ey_api_hmac 0.3.1 → 0.4.0
Sign up to get free protection for your applications and to get access to all the features.
- data/lib/ey_api_hmac.rb +13 -5
- data/lib/ey_api_hmac/version.rb +1 -1
- data/spec/api_auth_spec.rb +10 -1
- metadata +9 -9
data/lib/ey_api_hmac.rb
CHANGED
|
@@ -10,7 +10,7 @@ module EY
|
|
|
10
10
|
env["HTTP_AUTHORIZATION"] = auth_string(key_id, signature(env, secret))
|
|
11
11
|
end
|
|
12
12
|
|
|
13
|
-
def self.canonical_string(env)
|
|
13
|
+
def self.canonical_string(env, legacy = false)
|
|
14
14
|
parts = []
|
|
15
15
|
expect = Proc.new do |var|
|
|
16
16
|
unless env[var]
|
|
@@ -20,7 +20,7 @@ module EY
|
|
|
20
20
|
end
|
|
21
21
|
parts << expect["REQUEST_METHOD"]
|
|
22
22
|
parts << env["CONTENT_TYPE"]
|
|
23
|
-
parts << generated_md5(env)
|
|
23
|
+
parts << generated_md5(env, legacy)
|
|
24
24
|
parts << expect["HTTP_DATE"]
|
|
25
25
|
if env["REQUEST_URI"]
|
|
26
26
|
parts << URI.parse(env["REQUEST_URI"]).path
|
|
@@ -38,6 +38,10 @@ module EY
|
|
|
38
38
|
base64digest(canonical_string(env), secret)
|
|
39
39
|
end
|
|
40
40
|
|
|
41
|
+
def self.signature_legacy(env, secret)
|
|
42
|
+
base64digest(canonical_string(env, true), secret)
|
|
43
|
+
end
|
|
44
|
+
|
|
41
45
|
def self.base64digest(data,secret)
|
|
42
46
|
digest = OpenSSL::Digest::Digest.new('sha1')
|
|
43
47
|
[OpenSSL::HMAC.digest(digest, secret, data)].pack('m').strip
|
|
@@ -54,7 +58,7 @@ module EY
|
|
|
54
58
|
unless secret
|
|
55
59
|
raise HmacAuthFail, "couldn't find auth for #{access_key_id}"
|
|
56
60
|
end
|
|
57
|
-
unless hmac == signature(env, secret)
|
|
61
|
+
unless hmac == signature(env, secret) || hmac == signature_legacy(env, secret)
|
|
58
62
|
raise HmacAuthFail, "signature mismatch. Calculated canonical_string: #{canonical_string(env).inspect}"
|
|
59
63
|
end
|
|
60
64
|
else
|
|
@@ -73,11 +77,15 @@ module EY
|
|
|
73
77
|
|
|
74
78
|
private
|
|
75
79
|
|
|
76
|
-
def self.generated_md5(env)
|
|
80
|
+
def self.generated_md5(env, legacy = false)
|
|
77
81
|
env["rack.input"].rewind
|
|
78
82
|
request_body = env["rack.input"].read
|
|
79
83
|
env["rack.input"].rewind
|
|
80
|
-
|
|
84
|
+
if legacy
|
|
85
|
+
OpenSSL::Digest::MD5.hexdigest(request_body)
|
|
86
|
+
else
|
|
87
|
+
request_body.empty? ? nil : OpenSSL::Digest::MD5.hexdigest(request_body)
|
|
88
|
+
end
|
|
81
89
|
end
|
|
82
90
|
|
|
83
91
|
end
|
data/lib/ey_api_hmac/version.rb
CHANGED
data/spec/api_auth_spec.rb
CHANGED
|
@@ -109,8 +109,17 @@ describe EY::ApiHMAC::ApiAuth do
|
|
|
109
109
|
end
|
|
110
110
|
|
|
111
111
|
describe "authenticated?" do
|
|
112
|
-
describe "request signed by AuthHMAC" do
|
|
113
112
|
|
|
113
|
+
it "verifies the old signing method without body" do
|
|
114
|
+
@env['rack.input'] = StringIO.new
|
|
115
|
+
@env.delete('HTTP_CONTENT_MD5')
|
|
116
|
+
@request = Rack::Request.new(@env)
|
|
117
|
+
@env["HTTP_AUTHORIZATION"] = "AuthHMAC access key 1:isJ7zHHPrpnSdZ/XbvqxFhVUf0c="
|
|
118
|
+
@lookup = Proc.new{ |key| 'secret' if key == 'access key 1' }
|
|
119
|
+
EY::ApiHMAC.authenticated?(@env, &@lookup).should be_true
|
|
120
|
+
end
|
|
121
|
+
|
|
122
|
+
describe "request signed by AuthHMAC" do
|
|
114
123
|
describe do
|
|
115
124
|
before do
|
|
116
125
|
AuthHMAC.sign!(@request, 'access key 1', 'secret')
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: ey_api_hmac
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.4.0
|
|
5
5
|
prerelease:
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
@@ -9,11 +9,11 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2011-12-
|
|
12
|
+
date: 2011-12-19 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: rack-client
|
|
16
|
-
requirement: &
|
|
16
|
+
requirement: &70174232520240 !ruby/object:Gem::Requirement
|
|
17
17
|
none: false
|
|
18
18
|
requirements:
|
|
19
19
|
- - ! '>='
|
|
@@ -21,10 +21,10 @@ dependencies:
|
|
|
21
21
|
version: '0'
|
|
22
22
|
type: :runtime
|
|
23
23
|
prerelease: false
|
|
24
|
-
version_requirements: *
|
|
24
|
+
version_requirements: *70174232520240
|
|
25
25
|
- !ruby/object:Gem::Dependency
|
|
26
26
|
name: json
|
|
27
|
-
requirement: &
|
|
27
|
+
requirement: &70174232519780 !ruby/object:Gem::Requirement
|
|
28
28
|
none: false
|
|
29
29
|
requirements:
|
|
30
30
|
- - ! '>='
|
|
@@ -32,10 +32,10 @@ dependencies:
|
|
|
32
32
|
version: '0'
|
|
33
33
|
type: :runtime
|
|
34
34
|
prerelease: false
|
|
35
|
-
version_requirements: *
|
|
35
|
+
version_requirements: *70174232519780
|
|
36
36
|
- !ruby/object:Gem::Dependency
|
|
37
37
|
name: rspec
|
|
38
|
-
requirement: &
|
|
38
|
+
requirement: &70174232519200 !ruby/object:Gem::Requirement
|
|
39
39
|
none: false
|
|
40
40
|
requirements:
|
|
41
41
|
- - ! '>='
|
|
@@ -43,7 +43,7 @@ dependencies:
|
|
|
43
43
|
version: '0'
|
|
44
44
|
type: :development
|
|
45
45
|
prerelease: false
|
|
46
|
-
version_requirements: *
|
|
46
|
+
version_requirements: *70174232519200
|
|
47
47
|
description: basic wrapper for rack-client + middlewares for HMAC auth + helpers for
|
|
48
48
|
SSO auth
|
|
49
49
|
email:
|
|
@@ -90,7 +90,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
90
90
|
version: '0'
|
|
91
91
|
requirements: []
|
|
92
92
|
rubyforge_project: ey_api_hmac
|
|
93
|
-
rubygems_version: 1.8.
|
|
93
|
+
rubygems_version: 1.8.10
|
|
94
94
|
signing_key:
|
|
95
95
|
specification_version: 3
|
|
96
96
|
summary: HMAC Rack basic implementation for Engine Yard services
|