client_authentication 1.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/lib/client_authentication.rb +57 -0
- metadata +73 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: 9e377e440730e53379c3df60aaf402a3cad748fc9f18ea7f6abc8a1dd6205f53
|
4
|
+
data.tar.gz: d2ddee2acbdd4c7bc8fd502cab96948a4e97301177ff37e587b99623231ce2c6
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: e5542bf84a315e6541f491aaf97c2dee180154c7223f18a57b8603c46d5b8709851b413a62371339a2b48901f53e15face1f94c12ec728f10b803eed8f11538c
|
7
|
+
data.tar.gz: e7dbd086a8a838141326414f2748c386463947573fb0b92cbd435d1476897cae1ba2ae61f38518367515aeddf7ec366677e78da9b3ad369cd4bf9bc555d9ad62
|
@@ -0,0 +1,57 @@
|
|
1
|
+
require 'base64'
|
2
|
+
require 'openssl'
|
3
|
+
|
4
|
+
class ClientAuthentication
|
5
|
+
attr_accessor :header_keys
|
6
|
+
|
7
|
+
# model must respond to :key and :secret
|
8
|
+
def initialize(headers, max_seconds = 5, model = Application)
|
9
|
+
@headers = headers
|
10
|
+
@max_seconds = max_seconds
|
11
|
+
@model = model
|
12
|
+
|
13
|
+
@header_keys = {
|
14
|
+
time: "X-Level3-Digest-Time",
|
15
|
+
key: "X-Level3-Application-Key",
|
16
|
+
digest: "X-Level3-Digest",
|
17
|
+
}
|
18
|
+
end
|
19
|
+
|
20
|
+
def authenticate_client!
|
21
|
+
key = @headers[ header_keys[:key] ]
|
22
|
+
time = @headers[ header_keys[:time] ]
|
23
|
+
digest = @headers[ header_keys[:digest] ]
|
24
|
+
|
25
|
+
authenticate_header_values!(key, digest, time)
|
26
|
+
key
|
27
|
+
end
|
28
|
+
|
29
|
+
def authenticate_header_values!(key, digest, time)
|
30
|
+
diff = (time.to_i - salt.to_i).abs
|
31
|
+
raise ClientAuthenticationException.new if diff > @max_seconds
|
32
|
+
|
33
|
+
application = @model.find_by_key(key)
|
34
|
+
raise ClientAuthenticationException.new unless application
|
35
|
+
|
36
|
+
secret = application.secret
|
37
|
+
raise ClientAuthenticationException.new unless secret
|
38
|
+
|
39
|
+
raise ClientAuthenticationException.new unless digest.eql? generate_digest(time, secret)
|
40
|
+
true
|
41
|
+
end
|
42
|
+
|
43
|
+
def generate_digest(salt, secret)
|
44
|
+
Base64.encode64(
|
45
|
+
OpenSSL::HMAC.digest(
|
46
|
+
'sha256',secret, salt) ).
|
47
|
+
strip
|
48
|
+
end
|
49
|
+
|
50
|
+
def salt
|
51
|
+
Time.now.to_i.to_s
|
52
|
+
end
|
53
|
+
|
54
|
+
class ClientAuthenticationException < Exception
|
55
|
+
end
|
56
|
+
|
57
|
+
end
|
metadata
ADDED
@@ -0,0 +1,73 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: client_authentication
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 1.0.1
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Oz DiGennaro
|
8
|
+
- Vithya Renganathan
|
9
|
+
autorequire:
|
10
|
+
bindir: bin
|
11
|
+
cert_chain: []
|
12
|
+
date: 2018-05-24 00:00:00.000000000 Z
|
13
|
+
dependencies:
|
14
|
+
- !ruby/object:Gem::Dependency
|
15
|
+
name: base64
|
16
|
+
requirement: !ruby/object:Gem::Requirement
|
17
|
+
requirements:
|
18
|
+
- - ">="
|
19
|
+
- !ruby/object:Gem::Version
|
20
|
+
version: '0'
|
21
|
+
type: :runtime
|
22
|
+
prerelease: false
|
23
|
+
version_requirements: !ruby/object:Gem::Requirement
|
24
|
+
requirements:
|
25
|
+
- - ">="
|
26
|
+
- !ruby/object:Gem::Version
|
27
|
+
version: '0'
|
28
|
+
- !ruby/object:Gem::Dependency
|
29
|
+
name: openssl
|
30
|
+
requirement: !ruby/object:Gem::Requirement
|
31
|
+
requirements:
|
32
|
+
- - ">="
|
33
|
+
- !ruby/object:Gem::Version
|
34
|
+
version: '0'
|
35
|
+
type: :runtime
|
36
|
+
prerelease: false
|
37
|
+
version_requirements: !ruby/object:Gem::Requirement
|
38
|
+
requirements:
|
39
|
+
- - ">="
|
40
|
+
- !ruby/object:Gem::Version
|
41
|
+
version: '0'
|
42
|
+
description: Use three header fields and a shared secret
|
43
|
+
email: oz.digennaro@centurylink.com
|
44
|
+
executables: []
|
45
|
+
extensions: []
|
46
|
+
extra_rdoc_files: []
|
47
|
+
files:
|
48
|
+
- lib/client_authentication.rb
|
49
|
+
homepage: http://rubygems.org/gems/client_authentication
|
50
|
+
licenses:
|
51
|
+
- MIT
|
52
|
+
metadata: {}
|
53
|
+
post_install_message:
|
54
|
+
rdoc_options: []
|
55
|
+
require_paths:
|
56
|
+
- lib
|
57
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
58
|
+
requirements:
|
59
|
+
- - ">="
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: '0'
|
62
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
63
|
+
requirements:
|
64
|
+
- - ">="
|
65
|
+
- !ruby/object:Gem::Version
|
66
|
+
version: '0'
|
67
|
+
requirements: []
|
68
|
+
rubyforge_project:
|
69
|
+
rubygems_version: 2.7.3
|
70
|
+
signing_key:
|
71
|
+
specification_version: 4
|
72
|
+
summary: Authenticate client at server
|
73
|
+
test_files: []
|