jive-signed_request 0.1.0 → 0.1.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 4624406a4a1f95a499df4133a3393ad5eb168a96
-  data.tar.gz: 857a6823b6342991caa1db9e18330b1f35bca72a
+  metadata.gz: 4043964dc8562a65968f2ea81c868852eff5b9d7
+  data.tar.gz: 6d1d4e8f6db9c8183896bfe967c3b2309a8054f7
 SHA512:
-  metadata.gz: 71dee81aaa8f5bd0fd2e75e56ee613b8a1ace87178ca65b5676ab337124aed2133e0195737f442202061e86111cba253679faf43cc9f269413ea4db6a9edbe50
-  data.tar.gz: cbd0d5196bcd2799ad71c68f8188b6178a236c3e9f4f6567be8f1e1095430f61cfe9c83f7e57adf6070da4a815ebfb14ff33f94ec1ab3121ac106eed24d58db1
+  metadata.gz: 12333b4db5a76f0fea0389a4106b438459d90d19a7eda5681a3bb1cf98e3476735d2636f8f6f9de5571f37c22cdad9dbbb4d215607b0689f70b81c98859b4e2d
+  data.tar.gz: b4a6b375a81e6ff07e7ff77b3a449920d04485dcd4b2e5f6d8c46a7f0469209574413005fe4acf3f6361f2a5af111680d84eae500e1ad8a3e1a405e08d7dcade

data/.travis.yml

@@ -1,4 +1,7 @@
 language: ruby
 rvm:
-  - 2.1.4
-before_install: gem install bundler -v 1.10.5
+  - 2.1.1
+  - 2.0.0
+  - 1.9.3
+script:
+  - rspec spec

data/README.md

@@ -1,13 +1,16 @@
+[![Gem Version](https://badge.fury.io/rb/ruby-jive-signed_request.svg)](http://badge.fury.io/rb/active_record_survey_api)
+[![Build Status](https://travis-ci.org/butchmarshall/ruby-jive-signed_request.svg?branch=master)](https://travis-ci.org/butchmarshall/ruby-jive-signed_request)
+
 # Jive::SignedRequest
 
-Verify that a signed Jive Authorization header is valid
+Library handling authenticating Jive signed headers and add-on registration
 
 ## Installation
 
 Add this line to your application's Gemfile:
 
 ```ruby
-gem 'jive-SignedRequest'
+gem 'jive-signed_request'
 ```
 
 And then execute:
@@ -20,7 +23,7 @@ Or install it yourself as:
 
 ## Usage
 
-To check if a Authentication header is valid
+To check if an authentication header is valid
 
 ```ruby
 require 'jive/signed_request'
@@ -28,11 +31,38 @@ require 'jive/signed_request'
 Jive::SignedRequest.authenticate("JiveEXTN algorithm=HmacSHA256&client_id=682a638ba74a4ff5fa6afa344b163e03.i&jive_url=https%3A%2F%2Fsandbox.jiveon.com%3A8443&tenant_id=b22e3911-28ef-480c-ae3b-ca791ba86952&timestamp=1436646990000&signature=GjQpEvBUoqUldgUk5bkUUrfwwUYIOcnh4IvQaDEQ4p8%3D", "8bd2952b851747e8f2c937b340fed6e1.s")
 ```
 
-To sign 
+To create a signature (not really useful except for unit testing)
+
+```ruby
+require 'jive/signed_request'
+
+timestamp = Time.now.to_i*1000
+str = "algorithm=HmacSHA256&client_id=682a638ba74a4ff5fa6afa344b163e03.i&jive_url=https%3A%2F%2Fsandbox.jiveon.com%3A8443&tenant_id=b22e3911-28ef-480c-ae3b-ca791ba86952&timestamp=#{timestamp}";
+secret = "8bd2952b851747e8f2c937b340fed6e1.s";
+algorithm = "sha256";
+
+Jive::SignedRequest.sign(str, secret, algorithm)
+```
+
+To verify an add-on registration request
+
+```ruby
+require 'jive/signed_request'
+
+Jive::SignedRequest.validate_registration({
+	clientId: '2zm4rzr9aiuvd4zhhg8kyfep229p2gce.i',
+	tenantId: 'b22e3911-28ef-480c-ae3b-ca791ba86952',
+	jiveSignatureURL: 'https://market.apps.jivesoftware.com/appsmarket/services/rest/jive/instance/validation/8ce5c231-fab8-46b1-b8b2-fc65deccbb5d',
+	clientSecret: 'evaqjrbfyu70jlvnap8fhnj2h5mr4vus.s',
+	jiveSignature: '0YqbK1nW+L+j3ppE7PHo3CvM/pNyHIDbNwYYvkKJGXU=',
+	jiveUrl: 'https://sandbox.jiveon.com',
+	timestamp: '2015-11-20T16:04:55.895+0000',
+})
+```
 
 ## Contributing
 
-Bug reports and pull requests are welcome on GitHub at https://github.com/butchmarshall/jive-SignedRequest.
+Bug reports and pull requests are welcome on GitHub at https://github.com/butchmarshall/ruby-jive-signed_request.
 
 
 ## License

data/jive-signed_request.gemspec

@@ -4,22 +4,22 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 require 'jive/signed_request/version'
 
 Gem::Specification.new do |spec|
-  spec.name          = "jive-signed_request"
-  spec.version       = Jive::SignedRequest::VERSION
-  spec.authors       = ["Butch Marshall"]
-  spec.email         = ["butch.a.marshall@gmail.com"]
+	spec.name          = "jive-signed_request"
+	spec.version       = Jive::SignedRequest::VERSION
+	spec.authors       = ["Butch Marshall"]
+	spec.email         = ["butch.a.marshall@gmail.com"]
 
-  spec.summary       = %q{Deal with signed requests sent by Jive}
-  spec.description   = %q{A library that deals with signed requests generated by Jive}
-  spec.homepage      = "https://github.com/butchmarshall/ruby-jive-signed_request"
-  spec.license       = "MIT"
+	spec.summary       = %q{Deal with signed requests sent by Jive}
+	spec.description   = %q{A library to deal with signed requests generated by Jive}
+	spec.homepage      = "https://github.com/butchmarshall/ruby-jive-signed_request"
+	spec.license       = "MIT"
 
-  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
-  spec.bindir        = "exe"
-  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
-  spec.require_paths = ["lib"]
+	spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+	spec.bindir        = "exe"
+	spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+	spec.require_paths = ["lib"]
 
-  spec.add_development_dependency "bundler", "~> 1.10"
-  spec.add_development_dependency "rake", "~> 10.0"
-  spec.add_development_dependency "rspec"
+	spec.add_development_dependency "bundler", "~> 1.10"
+	spec.add_development_dependency "rake", "~> 10.0"
+	spec.add_development_dependency "rspec"
 end

data/lib/jive/signed_request.rb

@@ -80,5 +80,52 @@ module Jive # :nodoc:
 
 			self.sign(authorization_header.gsub(/^JiveEXTN\s/,'').gsub(/\&signature[^$]+/,''), client_secret) === paramMap["signature"].first
 		end
+		
+		# Validates an app registration
+		#
+		# Validates an app registration came from where it claims via jiveSignatureURL
+		#
+		# * *Args*    :
+		#   - +validationBlock+ -> the request body of the registration
+		#   - +args+ -> additional arguments
+		# * *Returns* :
+		#   - boolean
+		#
+		def validate_registration(validationBlock, *args)
+			options = ((args.last.is_a?(Hash)) ? args.pop : {})
+
+			require "open-uri"
+			require "net/http"
+			require "openssl"
+
+			jive_signature_url = validationBlock[:jiveSignatureURL]
+			jive_signature = validationBlock[:jiveSignature]
+
+			validationBlock.delete(:jiveSignature)
+
+			if !validationBlock[:clientSecret].nil?
+				validationBlock[:clientSecret] = Digest::SHA256.hexdigest(validationBlock[:clientSecret])
+			end
+
+			uri = URI.parse(jive_signature_url)
+			http = Net::HTTP.new(uri.host, uri.port)
+			http.use_ssl = true
+			http.verify_mode = OpenSSL::SSL::VERIFY_NONE if http.use_ssl? && !options[:verify_ssl]
+
+			buffer = ''
+			validationBlock.sort.to_h.each_pair { |k,v|
+				buffer = "#{buffer}#{k}:#{v}\n"
+			}
+
+			request = Net::HTTP::Post.new(uri.request_uri)
+			request.body = buffer
+
+			request["X-Jive-MAC"] = jive_signature
+			request["Content-Type"] = "application/json"
+
+			response = http.request(request)
+
+			(response.code.to_i === 204)
+		end
  	end
 end

data/lib/jive/signed_request/version.rb

@@ -1,5 +1,5 @@
 module Jive
   module SignedRequest
-    VERSION = "0.1.0"
+    VERSION = "0.1.1"
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: jive-signed_request
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.1.1
 platform: ruby
 authors:
 - Butch Marshall
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2015-07-18 00:00:00.000000000 Z
+date: 2015-11-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -52,7 +52,7 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-description: A library that deals with signed requests generated by Jive
+description: A library to deal with signed requests generated by Jive
 email:
 - butch.a.marshall@gmail.com
 executables: []