escher 1.0.2 → 2.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/escher/auth.rb +20 -16
- data/lib/escher/version.rb +1 -1
- data/spec/emarsys_test_suite_spec.rb +0 -6
- data/spec/escher/auth_spec.rb +2 -2
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 0e9adef418399b017241a5708d72d6534986e864521e207c2e97e540882f9e77
|
|
4
|
+
data.tar.gz: 9a3f0b959bdf4de1ae44a15d611e6210e08239f1cbb30e3a11e61313e0b2d344
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: fbca5bfd946d189c4ce3c86fa1d04eaa186ac286e989c63ab732bd121d0075944ea402f68963eee5ea8be49c447450d322ed39a29be00f4514417942c368003a
|
|
7
|
+
data.tar.gz: 5a8c876bbcaf5128f49e9f6a0e639be263597ebbbf241ef56b67a35e07bb7758a2d32a509d4fd435d66a7eecddadf699775c71e5dd400d98bb193e85c8d4b3b5
|
data/lib/escher/auth.rb
CHANGED
|
@@ -17,15 +17,17 @@ module Escher
|
|
|
17
17
|
|
|
18
18
|
|
|
19
19
|
def sign!(req, client, headers_to_sign = [])
|
|
20
|
+
current_time = @current_time || Time.now
|
|
21
|
+
|
|
20
22
|
headers_to_sign |= [@date_header_name.downcase, 'host']
|
|
21
23
|
|
|
22
24
|
request = wrap_request req
|
|
23
25
|
raise EscherError, 'The host header is missing' unless request.has_header? 'host'
|
|
24
26
|
|
|
25
|
-
request.set_header(@date_header_name.downcase, format_date_for_header) unless request.has_header? @date_header_name
|
|
27
|
+
request.set_header(@date_header_name.downcase, format_date_for_header(current_time)) unless request.has_header? @date_header_name
|
|
26
28
|
|
|
27
|
-
signature = generate_signature(client[:api_secret], request.body, request.headers, request.method, headers_to_sign, request.path, request.query_values)
|
|
28
|
-
request.set_header(@auth_header_name, "#{@algo_id} Credential=#{client[:api_key_id]}/#{short_date(
|
|
29
|
+
signature = generate_signature(client[:api_secret], request.body, request.headers, request.method, headers_to_sign, request.path, request.query_values, current_time)
|
|
30
|
+
request.set_header(@auth_header_name, "#{@algo_id} Credential=#{client[:api_key_id]}/#{short_date(current_time)}/#{@credential_scope}, SignedHeaders=#{prepare_headers_to_sign headers_to_sign}, Signature=#{signature}")
|
|
29
31
|
|
|
30
32
|
request.request
|
|
31
33
|
end
|
|
@@ -44,6 +46,7 @@ module Escher
|
|
|
44
46
|
|
|
45
47
|
|
|
46
48
|
def authenticate(req, key_db, mandatory_signed_headers = nil)
|
|
49
|
+
current_time = @current_time || Time.now
|
|
47
50
|
request = wrap_request req
|
|
48
51
|
method = request.method
|
|
49
52
|
body = request.body
|
|
@@ -80,7 +83,7 @@ module Escher
|
|
|
80
83
|
raise EscherError, 'The request method is invalid' unless valid_request_method?(method)
|
|
81
84
|
raise EscherError, "The request url shouldn't contains http or https" if path.match /^https?:\/\//
|
|
82
85
|
raise EscherError, 'Invalid date in authorization header, it should equal with date header' unless short_date(date) == short_date
|
|
83
|
-
raise EscherError, 'The request date is not within the accepted time range' unless is_date_within_range?(date, expires,
|
|
86
|
+
raise EscherError, 'The request date is not within the accepted time range' unless is_date_within_range?(date, expires, current_time)
|
|
84
87
|
raise EscherError, 'Invalid Credential Scope' unless credential_scope == @credential_scope
|
|
85
88
|
raise EscherError, 'The mandatorySignedHeaders parameter must be undefined or array of strings' unless mandatory_signed_headers_valid?(mandatory_signed_headers)
|
|
86
89
|
raise EscherError, 'The host header is not signed' unless signed_headers.include? 'host'
|
|
@@ -93,7 +96,7 @@ module Escher
|
|
|
93
96
|
raise EscherError, 'The date header is not signed' if !signature_from_query && !signed_headers.include?(@date_header_name.downcase)
|
|
94
97
|
|
|
95
98
|
escher = reconfig(algorithm, credential_scope, date)
|
|
96
|
-
expected_signature = escher.generate_signature(api_secret, body, headers, method, signed_headers, path, query_parts)
|
|
99
|
+
expected_signature = escher.generate_signature(api_secret, body, headers, method, signed_headers, path, query_parts, date)
|
|
97
100
|
raise EscherError, 'The signatures do not match' unless signature == expected_signature
|
|
98
101
|
api_key_id
|
|
99
102
|
end
|
|
@@ -115,6 +118,7 @@ module Escher
|
|
|
115
118
|
|
|
116
119
|
|
|
117
120
|
def generate_signed_url(url_to_sign, client, expires = 86400)
|
|
121
|
+
current_time = @current_time || Time.now
|
|
118
122
|
uri = Addressable::URI.parse(url_to_sign)
|
|
119
123
|
|
|
120
124
|
if (not uri.port.nil?) && (uri.port != uri.default_port)
|
|
@@ -136,13 +140,13 @@ module Escher
|
|
|
136
140
|
body = 'UNSIGNED-PAYLOAD'
|
|
137
141
|
query_parts += [
|
|
138
142
|
['Algorithm', @algo_id],
|
|
139
|
-
['Credentials', "#{client[:api_key_id]}/#{short_date(
|
|
140
|
-
['Date', long_date(
|
|
143
|
+
['Credentials', "#{client[:api_key_id]}/#{short_date(current_time)}/#{@credential_scope}"],
|
|
144
|
+
['Date', long_date(current_time)],
|
|
141
145
|
['Expires', expires.to_s],
|
|
142
146
|
['SignedHeaders', headers_to_sign.join(';')],
|
|
143
147
|
].map { |k, v| query_pair(k, v) }
|
|
144
148
|
|
|
145
|
-
signature = generate_signature(client[:api_secret], body, headers, 'GET', headers_to_sign, path, query_parts)
|
|
149
|
+
signature = generate_signature(client[:api_secret], body, headers, 'GET', headers_to_sign, path, query_parts, current_time)
|
|
146
150
|
query_parts_with_signature = (query_parts.map { |k, v| [uri_encode(k), uri_encode(v)] } << query_pair('Signature', signature))
|
|
147
151
|
"#{uri.scheme}://#{host}#{path}?#{query_parts_with_signature.map { |k, v| k + '=' + v }.join('&')}#{(fragment === nil ? '' : '#' + fragment)}"
|
|
148
152
|
end
|
|
@@ -188,11 +192,11 @@ module Escher
|
|
|
188
192
|
|
|
189
193
|
|
|
190
194
|
|
|
191
|
-
def generate_signature(api_secret, body, headers, method, signed_headers, path, query_parts)
|
|
195
|
+
def generate_signature(api_secret, body, headers, method, signed_headers, path, query_parts, current_time)
|
|
192
196
|
canonicalized_request = canonicalize(method, path, query_parts, body, headers, signed_headers.uniq)
|
|
193
|
-
string_to_sign = get_string_to_sign(canonicalized_request)
|
|
197
|
+
string_to_sign = get_string_to_sign(canonicalized_request, current_time)
|
|
194
198
|
|
|
195
|
-
signing_key = OpenSSL::HMAC.digest(@algo, @algo_prefix + api_secret, short_date(
|
|
199
|
+
signing_key = OpenSSL::HMAC.digest(@algo, @algo_prefix + api_secret, short_date(current_time))
|
|
196
200
|
@credential_scope.split('/').each { |data|
|
|
197
201
|
signing_key = OpenSSL::HMAC.digest(@algo, signing_key, data)
|
|
198
202
|
}
|
|
@@ -202,8 +206,8 @@ module Escher
|
|
|
202
206
|
|
|
203
207
|
|
|
204
208
|
|
|
205
|
-
def format_date_for_header
|
|
206
|
-
@date_header_name.downcase == 'date' ?
|
|
209
|
+
def format_date_for_header(current_time)
|
|
210
|
+
@date_header_name.downcase == 'date' ? current_time.utc.rfc2822.sub('-0000', 'GMT') : long_date(current_time)
|
|
207
211
|
end
|
|
208
212
|
|
|
209
213
|
|
|
@@ -238,11 +242,11 @@ module Escher
|
|
|
238
242
|
|
|
239
243
|
|
|
240
244
|
|
|
241
|
-
def get_string_to_sign(canonicalized_request)
|
|
245
|
+
def get_string_to_sign(canonicalized_request, current_time)
|
|
242
246
|
[
|
|
243
247
|
@algo_id,
|
|
244
|
-
long_date(
|
|
245
|
-
short_date(
|
|
248
|
+
long_date(current_time),
|
|
249
|
+
short_date(current_time) + '/' + @credential_scope,
|
|
246
250
|
@algo.new.hexdigest(canonicalized_request)
|
|
247
251
|
].join("\n")
|
|
248
252
|
end
|
data/lib/escher/version.rb
CHANGED
|
@@ -35,11 +35,5 @@ module Escher
|
|
|
35
35
|
expect(request).to eq(test_case.expected_request)
|
|
36
36
|
end
|
|
37
37
|
end
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
xspecify "every case in the test suite is being used" do
|
|
41
|
-
expect(::EmarsysTestSuiteHelpers::TestSuite.in_use_size).to eq ::EmarsysTestSuiteHelpers::TestSuite.size
|
|
42
|
-
end
|
|
43
|
-
|
|
44
38
|
end
|
|
45
39
|
end
|
data/spec/escher/auth_spec.rb
CHANGED
|
@@ -101,7 +101,7 @@ module Escher
|
|
|
101
101
|
headers_to_sign = headers.map { |k| k[0].downcase }
|
|
102
102
|
path, query_parts = escher.parse_uri(request_uri)
|
|
103
103
|
canonicalized_request = escher.canonicalize(method, path, query_parts, body, headers, headers_to_sign)
|
|
104
|
-
string_to_sign = escher.get_string_to_sign(canonicalized_request)
|
|
104
|
+
string_to_sign = escher.get_string_to_sign(canonicalized_request, Time.parse(date))
|
|
105
105
|
expect(string_to_sign).to eq(fixture(suite, test, 'sts'))
|
|
106
106
|
end
|
|
107
107
|
end
|
|
@@ -484,7 +484,7 @@ module Escher
|
|
|
484
484
|
|
|
485
485
|
it 'should convert dates' do
|
|
486
486
|
date_str = 'Fri, 09 Sep 2011 23:36:00 GMT'
|
|
487
|
-
expect(described_class.new('irrelevant', date_header_name: 'date', current_time: Time.parse(date_str)).format_date_for_header).to eq date_str
|
|
487
|
+
expect(described_class.new('irrelevant', date_header_name: 'date', current_time: Time.parse(date_str)).format_date_for_header(Time.parse(date_str))).to eq date_str
|
|
488
488
|
end
|
|
489
489
|
|
|
490
490
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: escher
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version:
|
|
4
|
+
version: 2.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Andras Barthazi
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-
|
|
11
|
+
date: 2019-10-18 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|