer.rb', line 86

def http
  @http ||= create_http
end

#key ⇒ Object

Returns the value of attribute key.

# File 'lib/oauth/consumer.rb', line 44

def key
  @key
end

#options ⇒ Object

Returns the value of attribute options.

# File 'lib/oauth/consumer.rb', line 44

def options
  @options
end

#secret ⇒ Object

Returns the value of attribute secret.

# File 'lib/oauth/consumer.rb', line 44

def secret
  @secret
end

#site ⇒ Object

# File 'lib/oauth/consumer.rb', line 212

def site
  @options[:site].to_s
end

Instance Method Details

#access_token_path ⇒ Object

# File 'lib/oauth/consumer.rb', line 228

def access_token_path
  @options[:access_token_path]
end

#access_token_url ⇒ Object

# File 'lib/oauth/consumer.rb', line 249

def access_token_url
  @options[:access_token_url] || site + access_token_path
end

#access_token_url? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/oauth/consumer.rb', line 253

def access_token_url?
  @options.has_key?(:access_token_url)
end

#authorize_path ⇒ Object

# File 'lib/oauth/consumer.rb', line 224

def authorize_path
  @options[:authorize_path]
end

#authorize_url ⇒ Object

# File 'lib/oauth/consumer.rb', line 241

def authorize_url
  @options[:authorize_url] || site + authorize_path
end

#authorize_url? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/oauth/consumer.rb', line 245

def authorize_url?
  @options.has_key?(:authorize_url)
end

#create_signed_request(http_method, path, token = nil, request_options = {}, *arguments) ⇒ Object

Creates and signs an http request. It’s recommended to use the Token classes to set this up correctly

# File 'lib/oauth/consumer.rb', line 171

def create_signed_request(http_method, path, token = nil, request_options = {}, *arguments)
  request = create_http_request(http_method, path, *arguments)
  sign!(request, token, request_options)
  request
end

#get_access_token(request_token, request_options = {}, *arguments) ⇒ Object

# File 'lib/oauth/consumer.rb', line 100

def get_access_token(request_token, request_options = {}, *arguments)
  response = token_request(http_method, (access_token_url? ? access_token_url : access_token_path), request_token, request_options, *arguments)
  OAuth::AccessToken.from_hash(self, response)
end

#get_request_token(request_options = {}, *arguments) ⇒ Object

Makes a request to the service for a new OAuth::RequestToken

@request_token = @consumer.get_request_token

To include OAuth parameters:

@request_token = @consumer.get_request_token \
  :oauth_callback => "http://example.com/cb"

To include application-specific parameters:

@request_token = @consumer.get_request_token({}, :foo => "bar")

TODO oauth_callback should be a mandatory parameter

# File 'lib/oauth/consumer.rb', line 119

def get_request_token(request_options = {}, *arguments)
  # if oauth_callback wasn't provided, it is assumed that oauth_verifiers
  # will be exchanged out of band
  request_options[:oauth_callback] ||= OAuth::OUT_OF_BAND

  response = token_request(http_method, (request_token_url? ? request_token_url : request_token_path), nil, request_options, *arguments)
  OAuth::RequestToken.from_hash(self, response)
end

#http_method ⇒ Object

The default http method

# File 'lib/oauth/consumer.rb', line 81

def http_method
  @http_method ||= @options[:http_method] || :post
end

#request(http_method, path, token = nil, request_options = {}, *arguments) ⇒ Object

Creates, signs and performs an http request. It’s recommended to use the OAuth::Token classes to set this up correctly. request_options take precedence over consumer-wide options when signing

a request.

arguments are POST and PUT bodies (a Hash, string-encoded parameters, or

absent), followed by additional HTTP headers.

@consumer.request(:get,  '/people', @token, { :scheme => :query_string })
@consumer.request(:post, '/people', @token, {}, @person.to_xml, { 'Content-Type' => 'application/xml' })

# File 'lib/oauth/consumer.rb', line 138

def request(http_method, path, token = nil, request_options = {}, *arguments)
  if path !~ /^\//
    @http = create_http(path)
    _uri = URI.parse(path)
    path = "#{_uri.path}#{_uri.query ? "?#{_uri.query}" : ""}"
  end

  rsp = http.request(create_signed_request(http_method, path, token, request_options, *arguments))

  # check for an error reported by the Problem Reporting extension
  # (http://wiki.oauth.net/ProblemReporting)
  # note: a 200 may actually be an error; check for an oauth_problem key to be sure
  if !(headers = rsp.to_hash["www-authenticate"]).nil? &&
    (h = headers.select { |h| h =~ /^OAuth / }).any? &&
    h.first =~ /oauth_problem/

    # puts "Header: #{h.first}"

    # TODO doesn't handle broken responses from api.login.yahoo.com
    # remove debug code when done
    params = OAuth::Helper.parse_header(h.first)

    # puts "Params: #{params.inspect}"
    # puts "Body: #{rsp.body}"

    raise OAuth::Problem.new(params.delete("oauth_problem"), rsp, params)
  end

  rsp
end

#request_token_path ⇒ Object

# File 'lib/oauth/consumer.rb', line 220

def request_token_path
  @options[:request_token_path]
end

#request_token_url ⇒ Object

TODO this is ugly, rewrite

# File 'lib/oauth/consumer.rb', line 233

def request_token_url
  @options[:request_token_url] || site + request_token_path
end

#request_token_url? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/oauth/consumer.rb', line 237

def request_token_url?
  @options.has_key?(:request_token_url)
end

#scheme ⇒ Object

# File 'lib/oauth/consumer.rb', line 216

def scheme
  @options[:scheme]
end

#sign!(request, token = nil, request_options = {}) ⇒ Object

Sign the Request object. Use this if you have an externally generated http request object you want to sign.

# File 'lib/oauth/consumer.rb', line 203

def sign!(request, token = nil, request_options = {})
  request.oauth!(http, self, token, options.merge(request_options))
end

#signature_base_string(request, token = nil, request_options = {}) ⇒ Object

Return the signature_base_string

# File 'lib/oauth/consumer.rb', line 208

def signature_base_string(request, token = nil, request_options = {})
  request.signature_base_string(http, self, token, options.merge(request_options))
end

#token_request(http_method, path, token = nil, request_options = {}, *arguments) ⇒ Object

Creates a request and parses the result as url_encoded. This is used internally for the RequestToken and AccessToken requests.

# File 'lib/oauth/consumer.rb', line 178

def token_request(http_method, path, token = nil, request_options = {}, *arguments)
  response = request(http_method, path, token, request_options, *arguments)

  case response.code.to_i

  when (200..299)
    # symbolize keys
    # TODO this could be considered unexpected behavior; symbols or not?
    # TODO this also drops subsequent values from multi-valued keys
    CGI.parse(response.body).inject({}) do |h,(k,v)|
      h[k.to_sym] = v.first
      h[k]        = v.first
      h
    end
  when (300..399)
    # this is a redirect
    response.error!
  when (400..499)
    raise OAuth::Unauthorized, response
  else
    response.error!
  end
end

#uri(custom_uri = nil) ⇒ Object

Contains the root URI for this site

# File 'lib/oauth/consumer.rb', line 91

def uri(custom_uri = nil)
  if custom_uri
    @uri  = custom_uri
    @http = create_http # yike, oh well. less intrusive this way
  else  # if no custom passed, we use existing, which, if unset, is set to site uri
    @uri ||= URI.parse(site)
  end
end