dnclabs-auth-hmac 1.1.1.2010061601 → 1.1.1.2010090201

data/History.txt

@@ -1,9 +1,3 @@
-== 1.1.1.2010061601 2010-06-16 (dnclabs)
-
-* Gutted Rails monkey-patching
-* Added Rack support (this means it works with Rails 2.3 as Rack middleware)
-* Switched out hoe for jeweler+gemcutter
-
 == 1.1.1 2009-10-01
 
 * Fixed bug in headers on recent versions of Ruby.

data/Manifest.txt

@@ -4,6 +4,7 @@ Manifest.txt
 PostInstall.txt
 README.txt
 Rakefile
+config/hoe.rb
 config/requirements.rb
 lib/auth-hmac.rb
 lib/auth-hmac/version.rb
@@ -14,7 +15,7 @@ setup.rb
 spec/auth-hmac_spec.rb
 spec/spec.opts
 spec/spec_helper.rb
-tasks/jeweler.rake
+tasks/deployment.rake
 tasks/environment.rake
 tasks/rspec.rake
 tasks/website.rake

data/Rakefile

@@ -1,3 +1,4 @@
 require 'config/requirements'
+require 'config/hoe' # setup Hoe + all gem configuration
 
 Dir['tasks/**/*.rake'].each { |rake| load rake }

data/config/hoe.rb

@@ -0,0 +1,44 @@
+require 'auth-hmac/version'
+
+AUTHOR = ['Sean Geoghegan', 'ascarter', "Wes Morgan", "Adrian Cushman"]  # can also be an array of Authors
+EMAIL = "innovationlab@dnc.org"
+DESCRIPTION = "A gem providing HMAC based authentication for HTTP. This is the DNC Labs fork."
+GEM_NAME = 'dnclabs-auth-hmac' # what ppl will type to install your gem
+HOMEPATH = "http://github.com/dnclabs/auth-hmac/"
+RUBYFORGE_PROJECT = ''
+
+REV = '2010090201'
+# UNCOMMENT IF REQUIRED:
+# REV = YAML.load(`svn info`)['Revision']
+VERS = AuthHMAC::VERSION::STRING + (REV ? ".#{REV}" : "")
+RDOC_OPTS = ['--quiet', '--title', 'auth-hmac documentation',
+    "--opname", "index.html",
+    "--line-numbers",
+    "--main", "README",
+    "--inline-source"]
+
+class Hoe
+  def extra_deps
+    @extra_deps.reject! { |x| Array(x).first == 'hoe' }
+    @extra_deps
+  end
+end
+
+# Generate all the Rake tasks
+# Run 'rake -T' to see list of generated tasks (from gem root directory)
+$hoe = Hoe.new(GEM_NAME, VERS) do |p|
+  p.author = AUTHOR
+  p.email = EMAIL
+  p.description = DESCRIPTION
+  p.summary = DESCRIPTION
+  p.url = HOMEPATH
+  p.rubyforge_name = RUBYFORGE_PROJECT if RUBYFORGE_PROJECT
+  p.test_globs = ["test/**/test_*.rb"]
+  p.clean_globs |= ['**/.*.sw?', '*.gem', '.config', '**/.DS_Store']  #An array of file patterns to delete on clean.
+
+  # == Optional
+  p.changes = p.paragraphs_of("History.txt", 0..1).join("\n\n")
+  #p.extra_deps = EXTRA_DEPENDENCIES
+
+    #p.spec_extras = {}    # A hash of extra values to set in the gemspec.
+end

data/config/requirements.rb

@@ -2,7 +2,7 @@ require 'fileutils'
 include FileUtils
 
 require 'rubygems'
-%w[rake jeweler].each do |req_gem|
+%w[rake hoe newgem rubigen].each do |req_gem|
   begin
     require req_gem
   rescue LoadError

data/lib/auth-hmac/version.rb

@@ -3,8 +3,7 @@ class AuthHMAC
     MAJOR = 1
     MINOR = 1
     TINY  = 1
-    LOCAL = 2010061601
 
-    STRING = [MAJOR, MINOR, TINY, LOCAL].join('.')
+    STRING = [MAJOR, MINOR, TINY].join('.')
   end
 end

data/lib/auth-hmac.rb

@@ -74,10 +74,10 @@ class AuthHMAC
   class CanonicalString < String # :nodoc:
     include Headers
     
-    def initialize(request)
+    def initialize(request, authenticate_referrer=false)
       self << request_method(request) + "\n"
-      self << header_values(headers(request)) + "\n"
-      self << request_path(request)
+      self << header_values(request) + "\n"
+      self << request_path(request, authenticate_referrer)
     end
     
     private
@@ -93,9 +93,10 @@ class AuthHMAC
         end
       end
       
-      def header_values(headers)
+      def header_values(request)
+        headers = headers(request)
         [ content_type(headers),
-          content_md5(headers),
+          (content_md5(headers) or (request.body.blank? ? '' : headers['Content-MD5'] = generate_content_md5(request))),
           (date(headers) or headers['Date'] = Time.now.utc.httpdate)
         ].join("\n")
       end
@@ -109,15 +110,24 @@ class AuthHMAC
       end
       
       def content_md5(headers)
-        find_header(%w(CONTENT-MD5 CONTENT_MD5), headers)
+        find_header(%w(CONTENT-MD5 CONTENT_MD5 HTTP_CONTENT_MD5), headers)
+      end
+
+      def generate_content_md5(request)
+        OpenSSL::Digest::MD5.hexdigest(request.body)
       end
       
-      def request_path(request)
-        # Try unparsed_uri in case it is a Webrick request
-        path = if request.respond_to?(:unparsed_uri)
-          request.unparsed_uri
+      def request_path(request, authenticate_referrer)
+        if authenticate_referrer
+          headers(request)['Referer'] =~ /^(?:http:\/\/)?[^\/]*(\/.*)$/
+          path = $1
         else
-          request.path
+          # Try unparsed_uri in case it is a Webrick request
+          path = if request.respond_to?(:unparsed_uri)
+            request.unparsed_uri
+          else
+            request.path
+          end
         end
         
         path[/^[^?]*/]
@@ -149,13 +159,15 @@ class AuthHMAC
     # Defaults
     @service_id = self.class.name
     @signature_class = @@default_signature_class
+    @authenticate_referrer = false
 
     unless options.nil?
       @service_id = options[:service_id] if options.key?(:service_id)
       @signature_class = options[:signature] if options.key?(:signature) && options[:signature].is_a?(Class)
+      @authenticate_referrer = options[:authenticate_referrer] || options[:authenticate_referer]
     end
     
-    @signature_method = lambda { |r| @signature_class.send(:new, r) }
+    @signature_method = lambda { |r,ar| @signature_class.send(:new, r, ar) }
   end
 
   # Generates canonical signing string for given request
@@ -235,11 +247,11 @@ class AuthHMAC
 
   def signature(request, secret)
     digest = OpenSSL::Digest::Digest.new('sha1')
-    Base64.encode64(OpenSSL::HMAC.digest(digest, secret, canonical_string(request))).strip
+    Base64.encode64(OpenSSL::HMAC.digest(digest, secret, canonical_string(request, @authenticate_referrer))).strip
   end
 
-  def canonical_string(request)
-    @signature_method.call(request)
+  def canonical_string(request, authenticate_referrer=false)
+    @signature_method.call(request, authenticate_referrer)
   end
   
   def authorization_header(request)
@@ -249,4 +261,4 @@ class AuthHMAC
   def authorization(request, access_key_id, secret)
     "#{@service_id} #{access_key_id}:#{signature(request, secret)}"      
   end
-end
+end 

data/spec/auth-hmac_spec.rb

@@ -13,7 +13,7 @@ require 'ruby-debug'
 
 # Class for doing a custom signature
 class CustomSignature < String
-  def initialize(request)
+  def initialize(request, authenticate_referrer=false)
     self << "Custom signature string: #{request.method}"
   end
 end
@@ -33,7 +33,6 @@ describe AuthHMAC do
 
   describe ".canonical_string" do
     it "should generate a canonical string using default method" do
-      # debugger
       AuthHMAC.canonical_string(@request).should == "PUT\ntext/plain\nblahblah\nThu, 10 Jul 2008 03:29:56 GMT\n/path/to/put"
     end
   end
@@ -244,6 +243,7 @@ describe AuthHMAC do
       rack_req.stub!(:request_method).and_return('GET')
       rack_req.stub!(:path).and_return("/path/to/get?foo=bar&bar=foo")
       rack_req.stub!(:[]).and_return({'foo' => 'bar', 'bar' => 'foo'})
+      rack_req.stub!(:body).and_return('')
       @authhmac.authenticated?(rack_req).should be_true
     end
   end
@@ -278,6 +278,18 @@ describe AuthHMAC do
       request = Net::HTTP::Put.new("/", {'content-md5' => 'adsada'})
       AuthHMAC::CanonicalString.new(request).should match(/adsada/)
     end
+
+    it "should generate the content-md5 if one wasn't included and there is a request body" do
+      request = Net::HTTP::Put.new("/")
+      request.body = "foo=bar&baz=qux"
+      content_md5 = OpenSSL::Digest::MD5.hexdigest(request.body)
+      AuthHMAC::CanonicalString.new(request).should match(/#{content_md5}/)
+    end
+
+    it "should not generate a content-md5 when there is no request body" do
+      request = Net::HTTP::Get.new("/")
+      AuthHMAC::CanonicalString.new(request).should match(/^GET\n\n\n/)
+    end
     
     it "should include the date" do
       date = Time.now.httpdate

data/tasks/deployment.rake

@@ -0,0 +1,34 @@
+desc 'Release the website and new gem version'
+task :deploy => [:check_version, :website, :release] do
+  puts "Remember to create SVN tag:"
+  puts "svn copy svn+ssh://#{rubyforge_username}@rubyforge.org/var/svn/#{PATH}/trunk " +
+    "svn+ssh://#{rubyforge_username}@rubyforge.org/var/svn/#{PATH}/tags/REL-#{VERS} "
+  puts "Suggested comment:"
+  puts "Tagging release #{CHANGES}"
+end
+
+desc 'Runs tasks website_generate and install_gem as a local deployment of the gem'
+task :local_deploy => [:website_generate, :install_gem]
+
+task :check_version do
+  unless ENV['VERSION']
+    puts 'Must pass a VERSION=x.y.z release version'
+    exit
+  end
+  unless ENV['VERSION'] == VERS
+    puts "Please update your version.rb to match the release version, currently #{VERS}"
+    exit
+  end
+end
+
+desc 'Install the package as a gem, without generating documentation(ri/rdoc)'
+task :install_gem_no_doc => [:clean, :package] do
+  sh "#{'sudo ' unless Hoe::WINDOZE }gem install pkg/*.gem --no-rdoc --no-ri"
+end
+
+namespace :manifest do
+  desc 'Recreate Manifest.txt to include ALL files'
+  task :refresh do
+    `rake check_manifest | patch -p0 > Manifest.txt`
+  end
+end

metadata

@@ -1,46 +1,79 @@
 --- !ruby/object:Gem::Specification 
 name: dnclabs-auth-hmac
 version: !ruby/object:Gem::Version 
-  hash: 4020123153
+  hash: 4020180449
   prerelease: false
   segments: 
   - 1
   - 1
   - 1
-  - 2010061601
-  version: 1.1.1.2010061601
+  - 2010090201
+  version: 1.1.1.2010090201
 platform: ruby
 authors: 
 - Sean Geoghegan
 - ascarter
 - Wes Morgan
+- Adrian Cushman
 autorequire: 
 bindir: bin
 cert_chain: []
 
-date: 2010-06-17 00:00:00 -04:00
-default_executable: auth-hmac
-dependencies: []
-
-description: A gem providing HMAC based authentication for HTTP. This version includes DNC Innovation Lab changes (improvements?). See History.txt for details.
+date: 2010-09-02 00:00:00 -04:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: rubyforge
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 7
+        segments: 
+        - 2
+        - 0
+        - 4
+        version: 2.0.4
+  type: :development
+  version_requirements: *id001
+- !ruby/object:Gem::Dependency 
+  name: hoe
+  prerelease: false
+  requirement: &id002 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 19
+        segments: 
+        - 2
+        - 6
+        - 2
+        version: 2.6.2
+  type: :development
+  version_requirements: *id002
+description: A gem providing HMAC based authentication for HTTP. This is the DNC Labs fork.
 email: innovationlab@dnc.org
-executables: 
-- auth-hmac
+executables: []
+
 extensions: []
 
 extra_rdoc_files: 
-- README.rdoc
+- History.txt
+- License.txt
+- Manifest.txt
+- PostInstall.txt
 - README.txt
 files: 
-- .gitignore
 - History.txt
 - License.txt
 - Manifest.txt
 - PostInstall.txt
-- README.rdoc
 - README.txt
 - Rakefile
-- bin/auth-hmac
+- config/hoe.rb
 - config/requirements.rb
 - lib/auth-hmac.rb
 - lib/auth-hmac/version.rb
@@ -49,20 +82,20 @@ files:
 - script/generate
 - setup.rb
 - spec/auth-hmac_spec.rb
-- spec/fixtures/credentials.yml
 - spec/spec.opts
 - spec/spec_helper.rb
+- tasks/deployment.rake
 - tasks/environment.rake
-- tasks/jeweler.rake
 - tasks/rspec.rake
 - tasks/website.rake
 has_rdoc: true
-homepage: http://github.com/dnclabs/auth-hmac
+homepage: http://github.com/dnclabs/auth-hmac/
 licenses: []
 
 post_install_message: 
 rdoc_options: 
-- --charset=UTF-8
+- --main
+- README.txt
 require_paths: 
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement 
@@ -85,11 +118,10 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: "0"
 requirements: []
 
-rubyforge_project: 
+rubyforge_project: ""
 rubygems_version: 1.3.7
 signing_key: 
 specification_version: 3
-summary: A gem providing HMAC based authentication for HTTP
-test_files: 
-- spec/auth-hmac_spec.rb
-- spec/spec_helper.rb
+summary: A gem providing HMAC based authentication for HTTP. This is the DNC Labs fork.
+test_files: []
+

data/.gitignore

@@ -1,3 +0,0 @@
-pkg
-*.gemspec
-*.gem

data/README.rdoc

@@ -1,129 +0,0 @@
-= auth-hmac
-
-== What is it?
-
-auth-hmac is a Ruby implementation of HMAC[http://en.wikipedia.org/wiki/HMAC] based authentication of HTTP requests.
-
-HMAC authentication involves a client and server having a shared secret key.  When sending the request the client, signs the request using the secret key. This involves building a canonical representation of the request and then generating a HMAC of the request using the secret. The generated HMAC is then sent as part of the request.
-
-When the server receives the request it builds the same canonical representation and generates a HMAC using it's copy of the secret key, if the HMAC produced by the server matches the HMAC sent by the client, the server can be assured that the client also possesses the shared secret key.
-
-HMAC based authentication also provides message integrity checking because the HMAC is based on a combination of the shared secret and the content of the request.  So if any part of the request that is used to build the canonical representation is modified by a malicious party or in transit the authentication will then fail.
-
-AuthHMAC was built to support authentication between various applications build by Peerworks[http://peerworks.org].
-
-AuthHMAC is loosely based on the Amazon Web Services authentication scheme but without the Amazon specific components, i.e. it is HMAC for the rest of us.
-
-== What does it require?
-
-AuthHMAC requires Ruby's OpenSSL support.  This should be standard in most Ruby builds.
-
-== When to use it?
-
-HMAC Authentication is best used as authentication for communication between applications such as web services.  It provides better security than HTTP Basic authentication without the need to set up SSL. Of course if you need to protect the confidentiality of the data then you need SSL, but if you just want to authenticate requests without sending credentials in the clear AuthHMAC is a good choice.
-
-== How to use it?
-
-The simplest way to use AuthHMAC is with the AuthHMAC.sign! and AuthHMAC#authenticate? methods.
-
-AuthHMAC.sign! takes a HTTP request object, an access id and a secret key and signs the request with the access_id and secret key.  
-
-* The HTTP request object can be a Net::HTTP::HTTPRequest object, a CGI::Request object or a Webrick HTTP request object.  AuthHMAC will do its best to figure out which type it is an handle it accordingly. 
-* The access_id is used to identify the secret key that was used to sign the request. Think of it as like a user name, it allows you to hand out different keys to different clients and authenticate each of them individually. The access_id is sent in the clear so you should avoid making it an important string.
-* The secret key is the shared secret between the client and the server.  You should make this sufficiently random so that is can't be guessed or exposed to dictionary attacks. The follow code will give you a pretty good secret key:
-
-	random = File.read('/dev/random', 512)
-	secret_key = Base64.encode64(Digest::SHA2.new(512).digest(random))
-	
-On the server side you can then authenticate these requests using the AuthHMAC.authenticated? method. This takes the same arguments as the sign! method but returns true if the request has been signed with the access id and secret	or false if it hasn't.
-
-If you have more than one set of credentials you might find it useful to create an instance of the AuthHMAC class, passing your credentials as a Hash of access id => secret keys, like so:
-
-	@authhmac = AuthHMAC.new('access_id1' => 'secret1', 'access_id2' => 'secret2')
-	
-You can then use the instance methods of the @authhmac object to sign and authenticate requests, for example:
-
-	@authhmac.sign!(request, "access_id1")
-	
-will sign +request+ with "access_id1" and it's corresponding secret key.  Similarly authentication is done like so:
-
-  @authhmac.authenticated?(request)
-
-which will return true if the request has been signed with one of the access id and secret key pairs provided in the constructor.
-
-=== Rails Integration
-
-AuthHMAC supports authentication within Rails controllers and signing of requests generated by Active Resource. See AuthHMAC::Rails::ControllerFilter::ClassMethods and AuthHMAC::Rails::ActiveResourceExtension::BaseHmac::ClassMethods for details.
-
-== How does it work?
-
-When creating a signature for a HTTP request AuthHMAC first generates a canonical representation of the request. 
-
-This canonical string is created like so:
-
-  canonical_string = HTTP-Verb    + "\n" +
-                   Content-Type + "\n" +
-                   Content-MD5  + "\n" +
-                   Date         + "\n" +
-                   request-uri;
-
-Where Content-Type, Content-MD5 and Date are all taken from the headers of the request.  If Content-Type or Content-MD5 are not present, they are substituted with an empty string.  If Date is not present it is added to the request headers with the value +Time.now.httpdate+.  +request-uri+ is the path component of the request, without any query string, i.e. everything up to the ?.
-
-This string is then used with the secret to generate a SHA1 HMAC using the following:
-
-  OpenSSL::HMAC.digest(OpenSSL::Digest::Digest.new('sha1'), secret_key, canonical_string)
-
-The result is then Base64 encoded and added to the headers of the request as the +Authorization+ header in the format:
-
-  Authorization: AuthHMAC <access_id>:<base64 encoded hmac>
-
-When authenaticating a request, AuthHMAC looks for the Authorization header in the above format, parses out the components, regenerates a HMAC for the request, using the secret key identified by the access id and then compares the generated HMAC with the one provided by the client.  If they match the request is authenticated.
-
-Using these details it is possible to build code that will sign and authenticate AuthHMAC style requests in other languages.
-
-== INSTALL:
-
-* sudo gem install auth-hmac
-
-== Source Code
-
-The source repository is accessible via GitHub or Ruby Forge:
-
-  git clone git://github.com/seangeo/auth-hmac.git
-
-
-  git clone git://rubyforge.org/auth-hmac.git
-
-== Contact Information
-
-The project page is at http://rubyforge.org/projects/auth-hmac. Please file any bugs or feedback
-using the trackers and forums there.
-
-== Authors and Contributors
-
-rAtom was developed by Peerworks[http://peerworks.org] and written by Sean Geoghegan.
-
-== LICENSE:
-
-(The MIT License)
-
-Copyright (c) 2008 The Kaphan Foundation
-
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-'Software'), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
-CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
-TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
-SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/bin/auth-hmac

@@ -1,38 +0,0 @@
-#!/usr/bin/env ruby
-APP_ROOT = File.expand_path(File.join(File.dirname(__FILE__), '..'))
-
-require 'openssl'
-require 'base64'
-
-def usage
-  puts "Usage: auth-hmac COMMAND [ARGS]"
-  puts "\nCommands:"
-  puts "  signature [secret] [signature string]  Creates HMAC digtest using optional secret"
-  exit
-end
-
-def signature(args)
-  secret = args[0]
-  signature = args[1]
-  digest = OpenSSL::Digest::Digest.new('sha1')
-  puts Base64.encode64(OpenSSL::HMAC.digest(digest, secret, signature)).strip
-end
-
-#
-# MAIN
-# 
-
-usage if ['--help', '-h'].include?(ARGV[0])
-
-command = ARGV.shift
-args = []
-ARGV.each { |arg| args << arg }
-
-usage if command.nil?
-
-case command
-when "signature"
-  signature(args)
-end
-
-

data/spec/fixtures/credentials.yml

@@ -1,2 +0,0 @@
-"access key 1": "secret1"
-"access key 2": "secret2"

data/tasks/jeweler.rake

@@ -1,17 +0,0 @@
-require 'auth-hmac/version'
-
-begin
-  require 'jeweler'
-  Jeweler::Tasks.new do |gemspec|
-    gemspec.name = "dnclabs-auth-hmac"
-    gemspec.summary = "A gem providing HMAC based authentication for HTTP"
-    gemspec.description = "A gem providing HMAC based authentication for HTTP. This version includes DNC Innovation Lab changes (improvements?). See History.txt for details."
-    gemspec.email = "innovationlab@dnc.org"
-    gemspec.homepage = "http://github.com/dnclabs/auth-hmac"
-    gemspec.authors = ['Sean Geoghegan', 'ascarter', 'Wes Morgan']
-    gemspec.version = AuthHMAC::VERSION::STRING
-  end
-  Jeweler::GemcutterTasks.new
-rescue LoadError
-  puts "Jeweler not available. Install it with: gem install jeweler"
-end