class XeroGateway::OAuth

Shamelessly based on the Twitter Gem's OAuth implementation by John Nunemaker Thanks!

twitter.rubyforge.org/ github.com/jnunemaker/twitter/

Constants

XERO_CONSUMER_OPTIONS

Attributes

authorization_expires_at[R]
consumer_options[R]
csecret[R]
ctoken[R]
expires_at[R]
session_handle[RW]

Public Class Methods

new(ctoken, csecret, options = {}) click to toggle source
# File lib/xero_gateway/oauth.rb, line 28
def initialize(ctoken, csecret, options = {})
  @ctoken, @csecret = ctoken, csecret
  
  # Allow user-agent base val for certification procedure (enforce for PartnerApp)
  @base_headers = {}
  @base_headers["User-Agent"] = options.delete(:user_agent) if options.has_key?(:user_agent)

  @consumer_options = XERO_CONSUMER_OPTIONS.merge(options)
end

Public Instance Methods

access_token() click to toggle source
# File lib/xero_gateway/oauth.rb, line 58
def access_token
  @access_token ||= ::OAuth::AccessToken.new(consumer, @atoken, @asecret)
end
authorize_from_access(atoken, asecret) click to toggle source
# File lib/xero_gateway/oauth.rb, line 62
def authorize_from_access(atoken, asecret)
  @atoken, @asecret = atoken, asecret
end
authorize_from_request(rtoken, rsecret, params = {}) click to toggle source
# File lib/xero_gateway/oauth.rb, line 48
def authorize_from_request(rtoken, rsecret, params = {})
  request_token     = ::OAuth::RequestToken.new(consumer, rtoken, rsecret)
  # Underlying oauth consumer accepts body params and headers for request via positional params - explicit nilling of
  #  body parameters allows for correct position for headers
  access_token      = request_token.get_access_token(params, nil, @base_headers)
  @atoken, @asecret = access_token.token, access_token.secret

  update_attributes_from_token(access_token)
end
consumer() click to toggle source
# File lib/xero_gateway/oauth.rb, line 38
def consumer
  @consumer ||= ::OAuth::Consumer.new(@ctoken, @csecret, consumer_options)
end
delete(path, headers = {}) click to toggle source
# File lib/xero_gateway/oauth.rb, line 101
def delete(path, headers = {})
  access_token.delete(path, headers.merge(@base_headers))
end
get(path, headers = {}) click to toggle source
# File lib/xero_gateway/oauth.rb, line 89
def get(path, headers = {})
  access_token.get(path, headers.merge(@base_headers))
end
post(path, body = '', headers = {}) click to toggle source
# File lib/xero_gateway/oauth.rb, line 93
def post(path, body = '', headers = {})
  access_token.post(path, body, headers.merge(@base_headers))
end
put(path, body = '', headers = {}) click to toggle source
# File lib/xero_gateway/oauth.rb, line 97
def put(path, body = '', headers = {})
  access_token.put(path, body, headers.merge(@base_headers))
end
renew_access_token(access_token = nil, access_secret = nil, session_handle = nil) click to toggle source

Renewing access tokens only works for Partner applications

# File lib/xero_gateway/oauth.rb, line 67
def renew_access_token(access_token = nil, access_secret = nil, session_handle = nil)
  access_token   ||= @atoken
  access_secret  ||= @asecret
  session_handle ||= @session_handle

  old_token = ::OAuth::RequestToken.new(consumer, access_token, access_secret)

  # Underlying oauth consumer accepts body params and headers for request via positional params - explicit nilling of
  #  body parameters allows for correct position for headers
  access_token = old_token.get_access_token({
    :oauth_session_handle => session_handle,
    :token                => old_token
  }, nil, @base_headers)

  update_attributes_from_token(access_token)
rescue ::OAuth::Unauthorized => e
  # If the original access token is for some reason invalid an OAuth::Unauthorized could be raised.
  # In this case raise a XeroGateway::OAuth::TokenInvalid which can be captured by the caller.  In this
  # situation the end user will need to re-authorize the application via the request token authorization URL
  raise XeroGateway::OAuth::TokenInvalid.new(e.message)
end
request_token(params = {}) click to toggle source
# File lib/xero_gateway/oauth.rb, line 42
def request_token(params = {})
  # Underlying oauth consumer accepts body params and headers for request via positional params - explicit nilling of
  #  body parameters allows for correct position for headers
  @request_token ||= consumer.get_request_token(params, nil, @base_headers)
end

Private Instance Methods

update_attributes_from_token(access_token) click to toggle source

Update instance variables with those from the AccessToken.

# File lib/xero_gateway/oauth.rb, line 108
def update_attributes_from_token(access_token)
  @expires_at               = Time.now + access_token.params[:oauth_expires_in].to_i
  @authorization_expires_at = Time.now + access_token.params[:oauth_authorization_expires_in].to_i
  @session_handle           = access_token.params[:oauth_session_handle]
  @atoken, @asecret         = access_token.token, access_token.secret
  @access_token             = nil
end