cloudfront-signer 3.0.1 → 3.0.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (12) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +1 -0
  3. data/CHANGELOG.md +5 -0
  4. data/Rakefile +11 -0
  5. data/lib/cloudfront-signer.rb +17 -2
  6. data/lib/cloudfront-signer/version.rb +1 -1
  7. data/spec/files/custom_policy.json +12 -0
  8. data/spec/{keys → files}/pk-APKAIKUROOUNR2BAFUUU.pem +0 -0
  9. data/spec/files/private_key.pem +15 -0
  10. data/spec/{keys → files}/rsa-APKAIKUROOUNR2BAFUUU.pem +0 -0
  11. data/spec/signer_spec.rb +99 -18
  12. metadata +11 -7
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 55f3da387ee038729bfee7a3dcc7f1b250dba308
4
- data.tar.gz: b514f00d64dc1d5713fe04896a9177cead4e5835
3
+ metadata.gz: 1a9dcd6de6a454594341272c94b9f63766580855
4
+ data.tar.gz: 3fc69573f4c24f7d7d9d23119d610be44761e947
5
5
  SHA512:
6
- metadata.gz: d1905499e2278f379ea501f16f860829612b877b50b79835eef25b6a4840668435134bc5775eccfad7049ef123443cf4586472ca17dac23cf02d460fa3750b7d
7
- data.tar.gz: 8c5470df9a7cb80dc9a05032ddb63a01ae04e3cce4f03863b45c0b3213b93ddbffa305d861c1d7d892ecf0e4eb66219052006825435dcc3ccf3fc89353c5e42f
6
+ metadata.gz: 6132b2d861fd06a6d8ec773f132d4027c962b1e5406550f24855791e333fb11af0ae72fa35809ed71d773332a7076a3d77b9f95ae2d4d675bb6a2ad06741a746
7
+ data.tar.gz: 8722d602d33b1d0f453c13468f2fdea8cbd50bb3b6382b0627aed383559339340f3f2ead7a3bb5c1012862aff97118596dfe0bc4a8c151c9cf00aa1c36d6fb46
data/.gitignore CHANGED
@@ -4,3 +4,4 @@ Gemfile.lock
4
4
  pkg/*
5
5
 
6
6
  coverage
7
+ doc
data/CHANGELOG.md CHANGED
@@ -1,5 +1,10 @@
1
1
  # Change Log
2
2
 
3
+ ## 3.0.2 / 2017-06-22
4
+
5
+ * Provides an option to URI escape the path before signing it. Issue and accepted PR from [@mynock](https://github.com/mynock)
6
+ * Replaces Fixnum with Integer for Ruby 2.4.1. Issue and accepted PR from [@scott-knight](https://github.com/scott-knight)
7
+
3
8
  ## 3.0.1 / 2017-01-20
4
9
 
5
10
  * Supports signing frozen strings. Bug reported by [@alexandermayr](https://github.com/alexandermayr).
data/Rakefile CHANGED
@@ -8,3 +8,14 @@ RSpec::Core::RakeTask.new(:spec) do |t|
8
8
  end
9
9
 
10
10
  task default: :spec
11
+
12
+ require 'rdoc/task'
13
+
14
+ Rake::RDocTask.new do |rdoc|
15
+ rdoc.main = 'README.md'
16
+ rdoc.rdoc_files.include %w(README.md LICENSE lib/cloudfront-signer.rb)
17
+ rdoc.rdoc_dir = 'doc'
18
+ rdoc.options << '--line-numbers'
19
+ rdoc.options << '--coverage-report'
20
+ rdoc.markup = 'markdown'
21
+ end
data/lib/cloudfront-signer.rb CHANGED
@@ -142,6 +142,13 @@ module Aws
142
142
  build_url subject, { remove_spaces: true, html_escape: true }, policy_options
143
143
  end
144
144
 
145
+ # Public: Sign a url (as above) but URI encode the string first.
146
+ #
147
+ # Returns a String
148
+ def self.sign_url_escaped(subject, policy_options = {})
149
+ build_url subject, { uri_escape: true }, policy_options
150
+ end
151
+
145
152
  # Public: Sign a stream path part or filename (spaces are allowed in
146
153
  # stream paths and so are not removed).
147
154
  #
@@ -159,6 +166,13 @@ module Aws
159
166
  policy_options
160
167
  end
161
168
 
169
+ # Public: Sign a stream path or filename but URI encode the string first
170
+ #
171
+ # Returns a String
172
+ def self.sign_path_escaped(subject, policy_options = {})
173
+ build_url subject, { uri_escape: true }, policy_options
174
+ end
175
+
162
176
  # Public: Builds a signed url or stream resource name with optional
163
177
  # configuration and policy options
164
178
  #
@@ -170,6 +184,7 @@ module Aws
170
184
  separator = subject =~ /\?/ ? '&' : '?'
171
185
 
172
186
  subject.gsub!(/\s/, '%20') if configuration_options[:remove_spaces]
187
+ subject = URI.escape(subject) if configuration_options[:uri_escape]
173
188
 
174
189
  result = subject +
175
190
  separator +
@@ -244,9 +259,9 @@ module Aws
244
259
  case timelike
245
260
  when String then Time.parse(timelike).to_i
246
261
  when Time then timelike.to_i
247
- when Fixnum then timelike
262
+ when Integer then timelike
248
263
  else fail ArgumentError,
249
- 'Invalid argument - String, Fixnum or Time required - ' \
264
+ 'Invalid argument - String, Integer or Time required - ' \
250
265
  "#{timelike.class} passed."
251
266
  end
252
267
  end
data/lib/cloudfront-signer/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Aws
2
2
  module CF
3
- VERSION = '3.0.1'.freeze
3
+ VERSION = '3.0.2'.freeze
4
4
  end
5
5
  end
data/spec/files/custom_policy.json ADDED
@@ -0,0 +1,12 @@
1
+ {
2
+ "Statement": [
3
+ {
4
+ "Resource": "https://d84l721fxaaqy9.cloudfront.net/downloads/",
5
+ "Condition": {
6
+ "DateLessThan": { "AWS:EpochTime": 1255674716 },
7
+ "DateGreaterThan": {"AWS:EpochTime": 1241073790 },
8
+ "IpAddress": { "AWS:SourceIp": "216.98.35.1/32" }
9
+ }
10
+ }
11
+ ]
12
+ }
data/spec/files/private_key.pem ADDED
@@ -0,0 +1,15 @@
1
+ -----BEGIN RSA PRIVATE KEY-----
2
+ MIICXgIBAAKBgQCp280I7v8JBVJBN7Kdfl4eD+noyqzbLAsz9mIr07hZQ3PjVa5g
3
+ 3j5Q8oXioU2ycxzXephfPr83l/FTAtPSZQ94Jh6u/CdoEYXfEtFbJYQ2lHXrra36
4
+ yVcyyxQ6tAKgUHdWnZ/vbItUhLnhCSqwelTNpgRzf6AKdVOtQPaZ+bnkQQIDAQAB
5
+ AoGAXWSPTbQq4gjc+yLmwJW0pg7V67tUY4XJ+x4jSDm3CM1/sKVxpa1M0jEm0D8k
6
+ e1Ozrf6oPOZBOQ4AEEZjtTD/2Yi8U0bwG97fg9NlZddGNN2jj8pEOWY53/iVWcfb
7
+ VGXVDlhUA0uIZhKK3Sl2SW9t/8p7affjJmGKn2nGLieRKIkCQQDQmExXqRnVNtCz
8
+ qjTPt81MU4cIrzXr/tUC9s6An8OcgiTDjiIOnY3XB/F19lpMQIMEzrB7f04GrpkQ
9
+ 0w6p/3NXAkEA0HXjiSyZaEoXoR2e/dTZrKw8npnjjW0CpKeSf8PK8qpFPK0UJOk7
10
+ aU0rStQmoAmygcHiw3hJ7slyVS8f9zn+JwJBAMMVbHCfadWKSm19RZ7um0ZC6Asr
11
+ MhbgYX9AK6kHwf3hiViK2TcqCrmMaDqWh6TAwMgCNfOKAAMnz2d4vEIo8kkCQQCl
12
+ qnq4gkQsWG2s8jBvg1+2VW8bkCsCMvbdyfqoJP69mUnK7bXLm7tGdTiJkE5d8zb0
13
+ 3hQLyiXfaiK9xeS+gk0TAkEAtuFcd+taoBnjhVL6q0OhNuA1T1+qYr5fyzQWKKKC
14
+ +WMRi2/JCJCL/SX12q5hMq759VnzfnbgqwAq6MlPUZKEBQ==
15
+ -----END RSA PRIVATE KEY-----
data/spec/signer_spec.rb CHANGED
@@ -12,14 +12,42 @@ RSpec.shared_examples 'is configured' do
12
12
  end
13
13
  end
14
14
 
15
+ FILES_PATH = File.expand_path(File.dirname(__FILE__) + '/files')
16
+ KEY_PAIR_ID = 'APKAIKUROOUNR2BAFUUU'.freeze
17
+
15
18
  RSpec.describe Aws::CF::Signer do
16
- let(:key_pair_id) { 'APKAIKUROOUNR2BAFUUU' }
17
- let(:key_path) do
18
- File.expand_path File.dirname(__FILE__) + "/keys/pk-#{key_pair_id}.pem"
19
- end
19
+ let(:key_path) { FILES_PATH + "/pk-#{KEY_PAIR_ID}.pem" }
20
+ let(:other_key_path) { FILES_PATH + '/private_key.pem' }
20
21
  let(:key) { File.readlines(key_path).join '' }
21
22
 
22
- describe 'defaults' do
23
+ describe 'Errors' do
24
+ it 'raises ArgumentError when invalid path is passed to key_path' do
25
+ expect do
26
+ Aws::CF::Signer.configure { |config| config.key_path = 'foo/bar' }
27
+ end.to raise_error ArgumentError
28
+ end
29
+
30
+ it 'raises OpenSSL::PKey::RSAError when invalid key is passed' do
31
+ expect do
32
+ Aws::CF::Signer.configure { |config| config.key = '' }
33
+ end.to raise_error OpenSSL::PKey::RSAError
34
+ end
35
+
36
+ it 'raises ArgumentError when no key is provided through private_key' do
37
+ expect do
38
+ Aws::CF::Signer.configure { |_config| }
39
+ end.to raise_error ArgumentError
40
+ end
41
+
42
+ it "raises ArgumentError when no key is provided through key_path doesn't" \
43
+ 'allow to guess key_pair_id' do
44
+ expect do
45
+ Aws::CF::Signer.configure { |config| config.key_path = other_key_path }
46
+ end.to raise_error ArgumentError
47
+ end
48
+ end
49
+
50
+ describe 'Defaults' do
23
51
  it 'expire urls and paths in one hour by default' do
24
52
  expect(Aws::CF::Signer.default_expires).to eq 3600
25
53
  end
@@ -31,10 +59,10 @@ RSpec.describe Aws::CF::Signer do
31
59
  end
32
60
  end
33
61
 
34
- context 'configured with key and key_pair_id' do
62
+ context 'When configured with key and key_pair_id' do
35
63
  before do
36
64
  Aws::CF::Signer.configure do |config|
37
- config.key_pair_id = key_pair_id
65
+ config.key_pair_id = KEY_PAIR_ID
38
66
  config.key = key
39
67
  end
40
68
  end
@@ -42,7 +70,7 @@ RSpec.describe Aws::CF::Signer do
42
70
  include_examples 'is configured'
43
71
  end
44
72
 
45
- context 'configured with key_path' do
73
+ context 'When configured with key_path' do
46
74
  before(:each) do
47
75
  Aws::CF::Signer.configure { |config| config.key_path = key_path }
48
76
  end
@@ -52,31 +80,28 @@ RSpec.describe Aws::CF::Signer do
52
80
  end
53
81
 
54
82
  describe 'when signing a url' do
83
+ let(:url) { 'https://example.com/somerésource?opt1=one&opt2=two' }
84
+ let(:url_with_spaces) { 'http://example.com/sign me' }
85
+
55
86
  it "doesn't modifies the passed url" do
56
- url = 'http://somedomain.com/sign'.freeze
87
+ url = 'http://example.com/'.freeze
57
88
  expect(Aws::CF::Signer.sign_url(url)).not_to match(/\s/)
58
89
  end
59
90
 
60
91
  it 'removes spaces' do
61
- url = 'http://somedomain.com/sign me'
62
- expect(Aws::CF::Signer.sign_url(url)).not_to match(/\s/)
92
+ expect(Aws::CF::Signer.sign_url(url_with_spaces)).not_to match(/\s/)
63
93
  end
64
94
 
65
95
  it "doesn't HTML encode the signed url by default" do
66
- url = 'http://somedomain.com/someresource?opt1=one&opt2=two'
67
96
  expect(Aws::CF::Signer.sign_url(url)).to match(/\?|=|&/)
68
97
  end
69
98
 
70
99
  it 'HTML encodes the signed url when using sign_url_safe' do
71
- url = 'http://somedomain.com/someresource?opt1=one&opt2=two'
72
100
  expect(Aws::CF::Signer.sign_url_safe(url)).not_to match(/\?|=|&/)
73
101
  end
74
102
 
75
- it 'expires when specified inline' do
76
- url = 'http://somedomain.com/sign'
77
- signed_url = Aws::CF::Signer.sign_url(url, expires: Time.now + 600)
78
- expires_value = get_query_value(signed_url, 'Expires').to_i
79
- expect(expires_value).to eq(Time.now.to_i + 600)
103
+ it 'URL encodes the signed URL when using sign_url_escaped' do
104
+ expect(Aws::CF::Signer.sign_url_escaped(url)).not_to match(/é/)
80
105
  end
81
106
  end
82
107
 
@@ -85,6 +110,62 @@ RSpec.describe Aws::CF::Signer do
85
110
  path = '/prefix/sign me'
86
111
  expect(Aws::CF::Signer.sign_path(path)).to match(/\s/)
87
112
  end
113
+
114
+ it 'HTML encodes the signed path when using sign_path_safe' do
115
+ path = '/prefix/sign me?'
116
+ expect(Aws::CF::Signer.sign_path_safe(path)).not_to match(/\?|=|&/)
117
+ end
118
+
119
+ it 'URL encodes the signed path when using sign_path_escaped' do
120
+ path = '/préfix/sign me?'
121
+ expect(Aws::CF::Signer.sign_path_escaped(path)).not_to match(/[é ]+/)
122
+ end
123
+ end
124
+
125
+ describe ':expires option' do
126
+ subject(:sign_url) { Aws::CF::Signer.sign_url '', expires: expires }
127
+
128
+ { 'Time' => Time.now,
129
+ 'String' => '2018-01-01',
130
+ 'Integer' => 1_514_782_800,
131
+ 'NilClass' => nil }.each do |klass, value|
132
+ context "as a #{klass}" do
133
+ let(:expires) { value }
134
+ it "doesn't raise an error" do
135
+ expect { subject }.not_to raise_error
136
+ end
137
+ end
138
+ end
139
+
140
+ context 'not as a String, Integer or Time' do
141
+ let(:expires) { [[], {}, true, 1.0].sample }
142
+ it 'raises ArgumentError' do
143
+ expect { subject }.to raise_error ArgumentError
144
+ end
145
+ end
146
+ end
147
+
148
+ describe 'Custom Policy' do
149
+ it 'builds policy from policy_options' do
150
+ signed_url = Aws::CF::Signer.sign_url(
151
+ 'https://d84l721fxaaqy9.cloudfront.net/downloads/pictures.tgz',
152
+ starting: 'Thu, 30 Apr 2009 06:43:10 GMT',
153
+ expires: 'Fri, 16 Oct 2009 06:31:56 GMT',
154
+ resource: 'https://d84l721fxaaqy9.cloudfront.net/downloads/',
155
+ ip_range: '216.98.35.1/32'
156
+ )
157
+ policy_value = get_query_value(signed_url, 'Policy')
158
+ expect(policy_value).not_to be_empty
159
+ end
160
+
161
+ it 'builds policy from policy_file' do
162
+ signed_url = Aws::CF::Signer.sign_url(
163
+ 'https://d84l721fxaaqy9.cloudfront.net/downloads/pictures.tgz',
164
+ policy_file: FILES_PATH + '/custom_policy.json'
165
+ )
166
+ policy_value = get_query_value(signed_url, 'Policy')
167
+ expect(policy_value).not_to be_empty
168
+ end
88
169
  end
89
170
  end
90
171
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cloudfront-signer
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.0.1
4
+ version: 3.0.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Anthony Bouch
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2017-01-20 00:00:00.000000000 Z
12
+ date: 2017-06-22 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: rspec
@@ -64,8 +64,10 @@ files:
64
64
  - lib/cloudfront-signer/version.rb
65
65
  - lib/generators/cloudfront/install/install_generator.rb
66
66
  - lib/generators/cloudfront/install/templates/cloudfront_signer.rb
67
- - spec/keys/pk-APKAIKUROOUNR2BAFUUU.pem
68
- - spec/keys/rsa-APKAIKUROOUNR2BAFUUU.pem
67
+ - spec/files/custom_policy.json
68
+ - spec/files/pk-APKAIKUROOUNR2BAFUUU.pem
69
+ - spec/files/private_key.pem
70
+ - spec/files/rsa-APKAIKUROOUNR2BAFUUU.pem
69
71
  - spec/signer_spec.rb
70
72
  - spec/spec_helper.rb
71
73
  homepage: http://github.com/leonelgalan/cloudfront-signer
@@ -88,12 +90,14 @@ required_rubygems_version: !ruby/object:Gem::Requirement
88
90
  version: '0'
89
91
  requirements: []
90
92
  rubyforge_project: cloudfront-signer
91
- rubygems_version: 2.5.1
93
+ rubygems_version: 2.6.11
92
94
  signing_key:
93
95
  specification_version: 4
94
96
  summary: A gem to sign url and stream paths for Amazon CloudFront private content.
95
97
  test_files:
96
- - spec/keys/pk-APKAIKUROOUNR2BAFUUU.pem
97
- - spec/keys/rsa-APKAIKUROOUNR2BAFUUU.pem
98
+ - spec/files/custom_policy.json
99
+ - spec/files/pk-APKAIKUROOUNR2BAFUUU.pem
100
+ - spec/files/private_key.pem
101
+ - spec/files/rsa-APKAIKUROOUNR2BAFUUU.pem
98
102
  - spec/signer_spec.rb
99
103
  - spec/spec_helper.rb