ey-hmac 2.0.2 → 2.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/lib/ey-hmac.rb +1 -0
  3. data/lib/ey-hmac/adapter.rb +10 -0
  4. data/lib/ey-hmac/version.rb +1 -1
  5. data/spec/shared/authenticated.rb +20 -0
  6. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 8fb0c319d78d62b3a2c0dc9f006a806612790afd
4
- data.tar.gz: 394cb290db9772f2846b2643987d1651f20848de
3
+ metadata.gz: 993156b2650af65ee323f3a1f5715c6fff44508d
4
+ data.tar.gz: 464d21118f68dc3513db89c2fcbaff3ddbf677d4
5
5
  SHA512:
6
- metadata.gz: f2a86f65cdfafb683257853c022cfdbfed5aaadd82eb7a602fcc629916553b5db98a2c6a28a85ac06068df176e88ed37fe5e8a0e12fe48bf88e465c1905cfd00
7
- data.tar.gz: 565198e1eb37c1695a9b776d88aa9193d24b64a7b7725bb1310a85db2f8c88196a4bc5d84fc2d90d524a04950d2b4461039ba26f9c5b1e6f02ea23827499444d
6
+ metadata.gz: 16ded2fdf25966104d2dfe09ddfdf19a6a5a1ef6b1e140d9ea6aecb3b721826a288055b106266b56cb2594a31606eaeae49503fa4590b7e779212e5885956b80
7
+ data.tar.gz: 0a3b84006e99a02540e5e4a90f61015d2ad336652f63055f9c1c666e28ff86b11fce45ac86bad23ea7e4da4fffb526b18c0e7cf84eb6f22db78adccdde18c807
data/lib/ey-hmac.rb CHANGED
@@ -12,6 +12,7 @@ module Ey
12
12
  MissingSecret = Class.new(Error)
13
13
  MissingAuthorization = Class.new(Error)
14
14
  SignatureMismatch = Class.new(Error)
15
+ ExpiredHmac = Class.new(Error)
15
16
 
16
17
  autoload :Adapter, "ey-hmac/adapter"
17
18
  autoload :Faraday, "ey-hmac/faraday"
data/lib/ey-hmac/adapter.rb CHANGED
@@ -10,6 +10,7 @@ class Ey::Hmac::Adapter
10
10
 
11
11
  # @param [Object] request signer-specific request implementation
12
12
  # @option options [Integer] :version signature version
13
+ # @option options [Integer] :ttl (nil) duration during which HMAC is valid after signed date
13
14
  # @option options [String] :authorization_header ('Authorization') Authorization header key.
14
15
  # @option options [String] :server ('EyHmac') service name prefixed to {#authorization}. set to {#service}
15
16
  # @option options [Symbol] :sign_with (:sha_256) outgoing signature digest algorithm. See {OpenSSL::Digest#new}
@@ -17,6 +18,7 @@ class Ey::Hmac::Adapter
17
18
  def initialize(request, options={})
18
19
  @request, @options = request, options
19
20
 
21
+ @ttl = options[:ttl]
20
22
  @authorization_header = options[:authorization_header] || 'Authorization'
21
23
  @service = options[:service] || 'EyHmac'
22
24
  @sign_with = options[:sign_with] || :sha256
@@ -121,6 +123,14 @@ class Ey::Hmac::Adapter
121
123
  raise(Ey::Hmac::MissingSecret, "Failed to find secret matching #{key_id.inspect}")
122
124
  end
123
125
 
126
+ unless @ttl.nil?
127
+ expiry = Time.parse(date).to_i + @ttl
128
+ current_time = Time.now.to_i
129
+ unless expiry > current_time
130
+ raise(Ey::Hmac::ExpiredHmac, "Signature has expired passed #{expiry}. Current time is #{current_time}")
131
+ end
132
+ end
133
+
124
134
  calculated_signatures = self.accept_digests.map { |ad| signature(key_secret, ad) }
125
135
 
126
136
  unless calculated_signatures.any? { |cs| secure_compare(signature_value, cs) }
data/lib/ey-hmac/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Ey
2
2
  module Hmac
3
- VERSION = "2.0.2"
3
+ VERSION = "2.1.0"
4
4
  end
5
5
  end
data/spec/shared/authenticated.rb CHANGED
@@ -51,5 +51,25 @@ shared_examples_for "authentication" do
51
51
  end).to be_falsey
52
52
  }.to raise_exception(Ey::Hmac::MissingAuthorization)
53
53
  end
54
+
55
+ context "when the server specifies an HMAC TTL" do
56
+ it "should not authenticate expired hmac" do
57
+ Ey::Hmac.sign!(request, key_id, key_secret, adapter: adapter)
58
+ expect {
59
+ Ey::Hmac.authenticate!(request, adapter: adapter, ttl: 0) do |auth_id|
60
+ (auth_id == key_id) && key_secret
61
+ end
62
+ }.to raise_exception(Ey::Hmac::ExpiredHmac)
63
+ end
64
+
65
+ it "should authenticate non-expired hmac" do
66
+ Ey::Hmac.sign!(request, key_id, key_secret, adapter: adapter)
67
+ expect {
68
+ Ey::Hmac.authenticate!(request, adapter: adapter, ttl: 100) do |auth_id|
69
+ (auth_id == key_id) && key_secret
70
+ end
71
+ }.to_not raise_exception
72
+ end
73
+ end
54
74
  end
55
75
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ey-hmac
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.0.2
4
+ version: 2.1.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Josh Lane & Jason Hansen
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-09-17 00:00:00.000000000 Z
11
+ date: 2015-12-03 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rake
@@ -83,7 +83,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
83
83
  version: '0'
84
84
  requirements: []
85
85
  rubyforge_project:
86
- rubygems_version: 2.4.5
86
+ rubygems_version: 2.4.5.1
87
87
  signing_key:
88
88
  specification_version: 4
89
89
  summary: Lightweight HMAC signing libraries and middleware for Farday and Rack