atalanda-signature 1.0.2 → 1.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. data/README.md +43 -2
  2. data/lib/atalanda/signature.rb +1 -1
  3. data/lib/atalanda/signature/version.rb +1 -1
  4. data/spec/spec_helper.rb +5 -0
  5. data/spec/unit/request_spec.rb +151 -0
  6. metadata +7 -3
data/README.md CHANGED
@@ -1,4 +1,3 @@
1
-
2
1
  AtalandaSignature-ruby
3
2
  ==================
4
3
 
@@ -30,7 +29,7 @@ parameters = {
30
29
  "atalogics" => {}
31
30
  }
32
31
  token = Atalanda::Signature::Token.new(KEY, SECRET)
33
- request = Atalanda::Signature::Request.new("POST", "api/order", parameters)
32
+ request = Atalanda::Signature::Request.new("POST", "https://atalogics.com/api/order", parameters)
34
33
  signed_parameters = request.sign(token)
35
34
  =>
36
35
  {
@@ -40,6 +39,48 @@ signed_parameters = request.sign(token)
40
39
  "auth_signature" => "552beac4b99949a556b120b7e5f7e22def46f663992a08f0f132ad4afee68b9f"
41
40
  }
42
41
  ```
42
+ **Example**
43
+ > POST Request to https://atalogics.com/api/orderOffer with the following JSON:
44
+ ``` javascript
45
+ {
46
+ "atalogics": {
47
+ "api_key": "5f70fd232454e5c142566dbacc3dec5",
48
+ "offer_id": "33/2014-01-22/1/2014-01-22",
49
+ "expected_fee": 5.59,
50
+ "external_id": "AZDF-234",
51
+ "url_state_update": "https://ihr-server.de/atalogics/callbacks",
52
+ "catch": {
53
+ "name": "Top Fashion Shop",
54
+ "street": "Schneiderstraße 20",
55
+ "postal_code": "5020",
56
+ "city": "Salzburg",
57
+ "phone_number": "123456",
58
+ "email": "info@fashionshop.de"
59
+ },
60
+ "drop": {
61
+ "name": "Marta Musterkundin",
62
+ "street": "Kaufstr. 76",
63
+ "postal_code": "5020",
64
+ "city": "Salzburg",
65
+ "phone_number": "435236",
66
+ "email": "marta@musterkundin.de",
67
+ "extra_services": ["R18"]
68
+ }
69
+ }
70
+ }
71
+ ```
72
+ ``` ruby
73
+ token = Atalanda::Signature::Token.new(KEY, SECRET)
74
+ request = Atalanda::Signature::Request.new("POST", "https://atalogics.com/api/orderOffer", parameters) # parameters contains a hash representing the json above
75
+ signed_parameters = request.sign(token)
76
+ # post to our API, for example with HTTParty
77
+ HTTParty.post("https://atalogics.com/api/orderOffer",
78
+ :body => signed_parameters.to_json,
79
+ :headers => { 'Content-Type' => 'application/json' })
80
+ ```
81
+ If you do a GET Request, you also have to sign all URL parameters. Simply include them in the parameters hash. Send the produced auth parameters along with the other URL parameters, for example:
82
+ > https://atalogics.com/api/status?tracking_id=42ef32a&api_key=abcde**&auth_signature=ab332d2f&auth_timestamp=123244&auth_key=abcde**
83
+
43
84
 
44
85
  Verifying the signature of our callbacks
45
86
  --------------
data/lib/atalanda/signature.rb CHANGED
@@ -38,7 +38,7 @@ module Atalanda
38
38
  }
39
39
  end
40
40
 
41
- if @time - get_auth_hash["auth_timestamp"].to_i > timestamp_grace
41
+ if (@time - get_auth_hash["auth_timestamp"].to_i).abs > timestamp_grace
42
42
  return {
43
43
  "authenticated" => false,
44
44
  "reason" => "Auth timestamp is older than #{timestamp_grace} seconds"
data/lib/atalanda/signature/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Atalanda
2
2
  module Signature
3
- VERSION = "1.0.2"
3
+ VERSION = "1.0.3"
4
4
  end
5
5
  end
data/spec/spec_helper.rb ADDED
@@ -0,0 +1,5 @@
1
+ require 'rubygems'
2
+ require 'bundler/setup'
3
+ require 'timecop'
4
+
5
+ require 'atalanda/signature'
data/spec/unit/request_spec.rb ADDED
@@ -0,0 +1,151 @@
1
+ require 'spec_helper'
2
+ describe Atalanda::Signature::Request do
3
+ before(:each) do
4
+ @api_key = "dqwffef2"
5
+ @token = Atalanda::Signature::Token.new(@api_key,"g234h24g34")
6
+ end
7
+
8
+ after(:each) do
9
+ Timecop.return
10
+ end
11
+
12
+ describe "canonical_string_from_hash" do
13
+ it "should always output the same string" do
14
+ params = {
15
+ "atalogics" => {
16
+ "api_key" => "5f70fd232454e5c142566dbacc3dec5",
17
+ "external_id" => "AZDF-234",
18
+ "catch" => {
19
+ "name" => "Top Fashion Shop",
20
+ "street" => "Schneiderstrasse 20"
21
+ },
22
+ "drop" => {
23
+ "name" => "Marta Musterkundin",
24
+ "street" => "Kaufstr. 76"
25
+ },
26
+ "an_array" => [2,"3","1","5"]
27
+ }
28
+ }
29
+ request = Atalanda::Signature::Request.new("POST", "/api/order", params)
30
+ result = request.send(:buildParameterString)
31
+
32
+ params2 = {
33
+ "atalogics" => {
34
+ "external_id" => "AZDF-234",
35
+ "api_key" => "5f70fd232454e5c142566dbacc3dec5",
36
+ "drop" => {
37
+ "name" => "Marta Musterkundin",
38
+ "street" => "Kaufstr. 76"
39
+ },
40
+ "an_array" => [2,"3","1","5"],
41
+ "catch" => {
42
+ "street" => "Schneiderstrasse 20",
43
+ "name" => "Top Fashion Shop"
44
+ }
45
+ }
46
+ }
47
+ request2 = Atalanda::Signature::Request.new("POST", "/api/order", params2)
48
+ result2 = request2.send(:buildParameterString)
49
+
50
+ result2.should == result
51
+ end
52
+
53
+ it "should concatenate correctly" do
54
+ params = {
55
+ "atalogics" => {
56
+ "api_key" => "5f70fd232454e5c142566dbacc3dec5",
57
+ "external_id" => "AZDF-234",
58
+ "catch" => {
59
+ "name" => "Top Fashion Shop",
60
+ "street" => "Schneiderstrasse 20"
61
+ },
62
+ "drop" => {
63
+ "name" => "Marta Musterkundin",
64
+ "street" => "Kaufstr. 76"
65
+ },
66
+ "an_array" => [2,"3","1","5"],
67
+ "zip" => false
68
+ }
69
+ }
70
+ request = Atalanda::Signature::Request.new("POST", "/api/order", params)
71
+ result = request.send(:buildParameterString)
72
+ result.should == "POST/api/orderatalogicsan_array2315api_key5f70fd232454e5c142566dbacc3dec5catchnameTop Fashion ShopstreetSchneiderstrasse 20dropnameMarta MusterkundinstreetKaufstr. 76external_idAZDF-234zipfalse"
73
+ end
74
+ end
75
+
76
+ describe "sign" do
77
+ it "should correctly sign a request" do
78
+ Timecop.freeze(Date.parse("20.12.2014")) do
79
+ params = {"foo" => "bar"}
80
+ request = Atalanda::Signature::Request.new("POST", "/api/order", params)
81
+ signedParams = request.sign(@token)
82
+ signedParams.should == {
83
+ "foo" => "bar",
84
+ "auth_timestamp"=>1419030000,
85
+ "auth_key"=>@api_key,
86
+ "auth_signature"=>"e89983606e992b9b060e9383913de79ebc6a1d610c96bf4f9712e6813d4fedfa"
87
+ }
88
+ end
89
+ end
90
+ end
91
+
92
+ describe "authenticate" do
93
+ it "should not authenticate if there is no auth_hash" do
94
+ Timecop.freeze(Date.parse("20.12.2014")) do
95
+ params = {"foo" => "bar"}
96
+ request = Atalanda::Signature::Request.new("POST", "/api/order", params)
97
+ result = request.authenticate(@token)
98
+ result.should == {
99
+ "authenticated" => false,
100
+ "reason" => "Auth hash is missing"
101
+ }
102
+ end
103
+ end
104
+
105
+ it "should not authenticate if signature is too old" do
106
+ Timecop.travel(Date.parse("20.12.2014"))
107
+ params = {"foo" => "bar"}
108
+ request = Atalanda::Signature::Request.new("POST", "/api/order", params)
109
+ signedParams = request.sign(@token)
110
+
111
+ Timecop.travel(Date.parse("19.12.2014"))
112
+ request2 = Atalanda::Signature::Request.new("POST", "/api/order", signedParams)
113
+ timestamp_grace = 700
114
+ result = request2.authenticate(@token, timestamp_grace)
115
+ result.should == {
116
+ "authenticated" => false,
117
+ "reason" => "Auth timestamp is older than #{timestamp_grace} seconds"
118
+ }
119
+ end
120
+
121
+ it "should not authenticate if content changed" do
122
+ params = {"foo" => "bar"}
123
+ request = Atalanda::Signature::Request.new("POST", "/api/order", params)
124
+ signedParams = request.sign(@token)
125
+
126
+ # change params
127
+ signedParams["foo"] = "bar2"
128
+
129
+ request2 = Atalanda::Signature::Request.new("POST", "/api/order", signedParams)
130
+ timestamp_grace = 700
131
+ result = request2.authenticate(@token, timestamp_grace)
132
+ result.should == {
133
+ "authenticated" => false,
134
+ "reason" => "Signature does not match"
135
+ }
136
+ end
137
+
138
+ it "should not authenticate" do
139
+ params = {"foo" => "bar"}
140
+ request = Atalanda::Signature::Request.new("POST", "/api/order", params)
141
+ signedParams = request.sign(@token)
142
+
143
+ request2 = Atalanda::Signature::Request.new("POST", "/api/order", signedParams)
144
+ timestamp_grace = 700
145
+ result = request2.authenticate(@token, timestamp_grace)
146
+ result.should == {
147
+ "authenticated" => true
148
+ }
149
+ end
150
+ end
151
+ end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: atalanda-signature
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.2
4
+ version: 1.0.3
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2014-02-01 00:00:00.000000000 Z
12
+ date: 2014-02-10 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: bundler
@@ -106,6 +106,8 @@ files:
106
106
  - atalanda-signature.gemspec
107
107
  - lib/atalanda/signature.rb
108
108
  - lib/atalanda/signature/version.rb
109
+ - spec/spec_helper.rb
110
+ - spec/unit/request_spec.rb
109
111
  homepage: ''
110
112
  licenses:
111
113
  - MIT
@@ -131,5 +133,7 @@ rubygems_version: 1.8.23
131
133
  signing_key:
132
134
  specification_version: 3
133
135
  summary: Gem for signing atalogics api calls
134
- test_files: []
136
+ test_files:
137
+ - spec/spec_helper.rb
138
+ - spec/unit/request_spec.rb
135
139
  has_rdoc: