api-auth 1.0.3 → 1.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/Rakefile +0 -10
- data/VERSION +1 -1
- data/lib/api_auth/base.rb +1 -1
- data/lib/api_auth/headers.rb +8 -6
- data/lib/api_auth/helpers.rb +1 -2
- data/lib/api_auth/request_drivers/rack.rb +2 -1
- data/lib/api_auth/request_drivers/rest_client.rb +4 -3
- data/spec/api_auth_spec.rb +3 -3
- metadata +3 -9
data/Rakefile
CHANGED
@@ -10,13 +10,3 @@ RSpec::Core::RakeTask.new(:spec) do |spec|
|
|
10
10
|
end
|
11
11
|
|
12
12
|
task :default => :spec
|
13
|
-
|
14
|
-
require 'rake/rdoctask'
|
15
|
-
Rake::RDocTask.new do |rdoc|
|
16
|
-
version = File.exist?('VERSION') ? File.read('VERSION') : ""
|
17
|
-
|
18
|
-
rdoc.rdoc_dir = 'rdoc'
|
19
|
-
rdoc.title = "test #{version}"
|
20
|
-
rdoc.rdoc_files.include('README*')
|
21
|
-
rdoc.rdoc_files.include('lib/**/*.rb')
|
22
|
-
end
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.0
|
1
|
+
1.1.0
|
data/lib/api_auth/base.rb
CHANGED
@@ -80,7 +80,7 @@ module ApiAuth
|
|
80
80
|
def hmac_signature(request, secret_key)
|
81
81
|
headers = Headers.new(request)
|
82
82
|
canonical_string = headers.canonical_string
|
83
|
-
digest = OpenSSL::Digest
|
83
|
+
digest = OpenSSL::Digest.new('sha1')
|
84
84
|
b64_encode(OpenSSL::HMAC.digest(digest, secret_key, canonical_string))
|
85
85
|
end
|
86
86
|
|
data/lib/api_auth/headers.rb
CHANGED
@@ -27,22 +27,24 @@ module ApiAuth
|
|
27
27
|
@request = ActionDispatchRequest.new(request)
|
28
28
|
when /Rack::Request/
|
29
29
|
@request = RackRequest.new(request)
|
30
|
+
when /ActionController::CgiRequest/
|
31
|
+
@request = ActionControllerRequest.new(request)
|
30
32
|
else
|
31
33
|
raise UnknownHTTPRequest, "#{request.class.to_s} is not yet supported."
|
32
34
|
end
|
33
35
|
true
|
34
36
|
end
|
35
|
-
|
37
|
+
|
36
38
|
# Returns the request timestamp
|
37
39
|
def timestamp
|
38
|
-
@request.timestamp
|
40
|
+
@request.timestamp
|
39
41
|
end
|
40
42
|
|
41
43
|
# Returns the canonical string computed from the request's headers
|
42
44
|
def canonical_string
|
43
45
|
[ @request.content_type,
|
44
46
|
@request.content_md5,
|
45
|
-
@request.request_uri.gsub(/
|
47
|
+
@request.request_uri.gsub(/https?:\/\/[^(,|\?|\/)]*/,''), # remove host
|
46
48
|
@request.timestamp
|
47
49
|
].join(",")
|
48
50
|
end
|
@@ -53,15 +55,15 @@ module ApiAuth
|
|
53
55
|
end
|
54
56
|
|
55
57
|
def set_date
|
56
|
-
@request.set_date if @request.timestamp.
|
58
|
+
@request.set_date if @request.timestamp.empty?
|
57
59
|
end
|
58
60
|
|
59
61
|
def calculate_md5
|
60
|
-
@request.populate_content_md5 if @request.content_md5.
|
62
|
+
@request.populate_content_md5 if @request.content_md5.empty?
|
61
63
|
end
|
62
64
|
|
63
65
|
def md5_mismatch?
|
64
|
-
if @request.content_md5.
|
66
|
+
if @request.content_md5.empty?
|
65
67
|
false
|
66
68
|
else
|
67
69
|
@request.md5_mismatch?
|
data/lib/api_auth/helpers.rb
CHANGED
@@ -21,6 +21,7 @@ module ApiAuth
|
|
21
21
|
def calculated_md5
|
22
22
|
if @request.body
|
23
23
|
body = @request.body.read
|
24
|
+
@request.body.rewind
|
24
25
|
else
|
25
26
|
body = ''
|
26
27
|
end
|
@@ -51,7 +52,7 @@ module ApiAuth
|
|
51
52
|
end
|
52
53
|
|
53
54
|
def content_md5
|
54
|
-
value = find_header(%w(CONTENT-MD5 CONTENT_MD5))
|
55
|
+
value = find_header(%w(CONTENT-MD5 CONTENT_MD5 HTTP-CONTENT-MD5 HTTP_CONTENT_MD5))
|
55
56
|
value.nil? ? "" : value
|
56
57
|
end
|
57
58
|
|
@@ -25,6 +25,7 @@ module ApiAuth
|
|
25
25
|
def calculated_md5
|
26
26
|
if @request.payload
|
27
27
|
body = @request.payload.read
|
28
|
+
@request.payload.instance_variable_get(:@stream).seek(0)
|
28
29
|
else
|
29
30
|
body = ''
|
30
31
|
end
|
@@ -51,7 +52,7 @@ module ApiAuth
|
|
51
52
|
|
52
53
|
def content_type
|
53
54
|
value = find_header(%w(CONTENT-TYPE CONTENT_TYPE HTTP_CONTENT_TYPE))
|
54
|
-
value.nil? ? ""
|
55
|
+
value.nil? ? "": value
|
55
56
|
end
|
56
57
|
|
57
58
|
def content_md5
|
@@ -81,11 +82,11 @@ module ApiAuth
|
|
81
82
|
def find_header(keys)
|
82
83
|
keys.map {|key| @headers[key] }.compact.first
|
83
84
|
end
|
84
|
-
|
85
|
+
|
85
86
|
def save_headers
|
86
87
|
@request.processed_headers = @request.make_headers(@headers)
|
87
88
|
end
|
88
|
-
|
89
|
+
|
89
90
|
end
|
90
91
|
|
91
92
|
end
|
data/spec/api_auth_spec.rb
CHANGED
@@ -8,8 +8,8 @@ describe "ApiAuth" do
|
|
8
8
|
ApiAuth.generate_secret_key
|
9
9
|
end
|
10
10
|
|
11
|
-
it "should generate secret keys that are
|
12
|
-
ApiAuth.generate_secret_key.size.should be(
|
11
|
+
it "should generate secret keys that are 88 characters" do
|
12
|
+
ApiAuth.generate_secret_key.size.should be(88)
|
13
13
|
end
|
14
14
|
|
15
15
|
it "should generate keys that have a Hamming Distance of at least 65" do
|
@@ -24,7 +24,7 @@ describe "ApiAuth" do
|
|
24
24
|
|
25
25
|
def hmac(secret_key, request)
|
26
26
|
canonical_string = ApiAuth::Headers.new(request).canonical_string
|
27
|
-
digest = OpenSSL::Digest
|
27
|
+
digest = OpenSSL::Digest.new('sha1')
|
28
28
|
ApiAuth.b64_encode(OpenSSL::HMAC.digest(digest, secret_key, canonical_string))
|
29
29
|
end
|
30
30
|
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: api-auth
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.0
|
4
|
+
version: 1.1.0
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date:
|
12
|
+
date: 2014-02-20 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: rake
|
@@ -187,21 +187,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
187
187
|
- - ! '>='
|
188
188
|
- !ruby/object:Gem::Version
|
189
189
|
version: '0'
|
190
|
-
segments:
|
191
|
-
- 0
|
192
|
-
hash: 579957539921083557
|
193
190
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
194
191
|
none: false
|
195
192
|
requirements:
|
196
193
|
- - ! '>='
|
197
194
|
- !ruby/object:Gem::Version
|
198
195
|
version: '0'
|
199
|
-
segments:
|
200
|
-
- 0
|
201
|
-
hash: 579957539921083557
|
202
196
|
requirements: []
|
203
197
|
rubyforge_project:
|
204
|
-
rubygems_version: 1.8.
|
198
|
+
rubygems_version: 1.8.25
|
205
199
|
signing_key:
|
206
200
|
specification_version: 3
|
207
201
|
summary: Simple HMAC authentication for your APIs
|