authsignal-ruby 5.1.0 → 5.2.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 83967ef0e6e635ee8073707bd26080c9349a0a15ad7352baa99e8d0097aebdcd
-  data.tar.gz: 9bd1c701d4d60705ba92b90335bb8a5dafb889ac4298eb5935df6ce0a1dab963
+  metadata.gz: eb8afa36ec62970a06618e860b3f343d4e7d7c81ce70e45d905e69c5cccf9c83
+  data.tar.gz: a55a775d64b0569d044f1f4f4362717a160fbb214f63f56af2e11c5d391dc1de
 SHA512:
-  metadata.gz: f5ae54c8f9ebcf44efea16e05815b0320dac64909f8306decd8abe35b2ba33913b00471f0b6b5ecdfa9131f239dc08ae070ea18e28a5129506a09ce625c461c4
-  data.tar.gz: 9689b2cb484837bac9ee107a55688abdd9ca9ba80f2d1a3a8668433edce69f74523c168afca7f660cfb788f1714d525a386ae5288f32ed8833d05a743bf89e1a
+  metadata.gz: 1d0bf703634455560509482b03ff746828ac10dd824ebe4d83bfc2795e5c6f8db7f45c1a7655233bfb762a0034b8fa98285275510170b4acd03194b4e9630ffd
+  data.tar.gz: 6d724b25f111840ff0517ccf6e7c6c5a203c4de48e00a459e296b3ab6ea15a86ba6c31fb3db9961cc5ca0616e82fb7cec5b8c8e52027459a231561409ad249cc

data/Gemfile.lock

@@ -1,7 +1,8 @@
 PATH
   remote: .
   specs:
-    authsignal-ruby (5.1.0)
+    authsignal-ruby (5.2.1)
+      base64
       faraday (>= 2.0.1)
       faraday-retry (~> 2.2)
 
@@ -10,6 +11,7 @@ GEM
   specs:
     addressable (2.8.7)
       public_suffix (>= 2.0.2, < 7.0)
+    base64 (0.2.0)
     bigdecimal (3.1.8)
     crack (1.0.0)
       bigdecimal

data/README.md

@@ -2,7 +2,10 @@
 
 # Authsignal Ruby SDK
 
-The Authsignal Ruby library for server-side applications.
+[![Gem Version](https://img.shields.io/gem/v/authsignal-ruby.svg)](https://rubygems.org/gems/authsignal-ruby)
+[![License](https://img.shields.io/github/license/authsignal/authsignal-ruby.svg)](https://github.com/authsignal/authsignal-ruby/blob/main/LICENSE.txt)
+
+The official Authsignal Ruby library for server-side applications. Use this SDK to easily integrate Authsignal's multi-factor authentication (MFA) and passwordless features into your Ruby backend.
 
 ## Installation
 
@@ -12,48 +15,42 @@ Add this line to your application's Gemfile:
 gem "authsignal-ruby"
 ```
 
-## Documentation
-
-Refer to our [SDK documentation](https://docs.authsignal.com/sdks/server/overview) for information on how to use this SDK.
-
-Or check out our [Ruby on Rails Quickstart Guide](https://docs.authsignal.com/integrations/ruby-on-rails).
+And then execute:
+```bash
+bundle install
+```
 
-### Response & Error handling
+Or install it yourself as:
+```bash
+gem install authsignal-ruby
+```
 
-The Authsignal SDK offers two response formats. By default, its methods return the payload in hash format.
+## Getting started
 
-Example:
+Initialize the Authsignal client with your secret key from the [Authsignal Portal](https://portal.authsignal.com/) and the API URL for your region.
 
 ```ruby
-Authsignal.enroll_verified_authenticator(
-  user_id: 'AS_001',
-  attributes: {
-    verification_method: 'INVALID',
-    email: 'hamish@authsignal.com'
-  }
-)
-
-# returns:
-{
-  "error": "invalid_request",
-  "errorCode": "invalid_request",
-  "errorDescription": "body.verificationMethod must be equal to one of the allowed values - allowedValues: AUTHENTICATOR_APP,EMAIL_MAGIC_LINK,EMAIL_OTP,SMS"
-}
+require 'authsignal'
+
+# Initialize the client
+Authsignal.setup do |config|
+  config.api_secret_key = ENV['AUTHSIGNAL_SECRET_KEY']
+  config.api_url = ENV['AUTHSIGNAL_API_URL'] # Use region-specific URL
+end
 ```
 
-All methods have a bang (!) counterpart that raises an Authsignal::ApiError if the request fails.
+### API URLs by region
 
-Example:
+| Region      | API URL                          |
+| ----------- | -------------------------------- |
+| US (Oregon) | https://api.authsignal.com/v1    |
+| AU (Sydney) | https://au.api.authsignal.com/v1 |
+| EU (Dublin) | https://eu.api.authsignal.com/v1 |
 
-```ruby
-Authsignal.enroll_verified_authenticator!(
-  user_id: 'AS_001',
-  attributes: {
-    verification_method: 'INVALID',
-    email: 'hamish@authsignal.com'
-  }
-)
-
-# raise:
-<Authsignal::ApiError: AuthsignalError: 400 - body.verificationMethod must be equal to one of the allowed values - allowedValues: AUTHENTICATOR_APP,EMAIL_MAGIC_LINK,EMAIL_OTP,SMS.
-```
+## License
+
+This SDK is licensed under the [MIT License](LICENSE.txt).
+
+## Documentation
+
+For more information and advanced usage examples, refer to the official [Authsignal server-Side SDK documentation](https://docs.authsignal.com/sdks/server/overview).

data/lib/authsignal/client.rb

@@ -2,7 +2,7 @@ require 'erb'
 
 module Authsignal
     class Client
-        USER_AGENT = "Authsignal Ruby v#{Authsignal::VERSION}"
+        USER_AGENT = "authsignal-ruby"
         NO_API_KEY_MESSAGE  = "No Authsignal API Secret Key Set"
 
         RETRY_OPTIONS = {

data/lib/authsignal/invalid_signature_error.rb

@@ -0,0 +1,7 @@
+module Authsignal
+  class InvalidSignatureError < StandardError
+    def initialize(message)
+      super(message)
+    end
+  end
+end

data/lib/authsignal/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Authsignal
-  VERSION = "5.1.0"
+  VERSION = "5.2.1"
 end

data/lib/authsignal/webhook.rb

@@ -0,0 +1,83 @@
+require 'openssl'
+require 'json'
+require 'base64'
+
+module Authsignal
+  DEFAULT_TOLERANCE = 5
+
+  class Webhook
+    VERSION = "v2"
+
+    attr_reader :api_secret_key
+
+    def initialize(api_secret_key)
+      @api_secret_key = api_secret_key
+    end
+
+    def construct_event(payload, signature, tolerance = DEFAULT_TOLERANCE)
+      parsed_signature = parse_signature(signature)
+
+      seconds_since_epoch = Time.now.to_i
+
+      if tolerance > 0 && parsed_signature[:timestamp] < seconds_since_epoch - (tolerance * 60)
+        raise InvalidSignatureError, "Timestamp is outside the tolerance zone."
+      end
+
+      hmac_content = "#{parsed_signature[:timestamp]}.#{payload}"
+
+      computed_signature = OpenSSL::HMAC.digest(
+        OpenSSL::Digest.new('sha256'),
+        @api_secret_key,
+        hmac_content
+      )
+      computed_signature_base64 = Base64.strict_encode64(computed_signature).delete('=')
+
+      match = false
+
+      parsed_signature[:signatures].each do |sig|
+        if sig == computed_signature_base64
+          match = true
+          break
+        end
+      end
+
+      unless match
+        raise InvalidSignatureError, "Signature mismatch."
+      end
+
+      JSON.parse(payload, symbolize_names: true)
+    end
+
+    def parse_signature(value)
+      result = {
+        timestamp: -1,
+        signatures: []
+      }
+
+      return handle_invalid_signature unless value
+
+      value.split(',').each do |item|
+        kv = item.split('=')
+        next unless kv.length == 2
+
+        if kv[0] == 't'
+          result[:timestamp] = kv[1].to_i
+        elsif kv[0] == VERSION
+          result[:signatures] << kv[1]
+        end
+      end
+
+      if result[:timestamp] == -1 || result[:signatures].empty?
+        handle_invalid_signature
+      end
+
+      result
+    end
+
+    private
+
+    def handle_invalid_signature
+      raise InvalidSignatureError, "Signature format is invalid."
+    end
+  end
+end

data/lib/authsignal.rb

@@ -4,11 +4,13 @@ require "authsignal/version"
 require "authsignal/client"
 require "authsignal/configuration"
 require "authsignal/api_error"
+require "authsignal/invalid_signature_error"
+require "authsignal/webhook"
 require "authsignal/middleware/json_response"
 require "authsignal/middleware/json_request"
 
 module Authsignal
-    NON_API_METHODS = [:setup, :configuration, :default_configuration]
+    NON_API_METHODS = [:setup, :configuration, :default_configuration, :webhook]
 
     class << self
         attr_writer :configuration
@@ -25,6 +27,10 @@ module Authsignal
             configuration.defaults
         end
 
+        def webhook
+            @webhook ||= Webhook.new(configuration.api_secret_key)
+        end
+
         def get_user(user_id:)
             response = Client.new.get_user(user_id: user_id)
 

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: authsignal-ruby
 version: !ruby/object:Gem::Version
-  version: 5.1.0
+  version: 5.2.1
 platform: ruby
 authors:
 - justinsoong
 bindir: exe
 cert_chain: []
-date: 2025-03-25 00:00:00.000000000 Z
+date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday
@@ -37,6 +37,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '2.2'
+- !ruby/object:Gem::Dependency
+  name: base64
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -102,9 +116,11 @@ files:
 - lib/authsignal/api_error.rb
 - lib/authsignal/client.rb
 - lib/authsignal/configuration.rb
+- lib/authsignal/invalid_signature_error.rb
 - lib/authsignal/middleware/json_request.rb
 - lib/authsignal/middleware/json_response.rb
 - lib/authsignal/version.rb
+- lib/authsignal/webhook.rb
 homepage: https://github.com/authsignal/authsignal-ruby
 licenses:
 - MIT
@@ -125,7 +141,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.6.2
+rubygems_version: 3.6.9
 specification_version: 4
 summary: The Authsignal ruby server side signal API.
 test_files: []