class OAuth::OAuthProxy::OAuthRequest
Attributes
accept[RW]
body[RW]
content_type[RW]
Public Class Methods
collect_rack_parameters(rack_request)
click to toggle source
# File lib/lti2_commons/lib/lti2_commons/oauth_request.rb, line 32 def self.collect_rack_parameters(rack_request) parameters = HashWithIndifferentAccess.new parameters.merge!(rack_request.query_parameters) parameters.merge!(self.parse_authorization_header(rack_request.headers['HTTP_AUTHORIZATION'])) @content_type = rack_request.headers['CONTENT_TYPE'] @accept = rack_request.headers['ACCEPT'] if @content_type == 'application/x-www-form-urlencoded' parameters.merge!(rack_request.request_parameters) end parameters end
create_from_rack_request(rack_request)
click to toggle source
# File lib/lti2_commons/lib/lti2_commons/oauth_request.rb, line 44 def self.create_from_rack_request(rack_request) parameters = self.collect_rack_parameters(rack_request) result = OAuth::OAuthProxy::OAuthRequest.new( 'method' => rack_request.method, 'uri' => rack_request.url, 'parameters' => parameters ) rack_request.body.rewind result.body = rack_request.body.read rack_request.body.rewind result end
Public Instance Methods
compute_oauth_body_hash(content)
click to toggle source
Creates the value of an OAuth
body hash
@param launch_url [String] Content to be body signed @return [String] Signature base string (useful for debugging signature problems)
# File lib/lti2_commons/lib/lti2_commons/oauth_request.rb, line 105 def compute_oauth_body_hash(content) Base64.encode64(Digest::SHA1.digest(content.chomp)).gsub(/\n/, '') end
copy()
click to toggle source
A shallow+1 copy
# File lib/lti2_commons/lib/lti2_commons/oauth_request.rb, line 111 def copy result = OAuth::OAuthProxy::OAuthRequest.new( 'method' => self.method.dup, 'uri' => self.uri.dup, 'parameters' => self.parameters.dup ) result.body = self.body.dup if self.body result end
final_uri()
click to toggle source
# File lib/lti2_commons/lib/lti2_commons/oauth_request.rb, line 72 def final_uri @request['final_uri'] end
is_timestamp_expired?(timestampString)
click to toggle source
# File lib/lti2_commons/lib/lti2_commons/oauth_request.rb, line 121 def is_timestamp_expired?(timestampString) timestamp = Time.at(timestampString.to_i) now = Time.now (now - timestamp).abs > CLOCK_SKEW_ALLOWANCE_IN_SECS end
log(msg)
click to toggle source
# File lib/lti2_commons/lib/lti2_commons/oauth_request.rb, line 76 def log(msg) Rails.logger.info(msg) end
method()
click to toggle source
# File lib/lti2_commons/lib/lti2_commons/oauth_request.rb, line 84 def method @request['method'] end
normalized_uri()
click to toggle source
Calls superclass method
# File lib/lti2_commons/lib/lti2_commons/oauth_request.rb, line 88 def normalized_uri super rescue # if this is a non-standard URI, it may not parse properly # in that case, assume that it's already been normalized uri end
parameters()
click to toggle source
# File lib/lti2_commons/lib/lti2_commons/oauth_request.rb, line 80 def parameters @request['parameters'] end
uri()
click to toggle source
# File lib/lti2_commons/lib/lti2_commons/oauth_request.rb, line 96 def uri @request['uri'] end
verify_signature?(secret, nonce_cache, is_handle_error_not_raise_exception = true, ignore_timestamp_and_nonce = false)
click to toggle source
Validates an OAuth
request using the OAuth
Gem - github.com/oauth/oauth-ruby
@return [Bool] Whether the request was valid
# File lib/lti2_commons/lib/lti2_commons/oauth_request.rb, line 130 def verify_signature?(secret, nonce_cache, is_handle_error_not_raise_exception = true, ignore_timestamp_and_nonce = false) log 'in verify_signature' test_request = self.copy test_signature = test_request.sign(consumer_secret: secret) # log "DEBUG: signed" begin unless self.oauth_signature == test_signature log "Secret: #{secret}" log "Verify_signature--send_signature: #{self.oauth_signature} test_signature: #{test_signature}" log "Verify signature_base_string: #{self.signature_base_string}" fail 'Invalid signature' end unless ignore_timestamp_and_nonce fail 'Timestamp expired' if is_timestamp_expired? self.oauth_timestamp fail 'Duplicate nonce to one already received' if nonce_cache.fetch(self.oauth_nonce) end nonce_cache.store(self.oauth_nonce, '<who-cares>') # check body-signing if oauth_body_signature if self.body && self.parameters.key?('oauth_body_hash') fail 'Invalid signature of message body' unless compute_oauth_body_hash(self.body) == self.parameters['oauth_body_hash'] end [true, test_request.signature_base_string] rescue Exception => e log(e.message) if is_handle_error_not_raise_exception [false, test_request.signature_base_string] else raise e.message end end end
verify_signature_always?(secret, nonce_cache, is_handle_error_not_raise_exception = true, ignore_timestamp_and_nonce = false)
click to toggle source
Runs validation logic but always returns true
@return [Bool] Whether the request was valid
# File lib/lti2_commons/lib/lti2_commons/oauth_request.rb, line 167 def verify_signature_always?(secret, nonce_cache, is_handle_error_not_raise_exception = true, ignore_timestamp_and_nonce = false) test_request = self.copy test_signature = test_request.sign(consumer_secret: secret) log "TC Signature: #{test_signature}" log "TP Signature: #{self.oauth_signature}" log "Signature_Base_String: #{test_request.signature_base_string}" # log "Authorization_Header: #{request.headers['Authorization']}" [self.oauth_signature == test_signature, test_request.signature_base_string] end