ey-hmac 2.0.2 → 2.1.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/lib/ey-hmac.rb +1 -0
  3. data/lib/ey-hmac/adapter.rb +10 -0
  4. data/lib/ey-hmac/version.rb +1 -1
  5. data/spec/shared/authenticated.rb +20 -0
  6. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 8fb0c319d78d62b3a2c0dc9f006a806612790afd
4
- data.tar.gz: 394cb290db9772f2846b2643987d1651f20848de
3
+ metadata.gz: 993156b2650af65ee323f3a1f5715c6fff44508d
4
+ data.tar.gz: 464d21118f68dc3513db89c2fcbaff3ddbf677d4
5
5
  SHA512:
6
- metadata.gz: f2a86f65cdfafb683257853c022cfdbfed5aaadd82eb7a602fcc629916553b5db98a2c6a28a85ac06068df176e88ed37fe5e8a0e12fe48bf88e465c1905cfd00
7
- data.tar.gz: 565198e1eb37c1695a9b776d88aa9193d24b64a7b7725bb1310a85db2f8c88196a4bc5d84fc2d90d524a04950d2b4461039ba26f9c5b1e6f02ea23827499444d
6
+ metadata.gz: 16ded2fdf25966104d2dfe09ddfdf19a6a5a1ef6b1e140d9ea6aecb3b721826a288055b106266b56cb2594a31606eaeae49503fa4590b7e779212e5885956b80
7
+ data.tar.gz: 0a3b84006e99a02540e5e4a90f61015d2ad336652f63055f9c1c666e28ff86b11fce45ac86bad23ea7e4da4fffb526b18c0e7cf84eb6f22db78adccdde18c807
data/lib/ey-hmac.rb CHANGED
@@ -12,6 +12,7 @@ module Ey
12
12
  MissingSecret = Class.new(Error)
13
13
  MissingAuthorization = Class.new(Error)
14
14
  SignatureMismatch = Class.new(Error)
15
+ ExpiredHmac = Class.new(Error)
15
16
 
16
17
  autoload :Adapter, "ey-hmac/adapter"
17
18
  autoload :Faraday, "ey-hmac/faraday"
data/lib/ey-hmac/adapter.rb CHANGED
@@ -10,6 +10,7 @@ class Ey::Hmac::Adapter
10
10
 
11
11
  # @param [Object] request signer-specific request implementation
12
12
  # @option options [Integer] :version signature version
13
+ # @option options [Integer] :ttl (nil) duration during which HMAC is valid after signed date
13
14
  # @option options [String] :authorization_header ('Authorization') Authorization header key.
14
15
  # @option options [String] :server ('EyHmac') service name prefixed to {#authorization}. set to {#service}
15
16
  # @option options [Symbol] :sign_with (:sha_256) outgoing signature digest algorithm. See {OpenSSL::Digest#new}
@@ -17,6 +18,7 @@ class Ey::Hmac::Adapter
17
18
  def initialize(request, options={})
18
19
  @request, @options = request, options
19
20
 
21
+ @ttl = options[:ttl]
20
22
  @authorization_header = options[:authorization_header] || 'Authorization'
21
23
  @service = options[:service] || 'EyHmac'
22
24
  @sign_with = options[:sign_with] || :sha256
@@ -121,6 +123,14 @@ class Ey::Hmac::Adapter
121
123
  raise(Ey::Hmac::MissingSecret, "Failed to find secret matching #{key_id.inspect}")
122
124
  end
123
125
 
126
+ unless @ttl.nil?
127
+ expiry = Time.parse(date).to_i + @ttl
128
+ current_time = Time.now.to_i
129
+ unless expiry > current_time
130
+ raise(Ey::Hmac::ExpiredHmac, "Signature has expired passed #{expiry}. Current time is #{current_time}")
131
+ end
132
+ end
133
+
124
134
  calculated_signatures = self.accept_digests.map { |ad| signature(key_secret, ad) }
125
135
 
126
136
  unless calculated_signatures.any? { |cs| secure_compare(signature_value, cs) }
data/lib/ey-hmac/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Ey
2
2
  module Hmac
3
- VERSION = "2.0.2"
3
+ VERSION = "2.1.0"
4
4
  end
5
5
  end
data/spec/shared/authenticated.rb CHANGED
@@ -51,5 +51,25 @@ shared_examples_for "authentication" do
51
51
  end).to be_falsey
52
52
  }.to raise_exception(Ey::Hmac::MissingAuthorization)
53
53
  end
54
+
55
+ context "when the server specifies an HMAC TTL" do
56
+ it "should not authenticate expired hmac" do
57
+ Ey::Hmac.sign!(request, key_id, key_secret, adapter: adapter)
58
+ expect {
59
+ Ey::Hmac.authenticate!(request, adapter: adapter, ttl: 0) do |auth_id|
60
+ (auth_id == key_id) && key_secret
61
+ end
62
+ }.to raise_exception(Ey::Hmac::ExpiredHmac)
63
+ end
64
+
65
+ it "should authenticate non-expired hmac" do
66
+ Ey::Hmac.sign!(request, key_id, key_secret, adapter: adapter)
67
+ expect {
68
+ Ey::Hmac.authenticate!(request, adapter: adapter, ttl: 100) do |auth_id|
69
+ (auth_id == key_id) && key_secret
70
+ end
71
+ }.to_not raise_exception
72
+ end
73
+ end
54
74
  end
55
75
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ey-hmac
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.0.2
4
+ version: 2.1.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Josh Lane & Jason Hansen
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-09-17 00:00:00.000000000 Z
11
+ date: 2015-12-03 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rake
@@ -83,7 +83,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
83
83
  version: '0'
84
84
  requirements: []
85
85
  rubyforge_project:
86
- rubygems_version: 2.4.5
86
+ rubygems_version: 2.4.5.1
87
87
  signing_key:
88
88
  specification_version: 4
89
89
  summary: Lightweight HMAC signing libraries and middleware for Farday and Rack