api-auth 2.3.0 → 2.3.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 92c94ba421b1f15829f9b16eb5bcbeb55c773298023134786011282639cba630
4
- data.tar.gz: e14ce2ddf081464504b55a8aecd44afbc9526945a89c27e5a96d8bf500c1fa52
3
+ metadata.gz: b5a7d758deeb4447ee54a3024647e2fb02a4cca21bd4966bd902f381bcadf80a
4
+ data.tar.gz: ebfad82648a644a014d4d1b316c664564ba3add87db5033395ffd100bef9b988
5
5
  SHA512:
6
- metadata.gz: d392d56ebd5dd7592a363d623c51fe00750d97fc212114d37d6c79a650bc3c0c7bfa020bf6e4c2f207f6c2dd71ac67cabf6affbbe28d4c7b6c1d757c67abc90a
7
- data.tar.gz: f88c2d4d14dc61b5f9e867aecf4c3680e117ef6194617447963ddea1b6f93e5d3de7e414bc2da12e4c251d5803a4a2d28e91f5d817f29809aa7cc260d299af16
6
+ metadata.gz: c0f369dd45bad4407dacbfdae026d98fea20368f6d3deff3cbf1bdb7fd57abdb6495bbaa8098fc051204d0cfd9ab9733b8a42fca53114e60a05da863f83f2b9a
7
+ data.tar.gz: ef53f902cc3786257cadadaecf6009732de47a643cabf728f928ff8cb63933c04b59537a850f96d4729c8cb0c04e588c0b8521f630c3a318b3ebec4c5c8d7ef4
@@ -1,3 +1,6 @@
1
+ # 2.3.1 (2018-11-06)
2
+ - Fixed a regression in the http.rb driver (#173 tycooon)
3
+
1
4
  # 2.3.0 (2018-10-23)
2
5
  - Added support for Grape API (#169 phuongnd08 & dunghuynh)
3
6
  - Added option for specifying customer headers to sign via new `headers_to_sign`
data/README.md CHANGED
@@ -1,6 +1,7 @@
1
1
  # ApiAuth
2
2
 
3
- [![Build Status](https://travis-ci.org/mgomes/api_auth.png?branch=master)](https://travis-ci.org/mgomes/api_auth)
3
+ [![Build Status](https://travis-ci.org/mgomes/api_auth.svg?branch=master)](https://travis-ci.org/mgomes/api_auth)
4
+ [![Gem Version](https://badge.fury.io/rb/api-auth.svg)](https://badge.fury.io/rb/api-auth)
4
5
 
5
6
  Logins and passwords are for humans. Communication between applications need to
6
7
  be protected through different means.
@@ -138,14 +139,6 @@ to:
138
139
 
139
140
  Authorization = APIAuth-HMAC-DIGEST_NAME 'client access id':'signature'
140
141
 
141
- If you want to sign custom headers, you can pass them as an array of strings in the options like so:
142
-
143
- ``` ruby
144
- @signed_request = ApiAuth.sign!(@request, @access_id, @secret_key, headers_to_sign: %w[HTTP_HEADER_NAME])
145
- ```
146
-
147
- With the specified headers values being at the end of the canonical string in the same order.
148
-
149
142
  ### ActiveResource Clients
150
143
 
151
144
  ApiAuth can transparently protect your ActiveResource communications with a
@@ -209,6 +202,14 @@ The default span is 15 minutes, but you can override this:
209
202
  ApiAuth.authentic?(signed_request, secret_key, :clock_skew => 60) # or 1.minute in ActiveSupport
210
203
  ```
211
204
 
205
+ If you want to sign custom headers, you can pass them as an array of strings in the options like so:
206
+
207
+ ``` ruby
208
+ ApiAuth.authentic?(signed_request, secret_key, headers_to_sign: %w[HTTP_HEADER_NAME])
209
+ ```
210
+
211
+ With the specified headers values being at the end of the canonical string in the same order.
212
+
212
213
  If your server is a Rails app, the signed request will be the `request` object.
213
214
 
214
215
  In order to obtain the secret key for the client, you first need to look up the
data/VERSION CHANGED
@@ -1 +1 @@
1
- 2.3.0
1
+ 2.3.1
@@ -2,6 +2,6 @@
2
2
 
3
3
  source 'https://rubygems.org'
4
4
 
5
- gem 'http', github: 'httprb/http'
5
+ gem 'http', '~> 4.0'
6
6
 
7
7
  gemspec path: '../'
@@ -71,7 +71,7 @@ module ApiAuth
71
71
 
72
72
  private
73
73
 
74
- AUTH_HEADER_PATTERN = /APIAuth(?:-HMAC-(MD5|SHA(?:1|224|256|384|512)?))? ([^:]+):(.+)$/
74
+ AUTH_HEADER_PATTERN = /APIAuth(?:-HMAC-(MD5|SHA(?:1|224|256|384|512)?))? ([^:]+):(.+)$/.freeze
75
75
 
76
76
  def request_within_time_window?(headers, clock_skew)
77
77
  Time.httpdate(headers.timestamp).utc > (Time.now.utc - clock_skew) &&
@@ -72,6 +72,10 @@ module ApiAuth
72
72
  end
73
73
  end
74
74
 
75
+ def fetch_headers
76
+ capitalize_keys @request.headers.to_h
77
+ end
78
+
75
79
  private
76
80
 
77
81
  def find_header(keys)
@@ -80,12 +80,12 @@ if defined?(ActionController::Request)
80
80
  describe 'setting headers correctly' do
81
81
  let(:request) do
82
82
  ActionController::Request.new(
83
- 'PATH_INFO' => '/resource.xml',
84
- 'QUERY_STRING' => 'foo=bar&bar=foo',
83
+ 'PATH_INFO' => '/resource.xml',
84
+ 'QUERY_STRING' => 'foo=bar&bar=foo',
85
85
  'REQUEST_METHOD' => 'PUT',
86
- 'CONTENT_TYPE' => 'text/plain',
86
+ 'CONTENT_TYPE' => 'text/plain',
87
87
  'CONTENT_LENGTH' => '11',
88
- 'rack.input' => StringIO.new("hello\nworld")
88
+ 'rack.input' => StringIO.new("hello\nworld")
89
89
  )
90
90
  end
91
91
 
@@ -231,4 +231,10 @@ if defined?(ActionController::Request)
231
231
  end
232
232
  end
233
233
  end
234
+
235
+ describe 'fetch_headers' do
236
+ it 'returns request headers' do
237
+ expect(driven_request.fetch_headers).to include('CONTENT-TYPE' => 'text/plain')
238
+ end
239
+ end
234
240
  end
@@ -7,15 +7,15 @@ if defined?(ActionDispatch::Request)
7
7
 
8
8
  let(:request) do
9
9
  ActionDispatch::Request.new(
10
- 'AUTHORIZATION' => 'APIAuth 1044:12345',
11
- 'PATH_INFO' => '/resource.xml',
12
- 'QUERY_STRING' => 'foo=bar&bar=foo',
10
+ 'AUTHORIZATION' => 'APIAuth 1044:12345',
11
+ 'PATH_INFO' => '/resource.xml',
12
+ 'QUERY_STRING' => 'foo=bar&bar=foo',
13
13
  'REQUEST_METHOD' => 'PUT',
14
- 'CONTENT_MD5' => '1B2M2Y8AsgTpgAmY7PhCfg==',
15
- 'CONTENT_TYPE' => 'text/plain',
14
+ 'CONTENT_MD5' => '1B2M2Y8AsgTpgAmY7PhCfg==',
15
+ 'CONTENT_TYPE' => 'text/plain',
16
16
  'CONTENT_LENGTH' => '11',
17
- 'HTTP_DATE' => timestamp,
18
- 'rack.input' => StringIO.new("hello\nworld")
17
+ 'HTTP_DATE' => timestamp,
18
+ 'rack.input' => StringIO.new("hello\nworld")
19
19
  )
20
20
  end
21
21
 
@@ -80,12 +80,12 @@ if defined?(ActionDispatch::Request)
80
80
  describe 'setting headers correctly' do
81
81
  let(:request) do
82
82
  ActionDispatch::Request.new(
83
- 'PATH_INFO' => '/resource.xml',
84
- 'QUERY_STRING' => 'foo=bar&bar=foo',
83
+ 'PATH_INFO' => '/resource.xml',
84
+ 'QUERY_STRING' => 'foo=bar&bar=foo',
85
85
  'REQUEST_METHOD' => 'PUT',
86
- 'CONTENT_TYPE' => 'text/plain',
86
+ 'CONTENT_TYPE' => 'text/plain',
87
87
  'CONTENT_LENGTH' => '11',
88
- 'rack.input' => StringIO.new("hello\nworld")
88
+ 'rack.input' => StringIO.new("hello\nworld")
89
89
  )
90
90
  end
91
91
 
@@ -230,5 +230,11 @@ if defined?(ActionDispatch::Request)
230
230
  end
231
231
  end
232
232
  end
233
+
234
+ describe 'fetch_headers' do
235
+ it 'returns request headers' do
236
+ expect(driven_request.fetch_headers).to include('CONTENT_TYPE' => 'text/plain')
237
+ end
238
+ end
233
239
  end
234
240
  end
@@ -6,9 +6,9 @@ describe ApiAuth::RequestDrivers::CurbRequest do
6
6
  let(:request) do
7
7
  headers = {
8
8
  'Authorization' => 'APIAuth 1044:12345',
9
- 'Content-MD5' => '1B2M2Y8AsgTpgAmY7PhCfg==',
10
- 'Content-Type' => 'text/plain',
11
- 'Date' => timestamp
9
+ 'Content-MD5' => '1B2M2Y8AsgTpgAmY7PhCfg==',
10
+ 'Content-Type' => 'text/plain',
11
+ 'Date' => timestamp
12
12
  }
13
13
  Curl::Easy.new('/resource.xml?foo=bar&bar=foo') do |curl|
14
14
  curl.headers = headers
@@ -91,4 +91,10 @@ describe ApiAuth::RequestDrivers::CurbRequest do
91
91
  expect(driven_request.md5_mismatch?).to be false
92
92
  end
93
93
  end
94
+
95
+ describe 'fetch_headers' do
96
+ it 'returns request headers' do
97
+ expect(driven_request.fetch_headers).to include('CONTENT-TYPE' => 'text/plain')
98
+ end
99
+ end
94
100
  end
@@ -256,4 +256,10 @@ describe ApiAuth::RequestDrivers::FaradayRequest do
256
256
  end
257
257
  end
258
258
  end
259
+
260
+ describe 'fetch_headers' do
261
+ it 'returns request headers' do
262
+ expect(driven_request.fetch_headers).to include('CONTENT-TYPE' => 'text/plain')
263
+ end
264
+ end
259
265
  end
@@ -268,4 +268,12 @@ describe ApiAuth::RequestDrivers::GrapeRequest do
268
268
  end
269
269
  end
270
270
  end
271
+
272
+ describe 'fetch_headers' do
273
+ it 'returns request headers' do
274
+ expect(driven_request.fetch_headers).to include(
275
+ 'CONTENT_TYPE' => 'application/x-www-form-urlencoded'
276
+ )
277
+ end
278
+ end
271
279
  end
@@ -181,4 +181,10 @@ describe ApiAuth::RequestDrivers::HttpRequest do
181
181
  end
182
182
  end
183
183
  end
184
+
185
+ describe 'fetch_headers' do
186
+ it 'returns request headers' do
187
+ expect(driven_request.fetch_headers).to include('CONTENT-TYPE' => 'text/plain')
188
+ end
189
+ end
184
190
  end
@@ -151,4 +151,10 @@ describe ApiAuth::RequestDrivers::HttpiRequest do
151
151
  end
152
152
  end
153
153
  end
154
+
155
+ describe 'fetch_headers' do
156
+ it 'returns request headers' do
157
+ expect(driven_request.fetch_headers).to include('CONTENT-TYPE' => 'text/plain')
158
+ end
159
+ end
154
160
  end
@@ -193,4 +193,10 @@ describe ApiAuth::RequestDrivers::NetHttpRequest do
193
193
  end
194
194
  end
195
195
  end
196
+
197
+ describe 'fetch_headers' do
198
+ it 'returns request headers' do
199
+ expect(driven_request.fetch_headers).to include('content-type' => ['text/plain'])
200
+ end
201
+ end
196
202
  end
@@ -301,4 +301,10 @@ describe ApiAuth::RequestDrivers::RackRequest do
301
301
  end
302
302
  end
303
303
  end
304
+
305
+ describe 'fetch_headers' do
306
+ it 'returns request headers' do
307
+ expect(driven_request.fetch_headers).to include('CONTENT-TYPE' => 'text/plain')
308
+ end
309
+ end
304
310
  end
@@ -395,4 +395,10 @@ describe ApiAuth::RequestDrivers::RestClientRequest do
395
395
  expect(request.processed_headers).to have_key('Content-Type')
396
396
  end
397
397
  end
398
+
399
+ describe 'fetch_headers' do
400
+ it 'returns request headers' do
401
+ expect(driven_request.fetch_headers).to include('CONTENT-TYPE' => 'text/plain')
402
+ end
403
+ end
398
404
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: api-auth
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.3.0
4
+ version: 2.3.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Mauricio Gomes
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-10-23 00:00:00.000000000 Z
11
+ date: 2018-11-06 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: actionpack