Class: GData::Auth::AuthSub
- Inherits:
-
Object
- Object
- GData::Auth::AuthSub
- Defined in:
- lib/gdata/auth/authsub.rb
Overview
This class implements AuthSub signatures for Data API requests. It can be used with a GData::Client::GData object.
Constant Summary collapse
- REQUEST_HANDLER =
The URL of AuthSubRequest.
'https://www.google.com/accounts/AuthSubRequest'
- SESSION_HANDLER =
The URL of AuthSubSessionToken.
'https://www.google.com/accounts/AuthSubSessionToken'
- REVOKE_HANDLER =
The URL of AuthSubRevokeToken.
'https://www.google.com/accounts/AuthSubRevokeToken'
- INFO_HANDLER =
The URL of AuthSubInfo.
'https://www.google.com/accounts/AuthSubTokenInfo'
- BIG_INT_MAX =
2 ** 64, the largest 64 bit unsigned integer
18446744073709551616
Instance Attribute Summary collapse
-
#private_key ⇒ Object
Private RSA key used to sign secure requests.
-
#token ⇒ Object
AuthSub access token.
Class Method Summary collapse
-
.get_url(next_url, scope, secure = false, session = true, domain = nil) ⇒ Object
Return the proper URL for an AuthSub approval page with the requested scope.
Instance Method Summary collapse
-
#info ⇒ Object
Return some information about the current token.
-
#initialize(token, options = {}) ⇒ AuthSub
constructor
Initialize the class with a new token.
-
#revoke ⇒ Object
Revoke the token.
-
#sign_request!(request) ⇒ Object
Sign a GData::Http::Request object with a valid AuthSub Authorization header.
-
#upgrade ⇒ Object
Upgrade the current token into a session token.
Constructor Details
#initialize(token, options = {}) ⇒ AuthSub
Initialize the class with a new token. Optionally pass a private key or custom URLs.
44 45 46 47 48 49 50 51 52 53 54 55 56 |
# File 'lib/gdata/auth/authsub.rb', line 44 def initialize(token, = {}) if token.nil? raise ArgumentError, "Token cannot be nil." elsif token.class != String raise ArgumentError, "Token must be a String." end @token = token .each do |key, value| self.send("#{key}=", value) end end |
Instance Attribute Details
#private_key ⇒ Object
Private RSA key used to sign secure requests.
40 41 42 |
# File 'lib/gdata/auth/authsub.rb', line 40 def private_key @private_key end |
#token ⇒ Object
AuthSub access token.
38 39 40 |
# File 'lib/gdata/auth/authsub.rb', line 38 def token @token end |
Class Method Details
.get_url(next_url, scope, secure = false, session = true, domain = nil) ⇒ Object
Return the proper URL for an AuthSub approval page with the requested scope. next_url should be a URL that points back to your code that will receive the token. domain is optionally a Google Apps domain.
145 146 147 148 149 150 151 152 153 154 155 156 157 158 |
# File 'lib/gdata/auth/authsub.rb', line 145 def self.get_url(next_url, scope, secure = false, session = true, domain = nil) next_url = CGI.escape(next_url) scope = CGI.escape(scope) secure = secure ? 1 : 0 session = session ? 1 : 0 body = "next=#{next_url}&scope=#{scope}&session=#{session}" + "&secure=#{secure}" if domain domain = CGI.escape(domain) body = "#{body}&hd=#{domain}" end return "#{REQUEST_HANDLER}?#{body}" end |
Instance Method Details
#info ⇒ Object
Return some information about the current token. If the current token is a one-time use token, this operation will use it up!
113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 |
# File 'lib/gdata/auth/authsub.rb', line 113 def info request = GData::HTTP::Request.new(INFO_HANDLER) sign_request!(request) service = GData::HTTP::DefaultService.new response = service.make_request(request) if response.status_code != 200 raise GData::Client::AuthorizationError.new(response) end result = {} result[:target] = response.body[/Target=(.*)/,1] result[:scope] = response.body[/Scope=(.*)/,1] result[:secure] = response.body[/Secure=(.*)/,1] return result end |
#revoke ⇒ Object
Revoke the token.
131 132 133 134 135 136 137 138 139 140 |
# File 'lib/gdata/auth/authsub.rb', line 131 def revoke request = GData::HTTP::Request.new(REVOKE_HANDLER) sign_request!(request) service = GData::HTTP::DefaultService.new response = service.make_request(request) if response.status_code != 200 raise GData::Client::AuthorizationError.new(response) end end |
#sign_request!(request) ⇒ Object
Sign a GData::Http::Request object with a valid AuthSub Authorization header.
79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 |
# File 'lib/gdata/auth/authsub.rb', line 79 def sign_request!(request) header = "AuthSub token=\"#{@token}\"" if @private_key time = Time.now.to_i nonce = OpenSSL::BN.rand_range(BIG_INT_MAX) method = request.method.to_s.upcase data = "#{method} #{request.url} #{time} #{nonce}" sig = @private_key.sign(OpenSSL::Digest::SHA1.new, data) sig = Base64.encode64(sig).gsub(/\n/, '') header = "#{header} sigalg=\"rsa-sha1\" data=\"#{data}\"" header = "#{header} sig=\"#{sig}\"" end request.headers['Authorization'] = header end |
#upgrade ⇒ Object
Upgrade the current token into a session token.
97 98 99 100 101 102 103 104 105 106 107 108 109 |
# File 'lib/gdata/auth/authsub.rb', line 97 def upgrade request = GData::HTTP::Request.new(SESSION_HANDLER) sign_request!(request) service = GData::HTTP::DefaultService.new response = service.make_request(request) if response.status_code != 200 raise GData::Client::AuthorizationError.new(response) end @token = response.body[/Token=(.*)/,1] return @token end |