api-auth 2.4.0 → 2.5.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/main.yml +67 -0
- data/.gitignore +2 -0
- data/.rubocop.yml +16 -3
- data/.rubocop_todo.yml +29 -19
- data/Appraisals +12 -18
- data/CHANGELOG.md +11 -0
- data/Gemfile +0 -2
- data/README.md +29 -27
- data/VERSION +1 -1
- data/api_auth.gemspec +11 -4
- data/gemfiles/rails_52.gemfile +5 -5
- data/gemfiles/rails_60.gemfile +5 -7
- data/gemfiles/rails_61.gemfile +9 -0
- data/lib/api_auth/base.rb +2 -2
- data/lib/api_auth/headers.rb +6 -6
- data/lib/api_auth/helpers.rb +2 -2
- data/lib/api_auth/railtie.rb +12 -6
- data/lib/api_auth/request_drivers/action_controller.rb +8 -8
- data/lib/api_auth/request_drivers/curb.rb +4 -4
- data/lib/api_auth/request_drivers/faraday.rb +11 -11
- data/lib/api_auth/request_drivers/grape_request.rb +8 -8
- data/lib/api_auth/request_drivers/http.rb +8 -8
- data/lib/api_auth/request_drivers/httpi.rb +8 -8
- data/lib/api_auth/request_drivers/net_http.rb +8 -8
- data/lib/api_auth/request_drivers/rack.rb +8 -8
- data/lib/api_auth/request_drivers/rest_client.rb +8 -8
- data/spec/api_auth_spec.rb +8 -8
- data/spec/headers_spec.rb +26 -26
- data/spec/helpers_spec.rb +1 -1
- data/spec/railtie_spec.rb +3 -3
- data/spec/request_drivers/action_controller_spec.rb +74 -35
- data/spec/request_drivers/action_dispatch_spec.rb +74 -35
- data/spec/request_drivers/curb_spec.rb +8 -8
- data/spec/request_drivers/faraday_spec.rb +43 -43
- data/spec/request_drivers/grape_request_spec.rb +33 -32
- data/spec/request_drivers/http_spec.rb +23 -23
- data/spec/request_drivers/httpi_spec.rb +22 -22
- data/spec/request_drivers/net_http_spec.rb +23 -23
- data/spec/request_drivers/rack_spec.rb +35 -35
- data/spec/request_drivers/rest_client_spec.rb +36 -36
- metadata +51 -26
- data/.travis.yml +0 -39
- data/gemfiles/http2.gemfile +0 -7
- data/gemfiles/http3.gemfile +0 -7
- data/gemfiles/http4.gemfile +0 -7
- data/gemfiles/rails_5.gemfile +0 -9
- data/gemfiles/rails_51.gemfile +0 -9
- data/spec/.rubocop.yml +0 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 232d1199b2fd74328e77ba9dd3362789798585b3d88df7c6d4688cf843475190
|
4
|
+
data.tar.gz: 879689b7f0b691212e0c14a80e087a041769241221b7a88f094c1003b29cfa9c
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 2cb0fbdf6f5984f7334bdfa8a16309837c35b146eab39cd723203cd6861c9ce1e51d66fa2f73a3bb6a9490eaec2af0e3c73b34a03726d26360fc664aa7095f32
|
7
|
+
data.tar.gz: 9a1e90785610686db8c1a84943d138f9528dd5ce28965774cfe3112ea74850d898694a7a2bd458ef513f0fd48db56015b8662c53ec78ec38d714080b6f59ed68
|
@@ -0,0 +1,67 @@
|
|
1
|
+
name: main
|
2
|
+
on:
|
3
|
+
- push
|
4
|
+
- pull_request
|
5
|
+
jobs:
|
6
|
+
rspec:
|
7
|
+
runs-on: ubuntu-latest
|
8
|
+
strategy:
|
9
|
+
fail-fast: true
|
10
|
+
matrix:
|
11
|
+
ruby-version:
|
12
|
+
- 2.5
|
13
|
+
- 2.6
|
14
|
+
- 2.7
|
15
|
+
- 3.0
|
16
|
+
gemfile:
|
17
|
+
- rails_52.gemfile
|
18
|
+
- rails_60.gemfile
|
19
|
+
- rails_61.gemfile
|
20
|
+
exclude:
|
21
|
+
- ruby-version: [ 2.6, 2.7, 3.0 ]
|
22
|
+
gemfile: rails_52.gemfile
|
23
|
+
- ruby-version: 3.0
|
24
|
+
gemfile: rails_60.gemfile
|
25
|
+
steps:
|
26
|
+
- name: Install packages required for `curb` gem
|
27
|
+
run: |
|
28
|
+
sudo apt-get update
|
29
|
+
sudo apt-get install -y libcurl4 libcurl3-gnutls libcurl4-openssl-dev
|
30
|
+
|
31
|
+
- name: Checkout repository
|
32
|
+
uses: actions/checkout@v2
|
33
|
+
|
34
|
+
- name: Install Ruby
|
35
|
+
uses: ruby/setup-ruby@v1
|
36
|
+
with:
|
37
|
+
ruby-version: ${{ matrix.ruby-version }}
|
38
|
+
bundler-cache: true
|
39
|
+
|
40
|
+
- name: Install required gems
|
41
|
+
run: BUNDLE_GEMFILE=gemfiles/${{ matrix.gemfile }} bundle install
|
42
|
+
|
43
|
+
- name: Run rspec tests
|
44
|
+
run: BUNDLE_GEMFILE=gemfiles/${{ matrix.gemfile }} bundle exec rspec
|
45
|
+
|
46
|
+
rubocop:
|
47
|
+
runs-on: ubuntu-latest
|
48
|
+
steps:
|
49
|
+
- name: Install packages required for `curb` gem
|
50
|
+
run: |
|
51
|
+
sudo apt-get update
|
52
|
+
sudo apt-get install -y libcurl4 libcurl3-gnutls libcurl4-openssl-dev
|
53
|
+
|
54
|
+
- name: Checkout repository
|
55
|
+
uses: actions/checkout@v2
|
56
|
+
|
57
|
+
- name: Install Ruby
|
58
|
+
uses: ruby/setup-ruby@v1
|
59
|
+
with:
|
60
|
+
ruby-version: 3.0
|
61
|
+
bundler-cache: true
|
62
|
+
|
63
|
+
- name: Install required gems
|
64
|
+
run: bundle install
|
65
|
+
|
66
|
+
- name: Run rubocop
|
67
|
+
run: bundle exec rubocop
|
data/.gitignore
CHANGED
data/.rubocop.yml
CHANGED
@@ -1,22 +1,35 @@
|
|
1
1
|
inherit_from: .rubocop_todo.yml
|
2
2
|
|
3
3
|
AllCops:
|
4
|
-
|
4
|
+
NewCops: enable
|
5
|
+
TargetRubyVersion: 2.5
|
5
6
|
|
6
7
|
Metrics/AbcSize:
|
7
|
-
Max:
|
8
|
+
Max: 28
|
8
9
|
|
9
10
|
# Configuration parameters: AllowHeredoc, AllowURI, URISchemes, IgnoreCopDirectives, IgnoredPatterns.
|
10
11
|
# URISchemes: http, https
|
11
|
-
|
12
|
+
Layout/LineLength:
|
12
13
|
Max: 140
|
13
14
|
|
14
15
|
Metrics/MethodLength:
|
15
16
|
Max: 40
|
16
17
|
|
18
|
+
Metrics/BlockLength:
|
19
|
+
Exclude:
|
20
|
+
- 'spec/**/*.rb'
|
21
|
+
- 'api_auth.gemspec'
|
22
|
+
|
17
23
|
Naming/FileName:
|
18
24
|
Exclude:
|
19
25
|
- 'lib/api-auth.rb'
|
20
26
|
|
21
27
|
Style/FrozenStringLiteralComment:
|
22
28
|
Enabled: false
|
29
|
+
|
30
|
+
Style/StringLiterals:
|
31
|
+
Exclude:
|
32
|
+
- 'gemfiles/*.gemfile'
|
33
|
+
|
34
|
+
Lint/DuplicateBranch:
|
35
|
+
Enabled: false
|
data/.rubocop_todo.yml
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
# This configuration was generated by
|
2
2
|
# `rubocop --auto-gen-config`
|
3
|
-
# on
|
3
|
+
# on 2021-03-26 22:04:17 UTC using RuboCop version 1.12.0.
|
4
4
|
# The point is for the user to remove these configuration records
|
5
5
|
# one by one as the offenses are removed from the code base.
|
6
6
|
# Note that changes in the inspected code, or installation of new
|
@@ -8,7 +8,7 @@
|
|
8
8
|
|
9
9
|
# Offense count: 1
|
10
10
|
# Cop supports --auto-correct.
|
11
|
-
# Configuration parameters:
|
11
|
+
# Configuration parameters: TreatCommentsAsGroupSeparators, ConsiderPunctuation, Include.
|
12
12
|
# Include: **/*.gemspec
|
13
13
|
Gemspec/OrderedDependencies:
|
14
14
|
Exclude:
|
@@ -20,6 +20,13 @@ Lint/AssignmentInCondition:
|
|
20
20
|
Exclude:
|
21
21
|
- 'lib/api_auth/base.rb'
|
22
22
|
|
23
|
+
# Offense count: 4
|
24
|
+
# Configuration parameters: AllowedMethods.
|
25
|
+
# AllowedMethods: enums
|
26
|
+
Lint/ConstantDefinitionInBlock:
|
27
|
+
Exclude:
|
28
|
+
- 'spec/railtie_spec.rb'
|
29
|
+
|
23
30
|
# Offense count: 9
|
24
31
|
# Configuration parameters: CheckForMethodsWithNoSideEffects.
|
25
32
|
Lint/Void:
|
@@ -35,19 +42,21 @@ Lint/Void:
|
|
35
42
|
- 'lib/api_auth/request_drivers/rest_client.rb'
|
36
43
|
|
37
44
|
# Offense count: 1
|
38
|
-
# Configuration parameters:
|
39
|
-
|
45
|
+
# Configuration parameters: IgnoredMethods, CountRepeatedAttributes.
|
46
|
+
Metrics/AbcSize:
|
47
|
+
Max: 28
|
48
|
+
|
49
|
+
# Offense count: 1
|
50
|
+
# Configuration parameters: CountComments, CountAsOne, ExcludedMethods, IgnoredMethods.
|
51
|
+
# IgnoredMethods: refine
|
40
52
|
Metrics/BlockLength:
|
41
53
|
Max: 27
|
42
54
|
|
43
|
-
# Offense count:
|
55
|
+
# Offense count: 2
|
56
|
+
# Configuration parameters: IgnoredMethods.
|
44
57
|
Metrics/CyclomaticComplexity:
|
45
58
|
Max: 15
|
46
59
|
|
47
|
-
# Offense count: 1
|
48
|
-
Metrics/PerceivedComplexity:
|
49
|
-
Max: 8
|
50
|
-
|
51
60
|
# Offense count: 10
|
52
61
|
Naming/AccessorMethodName:
|
53
62
|
Exclude:
|
@@ -64,29 +73,30 @@ Naming/AccessorMethodName:
|
|
64
73
|
|
65
74
|
# Offense count: 3
|
66
75
|
# Configuration parameters: MinNameLength, AllowNamesEndingInNumbers, AllowedNames, ForbiddenNames.
|
67
|
-
# AllowedNames:
|
76
|
+
# AllowedNames: at, by, db, id, in, io, ip, of, on, os, pp, to
|
68
77
|
Naming/MethodParameterName:
|
69
78
|
Exclude:
|
70
79
|
- 'lib/api_auth/base.rb'
|
71
80
|
- 'spec/railtie_spec.rb'
|
72
81
|
|
73
|
-
# Offense count: 1
|
74
|
-
# Configuration parameters: EnforcedStyle.
|
75
|
-
# SupportedStyles: inline, group
|
76
|
-
Style/AccessModifierDeclarations:
|
77
|
-
Exclude:
|
78
|
-
- 'lib/api_auth/headers.rb'
|
79
|
-
|
80
82
|
# Offense count: 9
|
83
|
+
# Cop supports --auto-correct.
|
81
84
|
Style/CommentedKeyword:
|
82
85
|
Exclude:
|
83
86
|
- 'lib/api_auth/base.rb'
|
84
87
|
- 'lib/api_auth/railtie.rb'
|
85
88
|
|
86
|
-
# Offense count:
|
89
|
+
# Offense count: 3
|
90
|
+
# Configuration parameters: AllowedConstants.
|
87
91
|
Style/Documentation:
|
88
92
|
Exclude:
|
89
93
|
- 'spec/**/*'
|
90
94
|
- 'test/**/*'
|
91
95
|
- 'lib/api_auth/railtie.rb'
|
92
|
-
|
96
|
+
|
97
|
+
# Offense count: 1
|
98
|
+
# Configuration parameters: AllowedMethods.
|
99
|
+
# AllowedMethods: respond_to_missing?
|
100
|
+
Style/OptionalBooleanParameter:
|
101
|
+
Exclude:
|
102
|
+
- 'lib/api_auth/railtie.rb'
|
data/Appraisals
CHANGED
@@ -1,23 +1,17 @@
|
|
1
|
-
appraise 'rails-
|
2
|
-
gem 'actionpack', '~> 5.
|
3
|
-
gem 'activeresource', '~> 5.
|
4
|
-
gem 'activesupport', '~> 5.
|
1
|
+
appraise 'rails-52' do
|
2
|
+
gem 'actionpack', '~> 5.2'
|
3
|
+
gem 'activeresource', '~> 5.1'
|
4
|
+
gem 'activesupport', '~> 5.2'
|
5
5
|
end
|
6
6
|
|
7
|
-
appraise 'rails-
|
8
|
-
gem 'actionpack', '~>
|
9
|
-
gem 'activeresource', '~>
|
10
|
-
gem 'activesupport', '~>
|
7
|
+
appraise 'rails-60' do
|
8
|
+
gem 'actionpack', '~> 6.0'
|
9
|
+
gem 'activeresource', '~> 5.1'
|
10
|
+
gem 'activesupport', '~> 6.0'
|
11
11
|
end
|
12
12
|
|
13
|
-
appraise 'rails-
|
14
|
-
gem 'actionpack', '~>
|
15
|
-
gem 'activeresource', '~>
|
16
|
-
gem 'activesupport', '~>
|
17
|
-
end
|
18
|
-
|
19
|
-
appraise 'rails-4' do
|
20
|
-
gem 'actionpack', '~> 4.0.4'
|
21
|
-
gem 'activeresource', '~> 4.0.0'
|
22
|
-
gem 'activesupport', '~> 4.0.4'
|
13
|
+
appraise 'rails-61' do
|
14
|
+
gem 'actionpack', '~> 6.1'
|
15
|
+
gem 'activeresource', '~> 5.1'
|
16
|
+
gem 'activesupport', '~> 6.1'
|
23
17
|
end
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,14 @@
|
|
1
|
+
# 2.5.0 (2021-05-11)
|
2
|
+
- Add support for Ruby 3.0 (#194 fwininger)
|
3
|
+
- Add support for Rails 6.1 (#194 fwininger)
|
4
|
+
- Drop support for Ruby 2.4 (#193 fwininger)
|
5
|
+
- Drop support for Rails 5.0 (#194 fwininger)
|
6
|
+
- Drop support for Rails 5.1 (#194 fwininger)
|
7
|
+
- Fix Faraday warning: `WARNING: Faraday::Request#method is deprecated` (#191 fwininger)
|
8
|
+
|
9
|
+
# 2.4.1 (2020-06-23)
|
10
|
+
- Fix inadvertant ActiveSupport dependecy (#189 taylorthurlow)
|
11
|
+
|
1
12
|
# 2.4.0 (2020-05-05)
|
2
13
|
- Improved support for Rails 6.0 (#179 taylorthurlow, #177 fwininger)
|
3
14
|
- Added Ruby 2.6.0 support (#174 fwininger)
|
data/Gemfile
CHANGED
data/README.md
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
# ApiAuth
|
2
2
|
|
3
|
-
[![Build Status](https://
|
3
|
+
[![Build Status](https://github.com/mgomes/api_auth/actions/workflows/main.yml/badge.svg?branch=master)](https://github.com/mgomes/api_auth/actions)
|
4
4
|
[![Gem Version](https://badge.fury.io/rb/api-auth.svg)](https://badge.fury.io/rb/api-auth)
|
5
5
|
|
6
6
|
Logins and passwords are for humans. Communication between applications need to
|
@@ -21,16 +21,18 @@ have to be written in the same language as the clients.
|
|
21
21
|
## How it works
|
22
22
|
|
23
23
|
1. A canonical string is first created using your HTTP headers containing the
|
24
|
-
content-type
|
25
|
-
content-
|
26
|
-
timestamp isn't present, a valid HTTP date is
|
27
|
-
request. The canonical string is computed as follows:
|
24
|
+
`content-type`, `X-Authorization-Content-SHA256`, request path and the date/time stamp.
|
25
|
+
If `content-type` or `X-Authorization-Content-SHA256` are not present, then a blank
|
26
|
+
string is used in their place. If the timestamp isn't present, a valid HTTP date is
|
27
|
+
automatically added to the request. The canonical string is computed as follows:
|
28
28
|
|
29
|
+
```ruby
|
30
|
+
canonical_string = "#{http method},#{content-type},#{X-Authorization-Content-SHA256},#{request URI},#{timestamp}"
|
29
31
|
```
|
30
|
-
canonical_string = "#{http method},#{content-type},#{content-MD5},#{request URI},#{timestamp}"
|
31
32
|
|
32
33
|
e.g.,
|
33
34
|
|
35
|
+
```ruby
|
34
36
|
canonical_string = 'POST,application/json,,request_path,Tue, 30 May 2017 03:51:43 GMT'
|
35
37
|
```
|
36
38
|
|
@@ -39,13 +41,13 @@ SHA1 HMAC, using the client's private secret key.
|
|
39
41
|
|
40
42
|
3. This signature is then added as the `Authorization` HTTP header in the form:
|
41
43
|
|
42
|
-
```
|
44
|
+
```ruby
|
43
45
|
Authorization = APIAuth "#{client access id}:#{signature from step 2}"
|
44
46
|
```
|
45
47
|
|
46
48
|
A cURL request would look like:
|
47
49
|
|
48
|
-
```
|
50
|
+
```sh
|
49
51
|
curl -X POST --header 'Content-Type: application/json' --header "Date: Tue, 30 May 2017 03:51:43 GMT" --header "Authorization: ${AUTHORIZATION}" http://my-app.com/request_path`
|
50
52
|
```
|
51
53
|
|
@@ -56,7 +58,6 @@ access id that was attached in the header. The access id can be any integer or
|
|
56
58
|
string that uniquely identifies the client. The signed request expires after 15
|
57
59
|
minutes in order to avoid replay attacks.
|
58
60
|
|
59
|
-
|
60
61
|
## References
|
61
62
|
|
62
63
|
* [Hash functions](http://en.wikipedia.org/wiki/Cryptographic_hash_function)
|
@@ -66,7 +67,7 @@ minutes in order to avoid replay attacks.
|
|
66
67
|
|
67
68
|
## Requirement
|
68
69
|
|
69
|
-
This gem require Ruby >= 2.
|
70
|
+
This gem require Ruby >= 2.5 and Rails >= 5.1 if you use rails.
|
70
71
|
|
71
72
|
For older version of Ruby or Rails, please use ApiAuth v2.1 and older.
|
72
73
|
|
@@ -77,7 +78,7 @@ For older version of Ruby or Rails, please use ApiAuth v2.1 and older.
|
|
77
78
|
The gem doesn't have any dependencies outside of having a working OpenSSL
|
78
79
|
configuration for your Ruby VM. To install:
|
79
80
|
|
80
|
-
```
|
81
|
+
```sh
|
81
82
|
[sudo] gem install api-auth
|
82
83
|
```
|
83
84
|
|
@@ -104,15 +105,15 @@ Here's a sample implementation of signing a request created with RestClient.
|
|
104
105
|
|
105
106
|
Assuming you have a client access id and secret as follows:
|
106
107
|
|
107
|
-
```
|
108
|
+
```ruby
|
108
109
|
@access_id = "1044"
|
109
110
|
@secret_key = ApiAuth.generate_secret_key
|
110
111
|
```
|
111
112
|
|
112
113
|
A typical RestClient PUT request may look like:
|
113
114
|
|
114
|
-
```
|
115
|
-
headers = { 'Content-
|
115
|
+
```ruby
|
116
|
+
headers = { 'X-Authorization-Content-SHA256' => "dWiCWEMZWMxeKM8W8Yuh/TbI29Hw5xUSXZWXEJv63+Y=",
|
116
117
|
'Content-Type' => "text/plain",
|
117
118
|
'Date' => "Mon, 23 Jan 1984 03:29:56 GMT"
|
118
119
|
}
|
@@ -126,7 +127,7 @@ headers = { 'Content-MD5' => "e59ff97941044f85df5297e1c302d260",
|
|
126
127
|
|
127
128
|
To sign that request, simply call the `sign!` method as follows:
|
128
129
|
|
129
|
-
```
|
130
|
+
```ruby
|
130
131
|
@signed_request = ApiAuth.sign!(@request, @access_id, @secret_key)
|
131
132
|
```
|
132
133
|
|
@@ -140,26 +141,26 @@ If you are signing a request for a driver that doesn't support automatic http
|
|
140
141
|
method detection (like Curb or httpi), you can pass the http method as an option
|
141
142
|
into the sign! method like so:
|
142
143
|
|
143
|
-
```
|
144
|
+
```ruby
|
144
145
|
@signed_request = ApiAuth.sign!(@request, @access_id, @secret_key, :override_http_method => "PUT")
|
145
146
|
```
|
146
147
|
|
147
148
|
If you want to use another digest existing in `OpenSSL::Digest`,
|
148
149
|
you can pass the http method as an option into the sign! method like so:
|
149
150
|
|
150
|
-
```
|
151
|
+
```ruby
|
151
152
|
@signed_request = ApiAuth.sign!(@request, @access_id, @secret_key, :digest => 'sha256')
|
152
153
|
```
|
153
154
|
|
154
155
|
With the `digest` option, the `Authorization` header will be change from:
|
155
156
|
|
156
|
-
```
|
157
|
+
```sh
|
157
158
|
Authorization = APIAuth 'client access id':'signature'
|
158
159
|
```
|
159
160
|
|
160
161
|
to:
|
161
162
|
|
162
|
-
```
|
163
|
+
```sh
|
163
164
|
Authorization = APIAuth-HMAC-DIGEST_NAME 'client access id':'signature'
|
164
165
|
```
|
165
166
|
|
@@ -168,7 +169,7 @@ Authorization = APIAuth-HMAC-DIGEST_NAME 'client access id':'signature'
|
|
168
169
|
ApiAuth can transparently protect your ActiveResource communications with a
|
169
170
|
single configuration line:
|
170
171
|
|
171
|
-
```
|
172
|
+
```ruby
|
172
173
|
class MyResource < ActiveResource::Base
|
173
174
|
with_api_auth(access_id, secret_key)
|
174
175
|
end
|
@@ -181,7 +182,7 @@ This will automatically sign all outgoing ActiveResource requests from your app.
|
|
181
182
|
ApiAuth also works with [Flexirest](https://github.com/andyjeffries/flexirest) (used to be ActiveRestClient, but that is now unsupported) in a very similar way.
|
182
183
|
Simply add this configuration to your Flexirest initializer in your app and it will automatically sign all outgoing requests.
|
183
184
|
|
184
|
-
```
|
185
|
+
```ruby
|
185
186
|
Flexirest::Base.api_auth_credentials(@access_id, @secret_key)
|
186
187
|
```
|
187
188
|
|
@@ -192,20 +193,20 @@ clients as well as verifying incoming API requests.
|
|
192
193
|
|
193
194
|
To generate a Base64 encoded API key for a client:
|
194
195
|
|
195
|
-
```
|
196
|
+
```ruby
|
196
197
|
ApiAuth.generate_secret_key
|
197
198
|
```
|
198
199
|
|
199
200
|
To validate whether or not a request is authentic:
|
200
201
|
|
201
|
-
```
|
202
|
+
```ruby
|
202
203
|
ApiAuth.authentic?(signed_request, secret_key)
|
203
204
|
```
|
204
205
|
|
205
206
|
The `authentic?` method uses the digest specified in the `Authorization` header.
|
206
207
|
For example SHA256 for:
|
207
208
|
|
208
|
-
```
|
209
|
+
```sh
|
209
210
|
Authorization = APIAuth-HMAC-SHA256 'client access id':'signature'
|
210
211
|
```
|
211
212
|
|
@@ -213,7 +214,7 @@ And by default SHA1 if the HMAC-DIGEST is not specified.
|
|
213
214
|
|
214
215
|
If you want to force the usage of another digest method, you should pass it as an option parameter:
|
215
216
|
|
216
|
-
```
|
217
|
+
```ruby
|
217
218
|
ApiAuth.authentic?(signed_request, secret_key, :digest => 'sha256')
|
218
219
|
```
|
219
220
|
|
@@ -272,13 +273,13 @@ To run the tests:
|
|
272
273
|
|
273
274
|
Install the dependencies for a particular Rails version by specifying a gemfile in `gemfiles` directory:
|
274
275
|
|
275
|
-
```
|
276
|
+
```sh
|
276
277
|
BUNDLE_GEMFILE=gemfiles/rails_5.gemfile bundle install
|
277
278
|
```
|
278
279
|
|
279
280
|
Run the tests with those dependencies:
|
280
281
|
|
281
|
-
```
|
282
|
+
```sh
|
282
283
|
BUNDLE_GEMFILE=gemfiles/rails_5.gemfile bundle exec rake
|
283
284
|
```
|
284
285
|
|
@@ -290,6 +291,7 @@ the public methods for each driver are required to be implemented by your driver
|
|
290
291
|
|
291
292
|
* [Mauricio Gomes](http://github.com/mgomes)
|
292
293
|
* [Kevin Glowacz](http://github.com/kjg)
|
294
|
+
* [Florian Wininger](http://github.com/fwininger)
|
293
295
|
|
294
296
|
## Copyright
|
295
297
|
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
2.
|
1
|
+
2.5.1
|
data/api_auth.gemspec
CHANGED
@@ -8,16 +8,21 @@ Gem::Specification.new do |s|
|
|
8
8
|
s.version = File.read(File.join(File.dirname(__FILE__), 'VERSION'))
|
9
9
|
s.authors = ['Mauricio Gomes']
|
10
10
|
s.email = 'mauricio@edge14.com'
|
11
|
+
s.license = 'MIT'
|
11
12
|
|
12
|
-
s.
|
13
|
+
s.metadata = {
|
14
|
+
'rubygems_mfa_required' => 'true'
|
15
|
+
}
|
13
16
|
|
14
|
-
s.
|
17
|
+
s.required_ruby_version = '>= 2.5.0'
|
18
|
+
|
19
|
+
s.add_development_dependency 'actionpack', '< 6.2', '> 5.0'
|
15
20
|
s.add_development_dependency 'activeresource', '>= 4.0'
|
16
|
-
s.add_development_dependency 'activesupport', '< 6.
|
21
|
+
s.add_development_dependency 'activesupport', '< 6.2', '> 5.0'
|
17
22
|
s.add_development_dependency 'amatch'
|
18
23
|
s.add_development_dependency 'appraisal'
|
19
24
|
s.add_development_dependency 'curb', '~> 0.8'
|
20
|
-
s.add_development_dependency 'faraday', '>= 0
|
25
|
+
s.add_development_dependency 'faraday', '>= 1.1.0'
|
21
26
|
s.add_development_dependency 'http'
|
22
27
|
s.add_development_dependency 'httpi'
|
23
28
|
s.add_development_dependency 'multipart-post', '~> 2.0'
|
@@ -26,6 +31,8 @@ Gem::Specification.new do |s|
|
|
26
31
|
s.add_development_dependency 'rest-client', '~> 2.0'
|
27
32
|
s.add_development_dependency 'grape', '~> 1.1.0'
|
28
33
|
s.add_development_dependency 'rspec', '~> 3.4'
|
34
|
+
s.add_development_dependency 'rexml'
|
35
|
+
s.add_development_dependency 'rubocop'
|
29
36
|
|
30
37
|
s.files = `git ls-files`.split("\n")
|
31
38
|
s.test_files = `git ls-files -- {test,spec,features}/*`.split("\n")
|
data/gemfiles/rails_52.gemfile
CHANGED
@@ -1,9 +1,9 @@
|
|
1
1
|
# This file was generated by Appraisal
|
2
2
|
|
3
|
-
source
|
3
|
+
source "https://rubygems.org"
|
4
4
|
|
5
|
-
gem
|
6
|
-
gem
|
7
|
-
gem
|
5
|
+
gem "actionpack", "~> 5.2"
|
6
|
+
gem "activeresource", "~> 5.1"
|
7
|
+
gem "activesupport", "~> 5.2"
|
8
8
|
|
9
|
-
gemspec path:
|
9
|
+
gemspec path: "../"
|
data/gemfiles/rails_60.gemfile
CHANGED
@@ -1,11 +1,9 @@
|
|
1
1
|
# This file was generated by Appraisal
|
2
2
|
|
3
|
-
source
|
3
|
+
source "https://rubygems.org"
|
4
4
|
|
5
|
-
gem
|
6
|
-
gem
|
7
|
-
gem
|
5
|
+
gem "actionpack", "~> 6.0"
|
6
|
+
gem "activeresource", "~> 5.1"
|
7
|
+
gem "activesupport", "~> 6.0"
|
8
8
|
|
9
|
-
|
10
|
-
|
11
|
-
gemspec path: '../'
|
9
|
+
gemspec path: "../"
|
data/lib/api_auth/base.rb
CHANGED
@@ -22,7 +22,7 @@ module ApiAuth
|
|
22
22
|
def sign!(request, access_id, secret_key, options = {})
|
23
23
|
options = { override_http_method: nil, digest: 'sha1' }.merge(options)
|
24
24
|
headers = Headers.new(request)
|
25
|
-
headers.
|
25
|
+
headers.calculate_hash
|
26
26
|
headers.set_date
|
27
27
|
headers.sign_header auth_header(headers, access_id, secret_key, options)
|
28
28
|
end
|
@@ -39,7 +39,7 @@ module ApiAuth
|
|
39
39
|
# 900 seconds is 15 minutes
|
40
40
|
clock_skew = options.fetch(:clock_skew, 900)
|
41
41
|
|
42
|
-
if headers.
|
42
|
+
if headers.content_hash_mismatch?
|
43
43
|
false
|
44
44
|
elsif !signatures_match?(headers, secret_key, options)
|
45
45
|
false
|
data/lib/api_auth/headers.rb
CHANGED
@@ -61,7 +61,7 @@ module ApiAuth
|
|
61
61
|
|
62
62
|
canonical_array = [request_method.upcase,
|
63
63
|
@request.content_type,
|
64
|
-
@request.
|
64
|
+
@request.content_hash,
|
65
65
|
parse_uri(@request.original_uri || @request.request_uri),
|
66
66
|
@request.timestamp]
|
67
67
|
|
@@ -81,15 +81,15 @@ module ApiAuth
|
|
81
81
|
@request.set_date if @request.timestamp.nil?
|
82
82
|
end
|
83
83
|
|
84
|
-
def
|
85
|
-
@request.
|
84
|
+
def calculate_hash
|
85
|
+
@request.populate_content_hash if @request.content_hash.nil?
|
86
86
|
end
|
87
87
|
|
88
|
-
def
|
89
|
-
if @request.
|
88
|
+
def content_hash_mismatch?
|
89
|
+
if @request.content_hash.nil?
|
90
90
|
false
|
91
91
|
else
|
92
|
-
@request.
|
92
|
+
@request.content_hash_mismatch?
|
93
93
|
end
|
94
94
|
end
|
95
95
|
|
data/lib/api_auth/helpers.rb
CHANGED
data/lib/api_auth/railtie.rb
CHANGED
@@ -13,8 +13,10 @@ module ApiAuth
|
|
13
13
|
end
|
14
14
|
end
|
15
15
|
|
16
|
-
ActiveSupport
|
17
|
-
|
16
|
+
if defined?(ActiveSupport)
|
17
|
+
ActiveSupport.on_load(:action_controller) do
|
18
|
+
ActionController::Base.include(ControllerMethods::InstanceMethods)
|
19
|
+
end
|
18
20
|
end
|
19
21
|
end # ControllerMethods
|
20
22
|
|
@@ -71,7 +73,9 @@ module ApiAuth
|
|
71
73
|
tmp = "Net::HTTP::#{method.to_s.capitalize}".constantize.new(path, h)
|
72
74
|
tmp.body = arguments[0] if arguments.length > 1
|
73
75
|
ApiAuth.sign!(tmp, hmac_access_id, hmac_secret_key, api_auth_options)
|
74
|
-
|
76
|
+
if tmp['X-Authorization-Content-SHA256']
|
77
|
+
arguments.last['X-Authorization-Content-SHA256'] = tmp['X-Authorization-Content-SHA256']
|
78
|
+
end
|
75
79
|
arguments.last['DATE'] = tmp['DATE']
|
76
80
|
arguments.last['Authorization'] = tmp['Authorization']
|
77
81
|
end
|
@@ -80,9 +84,11 @@ module ApiAuth
|
|
80
84
|
end
|
81
85
|
end # Connection
|
82
86
|
|
83
|
-
ActiveSupport
|
84
|
-
|
85
|
-
|
87
|
+
if defined?(ActiveSupport)
|
88
|
+
ActiveSupport.on_load(:active_resource) do
|
89
|
+
ActiveResource::Base.include(ActiveResourceApiAuth)
|
90
|
+
ActiveResource::Connection.include(Connection)
|
91
|
+
end
|
86
92
|
end
|
87
93
|
end # ActiveResourceExtension
|
88
94
|
end # Rails
|