RubyGems - http_signatures - Versions diffs - 1.0.3 → 1.0.4 - Mend

http_signatures 1.0.3 → 1.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

checksums.yaml +4 -4
data/lib/http_signatures/verification.rb +2 -0
data/lib/http_signatures/version.rb +1 -1
data/spec/verifier_spec.rb +5 -0
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 211c7a8d8e656760821b3384e63f7a62e4a9428b
-  data.tar.gz: a5537660d48d818fa9ccc0195659465614c86a54
+  metadata.gz: 7d1755e9596abb9f3ad24afa289d497d069981da
+  data.tar.gz: 4bb1f3a5312fc083a8b406848b84612f4c98bc7c
 SHA512:
-  metadata.gz: 22870cdc6c4fc10382354830bfec839f6d690831ad7aa58ebb4bcd75f4456f40dd97c9428b4f76872915e1df7d534184d9cf55feb77500b5408ad9a0de834262
-  data.tar.gz: ee2da91a61217b48d98e568733ef85038ecdebe1fe7ab7f2182afdea14aa411b4b9841ae8ee0d1b029761ab365fea29dc41c4d54743b6e148413365a10794985
+  metadata.gz: 115cdc1a07cd5382db15acd27d780d73dc8bd02c01ea5a42b6ab39eb5841513bb7eef4b7b05e0dd57716503892ed98bacdc82560b4bd36cd0702930bd13b2b24
+  data.tar.gz: d9981768b583e5b92a97ff01f0cf94117be0b0fd8f2c02e7f7ad57761bebbece07df9cf0e6ef55ad9c3422da21b99db517b02b9f6d5368de8f762ee067331bb7

data/lib/http_signatures/verification.rb CHANGED Viewed

@@ -18,6 +18,8 @@ module HttpSignatures
     def signature_matches?
       expected_signature_base64 == provided_signature_base64
+    rescue SignatureParametersParser::Error
+      false
     end
     def expected_signature_base64

data/lib/http_signatures/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module HttpSignatures
-  VERSION = "1.0.3"
+  VERSION = "1.0.4"
 end

data/spec/verifier_spec.rb CHANGED Viewed

@@ -44,4 +44,9 @@ RSpec.describe HttpSignatures::Verifier do
     expect(verifier.valid?(message)).to eq(false)
   end
+  it "rejects message with malformed signature" do
+    message["Signature"] = "foo=bar,baz=bla,yadda=yadda"
+    expect(verifier.valid?(message)).to eq(false)
+  end
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: http_signatures
 version: !ruby/object:Gem::Version
-  version: 1.0.3
+  version: 1.0.4
 platform: ruby
 authors:
 - Paul Annesley
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2015-03-08 00:00:00.000000000 Z
+date: 2015-03-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler