apache_secure_download 0.1.3 → 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
- data/ChangeLog +8 -0
- data/README +1 -1
- data/lib/apache/secure_download.rb +3 -4
- data/lib/apache/secure_download/util.rb +45 -33
- data/lib/apache/secure_download/version.rb +2 -2
- data/spec/apache/secure_download/util_spec.rb +71 -71
- data/spec/apache/secure_download_spec.rb +4 -3
- metadata +6 -6
data/ChangeLog
CHANGED
|
@@ -1,5 +1,13 @@
|
|
|
1
1
|
= Revision history for apache_secure_download
|
|
2
2
|
|
|
3
|
+
== 0.2.0 [2011-11-08]
|
|
4
|
+
|
|
5
|
+
* Changed to use one query parameter only (Not backwards compatible!)
|
|
6
|
+
|
|
7
|
+
== 0.1.3 [2011-11-07]
|
|
8
|
+
|
|
9
|
+
* Easier split when URL is just a path
|
|
10
|
+
|
|
3
11
|
== 0.1.2 [2011-09-29]
|
|
4
12
|
|
|
5
13
|
* Fixed check_access when there are no query args
|
data/README
CHANGED
|
@@ -53,7 +53,7 @@ module Apache
|
|
|
53
53
|
# If either condition doesn't hold true, access to the requested resource
|
|
54
54
|
# is denied!
|
|
55
55
|
def check_access(request)
|
|
56
|
-
timestamp, token =
|
|
56
|
+
timestamp, token = Util.split(request.param(Util::TOKEN_KEY))
|
|
57
57
|
|
|
58
58
|
# Remove timestamp and token from query args
|
|
59
59
|
request.args &&= Util.real_query(request.args)
|
|
@@ -61,9 +61,8 @@ module Apache
|
|
|
61
61
|
return FORBIDDEN if @deny && request.uri =~ @deny
|
|
62
62
|
return OK if @allow && request.uri =~ @allow
|
|
63
63
|
|
|
64
|
-
return FORBIDDEN if timestamp
|
|
65
|
-
|
|
66
|
-
|
|
64
|
+
return FORBIDDEN if timestamp < Time.now.to_i ||
|
|
65
|
+
token != Util.token(@secret, request.unparsed_uri, timestamp)
|
|
67
66
|
return OK
|
|
68
67
|
end
|
|
69
68
|
|
|
@@ -38,6 +38,12 @@ module Apache
|
|
|
38
38
|
|
|
39
39
|
extend self
|
|
40
40
|
|
|
41
|
+
TOKEN_KEY = '_asd'
|
|
42
|
+
|
|
43
|
+
TOKEN_LENGTH = Digest::SHA1.hexdigest('').length
|
|
44
|
+
|
|
45
|
+
TIMESTAMP_LENGTH = 10 # sufficient 'til 36812 ;)
|
|
46
|
+
|
|
41
47
|
# Creates a valid URL to the secured resource, identified by +url+. The
|
|
42
48
|
# argument +secret+ is the shared secret string that has been passed to
|
|
43
49
|
# the relevant RubyAccessHandler instance (cf. SecureDownload.new).
|
|
@@ -55,53 +61,61 @@ module Apache
|
|
|
55
61
|
# Examples (<tt>s = "secret"</tt>):
|
|
56
62
|
#
|
|
57
63
|
# # Only the path component (and an optional query component) will be taken into account
|
|
58
|
-
# secure_url(s, "/secure/url") #=> "/secure/url?
|
|
59
|
-
# secure_url(s, "http://example.com/secure/url") #=> "http://example.com/secure/url?
|
|
60
|
-
# secure_url(s, "/secure/url?query=value") #=> "/secure/url?query=value&
|
|
64
|
+
# secure_url(s, "/secure/url") #=> "/secure/url?_asd=0047c3f5665671a9b3966e8bbed91fc0bb5594d576c504cdf0"
|
|
65
|
+
# secure_url(s, "http://example.com/secure/url") #=> "http://example.com/secure/url?_asd=0047c3f5665671a9b3966e8bbed91fc0bb5594d576c504cdf0"
|
|
66
|
+
# secure_url(s, "/secure/url?query=value") #=> "/secure/url?query=value&_asd=0047c3f566b482f943c35f4a1b5da6c646df6a65c0edc364cf"
|
|
61
67
|
#
|
|
62
68
|
# # Expires in 10 minutes
|
|
63
|
-
# secure_url(s, "/secure/url", Time.now + 600) #=> "/secure/url?
|
|
64
|
-
# secure_url(s, "/secure/url", :offset => 600) #=> "/secure/url?
|
|
69
|
+
# secure_url(s, "/secure/url", Time.now + 600) #=> "/secure/url?_asd=0047c3f7827e51f91cf4406f308a8df24f4e2cbf188de3c1bf"
|
|
70
|
+
# secure_url(s, "/secure/url", :offset => 600) #=> "/secure/url?_asd=0047c3fa9058eb12f9fc3fcd984fe4e918d3fd0590392c172d"
|
|
65
71
|
#
|
|
66
72
|
# # Setting an offset will also allow caching; turn it off explicitly
|
|
67
|
-
# secure_url(s, "/secure/url", :offset => 600, :cache => false) #=> "/secure/url?
|
|
73
|
+
# secure_url(s, "/secure/url", :offset => 600, :cache => false) #=> "/secure/url?_asd=0047c3f7827e51f91cf4406f308a8df24f4e2cbf188de3c1bf"
|
|
68
74
|
#
|
|
69
75
|
# # Produce identical URLs for a window of 1 minute (on average)
|
|
70
76
|
# t = Time.now
|
|
71
|
-
# secure_url(s, "/secure/url", :expires => t, :cache => 60) #=> "/secure/url?
|
|
72
|
-
# secure_url(s, "/secure/url", :expires => t + 30, :cache => 60) #=> "/secure/url?
|
|
73
|
-
# secure_url(s, "/secure/url", :expires => t + 60, :cache => 60) #=> "/secure/url?
|
|
74
|
-
# secure_url(s, "/secure/url", :expires => t + 90, :cache => 60) #=> "/secure/url?
|
|
77
|
+
# secure_url(s, "/secure/url", :expires => t, :cache => 60) #=> "/secure/url?_asd=0047c3f568ccf279daf1787d34ad063cbf5851ee88aae967fb"
|
|
78
|
+
# secure_url(s, "/secure/url", :expires => t + 30, :cache => 60) #=> "/secure/url?_asd=0047c3f568ccf279daf1787d34ad063cbf5851ee88aae967fb"
|
|
79
|
+
# secure_url(s, "/secure/url", :expires => t + 60, :cache => 60) #=> "/secure/url?_asd=0047c3f5a4c7dcea5679ad539a7bad1dc4b7f44eb3dd36d6e8"
|
|
80
|
+
# secure_url(s, "/secure/url", :expires => t + 90, :cache => 60) #=> "/secure/url?_asd=0047c3f5a4c7dcea5679ad539a7bad1dc4b7f44eb3dd36d6e8"
|
|
75
81
|
#
|
|
76
82
|
# # Same as before, but use offset
|
|
77
|
-
# secure_url(s, "/secure/url", :offset => 60) #=> "/secure/url?
|
|
83
|
+
# secure_url(s, "/secure/url", :offset => 60) #=> "/secure/url?_asd=0047c3f5a4c7dcea5679ad539a7bad1dc4b7f44eb3dd36d6e8"
|
|
78
84
|
# # 30 seconds later...
|
|
79
|
-
# secure_url(s, "/secure/url", :offset => 60) #=> "/secure/url?
|
|
85
|
+
# secure_url(s, "/secure/url", :offset => 60) #=> "/secure/url?_asd=0047c3f5a4c7dcea5679ad539a7bad1dc4b7f44eb3dd36d6e8"
|
|
80
86
|
# # 30 seconds later...
|
|
81
|
-
# secure_url(s, "/secure/url", :offset => 60) #=> "/secure/url?
|
|
87
|
+
# secure_url(s, "/secure/url", :offset => 60) #=> "/secure/url?_asd=0047c3f5e0aa11618f1cc0883a29e9239b777ca53dfc4d9604"
|
|
82
88
|
# # 30 seconds later...
|
|
83
|
-
# secure_url(s, "/secure/url", :offset => 60) #=> "/secure/url?
|
|
84
|
-
def secure_url(
|
|
85
|
-
if
|
|
86
|
-
|
|
87
|
-
|
|
89
|
+
# secure_url(s, "/secure/url", :offset => 60) #=> "/secure/url?_asd=0047c3f5e0aa11618f1cc0883a29e9239b777ca53dfc4d9604"
|
|
90
|
+
def secure_url(s, u, e = Time.now + 60)
|
|
91
|
+
if e.is_a?(Hash)
|
|
92
|
+
e[:offset] ||= 60
|
|
93
|
+
c = e[:cache] || e[:offset]
|
|
88
94
|
|
|
89
|
-
|
|
95
|
+
t = (e[:expires] || Time.now + e[:offset]).to_i
|
|
90
96
|
|
|
91
|
-
unless
|
|
92
|
-
# make the URL cacheable for +
|
|
93
|
-
|
|
97
|
+
unless e[:cache] == false || c.zero?
|
|
98
|
+
# make the URL cacheable for +c+ seconds *on average*
|
|
99
|
+
t = ((t / c.to_f).round + 1) * c.to_i
|
|
94
100
|
end
|
|
95
101
|
else
|
|
96
|
-
|
|
102
|
+
t = e.to_i
|
|
97
103
|
end
|
|
98
104
|
|
|
99
|
-
|
|
100
|
-
|
|
105
|
+
r, q = u[0, 1] == '/' ? u.split('?', 2) : URI.split(u).values_at(5, 7)
|
|
106
|
+
r << '?' << q if q
|
|
101
107
|
|
|
102
|
-
|
|
108
|
+
u.sub(/#|\z/, "#{q ? '&' : '?'}#{TOKEN_KEY}=#{join(t, token(s, r, t))}\\&")
|
|
109
|
+
end
|
|
110
|
+
|
|
111
|
+
# Joins +timestamp+ and +token+ parameters into a single value.
|
|
112
|
+
def join(timestamp, token)
|
|
113
|
+
"#{"%0#{TIMESTAMP_LENGTH}x" % timestamp}#{token}"
|
|
114
|
+
end
|
|
103
115
|
|
|
104
|
-
|
|
116
|
+
# Splits +value+ into timestamp and token parameters.
|
|
117
|
+
def split(value)
|
|
118
|
+
[value[0, TIMESTAMP_LENGTH].to_i(16), value[TIMESTAMP_LENGTH, TOKEN_LENGTH]]
|
|
105
119
|
end
|
|
106
120
|
|
|
107
121
|
# Computes the token from +secret+, +path+, and +timestamp+.
|
|
@@ -109,19 +123,19 @@ module Apache
|
|
|
109
123
|
Digest::SHA1.hexdigest("#{secret}#{real_path(path)}#{timestamp}")
|
|
110
124
|
end
|
|
111
125
|
|
|
112
|
-
# Returns +path+ with timestamp and token
|
|
126
|
+
# Returns +path+ with timestamp and token parameter removed.
|
|
113
127
|
def real_path(path)
|
|
114
128
|
clean(path, :path)
|
|
115
129
|
end
|
|
116
130
|
|
|
117
|
-
# Returns +query+ with timestamp and token
|
|
131
|
+
# Returns +query+ with timestamp and token parameter removed.
|
|
118
132
|
def real_query(query)
|
|
119
133
|
clean(query, :query)
|
|
120
134
|
end
|
|
121
135
|
|
|
122
136
|
private
|
|
123
137
|
|
|
124
|
-
# Returns +string+ with timestamp and token
|
|
138
|
+
# Returns +string+ with timestamp and token parameter removed.
|
|
125
139
|
# The +type+ indicates whether it's a _path_ or a _query_.
|
|
126
140
|
def clean(string, type)
|
|
127
141
|
char = case type
|
|
@@ -130,9 +144,7 @@ module Apache
|
|
|
130
144
|
else raise ArgumentError, "type #{type.inspect} not supported"
|
|
131
145
|
end
|
|
132
146
|
|
|
133
|
-
|
|
134
|
-
memo.sub(/(#{char}|&)#{key}=[^&]*(&?)/) { $1 unless $2.empty? }
|
|
135
|
-
}
|
|
147
|
+
string.sub(/(#{char}|&)_asd=[^&]*(&?)/) { $1 unless $2.empty? }
|
|
136
148
|
end
|
|
137
149
|
|
|
138
150
|
end
|
|
@@ -15,10 +15,10 @@ describe Apache::SecureDownload::Util do
|
|
|
15
15
|
describe "generating secure URLs" do
|
|
16
16
|
|
|
17
17
|
before :each do
|
|
18
|
-
@timestamp = @now.to_i + 60
|
|
18
|
+
@timestamp = '%010x' % (@now.to_i + 60)
|
|
19
19
|
@token = '5671a9b3966e8bbed91fc0bb5594d576c504cdf0'
|
|
20
20
|
|
|
21
|
-
@result = "?
|
|
21
|
+
@result = "?_asd=#{@timestamp}#{@token}"
|
|
22
22
|
end
|
|
23
23
|
|
|
24
24
|
it "should generate secure URL" do
|
|
@@ -67,8 +67,8 @@ describe Apache::SecureDownload::Util do
|
|
|
67
67
|
describe "with custom expiration" do
|
|
68
68
|
|
|
69
69
|
before :each do
|
|
70
|
-
@result1 = "#{@url}?
|
|
71
|
-
@result2 = "#{@url}?
|
|
70
|
+
@result1 = "#{@url}?_asd=#{'%010x' % 1204025218}7e51f91cf4406f308a8df24f4e2cbf188de3c1bf"
|
|
71
|
+
@result2 = "#{@url}?_asd=#{'%010x' % 1204026000}58eb12f9fc3fcd984fe4e918d3fd0590392c172d"
|
|
72
72
|
end
|
|
73
73
|
|
|
74
74
|
it "should accept time" do
|
|
@@ -90,9 +90,9 @@ describe Apache::SecureDownload::Util do
|
|
|
90
90
|
describe "caching" do
|
|
91
91
|
|
|
92
92
|
before :each do
|
|
93
|
-
@result1 = "#{@url}?
|
|
94
|
-
@result2 = "#{@url}?
|
|
95
|
-
@result3 = "#{@url}?
|
|
93
|
+
@result1 = "#{@url}?_asd=#{'%010x' % 1204024680}ccf279daf1787d34ad063cbf5851ee88aae967fb"
|
|
94
|
+
@result2 = "#{@url}?_asd=#{'%010x' % 1204024740}c7dcea5679ad539a7bad1dc4b7f44eb3dd36d6e8"
|
|
95
|
+
@result3 = "#{@url}?_asd=#{'%010x' % 1204024800}aa11618f1cc0883a29e9239b777ca53dfc4d9604"
|
|
96
96
|
end
|
|
97
97
|
|
|
98
98
|
describe "explicitly (with expires)" do
|
|
@@ -151,20 +151,20 @@ describe Apache::SecureDownload::Util do
|
|
|
151
151
|
@module.token(@secret, @path, @timestamp + 42).should_not == @result
|
|
152
152
|
end
|
|
153
153
|
|
|
154
|
-
it "should ignore timestamp parameter in path" do
|
|
155
|
-
@module.token(@secret, @path + '?timestamp=foo', @timestamp).
|
|
154
|
+
it "should not ignore timestamp parameter in path" do
|
|
155
|
+
@module.token(@secret, @path + '?timestamp=foo', @timestamp).should_not == @result
|
|
156
156
|
end
|
|
157
157
|
|
|
158
|
-
it "should ignore token parameter in path" do
|
|
159
|
-
@module.token(@secret, @path + '?token=bar', @timestamp).
|
|
158
|
+
it "should not ignore token parameter in path" do
|
|
159
|
+
@module.token(@secret, @path + '?token=bar', @timestamp).should_not == @result
|
|
160
160
|
end
|
|
161
161
|
|
|
162
|
-
it "should ignore timestamp and token parameters in path" do
|
|
163
|
-
@module.token(@secret, @path + '?timestamp=foo&token=bar', @timestamp).
|
|
162
|
+
it "should not ignore timestamp and token parameters in path" do
|
|
163
|
+
@module.token(@secret, @path + '?timestamp=foo&token=bar', @timestamp).should_not == @result
|
|
164
164
|
end
|
|
165
165
|
|
|
166
|
-
it "should ignore
|
|
167
|
-
@module.token(@secret, @path + '?
|
|
166
|
+
it "should ignore _asd parameter in path" do
|
|
167
|
+
@module.token(@secret, @path + '?_asd=baz', @timestamp).should == @result
|
|
168
168
|
end
|
|
169
169
|
|
|
170
170
|
describe "when other parameters are present in path" do
|
|
@@ -180,20 +180,20 @@ describe Apache::SecureDownload::Util do
|
|
|
180
180
|
@module.token(@secret, @path2 + '×tamp=foo&token=bar', @timestamp).should_not == @result
|
|
181
181
|
end
|
|
182
182
|
|
|
183
|
-
it "should ignore timestamp parameter in path" do
|
|
184
|
-
@module.token(@secret, @path2 + '×tamp=foo', @timestamp).
|
|
183
|
+
it "should not ignore timestamp parameter in path" do
|
|
184
|
+
@module.token(@secret, @path2 + '×tamp=foo', @timestamp).should_not == @result2
|
|
185
185
|
end
|
|
186
186
|
|
|
187
|
-
it "should ignore token parameter in path" do
|
|
188
|
-
@module.token(@secret, @path2 + '&token=bar', @timestamp).
|
|
187
|
+
it "should not ignore token parameter in path" do
|
|
188
|
+
@module.token(@secret, @path2 + '&token=bar', @timestamp).should_not == @result2
|
|
189
189
|
end
|
|
190
190
|
|
|
191
|
-
it "should ignore timestamp and token parameters in path" do
|
|
192
|
-
@module.token(@secret, @path2 + '×tamp=foo&token=bar', @timestamp).
|
|
191
|
+
it "should not ignore timestamp and token parameters in path" do
|
|
192
|
+
@module.token(@secret, @path2 + '×tamp=foo&token=bar', @timestamp).should_not == @result2
|
|
193
193
|
end
|
|
194
194
|
|
|
195
|
-
it "should ignore
|
|
196
|
-
@module.token(@secret, @path2 + '&
|
|
195
|
+
it "should ignore _asd parameter in path" do
|
|
196
|
+
@module.token(@secret, @path2 + '&_asd=baz', @timestamp).should == @result2
|
|
197
197
|
end
|
|
198
198
|
|
|
199
199
|
end
|
|
@@ -209,20 +209,20 @@ describe Apache::SecureDownload::Util do
|
|
|
209
209
|
@module.token(@secret, @path + '?timestamp=foo&token=bar' + @query, @timestamp).should_not == @result
|
|
210
210
|
end
|
|
211
211
|
|
|
212
|
-
it "should ignore timestamp parameter in path" do
|
|
213
|
-
@module.token(@secret, @path + '?timestamp=foo' + @query, @timestamp).
|
|
212
|
+
it "should not ignore timestamp parameter in path" do
|
|
213
|
+
@module.token(@secret, @path + '?timestamp=foo' + @query, @timestamp).should_not == @result2
|
|
214
214
|
end
|
|
215
215
|
|
|
216
|
-
it "should ignore token parameter in path" do
|
|
217
|
-
@module.token(@secret, @path + '?token=bar' + @query, @timestamp).
|
|
216
|
+
it "should not ignore token parameter in path" do
|
|
217
|
+
@module.token(@secret, @path + '?token=bar' + @query, @timestamp).should_not == @result2
|
|
218
218
|
end
|
|
219
219
|
|
|
220
|
-
it "should ignore timestamp and token parameters in path" do
|
|
221
|
-
@module.token(@secret, @path + '?timestamp=foo&token=bar' + @query, @timestamp).
|
|
220
|
+
it "should not ignore timestamp and token parameters in path" do
|
|
221
|
+
@module.token(@secret, @path + '?timestamp=foo&token=bar' + @query, @timestamp).should_not == @result2
|
|
222
222
|
end
|
|
223
223
|
|
|
224
|
-
it "should ignore
|
|
225
|
-
@module.token(@secret, @path + '?
|
|
224
|
+
it "should ignore _asd parameter in path" do
|
|
225
|
+
@module.token(@secret, @path + '?_asd=baz' + @query, @timestamp).should == @result2
|
|
226
226
|
end
|
|
227
227
|
|
|
228
228
|
end
|
|
@@ -251,20 +251,20 @@ describe Apache::SecureDownload::Util do
|
|
|
251
251
|
|
|
252
252
|
describe "with recognized query parameters" do
|
|
253
253
|
|
|
254
|
-
it "should remove timestamp parameter" do
|
|
255
|
-
@module.real_path(@path + '?timestamp=foo').
|
|
254
|
+
it "should not remove timestamp parameter" do
|
|
255
|
+
@module.real_path(@path + '?timestamp=foo').should_not == @path
|
|
256
256
|
end
|
|
257
257
|
|
|
258
|
-
it "should remove token parameter" do
|
|
259
|
-
@module.real_path(@path + '?token=bar').
|
|
258
|
+
it "should not remove token parameter" do
|
|
259
|
+
@module.real_path(@path + '?token=bar').should_not == @path
|
|
260
260
|
end
|
|
261
261
|
|
|
262
|
-
it "should remove timestamp and token parameters" do
|
|
263
|
-
@module.real_path(@path + '?timestamp=foo&token=bar').
|
|
262
|
+
it "should not remove timestamp and token parameters" do
|
|
263
|
+
@module.real_path(@path + '?timestamp=foo&token=bar').should_not == @path
|
|
264
264
|
end
|
|
265
265
|
|
|
266
|
-
it "should remove
|
|
267
|
-
@module.real_path(@path + '?
|
|
266
|
+
it "should remove _asd parameter" do
|
|
267
|
+
@module.real_path(@path + '?_asd=baz').should == @path
|
|
268
268
|
end
|
|
269
269
|
|
|
270
270
|
describe "when other parameters are present" do
|
|
@@ -275,20 +275,20 @@ describe Apache::SecureDownload::Util do
|
|
|
275
275
|
@path2 = @path + '?foo=bar'
|
|
276
276
|
end
|
|
277
277
|
|
|
278
|
-
it "should remove timestamp parameter" do
|
|
279
|
-
@module.real_path(@path2 + '×tamp=foo').
|
|
278
|
+
it "should not remove timestamp parameter" do
|
|
279
|
+
@module.real_path(@path2 + '×tamp=foo').should_not == @path2
|
|
280
280
|
end
|
|
281
281
|
|
|
282
|
-
it "should remove token parameter" do
|
|
283
|
-
@module.real_path(@path2 + '&token=bar').
|
|
282
|
+
it "should not remove token parameter" do
|
|
283
|
+
@module.real_path(@path2 + '&token=bar').should_not == @path2
|
|
284
284
|
end
|
|
285
285
|
|
|
286
|
-
it "should remove timestamp and token parameters" do
|
|
287
|
-
@module.real_path(@path2 + '×tamp=foo&token=bar').
|
|
286
|
+
it "should not remove timestamp and token parameters" do
|
|
287
|
+
@module.real_path(@path2 + '×tamp=foo&token=bar').should_not == @path2
|
|
288
288
|
end
|
|
289
289
|
|
|
290
|
-
it "should remove
|
|
291
|
-
@module.real_path(@path2 + '&
|
|
290
|
+
it "should remove _asd parameter" do
|
|
291
|
+
@module.real_path(@path2 + '&_asd=baz').should == @path2
|
|
292
292
|
end
|
|
293
293
|
|
|
294
294
|
end
|
|
@@ -300,20 +300,20 @@ describe Apache::SecureDownload::Util do
|
|
|
300
300
|
@path2 = @path + @query.sub(/&/, '?')
|
|
301
301
|
end
|
|
302
302
|
|
|
303
|
-
it "should remove timestamp parameter" do
|
|
304
|
-
@module.real_path(@path + '?timestamp=foo' + @query).
|
|
303
|
+
it "should not remove timestamp parameter" do
|
|
304
|
+
@module.real_path(@path + '?timestamp=foo' + @query).should_not == @path2
|
|
305
305
|
end
|
|
306
306
|
|
|
307
|
-
it "should remove token parameter" do
|
|
308
|
-
@module.real_path(@path + '?token=bar' + @query).
|
|
307
|
+
it "should not remove token parameter" do
|
|
308
|
+
@module.real_path(@path + '?token=bar' + @query).should_not == @path2
|
|
309
309
|
end
|
|
310
310
|
|
|
311
|
-
it "should remove timestamp and token parameters" do
|
|
312
|
-
@module.real_path(@path + '?timestamp=foo&token=bar' + @query).
|
|
311
|
+
it "should not remove timestamp and token parameters" do
|
|
312
|
+
@module.real_path(@path + '?timestamp=foo&token=bar' + @query).should_not == @path2
|
|
313
313
|
end
|
|
314
314
|
|
|
315
|
-
it "should remove
|
|
316
|
-
@module.real_path(@path + '?
|
|
315
|
+
it "should remove _asd parameter" do
|
|
316
|
+
@module.real_path(@path + '?_asd=baz' + @query).should == @path2
|
|
317
317
|
end
|
|
318
318
|
|
|
319
319
|
end
|
|
@@ -344,20 +344,20 @@ describe Apache::SecureDownload::Util do
|
|
|
344
344
|
|
|
345
345
|
describe "with recognized query parameters" do
|
|
346
346
|
|
|
347
|
-
it "should remove timestamp parameter" do
|
|
348
|
-
@module.real_query(@query + '×tamp=foo').
|
|
347
|
+
it "should not remove timestamp parameter" do
|
|
348
|
+
@module.real_query(@query + '×tamp=foo').should_not == @query
|
|
349
349
|
end
|
|
350
350
|
|
|
351
|
-
it "should remove token parameter" do
|
|
352
|
-
@module.real_query(@query + '&token=bar').
|
|
351
|
+
it "should not remove token parameter" do
|
|
352
|
+
@module.real_query(@query + '&token=bar').should_not == @query
|
|
353
353
|
end
|
|
354
354
|
|
|
355
|
-
it "should remove timestamp and token parameters" do
|
|
356
|
-
@module.real_query(@query + '×tamp=foo&token=bar').
|
|
355
|
+
it "should not remove timestamp and token parameters" do
|
|
356
|
+
@module.real_query(@query + '×tamp=foo&token=bar').should_not == @query
|
|
357
357
|
end
|
|
358
358
|
|
|
359
|
-
it "should remove
|
|
360
|
-
@module.real_query(@query + '&
|
|
359
|
+
it "should remove _asd parameter" do
|
|
360
|
+
@module.real_query(@query + '&_asd=baz').should == @query
|
|
361
361
|
end
|
|
362
362
|
|
|
363
363
|
describe "when other parameters are present" do
|
|
@@ -367,20 +367,20 @@ describe Apache::SecureDownload::Util do
|
|
|
367
367
|
@query2 = @query + @params
|
|
368
368
|
end
|
|
369
369
|
|
|
370
|
-
it "should remove timestamp parameter" do
|
|
371
|
-
@module.real_query(@query + '×tamp=foo' + @params).
|
|
370
|
+
it "should not remove timestamp parameter" do
|
|
371
|
+
@module.real_query(@query + '×tamp=foo' + @params).should_not == @query2
|
|
372
372
|
end
|
|
373
373
|
|
|
374
|
-
it "should remove token parameter" do
|
|
375
|
-
@module.real_query(@query + '&token=bar' + @params).
|
|
374
|
+
it "should not remove token parameter" do
|
|
375
|
+
@module.real_query(@query + '&token=bar' + @params).should_not == @query2
|
|
376
376
|
end
|
|
377
377
|
|
|
378
|
-
it "should remove timestamp and token parameters" do
|
|
379
|
-
@module.real_query(@query + '×tamp=foo&token=bar' + @params).
|
|
378
|
+
it "should not remove timestamp and token parameters" do
|
|
379
|
+
@module.real_query(@query + '×tamp=foo&token=bar' + @params).should_not == @query2
|
|
380
380
|
end
|
|
381
381
|
|
|
382
|
-
it "should remove
|
|
383
|
-
@module.real_query(@query + '&
|
|
382
|
+
it "should remove _asd parameter" do
|
|
383
|
+
@module.real_query(@query + '&_asd=baz' + @params).should == @query2
|
|
384
384
|
end
|
|
385
385
|
|
|
386
386
|
end
|
|
@@ -238,15 +238,16 @@ describe Apache::SecureDownload do
|
|
|
238
238
|
end
|
|
239
239
|
|
|
240
240
|
def mock_request
|
|
241
|
-
|
|
241
|
+
_asd = "#{'%010x' % @timestamp}#{@token}"
|
|
242
|
+
|
|
243
|
+
args = "_asd=#{_asd}"
|
|
242
244
|
args = "#{@args}&#{args}" if @args
|
|
243
245
|
|
|
244
246
|
clean_args = @class::Util.real_query(args)
|
|
245
247
|
|
|
246
248
|
@request = mock('Request', :uri => @uri, :unparsed_uri => "#{@uri}?#{args}")
|
|
247
249
|
|
|
248
|
-
@request.should_receive(:param).with('
|
|
249
|
-
@request.should_receive(:param).with('token').any_number_of_times.and_return(@token)
|
|
250
|
+
@request.should_receive(:param).with('_asd').any_number_of_times.and_return(_asd)
|
|
250
251
|
|
|
251
252
|
@request.should_receive(:args).with(no_args).any_number_of_times.and_return(args)
|
|
252
253
|
@request.should_receive(:args=).with(clean_args).any_number_of_times.and_return(clean_args)
|
metadata
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: apache_secure_download
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
hash:
|
|
4
|
+
hash: 23
|
|
5
5
|
prerelease:
|
|
6
6
|
segments:
|
|
7
7
|
- 0
|
|
8
|
-
-
|
|
9
|
-
-
|
|
10
|
-
version: 0.
|
|
8
|
+
- 2
|
|
9
|
+
- 0
|
|
10
|
+
version: 0.2.0
|
|
11
11
|
platform: ruby
|
|
12
12
|
authors:
|
|
13
13
|
- Jens Wille
|
|
@@ -15,7 +15,7 @@ autorequire:
|
|
|
15
15
|
bindir: bin
|
|
16
16
|
cert_chain: []
|
|
17
17
|
|
|
18
|
-
date: 2011-11-
|
|
18
|
+
date: 2011-11-08 00:00:00 Z
|
|
19
19
|
dependencies: []
|
|
20
20
|
|
|
21
21
|
description: Apache module providing secure downloading functionality, just like Mongrel Secure Download does for mongrel.
|
|
@@ -47,7 +47,7 @@ licenses: []
|
|
|
47
47
|
post_install_message:
|
|
48
48
|
rdoc_options:
|
|
49
49
|
- --title
|
|
50
|
-
- apache_secure_download Application documentation (v0.
|
|
50
|
+
- apache_secure_download Application documentation (v0.2.0)
|
|
51
51
|
- --line-numbers
|
|
52
52
|
- --main
|
|
53
53
|
- README
|