auth-hmac 1.0.1 → 1.1.0

data/History.txt

@@ -1,3 +1,7 @@
+== 1.1.0 2009-02-26
+
+* Added support for custom request signatures and service ids. (ascarter)
+
 == 1.0.1 2008-08-22
 
 * Fixed nil pointer exception when with_auth called with nil creds.

data/config/hoe.rb

@@ -1,6 +1,6 @@
 require 'auth-hmac/version'
 
-AUTHOR = 'Sean Geoghegan'  # can also be an array of Authors
+AUTHOR = ['Sean Geoghegan', 'ascarter']  # can also be an array of Authors
 EMAIL = "seangeo@gmail.com"
 DESCRIPTION = "A gem providing HMAC based authentication for HTTP"
 GEM_NAME = 'auth-hmac' # what ppl will type to install your gem
@@ -51,7 +51,8 @@ end
 # Generate all the Rake tasks
 # Run 'rake -T' to see list of generated tasks (from gem root directory)
 $hoe = Hoe.new(GEM_NAME, VERS) do |p|
-  p.developer(AUTHOR, EMAIL)
+  p.author = AUTHOR
+  p.email = EMAIL
   p.description = DESCRIPTION
   p.summary = DESCRIPTION
   p.url = HOMEPATH

data/lib/auth-hmac.rb

@@ -17,6 +17,12 @@ require 'base64'
 # As a result of the generalization, it won't work with AWS because it doesn't support
 # the Amazon extension headers.
 #
+# === References
+# Cryptographic Hash functions:: http://en.wikipedia.org/wiki/Cryptographic_hash_function
+# SHA-1 Hash function::          http://en.wikipedia.org/wiki/SHA-1
+# HMAC algorithm::               http://en.wikipedia.org/wiki/HMAC
+# RFC 2104::                     http://tools.ietf.org/html/rfc2104
+#
 class AuthHMAC
   module Headers # :nodoc:
     # Gets the headers for a request.
@@ -42,69 +48,7 @@ class AuthHMAC
   end
   
   include Headers
-  
-  # Signs a request using a given access key id and secret.
-  #
-  def AuthHMAC.sign!(request, access_key_id, secret)
-    self.new(access_key_id => secret).sign!(request, access_key_id)
-  end
-  
-  def AuthHMAC.authenticated?(request, access_key_id, secret)
-    self.new(access_key_id => secret).authenticated?(request)
-  end
-  
-  # Create an AuthHMAC instance using a given credential store.
-  #
-  # A credential store must respond to the [] method and return
-  # the secret for the access key id passed to [].
-  #
-  def initialize(credential_store)
-    @credential_store = credential_store
-  end
-  
-  # Signs a request using the access_key_id and the secret associated with that id
-  # in the credential store.
-  #
-  # Signing a requests adds an Authorization header to the request in the format:
-  #
-  #  AuthHMAC <access_key_id>:<signature>
-  #
-  # where <signature> is the Base64 encoded HMAC-SHA1 of the CanonicalString and the secret.
-  #
-  def sign!(request, access_key_id)
-    secret = @credential_store[access_key_id]
-    raise ArgumentError, "No secret found for key id '#{access_key_id}'" if secret.nil?
-    request['Authorization'] = build_authorization_header(request, access_key_id, secret)
-  end
-  
-  # Authenticates a request using HMAC
-  #
-  # Returns true if the request has an AuthHMAC Authorization header and
-  # the access id and HMAC match an id and HMAC produced for the secret
-  # in the credential store. Otherwise returns false.
-  #
-  def authenticated?(request)
-    if md = /^AuthHMAC ([^:]+):(.+)$/.match(find_header(%w(Authorization HTTP_AUTHORIZATION), headers(request)))
-      access_key_id = md[1]
-      hmac = md[2]
-      secret = @credential_store[access_key_id]      
-      !secret.nil? && hmac == build_signature(request, secret)
-    else
-      false
-    end
-  end
-  
-  private
-    def build_authorization_header(request, access_key_id, secret)
-      "AuthHMAC #{access_key_id}:#{build_signature(request, secret)}"      
-    end
-    
-    def build_signature(request, secret)
-      canonical_string = CanonicalString.new(request)
-      digest = OpenSSL::Digest::Digest.new('sha1')
-      Base64.encode64(OpenSSL::HMAC.digest(digest, secret, canonical_string)).strip
-    end
-  
+ 
   # Build a Canonical String for a HTTP request.
   #
   # A Canonical String has the following format:
@@ -145,10 +89,10 @@ class AuthHMAC
       def header_values(headers)
         [ content_type(headers),
           content_md5(headers),
-          (date(headers) or headers['Date'] = Time.now.getutc.httpdate)
+          (date(headers) or headers['Date'] = Time.now.utc.httpdate)
         ].join("\n")
       end
-      
+     
       def content_type(headers)
         find_header(%w(CONTENT-TYPE CONTENT_TYPE HTTP_CONTENT_TYPE), headers)
       end
@@ -172,7 +116,129 @@ class AuthHMAC
         path[/^[^?]*/]
       end
   end
+   
+  @@default_signature_class = CanonicalString
+
+  # Create an AuthHMAC instance using the given credential store
+  #
+  # Credential Store:
+  # * Credential store must respond to the [] method and return a secret for access key id
+  # 
+  # Options:
+  # Override default options
+  # *  <tt>:service_id</tt> - Service ID used in the AUTHORIZATION header string. Default is AuthHMAC.
+  # *  <tt>:signature_method</tt> - Proc object that takes request and produces the signature string
+  #                                 used for authentication. Default is CanonicalString.
+  # Examples:
+  #   my_hmac = AuthHMAC.new('access_id1' => 'secret1', 'access_id2' => 'secret2')
+  #
+  #   cred_store = { 'access_id1' => 'secret1', 'access_id2' => 'secret2' }
+  #   options = { :service_id => 'MyApp', :signature_method => lambda { |r| MyRequestString.new(r) } }
+  #   my_hmac = AuthHMAC.new(cred_store, options)
+  #   
+  def initialize(credential_store, options = nil)
+    @credential_store = credential_store
+
+    # Defaults
+    @service_id = self.class.name
+    @signature_class = @@default_signature_class
+
+    unless options.nil?
+      @service_id = options[:service_id] if options.key?(:service_id)
+      @signature_class = options[:signature] if options.key?(:signature) && options[:signature].is_a?(Class)
+    end
     
+    @signature_method = lambda { |r| @signature_class.send(:new, r) }
+  end
+
+  # Generates canonical signing string for given request
+  #
+  # Supports same options as AuthHMAC.initialize for overriding service_id and
+  # signature method.
+  # 
+  def AuthHMAC.canonical_string(request, options = nil)
+    self.new(nil, options).canonical_string(request)
+  end
+
+  # Generates signature string for a given secret
+  #
+  # Supports same options as AuthHMAC.initialize for overriding service_id and
+  # signature method.
+  # 
+  def AuthHMAC.signature(request, secret, options = nil)
+    self.new(nil, options).signature(request, secret)
+  end
+
+  # Signs a request using a given access key id and secret.
+  #
+  # Supports same options as AuthHMAC.initialize for overriding service_id and
+  # signature method.
+  # 
+  def AuthHMAC.sign!(request, access_key_id, secret, options = nil)
+    credentials = { access_key_id => secret }
+    self.new(credentials, options).sign!(request, access_key_id)
+  end
+  
+  # Authenticates a request using HMAC
+  #
+  # Supports same options as AuthHMAC.initialize for overriding service_id and
+  # signature method.
+  # 
+  def AuthHMAC.authenticated?(request, access_key_id, secret, options)
+    credentials = { access_key_id => secret }
+    self.new(credentials, options).authenticated?(request)
+  end
+  
+  # Signs a request using the access_key_id and the secret associated with that id
+  # in the credential store.
+  #
+  # Signing a requests adds an Authorization header to the request in the format:
+  #
+  #  <service_id> <access_key_id>:<signature>
+  #
+  # where <signature> is the Base64 encoded HMAC-SHA1 of the CanonicalString and the secret.
+  #
+  def sign!(request, access_key_id)
+    secret = @credential_store[access_key_id]
+    raise ArgumentError, "No secret found for key id '#{access_key_id}'" if secret.nil?
+    request['Authorization'] = authorization(request, access_key_id, secret)
+  end
+  
+  # Authenticates a request using HMAC
+  #
+  # Returns true if the request has an AuthHMAC Authorization header and
+  # the access id and HMAC match an id and HMAC produced for the secret
+  # in the credential store. Otherwise returns false.
+  #
+  def authenticated?(request)
+    rx = Regexp.new("#{@service_id} ([^:]+):(.+)$")
+    if md = rx.match(authorization_header(request))
+      access_key_id = md[1]
+      hmac = md[2]
+      secret = @credential_store[access_key_id]
+      !secret.nil? && hmac == signature(request, secret)
+    else
+      false
+    end
+  end
+
+  def signature(request, secret)
+    digest = OpenSSL::Digest::Digest.new('sha1')
+    Base64.encode64(OpenSSL::HMAC.digest(digest, secret, canonical_string(request))).strip
+  end
+
+  def canonical_string(request)
+    @signature_method.call(request)
+  end
+  
+  def authorization_header(request)
+    find_header(%w(Authorization HTTP_AUTHORIZATION), headers(request))
+  end
+
+  def authorization(request, access_key_id, secret)
+    "#{@service_id} #{access_key_id}:#{signature(request, secret)}"      
+  end
+  
   # Integration with Rails
   #
   class Rails # :nodoc:
@@ -185,21 +251,22 @@ class AuthHMAC
         #   * +failure_message+: The text to use when authentication fails.
         #   * +only+: A list off actions to protect.
         #   * +except+: A list of actions to not protect.
+        #   * +hmac+: Options for HMAC creation. See AuthHMAC#initialize for options.
         #
         def with_auth_hmac(credentials, options = {})
           unless credentials.nil?
             self.credentials = credentials
-            self.authhmac = AuthHMAC.new(self.credentials)
             self.authhmac_failure_message = (options.delete(:failure_message) or "HMAC Authentication failed")
+            self.authhmac = AuthHMAC.new(self.credentials, options.delete(:hmac))
             before_filter(:hmac_login_required, options)
           else
-            $stderr << "with_auth_hmac called with nil credentials - authentication will be skipped\n"
+            $stderr.puts("with_auth_hmac called with nil credentials - authentication will be skipped")
           end
         end
       end
       
       module InstanceMethods # :nodoc:
-        def hmac_login_required          
+        def hmac_login_required
           unless hmac_authenticated?
             response.headers['WWW-Authenticate'] = 'AuthHMAC'
             render :text => self.class.authhmac_failure_message, :status => :unauthorized
@@ -243,6 +310,7 @@ class AuthHMAC
           base.class_inheritable_accessor :hmac_access_id
           base.class_inheritable_accessor :hmac_secret
           base.class_inheritable_accessor :use_hmac
+          base.class_inheritable_accessor :hmac_options
         end
         
         module ClassMethods
@@ -268,7 +336,7 @@ class AuthHMAC
           # patch of the internals of ActiveResource it might not work with past or
           # future versions.
           #
-          def with_auth_hmac(access_id, secret = nil)
+          def with_auth_hmac(access_id, secret = nil, options = nil)
             if access_id.is_a?(Hash)
               self.hmac_access_id = access_id.keys.first
               self.hmac_secret = access_id[self.hmac_access_id]
@@ -277,6 +345,7 @@ class AuthHMAC
               self.hmac_secret = secret
             end
             self.use_hmac = true
+            self.hmac_options = options
             
             class << self
               alias_method_chain :connection, :hmac
@@ -288,6 +357,7 @@ class AuthHMAC
             c.hmac_access_id = self.hmac_access_id
             c.hmac_secret = self.hmac_secret
             c.use_hmac = self.use_hmac
+            c.hmac_options = self.hmac_options
             c
           end          
         end
@@ -300,7 +370,7 @@ class AuthHMAC
         def self.included(base)
           base.send :alias_method_chain, :request, :hmac
           base.class_eval do
-            attr_accessor :hmac_secret, :hmac_access_id, :use_hmac
+            attr_accessor :hmac_secret, :hmac_access_id, :use_hmac, :hmac_options
           end
         end
 
@@ -308,7 +378,7 @@ class AuthHMAC
           if use_hmac && hmac_access_id && hmac_secret
             arguments.last['Date'] = Time.now.httpdate if arguments.last['Date'].nil?
             temp = "Net::HTTP::#{method.to_s.capitalize}".constantize.new(path, arguments.last)
-            AuthHMAC.sign!(temp, hmac_access_id, hmac_secret)
+            AuthHMAC.sign!(temp, hmac_access_id, hmac_secret, hmac_options)
             arguments.last['Authorization'] = temp['Authorization']
           end
           

data/lib/auth-hmac/version.rb

@@ -1,8 +1,8 @@
 class AuthHMAC
   module VERSION #:nodoc:
     MAJOR = 1
-    MINOR = 0
-    TINY  = 1
+    MINOR = 1
+    TINY  = 0
 
     STRING = [MAJOR, MINOR, TINY].join('.')
   end

data/spec/auth-hmac_spec.rb

@@ -10,73 +10,141 @@ require 'action_controller/test_process'
 require 'active_resource'
 require 'active_resource/http_mock'
 
+# Class for doing a custom signature
+class CustomSignature < String
+  def initialize(request)
+    self << "Custom signature string: #{request.method}"
+  end
+end
+
+def signature(value, secret)
+  digest = OpenSSL::Digest::Digest.new('sha1')
+  Base64.encode64(OpenSSL::HMAC.digest(digest, secret, value)).strip
+end
+
 describe AuthHMAC do
+  before(:each) do
+    @request = Net::HTTP::Put.new("/path/to/put?foo=bar&bar=foo", 
+      'content-type' => 'text/plain', 
+      'content-md5' => 'blahblah', 
+      'date' => "Thu, 10 Jul 2008 03:29:56 GMT")
+  end
+
+  describe ".canonical_string" do
+    it "should generate a canonical string using default method" do
+      AuthHMAC.canonical_string(@request).should == "PUT\ntext/plain\nblahblah\nThu, 10 Jul 2008 03:29:56 GMT\n/path/to/put"
+    end
+  end
+  
+  describe ".signature" do
+    it "should generate a valid signature string for a secret" do
+      AuthHMAC.signature(@request, 'secret').should == "71wAJM4IIu/3o6lcqx/tw7XnAJs="
+    end
+  end
+
   describe ".sign!" do
+    before(:each) do
+      @request = Net::HTTP::Put.new("/path/to/put?foo=bar&bar=foo", 
+        'content-type' => 'text/plain', 
+        'content-md5' => 'blahblah', 
+        'date' => "Thu, 10 Jul 2008 03:29:56 GMT")
+    end
+
     it "should sign using the key passed in as a parameter" do
-      request = Net::HTTP::Put.new("/path/to/put?foo=bar&bar=foo", 
-                                    'content-type' => 'text/plain', 
-                                    'content-md5' => 'blahblah', 
-                                    'date' => "Thu, 10 Jul 2008 03:29:56 GMT")
-      AuthHMAC.sign!(request, "my-key-id", "secret")
-      request['Authorization'].should == "AuthHMAC my-key-id:71wAJM4IIu/3o6lcqx/tw7XnAJs="
+     AuthHMAC.sign!(@request, "my-key-id", "secret")
+     @request['Authorization'].should == "AuthHMAC my-key-id:71wAJM4IIu/3o6lcqx/tw7XnAJs="
+    end
+
+    it "should sign using custom service id" do
+      AuthHMAC.sign!(@request, "my-key-id", "secret", { :service_id => 'MyService' })
+      @request['Authorization'].should == "MyService my-key-id:71wAJM4IIu/3o6lcqx/tw7XnAJs="
+    end
+
+    it "should sign using custom signature method" do
+      options = {
+        :service_id => 'MyService',
+        :signature => CustomSignature
+      }
+      AuthHMAC.sign!(@request, "my-key-id", "secret", options)
+      @request['Authorization'].should == "MyService my-key-id:/L4N1v1BZSHfAYkQjsvZn696D9c="
     end
   end
   
   describe "#sign!" do
     before(:each) do
-      @store = mock('store')
+      @get_request = Net::HTTP::Get.new("/")
+      @put_request = Net::HTTP::Put.new("/path/to/put?foo=bar&bar=foo", 
+        'content-type' => 'text/plain', 
+        'content-md5' => 'blahblah', 
+        'date' => "Thu, 10 Jul 2008 03:29:56 GMT")
+       @store = mock('store')
       @store.stub!(:[]).and_return("")
       @authhmac = AuthHMAC.new(@store)
     end
-    
-    it "should add an Authorization header" do
-      request = Net::HTTP::Get.new("/")
-      @authhmac.sign!(request, 'key-id')
-      request.key?("Authorization").should be_true
-    end
-    
-    it "should fetch the secret from the store" do
-      request = Net::HTTP::Get.new("/")
-      @store.should_receive(:[]).with('key-id').and_return('secret')
-      @authhmac.sign!(request, 'key-id')
-    end
-    
-    it "should prefix the Authorization Header with AuthHMAC" do
-      request = Net::HTTP::Get.new("/")
-      @authhmac.sign!(request, 'key-id')
-      request['Authorization'].should match(/^AuthHMAC /)
-    end
-    
-    it "should include the key id as the first part of the Authorization header value" do
-      request = Net::HTTP::Get.new("/")
-      @authhmac.sign!(request, 'key-id')
-      request['Authorization'].should match(/^AuthHMAC key-id:/)
-    end
-    
-    it "should include the base64 encoded HMAC signature as the last part of the header value" do
-      request = Net::HTTP::Get.new("/path")
-      @authhmac.sign!(request, 'key-id')
-      request['Authorization'].should match(/:[A-Za-z0-9+\/]{26,28}[=]{0,2}$/)
+
+    describe "default AuthHMAC with CanonicalString signature" do
+      it "should add an Authorization header" do
+        @authhmac.sign!(@get_request, 'key-id')
+        @get_request.key?("Authorization").should be_true
+      end
+      
+      it "should fetch the secret from the store" do
+        @store.should_receive(:[]).with('key-id').and_return('secret')
+        @authhmac.sign!(@get_request, 'key-id')
+      end
+      
+      it "should prefix the Authorization Header with AuthHMAC" do
+        @authhmac.sign!(@get_request, 'key-id')
+        @get_request['Authorization'].should match(/^AuthHMAC /)
+      end
+
+      it "should include the key id as the first part of the Authorization header value" do
+        @authhmac.sign!(@get_request, 'key-id')
+        @get_request['Authorization'].should match(/^AuthHMAC key-id:/)
+      end
+      
+      it "should include the base64 encoded HMAC signature as the last part of the header value" do
+        @authhmac.sign!(@get_request, 'key-id')
+        @get_request['Authorization'].should match(/:[A-Za-z0-9+\/]{26,28}[=]{0,2}$/)
+      end
+      
+      it "should create a complete signature" do
+        @store.should_receive(:[]).with('my-key-id').and_return('secret')
+        @authhmac.sign!(@put_request, "my-key-id")
+        @put_request['Authorization'].should == "AuthHMAC my-key-id:71wAJM4IIu/3o6lcqx/tw7XnAJs="
+      end
     end
-    
-    it "should create a complete signature" do
-      @store.should_receive(:[]).with('my-key-id').and_return('secret')
-      request = Net::HTTP::Put.new("/path/to/put?foo=bar&bar=foo", 
-                                    'content-type' => 'text/plain', 
-                                    'content-md5' => 'blahblah', 
-                                    'date' => "Thu, 10 Jul 2008 03:29:56 GMT")
-      @authhmac.sign!(request, "my-key-id")
-      request['Authorization'].should == "AuthHMAC my-key-id:71wAJM4IIu/3o6lcqx/tw7XnAJs="
+
+    describe "custom signatures" do
+      before(:each) do
+         @options = {
+          :service_id => 'MyService',
+          :signature => CustomSignature
+        }
+        @authhmac = AuthHMAC.new(@store, @options)
+      end
+
+      it "should prefix the Authorization header with custom service id" do
+        @authhmac.sign!(@get_request, 'key-id')
+        @get_request['Authorization'].should match(/^MyService /)
+      end
+      
+      it "should create a complete signature using options" do
+        @store.should_receive(:[]).with('my-key-id').and_return('secret')
+        @authhmac.sign!(@put_request, "my-key-id")
+        @put_request['Authorization'].should == "MyService my-key-id:/L4N1v1BZSHfAYkQjsvZn696D9c="
+      end
     end
   end
   
   describe "authenticated?" do
     before(:each) do
-      @authhmac = AuthHMAC.new(YAML.load(File.read(File.join(File.dirname(__FILE__), 'fixtures', 'credentials.yml'))))
+      @credentials = YAML.load(File.read(File.join(File.dirname(__FILE__), 'fixtures', 'credentials.yml')))
+      @authhmac = AuthHMAC.new(@credentials)
       @request = Net::HTTP::Get.new("/path/to/get?foo=bar&bar=foo", 'date' => "Thu, 10 Jul 2008 03:29:56 GMT")
     end
     
-    it "should return false when there is no Authoization Header" do
+    it "should return false when there is no Authorization Header" do
       @authhmac.authenticated?(@request).should be_false
     end
     
@@ -110,6 +178,31 @@ describe AuthHMAC do
       @authhmac.sign!(@request, 'access key 1')
       @authhmac.authenticated?(@request).should be_true
     end
+
+    describe "custom signatures" do
+      before(:each) do
+        @options = {
+          :service_id => 'MyService',
+          :signature => CustomSignature
+        }
+      end
+
+      it "should return false for invalid service id" do
+        @authhmac.sign!(@request, 'access key 1')
+        AuthHMAC.new(@credentials, @options.except(:signature)).authenticated?(@request).should be_false
+      end
+
+      it "should return false for request using default CanonicalString signature" do
+        @authhmac.sign!(@request, 'access key 1')
+        AuthHMAC.new(@credentials, @options.except(:service_id)).authenticated?(@request).should be_false
+      end
+      
+      it "should return true when valid" do
+        @authhmac = AuthHMAC.new(@credentials, @options)
+        @authhmac.sign!(@request, 'access key 1')
+        @authhmac.authenticated?(@request).should be_true
+      end
+    end
   end
   
   describe "#sign! with YAML credentials" do
@@ -247,69 +340,129 @@ describe AuthHMAC do
         hmac_authenticated?
       end
     end
-    
-    it "should not raise an error when credentials are nil" do
-      request = ActionController::TestRequest.new
-      request.action = 'index'
-      request.path = "/index"
-      lambda do
-        NilCredentialsController.new.process(request, ActionController::TestResponse.new).code.should == "200"
-      end.should_not raise_error
-    end
-    
-    it "should allow a request with the proper hmac" do
-      request = ActionController::TestRequest.new
-      request.env['Authorization'] = "AuthHMAC access key 1:6BVEVfAyIDoI3K+WallRMnDxROQ="
-      request.env['DATE'] = "Thu, 10 Jul 2008 03:29:56 GMT"
-      request.action = 'index'
-      request.path = "/index"
-      TestController.new.process(request, ActionController::TestResponse.new).code.should == "200"
-    end
-    
-    it "should reject a request with no hmac" do
-      request = ActionController::TestRequest.new
-      request.action = 'index'
-      TestController.new.process(request, ActionController::TestResponse.new).code.should == "401"
-    end
-    
-    it "should reject a request with the wrong hmac" do
-      request = ActionController::TestRequest.new
-      request.action = 'index'
-      request.env['Authorization'] = "AuthHMAC bogus:bogus"
-      TestController.new.process(request, ActionController::TestResponse.new).code.should == "401"
-    end
-    
-    it "should include a WWW-Authenticate header with the schema AuthHMAC" do
-      request = ActionController::TestRequest.new
-      request.action = 'index'
-      request.env['Authorization'] = "AuthHMAC bogus:bogus"
-      TestController.new.process(request, ActionController::TestResponse.new).headers['WWW-Authenticate'].should == "AuthHMAC"
+ 
+    class CustomTestController < ActionController::Base
+      with_auth_hmac YAML.load(File.read(File.join(File.dirname(__FILE__), 'fixtures', 'credentials.yml'))),
+        :failure_message => "Stay away!",
+        :except => :public,
+        :hmac => { :service_id => 'MyService', :signature => CustomSignature }
+      
+      def index
+        render :nothing => true, :status => :ok
+      end
+      
+      def public
+        render :nothing => true, :status => :ok
+      end
+      
+      def rescue_action(e) raise(e) end
     end
     
-    it "should include a default error message" do
-      request = ActionController::TestRequest.new
-      request.action = 'index'
-      request.env['Authorization'] = "AuthHMAC bogus:bogus"
-      TestController.new.process(request, ActionController::TestResponse.new).body.should == "HMAC Authentication failed"
+    describe NilCredentialsController do
+      it "should not raise an error when credentials are nil" do
+        request = ActionController::TestRequest.new
+        request.action = 'index'
+        request.path = "/index"
+        lambda do
+          NilCredentialsController.new.process(request, ActionController::TestResponse.new).code.should == "200"
+        end.should_not raise_error
+      end
     end
-    
-    it "should reject a request with a given message" do
-      request = ActionController::TestRequest.new
-      request.action = 'index'
-      request.env['Authorization'] = "AuthHMAC bogus:bogus"
-      MessageTestController.new.process(request, ActionController::TestResponse.new).body.should == "Stay away!"
+   
+    describe TestController do
+      it "should allow a request with the proper hmac" do
+        request = ActionController::TestRequest.new
+        request.env['Authorization'] = "AuthHMAC access key 1:6BVEVfAyIDoI3K+WallRMnDxROQ="
+        request.env['DATE'] = "Thu, 10 Jul 2008 03:29:56 GMT"
+        request.action = 'index'
+        request.path = "/index"
+        TestController.new.process(request, ActionController::TestResponse.new).code.should == "200"
+      end
+
+      it "should reject a request with no hmac" do
+        request = ActionController::TestRequest.new
+        request.action = 'index'
+        TestController.new.process(request, ActionController::TestResponse.new).code.should == "401"
+      end
+
+      it "should reject a request with the wrong hmac" do
+        request = ActionController::TestRequest.new
+        request.action = 'index'
+        request.env['Authorization'] = "AuthHMAC bogus:bogus"
+        TestController.new.process(request, ActionController::TestResponse.new).code.should == "401"
+      end
+
+      it "should include a WWW-Authenticate header with the schema AuthHMAC" do
+        request = ActionController::TestRequest.new
+        request.action = 'index'
+        request.env['Authorization'] = "AuthHMAC bogus:bogus"
+        TestController.new.process(request, ActionController::TestResponse.new).headers['WWW-Authenticate'].should == "AuthHMAC"
+      end
+
+      it "should include a default error message" do
+        request = ActionController::TestRequest.new
+        request.action = 'index'
+        request.env['Authorization'] = "AuthHMAC bogus:bogus"
+        TestController.new.process(request, ActionController::TestResponse.new).body.should == "HMAC Authentication failed"
+      end
+
+      it "should allow anything to access the public action (using only)" do
+        request = ActionController::TestRequest.new
+        request.action = 'public'
+        TestController.new.process(request, ActionController::TestResponse.new).code.should == "200"
+      end
     end
-    
-    it "should allow anything to access the public action (using only)" do
-      request = ActionController::TestRequest.new
-      request.action = 'public'
-      TestController.new.process(request, ActionController::TestResponse.new).code.should == "200"
+
+    describe MessageTestController do
+      it "should reject a request with a given message" do
+        request = ActionController::TestRequest.new
+        request.action = 'index'
+        request.env['Authorization'] = "AuthHMAC bogus:bogus"
+        MessageTestController.new.process(request, ActionController::TestResponse.new).body.should == "Stay away!"
+      end
+
+      it "should allow anything to access the public action (using except)" do
+        request = ActionController::TestRequest.new
+        request.action = 'public'
+        MessageTestController.new.process(request, ActionController::TestResponse.new).code.should == "200"
+      end
     end
-    
-    it "should allow anything to access the public action (using except)" do
-      request = ActionController::TestRequest.new
-      request.action = 'public'
-      MessageTestController.new.process(request, ActionController::TestResponse.new).code.should == "200"
+
+    describe CustomTestController do
+      it "should allow a request with the proper hmac" do
+        request = ActionController::TestRequest.new
+        request.env['Authorization'] = "MyService access key 1:J2W4dOrv/sGsL0C5adnZYiQ3d70="
+        request.env['DATE'] = "Thu, 10 Jul 2008 03:29:56 GMT"
+        request.action = 'index'
+        request.path = "/index"
+       CustomTestController.new.process(request, ActionController::TestResponse.new).code.should == "200"
+      end
+
+      it "should reject a request with no hmac" do
+        request = ActionController::TestRequest.new
+        request.action = 'index'
+        CustomTestController.new.process(request, ActionController::TestResponse.new).code.should == "401"
+      end
+
+      it "should reject a request with the wrong hmac" do
+        request = ActionController::TestRequest.new
+        request.action = 'index'
+        request.env['Authorization'] = "AuthHMAC bogus:bogus"
+        CustomTestController.new.process(request, ActionController::TestResponse.new).code.should == "401"
+      end
+
+      it "should reject a request with a given message" do
+        request = ActionController::TestRequest.new
+        request.action = 'index'
+        request.env['Authorization'] = "AuthHMAC bogus:bogus"
+        CustomTestController.new.process(request, ActionController::TestResponse.new).body.should == "Stay away!"
+      end
+
+      it "should allow anything to access the public action (using except)" do
+        request = ActionController::TestRequest.new
+        request.action = 'public'
+        CustomTestController.new.process(request, ActionController::TestResponse.new).code.should == "200"
+      end
     end
   end
   
@@ -318,17 +471,44 @@ describe AuthHMAC do
       with_auth_hmac("access_id", "secret")
       self.site = "http://localhost/"
     end
-        
-    it "should send requests using HMAC authentication" do
-      now = Time.parse("Thu, 10 Jul 2008 03:29:56 GMT")
-      Time.should_receive(:now).at_least(1).and_return(now)
-      ActiveResource::HttpMock.respond_to do |mock|
-        mock.get "/test_resources/1.xml", 
-                    {'Authorization' => 'AuthHMAC access_id:n8UlshMa8ve66U36XD3ZCbAIctg=', 'Content-Type' => 'application/xml', 'Date' => "Thu, 10 Jul 2008 03:29:56 GMT" },
-                    {:id => "1"}.to_xml(:root => 'test_resource')
+ 
+    class CustomTestResource < ActiveResource::Base
+      with_auth_hmac("access_id", "secret", { :service_id => 'MyService', :signature => CustomSignature })
+      self.site = "http://localhost/"
+    end
+    
+    describe TestResource do
+      it "should send requests using HMAC authentication" do
+        now = Time.parse("Thu, 10 Jul 2008 03:29:56 GMT")
+        Time.should_receive(:now).at_least(1).and_return(now)
+        ActiveResource::HttpMock.respond_to do |mock|
+          mock.get "/test_resources/1.xml", 
+            {
+              'Authorization' => 'AuthHMAC access_id:44dvKATf4xanDtypqEA0EFYvOgI=',
+              'Accept' => 'application/xml',
+              'Date' => "Thu, 10 Jul 2008 03:29:56 GMT"
+            },
+            { :id => "1" }.to_xml(:root => 'test_resource')
+        end
+        TestResource.find(1)
+      end
+    end
+
+    describe CustomTestResource do
+      it "should send requests using HMAC authentication" do
+        now = Time.parse("Thu, 10 Jul 2008 03:29:56 GMT")
+        Time.should_receive(:now).at_least(1).and_return(now)
+        ActiveResource::HttpMock.respond_to do |mock|
+          mock.get "/custom_test_resources/1.xml", 
+            {
+              'Authorization' => 'MyService access_id:ZwCBL2rWLOMnwRrdF7wWEdJn7yA=',
+              'Accept' => 'application/xml',
+              'Date' => "Thu, 10 Jul 2008 03:29:56 GMT"
+            },
+            { :id => "1" }.to_xml(:root => 'custom_test_resource')
+        end
+        CustomTestResource.find(1)
       end
-      
-      TestResource.find(1)
     end
   end
 end

metadata

@@ -1,15 +1,16 @@
 --- !ruby/object:Gem::Specification 
 name: auth-hmac
 version: !ruby/object:Gem::Version 
-  version: 1.0.1
+  version: 1.1.0
 platform: ruby
 authors: 
 - Sean Geoghegan
+- ascarter
 autorequire: 
 bindir: bin
 cert_chain: []
 
-date: 2008-08-22 00:00:00 +09:30
+date: 2009-02-26 00:00:00 +10:30
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -20,11 +21,10 @@ dependencies:
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
-        version: 1.7.0
+        version: 1.8.2
     version: 
 description: A gem providing HMAC based authentication for HTTP
-email: 
-- seangeo@gmail.com
+email: seangeo@gmail.com
 executables: []
 
 extensions: []
@@ -87,7 +87,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
 requirements: []
 
 rubyforge_project: auth-hmac
-rubygems_version: 1.2.0
+rubygems_version: 1.3.1
 signing_key: 
 specification_version: 2
 summary: A gem providing HMAC based authentication for HTTP