authorization_header_parser 1.0.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (11) hide show
  1. checksums.yaml +7 -0
  2. data/.document +5 -0
  3. data/.rspec +1 -0
  4. data/Gemfile +8 -0
  5. data/LICENSE.txt +20 -0
  6. data/README.md +32 -0
  7. data/Rakefile +52 -0
  8. data/lib/authorization_header_parser.rb +79 -0
  9. data/spec/authorization_header_parser_spec.rb +113 -0
  10. data/spec/spec_helper.rb +9 -0
  11. metadata +110 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: a0d2bce662c12e178c65f990a14c46707b764e1d
4
+ data.tar.gz: 0e21e001e47900e9f848bcdc5fc0d4cbb3a71f27
5
+ SHA512:
6
+ metadata.gz: 222f8060cd448acf936f047d249808fe23620fbf8d01bd4b0107e71d1a006bb5831a4e86a70076fd2c72e54560eac2d318f3cc95452f8a91cc42001fa34fea46
7
+ data.tar.gz: 834ddcfd2bb39c40ad8cb213a06b537aa3c5914376e0e46b8b6ca70201f29431dda174a1e92ee60c7b67097346f75e94ba5871f2facf451713eadfa8677742e7
data/.document ADDED
@@ -0,0 +1,5 @@
1
+ lib/**/*.rb
2
+ bin/*
3
+ -
4
+ features/**/*.feature
5
+ LICENSE.txt
data/.rspec ADDED
@@ -0,0 +1 @@
1
+ --color
data/Gemfile ADDED
@@ -0,0 +1,8 @@
1
+ source "http://rubygems.org"
2
+
3
+ group :development do
4
+ gem "rspec", "~> 3"
5
+ gem "rdoc", "~> 3.12"
6
+ gem "bundler", "~> 1.0"
7
+ gem "jeweler", "~> 2.0.1"
8
+ end
data/LICENSE.txt ADDED
@@ -0,0 +1,20 @@
1
+ Copyright (c) 2015 Julik Tarkhanov
2
+
3
+ Permission is hereby granted, free of charge, to any person obtaining
4
+ a copy of this software and associated documentation files (the
5
+ "Software"), to deal in the Software without restriction, including
6
+ without limitation the rights to use, copy, modify, merge, publish,
7
+ distribute, sublicense, and/or sell copies of the Software, and to
8
+ permit persons to whom the Software is furnished to do so, subject to
9
+ the following conditions:
10
+
11
+ The above copyright notice and this permission notice shall be
12
+ included in all copies or substantial portions of the Software.
13
+
14
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
15
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
16
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
17
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
18
+ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
19
+ OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
20
+ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,32 @@
1
+ # authorization_header_parser
2
+
3
+ Parse custom authorization parameters from `Authorization:` HTTP headers into a neat
4
+ Ruby Hash. Works best in combination with `Rack::Auth::AbstractRequest`
5
+
6
+ For instance, with a custom `Authorization` header of `my-scheme token="12345"`
7
+
8
+ auth = Rack::Auth::AbstractRequest.new(env)
9
+ params = AuthorizationHeaderParser.parse_params(auth.params) #=> {'token' => '12345}
10
+
11
+ or for both scheme and params:
12
+
13
+ scheme, params = AuthorizationHeaderParser.parse(env['HTTP_AUTHORIZATION])
14
+ # => ['my-scheme', {'token' => '12345}]
15
+
16
+ Works well for token, Digest, OAuth and other schemes using custom authorization parameters.
17
+
18
+ ## Contributing to authorization_header_parser
19
+
20
+ * Check out the latest master to make sure the feature hasn't been implemented or the bug hasn't been fixed yet.
21
+ * Check out the issue tracker to make sure someone already hasn't requested it and/or contributed it.
22
+ * Fork the project.
23
+ * Start a feature/bugfix branch.
24
+ * Commit and push until you are happy with your contribution.
25
+ * Make sure to add tests for it. This is important so I don't break it in a future version unintentionally.
26
+ * Please try not to mess with the Rakefile, version, or history. If you want to have your own version, or is otherwise necessary, that is fine, but please isolate to its own commit so I can cherry-pick around it.
27
+
28
+ ## Copyright
29
+
30
+ Copyright (c) 2015 Julik Tarkhanov. See LICENSE.txt for
31
+ further details.
32
+
data/Rakefile ADDED
@@ -0,0 +1,52 @@
1
+ # encoding: utf-8
2
+
3
+ require 'rubygems'
4
+ require 'bundler'
5
+ begin
6
+ Bundler.setup(:default, :development)
7
+ rescue Bundler::BundlerError => e
8
+ $stderr.puts e.message
9
+ $stderr.puts "Run `bundle install` to install missing gems"
10
+ exit e.status_code
11
+ end
12
+ require 'rake'
13
+
14
+ require_relative 'lib/authorization_header_parser'
15
+
16
+ require 'jeweler'
17
+ Jeweler::Tasks.new do |gem|
18
+ gem.version = AuthorizationHeaderParser::VERSION
19
+ gem.name = "authorization_header_parser"
20
+ gem.homepage = "http://github.com/julik/authorization_header_parser"
21
+ gem.license = "MIT"
22
+ gem.description = %Q{Parses parametrized HTTP Authorization headers}
23
+ gem.summary = %Q{such as OAuth and Digest}
24
+ gem.email = "me@julik.nl"
25
+ gem.authors = ["Julik Tarkhanov"]
26
+ # dependencies defined in Gemfile
27
+ end
28
+ Jeweler::RubygemsDotOrgTasks.new
29
+
30
+ require 'rspec/core'
31
+ require 'rspec/core/rake_task'
32
+ RSpec::Core::RakeTask.new(:spec) do |spec|
33
+ spec.pattern = FileList['spec/**/*_spec.rb']
34
+ end
35
+
36
+ desc "Code coverage detail"
37
+ task :simplecov do
38
+ ENV['COVERAGE'] = "true"
39
+ Rake::Task['spec'].execute
40
+ end
41
+
42
+ task :default => :spec
43
+
44
+ require 'rdoc/task'
45
+ Rake::RDocTask.new do |rdoc|
46
+ version = File.exist?('VERSION') ? File.read('VERSION') : ""
47
+
48
+ rdoc.rdoc_dir = 'rdoc'
49
+ rdoc.title = "authorization_header_parser #{version}"
50
+ rdoc.rdoc_files.include('README*')
51
+ rdoc.rdoc_files.include('lib/**/*.rb')
52
+ end
data/lib/authorization_header_parser.rb ADDED
@@ -0,0 +1,79 @@
1
+ require 'strscan'
2
+
3
+
4
+ module AuthorizationHeaderParser
5
+ VERSION = '1.0.0'
6
+ InvalidHeader = Class.new(StandardError)
7
+
8
+ # Parse a custom scheme + params Authorization header.
9
+ #
10
+ # parse('absurd-auth token="12345"') #=> ['absurd-auth', {'token' => '12345}]
11
+ def parse(value)
12
+ scanner = StringScanner.new(value)
13
+ scheme = scanner.scan(NON_WHITESPACE)
14
+ raise InvalidHeader.new("Scheme not provided") unless scheme
15
+ scanner.skip(WHITESPACE)
16
+
17
+ [scheme.strip, extract_params_from_scanner(scanner)]
18
+ end
19
+
20
+ # Parse Authorization params. Most useful in combination with Rack::Auth::AbstractRequest
21
+ #
22
+ # For instance, with 'Authorization: absurd-auth token="12345"':
23
+ #
24
+ # auth = Rack::Auth::AbstractRequest.new(env)
25
+ # params = parse(auth.params) #=> {'token' => '12345}
26
+ def parse_params(string)
27
+ extract_params_from_scanner(StringScanner.new(string))
28
+ end
29
+
30
+ extend self
31
+
32
+ private
33
+
34
+ ANYTHING_BUT_EQ = /[^\s\=]+/
35
+ EQ = /=/
36
+ UNTIL_FWD_SLASH_OR_QUOTE = /[^\\"]+/
37
+ ESCAPED_QUOTE = /\\"/
38
+ QUOTE = /"/
39
+ WHITESPACE = /\s+/
40
+ COMMA = /,/
41
+ NON_WHITESPACE = /[^\s]+/
42
+
43
+ # http://codereview.stackexchange.com/questions/41270
44
+ # http://stackoverflow.com/questions/134936
45
+ def extract_params_from_scanner(scanner)
46
+ params = {}
47
+ until scanner.eos? do
48
+ key = scanner.scan(ANYTHING_BUT_EQ)
49
+ raise InvalidHeader, "Expected =, but found none at #{scanner.pos}" unless scanner.scan(EQ)
50
+ value_opener = scanner.get_byte
51
+ raise InvalidHeader, "Expected opening of a parameter at #{scanner.pos}" unless value_opener
52
+ if value_opener == '"' # Quoted value
53
+ buf = ''
54
+ until scanner.eos?
55
+ if scanner.scan(UNTIL_FWD_SLASH_OR_QUOTE)
56
+ buf << scanner.matched
57
+ elsif scanner.scan(ESCAPED_QUOTE)
58
+ buf << '"'
59
+ elsif scanner.scan(QUOTE)
60
+ params[key] = buf
61
+ break
62
+ end
63
+ end
64
+ else
65
+ scanner.unscan # Bare parameter, backtrack 1 byte
66
+ unless bare_value = scanner.scan(/[^,"]+/)
67
+ raise InvalidHeader, "Expected a bare parameter value at #{scanner.pos}"
68
+ end
69
+ params[key] = bare_value
70
+ end
71
+ scanner.skip(WHITESPACE)
72
+ if !scanner.eos? && !scanner.skip(COMMA)
73
+ raise InvalidHeader, "Expected end of header or a comma, at #{scanner.pos}"
74
+ end
75
+ scanner.skip(WHITESPACE)
76
+ end
77
+ params
78
+ end
79
+ end
data/spec/authorization_header_parser_spec.rb ADDED
@@ -0,0 +1,113 @@
1
+ require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
2
+
3
+ describe "AuthorizationHeaderParser" do
4
+ context '.parse_params' do
5
+ it 'parses only the parameter string' do
6
+ params = AuthorizationHeaderParser.parse_params('foo=bar, baz=bad')
7
+ expect(params).to eq({"foo"=>"bar", "baz"=>"bad"})
8
+ end
9
+ end
10
+
11
+ context '.parse' do
12
+ it 'parses a simple Token header' do
13
+ header = 'Token foo=bar, baz=bad'
14
+ parsed = AuthorizationHeaderParser.parse(header)
15
+ scheme, params = parsed
16
+ expect(scheme).to eq('Token')
17
+ expect(params).to eq({"foo"=>"bar", "baz"=>"bad"})
18
+ end
19
+
20
+ it 'parses a header with an escaped quote' do
21
+ digest_header = 'Custom param="value\"such and such\""'
22
+ parsed = AuthorizationHeaderParser.parse(digest_header)
23
+ scheme, params = parsed
24
+ expect(scheme).to eq('Custom')
25
+ expect(params).to eq({"param" => 'value"such and such"'})
26
+ end
27
+
28
+ it "parses a Digest header" do
29
+ digest_header = 'Digest qop="chap",
30
+ realm="testrealm@host.com",
31
+ username="Foobear",
32
+ response="6629fae49393a05397450978507c4ef1",
33
+ cnonce="5ccc069c403ebaf9f0171e9517f40e41"'
34
+
35
+ parsed = AuthorizationHeaderParser.parse(digest_header)
36
+ scheme, params = parsed
37
+ expect(scheme).to eq('Digest')
38
+ expect(params).to eq({
39
+ "qop"=>"chap",
40
+ "realm"=>"testrealm@host.com",
41
+ "username"=>"Foobear",
42
+ "response"=>"6629fae49393a05397450978507c4ef1",
43
+ "cnonce"=>"5ccc069c403ebaf9f0171e9517f40e41"
44
+ })
45
+ end
46
+
47
+ it 'parses an OAuth header from Twitter documentation' do
48
+ twitter_header = 'OAuth oauth_consumer_key="xvz1evFS4wEEPTGEFPHBog",
49
+ oauth_nonce="kYjzVBB8Y0ZFabxSWbWovY3uYSQ2pTgmZeNu2VS4cg",
50
+ oauth_signature="tnnArxj06cWHq44gCs1OSKk%2FjLY%3D",
51
+ oauth_signature_method="HMAC-SHA1",
52
+ oauth_timestamp="1318622958",
53
+ oauth_token="370773112-GmHxMAgYyLbNEtIKZeRNFsMKPR9EyMZeS9weJAEb",
54
+ oauth_version="1.0"'
55
+ parsed = AuthorizationHeaderParser.parse(twitter_header)
56
+ scheme, params = parsed
57
+ expect(scheme).to eq("OAuth")
58
+ expect(params).to eq({
59
+ "oauth_consumer_key"=>"xvz1evFS4wEEPTGEFPHBog",
60
+ "oauth_nonce"=>"kYjzVBB8Y0ZFabxSWbWovY3uYSQ2pTgmZeNu2VS4cg",
61
+ "oauth_signature"=>"tnnArxj06cWHq44gCs1OSKk%2FjLY%3D",
62
+ "oauth_signature_method"=>"HMAC-SHA1",
63
+ "oauth_timestamp"=>"1318622958",
64
+ "oauth_token"=>"370773112-GmHxMAgYyLbNEtIKZeRNFsMKPR9EyMZeS9weJAEb",
65
+ "oauth_version"=>"1.0"
66
+ })
67
+ end
68
+
69
+ it 'parses another OAuth params example' do
70
+ oauth_header = 'OAuth realm="",
71
+ oauth_nonce="72250409",
72
+ oauth_timestamp="1294966759",
73
+ oauth_consumer_key="Dummy",
74
+ oauth_signature_method="HMAC-SHA1",
75
+ oauth_version="1.0",
76
+ oauth_signature="IBlWhOm3PuDwaSdxE/Qu4RKPtVE="'
77
+
78
+ parsed = AuthorizationHeaderParser.parse(oauth_header)
79
+ scheme, params = parsed
80
+ expect(scheme).to eq("OAuth")
81
+ expect(params).to eq({
82
+ "realm"=>"",
83
+ "oauth_nonce" => "72250409",
84
+ "oauth_timestamp"=>"1294966759",
85
+ "oauth_consumer_key"=>"Dummy",
86
+ "oauth_signature_method"=>"HMAC-SHA1",
87
+ "oauth_version"=>"1.0",
88
+ "oauth_signature"=>"IBlWhOm3PuDwaSdxE/Qu4RKPtVE="
89
+ })
90
+ end
91
+ end
92
+
93
+ context 'with invalid headers' do
94
+ it 'raises InvalidHeader' do
95
+ expect {
96
+ AuthorizationHeaderParser.parse_params('foo=')
97
+ }.to raise_error(AuthorizationHeaderParser::InvalidHeader, /Expected opening of a parameter/)
98
+
99
+ expect {
100
+ AuthorizationHeaderParser.parse_params('foo=bar"')
101
+ }.to raise_error(AuthorizationHeaderParser::InvalidHeader, /Expected end of header or a comma/)
102
+
103
+ expect {
104
+ AuthorizationHeaderParser.parse_params('FONDBSJDJAHJDHAHUYHJHJBDA')
105
+ }.to raise_error(AuthorizationHeaderParser::InvalidHeader, /Expected =, but found none/)
106
+
107
+ expect {
108
+ AuthorizationHeaderParser.parse_params('foo="bar"baz"bad" another=123')
109
+ }.to raise_error(AuthorizationHeaderParser::InvalidHeader, /Expected end of header or a comma/)
110
+ end
111
+ end
112
+
113
+ end
data/spec/spec_helper.rb ADDED
@@ -0,0 +1,9 @@
1
+ $LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
2
+ $LOAD_PATH.unshift(File.dirname(__FILE__))
3
+
4
+ require 'rspec'
5
+ require 'authorization_header_parser'
6
+
7
+ RSpec.configure do |config|
8
+ config.order = 'random'
9
+ end
metadata ADDED
@@ -0,0 +1,110 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: authorization_header_parser
3
+ version: !ruby/object:Gem::Version
4
+ version: 1.0.0
5
+ platform: ruby
6
+ authors:
7
+ - Julik Tarkhanov
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2015-06-29 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: rspec
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '3'
20
+ type: :development
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '3'
27
+ - !ruby/object:Gem::Dependency
28
+ name: rdoc
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - "~>"
32
+ - !ruby/object:Gem::Version
33
+ version: '3.12'
34
+ type: :development
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - "~>"
39
+ - !ruby/object:Gem::Version
40
+ version: '3.12'
41
+ - !ruby/object:Gem::Dependency
42
+ name: bundler
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - "~>"
46
+ - !ruby/object:Gem::Version
47
+ version: '1.0'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - "~>"
53
+ - !ruby/object:Gem::Version
54
+ version: '1.0'
55
+ - !ruby/object:Gem::Dependency
56
+ name: jeweler
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - "~>"
60
+ - !ruby/object:Gem::Version
61
+ version: 2.0.1
62
+ type: :development
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - "~>"
67
+ - !ruby/object:Gem::Version
68
+ version: 2.0.1
69
+ description: Parses parametrized HTTP Authorization headers
70
+ email: me@julik.nl
71
+ executables: []
72
+ extensions: []
73
+ extra_rdoc_files:
74
+ - LICENSE.txt
75
+ - README.md
76
+ files:
77
+ - ".document"
78
+ - ".rspec"
79
+ - Gemfile
80
+ - LICENSE.txt
81
+ - README.md
82
+ - Rakefile
83
+ - lib/authorization_header_parser.rb
84
+ - spec/authorization_header_parser_spec.rb
85
+ - spec/spec_helper.rb
86
+ homepage: http://github.com/julik/authorization_header_parser
87
+ licenses:
88
+ - MIT
89
+ metadata: {}
90
+ post_install_message:
91
+ rdoc_options: []
92
+ require_paths:
93
+ - lib
94
+ required_ruby_version: !ruby/object:Gem::Requirement
95
+ requirements:
96
+ - - ">="
97
+ - !ruby/object:Gem::Version
98
+ version: '0'
99
+ required_rubygems_version: !ruby/object:Gem::Requirement
100
+ requirements:
101
+ - - ">="
102
+ - !ruby/object:Gem::Version
103
+ version: '0'
104
+ requirements: []
105
+ rubyforge_project:
106
+ rubygems_version: 2.2.2
107
+ signing_key:
108
+ specification_version: 4
109
+ summary: such as OAuth and Digest
110
+ test_files: []