escher 0.4.3 → 2.0.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: dbb2c924f14cb51125c9a2248c3363c44db153f6
-  data.tar.gz: 01990347371ae73f6e51b9f82f1c8912fd99d656
+SHA256:
+  metadata.gz: b18ad0e7492749391a2d41baab5ba09033def7a7c1399ce8f9725cd9786eab98
+  data.tar.gz: 6ac12253dbf9cab09ffb66b60539edb33f0648ebc0c0b4c9c2b746157236f9af
 SHA512:
-  metadata.gz: 8627e0c6108b62f1ab72136bcd0f53362ec50af7cbffdbed37560b2d9ee55cd449e1c953445447e6d1c3774e09f46534b8e14e7a6efc386e1887965e3abe2e88
-  data.tar.gz: 8e7705c5395920085e166b1953db9433ad42db825acf1a733a4f70a6dfd640513f0f71034b115b1f1c8f6af5676a5293cdbccafefec4af40748bef7bf11e0097
+  metadata.gz: d1d465e795dab3645b727748ff4a2b0f00e448a214986c0c36c5abc9671d64f5aec2c7ad7275f38a8cca7729ca01a38fde3421697be5d2c91bfbc55365777e05
+  data.tar.gz: 5601a61b35a0700c80bbab5a42cc2e524643ae7aced341ad7073d17cb3cb51f3f333b811326aa519c19bee6f91bda7550881dfda53a84ee3689fddc41b694146

data/.github/workflows/ruby.yml

@@ -0,0 +1,33 @@
+name: Ruby
+
+on: [push]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        ruby-versions: ['2.6', '2.7', '3.0']
+
+    steps:
+    - uses: actions/checkout@v2
+    - uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: ${{ matrix.ruby-versions }}
+    - name: Checkout testsuite
+      run: ./scripts/checkout_test_suite.sh
+    - name: Install dependencies
+      run: bundle install
+    - name: Run tests
+      run: bundle exec rake
+    - name: Deploy
+      if : github.event_name == 'push' && startsWith(github.ref, 'refs/tags')
+      run: |
+          mkdir -p $HOME/.gem
+          touch $HOME/.gem/credentials
+          chmod 0600 $HOME/.gem/credentials
+          printf -- "---\n:rubygems_api_key: ${GEM_HOST_API_KEY}\n" > $HOME/.gem/credentials
+          gem build *.gemspec
+          gem push *.gem
+      env:
+        GEM_HOST_API_KEY: "${{secrets.RUBYGEMS_AUTH_TOKEN}}"

data/escher.gemspec

@@ -20,14 +20,14 @@ Gem::Specification.new do |spec|
 
   spec.required_ruby_version = '>= 1.9'
 
-  spec.add_development_dependency "bundler", "~> 1.6"
+  spec.add_development_dependency "bundler", "~> 2.2.20"
   spec.add_development_dependency "rails"
 
-  spec.add_development_dependency "rake", "~> 10"
-  spec.add_development_dependency "rspec", "~> 2"
+  spec.add_development_dependency "rake", "~> 13.0.6"
+  spec.add_development_dependency "rspec", "~> 3"
 
   spec.add_development_dependency "rack"
   spec.add_development_dependency "plissken"
 
-  spec.add_runtime_dependency "addressable", "~> 2.3"
+  spec.add_runtime_dependency "addressable", "~> 2.8.0"
 end

data/lib/escher/auth.rb

@@ -6,7 +6,7 @@ module Escher
       @algo_prefix = options[:algo_prefix] || 'ESR'
       @vendor_key = options[:vendor_key] || 'Escher'
       @hash_algo = options[:hash_algo] || 'SHA256'
-      @current_time = options[:current_time] || Time.now
+      @current_time = options[:current_time]
       @auth_header_name = options[:auth_header_name] || 'X-Escher-Auth'
       @date_header_name = options[:date_header_name] || 'X-Escher-Date'
       @clock_skew = options[:clock_skew] || 300
@@ -17,15 +17,17 @@ module Escher
 
 
     def sign!(req, client, headers_to_sign = [])
+      current_time = @current_time || Time.now
+
       headers_to_sign |= [@date_header_name.downcase, 'host']
 
       request = wrap_request req
       raise EscherError, 'The host header is missing' unless request.has_header? 'host'
 
-      request.set_header(@date_header_name.downcase, format_date_for_header) unless request.has_header? @date_header_name
+      request.set_header(@date_header_name.downcase, format_date_for_header(current_time)) unless request.has_header? @date_header_name
 
-      signature = generate_signature(client[:api_secret], request.body, request.headers, request.method, headers_to_sign, request.path, request.query_values)
-      request.set_header(@auth_header_name, "#{@algo_id} Credential=#{client[:api_key_id]}/#{short_date(@current_time)}/#{@credential_scope}, SignedHeaders=#{prepare_headers_to_sign headers_to_sign}, Signature=#{signature}")
+      signature = generate_signature(client[:api_secret], request.body, request.headers, request.method, headers_to_sign, request.path, request.query_values, current_time)
+      request.set_header(@auth_header_name, "#{@algo_id} Credential=#{client[:api_key_id]}/#{short_date(current_time)}/#{@credential_scope}, SignedHeaders=#{prepare_headers_to_sign headers_to_sign}, Signature=#{signature}")
 
       request.request
     end
@@ -44,6 +46,7 @@ module Escher
 
 
     def authenticate(req, key_db, mandatory_signed_headers = nil)
+      current_time = @current_time || Time.now
       request = wrap_request req
       method = request.method
       body = request.body
@@ -78,10 +81,9 @@ module Escher
       raise EscherError, 'Invalid Escher key' unless api_secret
       raise EscherError, 'Invalid hash algorithm, only SHA256 and SHA512 are allowed' unless %w(SHA256 SHA512).include?(algorithm)
       raise EscherError, 'The request method is invalid' unless valid_request_method?(method)
-      raise EscherError, "The request body shouldn't be empty if the request method is POST" if (method.upcase == 'POST' && body.empty?)
       raise EscherError, "The request url shouldn't contains http or https" if path.match /^https?:\/\//
       raise EscherError, 'Invalid date in authorization header, it should equal with date header' unless short_date(date) == short_date
-      raise EscherError, 'The request date is not within the accepted time range' unless is_date_within_range?(date, expires)
+      raise EscherError, 'The request date is not within the accepted time range' unless is_date_within_range?(date, expires, current_time)
       raise EscherError, 'Invalid Credential Scope' unless credential_scope == @credential_scope
       raise EscherError, 'The mandatorySignedHeaders parameter must be undefined or array of strings' unless mandatory_signed_headers_valid?(mandatory_signed_headers)
       raise EscherError, 'The host header is not signed' unless signed_headers.include? 'host'
@@ -94,7 +96,7 @@ module Escher
       raise EscherError, 'The date header is not signed' if !signature_from_query && !signed_headers.include?(@date_header_name.downcase)
 
       escher = reconfig(algorithm, credential_scope, date)
-      expected_signature = escher.generate_signature(api_secret, body, headers, method, signed_headers, path, query_parts)
+      expected_signature = escher.generate_signature(api_secret, body, headers, method, signed_headers, path, query_parts, date)
       raise EscherError, 'The signatures do not match' unless signature == expected_signature
       api_key_id
     end
@@ -116,6 +118,7 @@ module Escher
 
 
     def generate_signed_url(url_to_sign, client, expires = 86400)
+      current_time = @current_time || Time.now
       uri = Addressable::URI.parse(url_to_sign)
 
       if (not uri.port.nil?) && (uri.port != uri.default_port)
@@ -137,13 +140,13 @@ module Escher
       body = 'UNSIGNED-PAYLOAD'
       query_parts += [
         ['Algorithm', @algo_id],
-        ['Credentials', "#{client[:api_key_id]}/#{short_date(@current_time)}/#{@credential_scope}"],
-        ['Date', long_date(@current_time)],
+        ['Credentials', "#{client[:api_key_id]}/#{short_date(current_time)}/#{@credential_scope}"],
+        ['Date', long_date(current_time)],
         ['Expires', expires.to_s],
         ['SignedHeaders', headers_to_sign.join(';')],
       ].map { |k, v| query_pair(k, v) }
 
-      signature = generate_signature(client[:api_secret], body, headers, 'GET', headers_to_sign, path, query_parts)
+      signature = generate_signature(client[:api_secret], body, headers, 'GET', headers_to_sign, path, query_parts, current_time)
       query_parts_with_signature = (query_parts.map { |k, v| [uri_encode(k), uri_encode(v)] } << query_pair('Signature', signature))
       "#{uri.scheme}://#{host}#{path}?#{query_parts_with_signature.map { |k, v| k + '=' + v }.join('&')}#{(fragment === nil ? '' : '#' + fragment)}"
     end
@@ -189,11 +192,11 @@ module Escher
 
 
 
-    def generate_signature(api_secret, body, headers, method, signed_headers, path, query_parts)
+    def generate_signature(api_secret, body, headers, method, signed_headers, path, query_parts, current_time)
       canonicalized_request = canonicalize(method, path, query_parts, body, headers, signed_headers.uniq)
-      string_to_sign = get_string_to_sign(canonicalized_request)
+      string_to_sign = get_string_to_sign(canonicalized_request, current_time)
 
-      signing_key = OpenSSL::HMAC.digest(@algo, @algo_prefix + api_secret, short_date(@current_time))
+      signing_key = OpenSSL::HMAC.digest(@algo, @algo_prefix + api_secret, short_date(current_time))
       @credential_scope.split('/').each { |data|
         signing_key = OpenSSL::HMAC.digest(@algo, signing_key, data)
       }
@@ -203,8 +206,8 @@ module Escher
 
 
 
-    def format_date_for_header
-      @date_header_name.downcase == 'date' ? @current_time.utc.rfc2822.sub('-0000', 'GMT') : long_date(@current_time)
+    def format_date_for_header(current_time)
+      @date_header_name.downcase == 'date' ? current_time.utc.rfc2822.sub('-0000', 'GMT') : long_date(current_time)
     end
 
 
@@ -239,11 +242,11 @@ module Escher
 
 
 
-    def get_string_to_sign(canonicalized_request)
+    def get_string_to_sign(canonicalized_request, current_time)
       [
         @algo_id,
-        long_date(@current_time),
-        short_date(@current_time) + '/' + @credential_scope,
+        long_date(current_time),
+        short_date(current_time) + '/' + @credential_scope,
         @algo.new.hexdigest(canonicalized_request)
       ].join("\n")
     end
@@ -255,7 +258,7 @@ module Escher
         when 'SHA256'
           @algo = OpenSSL::Digest::SHA256.new
         when 'SHA512'
-          @algo = OpenSSL::Digest::SHA521.new
+          @algo = OpenSSL::Digest::SHA512.new
         else
           raise EscherError, 'Unidentified hash algorithm'
       end
@@ -275,8 +278,8 @@ module Escher
 
 
 
-    def is_date_within_range?(request_date, expires)
-      (request_date - @clock_skew .. request_date + expires + @clock_skew).cover? @current_time
+    def is_date_within_range?(request_date, expires, current_time)
+      (request_date - @clock_skew .. request_date + expires + @clock_skew).cover? current_time
     end
 
 

data/lib/escher/request/factory.rb

@@ -6,7 +6,7 @@ module Escher
         case request
 
           when defined?(ActionDispatch::Request) && ActionDispatch::Request
-            ActionDispatchRequest.new(request)
+            RackRequest.new(Rack::Request.new(request.env))
 
           when defined?(Rack::Request) && Rack::Request
             RackRequest.new(request)

data/lib/escher/request.rb

@@ -6,7 +6,6 @@ module Escher::Request
   require 'escher/request/hash_request'
   require 'escher/request/rack_request'
   require 'escher/request/legacy_request'
-  require 'escher/request/action_dispatch_request'
 
   require 'escher/request/factory'
 

data/lib/escher/version.rb

@@ -1,3 +1,3 @@
 module Escher
-  VERSION = '0.4.3'
+  VERSION = '2.0.2'
 end

data/repo-info.json

@@ -0,0 +1,7 @@
+{
+   "is_in_production": false,
+   "is_scannable": true,
+   "is_critical": false,
+   "contact": "G-GSUITE-Security@emarsys.com",
+   "hosted": null
+}

data/spec/emarsys_test_suite_spec.rb

@@ -35,11 +35,5 @@ module Escher
         expect(request).to eq(test_case.expected_request)
       end
     end
-
-
-    xspecify "every case in the test suite is being used" do
-      expect(::EmarsysTestSuiteHelpers::TestSuite.in_use_size).to eq ::EmarsysTestSuiteHelpers::TestSuite.size
-    end
-
   end
 end

data/spec/escher/auth_spec.rb

@@ -101,7 +101,7 @@ module Escher
           headers_to_sign = headers.map { |k| k[0].downcase }
           path, query_parts = escher.parse_uri(request_uri)
           canonicalized_request = escher.canonicalize(method, path, query_parts, body, headers, headers_to_sign)
-          string_to_sign = escher.get_string_to_sign(canonicalized_request)
+          string_to_sign = escher.get_string_to_sign(canonicalized_request, Time.parse(date))
           expect(string_to_sign).to eq(fixture(suite, test, 'sts'))
         end
       end
@@ -484,7 +484,7 @@ module Escher
 
     it 'should convert dates' do
       date_str = 'Fri, 09 Sep 2011 23:36:00 GMT'
-      expect(described_class.new('irrelevant', date_header_name: 'date', current_time: Time.parse(date_str)).format_date_for_header).to eq date_str
+      expect(described_class.new('irrelevant', date_header_name: 'date', current_time: Time.parse(date_str)).format_date_for_header(Time.parse(date_str))).to eq date_str
     end
 
 

data/spec/escher/request/factory_spec.rb

@@ -7,19 +7,31 @@ require 'action_dispatch'
 describe Escher::Request::Factory do
 
   describe ".from_request" do
+    request_env = {Rack::PATH_INFO.to_s => "request-path"}
+
     {
 
-        {uri: "request uri"} => Escher::Request::HashRequest,
-        Struct.new(:uri) => Escher::Request::LegacyRequest,
-        Rack::Request.new({}) => Escher::Request::RackRequest,
-        ActionDispatch::Request.new({}) => Escher::Request::ActionDispatchRequest
+      {uri: "request-path"} => Escher::Request::HashRequest,
+      Struct.new("Request", :uri).new("request-path") => Escher::Request::LegacyRequest,
+      Rack::Request.new(request_env) => Escher::Request::RackRequest,
+      ActionDispatch::Request.new(request_env) => Escher::Request::RackRequest
 
     }.each do |request, expected_class|
 
-      it "should return a #{expected_class.name} when the request to be wrapped is a #{request.class.name}" do
-        expect(expected_class).to receive(:new).with(request).and_return "#{expected_class.name} wrapping request"
+      context "the request to be wrapped is a #{request.class.name}" do
+
+        it "returns a #{expected_class.name}" do
+          wrapped_request = described_class.from_request request
+
+          expect(wrapped_request).to be_an_instance_of expected_class
+        end
+
+        it "wraps the path from the original request" do
+          wrapped_request = described_class.from_request request
+
+          expect(wrapped_request.path).to eq "request-path"
+        end
 
-        expect(described_class.from_request request).to eq "#{expected_class.name} wrapping request"
       end
 
     end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: escher
 version: !ruby/object:Gem::Version
-  version: 0.4.3
+  version: 2.0.2
 platform: ruby
 authors:
 - Andras Barthazi
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-11-25 00:00:00.000000000 Z
+date: 2021-08-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.6'
+        version: 2.2.20
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.6'
+        version: 2.2.20
 - !ruby/object:Gem::Dependency
   name: rails
   requirement: !ruby/object:Gem::Requirement
@@ -44,28 +44,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10'
+        version: 13.0.6
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10'
+        version: 13.0.6
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2'
+        version: '3'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2'
+        version: '3'
 - !ruby/object:Gem::Dependency
   name: rack
   requirement: !ruby/object:Gem::Requirement
@@ -100,14 +100,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.3'
+        version: 2.8.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.3'
+        version: 2.8.0
 description: Escher helps you creating secure HTTP requests (for APIs) by signing
   HTTP(s) requests.
 email:
@@ -116,8 +116,8 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/workflows/ruby.yml"
 - ".gitignore"
-- ".travis.yml"
 - Gemfile
 - LICENSE
 - README.md
@@ -127,7 +127,6 @@ files:
 - lib/escher/auth.rb
 - lib/escher/escher_error.rb
 - lib/escher/request.rb
-- lib/escher/request/action_dispatch_request.rb
 - lib/escher/request/base.rb
 - lib/escher/request/dci.rb
 - lib/escher/request/dci/rack_env.rb
@@ -136,6 +135,7 @@ files:
 - lib/escher/request/legacy_request.rb
 - lib/escher/request/rack_request.rb
 - lib/escher/version.rb
+- repo-info.json
 - scripts/checkout_test_suite.sh
 - spec/aws4_testsuite/get-header-key-duplicate.authz
 - spec/aws4_testsuite/get-header-key-duplicate.creq
@@ -315,7 +315,6 @@ files:
 - spec/emarsys_testsuite/post-header-value-spaces.sreq
 - spec/emarsys_testsuite/post-header-value-spaces.sts
 - spec/escher/auth_spec.rb
-- spec/escher/request/action_dispatch_request_spec.rb
 - spec/escher/request/factory_spec.rb
 - spec/escher/request/hash_request_spec.rb
 - spec/escher/request/rack_request_spec.rb
@@ -342,8 +341,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.5.1
+rubygems_version: 3.2.22
 signing_key: 
 specification_version: 4
 summary: Library for HTTP request signing (Ruby implementation)
@@ -526,7 +524,6 @@ test_files:
 - spec/emarsys_testsuite/post-header-value-spaces.sreq
 - spec/emarsys_testsuite/post-header-value-spaces.sts
 - spec/escher/auth_spec.rb
-- spec/escher/request/action_dispatch_request_spec.rb
 - spec/escher/request/factory_spec.rb
 - spec/escher/request/hash_request_spec.rb
 - spec/escher/request/rack_request_spec.rb

data/.travis.yml

@@ -1,5 +0,0 @@
-language: ruby
-rvm:
-  - 2.2.3
-  - 2.3.0
-before_script: ./scripts/checkout_test_suite.sh

data/lib/escher/request/action_dispatch_request.rb

@@ -1,47 +0,0 @@
-module Escher
-  module Request
-    class ActionDispatchRequest < Base
-
-      include Escher::Request::DCI::RackEnv
-
-      def headers
-        get_headers_by_rack_env(request.env)
-      end
-
-
-
-      def method
-        request.request_method
-      end
-
-
-
-      def body
-        case request.body
-        when StringIO
-          request.body.string
-        else
-          request.body.to_s
-        end
-      end
-
-
-
-      def path
-        request.env['REQUEST_PATH'] || request.path
-      end
-
-
-
-      def query_values
-        Addressable::URI.new(:query => request.env['QUERY_STRING']).query_values(Array) or []
-      end
-
-
-
-      def set_header(header_name, value)
-      end
-
-    end
-  end
-end

data/spec/escher/request/action_dispatch_request_spec.rb

@@ -1,120 +0,0 @@
-require 'spec_helper'
-
-require 'action_dispatch'
-
-describe Escher::Request::ActionDispatchRequest do
-
-  let(:request_params) { {"PATH_INFO" => "/", } }
-  let(:request) { ActionDispatch::Request.new(request_params) }
-
-  subject { described_class.new request }
-
-  describe "#request" do
-    it "should return the underlying request object" do
-      expect(subject.request).to eq request
-    end
-  end
-
-
-  describe "#headers" do
-    it "should return only the HTTP request headers" do
-      request_params.merge! 'HTTP_HOST' => 'some host',
-                            'SOME_HEADER' => 'some header'
-
-      expect(subject.headers).to eq [['HOST', 'some host']]
-    end
-
-    it "should replace underscores with dashes in the header name" do
-      request_params.merge! 'HTTP_HOST_NAME' => 'some host'
-
-      expect(subject.headers).to eq [['HOST-NAME', 'some host']]
-    end
-
-    it 'should add the content-type and content-length to the headers' do
-      request_params.merge!( 'CONTENT_LENGTH' => '123', 'CONTENT_TYPE' => 'text/plain' )
-
-      expect(subject.headers).to eq [%w(CONTENT-LENGTH 123), %w(CONTENT-TYPE text/plain)]
-    end
-  end
-
-
-  describe "#has_header?" do
-    it "should return true if request has specified header, false otherwise" do
-      request_params.merge! 'HTTP_HOST_NAME' => 'some host'
-
-      expect(subject.has_header? 'host-name').to be_truthy
-      expect(subject.has_header? 'no-such-header').to be_falsey
-    end
-  end
-
-
-  describe "#header" do
-    it "should return the value for the requested header" do
-      request_params.merge! 'HTTP_HOST' => 'some host'
-
-      expect(subject.header 'host').to eq 'some host'
-    end
-
-    it "should return nil if no such header exists" do
-      expect(subject.header 'host').to be_nil
-    end
-  end
-
-
-  describe "#method" do
-    it "should return the request method" do
-      request_params.merge! 'REQUEST_METHOD' => 'GET'
-
-      expect(subject.method).to eq 'GET'
-    end
-  end
-
-
-  describe "#body" do
-    it "should return the request body" do
-      request_params.merge! 'rack.input' => 'request body'
-
-      expect(subject.body).to eq 'request body'
-    end
-
-    it "should return empty string for no body" do
-      expect(subject.body).to eq ''
-    end
-  end
-
-
-  describe "#path" do
-    it "should return the request path" do
-      request_params.merge! 'REQUEST_PATH' => '/resources/id///'
-
-      expect(subject.path).to eq '/resources/id///'
-    end
-  end
-
-
-  describe "#query_values" do
-    it "should return the request query parameters as an array of key-value pairs" do
-      request_params.merge! 'QUERY_STRING' => 'search=query&param=value'
-
-      expect(subject.query_values).to eq [['search', 'query'], ['param', 'value']]
-    end
-
-    it "should return the query parameters regardless of fragments" do
-      request_params.merge! 'QUERY_STRING' => "@\#$%^&+=/,?><`\";:\\|][{}"
-
-      expect(subject.query_values).to eq [["@\#$%^"], ["+", "/,?><`\";:\\|][{}"]]
-    end
-
-    it "should return an empty array if the request has no query parameters" do
-      expect(subject.query_values).to eq []
-    end
-  end
-
-
-  describe "#set_header" do
-    it "should ignore calls" do
-      expect { subject.set_header 'test-header', 'test value' }.not_to raise_error
-    end
-  end
-
-end