hsign 0.0.1

Sign up to get free protection for your applications and to get access to all the features.
@@ -0,0 +1,17 @@
1
+ *.gem
2
+ *.rbc
3
+ .bundle
4
+ .config
5
+ .yardoc
6
+ Gemfile.lock
7
+ InstalledFiles
8
+ _yardoc
9
+ coverage
10
+ doc/
11
+ lib/bundler/man
12
+ pkg
13
+ rdoc
14
+ spec/reports
15
+ test/tmp
16
+ test/version_tmp
17
+ tmp
data/Gemfile ADDED
@@ -0,0 +1,4 @@
1
+ source 'https://rubygems.org'
2
+
3
+ # Specify your gem's dependencies in web_hmac.gemspec
4
+ gemspec
@@ -0,0 +1 @@
1
+ This is a property of Helios Technologies Ltd.
@@ -0,0 +1,50 @@
1
+ # Digiweb
2
+
3
+ This gem aims at signing for cross-application request
4
+
5
+ ## Installation
6
+
7
+ Add this line to your application's Gemfile:
8
+
9
+ gem 'hsign'
10
+
11
+ And then execute:
12
+
13
+ $ bundle
14
+
15
+ Or install it yourself as:
16
+
17
+ $ gem install hsign
18
+
19
+ ## Usage
20
+
21
+ For Web application use, a good salt is the IP of the browser
22
+
23
+ *Never pass the API SECRET in the request*
24
+
25
+ In consumer (client side) controller
26
+
27
+ credentials = {'email' => 'user@example.com', 'password' => '123456', 'client_id' => "sha1apikey", 'response_type' => 'code', 'redirect_uri' => settings[:redirect_uri]}
28
+
29
+ @hsign = HSign::Digest.new("api_secret", request.ip)
30
+ @hsign.sign credentials
31
+
32
+ In your view
33
+
34
+ <%= form_tag "http://otherserver.com/api/example" do %>
35
+ <% @hsign.each_param do |field, value| %>
36
+ <%= hidden_field_tag field, value %>
37
+ <% end %>
38
+ <%= submit_tag "Submit" %>
39
+ <% end %>
40
+
41
+
42
+ Verification (server side)
43
+
44
+ client = Idnet::Core:Client.find params[:client_id]
45
+ secret = client.secret
46
+ @hsign = HSign::Digest.new(secret, request.ip)
47
+ if @hsign.verify? request.params
48
+ account = Idnet::Core::Account.create email: params[:email], password: params[:password]
49
+ account.confirm!
50
+ end
@@ -0,0 +1,7 @@
1
+ require "bundler/gem_tasks"
2
+ require 'rake/testtask'
3
+ Rake::TestTask.new do |t|
4
+ t.libs << "test"
5
+ t.test_files = FileList['test/*_test.rb']
6
+ t.verbose = true
7
+ end
@@ -0,0 +1,22 @@
1
+ # -*- encoding: utf-8 -*-
2
+ lib = File.expand_path('../lib', __FILE__)
3
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
+ require 'hsign/version'
5
+
6
+ Gem::Specification.new do |gem|
7
+ gem.name = "hsign"
8
+ gem.version = HSign::VERSION
9
+ gem.authors = ["Helios Technologies Ltd."]
10
+ gem.email = ["hery@heliostech.hk"]
11
+ gem.description = %q{Web Digital Signature}
12
+ gem.summary = %q{Web Digital Signature}
13
+ gem.homepage = ""
14
+
15
+ gem.files = `git ls-files`.split($/)
16
+ gem.executables = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
17
+ gem.test_files = gem.files.grep(%r{^(test|spec|features)/})
18
+ gem.add_dependency "rack"
19
+ gem.add_development_dependency "test-unit"
20
+ gem.add_development_dependency "rake"
21
+ gem.require_paths = ["lib"]
22
+ end
@@ -0,0 +1,5 @@
1
+ require "hsign/version"
2
+
3
+ module HSign
4
+ # Your code goes here...
5
+ end
@@ -0,0 +1,40 @@
1
+ require 'openssl'
2
+ require 'rack/utils'
3
+ module HSign
4
+ class Digest
5
+ attr_accessor :hmac_key
6
+ attr_reader :params
7
+
8
+ def initialize(secret, salt = nil)
9
+ @digest = OpenSSL::Digest::Digest.new('sha1')
10
+ @hmac_key = '_hmac'
11
+ @secret = secret
12
+ @salt = salt
13
+ end
14
+
15
+ def sign(request_params)
16
+ hmac = OpenSSL::HMAC.new @secret, @digest
17
+ hmac << @salt if @salt
18
+ # Normalize all params
19
+ @params = Rack::Utils.parse_query(Rack::Utils.build_nested_query(request_params.dup))
20
+ @params.delete(hmac_key)
21
+
22
+ @params.to_a.sort_by{|k,v| k.to_s}.each do |k,v|
23
+ hmac << "#{k}=#{v}"
24
+ end
25
+
26
+ @params[hmac_key] = hmac.hexdigest
27
+ end
28
+
29
+ def verify?(params)
30
+ expected = params.delete(hmac_key)
31
+ expected == sign(params)
32
+ end
33
+
34
+ def each_param &block
35
+ return false unless @params
36
+ @params.each(&block)
37
+ end
38
+
39
+ end
40
+ end
@@ -0,0 +1,3 @@
1
+ module HSign
2
+ VERSION = "0.0.1"
3
+ end
@@ -0,0 +1,59 @@
1
+ require 'test_helper'
2
+ require 'hsign/digest'
3
+
4
+ class DigestTest < Test::Unit::TestCase
5
+
6
+ def setup
7
+ @ip = "127.0.0.1"
8
+ @params = {'key1' => 'value1', 'key2' => 'value2'}
9
+ @hsign = HSign::Digest.new("secret", @ip)
10
+ end
11
+
12
+ test "changing ip" do
13
+ sig = @hsign.sign(@params)
14
+ other_hsign = HSign::Digest.new("secret", "127.0.1.1")
15
+ sig1 = other_hsign.sign(@params)
16
+ assert_not_equal sig, sig1
17
+ end
18
+
19
+ test "changing parameter" do
20
+ params = @params.dup
21
+ params['key1'] = 'different'
22
+ sig = @hsign.sign(@params)
23
+ sig1 = @hsign.sign(params)
24
+ assert_not_equal sig, sig1
25
+ end
26
+
27
+ test "changing secret" do
28
+ other_hsign = HSign::Digest.new("anothersecret", @ip)
29
+ sig = @hsign.sign(@params)
30
+ sig1 = other_hsign.sign(@params)
31
+ assert_not_equal sig, sig1
32
+ end
33
+
34
+ test "verify signature" do
35
+ sig = @hsign.sign(@params)
36
+ other_hsign = HSign::Digest.new("secret", @ip)
37
+
38
+ assert_nil @params[@hsign.hmac_key]
39
+ params = @params.dup
40
+ params[@hsign.hmac_key] = sig
41
+ assert other_hsign.verify?(params)
42
+
43
+ # let test another hmac
44
+ other_hsign = HSign::Digest.new("secret", @ip)
45
+ p = params.dup
46
+ params[@hsign.hmac_key] = sig + "altered"
47
+ assert !other_hsign.verify?(p)
48
+ end
49
+
50
+ test "nested parameters" do
51
+ params = {prefill: {key1: 'hello', key2: 'world'}}
52
+ equivalent_params = {'prefill[key1]' => 'hello', 'prefill[key2]' => 'world'}
53
+ assert_equal @hsign.sign(params), @hsign.sign(equivalent_params)
54
+
55
+ params = {prefill: {ns: {name: 'hello'}, key2: 'world'}, terra: 'incognita'}
56
+ equivalent_params = {'prefill[ns][name]' => 'hello', 'prefill[key2]' => 'world', 'terra' => 'incognita'}
57
+ assert_equal @hsign.sign(params), @hsign.sign(equivalent_params)
58
+ end
59
+ end
@@ -0,0 +1,4 @@
1
+ require 'bundler'
2
+ Bundler.require
3
+ require 'test/unit'
4
+ $:.unshift '../lib'
metadata ADDED
@@ -0,0 +1,91 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: hsign
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.0.1
5
+ prerelease:
6
+ platform: ruby
7
+ authors:
8
+ - Helios Technologies Ltd.
9
+ autorequire:
10
+ bindir: bin
11
+ cert_chain: []
12
+ date: 2012-11-19 00:00:00.000000000 Z
13
+ dependencies:
14
+ - !ruby/object:Gem::Dependency
15
+ name: rack
16
+ requirement: &16653640 !ruby/object:Gem::Requirement
17
+ none: false
18
+ requirements:
19
+ - - ! '>='
20
+ - !ruby/object:Gem::Version
21
+ version: '0'
22
+ type: :runtime
23
+ prerelease: false
24
+ version_requirements: *16653640
25
+ - !ruby/object:Gem::Dependency
26
+ name: test-unit
27
+ requirement: &16653220 !ruby/object:Gem::Requirement
28
+ none: false
29
+ requirements:
30
+ - - ! '>='
31
+ - !ruby/object:Gem::Version
32
+ version: '0'
33
+ type: :development
34
+ prerelease: false
35
+ version_requirements: *16653220
36
+ - !ruby/object:Gem::Dependency
37
+ name: rake
38
+ requirement: &16652800 !ruby/object:Gem::Requirement
39
+ none: false
40
+ requirements:
41
+ - - ! '>='
42
+ - !ruby/object:Gem::Version
43
+ version: '0'
44
+ type: :development
45
+ prerelease: false
46
+ version_requirements: *16652800
47
+ description: Web Digital Signature
48
+ email:
49
+ - hery@heliostech.hk
50
+ executables: []
51
+ extensions: []
52
+ extra_rdoc_files: []
53
+ files:
54
+ - .gitignore
55
+ - Gemfile
56
+ - LICENSE.txt
57
+ - README.md
58
+ - Rakefile
59
+ - hsign.gemspec
60
+ - lib/hsign.rb
61
+ - lib/hsign/digest.rb
62
+ - lib/hsign/version.rb
63
+ - test/digest_test.rb
64
+ - test/test_helper.rb
65
+ homepage: ''
66
+ licenses: []
67
+ post_install_message:
68
+ rdoc_options: []
69
+ require_paths:
70
+ - lib
71
+ required_ruby_version: !ruby/object:Gem::Requirement
72
+ none: false
73
+ requirements:
74
+ - - ! '>='
75
+ - !ruby/object:Gem::Version
76
+ version: '0'
77
+ required_rubygems_version: !ruby/object:Gem::Requirement
78
+ none: false
79
+ requirements:
80
+ - - ! '>='
81
+ - !ruby/object:Gem::Version
82
+ version: '0'
83
+ requirements: []
84
+ rubyforge_project:
85
+ rubygems_version: 1.8.11
86
+ signing_key:
87
+ specification_version: 3
88
+ summary: Web Digital Signature
89
+ test_files:
90
+ - test/digest_test.rb
91
+ - test/test_helper.rb