ey_api_hmac 0.0.12 → 0.0.13

Sign up to get free protection for your applications and to get access to all the features.
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- ey_api_hmac (0.0.12.pre)
4
+ ey_api_hmac (0.0.13.pre)
5
5
  json
6
6
  rack-client
7
7
 
@@ -4,7 +4,11 @@ module EY
4
4
 
5
5
  def self.sign(url, parameters, auth_id, auth_key)
6
6
  uri = URI.parse(url)
7
- raise ArgumentError, "use parameters argument, got query: '#{uri.query}'" if uri.query
7
+ if uri.query
8
+ extra_params = CGI.parse(uri.query)
9
+ verify_params!(extra_params, parameters)
10
+ parameters.merge!(extra_params)
11
+ end
8
12
  uri.query = parameters.sort_by(&:to_s).map {|e| e.map{|str| CGI.escape(str.to_s)}.join '='}.join '&'
9
13
  signature = CGI.escape(signature_param(uri.to_s, auth_id, auth_key))
10
14
  uri.query += "&signature=#{signature}"
@@ -22,6 +26,15 @@ module EY
22
26
  ApiHMAC.auth_string(auth_id, ApiHMAC.base64digest(signed_string, auth_key))
23
27
  end
24
28
 
29
+ private
30
+
31
+ def self.verify_params!(extra_params, parameters)
32
+ illegal_query_params = parameters.keys.map(&:to_s) + ["signature"]
33
+ extra_params.keys.each do |k|
34
+ raise ArgumentError, "Got illegal paramter: '#{k}' in '#{url}'" if illegal_query_params.include?(k.to_s)
35
+ end
36
+ end
37
+
25
38
  end
26
39
  end
27
40
  end
@@ -1,5 +1,5 @@
1
1
  module EY
2
2
  module ApiHMAC
3
- VERSION = "0.0.12"
3
+ VERSION = "0.0.13"
4
4
  end
5
5
  end
@@ -49,6 +49,19 @@ describe EY::ApiHMAC do
49
49
  EY::ApiHMAC::SSO.authenticated?(tampered_url, @auth_id, @auth_key).should be_false
50
50
  end
51
51
 
52
+ it "can sign and verify urls with parameters" do
53
+ url_with_params = "http://example.com/sign_test?baz=bert&stuff=awesome"
54
+ signed_url = EY::ApiHMAC::SSO.sign(url_with_params, @parameters, @auth_id, @auth_key)
55
+ EY::ApiHMAC::SSO.authenticated?(signed_url, @auth_id, @auth_key).should be_true
56
+ end
57
+
58
+ it "raises when the same parameter appears both in query and in arg" do
59
+ url = "http://example.com/sign_test?foo=bar"
60
+ lambda{
61
+ EY::ApiHMAC::SSO.sign(url, @parameters, @auth_id, @auth_key)
62
+ }.should raise_error(/foo/)
63
+ end
64
+
52
65
  #TODO: write a test that fails if we skip the CGI.unescape
53
66
 
54
67
  #TODO: provide signature methods
metadata CHANGED
@@ -1,13 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ey_api_hmac
3
3
  version: !ruby/object:Gem::Version
4
- hash: 7
4
+ hash: 5
5
5
  prerelease:
6
6
  segments:
7
7
  - 0
8
8
  - 0
9
- - 12
10
- version: 0.0.12
9
+ - 13
10
+ version: 0.0.13
11
11
  platform: ruby
12
12
  authors:
13
13
  - "Jacob Burkhart & Thorben Schr\xC3\xB6der & David Calavera & others"
@@ -15,7 +15,7 @@ autorequire:
15
15
  bindir: bin
16
16
  cert_chain: []
17
17
 
18
- date: 2011-09-14 00:00:00 Z
18
+ date: 2011-09-19 00:00:00 Z
19
19
  dependencies:
20
20
  - !ruby/object:Gem::Dependency
21
21
  name: rack-client