authi 0.0.5 → 0.0.6
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/authi.rb +15 -11
- metadata +1 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 9e50d6f879cd2ab73dff7dcc6d930d6f7d8f30b2
|
4
|
+
data.tar.gz: e26725a59eb2fca5c0b713317c9896bd686b4e5f
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 68a80a96d9d33f5385b4da8806ce6297ba1d482fc9116d53e151d2994c76bc39eed968e3c75170a9e53d30cddb1fc9a08bbe65d6a133bd9db1956599d67d3f8b
|
7
|
+
data.tar.gz: 24b67621d0750cdbdf0b3909528bf93a368dc78731293fbd86d0e2c440140a442ff4419865c4b40e87ac7f14b97b3500cbf58eeb606cef5ae77c07d72ab9fad1
|
data/lib/authi.rb
CHANGED
@@ -9,16 +9,20 @@ require 'securerandom'
|
|
9
9
|
# ===========
|
10
10
|
# A string is first created using your HTTP payload containing all parameters and a preshared key.
|
11
11
|
# This string is then used to create the signature which is a Base64 encoded SHA1 HMAC, using the clients private secret key.
|
12
|
-
# This signature is then can be added to Authorization HTTP header
|
13
|
-
# <code>Authorization = Authy.generate_signed_header(params)</code>
|
14
|
-
#
|
12
|
+
# This signature is then can be added to Authorization HTTP header
|
13
|
+
# <code>Authorization = Authy.generate_signed_header(params)</code>
|
14
|
+
# You can pass explicite service name and shared_key as an argument to support multiple API authentication
|
15
|
+
# <code>Authorization = Authy.generate_signed_header(params, 'client_1', ENV['client_1_shared_key'])</code>
|
16
|
+
# Now add this to to your header
|
15
17
|
# <code>header["Authorization"] = Authorization</code>
|
16
18
|
#
|
17
19
|
# secret_key generated from the server side can be kept inside the a environment variable with name <i>shared_key</i> along with <i>service_name</i> as your service name
|
18
20
|
#
|
19
|
-
# <i>Server Side API validation</i>
|
20
|
-
# <code>is_valid = Authy.validate_api(params, request.headers)</code>
|
21
|
-
#
|
21
|
+
# <i>Server Side API validation</i>
|
22
|
+
# <code>is_valid = Authy.validate_api(params, request.headers)</code>
|
23
|
+
# Pass explicite shared key to support multiple API authentication
|
24
|
+
# <code>is_valid = Authy.validate_api(params, request.headers,ENV['client_1_shared_key'])</code>
|
25
|
+
# Generating secret key for clients
|
22
26
|
# <code>secret_key = Authy.generate_secret_key</code>
|
23
27
|
module Authy
|
24
28
|
# Create a signed hash using input parameter
|
@@ -29,7 +33,7 @@ module Authy
|
|
29
33
|
#
|
30
34
|
# Arguments:
|
31
35
|
# data: (map)
|
32
|
-
def self.generate_signed_header(data, service_name = ENV['service_name'])
|
36
|
+
def self.generate_signed_header(data, service_name = ENV['service_name'], shared_key = ENV['shared_key'])
|
33
37
|
processed_data, deep_lookup_table = Authy.fully_qualified_keys(data)
|
34
38
|
signing_order = processed_data + ',' + 'owning_service,signing_order'
|
35
39
|
request_data = Authy.build_query(processed_data, deep_lookup_table)
|
@@ -37,9 +41,9 @@ module Authy
|
|
37
41
|
'&owning_service=' + service_name + '&signing_order=' + \
|
38
42
|
signing_order
|
39
43
|
digest = OpenSSL::Digest.new('sha1')
|
40
|
-
hmac = OpenSSL::HMAC.digest(digest,
|
44
|
+
hmac = OpenSSL::HMAC.digest(digest, shared_key, unsigned_data)
|
41
45
|
signed_str = Base64.strict_encode64(hmac)
|
42
|
-
{ 'X-OWNING-SERVICE':
|
46
|
+
{ 'X-OWNING-SERVICE': service_name, 'X-SIGNING-ORDER': signing_order,
|
43
47
|
'X-SIGNATURE': signed_str }
|
44
48
|
end
|
45
49
|
|
@@ -80,9 +84,9 @@ module Authy
|
|
80
84
|
# Arguments:
|
81
85
|
# params: (map)
|
82
86
|
# header
|
83
|
-
def self.validate_api(params, header)
|
87
|
+
def self.validate_api(params, header, shared_key = ENV['shared_key'])
|
84
88
|
owning_service = header['Authorization'][:'X-OWNING-SERVICE']
|
85
|
-
expected_header = Authy.generate_signed_header(params, owning_service)
|
89
|
+
expected_header = Authy.generate_signed_header(params, owning_service, shared_key)
|
86
90
|
expected_header[:'X-SIGNATURE'] == header['Authorization'][:'X-SIGNATURE']
|
87
91
|
end
|
88
92
|
|