dnclabs-auth-hmac 1.1.1.2010090201 → 1.1.1.2011051301
Sign up to get free protection for your applications and to get access to all the features.
- data/lib/auth-hmac.rb +20 -4
- data/spec/auth-hmac_spec.rb +13 -0
- metadata +34 -33
data/lib/auth-hmac.rb
CHANGED
|
@@ -7,7 +7,6 @@ $:.unshift(File.dirname(__FILE__)) unless
|
|
|
7
7
|
$:.include?(File.dirname(__FILE__)) || $:.include?(File.expand_path(File.dirname(__FILE__)))
|
|
8
8
|
|
|
9
9
|
require 'openssl'
|
|
10
|
-
require 'base64'
|
|
11
10
|
|
|
12
11
|
# This module provides a HMAC Authentication method for HTTP requests. It should work with
|
|
13
12
|
# net/http request classes and CGIRequest classes and hence Rails.
|
|
@@ -95,8 +94,15 @@ class AuthHMAC
|
|
|
95
94
|
|
|
96
95
|
def header_values(request)
|
|
97
96
|
headers = headers(request)
|
|
97
|
+
md5 = content_md5(headers)
|
|
98
|
+
|
|
99
|
+
if md5.nil? && ! request_body(request).blank?
|
|
100
|
+
md5 = generate_content_md5(request)
|
|
101
|
+
headers['Content-MD5'] = md5
|
|
102
|
+
end
|
|
103
|
+
|
|
98
104
|
[ content_type(headers),
|
|
99
|
-
|
|
105
|
+
md5,
|
|
100
106
|
(date(headers) or headers['Date'] = Time.now.utc.httpdate)
|
|
101
107
|
].join("\n")
|
|
102
108
|
end
|
|
@@ -114,7 +120,17 @@ class AuthHMAC
|
|
|
114
120
|
end
|
|
115
121
|
|
|
116
122
|
def generate_content_md5(request)
|
|
117
|
-
OpenSSL::Digest::MD5.hexdigest(request
|
|
123
|
+
OpenSSL::Digest::MD5.hexdigest(request_body(request))
|
|
124
|
+
end
|
|
125
|
+
|
|
126
|
+
def request_body(request)
|
|
127
|
+
if request.body.respond_to? :read
|
|
128
|
+
body = request.body.read
|
|
129
|
+
request.body.rewind
|
|
130
|
+
body
|
|
131
|
+
else
|
|
132
|
+
body = request.body
|
|
133
|
+
end
|
|
118
134
|
end
|
|
119
135
|
|
|
120
136
|
def request_path(request, authenticate_referrer)
|
|
@@ -247,7 +263,7 @@ class AuthHMAC
|
|
|
247
263
|
|
|
248
264
|
def signature(request, secret)
|
|
249
265
|
digest = OpenSSL::Digest::Digest.new('sha1')
|
|
250
|
-
|
|
266
|
+
[OpenSSL::HMAC.digest(digest, secret, canonical_string(request, @authenticate_referrer))].pack('m').strip
|
|
251
267
|
end
|
|
252
268
|
|
|
253
269
|
def canonical_string(request, authenticate_referrer=false)
|
data/spec/auth-hmac_spec.rb
CHANGED
|
@@ -286,10 +286,23 @@ describe AuthHMAC do
|
|
|
286
286
|
AuthHMAC::CanonicalString.new(request).should match(/#{content_md5}/)
|
|
287
287
|
end
|
|
288
288
|
|
|
289
|
+
it "should generate the content-md5 from a rack-compatible body object" do
|
|
290
|
+
body_str = "foo=bar&baz=qux"
|
|
291
|
+
request = Net::HTTP::Put.new("/")
|
|
292
|
+
request.body = mock("Body", :read => body_str, :rewind => nil, :to_str => body_str)
|
|
293
|
+
content_md5 = OpenSSL::Digest::MD5.hexdigest(request.body)
|
|
294
|
+
AuthHMAC::CanonicalString.new(request).should match(/#{content_md5}/)
|
|
295
|
+
end
|
|
296
|
+
|
|
289
297
|
it "should not generate a content-md5 when there is no request body" do
|
|
290
298
|
request = Net::HTTP::Get.new("/")
|
|
291
299
|
AuthHMAC::CanonicalString.new(request).should match(/^GET\n\n\n/)
|
|
292
300
|
end
|
|
301
|
+
|
|
302
|
+
it "should not generate a content-md5 when there is no request body on POST requests" do
|
|
303
|
+
request = Net::HTTP::Post.new("/")
|
|
304
|
+
AuthHMAC::CanonicalString.new(request).should match(/^POST\n\n\n/)
|
|
305
|
+
end
|
|
293
306
|
|
|
294
307
|
it "should include the date" do
|
|
295
308
|
date = Time.now.httpdate
|
metadata
CHANGED
|
@@ -1,20 +1,15 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dnclabs-auth-hmac
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
segments:
|
|
7
|
-
- 1
|
|
8
|
-
- 1
|
|
9
|
-
- 1
|
|
10
|
-
- 2010090201
|
|
11
|
-
version: 1.1.1.2010090201
|
|
4
|
+
prerelease:
|
|
5
|
+
version: 1.1.1.2011051301
|
|
12
6
|
platform: ruby
|
|
13
7
|
authors:
|
|
14
8
|
- Sean Geoghegan
|
|
15
9
|
- ascarter
|
|
16
10
|
- Wes Morgan
|
|
17
11
|
- Adrian Cushman
|
|
12
|
+
- Dave Steinberg
|
|
18
13
|
autorequire:
|
|
19
14
|
bindir: bin
|
|
20
15
|
cert_chain: []
|
|
@@ -23,37 +18,49 @@ date: 2010-09-02 00:00:00 -04:00
|
|
|
23
18
|
default_executable:
|
|
24
19
|
dependencies:
|
|
25
20
|
- !ruby/object:Gem::Dependency
|
|
26
|
-
name:
|
|
21
|
+
name: hoe
|
|
27
22
|
prerelease: false
|
|
28
23
|
requirement: &id001 !ruby/object:Gem::Requirement
|
|
29
24
|
none: false
|
|
30
25
|
requirements:
|
|
31
26
|
- - ">="
|
|
32
27
|
- !ruby/object:Gem::Version
|
|
33
|
-
|
|
34
|
-
segments:
|
|
35
|
-
- 2
|
|
36
|
-
- 0
|
|
37
|
-
- 4
|
|
38
|
-
version: 2.0.4
|
|
28
|
+
version: 1.8.2
|
|
39
29
|
type: :development
|
|
40
30
|
version_requirements: *id001
|
|
41
31
|
- !ruby/object:Gem::Dependency
|
|
42
|
-
name:
|
|
32
|
+
name: rails
|
|
43
33
|
prerelease: false
|
|
44
34
|
requirement: &id002 !ruby/object:Gem::Requirement
|
|
45
35
|
none: false
|
|
46
36
|
requirements:
|
|
47
|
-
- - "
|
|
37
|
+
- - "="
|
|
48
38
|
- !ruby/object:Gem::Version
|
|
49
|
-
|
|
50
|
-
segments:
|
|
51
|
-
- 2
|
|
52
|
-
- 6
|
|
53
|
-
- 2
|
|
54
|
-
version: 2.6.2
|
|
39
|
+
version: 2.3.8
|
|
55
40
|
type: :development
|
|
56
41
|
version_requirements: *id002
|
|
42
|
+
- !ruby/object:Gem::Dependency
|
|
43
|
+
name: rspec
|
|
44
|
+
prerelease: false
|
|
45
|
+
requirement: &id003 !ruby/object:Gem::Requirement
|
|
46
|
+
none: false
|
|
47
|
+
requirements:
|
|
48
|
+
- - "="
|
|
49
|
+
- !ruby/object:Gem::Version
|
|
50
|
+
version: 1.3.1
|
|
51
|
+
type: :development
|
|
52
|
+
version_requirements: *id003
|
|
53
|
+
- !ruby/object:Gem::Dependency
|
|
54
|
+
name: ruby-debug19
|
|
55
|
+
prerelease: false
|
|
56
|
+
requirement: &id004 !ruby/object:Gem::Requirement
|
|
57
|
+
none: false
|
|
58
|
+
requirements:
|
|
59
|
+
- - ">="
|
|
60
|
+
- !ruby/object:Gem::Version
|
|
61
|
+
version: "0"
|
|
62
|
+
type: :development
|
|
63
|
+
version_requirements: *id004
|
|
57
64
|
description: A gem providing HMAC based authentication for HTTP. This is the DNC Labs fork.
|
|
58
65
|
email: innovationlab@dnc.org
|
|
59
66
|
executables: []
|
|
@@ -103,25 +110,19 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
103
110
|
requirements:
|
|
104
111
|
- - ">="
|
|
105
112
|
- !ruby/object:Gem::Version
|
|
106
|
-
hash: 3
|
|
107
|
-
segments:
|
|
108
|
-
- 0
|
|
109
113
|
version: "0"
|
|
110
114
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
111
115
|
none: false
|
|
112
116
|
requirements:
|
|
113
117
|
- - ">="
|
|
114
118
|
- !ruby/object:Gem::Version
|
|
115
|
-
hash: 3
|
|
116
|
-
segments:
|
|
117
|
-
- 0
|
|
118
119
|
version: "0"
|
|
119
120
|
requirements: []
|
|
120
121
|
|
|
121
|
-
rubyforge_project:
|
|
122
|
-
rubygems_version: 1.
|
|
122
|
+
rubyforge_project: auth-hmac
|
|
123
|
+
rubygems_version: 1.6.1
|
|
123
124
|
signing_key:
|
|
124
|
-
specification_version:
|
|
125
|
-
summary: A gem providing HMAC based authentication for HTTP
|
|
125
|
+
specification_version: 2
|
|
126
|
+
summary: A gem providing HMAC based authentication for HTTP
|
|
126
127
|
test_files: []
|
|
127
128
|
|