module OAuthenticator

OAuthenticator

Constants

URI_PARSER

@private

VERSION

OAuthenticator::VERSION

Public Class Methods

escape(value) click to toggle source

escape a value @param value [String] value @return [String] escaped value

# File lib/oauthenticator/parse_authorization.rb, line 66
def escape(value)
  URI_PARSER.escape(value.to_s, /[^a-z0-9\-\.\_\~]/i)
end
parse_authorization(header) click to toggle source

@param header [String] an Authorization header @return [Hash<String, String>] parsed authorization parameters @raise [OAuthenticator::ParseError] if the header is not well-formed and cannot be parsed @raise [OAuthenticator::DuplicatedParameters] if the header contains multiple instances of the same param

# File lib/oauthenticator/parse_authorization.rb, line 32
def parse_authorization(header)
  header = header.to_s
  scanner = StringScanner.new(header)
  auth_parse_error = proc { |message| raise ParseError.new(message, {'Authorization' => [message]}) }
  scanner.scan(/OAuth\s*/i) || auth_parse_error.call("Authorization scheme is not OAuth - received: #{header}")
  attributes = {}
  while scanner.scan(/(\w+)="([^"]*)"\s*(,?)\s*/)
    key = scanner[1]
    value = scanner[2]
    comma_follows = !scanner[3].empty?
    if !comma_follows && !scanner.eos?
      auth_parse_error.call("Could not parse Authorization header: #{header}\naround or after character #{scanner.pos}: #{scanner.rest}")
    end
    (attributes[unescape(key)] ||= []) << unescape(value)
  end
  unless scanner.eos?
    auth_parse_error.call("Could not parse Authorization header: #{header}\naround or after character #{scanner.pos}: #{scanner.rest}")
  end
  duplicates = attributes.reject { |k,v| v.size <= 1 }
  if duplicates.any?
    errors = duplicates.map do |k,vs|
      {k => ["Received multiple instances of Authorization parameter #{k}. Received values were: #{vs.inspect}"]}
    end.inject({}, &:update)
    raise DuplicatedParameters.new("Received duplicate parameters: #{duplicates.keys.inspect}", errors)
  end
  return attributes.map { |k,v| {k => v.first} }.inject({}, &:update)
end
unescape(value) click to toggle source

unescape a value @param value [String] escaped value @return [String] unescaped value

# File lib/oauthenticator/parse_authorization.rb, line 73
def unescape(value)
  URI_PARSER.unescape(value.to_s)
end