ey_api_hmac 0.3.1 → 0.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/lib/ey_api_hmac.rb +13 -5
- data/lib/ey_api_hmac/version.rb +1 -1
- data/spec/api_auth_spec.rb +10 -1
- metadata +9 -9
data/lib/ey_api_hmac.rb
CHANGED
|
@@ -10,7 +10,7 @@ module EY
|
|
|
10
10
|
env["HTTP_AUTHORIZATION"] = auth_string(key_id, signature(env, secret))
|
|
11
11
|
end
|
|
12
12
|
|
|
13
|
-
def self.canonical_string(env)
|
|
13
|
+
def self.canonical_string(env, legacy = false)
|
|
14
14
|
parts = []
|
|
15
15
|
expect = Proc.new do |var|
|
|
16
16
|
unless env[var]
|
|
@@ -20,7 +20,7 @@ module EY
|
|
|
20
20
|
end
|
|
21
21
|
parts << expect["REQUEST_METHOD"]
|
|
22
22
|
parts << env["CONTENT_TYPE"]
|
|
23
|
-
parts << generated_md5(env)
|
|
23
|
+
parts << generated_md5(env, legacy)
|
|
24
24
|
parts << expect["HTTP_DATE"]
|
|
25
25
|
if env["REQUEST_URI"]
|
|
26
26
|
parts << URI.parse(env["REQUEST_URI"]).path
|
|
@@ -38,6 +38,10 @@ module EY
|
|
|
38
38
|
base64digest(canonical_string(env), secret)
|
|
39
39
|
end
|
|
40
40
|
|
|
41
|
+
def self.signature_legacy(env, secret)
|
|
42
|
+
base64digest(canonical_string(env, true), secret)
|
|
43
|
+
end
|
|
44
|
+
|
|
41
45
|
def self.base64digest(data,secret)
|
|
42
46
|
digest = OpenSSL::Digest::Digest.new('sha1')
|
|
43
47
|
[OpenSSL::HMAC.digest(digest, secret, data)].pack('m').strip
|
|
@@ -54,7 +58,7 @@ module EY
|
|
|
54
58
|
unless secret
|
|
55
59
|
raise HmacAuthFail, "couldn't find auth for #{access_key_id}"
|
|
56
60
|
end
|
|
57
|
-
unless hmac == signature(env, secret)
|
|
61
|
+
unless hmac == signature(env, secret) || hmac == signature_legacy(env, secret)
|
|
58
62
|
raise HmacAuthFail, "signature mismatch. Calculated canonical_string: #{canonical_string(env).inspect}"
|
|
59
63
|
end
|
|
60
64
|
else
|
|
@@ -73,11 +77,15 @@ module EY
|
|
|
73
77
|
|
|
74
78
|
private
|
|
75
79
|
|
|
76
|
-
def self.generated_md5(env)
|
|
80
|
+
def self.generated_md5(env, legacy = false)
|
|
77
81
|
env["rack.input"].rewind
|
|
78
82
|
request_body = env["rack.input"].read
|
|
79
83
|
env["rack.input"].rewind
|
|
80
|
-
|
|
84
|
+
if legacy
|
|
85
|
+
OpenSSL::Digest::MD5.hexdigest(request_body)
|
|
86
|
+
else
|
|
87
|
+
request_body.empty? ? nil : OpenSSL::Digest::MD5.hexdigest(request_body)
|
|
88
|
+
end
|
|
81
89
|
end
|
|
82
90
|
|
|
83
91
|
end
|
data/lib/ey_api_hmac/version.rb
CHANGED
data/spec/api_auth_spec.rb
CHANGED
|
@@ -109,8 +109,17 @@ describe EY::ApiHMAC::ApiAuth do
|
|
|
109
109
|
end
|
|
110
110
|
|
|
111
111
|
describe "authenticated?" do
|
|
112
|
-
describe "request signed by AuthHMAC" do
|
|
113
112
|
|
|
113
|
+
it "verifies the old signing method without body" do
|
|
114
|
+
@env['rack.input'] = StringIO.new
|
|
115
|
+
@env.delete('HTTP_CONTENT_MD5')
|
|
116
|
+
@request = Rack::Request.new(@env)
|
|
117
|
+
@env["HTTP_AUTHORIZATION"] = "AuthHMAC access key 1:isJ7zHHPrpnSdZ/XbvqxFhVUf0c="
|
|
118
|
+
@lookup = Proc.new{ |key| 'secret' if key == 'access key 1' }
|
|
119
|
+
EY::ApiHMAC.authenticated?(@env, &@lookup).should be_true
|
|
120
|
+
end
|
|
121
|
+
|
|
122
|
+
describe "request signed by AuthHMAC" do
|
|
114
123
|
describe do
|
|
115
124
|
before do
|
|
116
125
|
AuthHMAC.sign!(@request, 'access key 1', 'secret')
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: ey_api_hmac
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.4.0
|
|
5
5
|
prerelease:
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
@@ -9,11 +9,11 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2011-12-
|
|
12
|
+
date: 2011-12-19 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: rack-client
|
|
16
|
-
requirement: &
|
|
16
|
+
requirement: &70174232520240 !ruby/object:Gem::Requirement
|
|
17
17
|
none: false
|
|
18
18
|
requirements:
|
|
19
19
|
- - ! '>='
|
|
@@ -21,10 +21,10 @@ dependencies:
|
|
|
21
21
|
version: '0'
|
|
22
22
|
type: :runtime
|
|
23
23
|
prerelease: false
|
|
24
|
-
version_requirements: *
|
|
24
|
+
version_requirements: *70174232520240
|
|
25
25
|
- !ruby/object:Gem::Dependency
|
|
26
26
|
name: json
|
|
27
|
-
requirement: &
|
|
27
|
+
requirement: &70174232519780 !ruby/object:Gem::Requirement
|
|
28
28
|
none: false
|
|
29
29
|
requirements:
|
|
30
30
|
- - ! '>='
|
|
@@ -32,10 +32,10 @@ dependencies:
|
|
|
32
32
|
version: '0'
|
|
33
33
|
type: :runtime
|
|
34
34
|
prerelease: false
|
|
35
|
-
version_requirements: *
|
|
35
|
+
version_requirements: *70174232519780
|
|
36
36
|
- !ruby/object:Gem::Dependency
|
|
37
37
|
name: rspec
|
|
38
|
-
requirement: &
|
|
38
|
+
requirement: &70174232519200 !ruby/object:Gem::Requirement
|
|
39
39
|
none: false
|
|
40
40
|
requirements:
|
|
41
41
|
- - ! '>='
|
|
@@ -43,7 +43,7 @@ dependencies:
|
|
|
43
43
|
version: '0'
|
|
44
44
|
type: :development
|
|
45
45
|
prerelease: false
|
|
46
|
-
version_requirements: *
|
|
46
|
+
version_requirements: *70174232519200
|
|
47
47
|
description: basic wrapper for rack-client + middlewares for HMAC auth + helpers for
|
|
48
48
|
SSO auth
|
|
49
49
|
email:
|
|
@@ -90,7 +90,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
90
90
|
version: '0'
|
|
91
91
|
requirements: []
|
|
92
92
|
rubyforge_project: ey_api_hmac
|
|
93
|
-
rubygems_version: 1.8.
|
|
93
|
+
rubygems_version: 1.8.10
|
|
94
94
|
signing_key:
|
|
95
95
|
specification_version: 3
|
|
96
96
|
summary: HMAC Rack basic implementation for Engine Yard services
|