authograph 1.0.0 → 1.0.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/README.md +17 -1
- data/authograph.gemspec +4 -1
- data/lib/authograph/adapters/faraday.rb +5 -3
- data/lib/authograph/adapters/http.rb +9 -4
- data/lib/authograph/adapters/webmock.rb +31 -0
- data/lib/authograph/rspec.rb +27 -0
- data/lib/authograph/signer.rb +7 -8
- data/lib/authograph/version.rb +1 -1
- metadata +49 -6
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: 1e2d276ebb575ae0fcc406969081707cb0881d1e03cbf85faed974ea138a1156
|
4
|
+
data.tar.gz: 5edd29503ee10afdc2f3c45dd29146eea0cdc6f01f9a16a171d1911586b23978
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 06fc0da12f0a5307a310727c11996955dae55a8dc9c17b3686f57f780c4cec8104a6ad66a35b24dce3b4e3be236fbacee5fe39daaa538b7df2f986b2d123442a
|
7
|
+
data.tar.gz: 14bd1ade83ce55820c7ced42d4f5ad9724e11421f78bb0972eac7f793cc5828b0319afdd048042bb39a8eb08e07106c99a35606529875e38639a98635f9969fd
|
data/README.md
CHANGED
@@ -44,7 +44,6 @@ Yo can later validate the request by using `authentic?`
|
|
44
44
|
signer.authentic?(my_request, my_secret) # this will check the signature and the date by default
|
45
45
|
```
|
46
46
|
|
47
|
-
|
48
47
|
### Signer options
|
49
48
|
|
50
49
|
**IMPORTANT** Remember to always configure both the signer-signer and the validator-signer using the same paremeters.
|
@@ -58,6 +57,23 @@ The following parameters are available when calling `Authograph.signer`:
|
|
58
57
|
* `date_header`: header key to store date in (`'X-Date'` by default).
|
59
58
|
* `date_max_skew`: maximum difference (in secs) between request time and validaton (`'600'` by default).
|
60
59
|
|
60
|
+
### Testing (only rspec)
|
61
|
+
|
62
|
+
Sometimes is useful to stub the signing process on tests.
|
63
|
+
|
64
|
+
Make sure to include the rspec extensions on your `spec_helper.rb`:
|
65
|
+
|
66
|
+
```ruby
|
67
|
+
require 'authograph/rspec'
|
68
|
+
```
|
69
|
+
|
70
|
+
Now you can call the `stub_authograph` inside your tests:
|
71
|
+
|
72
|
+
```ruby
|
73
|
+
before { stub_authograph(:any, 'mysignature') } }
|
74
|
+
before { stub_authograph({ secret: 'my_secret' }, 'mysignature') } # only stub signatures for a given secret (TODO)
|
75
|
+
before { stub_authograph({ path: '/my/path' }, 'mysignature') } # only stub signatures for a given path (TODO)
|
76
|
+
```
|
61
77
|
|
62
78
|
### Generated signature structure
|
63
79
|
|
data/authograph.gemspec
CHANGED
@@ -21,9 +21,12 @@ HTTP request signing and validation library with support for header signing and
|
|
21
21
|
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
22
22
|
spec.require_paths = ["lib"]
|
23
23
|
|
24
|
-
spec.add_development_dependency "bundler", "~> 1
|
24
|
+
spec.add_development_dependency "bundler", "~> 2.1"
|
25
25
|
spec.add_development_dependency "rake", "~> 10.0"
|
26
26
|
spec.add_development_dependency "rspec", "~> 3.0"
|
27
27
|
spec.add_development_dependency "guard", "~> 2.14"
|
28
28
|
spec.add_development_dependency "guard-rspec", "~> 4.7"
|
29
|
+
spec.add_development_dependency "webmock", "~> 3.3"
|
30
|
+
spec.add_development_dependency "faraday", "~> 1.7"
|
31
|
+
spec.add_development_dependency "pry"
|
29
32
|
end
|
@@ -13,15 +13,17 @@ module Authograph::Adapters
|
|
13
13
|
end
|
14
14
|
|
15
15
|
def method
|
16
|
-
@request.
|
16
|
+
@request.http_method.to_s.upcase
|
17
17
|
end
|
18
18
|
|
19
19
|
def path
|
20
|
-
URI(@request.path)
|
20
|
+
uri = URI(@request.path)
|
21
|
+
uri.query = ::Faraday::Utils.build_query(@request.params) unless @request.params.empty?
|
22
|
+
uri.request_uri
|
21
23
|
end
|
22
24
|
|
23
25
|
def content_type
|
24
|
-
@request.headers['Content-Type'] || ''
|
26
|
+
@request.headers['Content-Type'] || 'application/x-www-form-urlencoded'
|
25
27
|
end
|
26
28
|
|
27
29
|
def body
|
@@ -25,10 +25,15 @@ module Authograph::Adapters
|
|
25
25
|
end
|
26
26
|
|
27
27
|
def body
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
28
|
+
if !@request.body_stream.nil?
|
29
|
+
data = @request.body_stream.read
|
30
|
+
@request.body_stream.rewind
|
31
|
+
data
|
32
|
+
elsif !@request.body.nil?
|
33
|
+
@request.body
|
34
|
+
else
|
35
|
+
''
|
36
|
+
end
|
32
37
|
end
|
33
38
|
end
|
34
39
|
end
|
@@ -0,0 +1,31 @@
|
|
1
|
+
module Authograph::Adapters
|
2
|
+
class Webmock < Base
|
3
|
+
def initialize(_request)
|
4
|
+
@request = _request
|
5
|
+
end
|
6
|
+
|
7
|
+
def get_header(_header)
|
8
|
+
@request.headers[_header]
|
9
|
+
end
|
10
|
+
|
11
|
+
def set_header(_header, _value)
|
12
|
+
raise 'not implemented'
|
13
|
+
end
|
14
|
+
|
15
|
+
def method
|
16
|
+
@request.method.to_s.upcase
|
17
|
+
end
|
18
|
+
|
19
|
+
def path
|
20
|
+
@request.uri.request_uri
|
21
|
+
end
|
22
|
+
|
23
|
+
def content_type
|
24
|
+
get_header('Content-Type') || ''
|
25
|
+
end
|
26
|
+
|
27
|
+
def body
|
28
|
+
@request.body
|
29
|
+
end
|
30
|
+
end
|
31
|
+
end
|
@@ -0,0 +1,27 @@
|
|
1
|
+
module Authograph
|
2
|
+
module RSpecHelpers
|
3
|
+
def stub_authograph(_matcher, _signature = nil)
|
4
|
+
if _signature.nil?
|
5
|
+
_signature = _matcher
|
6
|
+
_matcher = :any
|
7
|
+
end
|
8
|
+
|
9
|
+
allow_any_instance_of(Authograph::Signer)
|
10
|
+
.to receive(:calc_signature)
|
11
|
+
.and_wrap_original do |original, request, secret|
|
12
|
+
case _matcher
|
13
|
+
when :any
|
14
|
+
next _signature
|
15
|
+
when Hash
|
16
|
+
# TODO
|
17
|
+
end
|
18
|
+
|
19
|
+
original.call(request, secret) # fallback to original
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
24
|
+
|
25
|
+
RSpec.configure do |config|
|
26
|
+
config.include Authograph::RSpecHelpers
|
27
|
+
end
|
data/lib/authograph/signer.rb
CHANGED
@@ -87,22 +87,21 @@ module Authograph
|
|
87
87
|
def build_payload(_request)
|
88
88
|
parts = [
|
89
89
|
_request.method,
|
90
|
-
_request.path
|
91
|
-
_request.content_type || '',
|
92
|
-
body_md5(_request)
|
90
|
+
_request.path
|
93
91
|
]
|
94
92
|
|
93
|
+
if %w[POST PUT].include?(_request.method)
|
94
|
+
parts << _request.content_type || ''
|
95
|
+
parts << body_md5(_request)
|
96
|
+
end
|
97
|
+
|
95
98
|
# extra headers to be considered
|
96
99
|
@sign_headers.each { |h| parts << (_request.get_header(h) || '') }
|
97
100
|
parts.join "\n"
|
98
101
|
end
|
99
102
|
|
100
103
|
def body_md5(_request)
|
101
|
-
|
102
|
-
Digest::MD5.base64digest _request.body
|
103
|
-
else
|
104
|
-
''
|
105
|
-
end
|
104
|
+
Digest::MD5.base64digest _request.body
|
106
105
|
end
|
107
106
|
end
|
108
107
|
end
|
data/lib/authograph/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: authograph
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.0.
|
4
|
+
version: 1.0.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Ignacio Baixas
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2021-10-15 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - "~>"
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: '1
|
19
|
+
version: '2.1'
|
20
20
|
type: :development
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - "~>"
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: '1
|
26
|
+
version: '2.1'
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: rake
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -80,6 +80,48 @@ dependencies:
|
|
80
80
|
- - "~>"
|
81
81
|
- !ruby/object:Gem::Version
|
82
82
|
version: '4.7'
|
83
|
+
- !ruby/object:Gem::Dependency
|
84
|
+
name: webmock
|
85
|
+
requirement: !ruby/object:Gem::Requirement
|
86
|
+
requirements:
|
87
|
+
- - "~>"
|
88
|
+
- !ruby/object:Gem::Version
|
89
|
+
version: '3.3'
|
90
|
+
type: :development
|
91
|
+
prerelease: false
|
92
|
+
version_requirements: !ruby/object:Gem::Requirement
|
93
|
+
requirements:
|
94
|
+
- - "~>"
|
95
|
+
- !ruby/object:Gem::Version
|
96
|
+
version: '3.3'
|
97
|
+
- !ruby/object:Gem::Dependency
|
98
|
+
name: faraday
|
99
|
+
requirement: !ruby/object:Gem::Requirement
|
100
|
+
requirements:
|
101
|
+
- - "~>"
|
102
|
+
- !ruby/object:Gem::Version
|
103
|
+
version: '1.7'
|
104
|
+
type: :development
|
105
|
+
prerelease: false
|
106
|
+
version_requirements: !ruby/object:Gem::Requirement
|
107
|
+
requirements:
|
108
|
+
- - "~>"
|
109
|
+
- !ruby/object:Gem::Version
|
110
|
+
version: '1.7'
|
111
|
+
- !ruby/object:Gem::Dependency
|
112
|
+
name: pry
|
113
|
+
requirement: !ruby/object:Gem::Requirement
|
114
|
+
requirements:
|
115
|
+
- - ">="
|
116
|
+
- !ruby/object:Gem::Version
|
117
|
+
version: '0'
|
118
|
+
type: :development
|
119
|
+
prerelease: false
|
120
|
+
version_requirements: !ruby/object:Gem::Requirement
|
121
|
+
requirements:
|
122
|
+
- - ">="
|
123
|
+
- !ruby/object:Gem::Version
|
124
|
+
version: '0'
|
83
125
|
description: |2
|
84
126
|
|
85
127
|
HTTP request signing and validation library with support for header signing and multiple backends.
|
@@ -106,6 +148,8 @@ files:
|
|
106
148
|
- lib/authograph/adapters/faraday.rb
|
107
149
|
- lib/authograph/adapters/http.rb
|
108
150
|
- lib/authograph/adapters/rack.rb
|
151
|
+
- lib/authograph/adapters/webmock.rb
|
152
|
+
- lib/authograph/rspec.rb
|
109
153
|
- lib/authograph/signer.rb
|
110
154
|
- lib/authograph/version.rb
|
111
155
|
homepage: https://github.com/SurBTC/authograph
|
@@ -127,8 +171,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
127
171
|
- !ruby/object:Gem::Version
|
128
172
|
version: '0'
|
129
173
|
requirements: []
|
130
|
-
|
131
|
-
rubygems_version: 2.6.4
|
174
|
+
rubygems_version: 3.0.3
|
132
175
|
signing_key:
|
133
176
|
specification_version: 4
|
134
177
|
summary: Flexible HTTP request HMAC signing and validation
|