atalanda-signature 1.0.2 → 1.0.3

data/README.md

@@ -1,4 +1,3 @@
-
 AtalandaSignature-ruby
 ==================
 
@@ -30,7 +29,7 @@ parameters = {
   "atalogics" => {}
 }
 token = Atalanda::Signature::Token.new(KEY, SECRET)
-request = Atalanda::Signature::Request.new("POST", "api/order", parameters)
+request = Atalanda::Signature::Request.new("POST", "https://atalogics.com/api/order", parameters)
 signed_parameters = request.sign(token)
 =>
 {
@@ -40,6 +39,48 @@ signed_parameters = request.sign(token)
   "auth_signature" => "552beac4b99949a556b120b7e5f7e22def46f663992a08f0f132ad4afee68b9f"
 }
 ```
+**Example**
+> POST Request to https://atalogics.com/api/orderOffer with the following JSON:
+``` javascript
+{
+  "atalogics": {
+    "api_key": "5f70fd232454e5c142566dbacc3dec5",
+    "offer_id": "33/2014-01-22/1/2014-01-22",
+    "expected_fee": 5.59,
+    "external_id": "AZDF-234",
+    "url_state_update": "https://ihr-server.de/atalogics/callbacks",
+    "catch": {
+        "name": "Top Fashion Shop",
+        "street": "Schneiderstraße 20",
+        "postal_code": "5020",
+        "city": "Salzburg",
+        "phone_number": "123456",
+        "email": "info@fashionshop.de"
+    },
+    "drop": {
+        "name": "Marta Musterkundin",
+        "street": "Kaufstr. 76",
+        "postal_code": "5020",
+        "city": "Salzburg",
+        "phone_number": "435236",
+        "email": "marta@musterkundin.de",
+        "extra_services": ["R18"]
+    }
+  }
+}
+```
+``` ruby
+token = Atalanda::Signature::Token.new(KEY, SECRET)
+request = Atalanda::Signature::Request.new("POST", "https://atalogics.com/api/orderOffer", parameters) # parameters contains a hash representing the json above
+signed_parameters = request.sign(token)
+# post to our API, for example with HTTParty
+HTTParty.post("https://atalogics.com/api/orderOffer", 
+  :body => signed_parameters.to_json,
+  :headers => { 'Content-Type' => 'application/json' })
+```
+If you do a GET Request, you also have to sign all URL parameters. Simply include them in the parameters hash. Send the produced auth parameters along with the other URL parameters, for example:
+> https://atalogics.com/api/status?tracking_id=42ef32a&api_key=abcde**&auth_signature=ab332d2f&auth_timestamp=123244&auth_key=abcde**
+
 
 Verifying the signature of our callbacks
 --------------

data/lib/atalanda/signature.rb

@@ -38,7 +38,7 @@ module Atalanda
           }
         end
 
-        if @time - get_auth_hash["auth_timestamp"].to_i > timestamp_grace
+        if (@time - get_auth_hash["auth_timestamp"].to_i).abs > timestamp_grace
           return {
             "authenticated" => false,
             "reason" => "Auth timestamp is older than #{timestamp_grace} seconds"

data/lib/atalanda/signature/version.rb

@@ -1,5 +1,5 @@
 module Atalanda
   module Signature
-    VERSION = "1.0.2"
+    VERSION = "1.0.3"
   end
 end

data/spec/spec_helper.rb

@@ -0,0 +1,5 @@
+require 'rubygems'
+require 'bundler/setup'
+require 'timecop'
+
+require 'atalanda/signature'

data/spec/unit/request_spec.rb

@@ -0,0 +1,151 @@
+require 'spec_helper'
+describe Atalanda::Signature::Request do
+  before(:each) do
+    @api_key = "dqwffef2"
+    @token = Atalanda::Signature::Token.new(@api_key,"g234h24g34")
+  end
+
+  after(:each) do
+    Timecop.return
+  end
+
+  describe "canonical_string_from_hash" do
+    it "should always output the same string" do
+      params = {
+        "atalogics" => {
+          "api_key" => "5f70fd232454e5c142566dbacc3dec5",
+          "external_id" => "AZDF-234",
+          "catch" => {
+              "name" => "Top Fashion Shop",
+              "street" => "Schneiderstrasse 20"
+          },
+          "drop" => {
+              "name" => "Marta Musterkundin",
+              "street" => "Kaufstr. 76"
+          },
+          "an_array" => [2,"3","1","5"]
+        }
+      }
+      request = Atalanda::Signature::Request.new("POST", "/api/order", params)
+      result = request.send(:buildParameterString)
+
+      params2 = {
+        "atalogics" => {
+          "external_id" => "AZDF-234",
+          "api_key" => "5f70fd232454e5c142566dbacc3dec5",
+          "drop" => {
+              "name" => "Marta Musterkundin",
+              "street" => "Kaufstr. 76"
+          },
+          "an_array" => [2,"3","1","5"],
+          "catch" => {
+              "street" => "Schneiderstrasse 20",
+              "name" => "Top Fashion Shop"
+          }
+        }
+      }
+      request2 = Atalanda::Signature::Request.new("POST", "/api/order", params2)
+      result2 = request2.send(:buildParameterString)
+
+      result2.should == result
+    end
+
+    it "should concatenate correctly" do
+      params = {
+        "atalogics" => {
+          "api_key" => "5f70fd232454e5c142566dbacc3dec5",
+          "external_id" => "AZDF-234",
+          "catch" => {
+              "name" => "Top Fashion Shop",
+              "street" => "Schneiderstrasse 20"
+          },
+          "drop" => {
+              "name" => "Marta Musterkundin",
+              "street" => "Kaufstr. 76"
+          },
+          "an_array" => [2,"3","1","5"],
+          "zip" => false
+        }
+      }
+      request = Atalanda::Signature::Request.new("POST", "/api/order", params)
+      result = request.send(:buildParameterString)
+      result.should == "POST/api/orderatalogicsan_array2315api_key5f70fd232454e5c142566dbacc3dec5catchnameTop Fashion ShopstreetSchneiderstrasse 20dropnameMarta MusterkundinstreetKaufstr. 76external_idAZDF-234zipfalse"
+    end
+  end
+
+  describe "sign" do
+    it "should correctly sign a request" do
+      Timecop.freeze(Date.parse("20.12.2014")) do
+        params = {"foo" => "bar"}
+        request = Atalanda::Signature::Request.new("POST", "/api/order", params)
+        signedParams = request.sign(@token)
+        signedParams.should == {
+          "foo" => "bar",
+          "auth_timestamp"=>1419030000, 
+          "auth_key"=>@api_key, 
+          "auth_signature"=>"e89983606e992b9b060e9383913de79ebc6a1d610c96bf4f9712e6813d4fedfa"
+        }
+      end
+    end
+  end
+
+  describe "authenticate" do
+    it "should not authenticate if there is no auth_hash" do
+      Timecop.freeze(Date.parse("20.12.2014")) do
+        params = {"foo" => "bar"}
+        request = Atalanda::Signature::Request.new("POST", "/api/order", params)
+        result = request.authenticate(@token)
+        result.should == {
+          "authenticated" => false,
+          "reason" => "Auth hash is missing"
+        }
+      end
+    end
+
+    it "should not authenticate if signature is too old" do
+      Timecop.travel(Date.parse("20.12.2014"))
+      params = {"foo" => "bar"}
+      request = Atalanda::Signature::Request.new("POST", "/api/order", params)
+      signedParams = request.sign(@token)
+
+      Timecop.travel(Date.parse("19.12.2014"))
+      request2 = Atalanda::Signature::Request.new("POST", "/api/order", signedParams)
+      timestamp_grace = 700
+      result = request2.authenticate(@token, timestamp_grace)
+      result.should == {
+        "authenticated" => false,
+        "reason" => "Auth timestamp is older than #{timestamp_grace} seconds"
+      }
+    end
+
+    it "should not authenticate if content changed" do
+      params = {"foo" => "bar"}
+      request = Atalanda::Signature::Request.new("POST", "/api/order", params)
+      signedParams = request.sign(@token)
+
+      # change params
+      signedParams["foo"] = "bar2"
+
+      request2 = Atalanda::Signature::Request.new("POST", "/api/order", signedParams)
+      timestamp_grace = 700
+      result = request2.authenticate(@token, timestamp_grace)
+      result.should == {
+        "authenticated" => false,
+        "reason" => "Signature does not match"
+      }
+    end
+
+    it "should not authenticate" do
+      params = {"foo" => "bar"}
+      request = Atalanda::Signature::Request.new("POST", "/api/order", params)
+      signedParams = request.sign(@token)
+
+      request2 = Atalanda::Signature::Request.new("POST", "/api/order", signedParams)
+      timestamp_grace = 700
+      result = request2.authenticate(@token, timestamp_grace)
+      result.should == {
+        "authenticated" => true
+      }
+    end
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: atalanda-signature
 version: !ruby/object:Gem::Version
-  version: 1.0.2
+  version: 1.0.3
   prerelease: 
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-02-01 00:00:00.000000000 Z
+date: 2014-02-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -106,6 +106,8 @@ files:
 - atalanda-signature.gemspec
 - lib/atalanda/signature.rb
 - lib/atalanda/signature/version.rb
+- spec/spec_helper.rb
+- spec/unit/request_spec.rb
 homepage: ''
 licenses:
 - MIT
@@ -131,5 +133,7 @@ rubygems_version: 1.8.23
 signing_key: 
 specification_version: 3
 summary: Gem for signing atalogics api calls
-test_files: []
+test_files:
+- spec/spec_helper.rb
+- spec/unit/request_spec.rb
 has_rdoc: