api-auth 2.3.0 → 2.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +3 -0
- data/README.md +10 -9
- data/VERSION +1 -1
- data/gemfiles/http4.gemfile +1 -1
- data/lib/api_auth/base.rb +1 -1
- data/lib/api_auth/request_drivers/http.rb +4 -0
- data/spec/request_drivers/action_controller_spec.rb +10 -4
- data/spec/request_drivers/action_dispatch_spec.rb +17 -11
- data/spec/request_drivers/curb_spec.rb +9 -3
- data/spec/request_drivers/faraday_spec.rb +6 -0
- data/spec/request_drivers/grape_request_spec.rb +8 -0
- data/spec/request_drivers/http_spec.rb +6 -0
- data/spec/request_drivers/httpi_spec.rb +6 -0
- data/spec/request_drivers/net_http_spec.rb +6 -0
- data/spec/request_drivers/rack_spec.rb +6 -0
- data/spec/request_drivers/rest_client_spec.rb +6 -0
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b5a7d758deeb4447ee54a3024647e2fb02a4cca21bd4966bd902f381bcadf80a
|
4
|
+
data.tar.gz: ebfad82648a644a014d4d1b316c664564ba3add87db5033395ffd100bef9b988
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: c0f369dd45bad4407dacbfdae026d98fea20368f6d3deff3cbf1bdb7fd57abdb6495bbaa8098fc051204d0cfd9ab9733b8a42fca53114e60a05da863f83f2b9a
|
7
|
+
data.tar.gz: ef53f902cc3786257cadadaecf6009732de47a643cabf728f928ff8cb63933c04b59537a850f96d4729c8cb0c04e588c0b8521f630c3a318b3ebec4c5c8d7ef4
|
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
@@ -1,6 +1,7 @@
|
|
1
1
|
# ApiAuth
|
2
2
|
|
3
|
-
[](https://travis-ci.org/mgomes/api_auth)
|
4
|
+
[](https://badge.fury.io/rb/api-auth)
|
4
5
|
|
5
6
|
Logins and passwords are for humans. Communication between applications need to
|
6
7
|
be protected through different means.
|
@@ -138,14 +139,6 @@ to:
|
|
138
139
|
|
139
140
|
Authorization = APIAuth-HMAC-DIGEST_NAME 'client access id':'signature'
|
140
141
|
|
141
|
-
If you want to sign custom headers, you can pass them as an array of strings in the options like so:
|
142
|
-
|
143
|
-
``` ruby
|
144
|
-
@signed_request = ApiAuth.sign!(@request, @access_id, @secret_key, headers_to_sign: %w[HTTP_HEADER_NAME])
|
145
|
-
```
|
146
|
-
|
147
|
-
With the specified headers values being at the end of the canonical string in the same order.
|
148
|
-
|
149
142
|
### ActiveResource Clients
|
150
143
|
|
151
144
|
ApiAuth can transparently protect your ActiveResource communications with a
|
@@ -209,6 +202,14 @@ The default span is 15 minutes, but you can override this:
|
|
209
202
|
ApiAuth.authentic?(signed_request, secret_key, :clock_skew => 60) # or 1.minute in ActiveSupport
|
210
203
|
```
|
211
204
|
|
205
|
+
If you want to sign custom headers, you can pass them as an array of strings in the options like so:
|
206
|
+
|
207
|
+
``` ruby
|
208
|
+
ApiAuth.authentic?(signed_request, secret_key, headers_to_sign: %w[HTTP_HEADER_NAME])
|
209
|
+
```
|
210
|
+
|
211
|
+
With the specified headers values being at the end of the canonical string in the same order.
|
212
|
+
|
212
213
|
If your server is a Rails app, the signed request will be the `request` object.
|
213
214
|
|
214
215
|
In order to obtain the secret key for the client, you first need to look up the
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
2.3.
|
1
|
+
2.3.1
|
data/gemfiles/http4.gemfile
CHANGED
data/lib/api_auth/base.rb
CHANGED
@@ -71,7 +71,7 @@ module ApiAuth
|
|
71
71
|
|
72
72
|
private
|
73
73
|
|
74
|
-
AUTH_HEADER_PATTERN = /APIAuth(?:-HMAC-(MD5|SHA(?:1|224|256|384|512)?))? ([^:]+):(.+)
|
74
|
+
AUTH_HEADER_PATTERN = /APIAuth(?:-HMAC-(MD5|SHA(?:1|224|256|384|512)?))? ([^:]+):(.+)$/.freeze
|
75
75
|
|
76
76
|
def request_within_time_window?(headers, clock_skew)
|
77
77
|
Time.httpdate(headers.timestamp).utc > (Time.now.utc - clock_skew) &&
|
@@ -80,12 +80,12 @@ if defined?(ActionController::Request)
|
|
80
80
|
describe 'setting headers correctly' do
|
81
81
|
let(:request) do
|
82
82
|
ActionController::Request.new(
|
83
|
-
'PATH_INFO'
|
84
|
-
'QUERY_STRING'
|
83
|
+
'PATH_INFO' => '/resource.xml',
|
84
|
+
'QUERY_STRING' => 'foo=bar&bar=foo',
|
85
85
|
'REQUEST_METHOD' => 'PUT',
|
86
|
-
'CONTENT_TYPE'
|
86
|
+
'CONTENT_TYPE' => 'text/plain',
|
87
87
|
'CONTENT_LENGTH' => '11',
|
88
|
-
'rack.input'
|
88
|
+
'rack.input' => StringIO.new("hello\nworld")
|
89
89
|
)
|
90
90
|
end
|
91
91
|
|
@@ -231,4 +231,10 @@ if defined?(ActionController::Request)
|
|
231
231
|
end
|
232
232
|
end
|
233
233
|
end
|
234
|
+
|
235
|
+
describe 'fetch_headers' do
|
236
|
+
it 'returns request headers' do
|
237
|
+
expect(driven_request.fetch_headers).to include('CONTENT-TYPE' => 'text/plain')
|
238
|
+
end
|
239
|
+
end
|
234
240
|
end
|
@@ -7,15 +7,15 @@ if defined?(ActionDispatch::Request)
|
|
7
7
|
|
8
8
|
let(:request) do
|
9
9
|
ActionDispatch::Request.new(
|
10
|
-
'AUTHORIZATION'
|
11
|
-
'PATH_INFO'
|
12
|
-
'QUERY_STRING'
|
10
|
+
'AUTHORIZATION' => 'APIAuth 1044:12345',
|
11
|
+
'PATH_INFO' => '/resource.xml',
|
12
|
+
'QUERY_STRING' => 'foo=bar&bar=foo',
|
13
13
|
'REQUEST_METHOD' => 'PUT',
|
14
|
-
'CONTENT_MD5'
|
15
|
-
'CONTENT_TYPE'
|
14
|
+
'CONTENT_MD5' => '1B2M2Y8AsgTpgAmY7PhCfg==',
|
15
|
+
'CONTENT_TYPE' => 'text/plain',
|
16
16
|
'CONTENT_LENGTH' => '11',
|
17
|
-
'HTTP_DATE'
|
18
|
-
'rack.input'
|
17
|
+
'HTTP_DATE' => timestamp,
|
18
|
+
'rack.input' => StringIO.new("hello\nworld")
|
19
19
|
)
|
20
20
|
end
|
21
21
|
|
@@ -80,12 +80,12 @@ if defined?(ActionDispatch::Request)
|
|
80
80
|
describe 'setting headers correctly' do
|
81
81
|
let(:request) do
|
82
82
|
ActionDispatch::Request.new(
|
83
|
-
'PATH_INFO'
|
84
|
-
'QUERY_STRING'
|
83
|
+
'PATH_INFO' => '/resource.xml',
|
84
|
+
'QUERY_STRING' => 'foo=bar&bar=foo',
|
85
85
|
'REQUEST_METHOD' => 'PUT',
|
86
|
-
'CONTENT_TYPE'
|
86
|
+
'CONTENT_TYPE' => 'text/plain',
|
87
87
|
'CONTENT_LENGTH' => '11',
|
88
|
-
'rack.input'
|
88
|
+
'rack.input' => StringIO.new("hello\nworld")
|
89
89
|
)
|
90
90
|
end
|
91
91
|
|
@@ -230,5 +230,11 @@ if defined?(ActionDispatch::Request)
|
|
230
230
|
end
|
231
231
|
end
|
232
232
|
end
|
233
|
+
|
234
|
+
describe 'fetch_headers' do
|
235
|
+
it 'returns request headers' do
|
236
|
+
expect(driven_request.fetch_headers).to include('CONTENT_TYPE' => 'text/plain')
|
237
|
+
end
|
238
|
+
end
|
233
239
|
end
|
234
240
|
end
|
@@ -6,9 +6,9 @@ describe ApiAuth::RequestDrivers::CurbRequest do
|
|
6
6
|
let(:request) do
|
7
7
|
headers = {
|
8
8
|
'Authorization' => 'APIAuth 1044:12345',
|
9
|
-
'Content-MD5'
|
10
|
-
'Content-Type'
|
11
|
-
'Date'
|
9
|
+
'Content-MD5' => '1B2M2Y8AsgTpgAmY7PhCfg==',
|
10
|
+
'Content-Type' => 'text/plain',
|
11
|
+
'Date' => timestamp
|
12
12
|
}
|
13
13
|
Curl::Easy.new('/resource.xml?foo=bar&bar=foo') do |curl|
|
14
14
|
curl.headers = headers
|
@@ -91,4 +91,10 @@ describe ApiAuth::RequestDrivers::CurbRequest do
|
|
91
91
|
expect(driven_request.md5_mismatch?).to be false
|
92
92
|
end
|
93
93
|
end
|
94
|
+
|
95
|
+
describe 'fetch_headers' do
|
96
|
+
it 'returns request headers' do
|
97
|
+
expect(driven_request.fetch_headers).to include('CONTENT-TYPE' => 'text/plain')
|
98
|
+
end
|
99
|
+
end
|
94
100
|
end
|
@@ -256,4 +256,10 @@ describe ApiAuth::RequestDrivers::FaradayRequest do
|
|
256
256
|
end
|
257
257
|
end
|
258
258
|
end
|
259
|
+
|
260
|
+
describe 'fetch_headers' do
|
261
|
+
it 'returns request headers' do
|
262
|
+
expect(driven_request.fetch_headers).to include('CONTENT-TYPE' => 'text/plain')
|
263
|
+
end
|
264
|
+
end
|
259
265
|
end
|
@@ -268,4 +268,12 @@ describe ApiAuth::RequestDrivers::GrapeRequest do
|
|
268
268
|
end
|
269
269
|
end
|
270
270
|
end
|
271
|
+
|
272
|
+
describe 'fetch_headers' do
|
273
|
+
it 'returns request headers' do
|
274
|
+
expect(driven_request.fetch_headers).to include(
|
275
|
+
'CONTENT_TYPE' => 'application/x-www-form-urlencoded'
|
276
|
+
)
|
277
|
+
end
|
278
|
+
end
|
271
279
|
end
|
@@ -181,4 +181,10 @@ describe ApiAuth::RequestDrivers::HttpRequest do
|
|
181
181
|
end
|
182
182
|
end
|
183
183
|
end
|
184
|
+
|
185
|
+
describe 'fetch_headers' do
|
186
|
+
it 'returns request headers' do
|
187
|
+
expect(driven_request.fetch_headers).to include('CONTENT-TYPE' => 'text/plain')
|
188
|
+
end
|
189
|
+
end
|
184
190
|
end
|
@@ -151,4 +151,10 @@ describe ApiAuth::RequestDrivers::HttpiRequest do
|
|
151
151
|
end
|
152
152
|
end
|
153
153
|
end
|
154
|
+
|
155
|
+
describe 'fetch_headers' do
|
156
|
+
it 'returns request headers' do
|
157
|
+
expect(driven_request.fetch_headers).to include('CONTENT-TYPE' => 'text/plain')
|
158
|
+
end
|
159
|
+
end
|
154
160
|
end
|
@@ -193,4 +193,10 @@ describe ApiAuth::RequestDrivers::NetHttpRequest do
|
|
193
193
|
end
|
194
194
|
end
|
195
195
|
end
|
196
|
+
|
197
|
+
describe 'fetch_headers' do
|
198
|
+
it 'returns request headers' do
|
199
|
+
expect(driven_request.fetch_headers).to include('content-type' => ['text/plain'])
|
200
|
+
end
|
201
|
+
end
|
196
202
|
end
|
@@ -301,4 +301,10 @@ describe ApiAuth::RequestDrivers::RackRequest do
|
|
301
301
|
end
|
302
302
|
end
|
303
303
|
end
|
304
|
+
|
305
|
+
describe 'fetch_headers' do
|
306
|
+
it 'returns request headers' do
|
307
|
+
expect(driven_request.fetch_headers).to include('CONTENT-TYPE' => 'text/plain')
|
308
|
+
end
|
309
|
+
end
|
304
310
|
end
|
@@ -395,4 +395,10 @@ describe ApiAuth::RequestDrivers::RestClientRequest do
|
|
395
395
|
expect(request.processed_headers).to have_key('Content-Type')
|
396
396
|
end
|
397
397
|
end
|
398
|
+
|
399
|
+
describe 'fetch_headers' do
|
400
|
+
it 'returns request headers' do
|
401
|
+
expect(driven_request.fetch_headers).to include('CONTENT-TYPE' => 'text/plain')
|
402
|
+
end
|
403
|
+
end
|
398
404
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: api-auth
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.3.
|
4
|
+
version: 2.3.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Mauricio Gomes
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2018-
|
11
|
+
date: 2018-11-06 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: actionpack
|