mixlib-authentication 1.1.0 → 1.1.2
Sign up to get free protection for your applications and to get access to all the features.
data/Rakefile
CHANGED
@@ -66,17 +66,26 @@ module Mixlib
|
|
66
66
|
@request_signature = headers.find_all { |h| h[0].to_s =~ /^x_ops_authorization_/ }.sort { |x,y| x.to_s <=> y.to_s}.map { |i| i[1] }.join("\n")
|
67
67
|
Mixlib::Authentication::Log.debug "Reconstituted request signature: #{@request_signature}"
|
68
68
|
|
69
|
+
# The request signature is based on any file attached, if any. Otherwise
|
70
|
+
# it's based on the body of the request.
|
71
|
+
# TODO: tim: 2009-12-28: It'd be nice to remove this special case, and
|
72
|
+
# always hash the entire request body. In the file case it would just be
|
73
|
+
# expanded multipart text - the entire body of the POST.
|
74
|
+
#
|
69
75
|
# Pull out any file that was attached to this request, using multipart
|
70
76
|
# form uploads.
|
71
77
|
# Depending on the server we're running in, multipart form uploads are
|
72
78
|
# handed to us differently.
|
73
79
|
# - In Passenger (Cookbooks Community Site), the File is handed to us
|
74
80
|
# directly in the params hash. The name is whatever the client used,
|
75
|
-
# its value is therefore a File or Tempfile.
|
81
|
+
# its value is therefore a File or Tempfile.
|
82
|
+
# e.g. request['file_param'] = File
|
83
|
+
#
|
76
84
|
# - In Merb (Chef server), the File is wrapped. The original parameter
|
77
|
-
# name used for the file is
|
78
|
-
# is a name/value pair named 'file' which actually
|
79
|
-
# instance.
|
85
|
+
# name used for the file is used, but its value is a Hash. Within
|
86
|
+
# the hash is a name/value pair named 'file' which actually
|
87
|
+
# contains the Tempfile instance.
|
88
|
+
# e.g. request['file_param'] = { :file => Tempfile }
|
80
89
|
file_param = request.params.values.find { |value| value.respond_to?(:read) }
|
81
90
|
|
82
91
|
# No file_param; we're running in Merb, or it's just not there..
|
@@ -84,7 +84,12 @@ module Mixlib
|
|
84
84
|
end
|
85
85
|
|
86
86
|
def hashed_body
|
87
|
-
|
87
|
+
# Hash the file object if it was passed in, otherwise hash based on
|
88
|
+
# the body.
|
89
|
+
# TODO: tim 2009-12-28: It'd be nice to just remove this special case,
|
90
|
+
# always sign the entire request body, using the expanded multipart
|
91
|
+
# body in the case of a file being include.
|
92
|
+
@hashed_body ||= (self.file && self.file.respond_to?(:read)) ? digester.hash_file(self.file) : digester.hash_string(self.body)
|
88
93
|
end
|
89
94
|
|
90
95
|
# Takes HTTP request method & headers and creates a canonical form
|
metadata
CHANGED
@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
|
|
5
5
|
segments:
|
6
6
|
- 1
|
7
7
|
- 1
|
8
|
-
-
|
9
|
-
version: 1.1.
|
8
|
+
- 2
|
9
|
+
version: 1.1.2
|
10
10
|
platform: ruby
|
11
11
|
authors:
|
12
12
|
- Opscode, Inc.
|
@@ -14,7 +14,7 @@ autorequire: mixlib-authentication
|
|
14
14
|
bindir: bin
|
15
15
|
cert_chain: []
|
16
16
|
|
17
|
-
date: 2010-
|
17
|
+
date: 2010-03-17 00:00:00 -07:00
|
18
18
|
default_executable:
|
19
19
|
dependencies:
|
20
20
|
- !ruby/object:Gem::Dependency
|