Class: OAuth::Consumer

Inherits:

Object

• Object
• OAuth::Consumer

Defined in:

lib/oauth/consumer.rb

Constant Summary

CA_FILE =

nil

@@default_options =

SnakyHash::SymbolKeyed.new(
  {
    # Signature method used by server. Defaults to HMAC-SHA1
    signature_method: "HMAC-SHA1",
     # default paths on site. These are the same as the defaults set up by the generators
    request_token_path: "/oauth/request_token",
    authenticate_path: "/oauth/authenticate",
    authorize_path: "/oauth/authorize",
    access_token_path: "/oauth/access_token",
     proxy: nil,
    # How do we send the oauth values to the server see
    # https://oauth.net/core/1.0/#consumer_req_param for more info
    #
    # Possible values:
    #
    #   :header - via the Authorize header (Default) ( option 1. in spec)
    #   :body - url form encoded in body of POST request ( option 2. in spec)
    #   :query_string - via the query part of the url ( option 3. in spec)
    scheme: :header,
     # Default http method used for OAuth Token Requests (defaults to :post)
    http_method: :post,
     # Add a custom ca_file for consumer
    # :ca_file       => '/etc/certs.pem'
     # Possible values:
    #
    # nil, false - no debug output
    # true - uses $stdout
    # some_value - uses some_value
    debug_output: nil,
     # Defaults to producing a body_hash as part of the signature but
    # can be disabled since it's not officially part of the OAuth 1.0
    # spec. Possible values are true and false
    body_hash_enabled: true,
     oauth_version: "1.0",
  },
)

Instance Attribute Summary

• #http ⇒ Object

  The HTTP object for the site.

• #key ⇒ Object

  Returns the value of attribute key.

• #options ⇒ Object

  Returns the value of attribute options.

• #secret ⇒ Object

  Returns the value of attribute secret.

• #site ⇒ Object

Instance Method Summary

• #access_token_path ⇒ Object
• #access_token_url ⇒ Object
• #access_token_url? ⇒ Boolean
• #authenticate_path ⇒ Object
• #authenticate_url ⇒ Object
• #authenticate_url? ⇒ Boolean
• #authorize_path ⇒ Object
• #authorize_url ⇒ Object
• #authorize_url? ⇒ Boolean
• #create_signed_request(http_method, path, token = nil, request_options = {}, *arguments) ⇒ Object

  Creates and signs an http request.

• #debug_output ⇒ Object
• #get_access_token(request_token, request_options = {}, *arguments) {|response_body| ... } ⇒ OAuth::AccessToken

  Exchanges a verified Request Token for an Access Token.

• #get_request_token(request_options = {}, *arguments) {|response_body| ... } ⇒ OAuth::RequestToken

  Makes a request to the service for a new OAuth::RequestToken.

• #http_method ⇒ Object

  The default http method.

• #initialize(consumer_key, consumer_secret, options = {}) ⇒ Consumer constructor

  Create a new consumer instance by passing it a configuration hash:.

• #proxy ⇒ Object
• #request(http_method, path, token = nil, request_options = {}, *arguments) ⇒ Object

  Creates, signs and performs an http request.

• #request_endpoint ⇒ Object
• #request_token_path ⇒ Object
• #request_token_url ⇒ Object

  TODO: this is ugly, rewrite.

• #request_token_url? ⇒ Boolean
• #scheme ⇒ Object
• #sign!(request, token = nil, request_options = {}) ⇒ Object

  Sign the Request object.

• #signature_base_string(request, token = nil, request_options = {}) ⇒ Object

  Return the signature_base_string.

• #token_request(http_method, path, token = nil, request_options = {}, *arguments) ⇒ Object

  Creates a request and parses the result as url_encoded.

• #uri(custom_uri = nil) ⇒ Object

  Contains the root URI for this site.

Constructor Details

#initialize(consumer_key, consumer_secret, options = {}) ⇒ Consumer

Create a new consumer instance by passing it a configuration hash:

@consumer = OAuth::Consumer.new(key, secret, {
  :site               => "http://term.ie",
  :scheme             => :header,
  :http_method        => :post,
  :request_token_path => "/oauth/example/request_token.php",
  :access_token_path  => "/oauth/example/access_token.php",
  :authorize_path     => "/oauth/example/authorize.php",
  :body_hash_enabled  => false
 })

Start the process by requesting a token

@request_token = @consumer.get_request_token
session[:request_token] = @request_token
redirect_to @request_token.authorize_url

When user returns create an access_token

@access_token = @request_token.get_access_token
@photos=@access_token.get('/photos.xml')

# File 'lib/oauth/consumer.rb', line 106

def initialize(consumer_key, consumer_secret, options = {})
  @key = consumer_key
  @secret = consumer_secret

  # ensure that keys are symbols
  snaky_options = SnakyHash::SymbolKeyed.new(options)
  @options = @@default_options.merge(snaky_options)
end

Instance Attribute Details

#http ⇒ Object

The HTTP object for the site. The HTTP Object is what you get when you do Net::HTTP.new

# File 'lib/oauth/consumer.rb', line 131

def http
  @http ||= create_http
end

#key ⇒ Object

Returns the value of attribute key.

# File 'lib/oauth/consumer.rb', line 80

def key
  @key
end

#options ⇒ Object

Returns the value of attribute options.

# File 'lib/oauth/consumer.rb', line 80

def options
  @options
end

#secret ⇒ Object

Returns the value of attribute secret.

# File 'lib/oauth/consumer.rb', line 80

def secret
  @secret
end

#site ⇒ Object

# File 'lib/oauth/consumer.rb', line 329

def site
  @options[:site].to_s
end

Instance Method Details

#access_token_path ⇒ Object

# File 'lib/oauth/consumer.rb', line 355

def access_token_path
  @options[:access_token_path]
end

#access_token_url ⇒ Object

# File 'lib/oauth/consumer.rb', line 384

def access_token_url
  @options[:access_token_url] || (site + access_token_path)
end

#access_token_url? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/oauth/consumer.rb', line 388

def access_token_url?
  @options.key?(:access_token_url)
end

#authenticate_path ⇒ Object

# File 'lib/oauth/consumer.rb', line 347

def authenticate_path
  @options[:authenticate_path]
end

#authenticate_url ⇒ Object

# File 'lib/oauth/consumer.rb', line 368

def authenticate_url
  @options[:authenticate_url] || (site + authenticate_path)
end

#authenticate_url? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/oauth/consumer.rb', line 372

def authenticate_url?
  @options.key?(:authenticate_url)
end

#authorize_path ⇒ Object

# File 'lib/oauth/consumer.rb', line 351

def authorize_path
  @options[:authorize_path]
end

#authorize_url ⇒ Object

# File 'lib/oauth/consumer.rb', line 376

def authorize_url
  @options[:authorize_url] || (site + authorize_path)
end

#authorize_url? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/oauth/consumer.rb', line 380

def authorize_url?
  @options.key?(:authorize_url)
end

#create_signed_request(http_method, path, token = nil, request_options = {}, *arguments) ⇒ Object

Creates and signs an http request. It’s recommended to use the Token classes to set this up correctly

# File 'lib/oauth/consumer.rb', line 274

def create_signed_request(http_method, path, token = nil, request_options = {}, *arguments)
  request = create_http_request(http_method, path, *arguments)
  sign!(request, token, request_options)
  request
end

#debug_output ⇒ Object

# File 'lib/oauth/consumer.rb', line 120

def debug_output
  @debug_output ||= case @options[:debug_output]
  when nil, false
  when true
    $stdout
  else
    @options[:debug_output]
  end
end

#get_access_token(request_token, request_options = {}, *arguments) {|response_body| ... } ⇒ OAuth::AccessToken

Exchanges a verified Request Token for an Access Token.

OAuth 1.0 vs 1.0a:

• 1.0a requires including oauth_verifier (as returned by the Provider after user authorization) when performing this exchange in a 3‑legged flow.

• 1.0 flows did not include oauth_verifier.

Usage (3‑legged):

access_token = request_token.get_access_token(oauth_verifier: params[:oauth_verifier])

Parameters:

• request_token (OAuth::RequestToken) —

  The authorized request token

• request_options (Hash) (defaults to: {}) —

  OAuth or request options (include :oauth_verifier for 1.0a)

• arguments (Array) —

  Optional POST body and headers

Yields:

• (response_body) —

  If a block is given, yields the raw response body.

Returns:

• (OAuth::AccessToken)

# File 'lib/oauth/consumer.rb', line 160

def get_access_token(request_token, request_options = {}, *arguments, &block)
  response = token_request(
    http_method,
    (access_token_url? ? access_token_url : access_token_path),
    request_token,
    request_options,
    *arguments,
    &block
  )
  OAuth::AccessToken.from_hash(self, response)
end

#get_request_token(request_options = {}, *arguments) {|response_body| ... } ⇒ OAuth::RequestToken

Makes a request to the service for a new OAuth::RequestToken

Example:

@request_token = @consumer.get_request_token

To include OAuth parameters:

@request_token = @consumer.get_request_token(
  oauth_callback: "http://example.com/cb"
)

To include application-specific parameters:

@request_token = @consumer.get_request_token({}, foo: "bar")

OAuth 1.0 vs 1.0a:

• In 1.0a, the Consumer SHOULD send oauth_callback when obtaining a request token (or explicitly use OUT_OF_BAND) and the Provider MUST include oauth_callback_confirmed=true in the response.

• This library defaults oauth_callback to OUT_OF_BAND (“oob”) when not provided, which works for both 1.0 and 1.0a, and mirrors common provider behavior.

• The oauth_callback_confirmed response is parsed by the token classes; it is not part of the signature base string and thus is not signed.

TODO: In a future major release, oauth_callback may be made mandatory unless

request_options[:exclude_callback] is set, to reflect 1.0a guidance.

Parameters:

• request_options (Hash) (defaults to: {}) —

  OAuth options for the request. Notably :oauth_callback can be set to a URL, or OAuth::OUT_OF_BAND (“oob”).

• arguments (Array) —

  Optional POST body and headers

Yields:

• (response_body) —

  If a block is given, yields the raw response body.

Returns:

• (OAuth::RequestToken)

# File 'lib/oauth/consumer.rb', line 202

def get_request_token(request_options = {}, *arguments, &block)
  # if oauth_callback wasn't provided, it is assumed that oauth_verifiers
  # will be exchanged out of band
  request_options[:oauth_callback] ||= OAuth::OUT_OF_BAND unless request_options[:exclude_callback]

  response = if block
    token_request(
      http_method,
      (request_token_url? ? request_token_url : request_token_path),
      nil,
      request_options,
      *arguments,
      &block
    )
  else
    token_request(
      http_method,
      (request_token_url? ? request_token_url : request_token_path),
      nil,
      request_options,
      *arguments,
    )
  end
  OAuth::RequestToken.from_hash(self, response)
end

#http_method ⇒ Object

The default http method

# File 'lib/oauth/consumer.rb', line 116

def http_method
  @http_method ||= @options[:http_method] || :post
end

#proxy ⇒ Object

# File 'lib/oauth/consumer.rb', line 392

def proxy
  @options[:proxy]
end

#request(http_method, path, token = nil, request_options = {}, *arguments) ⇒ Object

Creates, signs and performs an http request. It’s recommended to use the OAuth::Token classes to set this up correctly. request_options take precedence over consumer-wide options when signing

a request.

arguments are POST and PUT bodies (a Hash, string-encoded parameters, or

absent), followed by additional HTTP headers.

@consumer.request(:get,  '/people', @token, { :scheme => :query_string })
@consumer.request(:post, '/people', @token, {}, @person.to_xml, { 'Content-Type' => 'application/xml' })

# File 'lib/oauth/consumer.rb', line 238

def request(http_method, path, token = nil, request_options = {}, *arguments)
  unless %r{^/} =~ path
    @http = create_http(path)
    _uri = URI.parse(path)
    path = "#{_uri.path}#{"?#{_uri.query}" if _uri.query}"
  end

  # override the request with your own, this is useful for file uploads which Net::HTTP does not do
  req = create_signed_request(http_method, path, token, request_options, *arguments)
  return if block_given? && (yield(req) == :done)

  rsp = http.request(req)
  # check for an error reported by the Problem Reporting extension
  # (https://wiki.oauth.net/ProblemReporting)
  # note: a 200 may actually be an error; check for an oauth_problem key to be sure
  if !(headers = rsp.to_hash["www-authenticate"]).nil? &&
      (h = headers.grep(/^OAuth /)).any? &&
      h.first.include?("oauth_problem")

    # puts "Header: #{h.first}"

    # TODO: doesn't handle broken responses from api.login.yahoo.com
    # remove debug code when done
    params = OAuth::Helper.parse_header(h.first)

    # puts "Params: #{params.inspect}"
    # puts "Body: #{rsp.body}"

    raise OAuth::Problem.new(params.delete("oauth_problem"), rsp, params)
  end

  rsp
end

#request_endpoint ⇒ Object

# File 'lib/oauth/consumer.rb', line 333

def request_endpoint
  return if @options[:request_endpoint].nil?

  @options[:request_endpoint].to_s
end

#request_token_path ⇒ Object

# File 'lib/oauth/consumer.rb', line 343

def request_token_path
  @options[:request_token_path]
end

#request_token_url ⇒ Object

TODO: this is ugly, rewrite

# File 'lib/oauth/consumer.rb', line 360

def request_token_url
  @options[:request_token_url] || (site + request_token_path)
end

#request_token_url? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/oauth/consumer.rb', line 364

def request_token_url?
  @options.key?(:request_token_url)
end

#scheme ⇒ Object

# File 'lib/oauth/consumer.rb', line 339

def scheme
  @options[:scheme]
end

#sign!(request, token = nil, request_options = {}) ⇒ Object

Sign the Request object. Use this if you have an externally generated http request object you want to sign.

# File 'lib/oauth/consumer.rb', line 320

def sign!(request, token = nil, request_options = {})
  request.oauth!(http, self, token, options.merge(request_options))
end

#signature_base_string(request, token = nil, request_options = {}) ⇒ Object

Return the signature_base_string

# File 'lib/oauth/consumer.rb', line 325

def signature_base_string(request, token = nil, request_options = {})
  request.signature_base_string(http, self, token, options.merge(request_options))
end

#token_request(http_method, path, token = nil, request_options = {}, *arguments) ⇒ Object

Creates a request and parses the result as url_encoded. This is used internally for the RequestToken and AccessToken requests.

# File 'lib/oauth/consumer.rb', line 281

def token_request(http_method, path, token = nil, request_options = {}, *arguments)
  request_options[:token_request] ||= true
  response = request(http_method, path, token, request_options, *arguments)
  case response.code.to_i

  when (200..299)
    if block_given?
      yield response.body
    else
      # symbolize keys
      # TODO this could be considered unexpected behavior; symbols or not?
      # TODO this also drops subsequent values from multi-valued keys
      CGI.parse(response.body).each_with_object({}) do |(k, v), h|
        h[k.strip.to_sym] = v.first
        h[k.strip] = v.first
      end
    end
  when (300..399)
    # Parse redirect to follow
    uri = URI.parse(response["location"])
    our_uri = URI.parse(site)

    # Guard against infinite redirects
    response.error! if uri.path == path && our_uri.host == uri.host

    if uri.path == path && our_uri.host != uri.host
      options[:site] = "#{uri.scheme}://#{uri.host}"
      @http = create_http
    end

    token_request(http_method, uri.path, token, request_options, arguments)
  when (400..499)
    raise OAuth::Unauthorized, response
  else
    response.error!
  end
end

#uri(custom_uri = nil) ⇒ Object

Contains the root URI for this site

# File 'lib/oauth/consumer.rb', line 136

def uri(custom_uri = nil)
  if custom_uri
    @uri = custom_uri
    @http = create_http # yike, oh well. less intrusive this way
  else # if no custom passed, we use existing, which, if unset, is set to site uri
    @uri ||= URI.parse(site)
  end
end