ey-hmac 2.3.0 → 2.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (19) hide show
  1. checksums.yaml +4 -4
  2. data/.github/workflows/codeql-analysis.yml +70 -0
  3. data/.github/workflows/ruby.yml +2 -0
  4. data/.rubocop.yml +31 -0
  5. data/.rubocop_todo.yml +82 -0
  6. data/Gemfile +4 -1
  7. data/Rakefile +3 -1
  8. data/lib/ey-hmac/adapter/faraday.rb +10 -14
  9. data/lib/ey-hmac/adapter/rack.rb +9 -12
  10. data/lib/ey-hmac/adapter.rb +43 -24
  11. data/lib/ey-hmac/faraday.rb +8 -5
  12. data/lib/ey-hmac/rack.rb +4 -1
  13. data/lib/ey-hmac/version.rb +4 -2
  14. data/lib/ey-hmac.rb +94 -93
  15. data/spec/faraday_spec.rb +67 -61
  16. data/spec/rack_spec.rb +47 -42
  17. data/spec/shared/authenticated.rb +30 -28
  18. data/spec/spec_helper.rb +5 -3
  19. metadata +5 -2
data/spec/rack_spec.rb CHANGED
@@ -1,130 +1,135 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require 'spec_helper'
2
4
  require 'securerandom'
3
5
 
4
- describe "rack" do
6
+ describe 'rack' do
5
7
  before(:all) { Bundler.require(:rack) }
6
8
 
7
9
  let!(:key_id) { SecureRandom.hex(8) }
8
10
  let!(:key_secret) { SecureRandom.hex(16) }
9
11
 
10
- describe "adapter" do
11
- let(:adapter) { Ey::Hmac::Adapter::Rack }
12
+ describe 'adapter' do
13
+ let(:adapter) { Ey::Hmac::Adapter::Rack }
12
14
 
13
- it "should sign and read request" do
15
+ it 'signs and read request' do
14
16
  request = Rack::Request.new(
15
- "rack.input" => StringIO.new("{1: 2}"),
16
- "HTTP_CONTENT_TYPE" => "application/json",
17
+ 'rack.input' => StringIO.new('{1: 2}'),
18
+ 'HTTP_CONTENT_TYPE' => 'application/json'
17
19
  )
18
20
  Ey::Hmac.sign!(request, key_id, key_secret, adapter: adapter)
19
21
 
20
- expect(request.env['HTTP_AUTHORIZATION']).to start_with("EyHmac")
22
+ expect(request.env['HTTP_AUTHORIZATION']).to start_with('EyHmac')
21
23
  expect(request.env['HTTP_CONTENT_DIGEST']).to eq(Digest::MD5.hexdigest(request.body.tap(&:rewind).read))
22
24
  expect(Time.parse(request.env['HTTP_DATE'])).not_to be_nil
23
25
 
24
26
  yielded = false
25
27
 
26
- expect(Ey::Hmac.authenticated?(request, adapter: adapter) do |key_id|
28
+ expect(Ey::Hmac).to be_authenticated(request, adapter: adapter) do |key_id|
27
29
  expect(key_id).to eq(key_id)
28
30
  yielded = true
29
31
  key_secret
30
- end).to be_truthy
32
+ end
31
33
 
32
34
  expect(yielded).to be_truthy
33
35
  end
34
36
 
35
- it "should not set Content-Digest if body is nil" do
37
+ it 'does not set Content-Digest if body is nil' do
36
38
  request = Rack::Request.new(
37
- "HTTP_CONTENT_TYPE" => "application/json",
39
+ 'HTTP_CONTENT_TYPE' => 'application/json'
38
40
  )
39
41
 
40
42
  Ey::Hmac.sign!(request, key_id, key_secret, adapter: adapter)
41
43
 
42
- expect(request.env['HTTP_AUTHORIZATION']).to start_with("EyHmac")
44
+ expect(request.env['HTTP_AUTHORIZATION']).to start_with('EyHmac')
43
45
  expect(request.env).not_to have_key('HTTP_CONTENT_DIGEST')
44
46
  expect(Time.parse(request.env['HTTP_DATE'])).not_to be_nil
45
47
 
46
48
  yielded = false
47
49
 
48
- expect(Ey::Hmac.authenticated?(request, adapter: adapter) do |key_id|
50
+ expect(Ey::Hmac).to be_authenticated(request, adapter: adapter) do |key_id|
49
51
  expect(key_id).to eq(key_id)
50
52
  yielded = true
51
53
  key_secret
52
- end).to be_truthy
54
+ end
53
55
 
54
56
  expect(yielded).to be_truthy
55
57
  end
56
58
 
57
- it "should not set Content-Digest if body is empty" do
59
+ it 'does not set Content-Digest if body is empty' do
58
60
  request = Rack::Request.new(
59
- "rack.input" => StringIO.new(""),
60
- "HTTP_CONTENT_TYPE" => "application/json",
61
+ 'rack.input' => StringIO.new(''),
62
+ 'HTTP_CONTENT_TYPE' => 'application/json'
61
63
  )
62
64
 
63
65
  Ey::Hmac.sign!(request, key_id, key_secret, adapter: adapter)
64
66
 
65
- expect(request.env['HTTP_AUTHORIZATION']).to start_with("EyHmac")
67
+ expect(request.env['HTTP_AUTHORIZATION']).to start_with('EyHmac')
66
68
  expect(request.env).not_to have_key('HTTP_CONTENT_DIGEST')
67
69
  expect(Time.parse(request.env['HTTP_DATE'])).not_to be_nil
68
70
 
69
71
  yielded = false
70
72
 
71
- expect(Ey::Hmac.authenticated?(request, adapter: adapter) do |key_id|
73
+ expect(Ey::Hmac).to be_authenticated(request, adapter: adapter) do |key_id|
72
74
  expect(key_id).to eq(key_id)
73
75
  yielded = true
74
76
  key_secret
75
- end).to be_truthy
77
+ end
76
78
 
77
79
  expect(yielded).to be_truthy
78
80
  end
79
81
 
80
- context "with a request" do
81
- let(:request) {
82
+ context 'with a request' do
83
+ let(:request) do
82
84
  Rack::Request.new(
83
- "rack.input" => StringIO.new("{1: 2}"),
84
- "HTTP_CONTENT_TYPE" => "application/json",
85
+ 'rack.input' => StringIO.new('{1: 2}'),
86
+ 'HTTP_CONTENT_TYPE' => 'application/json'
85
87
  )
86
- }
88
+ end
87
89
 
88
- include_examples "authentication"
90
+ include_examples 'authentication'
89
91
  end
90
92
  end
91
93
 
92
- describe "middleware" do
93
- it "should accept a SHA1 signature" do
94
+ describe 'middleware' do
95
+ it 'accepts a SHA1 signature' do
94
96
  app = lambda do |env|
95
- authenticated = Ey::Hmac.authenticated?(env, accept_digests: [:sha1, :sha256], adapter: Ey::Hmac::Adapter::Rack) do |auth_id|
97
+ authenticated = Ey::Hmac.authenticated?(env, accept_digests: %i[sha1 sha256],
98
+ adapter: Ey::Hmac::Adapter::Rack) do |auth_id|
96
99
  (auth_id == key_id) && key_secret
97
100
  end
98
- [(authenticated ? 200 : 401), {"Content-Type" => "text/plain"}, []]
101
+ [(authenticated ? 200 : 401), { 'Content-Type' => 'text/plain' }, []]
99
102
  end
100
103
 
101
- _key_id, _key_secret = key_id, key_secret
104
+ outer_key_id = key_id
105
+ outer_key_secret = key_secret
102
106
  client = Rack::Client.new do
103
- use Ey::Hmac::Rack, _key_id, _key_secret, sign_with: :sha1
107
+ use Ey::Hmac::Rack, outer_key_id, outer_key_secret, sign_with: :sha1
104
108
  run app
105
109
  end
106
110
 
107
- expect(client.get("/resource").status).to eq(200)
111
+ expect(client.get('/resource').status).to eq(200)
108
112
  end
109
113
 
110
- it "should accept a SHA256 signature" do # default
114
+ it 'accepts a SHA256 signature' do # default
111
115
  app = lambda do |env|
112
116
  authenticated = Ey::Hmac.authenticated?(env, adapter: Ey::Hmac::Adapter::Rack) do |auth_id|
113
117
  (auth_id == key_id) && key_secret
114
118
  end
115
- [(authenticated ? 200 : 401), {"Content-Type" => "text/plain"}, []]
119
+ [(authenticated ? 200 : 401), { 'Content-Type' => 'text/plain' }, []]
116
120
  end
117
121
 
118
- _key_id, _key_secret = key_id, key_secret
122
+ outer_key_id = key_id
123
+ outer_key_secret = key_secret
119
124
  client = Rack::Client.new do
120
- use Ey::Hmac::Rack, _key_id, _key_secret
125
+ use Ey::Hmac::Rack, outer_key_id, outer_key_secret
121
126
  run app
122
127
  end
123
128
 
124
- expect(client.get("/resource").status).to eq(200)
129
+ expect(client.get('/resource').status).to eq(200)
125
130
  end
126
131
 
127
- it "should accept multiple digest signatures" do # default
132
+ it 'accepts multiple digest signatures' do # default
128
133
  require 'ey-hmac/faraday'
129
134
  Bundler.require(:rack)
130
135
 
@@ -132,15 +137,15 @@ describe "rack" do
132
137
  authenticated = Ey::Hmac.authenticated?(env, adapter: Ey::Hmac::Adapter::Rack) do |auth_id|
133
138
  (auth_id == key_id) && key_secret
134
139
  end
135
- [(authenticated ? 200 : 401), {"Content-Type" => "text/plain"}, []]
140
+ [(authenticated ? 200 : 401), { 'Content-Type' => 'text/plain' }, []]
136
141
  end
137
142
 
138
143
  connection = Faraday.new do |c|
139
- c.use :hmac, key_id, key_secret, digest: [:sha1, :sha256]
144
+ c.use :hmac, key_id, key_secret, digest: %i[sha1 sha256]
140
145
  c.adapter(:rack, app)
141
146
  end
142
147
 
143
- expect(connection.get("/resources").status).to eq(200)
148
+ expect(connection.get('/resources').status).to eq(200)
144
149
  end
145
150
  end
146
151
  end
data/spec/shared/authenticated.rb CHANGED
@@ -1,74 +1,76 @@
1
- shared_examples_for "authentication" do
2
- describe "#authenticated?" do
3
- it "should not authenticate invalid secret" do
1
+ # frozen_string_literal: true
2
+
3
+ shared_examples_for 'authentication' do
4
+ describe '#authenticated?' do
5
+ it 'does not authenticate invalid secret' do
4
6
  Ey::Hmac.sign!(request, key_id, "#{key_secret}bad", adapter: adapter)
5
7
 
6
- expect(Ey::Hmac.authenticated?(request, adapter: adapter) do |auth_id|
8
+ expect(Ey::Hmac).not_to be_authenticated(request, adapter: adapter) do |auth_id|
7
9
  (auth_id == key_id) && key_secret
8
- end).to be_falsey
10
+ end
9
11
  end
10
12
 
11
- it "should not authenticate invalid id" do
13
+ it 'does not authenticate invalid id' do
12
14
  Ey::Hmac.sign!(request, "what#{key_id}", key_secret, adapter: adapter)
13
15
 
14
- expect(Ey::Hmac.authenticated?(request, adapter: adapter) do |auth_id|
16
+ expect(Ey::Hmac).not_to be_authenticated(request, adapter: adapter) do |auth_id|
15
17
  (auth_id == key_id) && key_secret
16
- end).to be_falsey
18
+ end
17
19
  end
18
20
 
19
- it "should not authenticate missing header" do
20
- expect(Ey::Hmac.authenticated?(request, adapter: adapter) do |auth_id|
21
+ it 'does not authenticate missing header' do
22
+ expect(Ey::Hmac).not_to be_authenticated(request, adapter: adapter) do |auth_id|
21
23
  (auth_id == key_id) && key_secret
22
- end).to be_falsey
24
+ end
23
25
  end
24
26
  end
25
27
 
26
- describe "#authenticate!" do
27
- it "should not authenticate invalid secret" do
28
+ describe '#authenticate!' do
29
+ it 'does not authenticate invalid secret' do
28
30
  Ey::Hmac.sign!(request, key_id, "#{key_secret}bad", adapter: adapter)
29
31
 
30
- expect {
32
+ expect do
31
33
  Ey::Hmac.authenticate!(request, adapter: adapter) do |auth_id|
32
34
  (auth_id == key_id) && key_secret
33
35
  end
34
- }.to raise_exception(Ey::Hmac::SignatureMismatch)
36
+ end.to raise_exception(Ey::Hmac::SignatureMismatch)
35
37
  end
36
38
 
37
- it "should not authenticate invalid id" do
39
+ it 'does not authenticate invalid id' do
38
40
  Ey::Hmac.sign!(request, "what#{key_id}", key_secret, adapter: adapter)
39
41
 
40
- expect {
42
+ expect do
41
43
  Ey::Hmac.authenticate!(request, adapter: adapter) do |auth_id|
42
44
  (auth_id == key_id) && key_secret
43
45
  end
44
- }.to raise_exception(Ey::Hmac::MissingSecret)
46
+ end.to raise_exception(Ey::Hmac::MissingSecret)
45
47
  end
46
48
 
47
- it "should not authenticate missing header" do
48
- expect {
49
+ it 'does not authenticate missing header' do
50
+ expect do
49
51
  expect(Ey::Hmac.authenticate!(request, adapter: adapter) do |auth_id|
50
52
  (auth_id == key_id) && key_secret
51
53
  end).to be_falsey
52
- }.to raise_exception(Ey::Hmac::MissingAuthorization)
54
+ end.to raise_exception(Ey::Hmac::MissingAuthorization)
53
55
  end
54
56
 
55
- context "when the server specifies an HMAC TTL" do
56
- it "should not authenticate expired hmac" do
57
+ context 'when the server specifies an HMAC TTL' do
58
+ it 'does not authenticate expired hmac' do
57
59
  Ey::Hmac.sign!(request, key_id, key_secret, adapter: adapter)
58
- expect {
60
+ expect do
59
61
  Ey::Hmac.authenticate!(request, adapter: adapter, ttl: 0) do |auth_id|
60
62
  (auth_id == key_id) && key_secret
61
63
  end
62
- }.to raise_exception(Ey::Hmac::ExpiredHmac)
64
+ end.to raise_exception(Ey::Hmac::ExpiredHmac)
63
65
  end
64
66
 
65
- it "should authenticate non-expired hmac" do
67
+ it 'authenticates non-expired hmac' do
66
68
  Ey::Hmac.sign!(request, key_id, key_secret, adapter: adapter)
67
- expect {
69
+ expect do
68
70
  Ey::Hmac.authenticate!(request, adapter: adapter, ttl: 100) do |auth_id|
69
71
  (auth_id == key_id) && key_secret
70
72
  end
71
- }.to_not raise_exception
73
+ end.not_to raise_exception
72
74
  end
73
75
  end
74
76
  end
data/spec/spec_helper.rb CHANGED
@@ -1,10 +1,12 @@
1
- require File.expand_path("../../lib/ey-hmac", __FILE__)
1
+ # frozen_string_literal: true
2
+
3
+ require File.expand_path('../lib/ey-hmac', __dir__)
2
4
 
3
5
  Bundler.require(:test)
4
6
  require 'securerandom'
5
7
 
6
- Dir[File.expand_path("../{support,shared}/*.rb", __FILE__)].each{|f| require(f)}
8
+ Dir[File.expand_path('{support,shared}/*.rb', __dir__)].sort.each { |f| require(f) }
7
9
 
8
10
  RSpec.configure do |config|
9
- config.order = "random"
11
+ config.order = 'random'
10
12
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ey-hmac
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.3.0
4
+ version: 2.4.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Josh Lane
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-02-07 00:00:00.000000000 Z
11
+ date: 2022-02-16 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -45,8 +45,11 @@ executables: []
45
45
  extensions: []
46
46
  extra_rdoc_files: []
47
47
  files:
48
+ - ".github/workflows/codeql-analysis.yml"
48
49
  - ".github/workflows/ruby.yml"
49
50
  - ".gitignore"
51
+ - ".rubocop.yml"
52
+ - ".rubocop_todo.yml"
50
53
  - CHANGELOG.md
51
54
  - Gemfile
52
55
  - LICENSE.txt