ey-hmac 0.0.3 → 0.0.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/lib/ey-hmac/adapter.rb +14 -1
- data/lib/ey-hmac/version.rb +1 -1
- metadata +2 -2
data/lib/ey-hmac/adapter.rb
CHANGED
@@ -112,7 +112,8 @@ class Ey::Hmac::Adapter
|
|
112
112
|
signature_value = authorization_match[2]
|
113
113
|
|
114
114
|
if key_secret = block.call(key_id)
|
115
|
-
|
115
|
+
calculated_signature = signature(key_secret)
|
116
|
+
if secure_compare(signature_value, calculated_signature)
|
116
117
|
else raise(Ey::Hmac::SignatureMismatch, "Calculated siganature #{signature_value} does not match #{calculated_signature} using #{canonicalize.inspect}")
|
117
118
|
end
|
118
119
|
else raise(Ey::Hmac::MissingSecret, "Failed to find secret matching #{key_id.inspect}")
|
@@ -123,4 +124,16 @@ class Ey::Hmac::Adapter
|
|
123
124
|
true
|
124
125
|
end
|
125
126
|
alias authenticate! authenticated!
|
127
|
+
|
128
|
+
# Constant time string comparison.
|
129
|
+
# pulled from https://github.com/rack/rack/blob/master/lib/rack/utils.rb#L399
|
130
|
+
def secure_compare(a, b)
|
131
|
+
return false unless a.bytesize == b.bytesize
|
132
|
+
|
133
|
+
l = a.unpack("C*")
|
134
|
+
|
135
|
+
r, i = 0, -1
|
136
|
+
b.each_byte { |v| r |= v ^ l[i+=1] }
|
137
|
+
r == 0
|
138
|
+
end
|
126
139
|
end
|
data/lib/ey-hmac/version.rb
CHANGED
metadata
CHANGED
@@ -1,15 +1,15 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: ey-hmac
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.0.4
|
4
5
|
prerelease:
|
5
|
-
version: 0.0.3
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
8
8
|
- Josh Lane & Jason Hansen
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2013-02-
|
12
|
+
date: 2013-02-08 00:00:00.000000000 Z
|
13
13
|
dependencies: []
|
14
14
|
description: Lightweight HMAC signing libraries and middleware for Farday and Rack
|
15
15
|
email:
|