api-auth 2.3.0 → 2.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 92c94ba421b1f15829f9b16eb5bcbeb55c773298023134786011282639cba630
4
- data.tar.gz: e14ce2ddf081464504b55a8aecd44afbc9526945a89c27e5a96d8bf500c1fa52
3
+ metadata.gz: b5a7d758deeb4447ee54a3024647e2fb02a4cca21bd4966bd902f381bcadf80a
4
+ data.tar.gz: ebfad82648a644a014d4d1b316c664564ba3add87db5033395ffd100bef9b988
5
5
  SHA512:
6
- metadata.gz: d392d56ebd5dd7592a363d623c51fe00750d97fc212114d37d6c79a650bc3c0c7bfa020bf6e4c2f207f6c2dd71ac67cabf6affbbe28d4c7b6c1d757c67abc90a
7
- data.tar.gz: f88c2d4d14dc61b5f9e867aecf4c3680e117ef6194617447963ddea1b6f93e5d3de7e414bc2da12e4c251d5803a4a2d28e91f5d817f29809aa7cc260d299af16
6
+ metadata.gz: c0f369dd45bad4407dacbfdae026d98fea20368f6d3deff3cbf1bdb7fd57abdb6495bbaa8098fc051204d0cfd9ab9733b8a42fca53114e60a05da863f83f2b9a
7
+ data.tar.gz: ef53f902cc3786257cadadaecf6009732de47a643cabf728f928ff8cb63933c04b59537a850f96d4729c8cb0c04e588c0b8521f630c3a318b3ebec4c5c8d7ef4
@@ -1,3 +1,6 @@
1
+ # 2.3.1 (2018-11-06)
2
+ - Fixed a regression in the http.rb driver (#173 tycooon)
3
+
1
4
  # 2.3.0 (2018-10-23)
2
5
  - Added support for Grape API (#169 phuongnd08 & dunghuynh)
3
6
  - Added option for specifying customer headers to sign via new `headers_to_sign`
data/README.md CHANGED
@@ -1,6 +1,7 @@
1
1
  # ApiAuth
2
2
 
3
- [![Build Status](https://travis-ci.org/mgomes/api_auth.png?branch=master)](https://travis-ci.org/mgomes/api_auth)
3
+ [![Build Status](https://travis-ci.org/mgomes/api_auth.svg?branch=master)](https://travis-ci.org/mgomes/api_auth)
4
+ [![Gem Version](https://badge.fury.io/rb/api-auth.svg)](https://badge.fury.io/rb/api-auth)
4
5
 
5
6
  Logins and passwords are for humans. Communication between applications need to
6
7
  be protected through different means.
@@ -138,14 +139,6 @@ to:
138
139
 
139
140
  Authorization = APIAuth-HMAC-DIGEST_NAME 'client access id':'signature'
140
141
 
141
- If you want to sign custom headers, you can pass them as an array of strings in the options like so:
142
-
143
- ``` ruby
144
- @signed_request = ApiAuth.sign!(@request, @access_id, @secret_key, headers_to_sign: %w[HTTP_HEADER_NAME])
145
- ```
146
-
147
- With the specified headers values being at the end of the canonical string in the same order.
148
-
149
142
  ### ActiveResource Clients
150
143
 
151
144
  ApiAuth can transparently protect your ActiveResource communications with a
@@ -209,6 +202,14 @@ The default span is 15 minutes, but you can override this:
209
202
  ApiAuth.authentic?(signed_request, secret_key, :clock_skew => 60) # or 1.minute in ActiveSupport
210
203
  ```
211
204
 
205
+ If you want to sign custom headers, you can pass them as an array of strings in the options like so:
206
+
207
+ ``` ruby
208
+ ApiAuth.authentic?(signed_request, secret_key, headers_to_sign: %w[HTTP_HEADER_NAME])
209
+ ```
210
+
211
+ With the specified headers values being at the end of the canonical string in the same order.
212
+
212
213
  If your server is a Rails app, the signed request will be the `request` object.
213
214
 
214
215
  In order to obtain the secret key for the client, you first need to look up the
data/VERSION CHANGED
@@ -1 +1 @@
1
- 2.3.0
1
+ 2.3.1
@@ -2,6 +2,6 @@
2
2
 
3
3
  source 'https://rubygems.org'
4
4
 
5
- gem 'http', github: 'httprb/http'
5
+ gem 'http', '~> 4.0'
6
6
 
7
7
  gemspec path: '../'
@@ -71,7 +71,7 @@ module ApiAuth
71
71
 
72
72
  private
73
73
 
74
- AUTH_HEADER_PATTERN = /APIAuth(?:-HMAC-(MD5|SHA(?:1|224|256|384|512)?))? ([^:]+):(.+)$/
74
+ AUTH_HEADER_PATTERN = /APIAuth(?:-HMAC-(MD5|SHA(?:1|224|256|384|512)?))? ([^:]+):(.+)$/.freeze
75
75
 
76
76
  def request_within_time_window?(headers, clock_skew)
77
77
  Time.httpdate(headers.timestamp).utc > (Time.now.utc - clock_skew) &&
@@ -72,6 +72,10 @@ module ApiAuth
72
72
  end
73
73
  end
74
74
 
75
+ def fetch_headers
76
+ capitalize_keys @request.headers.to_h
77
+ end
78
+
75
79
  private
76
80
 
77
81
  def find_header(keys)
@@ -80,12 +80,12 @@ if defined?(ActionController::Request)
80
80
  describe 'setting headers correctly' do
81
81
  let(:request) do
82
82
  ActionController::Request.new(
83
- 'PATH_INFO' => '/resource.xml',
84
- 'QUERY_STRING' => 'foo=bar&bar=foo',
83
+ 'PATH_INFO' => '/resource.xml',
84
+ 'QUERY_STRING' => 'foo=bar&bar=foo',
85
85
  'REQUEST_METHOD' => 'PUT',
86
- 'CONTENT_TYPE' => 'text/plain',
86
+ 'CONTENT_TYPE' => 'text/plain',
87
87
  'CONTENT_LENGTH' => '11',
88
- 'rack.input' => StringIO.new("hello\nworld")
88
+ 'rack.input' => StringIO.new("hello\nworld")
89
89
  )
90
90
  end
91
91
 
@@ -231,4 +231,10 @@ if defined?(ActionController::Request)
231
231
  end
232
232
  end
233
233
  end
234
+
235
+ describe 'fetch_headers' do
236
+ it 'returns request headers' do
237
+ expect(driven_request.fetch_headers).to include('CONTENT-TYPE' => 'text/plain')
238
+ end
239
+ end
234
240
  end
@@ -7,15 +7,15 @@ if defined?(ActionDispatch::Request)
7
7
 
8
8
  let(:request) do
9
9
  ActionDispatch::Request.new(
10
- 'AUTHORIZATION' => 'APIAuth 1044:12345',
11
- 'PATH_INFO' => '/resource.xml',
12
- 'QUERY_STRING' => 'foo=bar&bar=foo',
10
+ 'AUTHORIZATION' => 'APIAuth 1044:12345',
11
+ 'PATH_INFO' => '/resource.xml',
12
+ 'QUERY_STRING' => 'foo=bar&bar=foo',
13
13
  'REQUEST_METHOD' => 'PUT',
14
- 'CONTENT_MD5' => '1B2M2Y8AsgTpgAmY7PhCfg==',
15
- 'CONTENT_TYPE' => 'text/plain',
14
+ 'CONTENT_MD5' => '1B2M2Y8AsgTpgAmY7PhCfg==',
15
+ 'CONTENT_TYPE' => 'text/plain',
16
16
  'CONTENT_LENGTH' => '11',
17
- 'HTTP_DATE' => timestamp,
18
- 'rack.input' => StringIO.new("hello\nworld")
17
+ 'HTTP_DATE' => timestamp,
18
+ 'rack.input' => StringIO.new("hello\nworld")
19
19
  )
20
20
  end
21
21
 
@@ -80,12 +80,12 @@ if defined?(ActionDispatch::Request)
80
80
  describe 'setting headers correctly' do
81
81
  let(:request) do
82
82
  ActionDispatch::Request.new(
83
- 'PATH_INFO' => '/resource.xml',
84
- 'QUERY_STRING' => 'foo=bar&bar=foo',
83
+ 'PATH_INFO' => '/resource.xml',
84
+ 'QUERY_STRING' => 'foo=bar&bar=foo',
85
85
  'REQUEST_METHOD' => 'PUT',
86
- 'CONTENT_TYPE' => 'text/plain',
86
+ 'CONTENT_TYPE' => 'text/plain',
87
87
  'CONTENT_LENGTH' => '11',
88
- 'rack.input' => StringIO.new("hello\nworld")
88
+ 'rack.input' => StringIO.new("hello\nworld")
89
89
  )
90
90
  end
91
91
 
@@ -230,5 +230,11 @@ if defined?(ActionDispatch::Request)
230
230
  end
231
231
  end
232
232
  end
233
+
234
+ describe 'fetch_headers' do
235
+ it 'returns request headers' do
236
+ expect(driven_request.fetch_headers).to include('CONTENT_TYPE' => 'text/plain')
237
+ end
238
+ end
233
239
  end
234
240
  end
@@ -6,9 +6,9 @@ describe ApiAuth::RequestDrivers::CurbRequest do
6
6
  let(:request) do
7
7
  headers = {
8
8
  'Authorization' => 'APIAuth 1044:12345',
9
- 'Content-MD5' => '1B2M2Y8AsgTpgAmY7PhCfg==',
10
- 'Content-Type' => 'text/plain',
11
- 'Date' => timestamp
9
+ 'Content-MD5' => '1B2M2Y8AsgTpgAmY7PhCfg==',
10
+ 'Content-Type' => 'text/plain',
11
+ 'Date' => timestamp
12
12
  }
13
13
  Curl::Easy.new('/resource.xml?foo=bar&bar=foo') do |curl|
14
14
  curl.headers = headers
@@ -91,4 +91,10 @@ describe ApiAuth::RequestDrivers::CurbRequest do
91
91
  expect(driven_request.md5_mismatch?).to be false
92
92
  end
93
93
  end
94
+
95
+ describe 'fetch_headers' do
96
+ it 'returns request headers' do
97
+ expect(driven_request.fetch_headers).to include('CONTENT-TYPE' => 'text/plain')
98
+ end
99
+ end
94
100
  end
@@ -256,4 +256,10 @@ describe ApiAuth::RequestDrivers::FaradayRequest do
256
256
  end
257
257
  end
258
258
  end
259
+
260
+ describe 'fetch_headers' do
261
+ it 'returns request headers' do
262
+ expect(driven_request.fetch_headers).to include('CONTENT-TYPE' => 'text/plain')
263
+ end
264
+ end
259
265
  end
@@ -268,4 +268,12 @@ describe ApiAuth::RequestDrivers::GrapeRequest do
268
268
  end
269
269
  end
270
270
  end
271
+
272
+ describe 'fetch_headers' do
273
+ it 'returns request headers' do
274
+ expect(driven_request.fetch_headers).to include(
275
+ 'CONTENT_TYPE' => 'application/x-www-form-urlencoded'
276
+ )
277
+ end
278
+ end
271
279
  end
@@ -181,4 +181,10 @@ describe ApiAuth::RequestDrivers::HttpRequest do
181
181
  end
182
182
  end
183
183
  end
184
+
185
+ describe 'fetch_headers' do
186
+ it 'returns request headers' do
187
+ expect(driven_request.fetch_headers).to include('CONTENT-TYPE' => 'text/plain')
188
+ end
189
+ end
184
190
  end
@@ -151,4 +151,10 @@ describe ApiAuth::RequestDrivers::HttpiRequest do
151
151
  end
152
152
  end
153
153
  end
154
+
155
+ describe 'fetch_headers' do
156
+ it 'returns request headers' do
157
+ expect(driven_request.fetch_headers).to include('CONTENT-TYPE' => 'text/plain')
158
+ end
159
+ end
154
160
  end
@@ -193,4 +193,10 @@ describe ApiAuth::RequestDrivers::NetHttpRequest do
193
193
  end
194
194
  end
195
195
  end
196
+
197
+ describe 'fetch_headers' do
198
+ it 'returns request headers' do
199
+ expect(driven_request.fetch_headers).to include('content-type' => ['text/plain'])
200
+ end
201
+ end
196
202
  end
@@ -301,4 +301,10 @@ describe ApiAuth::RequestDrivers::RackRequest do
301
301
  end
302
302
  end
303
303
  end
304
+
305
+ describe 'fetch_headers' do
306
+ it 'returns request headers' do
307
+ expect(driven_request.fetch_headers).to include('CONTENT-TYPE' => 'text/plain')
308
+ end
309
+ end
304
310
  end
@@ -395,4 +395,10 @@ describe ApiAuth::RequestDrivers::RestClientRequest do
395
395
  expect(request.processed_headers).to have_key('Content-Type')
396
396
  end
397
397
  end
398
+
399
+ describe 'fetch_headers' do
400
+ it 'returns request headers' do
401
+ expect(driven_request.fetch_headers).to include('CONTENT-TYPE' => 'text/plain')
402
+ end
403
+ end
398
404
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: api-auth
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.3.0
4
+ version: 2.3.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Mauricio Gomes
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-10-23 00:00:00.000000000 Z
11
+ date: 2018-11-06 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: actionpack