api-auth 2.4.1 → 2.5.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (49) hide show
  1. checksums.yaml +4 -4
  2. data/.github/workflows/main.yml +67 -0
  3. data/.gitignore +2 -0
  4. data/.rubocop.yml +15 -2
  5. data/.rubocop_todo.yml +29 -19
  6. data/Appraisals +12 -18
  7. data/CHANGELOG.md +8 -0
  8. data/Gemfile +0 -2
  9. data/README.md +29 -27
  10. data/VERSION +1 -1
  11. data/api_auth.gemspec +11 -4
  12. data/gemfiles/rails_52.gemfile +5 -5
  13. data/gemfiles/rails_60.gemfile +5 -7
  14. data/gemfiles/rails_61.gemfile +9 -0
  15. data/lib/api_auth/base.rb +2 -2
  16. data/lib/api_auth/headers.rb +6 -6
  17. data/lib/api_auth/helpers.rb +2 -2
  18. data/lib/api_auth/railtie.rb +3 -1
  19. data/lib/api_auth/request_drivers/action_controller.rb +8 -8
  20. data/lib/api_auth/request_drivers/curb.rb +4 -4
  21. data/lib/api_auth/request_drivers/faraday.rb +11 -11
  22. data/lib/api_auth/request_drivers/grape_request.rb +8 -8
  23. data/lib/api_auth/request_drivers/http.rb +8 -8
  24. data/lib/api_auth/request_drivers/httpi.rb +8 -8
  25. data/lib/api_auth/request_drivers/net_http.rb +8 -8
  26. data/lib/api_auth/request_drivers/rack.rb +8 -8
  27. data/lib/api_auth/request_drivers/rest_client.rb +8 -8
  28. data/spec/api_auth_spec.rb +8 -8
  29. data/spec/headers_spec.rb +26 -26
  30. data/spec/helpers_spec.rb +1 -1
  31. data/spec/railtie_spec.rb +3 -3
  32. data/spec/request_drivers/action_controller_spec.rb +74 -35
  33. data/spec/request_drivers/action_dispatch_spec.rb +74 -35
  34. data/spec/request_drivers/curb_spec.rb +8 -8
  35. data/spec/request_drivers/faraday_spec.rb +43 -43
  36. data/spec/request_drivers/grape_request_spec.rb +33 -32
  37. data/spec/request_drivers/http_spec.rb +23 -23
  38. data/spec/request_drivers/httpi_spec.rb +22 -22
  39. data/spec/request_drivers/net_http_spec.rb +23 -23
  40. data/spec/request_drivers/rack_spec.rb +35 -35
  41. data/spec/request_drivers/rest_client_spec.rb +36 -36
  42. metadata +48 -23
  43. data/.travis.yml +0 -37
  44. data/gemfiles/http2.gemfile +0 -7
  45. data/gemfiles/http3.gemfile +0 -7
  46. data/gemfiles/http4.gemfile +0 -7
  47. data/gemfiles/rails_5.gemfile +0 -9
  48. data/gemfiles/rails_51.gemfile +0 -9
  49. data/spec/.rubocop.yml +0 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 60f6b22c31a0167767c8aa90d9e831bde874fd6831798d1c1a5104849005a4f4
4
- data.tar.gz: 9be6acbac2c38e6fc0d0af33d6ba9fd6f9bc4ca0dc5dc6050fee1a8e139d94b5
3
+ metadata.gz: 232d1199b2fd74328e77ba9dd3362789798585b3d88df7c6d4688cf843475190
4
+ data.tar.gz: 879689b7f0b691212e0c14a80e087a041769241221b7a88f094c1003b29cfa9c
5
5
  SHA512:
6
- metadata.gz: 30f33a8543297ceb7e99bb028cca8377e5af639957d9edc06e36f1968d252a0012357030e726d9ff7024ebc99da30e9a1bb324eba686ffb6c784931ac2063620
7
- data.tar.gz: 00b796d683a878643d152f8bad511f38d92fcf6182e941eff490609b5f122b301b08c8820af7229b9a5b744414ded4069054523244bba571a1bc408da6b4ba06
6
+ metadata.gz: 2cb0fbdf6f5984f7334bdfa8a16309837c35b146eab39cd723203cd6861c9ce1e51d66fa2f73a3bb6a9490eaec2af0e3c73b34a03726d26360fc664aa7095f32
7
+ data.tar.gz: 9a1e90785610686db8c1a84943d138f9528dd5ce28965774cfe3112ea74850d898694a7a2bd458ef513f0fd48db56015b8662c53ec78ec38d714080b6f59ed68
@@ -0,0 +1,67 @@
1
+ name: main
2
+ on:
3
+ - push
4
+ - pull_request
5
+ jobs:
6
+ rspec:
7
+ runs-on: ubuntu-latest
8
+ strategy:
9
+ fail-fast: true
10
+ matrix:
11
+ ruby-version:
12
+ - 2.5
13
+ - 2.6
14
+ - 2.7
15
+ - 3.0
16
+ gemfile:
17
+ - rails_52.gemfile
18
+ - rails_60.gemfile
19
+ - rails_61.gemfile
20
+ exclude:
21
+ - ruby-version: [ 2.6, 2.7, 3.0 ]
22
+ gemfile: rails_52.gemfile
23
+ - ruby-version: 3.0
24
+ gemfile: rails_60.gemfile
25
+ steps:
26
+ - name: Install packages required for `curb` gem
27
+ run: |
28
+ sudo apt-get update
29
+ sudo apt-get install -y libcurl4 libcurl3-gnutls libcurl4-openssl-dev
30
+
31
+ - name: Checkout repository
32
+ uses: actions/checkout@v2
33
+
34
+ - name: Install Ruby
35
+ uses: ruby/setup-ruby@v1
36
+ with:
37
+ ruby-version: ${{ matrix.ruby-version }}
38
+ bundler-cache: true
39
+
40
+ - name: Install required gems
41
+ run: BUNDLE_GEMFILE=gemfiles/${{ matrix.gemfile }} bundle install
42
+
43
+ - name: Run rspec tests
44
+ run: BUNDLE_GEMFILE=gemfiles/${{ matrix.gemfile }} bundle exec rspec
45
+
46
+ rubocop:
47
+ runs-on: ubuntu-latest
48
+ steps:
49
+ - name: Install packages required for `curb` gem
50
+ run: |
51
+ sudo apt-get update
52
+ sudo apt-get install -y libcurl4 libcurl3-gnutls libcurl4-openssl-dev
53
+
54
+ - name: Checkout repository
55
+ uses: actions/checkout@v2
56
+
57
+ - name: Install Ruby
58
+ uses: ruby/setup-ruby@v1
59
+ with:
60
+ ruby-version: 3.0
61
+ bundler-cache: true
62
+
63
+ - name: Install required gems
64
+ run: bundle install
65
+
66
+ - name: Run rubocop
67
+ run: bundle exec rubocop
data/.gitignore CHANGED
@@ -8,4 +8,6 @@
8
8
  /doc
9
9
  /.yardoc
10
10
  gemfiles/*.lock
11
+ gemfiles/.bundle/
11
12
  /.idea
13
+ *.gem
data/.rubocop.yml CHANGED
@@ -1,10 +1,11 @@
1
1
  inherit_from: .rubocop_todo.yml
2
2
 
3
3
  AllCops:
4
- TargetRubyVersion: 2.4
4
+ NewCops: enable
5
+ TargetRubyVersion: 2.5
5
6
 
6
7
  Metrics/AbcSize:
7
- Max: 25
8
+ Max: 28
8
9
 
9
10
  # Configuration parameters: AllowHeredoc, AllowURI, URISchemes, IgnoreCopDirectives, IgnoredPatterns.
10
11
  # URISchemes: http, https
@@ -14,9 +15,21 @@ Layout/LineLength:
14
15
  Metrics/MethodLength:
15
16
  Max: 40
16
17
 
18
+ Metrics/BlockLength:
19
+ Exclude:
20
+ - 'spec/**/*.rb'
21
+ - 'api_auth.gemspec'
22
+
17
23
  Naming/FileName:
18
24
  Exclude:
19
25
  - 'lib/api-auth.rb'
20
26
 
21
27
  Style/FrozenStringLiteralComment:
22
28
  Enabled: false
29
+
30
+ Style/StringLiterals:
31
+ Exclude:
32
+ - 'gemfiles/*.gemfile'
33
+
34
+ Lint/DuplicateBranch:
35
+ Enabled: false
data/.rubocop_todo.yml CHANGED
@@ -1,6 +1,6 @@
1
1
  # This configuration was generated by
2
2
  # `rubocop --auto-gen-config`
3
- # on 2018-10-22 20:30:52 +0700 using RuboCop version 0.59.2.
3
+ # on 2021-03-26 22:04:17 UTC using RuboCop version 1.12.0.
4
4
  # The point is for the user to remove these configuration records
5
5
  # one by one as the offenses are removed from the code base.
6
6
  # Note that changes in the inspected code, or installation of new
@@ -8,7 +8,7 @@
8
8
 
9
9
  # Offense count: 1
10
10
  # Cop supports --auto-correct.
11
- # Configuration parameters: Include, TreatCommentsAsGroupSeparators.
11
+ # Configuration parameters: TreatCommentsAsGroupSeparators, ConsiderPunctuation, Include.
12
12
  # Include: **/*.gemspec
13
13
  Gemspec/OrderedDependencies:
14
14
  Exclude:
@@ -20,6 +20,13 @@ Lint/AssignmentInCondition:
20
20
  Exclude:
21
21
  - 'lib/api_auth/base.rb'
22
22
 
23
+ # Offense count: 4
24
+ # Configuration parameters: AllowedMethods.
25
+ # AllowedMethods: enums
26
+ Lint/ConstantDefinitionInBlock:
27
+ Exclude:
28
+ - 'spec/railtie_spec.rb'
29
+
23
30
  # Offense count: 9
24
31
  # Configuration parameters: CheckForMethodsWithNoSideEffects.
25
32
  Lint/Void:
@@ -35,19 +42,21 @@ Lint/Void:
35
42
  - 'lib/api_auth/request_drivers/rest_client.rb'
36
43
 
37
44
  # Offense count: 1
38
- # Configuration parameters: CountComments, ExcludedMethods.
39
- # ExcludedMethods: refine
45
+ # Configuration parameters: IgnoredMethods, CountRepeatedAttributes.
46
+ Metrics/AbcSize:
47
+ Max: 28
48
+
49
+ # Offense count: 1
50
+ # Configuration parameters: CountComments, CountAsOne, ExcludedMethods, IgnoredMethods.
51
+ # IgnoredMethods: refine
40
52
  Metrics/BlockLength:
41
53
  Max: 27
42
54
 
43
- # Offense count: 1
55
+ # Offense count: 2
56
+ # Configuration parameters: IgnoredMethods.
44
57
  Metrics/CyclomaticComplexity:
45
58
  Max: 15
46
59
 
47
- # Offense count: 1
48
- Metrics/PerceivedComplexity:
49
- Max: 8
50
-
51
60
  # Offense count: 10
52
61
  Naming/AccessorMethodName:
53
62
  Exclude:
@@ -64,29 +73,30 @@ Naming/AccessorMethodName:
64
73
 
65
74
  # Offense count: 3
66
75
  # Configuration parameters: MinNameLength, AllowNamesEndingInNumbers, AllowedNames, ForbiddenNames.
67
- # AllowedNames: io, id, to, by, on, in, at, ip, db
76
+ # AllowedNames: at, by, db, id, in, io, ip, of, on, os, pp, to
68
77
  Naming/MethodParameterName:
69
78
  Exclude:
70
79
  - 'lib/api_auth/base.rb'
71
80
  - 'spec/railtie_spec.rb'
72
81
 
73
- # Offense count: 1
74
- # Configuration parameters: EnforcedStyle.
75
- # SupportedStyles: inline, group
76
- Style/AccessModifierDeclarations:
77
- Exclude:
78
- - 'lib/api_auth/headers.rb'
79
-
80
82
  # Offense count: 9
83
+ # Cop supports --auto-correct.
81
84
  Style/CommentedKeyword:
82
85
  Exclude:
83
86
  - 'lib/api_auth/base.rb'
84
87
  - 'lib/api_auth/railtie.rb'
85
88
 
86
- # Offense count: 4
89
+ # Offense count: 3
90
+ # Configuration parameters: AllowedConstants.
87
91
  Style/Documentation:
88
92
  Exclude:
89
93
  - 'spec/**/*'
90
94
  - 'test/**/*'
91
95
  - 'lib/api_auth/railtie.rb'
92
- - 'lib/api_auth/request_drivers/rest_client.rb'
96
+
97
+ # Offense count: 1
98
+ # Configuration parameters: AllowedMethods.
99
+ # AllowedMethods: respond_to_missing?
100
+ Style/OptionalBooleanParameter:
101
+ Exclude:
102
+ - 'lib/api_auth/railtie.rb'
data/Appraisals CHANGED
@@ -1,23 +1,17 @@
1
- appraise 'rails-5' do
2
- gem 'actionpack', '~> 5.0.2'
3
- gem 'activeresource', '~> 5.0.2'
4
- gem 'activesupport', '~> 5.0.2'
1
+ appraise 'rails-52' do
2
+ gem 'actionpack', '~> 5.2'
3
+ gem 'activeresource', '~> 5.1'
4
+ gem 'activesupport', '~> 5.2'
5
5
  end
6
6
 
7
- appraise 'rails-42' do
8
- gem 'actionpack', '~> 4.2.0'
9
- gem 'activeresource', '~> 4.0.0'
10
- gem 'activesupport', '~> 4.2.0'
7
+ appraise 'rails-60' do
8
+ gem 'actionpack', '~> 6.0'
9
+ gem 'activeresource', '~> 5.1'
10
+ gem 'activesupport', '~> 6.0'
11
11
  end
12
12
 
13
- appraise 'rails-41' do
14
- gem 'actionpack', '~> 4.1.0'
15
- gem 'activeresource', '~> 4.0.0'
16
- gem 'activesupport', '~> 4.1.0'
17
- end
18
-
19
- appraise 'rails-4' do
20
- gem 'actionpack', '~> 4.0.4'
21
- gem 'activeresource', '~> 4.0.0'
22
- gem 'activesupport', '~> 4.0.4'
13
+ appraise 'rails-61' do
14
+ gem 'actionpack', '~> 6.1'
15
+ gem 'activeresource', '~> 5.1'
16
+ gem 'activesupport', '~> 6.1'
23
17
  end
data/CHANGELOG.md CHANGED
@@ -1,3 +1,11 @@
1
+ # 2.5.0 (2021-05-11)
2
+ - Add support for Ruby 3.0 (#194 fwininger)
3
+ - Add support for Rails 6.1 (#194 fwininger)
4
+ - Drop support for Ruby 2.4 (#193 fwininger)
5
+ - Drop support for Rails 5.0 (#194 fwininger)
6
+ - Drop support for Rails 5.1 (#194 fwininger)
7
+ - Fix Faraday warning: `WARNING: Faraday::Request#method is deprecated` (#191 fwininger)
8
+
1
9
  # 2.4.1 (2020-06-23)
2
10
  - Fix inadvertant ActiveSupport dependecy (#189 taylorthurlow)
3
11
 
data/Gemfile CHANGED
@@ -1,4 +1,2 @@
1
1
  source 'https://rubygems.org'
2
2
  gemspec
3
-
4
- gem 'rubocop'
data/README.md CHANGED
@@ -1,6 +1,6 @@
1
1
  # ApiAuth
2
2
 
3
- [![Build Status](https://travis-ci.org/mgomes/api_auth.svg?branch=master)](https://travis-ci.org/mgomes/api_auth)
3
+ [![Build Status](https://github.com/mgomes/api_auth/actions/workflows/main.yml/badge.svg?branch=master)](https://github.com/mgomes/api_auth/actions)
4
4
  [![Gem Version](https://badge.fury.io/rb/api-auth.svg)](https://badge.fury.io/rb/api-auth)
5
5
 
6
6
  Logins and passwords are for humans. Communication between applications need to
@@ -21,16 +21,18 @@ have to be written in the same language as the clients.
21
21
  ## How it works
22
22
 
23
23
  1. A canonical string is first created using your HTTP headers containing the
24
- content-type, content-MD5, request path and the date/time stamp. If content-type or
25
- content-MD5 are not present, then a blank string is used in their place. If the
26
- timestamp isn't present, a valid HTTP date is automatically added to the
27
- request. The canonical string is computed as follows:
24
+ `content-type`, `X-Authorization-Content-SHA256`, request path and the date/time stamp.
25
+ If `content-type` or `X-Authorization-Content-SHA256` are not present, then a blank
26
+ string is used in their place. If the timestamp isn't present, a valid HTTP date is
27
+ automatically added to the request. The canonical string is computed as follows:
28
28
 
29
+ ```ruby
30
+ canonical_string = "#{http method},#{content-type},#{X-Authorization-Content-SHA256},#{request URI},#{timestamp}"
29
31
  ```
30
- canonical_string = "#{http method},#{content-type},#{content-MD5},#{request URI},#{timestamp}"
31
32
 
32
33
  e.g.,
33
34
 
35
+ ```ruby
34
36
  canonical_string = 'POST,application/json,,request_path,Tue, 30 May 2017 03:51:43 GMT'
35
37
  ```
36
38
 
@@ -39,13 +41,13 @@ SHA1 HMAC, using the client's private secret key.
39
41
 
40
42
  3. This signature is then added as the `Authorization` HTTP header in the form:
41
43
 
42
- ```
44
+ ```ruby
43
45
  Authorization = APIAuth "#{client access id}:#{signature from step 2}"
44
46
  ```
45
47
 
46
48
  A cURL request would look like:
47
49
 
48
- ```
50
+ ```sh
49
51
  curl -X POST --header 'Content-Type: application/json' --header "Date: Tue, 30 May 2017 03:51:43 GMT" --header "Authorization: ${AUTHORIZATION}" http://my-app.com/request_path`
50
52
  ```
51
53
 
@@ -56,7 +58,6 @@ access id that was attached in the header. The access id can be any integer or
56
58
  string that uniquely identifies the client. The signed request expires after 15
57
59
  minutes in order to avoid replay attacks.
58
60
 
59
-
60
61
  ## References
61
62
 
62
63
  * [Hash functions](http://en.wikipedia.org/wiki/Cryptographic_hash_function)
@@ -66,7 +67,7 @@ minutes in order to avoid replay attacks.
66
67
 
67
68
  ## Requirement
68
69
 
69
- This gem require Ruby >= 2.3 and Rails >= 4.0 if you use rails.
70
+ This gem require Ruby >= 2.5 and Rails >= 5.1 if you use rails.
70
71
 
71
72
  For older version of Ruby or Rails, please use ApiAuth v2.1 and older.
72
73
 
@@ -77,7 +78,7 @@ For older version of Ruby or Rails, please use ApiAuth v2.1 and older.
77
78
  The gem doesn't have any dependencies outside of having a working OpenSSL
78
79
  configuration for your Ruby VM. To install:
79
80
 
80
- ```bash
81
+ ```sh
81
82
  [sudo] gem install api-auth
82
83
  ```
83
84
 
@@ -104,15 +105,15 @@ Here's a sample implementation of signing a request created with RestClient.
104
105
 
105
106
  Assuming you have a client access id and secret as follows:
106
107
 
107
- ``` ruby
108
+ ```ruby
108
109
  @access_id = "1044"
109
110
  @secret_key = ApiAuth.generate_secret_key
110
111
  ```
111
112
 
112
113
  A typical RestClient PUT request may look like:
113
114
 
114
- ``` ruby
115
- headers = { 'Content-MD5' => "e59ff97941044f85df5297e1c302d260",
115
+ ```ruby
116
+ headers = { 'X-Authorization-Content-SHA256' => "dWiCWEMZWMxeKM8W8Yuh/TbI29Hw5xUSXZWXEJv63+Y=",
116
117
  'Content-Type' => "text/plain",
117
118
  'Date' => "Mon, 23 Jan 1984 03:29:56 GMT"
118
119
  }
@@ -126,7 +127,7 @@ headers = { 'Content-MD5' => "e59ff97941044f85df5297e1c302d260",
126
127
 
127
128
  To sign that request, simply call the `sign!` method as follows:
128
129
 
129
- ``` ruby
130
+ ```ruby
130
131
  @signed_request = ApiAuth.sign!(@request, @access_id, @secret_key)
131
132
  ```
132
133
 
@@ -140,26 +141,26 @@ If you are signing a request for a driver that doesn't support automatic http
140
141
  method detection (like Curb or httpi), you can pass the http method as an option
141
142
  into the sign! method like so:
142
143
 
143
- ``` ruby
144
+ ```ruby
144
145
  @signed_request = ApiAuth.sign!(@request, @access_id, @secret_key, :override_http_method => "PUT")
145
146
  ```
146
147
 
147
148
  If you want to use another digest existing in `OpenSSL::Digest`,
148
149
  you can pass the http method as an option into the sign! method like so:
149
150
 
150
- ``` ruby
151
+ ```ruby
151
152
  @signed_request = ApiAuth.sign!(@request, @access_id, @secret_key, :digest => 'sha256')
152
153
  ```
153
154
 
154
155
  With the `digest` option, the `Authorization` header will be change from:
155
156
 
156
- ```
157
+ ```sh
157
158
  Authorization = APIAuth 'client access id':'signature'
158
159
  ```
159
160
 
160
161
  to:
161
162
 
162
- ```
163
+ ```sh
163
164
  Authorization = APIAuth-HMAC-DIGEST_NAME 'client access id':'signature'
164
165
  ```
165
166
 
@@ -168,7 +169,7 @@ Authorization = APIAuth-HMAC-DIGEST_NAME 'client access id':'signature'
168
169
  ApiAuth can transparently protect your ActiveResource communications with a
169
170
  single configuration line:
170
171
 
171
- ``` ruby
172
+ ```ruby
172
173
  class MyResource < ActiveResource::Base
173
174
  with_api_auth(access_id, secret_key)
174
175
  end
@@ -181,7 +182,7 @@ This will automatically sign all outgoing ActiveResource requests from your app.
181
182
  ApiAuth also works with [Flexirest](https://github.com/andyjeffries/flexirest) (used to be ActiveRestClient, but that is now unsupported) in a very similar way.
182
183
  Simply add this configuration to your Flexirest initializer in your app and it will automatically sign all outgoing requests.
183
184
 
184
- ``` ruby
185
+ ```ruby
185
186
  Flexirest::Base.api_auth_credentials(@access_id, @secret_key)
186
187
  ```
187
188
 
@@ -192,20 +193,20 @@ clients as well as verifying incoming API requests.
192
193
 
193
194
  To generate a Base64 encoded API key for a client:
194
195
 
195
- ``` ruby
196
+ ```ruby
196
197
  ApiAuth.generate_secret_key
197
198
  ```
198
199
 
199
200
  To validate whether or not a request is authentic:
200
201
 
201
- ``` ruby
202
+ ```ruby
202
203
  ApiAuth.authentic?(signed_request, secret_key)
203
204
  ```
204
205
 
205
206
  The `authentic?` method uses the digest specified in the `Authorization` header.
206
207
  For example SHA256 for:
207
208
 
208
- ```
209
+ ```sh
209
210
  Authorization = APIAuth-HMAC-SHA256 'client access id':'signature'
210
211
  ```
211
212
 
@@ -213,7 +214,7 @@ And by default SHA1 if the HMAC-DIGEST is not specified.
213
214
 
214
215
  If you want to force the usage of another digest method, you should pass it as an option parameter:
215
216
 
216
- ``` ruby
217
+ ```ruby
217
218
  ApiAuth.authentic?(signed_request, secret_key, :digest => 'sha256')
218
219
  ```
219
220
 
@@ -272,13 +273,13 @@ To run the tests:
272
273
 
273
274
  Install the dependencies for a particular Rails version by specifying a gemfile in `gemfiles` directory:
274
275
 
275
- ```
276
+ ```sh
276
277
  BUNDLE_GEMFILE=gemfiles/rails_5.gemfile bundle install
277
278
  ```
278
279
 
279
280
  Run the tests with those dependencies:
280
281
 
281
- ```
282
+ ```sh
282
283
  BUNDLE_GEMFILE=gemfiles/rails_5.gemfile bundle exec rake
283
284
  ```
284
285
 
@@ -290,6 +291,7 @@ the public methods for each driver are required to be implemented by your driver
290
291
 
291
292
  * [Mauricio Gomes](http://github.com/mgomes)
292
293
  * [Kevin Glowacz](http://github.com/kjg)
294
+ * [Florian Wininger](http://github.com/fwininger)
293
295
 
294
296
  ## Copyright
295
297
 
data/VERSION CHANGED
@@ -1 +1 @@
1
- 2.4.1
1
+ 2.5.1
data/api_auth.gemspec CHANGED
@@ -8,16 +8,21 @@ Gem::Specification.new do |s|
8
8
  s.version = File.read(File.join(File.dirname(__FILE__), 'VERSION'))
9
9
  s.authors = ['Mauricio Gomes']
10
10
  s.email = 'mauricio@edge14.com'
11
+ s.license = 'MIT'
11
12
 
12
- s.required_ruby_version = '>= 2.4.0'
13
+ s.metadata = {
14
+ 'rubygems_mfa_required' => 'true'
15
+ }
13
16
 
14
- s.add_development_dependency 'actionpack', '< 6.1', '> 4.0'
17
+ s.required_ruby_version = '>= 2.5.0'
18
+
19
+ s.add_development_dependency 'actionpack', '< 6.2', '> 5.0'
15
20
  s.add_development_dependency 'activeresource', '>= 4.0'
16
- s.add_development_dependency 'activesupport', '< 6.1', '> 4.0'
21
+ s.add_development_dependency 'activesupport', '< 6.2', '> 5.0'
17
22
  s.add_development_dependency 'amatch'
18
23
  s.add_development_dependency 'appraisal'
19
24
  s.add_development_dependency 'curb', '~> 0.8'
20
- s.add_development_dependency 'faraday', '>= 0.10'
25
+ s.add_development_dependency 'faraday', '>= 1.1.0'
21
26
  s.add_development_dependency 'http'
22
27
  s.add_development_dependency 'httpi'
23
28
  s.add_development_dependency 'multipart-post', '~> 2.0'
@@ -26,6 +31,8 @@ Gem::Specification.new do |s|
26
31
  s.add_development_dependency 'rest-client', '~> 2.0'
27
32
  s.add_development_dependency 'grape', '~> 1.1.0'
28
33
  s.add_development_dependency 'rspec', '~> 3.4'
34
+ s.add_development_dependency 'rexml'
35
+ s.add_development_dependency 'rubocop'
29
36
 
30
37
  s.files = `git ls-files`.split("\n")
31
38
  s.test_files = `git ls-files -- {test,spec,features}/*`.split("\n")
@@ -1,9 +1,9 @@
1
1
  # This file was generated by Appraisal
2
2
 
3
- source 'https://rubygems.org'
3
+ source "https://rubygems.org"
4
4
 
5
- gem 'actionpack', '~> 5.2.1'
6
- gem 'activeresource', '~> 5.1.0'
7
- gem 'activesupport', '~> 5.2.1'
5
+ gem "actionpack", "~> 5.2"
6
+ gem "activeresource", "~> 5.1"
7
+ gem "activesupport", "~> 5.2"
8
8
 
9
- gemspec path: '../'
9
+ gemspec path: "../"
@@ -1,11 +1,9 @@
1
1
  # This file was generated by Appraisal
2
2
 
3
- source 'https://rubygems.org'
3
+ source "https://rubygems.org"
4
4
 
5
- gem 'actionpack', '~> 6.0.0'
6
- gem 'activeresource', '~> 5.1.0'
7
- gem 'activesupport', '~> 6.0.0'
5
+ gem "actionpack", "~> 6.0"
6
+ gem "activeresource", "~> 5.1"
7
+ gem "activesupport", "~> 6.0"
8
8
 
9
- gem 'rubocop'
10
-
11
- gemspec path: '../'
9
+ gemspec path: "../"
@@ -0,0 +1,9 @@
1
+ # This file was generated by Appraisal
2
+
3
+ source "https://rubygems.org"
4
+
5
+ gem "actionpack", "~> 6.1"
6
+ gem "activeresource", "~> 5.1"
7
+ gem "activesupport", "~> 6.1"
8
+
9
+ gemspec path: "../"
data/lib/api_auth/base.rb CHANGED
@@ -22,7 +22,7 @@ module ApiAuth
22
22
  def sign!(request, access_id, secret_key, options = {})
23
23
  options = { override_http_method: nil, digest: 'sha1' }.merge(options)
24
24
  headers = Headers.new(request)
25
- headers.calculate_md5
25
+ headers.calculate_hash
26
26
  headers.set_date
27
27
  headers.sign_header auth_header(headers, access_id, secret_key, options)
28
28
  end
@@ -39,7 +39,7 @@ module ApiAuth
39
39
  # 900 seconds is 15 minutes
40
40
  clock_skew = options.fetch(:clock_skew, 900)
41
41
 
42
- if headers.md5_mismatch?
42
+ if headers.content_hash_mismatch?
43
43
  false
44
44
  elsif !signatures_match?(headers, secret_key, options)
45
45
  false
@@ -61,7 +61,7 @@ module ApiAuth
61
61
 
62
62
  canonical_array = [request_method.upcase,
63
63
  @request.content_type,
64
- @request.content_md5,
64
+ @request.content_hash,
65
65
  parse_uri(@request.original_uri || @request.request_uri),
66
66
  @request.timestamp]
67
67
 
@@ -81,15 +81,15 @@ module ApiAuth
81
81
  @request.set_date if @request.timestamp.nil?
82
82
  end
83
83
 
84
- def calculate_md5
85
- @request.populate_content_md5 if @request.content_md5.nil?
84
+ def calculate_hash
85
+ @request.populate_content_hash if @request.content_hash.nil?
86
86
  end
87
87
 
88
- def md5_mismatch?
89
- if @request.content_md5.nil?
88
+ def content_hash_mismatch?
89
+ if @request.content_hash.nil?
90
90
  false
91
91
  else
92
- @request.md5_mismatch?
92
+ @request.content_hash_mismatch?
93
93
  end
94
94
  end
95
95
 
@@ -4,8 +4,8 @@ module ApiAuth
4
4
  Base64.strict_encode64(string)
5
5
  end
6
6
 
7
- def md5_base64digest(string)
8
- Digest::MD5.base64digest(string)
7
+ def sha256_base64digest(string)
8
+ Digest::SHA256.base64digest(string)
9
9
  end
10
10
 
11
11
  # Capitalizes the keys of a hash
@@ -73,7 +73,9 @@ module ApiAuth
73
73
  tmp = "Net::HTTP::#{method.to_s.capitalize}".constantize.new(path, h)
74
74
  tmp.body = arguments[0] if arguments.length > 1
75
75
  ApiAuth.sign!(tmp, hmac_access_id, hmac_secret_key, api_auth_options)
76
- arguments.last['Content-MD5'] = tmp['Content-MD5'] if tmp['Content-MD5']
76
+ if tmp['X-Authorization-Content-SHA256']
77
+ arguments.last['X-Authorization-Content-SHA256'] = tmp['X-Authorization-Content-SHA256']
78
+ end
77
79
  arguments.last['DATE'] = tmp['DATE']
78
80
  arguments.last['Authorization'] = tmp['Authorization']
79
81
  end