Module: ROAuth

Extended by:

ROAuth

Included in:

ROAuth

Defined in:

lib/roauth.rb

Defined Under Namespace

Classes: MissingOAuthParams, UnsupportedSignatureMethod

Constant Summary

SIGNATURE_METHODS =

Supported signature methods;

{"HMAC-SHA1" => OpenSSL::Digest::Digest.new("sha1")}

OAUTH_PARAMS =

[:consumer_key, :token, :signature_method, :version, :nonce, :timestamp, :body_hash, :callback]

Instance Method Summary

• #header(oauth, uri, params = {}, http_method = :get) ⇒ Object

  Return an OAuth “Authorization” HTTP header from request data.

• #parse(header) ⇒ Object
• #verify(oauth, header, uri, params = {}, http_method = :get) ⇒ Object

Instance Method Details

#header(oauth, uri, params = {}, http_method = :get) ⇒ Object

Return an OAuth “Authorization” HTTP header from request data

# File 'lib/roauth.rb', line 14

def header(oauth, uri, params = {}, http_method = :get)
  oauth = oauth.dup
  oauth[:signature_method] ||= "HMAC-SHA1"
  oauth[:version]          ||= "1.0" # Assumed version, according to the spec
  oauth[:nonce]            ||= Base64.encode64(OpenSSL::Random.random_bytes(32)).gsub(/\W/, '')
  oauth[:timestamp]        ||= Time.now.to_i
  oauth[:token]            ||= oauth.delete(:access_key)
  oauth[:token_secret]     ||= oauth.delete(:access_secret)

  sig_params = oauth_params(oauth)
  sig_params[:oauth_signature] = signature(oauth, uri, sig_params.merge(params), http_method)
  sorted_sig_params    = sig_params.sort_by{|k,v| [k.to_s, v.to_s] }
  authorization_params = sorted_sig_params.map {|key, value| 
    [escape(key), "\"#{escape(value)}\""].join("=") 
  }.join(", ")

  %{OAuth } + authorization_params
end

#parse(header) ⇒ Object

# File 'lib/roauth.rb', line 33

def parse(header)
  header = header.dup
  header = header.gsub!(/^OAuth\s/, "")
  header = header.split(", ")
  header = header.inject({}) {|hash, item|
    key, value = item.split("=")
    key.gsub!(/^oauth_/, "")
    value.gsub!(/(^"|"$)/, "")
    hash[key.to_sym] = unescape(value)
    hash
  }
  header[:access_key] = header[:token]
  header
end

#verify(oauth, header, uri, params = {}, http_method = :get) ⇒ Object

# File 'lib/roauth.rb', line 48

def verify(oauth, header, uri, params = {}, http_method = :get)
  header = header.is_a?(String) ? parse(header) : header.dup

  client_signature = header.delete(:signature)
  oauth[:consumer_key]     ||= header[:consumer_key]
  oauth[:token]            ||= header[:token]
  oauth[:token_secret]     ||= oauth.delete(:access_secret)
  oauth[:signature_method] ||= "HMAC-SHA1"
  oauth[:version]          ||= "1.0"

  sig_params = params.dup
  sig_params.merge!(oauth_params(header))

  client_signature == signature(oauth, uri, sig_params, http_method)
end