cloudfront-signer 3.0.1 → 3.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (12) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +1 -0
  3. data/CHANGELOG.md +5 -0
  4. data/Rakefile +11 -0
  5. data/lib/cloudfront-signer.rb +17 -2
  6. data/lib/cloudfront-signer/version.rb +1 -1
  7. data/spec/files/custom_policy.json +12 -0
  8. data/spec/{keys → files}/pk-APKAIKUROOUNR2BAFUUU.pem +0 -0
  9. data/spec/files/private_key.pem +15 -0
  10. data/spec/{keys → files}/rsa-APKAIKUROOUNR2BAFUUU.pem +0 -0
  11. data/spec/signer_spec.rb +99 -18
  12. metadata +11 -7
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 55f3da387ee038729bfee7a3dcc7f1b250dba308
4
- data.tar.gz: b514f00d64dc1d5713fe04896a9177cead4e5835
3
+ metadata.gz: 1a9dcd6de6a454594341272c94b9f63766580855
4
+ data.tar.gz: 3fc69573f4c24f7d7d9d23119d610be44761e947
5
5
  SHA512:
6
- metadata.gz: d1905499e2278f379ea501f16f860829612b877b50b79835eef25b6a4840668435134bc5775eccfad7049ef123443cf4586472ca17dac23cf02d460fa3750b7d
7
- data.tar.gz: 8c5470df9a7cb80dc9a05032ddb63a01ae04e3cce4f03863b45c0b3213b93ddbffa305d861c1d7d892ecf0e4eb66219052006825435dcc3ccf3fc89353c5e42f
6
+ metadata.gz: 6132b2d861fd06a6d8ec773f132d4027c962b1e5406550f24855791e333fb11af0ae72fa35809ed71d773332a7076a3d77b9f95ae2d4d675bb6a2ad06741a746
7
+ data.tar.gz: 8722d602d33b1d0f453c13468f2fdea8cbd50bb3b6382b0627aed383559339340f3f2ead7a3bb5c1012862aff97118596dfe0bc4a8c151c9cf00aa1c36d6fb46
data/.gitignore CHANGED
@@ -4,3 +4,4 @@ Gemfile.lock
4
4
  pkg/*
5
5
 
6
6
  coverage
7
+ doc
data/CHANGELOG.md CHANGED
@@ -1,5 +1,10 @@
1
1
  # Change Log
2
2
 
3
+ ## 3.0.2 / 2017-06-22
4
+
5
+ * Provides an option to URI escape the path before signing it. Issue and accepted PR from [@mynock](https://github.com/mynock)
6
+ * Replaces Fixnum with Integer for Ruby 2.4.1. Issue and accepted PR from [@scott-knight](https://github.com/scott-knight)
7
+
3
8
  ## 3.0.1 / 2017-01-20
4
9
 
5
10
  * Supports signing frozen strings. Bug reported by [@alexandermayr](https://github.com/alexandermayr).
data/Rakefile CHANGED
@@ -8,3 +8,14 @@ RSpec::Core::RakeTask.new(:spec) do |t|
8
8
  end
9
9
 
10
10
  task default: :spec
11
+
12
+ require 'rdoc/task'
13
+
14
+ Rake::RDocTask.new do |rdoc|
15
+ rdoc.main = 'README.md'
16
+ rdoc.rdoc_files.include %w(README.md LICENSE lib/cloudfront-signer.rb)
17
+ rdoc.rdoc_dir = 'doc'
18
+ rdoc.options << '--line-numbers'
19
+ rdoc.options << '--coverage-report'
20
+ rdoc.markup = 'markdown'
21
+ end
data/lib/cloudfront-signer.rb CHANGED
@@ -142,6 +142,13 @@ module Aws
142
142
  build_url subject, { remove_spaces: true, html_escape: true }, policy_options
143
143
  end
144
144
 
145
+ # Public: Sign a url (as above) but URI encode the string first.
146
+ #
147
+ # Returns a String
148
+ def self.sign_url_escaped(subject, policy_options = {})
149
+ build_url subject, { uri_escape: true }, policy_options
150
+ end
151
+
145
152
  # Public: Sign a stream path part or filename (spaces are allowed in
146
153
  # stream paths and so are not removed).
147
154
  #
@@ -159,6 +166,13 @@ module Aws
159
166
  policy_options
160
167
  end
161
168
 
169
+ # Public: Sign a stream path or filename but URI encode the string first
170
+ #
171
+ # Returns a String
172
+ def self.sign_path_escaped(subject, policy_options = {})
173
+ build_url subject, { uri_escape: true }, policy_options
174
+ end
175
+
162
176
  # Public: Builds a signed url or stream resource name with optional
163
177
  # configuration and policy options
164
178
  #
@@ -170,6 +184,7 @@ module Aws
170
184
  separator = subject =~ /\?/ ? '&' : '?'
171
185
 
172
186
  subject.gsub!(/\s/, '%20') if configuration_options[:remove_spaces]
187
+ subject = URI.escape(subject) if configuration_options[:uri_escape]
173
188
 
174
189
  result = subject +
175
190
  separator +
@@ -244,9 +259,9 @@ module Aws
244
259
  case timelike
245
260
  when String then Time.parse(timelike).to_i
246
261
  when Time then timelike.to_i
247
- when Fixnum then timelike
262
+ when Integer then timelike
248
263
  else fail ArgumentError,
249
- 'Invalid argument - String, Fixnum or Time required - ' \
264
+ 'Invalid argument - String, Integer or Time required - ' \
250
265
  "#{timelike.class} passed."
251
266
  end
252
267
  end
data/lib/cloudfront-signer/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Aws
2
2
  module CF
3
- VERSION = '3.0.1'.freeze
3
+ VERSION = '3.0.2'.freeze
4
4
  end
5
5
  end
data/spec/files/custom_policy.json ADDED
@@ -0,0 +1,12 @@
1
+ {
2
+ "Statement": [
3
+ {
4
+ "Resource": "https://d84l721fxaaqy9.cloudfront.net/downloads/",
5
+ "Condition": {
6
+ "DateLessThan": { "AWS:EpochTime": 1255674716 },
7
+ "DateGreaterThan": {"AWS:EpochTime": 1241073790 },
8
+ "IpAddress": { "AWS:SourceIp": "216.98.35.1/32" }
9
+ }
10
+ }
11
+ ]
12
+ }
data/spec/files/private_key.pem ADDED
@@ -0,0 +1,15 @@
1
+ -----BEGIN RSA PRIVATE KEY-----
2
+ MIICXgIBAAKBgQCp280I7v8JBVJBN7Kdfl4eD+noyqzbLAsz9mIr07hZQ3PjVa5g
3
+ 3j5Q8oXioU2ycxzXephfPr83l/FTAtPSZQ94Jh6u/CdoEYXfEtFbJYQ2lHXrra36
4
+ yVcyyxQ6tAKgUHdWnZ/vbItUhLnhCSqwelTNpgRzf6AKdVOtQPaZ+bnkQQIDAQAB
5
+ AoGAXWSPTbQq4gjc+yLmwJW0pg7V67tUY4XJ+x4jSDm3CM1/sKVxpa1M0jEm0D8k
6
+ e1Ozrf6oPOZBOQ4AEEZjtTD/2Yi8U0bwG97fg9NlZddGNN2jj8pEOWY53/iVWcfb
7
+ VGXVDlhUA0uIZhKK3Sl2SW9t/8p7affjJmGKn2nGLieRKIkCQQDQmExXqRnVNtCz
8
+ qjTPt81MU4cIrzXr/tUC9s6An8OcgiTDjiIOnY3XB/F19lpMQIMEzrB7f04GrpkQ
9
+ 0w6p/3NXAkEA0HXjiSyZaEoXoR2e/dTZrKw8npnjjW0CpKeSf8PK8qpFPK0UJOk7
10
+ aU0rStQmoAmygcHiw3hJ7slyVS8f9zn+JwJBAMMVbHCfadWKSm19RZ7um0ZC6Asr
11
+ MhbgYX9AK6kHwf3hiViK2TcqCrmMaDqWh6TAwMgCNfOKAAMnz2d4vEIo8kkCQQCl
12
+ qnq4gkQsWG2s8jBvg1+2VW8bkCsCMvbdyfqoJP69mUnK7bXLm7tGdTiJkE5d8zb0
13
+ 3hQLyiXfaiK9xeS+gk0TAkEAtuFcd+taoBnjhVL6q0OhNuA1T1+qYr5fyzQWKKKC
14
+ +WMRi2/JCJCL/SX12q5hMq759VnzfnbgqwAq6MlPUZKEBQ==
15
+ -----END RSA PRIVATE KEY-----
data/spec/signer_spec.rb CHANGED
@@ -12,14 +12,42 @@ RSpec.shared_examples 'is configured' do
12
12
  end
13
13
  end
14
14
 
15
+ FILES_PATH = File.expand_path(File.dirname(__FILE__) + '/files')
16
+ KEY_PAIR_ID = 'APKAIKUROOUNR2BAFUUU'.freeze
17
+
15
18
  RSpec.describe Aws::CF::Signer do
16
- let(:key_pair_id) { 'APKAIKUROOUNR2BAFUUU' }
17
- let(:key_path) do
18
- File.expand_path File.dirname(__FILE__) + "/keys/pk-#{key_pair_id}.pem"
19
- end
19
+ let(:key_path) { FILES_PATH + "/pk-#{KEY_PAIR_ID}.pem" }
20
+ let(:other_key_path) { FILES_PATH + '/private_key.pem' }
20
21
  let(:key) { File.readlines(key_path).join '' }
21
22
 
22
- describe 'defaults' do
23
+ describe 'Errors' do
24
+ it 'raises ArgumentError when invalid path is passed to key_path' do
25
+ expect do
26
+ Aws::CF::Signer.configure { |config| config.key_path = 'foo/bar' }
27
+ end.to raise_error ArgumentError
28
+ end
29
+
30
+ it 'raises OpenSSL::PKey::RSAError when invalid key is passed' do
31
+ expect do
32
+ Aws::CF::Signer.configure { |config| config.key = '' }
33
+ end.to raise_error OpenSSL::PKey::RSAError
34
+ end
35
+
36
+ it 'raises ArgumentError when no key is provided through private_key' do
37
+ expect do
38
+ Aws::CF::Signer.configure { |_config| }
39
+ end.to raise_error ArgumentError
40
+ end
41
+
42
+ it "raises ArgumentError when no key is provided through key_path doesn't" \
43
+ 'allow to guess key_pair_id' do
44
+ expect do
45
+ Aws::CF::Signer.configure { |config| config.key_path = other_key_path }
46
+ end.to raise_error ArgumentError
47
+ end
48
+ end
49
+
50
+ describe 'Defaults' do
23
51
  it 'expire urls and paths in one hour by default' do
24
52
  expect(Aws::CF::Signer.default_expires).to eq 3600
25
53
  end
@@ -31,10 +59,10 @@ RSpec.describe Aws::CF::Signer do
31
59
  end
32
60
  end
33
61
 
34
- context 'configured with key and key_pair_id' do
62
+ context 'When configured with key and key_pair_id' do
35
63
  before do
36
64
  Aws::CF::Signer.configure do |config|
37
- config.key_pair_id = key_pair_id
65
+ config.key_pair_id = KEY_PAIR_ID
38
66
  config.key = key
39
67
  end
40
68
  end
@@ -42,7 +70,7 @@ RSpec.describe Aws::CF::Signer do
42
70
  include_examples 'is configured'
43
71
  end
44
72
 
45
- context 'configured with key_path' do
73
+ context 'When configured with key_path' do
46
74
  before(:each) do
47
75
  Aws::CF::Signer.configure { |config| config.key_path = key_path }
48
76
  end
@@ -52,31 +80,28 @@ RSpec.describe Aws::CF::Signer do
52
80
  end
53
81
 
54
82
  describe 'when signing a url' do
83
+ let(:url) { 'https://example.com/somerésource?opt1=one&opt2=two' }
84
+ let(:url_with_spaces) { 'http://example.com/sign me' }
85
+
55
86
  it "doesn't modifies the passed url" do
56
- url = 'http://somedomain.com/sign'.freeze
87
+ url = 'http://example.com/'.freeze
57
88
  expect(Aws::CF::Signer.sign_url(url)).not_to match(/\s/)
58
89
  end
59
90
 
60
91
  it 'removes spaces' do
61
- url = 'http://somedomain.com/sign me'
62
- expect(Aws::CF::Signer.sign_url(url)).not_to match(/\s/)
92
+ expect(Aws::CF::Signer.sign_url(url_with_spaces)).not_to match(/\s/)
63
93
  end
64
94
 
65
95
  it "doesn't HTML encode the signed url by default" do
66
- url = 'http://somedomain.com/someresource?opt1=one&opt2=two'
67
96
  expect(Aws::CF::Signer.sign_url(url)).to match(/\?|=|&/)
68
97
  end
69
98
 
70
99
  it 'HTML encodes the signed url when using sign_url_safe' do
71
- url = 'http://somedomain.com/someresource?opt1=one&opt2=two'
72
100
  expect(Aws::CF::Signer.sign_url_safe(url)).not_to match(/\?|=|&/)
73
101
  end
74
102
 
75
- it 'expires when specified inline' do
76
- url = 'http://somedomain.com/sign'
77
- signed_url = Aws::CF::Signer.sign_url(url, expires: Time.now + 600)
78
- expires_value = get_query_value(signed_url, 'Expires').to_i
79
- expect(expires_value).to eq(Time.now.to_i + 600)
103
+ it 'URL encodes the signed URL when using sign_url_escaped' do
104
+ expect(Aws::CF::Signer.sign_url_escaped(url)).not_to match(/é/)
80
105
  end
81
106
  end
82
107
 
@@ -85,6 +110,62 @@ RSpec.describe Aws::CF::Signer do
85
110
  path = '/prefix/sign me'
86
111
  expect(Aws::CF::Signer.sign_path(path)).to match(/\s/)
87
112
  end
113
+
114
+ it 'HTML encodes the signed path when using sign_path_safe' do
115
+ path = '/prefix/sign me?'
116
+ expect(Aws::CF::Signer.sign_path_safe(path)).not_to match(/\?|=|&/)
117
+ end
118
+
119
+ it 'URL encodes the signed path when using sign_path_escaped' do
120
+ path = '/préfix/sign me?'
121
+ expect(Aws::CF::Signer.sign_path_escaped(path)).not_to match(/[é ]+/)
122
+ end
123
+ end
124
+
125
+ describe ':expires option' do
126
+ subject(:sign_url) { Aws::CF::Signer.sign_url '', expires: expires }
127
+
128
+ { 'Time' => Time.now,
129
+ 'String' => '2018-01-01',
130
+ 'Integer' => 1_514_782_800,
131
+ 'NilClass' => nil }.each do |klass, value|
132
+ context "as a #{klass}" do
133
+ let(:expires) { value }
134
+ it "doesn't raise an error" do
135
+ expect { subject }.not_to raise_error
136
+ end
137
+ end
138
+ end
139
+
140
+ context 'not as a String, Integer or Time' do
141
+ let(:expires) { [[], {}, true, 1.0].sample }
142
+ it 'raises ArgumentError' do
143
+ expect { subject }.to raise_error ArgumentError
144
+ end
145
+ end
146
+ end
147
+
148
+ describe 'Custom Policy' do
149
+ it 'builds policy from policy_options' do
150
+ signed_url = Aws::CF::Signer.sign_url(
151
+ 'https://d84l721fxaaqy9.cloudfront.net/downloads/pictures.tgz',
152
+ starting: 'Thu, 30 Apr 2009 06:43:10 GMT',
153
+ expires: 'Fri, 16 Oct 2009 06:31:56 GMT',
154
+ resource: 'https://d84l721fxaaqy9.cloudfront.net/downloads/',
155
+ ip_range: '216.98.35.1/32'
156
+ )
157
+ policy_value = get_query_value(signed_url, 'Policy')
158
+ expect(policy_value).not_to be_empty
159
+ end
160
+
161
+ it 'builds policy from policy_file' do
162
+ signed_url = Aws::CF::Signer.sign_url(
163
+ 'https://d84l721fxaaqy9.cloudfront.net/downloads/pictures.tgz',
164
+ policy_file: FILES_PATH + '/custom_policy.json'
165
+ )
166
+ policy_value = get_query_value(signed_url, 'Policy')
167
+ expect(policy_value).not_to be_empty
168
+ end
88
169
  end
89
170
  end
90
171
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cloudfront-signer
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.0.1
4
+ version: 3.0.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Anthony Bouch
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2017-01-20 00:00:00.000000000 Z
12
+ date: 2017-06-22 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: rspec
@@ -64,8 +64,10 @@ files:
64
64
  - lib/cloudfront-signer/version.rb
65
65
  - lib/generators/cloudfront/install/install_generator.rb
66
66
  - lib/generators/cloudfront/install/templates/cloudfront_signer.rb
67
- - spec/keys/pk-APKAIKUROOUNR2BAFUUU.pem
68
- - spec/keys/rsa-APKAIKUROOUNR2BAFUUU.pem
67
+ - spec/files/custom_policy.json
68
+ - spec/files/pk-APKAIKUROOUNR2BAFUUU.pem
69
+ - spec/files/private_key.pem
70
+ - spec/files/rsa-APKAIKUROOUNR2BAFUUU.pem
69
71
  - spec/signer_spec.rb
70
72
  - spec/spec_helper.rb
71
73
  homepage: http://github.com/leonelgalan/cloudfront-signer
@@ -88,12 +90,14 @@ required_rubygems_version: !ruby/object:Gem::Requirement
88
90
  version: '0'
89
91
  requirements: []
90
92
  rubyforge_project: cloudfront-signer
91
- rubygems_version: 2.5.1
93
+ rubygems_version: 2.6.11
92
94
  signing_key:
93
95
  specification_version: 4
94
96
  summary: A gem to sign url and stream paths for Amazon CloudFront private content.
95
97
  test_files:
96
- - spec/keys/pk-APKAIKUROOUNR2BAFUUU.pem
97
- - spec/keys/rsa-APKAIKUROOUNR2BAFUUU.pem
98
+ - spec/files/custom_policy.json
99
+ - spec/files/pk-APKAIKUROOUNR2BAFUUU.pem
100
+ - spec/files/private_key.pem
101
+ - spec/files/rsa-APKAIKUROOUNR2BAFUUU.pem
98
102
  - spec/signer_spec.rb
99
103
  - spec/spec_helper.rb