king_hmac 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/.gitignore +4 -0
- data/MIT-LICENSE +20 -0
- data/README.rdoc +145 -0
- data/Rakefile +48 -0
- data/VERSION +1 -0
- data/init.rb +1 -0
- data/king_hmac.gemspec +60 -0
- data/lib/king_hmac/auth.rb +143 -0
- data/lib/king_hmac/cannonical_string.rb +69 -0
- data/lib/king_hmac/headers.rb +28 -0
- data/lib/king_hmac/rack/middleware.rb +44 -0
- data/lib/king_hmac/rails/active_resource.rb +99 -0
- data/lib/king_hmac/rails/controller.rb +63 -0
- data/lib/king_hmac.rb +7 -0
- data/spec/fixtures/credentials.yml +2 -0
- data/spec/king_hmac/king_hmac_spec.rb +506 -0
- data/spec/spec_helper.rb +21 -0
- metadata +90 -0
@@ -0,0 +1,63 @@
|
|
1
|
+
# Integration with Rails
|
2
|
+
#
|
3
|
+
class Rails # :nodoc:
|
4
|
+
module ControllerFilter # :nodoc:
|
5
|
+
module ClassMethods
|
6
|
+
# Call within a Rails Controller to initialize HMAC authentication for the controller.
|
7
|
+
#
|
8
|
+
# * +credentials+ must be a hash that indexes secrets by their access key id.
|
9
|
+
# * +options+ supports the following arguments:
|
10
|
+
# * +failure_message+: The text to use when authentication fails.
|
11
|
+
# * +only+: A list off actions to protect.
|
12
|
+
# * +except+: A list of actions to not protect.
|
13
|
+
# * +hmac+: Options for HMAC creation. See AuthHMAC#initialize for options.
|
14
|
+
#
|
15
|
+
def with_auth_hmac(credentials, options = {})
|
16
|
+
unless credentials.nil?
|
17
|
+
self.credentials = credentials
|
18
|
+
self.authhmac_failure_message = (options.delete(:failure_message) or "HMAC Authentication failed")
|
19
|
+
self.authhmac = AuthHMAC.new(self.credentials, options.delete(:hmac))
|
20
|
+
before_filter(:hmac_login_required, options)
|
21
|
+
else
|
22
|
+
$stderr.puts("with_auth_hmac called with nil credentials - authentication will be skipped")
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
26
|
+
|
27
|
+
module InstanceMethods # :nodoc:
|
28
|
+
def hmac_login_required
|
29
|
+
unless hmac_authenticated?
|
30
|
+
response.headers['WWW-Authenticate'] = 'AuthHMAC'
|
31
|
+
render :text => self.class.authhmac_failure_message, :status => :unauthorized
|
32
|
+
end
|
33
|
+
end
|
34
|
+
|
35
|
+
def hmac_authenticated?
|
36
|
+
self.class.authhmac.nil? ? true : self.class.authhmac.authenticated?(request)
|
37
|
+
end
|
38
|
+
end
|
39
|
+
|
40
|
+
unless defined?(ActionController)
|
41
|
+
begin
|
42
|
+
require 'rubygems'
|
43
|
+
gem 'actionpack'
|
44
|
+
gem 'activesupport'
|
45
|
+
require 'action_controller'
|
46
|
+
require 'active_support'
|
47
|
+
rescue
|
48
|
+
nil
|
49
|
+
end
|
50
|
+
end
|
51
|
+
|
52
|
+
if defined?(ActionController::Base)
|
53
|
+
ActionController::Base.class_eval do
|
54
|
+
class_inheritable_accessor :authhmac
|
55
|
+
class_inheritable_accessor :credentials
|
56
|
+
class_inheritable_accessor :authhmac_failure_message
|
57
|
+
end
|
58
|
+
|
59
|
+
ActionController::Base.send(:include, ControllerFilter::InstanceMethods)
|
60
|
+
ActionController::Base.extend(ControllerFilter::ClassMethods)
|
61
|
+
end
|
62
|
+
end
|
63
|
+
end
|
data/lib/king_hmac.rb
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
require 'openssl'
|
2
|
+
require 'base64'
|
3
|
+
|
4
|
+
require File.dirname(__FILE__) + '/king_hmac/headers'
|
5
|
+
require File.dirname(__FILE__) + '/king_hmac/cannonical_string'
|
6
|
+
require File.dirname(__FILE__) + '/king_hmac/auth'
|
7
|
+
require File.dirname(__FILE__) + '/king_hmac/rack/middleware'
|
@@ -0,0 +1,506 @@
|
|
1
|
+
require File.dirname(__FILE__) + '/../spec_helper.rb'
|
2
|
+
|
3
|
+
|
4
|
+
# Class for doing a custom signature
|
5
|
+
class CustomSignature < String
|
6
|
+
def initialize(request)
|
7
|
+
self << "Custom signature string: #{request.method}"
|
8
|
+
end
|
9
|
+
end
|
10
|
+
|
11
|
+
def signature(value, secret)
|
12
|
+
digest = OpenSSL::Digest::Digest.new('sha1')
|
13
|
+
Base64.encode64(OpenSSL::HMAC.digest(digest, secret, value)).strip
|
14
|
+
end
|
15
|
+
|
16
|
+
describe KingHmac::Auth do
|
17
|
+
before(:each) do
|
18
|
+
@request = Net::HTTP::Put.new("/path/to/put?foo=bar&bar=foo",
|
19
|
+
'content-type' => 'text/plain',
|
20
|
+
'content-md5' => 'blahblah',
|
21
|
+
'date' => "Thu, 10 Jul 2008 03:29:56 GMT")
|
22
|
+
end
|
23
|
+
|
24
|
+
describe ".canonical_string" do
|
25
|
+
it "should generate a canonical string using default method" do
|
26
|
+
KingHmac::Auth.canonical_string(@request).should == "PUT\ntext/plain\nblahblah\nThu, 10 Jul 2008 03:29:56 GMT\n/path/to/put"
|
27
|
+
end
|
28
|
+
end
|
29
|
+
|
30
|
+
describe ".signature" do
|
31
|
+
it "should generate a valid signature string for a secret" do
|
32
|
+
KingHmac::Auth.signature(@request, 'secret').should == "71wAJM4IIu/3o6lcqx/tw7XnAJs="
|
33
|
+
end
|
34
|
+
end
|
35
|
+
|
36
|
+
describe ".sign!" do
|
37
|
+
before(:each) do
|
38
|
+
@request = Net::HTTP::Put.new("/path/to/put?foo=bar&bar=foo",
|
39
|
+
'content-type' => 'text/plain',
|
40
|
+
'content-md5' => 'blahblah',
|
41
|
+
'date' => "Thu, 10 Jul 2008 03:29:56 GMT")
|
42
|
+
end
|
43
|
+
|
44
|
+
it "should sign using the key passed in as a parameter" do
|
45
|
+
KingHmac::Auth.sign!(@request, "my-key-id", "secret")
|
46
|
+
@request['Authorization'].should == "KingHmac::Auth my-key-id:71wAJM4IIu/3o6lcqx/tw7XnAJs="
|
47
|
+
end
|
48
|
+
|
49
|
+
it "should sign using custom service id" do
|
50
|
+
KingHmac::Auth.sign!(@request, "my-key-id", "secret", { :service_id => 'MyService' })
|
51
|
+
@request['Authorization'].should == "MyService my-key-id:71wAJM4IIu/3o6lcqx/tw7XnAJs="
|
52
|
+
end
|
53
|
+
|
54
|
+
it "should sign using custom signature method" do
|
55
|
+
options = {
|
56
|
+
:service_id => 'MyService',
|
57
|
+
:signature => CustomSignature
|
58
|
+
}
|
59
|
+
KingHmac::Auth.sign!(@request, "my-key-id", "secret", options)
|
60
|
+
@request['Authorization'].should == "MyService my-key-id:/L4N1v1BZSHfAYkQjsvZn696D9c="
|
61
|
+
end
|
62
|
+
end
|
63
|
+
|
64
|
+
describe "#sign!" do
|
65
|
+
before(:each) do
|
66
|
+
@get_request = Net::HTTP::Get.new("/")
|
67
|
+
@put_request = Net::HTTP::Put.new("/path/to/put?foo=bar&bar=foo",
|
68
|
+
'content-type' => 'text/plain',
|
69
|
+
'content-md5' => 'blahblah',
|
70
|
+
'date' => "Thu, 10 Jul 2008 03:29:56 GMT")
|
71
|
+
@store = mock('store')
|
72
|
+
@store.stub!(:[]).and_return("")
|
73
|
+
@authhmac = KingHmac::Auth.new(@store)
|
74
|
+
end
|
75
|
+
|
76
|
+
describe "default KingHmac::Auth with CanonicalString signature" do
|
77
|
+
it "should add an Authorization header" do
|
78
|
+
@authhmac.sign!(@get_request, 'key-id')
|
79
|
+
@get_request.key?("Authorization").should be_true
|
80
|
+
end
|
81
|
+
|
82
|
+
it "should fetch the secret from the store" do
|
83
|
+
@store.should_receive(:[]).with('key-id').and_return('secret')
|
84
|
+
@authhmac.sign!(@get_request, 'key-id')
|
85
|
+
end
|
86
|
+
|
87
|
+
it "should prefix the Authorization Header with KingHmac::Auth" do
|
88
|
+
@authhmac.sign!(@get_request, 'key-id')
|
89
|
+
@get_request['Authorization'].should match(/^KingHmac::Auth /)
|
90
|
+
end
|
91
|
+
|
92
|
+
it "should include the key id as the first part of the Authorization header value" do
|
93
|
+
@authhmac.sign!(@get_request, 'key-id')
|
94
|
+
@get_request['Authorization'].should match(/^KingHmac::Auth key-id:/)
|
95
|
+
end
|
96
|
+
|
97
|
+
it "should include the base64 encoded HMAC signature as the last part of the header value" do
|
98
|
+
@authhmac.sign!(@get_request, 'key-id')
|
99
|
+
@get_request['Authorization'].should match(/:[A-Za-z0-9+\/]{26,28}[=]{0,2}$/)
|
100
|
+
end
|
101
|
+
|
102
|
+
it "should create a complete signature" do
|
103
|
+
@store.should_receive(:[]).with('my-key-id').and_return('secret')
|
104
|
+
@authhmac.sign!(@put_request, "my-key-id")
|
105
|
+
@put_request['Authorization'].should == "KingHmac::Auth my-key-id:71wAJM4IIu/3o6lcqx/tw7XnAJs="
|
106
|
+
end
|
107
|
+
end
|
108
|
+
|
109
|
+
describe "custom signatures" do
|
110
|
+
before(:each) do
|
111
|
+
@options = {
|
112
|
+
:service_id => 'MyService',
|
113
|
+
:signature => CustomSignature
|
114
|
+
}
|
115
|
+
@authhmac = KingHmac::Auth.new(@store, @options)
|
116
|
+
end
|
117
|
+
|
118
|
+
it "should prefix the Authorization header with custom service id" do
|
119
|
+
@authhmac.sign!(@get_request, 'key-id')
|
120
|
+
@get_request['Authorization'].should match(/^MyService /)
|
121
|
+
end
|
122
|
+
|
123
|
+
it "should create a complete signature using options" do
|
124
|
+
@store.should_receive(:[]).with('my-key-id').and_return('secret')
|
125
|
+
@authhmac.sign!(@put_request, "my-key-id")
|
126
|
+
@put_request['Authorization'].should == "MyService my-key-id:/L4N1v1BZSHfAYkQjsvZn696D9c="
|
127
|
+
end
|
128
|
+
end
|
129
|
+
end
|
130
|
+
|
131
|
+
describe "authenticated?" do
|
132
|
+
before(:each) do
|
133
|
+
@credentials = load_fixture
|
134
|
+
@authhmac = KingHmac::Auth.new(@credentials)
|
135
|
+
@request = Net::HTTP::Get.new("/path/to/get?foo=bar&bar=foo", 'date' => "Thu, 10 Jul 2008 03:29:56 GMT")
|
136
|
+
end
|
137
|
+
|
138
|
+
it "should return false when there is no Authorization Header" do
|
139
|
+
@authhmac.authenticated?(@request).should be_false
|
140
|
+
end
|
141
|
+
|
142
|
+
it "should return false when the Authorization value isn't prefixed with HMAC" do
|
143
|
+
@request['Authorization'] = "id:secret"
|
144
|
+
@authhmac.authenticated?(@request).should be_false
|
145
|
+
end
|
146
|
+
|
147
|
+
it "should return false when the access key id can't be found" do
|
148
|
+
@request['Authorization'] = 'KingHmac::Auth missing-key:blah'
|
149
|
+
@authhmac.authenticated?(@request).should be_false
|
150
|
+
end
|
151
|
+
|
152
|
+
it "should return false when there is no hmac" do
|
153
|
+
@request['Authorization'] = 'KingHmac::Auth missing-key:'
|
154
|
+
@authhmac.authenticated?(@request).should be_false
|
155
|
+
end
|
156
|
+
|
157
|
+
it "should return false when the hmac doesn't match" do
|
158
|
+
@request['Authorization'] = 'KingHmac::Auth access key 1:blah'
|
159
|
+
@authhmac.authenticated?(@request).should be_false
|
160
|
+
end
|
161
|
+
|
162
|
+
it "should return false if the request was modified after signing" do
|
163
|
+
@authhmac.sign!(@request, 'access key 1')
|
164
|
+
@request.content_type = 'text/plain'
|
165
|
+
@authhmac.authenticated?(@request).should be_false
|
166
|
+
end
|
167
|
+
|
168
|
+
it "should return true when the hmac does match" do
|
169
|
+
@authhmac.sign!(@request, 'access key 1')
|
170
|
+
@authhmac.authenticated?(@request).should be_true
|
171
|
+
end
|
172
|
+
|
173
|
+
describe "custom signatures" do
|
174
|
+
before(:each) do
|
175
|
+
@options = {
|
176
|
+
:service_id => 'MyService',
|
177
|
+
:signature => CustomSignature
|
178
|
+
}
|
179
|
+
end
|
180
|
+
|
181
|
+
it "should return false for invalid service id" do
|
182
|
+
@authhmac.sign!(@request, 'access key 1')
|
183
|
+
KingHmac::Auth.new(@credentials, @options.except(:signature)).authenticated?(@request).should be_false
|
184
|
+
end
|
185
|
+
|
186
|
+
it "should return false for request using default CanonicalString signature" do
|
187
|
+
@authhmac.sign!(@request, 'access key 1')
|
188
|
+
KingHmac::Auth.new(@credentials, @options.except(:service_id)).authenticated?(@request).should be_false
|
189
|
+
end
|
190
|
+
|
191
|
+
it "should return true when valid" do
|
192
|
+
@authhmac = KingHmac::Auth.new(@credentials, @options)
|
193
|
+
@authhmac.sign!(@request, 'access key 1')
|
194
|
+
@authhmac.authenticated?(@request).should be_true
|
195
|
+
end
|
196
|
+
end
|
197
|
+
end
|
198
|
+
|
199
|
+
describe "#sign! with YAML credentials" do
|
200
|
+
before(:each) do
|
201
|
+
@authhmac = KingHmac::Auth.new(load_fixture)
|
202
|
+
@request = Net::HTTP::Get.new("/path/to/get?foo=bar&bar=foo", 'date' => "Thu, 10 Jul 2008 03:29:56 GMT")
|
203
|
+
end
|
204
|
+
|
205
|
+
it "should raise an argument error if credentials are missing" do
|
206
|
+
lambda { @authhmac.sign!(@request, 'missing') }.should raise_error(ArgumentError)
|
207
|
+
end
|
208
|
+
|
209
|
+
it "should sign with the secret" do
|
210
|
+
@authhmac.sign!(@request, "access key 1")
|
211
|
+
@request['Authorization'].should == "KingHmac::Auth access key 1:ovwO0OBERuF3/uR3aowaUCkFMiE="
|
212
|
+
end
|
213
|
+
|
214
|
+
it "should sign with the other secret" do
|
215
|
+
@authhmac.sign!(@request, "access key 2")
|
216
|
+
@request['Authorization'].should == "KingHmac::Auth access key 2:vT010RQm4IZ6+UCVpK2/N0FLpLw="
|
217
|
+
end
|
218
|
+
end
|
219
|
+
|
220
|
+
describe KingHmac::CanonicalString do
|
221
|
+
it "should include the http verb when it is GET" do
|
222
|
+
request = Net::HTTP::Get.new("/")
|
223
|
+
KingHmac::CanonicalString.new(request).should match(/GET/)
|
224
|
+
end
|
225
|
+
|
226
|
+
it "should include the http verb when it is POST" do
|
227
|
+
request = Net::HTTP::Post.new("/")
|
228
|
+
KingHmac::CanonicalString.new(request).should match(/POST/)
|
229
|
+
end
|
230
|
+
|
231
|
+
it "should include the content-type" do
|
232
|
+
request = Net::HTTP::Put.new("/", {'Content-Type' => 'application/xml'})
|
233
|
+
KingHmac::CanonicalString.new(request).should match(/application\/xml/)
|
234
|
+
end
|
235
|
+
|
236
|
+
it "should include the content-type even if the case is messed up" do
|
237
|
+
request = Net::HTTP::Put.new("/", {'cOntent-type' => 'text/html'})
|
238
|
+
KingHmac::CanonicalString.new(request).should match(/text\/html/)
|
239
|
+
end
|
240
|
+
|
241
|
+
it "should include the content-md5" do
|
242
|
+
request = Net::HTTP::Put.new("/", {'Content-MD5' => 'skwkend'})
|
243
|
+
KingHmac::CanonicalString.new(request).should match(/skwkend/)
|
244
|
+
end
|
245
|
+
|
246
|
+
it "should include the content-md5 even if the case is messed up" do
|
247
|
+
request = Net::HTTP::Put.new("/", {'content-md5' => 'adsada'})
|
248
|
+
KingHmac::CanonicalString.new(request).should match(/adsada/)
|
249
|
+
end
|
250
|
+
|
251
|
+
it "should include the date" do
|
252
|
+
date = Time.now.httpdate
|
253
|
+
request = Net::HTTP::Put.new("/", {'Date' => date})
|
254
|
+
KingHmac::CanonicalString.new(request).should match(/#{date}/)
|
255
|
+
end
|
256
|
+
|
257
|
+
it "should include the request path" do
|
258
|
+
request = Net::HTTP::Get.new("/path/to/file")
|
259
|
+
KingHmac::CanonicalString.new(request).should match(/\/path\/to\/file[^?]?/)
|
260
|
+
end
|
261
|
+
|
262
|
+
it "should ignore the query string of the request path" do
|
263
|
+
request = Net::HTTP::Get.new("/other/path/to/file?query=foo")
|
264
|
+
KingHmac::CanonicalString.new(request).should match(/\/other\/path\/to\/file[^?]?/)
|
265
|
+
end
|
266
|
+
|
267
|
+
it "should build the correct string" do
|
268
|
+
date = Time.now.httpdate
|
269
|
+
request = Net::HTTP::Put.new("/path/to/put?foo=bar&bar=foo",
|
270
|
+
'content-type' => 'text/plain',
|
271
|
+
'content-md5' => 'blahblah',
|
272
|
+
'date' => date)
|
273
|
+
KingHmac::CanonicalString.new(request).should == "PUT\ntext/plain\nblahblah\n#{date}\n/path/to/put"
|
274
|
+
end
|
275
|
+
|
276
|
+
it "should build the correct string when some elements are missing" do
|
277
|
+
date = Time.now.httpdate
|
278
|
+
request = Net::HTTP::Get.new("/path/to/get?foo=bar&bar=foo",
|
279
|
+
'date' => date)
|
280
|
+
KingHmac::CanonicalString.new(request).should == "GET\n\n\n#{date}\n/path/to/get"
|
281
|
+
end
|
282
|
+
end
|
283
|
+
=begin
|
284
|
+
describe KingHmac::Auth::Rails::ControllerFilter do
|
285
|
+
class TestController < ActionController::Base
|
286
|
+
with_auth_hmac YAML.load(File.read(File.join(File.dirname(__FILE__), 'fixtures', 'credentials.yml'))),
|
287
|
+
:only => [:index]
|
288
|
+
|
289
|
+
def index
|
290
|
+
render :nothing => true, :status => :ok
|
291
|
+
end
|
292
|
+
|
293
|
+
def public
|
294
|
+
render :nothing => true, :status => :ok
|
295
|
+
end
|
296
|
+
|
297
|
+
def rescue_action(e) raise(e) end
|
298
|
+
end
|
299
|
+
|
300
|
+
class MessageTestController < ActionController::Base
|
301
|
+
with_auth_hmac YAML.load(File.read(File.join(File.dirname(__FILE__), 'fixtures', 'credentials.yml'))),
|
302
|
+
:failure_message => "Stay away!", :except => :public
|
303
|
+
|
304
|
+
def index
|
305
|
+
render :nothing => true, :status => :ok
|
306
|
+
end
|
307
|
+
|
308
|
+
def public
|
309
|
+
render :nothing => true, :status => :ok
|
310
|
+
end
|
311
|
+
|
312
|
+
def rescue_action(e) raise(e) end
|
313
|
+
end
|
314
|
+
|
315
|
+
class NilCredentialsController < ActionController::Base
|
316
|
+
with_auth_hmac nil
|
317
|
+
before_filter :force_auth
|
318
|
+
|
319
|
+
def index
|
320
|
+
render :nothing => true, :status => :ok
|
321
|
+
end
|
322
|
+
|
323
|
+
def public
|
324
|
+
render :nothing => true, :status => :ok
|
325
|
+
end
|
326
|
+
|
327
|
+
def rescue_action(e) raise(e) end
|
328
|
+
|
329
|
+
private
|
330
|
+
def force_auth
|
331
|
+
hmac_authenticated?
|
332
|
+
end
|
333
|
+
end
|
334
|
+
|
335
|
+
class CustomTestController < ActionController::Base
|
336
|
+
with_auth_hmac YAML.load(File.read(File.join(File.dirname(__FILE__), 'fixtures', 'credentials.yml'))),
|
337
|
+
:failure_message => "Stay away!",
|
338
|
+
:except => :public,
|
339
|
+
:hmac => { :service_id => 'MyService', :signature => CustomSignature }
|
340
|
+
|
341
|
+
def index
|
342
|
+
render :nothing => true, :status => :ok
|
343
|
+
end
|
344
|
+
|
345
|
+
def public
|
346
|
+
render :nothing => true, :status => :ok
|
347
|
+
end
|
348
|
+
|
349
|
+
def rescue_action(e) raise(e) end
|
350
|
+
end
|
351
|
+
|
352
|
+
describe NilCredentialsController do
|
353
|
+
it "should not raise an error when credentials are nil" do
|
354
|
+
request = ActionController::TestRequest.new
|
355
|
+
request.action = 'index'
|
356
|
+
request.path = "/index"
|
357
|
+
lambda do
|
358
|
+
NilCredentialsController.new.process(request, ActionController::TestResponse.new).code.should == "200"
|
359
|
+
end.should_not raise_error
|
360
|
+
end
|
361
|
+
end
|
362
|
+
|
363
|
+
describe TestController do
|
364
|
+
it "should allow a request with the proper hmac" do
|
365
|
+
request = ActionController::TestRequest.new
|
366
|
+
request.env['Authorization'] = "KingHmac::Auth access key 1:6BVEVfAyIDoI3K+WallRMnDxROQ="
|
367
|
+
request.env['DATE'] = "Thu, 10 Jul 2008 03:29:56 GMT"
|
368
|
+
request.action = 'index'
|
369
|
+
request.path = "/index"
|
370
|
+
TestController.new.process(request, ActionController::TestResponse.new).code.should == "200"
|
371
|
+
end
|
372
|
+
|
373
|
+
it "should reject a request with no hmac" do
|
374
|
+
request = ActionController::TestRequest.new
|
375
|
+
request.action = 'index'
|
376
|
+
TestController.new.process(request, ActionController::TestResponse.new).code.should == "401"
|
377
|
+
end
|
378
|
+
|
379
|
+
it "should reject a request with the wrong hmac" do
|
380
|
+
request = ActionController::TestRequest.new
|
381
|
+
request.action = 'index'
|
382
|
+
request.env['Authorization'] = "KingHmac::Auth bogus:bogus"
|
383
|
+
TestController.new.process(request, ActionController::TestResponse.new).code.should == "401"
|
384
|
+
end
|
385
|
+
|
386
|
+
it "should include a WWW-Authenticate header with the schema KingHmac::Auth" do
|
387
|
+
request = ActionController::TestRequest.new
|
388
|
+
request.action = 'index'
|
389
|
+
request.env['Authorization'] = "KingHmac::Auth bogus:bogus"
|
390
|
+
TestController.new.process(request, ActionController::TestResponse.new).headers['WWW-Authenticate'].should == "KingHmac::Auth"
|
391
|
+
end
|
392
|
+
|
393
|
+
it "should include a default error message" do
|
394
|
+
request = ActionController::TestRequest.new
|
395
|
+
request.action = 'index'
|
396
|
+
request.env['Authorization'] = "KingHmac::Auth bogus:bogus"
|
397
|
+
TestController.new.process(request, ActionController::TestResponse.new).body.should == "HMAC Authentication failed"
|
398
|
+
end
|
399
|
+
|
400
|
+
it "should allow anything to access the public action (using only)" do
|
401
|
+
request = ActionController::TestRequest.new
|
402
|
+
request.action = 'public'
|
403
|
+
TestController.new.process(request, ActionController::TestResponse.new).code.should == "200"
|
404
|
+
end
|
405
|
+
end
|
406
|
+
|
407
|
+
describe MessageTestController do
|
408
|
+
it "should reject a request with a given message" do
|
409
|
+
request = ActionController::TestRequest.new
|
410
|
+
request.action = 'index'
|
411
|
+
request.env['Authorization'] = "KingHmac::Auth bogus:bogus"
|
412
|
+
MessageTestController.new.process(request, ActionController::TestResponse.new).body.should == "Stay away!"
|
413
|
+
end
|
414
|
+
|
415
|
+
it "should allow anything to access the public action (using except)" do
|
416
|
+
request = ActionController::TestRequest.new
|
417
|
+
request.action = 'public'
|
418
|
+
MessageTestController.new.process(request, ActionController::TestResponse.new).code.should == "200"
|
419
|
+
end
|
420
|
+
end
|
421
|
+
|
422
|
+
describe CustomTestController do
|
423
|
+
it "should allow a request with the proper hmac" do
|
424
|
+
request = ActionController::TestRequest.new
|
425
|
+
request.env['Authorization'] = "MyService access key 1:J2W4dOrv/sGsL0C5adnZYiQ3d70="
|
426
|
+
request.env['DATE'] = "Thu, 10 Jul 2008 03:29:56 GMT"
|
427
|
+
request.action = 'index'
|
428
|
+
request.path = "/index"
|
429
|
+
CustomTestController.new.process(request, ActionController::TestResponse.new).code.should == "200"
|
430
|
+
end
|
431
|
+
|
432
|
+
it "should reject a request with no hmac" do
|
433
|
+
request = ActionController::TestRequest.new
|
434
|
+
request.action = 'index'
|
435
|
+
CustomTestController.new.process(request, ActionController::TestResponse.new).code.should == "401"
|
436
|
+
end
|
437
|
+
|
438
|
+
it "should reject a request with the wrong hmac" do
|
439
|
+
request = ActionController::TestRequest.new
|
440
|
+
request.action = 'index'
|
441
|
+
request.env['Authorization'] = "KingHmac::Auth bogus:bogus"
|
442
|
+
CustomTestController.new.process(request, ActionController::TestResponse.new).code.should == "401"
|
443
|
+
end
|
444
|
+
|
445
|
+
it "should reject a request with a given message" do
|
446
|
+
request = ActionController::TestRequest.new
|
447
|
+
request.action = 'index'
|
448
|
+
request.env['Authorization'] = "KingHmac::Auth bogus:bogus"
|
449
|
+
CustomTestController.new.process(request, ActionController::TestResponse.new).body.should == "Stay away!"
|
450
|
+
end
|
451
|
+
|
452
|
+
it "should allow anything to access the public action (using except)" do
|
453
|
+
request = ActionController::TestRequest.new
|
454
|
+
request.action = 'public'
|
455
|
+
CustomTestController.new.process(request, ActionController::TestResponse.new).code.should == "200"
|
456
|
+
end
|
457
|
+
end
|
458
|
+
end
|
459
|
+
|
460
|
+
describe KingHmac::Auth::Rails::ActiveResourceExtension do
|
461
|
+
class TestResource < ActiveResource::Base
|
462
|
+
with_auth_hmac("access_id", "secret")
|
463
|
+
self.site = "http://localhost/"
|
464
|
+
end
|
465
|
+
|
466
|
+
class CustomTestResource < ActiveResource::Base
|
467
|
+
with_auth_hmac("access_id", "secret", { :service_id => 'MyService', :signature => CustomSignature })
|
468
|
+
self.site = "http://localhost/"
|
469
|
+
end
|
470
|
+
|
471
|
+
describe TestResource do
|
472
|
+
it "should send requests using HMAC authentication" do
|
473
|
+
now = Time.parse("Thu, 10 Jul 2008 03:29:56 GMT")
|
474
|
+
Time.should_receive(:now).at_least(1).and_return(now)
|
475
|
+
ActiveResource::HttpMock.respond_to do |mock|
|
476
|
+
mock.get "/test_resources/1.xml",
|
477
|
+
{
|
478
|
+
'Authorization' => 'KingHmac::Auth access_id:44dvKATf4xanDtypqEA0EFYvOgI=',
|
479
|
+
'Accept' => 'application/xml',
|
480
|
+
'Date' => "Thu, 10 Jul 2008 03:29:56 GMT"
|
481
|
+
},
|
482
|
+
{ :id => "1" }.to_xml(:root => 'test_resource')
|
483
|
+
end
|
484
|
+
TestResource.find(1)
|
485
|
+
end
|
486
|
+
end
|
487
|
+
|
488
|
+
describe CustomTestResource do
|
489
|
+
it "should send requests using HMAC authentication" do
|
490
|
+
now = Time.parse("Thu, 10 Jul 2008 03:29:56 GMT")
|
491
|
+
Time.should_receive(:now).at_least(1).and_return(now)
|
492
|
+
ActiveResource::HttpMock.respond_to do |mock|
|
493
|
+
mock.get "/custom_test_resources/1.xml",
|
494
|
+
{
|
495
|
+
'Authorization' => 'MyService access_id:ZwCBL2rWLOMnwRrdF7wWEdJn7yA=',
|
496
|
+
'Accept' => 'application/xml',
|
497
|
+
'Date' => "Thu, 10 Jul 2008 03:29:56 GMT"
|
498
|
+
},
|
499
|
+
{ :id => "1" }.to_xml(:root => 'custom_test_resource')
|
500
|
+
end
|
501
|
+
CustomTestResource.find(1)
|
502
|
+
end
|
503
|
+
end
|
504
|
+
end
|
505
|
+
=end
|
506
|
+
end
|
data/spec/spec_helper.rb
ADDED
@@ -0,0 +1,21 @@
|
|
1
|
+
require 'rubygems'
|
2
|
+
require 'spec'
|
3
|
+
require "net/http"
|
4
|
+
require 'time'
|
5
|
+
require 'yaml'
|
6
|
+
gem 'actionpack'
|
7
|
+
gem 'activeresource'
|
8
|
+
require 'action_controller'
|
9
|
+
require 'action_controller/test_process'
|
10
|
+
require 'active_resource'
|
11
|
+
require 'active_resource/http_mock'
|
12
|
+
|
13
|
+
require "#{File.dirname(__FILE__)}/../lib/king_hmac"
|
14
|
+
|
15
|
+
|
16
|
+
|
17
|
+
def load_fixture
|
18
|
+
YAML.load(File.read(File.join(File.dirname(__FILE__), 'fixtures', 'credentials.yml')))
|
19
|
+
end
|
20
|
+
|
21
|
+
|
metadata
ADDED
@@ -0,0 +1,90 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: king_hmac
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
prerelease: false
|
5
|
+
segments:
|
6
|
+
- 1
|
7
|
+
- 0
|
8
|
+
- 0
|
9
|
+
version: 1.0.0
|
10
|
+
platform: ruby
|
11
|
+
authors:
|
12
|
+
- Georg Leciejewski
|
13
|
+
autorequire:
|
14
|
+
bindir: bin
|
15
|
+
cert_chain: []
|
16
|
+
|
17
|
+
date: 2010-04-10 00:00:00 +02:00
|
18
|
+
default_executable:
|
19
|
+
dependencies:
|
20
|
+
- !ruby/object:Gem::Dependency
|
21
|
+
name: rspec
|
22
|
+
prerelease: false
|
23
|
+
requirement: &id001 !ruby/object:Gem::Requirement
|
24
|
+
requirements:
|
25
|
+
- - ">="
|
26
|
+
- !ruby/object:Gem::Version
|
27
|
+
segments:
|
28
|
+
- 0
|
29
|
+
version: "0"
|
30
|
+
type: :development
|
31
|
+
version_requirements: *id001
|
32
|
+
description: A Ruby Gem for authenticating HTTP requests using a HMAC
|
33
|
+
email: gl@salesking.eu
|
34
|
+
executables: []
|
35
|
+
|
36
|
+
extensions: []
|
37
|
+
|
38
|
+
extra_rdoc_files:
|
39
|
+
- README.rdoc
|
40
|
+
files:
|
41
|
+
- .gitignore
|
42
|
+
- MIT-LICENSE
|
43
|
+
- README.rdoc
|
44
|
+
- Rakefile
|
45
|
+
- VERSION
|
46
|
+
- init.rb
|
47
|
+
- king_hmac.gemspec
|
48
|
+
- lib/king_hmac.rb
|
49
|
+
- lib/king_hmac/auth.rb
|
50
|
+
- lib/king_hmac/cannonical_string.rb
|
51
|
+
- lib/king_hmac/headers.rb
|
52
|
+
- lib/king_hmac/rack/middleware.rb
|
53
|
+
- lib/king_hmac/rails/active_resource.rb
|
54
|
+
- lib/king_hmac/rails/controller.rb
|
55
|
+
- spec/fixtures/credentials.yml
|
56
|
+
- spec/king_hmac/king_hmac_spec.rb
|
57
|
+
- spec/spec_helper.rb
|
58
|
+
has_rdoc: true
|
59
|
+
homepage: http://github.com/salesking/king_hmac
|
60
|
+
licenses: []
|
61
|
+
|
62
|
+
post_install_message:
|
63
|
+
rdoc_options:
|
64
|
+
- --charset=UTF-8
|
65
|
+
require_paths:
|
66
|
+
- lib
|
67
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
68
|
+
requirements:
|
69
|
+
- - ">="
|
70
|
+
- !ruby/object:Gem::Version
|
71
|
+
segments:
|
72
|
+
- 0
|
73
|
+
version: "0"
|
74
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
75
|
+
requirements:
|
76
|
+
- - ">="
|
77
|
+
- !ruby/object:Gem::Version
|
78
|
+
segments:
|
79
|
+
- 0
|
80
|
+
version: "0"
|
81
|
+
requirements: []
|
82
|
+
|
83
|
+
rubyforge_project:
|
84
|
+
rubygems_version: 1.3.6
|
85
|
+
signing_key:
|
86
|
+
specification_version: 3
|
87
|
+
summary: A Ruby Gem for authenticating HTTP requests using a HMAC
|
88
|
+
test_files:
|
89
|
+
- spec/king_hmac/king_hmac_spec.rb
|
90
|
+
- spec/spec_helper.rb
|