mixlib-authentication 2.1.1 → 3.0.10
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/mixlib/authentication.rb +4 -4
- data/lib/mixlib/authentication/digester.rb +4 -4
- data/lib/mixlib/authentication/http_authentication_request.rb +4 -4
- data/lib/mixlib/authentication/signatureverification.rb +9 -9
- data/lib/mixlib/authentication/signedheaderauth.rb +38 -36
- data/lib/mixlib/authentication/version.rb +3 -2
- metadata +6 -87
- data/Gemfile +0 -8
- data/NOTICE +0 -7
- data/README.md +0 -23
- data/Rakefile +0 -18
- data/mixlib-authentication.gemspec +0 -22
- data/spec/mixlib/authentication/digester_spec.rb +0 -24
- data/spec/mixlib/authentication/http_authentication_request_spec.rb +0 -132
- data/spec/mixlib/authentication/mixlib_authentication_spec.rb +0 -623
- data/spec/mixlib/authentication/mixlib_log_missing_spec.rb +0 -55
- data/spec/spec_helper.rb +0 -22
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: ac1a3385da424178633636f21d00020703e56ef7720521b964eb64480ee8242b
|
4
|
+
data.tar.gz: bae34c40662e2ac3c8cc80891d5c7ab8e765cb3da91bd8bfe09c4f3af883e029
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 51b94f8b9c0598a33a51fe0ac747e6af49910448c4236be28d563800998e0b63b7334d453682b881bc54951bd7d1ee44beb8923e6658eb0aebe88993c6ee4e84
|
7
|
+
data.tar.gz: 26996121e0c805b7fc65d1466825157299bad9387d8cf76516b1152ef6c09578348492c6f5731a40dade560cc41daf437eadf576ac628c2270268baaa8bae4c9
|
@@ -1,6 +1,6 @@
|
|
1
1
|
#
|
2
|
-
# Author:: Christopher Brown (<cb@
|
3
|
-
# Copyright:: Copyright (c) 2009
|
2
|
+
# Author:: Christopher Brown (<cb@chef.io>)
|
3
|
+
# Copyright:: Copyright (c) 2009-2018 Chef Software, Inc.
|
4
4
|
# License:: Apache License, Version 2.0
|
5
5
|
#
|
6
6
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
@@ -18,7 +18,7 @@
|
|
18
18
|
|
19
19
|
module Mixlib
|
20
20
|
module Authentication
|
21
|
-
DEFAULT_SERVER_API_VERSION = "0"
|
21
|
+
DEFAULT_SERVER_API_VERSION = "0".freeze
|
22
22
|
|
23
23
|
attr_accessor :logger
|
24
24
|
module_function :logger, :logger=
|
@@ -36,7 +36,7 @@ module Mixlib
|
|
36
36
|
require "mixlib/log"
|
37
37
|
Mixlib::Authentication::Log.extend(Mixlib::Log)
|
38
38
|
rescue LoadError
|
39
|
-
|
39
|
+
require_relative "authentication/null_logger"
|
40
40
|
Mixlib::Authentication::Log.extend(Mixlib::Authentication::NullLogger)
|
41
41
|
end
|
42
42
|
|
@@ -1,6 +1,6 @@
|
|
1
1
|
#
|
2
|
-
# Author:: Christopher Brown (<cb@
|
3
|
-
# Copyright:: Copyright (c) 2009
|
2
|
+
# Author:: Christopher Brown (<cb@chef.io>)
|
3
|
+
# Copyright:: Copyright (c) 2009-2018 Chef Software, Inc.
|
4
4
|
# License:: Apache License, Version 2.0
|
5
5
|
#
|
6
6
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
@@ -16,8 +16,8 @@
|
|
16
16
|
# limitations under the License.
|
17
17
|
#
|
18
18
|
|
19
|
-
|
20
|
-
require "openssl"
|
19
|
+
require_relative "../authentication"
|
20
|
+
require "openssl" unless defined?(OpenSSL)
|
21
21
|
|
22
22
|
module Mixlib
|
23
23
|
module Authentication
|
@@ -1,6 +1,6 @@
|
|
1
1
|
#
|
2
|
-
# Author:: Daniel DeLeo (<dan@
|
3
|
-
# Copyright:: Copyright (c) 2010
|
2
|
+
# Author:: Daniel DeLeo (<dan@chef.io>)
|
3
|
+
# Copyright:: Copyright (c) 2010-2018 Chef Software, Inc.
|
4
4
|
# License:: Apache License, Version 2.0
|
5
5
|
#
|
6
6
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
@@ -16,13 +16,13 @@
|
|
16
16
|
# limitations under the License.
|
17
17
|
#
|
18
18
|
|
19
|
-
|
19
|
+
require_relative "../authentication"
|
20
20
|
|
21
21
|
module Mixlib
|
22
22
|
module Authentication
|
23
23
|
class HTTPAuthenticationRequest
|
24
24
|
|
25
|
-
MANDATORY_HEADERS =
|
25
|
+
MANDATORY_HEADERS = %i{x_ops_sign x_ops_userid x_ops_timestamp host x_ops_content_hash}.freeze
|
26
26
|
|
27
27
|
attr_reader :request
|
28
28
|
|
@@ -1,7 +1,7 @@
|
|
1
1
|
#
|
2
|
-
# Author:: Christopher Brown (<cb@
|
3
|
-
# Author:: Christopher Walters (<cw@
|
4
|
-
# Copyright:: Copyright (c) 2009
|
2
|
+
# Author:: Christopher Brown (<cb@chef.io>)
|
3
|
+
# Author:: Christopher Walters (<cw@chef.io>)
|
4
|
+
# Copyright:: Copyright (c) 2009-2018 Chef Software, Inc.
|
5
5
|
# License:: Apache License, Version 2.0
|
6
6
|
#
|
7
7
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
@@ -17,11 +17,11 @@
|
|
17
17
|
# limitations under the License.
|
18
18
|
#
|
19
19
|
|
20
|
-
require "net/http"
|
21
|
-
require "forwardable"
|
22
|
-
|
23
|
-
|
24
|
-
|
20
|
+
require "net/http" unless defined?(Net::HTTP)
|
21
|
+
require "forwardable" unless defined?(Forwardable)
|
22
|
+
require_relative "../authentication"
|
23
|
+
require_relative "http_authentication_request"
|
24
|
+
require_relative "signedheaderauth"
|
25
25
|
|
26
26
|
module Mixlib
|
27
27
|
module Authentication
|
@@ -203,7 +203,7 @@ module Mixlib
|
|
203
203
|
# No file_param; we're running in Merb, or it's just not there..
|
204
204
|
if file_param.nil?
|
205
205
|
hash_param = request.params.values.find { |value| value.respond_to?(:has_key?) } # Hash responds to :has_key? .
|
206
|
-
|
206
|
+
unless hash_param.nil?
|
207
207
|
file_param = hash_param.values.find { |value| value.respond_to?(:read) } # File/Tempfile responds to :read.
|
208
208
|
end
|
209
209
|
end
|
@@ -1,7 +1,7 @@
|
|
1
1
|
#
|
2
|
-
# Author:: Christopher Brown (<cb@
|
3
|
-
# Author:: Christopher Walters (<cw@
|
4
|
-
# Copyright:: Copyright (c) 2009
|
2
|
+
# Author:: Christopher Brown (<cb@chef.io>)
|
3
|
+
# Author:: Christopher Walters (<cw@chef.io>)
|
4
|
+
# Copyright:: Copyright (c) 2009-2018 Chef Software, Inc.
|
5
5
|
# License:: Apache License, Version 2.0
|
6
6
|
#
|
7
7
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
@@ -17,11 +17,11 @@
|
|
17
17
|
# limitations under the License.
|
18
18
|
#
|
19
19
|
|
20
|
-
require "time"
|
21
|
-
require "base64"
|
20
|
+
require "time" unless defined?(Time.zone_offset)
|
21
|
+
require "base64" unless defined?(Base64)
|
22
22
|
require "openssl/digest"
|
23
|
-
|
24
|
-
|
23
|
+
require_relative "../authentication"
|
24
|
+
require_relative "digester"
|
25
25
|
|
26
26
|
module Mixlib
|
27
27
|
module Authentication
|
@@ -34,7 +34,7 @@ module Mixlib
|
|
34
34
|
"1.0" => "sha1",
|
35
35
|
"1.1" => "sha1",
|
36
36
|
"1.3" => "sha256",
|
37
|
-
}.freeze
|
37
|
+
}.freeze
|
38
38
|
|
39
39
|
# Use of SUPPORTED_ALGORITHMS and SUPPORTED_VERSIONS is deprecated. Use
|
40
40
|
# ALGORITHM_FOR_VERSION instead
|
@@ -74,15 +74,14 @@ module Mixlib
|
|
74
74
|
# * `:host`: The host part of the URI
|
75
75
|
def self.signing_object(args = {})
|
76
76
|
SigningObject.new(args[:http_method],
|
77
|
-
|
78
|
-
|
79
|
-
|
80
|
-
|
81
|
-
|
82
|
-
|
83
|
-
|
84
|
-
|
85
|
-
)
|
77
|
+
args[:path],
|
78
|
+
args[:body],
|
79
|
+
args[:host],
|
80
|
+
args[:timestamp],
|
81
|
+
args[:user_id],
|
82
|
+
args[:file],
|
83
|
+
args[:proto_version],
|
84
|
+
args[:headers])
|
86
85
|
end
|
87
86
|
|
88
87
|
def algorithm
|
@@ -128,7 +127,7 @@ module Mixlib
|
|
128
127
|
}
|
129
128
|
|
130
129
|
signature = Base64.encode64(do_sign(rsa_key, digest, sign_algorithm, sign_version, use_ssh_agent)).chomp
|
131
|
-
signature_lines = signature.split(
|
130
|
+
signature_lines = signature.split("\n")
|
132
131
|
signature_lines.each_index do |idx|
|
133
132
|
key = "X-Ops-Authorization-#{idx + 1}"
|
134
133
|
header_hash[key] = signature_lines[idx]
|
@@ -175,7 +174,7 @@ module Mixlib
|
|
175
174
|
# ====Parameters
|
176
175
|
#
|
177
176
|
def canonical_path
|
178
|
-
p = path.gsub(
|
177
|
+
p = path.gsub(%r{/+}, "/")
|
179
178
|
p.length > 1 ? p.chomp("/") : p
|
180
179
|
end
|
181
180
|
|
@@ -191,12 +190,13 @@ module Mixlib
|
|
191
190
|
else
|
192
191
|
@hashed_body_digest = digest
|
193
192
|
end
|
193
|
+
|
194
194
|
# Hash the file object if it was passed in, otherwise hash based on
|
195
195
|
# the body.
|
196
196
|
# TODO: tim 2009-12-28: It'd be nice to just remove this special case,
|
197
197
|
# always sign the entire request body, using the expanded multipart
|
198
198
|
# body in the case of a file being include.
|
199
|
-
@hashed_body ||= if file
|
199
|
+
@hashed_body ||= if file&.respond_to?(:read)
|
200
200
|
digester.hash_file(file, digest)
|
201
201
|
else
|
202
202
|
digester.hash_string(body, digest)
|
@@ -283,11 +283,13 @@ module Mixlib
|
|
283
283
|
do_sign_ssh_agent(rsa_key, string_to_sign)
|
284
284
|
else
|
285
285
|
raise AuthenticationError, "RSA private key is required to sign requests, but a public key was provided" unless rsa_key.private?
|
286
|
+
|
286
287
|
rsa_key.sign(digest.new, string_to_sign)
|
287
288
|
end
|
288
289
|
else
|
289
290
|
raise AuthenticationError, "Agent signing mode requires signing protocol version 1.3 or newer" if use_ssh_agent
|
290
291
|
raise AuthenticationError, "RSA private key is required to sign requests, but a public key was provided" unless rsa_key.private?
|
292
|
+
|
291
293
|
rsa_key.private_encrypt(string_to_sign)
|
292
294
|
end
|
293
295
|
end
|
@@ -304,7 +306,7 @@ module Mixlib
|
|
304
306
|
def do_sign_ssh_agent(rsa_key, string_to_sign)
|
305
307
|
# First try loading net-ssh as it is an optional dependency.
|
306
308
|
begin
|
307
|
-
require "net/ssh"
|
309
|
+
require "net/ssh" unless defined?(Net::SSH)
|
308
310
|
rescue LoadError => e
|
309
311
|
# ???: Since agent mode is explicitly enabled, should we even catch
|
310
312
|
# this in the first place? Might be cleaner to let the LoadError bubble.
|
@@ -339,25 +341,25 @@ module Mixlib
|
|
339
341
|
# generate a request signature. `SignedHeaderAuth.signing_object()`
|
340
342
|
# provides a more convenient interface to the constructor.
|
341
343
|
SigningObject = Struct.new(:http_method, :path, :body, :host,
|
342
|
-
|
343
|
-
|
344
|
+
:timestamp, :user_id, :file, :proto_version,
|
345
|
+
:headers) do
|
344
346
|
|
345
|
-
|
347
|
+
include SignedHeaderAuth
|
346
348
|
|
347
|
-
|
348
|
-
|
349
|
-
|
349
|
+
def proto_version
|
350
|
+
(self[:proto_version] || SignedHeaderAuth::DEFAULT_PROTO_VERSION).to_s
|
351
|
+
end
|
350
352
|
|
351
|
-
|
352
|
-
|
353
|
-
|
354
|
-
|
355
|
-
|
356
|
-
|
357
|
-
|
358
|
-
|
353
|
+
def server_api_version
|
354
|
+
key = (self[:headers] || {}).keys.select do |k|
|
355
|
+
k.casecmp("x-ops-server-api-version") == 0
|
356
|
+
end.first
|
357
|
+
if key
|
358
|
+
self[:headers][key]
|
359
|
+
else
|
360
|
+
DEFAULT_SERVER_API_VERSION
|
361
|
+
end
|
359
362
|
end
|
360
363
|
end
|
361
|
-
end
|
362
364
|
end
|
363
365
|
end
|
@@ -1,4 +1,5 @@
|
|
1
|
-
#
|
1
|
+
#
|
2
|
+
# Copyright:: Copyright (c) 2010-2019, Chef Software Inc.
|
2
3
|
# License:: Apache License, Version 2.0
|
3
4
|
#
|
4
5
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
@@ -15,6 +16,6 @@
|
|
15
16
|
|
16
17
|
module Mixlib
|
17
18
|
module Authentication
|
18
|
-
VERSION = "
|
19
|
+
VERSION = "3.0.10".freeze
|
19
20
|
end
|
20
21
|
end
|
metadata
CHANGED
@@ -1,96 +1,22 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: mixlib-authentication
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 3.0.10
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Chef Software, Inc.
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
12
|
-
dependencies:
|
13
|
-
- !ruby/object:Gem::Dependency
|
14
|
-
name: rspec-core
|
15
|
-
requirement: !ruby/object:Gem::Requirement
|
16
|
-
requirements:
|
17
|
-
- - "~>"
|
18
|
-
- !ruby/object:Gem::Version
|
19
|
-
version: '3.2'
|
20
|
-
type: :development
|
21
|
-
prerelease: false
|
22
|
-
version_requirements: !ruby/object:Gem::Requirement
|
23
|
-
requirements:
|
24
|
-
- - "~>"
|
25
|
-
- !ruby/object:Gem::Version
|
26
|
-
version: '3.2'
|
27
|
-
- !ruby/object:Gem::Dependency
|
28
|
-
name: rspec-expectations
|
29
|
-
requirement: !ruby/object:Gem::Requirement
|
30
|
-
requirements:
|
31
|
-
- - "~>"
|
32
|
-
- !ruby/object:Gem::Version
|
33
|
-
version: '3.2'
|
34
|
-
type: :development
|
35
|
-
prerelease: false
|
36
|
-
version_requirements: !ruby/object:Gem::Requirement
|
37
|
-
requirements:
|
38
|
-
- - "~>"
|
39
|
-
- !ruby/object:Gem::Version
|
40
|
-
version: '3.2'
|
41
|
-
- !ruby/object:Gem::Dependency
|
42
|
-
name: rspec-mocks
|
43
|
-
requirement: !ruby/object:Gem::Requirement
|
44
|
-
requirements:
|
45
|
-
- - "~>"
|
46
|
-
- !ruby/object:Gem::Version
|
47
|
-
version: '3.2'
|
48
|
-
type: :development
|
49
|
-
prerelease: false
|
50
|
-
version_requirements: !ruby/object:Gem::Requirement
|
51
|
-
requirements:
|
52
|
-
- - "~>"
|
53
|
-
- !ruby/object:Gem::Version
|
54
|
-
version: '3.2'
|
55
|
-
- !ruby/object:Gem::Dependency
|
56
|
-
name: chefstyle
|
57
|
-
requirement: !ruby/object:Gem::Requirement
|
58
|
-
requirements:
|
59
|
-
- - ">="
|
60
|
-
- !ruby/object:Gem::Version
|
61
|
-
version: '0'
|
62
|
-
type: :development
|
63
|
-
prerelease: false
|
64
|
-
version_requirements: !ruby/object:Gem::Requirement
|
65
|
-
requirements:
|
66
|
-
- - ">="
|
67
|
-
- !ruby/object:Gem::Version
|
68
|
-
version: '0'
|
69
|
-
- !ruby/object:Gem::Dependency
|
70
|
-
name: rake
|
71
|
-
requirement: !ruby/object:Gem::Requirement
|
72
|
-
requirements:
|
73
|
-
- - "~>"
|
74
|
-
- !ruby/object:Gem::Version
|
75
|
-
version: '11'
|
76
|
-
type: :development
|
77
|
-
prerelease: false
|
78
|
-
version_requirements: !ruby/object:Gem::Requirement
|
79
|
-
requirements:
|
80
|
-
- - "~>"
|
81
|
-
- !ruby/object:Gem::Version
|
82
|
-
version: '11'
|
11
|
+
date: 2021-03-15 00:00:00.000000000 Z
|
12
|
+
dependencies: []
|
83
13
|
description: Mixes in simple per-request authentication
|
84
14
|
email: info@chef.io
|
85
15
|
executables: []
|
86
16
|
extensions: []
|
87
17
|
extra_rdoc_files: []
|
88
18
|
files:
|
89
|
-
- Gemfile
|
90
19
|
- LICENSE
|
91
|
-
- NOTICE
|
92
|
-
- README.md
|
93
|
-
- Rakefile
|
94
20
|
- lib/mixlib/authentication.rb
|
95
21
|
- lib/mixlib/authentication/digester.rb
|
96
22
|
- lib/mixlib/authentication/http_authentication_request.rb
|
@@ -98,13 +24,7 @@ files:
|
|
98
24
|
- lib/mixlib/authentication/signatureverification.rb
|
99
25
|
- lib/mixlib/authentication/signedheaderauth.rb
|
100
26
|
- lib/mixlib/authentication/version.rb
|
101
|
-
|
102
|
-
- spec/mixlib/authentication/digester_spec.rb
|
103
|
-
- spec/mixlib/authentication/http_authentication_request_spec.rb
|
104
|
-
- spec/mixlib/authentication/mixlib_authentication_spec.rb
|
105
|
-
- spec/mixlib/authentication/mixlib_log_missing_spec.rb
|
106
|
-
- spec/spec_helper.rb
|
107
|
-
homepage: https://www.chef.io
|
27
|
+
homepage: https://github.com/chef/mixlib-authentication
|
108
28
|
licenses:
|
109
29
|
- Apache-2.0
|
110
30
|
metadata: {}
|
@@ -116,15 +36,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
116
36
|
requirements:
|
117
37
|
- - ">="
|
118
38
|
- !ruby/object:Gem::Version
|
119
|
-
version: '
|
39
|
+
version: '2.4'
|
120
40
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
121
41
|
requirements:
|
122
42
|
- - ">="
|
123
43
|
- !ruby/object:Gem::Version
|
124
44
|
version: '0'
|
125
45
|
requirements: []
|
126
|
-
|
127
|
-
rubygems_version: 2.7.6
|
46
|
+
rubygems_version: 3.1.4
|
128
47
|
signing_key:
|
129
48
|
specification_version: 4
|
130
49
|
summary: Mixes in simple per-request authentication
|
data/Gemfile
DELETED
data/NOTICE
DELETED
data/README.md
DELETED
@@ -1,23 +0,0 @@
|
|
1
|
-
# Mixlib::Authentication
|
2
|
-
[![Build Status Master](https://travis-ci.org/chef/mixlib-authentication.svg?branch=master)](https://travis-ci.org/chef/mixlib-authentication) [![Gem Version](https://badge.fury.io/rb/mixlib-authentication.svg)](https://badge.fury.io/rb/mixlib-authentication)
|
3
|
-
|
4
|
-
Mixlib::Authentication provides a class-based header signing authentication object, like the one used in Chef.
|
5
|
-
|
6
|
-
## License
|
7
|
-
- Author:: Christopher Brown ([cb@chef.io](mailto:cb@chef.io))
|
8
|
-
- Copyright:: Copyright (c) 2009-2016 Chef Software, Inc.
|
9
|
-
- License:: Apache License, Version 2.0
|
10
|
-
|
11
|
-
```text
|
12
|
-
Licensed under the Apache License, Version 2.0 (the "License");
|
13
|
-
you may not use this file except in compliance with the License.
|
14
|
-
You may obtain a copy of the License at
|
15
|
-
|
16
|
-
http://www.apache.org/licenses/LICENSE-2.0
|
17
|
-
|
18
|
-
Unless required by applicable law or agreed to in writing, software
|
19
|
-
distributed under the License is distributed on an "AS IS" BASIS,
|
20
|
-
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
21
|
-
See the License for the specific language governing permissions and
|
22
|
-
limitations under the License.
|
23
|
-
```
|