mauth-client 5.0.2 → 5.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +3 -0
  3. data/doc/mauth.yml.md +6 -0
  4. data/lib/mauth/client/authenticator_base.rb +13 -2
  5. data/lib/mauth/request_and_response.rb +26 -16
  6. data/lib/mauth/version.rb +1 -1
  7. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 1f5fc7f62399a4835be8f3f8b8158c6cdac97e9cba3b6103aa4d714755a7b876
4
- data.tar.gz: e8c7414fff883d6d20a946b7486e7dc729435ef3ded2773db88a3be73ef137a3
3
+ metadata.gz: 73a877135a7440cd3137c471873a1ac760304a31cac524189045448c122dc2a8
4
+ data.tar.gz: e817da8c2d7de3e5d2629de33ded9f8e5985cbc6923dca057de49738460d6ea1
5
5
  SHA512:
6
- metadata.gz: 89ba02ee21708b2c9db961ab1388282e1d0ebb5255360e12a02d64fa77c1b5aa39949a21da3e55c2c5f34e4fe74e0beb86231a138db6b308284ace48f254a2ca
7
- data.tar.gz: a6b343856370bec0e8e2a32dedc274209070262336ac23d7cf9cbaee7ae99a97741dfcfae4148825601b09e9381369aa0d825e801428aae1bdfc7ed5a0c2f9bb
6
+ metadata.gz: ca1e092bbfbc376f1dac96da7198fdc94b234ccd9086a373de69d4ee7e638971e964ab5a549330beeacbf811b2b3990fbef6d7672b498a42d07c6d5518f7e6ad
7
+ data.tar.gz: 230c42bd030c4bac0dab46c365acda69d8011ab06060156a7244c9f1319ca9248630f2ba29c5c35732d456be8d0734260580c8c1cda0ee40bd8f0182970dadec
data/CHANGELOG.md CHANGED
@@ -1,3 +1,6 @@
1
+ ## v5.1.0
2
+ - Fall back to V1 when V2 authentication fails.
3
+
1
4
  ## v5.0.2
2
5
  - Fix to not raise FrozenError when string to sign contains frozen value.
3
6
 
data/doc/mauth.yml.md CHANGED
@@ -29,6 +29,8 @@ common: &common
29
29
  SIY2exfsy7Y8NoOnBPlGiXKhgaF21T8kqV9C7R6OAuP0U6CgMJnINx/UjozvBENH
30
30
  Ux45QdvRd6vai8nHp7AgV7rr55SxXAZVgATll84uBUpfpmC6YK/j
31
31
  -----END RSA PRIVATE KEY-----
32
+ v2_only_authenticate: false
33
+ v2_only_sign_requests: false
32
34
 
33
35
  production:
34
36
  <<: *common
@@ -46,6 +48,8 @@ common: &common
46
48
  mauth_api_version: v1
47
49
  app_uuid: 123we997-0333-44d8-8fCf-5dd555c5bd51
48
50
  private_key_file: config/my_mauth_private.key
51
+ v2_only_authenticate: false
52
+ v2_only_sign_requests: false
49
53
 
50
54
  production:
51
55
  <<: *common
@@ -62,6 +66,8 @@ test:
62
66
  - `app_uuid` - Required in the same circumstances where a `private_key` is required.
63
67
  - `mauth_baseurl` - Required for authentication but not for signing. Needed for local authentication to retrieve public keys and for remote authentication. Usually this is `https://mauth.imedidata.com` for production.
64
68
  - `mauth_api_version` - Required for authentication but not for signing. only `v1` exists as of this writing.
69
+ - `v2_only_authenticate` - If true, all outgoing requests will be signed with only the V2 protocol.
70
+ - `v2_only_sign_requests` - If true, any incoming request or incoming response that does not use the V2 protocol will be rejected.
65
71
 
66
72
  ## Usage in your application
67
73
 
data/lib/mauth/client/authenticator_base.rb CHANGED
@@ -19,10 +19,21 @@ module MAuth
19
19
 
20
20
  # raises InauthenticError unless the given object is authentic. Will only
21
21
  # authenticate with v2 if the environment variable V2_ONLY_AUTHENTICATE
22
- # is set. Otherwise will authenticate with only the highest protocol version present
22
+ # is set. Otherwise will fallback to v1 when v2 authentication fails
23
23
  def authenticate!(object)
24
24
  if object.protocol_version == 2
25
- authenticate_v2!(object)
25
+ begin
26
+ authenticate_v2!(object)
27
+ rescue InauthenticError => e
28
+ raise e if v2_only_authenticate?
29
+
30
+ object.fall_back_to_mws_signature_info
31
+ raise e unless object.signature
32
+
33
+ log_authentication_request(object)
34
+ authenticate_v1!(object)
35
+ logger.warn("Completed successful authentication attempt after fallback to v1")
36
+ end
26
37
  elsif object.protocol_version == 1
27
38
  if v2_only_authenticate?
28
39
  # If v2 is required but not present and v1 is present we raise MissingV2Error
data/lib/mauth/request_and_response.rb CHANGED
@@ -59,9 +59,9 @@ module MAuth
59
59
 
60
60
  # memoization of body_digest to avoid hashing three times when we call
61
61
  # string_to_sign_v2 three times in client#signature_valid_v2!
62
- # note that if :body is nil we hash an empty string ("")
63
- attrs_with_overrides[:body_digest] ||= Digest::SHA512.hexdigest(attrs_with_overrides[:body].to_s)
64
- attrs_with_overrides[:encoded_query_params] = encode_query_string(attrs_with_overrides[:query_string].to_s)
62
+ # note that if :body is nil we hash an empty string ('')
63
+ attrs_with_overrides[:body_digest] ||= Digest::SHA512.hexdigest(attrs_with_overrides[:body] || '')
64
+ attrs_with_overrides[:encoded_query_params] = encode_query_string(attrs_with_overrides[:query_string] || '')
65
65
 
66
66
  missing_attributes = self.class::SIGNATURE_COMPONENTS_V2.reject do |key|
67
67
  attrs_with_overrides.dig(key)
@@ -115,23 +115,17 @@ module MAuth
115
115
  # - #x_mws_authentication which returns that header's value
116
116
  # - #x_mws_time
117
117
  module Signed
118
- # mauth_client will authenticate with the highest protocol version present and ignore other
119
- # protocol versions.
118
+ # mauth_client will authenticate with the highest protocol version present and if authentication fails,
119
+ # will fallback to lower protocol versions (if provided).
120
120
  # returns a hash with keys :token, :app_uuid, and :signature parsed from the MCC-Authentication header
121
121
  # if it is present and if not then the X-MWS-Authentication header if it is present.
122
122
  # Note MWSV2 protocol no longer allows more than one space between the token and app uuid.
123
123
  def signature_info
124
- @signature_info ||= begin
125
- match = if mcc_authentication
126
- mcc_authentication.match(
127
- /\A(#{MAuth::Client::MWSV2_TOKEN}) ([^:]+):([^:]+)#{MAuth::Client::AUTH_HEADER_DELIMITER}\z/
128
- )
129
- elsif x_mws_authentication
130
- x_mws_authentication.match(/\A([^ ]+) *([^:]+):([^:]+)\z/)
131
- end
132
-
133
- match ? { token: match[1], app_uuid: match[2], signature: match[3] } : {}
134
- end
124
+ @signature_info ||= build_signature_info(mcc_data || x_mws_data)
125
+ end
126
+
127
+ def fall_back_to_mws_signature_info
128
+ @signature_info = build_signature_info(x_mws_data)
135
129
  end
136
130
 
137
131
  def signature_app_uuid
@@ -153,6 +147,22 @@ module MAuth
153
147
  1
154
148
  end
155
149
  end
150
+
151
+ private
152
+
153
+ def build_signature_info(match_data)
154
+ match_data ? { token: match_data[1], app_uuid: match_data[2], signature: match_data[3] } : {}
155
+ end
156
+
157
+ def mcc_data
158
+ mcc_authentication&.match(
159
+ /\A(#{MAuth::Client::MWSV2_TOKEN}) ([^:]+):([^:]+)#{MAuth::Client::AUTH_HEADER_DELIMITER}\z/
160
+ )
161
+ end
162
+
163
+ def x_mws_data
164
+ x_mws_authentication&.match(/\A([^ ]+) *([^:]+):([^:]+)\z/)
165
+ end
156
166
  end
157
167
 
158
168
  # virtual base class for signable requests
data/lib/mauth/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module MAuth
2
- VERSION = '5.0.2'.freeze
2
+ VERSION = '5.1.0'.freeze
3
3
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: mauth-client
3
3
  version: !ruby/object:Gem::Version
4
- version: 5.0.2
4
+ version: 5.1.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Matthew Szenher
@@ -11,7 +11,7 @@ authors:
11
11
  autorequire:
12
12
  bindir: exe
13
13
  cert_chain: []
14
- date: 2019-08-21 00:00:00.000000000 Z
14
+ date: 2020-01-15 00:00:00.000000000 Z
15
15
  dependencies:
16
16
  - !ruby/object:Gem::Dependency
17
17
  name: faraday