dnclabs-auth-hmac 1.1.1.2010090201 → 1.1.1.2011051301

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. data/lib/auth-hmac.rb +20 -4
  2. data/spec/auth-hmac_spec.rb +13 -0
  3. metadata +34 -33
@@ -7,7 +7,6 @@ $:.unshift(File.dirname(__FILE__)) unless
7
7
  $:.include?(File.dirname(__FILE__)) || $:.include?(File.expand_path(File.dirname(__FILE__)))
8
8
 
9
9
  require 'openssl'
10
- require 'base64'
11
10
 
12
11
  # This module provides a HMAC Authentication method for HTTP requests. It should work with
13
12
  # net/http request classes and CGIRequest classes and hence Rails.
@@ -95,8 +94,15 @@ class AuthHMAC
95
94
 
96
95
  def header_values(request)
97
96
  headers = headers(request)
97
+ md5 = content_md5(headers)
98
+
99
+ if md5.nil? && ! request_body(request).blank?
100
+ md5 = generate_content_md5(request)
101
+ headers['Content-MD5'] = md5
102
+ end
103
+
98
104
  [ content_type(headers),
99
- (content_md5(headers) or (request.body.blank? ? '' : headers['Content-MD5'] = generate_content_md5(request))),
105
+ md5,
100
106
  (date(headers) or headers['Date'] = Time.now.utc.httpdate)
101
107
  ].join("\n")
102
108
  end
@@ -114,7 +120,17 @@ class AuthHMAC
114
120
  end
115
121
 
116
122
  def generate_content_md5(request)
117
- OpenSSL::Digest::MD5.hexdigest(request.body)
123
+ OpenSSL::Digest::MD5.hexdigest(request_body(request))
124
+ end
125
+
126
+ def request_body(request)
127
+ if request.body.respond_to? :read
128
+ body = request.body.read
129
+ request.body.rewind
130
+ body
131
+ else
132
+ body = request.body
133
+ end
118
134
  end
119
135
 
120
136
  def request_path(request, authenticate_referrer)
@@ -247,7 +263,7 @@ class AuthHMAC
247
263
 
248
264
  def signature(request, secret)
249
265
  digest = OpenSSL::Digest::Digest.new('sha1')
250
- Base64.encode64(OpenSSL::HMAC.digest(digest, secret, canonical_string(request, @authenticate_referrer))).strip
266
+ [OpenSSL::HMAC.digest(digest, secret, canonical_string(request, @authenticate_referrer))].pack('m').strip
251
267
  end
252
268
 
253
269
  def canonical_string(request, authenticate_referrer=false)
@@ -286,10 +286,23 @@ describe AuthHMAC do
286
286
  AuthHMAC::CanonicalString.new(request).should match(/#{content_md5}/)
287
287
  end
288
288
 
289
+ it "should generate the content-md5 from a rack-compatible body object" do
290
+ body_str = "foo=bar&baz=qux"
291
+ request = Net::HTTP::Put.new("/")
292
+ request.body = mock("Body", :read => body_str, :rewind => nil, :to_str => body_str)
293
+ content_md5 = OpenSSL::Digest::MD5.hexdigest(request.body)
294
+ AuthHMAC::CanonicalString.new(request).should match(/#{content_md5}/)
295
+ end
296
+
289
297
  it "should not generate a content-md5 when there is no request body" do
290
298
  request = Net::HTTP::Get.new("/")
291
299
  AuthHMAC::CanonicalString.new(request).should match(/^GET\n\n\n/)
292
300
  end
301
+
302
+ it "should not generate a content-md5 when there is no request body on POST requests" do
303
+ request = Net::HTTP::Post.new("/")
304
+ AuthHMAC::CanonicalString.new(request).should match(/^POST\n\n\n/)
305
+ end
293
306
 
294
307
  it "should include the date" do
295
308
  date = Time.now.httpdate
metadata CHANGED
@@ -1,20 +1,15 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dnclabs-auth-hmac
3
3
  version: !ruby/object:Gem::Version
4
- hash: 4020180449
5
- prerelease: false
6
- segments:
7
- - 1
8
- - 1
9
- - 1
10
- - 2010090201
11
- version: 1.1.1.2010090201
4
+ prerelease:
5
+ version: 1.1.1.2011051301
12
6
  platform: ruby
13
7
  authors:
14
8
  - Sean Geoghegan
15
9
  - ascarter
16
10
  - Wes Morgan
17
11
  - Adrian Cushman
12
+ - Dave Steinberg
18
13
  autorequire:
19
14
  bindir: bin
20
15
  cert_chain: []
@@ -23,37 +18,49 @@ date: 2010-09-02 00:00:00 -04:00
23
18
  default_executable:
24
19
  dependencies:
25
20
  - !ruby/object:Gem::Dependency
26
- name: rubyforge
21
+ name: hoe
27
22
  prerelease: false
28
23
  requirement: &id001 !ruby/object:Gem::Requirement
29
24
  none: false
30
25
  requirements:
31
26
  - - ">="
32
27
  - !ruby/object:Gem::Version
33
- hash: 7
34
- segments:
35
- - 2
36
- - 0
37
- - 4
38
- version: 2.0.4
28
+ version: 1.8.2
39
29
  type: :development
40
30
  version_requirements: *id001
41
31
  - !ruby/object:Gem::Dependency
42
- name: hoe
32
+ name: rails
43
33
  prerelease: false
44
34
  requirement: &id002 !ruby/object:Gem::Requirement
45
35
  none: false
46
36
  requirements:
47
- - - ">="
37
+ - - "="
48
38
  - !ruby/object:Gem::Version
49
- hash: 19
50
- segments:
51
- - 2
52
- - 6
53
- - 2
54
- version: 2.6.2
39
+ version: 2.3.8
55
40
  type: :development
56
41
  version_requirements: *id002
42
+ - !ruby/object:Gem::Dependency
43
+ name: rspec
44
+ prerelease: false
45
+ requirement: &id003 !ruby/object:Gem::Requirement
46
+ none: false
47
+ requirements:
48
+ - - "="
49
+ - !ruby/object:Gem::Version
50
+ version: 1.3.1
51
+ type: :development
52
+ version_requirements: *id003
53
+ - !ruby/object:Gem::Dependency
54
+ name: ruby-debug19
55
+ prerelease: false
56
+ requirement: &id004 !ruby/object:Gem::Requirement
57
+ none: false
58
+ requirements:
59
+ - - ">="
60
+ - !ruby/object:Gem::Version
61
+ version: "0"
62
+ type: :development
63
+ version_requirements: *id004
57
64
  description: A gem providing HMAC based authentication for HTTP. This is the DNC Labs fork.
58
65
  email: innovationlab@dnc.org
59
66
  executables: []
@@ -103,25 +110,19 @@ required_ruby_version: !ruby/object:Gem::Requirement
103
110
  requirements:
104
111
  - - ">="
105
112
  - !ruby/object:Gem::Version
106
- hash: 3
107
- segments:
108
- - 0
109
113
  version: "0"
110
114
  required_rubygems_version: !ruby/object:Gem::Requirement
111
115
  none: false
112
116
  requirements:
113
117
  - - ">="
114
118
  - !ruby/object:Gem::Version
115
- hash: 3
116
- segments:
117
- - 0
118
119
  version: "0"
119
120
  requirements: []
120
121
 
121
- rubyforge_project: ""
122
- rubygems_version: 1.3.7
122
+ rubyforge_project: auth-hmac
123
+ rubygems_version: 1.6.1
123
124
  signing_key:
124
- specification_version: 3
125
- summary: A gem providing HMAC based authentication for HTTP. This is the DNC Labs fork.
125
+ specification_version: 2
126
+ summary: A gem providing HMAC based authentication for HTTP
126
127
  test_files: []
127
128