king_hmac 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
- data/.gitignore +4 -0
- data/MIT-LICENSE +20 -0
- data/README.rdoc +145 -0
- data/Rakefile +48 -0
- data/VERSION +1 -0
- data/init.rb +1 -0
- data/king_hmac.gemspec +60 -0
- data/lib/king_hmac/auth.rb +143 -0
- data/lib/king_hmac/cannonical_string.rb +69 -0
- data/lib/king_hmac/headers.rb +28 -0
- data/lib/king_hmac/rack/middleware.rb +44 -0
- data/lib/king_hmac/rails/active_resource.rb +99 -0
- data/lib/king_hmac/rails/controller.rb +63 -0
- data/lib/king_hmac.rb +7 -0
- data/spec/fixtures/credentials.yml +2 -0
- data/spec/king_hmac/king_hmac_spec.rb +506 -0
- data/spec/spec_helper.rb +21 -0
- metadata +90 -0
@@ -0,0 +1,63 @@
|
|
1
|
+
# Integration with Rails
|
2
|
+
#
|
3
|
+
class Rails # :nodoc:
|
4
|
+
module ControllerFilter # :nodoc:
|
5
|
+
module ClassMethods
|
6
|
+
# Call within a Rails Controller to initialize HMAC authentication for the controller.
|
7
|
+
#
|
8
|
+
# * +credentials+ must be a hash that indexes secrets by their access key id.
|
9
|
+
# * +options+ supports the following arguments:
|
10
|
+
# * +failure_message+: The text to use when authentication fails.
|
11
|
+
# * +only+: A list off actions to protect.
|
12
|
+
# * +except+: A list of actions to not protect.
|
13
|
+
# * +hmac+: Options for HMAC creation. See AuthHMAC#initialize for options.
|
14
|
+
#
|
15
|
+
def with_auth_hmac(credentials, options = {})
|
16
|
+
unless credentials.nil?
|
17
|
+
self.credentials = credentials
|
18
|
+
self.authhmac_failure_message = (options.delete(:failure_message) or "HMAC Authentication failed")
|
19
|
+
self.authhmac = AuthHMAC.new(self.credentials, options.delete(:hmac))
|
20
|
+
before_filter(:hmac_login_required, options)
|
21
|
+
else
|
22
|
+
$stderr.puts("with_auth_hmac called with nil credentials - authentication will be skipped")
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
26
|
+
|
27
|
+
module InstanceMethods # :nodoc:
|
28
|
+
def hmac_login_required
|
29
|
+
unless hmac_authenticated?
|
30
|
+
response.headers['WWW-Authenticate'] = 'AuthHMAC'
|
31
|
+
render :text => self.class.authhmac_failure_message, :status => :unauthorized
|
32
|
+
end
|
33
|
+
end
|
34
|
+
|
35
|
+
def hmac_authenticated?
|
36
|
+
self.class.authhmac.nil? ? true : self.class.authhmac.authenticated?(request)
|
37
|
+
end
|
38
|
+
end
|
39
|
+
|
40
|
+
unless defined?(ActionController)
|
41
|
+
begin
|
42
|
+
require 'rubygems'
|
43
|
+
gem 'actionpack'
|
44
|
+
gem 'activesupport'
|
45
|
+
require 'action_controller'
|
46
|
+
require 'active_support'
|
47
|
+
rescue
|
48
|
+
nil
|
49
|
+
end
|
50
|
+
end
|
51
|
+
|
52
|
+
if defined?(ActionController::Base)
|
53
|
+
ActionController::Base.class_eval do
|
54
|
+
class_inheritable_accessor :authhmac
|
55
|
+
class_inheritable_accessor :credentials
|
56
|
+
class_inheritable_accessor :authhmac_failure_message
|
57
|
+
end
|
58
|
+
|
59
|
+
ActionController::Base.send(:include, ControllerFilter::InstanceMethods)
|
60
|
+
ActionController::Base.extend(ControllerFilter::ClassMethods)
|
61
|
+
end
|
62
|
+
end
|
63
|
+
end
|
data/lib/king_hmac.rb
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
require 'openssl'
|
2
|
+
require 'base64'
|
3
|
+
|
4
|
+
require File.dirname(__FILE__) + '/king_hmac/headers'
|
5
|
+
require File.dirname(__FILE__) + '/king_hmac/cannonical_string'
|
6
|
+
require File.dirname(__FILE__) + '/king_hmac/auth'
|
7
|
+
require File.dirname(__FILE__) + '/king_hmac/rack/middleware'
|
@@ -0,0 +1,506 @@
|
|
1
|
+
require File.dirname(__FILE__) + '/../spec_helper.rb'
|
2
|
+
|
3
|
+
|
4
|
+
# Class for doing a custom signature
|
5
|
+
class CustomSignature < String
|
6
|
+
def initialize(request)
|
7
|
+
self << "Custom signature string: #{request.method}"
|
8
|
+
end
|
9
|
+
end
|
10
|
+
|
11
|
+
def signature(value, secret)
|
12
|
+
digest = OpenSSL::Digest::Digest.new('sha1')
|
13
|
+
Base64.encode64(OpenSSL::HMAC.digest(digest, secret, value)).strip
|
14
|
+
end
|
15
|
+
|
16
|
+
describe KingHmac::Auth do
|
17
|
+
before(:each) do
|
18
|
+
@request = Net::HTTP::Put.new("/path/to/put?foo=bar&bar=foo",
|
19
|
+
'content-type' => 'text/plain',
|
20
|
+
'content-md5' => 'blahblah',
|
21
|
+
'date' => "Thu, 10 Jul 2008 03:29:56 GMT")
|
22
|
+
end
|
23
|
+
|
24
|
+
describe ".canonical_string" do
|
25
|
+
it "should generate a canonical string using default method" do
|
26
|
+
KingHmac::Auth.canonical_string(@request).should == "PUT\ntext/plain\nblahblah\nThu, 10 Jul 2008 03:29:56 GMT\n/path/to/put"
|
27
|
+
end
|
28
|
+
end
|
29
|
+
|
30
|
+
describe ".signature" do
|
31
|
+
it "should generate a valid signature string for a secret" do
|
32
|
+
KingHmac::Auth.signature(@request, 'secret').should == "71wAJM4IIu/3o6lcqx/tw7XnAJs="
|
33
|
+
end
|
34
|
+
end
|
35
|
+
|
36
|
+
describe ".sign!" do
|
37
|
+
before(:each) do
|
38
|
+
@request = Net::HTTP::Put.new("/path/to/put?foo=bar&bar=foo",
|
39
|
+
'content-type' => 'text/plain',
|
40
|
+
'content-md5' => 'blahblah',
|
41
|
+
'date' => "Thu, 10 Jul 2008 03:29:56 GMT")
|
42
|
+
end
|
43
|
+
|
44
|
+
it "should sign using the key passed in as a parameter" do
|
45
|
+
KingHmac::Auth.sign!(@request, "my-key-id", "secret")
|
46
|
+
@request['Authorization'].should == "KingHmac::Auth my-key-id:71wAJM4IIu/3o6lcqx/tw7XnAJs="
|
47
|
+
end
|
48
|
+
|
49
|
+
it "should sign using custom service id" do
|
50
|
+
KingHmac::Auth.sign!(@request, "my-key-id", "secret", { :service_id => 'MyService' })
|
51
|
+
@request['Authorization'].should == "MyService my-key-id:71wAJM4IIu/3o6lcqx/tw7XnAJs="
|
52
|
+
end
|
53
|
+
|
54
|
+
it "should sign using custom signature method" do
|
55
|
+
options = {
|
56
|
+
:service_id => 'MyService',
|
57
|
+
:signature => CustomSignature
|
58
|
+
}
|
59
|
+
KingHmac::Auth.sign!(@request, "my-key-id", "secret", options)
|
60
|
+
@request['Authorization'].should == "MyService my-key-id:/L4N1v1BZSHfAYkQjsvZn696D9c="
|
61
|
+
end
|
62
|
+
end
|
63
|
+
|
64
|
+
describe "#sign!" do
|
65
|
+
before(:each) do
|
66
|
+
@get_request = Net::HTTP::Get.new("/")
|
67
|
+
@put_request = Net::HTTP::Put.new("/path/to/put?foo=bar&bar=foo",
|
68
|
+
'content-type' => 'text/plain',
|
69
|
+
'content-md5' => 'blahblah',
|
70
|
+
'date' => "Thu, 10 Jul 2008 03:29:56 GMT")
|
71
|
+
@store = mock('store')
|
72
|
+
@store.stub!(:[]).and_return("")
|
73
|
+
@authhmac = KingHmac::Auth.new(@store)
|
74
|
+
end
|
75
|
+
|
76
|
+
describe "default KingHmac::Auth with CanonicalString signature" do
|
77
|
+
it "should add an Authorization header" do
|
78
|
+
@authhmac.sign!(@get_request, 'key-id')
|
79
|
+
@get_request.key?("Authorization").should be_true
|
80
|
+
end
|
81
|
+
|
82
|
+
it "should fetch the secret from the store" do
|
83
|
+
@store.should_receive(:[]).with('key-id').and_return('secret')
|
84
|
+
@authhmac.sign!(@get_request, 'key-id')
|
85
|
+
end
|
86
|
+
|
87
|
+
it "should prefix the Authorization Header with KingHmac::Auth" do
|
88
|
+
@authhmac.sign!(@get_request, 'key-id')
|
89
|
+
@get_request['Authorization'].should match(/^KingHmac::Auth /)
|
90
|
+
end
|
91
|
+
|
92
|
+
it "should include the key id as the first part of the Authorization header value" do
|
93
|
+
@authhmac.sign!(@get_request, 'key-id')
|
94
|
+
@get_request['Authorization'].should match(/^KingHmac::Auth key-id:/)
|
95
|
+
end
|
96
|
+
|
97
|
+
it "should include the base64 encoded HMAC signature as the last part of the header value" do
|
98
|
+
@authhmac.sign!(@get_request, 'key-id')
|
99
|
+
@get_request['Authorization'].should match(/:[A-Za-z0-9+\/]{26,28}[=]{0,2}$/)
|
100
|
+
end
|
101
|
+
|
102
|
+
it "should create a complete signature" do
|
103
|
+
@store.should_receive(:[]).with('my-key-id').and_return('secret')
|
104
|
+
@authhmac.sign!(@put_request, "my-key-id")
|
105
|
+
@put_request['Authorization'].should == "KingHmac::Auth my-key-id:71wAJM4IIu/3o6lcqx/tw7XnAJs="
|
106
|
+
end
|
107
|
+
end
|
108
|
+
|
109
|
+
describe "custom signatures" do
|
110
|
+
before(:each) do
|
111
|
+
@options = {
|
112
|
+
:service_id => 'MyService',
|
113
|
+
:signature => CustomSignature
|
114
|
+
}
|
115
|
+
@authhmac = KingHmac::Auth.new(@store, @options)
|
116
|
+
end
|
117
|
+
|
118
|
+
it "should prefix the Authorization header with custom service id" do
|
119
|
+
@authhmac.sign!(@get_request, 'key-id')
|
120
|
+
@get_request['Authorization'].should match(/^MyService /)
|
121
|
+
end
|
122
|
+
|
123
|
+
it "should create a complete signature using options" do
|
124
|
+
@store.should_receive(:[]).with('my-key-id').and_return('secret')
|
125
|
+
@authhmac.sign!(@put_request, "my-key-id")
|
126
|
+
@put_request['Authorization'].should == "MyService my-key-id:/L4N1v1BZSHfAYkQjsvZn696D9c="
|
127
|
+
end
|
128
|
+
end
|
129
|
+
end
|
130
|
+
|
131
|
+
describe "authenticated?" do
|
132
|
+
before(:each) do
|
133
|
+
@credentials = load_fixture
|
134
|
+
@authhmac = KingHmac::Auth.new(@credentials)
|
135
|
+
@request = Net::HTTP::Get.new("/path/to/get?foo=bar&bar=foo", 'date' => "Thu, 10 Jul 2008 03:29:56 GMT")
|
136
|
+
end
|
137
|
+
|
138
|
+
it "should return false when there is no Authorization Header" do
|
139
|
+
@authhmac.authenticated?(@request).should be_false
|
140
|
+
end
|
141
|
+
|
142
|
+
it "should return false when the Authorization value isn't prefixed with HMAC" do
|
143
|
+
@request['Authorization'] = "id:secret"
|
144
|
+
@authhmac.authenticated?(@request).should be_false
|
145
|
+
end
|
146
|
+
|
147
|
+
it "should return false when the access key id can't be found" do
|
148
|
+
@request['Authorization'] = 'KingHmac::Auth missing-key:blah'
|
149
|
+
@authhmac.authenticated?(@request).should be_false
|
150
|
+
end
|
151
|
+
|
152
|
+
it "should return false when there is no hmac" do
|
153
|
+
@request['Authorization'] = 'KingHmac::Auth missing-key:'
|
154
|
+
@authhmac.authenticated?(@request).should be_false
|
155
|
+
end
|
156
|
+
|
157
|
+
it "should return false when the hmac doesn't match" do
|
158
|
+
@request['Authorization'] = 'KingHmac::Auth access key 1:blah'
|
159
|
+
@authhmac.authenticated?(@request).should be_false
|
160
|
+
end
|
161
|
+
|
162
|
+
it "should return false if the request was modified after signing" do
|
163
|
+
@authhmac.sign!(@request, 'access key 1')
|
164
|
+
@request.content_type = 'text/plain'
|
165
|
+
@authhmac.authenticated?(@request).should be_false
|
166
|
+
end
|
167
|
+
|
168
|
+
it "should return true when the hmac does match" do
|
169
|
+
@authhmac.sign!(@request, 'access key 1')
|
170
|
+
@authhmac.authenticated?(@request).should be_true
|
171
|
+
end
|
172
|
+
|
173
|
+
describe "custom signatures" do
|
174
|
+
before(:each) do
|
175
|
+
@options = {
|
176
|
+
:service_id => 'MyService',
|
177
|
+
:signature => CustomSignature
|
178
|
+
}
|
179
|
+
end
|
180
|
+
|
181
|
+
it "should return false for invalid service id" do
|
182
|
+
@authhmac.sign!(@request, 'access key 1')
|
183
|
+
KingHmac::Auth.new(@credentials, @options.except(:signature)).authenticated?(@request).should be_false
|
184
|
+
end
|
185
|
+
|
186
|
+
it "should return false for request using default CanonicalString signature" do
|
187
|
+
@authhmac.sign!(@request, 'access key 1')
|
188
|
+
KingHmac::Auth.new(@credentials, @options.except(:service_id)).authenticated?(@request).should be_false
|
189
|
+
end
|
190
|
+
|
191
|
+
it "should return true when valid" do
|
192
|
+
@authhmac = KingHmac::Auth.new(@credentials, @options)
|
193
|
+
@authhmac.sign!(@request, 'access key 1')
|
194
|
+
@authhmac.authenticated?(@request).should be_true
|
195
|
+
end
|
196
|
+
end
|
197
|
+
end
|
198
|
+
|
199
|
+
describe "#sign! with YAML credentials" do
|
200
|
+
before(:each) do
|
201
|
+
@authhmac = KingHmac::Auth.new(load_fixture)
|
202
|
+
@request = Net::HTTP::Get.new("/path/to/get?foo=bar&bar=foo", 'date' => "Thu, 10 Jul 2008 03:29:56 GMT")
|
203
|
+
end
|
204
|
+
|
205
|
+
it "should raise an argument error if credentials are missing" do
|
206
|
+
lambda { @authhmac.sign!(@request, 'missing') }.should raise_error(ArgumentError)
|
207
|
+
end
|
208
|
+
|
209
|
+
it "should sign with the secret" do
|
210
|
+
@authhmac.sign!(@request, "access key 1")
|
211
|
+
@request['Authorization'].should == "KingHmac::Auth access key 1:ovwO0OBERuF3/uR3aowaUCkFMiE="
|
212
|
+
end
|
213
|
+
|
214
|
+
it "should sign with the other secret" do
|
215
|
+
@authhmac.sign!(@request, "access key 2")
|
216
|
+
@request['Authorization'].should == "KingHmac::Auth access key 2:vT010RQm4IZ6+UCVpK2/N0FLpLw="
|
217
|
+
end
|
218
|
+
end
|
219
|
+
|
220
|
+
describe KingHmac::CanonicalString do
|
221
|
+
it "should include the http verb when it is GET" do
|
222
|
+
request = Net::HTTP::Get.new("/")
|
223
|
+
KingHmac::CanonicalString.new(request).should match(/GET/)
|
224
|
+
end
|
225
|
+
|
226
|
+
it "should include the http verb when it is POST" do
|
227
|
+
request = Net::HTTP::Post.new("/")
|
228
|
+
KingHmac::CanonicalString.new(request).should match(/POST/)
|
229
|
+
end
|
230
|
+
|
231
|
+
it "should include the content-type" do
|
232
|
+
request = Net::HTTP::Put.new("/", {'Content-Type' => 'application/xml'})
|
233
|
+
KingHmac::CanonicalString.new(request).should match(/application\/xml/)
|
234
|
+
end
|
235
|
+
|
236
|
+
it "should include the content-type even if the case is messed up" do
|
237
|
+
request = Net::HTTP::Put.new("/", {'cOntent-type' => 'text/html'})
|
238
|
+
KingHmac::CanonicalString.new(request).should match(/text\/html/)
|
239
|
+
end
|
240
|
+
|
241
|
+
it "should include the content-md5" do
|
242
|
+
request = Net::HTTP::Put.new("/", {'Content-MD5' => 'skwkend'})
|
243
|
+
KingHmac::CanonicalString.new(request).should match(/skwkend/)
|
244
|
+
end
|
245
|
+
|
246
|
+
it "should include the content-md5 even if the case is messed up" do
|
247
|
+
request = Net::HTTP::Put.new("/", {'content-md5' => 'adsada'})
|
248
|
+
KingHmac::CanonicalString.new(request).should match(/adsada/)
|
249
|
+
end
|
250
|
+
|
251
|
+
it "should include the date" do
|
252
|
+
date = Time.now.httpdate
|
253
|
+
request = Net::HTTP::Put.new("/", {'Date' => date})
|
254
|
+
KingHmac::CanonicalString.new(request).should match(/#{date}/)
|
255
|
+
end
|
256
|
+
|
257
|
+
it "should include the request path" do
|
258
|
+
request = Net::HTTP::Get.new("/path/to/file")
|
259
|
+
KingHmac::CanonicalString.new(request).should match(/\/path\/to\/file[^?]?/)
|
260
|
+
end
|
261
|
+
|
262
|
+
it "should ignore the query string of the request path" do
|
263
|
+
request = Net::HTTP::Get.new("/other/path/to/file?query=foo")
|
264
|
+
KingHmac::CanonicalString.new(request).should match(/\/other\/path\/to\/file[^?]?/)
|
265
|
+
end
|
266
|
+
|
267
|
+
it "should build the correct string" do
|
268
|
+
date = Time.now.httpdate
|
269
|
+
request = Net::HTTP::Put.new("/path/to/put?foo=bar&bar=foo",
|
270
|
+
'content-type' => 'text/plain',
|
271
|
+
'content-md5' => 'blahblah',
|
272
|
+
'date' => date)
|
273
|
+
KingHmac::CanonicalString.new(request).should == "PUT\ntext/plain\nblahblah\n#{date}\n/path/to/put"
|
274
|
+
end
|
275
|
+
|
276
|
+
it "should build the correct string when some elements are missing" do
|
277
|
+
date = Time.now.httpdate
|
278
|
+
request = Net::HTTP::Get.new("/path/to/get?foo=bar&bar=foo",
|
279
|
+
'date' => date)
|
280
|
+
KingHmac::CanonicalString.new(request).should == "GET\n\n\n#{date}\n/path/to/get"
|
281
|
+
end
|
282
|
+
end
|
283
|
+
=begin
|
284
|
+
describe KingHmac::Auth::Rails::ControllerFilter do
|
285
|
+
class TestController < ActionController::Base
|
286
|
+
with_auth_hmac YAML.load(File.read(File.join(File.dirname(__FILE__), 'fixtures', 'credentials.yml'))),
|
287
|
+
:only => [:index]
|
288
|
+
|
289
|
+
def index
|
290
|
+
render :nothing => true, :status => :ok
|
291
|
+
end
|
292
|
+
|
293
|
+
def public
|
294
|
+
render :nothing => true, :status => :ok
|
295
|
+
end
|
296
|
+
|
297
|
+
def rescue_action(e) raise(e) end
|
298
|
+
end
|
299
|
+
|
300
|
+
class MessageTestController < ActionController::Base
|
301
|
+
with_auth_hmac YAML.load(File.read(File.join(File.dirname(__FILE__), 'fixtures', 'credentials.yml'))),
|
302
|
+
:failure_message => "Stay away!", :except => :public
|
303
|
+
|
304
|
+
def index
|
305
|
+
render :nothing => true, :status => :ok
|
306
|
+
end
|
307
|
+
|
308
|
+
def public
|
309
|
+
render :nothing => true, :status => :ok
|
310
|
+
end
|
311
|
+
|
312
|
+
def rescue_action(e) raise(e) end
|
313
|
+
end
|
314
|
+
|
315
|
+
class NilCredentialsController < ActionController::Base
|
316
|
+
with_auth_hmac nil
|
317
|
+
before_filter :force_auth
|
318
|
+
|
319
|
+
def index
|
320
|
+
render :nothing => true, :status => :ok
|
321
|
+
end
|
322
|
+
|
323
|
+
def public
|
324
|
+
render :nothing => true, :status => :ok
|
325
|
+
end
|
326
|
+
|
327
|
+
def rescue_action(e) raise(e) end
|
328
|
+
|
329
|
+
private
|
330
|
+
def force_auth
|
331
|
+
hmac_authenticated?
|
332
|
+
end
|
333
|
+
end
|
334
|
+
|
335
|
+
class CustomTestController < ActionController::Base
|
336
|
+
with_auth_hmac YAML.load(File.read(File.join(File.dirname(__FILE__), 'fixtures', 'credentials.yml'))),
|
337
|
+
:failure_message => "Stay away!",
|
338
|
+
:except => :public,
|
339
|
+
:hmac => { :service_id => 'MyService', :signature => CustomSignature }
|
340
|
+
|
341
|
+
def index
|
342
|
+
render :nothing => true, :status => :ok
|
343
|
+
end
|
344
|
+
|
345
|
+
def public
|
346
|
+
render :nothing => true, :status => :ok
|
347
|
+
end
|
348
|
+
|
349
|
+
def rescue_action(e) raise(e) end
|
350
|
+
end
|
351
|
+
|
352
|
+
describe NilCredentialsController do
|
353
|
+
it "should not raise an error when credentials are nil" do
|
354
|
+
request = ActionController::TestRequest.new
|
355
|
+
request.action = 'index'
|
356
|
+
request.path = "/index"
|
357
|
+
lambda do
|
358
|
+
NilCredentialsController.new.process(request, ActionController::TestResponse.new).code.should == "200"
|
359
|
+
end.should_not raise_error
|
360
|
+
end
|
361
|
+
end
|
362
|
+
|
363
|
+
describe TestController do
|
364
|
+
it "should allow a request with the proper hmac" do
|
365
|
+
request = ActionController::TestRequest.new
|
366
|
+
request.env['Authorization'] = "KingHmac::Auth access key 1:6BVEVfAyIDoI3K+WallRMnDxROQ="
|
367
|
+
request.env['DATE'] = "Thu, 10 Jul 2008 03:29:56 GMT"
|
368
|
+
request.action = 'index'
|
369
|
+
request.path = "/index"
|
370
|
+
TestController.new.process(request, ActionController::TestResponse.new).code.should == "200"
|
371
|
+
end
|
372
|
+
|
373
|
+
it "should reject a request with no hmac" do
|
374
|
+
request = ActionController::TestRequest.new
|
375
|
+
request.action = 'index'
|
376
|
+
TestController.new.process(request, ActionController::TestResponse.new).code.should == "401"
|
377
|
+
end
|
378
|
+
|
379
|
+
it "should reject a request with the wrong hmac" do
|
380
|
+
request = ActionController::TestRequest.new
|
381
|
+
request.action = 'index'
|
382
|
+
request.env['Authorization'] = "KingHmac::Auth bogus:bogus"
|
383
|
+
TestController.new.process(request, ActionController::TestResponse.new).code.should == "401"
|
384
|
+
end
|
385
|
+
|
386
|
+
it "should include a WWW-Authenticate header with the schema KingHmac::Auth" do
|
387
|
+
request = ActionController::TestRequest.new
|
388
|
+
request.action = 'index'
|
389
|
+
request.env['Authorization'] = "KingHmac::Auth bogus:bogus"
|
390
|
+
TestController.new.process(request, ActionController::TestResponse.new).headers['WWW-Authenticate'].should == "KingHmac::Auth"
|
391
|
+
end
|
392
|
+
|
393
|
+
it "should include a default error message" do
|
394
|
+
request = ActionController::TestRequest.new
|
395
|
+
request.action = 'index'
|
396
|
+
request.env['Authorization'] = "KingHmac::Auth bogus:bogus"
|
397
|
+
TestController.new.process(request, ActionController::TestResponse.new).body.should == "HMAC Authentication failed"
|
398
|
+
end
|
399
|
+
|
400
|
+
it "should allow anything to access the public action (using only)" do
|
401
|
+
request = ActionController::TestRequest.new
|
402
|
+
request.action = 'public'
|
403
|
+
TestController.new.process(request, ActionController::TestResponse.new).code.should == "200"
|
404
|
+
end
|
405
|
+
end
|
406
|
+
|
407
|
+
describe MessageTestController do
|
408
|
+
it "should reject a request with a given message" do
|
409
|
+
request = ActionController::TestRequest.new
|
410
|
+
request.action = 'index'
|
411
|
+
request.env['Authorization'] = "KingHmac::Auth bogus:bogus"
|
412
|
+
MessageTestController.new.process(request, ActionController::TestResponse.new).body.should == "Stay away!"
|
413
|
+
end
|
414
|
+
|
415
|
+
it "should allow anything to access the public action (using except)" do
|
416
|
+
request = ActionController::TestRequest.new
|
417
|
+
request.action = 'public'
|
418
|
+
MessageTestController.new.process(request, ActionController::TestResponse.new).code.should == "200"
|
419
|
+
end
|
420
|
+
end
|
421
|
+
|
422
|
+
describe CustomTestController do
|
423
|
+
it "should allow a request with the proper hmac" do
|
424
|
+
request = ActionController::TestRequest.new
|
425
|
+
request.env['Authorization'] = "MyService access key 1:J2W4dOrv/sGsL0C5adnZYiQ3d70="
|
426
|
+
request.env['DATE'] = "Thu, 10 Jul 2008 03:29:56 GMT"
|
427
|
+
request.action = 'index'
|
428
|
+
request.path = "/index"
|
429
|
+
CustomTestController.new.process(request, ActionController::TestResponse.new).code.should == "200"
|
430
|
+
end
|
431
|
+
|
432
|
+
it "should reject a request with no hmac" do
|
433
|
+
request = ActionController::TestRequest.new
|
434
|
+
request.action = 'index'
|
435
|
+
CustomTestController.new.process(request, ActionController::TestResponse.new).code.should == "401"
|
436
|
+
end
|
437
|
+
|
438
|
+
it "should reject a request with the wrong hmac" do
|
439
|
+
request = ActionController::TestRequest.new
|
440
|
+
request.action = 'index'
|
441
|
+
request.env['Authorization'] = "KingHmac::Auth bogus:bogus"
|
442
|
+
CustomTestController.new.process(request, ActionController::TestResponse.new).code.should == "401"
|
443
|
+
end
|
444
|
+
|
445
|
+
it "should reject a request with a given message" do
|
446
|
+
request = ActionController::TestRequest.new
|
447
|
+
request.action = 'index'
|
448
|
+
request.env['Authorization'] = "KingHmac::Auth bogus:bogus"
|
449
|
+
CustomTestController.new.process(request, ActionController::TestResponse.new).body.should == "Stay away!"
|
450
|
+
end
|
451
|
+
|
452
|
+
it "should allow anything to access the public action (using except)" do
|
453
|
+
request = ActionController::TestRequest.new
|
454
|
+
request.action = 'public'
|
455
|
+
CustomTestController.new.process(request, ActionController::TestResponse.new).code.should == "200"
|
456
|
+
end
|
457
|
+
end
|
458
|
+
end
|
459
|
+
|
460
|
+
describe KingHmac::Auth::Rails::ActiveResourceExtension do
|
461
|
+
class TestResource < ActiveResource::Base
|
462
|
+
with_auth_hmac("access_id", "secret")
|
463
|
+
self.site = "http://localhost/"
|
464
|
+
end
|
465
|
+
|
466
|
+
class CustomTestResource < ActiveResource::Base
|
467
|
+
with_auth_hmac("access_id", "secret", { :service_id => 'MyService', :signature => CustomSignature })
|
468
|
+
self.site = "http://localhost/"
|
469
|
+
end
|
470
|
+
|
471
|
+
describe TestResource do
|
472
|
+
it "should send requests using HMAC authentication" do
|
473
|
+
now = Time.parse("Thu, 10 Jul 2008 03:29:56 GMT")
|
474
|
+
Time.should_receive(:now).at_least(1).and_return(now)
|
475
|
+
ActiveResource::HttpMock.respond_to do |mock|
|
476
|
+
mock.get "/test_resources/1.xml",
|
477
|
+
{
|
478
|
+
'Authorization' => 'KingHmac::Auth access_id:44dvKATf4xanDtypqEA0EFYvOgI=',
|
479
|
+
'Accept' => 'application/xml',
|
480
|
+
'Date' => "Thu, 10 Jul 2008 03:29:56 GMT"
|
481
|
+
},
|
482
|
+
{ :id => "1" }.to_xml(:root => 'test_resource')
|
483
|
+
end
|
484
|
+
TestResource.find(1)
|
485
|
+
end
|
486
|
+
end
|
487
|
+
|
488
|
+
describe CustomTestResource do
|
489
|
+
it "should send requests using HMAC authentication" do
|
490
|
+
now = Time.parse("Thu, 10 Jul 2008 03:29:56 GMT")
|
491
|
+
Time.should_receive(:now).at_least(1).and_return(now)
|
492
|
+
ActiveResource::HttpMock.respond_to do |mock|
|
493
|
+
mock.get "/custom_test_resources/1.xml",
|
494
|
+
{
|
495
|
+
'Authorization' => 'MyService access_id:ZwCBL2rWLOMnwRrdF7wWEdJn7yA=',
|
496
|
+
'Accept' => 'application/xml',
|
497
|
+
'Date' => "Thu, 10 Jul 2008 03:29:56 GMT"
|
498
|
+
},
|
499
|
+
{ :id => "1" }.to_xml(:root => 'custom_test_resource')
|
500
|
+
end
|
501
|
+
CustomTestResource.find(1)
|
502
|
+
end
|
503
|
+
end
|
504
|
+
end
|
505
|
+
=end
|
506
|
+
end
|
data/spec/spec_helper.rb
ADDED
@@ -0,0 +1,21 @@
|
|
1
|
+
require 'rubygems'
|
2
|
+
require 'spec'
|
3
|
+
require "net/http"
|
4
|
+
require 'time'
|
5
|
+
require 'yaml'
|
6
|
+
gem 'actionpack'
|
7
|
+
gem 'activeresource'
|
8
|
+
require 'action_controller'
|
9
|
+
require 'action_controller/test_process'
|
10
|
+
require 'active_resource'
|
11
|
+
require 'active_resource/http_mock'
|
12
|
+
|
13
|
+
require "#{File.dirname(__FILE__)}/../lib/king_hmac"
|
14
|
+
|
15
|
+
|
16
|
+
|
17
|
+
def load_fixture
|
18
|
+
YAML.load(File.read(File.join(File.dirname(__FILE__), 'fixtures', 'credentials.yml')))
|
19
|
+
end
|
20
|
+
|
21
|
+
|
metadata
ADDED
@@ -0,0 +1,90 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: king_hmac
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
prerelease: false
|
5
|
+
segments:
|
6
|
+
- 1
|
7
|
+
- 0
|
8
|
+
- 0
|
9
|
+
version: 1.0.0
|
10
|
+
platform: ruby
|
11
|
+
authors:
|
12
|
+
- Georg Leciejewski
|
13
|
+
autorequire:
|
14
|
+
bindir: bin
|
15
|
+
cert_chain: []
|
16
|
+
|
17
|
+
date: 2010-04-10 00:00:00 +02:00
|
18
|
+
default_executable:
|
19
|
+
dependencies:
|
20
|
+
- !ruby/object:Gem::Dependency
|
21
|
+
name: rspec
|
22
|
+
prerelease: false
|
23
|
+
requirement: &id001 !ruby/object:Gem::Requirement
|
24
|
+
requirements:
|
25
|
+
- - ">="
|
26
|
+
- !ruby/object:Gem::Version
|
27
|
+
segments:
|
28
|
+
- 0
|
29
|
+
version: "0"
|
30
|
+
type: :development
|
31
|
+
version_requirements: *id001
|
32
|
+
description: A Ruby Gem for authenticating HTTP requests using a HMAC
|
33
|
+
email: gl@salesking.eu
|
34
|
+
executables: []
|
35
|
+
|
36
|
+
extensions: []
|
37
|
+
|
38
|
+
extra_rdoc_files:
|
39
|
+
- README.rdoc
|
40
|
+
files:
|
41
|
+
- .gitignore
|
42
|
+
- MIT-LICENSE
|
43
|
+
- README.rdoc
|
44
|
+
- Rakefile
|
45
|
+
- VERSION
|
46
|
+
- init.rb
|
47
|
+
- king_hmac.gemspec
|
48
|
+
- lib/king_hmac.rb
|
49
|
+
- lib/king_hmac/auth.rb
|
50
|
+
- lib/king_hmac/cannonical_string.rb
|
51
|
+
- lib/king_hmac/headers.rb
|
52
|
+
- lib/king_hmac/rack/middleware.rb
|
53
|
+
- lib/king_hmac/rails/active_resource.rb
|
54
|
+
- lib/king_hmac/rails/controller.rb
|
55
|
+
- spec/fixtures/credentials.yml
|
56
|
+
- spec/king_hmac/king_hmac_spec.rb
|
57
|
+
- spec/spec_helper.rb
|
58
|
+
has_rdoc: true
|
59
|
+
homepage: http://github.com/salesking/king_hmac
|
60
|
+
licenses: []
|
61
|
+
|
62
|
+
post_install_message:
|
63
|
+
rdoc_options:
|
64
|
+
- --charset=UTF-8
|
65
|
+
require_paths:
|
66
|
+
- lib
|
67
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
68
|
+
requirements:
|
69
|
+
- - ">="
|
70
|
+
- !ruby/object:Gem::Version
|
71
|
+
segments:
|
72
|
+
- 0
|
73
|
+
version: "0"
|
74
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
75
|
+
requirements:
|
76
|
+
- - ">="
|
77
|
+
- !ruby/object:Gem::Version
|
78
|
+
segments:
|
79
|
+
- 0
|
80
|
+
version: "0"
|
81
|
+
requirements: []
|
82
|
+
|
83
|
+
rubyforge_project:
|
84
|
+
rubygems_version: 1.3.6
|
85
|
+
signing_key:
|
86
|
+
specification_version: 3
|
87
|
+
summary: A Ruby Gem for authenticating HTTP requests using a HMAC
|
88
|
+
test_files:
|
89
|
+
- spec/king_hmac/king_hmac_spec.rb
|
90
|
+
- spec/spec_helper.rb
|