captivus-auth_hmac 0.0.1

data/.gitignore

@@ -0,0 +1,17 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/Gemfile

@@ -0,0 +1,8 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in captivus-auth_hmac.gemspec
+gemspec
+
+gem "rspec", "~> 2.11"
+gem "rack-test", "~> 0.6"
+gem "delorean", "~> 2.0.0"

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2012 Austin Schneider
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,29 @@
+# Captivus::AuthHMAC
+
+HMAC based authentication for HTTP
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'captivus-auth_hmac'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install captivus-auth_hmac
+
+## Usage
+
+TODO: Write usage instructions here
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile

@@ -0,0 +1 @@
+require "bundler/gem_tasks"

data/captivus-auth_hmac.gemspec

@@ -0,0 +1,19 @@
+# -*- encoding: utf-8 -*-
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'captivus/auth_hmac/version'
+
+Gem::Specification.new do |gem|
+  gem.name          = "captivus-auth_hmac"
+  gem.version       = Captivus::AuthHMAC::VERSION
+  gem.authors       = ["Austin Schneider"]
+  gem.email         = ["austinthecoder@gmail.com"]
+  gem.description   = "HMAC based authentication for HTTP"
+  gem.summary       = "HMAC based authentication for HTTP"
+  gem.homepage      = ""
+
+  gem.files         = `git ls-files`.split($/)
+  gem.executables   = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
+  gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
+  gem.require_paths = ["lib"]
+end

data/lib/captivus/auth_hmac/version.rb

@@ -0,0 +1,5 @@
+module Captivus
+  class AuthHMAC
+    VERSION = "0.0.1"
+  end
+end

data/lib/captivus/auth_hmac.rb

@@ -0,0 +1,249 @@
+require 'openssl'
+require 'base64'
+
+module Captivus
+  class AuthHMAC
+    # This module provides a HMAC Authentication method for HTTP requests. It should work with
+    # net/http request classes and CGIRequest classes and hence Rails.
+    #
+    # It is loosely based on the Amazon Web Services Authentication mechanism but
+    # generalized to be useful to any application that requires HMAC based authentication.
+    # As a result of the generalization, it won't work with AWS because it doesn't support
+    # the Amazon extension headers.
+    #
+    # === References
+    # Cryptographic Hash functions:: http://en.wikipedia.org/wiki/Cryptographic_hash_function
+    # SHA-1 Hash function::          http://en.wikipedia.org/wiki/SHA-1
+    # HMAC algorithm::               http://en.wikipedia.org/wiki/HMAC
+    # RFC 2104::                     http://tools.ietf.org/html/rfc2104
+    #
+    module Headers
+      # Gets the headers for a request.
+      #
+      # Attempts to deal with known HTTP header representations in Ruby.
+      # Currently handles net/http and Rails.
+      #
+      def headers(request)
+        if request.respond_to?(:headers)
+          request.headers
+        elsif request.is_a?(Hash) && request.has_key?(:request_headers)
+          request[:request_headers]
+        elsif request.respond_to?(:[])
+          request
+        else
+          raise ArgumentError, "Don't know how to get the headers from #{request.inspect}"
+        end
+      end
+
+      def find_header(keys, headers)
+        keys.map do |key|
+          headers[key]
+        end.compact.first
+      end
+    end
+
+    include Headers
+
+    # Build a Canonical String for a HTTP request.
+    #
+    # A Canonical String has the following format:
+    #
+    # CanonicalString = HTTP-Verb    + "\n" +
+    #                   Content-Type + "\n" +
+    #                   Content-MD5  + "\n" +
+    #                   Date         + "\n" +
+    #                   request-uri;
+    #
+    #
+    # If the Date header doesn't exist, one will be generated since
+    # Net/HTTP will generate one if it doesn't exist and it will be
+    # used on the server side to do authentication.
+    #
+    class CanonicalString < String # :nodoc:
+      include Headers
+
+      def initialize(request)
+        self << request_method(request) + "\n"
+        self << header_values(headers(request)) + "\n"
+        self << request_path(request)
+      end
+
+    private
+
+      def request_method(request)
+        if request.respond_to?(:request_method) && request.request_method.is_a?(String)
+          request.request_method
+        elsif request.is_a?(Hash) && request.has_key?(:method)
+          request[:method].to_s
+        elsif request.respond_to?(:env) && request.env
+          request.env['REQUEST_METHOD']
+        elsif request.is_a?(Hash) && request.has_key?('REQUEST_METHOD')
+          request['REQUEST_METHOD']
+        else
+          begin
+            request.method
+          rescue ArgumentError
+            raise ArgumentError, "Don't know how to get the request method from #{request.inspect}"
+          end
+        end
+      end
+
+      def header_values(headers)
+        [ content_type(headers),
+          content_md5(headers),
+          (date(headers) or headers['Date'] = Time.now.utc.httpdate)
+        ].join("\n")
+      end
+
+      def content_type(headers)
+        find_header(%w(CONTENT-TYPE CONTENT_TYPE HTTP_CONTENT_TYPE content-type), headers)
+      end
+
+      def date(headers)
+        find_header(%w(DATE HTTP_DATE date), headers)
+      end
+
+      def content_md5(headers)
+        find_header(%w(CONTENT-MD5 CONTENT_MD5 content-md5), headers)
+      end
+
+      def request_path(request)
+        # Try unparsed_uri in case it is a Webrick request
+        path = if request.respond_to?(:unparsed_uri)
+          request.unparsed_uri
+        elsif request.is_a?(Hash) && request.has_key?(:url) && request[:url].is_a?(URI)
+          request[:url].path
+        elsif request.is_a?(Hash) && request.has_key?('PATH_INFO')
+          request['PATH_INFO']
+        else
+          request.path
+        end
+
+        path[/^[^?]*/]
+      end
+    end
+
+    @@default_signature_class = CanonicalString
+
+    # Create an AuthHMAC instance using the given credential store
+    #
+    # Credential Store:
+    # * Credential store must respond to the [] method and return a secret for access key id
+    #
+    # Options:
+    # Override default options
+    # *  <tt>:service_id</tt> - Service ID used in the AUTHORIZATION header string. Default is AuthHMAC.
+    # *  <tt>:signature_method</tt> - Proc object that takes request and produces the signature string
+    #                                 used for authentication. Default is CanonicalString.
+    # Examples:
+    #   my_hmac = AuthHMAC.new('access_id1' => 'secret1', 'access_id2' => 'secret2')
+    #
+    #   cred_store = { 'access_id1' => 'secret1', 'access_id2' => 'secret2' }
+    #   options = { :service_id => 'MyApp', :signature_method => lambda { |r| MyRequestString.new(r) } }
+    #   my_hmac = AuthHMAC.new(cred_store, options)
+    #
+    def initialize(credential_store, options = nil)
+      @credential_store = credential_store
+
+      # Defaults
+      @service_id = self.class.name.split(/::/).last
+      @signature_class = @@default_signature_class
+
+      unless options.nil?
+        @service_id = options[:service_id] if options.key?(:service_id)
+        @signature_class = options[:signature] if options.key?(:signature) && options[:signature].is_a?(Class)
+      end
+
+      @signature_method = lambda { |r| @signature_class.send(:new, r) }
+    end
+
+    # Generates canonical signing string for given request
+    #
+    # Supports same options as AuthHMAC.initialize for overriding service_id and
+    # signature method.
+    #
+    def self.canonical_string(request, options = nil)
+      self.new(nil, options).canonical_string(request)
+    end
+
+    # Generates signature string for a given secret
+    #
+    # Supports same options as AuthHMAC.initialize for overriding service_id and
+    # signature method.
+    #
+    def self.signature(request, secret, options = nil)
+      self.new(nil, options).signature(request, secret)
+    end
+
+    # Signs a request using a given access key id and secret.
+    #
+    # Supports same options as AuthHMAC.initialize for overriding service_id and
+    # signature method.
+    #
+    def self.sign!(request, access_key_id, secret, options = nil)
+      credentials = { access_key_id => secret }
+      self.new(credentials, options).sign!(request, access_key_id)
+    end
+
+    # Authenticates a request using HMAC
+    #
+    # Supports same options as AuthHMAC.initialize for overriding service_id and
+    # signature method.
+    #
+    def self.authenticated?(request, access_key_id, secret, options)
+      credentials = { access_key_id => secret }
+      self.new(credentials, options).authenticated?(request)
+    end
+
+    # Signs a request using the access_key_id and the secret associated with that id
+    # in the credential store.
+    #
+    # Signing a requests adds an Authorization header to the request in the format:
+    #
+    #  <service_id> <access_key_id>:<signature>
+    #
+    # where <signature> is the Base64 encoded HMAC-SHA1 of the CanonicalString and the secret.
+    #
+    def sign!(request, access_key_id)
+      secret = @credential_store[access_key_id]
+      raise ArgumentError, "No secret found for key id '#{access_key_id}'" if secret.nil?
+      request['Authorization'] = authorization(request, access_key_id, secret)
+    end
+
+    # Authenticates a request using HMAC
+    #
+    # Returns true if the request has an AuthHMAC Authorization header and
+    # the access id and HMAC match an id and HMAC produced for the secret
+    # in the credential store. Otherwise returns false.
+    #
+    def authenticated?(request)
+      rx = Regexp.new("#{@service_id} ([^:]+):(.+)$")
+      if md = rx.match(authorization_header(request))
+        access_key_id = md[1]
+        hmac = md[2]
+        secret = @credential_store[access_key_id]
+        !secret.nil? && hmac == signature(request, secret)
+      else
+        false
+      end
+    end
+
+    def signature(request, secret)
+      digest = OpenSSL::Digest::Digest.new('sha1')
+      string = canonical_string(request)
+      Base64.strict_encode64(OpenSSL::HMAC.digest(digest, secret, string)).strip
+    end
+
+    def canonical_string(request)
+      @signature_method.call(request)
+    end
+
+    def authorization_header(request)
+      find_header(%w(Authorization HTTP_AUTHORIZATION), headers(request))
+    end
+
+    def authorization(request, access_key_id, secret)
+      "#{@service_id} #{access_key_id}:#{signature(request, secret)}"
+    end
+  end
+end

data/lib/captivus.rb

@@ -0,0 +1,6 @@
+require 'captivus/auth_hmac/version'
+
+module Captivus
+end
+
+require 'captivus/auth_hmac'

data/spec/captivus/auth_hmac_spec.rb

@@ -0,0 +1,302 @@
+require 'captivus/auth_hmac'
+require 'net/http'
+require 'time'
+
+describe Captivus::AuthHMAC do
+  # Class for doing a custom signature
+  class CustomSignature < String
+    def initialize(request)
+      self << "Custom signature string: #{request.method}"
+    end
+  end
+
+  def signature(value, secret)
+    digest = OpenSSL::Digest::Digest.new('sha1')
+    Base64.encode64(OpenSSL::HMAC.digest(digest, secret, value)).strip
+  end
+
+  let(:request) {
+    Net::HTTP::Put.new("/path/to/put?foo=bar&bar=foo",
+      'content-type' => 'text/plain',
+      'content-md5' => 'blahblah',
+      'date' => "Thu, 10 Jul 2008 03:29:56 GMT")
+  }
+
+  describe ".canonical_string" do
+    it "should generate a canonical string using default method" do
+      Captivus::AuthHMAC.canonical_string(request).should == "PUT\ntext/plain\nblahblah\nThu, 10 Jul 2008 03:29:56 GMT\n/path/to/put"
+    end
+  end
+
+  describe ".signature" do
+    it "should generate a valid signature string for a secret" do
+      Captivus::AuthHMAC.signature(request, 'secret').should == "71wAJM4IIu/3o6lcqx/tw7XnAJs="
+    end
+  end
+
+  describe ".sign!" do
+    it "should sign using the key passed in as a parameter" do
+     Captivus::AuthHMAC.sign!(request, "my-key-id", "secret")
+     request['Authorization'].should == "AuthHMAC my-key-id:71wAJM4IIu/3o6lcqx/tw7XnAJs="
+    end
+
+    it "should sign using custom service id" do
+      Captivus::AuthHMAC.sign!(request, "my-key-id", "secret", { :service_id => 'MyService' })
+      request['Authorization'].should == "MyService my-key-id:71wAJM4IIu/3o6lcqx/tw7XnAJs="
+    end
+
+    it "should sign using custom signature method" do
+      options = {
+        :service_id => 'MyService',
+        :signature => CustomSignature
+      }
+      Captivus::AuthHMAC.sign!(request, "my-key-id", "secret", options)
+      request['Authorization'].should == "MyService my-key-id:/L4N1v1BZSHfAYkQjsvZn696D9c="
+    end
+
+    it 'can sign a faraday request hash' do
+      Time.stub(:now).and_return(Time.parse("Thu, 10 Jul 2008 03:29:56 GMT"))
+
+      env = {
+        :method=>:get,
+        :body=>"test",
+        :url=>URI.parse("http://sushi.com/api/foo.json"),
+        :request_headers=>{"Date" => Time.now.utc.httpdate},
+        :parallel_manager=>nil,
+        :request=>nil,
+        :ssl=>{}
+      }
+      Captivus::AuthHMAC.sign!(env, "access_id", "secret", { :service_id => 'MyService' })
+      env['Authorization'].should == 'MyService access_id:ZQnbYwmno+PsaavXzUAdvj/DKvo='
+    end
+  end
+
+  describe "#sign!" do
+    before(:each) do
+      @get_request = Net::HTTP::Get.new("/")
+      @put_request = Net::HTTP::Put.new("/path/to/put?foo=bar&bar=foo",
+        'content-type' => 'text/plain',
+        'content-md5' => 'blahblah',
+        'date' => "Thu, 10 Jul 2008 03:29:56 GMT")
+       @store = mock('store')
+      @store.stub!(:[]).and_return("")
+      @authhmac = Captivus::AuthHMAC.new(@store)
+    end
+
+    describe "default AuthHMAC with CanonicalString signature" do
+      it "should add an Authorization header" do
+        @authhmac.sign!(@get_request, 'key-id')
+        @get_request.key?("Authorization").should be_true
+      end
+
+      it "should fetch the secret from the store" do
+        @store.should_receive(:[]).with('key-id').and_return('secret')
+        @authhmac.sign!(@get_request, 'key-id')
+      end
+
+      it "should prefix the Authorization Header with AuthHMAC" do
+        @authhmac.sign!(@get_request, 'key-id')
+        @get_request['Authorization'].should match(/^AuthHMAC /)
+      end
+
+      it "should include the key id as the first part of the Authorization header value" do
+        @authhmac.sign!(@get_request, 'key-id')
+        @get_request['Authorization'].should match(/^AuthHMAC key-id:/)
+      end
+
+      it "should include the base64 encoded HMAC signature as the last part of the header value" do
+        @authhmac.sign!(@get_request, 'key-id')
+        @get_request['Authorization'].should match(/:[A-Za-z0-9+\/]{26,28}[=]{0,2}$/)
+      end
+
+      it "should create a complete signature" do
+        @store.should_receive(:[]).with('my-key-id').and_return('secret')
+        @authhmac.sign!(@put_request, "my-key-id")
+        @put_request['Authorization'].should == "AuthHMAC my-key-id:71wAJM4IIu/3o6lcqx/tw7XnAJs="
+      end
+    end
+
+    describe "custom signatures" do
+      before(:each) do
+         @options = {
+          :service_id => 'MyService',
+          :signature => CustomSignature
+        }
+        @authhmac = Captivus::AuthHMAC.new(@store, @options)
+      end
+
+      it "should prefix the Authorization header with custom service id" do
+        @authhmac.sign!(@get_request, 'key-id')
+        @get_request['Authorization'].should match(/^MyService /)
+      end
+
+      it "should create a complete signature using options" do
+        @store.should_receive(:[]).with('my-key-id').and_return('secret')
+        @authhmac.sign!(@put_request, "my-key-id")
+        @put_request['Authorization'].should == "MyService my-key-id:/L4N1v1BZSHfAYkQjsvZn696D9c="
+      end
+    end
+  end
+
+  describe "authenticated?" do
+    before(:each) do
+      @credentials = {
+        "access key 1" => 'secret1',
+        "access key 2" => 'secret2'
+      }
+      @authhmac = Captivus::AuthHMAC.new(@credentials)
+      @request = Net::HTTP::Get.new("/path/to/get?foo=bar&bar=foo", 'date' => "Thu, 10 Jul 2008 03:29:56 GMT")
+    end
+
+    it "should return false when there is no Authorization Header" do
+      @authhmac.authenticated?(@request).should be_false
+    end
+
+    it "should return false when the Authorization value isn't prefixed with HMAC" do
+      @request['Authorization'] = "id:secret"
+      @authhmac.authenticated?(@request).should be_false
+    end
+
+    it "should return false when the access key id can't be found" do
+      @request['Authorization'] = 'AuthHMAC missing-key:blah'
+      @authhmac.authenticated?(@request).should be_false
+    end
+
+    it "should return false when there is no hmac" do
+      @request['Authorization'] = 'AuthHMAC missing-key:'
+      @authhmac.authenticated?(@request).should be_false
+    end
+
+    it "should return false when the hmac doesn't match" do
+      @request['Authorization'] = 'AuthHMAC access key 1:blah'
+      @authhmac.authenticated?(@request).should be_false
+    end
+
+    it "should return false if the request was modified after signing" do
+      @authhmac.sign!(@request, 'access key 1')
+      @request.content_type = 'text/plain'
+      @authhmac.authenticated?(@request).should be_false
+    end
+
+    it "should return true when the hmac does match" do
+      @authhmac.sign!(@request, 'access key 1')
+      @authhmac.authenticated?(@request).should be_true
+    end
+
+    describe "custom signatures" do
+      before(:each) do
+        @options = {
+          :service_id => 'MyService',
+          :signature => CustomSignature
+        }
+      end
+
+      it "should return false for invalid service id" do
+        @authhmac.sign!(@request, 'access key 1')
+        @options.delete(:signature)
+        Captivus::AuthHMAC.new(@credentials, @options).authenticated?(@request).should be_false
+      end
+
+      it "should return false for request using default CanonicalString signature" do
+        @authhmac.sign!(@request, 'access key 1')
+        @options.delete(:service_id)
+        Captivus::AuthHMAC.new(@credentials, @options).authenticated?(@request).should be_false
+      end
+
+      it "should return true when valid" do
+        @authhmac = Captivus::AuthHMAC.new(@credentials, @options)
+        @authhmac.sign!(@request, 'access key 1')
+        @authhmac.authenticated?(@request).should be_true
+      end
+    end
+  end
+
+  describe "#sign! with YAML credentials" do
+    before(:each) do
+      credentials = {
+        "access key 1" => 'secret1',
+        "access key 2" => 'secret2'
+      }
+      @authhmac = Captivus::AuthHMAC.new(credentials)
+      @request = Net::HTTP::Get.new("/path/to/get?foo=bar&bar=foo", 'date' => "Thu, 10 Jul 2008 03:29:56 GMT")
+    end
+
+    it "should raise an argument error if credentials are missing" do
+      lambda { @authhmac.sign!(@request, 'missing') }.should raise_error(ArgumentError)
+    end
+
+    it "should sign with the secret" do
+      @authhmac.sign!(@request, "access key 1")
+      @request['Authorization'].should == "AuthHMAC access key 1:ovwO0OBERuF3/uR3aowaUCkFMiE="
+    end
+
+    it "should sign with the other secret" do
+      @authhmac.sign!(@request, "access key 2")
+      @request['Authorization'].should == "AuthHMAC access key 2:vT010RQm4IZ6+UCVpK2/N0FLpLw="
+    end
+  end
+
+  describe Captivus::AuthHMAC::CanonicalString do
+    it "should include the http verb when it is GET" do
+      request = Net::HTTP::Get.new("/")
+      Captivus::AuthHMAC::CanonicalString.new(request).should match(/GET/)
+    end
+
+    it "should include the http verb when it is POST" do
+      request = Net::HTTP::Post.new("/")
+      Captivus::AuthHMAC::CanonicalString.new(request).should match(/POST/)
+    end
+
+    it "should include the content-type" do
+      request = Net::HTTP::Put.new("/", {'Content-Type' => 'application/xml'})
+      Captivus::AuthHMAC::CanonicalString.new(request).should match(/application\/xml/)
+    end
+
+    it "should include the content-type even if the case is messed up" do
+      request = Net::HTTP::Put.new("/", {'cOntent-type' => 'text/html'})
+      Captivus::AuthHMAC::CanonicalString.new(request).should match(/text\/html/)
+    end
+
+    it "should include the content-md5" do
+      request = Net::HTTP::Put.new("/", {'Content-MD5' => 'skwkend'})
+      Captivus::AuthHMAC::CanonicalString.new(request).should match(/skwkend/)
+    end
+
+    it "should include the content-md5 even if the case is messed up" do
+      request = Net::HTTP::Put.new("/", {'content-md5' => 'adsada'})
+      Captivus::AuthHMAC::CanonicalString.new(request).should match(/adsada/)
+    end
+
+    it "should include the date" do
+      date = Time.now.httpdate
+      request = Net::HTTP::Put.new("/", {'Date' => date})
+      Captivus::AuthHMAC::CanonicalString.new(request).should match(/#{date}/)
+    end
+
+    it "should include the request path" do
+      request = Net::HTTP::Get.new("/path/to/file")
+      Captivus::AuthHMAC::CanonicalString.new(request).should match(/\/path\/to\/file[^?]?/)
+    end
+
+    it "should ignore the query string of the request path" do
+      request = Net::HTTP::Get.new("/other/path/to/file?query=foo")
+      Captivus::AuthHMAC::CanonicalString.new(request).should match(/\/other\/path\/to\/file[^?]?/)
+    end
+
+    it "should build the correct string" do
+      date = Time.now.httpdate
+      request = Net::HTTP::Put.new("/path/to/put?foo=bar&bar=foo",
+                                    'content-type' => 'text/plain',
+                                    'content-md5' => 'blahblah',
+                                    'date' => date)
+      Captivus::AuthHMAC::CanonicalString.new(request).should == "PUT\ntext/plain\nblahblah\n#{date}\n/path/to/put"
+    end
+
+    it "should build the correct string when some elements are missing" do
+      date = Time.now.httpdate
+      request = Net::HTTP::Get.new("/path/to/get?foo=bar&bar=foo",
+                                    'date' => date)
+      Captivus::AuthHMAC::CanonicalString.new(request).should == "GET\n\n\n#{date}\n/path/to/get"
+    end
+  end
+end

data/spec/captivus_spec.rb

@@ -0,0 +1,4 @@
+require 'captivus'
+
+describe Captivus do
+end

data/spec/integration/auth_hmac_spec.rb

@@ -0,0 +1,54 @@
+require 'spec_helper'
+require 'captivus/auth_hmac'
+require 'rack/test'
+require 'net/http'
+
+describe Captivus::AuthHMAC do
+  include Rack::Test::Methods
+
+  def app
+    lambda do |env|
+      [200, {"Content-Type" => "text/html", "Content-Length" => 13}, "Hello, World!"]
+    end
+  end
+
+  it 'says hello world' do
+    get '/'
+    last_response.status.should == 200
+    last_response.body.should == 'Hello, World!'
+  end
+
+  it 'can process rack test requests' do
+    # HMAC uses date to validate request signature, we need to fix the date so
+    # that it matches.
+    Delorean.time_travel_to(Date.parse("Thu, 10 Jul 2008 03:29:56 GMT"))
+
+    env = current_session.__send__(:env_for, '/notify', {}.merge(:method => "POST", :params => {token: 'my-key-id'}))
+    signature = Captivus::AuthHMAC.sign!(env, "my-key-id", "secret")
+    signature.should == "AuthHMAC my-key-id:5zpt0efY2ck3zO/U1Eh9De/B1KM="
+
+    back_to_the_present
+  end
+
+  it 'can handle hash requests' do
+    Delorean.time_travel_to(Date.parse("Thu, 10 Jul 2008 03:29:56 GMT"))
+
+    request_hash = {
+      'REQUEST_METHOD' => 'PUT',
+      'content-type' => 'text/plain',
+      'content-md5' => 'blahblah',
+      'date' => "Thu, 10 Jul 2008 03:29:56 GMT",
+      'PATH_INFO' => '/notify'
+    }
+
+    standard_request = Net::HTTP::Put.new("/notify",
+      'content-type' => 'text/plain',
+      'content-md5' => 'blahblah',
+      'date' => "Thu, 10 Jul 2008 03:29:56 GMT")
+
+    sig = Captivus::AuthHMAC.signature(request_hash, 'secret')
+    sig.should == Captivus::AuthHMAC.signature(standard_request, 'secret')
+
+    back_to_the_present
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,6 @@
+require 'bundler/setup'
+require "delorean"
+
+RSpec.configure do |config|
+  config.include Delorean
+end

metadata

@@ -0,0 +1,62 @@
+--- !ruby/object:Gem::Specification
+name: captivus-auth_hmac
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+  prerelease: 
+platform: ruby
+authors:
+- Austin Schneider
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2012-10-18 00:00:00.000000000 Z
+dependencies: []
+description: HMAC based authentication for HTTP
+email:
+- austinthecoder@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- captivus-auth_hmac.gemspec
+- lib/captivus.rb
+- lib/captivus/auth_hmac.rb
+- lib/captivus/auth_hmac/version.rb
+- spec/captivus/auth_hmac_spec.rb
+- spec/captivus_spec.rb
+- spec/integration/auth_hmac_spec.rb
+- spec/spec_helper.rb
+homepage: ''
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.24
+signing_key: 
+specification_version: 3
+summary: HMAC based authentication for HTTP
+test_files:
+- spec/captivus/auth_hmac_spec.rb
+- spec/captivus_spec.rb
+- spec/integration/auth_hmac_spec.rb
+- spec/spec_helper.rb