halorgium-auth-hmac 1.1.1.2010090301

data/spec/auth-hmac_spec.rb

@@ -0,0 +1,320 @@
+require File.dirname(__FILE__) + '/spec_helper.rb'
+require "net/http"
+require 'time'
+require 'yaml'
+require 'ruby-debug'
+require 'active_support/core_ext/hash/except'
+
+# Class for doing a custom signature
+class CustomSignature < String
+  def initialize(request, authenticate_referrer=false)
+    self << "Custom signature string: #{request.method}"
+  end
+end
+
+def signature(value, secret)
+  digest = OpenSSL::Digest::Digest.new('sha1')
+  Base64.encode64(OpenSSL::HMAC.digest(digest, secret, value)).strip
+end
+
+describe AuthHMAC do
+  before(:each) do
+    @request = Net::HTTP::Put.new("/path/to/put?foo=bar&bar=foo", 
+      'content-type' => 'text/plain', 
+      'content-md5' => 'blahblah', 
+      'date' => "Thu, 10 Jul 2008 03:29:56 GMT")
+  end
+
+  describe ".canonical_string" do
+    it "should generate a canonical string using default method" do
+      AuthHMAC.canonical_string(@request).should == "PUT\ntext/plain\nblahblah\nThu, 10 Jul 2008 03:29:56 GMT\n/path/to/put"
+    end
+  end
+  
+  describe ".signature" do
+    it "should generate a valid signature string for a secret" do
+      AuthHMAC.signature(@request, 'secret').should == "71wAJM4IIu/3o6lcqx/tw7XnAJs="
+    end
+  end
+
+  describe ".sign!" do
+    before(:each) do
+      @request = Net::HTTP::Put.new("/path/to/put?foo=bar&bar=foo", 
+        'content-type' => 'text/plain', 
+        'content-md5' => 'blahblah', 
+        'date' => "Thu, 10 Jul 2008 03:29:56 GMT")
+    end
+
+    it "should sign using the key passed in as a parameter" do
+     AuthHMAC.sign!(@request, "my-key-id", "secret")
+     @request['Authorization'].should == "AuthHMAC my-key-id:71wAJM4IIu/3o6lcqx/tw7XnAJs="
+    end
+
+    it "should sign using custom service id" do
+      AuthHMAC.sign!(@request, "my-key-id", "secret", { :service_id => 'MyService' })
+      @request['Authorization'].should == "MyService my-key-id:71wAJM4IIu/3o6lcqx/tw7XnAJs="
+    end
+
+    it "should sign using custom signature method" do
+      options = {
+        :service_id => 'MyService',
+        :signature => CustomSignature
+      }
+      # debugger
+      AuthHMAC.sign!(@request, "my-key-id", "secret", options)
+      @request['Authorization'].should == "MyService my-key-id:/L4N1v1BZSHfAYkQjsvZn696D9c="
+    end
+  end
+  
+  describe "#sign!" do
+    before(:each) do
+      @get_request = Net::HTTP::Get.new("/")
+      @put_request = Net::HTTP::Put.new("/path/to/put?foo=bar&bar=foo", 
+        'content-type' => 'text/plain', 
+        'content-md5' => 'blahblah', 
+        'date' => "Thu, 10 Jul 2008 03:29:56 GMT")
+       @store = mock('store')
+      @store.stub!(:[]).and_return("")
+      @authhmac = AuthHMAC.new(@store)
+    end
+
+    describe "default AuthHMAC with CanonicalString signature" do
+      it "should add an Authorization header" do
+        @authhmac.sign!(@get_request, 'key-id')
+        @get_request.key?("Authorization").should be_true
+      end
+      
+      it "should fetch the secret from the store" do
+        @store.should_receive(:[]).with('key-id').and_return('secret')
+        @authhmac.sign!(@get_request, 'key-id')
+      end
+      
+      it "should prefix the Authorization Header with AuthHMAC" do
+        @authhmac.sign!(@get_request, 'key-id')
+        @get_request['Authorization'].should match(/^AuthHMAC /)
+      end
+
+      it "should include the key id as the first part of the Authorization header value" do
+        @authhmac.sign!(@get_request, 'key-id')
+        @get_request['Authorization'].should match(/^AuthHMAC key-id:/)
+      end
+      
+      it "should include the base64 encoded HMAC signature as the last part of the header value" do
+        @authhmac.sign!(@get_request, 'key-id')
+        @get_request['Authorization'].should match(/:[A-Za-z0-9+\/]{26,28}[=]{0,2}$/)
+      end
+      
+      it "should create a complete signature" do
+        @store.should_receive(:[]).with('my-key-id').and_return('secret')
+        @authhmac.sign!(@put_request, "my-key-id")
+        @put_request['Authorization'].should == "AuthHMAC my-key-id:71wAJM4IIu/3o6lcqx/tw7XnAJs="
+      end
+    end
+
+    describe "custom signatures" do
+      before(:each) do
+         @options = {
+          :service_id => 'MyService',
+          :signature => CustomSignature
+        }
+        @authhmac = AuthHMAC.new(@store, @options)
+      end
+
+      it "should prefix the Authorization header with custom service id" do
+        @authhmac.sign!(@get_request, 'key-id')
+        @get_request['Authorization'].should match(/^MyService /)
+      end
+      
+      it "should create a complete signature using options" do
+        @store.should_receive(:[]).with('my-key-id').and_return('secret')
+        @authhmac.sign!(@put_request, "my-key-id")
+        @put_request['Authorization'].should == "MyService my-key-id:/L4N1v1BZSHfAYkQjsvZn696D9c="
+      end
+    end
+  end
+  
+  describe "authenticated?" do
+    before(:each) do
+      @credentials = YAML.load(File.read(File.join(File.dirname(__FILE__), 'fixtures', 'credentials.yml')))
+      @authhmac = AuthHMAC.new(@credentials)
+      @request = Net::HTTP::Get.new("/path/to/get?foo=bar&bar=foo", 'date' => "Thu, 10 Jul 2008 03:29:56 GMT")
+    end
+    
+    it "should return false when there is no Authorization Header" do
+      @authhmac.authenticated?(@request).should be_false
+    end
+    
+    it "should return false when the Authorization value isn't prefixed with HMAC" do
+      @request['Authorization'] = "id:secret"
+      @authhmac.authenticated?(@request).should be_false
+    end
+    
+    it "should return false when the access key id can't be found" do
+      @request['Authorization'] = 'AuthHMAC missing-key:blah'
+      @authhmac.authenticated?(@request).should be_false
+    end    
+    
+    it "should return false when there is no hmac" do
+      @request['Authorization'] = 'AuthHMAC missing-key:'
+      @authhmac.authenticated?(@request).should be_false
+    end
+    
+    it "should return false when the hmac doesn't match" do
+      @request['Authorization'] = 'AuthHMAC access key 1:blah'
+      @authhmac.authenticated?(@request).should be_false
+    end
+    
+    it "should return false if the request was modified after signing" do
+      @authhmac.sign!(@request, 'access key 1')
+      @request.content_type = 'text/plain'
+      @authhmac.authenticated?(@request).should be_false
+    end
+    
+    it "should return true when the hmac does match" do
+      @authhmac.sign!(@request, 'access key 1')
+      @authhmac.authenticated?(@request).should be_true
+    end
+
+    describe "custom signatures" do
+      before(:each) do
+        @options = {
+          :service_id => 'MyService',
+          :signature => CustomSignature
+        }
+      end
+
+      it "should return false for invalid service id" do
+        @authhmac.sign!(@request, 'access key 1')
+        AuthHMAC.new(@credentials, @options.except(:signature)).authenticated?(@request).should be_false
+      end
+
+      it "should return false for request using default CanonicalString signature" do
+        @authhmac.sign!(@request, 'access key 1')
+        AuthHMAC.new(@credentials, @options.except(:service_id)).authenticated?(@request).should be_false
+      end
+      
+      it "should return true when valid" do
+        @authhmac = AuthHMAC.new(@credentials, @options)
+        @authhmac.sign!(@request, 'access key 1')
+        @authhmac.authenticated?(@request).should be_true
+      end
+    end
+  end
+  
+  describe "#sign! with YAML credentials" do
+    before(:each) do
+      @authhmac = AuthHMAC.new(YAML.load(File.read(File.join(File.dirname(__FILE__), 'fixtures', 'credentials.yml'))))
+      @request = Net::HTTP::Get.new("/path/to/get?foo=bar&bar=foo", 'date' => "Thu, 10 Jul 2008 03:29:56 GMT")
+    end
+    
+    it "should raise an argument error if credentials are missing" do
+      lambda { @authhmac.sign!(@request, 'missing') }.should raise_error(ArgumentError)
+    end
+    
+    it "should sign with the secret" do
+      @authhmac.sign!(@request, "access key 1")
+      @request['Authorization'].should == "AuthHMAC access key 1:ovwO0OBERuF3/uR3aowaUCkFMiE="
+    end
+    
+    it "should sign with the other secret" do
+      @authhmac.sign!(@request, "access key 2")
+      @request['Authorization'].should == "AuthHMAC access key 2:vT010RQm4IZ6+UCVpK2/N0FLpLw="
+    end
+  end
+  
+  describe AuthHMAC::Headers do
+    before(:each) do
+      @authhmac = AuthHMAC.new(YAML.load(File.read(File.join(File.dirname(__FILE__), 'fixtures', 'credentials.yml'))))
+    end
+    
+    it "should support Rack::Request objects" do
+      rack_req = mock("MockRackRequest")
+      headers = {
+        'HTTP_AUTHORIZATION' => ["AuthHMAC access key 1:ovwO0OBERuF3/uR3aowaUCkFMiE="],
+        'HTTP_DATE' => ['Thu, 10 Jul 2008 03:29:56 GMT']
+      }
+      rack_req.stub!(:env).and_return(headers)
+      rack_req.stub!(:request_method).and_return('GET')
+      rack_req.stub!(:path).and_return("/path/to/get?foo=bar&bar=foo")
+      rack_req.stub!(:[]).and_return({'foo' => 'bar', 'bar' => 'foo'})
+      rack_req.stub!(:body).and_return(StringIO.new(''))
+      @authhmac.authenticated?(rack_req).should be_true
+    end
+  end
+  
+  describe AuthHMAC::CanonicalString do
+    it "should include the http verb when it is GET" do
+      request = Net::HTTP::Get.new("/")
+      AuthHMAC::CanonicalString.new(request).should match(/GET/)
+    end
+    
+    it "should include the http verb when it is POST" do
+      request = Net::HTTP::Post.new("/")
+      AuthHMAC::CanonicalString.new(request).should match(/POST/)
+    end
+    
+    it "should include the content-type" do
+      request = Net::HTTP::Put.new("/", {'Content-Type' => 'application/xml'})
+      AuthHMAC::CanonicalString.new(request).should match(/application\/xml/)
+    end
+    
+    it "should include the content-type even if the case is messed up" do
+      request = Net::HTTP::Put.new("/", {'cOntent-type' => 'text/html'})
+      AuthHMAC::CanonicalString.new(request).should match(/text\/html/)
+    end
+    
+    it "should include the content-md5" do
+      request = Net::HTTP::Put.new("/", {'Content-MD5' => 'skwkend'})
+      AuthHMAC::CanonicalString.new(request).should match(/skwkend/)
+    end    
+    
+    it "should include the content-md5 even if the case is messed up" do
+      request = Net::HTTP::Put.new("/", {'content-md5' => 'adsada'})
+      AuthHMAC::CanonicalString.new(request).should match(/adsada/)
+    end
+
+    it "should generate the content-md5 if one wasn't included and there is a request body" do
+      request = Net::HTTP::Put.new("/")
+      request.body = "foo=bar&baz=qux"
+      content_md5 = OpenSSL::Digest::MD5.hexdigest(request.body)
+      AuthHMAC::CanonicalString.new(request).should match(/#{content_md5}/)
+    end
+
+    it "should not generate a content-md5 when there is no request body" do
+      request = Net::HTTP::Get.new("/")
+      AuthHMAC::CanonicalString.new(request).should match(/^GET\n\n\n/)
+    end
+    
+    it "should include the date" do
+      date = Time.now.httpdate
+      request = Net::HTTP::Put.new("/", {'Date' => date})
+      AuthHMAC::CanonicalString.new(request).should match(/#{date}/)
+    end
+    
+    it "should include the request path" do
+      request = Net::HTTP::Get.new("/path/to/file")
+      AuthHMAC::CanonicalString.new(request).should match(/\/path\/to\/file[^?]?/)
+    end
+    
+    it "should ignore the query string of the request path" do
+      request = Net::HTTP::Get.new("/other/path/to/file?query=foo")
+      AuthHMAC::CanonicalString.new(request).should match(/\/other\/path\/to\/file[^?]?/)
+    end
+    
+    it "should build the correct string" do
+      date = Time.now.httpdate
+      request = Net::HTTP::Put.new("/path/to/put?foo=bar&bar=foo", 
+                                    'content-type' => 'text/plain', 
+                                    'content-md5' => 'blahblah', 
+                                    'date' => date)
+      AuthHMAC::CanonicalString.new(request).should == "PUT\ntext/plain\nblahblah\n#{date}\n/path/to/put"                                            
+    end
+    
+    it "should build the correct string when some elements are missing" do
+      date = Time.now.httpdate
+      request = Net::HTTP::Get.new("/path/to/get?foo=bar&bar=foo",
+                                    'date' => date)
+      AuthHMAC::CanonicalString.new(request).should == "GET\n\n\n#{date}\n/path/to/get"
+    end
+  end
+end

data/spec/spec.opts

@@ -0,0 +1 @@
+--colour

data/spec/spec_helper.rb

@@ -0,0 +1,10 @@
+begin
+  require 'spec'
+rescue LoadError
+  require 'rubygems'
+  gem 'rspec'
+  require 'spec'
+end
+
+$:.unshift(File.dirname(__FILE__) + '/../lib')
+require 'auth-hmac'

data/tasks/deployment.rake

@@ -0,0 +1,34 @@
+desc 'Release the website and new gem version'
+task :deploy => [:check_version, :website, :release] do
+  puts "Remember to create SVN tag:"
+  puts "svn copy svn+ssh://#{rubyforge_username}@rubyforge.org/var/svn/#{PATH}/trunk " +
+    "svn+ssh://#{rubyforge_username}@rubyforge.org/var/svn/#{PATH}/tags/REL-#{VERS} "
+  puts "Suggested comment:"
+  puts "Tagging release #{CHANGES}"
+end
+
+desc 'Runs tasks website_generate and install_gem as a local deployment of the gem'
+task :local_deploy => [:website_generate, :install_gem]
+
+task :check_version do
+  unless ENV['VERSION']
+    puts 'Must pass a VERSION=x.y.z release version'
+    exit
+  end
+  unless ENV['VERSION'] == VERS
+    puts "Please update your version.rb to match the release version, currently #{VERS}"
+    exit
+  end
+end
+
+desc 'Install the package as a gem, without generating documentation(ri/rdoc)'
+task :install_gem_no_doc => [:clean, :package] do
+  sh "#{'sudo ' unless Hoe::WINDOZE }gem install pkg/*.gem --no-rdoc --no-ri"
+end
+
+namespace :manifest do
+  desc 'Recreate Manifest.txt to include ALL files'
+  task :refresh do
+    `rake check_manifest | patch -p0 > Manifest.txt`
+  end
+end

data/tasks/environment.rake

@@ -0,0 +1,7 @@
+task :ruby_env do
+  RUBY_APP = if RUBY_PLATFORM =~ /java/
+    "jruby"
+  else
+    "ruby"
+  end unless defined? RUBY_APP
+end

data/tasks/rspec.rake

@@ -0,0 +1,21 @@
+begin
+  require 'spec'
+rescue LoadError
+  require 'rubygems'
+  require 'spec'
+end
+begin
+  require 'spec/rake/spectask'
+rescue LoadError
+  puts <<-EOS
+To use rspec for testing you must install rspec gem:
+    gem install rspec
+EOS
+  exit(0)
+end
+
+desc "Run the specs under spec/models"
+Spec::Rake::SpecTask.new do |t|
+  t.spec_opts = ['--options', "spec/spec.opts"]
+  t.spec_files = FileList['spec/**/*_spec.rb']
+end

data/tasks/website.rake

@@ -0,0 +1,9 @@
+# stubs for the website generation
+# To install the website framework:
+#   script/generate website
+
+task :website_generate
+
+task :website_upload
+
+task :website => :publish_docs

metadata

@@ -0,0 +1,111 @@
+--- !ruby/object:Gem::Specification 
+name: halorgium-auth-hmac
+version: !ruby/object:Gem::Version 
+  hash: 4020180521
+  prerelease: false
+  segments: 
+  - 1
+  - 1
+  - 1
+  - 2010090301
+  version: 1.1.1.2010090301
+platform: ruby
+authors: 
+- Sean Geoghegan
+- ascarter
+- Wes Morgan
+- Adrian Cushman
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2010-09-02 00:00:00 -07:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: hoe
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 51
+        segments: 
+        - 1
+        - 8
+        - 2
+        version: 1.8.2
+  type: :development
+  version_requirements: *id001
+description: A gem providing HMAC based authentication for HTTP. This is the DNC Labs fork.
+email: innovationlab@dnc.org
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- History.txt
+- License.txt
+- Manifest.txt
+- PostInstall.txt
+- README.txt
+files: 
+- History.txt
+- License.txt
+- Manifest.txt
+- PostInstall.txt
+- README.txt
+- Rakefile
+- config/hoe.rb
+- config/requirements.rb
+- lib/auth-hmac.rb
+- lib/auth-hmac/version.rb
+- script/console
+- script/destroy
+- script/generate
+- setup.rb
+- spec/auth-hmac_spec.rb
+- spec/spec.opts
+- spec/spec_helper.rb
+- tasks/deployment.rake
+- tasks/environment.rake
+- tasks/rspec.rake
+- tasks/website.rake
+has_rdoc: true
+homepage: http://github.com/dnclabs/auth-hmac/
+licenses: []
+
+post_install_message: 
+rdoc_options: 
+- --main
+- README.txt
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+requirements: []
+
+rubyforge_project: auth-hmac
+rubygems_version: 1.3.7
+signing_key: 
+specification_version: 2
+summary: A gem providing HMAC based authentication for HTTP
+test_files: []
+