bunq-client 0.5.0 → 0.6.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/bunq/errors.rb +1 -0
- data/lib/bunq/resource.rb +1 -6
- data/lib/bunq/signature.rb +11 -28
- data/lib/bunq/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 98dbab9b8695c2550142560443bc09a6a3f4db726bb1eb4505c42fd08142cf99
|
|
4
|
+
data.tar.gz: d473fdd5e1c2e42587678a954f030b167af21aebccd1207972f8d51e9caa2e80
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 56ebe10bae8893b8f263347077d2731b4af09f05b5162700e0daedd6debd167d9ee5a8d3ed6d338f8a2ef5233193cbd412bf8cc2c25669393ee1aa48690ab96b
|
|
7
|
+
data.tar.gz: a114dd6b263c1674b45b4ae552b858431cd4161378b771e0383e04fa2e845d6d14deddac55b3e3ff1216ba59fdf33b56b9632052c291ff11dad7d48ef1ec0eec
|
data/lib/bunq/errors.rb
CHANGED
|
@@ -26,6 +26,7 @@ module Bunq
|
|
|
26
26
|
end
|
|
27
27
|
|
|
28
28
|
class UnexpectedResponse < ResponseError; end
|
|
29
|
+
class RequestSignatureRequired < ResponseError; end
|
|
29
30
|
class AbsentResponseSignature < ResponseError; end
|
|
30
31
|
class TooManyRequestsResponse < ResponseError; end
|
|
31
32
|
class UnauthorisedResponse < ResponseError; end
|
data/lib/bunq/resource.rb
CHANGED
|
@@ -89,12 +89,7 @@ module Bunq
|
|
|
89
89
|
end
|
|
90
90
|
|
|
91
91
|
def sign_request(verb, params, headers, payload = nil)
|
|
92
|
-
client.signature.create(
|
|
93
|
-
verb,
|
|
94
|
-
encode_params(@path, params),
|
|
95
|
-
resource.headers.merge(headers),
|
|
96
|
-
payload
|
|
97
|
-
)
|
|
92
|
+
client.signature.create(payload)
|
|
98
93
|
end
|
|
99
94
|
|
|
100
95
|
def encode_params(path, params)
|
data/lib/bunq/signature.rb
CHANGED
|
@@ -5,9 +5,6 @@ module Bunq
|
|
|
5
5
|
# headers in raw_headers hash in rest client are all lower case
|
|
6
6
|
BUNQ_HEADER_PREFIX = 'X-Bunq-'.downcase
|
|
7
7
|
BUNQ_SERVER_SIGNATURE_RESPONSE_HEADER = 'X-Bunq-Server-Signature'.downcase
|
|
8
|
-
CACHE_CONTROL_HEADER = 'Cache-Control'.downcase
|
|
9
|
-
USER_AGENT_HEADER = 'User-Agent'.downcase
|
|
10
|
-
SIGNABLE_HEADERS = [CACHE_CONTROL_HEADER, USER_AGENT_HEADER]
|
|
11
8
|
|
|
12
9
|
def initialize(private_key, server_public_key)
|
|
13
10
|
fail ArgumentError.new('private_key is mandatory') unless private_key
|
|
@@ -17,11 +14,8 @@ module Bunq
|
|
|
17
14
|
@server_public_key = OpenSSL::PKey::RSA.new(server_public_key)
|
|
18
15
|
end
|
|
19
16
|
|
|
20
|
-
def create(
|
|
21
|
-
signature = private_key.sign(
|
|
22
|
-
digest,
|
|
23
|
-
signable_input(verb, path, headers.select { |header_name, _| signable_header?(header_name) }, body)
|
|
24
|
-
)
|
|
17
|
+
def create(body)
|
|
18
|
+
signature = private_key.sign(digest, body.to_s)
|
|
25
19
|
|
|
26
20
|
Base64.strict_encode64(signature)
|
|
27
21
|
end
|
|
@@ -29,17 +23,20 @@ module Bunq
|
|
|
29
23
|
def verify!(response)
|
|
30
24
|
return if skip_signature_check(response.code)
|
|
31
25
|
|
|
32
|
-
sorted_bunq_headers = response.raw_headers.select(&method(:verifiable_header?)).sort.to_h.map { |k, v| "#{k.to_s.split('-').map(&:capitalize).join('-')}: #{v.first}" }
|
|
33
|
-
data = %Q{#{response.code}\n#{sorted_bunq_headers.join("\n")}\n\n#{response.body}}
|
|
34
|
-
|
|
35
26
|
signature_headers = response.raw_headers.find { |k, _| k.to_s.downcase == BUNQ_SERVER_SIGNATURE_RESPONSE_HEADER }
|
|
36
|
-
|
|
27
|
+
unless signature_headers
|
|
28
|
+
fail AbsentResponseSignature.new(code: response.code, headers: response.raw_headers, body: response.body)
|
|
29
|
+
end
|
|
37
30
|
|
|
38
31
|
signature_headers_value = signature_headers[1]
|
|
39
|
-
|
|
32
|
+
unless signature_headers_value
|
|
33
|
+
fail AbsentResponseSignature.new(code: response.code, headers: response.raw_headers, body: response.body)
|
|
34
|
+
end
|
|
40
35
|
|
|
41
36
|
signature = Base64.strict_decode64(signature_headers_value.first)
|
|
42
|
-
|
|
37
|
+
unless server_public_key.verify(digest, signature, response.body)
|
|
38
|
+
fail RequestSignatureRequired.new(code: response.code, headers: response.raw_headers, body: response.body)
|
|
39
|
+
end
|
|
43
40
|
end
|
|
44
41
|
|
|
45
42
|
private
|
|
@@ -50,20 +47,6 @@ module Bunq
|
|
|
50
47
|
OpenSSL::Digest::SHA256.new
|
|
51
48
|
end
|
|
52
49
|
|
|
53
|
-
def signable_input(verb, path, headers, body)
|
|
54
|
-
sortable_headers = Hash[headers.collect{ |k,v| [k.to_s, v] }]
|
|
55
|
-
head = [
|
|
56
|
-
[verb, path].join(' '),
|
|
57
|
-
sortable_headers.sort.to_h.map { |k,v| "#{k}: #{v}" }.join("\n")
|
|
58
|
-
].join("\n")
|
|
59
|
-
"#{head}\n\n#{body}"
|
|
60
|
-
end
|
|
61
|
-
|
|
62
|
-
def signable_header?(header_name)
|
|
63
|
-
_header_name = header_name.to_s.downcase
|
|
64
|
-
SIGNABLE_HEADERS.include?(_header_name) || _header_name.start_with?(BUNQ_HEADER_PREFIX)
|
|
65
|
-
end
|
|
66
|
-
|
|
67
50
|
def verifiable_header?(header_name, _)
|
|
68
51
|
_header_name = header_name.to_s.downcase
|
|
69
52
|
_header_name.start_with?(BUNQ_HEADER_PREFIX) && _header_name != BUNQ_SERVER_SIGNATURE_RESPONSE_HEADER
|
data/lib/bunq/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: bunq-client
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.6.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Lars Vonk
|
|
@@ -11,7 +11,7 @@ authors:
|
|
|
11
11
|
autorequire:
|
|
12
12
|
bindir: exe
|
|
13
13
|
cert_chain: []
|
|
14
|
-
date: 2020-03-
|
|
14
|
+
date: 2020-03-09 00:00:00.000000000 Z
|
|
15
15
|
dependencies:
|
|
16
16
|
- !ruby/object:Gem::Dependency
|
|
17
17
|
name: rest-client
|