dnclabs-auth-hmac 1.1.1.2010090201 → 1.1.1.2011051301

Sign up to get free protection for your applications and to get access to all the features.
Files changed (3) hide show
  1. data/lib/auth-hmac.rb +20 -4
  2. data/spec/auth-hmac_spec.rb +13 -0
  3. metadata +34 -33
@@ -7,7 +7,6 @@ $:.unshift(File.dirname(__FILE__)) unless
7
7
  $:.include?(File.dirname(__FILE__)) || $:.include?(File.expand_path(File.dirname(__FILE__)))
8
8
 
9
9
  require 'openssl'
10
- require 'base64'
11
10
 
12
11
  # This module provides a HMAC Authentication method for HTTP requests. It should work with
13
12
  # net/http request classes and CGIRequest classes and hence Rails.
@@ -95,8 +94,15 @@ class AuthHMAC
95
94
 
96
95
  def header_values(request)
97
96
  headers = headers(request)
97
+ md5 = content_md5(headers)
98
+
99
+ if md5.nil? && ! request_body(request).blank?
100
+ md5 = generate_content_md5(request)
101
+ headers['Content-MD5'] = md5
102
+ end
103
+
98
104
  [ content_type(headers),
99
- (content_md5(headers) or (request.body.blank? ? '' : headers['Content-MD5'] = generate_content_md5(request))),
105
+ md5,
100
106
  (date(headers) or headers['Date'] = Time.now.utc.httpdate)
101
107
  ].join("\n")
102
108
  end
@@ -114,7 +120,17 @@ class AuthHMAC
114
120
  end
115
121
 
116
122
  def generate_content_md5(request)
117
- OpenSSL::Digest::MD5.hexdigest(request.body)
123
+ OpenSSL::Digest::MD5.hexdigest(request_body(request))
124
+ end
125
+
126
+ def request_body(request)
127
+ if request.body.respond_to? :read
128
+ body = request.body.read
129
+ request.body.rewind
130
+ body
131
+ else
132
+ body = request.body
133
+ end
118
134
  end
119
135
 
120
136
  def request_path(request, authenticate_referrer)
@@ -247,7 +263,7 @@ class AuthHMAC
247
263
 
248
264
  def signature(request, secret)
249
265
  digest = OpenSSL::Digest::Digest.new('sha1')
250
- Base64.encode64(OpenSSL::HMAC.digest(digest, secret, canonical_string(request, @authenticate_referrer))).strip
266
+ [OpenSSL::HMAC.digest(digest, secret, canonical_string(request, @authenticate_referrer))].pack('m').strip
251
267
  end
252
268
 
253
269
  def canonical_string(request, authenticate_referrer=false)
@@ -286,10 +286,23 @@ describe AuthHMAC do
286
286
  AuthHMAC::CanonicalString.new(request).should match(/#{content_md5}/)
287
287
  end
288
288
 
289
+ it "should generate the content-md5 from a rack-compatible body object" do
290
+ body_str = "foo=bar&baz=qux"
291
+ request = Net::HTTP::Put.new("/")
292
+ request.body = mock("Body", :read => body_str, :rewind => nil, :to_str => body_str)
293
+ content_md5 = OpenSSL::Digest::MD5.hexdigest(request.body)
294
+ AuthHMAC::CanonicalString.new(request).should match(/#{content_md5}/)
295
+ end
296
+
289
297
  it "should not generate a content-md5 when there is no request body" do
290
298
  request = Net::HTTP::Get.new("/")
291
299
  AuthHMAC::CanonicalString.new(request).should match(/^GET\n\n\n/)
292
300
  end
301
+
302
+ it "should not generate a content-md5 when there is no request body on POST requests" do
303
+ request = Net::HTTP::Post.new("/")
304
+ AuthHMAC::CanonicalString.new(request).should match(/^POST\n\n\n/)
305
+ end
293
306
 
294
307
  it "should include the date" do
295
308
  date = Time.now.httpdate
metadata CHANGED
@@ -1,20 +1,15 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dnclabs-auth-hmac
3
3
  version: !ruby/object:Gem::Version
4
- hash: 4020180449
5
- prerelease: false
6
- segments:
7
- - 1
8
- - 1
9
- - 1
10
- - 2010090201
11
- version: 1.1.1.2010090201
4
+ prerelease:
5
+ version: 1.1.1.2011051301
12
6
  platform: ruby
13
7
  authors:
14
8
  - Sean Geoghegan
15
9
  - ascarter
16
10
  - Wes Morgan
17
11
  - Adrian Cushman
12
+ - Dave Steinberg
18
13
  autorequire:
19
14
  bindir: bin
20
15
  cert_chain: []
@@ -23,37 +18,49 @@ date: 2010-09-02 00:00:00 -04:00
23
18
  default_executable:
24
19
  dependencies:
25
20
  - !ruby/object:Gem::Dependency
26
- name: rubyforge
21
+ name: hoe
27
22
  prerelease: false
28
23
  requirement: &id001 !ruby/object:Gem::Requirement
29
24
  none: false
30
25
  requirements:
31
26
  - - ">="
32
27
  - !ruby/object:Gem::Version
33
- hash: 7
34
- segments:
35
- - 2
36
- - 0
37
- - 4
38
- version: 2.0.4
28
+ version: 1.8.2
39
29
  type: :development
40
30
  version_requirements: *id001
41
31
  - !ruby/object:Gem::Dependency
42
- name: hoe
32
+ name: rails
43
33
  prerelease: false
44
34
  requirement: &id002 !ruby/object:Gem::Requirement
45
35
  none: false
46
36
  requirements:
47
- - - ">="
37
+ - - "="
48
38
  - !ruby/object:Gem::Version
49
- hash: 19
50
- segments:
51
- - 2
52
- - 6
53
- - 2
54
- version: 2.6.2
39
+ version: 2.3.8
55
40
  type: :development
56
41
  version_requirements: *id002
42
+ - !ruby/object:Gem::Dependency
43
+ name: rspec
44
+ prerelease: false
45
+ requirement: &id003 !ruby/object:Gem::Requirement
46
+ none: false
47
+ requirements:
48
+ - - "="
49
+ - !ruby/object:Gem::Version
50
+ version: 1.3.1
51
+ type: :development
52
+ version_requirements: *id003
53
+ - !ruby/object:Gem::Dependency
54
+ name: ruby-debug19
55
+ prerelease: false
56
+ requirement: &id004 !ruby/object:Gem::Requirement
57
+ none: false
58
+ requirements:
59
+ - - ">="
60
+ - !ruby/object:Gem::Version
61
+ version: "0"
62
+ type: :development
63
+ version_requirements: *id004
57
64
  description: A gem providing HMAC based authentication for HTTP. This is the DNC Labs fork.
58
65
  email: innovationlab@dnc.org
59
66
  executables: []
@@ -103,25 +110,19 @@ required_ruby_version: !ruby/object:Gem::Requirement
103
110
  requirements:
104
111
  - - ">="
105
112
  - !ruby/object:Gem::Version
106
- hash: 3
107
- segments:
108
- - 0
109
113
  version: "0"
110
114
  required_rubygems_version: !ruby/object:Gem::Requirement
111
115
  none: false
112
116
  requirements:
113
117
  - - ">="
114
118
  - !ruby/object:Gem::Version
115
- hash: 3
116
- segments:
117
- - 0
118
119
  version: "0"
119
120
  requirements: []
120
121
 
121
- rubyforge_project: ""
122
- rubygems_version: 1.3.7
122
+ rubyforge_project: auth-hmac
123
+ rubygems_version: 1.6.1
123
124
  signing_key:
124
- specification_version: 3
125
- summary: A gem providing HMAC based authentication for HTTP. This is the DNC Labs fork.
125
+ specification_version: 2
126
+ summary: A gem providing HMAC based authentication for HTTP
126
127
  test_files: []
127
128