ey_api_hmac 0.0.16 → 0.0.17

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. data/Gemfile.lock +1 -1
  2. data/lib/ey_api_hmac/sso.rb +1 -0
  3. data/lib/ey_api_hmac/version.rb +1 -1
  4. data/spec/sso_spec.rb +4 -0
  5. metadata +3 -3
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- ey_api_hmac (0.0.15)
4
+ ey_api_hmac (0.0.16)
5
5
  json
6
6
  rack-client
7
7
 
data/lib/ey_api_hmac/sso.rb CHANGED
@@ -17,6 +17,7 @@ module EY
17
17
 
18
18
  def self.authenticated?(url, auth_id, auth_key)
19
19
  uri = URI.parse(url)
20
+ return false unless uri.query
20
21
  query_params = CGI::parse(uri.query)
21
22
  signature = query_params.delete("signature").to_s
22
23
  uri.query = params_to_string(query_params)
data/lib/ey_api_hmac/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module EY
2
2
  module ApiHMAC
3
- VERSION = "0.0.16"
3
+ VERSION = "0.0.17"
4
4
  end
5
5
  end
data/spec/sso_spec.rb CHANGED
@@ -35,6 +35,10 @@ describe EY::ApiHMAC do
35
35
  EY::ApiHMAC::SSO.authenticated?(signed_url + 'a', @auth_id, @auth_key).should be_false
36
36
  end
37
37
 
38
+ it "can verify requests with no query as invalid" do
39
+ EY::ApiHMAC::SSO.authenticated?("http://example.com/sign_test", @auth_id, @auth_key).should be_false
40
+ end
41
+
38
42
  it "catches changes to the url" do
39
43
  signed_url = EY::ApiHMAC::SSO.sign(@url, @parameters, @auth_id, @auth_key)
40
44
  EY::ApiHMAC::SSO.authenticated?(signed_url, @auth_id, @auth_key).should be_true
metadata CHANGED
@@ -1,13 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ey_api_hmac
3
3
  version: !ruby/object:Gem::Version
4
- hash: 63
4
+ hash: 61
5
5
  prerelease:
6
6
  segments:
7
7
  - 0
8
8
  - 0
9
- - 16
10
- version: 0.0.16
9
+ - 17
10
+ version: 0.0.17
11
11
  platform: ruby
12
12
  authors:
13
13
  - "Jacob Burkhart & Thorben Schr\xC3\xB6der & David Calavera & others"