mixlib-authentication 1.4.0.rc.1 → 1.4.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 07bcb6ac6bcde43d7a76debec94ba82dce31126b
-  data.tar.gz: e524d4f67e7834f75f1e0b02ac5678120aa92533
+  metadata.gz: 9909dd06ad5a2444688f93330b5c9128238d14e0
+  data.tar.gz: d9c72f4ae75782b00398ce12bc6823778e8aef45
 SHA512:
-  metadata.gz: a76554da7dbe898d3a123786d5edb4e4cddf476f2fedb74bfd1621b0000806f9fef907726cd16dd04c0bb2c59187eddf2a6a25b327af3598006f756665bad817
-  data.tar.gz: 4d18f87f8557dd0fa82fd67f387749d1d228d2c9cda0c747fe3aad5f2cae834940bb57d09df35ce66747fdbcb6b2392a1b02994665bbe128dc04b95030da92aa
+  metadata.gz: 606bfed6570c5fbc8c02bcf827985a07003cb191a60dada99496bf073427b91d7fb6e7db966a2c357d082f1d6306f9a8f67cb97708a119d05390db5a77fd3b2f
+  data.tar.gz: 6305dcaae186d7a39054164a7061226b11713b9e35a5f5ca91d6f2025f42d838f174e9e699e616b2786fa776ef001929d33ff53858ed3a4e534193b206aed211

data/Gemfile

@@ -2,5 +2,5 @@ source "https://rubygems.org"
 gemspec
 
 group(:development) do
-  gem 'pry'
+  gem "pry"
 end

data/NOTICE

@@ -1,7 +1,7 @@
 Mixlib::Authentication NOTICE
 =================
 
-Developed at Opscode (http://www.opscode.com).
+Developed at Chef (https://www.chef.io/).
 
- * Copyright 2009, Opscode, Inc. <legal@opscode.com>
+ * Copyright 2009-2016, Chef Software, Inc. <legal@chef.io>
 

data/{README.rdoc → README.md}

@@ -1,13 +1,14 @@
-== Mixlib::Authentication
+# Mixlib::Authentication
+[![Build Status Master](https://travis-ci.org/chef/mixlib-authentication.svg?branch=master)](https://travis-ci.org/chef/mixlib-authentication) [![Gem Version](https://badge.fury.io/rb/mixlib-authentication.svg)](https://badge.fury.io/rb/mixlib-authentication)
 
-Mixlib::Authentication provides a class-based header signing authentication object, like the one used in Chef. 
+Mixlib::Authentication provides a class-based header signing authentication object, like the one used in Chef.
 
-== License
-
-Author:: Christopher Brown (<cb@opscode.com>)
-Copyright:: Copyright (c) 2009 Opscode, Inc.
-License:: Apache License, Version 2.0
+## License
+- Author:: Christopher Brown ([cb@chef.io](mailto:cb@chef.io))
+- Copyright:: Copyright (c) 2009-2016 Chef Software, Inc.
+- License:: Apache License, Version 2.0
 
+```text
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
@@ -19,7 +20,4 @@ distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
-
-== Issue Tracker
-
-Report any issues via Opscode Jira instance at http://tickets.opscode.com against Chef project.
+```

data/Rakefile

@@ -1,46 +1,18 @@
-require 'rubygems'
-require 'rubygems/package_task'
-require 'rubygems/specification'
-require 'date'
-require 'rspec/core/rake_task'
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
 
-GEM = "mixlib-authentication"
-GEM_VERSION = "1.2.1"
-AUTHOR = "Opscode, Inc."
-EMAIL = "info@opscode.com"
-HOMEPAGE = "http://www.opscode.com"
-SUMMARY = "Mixes in simple per-request authentication"
+RSpec::Core::RakeTask.new(:spec)
 
 task :default => :spec
 
-desc "Run specs"
-RSpec::Core::RakeTask.new do |t|
-  t.pattern = 'spec/**/*_spec.rb'
-  t.rspec_opts = %w(--format documentation --color)
-end
-
-gem_spec = eval(File.read("mixlib-authentication.gemspec"))
-
-Gem::PackageTask.new(gem_spec) do |pkg|
-  pkg.gem_spec = gem_spec
-end
-
-desc "install the gem locally"
-task :install => [:package] do
-  sh %{gem install pkg/#{GEM}-#{GEM_VERSION}}
-end
-
-desc "create a gemspec file"
-task :make_spec do
-  File.open("#{GEM}.gemspec", "w") do |file|
-    file.puts spec.to_ruby
+begin
+  require "chefstyle"
+  require "rubocop/rake_task"
+  RuboCop::RakeTask.new(:style) do |task|
+    task.options += ["--display-cop-names", "--no-color"]
   end
+rescue
+  puts "chefstyle/rubocop is not available."
 end
 
-desc "remove build files"
-task :clean do
-  sh %Q{ rm -f pkg/*.gem }
-end
-
-desc "Run the spec and features"
-task :test => [ :features, :spec ]
+task :ci => [:style, :spec]

data/lib/mixlib/authentication.rb

@@ -6,9 +6,9 @@
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
-# 
+#
 #     http://www.apache.org/licenses/LICENSE-2.0
-# 
+#
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -16,11 +16,11 @@
 # limitations under the License.
 #
 
-require 'mixlib/log'
+require "mixlib/log"
 
 module Mixlib
   module Authentication
-    DEFAULT_SERVER_API_VERSION = '0'
+    DEFAULT_SERVER_API_VERSION = "0"
 
     class AuthenticationError < StandardError
     end
@@ -29,12 +29,10 @@ module Mixlib
     end
 
     class Log
-      extend  Mixlib::Log      
+      extend Mixlib::Log
     end
-    
+
     Log.level = :error
-    
+
   end
 end
-
-

data/lib/mixlib/authentication/digester.rb

@@ -6,9 +6,9 @@
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
-# 
+#
 #     http://www.apache.org/licenses/LICENSE-2.0
-# 
+#
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -16,15 +16,15 @@
 # limitations under the License.
 #
 
-require 'mixlib/authentication'
-require 'openssl'
+require "mixlib/authentication"
+require "openssl"
 
 module Mixlib
   module Authentication
     class Digester
       class << self
 
-        def hash_file(f, digest=OpenSSL::Digest::SHA1)
+        def hash_file(f, digest = OpenSSL::Digest::SHA1)
           digester = digest.new
           buf = ""
           while f.read(16384, buf)
@@ -37,7 +37,7 @@ module Mixlib
         #
         # ====Parameters
         #
-        def hash_string(str, digest=OpenSSL::Digest::SHA1)
+        def hash_string(str, digest = OpenSSL::Digest::SHA1)
           ::Base64.encode64(digest.digest(str)).chomp
         end
 

data/lib/mixlib/authentication/http_authentication_request.rb

@@ -6,9 +6,9 @@
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
-# 
+#
 #     http://www.apache.org/licenses/LICENSE-2.0
-# 
+#
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -16,7 +16,7 @@
 # limitations under the License.
 #
 
-require 'mixlib/authentication'
+require "mixlib/authentication"
 
 module Mixlib
   module Authentication
@@ -33,7 +33,7 @@ module Mixlib
       end
 
       def headers
-        @headers ||= @request.env.inject({ }) { |memo, kv| memo[$2.gsub(/\-/,"_").downcase.to_sym] = kv[1] if kv[0] =~ /^(HTTP_)(.*)/; memo }
+        @headers ||= @request.env.inject({}) { |memo, kv| memo[$2.tr("-", "_").downcase.to_sym] = kv[1] if kv[0] =~ /^(HTTP_)(.*)/; memo }
       end
 
       def http_method
@@ -70,13 +70,12 @@ module Mixlib
 
       def request_signature
         unless @request_signature
-          @request_signature = headers.find_all { |h| h[0].to_s =~ /^x_ops_authorization_/ }.sort { |x,y| x.to_s <=> y.to_s}.map { |i| i[1] }.join("\n")
+          @request_signature = headers.find_all { |h| h[0].to_s =~ /^x_ops_authorization_/ }.sort { |x, y| x.to_s <=> y.to_s }.map { |i| i[1] }.join("\n")
           Mixlib::Authentication::Log.debug "Reconstituted (user-supplied) request signature: #{@request_signature}"
         end
         @request_signature
       end
 
-
       def validate_headers!
         missing_headers = MANDATORY_HEADERS - headers.keys
         unless missing_headers.empty?

data/lib/mixlib/authentication/signatureverification.rb

@@ -7,9 +7,9 @@
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
-# 
+#
 #     http://www.apache.org/licenses/LICENSE-2.0
-# 
+#
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -17,11 +17,11 @@
 # limitations under the License.
 #
 
-require 'net/http'
-require 'forwardable'
-require 'mixlib/authentication'
-require 'mixlib/authentication/http_authentication_request'
-require 'mixlib/authentication/signedheaderauth'
+require "net/http"
+require "forwardable"
+require "mixlib/authentication"
+require "mixlib/authentication/http_authentication_request"
+require "mixlib/authentication/signedheaderauth"
 
 module Mixlib
   module Authentication
@@ -52,7 +52,7 @@ module Mixlib
 
       include Mixlib::Authentication::SignedHeaderAuth
 
-      def initialize(request=nil)
+      def initialize(request = nil)
         @auth_request = HTTPAuthenticationRequest.new(request) if request
 
         @valid_signature, @valid_timestamp, @valid_content_hash = false, false, false
@@ -60,8 +60,7 @@ module Mixlib
         @hashed_body = nil
       end
 
-
-      def authenticate_user_request(request, user_lookup, time_skew=(15*60))
+      def authenticate_user_request(request, user_lookup, time_skew = (15 * 60))
         @auth_request = HTTPAuthenticationRequest.new(request)
         authenticate_request(user_lookup, time_skew)
       end
@@ -74,9 +73,9 @@ module Mixlib
       # X-Ops-Sign: algorithm=sha1;version=1.0;
       # X-Ops-UserId: <user_id>
       # X-Ops-Timestamp:
-      # X-Ops-Content-Hash: 
+      # X-Ops-Content-Hash:
       # X-Ops-Authorization-#{line_number}
-      def authenticate_request(user_secret, time_skew=(15*60))
+      def authenticate_request(user_secret, time_skew = (15 * 60))
         Mixlib::Authentication::Log.debug "Initializing header auth : #{request.inspect}"
 
         @user_secret       = user_secret
@@ -87,14 +86,14 @@ module Mixlib
 
           # version 1.0 clients don't include their algorithm in the
           # signing description, so default to sha1
-          parts[:algorithm] ||= 'sha1'
+          parts[:algorithm] ||= "sha1"
 
           verify_signature(parts[:algorithm], parts[:version])
           verify_timestamp
           verify_content_hash
 
-        rescue StandardError=>se
-          raise AuthenticationError,"Failed to authenticate user request. Check your client key and clock: #{se.message}", se.backtrace
+        rescue StandardError => se
+          raise AuthenticationError, "Failed to authenticate user request. Check your client key and clock: #{se.message}", se.backtrace
         end
 
         if valid_request?
@@ -121,11 +120,11 @@ module Mixlib
       end
 
       # The authorization header is a Base64-encoded version of an RSA signature.
-      # The client sent it on multiple header lines, starting at index 1 - 
+      # The client sent it on multiple header lines, starting at index 1 -
       # X-Ops-Authorization-1, X-Ops-Authorization-2, etc. Pull them out and
       # concatenate.
       def headers
-        @headers ||= request.env.inject({ }) { |memo, kv| memo[$2.gsub(/\-/,"_").downcase.to_sym] = kv[1] if kv[0] =~ /^(HTTP_)(.*)/; memo }
+        @headers ||= request.env.inject({}) { |memo, kv| memo[$2.tr("-", "_").downcase.to_sym] = kv[1] if kv[0] =~ /^(HTTP_)(.*)/; memo }
       end
 
       private
@@ -142,7 +141,7 @@ module Mixlib
         candidate_block = canonicalize_request(algorithm, version)
         signature = Base64.decode64(request_signature)
         @valid_signature = case version
-                           when '1.3'
+                           when "1.3"
                              digest = validate_sign_version_digest!(algorithm, version)
                              @user_secret.verify(digest.new, signature, candidate_block)
                            else
@@ -177,10 +176,9 @@ module Mixlib
         @valid_content_hash
       end
 
-
       # The request signature is based on any file attached, if any. Otherwise
       # it's based on the body of the request.
-      def hashed_body(digest=Digest::SHA1)
+      def hashed_body(digest = Digest::SHA1)
         unless @hashed_body
           # TODO: tim: 2009-112-28: It'd be nice to remove this special case, and
           # always hash the entire request body. In the file case it would just be
@@ -189,22 +187,22 @@ module Mixlib
           # Pull out any file that was attached to this request, using multipart
           # form uploads.
           # Depending on the server we're running in, multipart form uploads are
-          # handed to us differently. 
-          # - In Passenger (Cookbooks Community Site), the File is handed to us 
-          #   directly in the params hash. The name is whatever the client used, 
-          #   its value is therefore a File or Tempfile. 
+          # handed to us differently.
+          # - In Passenger (Cookbooks Community Site), the File is handed to us
+          #   directly in the params hash. The name is whatever the client used,
+          #   its value is therefore a File or Tempfile.
           #   e.g. request['file_param'] = File
-          #   
-          # - In Merb (Chef server), the File is wrapped. The original parameter 
+          #
+          # - In Merb (Chef server), the File is wrapped. The original parameter
           #   name used for the file is used, but its value is a Hash. Within
-          #   the hash is a name/value pair named 'file' which actually 
+          #   the hash is a name/value pair named 'file' which actually
           #   contains the Tempfile instance.
           #   e.g. request['file_param'] = { :file => Tempfile }
           file_param = request.params.values.find { |value| value.respond_to?(:read) }
 
           # No file_param; we're running in Merb, or it's just not there..
           if file_param.nil?
-            hash_param = request.params.values.find { |value| value.respond_to?(:has_key?) }  # Hash responds to :has_key? .
+            hash_param = request.params.values.find { |value| value.respond_to?(:has_key?) } # Hash responds to :has_key? .
             if !hash_param.nil?
               file_param = hash_param.values.find { |value| value.respond_to?(:read) } # File/Tempfile responds to :read.
             end
@@ -225,22 +223,19 @@ module Mixlib
       end
 
       # Compare the request timestamp with boundary time
-      # 
-      # 
+      #
+      #
       # ====Parameters
       # time1<Time>:: minuend
       # time2<Time>:: subtrahend
       #
       def timestamp_within_bounds?(time1, time2)
-        time_diff = (time2-time1).abs
+        time_diff = (time2 - time1).abs
         is_allowed = (time_diff < @allowed_time_skew)
         Mixlib::Authentication::Log.debug "Request time difference: #{time_diff}, within #{@allowed_time_skew} seconds? : #{!!is_allowed}"
-        is_allowed      
+        is_allowed
       end
     end
 
-
   end
 end
-
-

data/lib/mixlib/authentication/signedheaderauth.rb

@@ -17,11 +17,11 @@
 # limitations under the License.
 #
 
-require 'time'
-require 'base64'
-require 'openssl/digest'
-require 'mixlib/authentication'
-require 'mixlib/authentication/digester'
+require "time"
+require "base64"
+require "openssl/digest"
+require "mixlib/authentication"
+require "mixlib/authentication/digester"
 
 module Mixlib
   module Authentication
@@ -31,18 +31,18 @@ module Mixlib
       NULL_ARG = Object.new
 
       ALGORITHM_FOR_VERSION = {
-        '1.0' => 'sha1',
-        '1.1' => 'sha1',
-        '1.3' => 'sha256',
+        "1.0" => "sha1",
+        "1.1" => "sha1",
+        "1.3" => "sha256",
       }.freeze()
 
       # Use of SUPPORTED_ALGORITHMS and SUPPORTED_VERSIONS is deprecated. Use
       # ALGORITHM_FOR_VERSION instead
-      SUPPORTED_ALGORITHMS = ['sha1'].freeze
-      SUPPORTED_VERSIONS = ['1.0', '1.1'].freeze
+      SUPPORTED_ALGORITHMS = ["sha1"].freeze
+      SUPPORTED_VERSIONS = ["1.0", "1.1"].freeze
 
-      DEFAULT_SIGN_ALGORITHM = 'sha1'.freeze
-      DEFAULT_PROTO_VERSION = '1.0'.freeze
+      DEFAULT_SIGN_ALGORITHM = "sha1".freeze
+      DEFAULT_PROTO_VERSION = "1.0".freeze
 
       # === signing_object
       # This is the intended interface for signing requests with the
@@ -72,7 +72,7 @@ module Mixlib
       # ==== Other Parameters:
       # These parameters are accepted but not used in the computation of the signature.
       # * `:host`: The host part of the URI
-      def self.signing_object(args={ })
+      def self.signing_object(args = {})
         SigningObject.new(args[:http_method],
                           args[:path],
                           args[:body],
@@ -97,7 +97,7 @@ module Mixlib
       # compute the signature from the request, using the looked-up user secret
       # ====Parameters
       # private_key<OpenSSL::PKey::RSA>:: user's RSA private key.
-      def sign(private_key, sign_algorithm=algorithm, sign_version=proto_version)
+      def sign(private_key, sign_algorithm = algorithm, sign_version = proto_version)
         digest = validate_sign_version_digest!(sign_algorithm, sign_version)
         # Our multiline hash for authorization will be encoded in multiple header
         # lines - X-Ops-Authorization-1, ... (starts at 1, not 0!)
@@ -132,9 +132,9 @@ module Mixlib
         end
 
         case sign_algorithm
-        when 'sha1'
+        when "sha1"
           OpenSSL::Digest::SHA1
-        when 'sha256'
+        when "sha256"
           OpenSSL::Digest::SHA256
         else
           # This case should never happen
@@ -156,11 +156,11 @@ module Mixlib
       # ====Parameters
       #
       def canonical_path
-        p = path.gsub(/\/+/,'/')
-        p.length > 1 ? p.chomp('/') : p
+        p = path.gsub(/\/+/, "/")
+        p.length > 1 ? p.chomp("/") : p
       end
 
-      def hashed_body(digest=OpenSSL::Digest::SHA1)
+      def hashed_body(digest = OpenSSL::Digest::SHA1)
         # This is weird. sign() is called with the digest type and signing
         # version. These are also expected to be properties of the object.
         # Hence, we're going to assume the one that is passed to sign is
@@ -189,7 +189,7 @@ module Mixlib
       # ====Parameters
       #
       #
-      def canonicalize_request(sign_algorithm=algorithm, sign_version=proto_version)
+      def canonicalize_request(sign_algorithm = algorithm, sign_version = proto_version)
         digest = validate_sign_version_digest!(sign_algorithm, sign_version)
         canonical_x_ops_user_id = canonicalize_user_id(user_id, sign_version, digest)
         case sign_version
@@ -209,12 +209,12 @@ module Mixlib
             "Hashed Path:#{digester.hash_string(canonical_path, digest)}",
             "X-Ops-Content-Hash:#{hashed_body(digest)}",
             "X-Ops-Timestamp:#{canonical_time}",
-            "X-Ops-UserId:#{canonical_x_ops_user_id}"
+            "X-Ops-UserId:#{canonical_x_ops_user_id}",
           ].join("\n")
         end
       end
 
-      def canonicalize_user_id(user_id, proto_version, digest=OpenSSL::Digest::SHA1)
+      def canonicalize_user_id(user_id, proto_version, digest = OpenSSL::Digest::SHA1)
         case proto_version
         when "1.1"
           # and 1.2 if that ever gets implemented
@@ -230,7 +230,7 @@ module Mixlib
       # ====Parameters
       #
       def parse_signing_description
-        parts = signing_description.strip.split(";").inject({ }) do |memo, part|
+        parts = signing_description.strip.split(";").inject({}) do |memo, part|
           field_name, field_value = part.split("=")
           memo[field_name.to_sym] = field_value.strip
           memo
@@ -248,7 +248,7 @@ module Mixlib
         string_to_sign = canonicalize_request(sign_algorithm, sign_version)
         Mixlib::Authentication::Log.debug "String to sign: '#{string_to_sign}'"
         case sign_version
-        when '1.3'
+        when "1.3"
           private_key.sign(digest.new, string_to_sign)
         else
           private_key.private_encrypt(string_to_sign)
@@ -269,12 +269,12 @@ module Mixlib
       include SignedHeaderAuth
 
       def proto_version
-        (self[:proto_version] or DEFAULT_PROTO_VERSION).to_s
+        (self[:proto_version] || DEFAULT_PROTO_VERSION).to_s
       end
 
       def server_api_version
         key = (self[:headers] || {}).keys.select do |k|
-          k.downcase == 'x-ops-server-api-version'
+          k.downcase == "x-ops-server-api-version"
         end.first
         if key
           self[:headers][key]