ey_api_hmac 0.0.17 → 0.0.18

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. data/Gemfile.lock +1 -1
  2. data/lib/ey_api_hmac/sso.rb +17 -4
  3. data/lib/ey_api_hmac/version.rb +1 -1
  4. data/spec/base_connection_spec.rb +1 -1
  5. data/spec/sso_spec.rb +9 -0
  6. metadata +3 -3
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- ey_api_hmac (0.0.16)
4
+ ey_api_hmac (0.0.17)
5
5
  json
6
6
  rack-client
7
7
 
data/lib/ey_api_hmac/sso.rb CHANGED
@@ -18,10 +18,11 @@ module EY
18
18
  def self.authenticated?(url, auth_id, auth_key)
19
19
  uri = URI.parse(url)
20
20
  return false unless uri.query
21
- query_params = CGI::parse(uri.query)
22
- signature = query_params.delete("signature").to_s
21
+ query_params = CGI.parse(uri.query)
22
+ signature = arr_to_string(query_params.delete("signature"))
23
23
  uri.query = params_to_string(query_params)
24
- signature == signature_param(uri.to_s, auth_id, auth_key)
24
+ expected = signature_param(uri.to_s, auth_id, auth_key)
25
+ signature == expected
25
26
  end
26
27
 
27
28
  def self.signature_param(signed_string, auth_id, auth_key)
@@ -30,8 +31,20 @@ module EY
30
31
 
31
32
  private
32
33
 
34
+ def self.arr_to_string(arr)
35
+ if arr.respond_to?(:join)
36
+ arr = arr.join("")
37
+ end
38
+ arr.to_s
39
+ end
40
+
33
41
  def self.params_to_string(parameters)
34
- parameters.sort_by(&:to_s).map {|e| e.map{|str| CGI.escape(str.to_s)}.join '='}.join '&'
42
+ result = parameters.sort_by(&:to_s).map do |e|
43
+ e.map do |str|
44
+ CGI.escape(arr_to_string(str))
45
+ end.join '='
46
+ end.join '&'
47
+ result
35
48
  end
36
49
 
37
50
  def self.verify_params!(url, extra_params, parameters)
data/lib/ey_api_hmac/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module EY
2
2
  module ApiHMAC
3
- VERSION = "0.0.17"
3
+ VERSION = "0.0.18"
4
4
  end
5
5
  end
data/spec/base_connection_spec.rb CHANGED
@@ -9,7 +9,7 @@ describe EY::ApiHMAC::BaseConnection do
9
9
  describe "on 500" do
10
10
  before do
11
11
  @connection.backend = lambda do |env|
12
- ["500", {}, ""]
12
+ ["500", {}, [""]]
13
13
  end
14
14
  end
15
15
  it "raises an error" do
data/spec/sso_spec.rb CHANGED
@@ -66,6 +66,15 @@ describe EY::ApiHMAC do
66
66
  }.should raise_error(/foo/)
67
67
  end
68
68
 
69
+ it "verifies this random real-world use case" do
70
+ auth_id = "676f8731f9d3bfd0"
71
+ auth_key = "b7c65a18f6955d58f06a439fb881d1565c17e840999500f2aed6859144de5bac4d1a670119c9b7a9"
72
+
73
+ url = "http://ec2-107-22-254-37.compute-1.amazonaws.com/eyintegration/sso/customers/1?access_level=owner&ey_return_to_url=https%3A%2F%2Fcloud.engineyard.com%2Faccounts%2F10398%2Fservices&ey_user_id=10133&ey_user_name=Jacob+Chronatog-Demo+Burkhart&timestamp=2011-10-07T23%3A15%3A50%2B00%3A00&signature=AuthHMAC+676f8731f9d3bfd0%3AnvsCICd%2F00dvFCpJYfvI9LTl81s%3D"
74
+
75
+ EY::ApiHMAC::SSO.authenticated?(url, auth_id, auth_key).should be_true
76
+ end
77
+
69
78
  #TODO: write a test that fails if we skip the CGI.unescape
70
79
 
71
80
  #TODO: provide signature methods
metadata CHANGED
@@ -1,13 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ey_api_hmac
3
3
  version: !ruby/object:Gem::Version
4
- hash: 61
4
+ hash: 59
5
5
  prerelease:
6
6
  segments:
7
7
  - 0
8
8
  - 0
9
- - 17
10
- version: 0.0.17
9
+ - 18
10
+ version: 0.0.18
11
11
  platform: ruby
12
12
  authors:
13
13
  - "Jacob Burkhart & Thorben Schr\xC3\xB6der & David Calavera & others"