api-auth 1.0.3 → 1.1.0

Sign up to get free protection for your applications and to get access to all the features.
data/Rakefile CHANGED
@@ -10,13 +10,3 @@ RSpec::Core::RakeTask.new(:spec) do |spec|
10
10
  end
11
11
 
12
12
  task :default => :spec
13
-
14
- require 'rake/rdoctask'
15
- Rake::RDocTask.new do |rdoc|
16
- version = File.exist?('VERSION') ? File.read('VERSION') : ""
17
-
18
- rdoc.rdoc_dir = 'rdoc'
19
- rdoc.title = "test #{version}"
20
- rdoc.rdoc_files.include('README*')
21
- rdoc.rdoc_files.include('lib/**/*.rb')
22
- end
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.0.3
1
+ 1.1.0
@@ -80,7 +80,7 @@ module ApiAuth
80
80
  def hmac_signature(request, secret_key)
81
81
  headers = Headers.new(request)
82
82
  canonical_string = headers.canonical_string
83
- digest = OpenSSL::Digest::Digest.new('sha1')
83
+ digest = OpenSSL::Digest.new('sha1')
84
84
  b64_encode(OpenSSL::HMAC.digest(digest, secret_key, canonical_string))
85
85
  end
86
86
 
@@ -27,22 +27,24 @@ module ApiAuth
27
27
  @request = ActionDispatchRequest.new(request)
28
28
  when /Rack::Request/
29
29
  @request = RackRequest.new(request)
30
+ when /ActionController::CgiRequest/
31
+ @request = ActionControllerRequest.new(request)
30
32
  else
31
33
  raise UnknownHTTPRequest, "#{request.class.to_s} is not yet supported."
32
34
  end
33
35
  true
34
36
  end
35
-
37
+
36
38
  # Returns the request timestamp
37
39
  def timestamp
38
- @request.timestamp
40
+ @request.timestamp
39
41
  end
40
42
 
41
43
  # Returns the canonical string computed from the request's headers
42
44
  def canonical_string
43
45
  [ @request.content_type,
44
46
  @request.content_md5,
45
- @request.request_uri.gsub(/http:\/\/[^(,|\?|\/)]*/,''), # remove host
47
+ @request.request_uri.gsub(/https?:\/\/[^(,|\?|\/)]*/,''), # remove host
46
48
  @request.timestamp
47
49
  ].join(",")
48
50
  end
@@ -53,15 +55,15 @@ module ApiAuth
53
55
  end
54
56
 
55
57
  def set_date
56
- @request.set_date if @request.timestamp.blank?
58
+ @request.set_date if @request.timestamp.empty?
57
59
  end
58
60
 
59
61
  def calculate_md5
60
- @request.populate_content_md5 if @request.content_md5.blank?
62
+ @request.populate_content_md5 if @request.content_md5.empty?
61
63
  end
62
64
 
63
65
  def md5_mismatch?
64
- if @request.content_md5.blank?
66
+ if @request.content_md5.empty?
65
67
  false
66
68
  else
67
69
  @request.md5_mismatch?
@@ -2,9 +2,8 @@ module ApiAuth
2
2
 
3
3
  module Helpers # :nodoc:
4
4
 
5
- # Remove the ending new line character added by default
6
5
  def b64_encode(string)
7
- Base64.encode64(string).strip
6
+ Base64.strict_encode64(string)
8
7
  end
9
8
 
10
9
  # Capitalizes the keys of a hash
@@ -21,6 +21,7 @@ module ApiAuth
21
21
  def calculated_md5
22
22
  if @request.body
23
23
  body = @request.body.read
24
+ @request.body.rewind
24
25
  else
25
26
  body = ''
26
27
  end
@@ -51,7 +52,7 @@ module ApiAuth
51
52
  end
52
53
 
53
54
  def content_md5
54
- value = find_header(%w(CONTENT-MD5 CONTENT_MD5))
55
+ value = find_header(%w(CONTENT-MD5 CONTENT_MD5 HTTP-CONTENT-MD5 HTTP_CONTENT_MD5))
55
56
  value.nil? ? "" : value
56
57
  end
57
58
 
@@ -25,6 +25,7 @@ module ApiAuth
25
25
  def calculated_md5
26
26
  if @request.payload
27
27
  body = @request.payload.read
28
+ @request.payload.instance_variable_get(:@stream).seek(0)
28
29
  else
29
30
  body = ''
30
31
  end
@@ -51,7 +52,7 @@ module ApiAuth
51
52
 
52
53
  def content_type
53
54
  value = find_header(%w(CONTENT-TYPE CONTENT_TYPE HTTP_CONTENT_TYPE))
54
- value.nil? ? "" : value
55
+ value.nil? ? "": value
55
56
  end
56
57
 
57
58
  def content_md5
@@ -81,11 +82,11 @@ module ApiAuth
81
82
  def find_header(keys)
82
83
  keys.map {|key| @headers[key] }.compact.first
83
84
  end
84
-
85
+
85
86
  def save_headers
86
87
  @request.processed_headers = @request.make_headers(@headers)
87
88
  end
88
-
89
+
89
90
  end
90
91
 
91
92
  end
@@ -8,8 +8,8 @@ describe "ApiAuth" do
8
8
  ApiAuth.generate_secret_key
9
9
  end
10
10
 
11
- it "should generate secret keys that are 89 characters" do
12
- ApiAuth.generate_secret_key.size.should be(89)
11
+ it "should generate secret keys that are 88 characters" do
12
+ ApiAuth.generate_secret_key.size.should be(88)
13
13
  end
14
14
 
15
15
  it "should generate keys that have a Hamming Distance of at least 65" do
@@ -24,7 +24,7 @@ describe "ApiAuth" do
24
24
 
25
25
  def hmac(secret_key, request)
26
26
  canonical_string = ApiAuth::Headers.new(request).canonical_string
27
- digest = OpenSSL::Digest::Digest.new('sha1')
27
+ digest = OpenSSL::Digest.new('sha1')
28
28
  ApiAuth.b64_encode(OpenSSL::HMAC.digest(digest, secret_key, canonical_string))
29
29
  end
30
30
 
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: api-auth
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.3
4
+ version: 1.1.0
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2013-04-04 00:00:00.000000000 Z
12
+ date: 2014-02-20 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: rake
@@ -187,21 +187,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
187
187
  - - ! '>='
188
188
  - !ruby/object:Gem::Version
189
189
  version: '0'
190
- segments:
191
- - 0
192
- hash: 579957539921083557
193
190
  required_rubygems_version: !ruby/object:Gem::Requirement
194
191
  none: false
195
192
  requirements:
196
193
  - - ! '>='
197
194
  - !ruby/object:Gem::Version
198
195
  version: '0'
199
- segments:
200
- - 0
201
- hash: 579957539921083557
202
196
  requirements: []
203
197
  rubyforge_project:
204
- rubygems_version: 1.8.24
198
+ rubygems_version: 1.8.25
205
199
  signing_key:
206
200
  specification_version: 3
207
201
  summary: Simple HMAC authentication for your APIs