mixlib-authentication 1.1.0 → 1.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. data/Rakefile +1 -1
  2. data/lib/mixlib/authentication/signatureverification.rb +13 -4
  3. data/lib/mixlib/authentication/signedheaderauth.rb +6 -1
  4. metadata +3 -3
data/Rakefile CHANGED
@@ -5,7 +5,7 @@ require 'date'
5
5
  require 'spec/rake/spectask'
6
6
 
7
7
  GEM = "mixlib-authentication"
8
- GEM_VERSION = "1.1.0"
8
+ GEM_VERSION = "1.1.2"
9
9
  AUTHOR = "Opscode, Inc."
10
10
  EMAIL = "info@opscode.com"
11
11
  HOMEPAGE = "http://www.opscode.com"
data/lib/mixlib/authentication/signatureverification.rb CHANGED
@@ -66,17 +66,26 @@ module Mixlib
66
66
  @request_signature = headers.find_all { |h| h[0].to_s =~ /^x_ops_authorization_/ }.sort { |x,y| x.to_s <=> y.to_s}.map { |i| i[1] }.join("\n")
67
67
  Mixlib::Authentication::Log.debug "Reconstituted request signature: #{@request_signature}"
68
68
 
69
+ # The request signature is based on any file attached, if any. Otherwise
70
+ # it's based on the body of the request.
71
+ # TODO: tim: 2009-12-28: It'd be nice to remove this special case, and
72
+ # always hash the entire request body. In the file case it would just be
73
+ # expanded multipart text - the entire body of the POST.
74
+ #
69
75
  # Pull out any file that was attached to this request, using multipart
70
76
  # form uploads.
71
77
  # Depending on the server we're running in, multipart form uploads are
72
78
  # handed to us differently.
73
79
  # - In Passenger (Cookbooks Community Site), the File is handed to us
74
80
  # directly in the params hash. The name is whatever the client used,
75
- # its value is therefore a File or Tempfile.
81
+ # its value is therefore a File or Tempfile.
82
+ # e.g. request['file_param'] = File
83
+ #
76
84
  # - In Merb (Chef server), the File is wrapped. The original parameter
77
- # name used for the file is passed in with a Hash value. Within the hash
78
- # is a name/value pair named 'file' which actually contains the Tempfile
79
- # instance.
85
+ # name used for the file is used, but its value is a Hash. Within
86
+ # the hash is a name/value pair named 'file' which actually
87
+ # contains the Tempfile instance.
88
+ # e.g. request['file_param'] = { :file => Tempfile }
80
89
  file_param = request.params.values.find { |value| value.respond_to?(:read) }
81
90
 
82
91
  # No file_param; we're running in Merb, or it's just not there..
data/lib/mixlib/authentication/signedheaderauth.rb CHANGED
@@ -84,7 +84,12 @@ module Mixlib
84
84
  end
85
85
 
86
86
  def hashed_body
87
- @hashed_body ||= self.file ? digester.hash_file(self.file) : digester.hash_string(self.body)
87
+ # Hash the file object if it was passed in, otherwise hash based on
88
+ # the body.
89
+ # TODO: tim 2009-12-28: It'd be nice to just remove this special case,
90
+ # always sign the entire request body, using the expanded multipart
91
+ # body in the case of a file being include.
92
+ @hashed_body ||= (self.file && self.file.respond_to?(:read)) ? digester.hash_file(self.file) : digester.hash_string(self.body)
88
93
  end
89
94
 
90
95
  # Takes HTTP request method & headers and creates a canonical form
metadata CHANGED
@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
5
5
  segments:
6
6
  - 1
7
7
  - 1
8
- - 0
9
- version: 1.1.0
8
+ - 2
9
+ version: 1.1.2
10
10
  platform: ruby
11
11
  authors:
12
12
  - Opscode, Inc.
@@ -14,7 +14,7 @@ autorequire: mixlib-authentication
14
14
  bindir: bin
15
15
  cert_chain: []
16
16
 
17
- date: 2010-02-28 00:00:00 -08:00
17
+ date: 2010-03-17 00:00:00 -07:00
18
18
  default_executable:
19
19
  dependencies:
20
20
  - !ruby/object:Gem::Dependency