api-auth 1.2.4 → 1.2.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (12) hide show
  1. data/CHANGELOG.md +5 -0
  2. data/Gemfile.lock +1 -1
  3. data/VERSION +1 -1
  4. data/gemfiles/rails_23.gemfile.lock +1 -1
  5. data/gemfiles/rails_30.gemfile.lock +1 -1
  6. data/gemfiles/rails_31.gemfile.lock +1 -1
  7. data/gemfiles/rails_32.gemfile.lock +1 -1
  8. data/gemfiles/rails_4.gemfile.lock +1 -1
  9. data/gemfiles/rails_41.gemfile.lock +1 -1
  10. data/lib/api_auth/base.rb +7 -2
  11. data/spec/api_auth_spec.rb +37 -0
  12. metadata +4 -4
data/CHANGELOG.md CHANGED
@@ -1,3 +1,8 @@
1
+ # 1.2.5 (2014-09-09)
2
+ - Fix a bug where ApiAuth.authentic? would cause an ArgumentError when given a
3
+ request with an invalid date in the date header. It will now return false
4
+ instead. (#51 Nakort)
5
+
1
6
  # 1.2.4 (2014-08-27)
2
7
  - Fix a bug in the Net::HTTP request driver where the md5 isn't calculated
3
8
  correctly when the content of the request is set with the `.body_stream`
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- api-auth (1.2.4)
4
+ api-auth (1.2.5)
5
5
 
6
6
  GEM
7
7
  remote: https://rubygems.org/
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.2.4
1
+ 1.2.5
data/gemfiles/rails_23.gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: ../
3
3
  specs:
4
- api-auth (1.2.4)
4
+ api-auth (1.2.5)
5
5
 
6
6
  GEM
7
7
  remote: https://rubygems.org/
data/gemfiles/rails_30.gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: ../
3
3
  specs:
4
- api-auth (1.2.4)
4
+ api-auth (1.2.5)
5
5
 
6
6
  GEM
7
7
  remote: https://rubygems.org/
data/gemfiles/rails_31.gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: ../
3
3
  specs:
4
- api-auth (1.2.4)
4
+ api-auth (1.2.5)
5
5
 
6
6
  GEM
7
7
  remote: https://rubygems.org/
data/gemfiles/rails_32.gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: ../
3
3
  specs:
4
- api-auth (1.2.4)
4
+ api-auth (1.2.5)
5
5
 
6
6
  GEM
7
7
  remote: https://rubygems.org/
data/gemfiles/rails_4.gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: ../
3
3
  specs:
4
- api-auth (1.2.4)
4
+ api-auth (1.2.5)
5
5
 
6
6
  GEM
7
7
  remote: https://rubygems.org/
data/gemfiles/rails_41.gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: ../
3
3
  specs:
4
- api-auth (1.2.4)
4
+ api-auth (1.2.5)
5
5
 
6
6
  GEM
7
7
  remote: https://rubygems.org/
data/lib/api_auth/base.rb CHANGED
@@ -1,4 +1,5 @@
1
- # api-auth is Ruby gem designed to be used both in your client and server
1
+ # encoding: UTF-8
2
+ # api-auth is a Ruby gem designed to be used both in your client and server
2
3
  # HTTP-based applications. It implements the same authentication methods (HMAC)
3
4
  # used by Amazon Web Services.
4
5
 
@@ -60,7 +61,11 @@ module ApiAuth
60
61
  def request_too_old?(request)
61
62
  headers = Headers.new(request)
62
63
  # 900 seconds is 15 minutes
63
- Time.parse(headers.timestamp).utc < (Time.now.utc - 900)
64
+ begin
65
+ Time.httpdate(headers.timestamp).utc < (Time.now.utc - 900)
66
+ rescue ArgumentError
67
+ true
68
+ end
64
69
  end
65
70
 
66
71
  def md5_mismatch?(request)
data/spec/api_auth_spec.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # encoding: UTF-8
1
2
  require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
2
3
 
3
4
  describe "ApiAuth" do
@@ -109,6 +110,12 @@ describe "ApiAuth" do
109
110
  ApiAuth.authentic?(signed_request, @secret_key).should be_false
110
111
  end
111
112
 
113
+ it "should NOT authenticate a request with an invalid date" do
114
+ @request['Date'] = "٢٠١٤-٠٩-٠٨ ١٦:٣١:١٤ +٠٣٠٠"
115
+ signed_request = ApiAuth.sign!(@request, @access_id, @secret_key)
116
+ ApiAuth.authentic?(signed_request, @secret_key).should be_false
117
+ end
118
+
112
119
  it "should retrieve the access_id" do
113
120
  ApiAuth.access_id(@signed_request).should == "1044"
114
121
  end
@@ -229,6 +236,12 @@ describe "ApiAuth" do
229
236
  ApiAuth.authentic?(signed_request, @secret_key).should be_false
230
237
  end
231
238
 
239
+ it "should NOT authenticate a request with an invalid date" do
240
+ @request.headers['Date'] = "٢٠١٤-٠٩-٠٨ ١٦:٣١:١٤ +٠٣٠٠"
241
+ signed_request = ApiAuth.sign!(@request, @access_id, @secret_key)
242
+ ApiAuth.authentic?(signed_request, @secret_key).should be_false
243
+ end
244
+
232
245
  it "should retrieve the access_id" do
233
246
  ApiAuth.access_id(@signed_request).should == "1044"
234
247
  end
@@ -285,6 +298,12 @@ describe "ApiAuth" do
285
298
  ApiAuth.authentic?(signed_request, @secret_key).should be_false
286
299
  end
287
300
 
301
+ it "should NOT authenticate a request with an invalid date" do
302
+ @request.headers['Date'] = "٢٠١٤-٠٩-٠٨ ١٦:٣١:١٤ +٠٣٠٠"
303
+ signed_request = ApiAuth.sign!(@request, @access_id, @secret_key)
304
+ ApiAuth.authentic?(signed_request, @secret_key).should be_false
305
+ end
306
+
288
307
  it "should retrieve the access_id" do
289
308
  ApiAuth.access_id(@signed_request).should == "1044"
290
309
  end
@@ -373,6 +392,12 @@ describe "ApiAuth" do
373
392
  ApiAuth.authentic?(signed_request, @secret_key).should be_false
374
393
  end
375
394
 
395
+ it "should NOT authenticate a request with an invalid date" do
396
+ @request.env['Date'] = "٢٠١٤-٠٩-٠٨ ١٦:٣١:١٤ +٠٣٠٠"
397
+ signed_request = ApiAuth.sign!(@request, @access_id, @secret_key)
398
+ ApiAuth.authentic?(signed_request, @secret_key).should be_false
399
+ end
400
+
376
401
  it "should retrieve the access_id" do
377
402
  ApiAuth.access_id(@signed_request).should == "1044"
378
403
  end
@@ -446,6 +471,12 @@ describe "ApiAuth" do
446
471
  ApiAuth.authentic?(signed_request, @secret_key).should be_false
447
472
  end
448
473
 
474
+ it "should NOT authenticate a request with an invalid date" do
475
+ @request.env['Date'] = "٢٠١٤-٠٩-٠٨ ١٦:٣١:١٤ +٠٣٠٠"
476
+ signed_request = ApiAuth.sign!(@request, @access_id, @secret_key)
477
+ ApiAuth.authentic?(signed_request, @secret_key).should be_false
478
+ end
479
+
449
480
  it "should retrieve the access_id" do
450
481
  ApiAuth.access_id(@signed_request).should == "1044"
451
482
  end
@@ -521,6 +552,12 @@ describe "ApiAuth" do
521
552
  ApiAuth.authentic?(signed_request, @secret_key).should be_false
522
553
  end
523
554
 
555
+ it "should NOT authenticate a request with an invalid date" do
556
+ @request.headers['Date'] = "٢٠١٤-٠٩-٠٨ ١٦:٣١:١٤ +٠٣٠٠"
557
+ signed_request = ApiAuth.sign!(@request, @access_id, @secret_key)
558
+ ApiAuth.authentic?(signed_request, @secret_key).should be_false
559
+ end
560
+
524
561
  it "should retrieve the access_id" do
525
562
  ApiAuth.access_id(@signed_request).should == "1044"
526
563
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: api-auth
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.2.4
4
+ version: 1.2.5
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2014-08-27 00:00:00.000000000 Z
12
+ date: 2014-09-09 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: appraisal
@@ -254,7 +254,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
254
254
  version: '0'
255
255
  segments:
256
256
  - 0
257
- hash: -2860665435517215427
257
+ hash: -2923652677947194929
258
258
  required_rubygems_version: !ruby/object:Gem::Requirement
259
259
  none: false
260
260
  requirements:
@@ -263,7 +263,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
263
263
  version: '0'
264
264
  segments:
265
265
  - 0
266
- hash: -2860665435517215427
266
+ hash: -2923652677947194929
267
267
  requirements: []
268
268
  rubyforge_project:
269
269
  rubygems_version: 1.8.23.2