[Catalyst-commits] r14028 - in Catalyst-Authentication-Credential-OAuth/trunk: . lib/Catalyst/Authentication/Credential

bashinsky at dev.catalyst.perl.org bashinsky at dev.catalyst.perl.org
Thu Jun 2 07:49:15 GMT 2011 

Author: bashinsky
Date: 2011-06-02 07:49:15 +0000 (Thu, 02 Jun 2011)
New Revision: 14028

Modified:
   Catalyst-Authentication-Credential-OAuth/trunk/Changes
   Catalyst-Authentication-Credential-OAuth/trunk/Makefile.PL
   Catalyst-Authentication-Credential-OAuth/trunk/lib/Catalyst/Authentication/Credential/OAuth.pm
Log:
The new method for accomplishment of inquiries after authorization is added. Added RSA-SHA1 signature request.

Modified: Catalyst-Authentication-Credential-OAuth/trunk/Changes
===================================================================
--- Catalyst-Authentication-Credential-OAuth/trunk/Changes	2011-06-01 19:15:53 UTC (rev 14027)
+++ Catalyst-Authentication-Credential-OAuth/trunk/Changes	2011-06-02 07:49:15 UTC (rev 14028)
@@ -1,5 +1,10 @@
 Revision history for Catalyst::Authentication::Credential::OAuth
 
+0.04 Wed Jun  1 22:26:09 2011
+   The new method for accomplishment of inquiries after
+   authorization is added.
+   Added RSA-SHA1 signature request.
+
 0.03 Mon Jun 28 01:16:00 2010
    Support new "verifier" requirement for "access token"
    to work with the Twitter API.

Modified: Catalyst-Authentication-Credential-OAuth/trunk/Makefile.PL
===================================================================
--- Catalyst-Authentication-Credential-OAuth/trunk/Makefile.PL	2011-06-01 19:15:53 UTC (rev 14027)
+++ Catalyst-Authentication-Credential-OAuth/trunk/Makefile.PL	2011-06-02 07:49:15 UTC (rev 14028)
@@ -9,6 +9,9 @@
 requires 'String::Random';
 requires 'MooseX::Types::Common::String';
 requires 'MooseX::Types';
+requires 'URI';
+requires 'URI::QueryParam';
+requires 'Crypt::OpenSSL::RSA';
 requires 'namespace::autoclean';
 
 test_requires 'Catalyst::Runtime';

Modified: Catalyst-Authentication-Credential-OAuth/trunk/lib/Catalyst/Authentication/Credential/OAuth.pm
===================================================================
--- Catalyst-Authentication-Credential-OAuth/trunk/lib/Catalyst/Authentication/Credential/OAuth.pm	2011-06-01 19:15:53 UTC (rev 14027)
+++ Catalyst-Authentication-Credential-OAuth/trunk/lib/Catalyst/Authentication/Credential/OAuth.pm	2011-06-02 07:49:15 UTC (rev 14028)
@@ -7,6 +7,9 @@
 use LWP::UserAgent;
 use HTTP::Request::Common;
 use String::Random qw/ random_string /;
+use URI;
+use URI::QueryParam;
+use Crypt::OpenSSL::RSA;
 use Catalyst::Exception ();
 use namespace::autoclean;
 
@@ -33,6 +36,20 @@
     LWP::UserAgent->new;
 }
 
+sub _get_key {
+    my ( $self, $key_file ) = @_;
+
+    return undef unless $key_file;
+    Catalyst::Exception->throw( "RSA private key '" . $key_file . "' not found." )
+        unless -f $key_file;
+
+    open( KEY, $key_file ) || Catalyst::Exception->throw( "Could not open file '" . $key_file . "': " . $! );
+    my $key_string = join( '', <KEY> );
+    close( KEY );
+
+    return Crypt::OpenSSL::RSA->new_private_key( $key_string );
+}
+
 sub authenticate {
 	my ($self, $c, $realm, $auth_info) = @_;
 
@@ -52,7 +69,7 @@
         timestamp => time,
         nonce => random_string( 'ccccccccccccccccccc' ),
         request_method => 'GET',
-        signature_method => 'HMAC-SHA1',
+        signature_method => defined $provider->{rsa_private_key} ? 'RSA-SHA1' : 'HMAC-SHA1',
 	oauth_version => '1.0a',
         callback => $c->uri_for( $c->action, $c->req->captures, @{ $c->req->args } )->as_string
     );
@@ -65,7 +82,7 @@
 
 	if( $oauth_token ) {
 
-		my $response = Net::OAuth->response( 'user auth' )->from_hash( $c->req->params );
+		my $response = Net::OAuth->response( 'user auth' )->from_hash( { oauth_token => $c->req->params->{oauth_token} } );
 
 		my $request = Net::OAuth->request( 'access token' )->new(
 			%defaults,
@@ -74,7 +91,7 @@
 			request_url => $provider->{access_token_endpoint},
 			verifier => $c->req->params->{oauth_verifier},
 		);
-		$request->sign;
+		$request->sign( $self->_get_key( $provider->{rsa_private_key} ) );
 
 		my $ua_response = $self->ua->request( GET $request->to_url );
 		Catalyst::Exception->throw( $ua_response->status_line.' '.$ua_response->content )
@@ -85,7 +102,16 @@
 		my $user = +{
 			token => $response->token,
 			token_secret => $response->token_secret,
-			extra_params => $response->extra_params
+			extra_params => $response->extra_params,
+			oauth_request_params => {
+				consumer_key    => $provider->{consumer_key},
+				consumer_secret => $provider->{consumer_secret},
+				timestamp       => time,
+				nonce           => random_string( 'ccccccccccccccccccc' ),
+				request_method  => $defaults{request_method},
+				signature_method=> $defaults{signature_method},
+				oauth_version   => $defaults{oauth_version}
+			}
 		};
 
 		my $user_obj = $realm->find_user( $user, $c );
@@ -97,19 +123,30 @@
 		return;
 	}
 	else {
+
 		my $request = Net::OAuth->request( 'request token' )->new(
 			%defaults,
-			request_url => $provider->{request_token_endpoint}
+			request_url => $provider->{request_token_endpoint},
+			extra_params => $provider->{extra_params}
 		);
-		$request->sign;
+		$request->sign( $self->_get_key( $provider->{rsa_private_key} ) );
 
 		my $ua_response = $self->ua->request( GET $request->to_url );
 
 		Catalyst::Exception->throw( $ua_response->status_line.' '.$ua_response->content )
 			unless $ua_response->is_success;
 
-		my $response = Net::OAuth->response( 'request token' )->from_post_body( $ua_response->content );
+		# Reduction to a canonical form
+		my $req_params = URI->new( "", "http" );
+		$req_params->query( $ua_response->content );
+		foreach ( $req_params->query_param ) {
+		    unless ( $_ eq 'oauth_token' || $_ eq 'oauth_token_secret' ) {
+			$req_params->query_param_delete( $_ );
+		    }
+		}
 
+		my $response = Net::OAuth->response( 'request token' )->from_post_body( $req_params->query );
+
 		$request = Net::OAuth->request( 'user auth' )->new(
 			%defaults,
 			token => $response->token,
@@ -133,7 +170,7 @@
 
 =head1 VERSION
 
-0.02
+0.04
 
 =head1 SYNOPSIS
 
@@ -162,6 +199,11 @@
                             request_token_endpoint   http://example.com/oauth/request_token
                             access_token_endpoint    http://example.com/oauth/access_token
                             user_auth_endpoint       http://example.com/oauth/authorize
+                            # Optional
+                            rsa_private_key          /etc/ssl/cert/myrsacert.key
+                            <extra_params>
+                                foo                  bar
+                            </extra_params>
                         </example.com>
                     </providers>
                 </credential>
@@ -192,6 +234,8 @@
 
 =item $c->user->extra_params - whatever other params the provider sends back
 
+=item $c->user->oauth_request_params - HASH, includes the preset parameters for Net::OAuth->request
+
 =back
 
 =head1 AUTHOR
@@ -200,15 +244,19 @@
 
 Bogdan Lucaciu E<lt>bogdan at sinapticode.comE<gt>
 
+Pavel Bashinsky E<lt>pavel.bashinsky at gmail.comE<gt>
+
 With contributions from:
 
   Tomas Doran E<lt>bobtfish at bobtfish.netE</gt>
 
 
-=head1 BUGS
+=head1 TODO
 
-Only tested with twitter
+Only tested with Twitter and Google accounts API.
 
+It is necessary to make the description.
+
 =head1 COPYRIGHT
 
 Copyright (c) 2009 Sinapticode. All rights reserved

More information about the Catalyst-commits mailing list