ey-hmac 0.0.3 → 0.0.4
Sign up to get free protection for your applications and to get access to all the features.
- data/lib/ey-hmac/adapter.rb +14 -1
- data/lib/ey-hmac/version.rb +1 -1
- metadata +2 -2
data/lib/ey-hmac/adapter.rb
CHANGED
|
@@ -112,7 +112,8 @@ class Ey::Hmac::Adapter
|
|
|
112
112
|
signature_value = authorization_match[2]
|
|
113
113
|
|
|
114
114
|
if key_secret = block.call(key_id)
|
|
115
|
-
|
|
115
|
+
calculated_signature = signature(key_secret)
|
|
116
|
+
if secure_compare(signature_value, calculated_signature)
|
|
116
117
|
else raise(Ey::Hmac::SignatureMismatch, "Calculated siganature #{signature_value} does not match #{calculated_signature} using #{canonicalize.inspect}")
|
|
117
118
|
end
|
|
118
119
|
else raise(Ey::Hmac::MissingSecret, "Failed to find secret matching #{key_id.inspect}")
|
|
@@ -123,4 +124,16 @@ class Ey::Hmac::Adapter
|
|
|
123
124
|
true
|
|
124
125
|
end
|
|
125
126
|
alias authenticate! authenticated!
|
|
127
|
+
|
|
128
|
+
# Constant time string comparison.
|
|
129
|
+
# pulled from https://github.com/rack/rack/blob/master/lib/rack/utils.rb#L399
|
|
130
|
+
def secure_compare(a, b)
|
|
131
|
+
return false unless a.bytesize == b.bytesize
|
|
132
|
+
|
|
133
|
+
l = a.unpack("C*")
|
|
134
|
+
|
|
135
|
+
r, i = 0, -1
|
|
136
|
+
b.each_byte { |v| r |= v ^ l[i+=1] }
|
|
137
|
+
r == 0
|
|
138
|
+
end
|
|
126
139
|
end
|
data/lib/ey-hmac/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,15 +1,15 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: ey-hmac
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
+
version: 0.0.4
|
|
4
5
|
prerelease:
|
|
5
|
-
version: 0.0.3
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
8
8
|
- Josh Lane & Jason Hansen
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2013-02-
|
|
12
|
+
date: 2013-02-08 00:00:00.000000000 Z
|
|
13
13
|
dependencies: []
|
|
14
14
|
description: Lightweight HMAC signing libraries and middleware for Farday and Rack
|
|
15
15
|
email:
|