bunq-client 0.5.0 → 0.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/bunq/errors.rb +1 -0
- data/lib/bunq/resource.rb +1 -6
- data/lib/bunq/signature.rb +11 -28
- data/lib/bunq/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 98dbab9b8695c2550142560443bc09a6a3f4db726bb1eb4505c42fd08142cf99
|
|
4
|
+
data.tar.gz: d473fdd5e1c2e42587678a954f030b167af21aebccd1207972f8d51e9caa2e80
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 56ebe10bae8893b8f263347077d2731b4af09f05b5162700e0daedd6debd167d9ee5a8d3ed6d338f8a2ef5233193cbd412bf8cc2c25669393ee1aa48690ab96b
|
|
7
|
+
data.tar.gz: a114dd6b263c1674b45b4ae552b858431cd4161378b771e0383e04fa2e845d6d14deddac55b3e3ff1216ba59fdf33b56b9632052c291ff11dad7d48ef1ec0eec
|
data/lib/bunq/errors.rb
CHANGED
|
@@ -26,6 +26,7 @@ module Bunq
|
|
|
26
26
|
end
|
|
27
27
|
|
|
28
28
|
class UnexpectedResponse < ResponseError; end
|
|
29
|
+
class RequestSignatureRequired < ResponseError; end
|
|
29
30
|
class AbsentResponseSignature < ResponseError; end
|
|
30
31
|
class TooManyRequestsResponse < ResponseError; end
|
|
31
32
|
class UnauthorisedResponse < ResponseError; end
|
data/lib/bunq/resource.rb
CHANGED
|
@@ -89,12 +89,7 @@ module Bunq
|
|
|
89
89
|
end
|
|
90
90
|
|
|
91
91
|
def sign_request(verb, params, headers, payload = nil)
|
|
92
|
-
client.signature.create(
|
|
93
|
-
verb,
|
|
94
|
-
encode_params(@path, params),
|
|
95
|
-
resource.headers.merge(headers),
|
|
96
|
-
payload
|
|
97
|
-
)
|
|
92
|
+
client.signature.create(payload)
|
|
98
93
|
end
|
|
99
94
|
|
|
100
95
|
def encode_params(path, params)
|
data/lib/bunq/signature.rb
CHANGED
|
@@ -5,9 +5,6 @@ module Bunq
|
|
|
5
5
|
# headers in raw_headers hash in rest client are all lower case
|
|
6
6
|
BUNQ_HEADER_PREFIX = 'X-Bunq-'.downcase
|
|
7
7
|
BUNQ_SERVER_SIGNATURE_RESPONSE_HEADER = 'X-Bunq-Server-Signature'.downcase
|
|
8
|
-
CACHE_CONTROL_HEADER = 'Cache-Control'.downcase
|
|
9
|
-
USER_AGENT_HEADER = 'User-Agent'.downcase
|
|
10
|
-
SIGNABLE_HEADERS = [CACHE_CONTROL_HEADER, USER_AGENT_HEADER]
|
|
11
8
|
|
|
12
9
|
def initialize(private_key, server_public_key)
|
|
13
10
|
fail ArgumentError.new('private_key is mandatory') unless private_key
|
|
@@ -17,11 +14,8 @@ module Bunq
|
|
|
17
14
|
@server_public_key = OpenSSL::PKey::RSA.new(server_public_key)
|
|
18
15
|
end
|
|
19
16
|
|
|
20
|
-
def create(
|
|
21
|
-
signature = private_key.sign(
|
|
22
|
-
digest,
|
|
23
|
-
signable_input(verb, path, headers.select { |header_name, _| signable_header?(header_name) }, body)
|
|
24
|
-
)
|
|
17
|
+
def create(body)
|
|
18
|
+
signature = private_key.sign(digest, body.to_s)
|
|
25
19
|
|
|
26
20
|
Base64.strict_encode64(signature)
|
|
27
21
|
end
|
|
@@ -29,17 +23,20 @@ module Bunq
|
|
|
29
23
|
def verify!(response)
|
|
30
24
|
return if skip_signature_check(response.code)
|
|
31
25
|
|
|
32
|
-
sorted_bunq_headers = response.raw_headers.select(&method(:verifiable_header?)).sort.to_h.map { |k, v| "#{k.to_s.split('-').map(&:capitalize).join('-')}: #{v.first}" }
|
|
33
|
-
data = %Q{#{response.code}\n#{sorted_bunq_headers.join("\n")}\n\n#{response.body}}
|
|
34
|
-
|
|
35
26
|
signature_headers = response.raw_headers.find { |k, _| k.to_s.downcase == BUNQ_SERVER_SIGNATURE_RESPONSE_HEADER }
|
|
36
|
-
|
|
27
|
+
unless signature_headers
|
|
28
|
+
fail AbsentResponseSignature.new(code: response.code, headers: response.raw_headers, body: response.body)
|
|
29
|
+
end
|
|
37
30
|
|
|
38
31
|
signature_headers_value = signature_headers[1]
|
|
39
|
-
|
|
32
|
+
unless signature_headers_value
|
|
33
|
+
fail AbsentResponseSignature.new(code: response.code, headers: response.raw_headers, body: response.body)
|
|
34
|
+
end
|
|
40
35
|
|
|
41
36
|
signature = Base64.strict_decode64(signature_headers_value.first)
|
|
42
|
-
|
|
37
|
+
unless server_public_key.verify(digest, signature, response.body)
|
|
38
|
+
fail RequestSignatureRequired.new(code: response.code, headers: response.raw_headers, body: response.body)
|
|
39
|
+
end
|
|
43
40
|
end
|
|
44
41
|
|
|
45
42
|
private
|
|
@@ -50,20 +47,6 @@ module Bunq
|
|
|
50
47
|
OpenSSL::Digest::SHA256.new
|
|
51
48
|
end
|
|
52
49
|
|
|
53
|
-
def signable_input(verb, path, headers, body)
|
|
54
|
-
sortable_headers = Hash[headers.collect{ |k,v| [k.to_s, v] }]
|
|
55
|
-
head = [
|
|
56
|
-
[verb, path].join(' '),
|
|
57
|
-
sortable_headers.sort.to_h.map { |k,v| "#{k}: #{v}" }.join("\n")
|
|
58
|
-
].join("\n")
|
|
59
|
-
"#{head}\n\n#{body}"
|
|
60
|
-
end
|
|
61
|
-
|
|
62
|
-
def signable_header?(header_name)
|
|
63
|
-
_header_name = header_name.to_s.downcase
|
|
64
|
-
SIGNABLE_HEADERS.include?(_header_name) || _header_name.start_with?(BUNQ_HEADER_PREFIX)
|
|
65
|
-
end
|
|
66
|
-
|
|
67
50
|
def verifiable_header?(header_name, _)
|
|
68
51
|
_header_name = header_name.to_s.downcase
|
|
69
52
|
_header_name.start_with?(BUNQ_HEADER_PREFIX) && _header_name != BUNQ_SERVER_SIGNATURE_RESPONSE_HEADER
|
data/lib/bunq/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: bunq-client
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.6.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Lars Vonk
|
|
@@ -11,7 +11,7 @@ authors:
|
|
|
11
11
|
autorequire:
|
|
12
12
|
bindir: exe
|
|
13
13
|
cert_chain: []
|
|
14
|
-
date: 2020-03-
|
|
14
|
+
date: 2020-03-09 00:00:00.000000000 Z
|
|
15
15
|
dependencies:
|
|
16
16
|
- !ruby/object:Gem::Dependency
|
|
17
17
|
name: rest-client
|