escher 1.0.2 → 2.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/escher/auth.rb +20 -16
- data/lib/escher/version.rb +1 -1
- data/spec/emarsys_test_suite_spec.rb +0 -6
- data/spec/escher/auth_spec.rb +2 -2
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 0e9adef418399b017241a5708d72d6534986e864521e207c2e97e540882f9e77
|
|
4
|
+
data.tar.gz: 9a3f0b959bdf4de1ae44a15d611e6210e08239f1cbb30e3a11e61313e0b2d344
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: fbca5bfd946d189c4ce3c86fa1d04eaa186ac286e989c63ab732bd121d0075944ea402f68963eee5ea8be49c447450d322ed39a29be00f4514417942c368003a
|
|
7
|
+
data.tar.gz: 5a8c876bbcaf5128f49e9f6a0e639be263597ebbbf241ef56b67a35e07bb7758a2d32a509d4fd435d66a7eecddadf699775c71e5dd400d98bb193e85c8d4b3b5
|
data/lib/escher/auth.rb
CHANGED
|
@@ -17,15 +17,17 @@ module Escher
|
|
|
17
17
|
|
|
18
18
|
|
|
19
19
|
def sign!(req, client, headers_to_sign = [])
|
|
20
|
+
current_time = @current_time || Time.now
|
|
21
|
+
|
|
20
22
|
headers_to_sign |= [@date_header_name.downcase, 'host']
|
|
21
23
|
|
|
22
24
|
request = wrap_request req
|
|
23
25
|
raise EscherError, 'The host header is missing' unless request.has_header? 'host'
|
|
24
26
|
|
|
25
|
-
request.set_header(@date_header_name.downcase, format_date_for_header) unless request.has_header? @date_header_name
|
|
27
|
+
request.set_header(@date_header_name.downcase, format_date_for_header(current_time)) unless request.has_header? @date_header_name
|
|
26
28
|
|
|
27
|
-
signature = generate_signature(client[:api_secret], request.body, request.headers, request.method, headers_to_sign, request.path, request.query_values)
|
|
28
|
-
request.set_header(@auth_header_name, "#{@algo_id} Credential=#{client[:api_key_id]}/#{short_date(
|
|
29
|
+
signature = generate_signature(client[:api_secret], request.body, request.headers, request.method, headers_to_sign, request.path, request.query_values, current_time)
|
|
30
|
+
request.set_header(@auth_header_name, "#{@algo_id} Credential=#{client[:api_key_id]}/#{short_date(current_time)}/#{@credential_scope}, SignedHeaders=#{prepare_headers_to_sign headers_to_sign}, Signature=#{signature}")
|
|
29
31
|
|
|
30
32
|
request.request
|
|
31
33
|
end
|
|
@@ -44,6 +46,7 @@ module Escher
|
|
|
44
46
|
|
|
45
47
|
|
|
46
48
|
def authenticate(req, key_db, mandatory_signed_headers = nil)
|
|
49
|
+
current_time = @current_time || Time.now
|
|
47
50
|
request = wrap_request req
|
|
48
51
|
method = request.method
|
|
49
52
|
body = request.body
|
|
@@ -80,7 +83,7 @@ module Escher
|
|
|
80
83
|
raise EscherError, 'The request method is invalid' unless valid_request_method?(method)
|
|
81
84
|
raise EscherError, "The request url shouldn't contains http or https" if path.match /^https?:\/\//
|
|
82
85
|
raise EscherError, 'Invalid date in authorization header, it should equal with date header' unless short_date(date) == short_date
|
|
83
|
-
raise EscherError, 'The request date is not within the accepted time range' unless is_date_within_range?(date, expires,
|
|
86
|
+
raise EscherError, 'The request date is not within the accepted time range' unless is_date_within_range?(date, expires, current_time)
|
|
84
87
|
raise EscherError, 'Invalid Credential Scope' unless credential_scope == @credential_scope
|
|
85
88
|
raise EscherError, 'The mandatorySignedHeaders parameter must be undefined or array of strings' unless mandatory_signed_headers_valid?(mandatory_signed_headers)
|
|
86
89
|
raise EscherError, 'The host header is not signed' unless signed_headers.include? 'host'
|
|
@@ -93,7 +96,7 @@ module Escher
|
|
|
93
96
|
raise EscherError, 'The date header is not signed' if !signature_from_query && !signed_headers.include?(@date_header_name.downcase)
|
|
94
97
|
|
|
95
98
|
escher = reconfig(algorithm, credential_scope, date)
|
|
96
|
-
expected_signature = escher.generate_signature(api_secret, body, headers, method, signed_headers, path, query_parts)
|
|
99
|
+
expected_signature = escher.generate_signature(api_secret, body, headers, method, signed_headers, path, query_parts, date)
|
|
97
100
|
raise EscherError, 'The signatures do not match' unless signature == expected_signature
|
|
98
101
|
api_key_id
|
|
99
102
|
end
|
|
@@ -115,6 +118,7 @@ module Escher
|
|
|
115
118
|
|
|
116
119
|
|
|
117
120
|
def generate_signed_url(url_to_sign, client, expires = 86400)
|
|
121
|
+
current_time = @current_time || Time.now
|
|
118
122
|
uri = Addressable::URI.parse(url_to_sign)
|
|
119
123
|
|
|
120
124
|
if (not uri.port.nil?) && (uri.port != uri.default_port)
|
|
@@ -136,13 +140,13 @@ module Escher
|
|
|
136
140
|
body = 'UNSIGNED-PAYLOAD'
|
|
137
141
|
query_parts += [
|
|
138
142
|
['Algorithm', @algo_id],
|
|
139
|
-
['Credentials', "#{client[:api_key_id]}/#{short_date(
|
|
140
|
-
['Date', long_date(
|
|
143
|
+
['Credentials', "#{client[:api_key_id]}/#{short_date(current_time)}/#{@credential_scope}"],
|
|
144
|
+
['Date', long_date(current_time)],
|
|
141
145
|
['Expires', expires.to_s],
|
|
142
146
|
['SignedHeaders', headers_to_sign.join(';')],
|
|
143
147
|
].map { |k, v| query_pair(k, v) }
|
|
144
148
|
|
|
145
|
-
signature = generate_signature(client[:api_secret], body, headers, 'GET', headers_to_sign, path, query_parts)
|
|
149
|
+
signature = generate_signature(client[:api_secret], body, headers, 'GET', headers_to_sign, path, query_parts, current_time)
|
|
146
150
|
query_parts_with_signature = (query_parts.map { |k, v| [uri_encode(k), uri_encode(v)] } << query_pair('Signature', signature))
|
|
147
151
|
"#{uri.scheme}://#{host}#{path}?#{query_parts_with_signature.map { |k, v| k + '=' + v }.join('&')}#{(fragment === nil ? '' : '#' + fragment)}"
|
|
148
152
|
end
|
|
@@ -188,11 +192,11 @@ module Escher
|
|
|
188
192
|
|
|
189
193
|
|
|
190
194
|
|
|
191
|
-
def generate_signature(api_secret, body, headers, method, signed_headers, path, query_parts)
|
|
195
|
+
def generate_signature(api_secret, body, headers, method, signed_headers, path, query_parts, current_time)
|
|
192
196
|
canonicalized_request = canonicalize(method, path, query_parts, body, headers, signed_headers.uniq)
|
|
193
|
-
string_to_sign = get_string_to_sign(canonicalized_request)
|
|
197
|
+
string_to_sign = get_string_to_sign(canonicalized_request, current_time)
|
|
194
198
|
|
|
195
|
-
signing_key = OpenSSL::HMAC.digest(@algo, @algo_prefix + api_secret, short_date(
|
|
199
|
+
signing_key = OpenSSL::HMAC.digest(@algo, @algo_prefix + api_secret, short_date(current_time))
|
|
196
200
|
@credential_scope.split('/').each { |data|
|
|
197
201
|
signing_key = OpenSSL::HMAC.digest(@algo, signing_key, data)
|
|
198
202
|
}
|
|
@@ -202,8 +206,8 @@ module Escher
|
|
|
202
206
|
|
|
203
207
|
|
|
204
208
|
|
|
205
|
-
def format_date_for_header
|
|
206
|
-
@date_header_name.downcase == 'date' ?
|
|
209
|
+
def format_date_for_header(current_time)
|
|
210
|
+
@date_header_name.downcase == 'date' ? current_time.utc.rfc2822.sub('-0000', 'GMT') : long_date(current_time)
|
|
207
211
|
end
|
|
208
212
|
|
|
209
213
|
|
|
@@ -238,11 +242,11 @@ module Escher
|
|
|
238
242
|
|
|
239
243
|
|
|
240
244
|
|
|
241
|
-
def get_string_to_sign(canonicalized_request)
|
|
245
|
+
def get_string_to_sign(canonicalized_request, current_time)
|
|
242
246
|
[
|
|
243
247
|
@algo_id,
|
|
244
|
-
long_date(
|
|
245
|
-
short_date(
|
|
248
|
+
long_date(current_time),
|
|
249
|
+
short_date(current_time) + '/' + @credential_scope,
|
|
246
250
|
@algo.new.hexdigest(canonicalized_request)
|
|
247
251
|
].join("\n")
|
|
248
252
|
end
|
data/lib/escher/version.rb
CHANGED
|
@@ -35,11 +35,5 @@ module Escher
|
|
|
35
35
|
expect(request).to eq(test_case.expected_request)
|
|
36
36
|
end
|
|
37
37
|
end
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
xspecify "every case in the test suite is being used" do
|
|
41
|
-
expect(::EmarsysTestSuiteHelpers::TestSuite.in_use_size).to eq ::EmarsysTestSuiteHelpers::TestSuite.size
|
|
42
|
-
end
|
|
43
|
-
|
|
44
38
|
end
|
|
45
39
|
end
|
data/spec/escher/auth_spec.rb
CHANGED
|
@@ -101,7 +101,7 @@ module Escher
|
|
|
101
101
|
headers_to_sign = headers.map { |k| k[0].downcase }
|
|
102
102
|
path, query_parts = escher.parse_uri(request_uri)
|
|
103
103
|
canonicalized_request = escher.canonicalize(method, path, query_parts, body, headers, headers_to_sign)
|
|
104
|
-
string_to_sign = escher.get_string_to_sign(canonicalized_request)
|
|
104
|
+
string_to_sign = escher.get_string_to_sign(canonicalized_request, Time.parse(date))
|
|
105
105
|
expect(string_to_sign).to eq(fixture(suite, test, 'sts'))
|
|
106
106
|
end
|
|
107
107
|
end
|
|
@@ -484,7 +484,7 @@ module Escher
|
|
|
484
484
|
|
|
485
485
|
it 'should convert dates' do
|
|
486
486
|
date_str = 'Fri, 09 Sep 2011 23:36:00 GMT'
|
|
487
|
-
expect(described_class.new('irrelevant', date_header_name: 'date', current_time: Time.parse(date_str)).format_date_for_header).to eq date_str
|
|
487
|
+
expect(described_class.new('irrelevant', date_header_name: 'date', current_time: Time.parse(date_str)).format_date_for_header(Time.parse(date_str))).to eq date_str
|
|
488
488
|
end
|
|
489
489
|
|
|
490
490
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: escher
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version:
|
|
4
|
+
version: 2.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Andras Barthazi
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-
|
|
11
|
+
date: 2019-10-18 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|