ey_api_hmac 0.0.17 → 0.0.18
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/Gemfile.lock +1 -1
- data/lib/ey_api_hmac/sso.rb +17 -4
- data/lib/ey_api_hmac/version.rb +1 -1
- data/spec/base_connection_spec.rb +1 -1
- data/spec/sso_spec.rb +9 -0
- metadata +3 -3
data/Gemfile.lock
CHANGED
data/lib/ey_api_hmac/sso.rb
CHANGED
@@ -18,10 +18,11 @@ module EY
|
|
18
18
|
def self.authenticated?(url, auth_id, auth_key)
|
19
19
|
uri = URI.parse(url)
|
20
20
|
return false unless uri.query
|
21
|
-
query_params = CGI
|
22
|
-
signature = query_params.delete("signature")
|
21
|
+
query_params = CGI.parse(uri.query)
|
22
|
+
signature = arr_to_string(query_params.delete("signature"))
|
23
23
|
uri.query = params_to_string(query_params)
|
24
|
-
|
24
|
+
expected = signature_param(uri.to_s, auth_id, auth_key)
|
25
|
+
signature == expected
|
25
26
|
end
|
26
27
|
|
27
28
|
def self.signature_param(signed_string, auth_id, auth_key)
|
@@ -30,8 +31,20 @@ module EY
|
|
30
31
|
|
31
32
|
private
|
32
33
|
|
34
|
+
def self.arr_to_string(arr)
|
35
|
+
if arr.respond_to?(:join)
|
36
|
+
arr = arr.join("")
|
37
|
+
end
|
38
|
+
arr.to_s
|
39
|
+
end
|
40
|
+
|
33
41
|
def self.params_to_string(parameters)
|
34
|
-
parameters.sort_by(&:to_s).map
|
42
|
+
result = parameters.sort_by(&:to_s).map do |e|
|
43
|
+
e.map do |str|
|
44
|
+
CGI.escape(arr_to_string(str))
|
45
|
+
end.join '='
|
46
|
+
end.join '&'
|
47
|
+
result
|
35
48
|
end
|
36
49
|
|
37
50
|
def self.verify_params!(url, extra_params, parameters)
|
data/lib/ey_api_hmac/version.rb
CHANGED
data/spec/sso_spec.rb
CHANGED
@@ -66,6 +66,15 @@ describe EY::ApiHMAC do
|
|
66
66
|
}.should raise_error(/foo/)
|
67
67
|
end
|
68
68
|
|
69
|
+
it "verifies this random real-world use case" do
|
70
|
+
auth_id = "676f8731f9d3bfd0"
|
71
|
+
auth_key = "b7c65a18f6955d58f06a439fb881d1565c17e840999500f2aed6859144de5bac4d1a670119c9b7a9"
|
72
|
+
|
73
|
+
url = "http://ec2-107-22-254-37.compute-1.amazonaws.com/eyintegration/sso/customers/1?access_level=owner&ey_return_to_url=https%3A%2F%2Fcloud.engineyard.com%2Faccounts%2F10398%2Fservices&ey_user_id=10133&ey_user_name=Jacob+Chronatog-Demo+Burkhart×tamp=2011-10-07T23%3A15%3A50%2B00%3A00&signature=AuthHMAC+676f8731f9d3bfd0%3AnvsCICd%2F00dvFCpJYfvI9LTl81s%3D"
|
74
|
+
|
75
|
+
EY::ApiHMAC::SSO.authenticated?(url, auth_id, auth_key).should be_true
|
76
|
+
end
|
77
|
+
|
69
78
|
#TODO: write a test that fails if we skip the CGI.unescape
|
70
79
|
|
71
80
|
#TODO: provide signature methods
|
metadata
CHANGED
@@ -1,13 +1,13 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: ey_api_hmac
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
hash:
|
4
|
+
hash: 59
|
5
5
|
prerelease:
|
6
6
|
segments:
|
7
7
|
- 0
|
8
8
|
- 0
|
9
|
-
-
|
10
|
-
version: 0.0.
|
9
|
+
- 18
|
10
|
+
version: 0.0.18
|
11
11
|
platform: ruby
|
12
12
|
authors:
|
13
13
|
- "Jacob Burkhart & Thorben Schr\xC3\xB6der & David Calavera & others"
|