ey_api_hmac 0.0.12 → 0.0.13
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/Gemfile.lock +1 -1
- data/lib/ey_api_hmac/sso.rb +14 -1
- data/lib/ey_api_hmac/version.rb +1 -1
- data/spec/sso_spec.rb +13 -0
- metadata +4 -4
data/Gemfile.lock
CHANGED
data/lib/ey_api_hmac/sso.rb
CHANGED
|
@@ -4,7 +4,11 @@ module EY
|
|
|
4
4
|
|
|
5
5
|
def self.sign(url, parameters, auth_id, auth_key)
|
|
6
6
|
uri = URI.parse(url)
|
|
7
|
-
|
|
7
|
+
if uri.query
|
|
8
|
+
extra_params = CGI.parse(uri.query)
|
|
9
|
+
verify_params!(extra_params, parameters)
|
|
10
|
+
parameters.merge!(extra_params)
|
|
11
|
+
end
|
|
8
12
|
uri.query = parameters.sort_by(&:to_s).map {|e| e.map{|str| CGI.escape(str.to_s)}.join '='}.join '&'
|
|
9
13
|
signature = CGI.escape(signature_param(uri.to_s, auth_id, auth_key))
|
|
10
14
|
uri.query += "&signature=#{signature}"
|
|
@@ -22,6 +26,15 @@ module EY
|
|
|
22
26
|
ApiHMAC.auth_string(auth_id, ApiHMAC.base64digest(signed_string, auth_key))
|
|
23
27
|
end
|
|
24
28
|
|
|
29
|
+
private
|
|
30
|
+
|
|
31
|
+
def self.verify_params!(extra_params, parameters)
|
|
32
|
+
illegal_query_params = parameters.keys.map(&:to_s) + ["signature"]
|
|
33
|
+
extra_params.keys.each do |k|
|
|
34
|
+
raise ArgumentError, "Got illegal paramter: '#{k}' in '#{url}'" if illegal_query_params.include?(k.to_s)
|
|
35
|
+
end
|
|
36
|
+
end
|
|
37
|
+
|
|
25
38
|
end
|
|
26
39
|
end
|
|
27
40
|
end
|
data/lib/ey_api_hmac/version.rb
CHANGED
data/spec/sso_spec.rb
CHANGED
|
@@ -49,6 +49,19 @@ describe EY::ApiHMAC do
|
|
|
49
49
|
EY::ApiHMAC::SSO.authenticated?(tampered_url, @auth_id, @auth_key).should be_false
|
|
50
50
|
end
|
|
51
51
|
|
|
52
|
+
it "can sign and verify urls with parameters" do
|
|
53
|
+
url_with_params = "http://example.com/sign_test?baz=bert&stuff=awesome"
|
|
54
|
+
signed_url = EY::ApiHMAC::SSO.sign(url_with_params, @parameters, @auth_id, @auth_key)
|
|
55
|
+
EY::ApiHMAC::SSO.authenticated?(signed_url, @auth_id, @auth_key).should be_true
|
|
56
|
+
end
|
|
57
|
+
|
|
58
|
+
it "raises when the same parameter appears both in query and in arg" do
|
|
59
|
+
url = "http://example.com/sign_test?foo=bar"
|
|
60
|
+
lambda{
|
|
61
|
+
EY::ApiHMAC::SSO.sign(url, @parameters, @auth_id, @auth_key)
|
|
62
|
+
}.should raise_error(/foo/)
|
|
63
|
+
end
|
|
64
|
+
|
|
52
65
|
#TODO: write a test that fails if we skip the CGI.unescape
|
|
53
66
|
|
|
54
67
|
#TODO: provide signature methods
|
metadata
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: ey_api_hmac
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
hash:
|
|
4
|
+
hash: 5
|
|
5
5
|
prerelease:
|
|
6
6
|
segments:
|
|
7
7
|
- 0
|
|
8
8
|
- 0
|
|
9
|
-
-
|
|
10
|
-
version: 0.0.
|
|
9
|
+
- 13
|
|
10
|
+
version: 0.0.13
|
|
11
11
|
platform: ruby
|
|
12
12
|
authors:
|
|
13
13
|
- "Jacob Burkhart & Thorben Schr\xC3\xB6der & David Calavera & others"
|
|
@@ -15,7 +15,7 @@ autorequire:
|
|
|
15
15
|
bindir: bin
|
|
16
16
|
cert_chain: []
|
|
17
17
|
|
|
18
|
-
date: 2011-09-
|
|
18
|
+
date: 2011-09-19 00:00:00 Z
|
|
19
19
|
dependencies:
|
|
20
20
|
- !ruby/object:Gem::Dependency
|
|
21
21
|
name: rack-client
|