api_authenticator 0.2.1 → 0.3.0
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ab1bb241ecc07c6ad6a16ce196fb7fa29880e419344d150a414ab3cb794c8f8e
|
|
4
|
+
data.tar.gz: 686903c5026f217edfea3caa738f7611cacbcba6f5cc5ae4954d3afc936a8b58
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 52fa2bb023130b0a7809d10d1c67ce41b64b420f0a5f4536acfe312988d245771ea5df59f59518cf9d4a1fab4492ae16134247372f2e4020027ff6e3fefa410c
|
|
7
|
+
data.tar.gz: d239d3da4e14b7244aa106b2689beca3ad2565e6285bad6508ec4eaeffeb496dc63b14a64b0149c6e8a7c92230dd42728e8ee9f91041ef64af939574fc4e5ceb
|
data/README.md
CHANGED
|
@@ -51,6 +51,7 @@ env['API-Token'] = OpenSSL::HMAC.hexdigest(digest, shared_secret_key, "#{DateTim
|
|
|
51
51
|
ApiAuthenticator.configure do |config|
|
|
52
52
|
config.shared_secret_keys = ["my_shared_token", "my_shared_token2"]
|
|
53
53
|
config.time_threshold = 2.hours
|
|
54
|
+
config.request_type = :path # :url by default if nothing is set
|
|
54
55
|
config.logger = Rails.logger
|
|
55
56
|
config.report_unauthenticated_requests = true
|
|
56
57
|
end
|
|
@@ -58,6 +59,7 @@ end
|
|
|
58
59
|
|
|
59
60
|
- shared_secret_keys: An Array of approved shared secret keys between the client and the server.
|
|
60
61
|
- time_threshold: The time threshold to allow requests. So for example the entry above will only allow requests from 2 hours before now and 2 hours in the future.
|
|
62
|
+
- request_type: 2 options: :url or :path. By default it's :url which uses the full URL has as the hashing mechanism. :path only uses the path for the hashing mechanism.
|
|
61
63
|
- logger: Your logger
|
|
62
64
|
- report_unauthenticated_requests: will throw some basic information into your logger.warn.
|
|
63
65
|
|
|
@@ -13,11 +13,19 @@ module ApiAuthenticator
|
|
|
13
13
|
rescue ArgumentError, TypeError
|
|
14
14
|
end
|
|
15
15
|
valid_api_time?(time)
|
|
16
|
-
valid_api_token?(request
|
|
16
|
+
valid_api_token?(originating_request(request), time, token)
|
|
17
17
|
end
|
|
18
18
|
|
|
19
19
|
protected
|
|
20
20
|
|
|
21
|
+
def self.originating_request(request)
|
|
22
|
+
if request_type == PATH_REQUEST_TYPE
|
|
23
|
+
request.original_fullpath
|
|
24
|
+
else
|
|
25
|
+
request.original_url
|
|
26
|
+
end
|
|
27
|
+
end
|
|
28
|
+
|
|
21
29
|
def self.valid_api_time?(time)
|
|
22
30
|
return false if time.nil?
|
|
23
31
|
utc_now = DateTime.now.new_offset(0)
|
|
@@ -1,5 +1,9 @@
|
|
|
1
1
|
module ApiAuthenticator
|
|
2
2
|
@@logger = nil
|
|
3
|
+
URL_REQUEST_TYPE = :url
|
|
4
|
+
PATH_REQUEST_TYPE = :path
|
|
5
|
+
@@request_type = URL_REQUEST_TYPE
|
|
6
|
+
REQUEST_TYPES = [URL_REQUEST_TYPE, PATH_REQUEST_TYPE]
|
|
3
7
|
|
|
4
8
|
def self.configure
|
|
5
9
|
yield self
|
|
@@ -13,6 +17,17 @@ module ApiAuthenticator
|
|
|
13
17
|
@@shared_secret_keys
|
|
14
18
|
end
|
|
15
19
|
|
|
20
|
+
def self.request_type
|
|
21
|
+
@@request_type
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
def self.request_type=(request_type)
|
|
25
|
+
unless REQUEST_TYPES.include?(request_type)
|
|
26
|
+
raise ArgumentError.new("Request types must be one of the following #{REQUEST_TYPES.join(', ')}}")
|
|
27
|
+
end
|
|
28
|
+
@@request_type = request_type
|
|
29
|
+
end
|
|
30
|
+
|
|
16
31
|
def self.time_threshold=(time_threshold)
|
|
17
32
|
@@time_threshold = time_threshold
|
|
18
33
|
end
|
|
@@ -32,4 +47,4 @@ module ApiAuthenticator
|
|
|
32
47
|
def self.logger
|
|
33
48
|
@@logger || Logger.new($stdout)
|
|
34
49
|
end
|
|
35
|
-
end
|
|
50
|
+
end
|
|
@@ -15,9 +15,19 @@ describe 'ApiAuthenticator' do
|
|
|
15
15
|
OpenSSL::HMAC.hexdigest(digest, shared_key, "#{DateTime.now.new_offset(0)}http://www.austinrocks.com/asdf")
|
|
16
16
|
end
|
|
17
17
|
|
|
18
|
+
let :api_token_from_request do
|
|
19
|
+
digest = OpenSSL::Digest.new('sha256')
|
|
20
|
+
OpenSSL::HMAC.hexdigest(digest, shared_key, "#{DateTime.now.new_offset(0)}/asdf")
|
|
21
|
+
end
|
|
22
|
+
|
|
18
23
|
let :valid_request do
|
|
19
24
|
time = DateTime.now.utc
|
|
20
|
-
double(:request, original_url: "http://www.austinrocks.com/asdf", headers: {"API-Time" => time.to_s, "API-Token" => api_token})
|
|
25
|
+
double(:request, original_fullpath: "/asdf", original_url: "http://www.austinrocks.com/asdf", headers: {"API-Time" => time.to_s, "API-Token" => api_token})
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
let :valid_request_with_path do
|
|
29
|
+
time = DateTime.now.utc
|
|
30
|
+
double(:request, original_fullpath: "/asdf", original_url: "http://www.austinrocks.com/asdf", headers: {"API-Time" => time.to_s, "API-Token" => api_token_from_request})
|
|
21
31
|
end
|
|
22
32
|
|
|
23
33
|
let :api_token2 do
|
|
@@ -27,26 +37,36 @@ describe 'ApiAuthenticator' do
|
|
|
27
37
|
|
|
28
38
|
let :valid_request_shared_key2 do
|
|
29
39
|
time = DateTime.now.utc
|
|
30
|
-
double(:request, original_url: "http://www.austinrocks.com/asdf", headers: {"API-Time" => time.to_s, "API-Token" => api_token})
|
|
40
|
+
double(:request, original_fullpath: "/asdf", original_url: "http://www.austinrocks.com/asdf", headers: {"API-Time" => time.to_s, "API-Token" => api_token})
|
|
31
41
|
end
|
|
32
42
|
|
|
33
43
|
let :bad_time_request do
|
|
34
44
|
time = 6.years.from_now
|
|
35
|
-
double(:request, original_url: "http://www.austinrocks.com/asdf", headers: {"API-Time" => time.to_s, "API-Token" => api_token})
|
|
45
|
+
double(:request, original_fullpath: "/asdf", original_url: "http://www.austinrocks.com/asdf", headers: {"API-Time" => time.to_s, "API-Token" => api_token})
|
|
36
46
|
end
|
|
37
47
|
|
|
38
48
|
let :bad_token_request do
|
|
39
49
|
time = Time.now.utc
|
|
40
|
-
double(:request, original_url: "http://www.austinrocks.com/asdf", headers: {"API-Time" => time.to_s, "API-Token" => "AUSTIN LIVES IN YO TESTS"})
|
|
50
|
+
double(:request, original_fullpath: "/asdf", original_url: "http://www.austinrocks.com/asdf", headers: {"API-Time" => time.to_s, "API-Token" => "AUSTIN LIVES IN YO TESTS"})
|
|
41
51
|
end
|
|
42
52
|
|
|
53
|
+
|
|
54
|
+
|
|
43
55
|
context "authenticated_request?" do
|
|
44
56
|
before :each do
|
|
45
57
|
ApiAuthenticator.configure do |config|
|
|
46
58
|
config.time_threshold = 2.hours
|
|
59
|
+
request_type = :url
|
|
47
60
|
config.shared_secret_keys = [shared_key, shared_key2]
|
|
48
61
|
end
|
|
49
62
|
end
|
|
63
|
+
context "authenticated_request? with request path" do
|
|
64
|
+
it "should be a valid request" do
|
|
65
|
+
ApiAuthenticator.request_type = :path
|
|
66
|
+
expect{ApiAuthenticator.authenticated_request?(valid_request_with_path)}.to_not raise_error
|
|
67
|
+
ApiAuthenticator.request_type = :url
|
|
68
|
+
end
|
|
69
|
+
end
|
|
50
70
|
|
|
51
71
|
context 'valid_request' do
|
|
52
72
|
it "should not throw an exception" do
|
|
@@ -58,6 +78,12 @@ describe 'ApiAuthenticator' do
|
|
|
58
78
|
end
|
|
59
79
|
end
|
|
60
80
|
|
|
81
|
+
context "passing a request dependent on URL but putting a path" do
|
|
82
|
+
it "should throw an exception" do
|
|
83
|
+
expect{ApiAuthenticator.authenticated_request?(valid_request_with_path)}.to raise_error(ApiAuthenticator::InvalidTokenError)
|
|
84
|
+
end
|
|
85
|
+
end
|
|
86
|
+
|
|
61
87
|
context 'invalid time' do
|
|
62
88
|
it "should raise InvalidTimeError" do
|
|
63
89
|
expect{ApiAuthenticator.authenticated_request?(bad_time_request)}.to raise_error(ApiAuthenticator::InvalidTimeError)
|
|
@@ -70,4 +96,4 @@ describe 'ApiAuthenticator' do
|
|
|
70
96
|
end
|
|
71
97
|
end
|
|
72
98
|
end
|
|
73
|
-
end
|
|
99
|
+
end
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
require 'spec_helper'
|
|
2
|
+
|
|
3
|
+
describe "ApiAuthenticator configuration" do
|
|
4
|
+
it "by default request type should be URL" do
|
|
5
|
+
expect(ApiAuthenticator.request_type).to eql(ApiAuthenticator::URL_REQUEST_TYPE)
|
|
6
|
+
end
|
|
7
|
+
|
|
8
|
+
it "can assign request type to :path" do
|
|
9
|
+
ApiAuthenticator.request_type = ApiAuthenticator::PATH_REQUEST_TYPE
|
|
10
|
+
expect(ApiAuthenticator.request_type).to eql(ApiAuthenticator::PATH_REQUEST_TYPE)
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
it "should throw an ArgumentError if request_type isn't acceptable" do
|
|
14
|
+
expect do
|
|
15
|
+
ApiAuthenticator.request_type = 'foo'
|
|
16
|
+
end.to raise_error(ArgumentError)
|
|
17
|
+
end
|
|
18
|
+
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: api_authenticator
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Austin Fonacier
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-07-
|
|
11
|
+
date: 2018-07-20 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -88,6 +88,7 @@ files:
|
|
|
88
88
|
- lib/api_authenticator/version.rb
|
|
89
89
|
- spec/api_authenticator_spec.rb
|
|
90
90
|
- spec/authenticator_concern_spec.rb
|
|
91
|
+
- spec/configuration_spec.rb
|
|
91
92
|
- spec/errors_spec.rb
|
|
92
93
|
- spec/spec_helper.rb
|
|
93
94
|
homepage: https://github.com/Spokeo/api_authenticator
|
|
@@ -117,5 +118,6 @@ summary: This gem will authenticate API requests using a modified HMAC-SHA1
|
|
|
117
118
|
test_files:
|
|
118
119
|
- spec/api_authenticator_spec.rb
|
|
119
120
|
- spec/authenticator_concern_spec.rb
|
|
121
|
+
- spec/configuration_spec.rb
|
|
120
122
|
- spec/errors_spec.rb
|
|
121
123
|
- spec/spec_helper.rb
|