ey_api_hmac 0.0.12 → 0.0.13
Sign up to get free protection for your applications and to get access to all the features.
- data/Gemfile.lock +1 -1
- data/lib/ey_api_hmac/sso.rb +14 -1
- data/lib/ey_api_hmac/version.rb +1 -1
- data/spec/sso_spec.rb +13 -0
- metadata +4 -4
data/Gemfile.lock
CHANGED
data/lib/ey_api_hmac/sso.rb
CHANGED
|
@@ -4,7 +4,11 @@ module EY
|
|
|
4
4
|
|
|
5
5
|
def self.sign(url, parameters, auth_id, auth_key)
|
|
6
6
|
uri = URI.parse(url)
|
|
7
|
-
|
|
7
|
+
if uri.query
|
|
8
|
+
extra_params = CGI.parse(uri.query)
|
|
9
|
+
verify_params!(extra_params, parameters)
|
|
10
|
+
parameters.merge!(extra_params)
|
|
11
|
+
end
|
|
8
12
|
uri.query = parameters.sort_by(&:to_s).map {|e| e.map{|str| CGI.escape(str.to_s)}.join '='}.join '&'
|
|
9
13
|
signature = CGI.escape(signature_param(uri.to_s, auth_id, auth_key))
|
|
10
14
|
uri.query += "&signature=#{signature}"
|
|
@@ -22,6 +26,15 @@ module EY
|
|
|
22
26
|
ApiHMAC.auth_string(auth_id, ApiHMAC.base64digest(signed_string, auth_key))
|
|
23
27
|
end
|
|
24
28
|
|
|
29
|
+
private
|
|
30
|
+
|
|
31
|
+
def self.verify_params!(extra_params, parameters)
|
|
32
|
+
illegal_query_params = parameters.keys.map(&:to_s) + ["signature"]
|
|
33
|
+
extra_params.keys.each do |k|
|
|
34
|
+
raise ArgumentError, "Got illegal paramter: '#{k}' in '#{url}'" if illegal_query_params.include?(k.to_s)
|
|
35
|
+
end
|
|
36
|
+
end
|
|
37
|
+
|
|
25
38
|
end
|
|
26
39
|
end
|
|
27
40
|
end
|
data/lib/ey_api_hmac/version.rb
CHANGED
data/spec/sso_spec.rb
CHANGED
|
@@ -49,6 +49,19 @@ describe EY::ApiHMAC do
|
|
|
49
49
|
EY::ApiHMAC::SSO.authenticated?(tampered_url, @auth_id, @auth_key).should be_false
|
|
50
50
|
end
|
|
51
51
|
|
|
52
|
+
it "can sign and verify urls with parameters" do
|
|
53
|
+
url_with_params = "http://example.com/sign_test?baz=bert&stuff=awesome"
|
|
54
|
+
signed_url = EY::ApiHMAC::SSO.sign(url_with_params, @parameters, @auth_id, @auth_key)
|
|
55
|
+
EY::ApiHMAC::SSO.authenticated?(signed_url, @auth_id, @auth_key).should be_true
|
|
56
|
+
end
|
|
57
|
+
|
|
58
|
+
it "raises when the same parameter appears both in query and in arg" do
|
|
59
|
+
url = "http://example.com/sign_test?foo=bar"
|
|
60
|
+
lambda{
|
|
61
|
+
EY::ApiHMAC::SSO.sign(url, @parameters, @auth_id, @auth_key)
|
|
62
|
+
}.should raise_error(/foo/)
|
|
63
|
+
end
|
|
64
|
+
|
|
52
65
|
#TODO: write a test that fails if we skip the CGI.unescape
|
|
53
66
|
|
|
54
67
|
#TODO: provide signature methods
|
metadata
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: ey_api_hmac
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
hash:
|
|
4
|
+
hash: 5
|
|
5
5
|
prerelease:
|
|
6
6
|
segments:
|
|
7
7
|
- 0
|
|
8
8
|
- 0
|
|
9
|
-
-
|
|
10
|
-
version: 0.0.
|
|
9
|
+
- 13
|
|
10
|
+
version: 0.0.13
|
|
11
11
|
platform: ruby
|
|
12
12
|
authors:
|
|
13
13
|
- "Jacob Burkhart & Thorben Schr\xC3\xB6der & David Calavera & others"
|
|
@@ -15,7 +15,7 @@ autorequire:
|
|
|
15
15
|
bindir: bin
|
|
16
16
|
cert_chain: []
|
|
17
17
|
|
|
18
|
-
date: 2011-09-
|
|
18
|
+
date: 2011-09-19 00:00:00 Z
|
|
19
19
|
dependencies:
|
|
20
20
|
- !ruby/object:Gem::Dependency
|
|
21
21
|
name: rack-client
|