ey-hmac 2.0.2 → 2.3.1

data/spec/rack_spec.rb

@@ -1,130 +1,135 @@
+# frozen_string_literal: true
+
 require 'spec_helper'
 require 'securerandom'
 
-describe "rack" do
+describe 'rack' do
   before(:all) { Bundler.require(:rack) }
 
   let!(:key_id)     { SecureRandom.hex(8) }
   let!(:key_secret) { SecureRandom.hex(16) }
 
-  describe "adapter" do
-    let(:adapter)     { Ey::Hmac::Adapter::Rack }
+  describe 'adapter' do
+    let(:adapter) { Ey::Hmac::Adapter::Rack }
 
-    it "should sign and read request" do
+    it 'signs and read request' do
       request = Rack::Request.new(
-        "rack.input"        => StringIO.new("{1: 2}"),
-        "HTTP_CONTENT_TYPE" => "application/json",
+        'rack.input' => StringIO.new('{1: 2}'),
+        'HTTP_CONTENT_TYPE' => 'application/json'
       )
       Ey::Hmac.sign!(request, key_id, key_secret, adapter: adapter)
 
-      expect(request.env['HTTP_AUTHORIZATION']).to start_with("EyHmac")
+      expect(request.env['HTTP_AUTHORIZATION']).to start_with('EyHmac')
       expect(request.env['HTTP_CONTENT_DIGEST']).to eq(Digest::MD5.hexdigest(request.body.tap(&:rewind).read))
       expect(Time.parse(request.env['HTTP_DATE'])).not_to be_nil
 
       yielded = false
 
-      expect(Ey::Hmac.authenticated?(request, adapter: adapter) do |key_id|
+      expect(Ey::Hmac).to be_authenticated(request, adapter: adapter) do |key_id|
         expect(key_id).to eq(key_id)
         yielded = true
         key_secret
-      end).to be_truthy
+      end
 
       expect(yielded).to be_truthy
     end
 
-    it "should not set Content-Digest if body is nil" do
+    it 'does not set Content-Digest if body is nil' do
       request = Rack::Request.new(
-        "HTTP_CONTENT_TYPE" => "application/json",
+        'HTTP_CONTENT_TYPE' => 'application/json'
       )
 
       Ey::Hmac.sign!(request, key_id, key_secret, adapter: adapter)
 
-      expect(request.env['HTTP_AUTHORIZATION']).to start_with("EyHmac")
+      expect(request.env['HTTP_AUTHORIZATION']).to start_with('EyHmac')
       expect(request.env).not_to have_key('HTTP_CONTENT_DIGEST')
       expect(Time.parse(request.env['HTTP_DATE'])).not_to be_nil
 
       yielded = false
 
-      expect(Ey::Hmac.authenticated?(request, adapter: adapter) do |key_id|
+      expect(Ey::Hmac).to be_authenticated(request, adapter: adapter) do |key_id|
         expect(key_id).to eq(key_id)
         yielded = true
         key_secret
-      end).to be_truthy
+      end
 
       expect(yielded).to be_truthy
     end
 
-    it "should not set Content-Digest if body is empty" do
+    it 'does not set Content-Digest if body is empty' do
       request = Rack::Request.new(
-        "rack.input"        => StringIO.new(""),
-        "HTTP_CONTENT_TYPE" => "application/json",
+        'rack.input' => StringIO.new(''),
+        'HTTP_CONTENT_TYPE' => 'application/json'
       )
 
       Ey::Hmac.sign!(request, key_id, key_secret, adapter: adapter)
 
-      expect(request.env['HTTP_AUTHORIZATION']).to start_with("EyHmac")
+      expect(request.env['HTTP_AUTHORIZATION']).to start_with('EyHmac')
       expect(request.env).not_to have_key('HTTP_CONTENT_DIGEST')
       expect(Time.parse(request.env['HTTP_DATE'])).not_to be_nil
 
       yielded = false
 
-      expect(Ey::Hmac.authenticated?(request, adapter: adapter) do |key_id|
+      expect(Ey::Hmac).to be_authenticated(request, adapter: adapter) do |key_id|
         expect(key_id).to eq(key_id)
         yielded = true
         key_secret
-      end).to be_truthy
+      end
 
       expect(yielded).to be_truthy
     end
 
-    context "with a request" do
-      let(:request) {
+    context 'with a request' do
+      let(:request) do
         Rack::Request.new(
-          "rack.input"        => StringIO.new("{1: 2}"),
-          "HTTP_CONTENT_TYPE" => "application/json",
+          'rack.input' => StringIO.new('{1: 2}'),
+          'HTTP_CONTENT_TYPE' => 'application/json'
         )
-      }
+      end
 
-      include_examples "authentication"
+      include_examples 'authentication'
     end
   end
 
-  describe "middleware" do
-    it "should accept a SHA1 signature" do
+  describe 'middleware' do
+    it 'accepts a SHA1 signature' do
       app = lambda do |env|
-        authenticated = Ey::Hmac.authenticated?(env, accept_digests: [:sha1, :sha256], adapter: Ey::Hmac::Adapter::Rack) do |auth_id|
+        authenticated = Ey::Hmac.authenticated?(env, accept_digests: %i[sha1 sha256],
+                                                     adapter: Ey::Hmac::Adapter::Rack) do |auth_id|
           (auth_id == key_id) && key_secret
         end
-        [(authenticated ? 200 : 401), {"Content-Type" => "text/plain"}, []]
+        [(authenticated ? 200 : 401), { 'Content-Type' => 'text/plain' }, []]
       end
 
-      _key_id, _key_secret = key_id, key_secret
+      outer_key_id = key_id
+      outer_key_secret = key_secret
       client = Rack::Client.new do
-        use Ey::Hmac::Rack, _key_id, _key_secret, sign_with: :sha1
+        use Ey::Hmac::Rack, outer_key_id, outer_key_secret, sign_with: :sha1
         run app
       end
 
-      expect(client.get("/resource").status).to eq(200)
+      expect(client.get('/resource').status).to eq(200)
     end
 
-    it "should accept a SHA256 signature" do # default
+    it 'accepts a SHA256 signature' do # default
       app = lambda do |env|
         authenticated = Ey::Hmac.authenticated?(env, adapter: Ey::Hmac::Adapter::Rack) do |auth_id|
           (auth_id == key_id) && key_secret
         end
-        [(authenticated ? 200 : 401), {"Content-Type" => "text/plain"}, []]
+        [(authenticated ? 200 : 401), { 'Content-Type' => 'text/plain' }, []]
       end
 
-      _key_id, _key_secret = key_id, key_secret
+      outer_key_id = key_id
+      outer_key_secret = key_secret
       client = Rack::Client.new do
-        use Ey::Hmac::Rack, _key_id, _key_secret
+        use Ey::Hmac::Rack, outer_key_id, outer_key_secret
         run app
       end
 
-      expect(client.get("/resource").status).to eq(200)
+      expect(client.get('/resource').status).to eq(200)
     end
 
-    it "should accept multiple digest signatures" do # default
+    it 'accepts multiple digest signatures' do # default
       require 'ey-hmac/faraday'
       Bundler.require(:rack)
 
@@ -132,15 +137,15 @@ describe "rack" do
         authenticated = Ey::Hmac.authenticated?(env, adapter: Ey::Hmac::Adapter::Rack) do |auth_id|
           (auth_id == key_id) && key_secret
         end
-        [(authenticated ? 200 : 401), {"Content-Type" => "text/plain"}, []]
+        [(authenticated ? 200 : 401), { 'Content-Type' => 'text/plain' }, []]
       end
 
       connection = Faraday.new do |c|
-        c.use :hmac, key_id, key_secret, digest: [:sha1, :sha256]
+        c.use :hmac, key_id, key_secret, digest: %i[sha1 sha256]
         c.adapter(:rack, app)
       end
 
-      expect(connection.get("/resources").status).to eq(200)
+      expect(connection.get('/resources').status).to eq(200)
     end
   end
 end

data/spec/shared/authenticated.rb

@@ -1,55 +1,77 @@
-shared_examples_for "authentication" do
-  describe "#authenticated?" do
-    it "should not authenticate invalid secret" do
+# frozen_string_literal: true
+
+shared_examples_for 'authentication' do
+  describe '#authenticated?' do
+    it 'does not authenticate invalid secret' do
       Ey::Hmac.sign!(request, key_id, "#{key_secret}bad", adapter: adapter)
 
-      expect(Ey::Hmac.authenticated?(request, adapter: adapter) do |auth_id|
+      expect(Ey::Hmac).not_to be_authenticated(request, adapter: adapter) do |auth_id|
         (auth_id == key_id) && key_secret
-      end).to be_falsey
+      end
     end
 
-    it "should not authenticate invalid id" do
+    it 'does not authenticate invalid id' do
       Ey::Hmac.sign!(request, "what#{key_id}", key_secret, adapter: adapter)
 
-      expect(Ey::Hmac.authenticated?(request, adapter: adapter) do |auth_id|
+      expect(Ey::Hmac).not_to be_authenticated(request, adapter: adapter) do |auth_id|
         (auth_id == key_id) && key_secret
-      end).to be_falsey
+      end
     end
 
-    it "should not authenticate missing header" do
-      expect(Ey::Hmac.authenticated?(request, adapter: adapter) do |auth_id|
+    it 'does not authenticate missing header' do
+      expect(Ey::Hmac).not_to be_authenticated(request, adapter: adapter) do |auth_id|
         (auth_id == key_id) && key_secret
-      end).to be_falsey
+      end
     end
   end
 
-  describe "#authenticate!" do
-    it "should not authenticate invalid secret" do
+  describe '#authenticate!' do
+    it 'does not authenticate invalid secret' do
       Ey::Hmac.sign!(request, key_id, "#{key_secret}bad", adapter: adapter)
 
-      expect {
+      expect do
         Ey::Hmac.authenticate!(request, adapter: adapter) do |auth_id|
           (auth_id == key_id) && key_secret
         end
-      }.to raise_exception(Ey::Hmac::SignatureMismatch)
+      end.to raise_exception(Ey::Hmac::SignatureMismatch)
     end
 
-    it "should not authenticate invalid id" do
+    it 'does not authenticate invalid id' do
       Ey::Hmac.sign!(request, "what#{key_id}", key_secret, adapter: adapter)
 
-      expect {
+      expect do
         Ey::Hmac.authenticate!(request, adapter: adapter) do |auth_id|
           (auth_id == key_id) && key_secret
         end
-      }.to raise_exception(Ey::Hmac::MissingSecret)
+      end.to raise_exception(Ey::Hmac::MissingSecret)
     end
 
-    it "should not authenticate missing header" do
-      expect {
+    it 'does not authenticate missing header' do
+      expect do
         expect(Ey::Hmac.authenticate!(request, adapter: adapter) do |auth_id|
           (auth_id == key_id) && key_secret
         end).to be_falsey
-      }.to raise_exception(Ey::Hmac::MissingAuthorization)
+      end.to raise_exception(Ey::Hmac::MissingAuthorization)
+    end
+
+    context 'when the server specifies an HMAC TTL' do
+      it 'does not authenticate expired hmac' do
+        Ey::Hmac.sign!(request, key_id, key_secret, adapter: adapter)
+        expect do
+          Ey::Hmac.authenticate!(request, adapter: adapter, ttl: 0) do |auth_id|
+            (auth_id == key_id) && key_secret
+          end
+        end.to raise_exception(Ey::Hmac::ExpiredHmac)
+      end
+
+      it 'authenticates non-expired hmac' do
+        Ey::Hmac.sign!(request, key_id, key_secret, adapter: adapter)
+        expect do
+          Ey::Hmac.authenticate!(request, adapter: adapter, ttl: 100) do |auth_id|
+            (auth_id == key_id) && key_secret
+          end
+        end.not_to raise_exception
+      end
     end
   end
 end

data/spec/spec_helper.rb

@@ -1,9 +1,12 @@
-require File.expand_path("../../lib/ey-hmac", __FILE__)
+# frozen_string_literal: true
+
+require File.expand_path('../lib/ey-hmac', __dir__)
 
 Bundler.require(:test)
+require 'securerandom'
 
-Dir[File.expand_path("../{support,shared}/*.rb", __FILE__)].each{|f| require(f)}
+Dir[File.expand_path('{support,shared}/*.rb', __dir__)].sort.each { |f| require(f) }
 
 RSpec.configure do |config|
-  config.order = "random"
+  config.order = 'random'
 end

metadata

@@ -1,52 +1,56 @@
 --- !ruby/object:Gem::Specification
 name: ey-hmac
 version: !ruby/object:Gem::Version
-  version: 2.0.2
+  version: 2.3.1
 platform: ruby
 authors:
-- Josh Lane & Jason Hansen
-autorequire: 
+- Josh Lane
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2015-09-17 00:00:00.000000000 Z
+date: 2022-02-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: rake
+  name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '2.3'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '2.3'
 - !ruby/object:Gem::Dependency
-  name: bundler
+  name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.3'
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.3'
+        version: '0'
 description: Lightweight HMAC signing libraries and middleware for Farday and Rack
 email:
-- jlane@engineyard.com
+- me@joshualane.com
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/workflows/codeql-analysis.yml"
+- ".github/workflows/ruby.yml"
 - ".gitignore"
-- ".travis.yml"
+- ".rubocop.yml"
+- ".rubocop_todo.yml"
+- CHANGELOG.md
 - Gemfile
 - LICENSE.txt
 - README.md
@@ -67,7 +71,7 @@ homepage: ''
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -75,16 +79,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: '2.5'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.4.5
-signing_key: 
+rubygems_version: 3.1.6
+signing_key:
 specification_version: 4
 summary: Lightweight HMAC signing libraries and middleware for Farday and Rack
 test_files:

data/.travis.yml

@@ -1,7 +0,0 @@
----
-language: ruby
-rvm:
-  - 1.9.3
-  - 2.0.0
-
-script: bundle exec rspec