hmac-uri 0.1.0 → 0.1.1
Sign up to get free protection for your applications and to get access to all the features.
- data/README.md +1 -0
- data/lib/hmac/uri.rb +29 -4
- data/test/helper.rb +1 -0
- data/test/test_hmac_uri.rb +6 -2
- metadata +5 -3
data/README.md
CHANGED
data/lib/hmac/uri.rb
CHANGED
@@ -5,21 +5,46 @@ require 'addressable/uri'
|
|
5
5
|
|
6
6
|
module HMAC
|
7
7
|
class URI
|
8
|
+
module QSParser
|
9
|
+
def query_values
|
10
|
+
query.to_s.split(/&/).each_with_object({}) do |pair, hash|
|
11
|
+
key, value = pair.split(/=/, 2).map {|s| Addressable::URI.unescape(s)}
|
12
|
+
hash[key] = hash.key?(key) ? [hash[key], value].flatten : value
|
13
|
+
end
|
14
|
+
end
|
15
|
+
|
16
|
+
def query_values= hash
|
17
|
+
self.query = flatten_query_values(hash).map {|pair| pair.map {|s| Addressable::URI.escape(s.to_s)}.join('=')}.join('&')
|
18
|
+
end
|
19
|
+
|
20
|
+
def flatten_query_values hash
|
21
|
+
hash.keys.sort.each_with_object([]) do |key, q|
|
22
|
+
[hash[key]].flatten.each do |value|
|
23
|
+
q << [key, value]
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end # QSParser
|
28
|
+
|
8
29
|
def initialize options = {}
|
9
30
|
@secret = options.fetch(:secret)
|
10
31
|
@validator = options.fetch(:validator, method(:default_validator))
|
11
32
|
@digest = OpenSSL::Digest::Digest.new('sha1')
|
12
33
|
end
|
13
34
|
|
35
|
+
def parse uri
|
36
|
+
Addressable::URI.parse(uri).tap {|u| u.extend(QSParser)}
|
37
|
+
end
|
38
|
+
|
14
39
|
def sign uri
|
15
|
-
uri = merge_query(
|
40
|
+
uri = merge_query(parse(timestamp(uri)), nonce: nonce)
|
16
41
|
merge_query(uri, signature: signature(uri))
|
17
42
|
end
|
18
43
|
|
19
44
|
def signed? uri, options = {}
|
20
45
|
delta = options.fetch(:delta, 300).to_i
|
21
|
-
uri =
|
22
|
-
query = uri.query_values
|
46
|
+
uri = parse(uri)
|
47
|
+
query = uri.query_values
|
23
48
|
ts = query['timestamp'].to_i
|
24
49
|
nonce = query['nonce']
|
25
50
|
hmac = query.delete('signature')
|
@@ -57,7 +82,7 @@ module HMAC
|
|
57
82
|
end
|
58
83
|
|
59
84
|
def timestamp uri
|
60
|
-
merge_query(
|
85
|
+
merge_query(parse(uri), timestamp: Time.now.utc.to_i)
|
61
86
|
end
|
62
87
|
|
63
88
|
def signature message
|
data/test/helper.rb
CHANGED
data/test/test_hmac_uri.rb
CHANGED
@@ -2,8 +2,8 @@ require 'helper'
|
|
2
2
|
|
3
3
|
describe 'HMAC::URI' do
|
4
4
|
OPTIONS = {secret: 'foobar'}
|
5
|
-
EXAMPLE_URL = 'http://example.com'
|
6
|
-
SIGNED_URI_RE = %r{http://example.com
|
5
|
+
EXAMPLE_URL = 'http://example.com/?foo=1&foo=2'
|
6
|
+
SIGNED_URI_RE = %r{http://example.com/\?foo=1&foo=2&nonce=\d+&signature=.+×tamp=\d+}
|
7
7
|
|
8
8
|
def signed_url
|
9
9
|
HMAC::URI.new(OPTIONS).sign(EXAMPLE_URL)
|
@@ -17,6 +17,10 @@ describe 'HMAC::URI' do
|
|
17
17
|
assert HMAC::URI.new(OPTIONS).signed? signed_url
|
18
18
|
end
|
19
19
|
|
20
|
+
it 'should fail on secret mismatch' do
|
21
|
+
assert !HMAC::URI.new(secret: 'foo').signed?(signed_url), 'secret mismatch should fail check'
|
22
|
+
end
|
23
|
+
|
20
24
|
it 'should fail on invalid nonce' do
|
21
25
|
url = signed_url.to_s.sub %r{nonce=\d+}, 'nonce=123'
|
22
26
|
assert !HMAC::URI.new(OPTIONS).signed?(url), 'invalid nonce should fail check'
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: hmac-uri
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.1
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2012-
|
12
|
+
date: 2012-11-11 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: addressable
|
@@ -68,6 +68,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
68
68
|
- - ! '>='
|
69
69
|
- !ruby/object:Gem::Version
|
70
70
|
version: '0'
|
71
|
+
segments:
|
72
|
+
- 0
|
73
|
+
hash: -980915294190373519
|
71
74
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
72
75
|
none: false
|
73
76
|
requirements:
|
@@ -81,4 +84,3 @@ signing_key:
|
|
81
84
|
specification_version: 3
|
82
85
|
summary: HMAC signing for urls
|
83
86
|
test_files: []
|
84
|
-
has_rdoc:
|