api-auth 2.3.1 → 2.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b5a7d758deeb4447ee54a3024647e2fb02a4cca21bd4966bd902f381bcadf80a
-  data.tar.gz: ebfad82648a644a014d4d1b316c664564ba3add87db5033395ffd100bef9b988
+  metadata.gz: d436a907531dd36a529a79d60ef5192d6b65379e80a35545cd1640ec9c4a08cd
+  data.tar.gz: 2aaaffd472c764c872b740ba1a17870ad41dc9651863cc71c164a2e1ddfc2074
 SHA512:
-  metadata.gz: c0f369dd45bad4407dacbfdae026d98fea20368f6d3deff3cbf1bdb7fd57abdb6495bbaa8098fc051204d0cfd9ab9733b8a42fca53114e60a05da863f83f2b9a
-  data.tar.gz: ef53f902cc3786257cadadaecf6009732de47a643cabf728f928ff8cb63933c04b59537a850f96d4729c8cb0c04e588c0b8521f630c3a318b3ebec4c5c8d7ef4
+  metadata.gz: 484fd40c118f14077f5e5a281729d776a06ff35b2c8c44864436a1ac4f4d2c540b842ff8dc469bf4519c31d8255af87777f552d7eb1e0b6233a3e2d91b4d6e38
+  data.tar.gz: e2b7f7861678234ead914d4fa06f15c25d4f43274c32e29f962c8e625f5a16c44e8e49840a6ab19b3832fe48af9e491c691b6c3ba4d23d5cadd3e3b7b4c66885

data/.rubocop.yml

@@ -1,7 +1,7 @@
 inherit_from: .rubocop_todo.yml
 
 AllCops:
-  TargetRubyVersion: 2.3
+  TargetRubyVersion: 2.4
 
 Metrics/AbcSize:
   Max: 25

data/.rubocop_todo.yml

@@ -65,7 +65,7 @@ Naming/AccessorMethodName:
 # Offense count: 3
 # Configuration parameters: MinNameLength, AllowNamesEndingInNumbers, AllowedNames, ForbiddenNames.
 # AllowedNames: io, id, to, by, on, in, at, ip, db
-Naming/UncommunicativeMethodParamName:
+Naming/MethodParameterName:
   Exclude:
     - 'lib/api_auth/base.rb'
     - 'spec/railtie_spec.rb'

data/.travis.yml

@@ -5,13 +5,12 @@ rvm:
   - 2.3.6
   - 2.4.3
   - 2.5.3
+  - 2.6.1
 gemfile:
-  - gemfiles/rails_4.gemfile
-  - gemfiles/rails_41.gemfile
-  - gemfiles/rails_42.gemfile
   - gemfiles/rails_5.gemfile
   - gemfiles/rails_51.gemfile
   - gemfiles/rails_52.gemfile
+  - gemfiles/rails_60.gemfile
   - gemfiles/http2.gemfile
   - gemfiles/http3.gemfile
   - gemfiles/http4.gemfile
@@ -26,9 +25,15 @@ script:
 
 matrix:
   include:
-    - rvm: 2.5.3
-      gemfile: gemfiles/rails_5.gemfile
+    - rvm: 2.6.1
+      gemfile: gemfiles/rails_60.gemfile
       env: TEST_SUITE="rubocop lib/ spec/"
+  exclude:
+    - rvm: 2.3.6
+      gemfile: gemfiles/rails_60.gemfile
+    - rvm: 2.4.3
+      gemfile: gemfiles/rails_60.gemfile
+      env: TEST_SUITE=rake
 
 notifications:
   email: false

data/CHANGELOG.md

@@ -1,3 +1,8 @@
+# 2.4.0 (2020-05-05)
+- Improved support for Rails 6.0 (#179 taylorthurlow, #177 fwininger)
+- Added Ruby 2.6.0 support (#174 fwininger)
+- README updates (#186 iranthau)
+
 # 2.3.1 (2018-11-06)
 - Fixed a regression in the http.rb driver (#173 tycooon)
 

data/Gemfile

@@ -1,4 +1,4 @@
 source 'https://rubygems.org'
 gemspec
 
-gem 'rubocop', platforms: %i[ruby_20 ruby_21 ruby_22 ruby_23 ruby_24]
+gem 'rubocop'

data/README.md

@@ -21,19 +21,33 @@ have to be written in the same language as the clients.
 ## How it works
 
 1. A canonical string is first created using your HTTP headers containing the
-content-type, content-MD5, request URI and the timestamp. If content-type or
+content-type, content-MD5, request path and the date/time stamp. If content-type or
 content-MD5 are not present, then a blank string is used in their place. If the
 timestamp isn't present, a valid HTTP date is automatically added to the
 request. The canonical string is computed as follows:
 
-    canonical_string = 'http method,content-type,content-MD5,request URI,timestamp'
+```
+canonical_string = "#{http method},#{content-type},#{content-MD5},#{request URI},#{timestamp}"
+
+e.g.,
+
+canonical_string = 'POST,application/json,,request_path,Tue, 30 May 2017 03:51:43 GMT'
+```
 
 2. This string is then used to create the signature which is a Base64 encoded
 SHA1 HMAC, using the client's private secret key.
 
 3. This signature is then added as the `Authorization` HTTP header in the form:
 
-    Authorization = APIAuth 'client access id':'signature from step 2'
+```
+Authorization = APIAuth "#{client access id}:#{signature from step 2}"
+```
+
+A cURL request would look like:
+
+```
+curl -X POST --header 'Content-Type: application/json' --header "Date: Tue, 30 May 2017 03:51:43 GMT" --header "Authorization: ${AUTHORIZATION}"  http://my-app.com/request_path`
+```
 
 5. On the server side, the SHA1 HMAC is computed in the same way using the
 request headers and the client's secret key, which is known to only
@@ -63,7 +77,9 @@ For older version of Ruby or Rails, please use ApiAuth v2.1 and older.
 The gem doesn't have any dependencies outside of having a working OpenSSL
 configuration for your Ruby VM. To install:
 
-    [sudo] gem install api-auth
+```bash
+[sudo] gem install api-auth
+```
 
 Please note the dash in the name versus the underscore.
 
@@ -89,25 +105,29 @@ Here's a sample implementation of signing a request created with RestClient.
 Assuming you have a client access id and secret as follows:
 
 ``` ruby
-    @access_id = "1044"
-    @secret_key = ApiAuth.generate_secret_key
+@access_id = "1044"
+@secret_key = ApiAuth.generate_secret_key
 ```
 
 A typical RestClient PUT request may look like:
 
 ``` ruby
-    headers = { 'Content-MD5' => "e59ff97941044f85df5297e1c302d260",
-        'Content-Type' => "text/plain",
-        'Date' => "Mon, 23 Jan 1984 03:29:56 GMT" }
-    @request = RestClient::Request.new(:url => "/resource.xml?foo=bar&bar=foo",
-        :headers => headers,
-        :method => :put)
+headers = { 'Content-MD5' => "e59ff97941044f85df5297e1c302d260",
+  'Content-Type' => "text/plain",
+  'Date' => "Mon, 23 Jan 1984 03:29:56 GMT"
+}
+
+@request = RestClient::Request.new(
+    url: "/resource.xml?foo=bar&bar=foo",
+    headers: headers,
+    method: :put
+)
 ```
 
 To sign that request, simply call the `sign!` method as follows:
 
 ``` ruby
-    @signed_request = ApiAuth.sign!(@request, @access_id, @secret_key)
+@signed_request = ApiAuth.sign!(@request, @access_id, @secret_key)
 ```
 
 The proper `Authorization` request header has now been added to that request
@@ -121,23 +141,27 @@ method detection (like Curb or httpi), you can pass the http method as an option
 into the sign! method like so:
 
 ``` ruby
-    @signed_request = ApiAuth.sign!(@request, @access_id, @secret_key, :override_http_method => "PUT")
+@signed_request = ApiAuth.sign!(@request, @access_id, @secret_key, :override_http_method => "PUT")
 ```
 
 If you want to use another digest existing in `OpenSSL::Digest`,
 you can pass the http method as an option into the sign! method like so:
 
 ``` ruby
-    @signed_request = ApiAuth.sign!(@request, @access_id, @secret_key, :digest => 'sha256')
+@signed_request = ApiAuth.sign!(@request, @access_id, @secret_key, :digest => 'sha256')
 ```
 
 With the `digest` option, the `Authorization` header will be change from:
 
-    Authorization = APIAuth 'client access id':'signature'
+```
+Authorization = APIAuth 'client access id':'signature'
+```
 
 to:
 
-    Authorization = APIAuth-HMAC-DIGEST_NAME 'client access id':'signature'
+```
+Authorization = APIAuth-HMAC-DIGEST_NAME 'client access id':'signature'
+```
 
 ### ActiveResource Clients
 
@@ -145,9 +169,9 @@ ApiAuth can transparently protect your ActiveResource communications with a
 single configuration line:
 
 ``` ruby
-    class MyResource < ActiveResource::Base
-      with_api_auth(access_id, secret_key)
-    end
+class MyResource < ActiveResource::Base
+  with_api_auth(access_id, secret_key)
+end
 ```
 
 This will automatically sign all outgoing ActiveResource requests from your app.
@@ -169,26 +193,28 @@ clients as well as verifying incoming API requests.
 To generate a Base64 encoded API key for a client:
 
 ``` ruby
-    ApiAuth.generate_secret_key
+ApiAuth.generate_secret_key
 ```
 
 To validate whether or not a request is authentic:
 
 ``` ruby
-    ApiAuth.authentic?(signed_request, secret_key)
+ApiAuth.authentic?(signed_request, secret_key)
 ```
 
 The `authentic?` method uses the digest specified in the `Authorization` header.
 For example SHA256 for:
 
-    Authorization = APIAuth-HMAC-SHA256 'client access id':'signature'
+```
+Authorization = APIAuth-HMAC-SHA256 'client access id':'signature'
+```
 
 And by default SHA1 if the HMAC-DIGEST is not specified.
 
 If you want to force the usage of another digest method, you should pass it as an option parameter:
 
 ``` ruby
-    ApiAuth.authentic?(signed_request, secret_key, :digest => 'sha256')
+ApiAuth.authentic?(signed_request, secret_key, :digest => 'sha256')
 ```
 
 For security, requests dated older or newer than a certain timespan are considered inauthentic.
@@ -199,13 +225,13 @@ can't be dated into the far future.
 The default span is 15 minutes, but you can override this:
 
 ```ruby
-    ApiAuth.authentic?(signed_request, secret_key, :clock_skew => 60) # or 1.minute in ActiveSupport
+ApiAuth.authentic?(signed_request, secret_key, :clock_skew => 60) # or 1.minute in ActiveSupport
 ```
 
 If you want to sign custom headers, you can pass them as an array of strings in the options like so:
 
 ``` ruby
-    ApiAuth.authentic?(signed_request, secret_key, headers_to_sign: %w[HTTP_HEADER_NAME])
+ApiAuth.authentic?(signed_request, secret_key, headers_to_sign: %w[HTTP_HEADER_NAME])
 ```
 
 With the specified headers values being at the end of the canonical string in the same order.
@@ -216,7 +242,7 @@ In order to obtain the secret key for the client, you first need to look up the
 client's access_id. ApiAuth can pull that from the request headers for you:
 
 ``` ruby
-    ApiAuth.access_id(signed_request)
+ApiAuth.access_id(signed_request)
 ```
 
 Once you've looked up the client's record via the access id, you can then verify
@@ -228,12 +254,12 @@ Here's a sample method that can be used in a `before_action` if your server is a
 Rails app:
 
 ``` ruby
-    before_action :api_authenticate
+before_action :api_authenticate
 
-    def api_authenticate
-      @current_account = Account.find_by_access_id(ApiAuth.access_id(request))
-      head(:unauthorized) unless @current_account && ApiAuth.authentic?(request, @current_account.secret_key)
-    end
+def api_authenticate
+  @current_account = Account.find_by_access_id(ApiAuth.access_id(request))
+  head(:unauthorized) unless @current_account && ApiAuth.authentic?(request, @current_account.secret_key)
+end
 ```
 
 ## Development
@@ -246,11 +272,15 @@ To run the tests:
 
 Install the dependencies for a particular Rails version by specifying a gemfile in `gemfiles` directory:
 
-    BUNDLE_GEMFILE=gemfiles/rails_5.gemfile bundle install
+```
+BUNDLE_GEMFILE=gemfiles/rails_5.gemfile bundle install
+```
 
 Run the tests with those dependencies:
 
-    BUNDLE_GEMFILE=gemfiles/rails_5.gemfile bundle exec rake
+```
+BUNDLE_GEMFILE=gemfiles/rails_5.gemfile bundle exec rake
+```
 
 If you'd like to add support for additional HTTP clients, check out the already
 implemented drivers in `lib/api_auth/request_drivers` for reference. All of

data/VERSION

@@ -1 +1 @@
-2.3.1
+2.4.0

data/api_auth.gemspec

@@ -11,9 +11,9 @@ Gem::Specification.new do |s|
 
   s.required_ruby_version = '>= 2.3.0'
 
-  s.add_development_dependency 'actionpack', '< 6.0', '> 4.0'
+  s.add_development_dependency 'actionpack', '< 6.1', '> 4.0'
   s.add_development_dependency 'activeresource', '>= 4.0'
-  s.add_development_dependency 'activesupport', '< 6.0', '> 4.0'
+  s.add_development_dependency 'activesupport', '< 6.1', '> 4.0'
   s.add_development_dependency 'amatch'
   s.add_development_dependency 'appraisal'
   s.add_development_dependency 'curb', '~> 0.8'

data/gemfiles/rails_5.gemfile

@@ -3,9 +3,7 @@
 source 'https://rubygems.org'
 
 gem 'actionpack', '~> 5.0.2'
-gem 'activeresource', '~> 5.0.0', git: 'https://github.com/rails/activeresource.git'
+gem 'activeresource', '~> 5.0.0'
 gem 'activesupport', '~> 5.0.2'
 
-gem 'rubocop'
-
 gemspec path: '../'

data/gemfiles/rails_51.gemfile

@@ -3,7 +3,7 @@
 source 'https://rubygems.org'
 
 gem 'actionpack', '~> 5.1.1'
-gem 'activeresource', '~> 5.0.0', git: 'https://github.com/rails/activeresource.git'
+gem 'activeresource', '~> 5.1.0'
 gem 'activesupport', '~> 5.1.1'
 
 gemspec path: '../'

data/gemfiles/rails_52.gemfile

@@ -3,7 +3,7 @@
 source 'https://rubygems.org'
 
 gem 'actionpack', '~> 5.2.1'
-gem 'activeresource', '~> 5.0.0', git: 'https://github.com/rails/activeresource.git'
+gem 'activeresource', '~> 5.1.0'
 gem 'activesupport', '~> 5.2.1'
 
 gemspec path: '../'

data/gemfiles/rails_60.gemfile

@@ -0,0 +1,11 @@
+# This file was generated by Appraisal
+
+source 'https://rubygems.org'
+
+gem 'actionpack', '~> 6.0.0'
+gem 'activeresource', '~> 5.1.0'
+gem 'activesupport', '~> 6.0.0'
+
+gem 'rubocop'
+
+gemspec path: '../'

data/lib/api_auth/railtie.rb

@@ -13,7 +13,9 @@ module ApiAuth
         end
       end
 
-      ActionController::Base.send(:include, ControllerMethods::InstanceMethods) if defined?(ActionController::Base)
+      ActiveSupport.on_load(:action_controller) do
+        ActionController::Base.include(ControllerMethods::InstanceMethods)
+      end
     end # ControllerMethods
 
     module ActiveResourceExtension # :nodoc:
@@ -78,9 +80,9 @@ module ApiAuth
         end
       end # Connection
 
-      if defined?(ActiveResource)
-        ActiveResource::Base.send(:include, ActiveResourceApiAuth)
-        ActiveResource::Connection.send(:include, Connection)
+      ActiveSupport.on_load(:active_resource) do
+        ActiveResource::Base.include(ActiveResourceApiAuth)
+        ActiveResource::Connection.include(Connection)
       end
     end # ActiveResourceExtension
   end # Rails

data/spec/spec_helper.rb

@@ -21,4 +21,4 @@ require 'net/http/post/multipart'
 
 # Requires supporting files with custom matchers and macros, etc,
 # in ./support/ and its subdirectories.
-Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each { |f| require f }
+Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].sort.each { |f| require f }

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: api-auth
 version: !ruby/object:Gem::Version
-  version: 2.3.1
+  version: 2.4.0
 platform: ruby
 authors:
 - Mauricio Gomes
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-11-06 00:00:00.000000000 Z
+date: 2020-05-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: actionpack
@@ -16,7 +16,7 @@ dependencies:
     requirements:
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6.0'
+        version: '6.1'
     - - ">"
       - !ruby/object:Gem::Version
         version: '4.0'
@@ -26,7 +26,7 @@ dependencies:
     requirements:
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6.0'
+        version: '6.1'
     - - ">"
       - !ruby/object:Gem::Version
         version: '4.0'
@@ -50,7 +50,7 @@ dependencies:
     requirements:
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6.0'
+        version: '6.1'
     - - ">"
       - !ruby/object:Gem::Version
         version: '4.0'
@@ -60,7 +60,7 @@ dependencies:
     requirements:
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6.0'
+        version: '6.1'
     - - ">"
       - !ruby/object:Gem::Version
         version: '4.0'
@@ -255,12 +255,10 @@ files:
 - gemfiles/http2.gemfile
 - gemfiles/http3.gemfile
 - gemfiles/http4.gemfile
-- gemfiles/rails_4.gemfile
-- gemfiles/rails_41.gemfile
-- gemfiles/rails_42.gemfile
 - gemfiles/rails_5.gemfile
 - gemfiles/rails_51.gemfile
 - gemfiles/rails_52.gemfile
+- gemfiles/rails_60.gemfile
 - lib/api-auth.rb
 - lib/api_auth.rb
 - lib/api_auth/base.rb
@@ -313,8 +311,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.7
+rubygems_version: 3.1.2
 signing_key: 
 specification_version: 4
 summary: Simple HMAC authentication for your APIs

data/gemfiles/rails_4.gemfile

@@ -1,11 +0,0 @@
-# This file was generated by Appraisal
-
-source 'https://rubygems.org'
-
-gem 'actionpack', '~> 4.0.4'
-gem 'activeresource', '~> 4.0.0'
-gem 'activesupport', '~> 4.0.4'
-gem 'rake', '< 11.0', platforms: :ruby_18
-gem 'tins', '< 1.7', platforms: :ruby_19
-
-gemspec path: '../'

data/gemfiles/rails_41.gemfile

@@ -1,11 +0,0 @@
-# This file was generated by Appraisal
-
-source 'https://rubygems.org'
-
-gem 'actionpack', '~> 4.1.0'
-gem 'activeresource', '~> 4.0.0'
-gem 'activesupport', '~> 4.1.0'
-gem 'rake', '< 11.0', platforms: :ruby_18
-gem 'tins', '< 1.7', platforms: :ruby_19
-
-gemspec path: '../'

data/gemfiles/rails_42.gemfile

@@ -1,11 +0,0 @@
-# This file was generated by Appraisal
-
-source 'https://rubygems.org'
-
-gem 'actionpack', '~> 4.2.0'
-gem 'activeresource', '~> 4.0.0'
-gem 'activesupport', '~> 4.2.0'
-gem 'rake', '< 11.0', platforms: :ruby_18
-gem 'tins', '< 1.7', platforms: :ruby_19
-
-gemspec path: '../'