jive-signed_request 0.1.0 → 0.1.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 4624406a4a1f95a499df4133a3393ad5eb168a96
4
- data.tar.gz: 857a6823b6342991caa1db9e18330b1f35bca72a
3
+ metadata.gz: 4043964dc8562a65968f2ea81c868852eff5b9d7
4
+ data.tar.gz: 6d1d4e8f6db9c8183896bfe967c3b2309a8054f7
5
5
  SHA512:
6
- metadata.gz: 71dee81aaa8f5bd0fd2e75e56ee613b8a1ace87178ca65b5676ab337124aed2133e0195737f442202061e86111cba253679faf43cc9f269413ea4db6a9edbe50
7
- data.tar.gz: cbd0d5196bcd2799ad71c68f8188b6178a236c3e9f4f6567be8f1e1095430f61cfe9c83f7e57adf6070da4a815ebfb14ff33f94ec1ab3121ac106eed24d58db1
6
+ metadata.gz: 12333b4db5a76f0fea0389a4106b438459d90d19a7eda5681a3bb1cf98e3476735d2636f8f6f9de5571f37c22cdad9dbbb4d215607b0689f70b81c98859b4e2d
7
+ data.tar.gz: b4a6b375a81e6ff07e7ff77b3a449920d04485dcd4b2e5f6d8c46a7f0469209574413005fe4acf3f6361f2a5af111680d84eae500e1ad8a3e1a405e08d7dcade
@@ -1,4 +1,7 @@
1
1
  language: ruby
2
2
  rvm:
3
- - 2.1.4
4
- before_install: gem install bundler -v 1.10.5
3
+ - 2.1.1
4
+ - 2.0.0
5
+ - 1.9.3
6
+ script:
7
+ - rspec spec
data/README.md CHANGED
@@ -1,13 +1,16 @@
1
+ [![Gem Version](https://badge.fury.io/rb/ruby-jive-signed_request.svg)](http://badge.fury.io/rb/active_record_survey_api)
2
+ [![Build Status](https://travis-ci.org/butchmarshall/ruby-jive-signed_request.svg?branch=master)](https://travis-ci.org/butchmarshall/ruby-jive-signed_request)
3
+
1
4
  # Jive::SignedRequest
2
5
 
3
- Verify that a signed Jive Authorization header is valid
6
+ Library handling authenticating Jive signed headers and add-on registration
4
7
 
5
8
  ## Installation
6
9
 
7
10
  Add this line to your application's Gemfile:
8
11
 
9
12
  ```ruby
10
- gem 'jive-SignedRequest'
13
+ gem 'jive-signed_request'
11
14
  ```
12
15
 
13
16
  And then execute:
@@ -20,7 +23,7 @@ Or install it yourself as:
20
23
 
21
24
  ## Usage
22
25
 
23
- To check if a Authentication header is valid
26
+ To check if an authentication header is valid
24
27
 
25
28
  ```ruby
26
29
  require 'jive/signed_request'
@@ -28,11 +31,38 @@ require 'jive/signed_request'
28
31
  Jive::SignedRequest.authenticate("JiveEXTN algorithm=HmacSHA256&client_id=682a638ba74a4ff5fa6afa344b163e03.i&jive_url=https%3A%2F%2Fsandbox.jiveon.com%3A8443&tenant_id=b22e3911-28ef-480c-ae3b-ca791ba86952&timestamp=1436646990000&signature=GjQpEvBUoqUldgUk5bkUUrfwwUYIOcnh4IvQaDEQ4p8%3D", "8bd2952b851747e8f2c937b340fed6e1.s")
29
32
  ```
30
33
 
31
- To sign
34
+ To create a signature (not really useful except for unit testing)
35
+
36
+ ```ruby
37
+ require 'jive/signed_request'
38
+
39
+ timestamp = Time.now.to_i*1000
40
+ str = "algorithm=HmacSHA256&client_id=682a638ba74a4ff5fa6afa344b163e03.i&jive_url=https%3A%2F%2Fsandbox.jiveon.com%3A8443&tenant_id=b22e3911-28ef-480c-ae3b-ca791ba86952&timestamp=#{timestamp}";
41
+ secret = "8bd2952b851747e8f2c937b340fed6e1.s";
42
+ algorithm = "sha256";
43
+
44
+ Jive::SignedRequest.sign(str, secret, algorithm)
45
+ ```
46
+
47
+ To verify an add-on registration request
48
+
49
+ ```ruby
50
+ require 'jive/signed_request'
51
+
52
+ Jive::SignedRequest.validate_registration({
53
+ clientId: '2zm4rzr9aiuvd4zhhg8kyfep229p2gce.i',
54
+ tenantId: 'b22e3911-28ef-480c-ae3b-ca791ba86952',
55
+ jiveSignatureURL: 'https://market.apps.jivesoftware.com/appsmarket/services/rest/jive/instance/validation/8ce5c231-fab8-46b1-b8b2-fc65deccbb5d',
56
+ clientSecret: 'evaqjrbfyu70jlvnap8fhnj2h5mr4vus.s',
57
+ jiveSignature: '0YqbK1nW+L+j3ppE7PHo3CvM/pNyHIDbNwYYvkKJGXU=',
58
+ jiveUrl: 'https://sandbox.jiveon.com',
59
+ timestamp: '2015-11-20T16:04:55.895+0000',
60
+ })
61
+ ```
32
62
 
33
63
  ## Contributing
34
64
 
35
- Bug reports and pull requests are welcome on GitHub at https://github.com/butchmarshall/jive-SignedRequest.
65
+ Bug reports and pull requests are welcome on GitHub at https://github.com/butchmarshall/ruby-jive-signed_request.
36
66
 
37
67
 
38
68
  ## License
@@ -4,22 +4,22 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
4
  require 'jive/signed_request/version'
5
5
 
6
6
  Gem::Specification.new do |spec|
7
- spec.name = "jive-signed_request"
8
- spec.version = Jive::SignedRequest::VERSION
9
- spec.authors = ["Butch Marshall"]
10
- spec.email = ["butch.a.marshall@gmail.com"]
7
+ spec.name = "jive-signed_request"
8
+ spec.version = Jive::SignedRequest::VERSION
9
+ spec.authors = ["Butch Marshall"]
10
+ spec.email = ["butch.a.marshall@gmail.com"]
11
11
 
12
- spec.summary = %q{Deal with signed requests sent by Jive}
13
- spec.description = %q{A library that deals with signed requests generated by Jive}
14
- spec.homepage = "https://github.com/butchmarshall/ruby-jive-signed_request"
15
- spec.license = "MIT"
12
+ spec.summary = %q{Deal with signed requests sent by Jive}
13
+ spec.description = %q{A library to deal with signed requests generated by Jive}
14
+ spec.homepage = "https://github.com/butchmarshall/ruby-jive-signed_request"
15
+ spec.license = "MIT"
16
16
 
17
- spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
18
- spec.bindir = "exe"
19
- spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
20
- spec.require_paths = ["lib"]
17
+ spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
18
+ spec.bindir = "exe"
19
+ spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
20
+ spec.require_paths = ["lib"]
21
21
 
22
- spec.add_development_dependency "bundler", "~> 1.10"
23
- spec.add_development_dependency "rake", "~> 10.0"
24
- spec.add_development_dependency "rspec"
22
+ spec.add_development_dependency "bundler", "~> 1.10"
23
+ spec.add_development_dependency "rake", "~> 10.0"
24
+ spec.add_development_dependency "rspec"
25
25
  end
@@ -80,5 +80,52 @@ module Jive # :nodoc:
80
80
 
81
81
  self.sign(authorization_header.gsub(/^JiveEXTN\s/,'').gsub(/\&signature[^$]+/,''), client_secret) === paramMap["signature"].first
82
82
  end
83
+
84
+ # Validates an app registration
85
+ #
86
+ # Validates an app registration came from where it claims via jiveSignatureURL
87
+ #
88
+ # * *Args* :
89
+ # - +validationBlock+ -> the request body of the registration
90
+ # - +args+ -> additional arguments
91
+ # * *Returns* :
92
+ # - boolean
93
+ #
94
+ def validate_registration(validationBlock, *args)
95
+ options = ((args.last.is_a?(Hash)) ? args.pop : {})
96
+
97
+ require "open-uri"
98
+ require "net/http"
99
+ require "openssl"
100
+
101
+ jive_signature_url = validationBlock[:jiveSignatureURL]
102
+ jive_signature = validationBlock[:jiveSignature]
103
+
104
+ validationBlock.delete(:jiveSignature)
105
+
106
+ if !validationBlock[:clientSecret].nil?
107
+ validationBlock[:clientSecret] = Digest::SHA256.hexdigest(validationBlock[:clientSecret])
108
+ end
109
+
110
+ uri = URI.parse(jive_signature_url)
111
+ http = Net::HTTP.new(uri.host, uri.port)
112
+ http.use_ssl = true
113
+ http.verify_mode = OpenSSL::SSL::VERIFY_NONE if http.use_ssl? && !options[:verify_ssl]
114
+
115
+ buffer = ''
116
+ validationBlock.sort.to_h.each_pair { |k,v|
117
+ buffer = "#{buffer}#{k}:#{v}\n"
118
+ }
119
+
120
+ request = Net::HTTP::Post.new(uri.request_uri)
121
+ request.body = buffer
122
+
123
+ request["X-Jive-MAC"] = jive_signature
124
+ request["Content-Type"] = "application/json"
125
+
126
+ response = http.request(request)
127
+
128
+ (response.code.to_i === 204)
129
+ end
83
130
  end
84
131
  end
@@ -1,5 +1,5 @@
1
1
  module Jive
2
2
  module SignedRequest
3
- VERSION = "0.1.0"
3
+ VERSION = "0.1.1"
4
4
  end
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: jive-signed_request
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 0.1.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Butch Marshall
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2015-07-18 00:00:00.000000000 Z
11
+ date: 2015-11-21 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -52,7 +52,7 @@ dependencies:
52
52
  - - ">="
53
53
  - !ruby/object:Gem::Version
54
54
  version: '0'
55
- description: A library that deals with signed requests generated by Jive
55
+ description: A library to deal with signed requests generated by Jive
56
56
  email:
57
57
  - butch.a.marshall@gmail.com
58
58
  executables: []