Changeset 5275

Timestamp:

01/22/08 16:35:40 (5 years ago)

Author:

lyokato

Message:

lang/perl/OAuth-Lite: added functionality for OAuth Discovery 1.0 and OAuth Consumer Request 1.0

Location:

lang/perl/OAuth-Lite/trunk

Files:

• Makefile.PL (modified) (1 diff)
• lib/OAuth/Lite.pm (modified) (1 diff)
• lib/OAuth/Lite/AuthMethod.pm (modified) (2 diffs)
• lib/OAuth/Lite/Consumer.pm (modified) (9 diffs)
• lib/OAuth/Lite/ParamMethod.pm (added)
• lib/OAuth/Lite/RealmDifinition (added)
• lib/OAuth/Lite/RealmDifinition.pm (added)
• lib/OAuth/Lite/RealmDifinition/Consumer.pm (added)
• lib/OAuth/Lite/RealmDifinition/User.pm (added)
• lib/OAuth/Lite/Server/mod_perl2.pm (modified) (11 diffs)
• lib/OAuth/Lite/ServiceType.pm (added)

lang/perl/OAuth-Lite/trunk/Makefile.PL

@@ -14 +14 @@
 requires 'List::MoreUtils'        => '0.21';
 requires 'MIME::Base64'           => '3.07';
+requires 'Net::Yadis'             => '1.00';
+requires 'HTML::RelExtor'         => '0.01';
 auto_include;
 WriteAll;

lang/perl/OAuth-Lite/trunk/lib/OAuth/Lite.pm

@@ -4 +4 @@
 use warnings;
 
-our $VERSION = "1.07";
+our $VERSION = "1.08";
 our $OAUTH_DEFAULT_VERSION = "1.0";
 

lang/perl/OAuth-Lite/trunk/lib/OAuth/Lite/AuthMethod.pm

@@ -11 +11 @@
 our @EXPORT_OK = map { @$_ } values %EXPORT_TAGS;
 
-use constant AUTH_HEADER => 'auth_header';
-use constant POST_BODY   => 'post_body';
-use constant URL_QUERY   => 'url_query';
+use constant AUTH_HEADER => 'AUTH-HEADER';
+use constant POST_BODY   => 'POST-BODY';
+use constant URL_QUERY   => 'URL-QUERY';
 
 sub validate_method {
@@ -25 +25 @@
 =head1 NAME
 
-OAuth::Lite::AuthMethod - auth method constants.
+OAuth::Lite::AuthMethod - OBSOLUTE use ParamMethod instead of this.
 
 =head1 SYNOPSIS

lang/perl/OAuth-Lite/trunk/lib/OAuth/Lite/Consumer.pm

@@ -26 +26 @@
 use HTTP::Request;
 use HTTP::Headers;
+use Net::Yadis;
+use HTML::RelExtor;
 use UNIVERSAL::require;
 use List::MoreUtils qw(any);
@@ -34 +36 @@
 use OAuth::Lite::Util qw(:all);
 use OAuth::Lite::AuthMethod qw(:all);
+use OAuth::Lite::RealmDifinition;
 
 =head1 NAME
@@ -83 +86 @@
 
     unless ($res->is_success) {
-        if ($res->status == 400 || $res->status == 401) {
+        if ($res->code == 400 || $res->code == 401) {
             my $auth_header = $res->header('WWW-Authenticate');
             if ($auth_header && $auth_header =~ /^OAuth/) {
@@ -128 +131 @@
 HTTP method (GET or POST) when the request is for request token or access token. (optional, 'POST' is set by default)
 
+=item param_method
+
+L<OAuth::Lite::AuthMethod>'s value you can choose from AUTH_HEADER, POST_BODY and URL_QUERY (optional, AUTH_HEADER is set by default)
+
 =item auth_method
 
-L<OAuth::Lite::AuthMethod>'s value you can choose from AUTH_HEADER, POST_BODY and URL_QUERY (optional, AUTH_HEADER is set by default)
+OBSOLUTE - use param method instead of this
 
 =item realm
@@ -236 +243 @@
     my %args_for_parent = %args;
     delete $args_for_parent{$_}
-        for qw/consumer_key consumer_secret signature_method http_method auth_method realm
-        site request_token_path access_token_path authorize_path
-        callback_url/;
+        for qw/consumer_key consumer_secret signature_method http_method auth_method param_method
+        realm site request_token_path access_token_path authorize_path callback_url/;
     my $self = $class->SUPER::new(%args_for_parent);
     $self = bless $self, $class;
@@ -266 +272 @@
     $self->{consumer_secret} = $args{consumer_secret} || '';
     $self->{http_method} = $args{http_method} || 'POST';
-    $self->{auth_method} = $args{auth_method} || AUTH_HEADER;
-    unless ( OAuth::Lite::AuthMethod->validate_method( $self->{auth_method} ) ) {
+    $self->{param_method} = $args{param_method} || $args{auth_method} || AUTH_HEADER;
+    unless ( OAuth::Lite::AuthMethod->validate_method( $self->{param_method} ) ) {
         Carp::croak( sprintf
-            qq/Invalid auth method "%s"./, $self->{auth_method} );
+            qq/Invalid auth method "%s"./, $self->{param_method} );
     }
     $self->{signature_method} = $signature_method_class;
@@ -518 +524 @@
     }
 
-    my $auth_method = $self->{auth_method};
+    my $param_method = $self->{param_method};
     if (any { $method eq $_ } @non_send_data_methods) {
-        $auth_method = AUTH_HEADER
-            unless $auth_method eq URL_QUERY; 
+        $param_method = AUTH_HEADER
+            unless $param_method eq URL_QUERY; 
     } else { # POST or PUT
-        $auth_method = AUTH_HEADER
-            unless $auth_method eq POST_BODY; 
-    }
-
-    if ($auth_method eq URL_QUERY) {
+        $param_method = AUTH_HEADER
+            unless $param_method eq POST_BODY; 
+    }
+
+    if ($param_method eq URL_QUERY) {
         my $query = $self->gen_auth_query($method, $url, $token, $extra);
         $url = sprintf q{%s?%s}, $url, $query;
-    } elsif ($auth_method eq POST_BODY) {
+    } elsif ($param_method eq POST_BODY) {
         my $query = $self->gen_auth_query($method, $url, $token, $extra);
         $content = $query;
@@ -604 +610 @@
     my ($self, %args) = @_;
     $args{token} ||= $self->access_token;
-    $self->__request(%args);
+    my $res = $self->__request(%args);
+    $res;
+}
+
+=head2 discover
+
+Discover realm-definition using last response.
+
+    my $difinition = $consumer->discover();
+    unless ($difinition) {
+        die "Discovery failed";
+    }
+
+=cut
+
+sub discover {
+        my ($self, $finders) = @_;
+    my $res = $self->oauth_response;
+    my $difinition;
+    if ($res->code == 400 || $res->code == 401) {
+        my $auth_header = $res->header('WWW-Authenticate');
+        if ($auth_header && $auth_header =~ /^OAuth/) {
+            my ($realm, $params) = parse_auth_header($auth_header);
+            $difinition = $self->__discover([
+                sub {
+                    return exists $params->{xoauth_realm}
+                        ? $params->{xoauth_realm} : undef; 
+                },
+                sub {
+                    return $realm;
+                },
+                sub {
+                    for my $pair (split /&/, $res->content) {
+                        my ($key, $value) = split /=/, $pair;
+                        if ($key && $key eq 'xoauth_realm') {
+                            return decode_param($value);
+                        }
+                    }
+                    return;
+                },
+                sub {
+                    my $parser = HTML::RelExtor->new;
+                    $parser->parse($res->content);
+                    for my $link ($parser->links) {
+                        if ($link->has_rel('auth')) {
+                            my $attr = $link->attr;
+                            if ( exists $attr->{type}
+                              && $attr->{type} eq q{application/xrds+xml}) {
+                                return $link->href;
+                            }
+                        }
+                    }
+                    return;
+                },
+            ]);
+                    }
+    }
+    $difinition;
+}
+
+sub __discover {
+    my ($self, $url_finders) = @_;
+    for my $finder ( @$url_finders ) {
+        my $url = $finder->() or next;
+        my $yadis;
+        eval { $yadis = Net::Yadis->discover($url); };
+        next if $@;
+        my $difinition = OAuth::Lite::RealmDifinition->parse($yadis);
+        next unless $difinition;
+        return $difinition;
+    }
+    return;
 }
 
@@ -746 +823 @@
 
     my $req_token = $consumer->get_request_token(...);
-    say $consumer->oauth_response->status;
+    say $consumer->oauth_response->code;
 
     my $req_token = $consumer->get_access_token(...);
-    say $consumer->oauth_response->status;
+    say $consumer->oauth_response->code;
 
 =head2 oauth_clear

lang/perl/OAuth-Lite/trunk/lib/OAuth/Lite/Server/mod_perl2.pm

@@ -30 +30 @@
 use constant ACCESS_TOKEN       => 'ACCESS_TOKEN';
 
-__PACKAGE__->mk_accessors(qw/request realm oauth/);
+__PACKAGE__->mk_accessors(qw/request realm xrealm oauth/);
 
 =head1 NAME
@@ -291 +291 @@
 The realm value you set in httpd.conf by PerlSetVar.
 
+=head2 xrealm
+
+
+This value should be the url of Discovery Difinition Document.
+See OAuth Discovery 1.0 spec.
+
+And in authentication header, this is put in as xoauth_realm.
+
+To use this, you have to set XRealm on httpd.conf
+
+  SetParVar XRealm "http://api.example.com/realm"
+
 =head2 oauth
 
@@ -319 +331 @@
 
 Set proper 'WWW-Authentication' response header
+
+=head2 is_requied_request_token
+
+Check if current request requires request-token.
+
+=head2 is_requied_access_token
+
+Check if current request requires access-token.
+
+=head2 is_requied_protected_resource
+
+Check if current request requires protected-resource.
+
+=head2 accepts_consumer_request
+
+You can adopt OAuth Consumer Request 1.0.
+
+See http://oauth.googlecode.com/svn/spec/ext/consumer_request/1.0/drafts/1/spec.html
+
+To adopt this spec, you have to set var 'AcceptConsumerRequest' on httpd.conf
+
+        <Location /resource>
+        PerlSetVar Mode PROTECTED_RESOURCE
+        PerlSetVar AcceptConsumerRequest 1
+        PerlResponseHandler MyServiceWithOAuth
+        </Location>
+
+Then override service method for protected resource.
+
+        sub service {
+                my ($self, $params) = @_;
+
+                my $resource_owner_id;
+
+                if (exists $params->{oauth_token}) {
+
+                        my $access_token_value = $params->{oauth_token};
+                        $resource_owner_id = $self->get_user_id_of_access_token($access_token_value);
+
+                } else {
+
+                        my $consumer_key = $params->{oauth_consumer_key};
+                        $resource_owner_id = $self->get_user_id_of_consumer_developer($consumer_key);
+
+                }
+
+                my @resources = MyDB::Scheme->resultset('SomeResource')->search({
+                                user_id => $resource_owner_id,  
+                });
+
+                # output resource data in the manner your api defines.
+                ...
+
+                return Apache2::Const::OK;
+
+        }
 
 =head2 error
@@ -380 +448 @@
         oauth   => OAuth::Lite::ServerUtil->new,
         realm   => undef,
+        xrealm  => undef,
         secure  => 0,
         mode    => PROTECTED_RESOURCE,
+                                accepts_consumer_request => 0,
     }, $class;
     my $realm = $self->request->dir_config('Realm');
     $self->{realm} = $realm if $realm;
+    my $xrealm = $self->request->dir_config('XRealm');
+    $self->{xrealm} = $xrealm if $xrealm;
+                my $accept = $self->request->dir_config('AcceptConsumerRequest');
+                $self->{accepts_consumer_request} = $accept if $accept;
     my $mode = $self->request->dir_config('Mode');
+                my @valid_modes = (PROTECTED_RESOURCE, REQUEST_TOKEN, ACCESS_TOKEN);
     if ($mode) {
-        if (none { $mode eq $_ } (PROTECTED_RESOURCE, REQUEST_TOKEN, ACCESS_TOKEN)) {
+        if (none { $mode eq $_ } @valid_modes) {
             die "Invalid mode."; 
         } else {
@@ -439 +514 @@
     }
 
-    my $needs_to_check_token =  $self->__is_required_request_token
+    my $needs_to_check_token =  ( $self->is_required_request_token
+                                         || ( $self->is_required_protected_resource && $self->accepts_consumer_request ) )
                              ? 0
                              : 1;
@@ -467 +543 @@
     my $request_uri = $uri->as_string;
 
-    if ($self->__is_required_request_token) {
+    if ($self->is_required_request_token) {
 
         $self->oauth->verify_signature(
@@ -479 +555 @@
         return $self->__output_token($request_token);
 
-    } elsif ($self->__is_required_access_token) {
+    } elsif ($self->is_required_access_token) {
 
         my $token_value = $params->{oauth_token};
@@ -499 +575 @@
     } else {
 
-        my $token_value = $params->{oauth_token};
-        my $token_secret = $self->get_access_token_secret($token_value);
-        unless (defined $token_secret) {
-            return $self->errout(401, q{Invalid token});
-        }
+                                my $token_secret = '';
+                                if (exists $params->{oauth_token}) {
+                                        my $token_value = $params->{oauth_token};
+                                        $token_secret = $self->get_access_token_secret($token_value);
+                                        unless (defined $token_secret) {
+                                                        return $self->errout(401, q{Invalid token});
+                                        }
+                                }
 
         $self->oauth->verify_signature(
@@ -510 +589 @@
             url             => $request_uri,
             consumer_secret => $consumer_secret || '',
-            token_secret    => $token_secret || '',
+            token_secret    => $token_secret,
         ) or return $self->errout(401, q{Invalid signature});
 
@@ -528 +607 @@
 }
 
-sub __is_required_request_token {
+sub is_required_request_token {
     my $self = shift;
     return ($self->{mode} eq REQUEST_TOKEN) ? 1 : 0;
 }
 
-sub __is_required_access_token {
+sub is_required_access_token {
     my $self = shift;
     return ($self->{mode} eq ACCESS_TOKEN) ? 1 : 0;
+}
+
+sub is_required_protected_resource {
+    my $self = shift;
+    return ($self->{mode} eq PROTECTED_RESOURCE) ? 1 : 0;
+}
+
+sub accepts_consumer_request {
+                my $self = shift;
+                return $self->{accepts_consumer_request};
 }
 
@@ -585 +674 @@
 sub set_authenticate_header {
     my $self = shift;
-    $self->request->err_headers_out->add( 'WWW-Authenticate',
-        sprintf(q{OAuth realm="%s"}, $self->realm));
+    my $header = $self->{xrealm}
+      ? sprintf(q{OAuth realm="%s", xoauth_realm="%s"}, $self->realm, $self->xrealm)
+      : sprintf(q{OAuth realm="%s"}, $self->realm);
+    $self->request->err_headers_out->add( 'WWW-Authenticate', $header );
 }