RubyGems - distack-urlsign - Versions diffs - 0.3.1 → 0.3.3 - Mend

distack-urlsign 0.3.1 → 0.3.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

checksums.yaml +5 -5
data/.ruby-version +1 -0
data/.travis.yml +2 -1
data/Rakefile +5 -0
data/distack-urlsign.gemspec +2 -1
data/lib/distack/urlsign/signer.rb +12 -2
data/lib/distack/urlsign/version.rb +1 -1
metadata +23 -10

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 745e324c38d3c2c0fafb181c84ed5749e6863bda
-  data.tar.gz: fc92d7917e73f06cf2bd6d04f1ebb31483d801dc
+SHA256:
+  metadata.gz: d8bf28b92db9b96ee64d93239c8aec5ae0888db8da7fabbc8d4391554c99295b
+  data.tar.gz: e64f55df83f3820c5aca2b40040230db7d739bf26e8cdab8d607535e8c16f33a
 SHA512:
-  metadata.gz: aba5d78de6da6c8c2bf3c5a8b6ef591f4354a3a1738122b89ab44c6b1eef16d0fabc2d70223a3339dad9e5a74dfbe5814064a631ca9f1be8f1a4f84c54db035f
-  data.tar.gz: b03b1a4ad561ead878ac870a4e693c3347c16c7412a34f0a2dbd1f1767971dd955bfc9f66d215426cea629b3d8eaac7be796397f8ca412505b001e626092420d
+  metadata.gz: 2f265a643120ac6b637e0cded9f532709c853e416006ad9336e0a4f7a700816ca31dc4c08077060417b64bd21c3da8213c8bb9416c95aa9a4b6e89c06e9fc923
+  data.tar.gz: 6360cf15b12d4383f41d07fe931dd17e22e6869d4d24487923d7506d9f912f19cf86c29813b1ee4cac54e56ce93516498d032085015673728ccf5de5802eac52

data/.ruby-version ADDED Viewed

	@@ -0,0 +1 @@
1	+ 2.2.2

data/.travis.yml CHANGED Viewed

@@ -1,3 +1,4 @@
+sudo: false
 language: ruby
 rvm:
-  - 2.2.0
+  - 2.2.2

data/Rakefile CHANGED Viewed

@@ -1 +1,6 @@
 require "bundler/gem_tasks"
+task :default => :test
+task :test do
+  Dir.glob('./test/*_test.rb').each { |file| require file}
+end

data/distack-urlsign.gemspec CHANGED Viewed

@@ -20,7 +20,8 @@ Gem::Specification.new do |spec|
   spec.add_dependency "rack"
-  spec.add_development_dependency "bundler", "~> 1.9"
+  spec.add_development_dependency "minitest", "~> 5.10.1"
+  spec.add_development_dependency "bundler", "~> 1.7"
   spec.add_development_dependency "rake", "~> 10.0"
   spec.add_development_dependency "pry", "~> 0.10.1"
 end

data/lib/distack/urlsign/signer.rb CHANGED Viewed

@@ -1,5 +1,7 @@
 module Distack::URLSign
   InvalidSignatureError = Class.new(StandardError)
+  MissingSignatureError = Class.new(StandardError)
   class Signer
     KEY_REGEX = /^[0-9A-f]+$/
@@ -43,19 +45,21 @@ module Distack::URLSign
       end
       q = Rack::Utils.parse_nested_query(url.query)
+      raise MissingSignatureError unless q["_signature"]
       original_q  = q.dup
       original_q.delete("_signature")
       original_qs = Rack::Utils.build_nested_query(original_q)
-      chunks = [url.scheme, "#{url.host}:#{url.port}", url.path, original_qs, url.userinfo].compact
+      host_with_port = url.port == url.default_port ? url.host : "#{url.host}:#{url.port}"
+      chunks = [url.scheme, host_with_port, url.path, original_qs, url.userinfo].compact
       digest = OpenSSL::Digest.new("sha512")
       rawsig    = OpenSSL::HMAC.digest(digest, @key, chunks.join)
       signature = Base64.urlsafe_encode64(rawsig)
-      if secure_compare(signature, q["_signature"])
+      if secure_compare(signature, CGI.unescape(q["_signature"]).to_s)
         new_url = url.dup
         new_url.query = original_qs
         new_url
@@ -64,6 +68,12 @@ module Distack::URLSign
       end
     end
+    def valid?(url)
+      !!verify(url)
+    rescue InvalidSignatureError, MissingSignatureError
+      false
+    end
     private
     # Constant time string comparison.

data/lib/distack/urlsign/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module Distack
   module URLSign
-    VERSION = "0.3.1"
+    VERSION = "0.3.3"
   end
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: distack-urlsign
 version: !ruby/object:Gem::Version
-  version: 0.3.1
+  version: 0.3.3
 platform: ruby
 authors:
 - Rodrigo Kochenburger
-autorequire:
+autorequire:
 bindir: exe
 cert_chain: []
-date: 2016-06-09 00:00:00.000000000 Z
+date: 2022-11-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -24,20 +24,34 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 5.10.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 5.10.1
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.9'
+        version: '1.7'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.9'
+        version: '1.7'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -75,6 +89,7 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".gitignore"
+- ".ruby-version"
 - ".travis.yml"
 - CODE_OF_CONDUCT.md
 - Gemfile
@@ -91,7 +106,7 @@ files:
 homepage: https://github.com/distack/urlsign-rb
 licenses: []
 metadata: {}
-post_install_message:
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -106,10 +121,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project:
-rubygems_version: 2.4.5.1
-signing_key:
+rubygems_version: 3.1.6
+signing_key:
 specification_version: 4
 summary: urlsign is a simple HMAC-based implementation for URL signing and verification
 test_files: []
-has_rdoc: