api-auth 0.9.0

data/.document

@@ -0,0 +1,5 @@
+lib/**/*.rb
+bin/*
+- 
+features/**/*.feature
+LICENSE.txt

data/.rspec

@@ -0,0 +1,3 @@
+--colour
+--format nested
+--backtrace

data/Gemfile

@@ -0,0 +1,12 @@
+source "http://rubygems.org"
+
+group :development do
+  gem "rspec", "~> 2.4.0"
+  gem "bundler", "~> 1.0.0"
+  gem "jeweler", "~> 1.5.2"
+  gem "amatch", "~> 0.2.5"
+  gem "curb", "~> 0.7.7"
+  gem "rest-client", "~> 1.6.0"
+  gem "actionpack", "~> 2.3.2"
+  gem "activeresource", "~> 2.3.2"
+end

data/LICENSE.txt

@@ -0,0 +1,20 @@
+Copyright (c) 2011 Gemini SBS LLC
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,92 @@
+api-auth
+========
+
+Logins and passwords are for humans. Communication between applications need to 
+be protected through different means.
+
+api-auth is Ruby gem designed to be used both in your client and server
+HTTP-based applications. It implements the same authentication methods (HMAC) 
+used by Amazon Web Services.
+
+The gem will sign your requests on the client side and authenticate that 
+signature on the server side. If your server resources are implemented as a 
+Rails ActiveResource, it will integrate with that. It will even generate the 
+secret keys necessary for your clients to sign their requests.
+
+Since it operates entirely using HTTP headers, the server component does not 
+have to be written in the same language as the clients. Any language with 
+OpenSSL bindings will suffice.
+
+How it works
+------------
+
+1. A canonical string is first created using your HTTP headers containing the 
+content-type, content-MD5, request URI and the 
+timestamp. The canonical string string is computed as follows:
+
+    canonical_string = "<content-type>,<content-MD5>,<URI>,<timestamp>"
+
+If content-type or content-MD5 are not present, then a blank string is used in 
+their place. If the timestamp isn't present, a valid HTTP date is automatically 
+added to the request.
+
+2. This string is then used to create the signature which is a Base64 encoded 
+SHA1 HMAC, using the client's private secret key.
+
+3. This signature is then added as the `Authorization` HTTP header in the form:
+
+    Authorization = APIAuth <client access id>:<signature from step 2>
+        
+5. On the server side, the SHA1 HMAC is computed in the same way using the 
+request headers and the client's secret key, which is known to only 
+the client and the server but can be looked up on the server using the client's 
+access id that was attached in the header. The access id can be any integer or 
+string that uniquely identifies the client.
+
+
+References
+----------
+
+* [Hash functions](http://en.wikipedia.org/wiki/Cryptographic_hash_function)
+* [SHA-1 Hash function](http://en.wikipedia.org/wiki/SHA-1)
+* [HMAC algorithm](http://en.wikipedia.org/wiki/HMAC)
+* [RFC 2104 (HMAC)](http://tools.ietf.org/html/rfc2104)
+
+Usage
+-----
+
+### Install ###
+
+    [sudo] gem install api-auth
+    
+### Supported Request Objects ###
+
+ApiAuth supports most request objects. With the support of 
+ActionController::Request, ApiAuth is fully compatible with Rails. Support for 
+other request objects can be added as a request driver.
+
+Here is the current list of supported request objects:
+
+* Net::HTTP
+* ActionController::Request
+* Curb (Curl::Easy)
+* RestClient
+    
+### ActiveResource ###
+
+    class MyResource < ActiveResource::Base
+      with_api_auth(<access_id>, <secret_key>)
+    end
+
+### Server ###
+
+
+Authors
+-------
+
+* [Mauricio Gomes](http://github.com/mgomes)
+
+Copyright
+---------
+
+Copyright (c) 2011 Gemini SBS LLC. See LICENSE.txt for further details.

data/Rakefile

@@ -0,0 +1,45 @@
+require 'rubygems'
+require 'bundler'
+begin
+  Bundler.setup(:default, :development)
+rescue Bundler::BundlerError => e
+  $stderr.puts e.message
+  $stderr.puts "Run `bundle install` to install missing gems"
+  exit e.status_code
+end
+require 'rake'
+
+require 'jeweler'
+Jeweler::Tasks.new do |gem|
+  gem.name = "api-auth"
+  gem.homepage = "http://github.com/geminisbs/api-auth"
+  gem.license = "MIT"
+  gem.summary = %Q{Simple HMAC authentication for your APIs}
+  gem.description = %Q{Full HMAC auth implementation for use in your gems and Rails apps.}
+  gem.email = "mgomes@geminisbs.com"
+  gem.authors = ["Mauricio Gomes"]
+end
+Jeweler::RubygemsDotOrgTasks.new
+
+require 'rspec/core'
+require 'rspec/core/rake_task'
+RSpec::Core::RakeTask.new(:spec) do |spec|
+  spec.pattern = FileList['spec/**/*_spec.rb']
+end
+
+RSpec::Core::RakeTask.new(:rcov) do |spec|
+  spec.pattern = 'spec/**/*_spec.rb'
+  spec.rcov = true
+end
+
+task :default => :spec
+
+require 'rake/rdoctask'
+Rake::RDocTask.new do |rdoc|
+  version = File.exist?('VERSION') ? File.read('VERSION') : ""
+
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title = "api-auth #{version}"
+  rdoc.rdoc_files.include('README*')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end

data/lib/api-auth.rb

@@ -0,0 +1,14 @@
+require 'openssl'
+require 'base64'
+
+require 'api-auth/errors'
+require 'api-auth/helpers'
+
+require 'api-auth/request_drivers/net_http'
+require 'api-auth/request_drivers/curb'
+require 'api-auth/request_drivers/rest_client'
+require 'api-auth/request_drivers/action_controller'
+
+require 'api-auth/headers'
+require 'api-auth/base'
+require 'api-auth/railtie'

data/spec/api-auth_spec.rb

@@ -0,0 +1,138 @@
+require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
+
+describe "ApiAuth" do
+  
+  describe "generating secret keys" do
+  
+    it "should generate secret keys" do
+      ApiAuth.generate_secret_key
+    end
+  
+    it "should generate secret keys that are 89 characters" do
+      ApiAuth.generate_secret_key.size.should be(89)
+    end
+  
+    it "should generate keys that have a Hamming Distance of at least 65" do
+      key1 = ApiAuth.generate_secret_key
+      key2 = ApiAuth.generate_secret_key
+      Amatch::Hamming.new(key1).match(key2).should be > 65
+    end
+    
+  end
+  
+  describe "signing requests" do
+    
+    def hmac(secret_key, request)
+      canonical_string = ApiAuth::Headers.new(request).canonical_string
+      digest = OpenSSL::Digest::Digest.new('sha1')
+      ApiAuth.b64_encode(OpenSSL::HMAC.digest(digest, secret_key, canonical_string))
+    end
+    
+    before(:all) do
+      @access_id = "1044"
+      @secret_key = ApiAuth.generate_secret_key
+    end
+    
+    describe "with Net::HTTP" do
+      
+      before(:each) do
+        @request = Net::HTTP::Put.new("/resource.xml?foo=bar&bar=foo", 
+          'content-type' => 'text/plain', 
+          'content-md5' => 'e59ff97941044f85df5297e1c302d260', 
+          'date' => "Mon, 23 Jan 1984 03:29:56 GMT")
+        @signed_request = ApiAuth.sign!(@request, @access_id, @secret_key)
+      end
+      
+      it "should return a Net::HTTP object after signing it" do
+        ApiAuth.sign!(@request, @access_id, @secret_key).class.to_s.should match("Net::HTTP")
+      end
+      
+      it "should sign the request" do
+        @signed_request['Authorization'].should == "APIAuth 1044:#{hmac(@secret_key, @request)}"
+      end
+
+      it "should authenticate a valid request" do
+        ApiAuth.authentic?(@signed_request, @secret_key).should be_true
+      end
+      
+      it "should NOT authenticate a non-valid request" do
+        ApiAuth.authentic?(@signed_request, @secret_key+'j').should be_false
+      end
+      
+      it "should retrieve the access_id" do
+        ApiAuth.access_id(@signed_request).should == "1044"
+      end
+      
+    end
+    
+    describe "with RestClient" do
+      
+      before(:each) do
+        headers = { 'Content-MD5' => "e59ff97941044f85df5297e1c302d260",
+                    'Content-Type' => "text/plain",
+                    'Date' => "Mon, 23 Jan 1984 03:29:56 GMT" }
+        @request = RestClient::Request.new(:url => "/resource.xml?foo=bar&bar=foo", 
+          :headers => headers,
+          :method => :put)
+        @signed_request = ApiAuth.sign!(@request, @access_id, @secret_key)
+      end
+      
+      it "should return a RestClient object after signing it" do
+        ApiAuth.sign!(@request, @access_id, @secret_key).class.to_s.should match("RestClient")
+      end
+      
+      it "should sign the request" do
+        @signed_request.headers['Authorization'].should == "APIAuth 1044:#{hmac(@secret_key, @request)}"
+      end
+
+      it "should authenticate a valid request" do
+        ApiAuth.authentic?(@signed_request, @secret_key).should be_true
+      end
+      
+      it "should NOT authenticate a non-valid request" do
+        ApiAuth.authentic?(@signed_request, @secret_key+'j').should be_false
+      end
+      
+      it "should retrieve the access_id" do
+        ApiAuth.access_id(@signed_request).should == "1044"
+      end
+      
+    end
+    
+    describe "with Curb" do
+      
+      before(:each) do
+        headers = { 'Content-MD5' => "e59ff97941044f85df5297e1c302d260",
+                    'Content-Type' => "text/plain",
+                    'Date' => "Mon, 23 Jan 1984 03:29:56 GMT" }
+        @request = Curl::Easy.new("/resource.xml?foo=bar&bar=foo") do |curl|
+          curl.headers = headers
+        end
+        @signed_request = ApiAuth.sign!(@request, @access_id, @secret_key)
+      end
+      
+      it "should return a Curl::Easy object after signing it" do
+        ApiAuth.sign!(@request, @access_id, @secret_key).class.to_s.should match("Curl::Easy")
+      end
+      
+      it "should sign the request" do
+        @signed_request.headers['Authorization'].should == "APIAuth 1044:#{hmac(@secret_key, @request)}"
+      end
+
+      it "should authenticate a valid request" do
+        ApiAuth.authentic?(@signed_request, @secret_key).should be_true
+      end
+      
+      it "should NOT authenticate a non-valid request" do
+        ApiAuth.authentic?(@signed_request, @secret_key+'j').should be_false
+      end
+      
+      it "should retrieve the access_id" do
+        ApiAuth.access_id(@signed_request).should == "1044"
+      end
+      
+    end
+    
+  end
+  
+end

data/spec/headers_spec.rb

@@ -0,0 +1,102 @@
+require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
+
+describe "ApiAuth::Headers" do
+  
+  CANONICAL_STRING = "text/plain,e59ff97941044f85df5297e1c302d260,/resource.xml?foo=bar&bar=foo,Mon, 23 Jan 1984 03:29:56 GMT"
+
+  describe "with Net::HTTP" do
+  
+    before(:each) do
+      @request = Net::HTTP::Put.new("/resource.xml?foo=bar&bar=foo", 
+        'content-type' => 'text/plain', 
+        'content-md5' => 'e59ff97941044f85df5297e1c302d260',
+        'date' => "Mon, 23 Jan 1984 03:29:56 GMT")
+      @headers = ApiAuth::Headers.new(@request)
+    end
+    
+    it "should generate the proper canonical string" do
+      @headers.canonical_string.should == CANONICAL_STRING
+    end
+    
+    it "should set the authorization header" do
+      @headers.sign_header("alpha")
+      @headers.authorization_header.should == "alpha"
+    end
+    
+    it "should set the DATE header if one is not already present" do
+      @request = Net::HTTP::Put.new("/resource.xml?foo=bar&bar=foo", 
+        'content-type' => 'text/plain', 
+        'content-md5' => 'e59ff97941044f85df5297e1c302d260')
+      ApiAuth.sign!(@request, "some access id", "some secret key")
+      @request['DATE'].should_not be_nil
+    end
+  
+  end
+  
+  describe "with RestClient" do
+  
+    before(:each) do
+      headers = { 'Content-MD5' => "e59ff97941044f85df5297e1c302d260",
+                  'Content-Type' => "text/plain",
+                  'Date' => "Mon, 23 Jan 1984 03:29:56 GMT" }
+      @request = RestClient::Request.new(:url => "/resource.xml?foo=bar&bar=foo", 
+        :headers => headers,
+        :method => :put)
+      @headers = ApiAuth::Headers.new(@request)
+    end
+    
+    it "should generate the proper canonical string" do
+      @headers.canonical_string.should == CANONICAL_STRING
+    end
+    
+    it "should set the authorization header" do
+      @headers.sign_header("alpha")
+      @headers.authorization_header.should == "alpha"
+    end
+    
+    it "should set the DATE header if one is not already present" do
+      headers = { 'Content-MD5' => "e59ff97941044f85df5297e1c302d260",
+                  'Content-Type' => "text/plain" }
+      @request = RestClient::Request.new(:url => "/resource.xml?foo=bar&bar=foo", 
+        :headers => headers,
+        :method => :put)
+      ApiAuth.sign!(@request, "some access id", "some secret key")
+      @request.headers['DATE'].should_not be_nil
+    end
+  
+  end
+  
+  describe "with Curb" do
+  
+    before(:each) do
+      headers = { 'Content-MD5' => "e59ff97941044f85df5297e1c302d260",
+                  'Content-Type' => "text/plain",
+                  'Date' => "Mon, 23 Jan 1984 03:29:56 GMT" }
+      @request = Curl::Easy.new("/resource.xml?foo=bar&bar=foo") do |curl|
+        curl.headers = headers
+      end
+      @headers = ApiAuth::Headers.new(@request)
+    end
+    
+    it "should generate the proper canonical string" do
+      @headers.canonical_string.should == CANONICAL_STRING
+    end
+    
+    it "should set the authorization header" do
+      @headers.sign_header("alpha")
+      @headers.authorization_header.should == "alpha"
+    end
+    
+    it "should set the DATE header if one is not already present" do
+      headers = { 'Content-MD5' => "e59ff97941044f85df5297e1c302d260",
+                  'Content-Type' => "text/plain" }
+      @request = Curl::Easy.new("/resource.xml?foo=bar&bar=foo") do |curl|
+        curl.headers = headers
+      end
+      ApiAuth.sign!(@request, "some access id", "some secret key")
+      @request.headers['DATE'].should_not be_nil
+    end
+  
+  end
+  
+end

data/spec/helpers_spec.rb

@@ -0,0 +1,14 @@
+require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
+
+describe "ApiAuth::Helpers" do
+  
+  it "should strip the new line character on a Base64 encoding" do
+    ApiAuth.b64_encode("some string").should_not match(/\n/)
+  end
+  
+  it "should properly upcase a hash's keys" do
+    hsh = { "JoE" => "rOOLz" }
+    ApiAuth.capitalize_keys(hsh)["JOE"].should == "rOOLz"
+  end
+  
+end

data/spec/railtie_spec.rb

@@ -0,0 +1,105 @@
+require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
+
+describe "Rails integration" do
+  
+  API_KEY_STORE = { "1044" => "l16imAXie1sRMcJODpOG7UwC1VyoqvO13jejkfpKWX4Z09W8DC9IrU23DvCwMry7pgSFW6c5S1GIfV0OY6F/vUA==" }
+  
+  describe "Rails controller integration" do
+    
+    class ApplicationController < ActionController::Base
+      
+    private
+    
+      def require_api_auth
+        if (access_id = get_api_access_id_from_request)
+          return true if api_authenticated?(API_KEY_STORE[access_id])
+        end
+        
+        respond_to do |format|
+          format.xml { render :xml => "You are unauthorized to perform this action.", :status => 401 }
+          format.json { render :json => "You are unauthorized to perform this action.", :status => 401 }
+    			format.html { render :text => "You are unauthorized to perform this action", :status => 401 }
+        end
+      end
+
+    end
+    
+    class TestController < ApplicationController
+      before_filter :require_api_auth, :only => [:index]
+      
+      def index
+        render :text => "OK"
+      end
+      
+      def public
+        render :text => "OK"
+      end
+
+      def rescue_action(e); raise(e); end
+    end
+    ActionController::Routing::Routes.draw {|map| map.resources :test }
+    
+    it "should permit a request with properly signed headers" do
+      request = ActionController::TestRequest.new
+      request.env['DATE'] = "Mon, 23 Jan 1984 03:29:56 GMT"
+      request.action = 'index'
+      request.path = "/index"
+      ApiAuth.sign!(request, "1044", API_KEY_STORE["1044"])
+      TestController.new.process(request, ActionController::TestResponse.new).code.should == "200"
+    end
+    
+    it "should insert a DATE header in the request when one hasn't been specified" do
+      request = ActionController::TestRequest.new
+      request.action = 'index'
+      request.path = "/index"
+      ApiAuth.sign!(request, "1044", API_KEY_STORE["1044"])
+      request.headers['DATE'].should_not be_nil
+    end
+
+    it "should forbid an unsigned request to a protected controller action" do
+      request = ActionController::TestRequest.new
+      request.action = 'index'
+      TestController.new.process(request, ActionController::TestResponse.new).code.should == "401"
+    end
+
+    it "should forbid a request with a bogus signature" do
+      request = ActionController::TestRequest.new
+      request.action = 'index'
+      request.env['Authorization'] = "APIAuth bogus:bogus"
+      TestController.new.process(request, ActionController::TestResponse.new).code.should == "401"
+    end
+    
+    it "should allow non-protected controller actions to function as before" do
+      request = ActionController::TestRequest.new
+      request.action = 'public'
+      request.path('/public')
+      TestController.new.process(request, ActionController::TestResponse.new).code.should == "200"
+    end
+    
+  end
+  
+  describe "Rails ActiveResource integration" do
+    
+    class TestResource < ActiveResource::Base
+      with_api_auth "1044", API_KEY_STORE["1044"]
+      self.site = "http://localhost/"
+    end
+    
+    it "should send signed requests automagically" do
+      timestamp = Time.parse("Mon, 23 Jan 1984 03:29:56 GMT")
+      Time.should_receive(:now).at_least(1).times.and_return(timestamp)
+      ActiveResource::HttpMock.respond_to do |mock|
+        mock.get "/test_resources/1.xml", 
+          {
+            'Authorization' => 'APIAuth 1044:IbTx7VzSOGU55HNbV4y2jZDnVis=',
+            'Accept' => 'application/xml',
+            'DATE' => "Mon, 23 Jan 1984 03:29:56 GMT"
+          },
+          { :id => "1" }.to_xml(:root => 'test_resource')
+      end
+      TestResource.find(1)
+    end
+    
+  end
+  
+end

data/spec/spec_helper.rb

@@ -0,0 +1,22 @@
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+$LOAD_PATH.unshift(File.dirname(__FILE__))
+require 'rspec'
+require 'api-auth'
+require 'amatch'
+require 'rest_client'
+require 'curb'
+
+require 'active_support'
+require 'active_support/test_case'
+require 'action_controller'
+require 'action_controller/test_process'
+require 'active_resource'
+require 'active_resource/http_mock'
+
+# Requires supporting files with custom matchers and macros, etc,
+# in ./support/ and its subdirectories.
+Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each {|f| require f}
+
+RSpec.configure do |config|
+  
+end

metadata

@@ -0,0 +1,210 @@
+--- !ruby/object:Gem::Specification 
+name: api-auth
+version: !ruby/object:Gem::Version 
+  hash: 59
+  prerelease: 
+  segments: 
+  - 0
+  - 9
+  - 0
+  version: 0.9.0
+platform: ruby
+authors: 
+- Mauricio Gomes
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2011-01-30 00:00:00 -05:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  type: :development
+  version_requirements: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 31
+        segments: 
+        - 2
+        - 4
+        - 0
+        version: 2.4.0
+  requirement: *id001
+  prerelease: false
+  name: rspec
+- !ruby/object:Gem::Dependency 
+  type: :development
+  version_requirements: &id002 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 23
+        segments: 
+        - 1
+        - 0
+        - 0
+        version: 1.0.0
+  requirement: *id002
+  prerelease: false
+  name: bundler
+- !ruby/object:Gem::Dependency 
+  type: :development
+  version_requirements: &id003 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 7
+        segments: 
+        - 1
+        - 5
+        - 2
+        version: 1.5.2
+  requirement: *id003
+  prerelease: false
+  name: jeweler
+- !ruby/object:Gem::Dependency 
+  type: :development
+  version_requirements: &id004 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 29
+        segments: 
+        - 0
+        - 2
+        - 5
+        version: 0.2.5
+  requirement: *id004
+  prerelease: false
+  name: amatch
+- !ruby/object:Gem::Dependency 
+  type: :development
+  version_requirements: &id005 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 13
+        segments: 
+        - 0
+        - 7
+        - 7
+        version: 0.7.7
+  requirement: *id005
+  prerelease: false
+  name: curb
+- !ruby/object:Gem::Dependency 
+  type: :development
+  version_requirements: &id006 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 15
+        segments: 
+        - 1
+        - 6
+        - 0
+        version: 1.6.0
+  requirement: *id006
+  prerelease: false
+  name: rest-client
+- !ruby/object:Gem::Dependency 
+  type: :development
+  version_requirements: &id007 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 7
+        segments: 
+        - 2
+        - 3
+        - 2
+        version: 2.3.2
+  requirement: *id007
+  prerelease: false
+  name: actionpack
+- !ruby/object:Gem::Dependency 
+  type: :development
+  version_requirements: &id008 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 7
+        segments: 
+        - 2
+        - 3
+        - 2
+        version: 2.3.2
+  requirement: *id008
+  prerelease: false
+  name: activeresource
+description: Full HMAC auth implementation for use in your gems and Rails apps.
+email: mgomes@geminisbs.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- LICENSE.txt
+- README.md
+files: 
+- .document
+- .rspec
+- Gemfile
+- LICENSE.txt
+- Rakefile
+- lib/api-auth.rb
+- spec/api-auth_spec.rb
+- spec/spec_helper.rb
+- README.md
+- spec/headers_spec.rb
+- spec/helpers_spec.rb
+- spec/railtie_spec.rb
+has_rdoc: true
+homepage: http://github.com/geminisbs/api-auth
+licenses: 
+- MIT
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.4.1
+signing_key: 
+specification_version: 3
+summary: Simple HMAC authentication for your APIs
+test_files: 
+- spec/api-auth_spec.rb
+- spec/headers_spec.rb
+- spec/helpers_spec.rb
+- spec/railtie_spec.rb
+- spec/spec_helper.rb