http_signatures 1.0.0 → 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/lib/http_signatures/verification.rb +9 -1
  3. data/lib/http_signatures/version.rb +1 -1
  4. data/spec/verifier_spec.rb +5 -0
  5. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: ce6a985c77d642db8bc930637ae221f1bb4bba83
4
- data.tar.gz: a480d1533927ad95a31835854abb9b74b83fe07b
3
+ metadata.gz: c5c7339b04086bd5daa91dc6b18f3b81533f968b
4
+ data.tar.gz: 7795f49a0a2163902cb11b9d4a6c3c96cd445f82
5
5
  SHA512:
6
- metadata.gz: b277237049594fce36da6a65d4a2cda19360d7b12f80f90c86f1fb91beeaf270a973eba39dfddc4bf48babf542ccc5ae680083b32e97e204b8e4817bf2a161e0
7
- data.tar.gz: 959328089a8ca344d30e6219555b0f4e918b4ef56290dd80354034dc707adaf7375a10fc58e1619d5a1f696ccdb536a278f5ab1130c83f05f3f2e302de4c8001
6
+ metadata.gz: 1643e2f919c5da1fe6f80ed9eef7e6ebfd4443474228c9c92c6f7dcdb6c986232670d6aed3c251196012e8a50d2e84ab3d57d3a1674bfd7d5754e0167f0f913b
7
+ data.tar.gz: 6f710a1ae21aed1b2fea9e303541116305b0dc57c565f24c233c9364f0e74c8c0bf01a7c41350b006847877c8b665a513c0a13af7c4c8f054e20a628e36ac30d
data/lib/http_signatures/verification.rb CHANGED
@@ -7,11 +7,19 @@ module HttpSignatures
7
7
  end
8
8
 
9
9
  def valid?
10
- expected_signature_base64 == provided_signature_base64
10
+ signature_header_present? && signature_matches?
11
11
  end
12
12
 
13
13
  private
14
14
 
15
+ def signature_header_present?
16
+ @message.key?("Signature")
17
+ end
18
+
19
+ def signature_matches?
20
+ expected_signature_base64 == provided_signature_base64
21
+ end
22
+
15
23
  def expected_signature_base64
16
24
  Base64.strict_encode64(expected_signature_raw)
17
25
  end
data/lib/http_signatures/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module HttpSignatures
2
- VERSION = "1.0.0"
2
+ VERSION = "1.0.1"
3
3
  end
data/spec/verifier_spec.rb CHANGED
@@ -24,6 +24,11 @@ RSpec.describe HttpSignatures::Verifier do
24
24
  expect(verifier.valid?(message)).to eq(true)
25
25
  end
26
26
 
27
+ it "rejects message with missing headers" do
28
+ headers.clear
29
+ expect(verifier.valid?(message)).to eq(false)
30
+ end
31
+
27
32
  it "rejects message with tampered path" do
28
33
  message.path << "x"
29
34
  expect(verifier.valid?(message)).to eq(false)
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: http_signatures
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.0
4
+ version: 1.0.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Paul Annesley
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2014-08-05 00:00:00.000000000 Z
11
+ date: 2014-09-24 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler