aws-ses 0.4.3 → 0.7.1

data/lib/aws/ses.rb

@@ -23,6 +23,6 @@ require 'ses/version'
 require 'ses/addresses'
 
 if defined?(Rails)
-  major, minor = Rails.version.split('.')
+  major, minor = Rails.version.to_s.split('.')
   require 'actionmailer/ses_extension' if major == '2' && minor == '3'
-end
+end

data/lib/aws/ses/base.rb

@@ -17,11 +17,31 @@ module AWS #:nodoc:
   #   )
   # 
   # The minimum connection options that you must specify are your access key id and your secret access key.
+  #
+  # === Connecting to a server from another region
+  # 
+  # The default server API endpoint is "email.us-east-1.amazonaws.com", corresponding to the US East 1 region.
+  # To connect to a different one, just pass it as a parameter to the AWS::SES::Base initializer:
+  #
+  #   ses = AWS::SES::Base.new(
+  #     :access_key_id     => 'abc', 
+  #     :secret_access_key => '123',
+  #     :server => 'email.eu-west-1.amazonaws.com',
+  #     :message_id_domain => 'eu-west-1.amazonses.com'
+  #   )
+  #
+
   module SES
     
     API_VERSION = '2010-12-01'
-    
+
+    DEFAULT_REGION = 'us-east-1'
+
+    SERVICE = 'ec2'
+
     DEFAULT_HOST = 'email.us-east-1.amazonaws.com'
+
+    DEFAULT_MESSAGE_ID_DOMAIN = 'email.amazonses.com'
     
     USER_AGENT = 'github-aws-ses-ruby-gem'
     
@@ -35,7 +55,7 @@ module AWS #:nodoc:
     # @param [Boolean] urlencode whether or not to url encode the result., true or false
     # @return [String] the signed and encoded string.
     def SES.encode(secret_access_key, str, urlencode=true)
-      digest = OpenSSL::Digest::Digest.new('sha256')
+      digest = OpenSSL::Digest.new('sha256')
       b64_hmac =
         Base64.encode64(
           OpenSSL::HMAC.digest(digest, secret_access_key, str)).gsub("\n","")
@@ -55,13 +75,18 @@ module AWS #:nodoc:
     def SES.authorization_header(key, alg, sig)
       "AWS3-HTTPS AWSAccessKeyId=#{key}, Algorithm=#{alg}, Signature=#{sig}"
     end
-    
+
+    def SES.authorization_header_v4(credential, signed_headers, signature)
+      "AWS4-HMAC-SHA256 Credential=#{credential}, SignedHeaders=#{signed_headers}, Signature=#{signature}"
+    end
+
     # AWS::SES::Base is the abstract super class of all classes who make requests against SES
     class Base   
       include SendEmail
       include Info
       
-      attr_reader :use_ssl, :server, :proxy_server, :port
+      attr_reader :use_ssl, :server, :proxy_server, :port, :message_id_domain, :signature_version, :region
+      attr_accessor :settings
 
       # @option options [String] :access_key_id ("") The user's AWS Access Key ID
       # @option options [String] :secret_access_key ("") The user's AWS Secret Access Key
@@ -69,6 +94,8 @@ module AWS #:nodoc:
       # @option options [String] :server ("email.us-east-1.amazonaws.com") The server API endpoint host
       # @option options [String] :proxy_server (nil) An HTTP proxy server FQDN
       # @option options [String] :user_agent ("github-aws-ses-ruby-gem") The HTTP User-Agent header value
+      # @option options [String] :region ("us-east-1") The server API endpoint host
+      # @option options [String] :message_id_domain ("us-east-1.amazonses.com") Domain used to build message_id header
       # @return [Object] the object.
       def initialize( options = {} )
 
@@ -76,16 +103,22 @@ module AWS #:nodoc:
                     :secret_access_key => "",
                     :use_ssl => true,
                     :server => DEFAULT_HOST,
+                    :message_id_domain => DEFAULT_MESSAGE_ID_DOMAIN,
                     :path => "/",
                     :user_agent => USER_AGENT,
-                    :proxy_server => nil
+                    :proxy_server => nil,
+                    :region => DEFAULT_REGION
                     }.merge(options)
 
+        @signature_version = options[:signature_version] || 2
         @server = options[:server]
+        @message_id_domain = options[:message_id_domain]
         @proxy_server = options[:proxy_server]
         @use_ssl = options[:use_ssl]
         @path = options[:path]
         @user_agent = options[:user_agent]
+        @region = options[:region]
+        @settings = {}
 
         raise ArgumentError, "No :access_key_id provided" if options[:access_key_id].nil? || options[:access_key_id].empty?
         raise ArgumentError, "No :secret_access_key provided" if options[:secret_access_key].nil? || options[:secret_access_key].empty?
@@ -116,14 +149,8 @@ module AWS #:nodoc:
                                   proxy.password).new(options[:server], @port)
 
         @http.use_ssl = @use_ssl
-
-        # Don't verify the SSL certificates.  Avoids SSL Cert warning in log on every GET.
-        @http.verify_mode = OpenSSL::SSL::VERIFY_NONE
-
       end
       
-      attr_accessor :settings
-      
       def connection
         @http
       end
@@ -138,7 +165,7 @@ module AWS #:nodoc:
         timestamp = Time.now.getutc
 
         params.merge!( {"Action" => action,
-                        "SignatureVersion" => "2",
+                        "SignatureVersion" => signature_version.to_s,
                         "SignatureMethod" => 'HmacSHA256',
                         "AWSAccessKeyId" => @access_key_id,
                         "Version" => API_VERSION,
@@ -150,9 +177,9 @@ module AWS #:nodoc:
 
         req = {}
 
-        req['X-Amzn-Authorization'] = get_aws_auth_param(timestamp.httpdate, @secret_access_key)
+        req['X-Amzn-Authorization'] = get_aws_auth_param(timestamp.httpdate, @secret_access_key, action, signature_version)
         req['Date'] = timestamp.httpdate
-        req['User-Agent'] = @user_agent 
+        req['User-Agent'] = @user_agent
 
         response = connection.post(@path, query, req)
         
@@ -167,9 +194,77 @@ module AWS #:nodoc:
       end
 
       # Set the Authorization header using AWS signed header authentication
-      def get_aws_auth_param(timestamp, secret_access_key)
+      def get_aws_auth_param(timestamp, secret_access_key, action = '', signature_version = 2)
+        raise(ArgumentError, "signature_version must be `2` or `4`") unless signature_version == 2 || signature_version == 4
         encoded_canonical = SES.encode(secret_access_key, timestamp, false)
-        SES.authorization_header(@access_key_id, 'HmacSHA256', encoded_canonical)
+
+        if signature_version == 4
+          SES.authorization_header_v4(sig_v4_auth_credential, sig_v4_auth_signed_headers, sig_v4_auth_signature(action))
+        else
+          SES.authorization_header(@access_key_id, 'HmacSHA256', encoded_canonical)
+        end
+      end
+
+      private
+
+      def sig_v4_auth_credential
+        @access_key_id + '/' + credential_scope
+      end
+
+      def sig_v4_auth_signed_headers
+        'host;x-amz-date'
+      end
+
+      def credential_scope
+        datestamp + '/' + region + '/' + SERVICE + '/' + 'aws4_request'
+      end
+
+      def string_to_sign(for_action)
+        "AWS4-HMAC-SHA256\n" +  amzdate + "\n" +  credential_scope + "\n" + Digest::SHA256.hexdigest(canonical_request(for_action).encode('utf-8').b)
+      end
+
+
+      def amzdate
+        Time.now.utc.strftime('%Y%m%dT%H%M%SZ')
+      end
+
+      def datestamp
+        Time.now.utc.strftime('%Y%m%d')
+      end
+
+      def canonical_request(for_action)
+        "GET" + "\n" + "/" + "\n" + canonical_querystring(for_action) + "\n" + canonical_headers + "\n" + sig_v4_auth_signed_headers + "\n" + payload_hash
+      end
+
+      def canonical_querystring(action)
+        "Action=#{action}&Version=2013-10-15"
+      end
+
+      def canonical_headers
+        'host:' + server + "\n" + 'x-amz-date:' + amzdate + "\n"
+      end
+
+      def payload_hash
+        Digest::SHA256.hexdigest(''.encode('utf-8'))
+      end
+
+      def sig_v4_auth_signature(for_action)
+        signing_key = getSignatureKey(@secret_access_key, datestamp, region, SERVICE)
+
+        OpenSSL::HMAC.hexdigest("SHA256", signing_key, string_to_sign(for_action).encode('utf-8'))
+      end
+
+      def getSignatureKey(key, dateStamp, regionName, serviceName)
+        kDate = sign(('AWS4' + key).encode('utf-8'), dateStamp)
+        kRegion = sign(kDate, regionName)
+        kService = sign(kRegion, serviceName)
+        kSigning = sign(kService, 'aws4_request')
+
+        kSigning
+      end
+
+      def sign(key, msg)
+        OpenSSL::HMAC.digest("SHA256", key, msg.encode('utf-8'))
       end
     end # class Base
   end # Module SES

data/lib/aws/ses/send_email.rb

@@ -9,24 +9,24 @@ module AWS
     #                :subject   => 'Subject Line'
     #                :text_body => 'Internal text body'
     #
-    # By default, the email "from" display address is whatever is before the @. 
-    # To change the display from, use the format: 
+    # By default, the email "from" display address is whatever is before the @.
+    # To change the display from, use the format:
     #
     #   "Steve Smith" <steve@example.com>
     #
     # You can also send Mail objects using send_raw_email:
-    # 
+    #
     #   m = Mail.new( :to => ..., :from => ... )
     #   ses.send_raw_email(m)
     #
     # send_raw_email will also take a hash and pass it through Mail.new automatically as well.
     #
     module SendEmail
-      
+
       # Sends an email through SES
-      # 
+      #
       # the destination parameters can be:
-      # 
+      #
       # [A single e-mail string]  "jon@example.com"
       # [A array of e-mail addresses]  ['jon@example.com', 'dave@example.com']
       #
@@ -51,31 +51,31 @@ module AWS
       # @return [Response] the response to sending this e-mail
       def send_email(options = {})
         package     = {}
-        
+
         package['Source'] = options[:source] || options[:from]
-        
+
         add_array_to_hash!(package, 'Destination.ToAddresses', options[:to]) if options[:to]
         add_array_to_hash!(package, 'Destination.CcAddresses', options[:cc]) if options[:cc]
         add_array_to_hash!(package, 'Destination.BccAddresses', options[:bcc]) if options[:bcc]
-        
+
         package['Message.Subject.Data'] = options[:subject]
-        
+
         package['Message.Body.Html.Data'] = options[:html_body] if options[:html_body]
         package['Message.Body.Text.Data'] = options[:text_body] || options[:body] if options[:text_body] || options[:body]
-        
+
         package['ReturnPath'] = options[:return_path] if options[:return_path]
-        
+
         add_array_to_hash!(package, 'ReplyToAddresses', options[:reply_to]) if options[:reply_to]
-        
+
         request('SendEmail', package)
       end
-      
+
       # Sends using the SendRawEmail method
       # This gives the most control and flexibility
       #
       # This uses the underlying Mail object from the mail gem
       # You can pass in a Mail object, a Hash of params that will be parsed by Mail.new, or just a string
-      # 
+      #
       # Note that the params are different from send_email
       # Specifically, the following fields from send_email will NOT work:
       #
@@ -96,23 +96,38 @@ module AWS
       # @option args [String] :to alias for :destinations
       # @return [Response]
       def send_raw_email(mail, args = {})
-        message = mail.is_a?(Hash) ? Mail.new(mail).to_s : mail.to_s
-        package = { 'RawMessage.Data' => Base64::encode64(message) }
+        message = mail.is_a?(Hash) ? Mail.new(mail) : mail
+        raise ArgumentError, "Attachment provided without message body" if message.has_attachments? && message.text_part.nil? && message.html_part.nil?
+
+        raw_email = build_raw_email(message, args)
+        result = request('SendRawEmail', raw_email)
+        message.message_id = "<#{result.parsed['SendRawEmailResult']['MessageId']}@#{message_id_domain}>"
+        result
+      end
+
+      alias :deliver! :send_raw_email
+      alias :deliver  :send_raw_email
+
+      private
+
+      def build_raw_email(message, args = {})
+        # the message.to_s includes the :to and :cc addresses
+        package = { 'RawMessage.Data' => Base64::encode64(message.to_s) }
         package['Source'] = args[:from] if args[:from]
         package['Source'] = args[:source] if args[:source]
         if args[:destinations]
             add_array_to_hash!(package, 'Destinations', args[:destinations])
         else
-            add_array_to_hash!(package, 'Destinations', args[:to]) if args[:to]
+          mail_addresses = [message.to, message.cc, message.bcc].flatten.compact
+          args_addresses = [args[:to], args[:cc], args[:bcc]].flatten.compact
+
+          mail_addresses = args_addresses unless args_addresses.empty?
+
+          add_array_to_hash!(package, 'Destinations', mail_addresses)
         end
-        request('SendRawEmail', package)
+        package
       end
 
-      alias :deliver! :send_raw_email
-      alias :deliver  :send_raw_email
-      
-      private
-      
       # Adds all elements of the ary with the appropriate member elements
       def add_array_to_hash!(hash, key, ary)
         cnt = 1
@@ -122,23 +137,23 @@ module AWS
         end
       end
     end
-    
+
     class EmailResponse < AWS::SES::Response
       def result
         super["#{action}Result"]
       end
-      
+
       def message_id
         result['MessageId']
       end
     end
-    
+
     class SendEmailResponse < EmailResponse
-    
+
     end
-    
+
     class SendRawEmailResponse < EmailResponse
-    
+
     end
   end
 end

data/lib/aws/ses/version.rb

@@ -3,7 +3,7 @@ module AWS
     module VERSION #:nodoc:
       MAJOR    = '0'
       MINOR    = '4'
-      TINY     = '2' 
+      TINY     = '4' 
       BETA     = Time.now.to_i.to_s
     end
     

data/test/base_test.rb

@@ -37,4 +37,69 @@ class BaseTest < Test::Unit::TestCase
     #     assert result.error.error?
     #     assert_equal 'ValidationError', result.error.code
   end
+
+  def test_ses_authorization_header_v2
+    aws_access_key_id = 'fake_aws_key_id'
+    aws_secret_access_key = 'fake_aws_access_key'
+    timestamp = Time.new(2020, 7, 2, 7, 17, 58, '+00:00')
+
+    base = ::AWS::SES::Base.new(
+        access_key_id:     aws_access_key_id,
+        secret_access_key: aws_secret_access_key
+    )
+
+    assert_equal 'AWS3-HTTPS AWSAccessKeyId=fake_aws_key_id, Algorithm=HmacSHA256, Signature=eHh/cPIJJUc1+RMCueAi50EPlYxkZNXMrxtGxjkBD1w=', base.get_aws_auth_param(timestamp.httpdate, aws_secret_access_key)
+  end
+
+  def test_ses_authorization_header_v4
+    aws_access_key_id = 'fake_aws_key_id'
+    aws_secret_access_key = 'fake_aws_access_key'
+    time = Time.new(2020, 7, 2, 7, 17, 58, '+00:00')
+    ::Timecop.freeze(time)
+
+    base = ::AWS::SES::Base.new(
+        server:            'ec2.amazonaws.com',
+        signature_version: 4,
+        access_key_id:     aws_access_key_id,
+        secret_access_key: aws_secret_access_key
+    )
+
+    assert_equal 'AWS4-HMAC-SHA256 Credential=fake_aws_key_id/20200702/us-east-1/ec2/aws4_request, SignedHeaders=host;x-amz-date, Signature=c0465b36efd110b14a1c6dcca3e105085ed2bfb2a3fd3b3586cc459326ab43aa', base.get_aws_auth_param(time.httpdate, aws_secret_access_key, 'DescribeRegions', 4)
+    Timecop.return
+  end
+
+  def test_ses_authorization_header_v4_changed_host
+    aws_access_key_id = 'fake_aws_key_id'
+    aws_secret_access_key = 'fake_aws_access_key'
+    time = Time.new(2020, 7, 2, 7, 17, 58, '+00:00')
+    ::Timecop.freeze(time)
+
+    base = ::AWS::SES::Base.new(
+        server:            'email.us-east-1.amazonaws.com',
+        signature_version: 4,
+        access_key_id:     aws_access_key_id,
+        secret_access_key: aws_secret_access_key
+    )
+
+    assert_equal 'AWS4-HMAC-SHA256 Credential=fake_aws_key_id/20200702/us-east-1/ec2/aws4_request, SignedHeaders=host;x-amz-date, Signature=b872601457070ab98e7038bdcd4dc1f5eab586ececf9908525474408b0740515', base.get_aws_auth_param(time.httpdate, aws_secret_access_key, 'DescribeRegions', 4)
+    Timecop.return
+  end
+
+  def test_ses_authorization_header_v4_changed_region
+    aws_access_key_id = 'fake_aws_key_id'
+    aws_secret_access_key = 'fake_aws_access_key'
+    time = Time.new(2020, 7, 2, 7, 17, 58, '+00:00')
+    ::Timecop.freeze(time)
+
+    base = ::AWS::SES::Base.new(
+        server:            'email.us-east-1.amazonaws.com',
+        signature_version: 4,
+        access_key_id:     aws_access_key_id,
+        secret_access_key: aws_secret_access_key,
+        region:            'eu-west-1'
+    )
+
+    assert_not_equal 'AWS4-HMAC-SHA256 Credential=fake_aws_key_id/20200702/us-east-1/ec2/aws4_request, SignedHeaders=host;x-amz-date, Signature=b872601457070ab98e7038bdcd4dc1f5eab586ececf9908525474408b0740515', base.get_aws_auth_param(time.httpdate, aws_secret_access_key, 'DescribeRegions', 4)
+    Timecop.return
+  end
 end

data/test/helper.rb

@@ -24,6 +24,7 @@ require File.dirname(__FILE__) + '/fixtures'
 $LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
 $LOAD_PATH.unshift(File.dirname(__FILE__))
 require 'aws/ses'
+require 'timecop'
 
 class Test::Unit::TestCase
   require 'net/http'
@@ -54,3 +55,9 @@ class Test::Unit::TestCase
     Base.new(:access_key_id=>'123', :secret_access_key=>'abc')
   end
 end
+
+# Deals w/ http://github.com/thoughtbot/shoulda/issues/issue/117, see 
+# http://stackoverflow.com/questions/3657972/nameerror-uninitialized-constant-testunitassertionfailederror-when-upgradin
+unless defined?(Test::Unit::AssertionFailedError)
+  Test::Unit::AssertionFailedError = ActiveSupport::TestCase::Assertion
+end