bixby-auth 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 58232e00fb92f8ace02f941943e67a6cb8e64508
+  data.tar.gz: 18a1d58a81c8ff2a4aa9baf6148db4d78ee2c11a
+SHA512:
+  metadata.gz: f329d1953f45daa94c406cec32ba73c80040e7c69103bf63fa272529072300208626d2d139be476d204eae2980578e1c7aef39dd4701c5ce7b0ed96cde205510
+  data.tar.gz: b63a762438d45f82872599510ce4013403e0946bcf2326a2d2ea0d4c8d548f3f71507c7bf67ec14138ab795f53df746f97bf03e2b5b3d621b78e3a6704fb22fc

data/.document

@@ -0,0 +1,5 @@
+lib/**/*.rb
+bin/*
+- 
+features/**/*.feature
+LICENSE.txt

data/Gemfile

@@ -0,0 +1,28 @@
+source "https://rubygems.org"
+
+group :development do
+  gem "rake", "~> 10.3"
+  gem "pry", "~> 0.10"
+  gem "yard", "~> 0.7"
+  gem "bundler", "~> 1.0"
+  gem "jeweler", "~> 2.0.1", :github => "chetan/jeweler", :branch => "bixby"
+
+  gem "bixby-common", "~> 0.4"
+
+
+  gem "micron",     :github => "chetan/micron"
+  gem "test_guard", :github => "chetan/test_guard"
+  gem 'rb-inotify', :require => false
+  gem 'rb-fsevent', :require => false
+  gem 'rb-fchange', :require => false
+
+  gem "oj"
+  gem "rspec"
+  gem "amatch"
+  gem "rails"
+  gem "activeresource"
+  gem "rest-client", "~> 1.6.0"
+  gem "curb", "~> 0.8.1"
+  gem "httpi"
+
+end

data/Gemfile.lock

@@ -0,0 +1,245 @@
+GIT
+  remote: git://github.com/chetan/jeweler.git
+  revision: b90381a3958daae7f3ce3d8c4d710fe39e72443b
+  branch: bixby
+  specs:
+    jeweler (2.0.1)
+      builder
+      bundler (>= 1.0)
+      git (>= 1.2.5)
+      github_api
+      highline (>= 1.6.15)
+      nokogiri (>= 1.5.10)
+      rake
+
+GIT
+  remote: git://github.com/chetan/micron.git
+  revision: 0c1e9c0b9d9e052805f43485fe3454cbd25913c5
+  specs:
+    micron (0.5.1)
+      ansi
+      easycov
+      hitimes
+
+GIT
+  remote: git://github.com/chetan/test_guard.git
+  revision: 178e47e2e57dc83060d6cabc18f206916b9d02f2
+  specs:
+    test_guard (0.2.1)
+      awesome_print
+      easycov
+      growl
+      listen
+      simplecov
+      simplecov-console
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    actionmailer (4.1.8)
+      actionpack (= 4.1.8)
+      actionview (= 4.1.8)
+      mail (~> 2.5, >= 2.5.4)
+    actionpack (4.1.8)
+      actionview (= 4.1.8)
+      activesupport (= 4.1.8)
+      rack (~> 1.5.2)
+      rack-test (~> 0.6.2)
+    actionview (4.1.8)
+      activesupport (= 4.1.8)
+      builder (~> 3.1)
+      erubis (~> 2.7.0)
+    activemodel (4.1.8)
+      activesupport (= 4.1.8)
+      builder (~> 3.1)
+    activerecord (4.1.8)
+      activemodel (= 4.1.8)
+      activesupport (= 4.1.8)
+      arel (~> 5.0.0)
+    activeresource (4.0.0)
+      activemodel (~> 4.0)
+      activesupport (~> 4.0)
+      rails-observers (~> 0.1.1)
+    activesupport (4.1.8)
+      i18n (~> 0.6, >= 0.6.9)
+      json (~> 1.7, >= 1.7.7)
+      minitest (~> 5.1)
+      thread_safe (~> 0.1)
+      tzinfo (~> 1.1)
+    addressable (2.3.6)
+    amatch (0.2.11)
+      tins (~> 0.3)
+    ansi (1.4.3)
+    api-auth (1.0.3)
+    arel (5.0.1.20140414130214)
+    awesome_print (1.2.0)
+    bixby-common (0.4.13)
+      api-auth (~> 1.0)
+      faye-websocket (~> 0.7)
+      httpi (~> 2.1)
+      logging (~> 1.8)
+      multi_json (~> 1.8)
+      semver2 (~> 3.3)
+    builder (3.2.2)
+    celluloid (0.16.0)
+      timers (~> 4.0.0)
+    coderay (1.1.0)
+    colorize (0.7.3)
+    curb (0.8.6)
+    descendants_tracker (0.0.4)
+      thread_safe (~> 0.3, >= 0.3.1)
+    diff-lcs (1.2.5)
+    docile (1.1.5)
+    easycov (0.4.0)
+      multi_json
+      simplecov
+      simplecov-console
+      simplecov-html
+    erubis (2.7.0)
+    eventmachine (1.0.3)
+    faraday (0.9.0)
+      multipart-post (>= 1.2, < 3)
+    faye-websocket (0.7.4)
+      eventmachine (>= 0.12.0)
+      websocket-driver (>= 0.3.1)
+    ffi (1.9.6)
+    git (1.2.8)
+    github_api (0.12.2)
+      addressable (~> 2.3)
+      descendants_tracker (~> 0.0.4)
+      faraday (~> 0.8, < 0.10)
+      hashie (>= 3.3)
+      multi_json (>= 1.7.5, < 2.0)
+      nokogiri (~> 1.6.3)
+      oauth2
+    growl (1.0.3)
+    hashie (3.3.1)
+    highline (1.6.21)
+    hike (1.2.3)
+    hirb (0.7.2)
+    hitimes (1.2.2)
+    httpi (2.2.7)
+      rack
+    i18n (0.6.11)
+    json (1.8.1)
+    jwt (1.0.0)
+    listen (2.8.0)
+      celluloid (>= 0.15.2)
+      rb-fsevent (>= 0.9.3)
+      rb-inotify (>= 0.9)
+    little-plugger (1.1.3)
+    logging (1.8.2)
+      little-plugger (>= 1.1.3)
+      multi_json (>= 1.8.4)
+    mail (2.6.3)
+      mime-types (>= 1.16, < 3)
+    method_source (0.8.2)
+    mime-types (2.4.3)
+    mini_portile (0.6.1)
+    minitest (5.4.3)
+    multi_json (1.10.1)
+    multi_xml (0.5.5)
+    multipart-post (2.0.0)
+    nokogiri (1.6.4.1)
+      mini_portile (~> 0.6.0)
+    oauth2 (1.0.0)
+      faraday (>= 0.8, < 0.10)
+      jwt (~> 1.0)
+      multi_json (~> 1.3)
+      multi_xml (~> 0.5)
+      rack (~> 1.2)
+    oj (2.10.2)
+    pry (0.10.1)
+      coderay (~> 1.1.0)
+      method_source (~> 0.8.1)
+      slop (~> 3.4)
+    rack (1.5.2)
+    rack-test (0.6.2)
+      rack (>= 1.0)
+    rails (4.1.8)
+      actionmailer (= 4.1.8)
+      actionpack (= 4.1.8)
+      actionview (= 4.1.8)
+      activemodel (= 4.1.8)
+      activerecord (= 4.1.8)
+      activesupport (= 4.1.8)
+      bundler (>= 1.3.0, < 2.0)
+      railties (= 4.1.8)
+      sprockets-rails (~> 2.0)
+    rails-observers (0.1.2)
+      activemodel (~> 4.0)
+    railties (4.1.8)
+      actionpack (= 4.1.8)
+      activesupport (= 4.1.8)
+      rake (>= 0.8.7)
+      thor (>= 0.18.1, < 2.0)
+    rake (10.3.2)
+    rb-fchange (0.0.6)
+      ffi
+    rb-fsevent (0.9.4)
+    rb-inotify (0.9.5)
+      ffi (>= 0.5.0)
+    rest-client (1.6.7)
+      mime-types (>= 1.16)
+    rspec (2.14.1)
+      rspec-core (~> 2.14.0)
+      rspec-expectations (~> 2.14.0)
+      rspec-mocks (~> 2.14.0)
+    rspec-core (2.14.5)
+    rspec-expectations (2.14.2)
+      diff-lcs (>= 1.1.3, < 2.0)
+    rspec-mocks (2.14.3)
+    semver2 (3.4.0)
+    simplecov (0.9.1)
+      docile (~> 1.1.0)
+      multi_json (~> 1.0)
+      simplecov-html (~> 0.8.0)
+    simplecov-console (0.2.0)
+      colorize
+      hirb
+      simplecov
+    simplecov-html (0.8.0)
+    slop (3.6.0)
+    sprockets (2.12.3)
+      hike (~> 1.2)
+      multi_json (~> 1.0)
+      rack (~> 1.0)
+      tilt (~> 1.1, != 1.3.0)
+    sprockets-rails (2.2.0)
+      actionpack (>= 3.0)
+      activesupport (>= 3.0)
+      sprockets (>= 2.8, < 4.0)
+    thor (0.19.1)
+    thread_safe (0.3.4)
+    tilt (1.4.1)
+    timers (4.0.1)
+      hitimes
+    tins (0.12.0)
+    tzinfo (1.2.2)
+      thread_safe (~> 0.1)
+    websocket-driver (0.3.4)
+    yard (0.8.7.6)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  activeresource
+  amatch
+  bixby-common (~> 0.4)
+  bundler (~> 1.0)
+  curb (~> 0.8.1)
+  httpi
+  jeweler (~> 2.0.1)!
+  micron!
+  oj
+  pry (~> 0.10)
+  rails
+  rake (~> 10.3)
+  rb-fchange
+  rb-fsevent
+  rb-inotify
+  rest-client (~> 1.6.0)
+  rspec
+  test_guard!
+  yard (~> 0.7)

data/LICENSE.txt

@@ -0,0 +1,20 @@
+Copyright (c) 2014 Chetan Sarva
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,19 @@
+= bixby-auth
+
+Description goes here.
+
+== Contributing to bixby-auth
+ 
+* Check out the latest master to make sure the feature hasn't been implemented or the bug hasn't been fixed yet.
+* Check out the issue tracker to make sure someone already hasn't requested it and/or contributed it.
+* Fork the project.
+* Start a feature/bugfix branch.
+* Commit and push until you are happy with your contribution.
+* Make sure to add tests for it. This is important so I don't break it in a future version unintentionally.
+* Please try not to mess with the Rakefile, version, or history. If you want to have your own version, or is otherwise necessary, that is fine, but please isolate to its own commit so I can cherry-pick around it.
+
+== Copyright
+
+Copyright (c) 2014 Chetan Sarva. See LICENSE.txt for
+further details.
+

data/Rakefile

@@ -0,0 +1,52 @@
+# encoding: utf-8
+
+require 'rubygems'
+require 'bundler'
+begin
+  Bundler.setup(:default, :development)
+rescue Bundler::BundlerError => e
+  $stderr.puts e.message
+  $stderr.puts "Run `bundle install` to install missing gems"
+  exit e.status_code
+end
+require 'rake'
+
+require 'jeweler'
+Jeweler::Tasks.new do |gem|
+  # gem is a Gem::Specification... see http://guides.rubygems.org/specification-reference/ for more options
+  gem.name = "bixby-auth"
+  gem.homepage = "http://github.com/chetan/bixby-auth"
+  gem.license = "MIT"
+  gem.summary = %Q{Bixby API Auth library}
+  gem.description = %Q{Bixby API Auth library for both clients and servers}
+  gem.email = "chetan@pixelcop.net"
+  gem.authors = ["Chetan Sarva"]
+  # dependencies defined in Gemfile
+end
+Jeweler::RubygemsDotOrgTasks.new
+
+# require 'rake/testtask'
+# Rake::TestTask.new(:test) do |test|
+#   test.libs << 'lib' << 'test'
+#   test.pattern = 'test/**/test_*.rb'
+#   test.verbose = true
+# end
+
+desc "Code coverage detail"
+task :simplecov do
+  ENV['COVERAGE'] = "true"
+  Rake::Task['test'].execute
+end
+
+task :default => :test
+
+require 'yard'
+YARD::Rake::YardocTask.new
+
+
+require 'rspec/core'
+require 'rspec/core/rake_task'
+
+RSpec::Core::RakeTask.new(:spec) do |spec|
+  spec.pattern = FileList['spec/**/*_spec.rb']
+end

data/VERSION

@@ -0,0 +1 @@
+0.1.0

data/bixby-auth.gemspec

@@ -0,0 +1,129 @@
+# Generated by jeweler
+# DO NOT EDIT THIS FILE DIRECTLY
+# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
+# -*- encoding: utf-8 -*-
+# stub: bixby-auth 0.1.0 ruby lib
+
+Gem::Specification.new do |s|
+  s.name = "bixby-auth"
+  s.version = "0.1.0"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.require_paths = ["lib"]
+  s.authors = ["Chetan Sarva"]
+  s.date = "2014-11-20"
+  s.description = "Bixby API Auth library for both clients and servers"
+  s.email = "chetan@pixelcop.net"
+  s.extra_rdoc_files = [
+    "LICENSE.txt",
+    "README.md"
+  ]
+  s.files = [
+    ".document",
+    "Gemfile",
+    "Gemfile.lock",
+    "LICENSE.txt",
+    "README.md",
+    "Rakefile",
+    "VERSION",
+    "bixby-auth.gemspec",
+    "lib/api-auth.rb",
+    "lib/api_auth.rb",
+    "lib/api_auth/base.rb",
+    "lib/api_auth/errors.rb",
+    "lib/api_auth/headers.rb",
+    "lib/api_auth/helpers.rb",
+    "lib/api_auth/railtie.rb",
+    "lib/api_auth/request_drivers.rb",
+    "lib/api_auth/request_drivers/action_controller.rb",
+    "lib/api_auth/request_drivers/action_dispatch.rb",
+    "lib/api_auth/request_drivers/bixby_request.rb",
+    "lib/api_auth/request_drivers/curb.rb",
+    "lib/api_auth/request_drivers/httpi.rb",
+    "lib/api_auth/request_drivers/net_http.rb",
+    "lib/api_auth/request_drivers/rack.rb",
+    "lib/api_auth/request_drivers/rest_client.rb",
+    "lib/bixby-auth.rb",
+    "spec/api_auth_spec.rb",
+    "spec/application_helper.rb",
+    "spec/fixtures/upload.png",
+    "spec/headers_spec.rb",
+    "spec/helpers_spec.rb",
+    "spec/railtie_spec.rb",
+    "spec/spec_helper.rb",
+    "spec/test_helper.rb",
+    "test/helper.rb",
+    "test/test_bixby-auth.rb"
+  ]
+  s.homepage = "http://github.com/chetan/bixby-auth"
+  s.licenses = ["MIT"]
+  s.rubygems_version = "2.4.2"
+  s.summary = "Bixby API Auth library"
+
+  if s.respond_to? :specification_version then
+    s.specification_version = 4
+
+    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
+      s.add_development_dependency(%q<rake>, ["~> 10.3"])
+      s.add_development_dependency(%q<pry>, ["~> 0.10"])
+      s.add_development_dependency(%q<yard>, ["~> 0.7"])
+      s.add_development_dependency(%q<bundler>, ["~> 1.0"])
+      s.add_development_dependency(%q<jeweler>, ["~> 2.0.1"])
+      s.add_development_dependency(%q<bixby-common>, ["~> 0.4"])
+      s.add_development_dependency(%q<micron>, [">= 0"])
+      s.add_development_dependency(%q<test_guard>, [">= 0"])
+      s.add_development_dependency(%q<rb-inotify>, [">= 0"])
+      s.add_development_dependency(%q<rb-fsevent>, [">= 0"])
+      s.add_development_dependency(%q<rb-fchange>, [">= 0"])
+      s.add_development_dependency(%q<oj>, [">= 0"])
+      s.add_development_dependency(%q<rspec>, [">= 0"])
+      s.add_development_dependency(%q<amatch>, [">= 0"])
+      s.add_development_dependency(%q<rails>, [">= 0"])
+      s.add_development_dependency(%q<activeresource>, [">= 0"])
+      s.add_development_dependency(%q<rest-client>, ["~> 1.6.0"])
+      s.add_development_dependency(%q<curb>, ["~> 0.8.1"])
+      s.add_development_dependency(%q<httpi>, [">= 0"])
+    else
+      s.add_dependency(%q<rake>, ["~> 10.3"])
+      s.add_dependency(%q<pry>, ["~> 0.10"])
+      s.add_dependency(%q<yard>, ["~> 0.7"])
+      s.add_dependency(%q<bundler>, ["~> 1.0"])
+      s.add_dependency(%q<jeweler>, ["~> 2.0.1"])
+      s.add_dependency(%q<bixby-common>, ["~> 0.4"])
+      s.add_dependency(%q<micron>, [">= 0"])
+      s.add_dependency(%q<test_guard>, [">= 0"])
+      s.add_dependency(%q<rb-inotify>, [">= 0"])
+      s.add_dependency(%q<rb-fsevent>, [">= 0"])
+      s.add_dependency(%q<rb-fchange>, [">= 0"])
+      s.add_dependency(%q<oj>, [">= 0"])
+      s.add_dependency(%q<rspec>, [">= 0"])
+      s.add_dependency(%q<amatch>, [">= 0"])
+      s.add_dependency(%q<rails>, [">= 0"])
+      s.add_dependency(%q<activeresource>, [">= 0"])
+      s.add_dependency(%q<rest-client>, ["~> 1.6.0"])
+      s.add_dependency(%q<curb>, ["~> 0.8.1"])
+      s.add_dependency(%q<httpi>, [">= 0"])
+    end
+  else
+    s.add_dependency(%q<rake>, ["~> 10.3"])
+    s.add_dependency(%q<pry>, ["~> 0.10"])
+    s.add_dependency(%q<yard>, ["~> 0.7"])
+    s.add_dependency(%q<bundler>, ["~> 1.0"])
+    s.add_dependency(%q<jeweler>, ["~> 2.0.1"])
+    s.add_dependency(%q<bixby-common>, ["~> 0.4"])
+    s.add_dependency(%q<micron>, [">= 0"])
+    s.add_dependency(%q<test_guard>, [">= 0"])
+    s.add_dependency(%q<rb-inotify>, [">= 0"])
+    s.add_dependency(%q<rb-fsevent>, [">= 0"])
+    s.add_dependency(%q<rb-fchange>, [">= 0"])
+    s.add_dependency(%q<oj>, [">= 0"])
+    s.add_dependency(%q<rspec>, [">= 0"])
+    s.add_dependency(%q<amatch>, [">= 0"])
+    s.add_dependency(%q<rails>, [">= 0"])
+    s.add_dependency(%q<activeresource>, [">= 0"])
+    s.add_dependency(%q<rest-client>, ["~> 1.6.0"])
+    s.add_dependency(%q<curb>, ["~> 0.8.1"])
+    s.add_dependency(%q<httpi>, [">= 0"])
+  end
+end
+

data/lib/api-auth.rb

@@ -0,0 +1,2 @@
+# So you can require "api-auth" instead of "api_auth"
+require "api_auth"

data/lib/api_auth/base.rb

@@ -0,0 +1,105 @@
+# encoding: UTF-8
+# api-auth is a Ruby gem designed to be used both in your client and server
+# HTTP-based applications. It implements the same authentication methods (HMAC)
+# used by Amazon Web Services.
+
+# The gem will sign your requests on the client side and authenticate that
+# signature on the server side. If your server resources are implemented as a
+# Rails ActiveResource, it will integrate with that. It will even generate the
+# secret keys necessary for your clients to sign their requests.
+module ApiAuth
+
+  class << self
+
+    include Helpers
+
+    # Signs an HTTP request using the client's access id and secret key.
+    # Returns the HTTP request object with the modified headers.
+    #
+    # request: The request can be a Net::HTTP, ActionDispatch::Request,
+    # Curb (Curl::Easy) or a RestClient object.
+    #
+    # access_id: The public unique identifier for the client
+    #
+    # secret_key: assigned secret key that is known to both parties
+    def sign!(request, access_id, secret_key)
+      headers = Headers.new(request)
+      headers.calculate_md5
+      headers.set_date
+      headers.sign_header auth_header(request, access_id, secret_key)
+    end
+
+    # Determines if the request is authentic given the request and the client's
+    # secret key. Returns true if the request is authentic and false otherwise.
+    def authentic?(request, secret_key)
+      return false if secret_key.nil?
+
+      return !md5_mismatch?(request) && signatures_match?(request, secret_key) && !request_too_old?(request)
+    end
+
+    # Returns the access id from the request's authorization header
+    def access_id(request)
+      headers = Headers.new(request)
+      if match_data = parse_auth_header(headers.authorization_header)
+        return match_data[1]
+      end
+
+      nil
+    end
+
+    # Generates a Base64 encoded, randomized secret key
+    #
+    # Store this key along with the access key that will be used for
+    # authenticating the client
+    def generate_secret_key
+      random_bytes = OpenSSL::Random.random_bytes(512)
+      b64_encode(Digest::SHA2.new(512).digest(random_bytes))
+    end
+
+  private
+
+    def request_too_old?(request)
+      headers = Headers.new(request)
+      # 900 seconds is 15 minutes
+      begin
+        if Time.parse(headers.timestamp).utc < (Time.now.utc - 900) then
+          raise RequestTooOld, "request is more than 900 seconds old"
+        end
+        return false
+      rescue ArgumentError
+        return true
+      end
+    end
+
+    def md5_mismatch?(request)
+      headers = Headers.new(request)
+      headers.md5_mismatch?
+    end
+
+    def signatures_match?(request, secret_key)
+      headers = Headers.new(request)
+      if match_data = parse_auth_header(headers.authorization_header)
+        hmac = match_data[2]
+        return hmac == hmac_signature(request, secret_key)
+      end
+      false
+    end
+
+    def hmac_signature(request, secret_key)
+      headers = Headers.new(request)
+      canonical_string = headers.canonical_string
+      digest = OpenSSL::Digest.new('sha1')
+      b64_encode(OpenSSL::HMAC.digest(digest, secret_key, canonical_string))
+    end
+
+    def auth_header(request, access_id, secret_key)
+      "APIAuth #{access_id}:#{hmac_signature(request, secret_key)}"
+    end
+
+    def parse_auth_header(auth_header)
+      Regexp.new("APIAuth ([^:]+):(.+)$").match(auth_header)
+    end
+
+  end # class methods
+
+end # ApiAuth

data/lib/api_auth/errors.rb

@@ -0,0 +1,12 @@
+module ApiAuth
+
+  # :nodoc:
+  class ApiAuthError < StandardError; end
+
+  # Raised when the request date is too far in the past (more than 15 minutes old)
+  class RequestTooOld < ApiAuthError; end
+
+  # Raised when the HTTP request object passed is not supported
+  class UnknownHTTPRequest < ApiAuthError; end
+
+end