RubyGems - crashlog-auth-hmac - Versions diffs - 1.1.6 → 1.1.7 - Mend

crashlog-auth-hmac 1.1.6 → 1.1.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

data/.travis.yml +3 -4
data/Gemfile +2 -0
data/Gemfile.lock +6 -1
data/lib/crash_log/auth_hmac.rb +4 -2
data/lib/crash_log/auth_hmac/version.rb +1 -1
data/spec/crash_log/auth_hmac_spec.rb +12 -13
data/spec/crash_log/rack_test_request_spec.rb +16 -4
metadata +20 -12

data/.travis.yml CHANGED

@@ -3,10 +3,9 @@ rvm:
   - 1.9.3
   - 1.9.2
   - 1.8.7
-  # - jruby-18mode
-  # - jruby-19mode
-  # - jruby-head
+  - jruby-18mode
+  - jruby-19mode
+  - jruby-head
   - rbx-18mode
   - rbx-19mode
   - ree

data/Gemfile CHANGED

@@ -9,3 +9,5 @@ gem 'rack-test'
 gem 'delorean'
 gem 'rspec', '>= 2.7.0'
 gem 'activesupport', '~> 3.2.0'
+gem 'jruby-openssl', :platform => :jruby

data/Gemfile.lock CHANGED

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    crashlog-auth-hmac (1.1.5)
+    crashlog-auth-hmac (1.1.7)
 GEM
   remote: https://rubygems.org/
@@ -9,11 +9,14 @@ GEM
     activesupport (3.2.7)
       i18n (~> 0.6)
       multi_json (~> 1.0)
+    bouncy-castle-java (1.5.0146.1)
     chronic (0.6.7)
     delorean (2.0.0)
       chronic
     diff-lcs (1.1.3)
     i18n (0.6.0)
+    jruby-openssl (0.7.7)
+      bouncy-castle-java (>= 1.5.0146.1)
     multi_json (1.3.6)
     rack (1.4.1)
     rack-test (0.6.1)
@@ -29,12 +32,14 @@ GEM
     rspec-mocks (2.11.1)
 PLATFORMS
+  java
   ruby
 DEPENDENCIES
   activesupport (~> 3.2.0)
   crashlog-auth-hmac!
   delorean
+  jruby-openssl
   rack-test
   rake
   rspec (>= 2.7.0)

data/lib/crash_log/auth_hmac.rb CHANGED

@@ -75,7 +75,7 @@ module CrashLog
           request.request_method
         elsif request.is_a?(Hash) && request.has_key?(:method)
           request[:method].to_s
-        elsif request.respond_to?(:env) && request.env
+        elsif request.respond_to?(:env)
           request.env['REQUEST_METHOD']
         elsif request.is_a?(Hash) && request.has_key?('REQUEST_METHOD')
           request['REQUEST_METHOD']
@@ -231,7 +231,9 @@ module CrashLog
     def signature(request, secret)
       digest = OpenSSL::Digest::Digest.new('sha1')
       string = canonical_string(request)
-      Base64.strict_encode64(OpenSSL::HMAC.digest(digest, secret, string)).strip
+      hmac = OpenSSL::HMAC.digest(digest, secret, string)
+      encoded_signature = Base64.encode64(hmac)
+      encoded_signature.gsub(/\n/, '').strip
     end
     def canonical_string(request)

data/lib/crash_log/auth_hmac/version.rb CHANGED

@@ -1,5 +1,5 @@
 module CrashLog
   class AuthHMAC
-    VERSION = "1.1.6"
+    VERSION = "1.1.7"
   end
 end

data/spec/crash_log/auth_hmac_spec.rb CHANGED

@@ -79,39 +79,38 @@ describe CrashLog::AuthHMAC do
         'content-type' => 'text/plain',
         'content-md5' => 'blahblah',
         'date' => "Thu, 10 Jul 2008 03:29:56 GMT")
-       @store = mock('store')
-      @store.stub!(:[]).and_return("")
+      @store = {'my-key-id' => 'secret'}
       @authhmac = CrashLog::AuthHMAC.new(@store)
     end
     describe "default AuthHMAC with CanonicalString signature" do
       it "should add an Authorization header" do
-        @authhmac.sign!(@get_request, 'key-id')
+        @authhmac.sign!(@get_request, 'my-key-id')
         @get_request.key?("Authorization").should be_true
       end
       it "should fetch the secret from the store" do
-        @store.should_receive(:[]).with('key-id').and_return('secret')
-        @authhmac.sign!(@get_request, 'key-id')
+        @store.should_receive(:[]).with('my-key-id').and_return('secret')
+        @authhmac.sign!(@get_request, 'my-key-id')
       end
       it "should prefix the Authorization Header with AuthHMAC" do
-        @authhmac.sign!(@get_request, 'key-id')
+        @authhmac.sign!(@get_request, 'my-key-id')
         @get_request['Authorization'].should match(/^AuthHMAC /)
       end
       it "should include the key id as the first part of the Authorization header value" do
-        @authhmac.sign!(@get_request, 'key-id')
-        @get_request['Authorization'].should match(/^AuthHMAC key-id:/)
+        @authhmac.sign!(@get_request, 'my-key-id')
+        @get_request['Authorization'].should match(/^AuthHMAC my-key-id:/)
       end
       it "should include the base64 encoded HMAC signature as the last part of the header value" do
-        @authhmac.sign!(@get_request, 'key-id')
+        @authhmac.sign!(@get_request, 'my-key-id')
         @get_request['Authorization'].should match(/:[A-Za-z0-9+\/]{26,28}[=]{0,2}$/)
       end
       it "should create a complete signature" do
-        @store.should_receive(:[]).with('my-key-id').and_return('secret')
         @authhmac.sign!(@put_request, "my-key-id")
         @put_request['Authorization'].should == "AuthHMAC my-key-id:71wAJM4IIu/3o6lcqx/tw7XnAJs="
       end
@@ -123,16 +122,16 @@ describe CrashLog::AuthHMAC do
           :service_id => 'MyService',
           :signature => CustomSignature
         }
-        @authhmac = CrashLog::AuthHMAC.new(@store, @options)
+        store = {'my-key-id' => 'secret'}
+        @authhmac = CrashLog::AuthHMAC.new(store, @options)
       end
       it "should prefix the Authorization header with custom service id" do
-        @authhmac.sign!(@get_request, 'key-id')
+        @authhmac.sign!(@get_request, 'my-key-id')
         @get_request['Authorization'].should match(/^MyService /)
       end
       it "should create a complete signature using options" do
-        @store.should_receive(:[]).with('my-key-id').and_return('secret')
         @authhmac.sign!(@put_request, "my-key-id")
         @put_request['Authorization'].should == "MyService my-key-id:/L4N1v1BZSHfAYkQjsvZn696D9c="
       end

data/spec/crash_log/rack_test_request_spec.rb CHANGED

@@ -23,11 +23,11 @@ describe CrashLog::AuthHMAC do
   it 'can process rack test requests' do
     # HMAC uses date to validate request signature, we need to fix the date so
     # that it matches.
-    Delorean.time_travel_to(Date.parse("Thu, 10 Jul 2008 03:29:56 GMT"))
+    Delorean.time_travel_to(Time.utc(2012,10,04,8,31,16))
-    env = current_session.__send__(:env_for, '/notify', {}.merge(:method => "POST", :params => {token: 'my-key-id'}))
-    signature = CrashLog::AuthHMAC.sign!(env, "my-key-id", "secret")
-    signature.should == "AuthHMAC my-key-id:nt0VFUekBB3Ci5cCyaqy9fQnaK0="
+    env = current_session.__send__(:env_for, '/events', {:method => "POST", 'CONTENT_TYPE' => "application/json; charset=UTF-8"})
+    signature = CrashLog::AuthHMAC.signature(env, "2Xbz25UpU8nQxaSAKuixJQMDxuiqryxzArzSJJ8Ci3Mr")
+    signature.should == "Rqj0DdG4/jNrzOXdybz13CaKzXU="
   end
   it 'can handle hash requests' do
@@ -49,4 +49,16 @@ describe CrashLog::AuthHMAC do
     sig = CrashLog::AuthHMAC.signature(request_hash, 'secret')
     sig.should == CrashLog::AuthHMAC.signature(standard_request, 'secret')
   end
+  it 'accepts real request without content md5' do
+    Delorean.time_travel_to(Date.parse("Thu, 04 Oct 2012 08:31:16 GMT"))
+    request = Net::HTTP::Post.new("/events",
+      'content-type' => 'application/json; charset=UTF-8',
+      'date' => "Thu, 04 Oct 2012 08:31:16 GMT")
+    sig = CrashLog::AuthHMAC.signature(request, '2Xbz25UpU8nQxaSAKuixJQMDxuiqryxzArzSJJ8Ci3Mr')
+    sig.should == 'Rqj0DdG4/jNrzOXdybz13CaKzXU='
+  end
 end

metadata CHANGED

@@ -1,15 +1,15 @@
 --- !ruby/object:Gem::Specification
 name: crashlog-auth-hmac
 version: !ruby/object:Gem::Version
-  version: 1.1.6
-  prerelease:
+  prerelease:
+  version: 1.1.7
 platform: ruby
 authors:
 - Ivan Vanderbyl
-autorequire:
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2012-10-04 00:00:00.000000000 Z
+date: 2012-11-19 00:00:00.000000000 Z
 dependencies: []
 description: A Ruby Gem for authenticating HTTP requests using a HMAC
 email:
@@ -36,26 +36,34 @@ files:
 - spec/spec_helper.rb
 homepage: http://crashlog.io
 licenses: []
-post_install_message:
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
   - - ! '>='
     - !ruby/object:Gem::Version
-      version: '0'
-required_rubygems_version: !ruby/object:Gem::Requirement
+      segments:
+      - 0
+      hash: 2
+      version: !binary |-
+        MA==
   none: false
+required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ! '>='
     - !ruby/object:Gem::Version
-      version: '0'
+      segments:
+      - 0
+      hash: 2
+      version: !binary |-
+        MA==
+  none: false
 requirements: []
-rubyforge_project:
-rubygems_version: 1.8.15
-signing_key:
+rubyforge_project:
+rubygems_version: 1.8.24
+signing_key:
 specification_version: 3
 summary: A Ruby Gem for authenticating HTTP requests using a HMAC
 test_files: