api_authenticator 0.2.1 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ab1bb241ecc07c6ad6a16ce196fb7fa29880e419344d150a414ab3cb794c8f8e
|
|
4
|
+
data.tar.gz: 686903c5026f217edfea3caa738f7611cacbcba6f5cc5ae4954d3afc936a8b58
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 52fa2bb023130b0a7809d10d1c67ce41b64b420f0a5f4536acfe312988d245771ea5df59f59518cf9d4a1fab4492ae16134247372f2e4020027ff6e3fefa410c
|
|
7
|
+
data.tar.gz: d239d3da4e14b7244aa106b2689beca3ad2565e6285bad6508ec4eaeffeb496dc63b14a64b0149c6e8a7c92230dd42728e8ee9f91041ef64af939574fc4e5ceb
|
data/README.md
CHANGED
|
@@ -51,6 +51,7 @@ env['API-Token'] = OpenSSL::HMAC.hexdigest(digest, shared_secret_key, "#{DateTim
|
|
|
51
51
|
ApiAuthenticator.configure do |config|
|
|
52
52
|
config.shared_secret_keys = ["my_shared_token", "my_shared_token2"]
|
|
53
53
|
config.time_threshold = 2.hours
|
|
54
|
+
config.request_type = :path # :url by default if nothing is set
|
|
54
55
|
config.logger = Rails.logger
|
|
55
56
|
config.report_unauthenticated_requests = true
|
|
56
57
|
end
|
|
@@ -58,6 +59,7 @@ end
|
|
|
58
59
|
|
|
59
60
|
- shared_secret_keys: An Array of approved shared secret keys between the client and the server.
|
|
60
61
|
- time_threshold: The time threshold to allow requests. So for example the entry above will only allow requests from 2 hours before now and 2 hours in the future.
|
|
62
|
+
- request_type: 2 options: :url or :path. By default it's :url which uses the full URL has as the hashing mechanism. :path only uses the path for the hashing mechanism.
|
|
61
63
|
- logger: Your logger
|
|
62
64
|
- report_unauthenticated_requests: will throw some basic information into your logger.warn.
|
|
63
65
|
|
|
@@ -13,11 +13,19 @@ module ApiAuthenticator
|
|
|
13
13
|
rescue ArgumentError, TypeError
|
|
14
14
|
end
|
|
15
15
|
valid_api_time?(time)
|
|
16
|
-
valid_api_token?(request
|
|
16
|
+
valid_api_token?(originating_request(request), time, token)
|
|
17
17
|
end
|
|
18
18
|
|
|
19
19
|
protected
|
|
20
20
|
|
|
21
|
+
def self.originating_request(request)
|
|
22
|
+
if request_type == PATH_REQUEST_TYPE
|
|
23
|
+
request.original_fullpath
|
|
24
|
+
else
|
|
25
|
+
request.original_url
|
|
26
|
+
end
|
|
27
|
+
end
|
|
28
|
+
|
|
21
29
|
def self.valid_api_time?(time)
|
|
22
30
|
return false if time.nil?
|
|
23
31
|
utc_now = DateTime.now.new_offset(0)
|
|
@@ -1,5 +1,9 @@
|
|
|
1
1
|
module ApiAuthenticator
|
|
2
2
|
@@logger = nil
|
|
3
|
+
URL_REQUEST_TYPE = :url
|
|
4
|
+
PATH_REQUEST_TYPE = :path
|
|
5
|
+
@@request_type = URL_REQUEST_TYPE
|
|
6
|
+
REQUEST_TYPES = [URL_REQUEST_TYPE, PATH_REQUEST_TYPE]
|
|
3
7
|
|
|
4
8
|
def self.configure
|
|
5
9
|
yield self
|
|
@@ -13,6 +17,17 @@ module ApiAuthenticator
|
|
|
13
17
|
@@shared_secret_keys
|
|
14
18
|
end
|
|
15
19
|
|
|
20
|
+
def self.request_type
|
|
21
|
+
@@request_type
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
def self.request_type=(request_type)
|
|
25
|
+
unless REQUEST_TYPES.include?(request_type)
|
|
26
|
+
raise ArgumentError.new("Request types must be one of the following #{REQUEST_TYPES.join(', ')}}")
|
|
27
|
+
end
|
|
28
|
+
@@request_type = request_type
|
|
29
|
+
end
|
|
30
|
+
|
|
16
31
|
def self.time_threshold=(time_threshold)
|
|
17
32
|
@@time_threshold = time_threshold
|
|
18
33
|
end
|
|
@@ -32,4 +47,4 @@ module ApiAuthenticator
|
|
|
32
47
|
def self.logger
|
|
33
48
|
@@logger || Logger.new($stdout)
|
|
34
49
|
end
|
|
35
|
-
end
|
|
50
|
+
end
|
|
@@ -15,9 +15,19 @@ describe 'ApiAuthenticator' do
|
|
|
15
15
|
OpenSSL::HMAC.hexdigest(digest, shared_key, "#{DateTime.now.new_offset(0)}http://www.austinrocks.com/asdf")
|
|
16
16
|
end
|
|
17
17
|
|
|
18
|
+
let :api_token_from_request do
|
|
19
|
+
digest = OpenSSL::Digest.new('sha256')
|
|
20
|
+
OpenSSL::HMAC.hexdigest(digest, shared_key, "#{DateTime.now.new_offset(0)}/asdf")
|
|
21
|
+
end
|
|
22
|
+
|
|
18
23
|
let :valid_request do
|
|
19
24
|
time = DateTime.now.utc
|
|
20
|
-
double(:request, original_url: "http://www.austinrocks.com/asdf", headers: {"API-Time" => time.to_s, "API-Token" => api_token})
|
|
25
|
+
double(:request, original_fullpath: "/asdf", original_url: "http://www.austinrocks.com/asdf", headers: {"API-Time" => time.to_s, "API-Token" => api_token})
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
let :valid_request_with_path do
|
|
29
|
+
time = DateTime.now.utc
|
|
30
|
+
double(:request, original_fullpath: "/asdf", original_url: "http://www.austinrocks.com/asdf", headers: {"API-Time" => time.to_s, "API-Token" => api_token_from_request})
|
|
21
31
|
end
|
|
22
32
|
|
|
23
33
|
let :api_token2 do
|
|
@@ -27,26 +37,36 @@ describe 'ApiAuthenticator' do
|
|
|
27
37
|
|
|
28
38
|
let :valid_request_shared_key2 do
|
|
29
39
|
time = DateTime.now.utc
|
|
30
|
-
double(:request, original_url: "http://www.austinrocks.com/asdf", headers: {"API-Time" => time.to_s, "API-Token" => api_token})
|
|
40
|
+
double(:request, original_fullpath: "/asdf", original_url: "http://www.austinrocks.com/asdf", headers: {"API-Time" => time.to_s, "API-Token" => api_token})
|
|
31
41
|
end
|
|
32
42
|
|
|
33
43
|
let :bad_time_request do
|
|
34
44
|
time = 6.years.from_now
|
|
35
|
-
double(:request, original_url: "http://www.austinrocks.com/asdf", headers: {"API-Time" => time.to_s, "API-Token" => api_token})
|
|
45
|
+
double(:request, original_fullpath: "/asdf", original_url: "http://www.austinrocks.com/asdf", headers: {"API-Time" => time.to_s, "API-Token" => api_token})
|
|
36
46
|
end
|
|
37
47
|
|
|
38
48
|
let :bad_token_request do
|
|
39
49
|
time = Time.now.utc
|
|
40
|
-
double(:request, original_url: "http://www.austinrocks.com/asdf", headers: {"API-Time" => time.to_s, "API-Token" => "AUSTIN LIVES IN YO TESTS"})
|
|
50
|
+
double(:request, original_fullpath: "/asdf", original_url: "http://www.austinrocks.com/asdf", headers: {"API-Time" => time.to_s, "API-Token" => "AUSTIN LIVES IN YO TESTS"})
|
|
41
51
|
end
|
|
42
52
|
|
|
53
|
+
|
|
54
|
+
|
|
43
55
|
context "authenticated_request?" do
|
|
44
56
|
before :each do
|
|
45
57
|
ApiAuthenticator.configure do |config|
|
|
46
58
|
config.time_threshold = 2.hours
|
|
59
|
+
request_type = :url
|
|
47
60
|
config.shared_secret_keys = [shared_key, shared_key2]
|
|
48
61
|
end
|
|
49
62
|
end
|
|
63
|
+
context "authenticated_request? with request path" do
|
|
64
|
+
it "should be a valid request" do
|
|
65
|
+
ApiAuthenticator.request_type = :path
|
|
66
|
+
expect{ApiAuthenticator.authenticated_request?(valid_request_with_path)}.to_not raise_error
|
|
67
|
+
ApiAuthenticator.request_type = :url
|
|
68
|
+
end
|
|
69
|
+
end
|
|
50
70
|
|
|
51
71
|
context 'valid_request' do
|
|
52
72
|
it "should not throw an exception" do
|
|
@@ -58,6 +78,12 @@ describe 'ApiAuthenticator' do
|
|
|
58
78
|
end
|
|
59
79
|
end
|
|
60
80
|
|
|
81
|
+
context "passing a request dependent on URL but putting a path" do
|
|
82
|
+
it "should throw an exception" do
|
|
83
|
+
expect{ApiAuthenticator.authenticated_request?(valid_request_with_path)}.to raise_error(ApiAuthenticator::InvalidTokenError)
|
|
84
|
+
end
|
|
85
|
+
end
|
|
86
|
+
|
|
61
87
|
context 'invalid time' do
|
|
62
88
|
it "should raise InvalidTimeError" do
|
|
63
89
|
expect{ApiAuthenticator.authenticated_request?(bad_time_request)}.to raise_error(ApiAuthenticator::InvalidTimeError)
|
|
@@ -70,4 +96,4 @@ describe 'ApiAuthenticator' do
|
|
|
70
96
|
end
|
|
71
97
|
end
|
|
72
98
|
end
|
|
73
|
-
end
|
|
99
|
+
end
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
require 'spec_helper'
|
|
2
|
+
|
|
3
|
+
describe "ApiAuthenticator configuration" do
|
|
4
|
+
it "by default request type should be URL" do
|
|
5
|
+
expect(ApiAuthenticator.request_type).to eql(ApiAuthenticator::URL_REQUEST_TYPE)
|
|
6
|
+
end
|
|
7
|
+
|
|
8
|
+
it "can assign request type to :path" do
|
|
9
|
+
ApiAuthenticator.request_type = ApiAuthenticator::PATH_REQUEST_TYPE
|
|
10
|
+
expect(ApiAuthenticator.request_type).to eql(ApiAuthenticator::PATH_REQUEST_TYPE)
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
it "should throw an ArgumentError if request_type isn't acceptable" do
|
|
14
|
+
expect do
|
|
15
|
+
ApiAuthenticator.request_type = 'foo'
|
|
16
|
+
end.to raise_error(ArgumentError)
|
|
17
|
+
end
|
|
18
|
+
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: api_authenticator
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Austin Fonacier
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-07-
|
|
11
|
+
date: 2018-07-20 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -88,6 +88,7 @@ files:
|
|
|
88
88
|
- lib/api_authenticator/version.rb
|
|
89
89
|
- spec/api_authenticator_spec.rb
|
|
90
90
|
- spec/authenticator_concern_spec.rb
|
|
91
|
+
- spec/configuration_spec.rb
|
|
91
92
|
- spec/errors_spec.rb
|
|
92
93
|
- spec/spec_helper.rb
|
|
93
94
|
homepage: https://github.com/Spokeo/api_authenticator
|
|
@@ -117,5 +118,6 @@ summary: This gem will authenticate API requests using a modified HMAC-SHA1
|
|
|
117
118
|
test_files:
|
|
118
119
|
- spec/api_authenticator_spec.rb
|
|
119
120
|
- spec/authenticator_concern_spec.rb
|
|
121
|
+
- spec/configuration_spec.rb
|
|
120
122
|
- spec/errors_spec.rb
|
|
121
123
|
- spec/spec_helper.rb
|