net-http-auth-hmac 0.0.1

data/Gemfile

@@ -0,0 +1,4 @@
+source "http://rubygems.org"
+
+gemspec
+gem "rake"

data/Gemfile.lock

@@ -0,0 +1,16 @@
+PATH
+  remote: .
+  specs:
+    net-http-auth-hmac (0.0.1)
+
+GEM
+  remote: http://rubygems.org/
+  specs:
+    rake (0.9.2.2)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  net-http-auth-hmac!
+  rake

data/README.md

@@ -0,0 +1,34 @@
+# net-http-auth-hmac
+
+![HMAC](http://www.gmkfreelogos.com/logos/H/img/HMAC.gif)
+
+Signs a request with given token to be validated in the backend.
+
+## Usage
+
+Sending a request
+
+```ruby
+uri = URI.parse("http://google.com/")
+http = Net::HTTP.new(uri.host, uri.port)
+
+signer = Net::HTTP::Auth::HMAC.new('super_secret_secret')
+request = Net::HTTP::Post.new('/somewhere')
+request.body = 'super_secret_value=42'
+
+signed_request = signer.sign_request(request)
+http.request request
+```
+
+Receiving a request
+
+```ruby
+signer = Net::HTTP::Auth::HMAC.new('super_secret_secret')
+unsigned_request = signer.unsign_request(request)
+request.body
+```
+
+## Installation
+```bash
+gem install net-http-auth-hmac
+```

data/Rakefile

@@ -0,0 +1,12 @@
+require 'rake'
+require 'rake/testtask'
+
+task :default => [:test_units]
+
+desc "Run basic tests"
+Rake::TestTask.new("test_units") do |t|
+  t.pattern = 'test/*_test.rb'
+  t.verbose = true
+  t.warning = true
+end
+

data/lib/net/http/auth/hmac.rb

@@ -0,0 +1,64 @@
+require 'openssl'
+require 'net/http'
+require 'base64'
+
+class Net::HTTP
+  class Auth
+    class HMAC
+      def initialize(shared_secret)
+        @secret = shared_secret
+      end
+
+      def sign_request(request)
+        raise BodyNotFound if !request.body
+        request.body = base64_encode(request.body)
+        request['X-HMAC-Digest'] = base64_encode(signature(request.body))
+        request
+      end
+
+      def unsign_request(request)
+        raise DigestNotFound if !request['X-HMAC-Digest']
+        request_signature = base64_decode(request['X-HMAC-Digest'])
+        raise InvalidSignature if request_signature != signature(request.body)
+
+        request.body = base64_decode(request.body)
+        request
+      end
+
+      private
+
+      def signature(payload)
+        OpenSSL::HMAC.digest('sha256', @secret, payload)
+      end
+
+      def base64_encode(string)
+        Base64.urlsafe_encode64(string)
+      end
+
+      def base64_decode(string)
+        Base64.urlsafe_decode64(string)
+      end
+    end
+  end
+end
+
+
+class Net::HTTP::Auth::HMAC
+  class InvalidSignature < StandardError
+    def message
+      "The X-HMAC-Digest it's invalid"
+    end
+  end
+
+  class BodyNotFound < StandardError
+    def message
+      "The body of the request it's missing"
+    end
+  end
+
+  class DigestNotFound < StandardError
+    def message
+      "The X-HMAC-Digest it's missing"
+    end
+  end
+end

data/net-http-auth-hmac.gemspec

@@ -0,0 +1,11 @@
+Gem::Specification.new do |s|
+  s.name              = "net-http-auth-hmac"
+  s.version           = "0.0.1"
+  s.summary           = "HMAC base identity authentication"
+  s.description       = "Exchanges a digest to be validated against a token"
+  s.authors           = ["elcuervo"]
+  s.email             = ["yo@brunoaguirre.com"]
+  s.homepage          = "http://github.com/elcuervo/net-http-auth-hmac"
+  s.files             = `git ls-files`.split("\n")
+  s.test_files        = `git ls-files test`.split("\n")
+end

data/test/net-http-auth-hmac_test.rb

@@ -0,0 +1,57 @@
+$: << File.join(File.dirname(__FILE__), '../lib')
+require 'test/unit'
+require 'net/http'
+require 'net/http/auth/hmac'
+
+class TestNetHTTPAuthHMAC < Test::Unit::TestCase
+  def setup
+    @body = 'Once upon a midnight dreary, while I pondered weak and weary'
+    @request = Net::HTTP::Post.new('/signed')
+    @request.body = @body
+  end
+
+  def test_sending_and_unsigning_a_request
+    secret = 'changeme'
+    signer = Net::HTTP::Auth::HMAC.new(secret)
+    signed_request = signer.sign_request(@request)
+
+    assert signed_request.is_a?(Net::HTTP::Post)
+    assert signed_request['X-HMAC-Digest']
+    assert signed_request.body != @body
+
+    unsigned_request = signer.unsign_request(signed_request)
+    assert_equal unsigned_request.body, @body
+  end
+
+  def test_raising_an_error_when_the_header_is_missing
+    signer = Net::HTTP::Auth::HMAC.new('one')
+    request = Net::HTTP::Post.new('/somewhere')
+    request.body = 'something'
+
+    assert_raise Net::HTTP::Auth::HMAC::DigestNotFound do
+      signer.unsign_request(request)
+    end
+  end
+
+  def test_raising_an_error_when_the_body_is_missing
+    signer = Net::HTTP::Auth::HMAC.new('one')
+    request = Net::HTTP::Post.new('/somewhere')
+
+    assert_raise Net::HTTP::Auth::HMAC::BodyNotFound do
+      signer.sign_request(request)
+    end
+  end
+
+  def test_raising_an_error_when_the_signature_is_invalid
+    one = Base64.urlsafe_encode64('one')
+    two = Base64.urlsafe_encode64('two')
+
+    signer = Net::HTTP::Auth::HMAC.new(one)
+    signed_request = signer.sign_request(@request)
+    signed_request['X-HMAC-Digest'] = two
+
+    assert_raise Net::HTTP::Auth::HMAC::InvalidSignature  do
+      signer.unsign_request(signed_request)
+    end
+  end
+end

metadata

@@ -0,0 +1,53 @@
+--- !ruby/object:Gem::Specification
+name: net-http-auth-hmac
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+  prerelease: 
+platform: ruby
+authors:
+- elcuervo
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2012-05-14 00:00:00.000000000 Z
+dependencies: []
+description: Exchanges a digest to be validated against a token
+email:
+- yo@brunoaguirre.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- Gemfile
+- Gemfile.lock
+- README.md
+- Rakefile
+- lib/net/http/auth/hmac.rb
+- net-http-auth-hmac.gemspec
+- test/net-http-auth-hmac_test.rb
+homepage: http://github.com/elcuervo/net-http-auth-hmac
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.22
+signing_key: 
+specification_version: 3
+summary: HMAC base identity authentication
+test_files:
+- test/net-http-auth-hmac_test.rb