api-auth 1.2.4 → 1.2.5

Sign up to get free protection for your applications and to get access to all the features.
Files changed (12) hide show
  1. data/CHANGELOG.md +5 -0
  2. data/Gemfile.lock +1 -1
  3. data/VERSION +1 -1
  4. data/gemfiles/rails_23.gemfile.lock +1 -1
  5. data/gemfiles/rails_30.gemfile.lock +1 -1
  6. data/gemfiles/rails_31.gemfile.lock +1 -1
  7. data/gemfiles/rails_32.gemfile.lock +1 -1
  8. data/gemfiles/rails_4.gemfile.lock +1 -1
  9. data/gemfiles/rails_41.gemfile.lock +1 -1
  10. data/lib/api_auth/base.rb +7 -2
  11. data/spec/api_auth_spec.rb +37 -0
  12. metadata +4 -4
data/CHANGELOG.md CHANGED
@@ -1,3 +1,8 @@
1
+ # 1.2.5 (2014-09-09)
2
+ - Fix a bug where ApiAuth.authentic? would cause an ArgumentError when given a
3
+ request with an invalid date in the date header. It will now return false
4
+ instead. (#51 Nakort)
5
+
1
6
  # 1.2.4 (2014-08-27)
2
7
  - Fix a bug in the Net::HTTP request driver where the md5 isn't calculated
3
8
  correctly when the content of the request is set with the `.body_stream`
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- api-auth (1.2.4)
4
+ api-auth (1.2.5)
5
5
 
6
6
  GEM
7
7
  remote: https://rubygems.org/
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.2.4
1
+ 1.2.5
data/gemfiles/rails_23.gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: ../
3
3
  specs:
4
- api-auth (1.2.4)
4
+ api-auth (1.2.5)
5
5
 
6
6
  GEM
7
7
  remote: https://rubygems.org/
data/gemfiles/rails_30.gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: ../
3
3
  specs:
4
- api-auth (1.2.4)
4
+ api-auth (1.2.5)
5
5
 
6
6
  GEM
7
7
  remote: https://rubygems.org/
data/gemfiles/rails_31.gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: ../
3
3
  specs:
4
- api-auth (1.2.4)
4
+ api-auth (1.2.5)
5
5
 
6
6
  GEM
7
7
  remote: https://rubygems.org/
data/gemfiles/rails_32.gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: ../
3
3
  specs:
4
- api-auth (1.2.4)
4
+ api-auth (1.2.5)
5
5
 
6
6
  GEM
7
7
  remote: https://rubygems.org/
data/gemfiles/rails_4.gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: ../
3
3
  specs:
4
- api-auth (1.2.4)
4
+ api-auth (1.2.5)
5
5
 
6
6
  GEM
7
7
  remote: https://rubygems.org/
data/gemfiles/rails_41.gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: ../
3
3
  specs:
4
- api-auth (1.2.4)
4
+ api-auth (1.2.5)
5
5
 
6
6
  GEM
7
7
  remote: https://rubygems.org/
data/lib/api_auth/base.rb CHANGED
@@ -1,4 +1,5 @@
1
- # api-auth is Ruby gem designed to be used both in your client and server
1
+ # encoding: UTF-8
2
+ # api-auth is a Ruby gem designed to be used both in your client and server
2
3
  # HTTP-based applications. It implements the same authentication methods (HMAC)
3
4
  # used by Amazon Web Services.
4
5
 
@@ -60,7 +61,11 @@ module ApiAuth
60
61
  def request_too_old?(request)
61
62
  headers = Headers.new(request)
62
63
  # 900 seconds is 15 minutes
63
- Time.parse(headers.timestamp).utc < (Time.now.utc - 900)
64
+ begin
65
+ Time.httpdate(headers.timestamp).utc < (Time.now.utc - 900)
66
+ rescue ArgumentError
67
+ true
68
+ end
64
69
  end
65
70
 
66
71
  def md5_mismatch?(request)
data/spec/api_auth_spec.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # encoding: UTF-8
1
2
  require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
2
3
 
3
4
  describe "ApiAuth" do
@@ -109,6 +110,12 @@ describe "ApiAuth" do
109
110
  ApiAuth.authentic?(signed_request, @secret_key).should be_false
110
111
  end
111
112
 
113
+ it "should NOT authenticate a request with an invalid date" do
114
+ @request['Date'] = "٢٠١٤-٠٩-٠٨ ١٦:٣١:١٤ +٠٣٠٠"
115
+ signed_request = ApiAuth.sign!(@request, @access_id, @secret_key)
116
+ ApiAuth.authentic?(signed_request, @secret_key).should be_false
117
+ end
118
+
112
119
  it "should retrieve the access_id" do
113
120
  ApiAuth.access_id(@signed_request).should == "1044"
114
121
  end
@@ -229,6 +236,12 @@ describe "ApiAuth" do
229
236
  ApiAuth.authentic?(signed_request, @secret_key).should be_false
230
237
  end
231
238
 
239
+ it "should NOT authenticate a request with an invalid date" do
240
+ @request.headers['Date'] = "٢٠١٤-٠٩-٠٨ ١٦:٣١:١٤ +٠٣٠٠"
241
+ signed_request = ApiAuth.sign!(@request, @access_id, @secret_key)
242
+ ApiAuth.authentic?(signed_request, @secret_key).should be_false
243
+ end
244
+
232
245
  it "should retrieve the access_id" do
233
246
  ApiAuth.access_id(@signed_request).should == "1044"
234
247
  end
@@ -285,6 +298,12 @@ describe "ApiAuth" do
285
298
  ApiAuth.authentic?(signed_request, @secret_key).should be_false
286
299
  end
287
300
 
301
+ it "should NOT authenticate a request with an invalid date" do
302
+ @request.headers['Date'] = "٢٠١٤-٠٩-٠٨ ١٦:٣١:١٤ +٠٣٠٠"
303
+ signed_request = ApiAuth.sign!(@request, @access_id, @secret_key)
304
+ ApiAuth.authentic?(signed_request, @secret_key).should be_false
305
+ end
306
+
288
307
  it "should retrieve the access_id" do
289
308
  ApiAuth.access_id(@signed_request).should == "1044"
290
309
  end
@@ -373,6 +392,12 @@ describe "ApiAuth" do
373
392
  ApiAuth.authentic?(signed_request, @secret_key).should be_false
374
393
  end
375
394
 
395
+ it "should NOT authenticate a request with an invalid date" do
396
+ @request.env['Date'] = "٢٠١٤-٠٩-٠٨ ١٦:٣١:١٤ +٠٣٠٠"
397
+ signed_request = ApiAuth.sign!(@request, @access_id, @secret_key)
398
+ ApiAuth.authentic?(signed_request, @secret_key).should be_false
399
+ end
400
+
376
401
  it "should retrieve the access_id" do
377
402
  ApiAuth.access_id(@signed_request).should == "1044"
378
403
  end
@@ -446,6 +471,12 @@ describe "ApiAuth" do
446
471
  ApiAuth.authentic?(signed_request, @secret_key).should be_false
447
472
  end
448
473
 
474
+ it "should NOT authenticate a request with an invalid date" do
475
+ @request.env['Date'] = "٢٠١٤-٠٩-٠٨ ١٦:٣١:١٤ +٠٣٠٠"
476
+ signed_request = ApiAuth.sign!(@request, @access_id, @secret_key)
477
+ ApiAuth.authentic?(signed_request, @secret_key).should be_false
478
+ end
479
+
449
480
  it "should retrieve the access_id" do
450
481
  ApiAuth.access_id(@signed_request).should == "1044"
451
482
  end
@@ -521,6 +552,12 @@ describe "ApiAuth" do
521
552
  ApiAuth.authentic?(signed_request, @secret_key).should be_false
522
553
  end
523
554
 
555
+ it "should NOT authenticate a request with an invalid date" do
556
+ @request.headers['Date'] = "٢٠١٤-٠٩-٠٨ ١٦:٣١:١٤ +٠٣٠٠"
557
+ signed_request = ApiAuth.sign!(@request, @access_id, @secret_key)
558
+ ApiAuth.authentic?(signed_request, @secret_key).should be_false
559
+ end
560
+
524
561
  it "should retrieve the access_id" do
525
562
  ApiAuth.access_id(@signed_request).should == "1044"
526
563
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: api-auth
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.2.4
4
+ version: 1.2.5
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2014-08-27 00:00:00.000000000 Z
12
+ date: 2014-09-09 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: appraisal
@@ -254,7 +254,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
254
254
  version: '0'
255
255
  segments:
256
256
  - 0
257
- hash: -2860665435517215427
257
+ hash: -2923652677947194929
258
258
  required_rubygems_version: !ruby/object:Gem::Requirement
259
259
  none: false
260
260
  requirements:
@@ -263,7 +263,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
263
263
  version: '0'
264
264
  segments:
265
265
  - 0
266
- hash: -2860665435517215427
266
+ hash: -2923652677947194929
267
267
  requirements: []
268
268
  rubyforge_project:
269
269
  rubygems_version: 1.8.23.2