api-auth 1.1.0 → 1.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/.travis.yml +17 -0
- data/Appraisals +29 -0
- data/CHANGELOG.md +6 -0
- data/Gemfile.lock +42 -11
- data/LICENSE.txt +1 -1
- data/README.md +15 -13
- data/Rakefile +1 -0
- data/VERSION +1 -1
- data/api_auth.gemspec +5 -3
- data/gemfiles/rails_23.gemfile +7 -0
- data/gemfiles/rails_23.gemfile.lock +57 -0
- data/gemfiles/rails_30.gemfile +7 -0
- data/gemfiles/rails_30.gemfile.lock +79 -0
- data/gemfiles/rails_31.gemfile +9 -0
- data/gemfiles/rails_31.gemfile.lock +85 -0
- data/gemfiles/rails_32.gemfile +9 -0
- data/gemfiles/rails_32.gemfile.lock +84 -0
- data/gemfiles/rails_4.gemfile +9 -0
- data/gemfiles/rails_4.gemfile.lock +81 -0
- data/lib/api_auth.rb +1 -0
- data/lib/api_auth/base.rb +1 -1
- data/lib/api_auth/headers.rb +4 -0
- data/lib/api_auth/helpers.rb +18 -5
- data/lib/api_auth/request_drivers/action_controller.rb +2 -2
- data/lib/api_auth/request_drivers/httpi.rb +80 -0
- data/lib/api_auth/request_drivers/net_http.rb +3 -1
- data/lib/api_auth/request_drivers/rack.rb +1 -1
- data/lib/api_auth/request_drivers/rest_client.rb +4 -4
- data/spec/api_auth_spec.rb +97 -22
- data/spec/headers_spec.rb +64 -3
- data/spec/railtie_spec.rb +51 -36
- data/spec/spec_helper.rb +2 -1
- metadata +55 -9
data/.travis.yml
ADDED
@@ -0,0 +1,17 @@
|
|
1
|
+
language: ruby
|
2
|
+
rvm:
|
3
|
+
- 1.8.7-p374
|
4
|
+
- 1.9.3
|
5
|
+
gemfile:
|
6
|
+
- gemfiles/rails_23.gemfile
|
7
|
+
- gemfiles/rails_30.gemfile
|
8
|
+
- gemfiles/rails_31.gemfile
|
9
|
+
- gemfiles/rails_32.gemfile
|
10
|
+
- gemfiles/rails_4.gemfile
|
11
|
+
matrix:
|
12
|
+
exclude:
|
13
|
+
- rvm: 1.8.7-p374
|
14
|
+
gemfile: gemfiles/rails_4.gemfile
|
15
|
+
|
16
|
+
notifications:
|
17
|
+
email: false
|
data/Appraisals
ADDED
@@ -0,0 +1,29 @@
|
|
1
|
+
appraise "rails-4" do
|
2
|
+
gem "actionpack", "~> 4.0.4"
|
3
|
+
gem "activeresource", "~> 4.0.0"
|
4
|
+
gem "activesupport", "~> 4.0.4"
|
5
|
+
end
|
6
|
+
|
7
|
+
appraise "rails-32" do
|
8
|
+
gem "actionpack", "~> 3.2.17"
|
9
|
+
gem "activeresource", "~> 3.2.17"
|
10
|
+
gem "activesupport", "~> 3.2.17"
|
11
|
+
end
|
12
|
+
|
13
|
+
appraise "rails-31" do
|
14
|
+
gem "actionpack", "~> 3.1.0"
|
15
|
+
gem "activeresource", "~> 3.1.0"
|
16
|
+
gem "activesupport", "~> 3.1.0"
|
17
|
+
end
|
18
|
+
|
19
|
+
appraise "rails-30" do
|
20
|
+
gem "actionpack", "~> 3.0.20"
|
21
|
+
gem "activeresource", "~> 3.0.20"
|
22
|
+
gem "activesupport", "~> 3.0.20"
|
23
|
+
end
|
24
|
+
|
25
|
+
appraise "rails-23" do
|
26
|
+
gem "actionpack", "~> 2.3.2"
|
27
|
+
gem "activeresource", "~> 2.3.2"
|
28
|
+
gem "activesupport", "~> 2.3.2"
|
29
|
+
end
|
data/CHANGELOG.md
ADDED
data/Gemfile.lock
CHANGED
@@ -1,23 +1,50 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
api-auth (1.0
|
4
|
+
api-auth (1.1.0)
|
5
5
|
|
6
6
|
GEM
|
7
7
|
remote: https://rubygems.org/
|
8
8
|
specs:
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
9
|
+
abstract (1.0.0)
|
10
|
+
actionpack (3.0.20)
|
11
|
+
activemodel (= 3.0.20)
|
12
|
+
activesupport (= 3.0.20)
|
13
|
+
builder (~> 2.1.2)
|
14
|
+
erubis (~> 2.6.6)
|
15
|
+
i18n (~> 0.5.0)
|
16
|
+
rack (~> 1.2.5)
|
17
|
+
rack-mount (~> 0.6.14)
|
18
|
+
rack-test (~> 0.5.7)
|
19
|
+
tzinfo (~> 0.3.23)
|
20
|
+
activemodel (3.0.20)
|
21
|
+
activesupport (= 3.0.20)
|
22
|
+
builder (~> 2.1.2)
|
23
|
+
i18n (~> 0.5.0)
|
24
|
+
activeresource (3.0.20)
|
25
|
+
activemodel (= 3.0.20)
|
26
|
+
activesupport (= 3.0.20)
|
27
|
+
activesupport (3.0.20)
|
15
28
|
amatch (0.2.10)
|
16
29
|
tins (~> 0.3)
|
30
|
+
appraisal (0.5.2)
|
31
|
+
bundler
|
32
|
+
rake
|
33
|
+
builder (2.1.2)
|
17
34
|
curb (0.8.1)
|
18
35
|
diff-lcs (1.1.3)
|
36
|
+
erubis (2.6.6)
|
37
|
+
abstract (>= 1.0.0)
|
38
|
+
httpi (2.1.0)
|
39
|
+
rack
|
40
|
+
rubyntlm (~> 0.3.2)
|
41
|
+
i18n (0.5.3)
|
19
42
|
mime-types (1.17.2)
|
20
|
-
rack (1.
|
43
|
+
rack (1.2.8)
|
44
|
+
rack-mount (0.6.14)
|
45
|
+
rack (>= 1.0.0)
|
46
|
+
rack-test (0.5.7)
|
47
|
+
rack (>= 1.0)
|
21
48
|
rake (0.9.2.2)
|
22
49
|
rest-client (1.6.7)
|
23
50
|
mime-types (>= 1.16)
|
@@ -29,18 +56,22 @@ GEM
|
|
29
56
|
rspec-expectations (2.4.0)
|
30
57
|
diff-lcs (~> 1.1.2)
|
31
58
|
rspec-mocks (2.4.0)
|
59
|
+
rubyntlm (0.3.4)
|
32
60
|
tins (0.5.5)
|
61
|
+
tzinfo (0.3.39)
|
33
62
|
|
34
63
|
PLATFORMS
|
35
64
|
ruby
|
36
65
|
|
37
66
|
DEPENDENCIES
|
38
|
-
actionpack (~>
|
39
|
-
activeresource (~>
|
40
|
-
activesupport (~>
|
67
|
+
actionpack (~> 3.0.0)
|
68
|
+
activeresource (~> 3.0.0)
|
69
|
+
activesupport (~> 3.0.0)
|
41
70
|
amatch
|
42
71
|
api-auth!
|
72
|
+
appraisal
|
43
73
|
curb (~> 0.8.1)
|
74
|
+
httpi
|
44
75
|
rake
|
45
76
|
rest-client (~> 1.6.0)
|
46
77
|
rspec (~> 2.4.0)
|
data/LICENSE.txt
CHANGED
data/README.md
CHANGED
@@ -1,4 +1,6 @@
|
|
1
|
-
# ApiAuth
|
1
|
+
# ApiAuth
|
2
|
+
|
3
|
+
[](https://travis-ci.org/mgomes/api_auth)
|
2
4
|
|
3
5
|
Logins and passwords are for humans. Communication between applications need to
|
4
6
|
be protected through different means.
|
@@ -15,7 +17,7 @@ secret keys necessary for your clients to sign their requests.
|
|
15
17
|
Since it operates entirely using HTTP headers, the server component does not
|
16
18
|
have to be written in the same language as the clients.
|
17
19
|
|
18
|
-
## How it works
|
20
|
+
## How it works
|
19
21
|
|
20
22
|
1. A canonical string is first created using your HTTP headers containing the
|
21
23
|
content-type, content-MD5, request URI and the timestamp. If content-type or
|
@@ -40,14 +42,14 @@ string that uniquely identifies the client. The signed request expires after 15
|
|
40
42
|
minutes in order to avoid replay attacks.
|
41
43
|
|
42
44
|
|
43
|
-
## References
|
45
|
+
## References
|
44
46
|
|
45
47
|
* [Hash functions](http://en.wikipedia.org/wiki/Cryptographic_hash_function)
|
46
48
|
* [SHA-1 Hash function](http://en.wikipedia.org/wiki/SHA-1)
|
47
49
|
* [HMAC algorithm](http://en.wikipedia.org/wiki/HMAC)
|
48
50
|
* [RFC 2104 (HMAC)](http://tools.ietf.org/html/rfc2104)
|
49
51
|
|
50
|
-
## Install
|
52
|
+
## Install
|
51
53
|
|
52
54
|
The gem doesn't have any dependencies outside of having a working OpenSSL
|
53
55
|
configuration for your Ruby VM. To install:
|
@@ -56,7 +58,7 @@ configuration for your Ruby VM. To install:
|
|
56
58
|
|
57
59
|
Please note the dash in the name versus the underscore.
|
58
60
|
|
59
|
-
## Clients
|
61
|
+
## Clients
|
60
62
|
|
61
63
|
ApiAuth supports many popular HTTP clients. Support for other clients can be
|
62
64
|
added as a request driver.
|
@@ -64,11 +66,11 @@ added as a request driver.
|
|
64
66
|
Here is the current list of supported request objects:
|
65
67
|
|
66
68
|
* Net::HTTP
|
67
|
-
*
|
69
|
+
* ActionDispatch::Request
|
68
70
|
* Curb (Curl::Easy)
|
69
71
|
* RestClient
|
70
72
|
|
71
|
-
### HTTP Client Objects
|
73
|
+
### HTTP Client Objects
|
72
74
|
|
73
75
|
Here's a sample implementation of signing a request created with RestClient. For
|
74
76
|
more examples, please check out the ApiAuth Spec where every supported HTTP
|
@@ -104,7 +106,7 @@ request as one of the last steps in building the request to ensure the headers
|
|
104
106
|
don't change after the signing process which would cause the authentication
|
105
107
|
check to fail on the server side.
|
106
108
|
|
107
|
-
### ActiveResource Clients
|
109
|
+
### ActiveResource Clients
|
108
110
|
|
109
111
|
ApiAuth can transparently protect your ActiveResource communications with a
|
110
112
|
single configuration line:
|
@@ -117,7 +119,7 @@ single configuration line:
|
|
117
119
|
|
118
120
|
This will automatically sign all outgoing ActiveResource requests from your app.
|
119
121
|
|
120
|
-
## Server
|
122
|
+
## Server
|
121
123
|
|
122
124
|
ApiAuth provides some built in methods to help you generate API keys for your
|
123
125
|
clients as well as verifying incoming API requests.
|
@@ -161,7 +163,7 @@ Rails app:
|
|
161
163
|
end
|
162
164
|
```
|
163
165
|
|
164
|
-
## Development
|
166
|
+
## Development
|
165
167
|
|
166
168
|
ApiAuth uses bundler for gem dependencies and RSpec for testing. Developing the
|
167
169
|
gem requires that you have all supported HTTP clients installed. Bundler will
|
@@ -175,11 +177,11 @@ If you'd like to add support for additional HTTP clients, check out the already
|
|
175
177
|
implemented drivers in `lib/api_auth/request_drivers` for reference. All of
|
176
178
|
the public methods for each driver are required to be implemented by your driver.
|
177
179
|
|
178
|
-
## Authors
|
180
|
+
## Authors
|
179
181
|
|
180
182
|
* [Mauricio Gomes](http://github.com/mgomes)
|
181
183
|
* [Kevin Glowacz](http://github.com/kjg)
|
182
184
|
|
183
|
-
## Copyright
|
185
|
+
## Copyright
|
184
186
|
|
185
|
-
Copyright (c)
|
187
|
+
Copyright (c) 2014 Mauricio Gomes. See LICENSE.txt for further details.
|
data/Rakefile
CHANGED
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.
|
1
|
+
1.2.0
|
data/api_auth.gemspec
CHANGED
@@ -10,14 +10,16 @@ Gem::Specification.new do |s|
|
|
10
10
|
s.authors = ["Mauricio Gomes"]
|
11
11
|
s.email = "mauricio@edge14.com"
|
12
12
|
|
13
|
+
s.add_development_dependency "appraisal"
|
13
14
|
s.add_development_dependency "rake"
|
14
15
|
s.add_development_dependency "amatch"
|
15
16
|
s.add_development_dependency "rspec", "~> 2.4.0"
|
16
|
-
s.add_development_dependency "actionpack", "~>
|
17
|
-
s.add_development_dependency "activesupport", "~>
|
18
|
-
s.add_development_dependency "activeresource", "~>
|
17
|
+
s.add_development_dependency "actionpack", "~> 3.0.0"
|
18
|
+
s.add_development_dependency "activesupport", "~> 3.0.0"
|
19
|
+
s.add_development_dependency "activeresource", "~> 3.0.0"
|
19
20
|
s.add_development_dependency "rest-client", "~> 1.6.0"
|
20
21
|
s.add_development_dependency "curb", "~> 0.8.1"
|
22
|
+
s.add_development_dependency "httpi"
|
21
23
|
|
22
24
|
s.files = `git ls-files`.split("\n")
|
23
25
|
s.test_files = `git ls-files -- {test,spec,features}/*`.split("\n")
|
@@ -0,0 +1,57 @@
|
|
1
|
+
PATH
|
2
|
+
remote: ../
|
3
|
+
specs:
|
4
|
+
api-auth (1.1.0)
|
5
|
+
|
6
|
+
GEM
|
7
|
+
remote: https://rubygems.org/
|
8
|
+
specs:
|
9
|
+
actionpack (2.3.18)
|
10
|
+
activesupport (= 2.3.18)
|
11
|
+
rack (~> 1.1.0)
|
12
|
+
activeresource (2.3.18)
|
13
|
+
activesupport (= 2.3.18)
|
14
|
+
activesupport (2.3.18)
|
15
|
+
amatch (0.3.0)
|
16
|
+
tins (~> 1.0)
|
17
|
+
appraisal (1.0.0)
|
18
|
+
bundler
|
19
|
+
rake
|
20
|
+
thor (>= 0.14.0)
|
21
|
+
curb (0.8.5)
|
22
|
+
diff-lcs (1.1.3)
|
23
|
+
httpi (2.1.0)
|
24
|
+
rack
|
25
|
+
rubyntlm (~> 0.3.2)
|
26
|
+
mime-types (1.25.1)
|
27
|
+
rack (1.1.6)
|
28
|
+
rake (10.3.1)
|
29
|
+
rest-client (1.6.7)
|
30
|
+
mime-types (>= 1.16)
|
31
|
+
rspec (2.4.0)
|
32
|
+
rspec-core (~> 2.4.0)
|
33
|
+
rspec-expectations (~> 2.4.0)
|
34
|
+
rspec-mocks (~> 2.4.0)
|
35
|
+
rspec-core (2.4.0)
|
36
|
+
rspec-expectations (2.4.0)
|
37
|
+
diff-lcs (~> 1.1.2)
|
38
|
+
rspec-mocks (2.4.0)
|
39
|
+
rubyntlm (0.3.4)
|
40
|
+
thor (0.19.1)
|
41
|
+
tins (1.3.0)
|
42
|
+
|
43
|
+
PLATFORMS
|
44
|
+
ruby
|
45
|
+
|
46
|
+
DEPENDENCIES
|
47
|
+
actionpack (~> 2.3.2)
|
48
|
+
activeresource (~> 2.3.2)
|
49
|
+
activesupport (~> 2.3.2)
|
50
|
+
amatch
|
51
|
+
api-auth!
|
52
|
+
appraisal
|
53
|
+
curb (~> 0.8.1)
|
54
|
+
httpi
|
55
|
+
rake
|
56
|
+
rest-client (~> 1.6.0)
|
57
|
+
rspec (~> 2.4.0)
|
@@ -0,0 +1,79 @@
|
|
1
|
+
PATH
|
2
|
+
remote: ../
|
3
|
+
specs:
|
4
|
+
api-auth (1.1.0)
|
5
|
+
|
6
|
+
GEM
|
7
|
+
remote: https://rubygems.org/
|
8
|
+
specs:
|
9
|
+
abstract (1.0.0)
|
10
|
+
actionpack (3.0.20)
|
11
|
+
activemodel (= 3.0.20)
|
12
|
+
activesupport (= 3.0.20)
|
13
|
+
builder (~> 2.1.2)
|
14
|
+
erubis (~> 2.6.6)
|
15
|
+
i18n (~> 0.5.0)
|
16
|
+
rack (~> 1.2.5)
|
17
|
+
rack-mount (~> 0.6.14)
|
18
|
+
rack-test (~> 0.5.7)
|
19
|
+
tzinfo (~> 0.3.23)
|
20
|
+
activemodel (3.0.20)
|
21
|
+
activesupport (= 3.0.20)
|
22
|
+
builder (~> 2.1.2)
|
23
|
+
i18n (~> 0.5.0)
|
24
|
+
activeresource (3.0.20)
|
25
|
+
activemodel (= 3.0.20)
|
26
|
+
activesupport (= 3.0.20)
|
27
|
+
activesupport (3.0.20)
|
28
|
+
amatch (0.3.0)
|
29
|
+
tins (~> 1.0)
|
30
|
+
appraisal (1.0.0)
|
31
|
+
bundler
|
32
|
+
rake
|
33
|
+
thor (>= 0.14.0)
|
34
|
+
builder (2.1.2)
|
35
|
+
curb (0.8.5)
|
36
|
+
diff-lcs (1.1.3)
|
37
|
+
erubis (2.6.6)
|
38
|
+
abstract (>= 1.0.0)
|
39
|
+
httpi (2.1.0)
|
40
|
+
rack
|
41
|
+
rubyntlm (~> 0.3.2)
|
42
|
+
i18n (0.5.3)
|
43
|
+
mime-types (1.25.1)
|
44
|
+
rack (1.2.8)
|
45
|
+
rack-mount (0.6.14)
|
46
|
+
rack (>= 1.0.0)
|
47
|
+
rack-test (0.5.7)
|
48
|
+
rack (>= 1.0)
|
49
|
+
rake (10.3.1)
|
50
|
+
rest-client (1.6.7)
|
51
|
+
mime-types (>= 1.16)
|
52
|
+
rspec (2.4.0)
|
53
|
+
rspec-core (~> 2.4.0)
|
54
|
+
rspec-expectations (~> 2.4.0)
|
55
|
+
rspec-mocks (~> 2.4.0)
|
56
|
+
rspec-core (2.4.0)
|
57
|
+
rspec-expectations (2.4.0)
|
58
|
+
diff-lcs (~> 1.1.2)
|
59
|
+
rspec-mocks (2.4.0)
|
60
|
+
rubyntlm (0.3.4)
|
61
|
+
thor (0.19.1)
|
62
|
+
tins (1.3.0)
|
63
|
+
tzinfo (0.3.39)
|
64
|
+
|
65
|
+
PLATFORMS
|
66
|
+
ruby
|
67
|
+
|
68
|
+
DEPENDENCIES
|
69
|
+
actionpack (~> 3.0.20)
|
70
|
+
activeresource (~> 3.0.20)
|
71
|
+
activesupport (~> 3.0.20)
|
72
|
+
amatch
|
73
|
+
api-auth!
|
74
|
+
appraisal
|
75
|
+
curb (~> 0.8.1)
|
76
|
+
httpi
|
77
|
+
rake
|
78
|
+
rest-client (~> 1.6.0)
|
79
|
+
rspec (~> 2.4.0)
|
@@ -0,0 +1,85 @@
|
|
1
|
+
PATH
|
2
|
+
remote: ../
|
3
|
+
specs:
|
4
|
+
api-auth (1.1.0)
|
5
|
+
|
6
|
+
GEM
|
7
|
+
remote: https://rubygems.org/
|
8
|
+
specs:
|
9
|
+
actionpack (3.1.12)
|
10
|
+
activemodel (= 3.1.12)
|
11
|
+
activesupport (= 3.1.12)
|
12
|
+
builder (~> 3.0.0)
|
13
|
+
erubis (~> 2.7.0)
|
14
|
+
i18n (~> 0.6)
|
15
|
+
rack (~> 1.3.6)
|
16
|
+
rack-cache (~> 1.2)
|
17
|
+
rack-mount (~> 0.8.2)
|
18
|
+
rack-test (~> 0.6.1)
|
19
|
+
sprockets (~> 2.0.4)
|
20
|
+
activemodel (3.1.12)
|
21
|
+
activesupport (= 3.1.12)
|
22
|
+
builder (~> 3.0.0)
|
23
|
+
i18n (~> 0.6)
|
24
|
+
activeresource (3.1.12)
|
25
|
+
activemodel (= 3.1.12)
|
26
|
+
activesupport (= 3.1.12)
|
27
|
+
activesupport (3.1.12)
|
28
|
+
multi_json (~> 1.0)
|
29
|
+
amatch (0.2.11)
|
30
|
+
tins (~> 0.3)
|
31
|
+
appraisal (0.5.2)
|
32
|
+
bundler
|
33
|
+
rake
|
34
|
+
builder (3.0.4)
|
35
|
+
curb (0.8.5)
|
36
|
+
diff-lcs (1.1.3)
|
37
|
+
erubis (2.7.0)
|
38
|
+
hike (1.2.3)
|
39
|
+
httpi (2.1.0)
|
40
|
+
rack
|
41
|
+
rubyntlm (~> 0.3.2)
|
42
|
+
i18n (0.6.9)
|
43
|
+
mime-types (1.25.1)
|
44
|
+
multi_json (1.9.2)
|
45
|
+
rack (1.3.10)
|
46
|
+
rack-cache (1.2)
|
47
|
+
rack (>= 0.4)
|
48
|
+
rack-mount (0.8.3)
|
49
|
+
rack (>= 1.0.0)
|
50
|
+
rack-test (0.6.2)
|
51
|
+
rack (>= 1.0)
|
52
|
+
rake (10.1.1)
|
53
|
+
rest-client (1.6.7)
|
54
|
+
mime-types (>= 1.16)
|
55
|
+
rspec (2.4.0)
|
56
|
+
rspec-core (~> 2.4.0)
|
57
|
+
rspec-expectations (~> 2.4.0)
|
58
|
+
rspec-mocks (~> 2.4.0)
|
59
|
+
rspec-core (2.4.0)
|
60
|
+
rspec-expectations (2.4.0)
|
61
|
+
diff-lcs (~> 1.1.2)
|
62
|
+
rspec-mocks (2.4.0)
|
63
|
+
rubyntlm (0.3.4)
|
64
|
+
sprockets (2.0.4)
|
65
|
+
hike (~> 1.2)
|
66
|
+
rack (~> 1.0)
|
67
|
+
tilt (~> 1.1, != 1.3.0)
|
68
|
+
tilt (1.4.1)
|
69
|
+
tins (0.13.2)
|
70
|
+
|
71
|
+
PLATFORMS
|
72
|
+
ruby
|
73
|
+
|
74
|
+
DEPENDENCIES
|
75
|
+
actionpack (~> 3.1.0)
|
76
|
+
activeresource (~> 3.1.0)
|
77
|
+
activesupport (~> 3.1.0)
|
78
|
+
amatch
|
79
|
+
api-auth!
|
80
|
+
appraisal
|
81
|
+
curb (~> 0.8.1)
|
82
|
+
httpi
|
83
|
+
rake
|
84
|
+
rest-client (~> 1.6.0)
|
85
|
+
rspec (~> 2.4.0)
|