hmac-uri 0.1.0 → 0.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/README.md +1 -0
- data/lib/hmac/uri.rb +29 -4
- data/test/helper.rb +1 -0
- data/test/test_hmac_uri.rb +6 -2
- metadata +5 -3
data/README.md
CHANGED
data/lib/hmac/uri.rb
CHANGED
|
@@ -5,21 +5,46 @@ require 'addressable/uri'
|
|
|
5
5
|
|
|
6
6
|
module HMAC
|
|
7
7
|
class URI
|
|
8
|
+
module QSParser
|
|
9
|
+
def query_values
|
|
10
|
+
query.to_s.split(/&/).each_with_object({}) do |pair, hash|
|
|
11
|
+
key, value = pair.split(/=/, 2).map {|s| Addressable::URI.unescape(s)}
|
|
12
|
+
hash[key] = hash.key?(key) ? [hash[key], value].flatten : value
|
|
13
|
+
end
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
def query_values= hash
|
|
17
|
+
self.query = flatten_query_values(hash).map {|pair| pair.map {|s| Addressable::URI.escape(s.to_s)}.join('=')}.join('&')
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
def flatten_query_values hash
|
|
21
|
+
hash.keys.sort.each_with_object([]) do |key, q|
|
|
22
|
+
[hash[key]].flatten.each do |value|
|
|
23
|
+
q << [key, value]
|
|
24
|
+
end
|
|
25
|
+
end
|
|
26
|
+
end
|
|
27
|
+
end # QSParser
|
|
28
|
+
|
|
8
29
|
def initialize options = {}
|
|
9
30
|
@secret = options.fetch(:secret)
|
|
10
31
|
@validator = options.fetch(:validator, method(:default_validator))
|
|
11
32
|
@digest = OpenSSL::Digest::Digest.new('sha1')
|
|
12
33
|
end
|
|
13
34
|
|
|
35
|
+
def parse uri
|
|
36
|
+
Addressable::URI.parse(uri).tap {|u| u.extend(QSParser)}
|
|
37
|
+
end
|
|
38
|
+
|
|
14
39
|
def sign uri
|
|
15
|
-
uri = merge_query(
|
|
40
|
+
uri = merge_query(parse(timestamp(uri)), nonce: nonce)
|
|
16
41
|
merge_query(uri, signature: signature(uri))
|
|
17
42
|
end
|
|
18
43
|
|
|
19
44
|
def signed? uri, options = {}
|
|
20
45
|
delta = options.fetch(:delta, 300).to_i
|
|
21
|
-
uri =
|
|
22
|
-
query = uri.query_values
|
|
46
|
+
uri = parse(uri)
|
|
47
|
+
query = uri.query_values
|
|
23
48
|
ts = query['timestamp'].to_i
|
|
24
49
|
nonce = query['nonce']
|
|
25
50
|
hmac = query.delete('signature')
|
|
@@ -57,7 +82,7 @@ module HMAC
|
|
|
57
82
|
end
|
|
58
83
|
|
|
59
84
|
def timestamp uri
|
|
60
|
-
merge_query(
|
|
85
|
+
merge_query(parse(uri), timestamp: Time.now.utc.to_i)
|
|
61
86
|
end
|
|
62
87
|
|
|
63
88
|
def signature message
|
data/test/helper.rb
CHANGED
data/test/test_hmac_uri.rb
CHANGED
|
@@ -2,8 +2,8 @@ require 'helper'
|
|
|
2
2
|
|
|
3
3
|
describe 'HMAC::URI' do
|
|
4
4
|
OPTIONS = {secret: 'foobar'}
|
|
5
|
-
EXAMPLE_URL = 'http://example.com'
|
|
6
|
-
SIGNED_URI_RE = %r{http://example.com
|
|
5
|
+
EXAMPLE_URL = 'http://example.com/?foo=1&foo=2'
|
|
6
|
+
SIGNED_URI_RE = %r{http://example.com/\?foo=1&foo=2&nonce=\d+&signature=.+×tamp=\d+}
|
|
7
7
|
|
|
8
8
|
def signed_url
|
|
9
9
|
HMAC::URI.new(OPTIONS).sign(EXAMPLE_URL)
|
|
@@ -17,6 +17,10 @@ describe 'HMAC::URI' do
|
|
|
17
17
|
assert HMAC::URI.new(OPTIONS).signed? signed_url
|
|
18
18
|
end
|
|
19
19
|
|
|
20
|
+
it 'should fail on secret mismatch' do
|
|
21
|
+
assert !HMAC::URI.new(secret: 'foo').signed?(signed_url), 'secret mismatch should fail check'
|
|
22
|
+
end
|
|
23
|
+
|
|
20
24
|
it 'should fail on invalid nonce' do
|
|
21
25
|
url = signed_url.to_s.sub %r{nonce=\d+}, 'nonce=123'
|
|
22
26
|
assert !HMAC::URI.new(OPTIONS).signed?(url), 'invalid nonce should fail check'
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: hmac-uri
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.1
|
|
5
5
|
prerelease:
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2012-
|
|
12
|
+
date: 2012-11-11 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: addressable
|
|
@@ -68,6 +68,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
68
68
|
- - ! '>='
|
|
69
69
|
- !ruby/object:Gem::Version
|
|
70
70
|
version: '0'
|
|
71
|
+
segments:
|
|
72
|
+
- 0
|
|
73
|
+
hash: -980915294190373519
|
|
71
74
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
72
75
|
none: false
|
|
73
76
|
requirements:
|
|
@@ -81,4 +84,3 @@ signing_key:
|
|
|
81
84
|
specification_version: 3
|
|
82
85
|
summary: HMAC signing for urls
|
|
83
86
|
test_files: []
|
|
84
|
-
has_rdoc:
|