RubyGems - ey-hmac - Versions diffs - 2.3.0 → 2.4.0 - Mend

ey-hmac 2.3.0 → 2.4.0

Files changed (19) hide show

checksums.yaml +4 -4
data/.github/workflows/codeql-analysis.yml +70 -0
data/.github/workflows/ruby.yml +2 -0
data/.rubocop.yml +31 -0
data/.rubocop_todo.yml +82 -0
data/Gemfile +4 -1
data/Rakefile +3 -1
data/lib/ey-hmac/adapter/faraday.rb +10 -14
data/lib/ey-hmac/adapter/rack.rb +9 -12
data/lib/ey-hmac/adapter.rb +43 -24
data/lib/ey-hmac/faraday.rb +8 -5
data/lib/ey-hmac/rack.rb +4 -1
data/lib/ey-hmac/version.rb +4 -2
data/lib/ey-hmac.rb +94 -93
data/spec/faraday_spec.rb +67 -61
data/spec/rack_spec.rb +47 -42
data/spec/shared/authenticated.rb +30 -28
data/spec/spec_helper.rb +5 -3
metadata +5 -2

data/lib/ey-hmac.rb CHANGED Viewed

@@ -1,101 +1,102 @@
-require "ey-hmac/version"
+# frozen_string_literal: true
+require 'ey-hmac/version'
 require 'base64'
 require 'digest/md5'
 require 'openssl'
 require 'time'
-module Ey
-  module Hmac
-    Error = Class.new(StandardError)
-    MissingSecret        = Class.new(Error)
-    MissingAuthorization = Class.new(Error)
-    SignatureMismatch    = Class.new(Error)
-    ExpiredHmac          = Class.new(Error)
-    autoload :Adapter, "ey-hmac/adapter"
-    autoload :Faraday, "ey-hmac/faraday"
-    autoload :Rack, "ey-hmac/rack"
-    def self.default_adapter=(default_adapter)
-      @default_adapter = default_adapter
-    end
-    def self.default_adapter
-      @default_adapter ||= if defined?(::Rack) || defined?(::Rails)
-                             Ey::Hmac::Adapter::Rack
-                           elsif defined?(::Faraday)
-                             Ey::Hmac::Adapter::Faraday
-                           end
-    end
-    # Signs request by calculating signature and adding it to the specified header
-    # @example
-    #   Ey::Hmac.sign!(env, @key_id, @key_secret)
-    #
-    # @see Ey::Hmac::Adapter#sign!
-    #
-    # @param request [Hash] request environment
-    # @option options [Ey::Hmac::Adapter] :adapter (#{default_adapter}) adapter to sign request with
-    # @option options [Integer] :version (nil) signature version
-    # @option options [String] :authorization_header ('Authorization') Authorization header key.
-    # @option options [String] :service ('EyHmac') service name prefixed to {Ey::Hmac::Adapter#authorization}
-    #
-    # @return [String] authorization signature
-    def self.sign!(request, key_id, key_secret, options={})
-      adapter = options[:adapter] || Ey::Hmac.default_adapter
-      raise ArgumentError, "Missing adapter and Ey::Hmac.default_adapter" unless adapter
-      adapter.new(request, options).sign!(key_id, key_secret)
-    end
-    # @example
-    #   Ey::Hmac.authenticated? do |key_id|
-    #     @consumer = Consumer.where(auth_id: key_id).first
-    #     @consumer && @consumer.auth_key
-    #   end
-    #
-    # @see Ey::Hmac::Adapter#authenticated?
-    # @see Ey::Hmac#authenticate!
-    #
-    # @param request [Hash] request environment
-    # @option options [Ey::Hmac::Adapter] :adapter ({#default_adapter}) adapter to verify request with
-    # @yieldparam key_id [String] public HMAC key
-    #
-    # @return [Boolean] success of authentication
-    def self.authenticated?(request, options={}, &block)
-      adapter = options[:adapter] || Ey::Hmac.default_adapter
-      raise ArgumentError, "Missing adapter and Ey::Hmac.default_adapter" unless adapter
-      adapter.new(request, options).authenticated?(&block)
-    end
-    # Check {Ey::Hmac::Adapter#authorization_signature} against calculated {Ey::Hmac::Adapter#signature}
-    # @example
-    #   Ey::Hmac.authenticate! do |key_id|
-    #     @consumer = Consumer.where(auth_id: key_id).first
-    #     @consumer && @consumer.auth_key
-    #   end
-    #
-    # @see Ey::Hmac::Adapter#authenticate!
-    #
-    # @param request [Hash] request environment
-    # @yieldparam key_id [String] public HMAC key
-    # @option options [Ey::Hmac::Adapter] :adapter ({#default_adapter}) adapter to verify request with
-    #
-    # @raise [SignatureMismatch] if the value of {Ey::Hmac::Adapter#authorization_signature} does not match {Ey::Hmac::Adapter#signature}
-    # @raise [MissingSecret] if the block does not return a private key matching +key_id+
-    # @raise [MissingAuthorization] if the value of {Ey::Hmac::Adapter#authorization_signature} is nil
-    # @return [TrueClass] if authentication was successful
-    def self.authenticate!(request, options={}, &block)
-      adapter = options[:adapter] || Ey::Hmac.default_adapter
-      raise ArgumentError, "Missing adapter and Ey::Hmac.default_adapter" unless adapter
-      adapter.new(request, options).authenticate!(&block)
-    end
+module Ey::Hmac
+  Error = Class.new(StandardError)
+  MissingSecret        = Class.new(Error)
+  MissingAuthorization = Class.new(Error)
+  SignatureMismatch    = Class.new(Error)
+  ExpiredHmac          = Class.new(Error)
+  autoload :Adapter, 'ey-hmac/adapter'
+  autoload :Faraday, 'ey-hmac/faraday'
+  autoload :Rack, 'ey-hmac/rack'
+  def self.default_adapter=(default_adapter)
+    @default_adapter = default_adapter
+  end
+  def self.default_adapter
+    @default_adapter ||= if defined?(::Rack) || defined?(::Rails)
+                           Ey::Hmac::Adapter::Rack
+                         elsif defined?(::Faraday)
+                           Ey::Hmac::Adapter::Faraday
+                         end
+  end
+  # Signs request by calculating signature and adding it to the specified header
+  # @example
+  #   Ey::Hmac.sign!(env, @key_id, @key_secret)
+  #
+  # @see Ey::Hmac::Adapter#sign!
+  #
+  # @param request [Hash] request environment
+  # @option options [Ey::Hmac::Adapter] :adapter (#{default_adapter}) adapter to sign request with
+  # @option options [Integer] :version (nil) signature version
+  # @option options [String] :authorization_header ('Authorization') Authorization header key.
+  # @option options [String] :service ('EyHmac') service name prefixed to {Ey::Hmac::Adapter#authorization}
+  #
+  # @return [String] authorization signature
+  def self.sign!(request, key_id, key_secret, options = {})
+    adapter = options[:adapter] || Ey::Hmac.default_adapter
+    raise ArgumentError, 'Missing adapter and Ey::Hmac.default_adapter' unless adapter
+    adapter.new(request, options).sign!(key_id, key_secret)
+  end
+  # @example
+  #   Ey::Hmac.authenticated? do |key_id|
+  #     @consumer = Consumer.where(auth_id: key_id).first
+  #     @consumer && @consumer.auth_key
+  #   end
+  #
+  # @see Ey::Hmac::Adapter#authenticated?
+  # @see Ey::Hmac#authenticate!
+  #
+  # @param request [Hash] request environment
+  # @option options [Ey::Hmac::Adapter] :adapter ({#default_adapter}) adapter to verify request with
+  # @yieldparam key_id [String] public HMAC key
+  #
+  # @return [Boolean] success of authentication
+  def self.authenticated?(request, options = {}, &block)
+    adapter = options[:adapter] || Ey::Hmac.default_adapter
+    raise ArgumentError, 'Missing adapter and Ey::Hmac.default_adapter' unless adapter
+    adapter.new(request, options).authenticated?(&block)
+  end
+  # Check {Ey::Hmac::Adapter#authorization_signature} against calculated {Ey::Hmac::Adapter#signature}
+  # @example
+  #   Ey::Hmac.authenticate! do |key_id|
+  #     @consumer = Consumer.where(auth_id: key_id).first
+  #     @consumer && @consumer.auth_key
+  #   end
+  #
+  # @see Ey::Hmac::Adapter#authenticate!
+  #
+  # @param request [Hash] request environment
+  # @yieldparam key_id [String] public HMAC key
+  # @option options [Ey::Hmac::Adapter] :adapter ({#default_adapter}) adapter to verify request with
+  #
+  # @raise [SignatureMismatch] if the value of {Ey::Hmac::Adapter#authorization_signature} does not
+  #   match {Ey::Hmac::Adapter#signature}
+  # @raise [MissingSecret] if the block does not return a private key matching +key_id+
+  # @raise [MissingAuthorization] if the value of {Ey::Hmac::Adapter#authorization_signature} is nil
+  # @return [TrueClass] if authentication was successful
+  def self.authenticate!(request, options = {}, &block)
+    adapter = options[:adapter] || Ey::Hmac.default_adapter
+    raise ArgumentError, 'Missing adapter and Ey::Hmac.default_adapter' unless adapter
+    adapter.new(request, options).authenticate!(&block)
   end
 end

data/spec/faraday_spec.rb CHANGED Viewed

@@ -1,20 +1,22 @@
+# frozen_string_literal: true
 require 'spec_helper'
-describe "faraday" do
+describe 'faraday' do
   before(:all) { Bundler.require(:faraday) }
   let!(:key_id)     { SecureRandom.hex(8) }
   let!(:key_secret) { SecureRandom.hex(16) }
-  describe "adapter" do
+  describe 'adapter' do
     let!(:adapter) { Ey::Hmac::Adapter::Faraday }
-    it "signs a multipart post" do
+    it 'signs a multipart post' do
       app = lambda do |env|
         authenticated = Ey::Hmac.authenticate!(env, adapter: Ey::Hmac::Adapter::Rack) do |auth_id|
           (auth_id == key_id) && key_secret
         end
-        [(authenticated ? 200 : 401), {"Content-Type" => "text/plain"}, []]
+        [(authenticated ? 200 : 401), { 'Content-Type' => 'text/plain' }, []]
       end
       require 'ey-hmac/faraday'
@@ -28,113 +30,115 @@ describe "faraday" do
         c.adapter(:rack, app)
       end
-      tempfile = Tempfile.new("hmac")
+      tempfile = Tempfile.new('hmac')
       tempfile.write SecureRandom.hex(512)
       tempfile.close
       expect(
-        connection.post { |req| req.body = {"output" => Faraday::UploadIO.new(tempfile.path, "text/plain")} }.status
+        connection.post { |req| req.body = { 'output' => Faraday::UploadIO.new(tempfile.path, 'text/plain') } }.status
       ).to eq(200)
     end
-    it "signs and reads a request" do
-      request = Faraday::Request.create(:get) { |r|
-        r.path    = "/auth"
-        r.body    = "{1: 2}"
-        r.headers = {"Content-Type" => "application/xml"}
-      }.to_env(
-        Faraday::Connection.new("http://localhost")
+    it 'signs and reads a request' do
+      request = Faraday::Request.create(:get) do |r|
+        r.path    = '/auth'
+        r.body    = '{1: 2}'
+        r.headers = { 'Content-Type' => 'application/xml' }
+      end.to_env(
+        Faraday::Connection.new('http://localhost')
       )
       Ey::Hmac.sign!(request, key_id, key_secret, adapter: adapter)
-      expect(request[:request_headers]['Authorization']).to start_with("EyHmac")
+      expect(request[:request_headers]['Authorization']).to start_with('EyHmac')
       expect(request[:request_headers]['Content-Digest']).to eq(Digest::MD5.hexdigest(request[:body]))
       expect(Time.parse(request[:request_headers]['Date'])).not_to be_nil
       yielded = false
-      expect(Ey::Hmac.authenticated?(request, adapter: adapter) do |key_id|
+      expect(Ey::Hmac).to be_authenticated(request, adapter: adapter) do |key_id|
         expect(key_id).to eq(key_id)
         yielded = true
         key_secret
-      end).to be_truthy
+      end
       expect(yielded).to be_truthy
     end
-    it "does not set Content-Digest if body is nil" do
-      request = Faraday::Request.create(:get) { |r|
-        r.path    = "/auth"
+    it 'does not set Content-Digest if body is nil' do
+      request = Faraday::Request.create(:get) do |r|
+        r.path    = '/auth'
         r.body    = nil
-        r.headers = {"Content-Type" => "application/xml"}
-      }.to_env(
-        Faraday::Connection.new("http://localhost")
+        r.headers = { 'Content-Type' => 'application/xml' }
+      end.to_env(
+        Faraday::Connection.new('http://localhost')
       )
       Ey::Hmac.sign!(request, key_id, key_secret, adapter: adapter)
-      expect(request[:request_headers]['Authorization']).to start_with("EyHmac")
+      expect(request[:request_headers]['Authorization']).to start_with('EyHmac')
       expect(request[:request_headers]).not_to have_key('Content-Digest')
       expect(Time.parse(request[:request_headers]['Date'])).not_to be_nil
       yielded = false
-      expect(Ey::Hmac.authenticated?(request, adapter: adapter) do |key_id|
+      expect(Ey::Hmac).to be_authenticated(request, adapter: adapter) do |key_id|
         expect(key_id).to eq(key_id)
         yielded = true
         key_secret
-      end).to be_truthy
+      end
       expect(yielded).to be_truthy
     end
-    it "does not set Content-Digest if body is empty" do
+    it 'does not set Content-Digest if body is empty' do
       request = Faraday::Request.create(:get) do |r|
-        r.path = "/auth"
-        r.body = ""
-        r.headers = {"Content-Type" => "application/xml"}
-      end.to_env(Faraday::Connection.new("http://localhost"))
+        r.path = '/auth'
+        r.body = ''
+        r.headers = { 'Content-Type' => 'application/xml' }
+      end.to_env(Faraday::Connection.new('http://localhost'))
       Ey::Hmac.sign!(request, key_id, key_secret, adapter: adapter)
-      expect(request[:request_headers]['Authorization']).to        start_with("EyHmac")
+      expect(request[:request_headers]['Authorization']).to        start_with('EyHmac')
       expect(request[:request_headers]).not_to                     have_key('Content-Digest')
-      #expect(Time.parse(request[:request_headers]['Date'])).not_to be_nil
+      # expect(Time.parse(request[:request_headers]['Date'])).not_to be_nil
       yielded = false
-      expect(Ey::Hmac.authenticated?(request, adapter: adapter) do |key_id|
+      expect(Ey::Hmac).to be_authenticated(request, adapter: adapter) do |key_id|
         expect(key_id).to eq(key_id)
         yielded = true
         key_secret
-      end).to be_truthy
+      end
       expect(yielded).to be_truthy
     end
-    context "with a request" do
+    context 'with a request' do
       let!(:request) do
         Faraday::Request.create(:get) do |r|
-          r.path = "/auth"
-          r.body = "{1: 2}"
-          r.headers = {"Content-Type" => "application/xml"}
-        end.to_env(Faraday::Connection.new("http://localhost"))
+          r.path = '/auth'
+          r.body = '{1: 2}'
+          r.headers = { 'Content-Type' => 'application/xml' }
+        end.to_env(Faraday::Connection.new('http://localhost'))
       end
-      include_examples "authentication"
+      include_examples 'authentication'
     end
   end
-  describe "middleware" do
-    it "accepts a SHA1 signature" do
+  describe 'middleware' do
+    it 'accepts a SHA1 signature' do
       require 'ey-hmac/faraday'
       Bundler.require(:rack)
       app = lambda do |env|
-        authenticated = Ey::Hmac.authenticated?(env, accept_digests: :sha1, adapter: Ey::Hmac::Adapter::Rack) do |auth_id|
+        authenticated = Ey::Hmac.authenticated?(env, accept_digests: :sha1,
+                                                     adapter: Ey::Hmac::Adapter::Rack) do |auth_id|
           (auth_id == key_id) && key_secret
         end
-        [(authenticated ? 200 : 401), {"Content-Type" => "text/plain"}, []]
+        [(authenticated ? 200 : 401), { 'Content-Type' => 'text/plain' }, []]
       end
       connection = Faraday.new do |c|
@@ -142,10 +146,10 @@ describe "faraday" do
         c.adapter(:rack, app)
       end
-      expect(connection.get("/resources").status).to eq(200)
+      expect(connection.get('/resources').status).to eq(200)
     end
-    it "accepts a SHA256 signature" do # default
+    it 'accepts a SHA256 signature' do # default
       require 'ey-hmac/faraday'
       Bundler.require(:rack)
@@ -153,7 +157,7 @@ describe "faraday" do
         authenticated = Ey::Hmac.authenticated?(env, adapter: Ey::Hmac::Adapter::Rack) do |auth_id|
           (auth_id == key_id) && key_secret
         end
-        [(authenticated ? 200 : 401), {"Content-Type" => "text/plain"}, []]
+        [(authenticated ? 200 : 401), { 'Content-Type' => 'text/plain' }, []]
       end
       connection = Faraday.new do |c|
@@ -161,18 +165,19 @@ describe "faraday" do
         c.adapter(:rack, app)
       end
-      expect(connection.get("/resources").status).to eq(200)
+      expect(connection.get('/resources').status).to eq(200)
     end
-    it "accepts multiple digest signatures" do # default
+    it 'accepts multiple digest signatures' do # default
       require 'ey-hmac/faraday'
       Bundler.require(:rack)
       app = lambda do |env|
-        authenticated = Ey::Hmac.authenticated?(env, accept_digests: [:sha1, :sha256], adapter: Ey::Hmac::Adapter::Rack) do |auth_id|
+        authenticated = Ey::Hmac.authenticated?(env, accept_digests: %i[sha1 sha256],
+                                                     adapter: Ey::Hmac::Adapter::Rack) do |auth_id|
           (auth_id == key_id) && key_secret
         end
-        [(authenticated ? 200 : 401), {"Content-Type" => "text/plain"}, []]
+        [(authenticated ? 200 : 401), { 'Content-Type' => 'text/plain' }, []]
       end
       connection = Faraday.new do |c|
@@ -180,23 +185,24 @@ describe "faraday" do
         c.adapter(:rack, app)
       end
-      expect(connection.get("/resources").status).to eq(200)
+      expect(connection.get('/resources').status).to eq(200)
     end
-    it "signs empty request" do
+    it 'signs empty request' do
       require 'ey-hmac/faraday'
       Bundler.require(:rack)
-      _key_id, _key_secret = key_id, key_secret
+      outer_key_id = key_id
+      outer_key_secret = key_secret
       app = Rack::Builder.new do
         use Rack::Config do |env|
-          env["CONTENT_TYPE"] ||= "text/html"
+          env['CONTENT_TYPE'] ||= 'text/html'
         end
-        run(lambda {|env|
+        run(lambda { |env|
           authenticated = Ey::Hmac.authenticate!(env, adapter: Ey::Hmac::Adapter::Rack) do |auth_id|
-            (auth_id == _key_id) && _key_secret
+            (auth_id == outer_key_id) && outer_key_secret
           end
-          [(authenticated ? 200 : 401), {"Content-Type" => "text/plain"}, []]
+          [(authenticated ? 200 : 401), { 'Content-Type' => 'text/plain' }, []]
         })
       end
@@ -206,10 +212,10 @@ describe "faraday" do
       end
       expect(connection.get do |req|
-        req.path    = "/resource"
+        req.path    = '/resource'
         req.body    = nil
-        req.params  = {"a" => "1"}
-        req.headers = {"Content-Type" => "application/x-www-form-urlencoded"}
+        req.params  = { 'a' => '1' }
+        req.headers = { 'Content-Type' => 'application/x-www-form-urlencoded' }
       end.status).to eq(200)
     end
   end