mauth-client 5.0.2 → 5.1.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 1f5fc7f62399a4835be8f3f8b8158c6cdac97e9cba3b6103aa4d714755a7b876
4
- data.tar.gz: e8c7414fff883d6d20a946b7486e7dc729435ef3ded2773db88a3be73ef137a3
3
+ metadata.gz: 73a877135a7440cd3137c471873a1ac760304a31cac524189045448c122dc2a8
4
+ data.tar.gz: e817da8c2d7de3e5d2629de33ded9f8e5985cbc6923dca057de49738460d6ea1
5
5
  SHA512:
6
- metadata.gz: 89ba02ee21708b2c9db961ab1388282e1d0ebb5255360e12a02d64fa77c1b5aa39949a21da3e55c2c5f34e4fe74e0beb86231a138db6b308284ace48f254a2ca
7
- data.tar.gz: a6b343856370bec0e8e2a32dedc274209070262336ac23d7cf9cbaee7ae99a97741dfcfae4148825601b09e9381369aa0d825e801428aae1bdfc7ed5a0c2f9bb
6
+ metadata.gz: ca1e092bbfbc376f1dac96da7198fdc94b234ccd9086a373de69d4ee7e638971e964ab5a549330beeacbf811b2b3990fbef6d7672b498a42d07c6d5518f7e6ad
7
+ data.tar.gz: 230c42bd030c4bac0dab46c365acda69d8011ab06060156a7244c9f1319ca9248630f2ba29c5c35732d456be8d0734260580c8c1cda0ee40bd8f0182970dadec
data/CHANGELOG.md CHANGED
@@ -1,3 +1,6 @@
1
+ ## v5.1.0
2
+ - Fall back to V1 when V2 authentication fails.
3
+
1
4
  ## v5.0.2
2
5
  - Fix to not raise FrozenError when string to sign contains frozen value.
3
6
 
data/doc/mauth.yml.md CHANGED
@@ -29,6 +29,8 @@ common: &common
29
29
  SIY2exfsy7Y8NoOnBPlGiXKhgaF21T8kqV9C7R6OAuP0U6CgMJnINx/UjozvBENH
30
30
  Ux45QdvRd6vai8nHp7AgV7rr55SxXAZVgATll84uBUpfpmC6YK/j
31
31
  -----END RSA PRIVATE KEY-----
32
+ v2_only_authenticate: false
33
+ v2_only_sign_requests: false
32
34
 
33
35
  production:
34
36
  <<: *common
@@ -46,6 +48,8 @@ common: &common
46
48
  mauth_api_version: v1
47
49
  app_uuid: 123we997-0333-44d8-8fCf-5dd555c5bd51
48
50
  private_key_file: config/my_mauth_private.key
51
+ v2_only_authenticate: false
52
+ v2_only_sign_requests: false
49
53
 
50
54
  production:
51
55
  <<: *common
@@ -62,6 +66,8 @@ test:
62
66
  - `app_uuid` - Required in the same circumstances where a `private_key` is required.
63
67
  - `mauth_baseurl` - Required for authentication but not for signing. Needed for local authentication to retrieve public keys and for remote authentication. Usually this is `https://mauth.imedidata.com` for production.
64
68
  - `mauth_api_version` - Required for authentication but not for signing. only `v1` exists as of this writing.
69
+ - `v2_only_authenticate` - If true, all outgoing requests will be signed with only the V2 protocol.
70
+ - `v2_only_sign_requests` - If true, any incoming request or incoming response that does not use the V2 protocol will be rejected.
65
71
 
66
72
  ## Usage in your application
67
73
 
@@ -19,10 +19,21 @@ module MAuth
19
19
 
20
20
  # raises InauthenticError unless the given object is authentic. Will only
21
21
  # authenticate with v2 if the environment variable V2_ONLY_AUTHENTICATE
22
- # is set. Otherwise will authenticate with only the highest protocol version present
22
+ # is set. Otherwise will fallback to v1 when v2 authentication fails
23
23
  def authenticate!(object)
24
24
  if object.protocol_version == 2
25
- authenticate_v2!(object)
25
+ begin
26
+ authenticate_v2!(object)
27
+ rescue InauthenticError => e
28
+ raise e if v2_only_authenticate?
29
+
30
+ object.fall_back_to_mws_signature_info
31
+ raise e unless object.signature
32
+
33
+ log_authentication_request(object)
34
+ authenticate_v1!(object)
35
+ logger.warn("Completed successful authentication attempt after fallback to v1")
36
+ end
26
37
  elsif object.protocol_version == 1
27
38
  if v2_only_authenticate?
28
39
  # If v2 is required but not present and v1 is present we raise MissingV2Error
@@ -59,9 +59,9 @@ module MAuth
59
59
 
60
60
  # memoization of body_digest to avoid hashing three times when we call
61
61
  # string_to_sign_v2 three times in client#signature_valid_v2!
62
- # note that if :body is nil we hash an empty string ("")
63
- attrs_with_overrides[:body_digest] ||= Digest::SHA512.hexdigest(attrs_with_overrides[:body].to_s)
64
- attrs_with_overrides[:encoded_query_params] = encode_query_string(attrs_with_overrides[:query_string].to_s)
62
+ # note that if :body is nil we hash an empty string ('')
63
+ attrs_with_overrides[:body_digest] ||= Digest::SHA512.hexdigest(attrs_with_overrides[:body] || '')
64
+ attrs_with_overrides[:encoded_query_params] = encode_query_string(attrs_with_overrides[:query_string] || '')
65
65
 
66
66
  missing_attributes = self.class::SIGNATURE_COMPONENTS_V2.reject do |key|
67
67
  attrs_with_overrides.dig(key)
@@ -115,23 +115,17 @@ module MAuth
115
115
  # - #x_mws_authentication which returns that header's value
116
116
  # - #x_mws_time
117
117
  module Signed
118
- # mauth_client will authenticate with the highest protocol version present and ignore other
119
- # protocol versions.
118
+ # mauth_client will authenticate with the highest protocol version present and if authentication fails,
119
+ # will fallback to lower protocol versions (if provided).
120
120
  # returns a hash with keys :token, :app_uuid, and :signature parsed from the MCC-Authentication header
121
121
  # if it is present and if not then the X-MWS-Authentication header if it is present.
122
122
  # Note MWSV2 protocol no longer allows more than one space between the token and app uuid.
123
123
  def signature_info
124
- @signature_info ||= begin
125
- match = if mcc_authentication
126
- mcc_authentication.match(
127
- /\A(#{MAuth::Client::MWSV2_TOKEN}) ([^:]+):([^:]+)#{MAuth::Client::AUTH_HEADER_DELIMITER}\z/
128
- )
129
- elsif x_mws_authentication
130
- x_mws_authentication.match(/\A([^ ]+) *([^:]+):([^:]+)\z/)
131
- end
132
-
133
- match ? { token: match[1], app_uuid: match[2], signature: match[3] } : {}
134
- end
124
+ @signature_info ||= build_signature_info(mcc_data || x_mws_data)
125
+ end
126
+
127
+ def fall_back_to_mws_signature_info
128
+ @signature_info = build_signature_info(x_mws_data)
135
129
  end
136
130
 
137
131
  def signature_app_uuid
@@ -153,6 +147,22 @@ module MAuth
153
147
  1
154
148
  end
155
149
  end
150
+
151
+ private
152
+
153
+ def build_signature_info(match_data)
154
+ match_data ? { token: match_data[1], app_uuid: match_data[2], signature: match_data[3] } : {}
155
+ end
156
+
157
+ def mcc_data
158
+ mcc_authentication&.match(
159
+ /\A(#{MAuth::Client::MWSV2_TOKEN}) ([^:]+):([^:]+)#{MAuth::Client::AUTH_HEADER_DELIMITER}\z/
160
+ )
161
+ end
162
+
163
+ def x_mws_data
164
+ x_mws_authentication&.match(/\A([^ ]+) *([^:]+):([^:]+)\z/)
165
+ end
156
166
  end
157
167
 
158
168
  # virtual base class for signable requests
data/lib/mauth/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module MAuth
2
- VERSION = '5.0.2'.freeze
2
+ VERSION = '5.1.0'.freeze
3
3
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: mauth-client
3
3
  version: !ruby/object:Gem::Version
4
- version: 5.0.2
4
+ version: 5.1.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Matthew Szenher
@@ -11,7 +11,7 @@ authors:
11
11
  autorequire:
12
12
  bindir: exe
13
13
  cert_chain: []
14
- date: 2019-08-21 00:00:00.000000000 Z
14
+ date: 2020-01-15 00:00:00.000000000 Z
15
15
  dependencies:
16
16
  - !ruby/object:Gem::Dependency
17
17
  name: faraday