ey_api_hmac 0.0.17 → 0.0.18

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. data/Gemfile.lock +1 -1
  2. data/lib/ey_api_hmac/sso.rb +17 -4
  3. data/lib/ey_api_hmac/version.rb +1 -1
  4. data/spec/base_connection_spec.rb +1 -1
  5. data/spec/sso_spec.rb +9 -0
  6. metadata +3 -3
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- ey_api_hmac (0.0.16)
4
+ ey_api_hmac (0.0.17)
5
5
  json
6
6
  rack-client
7
7
 
data/lib/ey_api_hmac/sso.rb CHANGED
@@ -18,10 +18,11 @@ module EY
18
18
  def self.authenticated?(url, auth_id, auth_key)
19
19
  uri = URI.parse(url)
20
20
  return false unless uri.query
21
- query_params = CGI::parse(uri.query)
22
- signature = query_params.delete("signature").to_s
21
+ query_params = CGI.parse(uri.query)
22
+ signature = arr_to_string(query_params.delete("signature"))
23
23
  uri.query = params_to_string(query_params)
24
- signature == signature_param(uri.to_s, auth_id, auth_key)
24
+ expected = signature_param(uri.to_s, auth_id, auth_key)
25
+ signature == expected
25
26
  end
26
27
 
27
28
  def self.signature_param(signed_string, auth_id, auth_key)
@@ -30,8 +31,20 @@ module EY
30
31
 
31
32
  private
32
33
 
34
+ def self.arr_to_string(arr)
35
+ if arr.respond_to?(:join)
36
+ arr = arr.join("")
37
+ end
38
+ arr.to_s
39
+ end
40
+
33
41
  def self.params_to_string(parameters)
34
- parameters.sort_by(&:to_s).map {|e| e.map{|str| CGI.escape(str.to_s)}.join '='}.join '&'
42
+ result = parameters.sort_by(&:to_s).map do |e|
43
+ e.map do |str|
44
+ CGI.escape(arr_to_string(str))
45
+ end.join '='
46
+ end.join '&'
47
+ result
35
48
  end
36
49
 
37
50
  def self.verify_params!(url, extra_params, parameters)
data/lib/ey_api_hmac/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module EY
2
2
  module ApiHMAC
3
- VERSION = "0.0.17"
3
+ VERSION = "0.0.18"
4
4
  end
5
5
  end
data/spec/base_connection_spec.rb CHANGED
@@ -9,7 +9,7 @@ describe EY::ApiHMAC::BaseConnection do
9
9
  describe "on 500" do
10
10
  before do
11
11
  @connection.backend = lambda do |env|
12
- ["500", {}, ""]
12
+ ["500", {}, [""]]
13
13
  end
14
14
  end
15
15
  it "raises an error" do
data/spec/sso_spec.rb CHANGED
@@ -66,6 +66,15 @@ describe EY::ApiHMAC do
66
66
  }.should raise_error(/foo/)
67
67
  end
68
68
 
69
+ it "verifies this random real-world use case" do
70
+ auth_id = "676f8731f9d3bfd0"
71
+ auth_key = "b7c65a18f6955d58f06a439fb881d1565c17e840999500f2aed6859144de5bac4d1a670119c9b7a9"
72
+
73
+ url = "http://ec2-107-22-254-37.compute-1.amazonaws.com/eyintegration/sso/customers/1?access_level=owner&ey_return_to_url=https%3A%2F%2Fcloud.engineyard.com%2Faccounts%2F10398%2Fservices&ey_user_id=10133&ey_user_name=Jacob+Chronatog-Demo+Burkhart&timestamp=2011-10-07T23%3A15%3A50%2B00%3A00&signature=AuthHMAC+676f8731f9d3bfd0%3AnvsCICd%2F00dvFCpJYfvI9LTl81s%3D"
74
+
75
+ EY::ApiHMAC::SSO.authenticated?(url, auth_id, auth_key).should be_true
76
+ end
77
+
69
78
  #TODO: write a test that fails if we skip the CGI.unescape
70
79
 
71
80
  #TODO: provide signature methods
metadata CHANGED
@@ -1,13 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ey_api_hmac
3
3
  version: !ruby/object:Gem::Version
4
- hash: 61
4
+ hash: 59
5
5
  prerelease:
6
6
  segments:
7
7
  - 0
8
8
  - 0
9
- - 17
10
- version: 0.0.17
9
+ - 18
10
+ version: 0.0.18
11
11
  platform: ruby
12
12
  authors:
13
13
  - "Jacob Burkhart & Thorben Schr\xC3\xB6der & David Calavera & others"