api-auth 1.5.0 → 2.0.0

data/lib/api_auth/errors.rb

@@ -1,9 +1,10 @@
 module ApiAuth
-  
   # :nodoc:
   class ApiAuthError < StandardError; end
-  
+
   # Raised when the HTTP request object passed is not supported
   class UnknownHTTPRequest < ApiAuthError; end
-  
+
+  # Raised when the client request digest is not the same as the server
+  class InvalidRequestDigest < ApiAuthError; end
 end

data/lib/api_auth/headers.rb

@@ -1,8 +1,6 @@
 module ApiAuth
-
   # Builds the canonical string given a request object.
   class Headers
-
     include RequestDrivers
 
     def initialize(request)
@@ -36,46 +34,32 @@ module ApiAuth
           HttpiRequest.new(request)
         when /Faraday::Request/
           FaradayRequest.new(request)
-        else
-          nil
         end
 
       return new_request if new_request
-      return RackRequest.new(request) if request.kind_of?(Rack::Request)
-      raise UnknownHTTPRequest, "#{request.class.to_s} is not yet supported."
+      return RackRequest.new(request) if request.is_a?(Rack::Request)
+      raise UnknownHTTPRequest, "#{request.class} is not yet supported."
     end
     private :initialize_request_driver
 
     # Returns the request timestamp
     def timestamp
-       @request.timestamp
+      @request.timestamp
     end
 
-    # Returns the canonical string computed from the request's headers
-    def canonical_string_without_http_method
-      [ @request.content_type,
-        @request.content_md5,
-        parse_uri(@request.request_uri),
-        @request.timestamp
-      ].join(",")
-    end
-
-    # temp backwards compatibility
-    alias_method :canonical_string, :canonical_string_without_http_method
-
-    def canonical_string_with_http_method(override_method = nil)
+    def canonical_string(override_method = nil)
       request_method = override_method || @request.http_method
 
       if request_method.nil?
-        raise ArgumentError, "unable to determine the http method from the request, please supply an override"
+        raise ArgumentError, 'unable to determine the http method from the request, please supply an override'
       end
 
-      [ request_method.upcase,
-        @request.content_type,
-        @request.content_md5,
-        parse_uri(@request.request_uri),
-        @request.timestamp
-      ].join(",")
+      [request_method.upcase,
+       @request.content_type,
+       @request.content_md5,
+       parse_uri(@request.request_uri),
+       @request.timestamp
+      ].join(',')
     end
 
     # Returns the authorization header from the request's headers

data/lib/api_auth/helpers.rb

@@ -1,13 +1,11 @@
 module ApiAuth
-
   module Helpers # :nodoc:
-
     def b64_encode(string)
       if Base64.respond_to?(:strict_encode64)
         Base64.strict_encode64(string)
       else
         # Fall back to stripping out newlines on Ruby 1.8.
-        Base64.encode64(string).gsub(/\n/, '')
+        Base64.encode64(string).delete("\n")
       end
     end
 
@@ -22,10 +20,8 @@ module ApiAuth
     # Capitalizes the keys of a hash
     def capitalize_keys(hsh)
       capitalized_hash = {}
-      hsh.each_pair {|k,v| capitalized_hash[k.to_s.upcase] = v }
+      hsh.each_pair { |k, v| capitalized_hash[k.to_s.upcase] = v }
       capitalized_hash
     end
-
   end
-
 end

data/lib/api_auth/railtie.rb

@@ -1,13 +1,9 @@
 module ApiAuth
-
   # Integration with Rails
   #
   class Rails # :nodoc:
-
     module ControllerMethods # :nodoc:
-
       module InstanceMethods # :nodoc:
-
         def get_api_access_id_from_request
           ApiAuth.access_id(request)
         end
@@ -15,31 +11,15 @@ module ApiAuth
         def api_authenticated?(secret_key)
           ApiAuth.authentic?(request, secret_key)
         end
-
-      end
-
-      unless defined?(ActionController)
-        begin
-          require 'rubygems'
-          gem 'actionpack'
-          gem 'activesupport'
-          require 'action_controller'
-          require 'active_support'
-        rescue LoadError
-          nil
-        end
       end
 
       if defined?(ActionController::Base)
         ActionController::Base.send(:include, ControllerMethods::InstanceMethods)
       end
-
     end # ControllerMethods
 
     module ActiveResourceExtension  # :nodoc:
-
       module ActiveResourceApiAuth # :nodoc:
-
         def self.included(base)
           base.extend(ClassMethods)
 
@@ -47,24 +27,17 @@ module ApiAuth
             base.class_attribute :hmac_access_id
             base.class_attribute :hmac_secret_key
             base.class_attribute :use_hmac
-            base.class_attribute :sign_with_http_method
           else
             base.class_inheritable_accessor :hmac_access_id
             base.class_inheritable_accessor :hmac_secret_key
             base.class_inheritable_accessor :use_hmac
-            base.class_inheritable_accessor :sign_with_http_method
           end
-
         end
 
         module ClassMethods
-
           def with_api_auth(access_id, secret_key, options = {})
-            sign_with_http_method = options[:sign_with_http_method] || false
-
             self.hmac_access_id = access_id
             self.hmac_secret_key = secret_key
-            self.sign_with_http_method = sign_with_http_method
             self.use_hmac = true
 
             class << self
@@ -74,26 +47,22 @@ module ApiAuth
 
           def connection_with_auth(refresh = false)
             c = connection_without_auth(refresh)
-            c.hmac_access_id = self.hmac_access_id
-            c.hmac_secret_key = self.hmac_secret_key
-            c.use_hmac = self.use_hmac
-            c.sign_with_http_method = self.sign_with_http_method
+            c.hmac_access_id = hmac_access_id
+            c.hmac_secret_key = hmac_secret_key
+            c.use_hmac = use_hmac
             c
           end
-
         end # class methods
 
         module InstanceMethods
         end
-
       end # BaseApiAuth
 
       module Connection
-
         def self.included(base)
           base.send :alias_method_chain, :request, :auth
           base.class_eval do
-            attr_accessor :hmac_secret_key, :hmac_access_id, :use_hmac, :sign_with_http_method
+            attr_accessor :hmac_secret_key, :hmac_access_id, :use_hmac
           end
         end
 
@@ -102,7 +71,7 @@ module ApiAuth
             h = arguments.last
             tmp = "Net::HTTP::#{method.to_s.capitalize}".constantize.new(path, h)
             tmp.body = arguments[0] if arguments.length > 1
-            ApiAuth.sign!(tmp, hmac_access_id, hmac_secret_key, {:with_http_method => (sign_with_http_method || false)})
+            ApiAuth.sign!(tmp, hmac_access_id, hmac_secret_key)
             arguments.last['Content-MD5'] = tmp['Content-MD5'] if tmp['Content-MD5']
             arguments.last['DATE'] = tmp['DATE']
             arguments.last['Authorization'] = tmp['Authorization']
@@ -110,26 +79,12 @@ module ApiAuth
 
           request_without_auth(method, path, *arguments)
         end
-
       end # Connection
 
-      unless defined?(ActiveResource)
-        begin
-          require 'rubygems'
-          gem 'activeresource'
-          require 'active_resource'
-        rescue LoadError
-          nil
-        end
-      end
-
       if defined?(ActiveResource)
         ActiveResource::Base.send(:include, ActiveResourceApiAuth)
         ActiveResource::Connection.send(:include, Connection)
       end
-
     end # ActiveResourceExtension
-
   end # Rails
-
 end # ApiAuth

data/lib/api_auth/request_drivers/action_controller.rb

@@ -1,9 +1,6 @@
 module ApiAuth
-
   module RequestDrivers # :nodoc:
-
     class ActionControllerRequest # :nodoc:
-
       include ApiAuth::Helpers
 
       def initialize(request)
@@ -13,7 +10,7 @@ module ApiAuth
       end
 
       def set_auth_header(header)
-        @request.env["Authorization"] = header
+        @request.env['Authorization'] = header
         fetch_headers
         @request
       end
@@ -25,7 +22,7 @@ module ApiAuth
 
       def populate_content_md5
         if @request.put? || @request.post?
-          @request.env["Content-MD5"] = calculated_md5
+          @request.env['Content-MD5'] = calculated_md5
           fetch_headers
         end
       end
@@ -48,12 +45,12 @@ module ApiAuth
 
       def content_type
         value = find_header(%w(CONTENT-TYPE CONTENT_TYPE HTTP_CONTENT_TYPE))
-        value.nil? ? "" : value
+        value.nil? ? '' : value
       end
 
       def content_md5
         value = find_header(%w(CONTENT-MD5 CONTENT_MD5 HTTP_CONTENT_MD5))
-        value.nil? ? "" : value
+        value.nil? ? '' : value
       end
 
       def request_uri
@@ -67,21 +64,18 @@ module ApiAuth
 
       def timestamp
         value = find_header(%w(DATE HTTP_DATE))
-        value.nil? ? "" : value
+        value.nil? ? '' : value
       end
 
       def authorization_header
         find_header %w(Authorization AUTHORIZATION HTTP_AUTHORIZATION)
       end
 
-    private
+      private
 
       def find_header(keys)
-        keys.map {|key| @headers[key] }.compact.first
+        keys.map { |key| @headers[key] }.compact.first
       end
-
     end
-
   end
-
 end

data/lib/api_auth/request_drivers/action_dispatch.rb

@@ -1,15 +1,9 @@
 module ApiAuth
-
   module RequestDrivers # :nodoc:
-
     class ActionDispatchRequest < ActionControllerRequest # :nodoc:
-
       def request_uri
         @request.fullpath
       end
-
     end
-
   end
-
 end

data/lib/api_auth/request_drivers/curb.rb

@@ -1,9 +1,6 @@
 module ApiAuth
-
   module RequestDrivers # :nodoc:
-
     class CurbRequest # :nodoc:
-
       include ApiAuth::Helpers
 
       def initialize(request)
@@ -13,13 +10,13 @@ module ApiAuth
       end
 
       def set_auth_header(header)
-        @request.headers.merge!({ "Authorization" => header })
+        @request.headers['Authorization'] = header
         fetch_headers
         @request
       end
 
       def populate_content_md5
-        nil #doesn't appear to be possible
+        nil # doesn't appear to be possible
       end
 
       def md5_mismatch?
@@ -36,12 +33,12 @@ module ApiAuth
 
       def content_type
         value = find_header(%w(CONTENT-TYPE CONTENT_TYPE HTTP_CONTENT_TYPE))
-        value.nil? ? "" : value
+        value.nil? ? '' : value
       end
 
       def content_md5
         value = find_header(%w(CONTENT-MD5 CONTENT_MD5))
-        value.nil? ? "" : value
+        value.nil? ? '' : value
       end
 
       def request_uri
@@ -49,27 +46,24 @@ module ApiAuth
       end
 
       def set_date
-        @request.headers.merge!({ "DATE" => Time.now.utc.httpdate })
+        @request.headers['DATE'] = Time.now.utc.httpdate
         fetch_headers
       end
 
       def timestamp
         value = find_header(%w(DATE HTTP_DATE))
-        value.nil? ? "" : value
+        value.nil? ? '' : value
       end
 
       def authorization_header
         find_header %w(Authorization AUTHORIZATION HTTP_AUTHORIZATION)
       end
 
-    private
+      private
 
       def find_header(keys)
-        keys.map {|key| @headers[key] }.compact.first
+        keys.map { |key| @headers[key] }.compact.first
       end
-
     end
-
   end
-
 end

data/lib/api_auth/request_drivers/faraday.rb

@@ -1,9 +1,6 @@
 module ApiAuth
-
   module RequestDrivers # :nodoc:
-
     class FaradayRequest # :nodoc:
-
       include ApiAuth::Helpers
 
       def initialize(request)
@@ -13,29 +10,25 @@ module ApiAuth
       end
 
       def set_auth_header(header)
-        @request.headers.merge!({ "Authorization" => header })
+        @request.headers['Authorization'] = header
         fetch_headers
         @request
       end
 
       def calculated_md5
-        if @request.body
-          body = @request.body
-        else
-          body = ''
-        end
+        body = @request.body ? @request.body : ''
         md5_base64digest(body)
       end
 
       def populate_content_md5
-        if ['POST', 'PUT'].include?(@request.method.to_s.upcase)
-          @request.headers["Content-MD5"] = calculated_md5
+        if %w(POST PUT).include?(@request.method.to_s.upcase)
+          @request.headers['Content-MD5'] = calculated_md5
           fetch_headers
         end
       end
 
       def md5_mismatch?
-        if ['POST', 'PUT'].include?(@request.method.to_s.upcase)
+        if %w(POST PUT).include?(@request.method.to_s.upcase)
           calculated_md5 != content_md5
         else
           false
@@ -52,12 +45,12 @@ module ApiAuth
 
       def content_type
         value = find_header(%w(CONTENT-TYPE CONTENT_TYPE HTTP_CONTENT_TYPE))
-        value.nil? ? "" : value
+        value.nil? ? '' : value
       end
 
       def content_md5
         value = find_header(%w(CONTENT-MD5 CONTENT_MD5 HTTP-CONTENT-MD5 HTTP_CONTENT_MD5))
-        value.nil? ? "" : value
+        value.nil? ? '' : value
       end
 
       def request_uri
@@ -68,27 +61,24 @@ module ApiAuth
       end
 
       def set_date
-        @request.headers.merge!({ "DATE" => Time.now.utc.httpdate })
+        @request.headers['DATE'] = Time.now.utc.httpdate
         fetch_headers
       end
 
       def timestamp
         value = find_header(%w(DATE HTTP_DATE))
-        value.nil? ? "" : value
+        value.nil? ? '' : value
       end
 
       def authorization_header
         find_header %w(Authorization AUTHORIZATION HTTP_AUTHORIZATION)
       end
 
-    private
+      private
 
       def find_header(keys)
-        keys.map {|key| @headers[key] }.compact.first
+        keys.map { |key| @headers[key] }.compact.first
       end
-
     end
-
   end
-
 end