api-auth 1.5.0 → 2.0.0

data/lib/api_auth/request_drivers/httpi.rb

@@ -1,9 +1,6 @@
 module ApiAuth
-
   module RequestDrivers # :nodoc:
-
     class HttpiRequest # :nodoc:
-
       include ApiAuth::Helpers
 
       def initialize(request)
@@ -13,7 +10,7 @@ module ApiAuth
       end
 
       def set_auth_header(header)
-        @request.headers["Authorization"] = header
+        @request.headers['Authorization'] = header
         fetch_headers
         @request
       end
@@ -24,7 +21,7 @@ module ApiAuth
 
       def populate_content_md5
         if @request.body
-          @request.headers["Content-MD5"] = calculated_md5
+          @request.headers['Content-MD5'] = calculated_md5
           fetch_headers
         end
       end
@@ -47,12 +44,12 @@ module ApiAuth
 
       def content_type
         value = find_header(%w(CONTENT-TYPE CONTENT_TYPE HTTP_CONTENT_TYPE))
-        value.nil? ? "" : value
+        value.nil? ? '' : value
       end
 
       def content_md5
         value = find_header(%w(CONTENT-MD5 CONTENT_MD5))
-        value.nil? ? "" : value
+        value.nil? ? '' : value
       end
 
       def request_uri
@@ -60,27 +57,24 @@ module ApiAuth
       end
 
       def set_date
-        @request.headers["DATE"] = Time.now.utc.httpdate
+        @request.headers['DATE'] = Time.now.utc.httpdate
         fetch_headers
       end
 
       def timestamp
         value = find_header(%w(DATE HTTP_DATE))
-        value.nil? ? "" : value
+        value.nil? ? '' : value
       end
 
       def authorization_header
         find_header %w(Authorization AUTHORIZATION HTTP_AUTHORIZATION)
       end
 
-    private
+      private
 
       def find_header(keys)
-        keys.map {|key| @headers[key] }.compact.first
+        keys.map { |key| @headers[key] }.compact.first
       end
-
     end
-
   end
-
 end

data/lib/api_auth/request_drivers/net_http.rb

@@ -1,9 +1,6 @@
 module ApiAuth
-
   module RequestDrivers # :nodoc:
-
     class NetHttpRequest # :nodoc:
-
       include ApiAuth::Helpers
 
       def initialize(request)
@@ -13,7 +10,7 @@ module ApiAuth
       end
 
       def set_auth_header(header)
-        @request["Authorization"] = header
+        @request['Authorization'] = header
         @headers = fetch_headers
         @request
       end
@@ -31,7 +28,7 @@ module ApiAuth
 
       def populate_content_md5
         if @request.class::REQUEST_HAS_BODY
-          @request["Content-MD5"] = calculated_md5
+          @request['Content-MD5'] = calculated_md5
         end
       end
 
@@ -53,12 +50,12 @@ module ApiAuth
 
       def content_type
         value = find_header(%w(CONTENT-TYPE CONTENT_TYPE HTTP_CONTENT_TYPE))
-        value.nil? ? "" : value
+        value.nil? ? '' : value
       end
 
       def content_md5
         value = find_header(%w(CONTENT-MD5 CONTENT_MD5))
-        value.nil? ? "" : value
+        value.nil? ? '' : value
       end
 
       def request_uri
@@ -66,26 +63,23 @@ module ApiAuth
       end
 
       def set_date
-        @request["DATE"] = Time.now.utc.httpdate
+        @request['DATE'] = Time.now.utc.httpdate
       end
 
       def timestamp
         value = find_header(%w(DATE HTTP_DATE))
-        value.nil? ? "" : value
+        value.nil? ? '' : value
       end
 
       def authorization_header
         find_header %w(Authorization AUTHORIZATION HTTP_AUTHORIZATION)
       end
 
-    private
+      private
 
       def find_header(keys)
-        keys.map {|key| @headers[key] }.compact.first
+        keys.map { |key| @headers[key] }.compact.first
       end
-
     end
-
   end
-
 end

data/lib/api_auth/request_drivers/rack.rb

@@ -1,9 +1,6 @@
 module ApiAuth
-
   module RequestDrivers # :nodoc:
-
     class RackRequest # :nodoc:
-
       include ApiAuth::Helpers
 
       def initialize(request)
@@ -13,7 +10,7 @@ module ApiAuth
       end
 
       def set_auth_header(header)
-        @request.env.merge!({ "Authorization" => header })
+        @request.env['Authorization'] = header
         fetch_headers
         @request
       end
@@ -29,14 +26,14 @@ module ApiAuth
       end
 
       def populate_content_md5
-        if ['POST', 'PUT'].include?(@request.request_method)
-          @request.env["Content-MD5"] = calculated_md5
+        if %w(POST PUT).include?(@request.request_method)
+          @request.env['Content-MD5'] = calculated_md5
           fetch_headers
         end
       end
 
       def md5_mismatch?
-        if ['POST', 'PUT'].include?(@request.request_method)
+        if %w(POST PUT).include?(@request.request_method)
           calculated_md5 != content_md5
         else
           false
@@ -53,12 +50,12 @@ module ApiAuth
 
       def content_type
         value = find_header(%w(CONTENT-TYPE CONTENT_TYPE HTTP_CONTENT_TYPE))
-        value.nil? ? "" : value
+        value.nil? ? '' : value
       end
 
       def content_md5
         value = find_header(%w(CONTENT-MD5 CONTENT_MD5 HTTP-CONTENT-MD5 HTTP_CONTENT_MD5))
-        value.nil? ? "" : value
+        value.nil? ? '' : value
       end
 
       def request_uri
@@ -66,27 +63,24 @@ module ApiAuth
       end
 
       def set_date
-        @request.env.merge!({ "DATE" => Time.now.utc.httpdate })
+        @request.env['DATE'] = Time.now.utc.httpdate
         fetch_headers
       end
 
       def timestamp
         value = find_header(%w(DATE HTTP_DATE))
-        value.nil? ? "" : value
+        value.nil? ? '' : value
       end
 
       def authorization_header
         find_header %w(Authorization AUTHORIZATION HTTP_AUTHORIZATION)
       end
 
-    private
+      private
 
       def find_header(keys)
-        keys.map {|key| @headers[key] }.compact.first
+        keys.map { |key| @headers[key] }.compact.first
       end
-
     end
-
   end
-
 end

data/lib/api_auth/request_drivers/rest_client.rb

@@ -1,12 +1,9 @@
 # give access to RestClient @processed_headers
-module RestClient;class Request;attr_accessor :processed_headers;end;end
+module RestClient; class Request; attr_accessor :processed_headers; end; end
 
 module ApiAuth
-
   module RequestDrivers # :nodoc:
-
     class RestClientRequest # :nodoc:
-
       include ApiAuth::Helpers
 
       def initialize(request)
@@ -16,7 +13,7 @@ module ApiAuth
       end
 
       def set_auth_header(header)
-        @request.headers.merge!({ "Authorization" => header })
+        @request.headers['Authorization'] = header
         save_headers # enforce update of processed_headers based on last updated headers
         @request
       end
@@ -33,7 +30,7 @@ module ApiAuth
 
       def populate_content_md5
         if [:post, :put].include?(@request.method)
-          @request.headers["Content-MD5"] = calculated_md5
+          @request.headers['Content-MD5'] = calculated_md5
           save_headers
         end
       end
@@ -56,12 +53,12 @@ module ApiAuth
 
       def content_type
         value = find_header(%w(CONTENT-TYPE CONTENT_TYPE HTTP_CONTENT_TYPE))
-        value.nil? ? "": value
+        value.nil? ? '' : value
       end
 
       def content_md5
         value = find_header(%w(CONTENT-MD5 CONTENT_MD5))
-        value.nil? ? "" : value
+        value.nil? ? '' : value
       end
 
       def request_uri
@@ -69,32 +66,29 @@ module ApiAuth
       end
 
       def set_date
-        @request.headers.merge!({ "DATE" => Time.now.utc.httpdate })
+        @request.headers['DATE'] = Time.now.utc.httpdate
         save_headers
       end
 
       def timestamp
         value = find_header(%w(DATE HTTP_DATE))
-        value.nil? ? "" : value
+        value.nil? ? '' : value
       end
 
       def authorization_header
         find_header %w(Authorization AUTHORIZATION HTTP_AUTHORIZATION)
       end
 
-    private
+      private
 
       def find_header(keys)
-        keys.map {|key| @headers[key] }.compact.first
+        keys.map { |key| @headers[key] }.compact.first
       end
 
       def save_headers
         @request.processed_headers = @request.make_headers(@request.headers)
         @headers = fetch_headers
       end
-
     end
-
   end
-
 end

data/spec/api_auth_spec.rb

@@ -1,170 +1,172 @@
 # encoding: UTF-8
 require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
 
-describe "ApiAuth" do
-
-  describe "generating secret keys" do
-
-    it "should generate secret keys" do
+describe 'ApiAuth' do
+  describe 'generating secret keys' do
+    it 'should generate secret keys' do
       ApiAuth.generate_secret_key
     end
 
-    it "should generate secret keys that are 88 characters" do
+    it 'should generate secret keys that are 88 characters' do
       expect(ApiAuth.generate_secret_key.size).to be(88)
     end
 
-    it "should generate keys that have a Hamming Distance of at least 65" do
+    it 'should generate keys that have a Hamming Distance of at least 65' do
       key1 = ApiAuth.generate_secret_key
       key2 = ApiAuth.generate_secret_key
       expect(Amatch::Hamming.new(key1).match(key2)).to be > 65
     end
-
   end
 
-  def hmac(secret_key, request, canonical_string = nil)
+  def hmac(secret_key, request, canonical_string = nil, digest = 'sha1')
     canonical_string ||= ApiAuth::Headers.new(request).canonical_string
-    digest = OpenSSL::Digest.new('sha1')
+    digest = OpenSSL::Digest.new(digest)
     ApiAuth.b64_encode(OpenSSL::HMAC.digest(digest, secret_key, canonical_string))
   end
 
-  describe ".sign!" do
-    let(:request){ RestClient::Request.new(:url => "http://google.com", :method => :get) }
-    let(:headers){ ApiAuth::Headers.new(request) }
+  describe '.sign!' do
+    let(:request) { RestClient::Request.new(:url => 'http://google.com', :method => :get) }
+    let(:headers) { ApiAuth::Headers.new(request) }
 
-    it "generates date header before signing" do
+    it 'generates date header before signing' do
       expect(ApiAuth::Headers).to receive(:new).and_return(headers)
 
       expect(headers).to receive(:set_date).ordered
       expect(headers).to receive(:sign_header).ordered
 
-      ApiAuth.sign!(request, "abc", "123")
+      ApiAuth.sign!(request, 'abc', '123')
     end
 
-    it "generates content-md5 header before signing" do
+    it 'generates content-md5 header before signing' do
       expect(ApiAuth::Headers).to receive(:new).and_return(headers)
       expect(headers).to receive(:calculate_md5).ordered
       expect(headers).to receive(:sign_header).ordered
 
-      ApiAuth.sign!(request, "abc", "123")
+      ApiAuth.sign!(request, 'abc', '123')
     end
 
-    it "returns the same request object back" do
-      expect(ApiAuth.sign!(request, "abc", "123")).to be request
+    it 'returns the same request object back' do
+      expect(ApiAuth.sign!(request, 'abc', '123')).to be request
     end
 
-    it "calculates the hmac_signature as expected" do
-      ApiAuth.sign!(request, "1044", "123")
-      signature = hmac("123", request)
+    it 'calculates the hmac_signature as expected' do
+      ApiAuth.sign!(request, '1044', '123')
+      signature = hmac('123', request)
       expect(request.headers['Authorization']).to eq("APIAuth 1044:#{signature}")
     end
 
-    context "when passed the with_http_method option" do
-      let(:request){
-        Net::HTTP::Put.new("/resource.xml?foo=bar&bar=foo",
-          'content-type' => 'text/plain',
-          'content-md5' => '1B2M2Y8AsgTpgAmY7PhCfg==',
-          'date' => Time.now.utc.httpdate
-        )
-      }
+    context 'when passed the hmac digest option' do
+      let(:request) do
+        Net::HTTP::Put.new('/resource.xml?foo=bar&bar=foo',
+                           'content-type' => 'text/plain',
+                           'content-md5' => '1B2M2Y8AsgTpgAmY7PhCfg==',
+                           'date' => Time.now.utc.httpdate
+                          )
+      end
 
-      let(:canonical_string){ ApiAuth::Headers.new(request).canonical_string_with_http_method }
+      let(:canonical_string) { ApiAuth::Headers.new(request).canonical_string }
 
-      it "calculates the hmac_signature with http method" do
-        ApiAuth.sign!(request, "1044", "123", { :with_http_method => true })
-        signature = hmac("123", request, canonical_string)
-        expect(request['Authorization']).to eq("APIAuth 1044:#{signature}")
+      it 'calculates the hmac_signature with http method' do
+        ApiAuth.sign!(request, '1044', '123', :digest => 'sha256')
+        signature = hmac('123', request, canonical_string, 'sha256')
+        expect(request['Authorization']).to eq("APIAuth-HMAC-SHA256 1044:#{signature}")
       end
     end
   end
 
-  describe ".authentic?" do
-    let(:request){
-      new_request = Net::HTTP::Put.new("/resource.xml?foo=bar&bar=foo",
-        'content-type' => 'text/plain',
-        'content-md5' => '1B2M2Y8AsgTpgAmY7PhCfg==',
-        'date' => Time.now.utc.httpdate
-      )
+  describe '.authentic?' do
+    let(:request) do
+      new_request = Net::HTTP::Put.new('/resource.xml?foo=bar&bar=foo',
+                                       'content-type' => 'text/plain',
+                                       'content-md5' => '1B2M2Y8AsgTpgAmY7PhCfg==',
+                                       'date' => Time.now.utc.httpdate
+                                      )
 
-      signature = hmac("123", new_request)
-      new_request["Authorization"] = "APIAuth 1044:#{signature}"
+      signature = hmac('123', new_request)
+      new_request['Authorization'] = "APIAuth 1044:#{signature}"
       new_request
-    }
+    end
 
-    it "validates that the signature in the request header matches the way we sign it" do
-      expect(ApiAuth.authentic?(request, "123")).to eq true
+    it 'validates that the signature in the request header matches the way we sign it' do
+      expect(ApiAuth.authentic?(request, '123')).to eq true
     end
 
-    it "fails to validate a non matching signature" do
-      expect(ApiAuth.authentic?(request, "456")).to eq false
+    it 'fails to validate a non matching signature' do
+      expect(ApiAuth.authentic?(request, '456')).to eq false
     end
 
-    it "fails to validate non matching md5" do
+    it 'fails to validate non matching md5' do
       request['content-md5'] = '12345'
-      expect(ApiAuth.authentic?(request, "123")).to eq false
+      expect(ApiAuth.authentic?(request, '123')).to eq false
     end
 
-    it "fails to validate expired requests" do
+    it 'fails to validate expired requests' do
       request['date'] = 16.minutes.ago.utc.httpdate
-      expect(ApiAuth.authentic?(request, "123")).to eq false
+      expect(ApiAuth.authentic?(request, '123')).to eq false
     end
 
-    it "fails to validate if the date is invalid" do
+    it 'fails to validate if the date is invalid' do
       request['date'] = "٢٠١٤-٠٩-٠٨ ١٦:٣١:١٤ +٠٣٠٠"
-      expect(ApiAuth.authentic?(request, "123")).to eq false
+      expect(ApiAuth.authentic?(request, '123')).to eq false
     end
 
-    context "canonical string contains the http_method" do
-      let(:request){
-        new_request = Net::HTTP::Put.new("/resource.xml?foo=bar&bar=foo",
-          'content-type' => 'text/plain',
-          'content-md5' => '1B2M2Y8AsgTpgAmY7PhCfg==',
-          'date' => Time.now.utc.httpdate
-        )
-        canonical_string = ApiAuth::Headers.new(new_request).canonical_string_with_http_method
-        signature = hmac("123", new_request, canonical_string)
-        new_request["Authorization"] = "APIAuth 1044:#{signature}"
+
+    it 'fails to validate if the request method differs' do
+      canonical_string = ApiAuth::Headers.new(request).canonical_string('POST')
+      signature = hmac('123', request, canonical_string)
+      request['Authorization'] = "APIAuth 1044:#{signature}"
+      expect(ApiAuth.authentic?(request, '123')).to eq false
+    end
+
+    context 'when passed the hmac digest option' do
+      let(:request) do
+        new_request = Net::HTTP::Put.new('/resource.xml?foo=bar&bar=foo',
+                                         'content-type' => 'text/plain',
+                                         'content-md5' => '1B2M2Y8AsgTpgAmY7PhCfg==',
+                                         'date' => Time.now.utc.httpdate
+                                        )
+        canonical_string = ApiAuth::Headers.new(new_request).canonical_string
+        signature = hmac('123', new_request, canonical_string, 'sha256')
+        new_request['Authorization'] = "APIAuth-HMAC-SHA256 1044:#{signature}"
         new_request
-      }
+      end
 
-      it "validates for canonical_strings containing the http_method" do
-        expect(ApiAuth.authentic?(request, "123")).to eq true
+      it 'validates for sha256 digest' do
+        expect(ApiAuth.authentic?(request, '123', :digest => 'sha256')).to eq true
       end
 
-      it "fails to validate if the request method differs" do
-        canonical_string = ApiAuth::Headers.new(request).canonical_string_with_http_method('POST')
-        signature = hmac("123", request, canonical_string)
-        request["Authorization"] = "APIAuth 1044:#{signature}"
-        expect(ApiAuth.authentic?(request, "123")).to eq false
+      it 'validates exception with wrong client digest' do
+        expect { ApiAuth.authentic?(request, '123', :digest => 'sha512') }.to raise_error(ApiAuth::InvalidRequestDigest)
       end
     end
   end
 
-  describe ".access_id" do
-    context "normal APIAuth Auth header" do
-      let(:request){
+  describe '.access_id' do
+    context 'normal APIAuth Auth header' do
+      let(:request) do
         RestClient::Request.new(
-          :url => "http://google.com",
+          :url => 'http://google.com',
           :method => :get,
-          :headers => {:authorization => "APIAuth 1044:aGVsbG8gd29ybGQ="}
+          :headers => { :authorization => 'APIAuth 1044:aGVsbG8gd29ybGQ=' }
         )
-      }
+      end
 
-      it "parses it from the Auth Header" do
-        expect(ApiAuth.access_id(request)).to eq("1044")
+      it 'parses it from the Auth Header' do
+        expect(ApiAuth.access_id(request)).to eq('1044')
       end
     end
 
-    context "Corporate prefixed APIAuth header" do
-      let(:request){
+    context 'Corporate prefixed APIAuth header' do
+      let(:request) do
         RestClient::Request.new(
-          :url => "http://google.com",
+          :url => 'http://google.com',
           :method => :get,
-          :headers => {:authorization => "Corporate APIAuth 1044:aGVsbG8gd29ybGQ="}
+          :headers => { :authorization => 'Corporate APIAuth 1044:aGVsbG8gd29ybGQ=' }
         )
-      }
+      end
 
-      it "parses it from the Auth Header" do
-        expect(ApiAuth.access_id(request)).to eq("1044")
+      it 'parses it from the Auth Header' do
+        expect(ApiAuth.access_id(request)).to eq('1044')
       end
     end
   end