alexa_verifier 0.1.0 → 1.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: dc08649cb9ee69a9726eaa93c234b58828b26e02
-  data.tar.gz: 09bba4949ec077e8d9041b2101ab50b78d61b8ba
+SHA256:
+  metadata.gz: 4a87865b33c6e4c0375fa54a4f30bd5dca32077805d96ea423a6473d68fb89b2
+  data.tar.gz: 6c60fd2e94cb2ed120e8b0a8de761b11bb41294902d746b055a58a591318bd76
 SHA512:
-  metadata.gz: bb68dc5d02e75887efa2771e71c94871e57b10571a0a4b27d6b348d7c775f2c89ea9226819c0579abae34747c036f2900d85f9c450a26838abc6bbe37861862e
-  data.tar.gz: ed501217e4dc3a400a2b2ed4b04058be86894a05d4709c82c00322911ff9c6eac8812f5b4f93752c0bd77efb18f8288cc7973e2dcbcc6ac3dba5f56b1b4a466f
+  metadata.gz: 6a311acc8702c6a96a58e35b0b53ae64e253ae204f587ec13d6c4bf8ff5ec8be8980fa4ef2a06944f77e616a19f1993c9668426a1b5f39a2dc563f593397551b
+  data.tar.gz: 4ffe5912d050d2011eae964b2d579f0c200ecc99cb1a65de5e48e334710c3ea66b9b7df9cca463dd0291f09adcf9f739c3644de29353501821e697a92dad63c8

data/.gitignore

@@ -1,9 +1,10 @@
 /.bundle/
 /.yardoc
-/Gemfile.lock
 /_yardoc/
 /coverage/
 /doc/
 /pkg/
 /spec/reports/
 /tmp/
+.rspec_status
+Gemfile.lock

data/.hound.yml

@@ -0,0 +1,2 @@
+ruby:
+  config_file: .rubocop.yml

data/.rspec

@@ -1,2 +1,3 @@
 --format documentation
 --color
+--require spec_helper

data/.rubocop.yml

@@ -0,0 +1,13 @@
+AllCops:
+  Exclude:
+    - spec/**/*.rb
+
+Metrics/LineLength:
+  Enabled: false
+
+Style/FrozenStringLiteralComment:
+  Enabled: false
+
+# We want to maintain compatibility with Ruby 2.0+, safe nav is a 2.3 feature
+Style/SafeNavigation:
+  Enabled: false

data/.ruby-version

@@ -0,0 +1 @@
+2.4.2

data/.travis.yml

@@ -1,4 +1,23 @@
+sudo: false
 language: ruby
 rvm:
-  - 2.0.0
-before_install: gem install bundler -v 1.10.5
+  - 2.0
+  - 2.1
+  - 2.2
+  - 2.3
+  - 2.4
+  - 2.4.2
+  - ruby-head
+
+matrix:
+  allow_failures:
+  - rvm: ruby-head
+
+deploy:
+  provider: rubygems
+  api_key:
+    secure: fFDgkJ+3Uu+OCAg6o9dfw/tb1fePtHavVzkxJyb4V91iTKrzAtzZ/mSgeol7V28OOdVGSQ1sl+rkXIFe4nytDBuw7fdQxYujN+97uzTxyuX8tMUAtUjT3+6FGGCd7T2fNwaOSI50+I3pcQdr//1ZTFOZjK/lM63R2WXGgX2yDDDmgjUNMu15gUGGuVgZCNafVG74tNTGfr5CEUOMCjETq+zjytia5GbhkbE6mXgMCv5J08mv44Ustta9TF0Fj3Sg7C4wmCJtBS8SHOZVptf2NlrJBZr8ac52v+hAxC+6VC2BbhOQH2lRqlgprlWNbPkTIfzhsat4HMAj1Rk11OYnVvxGS5JWnHirlPftJ0ddtKO9z2Mj/Nhbe99GyrcSWbZtFlxLdO93Yc00N0c+TkSrnY8Cq/OabrL+HqxQnrZdMb7ZOG50nwdnRQnF3RVMTl1d1dpgawA1SrGfkEacNB+4iZ0jHj8nKOBQdaUYTYikL77WUvFdShzfZf5cRAVQTj7xyMd5pJWiTxtIeRzQgTmWFeRaVLAsvRRUoPA0npbs6J2huI34uEDWRiXwYXX7/aWkL19G69eOdSh1/19m0GsneUzeuK03VJ8H0GsG6hp+o7BpxnubkWvopldg5HGbCIWaklNoP/tMSAOKNUXVDFFnXcyLB2rlX1Y5Yt5GXSuEONY=
+  gem: alexa_verifier
+  on:
+    tags: true
+    repo: sidoh/alexa_verifier

data/CODE_OF_CONDUCT.md

@@ -0,0 +1,74 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as
+contributors and maintainers pledge to making participation in our project and
+our community a harassment-free experience for everyone, regardless of age, body
+size, disability, ethnicity, gender identity and expression, level of experience,
+nationality, personal appearance, race, religion, or sexual identity and
+orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment
+include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or
+advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic
+  address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable
+behavior and are expected to take appropriate and fair corrective action in
+response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct, or to ban temporarily or
+permanently any contributor for other behaviors that they deem inappropriate,
+threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community. Examples of
+representing a project or community include using an official project e-mail
+address, posting via an official social media account, or acting as an appointed
+representative at an online or offline event. Representation of a project may be
+further defined and clarified by project maintainers.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting the project team at m@rayner.io. All
+complaints will be reviewed and investigated and will result in a response that
+is deemed necessary and appropriate to the circumstances. The project team is
+obligated to maintain confidentiality with regard to the reporter of an incident.
+Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good
+faith may face temporary or permanent repercussions as determined by other
+members of the project's leadership.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
+available at [http://contributor-covenant.org/version/1/4][version]
+
+[homepage]: http://contributor-covenant.org
+[version]: http://contributor-covenant.org/version/1/4/

data/Gemfile

@@ -1,4 +1,6 @@
 source 'https://rubygems.org'
 
+git_source(:github) { |repo_name| "https://github.com/#{repo_name}" }
+
 # Specify your gem's dependencies in alexa_verifier.gemspec
 gemspec

data/{LICENSE.txt → LICENSE}

@@ -1,6 +1,6 @@
-The MIT License (MIT)
+MIT License
 
-Copyright (c) 2015 Christopher
+Copyright (c) 2017 Matt Rayner
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
@@ -9,13 +9,13 @@ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 copies of the Software, and to permit persons to whom the Software is
 furnished to do so, subject to the following conditions:
 
-The above copyright notice and this permission notice shall be included in
-all copies or substantial portions of the Software.
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
 
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-THE SOFTWARE.
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -1,2 +1,209 @@
-# alexa_verifier
-Rubygem to verify requests sent to an Alexa skill are sent from Amazon
+# Alexa Verifier
+
+[AlexaVerifier][alexa_verifier] is a gem created to verify that requests received within a [Rack][rack]-based application originate from Amazon's Alexa API.
+
+This gem is framework agnostic and should work with any Rack based application including both [Rails][rails] and [Sinatra][sinatra].
+
+[![Gem Version][shield-gem]][info-gem] [![Build Status][shield-travis]][info-travis] [![Code Coverage][shield-coveralls]][info-coveralls] [![License][shield-license]][info-license]
+
+## Contents
+<!-- START doctoc generated TOC please keep comment here to allow auto update -->
+<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
+
+
+- [Requirements](#requirements)
+- [Installation](#installation)
+- [Usage](#usage)
+  - [Methods](#methods)
+  - [Disabling checks](#disabling-checks)
+    - [Examples](#examples)
+      - [Globally](#globally)
+      - [Instance level](#instance-level)
+        - [With a block](#with-a-block)
+        - [Calling `#configure`](#calling-configure)
+  - [Handling errors](#handling-errors)
+- [Getting Started with Development](#getting-started-with-development)
+  - [Running the tests](#running-the-tests)
+- [Contributing](#contributing)
+- [License](#license)
+- [Code of Conduct](#code-of-conduct)
+
+<!-- END doctoc generated TOC please keep comment here to allow auto update -->
+
+
+## Requirements
+[AlexaVerifier][alexa_verifier] requires the following:
+* [Ruby][ruby] - version 2.0 or greater
+
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'alexa_verifier'
+```
+
+
+## Usage
+This gem's main function is taking an [Rack][rack] request and verifying that it was sent by Amazon.
+
+### Sinatra
+```ruby
+# within server.rb (or equivalent)
+
+post '/' do
+  AlexaVerifier.valid!(request)
+end
+```
+
+
+### Rails
+```ruby
+# config/routes.rb
+
+post '/', to: 'alexa#index'
+```
+
+```ruby
+# app/controllers/alexa_controller.rb
+
+class AlexaController < ApplicationController
+  skip_before_action :verify_authenticity_token, only: :index
+
+  def index
+    AlexaVerifier.valid!(request)
+  end
+end
+```
+
+### Methods
+[AlexaVerifier][alexa_verifier] has two main entry points, detailsed below:
+
+Method | Parameter type | Returns
+---|---|---
+`AlexaVerifier.valid!(request)` | Rack-based request object | `true` on successful verification. Raises an error if unsuccessful.
+`AlexaVerifier.valid?(request)` | Rack-based request object | `true` on successful verificatipn. `false` if unsuccessful.
+
+You are also able to configure [AlexaVerifier][alexa_verifier] to disable some checks. This is detailed in the section below.
+
+
+### Disabling checks
+If you'd like to disable one (or more) of the checks performed by [AlexaVerifier][alexa_verifier], you can do so by passing a #configure block. Each of the configuration attributes are Boolean values and are detailed below.
+
+It is possible to disable checks either globally, or for a specific instance. This is useful if you want to run multiple instances of the verifier within your application.
+
+Option | Default | Description
+---|---|---
+`enabled` | `true` | Enables or disables AlexaVerifier checks. This setting overrides all others i.e. setting `config.enabled = false` disables all checks even if you set others to true.
+`verify_uri` | `true` | Enables or disables checks on the certificate URI. Set to `false` to allow serving of certificates from non-amazon approved domains.
+`verify_timeliness` | `true` | Enables or disables timeliness checks. Set to `false` to allow requests generated in the past to be executed. Good for serving test requests.
+`verify_certificate` | `true` | Enables or disabled checks on whether the certificate is in date, or contains the SAN address we expect.
+`verify_signature` | `true` | Enables or disables checks to see if a request was actually signed by a certificate.
+
+#### Examples
+The below is an example of a 'complete' configure block, setting attributes both globally and for an individual instance.
+
+##### Globally
+```ruby
+AlexaVerifier.configure do |config|
+  config.enabled            = false # Disables all checks, even though we enable them individually below
+  config.verify_uri         = true
+  config.verify_timeliness  = true
+  config.verify_certificate = true
+  config.verify_signature   = true
+end
+AlexaVerifier.valid!(request)
+```
+
+##### Instance level
+###### With a block
+```ruby
+verifier = AlexaVerifier::Verifier.new do |config|
+  config.enabled            = false
+  config.verify_uri         = true
+  config.verify_timeliness  = true
+  config.verify_certificate = true
+  config.verify_signature   = true
+end
+verifier.valid!(request)
+```
+
+###### Calling `#configure`
+```ruby
+verifier = AlexaVerifier::Verifier.new
+verifier.configure do |config|
+  config.enabled            = false
+  config.verify_uri         = true
+  config.verify_timeliness  = true
+  config.verify_certificate = true
+  config.verify_signature   = true
+end
+verifier.valid!(request)
+```
+
+
+### Handling errors
+AlexaVerifier#valid! will raise one of the following *expected* errors if verification cannot be performed.
+
+> Please note that all errors come with (hopefully) helpful accompanying messages.
+
+Error | Description
+---|---
+`AlexaVerifier::InvalidCertificateURIError` | Raised when the certificate URI does not pass validation.
+`AlexaVerifier::InvalidCertificateError` | Raised when the certificate itself does not pass validation e.g. out of date, does not contain the requires SAN extension, etc.
+`AlexaVerifier::InvalidRequestError` | Raised when the request cannot be verified (not timely, not signed with the certificate, etc.)
+
+
+## Getting Started with Development
+To clone the repository and set up the dependencies, run the following:
+```bash
+git clone https://github.com/mattrayner/alexa_verifier.git
+cd alexa_verifier
+bundle install
+```
+
+### Running the tests
+We use [RSpec][rspec] as our testing framework and tests can be run using:
+```bash
+bundle exec rake
+```
+
+
+## Contributing
+If you wish to submit a bug fix or feature, you can create a pull request and it will be merged pending a code review.
+
+1. Fork the repository
+1. Create your feature branch (`git checkout -b my-new-feature`)
+1. Commit your changes (`git commit -am 'Add some feature'`)
+1. Push to the branch (`git push origin my-new-feature`)
+1. Ensure your changes are tested using [Rspec][rspec]
+1. Create a new Pull Request
+
+
+## License
+[AlexaVerifier][alexa_verifier] is licensed under the [MIT][info-license].
+
+
+## Code of Conduct
+Everyone interacting in the AlexaVerifier project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct][code_of_conduct].
+
+[alexa_verifier]:  https://github.com/sidoh/alexa_verifier
+[ruby]:            http://ruby-lang.org
+[rack]:            https://rack.github.io
+[rails]:           http://rubyonrails.org
+[sinatra]:         http://sinatrarb.com
+[rspec]:           http://rspec.info
+[code_of_conduct]: https://github.com/mattrayner/alexa_verifier/blob/master/CODE_OF_CONDUCT.md
+
+[info-gem]:   https://rubygems.org/gems/alexa_verifier
+[shield-gem]: https://img.shields.io/gem/v/alexa_verifier.svg
+
+[info-travis]:   https://travis-ci.org/sidoh/alexa_verifier
+[shield-travis]: https://img.shields.io/travis/sidoh/alexa_verifier.svg
+
+[info-coveralls]:   https://coveralls.io/github/sidoh/alexa_verifier
+[shield-coveralls]: https://img.shields.io/coveralls/github/sidoh/alexa_verifier.svg
+
+[info-license]:   https://github.com/sidoh/alexa_verifier/blob/master/LICENSE
+[shield-license]: https://img.shields.io/badge/license-MIT-blue.svg

data/Rakefile

@@ -1,6 +1,6 @@
-require "bundler/gem_tasks"
-require "rspec/core/rake_task"
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
 
 RSpec::Core::RakeTask.new(:spec)
 
-task :default => :spec
+task default: :spec

data/alexa_verifier.gemspec

@@ -1,27 +1,31 @@
-# coding: utf-8
 lib = File.expand_path('../lib', __FILE__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
-
-require 'alexa_verifier'
+require 'alexa_verifier/version'
 
 Gem::Specification.new do |spec|
-  spec.name          = "alexa_verifier"
+  spec.name          = 'alexa_verifier'
   spec.version       = AlexaVerifier::VERSION
-  spec.authors       = ["Christopher Mullins"]
-  spec.email         = ["chris@sidoh.org"]
+  spec.authors       = ['Christopher Mullins', 'Matt Rayner']
+  spec.email         = %w[chris@sidoh.org m@rayner.io]
 
-  spec.summary       = %q{Verifies requests sent to an Alexa skill are sent from Amazon}
-  spec.homepage      = "http://www.github.com/sidoh/alexa_verifier"
-  spec.license       = "MIT"
+  spec.summary       = 'Verify HTTP requests sent to an Alexa skill are sent from Amazon.'
+  spec.description   = 'This gem is designed to work with Rack applications that serve as back-ends for Amazon Alexa skills.'
+  spec.homepage      = 'https://github.com/sidoh/alexa_verifier'
+  spec.license       = 'MIT'
 
-  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
-  spec.bindir        = "exe"
+  spec.files         = `git ls-files -z`.split("\x0").reject do |f|
+    f.match(%r{^(test|spec|features)/})
+  end
+  spec.bindir        = 'exe'
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
-  spec.require_paths = ["lib"]
+  spec.require_paths = ['lib']
 
-  spec.add_development_dependency "bundler", "~> 1.10"
-  spec.add_development_dependency "rake", "~> 10.0"
-  spec.add_development_dependency "rspec"
-  spec.add_development_dependency "curb", "~> 0.7.16"
-  spec.add_development_dependency "webmock"
+  spec.add_development_dependency 'bundler', '~> 1.16'
+  spec.add_development_dependency 'coveralls', '~> 0.8.21'
+  spec.add_development_dependency 'rake', '~> 10.0'
+  spec.add_development_dependency 'rspec', '~> 3.0'
+  spec.add_development_dependency 'simplecov', '~> 0.14'
+  spec.add_development_dependency 'timecop', '~> 0.9'
+  spec.add_development_dependency 'vcr', '~> 3.0'
+  spec.add_development_dependency 'webmock', '~> 3.0'
 end