jmoses_api-auth 1.0.4

data/spec/api_auth_spec.rb

@@ -0,0 +1,407 @@
+require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
+
+describe "ApiAuth" do
+
+  describe "generating secret keys" do
+
+    it "should generate secret keys" do
+      ApiAuth.generate_secret_key
+    end
+
+    it "should generate secret keys that are 88 characters" do
+      ApiAuth.generate_secret_key.size.should be(88)
+    end
+
+    it "should generate keys that have a Hamming Distance of at least 65" do
+      key1 = ApiAuth.generate_secret_key
+      key2 = ApiAuth.generate_secret_key
+      Amatch::Hamming.new(key1).match(key2).should be > 65
+    end
+
+  end
+
+  describe "signing requests" do
+
+    def hmac(secret_key, request)
+      canonical_string = ApiAuth::Headers.new(request).canonical_string
+      digest = OpenSSL::Digest::Digest.new('sha1')
+      ApiAuth.b64_encode(OpenSSL::HMAC.digest(digest, secret_key, canonical_string))
+    end
+
+    before(:all) do
+      @access_id = "1044"
+      @secret_key = ApiAuth.generate_secret_key
+    end
+
+    describe "with Net::HTTP" do
+
+      before(:each) do
+        @request = Net::HTTP::Put.new("/resource.xml?foo=bar&bar=foo", 
+          'content-type' => 'text/plain', 
+          'content-md5' => '1B2M2Y8AsgTpgAmY7PhCfg==',
+          'date' => Time.now.utc.httpdate)
+        @signed_request = ApiAuth.sign!(@request, @access_id, @secret_key)
+      end
+
+      it "should return a Net::HTTP object after signing it" do
+        ApiAuth.sign!(@request, @access_id, @secret_key).class.to_s.should match("Net::HTTP")
+      end
+
+      describe "md5 header" do
+        context "not already provided" do
+          it "should calculate for empty string" do
+            request = Net::HTTP::Put.new("/resource.xml?foo=bar&bar=foo",
+              'content-type' => 'text/plain',
+              'date' => "Mon, 23 Jan 1984 03:29:56 GMT")
+            signed_request = ApiAuth.sign!(request, @access_id, @secret_key)
+            signed_request['Content-MD5'].should == Digest::MD5.base64digest('')
+          end
+
+          it "should calculate for real content" do
+            request = Net::HTTP::Put.new("/resource.xml?foo=bar&bar=foo",
+              'content-type' => 'text/plain',
+              'date' => "Mon, 23 Jan 1984 03:29:56 GMT")
+            request.body = "hello\nworld"
+            signed_request = ApiAuth.sign!(request, @access_id, @secret_key)
+            signed_request['Content-MD5'].should == Digest::MD5.base64digest("hello\nworld")
+          end
+        end
+
+        it "should leave the content-md5 alone if provided" do
+          @signed_request['Content-MD5'].should == '1B2M2Y8AsgTpgAmY7PhCfg=='
+        end
+      end
+
+      it "should sign the request" do
+        @signed_request['Authorization'].should == "APIAuth 1044:#{hmac(@secret_key, @request)}"
+      end
+
+      it "should authenticate a valid request" do
+        ApiAuth.authentic?(@signed_request, @secret_key).should be_true
+      end
+
+      it "should NOT authenticate a non-valid request" do
+        ApiAuth.authentic?(@signed_request, @secret_key+'j').should be_false
+      end
+
+      it "should NOT authenticate a mismatched content-md5 when body has changed" do
+        request = Net::HTTP::Put.new("/resource.xml?foo=bar&bar=foo",
+          'content-type' => 'text/plain',
+          'date' => "Mon, 23 Jan 1984 03:29:56 GMT")
+        request.body = "hello\nworld"
+        signed_request = ApiAuth.sign!(request, @access_id, @secret_key)
+        signed_request.body = "goodbye"
+        ApiAuth.authentic?(signed_request, @secret_key).should be_false
+      end
+
+      it "should NOT authenticate an expired request" do
+        @request['Date'] = 16.minutes.ago.utc.httpdate
+        signed_request = ApiAuth.sign!(@request, @access_id, @secret_key)
+        ApiAuth.authentic?(signed_request, @secret_key).should be_false
+      end
+      
+      it "should retrieve the access_id" do
+        ApiAuth.access_id(@signed_request).should == "1044"
+      end
+
+    end
+
+    describe "with RestClient" do
+
+      before(:each) do
+        headers = { 'Content-MD5' => "1B2M2Y8AsgTpgAmY7PhCfg==",
+                    'Content-Type' => "text/plain",
+                    'Date' => Time.now.utc.httpdate }
+        @request = RestClient::Request.new(:url => "/resource.xml?foo=bar&bar=foo", 
+          :headers => headers,
+          :method => :put)
+        @signed_request = ApiAuth.sign!(@request, @access_id, @secret_key)
+      end
+
+      it "should return a RestClient object after signing it" do
+        ApiAuth.sign!(@request, @access_id, @secret_key).class.to_s.should match("RestClient")
+      end
+
+      describe "md5 header" do
+        context "not already provided" do
+          it "should calculate for empty string" do
+            headers = { 'Content-Type' => "text/plain",
+                        'Date' => "Mon, 23 Jan 1984 03:29:56 GMT" }
+            request = RestClient::Request.new(:url => "/resource.xml?foo=bar&bar=foo",
+              :headers => headers,
+              :method => :put)
+            signed_request = ApiAuth.sign!(request, @access_id, @secret_key)
+            signed_request.headers['Content-MD5'].should == Digest::MD5.base64digest('')
+          end
+
+          it "should calculate for real content" do
+            headers = { 'Content-Type' => "text/plain",
+                        'Date' => "Mon, 23 Jan 1984 03:29:56 GMT" }
+            request = RestClient::Request.new(:url => "/resource.xml?foo=bar&bar=foo",
+              :headers => headers,
+              :method => :put,
+              :payload => "hellow\nworld")
+            signed_request = ApiAuth.sign!(request, @access_id, @secret_key)
+            signed_request.headers['Content-MD5'].should == Digest::MD5.base64digest("hellow\nworld")
+          end
+        end
+
+        it "should leave the content-md5 alone if provided" do
+          @signed_request.headers['Content-MD5'].should == "1B2M2Y8AsgTpgAmY7PhCfg=="
+        end
+      end
+
+      it "should sign the request" do
+        @signed_request.headers['Authorization'].should == "APIAuth 1044:#{hmac(@secret_key, @request)}"
+      end
+
+      it "should authenticate a valid request" do
+        ApiAuth.authentic?(@signed_request, @secret_key).should be_true
+      end
+
+      it "should NOT authenticate a non-valid request" do
+        ApiAuth.authentic?(@signed_request, @secret_key+'j').should be_false
+      end
+
+      it "should NOT authenticate a mismatched content-md5 when body has changed" do
+        headers = { 'Content-Type' => "text/plain",
+                    'Date' => "Mon, 23 Jan 1984 03:29:56 GMT" }
+        request = RestClient::Request.new(:url => "/resource.xml?foo=bar&bar=foo",
+          :headers => headers,
+          :method => :put,
+          :payload => "hello\nworld")
+        signed_request = ApiAuth.sign!(request, @access_id, @secret_key)
+        signed_request.instance_variable_set("@payload", RestClient::Payload.generate('goodbye'))
+        ApiAuth.authentic?(signed_request, @secret_key).should be_false
+      end
+
+      it "should NOT authenticate an expired request" do
+        @request.headers['Date'] = 16.minutes.ago.utc.httpdate
+        signed_request = ApiAuth.sign!(@request, @access_id, @secret_key)
+        ApiAuth.authentic?(signed_request, @secret_key).should be_false
+      end
+      
+      it "should retrieve the access_id" do
+        ApiAuth.access_id(@signed_request).should == "1044"
+      end
+
+    end
+
+    describe "with Curb" do
+
+      before(:each) do
+        headers = { 'Content-MD5' => "e59ff97941044f85df5297e1c302d260",
+                    'Content-Type' => "text/plain",
+                    'Date' => Time.now.utc.httpdate }
+        @request = Curl::Easy.new("/resource.xml?foo=bar&bar=foo") do |curl|
+          curl.headers = headers
+        end
+        @signed_request = ApiAuth.sign!(@request, @access_id, @secret_key)
+      end
+
+      it "should return a Curl::Easy object after signing it" do
+        ApiAuth.sign!(@request, @access_id, @secret_key).class.to_s.should match("Curl::Easy")
+      end
+
+      describe "md5 header" do
+        it "should not calculate and add the content-md5 header if not provided" do
+          headers = { 'Content-Type' => "text/plain",
+                      'Date' => "Mon, 23 Jan 1984 03:29:56 GMT" }
+          request = Curl::Easy.new("/resource.xml?foo=bar&bar=foo") do |curl|
+            curl.headers = headers
+          end
+          signed_request = ApiAuth.sign!(request, @access_id, @secret_key)
+          signed_request.headers['Content-MD5'].should == nil
+        end
+
+        it "should leave the content-md5 alone if provided" do
+          @signed_request.headers['Content-MD5'].should == "e59ff97941044f85df5297e1c302d260"
+        end
+      end
+
+      it "should sign the request" do
+        @signed_request.headers['Authorization'].should == "APIAuth 1044:#{hmac(@secret_key, @request)}"
+      end
+
+      it "should authenticate a valid request" do
+        ApiAuth.authentic?(@signed_request, @secret_key).should be_true
+      end
+
+      it "should NOT authenticate a non-valid request" do
+        ApiAuth.authentic?(@signed_request, @secret_key+'j').should be_false
+      end
+
+      it "should NOT authenticate an expired request" do
+        @request.headers['Date'] = 16.minutes.ago.utc.httpdate
+        signed_request = ApiAuth.sign!(@request, @access_id, @secret_key)
+        ApiAuth.authentic?(signed_request, @secret_key).should be_false
+      end
+      
+      it "should retrieve the access_id" do
+        ApiAuth.access_id(@signed_request).should == "1044"
+      end
+
+    end
+
+    describe "with ActionController" do
+
+      before(:each) do
+        @request = ActionController::Request.new(
+          'PATH_INFO' => '/resource.xml',
+          'QUERY_STRING' => 'foo=bar&bar=foo',
+          'REQUEST_METHOD' => 'PUT',
+          'CONTENT_MD5' => '1B2M2Y8AsgTpgAmY7PhCfg==',
+          'CONTENT_TYPE' => 'text/plain',
+          'HTTP_DATE' => Time.now.utc.httpdate)
+        @signed_request = ApiAuth.sign!(@request, @access_id, @secret_key)
+      end
+
+      it "should return a ActionController::Request object after signing it" do
+        ApiAuth.sign!(@request, @access_id, @secret_key).class.to_s.should match("ActionController::Request")
+      end
+
+      describe "md5 header" do
+        context "not already provided" do
+          it "should calculate for empty string" do
+            request = ActionController::Request.new(
+              'PATH_INFO' => '/resource.xml',
+              'QUERY_STRING' => 'foo=bar&bar=foo',
+              'REQUEST_METHOD' => 'PUT',
+              'CONTENT_TYPE' => 'text/plain',
+              'HTTP_DATE' => 'Mon, 23 Jan 1984 03:29:56 GMT')
+            signed_request = ApiAuth.sign!(request, @access_id, @secret_key)
+            signed_request.env['Content-MD5'].should == Digest::MD5.base64digest('')
+          end
+
+          it "should calculate for real content" do
+            request = ActionController::Request.new(
+              'PATH_INFO' => '/resource.xml',
+              'QUERY_STRING' => 'foo=bar&bar=foo',
+              'REQUEST_METHOD' => 'PUT',
+              'CONTENT_TYPE' => 'text/plain',
+              'HTTP_DATE' => 'Mon, 23 Jan 1984 03:29:56 GMT',
+              'RAW_POST_DATA' => "hello\nworld")
+            signed_request = ApiAuth.sign!(request, @access_id, @secret_key)
+            signed_request.env['Content-MD5'].should == Digest::MD5.base64digest("hello\nworld")
+          end
+
+        end
+
+        it "should leave the content-md5 alone if provided" do
+          @signed_request.env['CONTENT_MD5'].should == '1B2M2Y8AsgTpgAmY7PhCfg=='
+        end
+      end
+
+      it "should sign the request" do
+        @signed_request.env['Authorization'].should == "APIAuth 1044:#{hmac(@secret_key, @request)}"
+      end
+
+      it "should authenticate a valid request" do
+        ApiAuth.authentic?(@signed_request, @secret_key).should be_true
+      end
+
+      it "should NOT authenticate a non-valid request" do
+        ApiAuth.authentic?(@signed_request, @secret_key+'j').should be_false
+      end
+
+      it "should NOT authenticate a mismatched content-md5 when body has changed" do
+        request = ActionController::Request.new(
+          'PATH_INFO' => '/resource.xml',
+          'QUERY_STRING' => 'foo=bar&bar=foo',
+          'REQUEST_METHOD' => 'PUT',
+          'CONTENT_TYPE' => 'text/plain',
+          'HTTP_DATE' => 'Mon, 23 Jan 1984 03:29:56 GMT',
+          'rack.input' => StringIO.new("hello\nworld"))
+        signed_request = ApiAuth.sign!(request, @access_id, @secret_key)
+        signed_request.instance_variable_get("@env")["rack.input"] = StringIO.new("goodbye")
+        ApiAuth.authentic?(signed_request, @secret_key).should be_false
+      end
+
+      it "should NOT authenticate an expired request" do
+        @request.env['HTTP_DATE'] = 16.minutes.ago.utc.httpdate
+        signed_request = ApiAuth.sign!(@request, @access_id, @secret_key)
+        ApiAuth.authentic?(signed_request, @secret_key).should be_false
+      end
+
+      it "should retrieve the access_id" do
+        ApiAuth.access_id(@signed_request).should == "1044"
+      end
+
+    end
+
+    describe "with Rack::Request" do
+
+      before(:each) do
+        headers = { 'Content-MD5' => "1B2M2Y8AsgTpgAmY7PhCfg==",
+                    'Content-Type' => "text/plain",
+                    'Date' => Time.now.utc.httpdate }
+        @request = Rack::Request.new(Rack::MockRequest.env_for("/resource.xml?foo=bar&bar=foo", :method => :put).merge!(headers))
+        @signed_request = ApiAuth.sign!(@request, @access_id, @secret_key)
+      end
+
+      it "should return a Rack::Request object after signing it" do
+        ApiAuth.sign!(@request, @access_id, @secret_key).class.to_s.should match("Rack::Request")
+      end
+
+      describe "md5 header" do
+        context "not already provided" do
+          it "should calculate for empty string" do
+            headers = { 'Content-Type' => "text/plain",
+                        'Date' => "Mon, 23 Jan 1984 03:29:56 GMT" }
+            request = Rack::Request.new(Rack::MockRequest.env_for("/resource.xml?foo=bar&bar=foo", :method => :put).merge!(headers))
+            signed_request = ApiAuth.sign!(request, @access_id, @secret_key)
+            signed_request.env['Content-MD5'].should == Digest::MD5.base64digest('')
+          end
+
+          it "should calculate for real content" do
+            headers = { 'Content-Type' => "text/plain",
+                        'Date' => "Mon, 23 Jan 1984 03:29:56 GMT" }
+            request = Rack::Request.new(Rack::MockRequest.env_for("/resource.xml?foo=bar&bar=foo", :method => :put, :input => "hellow\nworld").merge!(headers))
+            signed_request = ApiAuth.sign!(request, @access_id, @secret_key)
+            signed_request.env['Content-MD5'].should == Digest::MD5.base64digest("hellow\nworld")
+          end
+        end
+
+        it "should leave the content-md5 alone if provided" do
+          @signed_request.env['Content-MD5'].should == "1B2M2Y8AsgTpgAmY7PhCfg=="
+        end
+      end
+
+      it "should sign the request" do
+        @signed_request.env['Authorization'].should == "APIAuth 1044:#{hmac(@secret_key, @request)}"
+      end
+
+      it "should authenticate a valid request" do
+        ApiAuth.authentic?(@signed_request, @secret_key).should be_true
+      end
+
+      it "should NOT authenticate a non-valid request" do
+        ApiAuth.authentic?(@signed_request, @secret_key+'j').should be_false
+      end
+
+      it "should NOT authenticate a mismatched content-md5 when body has changed" do
+        headers = { 'Content-Type' => "text/plain",
+                    'Date' => "Mon, 23 Jan 1984 03:29:56 GMT" }
+        request = Rack::Request.new(Rack::MockRequest.env_for("/resource.xml?foo=bar&bar=foo", :method => :put, :input => "hellow\nworld").merge!(headers))
+        signed_request = ApiAuth.sign!(request, @access_id, @secret_key)
+        changed_request = Rack::Request.new(Rack::MockRequest.env_for("/resource.xml?foo=bar&bar=foo", :method => :put, :input => "goodbye").merge!(headers))
+        signed_request.env['rack.input'] = changed_request.env['rack.input']
+        signed_request.env['CONTENT_LENGTH'] = changed_request.env['CONTENT_LENGTH']
+        ApiAuth.authentic?(signed_request, @secret_key).should be_false
+      end
+
+      it "should NOT authenticate an expired request" do
+        @request.env['Date'] = 16.minutes.ago.utc.httpdate
+        signed_request = ApiAuth.sign!(@request, @access_id, @secret_key)
+        ApiAuth.authentic?(signed_request, @secret_key).should be_false
+      end
+      
+      it "should retrieve the access_id" do
+        ApiAuth.access_id(@signed_request).should == "1044"
+      end
+
+    end
+
+  end
+
+end

data/spec/application_helper.rb

@@ -0,0 +1,2 @@
+module ApplicationHelper
+end

data/spec/headers_spec.rb

@@ -0,0 +1,223 @@
+require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
+
+describe "ApiAuth::Headers" do
+
+  CANONICAL_STRING = "text/plain,e59ff97941044f85df5297e1c302d260,/resource.xml?foo=bar&bar=foo,Mon, 23 Jan 1984 03:29:56 GMT"
+
+  describe "with Net::HTTP" do
+
+    before(:each) do
+      @request = Net::HTTP::Put.new("/resource.xml?foo=bar&bar=foo",
+        'content-type' => 'text/plain',
+        'content-md5' => 'e59ff97941044f85df5297e1c302d260',
+        'date' => "Mon, 23 Jan 1984 03:29:56 GMT")
+      @headers = ApiAuth::Headers.new(@request)
+    end
+
+    it "should generate the proper canonical string" do
+      @headers.canonical_string.should == CANONICAL_STRING
+    end
+
+    it "should set the authorization header" do
+      @headers.sign_header("alpha")
+      @headers.authorization_header.should == "alpha"
+    end
+
+    it "should set the DATE header if one is not already present" do
+      @request = Net::HTTP::Put.new("/resource.xml?foo=bar&bar=foo",
+        'content-type' => 'text/plain',
+        'content-md5' => 'e59ff97941044f85df5297e1c302d260')
+      ApiAuth.sign!(@request, "some access id", "some secret key")
+      @request['DATE'].should_not be_nil
+    end
+
+    it "should not set the DATE header just by asking for the canonical_string" do
+      request = Net::HTTP::Put.new("/resource.xml?foo=bar&bar=foo",
+        'content-type' => 'text/plain',
+        'content-md5' => 'e59ff97941044f85df5297e1c302d260')
+      headers = ApiAuth::Headers.new(request)
+      headers.canonical_string
+      request['DATE'].should be_nil
+    end
+
+    context "md5_mismatch?" do
+      it "is false if no md5 header is present" do
+        request = Net::HTTP::Put.new("/resource.xml?foo=bar&bar=foo",
+        'content-type' => 'text/plain')
+        headers = ApiAuth::Headers.new(request)
+        headers.md5_mismatch?.should be_false
+      end
+    end
+  end
+
+  describe "with RestClient" do
+
+    before(:each) do
+      headers = { 'Content-MD5' => "e59ff97941044f85df5297e1c302d260",
+                  'Content-Type' => "text/plain",
+                  'Date' => "Mon, 23 Jan 1984 03:29:56 GMT" }
+      @request = RestClient::Request.new(:url => "/resource.xml?foo=bar&bar=foo",
+        :headers => headers,
+        :method => :put)
+      @headers = ApiAuth::Headers.new(@request)
+    end
+
+    it "should generate the proper canonical string" do
+      @headers.canonical_string.should == CANONICAL_STRING
+    end
+
+    it "should set the authorization header" do
+      @headers.sign_header("alpha")
+      @headers.authorization_header.should == "alpha"
+    end
+
+    it "should set the DATE header if one is not already present" do
+      headers = { 'Content-MD5' => "e59ff97941044f85df5297e1c302d260",
+                  'Content-Type' => "text/plain" }
+      @request = RestClient::Request.new(:url => "/resource.xml?foo=bar&bar=foo",
+        :headers => headers,
+        :method => :put)
+      ApiAuth.sign!(@request, "some access id", "some secret key")
+      @request.headers['DATE'].should_not be_nil
+    end
+
+    it "should not set the DATE header just by asking for the canonical_string" do
+      headers = { 'Content-MD5' => "e59ff97941044f85df5297e1c302d260",
+                  'Content-Type' => "text/plain" }
+      request = RestClient::Request.new(:url => "/resource.xml?foo=bar&bar=foo",
+        :headers => headers,
+        :method => :put)
+      headers = ApiAuth::Headers.new(request)
+      headers.canonical_string
+      request.headers['DATE'].should be_nil
+    end
+  end
+
+  describe "with Curb" do
+
+    before(:each) do
+      headers = { 'Content-MD5' => "e59ff97941044f85df5297e1c302d260",
+                  'Content-Type' => "text/plain",
+                  'Date' => "Mon, 23 Jan 1984 03:29:56 GMT" }
+      @request = Curl::Easy.new("/resource.xml?foo=bar&bar=foo") do |curl|
+        curl.headers = headers
+      end
+      @headers = ApiAuth::Headers.new(@request)
+    end
+
+    it "should generate the proper canonical string" do
+      @headers.canonical_string.should == CANONICAL_STRING
+    end
+
+    it "should set the authorization header" do
+      @headers.sign_header("alpha")
+      @headers.authorization_header.should == "alpha"
+    end
+
+    it "should set the DATE header if one is not already present" do
+      headers = { 'Content-MD5' => "e59ff97941044f85df5297e1c302d260",
+                  'Content-Type' => "text/plain" }
+      @request = Curl::Easy.new("/resource.xml?foo=bar&bar=foo") do |curl|
+        curl.headers = headers
+      end
+      ApiAuth.sign!(@request, "some access id", "some secret key")
+      @request.headers['DATE'].should_not be_nil
+    end
+
+    it "should not set the DATE header just by asking for the canonical_string" do
+      headers = { 'Content-MD5' => "e59ff97941044f85df5297e1c302d260",
+                  'Content-Type' => "text/plain" }
+      request = Curl::Easy.new("/resource.xml?foo=bar&bar=foo") do |curl|
+        curl.headers = headers
+      end
+      headers = ApiAuth::Headers.new(request)
+      headers.canonical_string
+      request.headers['DATE'].should be_nil
+    end
+  end
+
+  describe "with ActionController" do
+
+    before(:each) do
+      @request = ActionController::Request.new(
+        'PATH_INFO' => '/resource.xml',
+        'QUERY_STRING' => 'foo=bar&bar=foo',
+        'REQUEST_METHOD' => 'PUT',
+        'CONTENT_MD5' => 'e59ff97941044f85df5297e1c302d260',
+        'CONTENT_TYPE' => 'text/plain',
+        'HTTP_DATE' => 'Mon, 23 Jan 1984 03:29:56 GMT')
+      @headers = ApiAuth::Headers.new(@request)
+    end
+
+    it "should generate the proper canonical string" do
+      @headers.canonical_string.should == CANONICAL_STRING
+    end
+
+    it "should set the authorization header" do
+      @headers.sign_header("alpha")
+      @headers.authorization_header.should == "alpha"
+    end
+
+    it "should set the DATE header if one is not already present" do
+      @request = ActionController::Request.new(
+        'PATH_INFO' => '/resource.xml',
+        'QUERY_STRING' => 'foo=bar&bar=foo',
+        'REQUEST_METHOD' => 'PUT',
+        'CONTENT_MD5' => 'e59ff97941044f85df5297e1c302d260',
+        'CONTENT_TYPE' => 'text/plain')
+      ApiAuth.sign!(@request, "some access id", "some secret key")
+      @request.headers['DATE'].should_not be_nil
+    end
+
+    it "should not set the DATE header just by asking for the canonical_string" do
+      request = ActionController::Request.new(
+        'PATH_INFO' => '/resource.xml',
+        'QUERY_STRING' => 'foo=bar&bar=foo',
+        'REQUEST_METHOD' => 'PUT',
+        'CONTENT_MD5' => 'e59ff97941044f85df5297e1c302d260',
+        'CONTENT_TYPE' => 'text/plain')
+      headers = ApiAuth::Headers.new(request)
+      headers.canonical_string
+      request.headers['DATE'].should be_nil
+    end
+  end
+
+  describe "with Rack::Request" do
+
+    before(:each) do
+      headers = { 'Content-MD5' => "e59ff97941044f85df5297e1c302d260",
+                  'Content-Type' => "text/plain",
+                  'Date' => "Mon, 23 Jan 1984 03:29:56 GMT"
+                  }
+      @request = Rack::Request.new(Rack::MockRequest.env_for("/resource.xml?foo=bar&bar=foo", :method => :put).merge!(headers))
+      @headers = ApiAuth::Headers.new(@request)
+    end
+
+    it "should generate the proper canonical string" do
+      @headers.canonical_string.should == CANONICAL_STRING
+    end
+
+    it "should set the authorization header" do
+      @headers.sign_header("alpha")
+      @headers.authorization_header.should == "alpha"
+    end
+
+    it "should set the DATE header if one is not already present" do
+      headers = { 'Content-MD5' => "e59ff97941044f85df5297e1c302d260",
+                  'Content-Type' => "text/plain" }
+      @request = Rack::Request.new(Rack::MockRequest.env_for("/resource.xml?foo=bar&bar=foo", :method => :put).merge!(headers))
+      ApiAuth.sign!(@request, "some access id", "some secret key")
+      @request.env['DATE'].should_not be_nil
+    end
+
+    it "should not set the DATE header just by asking for the canonical_string" do
+      headers = { 'Content-MD5' => "e59ff97941044f85df5297e1c302d260",
+                  'Content-Type' => "text/plain" }
+      request = Rack::Request.new(Rack::MockRequest.env_for("/resource.xml?foo=bar&bar=foo", :method => :put).merge!(headers))
+      headers = ApiAuth::Headers.new(request)
+      headers.canonical_string
+      request.env['DATE'].should be_nil
+    end
+  end
+
+end

data/spec/helpers_spec.rb

@@ -0,0 +1,14 @@
+require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
+
+describe "ApiAuth::Helpers" do
+  
+  it "should strip the new line character on a Base64 encoding" do
+    ApiAuth.b64_encode("some string").should_not match(/\n/)
+  end
+  
+  it "should properly upcase a hash's keys" do
+    hsh = { "JoE" => "rOOLz" }
+    ApiAuth.capitalize_keys(hsh)["JOE"].should == "rOOLz"
+  end
+  
+end