mauth-client 4.0.2 → 4.0.3

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: a21d16b8275a278bf76abd03b2a36c59789ef493
4
- data.tar.gz: a2a371bfe255763a721f2cc3566865d86264e17d
3
+ metadata.gz: 1f18ac348ac61d91254ad0c5dea4874b5e76f486
4
+ data.tar.gz: 1516ee5f2fe7e7f26369e4d6878e9c5c6a220457
5
5
  SHA512:
6
- metadata.gz: 3a9f889083c41d625ce4783f903b4edb94aefa7ea294aed7b6d1f3b9b6b2cf8d9d65121c3976c0bcb3903b9537bc5f615a09891177151a0734da5f333183a0f2
7
- data.tar.gz: 4be1f2f77de4305c4b3bdb3dddf64655233b5a9a1779e03fa1b245666c464001acad2b1a4c800edbd5a6d9e3ecc30b03a0e2892729db4e6573b9d782e687bd08
6
+ metadata.gz: b46db4cd5a12bcf4a7df96e97a529b505a773eb303b62e722c8d447e16a1667c1613cd0c5a71e7d8faaf661ee9022d41a2f9b5f7e95832d9ec6808eebb19cab9
7
+ data.tar.gz: 18d84c20776c619f5821056b491d25b21a4ed9387bb89de4b2283740bffcaec4d793a807fe1eb9f8b17f452f6a3d44473d6bb62220f8331fb83fd8560a20ac1a
data/CHANGELOG.md CHANGED
@@ -1,5 +1,8 @@
1
1
  # MAuth-Client History
2
2
 
3
+ ## v4.0.3
4
+ - Updated signature to decode number sign (#) in requests
5
+
3
6
  ## v4.0.2
4
7
  - Store the config data to not load the config file multiple times
5
8
 
data/lib/mauth/client.rb CHANGED
@@ -364,8 +364,7 @@ module MAuth
364
364
  expected_for_percent_reencoding = object.string_to_sign(time: object.x_mws_time, app_uuid: object.signature_app_uuid)
365
365
 
366
366
  # do a moderately complex Euresource-style reencoding of the path
367
- object.attributes_for_signing[:request_url] = CGI.escape(original_request_uri.to_s)
368
- object.attributes_for_signing[:request_url].gsub!('%2F', '/') # ...and then 'simply' decode the %2F's back into /'s, just like Euresource kind of does!
367
+ object.attributes_for_signing[:request_url] = euresource_escape(original_request_uri.to_s)
369
368
  expected_euresource_style_reencoding = object.string_to_sign(time: object.x_mws_time, app_uuid: object.signature_app_uuid)
370
369
 
371
370
  # reset the object original request_uri, just in case we need it again
@@ -383,6 +382,13 @@ module MAuth
383
382
  end
384
383
  end
385
384
 
385
+ # Note: RFC 3986 (https://www.ietf.org/rfc/rfc3986.txt) reserves the forward slash "/"
386
+ # and number sign "#" as component delimiters. Since these are valid URI components,
387
+ # they are decoded back into characters here to avoid signature invalidation
388
+ def euresource_escape(str)
389
+ CGI.escape(str).gsub(/%2F|%23/, "%2F" => "/", "%23" => "#")
390
+ end
391
+
386
392
  def retrieve_public_key(app_uuid)
387
393
  retrieve_security_token(app_uuid)['security_token']['public_key_str']
388
394
  end
data/lib/mauth/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module MAuth
2
- VERSION = '4.0.2'.freeze
2
+ VERSION = '4.0.3'.freeze
3
3
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: mauth-client
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.0.2
4
+ version: 4.0.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Matthew Szenher
@@ -11,7 +11,7 @@ authors:
11
11
  autorequire:
12
12
  bindir: exe
13
13
  cert_chain: []
14
- date: 2017-01-11 00:00:00.000000000 Z
14
+ date: 2017-05-11 00:00:00.000000000 Z
15
15
  dependencies:
16
16
  - !ruby/object:Gem::Dependency
17
17
  name: faraday