ey-hmac 2.1.0 → 2.4.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/.github/workflows/codeql-analysis.yml +70 -0
- data/.github/workflows/ruby.yml +37 -0
- data/.rubocop.yml +31 -0
- data/.rubocop_todo.yml +82 -0
- data/CHANGELOG.md +68 -0
- data/Gemfile +7 -2
- data/Rakefile +3 -1
- data/ey-hmac.gemspec +18 -14
- data/lib/ey-hmac/adapter/faraday.rb +40 -22
- data/lib/ey-hmac/adapter/rack.rb +22 -19
- data/lib/ey-hmac/adapter.rb +74 -34
- data/lib/ey-hmac/faraday.rb +8 -5
- data/lib/ey-hmac/rack.rb +4 -1
- data/lib/ey-hmac/version.rb +4 -2
- data/lib/ey-hmac.rb +94 -95
- data/spec/faraday_spec.rb +70 -68
- data/spec/rack_spec.rb +47 -42
- data/spec/shared/authenticated.rb +30 -28
- data/spec/spec_helper.rb +6 -3
- metadata +24 -21
- data/.travis.yml +0 -7
data/spec/faraday_spec.rb
CHANGED
@@ -1,20 +1,22 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require 'spec_helper'
|
2
4
|
|
3
|
-
describe
|
5
|
+
describe 'faraday' do
|
4
6
|
before(:all) { Bundler.require(:faraday) }
|
5
7
|
|
6
8
|
let!(:key_id) { SecureRandom.hex(8) }
|
7
9
|
let!(:key_secret) { SecureRandom.hex(16) }
|
8
10
|
|
9
|
-
describe
|
11
|
+
describe 'adapter' do
|
10
12
|
let!(:adapter) { Ey::Hmac::Adapter::Faraday }
|
11
13
|
|
12
|
-
it
|
14
|
+
it 'signs a multipart post' do
|
13
15
|
app = lambda do |env|
|
14
16
|
authenticated = Ey::Hmac.authenticate!(env, adapter: Ey::Hmac::Adapter::Rack) do |auth_id|
|
15
17
|
(auth_id == key_id) && key_secret
|
16
18
|
end
|
17
|
-
[(authenticated ? 200 : 401), {
|
19
|
+
[(authenticated ? 200 : 401), { 'Content-Type' => 'text/plain' }, []]
|
18
20
|
end
|
19
21
|
|
20
22
|
require 'ey-hmac/faraday'
|
@@ -28,117 +30,115 @@ describe "faraday" do
|
|
28
30
|
c.adapter(:rack, app)
|
29
31
|
end
|
30
32
|
|
31
|
-
tempfile = Tempfile.new(
|
33
|
+
tempfile = Tempfile.new('hmac')
|
32
34
|
tempfile.write SecureRandom.hex(512)
|
33
35
|
tempfile.close
|
34
36
|
|
35
37
|
expect(
|
36
|
-
connection.post { |req| req.body = {
|
38
|
+
connection.post { |req| req.body = { 'output' => Faraday::UploadIO.new(tempfile.path, 'text/plain') } }.status
|
37
39
|
).to eq(200)
|
38
40
|
end
|
39
41
|
|
40
|
-
it
|
41
|
-
request = Faraday::Request.
|
42
|
-
r.
|
43
|
-
r.
|
44
|
-
r.
|
45
|
-
|
46
|
-
|
47
|
-
Faraday::Connection.new("http://localhost")
|
42
|
+
it 'signs and reads a request' do
|
43
|
+
request = Faraday::Request.create(:get) do |r|
|
44
|
+
r.path = '/auth'
|
45
|
+
r.body = '{1: 2}'
|
46
|
+
r.headers = { 'Content-Type' => 'application/xml' }
|
47
|
+
end.to_env(
|
48
|
+
Faraday::Connection.new('http://localhost')
|
48
49
|
)
|
49
50
|
|
50
51
|
Ey::Hmac.sign!(request, key_id, key_secret, adapter: adapter)
|
51
52
|
|
52
|
-
expect(request[:request_headers]['Authorization']).to
|
53
|
-
expect(request[:request_headers]['Content-Digest']).to
|
53
|
+
expect(request[:request_headers]['Authorization']).to start_with('EyHmac')
|
54
|
+
expect(request[:request_headers]['Content-Digest']).to eq(Digest::MD5.hexdigest(request[:body]))
|
54
55
|
expect(Time.parse(request[:request_headers]['Date'])).not_to be_nil
|
55
56
|
|
56
57
|
yielded = false
|
57
58
|
|
58
|
-
expect(Ey::Hmac.
|
59
|
+
expect(Ey::Hmac).to be_authenticated(request, adapter: adapter) do |key_id|
|
59
60
|
expect(key_id).to eq(key_id)
|
60
61
|
yielded = true
|
61
62
|
key_secret
|
62
|
-
end
|
63
|
+
end
|
63
64
|
|
64
65
|
expect(yielded).to be_truthy
|
65
66
|
end
|
66
67
|
|
67
|
-
it
|
68
|
-
request = Faraday::Request.
|
69
|
-
r.
|
70
|
-
r.path = "/auth"
|
68
|
+
it 'does not set Content-Digest if body is nil' do
|
69
|
+
request = Faraday::Request.create(:get) do |r|
|
70
|
+
r.path = '/auth'
|
71
71
|
r.body = nil
|
72
|
-
r.headers = {
|
73
|
-
|
74
|
-
Faraday::Connection.new(
|
72
|
+
r.headers = { 'Content-Type' => 'application/xml' }
|
73
|
+
end.to_env(
|
74
|
+
Faraday::Connection.new('http://localhost')
|
75
75
|
)
|
76
76
|
|
77
77
|
Ey::Hmac.sign!(request, key_id, key_secret, adapter: adapter)
|
78
78
|
|
79
|
-
expect(request[:request_headers]['Authorization']).to start_with(
|
79
|
+
expect(request[:request_headers]['Authorization']).to start_with('EyHmac')
|
80
80
|
expect(request[:request_headers]).not_to have_key('Content-Digest')
|
81
81
|
expect(Time.parse(request[:request_headers]['Date'])).not_to be_nil
|
82
82
|
|
83
83
|
yielded = false
|
84
84
|
|
85
|
-
expect(Ey::Hmac.
|
85
|
+
expect(Ey::Hmac).to be_authenticated(request, adapter: adapter) do |key_id|
|
86
86
|
expect(key_id).to eq(key_id)
|
87
87
|
yielded = true
|
88
88
|
key_secret
|
89
|
-
end
|
89
|
+
end
|
90
90
|
|
91
91
|
expect(yielded).to be_truthy
|
92
92
|
end
|
93
93
|
|
94
|
-
it
|
95
|
-
request = Faraday::Request.
|
96
|
-
r.
|
97
|
-
r.
|
98
|
-
r.
|
99
|
-
|
100
|
-
end.to_env(Faraday::Connection.new("http://localhost"))
|
94
|
+
it 'does not set Content-Digest if body is empty' do
|
95
|
+
request = Faraday::Request.create(:get) do |r|
|
96
|
+
r.path = '/auth'
|
97
|
+
r.body = ''
|
98
|
+
r.headers = { 'Content-Type' => 'application/xml' }
|
99
|
+
end.to_env(Faraday::Connection.new('http://localhost'))
|
101
100
|
|
102
101
|
Ey::Hmac.sign!(request, key_id, key_secret, adapter: adapter)
|
103
102
|
|
104
|
-
expect(request[:request_headers]['Authorization']).to start_with(
|
103
|
+
expect(request[:request_headers]['Authorization']).to start_with('EyHmac')
|
105
104
|
expect(request[:request_headers]).not_to have_key('Content-Digest')
|
106
|
-
#expect(Time.parse(request[:request_headers]['Date'])).not_to be_nil
|
105
|
+
# expect(Time.parse(request[:request_headers]['Date'])).not_to be_nil
|
107
106
|
|
108
107
|
yielded = false
|
109
108
|
|
110
|
-
expect(Ey::Hmac.
|
109
|
+
expect(Ey::Hmac).to be_authenticated(request, adapter: adapter) do |key_id|
|
111
110
|
expect(key_id).to eq(key_id)
|
112
111
|
yielded = true
|
113
112
|
key_secret
|
114
|
-
end
|
113
|
+
end
|
115
114
|
|
116
115
|
expect(yielded).to be_truthy
|
117
116
|
end
|
118
117
|
|
119
|
-
context
|
118
|
+
context 'with a request' do
|
120
119
|
let!(:request) do
|
121
|
-
Faraday::Request.
|
122
|
-
r.
|
123
|
-
r.
|
124
|
-
r.
|
125
|
-
|
126
|
-
end.to_env(Faraday::Connection.new("http://localhost"))
|
120
|
+
Faraday::Request.create(:get) do |r|
|
121
|
+
r.path = '/auth'
|
122
|
+
r.body = '{1: 2}'
|
123
|
+
r.headers = { 'Content-Type' => 'application/xml' }
|
124
|
+
end.to_env(Faraday::Connection.new('http://localhost'))
|
127
125
|
end
|
128
|
-
|
126
|
+
|
127
|
+
include_examples 'authentication'
|
129
128
|
end
|
130
129
|
end
|
131
130
|
|
132
|
-
describe
|
133
|
-
it
|
131
|
+
describe 'middleware' do
|
132
|
+
it 'accepts a SHA1 signature' do
|
134
133
|
require 'ey-hmac/faraday'
|
135
134
|
Bundler.require(:rack)
|
136
135
|
|
137
136
|
app = lambda do |env|
|
138
|
-
authenticated = Ey::Hmac.authenticated?(env, accept_digests: :sha1,
|
137
|
+
authenticated = Ey::Hmac.authenticated?(env, accept_digests: :sha1,
|
138
|
+
adapter: Ey::Hmac::Adapter::Rack) do |auth_id|
|
139
139
|
(auth_id == key_id) && key_secret
|
140
140
|
end
|
141
|
-
[(authenticated ? 200 : 401), {
|
141
|
+
[(authenticated ? 200 : 401), { 'Content-Type' => 'text/plain' }, []]
|
142
142
|
end
|
143
143
|
|
144
144
|
connection = Faraday.new do |c|
|
@@ -146,10 +146,10 @@ describe "faraday" do
|
|
146
146
|
c.adapter(:rack, app)
|
147
147
|
end
|
148
148
|
|
149
|
-
expect(connection.get(
|
149
|
+
expect(connection.get('/resources').status).to eq(200)
|
150
150
|
end
|
151
151
|
|
152
|
-
it
|
152
|
+
it 'accepts a SHA256 signature' do # default
|
153
153
|
require 'ey-hmac/faraday'
|
154
154
|
Bundler.require(:rack)
|
155
155
|
|
@@ -157,7 +157,7 @@ describe "faraday" do
|
|
157
157
|
authenticated = Ey::Hmac.authenticated?(env, adapter: Ey::Hmac::Adapter::Rack) do |auth_id|
|
158
158
|
(auth_id == key_id) && key_secret
|
159
159
|
end
|
160
|
-
[(authenticated ? 200 : 401), {
|
160
|
+
[(authenticated ? 200 : 401), { 'Content-Type' => 'text/plain' }, []]
|
161
161
|
end
|
162
162
|
|
163
163
|
connection = Faraday.new do |c|
|
@@ -165,18 +165,19 @@ describe "faraday" do
|
|
165
165
|
c.adapter(:rack, app)
|
166
166
|
end
|
167
167
|
|
168
|
-
expect(connection.get(
|
168
|
+
expect(connection.get('/resources').status).to eq(200)
|
169
169
|
end
|
170
170
|
|
171
|
-
it
|
171
|
+
it 'accepts multiple digest signatures' do # default
|
172
172
|
require 'ey-hmac/faraday'
|
173
173
|
Bundler.require(:rack)
|
174
174
|
|
175
175
|
app = lambda do |env|
|
176
|
-
authenticated = Ey::Hmac.authenticated?(env, accept_digests: [
|
176
|
+
authenticated = Ey::Hmac.authenticated?(env, accept_digests: %i[sha1 sha256],
|
177
|
+
adapter: Ey::Hmac::Adapter::Rack) do |auth_id|
|
177
178
|
(auth_id == key_id) && key_secret
|
178
179
|
end
|
179
|
-
[(authenticated ? 200 : 401), {
|
180
|
+
[(authenticated ? 200 : 401), { 'Content-Type' => 'text/plain' }, []]
|
180
181
|
end
|
181
182
|
|
182
183
|
connection = Faraday.new do |c|
|
@@ -184,23 +185,24 @@ describe "faraday" do
|
|
184
185
|
c.adapter(:rack, app)
|
185
186
|
end
|
186
187
|
|
187
|
-
expect(connection.get(
|
188
|
+
expect(connection.get('/resources').status).to eq(200)
|
188
189
|
end
|
189
190
|
|
190
|
-
it
|
191
|
+
it 'signs empty request' do
|
191
192
|
require 'ey-hmac/faraday'
|
192
193
|
Bundler.require(:rack)
|
193
194
|
|
194
|
-
|
195
|
+
outer_key_id = key_id
|
196
|
+
outer_key_secret = key_secret
|
195
197
|
app = Rack::Builder.new do
|
196
198
|
use Rack::Config do |env|
|
197
|
-
env[
|
199
|
+
env['CONTENT_TYPE'] ||= 'text/html'
|
198
200
|
end
|
199
|
-
run(lambda {|env|
|
201
|
+
run(lambda { |env|
|
200
202
|
authenticated = Ey::Hmac.authenticate!(env, adapter: Ey::Hmac::Adapter::Rack) do |auth_id|
|
201
|
-
(auth_id ==
|
203
|
+
(auth_id == outer_key_id) && outer_key_secret
|
202
204
|
end
|
203
|
-
[(authenticated ? 200 : 401), {
|
205
|
+
[(authenticated ? 200 : 401), { 'Content-Type' => 'text/plain' }, []]
|
204
206
|
})
|
205
207
|
end
|
206
208
|
|
@@ -210,10 +212,10 @@ describe "faraday" do
|
|
210
212
|
end
|
211
213
|
|
212
214
|
expect(connection.get do |req|
|
213
|
-
req.path =
|
215
|
+
req.path = '/resource'
|
214
216
|
req.body = nil
|
215
|
-
req.params = {
|
216
|
-
req.headers = {
|
217
|
+
req.params = { 'a' => '1' }
|
218
|
+
req.headers = { 'Content-Type' => 'application/x-www-form-urlencoded' }
|
217
219
|
end.status).to eq(200)
|
218
220
|
end
|
219
221
|
end
|
data/spec/rack_spec.rb
CHANGED
@@ -1,130 +1,135 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require 'spec_helper'
|
2
4
|
require 'securerandom'
|
3
5
|
|
4
|
-
describe
|
6
|
+
describe 'rack' do
|
5
7
|
before(:all) { Bundler.require(:rack) }
|
6
8
|
|
7
9
|
let!(:key_id) { SecureRandom.hex(8) }
|
8
10
|
let!(:key_secret) { SecureRandom.hex(16) }
|
9
11
|
|
10
|
-
describe
|
11
|
-
let(:adapter)
|
12
|
+
describe 'adapter' do
|
13
|
+
let(:adapter) { Ey::Hmac::Adapter::Rack }
|
12
14
|
|
13
|
-
it
|
15
|
+
it 'signs and read request' do
|
14
16
|
request = Rack::Request.new(
|
15
|
-
|
16
|
-
|
17
|
+
'rack.input' => StringIO.new('{1: 2}'),
|
18
|
+
'HTTP_CONTENT_TYPE' => 'application/json'
|
17
19
|
)
|
18
20
|
Ey::Hmac.sign!(request, key_id, key_secret, adapter: adapter)
|
19
21
|
|
20
|
-
expect(request.env['HTTP_AUTHORIZATION']).to start_with(
|
22
|
+
expect(request.env['HTTP_AUTHORIZATION']).to start_with('EyHmac')
|
21
23
|
expect(request.env['HTTP_CONTENT_DIGEST']).to eq(Digest::MD5.hexdigest(request.body.tap(&:rewind).read))
|
22
24
|
expect(Time.parse(request.env['HTTP_DATE'])).not_to be_nil
|
23
25
|
|
24
26
|
yielded = false
|
25
27
|
|
26
|
-
expect(Ey::Hmac.
|
28
|
+
expect(Ey::Hmac).to be_authenticated(request, adapter: adapter) do |key_id|
|
27
29
|
expect(key_id).to eq(key_id)
|
28
30
|
yielded = true
|
29
31
|
key_secret
|
30
|
-
end
|
32
|
+
end
|
31
33
|
|
32
34
|
expect(yielded).to be_truthy
|
33
35
|
end
|
34
36
|
|
35
|
-
it
|
37
|
+
it 'does not set Content-Digest if body is nil' do
|
36
38
|
request = Rack::Request.new(
|
37
|
-
|
39
|
+
'HTTP_CONTENT_TYPE' => 'application/json'
|
38
40
|
)
|
39
41
|
|
40
42
|
Ey::Hmac.sign!(request, key_id, key_secret, adapter: adapter)
|
41
43
|
|
42
|
-
expect(request.env['HTTP_AUTHORIZATION']).to start_with(
|
44
|
+
expect(request.env['HTTP_AUTHORIZATION']).to start_with('EyHmac')
|
43
45
|
expect(request.env).not_to have_key('HTTP_CONTENT_DIGEST')
|
44
46
|
expect(Time.parse(request.env['HTTP_DATE'])).not_to be_nil
|
45
47
|
|
46
48
|
yielded = false
|
47
49
|
|
48
|
-
expect(Ey::Hmac.
|
50
|
+
expect(Ey::Hmac).to be_authenticated(request, adapter: adapter) do |key_id|
|
49
51
|
expect(key_id).to eq(key_id)
|
50
52
|
yielded = true
|
51
53
|
key_secret
|
52
|
-
end
|
54
|
+
end
|
53
55
|
|
54
56
|
expect(yielded).to be_truthy
|
55
57
|
end
|
56
58
|
|
57
|
-
it
|
59
|
+
it 'does not set Content-Digest if body is empty' do
|
58
60
|
request = Rack::Request.new(
|
59
|
-
|
60
|
-
|
61
|
+
'rack.input' => StringIO.new(''),
|
62
|
+
'HTTP_CONTENT_TYPE' => 'application/json'
|
61
63
|
)
|
62
64
|
|
63
65
|
Ey::Hmac.sign!(request, key_id, key_secret, adapter: adapter)
|
64
66
|
|
65
|
-
expect(request.env['HTTP_AUTHORIZATION']).to start_with(
|
67
|
+
expect(request.env['HTTP_AUTHORIZATION']).to start_with('EyHmac')
|
66
68
|
expect(request.env).not_to have_key('HTTP_CONTENT_DIGEST')
|
67
69
|
expect(Time.parse(request.env['HTTP_DATE'])).not_to be_nil
|
68
70
|
|
69
71
|
yielded = false
|
70
72
|
|
71
|
-
expect(Ey::Hmac.
|
73
|
+
expect(Ey::Hmac).to be_authenticated(request, adapter: adapter) do |key_id|
|
72
74
|
expect(key_id).to eq(key_id)
|
73
75
|
yielded = true
|
74
76
|
key_secret
|
75
|
-
end
|
77
|
+
end
|
76
78
|
|
77
79
|
expect(yielded).to be_truthy
|
78
80
|
end
|
79
81
|
|
80
|
-
context
|
81
|
-
let(:request)
|
82
|
+
context 'with a request' do
|
83
|
+
let(:request) do
|
82
84
|
Rack::Request.new(
|
83
|
-
|
84
|
-
|
85
|
+
'rack.input' => StringIO.new('{1: 2}'),
|
86
|
+
'HTTP_CONTENT_TYPE' => 'application/json'
|
85
87
|
)
|
86
|
-
|
88
|
+
end
|
87
89
|
|
88
|
-
include_examples
|
90
|
+
include_examples 'authentication'
|
89
91
|
end
|
90
92
|
end
|
91
93
|
|
92
|
-
describe
|
93
|
-
it
|
94
|
+
describe 'middleware' do
|
95
|
+
it 'accepts a SHA1 signature' do
|
94
96
|
app = lambda do |env|
|
95
|
-
authenticated = Ey::Hmac.authenticated?(env, accept_digests: [
|
97
|
+
authenticated = Ey::Hmac.authenticated?(env, accept_digests: %i[sha1 sha256],
|
98
|
+
adapter: Ey::Hmac::Adapter::Rack) do |auth_id|
|
96
99
|
(auth_id == key_id) && key_secret
|
97
100
|
end
|
98
|
-
[(authenticated ? 200 : 401), {
|
101
|
+
[(authenticated ? 200 : 401), { 'Content-Type' => 'text/plain' }, []]
|
99
102
|
end
|
100
103
|
|
101
|
-
|
104
|
+
outer_key_id = key_id
|
105
|
+
outer_key_secret = key_secret
|
102
106
|
client = Rack::Client.new do
|
103
|
-
use Ey::Hmac::Rack,
|
107
|
+
use Ey::Hmac::Rack, outer_key_id, outer_key_secret, sign_with: :sha1
|
104
108
|
run app
|
105
109
|
end
|
106
110
|
|
107
|
-
expect(client.get(
|
111
|
+
expect(client.get('/resource').status).to eq(200)
|
108
112
|
end
|
109
113
|
|
110
|
-
it
|
114
|
+
it 'accepts a SHA256 signature' do # default
|
111
115
|
app = lambda do |env|
|
112
116
|
authenticated = Ey::Hmac.authenticated?(env, adapter: Ey::Hmac::Adapter::Rack) do |auth_id|
|
113
117
|
(auth_id == key_id) && key_secret
|
114
118
|
end
|
115
|
-
[(authenticated ? 200 : 401), {
|
119
|
+
[(authenticated ? 200 : 401), { 'Content-Type' => 'text/plain' }, []]
|
116
120
|
end
|
117
121
|
|
118
|
-
|
122
|
+
outer_key_id = key_id
|
123
|
+
outer_key_secret = key_secret
|
119
124
|
client = Rack::Client.new do
|
120
|
-
use Ey::Hmac::Rack,
|
125
|
+
use Ey::Hmac::Rack, outer_key_id, outer_key_secret
|
121
126
|
run app
|
122
127
|
end
|
123
128
|
|
124
|
-
expect(client.get(
|
129
|
+
expect(client.get('/resource').status).to eq(200)
|
125
130
|
end
|
126
131
|
|
127
|
-
it
|
132
|
+
it 'accepts multiple digest signatures' do # default
|
128
133
|
require 'ey-hmac/faraday'
|
129
134
|
Bundler.require(:rack)
|
130
135
|
|
@@ -132,15 +137,15 @@ describe "rack" do
|
|
132
137
|
authenticated = Ey::Hmac.authenticated?(env, adapter: Ey::Hmac::Adapter::Rack) do |auth_id|
|
133
138
|
(auth_id == key_id) && key_secret
|
134
139
|
end
|
135
|
-
[(authenticated ? 200 : 401), {
|
140
|
+
[(authenticated ? 200 : 401), { 'Content-Type' => 'text/plain' }, []]
|
136
141
|
end
|
137
142
|
|
138
143
|
connection = Faraday.new do |c|
|
139
|
-
c.use :hmac, key_id, key_secret, digest: [
|
144
|
+
c.use :hmac, key_id, key_secret, digest: %i[sha1 sha256]
|
140
145
|
c.adapter(:rack, app)
|
141
146
|
end
|
142
147
|
|
143
|
-
expect(connection.get(
|
148
|
+
expect(connection.get('/resources').status).to eq(200)
|
144
149
|
end
|
145
150
|
end
|
146
151
|
end
|
@@ -1,74 +1,76 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
shared_examples_for 'authentication' do
|
4
|
+
describe '#authenticated?' do
|
5
|
+
it 'does not authenticate invalid secret' do
|
4
6
|
Ey::Hmac.sign!(request, key_id, "#{key_secret}bad", adapter: adapter)
|
5
7
|
|
6
|
-
expect(Ey::Hmac.
|
8
|
+
expect(Ey::Hmac).not_to be_authenticated(request, adapter: adapter) do |auth_id|
|
7
9
|
(auth_id == key_id) && key_secret
|
8
|
-
end
|
10
|
+
end
|
9
11
|
end
|
10
12
|
|
11
|
-
it
|
13
|
+
it 'does not authenticate invalid id' do
|
12
14
|
Ey::Hmac.sign!(request, "what#{key_id}", key_secret, adapter: adapter)
|
13
15
|
|
14
|
-
expect(Ey::Hmac.
|
16
|
+
expect(Ey::Hmac).not_to be_authenticated(request, adapter: adapter) do |auth_id|
|
15
17
|
(auth_id == key_id) && key_secret
|
16
|
-
end
|
18
|
+
end
|
17
19
|
end
|
18
20
|
|
19
|
-
it
|
20
|
-
expect(Ey::Hmac.
|
21
|
+
it 'does not authenticate missing header' do
|
22
|
+
expect(Ey::Hmac).not_to be_authenticated(request, adapter: adapter) do |auth_id|
|
21
23
|
(auth_id == key_id) && key_secret
|
22
|
-
end
|
24
|
+
end
|
23
25
|
end
|
24
26
|
end
|
25
27
|
|
26
|
-
describe
|
27
|
-
it
|
28
|
+
describe '#authenticate!' do
|
29
|
+
it 'does not authenticate invalid secret' do
|
28
30
|
Ey::Hmac.sign!(request, key_id, "#{key_secret}bad", adapter: adapter)
|
29
31
|
|
30
|
-
expect
|
32
|
+
expect do
|
31
33
|
Ey::Hmac.authenticate!(request, adapter: adapter) do |auth_id|
|
32
34
|
(auth_id == key_id) && key_secret
|
33
35
|
end
|
34
|
-
|
36
|
+
end.to raise_exception(Ey::Hmac::SignatureMismatch)
|
35
37
|
end
|
36
38
|
|
37
|
-
it
|
39
|
+
it 'does not authenticate invalid id' do
|
38
40
|
Ey::Hmac.sign!(request, "what#{key_id}", key_secret, adapter: adapter)
|
39
41
|
|
40
|
-
expect
|
42
|
+
expect do
|
41
43
|
Ey::Hmac.authenticate!(request, adapter: adapter) do |auth_id|
|
42
44
|
(auth_id == key_id) && key_secret
|
43
45
|
end
|
44
|
-
|
46
|
+
end.to raise_exception(Ey::Hmac::MissingSecret)
|
45
47
|
end
|
46
48
|
|
47
|
-
it
|
48
|
-
expect
|
49
|
+
it 'does not authenticate missing header' do
|
50
|
+
expect do
|
49
51
|
expect(Ey::Hmac.authenticate!(request, adapter: adapter) do |auth_id|
|
50
52
|
(auth_id == key_id) && key_secret
|
51
53
|
end).to be_falsey
|
52
|
-
|
54
|
+
end.to raise_exception(Ey::Hmac::MissingAuthorization)
|
53
55
|
end
|
54
56
|
|
55
|
-
context
|
56
|
-
it
|
57
|
+
context 'when the server specifies an HMAC TTL' do
|
58
|
+
it 'does not authenticate expired hmac' do
|
57
59
|
Ey::Hmac.sign!(request, key_id, key_secret, adapter: adapter)
|
58
|
-
expect
|
60
|
+
expect do
|
59
61
|
Ey::Hmac.authenticate!(request, adapter: adapter, ttl: 0) do |auth_id|
|
60
62
|
(auth_id == key_id) && key_secret
|
61
63
|
end
|
62
|
-
|
64
|
+
end.to raise_exception(Ey::Hmac::ExpiredHmac)
|
63
65
|
end
|
64
66
|
|
65
|
-
it
|
67
|
+
it 'authenticates non-expired hmac' do
|
66
68
|
Ey::Hmac.sign!(request, key_id, key_secret, adapter: adapter)
|
67
|
-
expect
|
69
|
+
expect do
|
68
70
|
Ey::Hmac.authenticate!(request, adapter: adapter, ttl: 100) do |auth_id|
|
69
71
|
(auth_id == key_id) && key_secret
|
70
72
|
end
|
71
|
-
|
73
|
+
end.not_to raise_exception
|
72
74
|
end
|
73
75
|
end
|
74
76
|
end
|
data/spec/spec_helper.rb
CHANGED
@@ -1,9 +1,12 @@
|
|
1
|
-
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require File.expand_path('../lib/ey-hmac', __dir__)
|
2
4
|
|
3
5
|
Bundler.require(:test)
|
6
|
+
require 'securerandom'
|
4
7
|
|
5
|
-
Dir[File.expand_path(
|
8
|
+
Dir[File.expand_path('{support,shared}/*.rb', __dir__)].sort.each { |f| require(f) }
|
6
9
|
|
7
10
|
RSpec.configure do |config|
|
8
|
-
config.order =
|
11
|
+
config.order = 'random'
|
9
12
|
end
|