escher 1.0.2 → 2.0.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ed681ad1ed9b0e334edab0c608c10beee1ea80f655340a2020853f924a473953
-  data.tar.gz: 5d5674e195e7189d2c6f7e398388a00b6cc759c360cfe5a4a9f0d91f7c2eac6f
+  metadata.gz: f91ee25e50b0311776949593fd31d8d276de81f7c5a1530e205e85c3caa72a60
+  data.tar.gz: 10721eb994568d2ecbebfc38b091157abc444d99ab3e2c67290ba9482ba6fc40
 SHA512:
-  metadata.gz: d8d0d08e443b6bc9aad9d8935b0da925df5a7130c41d1b1c9d7657f36dc7678cdb8bb7199cc456b09bb5f88d61af530eb447889e5b13de37bc677993e14548f0
-  data.tar.gz: 18102fee551348688aa7614ddf065dfbd12fc0d02c9a174c5debbebe743de0a82ad809e8657e0bda773ea5d460ce0055bc0f88e2b2a11476c5ca87bbaa8cb94b
+  metadata.gz: 2af6931a12851430143b67ff12ca921b16d71f301a334c5db68c11fc537777fbedb9d9fd4458e94b0b788c86c7c02c21dca5cf51a4d2d25f2a0f3598ff7f3943
+  data.tar.gz: 5b1ad5329ab153d8d1f1f7ee5d006303d9548b0eb0e0481aa7dd0b72ea2331d673f4f1defe7c73d795124d2d88a7eed8cb063b3193510e66e270dcda8dc69f6b

data/.github/workflows/ruby.yml

@@ -0,0 +1,33 @@
+name: Ruby
+
+on: [push]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        ruby-versions: ['2.6', '2.7', '3.0']
+
+    steps:
+    - uses: actions/checkout@v2
+    - uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: ${{ matrix.ruby-versions }}
+    - name: Checkout testsuite
+      run: ./scripts/checkout_test_suite.sh
+    - name: Install dependencies
+      run: bundle install
+    - name: Run tests
+      run: bundle exec rake
+    - name: Deploy
+      if : github.event_name == 'push' && startsWith(github.ref, 'refs/tags') && matrix.ruby-versions == '3.0'
+      run: |
+          mkdir -p $HOME/.gem
+          touch $HOME/.gem/credentials
+          chmod 0600 $HOME/.gem/credentials
+          printf -- "---\n:rubygems_api_key: ${GEM_HOST_API_KEY}\n" > $HOME/.gem/credentials
+          gem build *.gemspec
+          gem push *.gem
+      env:
+        GEM_HOST_API_KEY: "${{secrets.RUBYGEMS_AUTH_TOKEN}}"

data/escher.gemspec

@@ -20,14 +20,14 @@ Gem::Specification.new do |spec|
 
   spec.required_ruby_version = '>= 1.9'
 
-  spec.add_development_dependency "bundler", "~> 1.6"
+  spec.add_development_dependency "bundler", "~> 2.2.20"
   spec.add_development_dependency "rails"
 
-  spec.add_development_dependency "rake", "~> 10"
-  spec.add_development_dependency "rspec", "~> 2"
+  spec.add_development_dependency "rake", "~> 13.0.6"
+  spec.add_development_dependency "rspec", "~> 3"
 
   spec.add_development_dependency "rack"
   spec.add_development_dependency "plissken"
 
-  spec.add_runtime_dependency "addressable", "~> 2.3"
+  spec.add_runtime_dependency "addressable", "~> 2.8.0"
 end

data/lib/escher/auth.rb

@@ -17,15 +17,17 @@ module Escher
 
 
     def sign!(req, client, headers_to_sign = [])
+      current_time = @current_time || Time.now
+
       headers_to_sign |= [@date_header_name.downcase, 'host']
 
       request = wrap_request req
       raise EscherError, 'The host header is missing' unless request.has_header? 'host'
 
-      request.set_header(@date_header_name.downcase, format_date_for_header) unless request.has_header? @date_header_name
+      request.set_header(@date_header_name.downcase, format_date_for_header(current_time)) unless request.has_header? @date_header_name
 
-      signature = generate_signature(client[:api_secret], request.body, request.headers, request.method, headers_to_sign, request.path, request.query_values)
-      request.set_header(@auth_header_name, "#{@algo_id} Credential=#{client[:api_key_id]}/#{short_date(@current_time)}/#{@credential_scope}, SignedHeaders=#{prepare_headers_to_sign headers_to_sign}, Signature=#{signature}")
+      signature = generate_signature(client[:api_secret], request.body, request.headers, request.method, headers_to_sign, request.path, request.query_values, current_time)
+      request.set_header(@auth_header_name, "#{@algo_id} Credential=#{client[:api_key_id]}/#{short_date(current_time)}/#{@credential_scope}, SignedHeaders=#{prepare_headers_to_sign headers_to_sign}, Signature=#{signature}")
 
       request.request
     end
@@ -36,6 +38,8 @@ module Escher
       begin
         authenticate(*args)
         return true
+      rescue EscherError
+        return false
       rescue
         return false
       end
@@ -44,6 +48,7 @@ module Escher
 
 
     def authenticate(req, key_db, mandatory_signed_headers = nil)
+      current_time = @current_time || Time.now
       request = wrap_request req
       method = request.method
       body = request.body
@@ -80,7 +85,7 @@ module Escher
       raise EscherError, 'The request method is invalid' unless valid_request_method?(method)
       raise EscherError, "The request url shouldn't contains http or https" if path.match /^https?:\/\//
       raise EscherError, 'Invalid date in authorization header, it should equal with date header' unless short_date(date) == short_date
-      raise EscherError, 'The request date is not within the accepted time range' unless is_date_within_range?(date, expires, @current_time || Time.now)
+      raise EscherError, 'The request date is not within the accepted time range' unless is_date_within_range?(date, expires, current_time)
       raise EscherError, 'Invalid Credential Scope' unless credential_scope == @credential_scope
       raise EscherError, 'The mandatorySignedHeaders parameter must be undefined or array of strings' unless mandatory_signed_headers_valid?(mandatory_signed_headers)
       raise EscherError, 'The host header is not signed' unless signed_headers.include? 'host'
@@ -93,7 +98,7 @@ module Escher
       raise EscherError, 'The date header is not signed' if !signature_from_query && !signed_headers.include?(@date_header_name.downcase)
 
       escher = reconfig(algorithm, credential_scope, date)
-      expected_signature = escher.generate_signature(api_secret, body, headers, method, signed_headers, path, query_parts)
+      expected_signature = escher.generate_signature(api_secret, body, headers, method, signed_headers, path, query_parts, date)
       raise EscherError, 'The signatures do not match' unless signature == expected_signature
       api_key_id
     end
@@ -115,6 +120,7 @@ module Escher
 
 
     def generate_signed_url(url_to_sign, client, expires = 86400)
+      current_time = @current_time || Time.now
       uri = Addressable::URI.parse(url_to_sign)
 
       if (not uri.port.nil?) && (uri.port != uri.default_port)
@@ -136,13 +142,13 @@ module Escher
       body = 'UNSIGNED-PAYLOAD'
       query_parts += [
         ['Algorithm', @algo_id],
-        ['Credentials', "#{client[:api_key_id]}/#{short_date(@current_time)}/#{@credential_scope}"],
-        ['Date', long_date(@current_time)],
+        ['Credentials', "#{client[:api_key_id]}/#{short_date(current_time)}/#{@credential_scope}"],
+        ['Date', long_date(current_time)],
         ['Expires', expires.to_s],
         ['SignedHeaders', headers_to_sign.join(';')],
       ].map { |k, v| query_pair(k, v) }
 
-      signature = generate_signature(client[:api_secret], body, headers, 'GET', headers_to_sign, path, query_parts)
+      signature = generate_signature(client[:api_secret], body, headers, 'GET', headers_to_sign, path, query_parts, current_time)
       query_parts_with_signature = (query_parts.map { |k, v| [uri_encode(k), uri_encode(v)] } << query_pair('Signature', signature))
       "#{uri.scheme}://#{host}#{path}?#{query_parts_with_signature.map { |k, v| k + '=' + v }.join('&')}#{(fragment === nil ? '' : '#' + fragment)}"
     end
@@ -188,11 +194,11 @@ module Escher
 
 
 
-    def generate_signature(api_secret, body, headers, method, signed_headers, path, query_parts)
+    def generate_signature(api_secret, body, headers, method, signed_headers, path, query_parts, current_time)
       canonicalized_request = canonicalize(method, path, query_parts, body, headers, signed_headers.uniq)
-      string_to_sign = get_string_to_sign(canonicalized_request)
+      string_to_sign = get_string_to_sign(canonicalized_request, current_time)
 
-      signing_key = OpenSSL::HMAC.digest(@algo, @algo_prefix + api_secret, short_date(@current_time))
+      signing_key = OpenSSL::HMAC.digest(@algo, @algo_prefix + api_secret, short_date(current_time))
       @credential_scope.split('/').each { |data|
         signing_key = OpenSSL::HMAC.digest(@algo, signing_key, data)
       }
@@ -202,8 +208,8 @@ module Escher
 
 
 
-    def format_date_for_header
-      @date_header_name.downcase == 'date' ? @current_time.utc.rfc2822.sub('-0000', 'GMT') : long_date(@current_time)
+    def format_date_for_header(current_time)
+      @date_header_name.downcase == 'date' ? current_time.utc.rfc2822.sub('-0000', 'GMT') : long_date(current_time)
     end
 
 
@@ -238,11 +244,11 @@ module Escher
 
 
 
-    def get_string_to_sign(canonicalized_request)
+    def get_string_to_sign(canonicalized_request, current_time)
       [
         @algo_id,
-        long_date(@current_time),
-        short_date(@current_time) + '/' + @credential_scope,
+        long_date(current_time),
+        short_date(current_time) + '/' + @credential_scope,
         @algo.new.hexdigest(canonicalized_request)
       ].join("\n")
     end

data/lib/escher/version.rb

@@ -1,3 +1,3 @@
 module Escher
-  VERSION = '1.0.2'
+  VERSION = '2.0.5'
 end

data/repo-info.json

@@ -0,0 +1,7 @@
+{
+   "is_in_production": false,
+   "is_scannable": true,
+   "is_critical": false,
+   "contact": "G-GSUITE-Security@emarsys.com",
+   "hosted": null
+}

data/spec/emarsys_test_suite_spec.rb

@@ -35,11 +35,5 @@ module Escher
         expect(request).to eq(test_case.expected_request)
       end
     end
-
-
-    xspecify "every case in the test suite is being used" do
-      expect(::EmarsysTestSuiteHelpers::TestSuite.in_use_size).to eq ::EmarsysTestSuiteHelpers::TestSuite.size
-    end
-
   end
 end

data/spec/escher/auth_spec.rb

@@ -101,7 +101,7 @@ module Escher
           headers_to_sign = headers.map { |k| k[0].downcase }
           path, query_parts = escher.parse_uri(request_uri)
           canonicalized_request = escher.canonicalize(method, path, query_parts, body, headers, headers_to_sign)
-          string_to_sign = escher.get_string_to_sign(canonicalized_request)
+          string_to_sign = escher.get_string_to_sign(canonicalized_request, Time.parse(date))
           expect(string_to_sign).to eq(fixture(suite, test, 'sts'))
         end
       end
@@ -484,7 +484,7 @@ module Escher
 
     it 'should convert dates' do
       date_str = 'Fri, 09 Sep 2011 23:36:00 GMT'
-      expect(described_class.new('irrelevant', date_header_name: 'date', current_time: Time.parse(date_str)).format_date_for_header).to eq date_str
+      expect(described_class.new('irrelevant', date_header_name: 'date', current_time: Time.parse(date_str)).format_date_for_header(Time.parse(date_str))).to eq date_str
     end
 
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: escher
 version: !ruby/object:Gem::Version
-  version: 1.0.2
+  version: 2.0.5
 platform: ruby
 authors:
 - Andras Barthazi
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-07-24 00:00:00.000000000 Z
+date: 2021-09-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.6'
+        version: 2.2.20
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.6'
+        version: 2.2.20
 - !ruby/object:Gem::Dependency
   name: rails
   requirement: !ruby/object:Gem::Requirement
@@ -44,28 +44,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10'
+        version: 13.0.6
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10'
+        version: 13.0.6
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2'
+        version: '3'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2'
+        version: '3'
 - !ruby/object:Gem::Dependency
   name: rack
   requirement: !ruby/object:Gem::Requirement
@@ -100,14 +100,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.3'
+        version: 2.8.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.3'
+        version: 2.8.0
 description: Escher helps you creating secure HTTP requests (for APIs) by signing
   HTTP(s) requests.
 email:
@@ -116,8 +116,8 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/workflows/ruby.yml"
 - ".gitignore"
-- ".travis.yml"
 - Gemfile
 - LICENSE
 - README.md
@@ -135,6 +135,7 @@ files:
 - lib/escher/request/legacy_request.rb
 - lib/escher/request/rack_request.rb
 - lib/escher/version.rb
+- repo-info.json
 - scripts/checkout_test_suite.sh
 - spec/aws4_testsuite/get-header-key-duplicate.authz
 - spec/aws4_testsuite/get-header-key-duplicate.creq
@@ -340,8 +341,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.7
+rubygems_version: 3.2.22
 signing_key: 
 specification_version: 4
 summary: Library for HTTP request signing (Ruby implementation)

data/.travis.yml

@@ -1,13 +0,0 @@
-language: ruby
-rvm:
-  - 2.2.3
-  - 2.3.0
-before_script: ./scripts/checkout_test_suite.sh
-deploy:
-  provider: rubygems
-  api_key: ${RUBYGEMS_API_KEY}
-  gem: escher
-  gemspec: escher.gemspec
-  skip_cleanup: true
-  on:
-    tags: true