hmac-uri 0.1.0 → 0.1.1

data/README.md

@@ -29,6 +29,7 @@ uri   = mac.sign "http://example.org/resource?id=1"
 
 mac.signed?(uri)           #=> true
 mac.signed?(uri, delta: 0) #=> false
+```
 
 ## License
 

data/lib/hmac/uri.rb

@@ -5,21 +5,46 @@ require 'addressable/uri'
 
 module HMAC
   class URI
+    module QSParser
+      def query_values
+        query.to_s.split(/&/).each_with_object({}) do |pair, hash|
+          key, value = pair.split(/=/, 2).map {|s| Addressable::URI.unescape(s)}
+          hash[key]  = hash.key?(key) ? [hash[key], value].flatten : value
+        end
+      end
+
+      def query_values= hash
+        self.query = flatten_query_values(hash).map {|pair| pair.map {|s| Addressable::URI.escape(s.to_s)}.join('=')}.join('&')
+      end
+
+      def flatten_query_values hash
+        hash.keys.sort.each_with_object([]) do |key, q|
+          [hash[key]].flatten.each do |value|
+            q << [key, value]
+          end
+        end
+      end
+    end # QSParser
+
     def initialize options = {}
       @secret    = options.fetch(:secret)
       @validator = options.fetch(:validator, method(:default_validator))
       @digest    = OpenSSL::Digest::Digest.new('sha1')
     end
 
+    def parse uri
+      Addressable::URI.parse(uri).tap {|u| u.extend(QSParser)}
+    end
+
     def sign uri
-      uri = merge_query(Addressable::URI.parse(timestamp(uri)), nonce: nonce)
+      uri = merge_query(parse(timestamp(uri)), nonce: nonce)
       merge_query(uri, signature: signature(uri))
     end
 
     def signed? uri, options = {}
       delta = options.fetch(:delta, 300).to_i
-      uri   = Addressable::URI.parse(uri)
-      query = uri.query_values || {}
+      uri   = parse(uri)
+      query = uri.query_values
       ts    = query['timestamp'].to_i
       nonce = query['nonce']
       hmac  = query.delete('signature')
@@ -57,7 +82,7 @@ module HMAC
     end
 
     def timestamp uri
-      merge_query(Addressable::URI.parse(uri), timestamp: Time.now.utc.to_i)
+      merge_query(parse(uri), timestamp: Time.now.utc.to_i)
     end
 
     def signature message

data/test/helper.rb

@@ -1,2 +1,3 @@
+require 'bundler/setup'
 require 'minitest/autorun'
 require 'hmac/uri'

data/test/test_hmac_uri.rb

@@ -2,8 +2,8 @@ require 'helper'
 
 describe 'HMAC::URI' do
   OPTIONS       = {secret: 'foobar'}
-  EXAMPLE_URL   = 'http://example.com'
-  SIGNED_URI_RE = %r{http://example.com\?nonce=\d+&signature=.+&timestamp=\d+}
+  EXAMPLE_URL   = 'http://example.com/?foo=1&foo=2'
+  SIGNED_URI_RE = %r{http://example.com/\?foo=1&foo=2&nonce=\d+&signature=.+&timestamp=\d+}
 
   def signed_url
     HMAC::URI.new(OPTIONS).sign(EXAMPLE_URL)
@@ -17,6 +17,10 @@ describe 'HMAC::URI' do
     assert HMAC::URI.new(OPTIONS).signed? signed_url
   end
 
+  it 'should fail on secret mismatch' do
+    assert !HMAC::URI.new(secret: 'foo').signed?(signed_url), 'secret mismatch should fail check'
+  end
+
   it 'should fail on invalid nonce' do
     url = signed_url.to_s.sub %r{nonce=\d+}, 'nonce=123'
     assert !HMAC::URI.new(OPTIONS).signed?(url), 'invalid nonce should fail check'

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: hmac-uri
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.1.1
   prerelease: 
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-09-06 00:00:00.000000000 Z
+date: 2012-11-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: addressable
@@ -68,6 +68,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
   - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
+      segments:
+      - 0
+      hash: -980915294190373519
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements:
@@ -81,4 +84,3 @@ signing_key:
 specification_version: 3
 summary: HMAC signing for urls
 test_files: []
-has_rdoc: