Create Auth Header w/ HMAC-SHA1

Initial version that uses OAuth 1.0 and HMAC-SHA1 signature signing method to return an OAuth Authorization HTTP header

.gitignore

@@ -0,0 +1 @@
+doc/

LICENSE

@@ -0,0 +1,19 @@
+Copyright (c) 2010 Matthew Riley MacPherson
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

Rakefile

@@ -0,0 +1,12 @@
+require 'rake/rdoctask'
+
+# Make me some RDoc (use Allison, because it's pretty)
+Rake::RDocTask.new do |rdoc|
+	files = ['README.markdown', 'LICENSE', 'lib/*.rb', 'test/*.rb']
+	rdoc.rdoc_files.add(files)
+	rdoc.main = 'README.markdown'
+	rdoc.title = 'SOAuth'
+	#rdoc.template = ''
+	rdoc.rdoc_dir = './doc'
+	rdoc.options << '--line-numbers' << '--inline-source'
+end

lib/soauth.rb

@@ -0,0 +1,86 @@
+require 'base64'
+require 'openssl'
+require 'uri'
+
+class SOAuth
+
+	# Exception raised if signature signing method isn't supported
+	# by SOAuth
+	class UnsupportedSignatureMethod < Exception; end
+	# Exception raised when attempting to create a signature without
+	# required OAuth params
+	class MissingOAuthParams < Exception; end
+
+	# Digest key for HMAC-SHA1 signing
+	DIGEST = OpenSSL::Digest::Digest.new('sha1')
+	# Supported {signature methods}[http://oauth.net/core/1.0/#signing_process];
+	# currently, only HMAC-SHA1 is supported
+	SUPPORTED_SIGNATURE_METHODS = ["HMAC-SHA1"]
+
+	# Return an {OAuth "Authorization" HTTP header}[http://oauth.net/core/1.0/#auth_header] from request data
+	def header(uri, oauth, params = {}, http_method = :get)
+		# Raise an exception if we're missing required OAuth params
+		raise MissingOAuthParams if !oauth.is_a?(Hash) || !oauth.has_key?(:consumer_key) || !oauth.has_key?(:consumer_secret) || !oauth.has_key?(:access_key) || !oauth.has_key?(:access_secret)
+		# Make sure we support the signature signing method specified
+		raise UnsupportedSignatureMethod unless !oauth[:signature_method] || SUPPORTED_SIGNATURE_METHODS.include?(oauth[:signature_method].to_s)
+
+		oauth[:signature_method] ||= "HMAC-SHA1"
+		oauth[:version] ||= "1.0"
+		oauth[:nonce] ||= Base64.encode64(OpenSSL::Random.random_bytes(32)).gsub(/\W/, '')
+		oauth[:timestamp] ||= Time.now.to_i
+
+		oauth.each { |k, v| params['oauth_' + k.to_s] = v unless k == :realm }
+
+		secret = "#{escape(oauth[:consumer_secret])}&#{escape(oauth[:access_secret])}"
+		sig_base = (http_method||'get').to_s.upcase + '&' + escape(uri) + '&' +	normalize(params)
+		oauth_signature = Base64.encode64(OpenSSL::HMAC.digest(DIGEST, secret, sig_base)).chomp.gsub(/\n/,'')
+
+		%{OAuth } + (%{oauth_realm="#{oauth[:realm]}", } unless !oauth[:realm]).to_s + %{oauth_consumer_key="#{oauth[:consumer_key]}", oauth_token="#{oauth[:access_key]}", oauth_signature_method="#{oauth[:signature_method]}", oauth_signature="#{escape(oauth_signature)}", oauth_timestamp="#{oauth[:timestamp]}", oauth_nonce="#{oauth[:nonce]}", oauth_version="#{oauth[:version]}"}
+	end
+
+	# Utility class used to sign a request and return an
+	# {OAuth "Authorization" HTTP header}[http://oauth.net/core/1.0/#auth_header]
+	def self.header(uri, oauth, params = {}, http_method = :get)
+		new.header(uri, oauth, params, http_method)
+	end
+
+	protected
+
+	# Escape characters in a string according to the {OAuth spec}[http://oauth.net/core/1.0/]
+	def escape(value)
+		URI::escape(value.to_s, /[^a-zA-Z0-9\-\.\_\~]/) # Unreserved characters -- must not be encoded
+	end
+
+	# Normalize a string of parameters based on the {OAuth spec}[http://oauth.net/core/1.0/#rfc.section.9.1.1]
+  def normalize(params)
+    params.sort.map do |k, values|
+
+      if values.is_a?(Array)
+        # Multiple values were provided for a single key
+        # in a hash
+        values.sort.collect do |v|
+          [escape(k), escape(v)] * "%3D"
+        end
+      else
+        [escape(k), escape(values)] * "%3D"
+      end
+    end * "%26"
+  end
+
+end
+
+# TextMate <3
+if __FILE__ == $0
+	oauth = {
+		:consumer_key => 'konsume',
+		:consumer_secret => 'my_secret',
+		:access_key => 'actess',
+		:access_secret => 'your_secret'
+	}
+	params = {
+		'count' => '11',
+		'since_id' => '5000'
+	}
+
+	puts SOAuth.header('http://twitter.com/direct_messages.json', oauth, params)
+end

soauth.gemspec

@@ -0,0 +1,16 @@
+require 'rake'
+
+Gem::Specification.new do |s|
+  s.name = "soauth"
+  s.version = "0.1"
+  #s.date = Time.now.to_s
+  s.authors = ["Matthew Riley MacPherson"]
+  s.email = "matt@lonelyvegan.com"
+  s.has_rdoc = true
+  s.rdoc_options << '--title' << "SOAuth -- Ruby Library that creates HTTP headers for OAuth Authorization" << '--main' << 'README.markdown' << '--line-numbers'
+  s.summary = "Create OAuth \"Authorization\" HTTP Header using previously-obtained OAuth data"
+  s.homepage = "http://github.com/tofumatt/soauth"
+  s.files = FileList['lib/*.rb', '[A-Z]*', 'soauth.gemspec', 'test/*.rb'].to_a
+	s.test_file = 'tests/soauth_test.rb'
+	s.add_development_dependency('mocha') # Used to run the tests, that's all...
+end

test/soauth_test.rb

@@ -0,0 +1,56 @@
+$LOAD_PATH << File.expand_path("#{File.dirname(__FILE__)}/../lib")
+require 'soauth'
+
+require 'rubygems'
+require 'test/unit'
+require 'mocha'
+
+class SOAuthTest < Test::Unit::TestCase
+
+	# Required OAuth parameters with dummy values -- these
+	# keys are the minimum number of keys required to generate
+	# an {OAuth "Authorization" HTTP header}[http://oauth.net/core/1.0/#auth_header]
+	OAUTH_REQ_PARAMS = {
+		:consumer_key => "consumer_key",
+		:consumer_secret => "consumer_secret",
+		:access_key => "access_key",
+		:access_secret => "access_secret"
+	}
+
+	# Make sure the custom nonce is used
+	def test_custom_nonce
+		nonce = Base64.encode64(OpenSSL::Random.random_bytes(32)).gsub(/\W/, '')
+
+	  oauth_params = OAUTH_REQ_PARAMS.merge(:nonce => nonce)
+	  assert_equal %{oauth_nonce="#{nonce}"}, %{oauth_nonce="#{SOAuth.header('http://lonelyvegan.com/', oauth_params).match(nonce)[0]}"}
+	end
+
+	# Make sure the custom timestamp is used
+	def test_custom_nonce
+		now = Time.now.to_i
+
+	  oauth_params = OAUTH_REQ_PARAMS.merge(:timestamp => now)
+	  assert_equal %{oauth_timestamp="#{now}"}, %{oauth_timestamp="#{SOAuth.header('http://lonelyvegan.com/', oauth_params).match(now.to_s)[0]}"}
+	end
+
+	# Generate a header without an explicit OAuth version (assumes {version 1.0}[http://oauth.net/core/1.0/])
+	def test_no_version_specified
+		# No OAuth version specified
+		oauth_params = OAUTH_REQ_PARAMS
+		assert SOAuth.header('http://lonelyvegan.com/', OAUTH_REQ_PARAMS)
+	end
+
+	# Generate a header without a {signature method}[http://oauth.net/core/1.0/#signing_process] (assumes "HMAC-SHA1")
+	def test_no_signature_method_specified
+		# No signature method specified
+		oauth_params = OAUTH_REQ_PARAMS
+		assert SOAuth.header('http://lonelyvegan.com/', OAUTH_REQ_PARAMS)
+	end
+
+	# Only certain {signature methods}[http://oauth.net/core/1.0/#signing_process] are supported
+	def test_unsupported_signature_method
+		oauth_params = OAUTH_REQ_PARAMS.merge(:signature_method => "MD5")
+		assert_raises(SOAuth::UnsupportedSignatureMethod) { SOAuth.header('http://lonelyvegan.com/', oauth_params) }
+	end
+
+end