0

I am trying to use the bitbucket API. I have successfully got the flow working where I am able to retrieve the access token and access token secret. After that, I have not been able to get anything to work. I can't find any example on to get this to work with Ruby. The closest I think I've found is this link:

https://gist.github.com/erikeldridge/383159

However in this example, he doesn't add the user's token and token secret, so I've updated it, here's his utility code:

# A utility for signing an url using OAuth in a way that's convenient for debugging
# Note: the standard Ruby OAuth lib is here http://github.com/mojodna/oauth
# License: http://gist.github.com/375593
# Usage: see example.rb below

require 'uri'
require 'cgi'
require 'openssl'
require 'base64'

class OauthUtil

  attr_accessor :consumer_key, :consumer_secret, :token, :token_secret,     :req_method, 
                :sig_method, :oauth_version, :callback_url, :params,     :req_url, :base_str

  def initialize
    @consumer_key = ''
    @consumer_secret = ''
    @token = ''
    @token_secret = ''
    @req_method = 'GET'
    @sig_method = 'HMAC-SHA1'
    @oauth_version = '1.0'
    @callback_url = ''
  end

  # openssl::random_bytes returns non-word chars, which need to be removed. using alt method to get length
  # ref http://snippets.dzone.com/posts/show/491
  def nonce
    Array.new( 5 ) { rand(256) }.pack('C*').unpack('H*').first
  end

  def percent_encode( string )

    # ref http://snippets.dzone.com/posts/show/1260
    return URI.escape( string, Regexp.new("[^#    {URI::PATTERN::UNRESERVED}]") ).gsub('*', '%2A')
  end

  # @ref http://oauth.net/core/1.0/#rfc.section.9.2
  def signature
    key = percent_encode( @consumer_secret ) + '&' + percent_encode( @token_secret )

    # ref: http://blog.nathanielbibler.com/post/63031273/openssl-hmac-vs-ruby-hmac-benchmarks
    digest = OpenSSL::Digest::Digest.new( 'sha1' )
    hmac = OpenSSL::HMAC.digest( digest, key, @base_str )

    # ref http://groups.google.com/group/oauth-ruby/browse_thread/thread/9110ed8c8f3cae81
    Base64.encode64( hmac ).chomp.gsub( /\n/, '' )
  end

  # sort (very important as it affects the signature), concat, and percent encode
  # @ref http://oauth.net/core/1.0/#rfc.section.9.1.1
  # @ref http://oauth.net/core/1.0/#9.2.1
  # @ref http://oauth.net/core/1.0/#rfc.section.A.5.1
  def query_string
    pairs = []
    @params.sort.each { | key, val | 
      pairs.push( "#{ percent_encode( key ) }=#{ percent_encode( val.to_s ) }" )
    }
    pairs.join '&'
  end

  # organize params & create signature
  def sign( parsed_url )

    @params = {
      'oauth_consumer_key' => @consumer_key,
      'oauth_nonce' => nonce,
      'oauth_signature_method' => @sig_method,
      'oauth_timestamp' => Time.now.to_i.to_s,
      'oauth_version' => @oauth_version
    }

    # if url has query, merge key/values into params obj overwriting defaults
    if parsed_url.query
      @params.merge! CGI.parse( parsed_url.query )
    end

    # @ref http://oauth.net/core/1.0/#rfc.section.9.1.2
    @req_url = parsed_url.scheme + '://' + parsed_url.host + parsed_url.path

    # create base str. make it an object attr for ez debugging
    # ref http://oauth.net/core/1.0/#anchor14
    @base_str = [ 
      @req_method, 
      percent_encode( req_url ), 

      # normalization is just x-www-form-urlencoded
      percent_encode( query_string ) 

    ].join( '&' )

    # add signature
    @params[ 'oauth_signature' ] = signature

    return self
  end
end

and here's my modified code: require 'oauth_util.rb' require 'net/http'

o = OauthUtil.new

o.consumer_key = MY_CONSUMER_KEY
o.consumer_secret = MY_SECRET
o.token = ACCESS_TOKEN_RETURNED_FROM_BB
o.token_secret = ACCESS_TOKEN_SECRET_RETURNED_FROM_BB

url = 'https://bitbucket.org/api/1.0/user'

parsed_url = URI.parse( url )

Net::HTTP.start( parsed_url.host ) { | http |
  req = Net::HTTP::Get.new "#{ parsed_url.path }?#{ o.sign(parsed_url).query_string }"
  response = http.request(req)
  print response.read_body
}

Sadly, all I get is 301 Moved Permanently

301 Moved Permanently

nginx/1.5.10

Anyone have any luck using the BB API in Ruby after getting an access token back? Thanks for any help, Kevin

user1130176
  • 1,772
  • 1
  • 23
  • 33

1 Answers1

1

EDIT:

There is a bitbucket API wrapper gem that has authentication built-in.

ORIGINAL:

I'm wondering if the "301 moved permanently" error is caused by the code making an http request instead of https.

without ssl:

result = Net::HTTP.get(URI.parse('http://bitbucket.org/api/1.0/user'))
# this returns 301 Moved Permanently

But when I used ssl instead (without the oauth headers/params) I got 401 Unauthorized.

with ssl:

1.9.3-p194 :063 > uri = URI.parse('https://bitbucket.org/api/1.0/user')
 => #<URI::HTTPS:0x007f846c5822d8 URL:https://bitbucket.org/api/1.0/user> 
1.9.3-p194 :064 > http = Net::HTTP.new(uri.host, uri.port)
 => #<Net::HTTP bitbucket.org:443 open=false> 
1.9.3-p194 :065 > http.use_ssl = true
 => true 
1.9.3-p194 :066 > request = Net::HTTP::Get.new(uri.request_uri)
 => #<Net::HTTP::Get GET> 
1.9.3-p194 :067 > response = http.request(request)
 => #<Net::HTTPUnauthorized 401 UNAUTHORIZED readbody=true>
Mike S
  • 11,329
  • 6
  • 41
  • 76
  • I think this is a good clue b/c i can confirm the response is different, btw, I updated the SSL to reflect your hunch from this post http://stackoverflow.com/questions/6347187/https-request-using-nethttps-block-form-is-it-possible – user1130176 Mar 03 '15 at 20:32