oauth2_hmac_header 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.gitignore +9 -0
- data/.rspec +2 -0
- data/.travis.yml +4 -0
- data/Gemfile +4 -0
- data/README.md +119 -0
- data/Rakefile +17 -0
- data/bin/console +14 -0
- data/bin/setup +7 -0
- data/lib/oauth2_hmac_header.rb +6 -0
- data/lib/oauth2_hmac_header/authorization_header.rb +124 -0
- data/lib/oauth2_hmac_header/version.rb +3 -0
- data/oauth2_hmac_header.gemspec +25 -0
- metadata +111 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: 0c0980088ef79e386fc8ecdbdc025a3f42ae7565
|
4
|
+
data.tar.gz: 4713caca9228e9f7e3ae6426fcb79fd9a6399ad2
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 4686124cb405572f62bd19c65915f0ff7a6aad12aaac044fee56db4c5cb221177edfe890abe345d8f2ecfced517a43575bc759d9ed5fd0b2bb0902e20c9b00e9
|
7
|
+
data.tar.gz: 78c97dc71f17ced4d07da355b1bfd9070a45f1dd0e5821a22584abbf068fecab86f9a8992e296cd85f888198778f5e78d15bd37da7940a0a77563d45651602d7
|
data/.gitignore
ADDED
data/.rspec
ADDED
data/.travis.yml
ADDED
data/Gemfile
ADDED
data/README.md
ADDED
@@ -0,0 +1,119 @@
|
|
1
|
+
# Oauth2HmacHeader
|
2
|
+
|
3
|
+
[![Build Status](https://travis-ci.org/mustafaturan/oauth2_hmac_header.png)](https://travis-ci.org/mustafaturan/oauth2_hmac_header) [![Code Climate](https://codeclimate.com/github/mustafaturan/oauth2_hmac_header.png)](https://codeclimate.com/github/mustafaturan/oauth2_hmac_header)
|
4
|
+
|
5
|
+
Simple generator, parser and validator for Oauth v2 HTTP message authentication code(MAC) header. It simply generates, parse and verify signatures for Oauth v2 HTTP MAC authentication for 'SHA1' and 'SHA256' algorithms. Please visit https://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01 for spec specifications.
|
6
|
+
|
7
|
+
## Installation
|
8
|
+
|
9
|
+
Add this line to your application's Gemfile:
|
10
|
+
|
11
|
+
```ruby
|
12
|
+
gem 'oauth2_hmac_header'
|
13
|
+
```
|
14
|
+
|
15
|
+
And then execute:
|
16
|
+
|
17
|
+
$ bundle
|
18
|
+
|
19
|
+
Or install it yourself as:
|
20
|
+
|
21
|
+
$ gem install oauth2_hmac_header
|
22
|
+
|
23
|
+
## Usage
|
24
|
+
|
25
|
+
### Generating from request vars
|
26
|
+
```ruby
|
27
|
+
|
28
|
+
@client_id = 'client1'
|
29
|
+
@algorithm = 'hmac-sha-256''hmac-sha-256' # 'hmac-sha-1' or 'hmac-sha-256'
|
30
|
+
@key = 'demo_key' # key for client1
|
31
|
+
@method = 'post' # get, post, put, head, patch, etc...
|
32
|
+
@uri = '/request?b5=%3D%253D&a3=a&c%40=&a2=r%20b&c2&a3=2+q' # path for req
|
33
|
+
@host = 'example.com' # hostname for the request
|
34
|
+
@port = 443 # port number for the request
|
35
|
+
@ext = 'a,b,c' # optional str, can be nil
|
36
|
+
@header = Oauth2HmacHeader::AuthorizationHeader.generate_with_new_signature(
|
37
|
+
@client_id, @algorithm, @key, @method, @uri, @host, @port, @ext
|
38
|
+
)
|
39
|
+
|
40
|
+
# returns header
|
41
|
+
# "MAC id=\"client1\", ts=\"1438532302\", nonce=\"1438532302:12c8e929\", ext=\"a,b,c\", mac=\"F4nIHqhQZp1o2I61Zy9bSZFYfohf9gmdG0XnOIMAHV4=\""
|
42
|
+
```
|
43
|
+
|
44
|
+
### Generating with early signed signatures
|
45
|
+
```ruby
|
46
|
+
|
47
|
+
@client_id = 'client1'
|
48
|
+
@algorithm = 'hmac-sha-256' # 'hmac-sha-1' or 'hmac-sha-256'
|
49
|
+
@key = 'demo_key' # key for client1
|
50
|
+
@method = 'post' # get, post, put, head, patch, etc...
|
51
|
+
@uri = '/request?b5=%3D%253D&a3=a&c%40=&a2=r%20b&c2&a3=2+q' # path for req
|
52
|
+
@host = 'example.com' # hostname for the request
|
53
|
+
@port = 443 # port number for the request
|
54
|
+
@ext = 'a,b,c' # optional str, can be nil
|
55
|
+
@ts, @nonce, @ext, @mac = Oauth2HmacSign::Signature.generate(
|
56
|
+
@algorithm, @key, @method, @uri, @host, @port, @ext
|
57
|
+
)
|
58
|
+
@header = Oauth2HmacHeader::AuthorizationHeader.generate(
|
59
|
+
@client_id, @ts, @nonce, @ext, @mac
|
60
|
+
)
|
61
|
+
|
62
|
+
# returns header
|
63
|
+
# "MAC id=\"client1\", ts=\"1438530720\", nonce=\"1438530720:ab4412bd\", ext=\"a,b,c\", mac=\"Sav0I-p1rAU29TlISoznME5xeOzJIPZEvG26ni_APNE=\""
|
64
|
+
```
|
65
|
+
|
66
|
+
### Parsing
|
67
|
+
```ruby
|
68
|
+
|
69
|
+
@header = "MAC id=\"client1\", ts=\"1438530720\", nonce=\"1438530720:ab4412bd\", ext=\"a,b,c\", mac=\"Sav0I-p1rAU29TlISoznME5xeOzJIPZEvG26ni_APNE=\""
|
70
|
+
@client_id, @ts, @nonce, @ext, @mac = Oauth2HmacHeader::AuthorizationHeader.parse(@header)
|
71
|
+
|
72
|
+
# returns authorization vars
|
73
|
+
# client_id
|
74
|
+
# ts
|
75
|
+
# nonce
|
76
|
+
# mac
|
77
|
+
```
|
78
|
+
|
79
|
+
### Verify
|
80
|
+
```ruby
|
81
|
+
|
82
|
+
# Assuming that we know the variables below from the incoming HTTP request
|
83
|
+
@method = 'post' # get, post, put, head, patch, etc...
|
84
|
+
@uri = '/request?b5=%3D%253D&a3=a&c%40=&a2=r%20b&c2&a3=2+q' # path for req
|
85
|
+
@host = 'example.com' # hostname for the request
|
86
|
+
@port = 443 # port number for the request
|
87
|
+
|
88
|
+
# lets parse auth vars from header
|
89
|
+
@header = "MAC id=\"client1\", ts=\"1438530720\", nonce=\"1438530720:ab4412bd\", ext=\"a,b,c\", mac=\"Sav0I-p1rAU29TlISoznME5xeOzJIPZEvG26ni_APNE=\""
|
90
|
+
@client_id, @ts, @nonce, @ext, @mac = Oauth2HmacHeader::AuthorizationHeader.parse(@header)
|
91
|
+
|
92
|
+
# now we know 'client1' is the requester from parsed header and so we have the key and algorithm for 'client1' which is 'demo_key' and 'hmac-sha-256'
|
93
|
+
@key = 'demo_key'
|
94
|
+
@algorithm = 'hmac-sha-256'
|
95
|
+
|
96
|
+
# let check if it is valid?
|
97
|
+
Oauth2HmacHeader::AuthorizationHeader.is_valid?(
|
98
|
+
@mac,
|
99
|
+
@algorithm,
|
100
|
+
@key,
|
101
|
+
@ts,
|
102
|
+
@nonce,
|
103
|
+
@method,
|
104
|
+
@uri,
|
105
|
+
@host,
|
106
|
+
@port,
|
107
|
+
@ext
|
108
|
+
)
|
109
|
+
|
110
|
+
# if request is valid for client1 then expect to return true
|
111
|
+
```
|
112
|
+
|
113
|
+
## Contributing
|
114
|
+
|
115
|
+
1. Fork it ( https://github.com/mustafaturan/oauth2_hmac_header/fork )
|
116
|
+
2. Create your feature branch (`git checkout -b my-new-feature`)
|
117
|
+
3. Commit your changes (`git commit -am 'Add some feature'`)
|
118
|
+
4. Push to the branch (`git push origin my-new-feature`)
|
119
|
+
5. Create a new Pull Request
|
data/Rakefile
ADDED
@@ -0,0 +1,17 @@
|
|
1
|
+
require 'bundler/gem_tasks'
|
2
|
+
require 'rake'
|
3
|
+
require 'rspec/core/rake_task'
|
4
|
+
|
5
|
+
desc "Default Task"
|
6
|
+
task :default => :spec
|
7
|
+
|
8
|
+
# Make a console for testing purposes
|
9
|
+
desc "Generate a test console"
|
10
|
+
task :console do
|
11
|
+
verbose( false ) { sh "irb -I lib/ -r 'oauth2_hmac_header'" }
|
12
|
+
end
|
13
|
+
|
14
|
+
RSpec::Core::RakeTask.new('spec') do |t|
|
15
|
+
t.rspec_opts = ['-c', '-r ./spec/spec_helper.rb']
|
16
|
+
t.pattern = 'spec/**/*_spec.rb'
|
17
|
+
end
|
data/bin/console
ADDED
@@ -0,0 +1,14 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
|
3
|
+
require "bundler/setup"
|
4
|
+
require "oauth2_hmac_header"
|
5
|
+
|
6
|
+
# You can add fixtures and/or initialization code here to make experimenting
|
7
|
+
# with your gem easier. You can also use a different console, if you like.
|
8
|
+
|
9
|
+
# (If you use this, don't forget to add pry to your Gemfile!)
|
10
|
+
# require "pry"
|
11
|
+
# Pry.start
|
12
|
+
|
13
|
+
require "irb"
|
14
|
+
IRB.start
|
data/bin/setup
ADDED
@@ -0,0 +1,124 @@
|
|
1
|
+
require 'forwardable'
|
2
|
+
require 'oauth2_hmac_sign'
|
3
|
+
|
4
|
+
module Oauth2HmacHeader
|
5
|
+
# The "Authorization" Request Header
|
6
|
+
class AuthorizationHeader
|
7
|
+
extend SingleForwardable
|
8
|
+
def_delegator Oauth2HmacSign::Signature, :is_valid?
|
9
|
+
|
10
|
+
attr_reader :id, :ts, :nonce, :ext, :mac
|
11
|
+
|
12
|
+
class << self
|
13
|
+
|
14
|
+
# Generates oauth2 hmac authorization header
|
15
|
+
#
|
16
|
+
# == Parameters:
|
17
|
+
# id::
|
18
|
+
# Client id for mac auth
|
19
|
+
# ts::
|
20
|
+
# The timestamp value calculated for the request.
|
21
|
+
# nonce::
|
22
|
+
# The nonce value generated for the request.
|
23
|
+
# ext::
|
24
|
+
# The value of the "ext" "Authorization" request header field attribute
|
25
|
+
# if one was included in the request, otherwise, an empty string.
|
26
|
+
# mac::
|
27
|
+
# The signature
|
28
|
+
#
|
29
|
+
# == Returns:
|
30
|
+
# Returns the generated header as string
|
31
|
+
#
|
32
|
+
def generate(id, ts, nonce, ext, mac)
|
33
|
+
header = "MAC "
|
34
|
+
header << "id=\"#{id}\", "
|
35
|
+
header << "ts=\"#{ts}\", "
|
36
|
+
header << "nonce=\"#{nonce}\", "
|
37
|
+
header << "ext=\"#{ext}\", " if (!ext.nil? && !ext.empty?)
|
38
|
+
header << "mac=\"#{mac}\""
|
39
|
+
header
|
40
|
+
end
|
41
|
+
|
42
|
+
# Generates oauth2 hmac authorization header
|
43
|
+
#
|
44
|
+
# == Parameters:
|
45
|
+
# id::
|
46
|
+
# Client id for mac auth
|
47
|
+
# algorithm::
|
48
|
+
# Name of the algorithm valid vars are hmac-sha256, hmac-sha1
|
49
|
+
# key::
|
50
|
+
# Key for hmac algorithm
|
51
|
+
# method::
|
52
|
+
# The HTTP request method in upper case. For example: "HEAD", "GET", "POST", etc.
|
53
|
+
# uri::
|
54
|
+
# The HTTP request-URI as defined by https://tools.ietf.org/html/rfc2616#section-5.1.2
|
55
|
+
# host::
|
56
|
+
# The hostname included in the HTTP request using the "Host" request header field in lower case.
|
57
|
+
# port::
|
58
|
+
# The port as included in the HTTP request using the "Host" request
|
59
|
+
# header field. If the header field does not include a port, the
|
60
|
+
# default value for the scheme MUST be used (e.g. 80 for HTTP and
|
61
|
+
# 443 for HTTPS).
|
62
|
+
# ext::
|
63
|
+
# The value of the "ext" "Authorization" request header field
|
64
|
+
# attribute if one was included in the request, otherwise, an empty
|
65
|
+
# string.
|
66
|
+
#
|
67
|
+
# == Returns:
|
68
|
+
# Returns the generated header as string
|
69
|
+
#
|
70
|
+
def generate_with_new_signature(id, algorithm, key, method, uri, host, port, ext = '')
|
71
|
+
ts, nonce, ext, mac = Oauth2HmacSign::Signature.generate(
|
72
|
+
algorithm, key, method, uri, host, port, ext
|
73
|
+
)
|
74
|
+
generate(id, ts, nonce, ext, mac)
|
75
|
+
end
|
76
|
+
|
77
|
+
# Parses oauth2 hmac header
|
78
|
+
#
|
79
|
+
# == Parameters:
|
80
|
+
# header::
|
81
|
+
# Client id for mac auth
|
82
|
+
#
|
83
|
+
# == Returns:
|
84
|
+
# Returns the generated header as string
|
85
|
+
# id::
|
86
|
+
# Client id for mac auth
|
87
|
+
# ts::
|
88
|
+
# The timestamp value calculated for the request.
|
89
|
+
# nonce::
|
90
|
+
# The nonce value generated for the request.
|
91
|
+
# ext::
|
92
|
+
# The value of the "ext" "Authorization" request header field attribute
|
93
|
+
# if one was included in the request, otherwise, an empty string.
|
94
|
+
# mac::
|
95
|
+
# The signature
|
96
|
+
#
|
97
|
+
def parse(header)
|
98
|
+
pattern = Regexp.new "(id|ts|nonce|ext|mac)=(\"[^\"]+\")"
|
99
|
+
results = Hash[header.scan pattern]
|
100
|
+
validate_presence_of_keys_and_values(results, ['id', 'ts', 'nonce', 'mac'])
|
101
|
+
results = clean_quotes(results)
|
102
|
+
return results['id'], results['ts'], results['nonce'], results['ext'], results['mac']
|
103
|
+
end
|
104
|
+
|
105
|
+
private
|
106
|
+
|
107
|
+
# nodoc
|
108
|
+
def clean_quotes(items)
|
109
|
+
items.each {|item| item[1].gsub!('"', '') }
|
110
|
+
items
|
111
|
+
end
|
112
|
+
|
113
|
+
# nodoc
|
114
|
+
# Verify required keys existence
|
115
|
+
def validate_presence_of_keys_and_values(hash, keys)
|
116
|
+
keys.each do |key|
|
117
|
+
raise(KeyError, "#{key} is a MUST field for Oauth V2 HMAC Authorization header.") unless hash.has_key?(key)
|
118
|
+
next if !hash[key].nil? && !hash[key].empty?
|
119
|
+
raise(StandardError, "#{key} is a MUST field for Oauth V2 HMAC Authorization header and can not be blank!") unless hash.has_key?(key)
|
120
|
+
end
|
121
|
+
end
|
122
|
+
end
|
123
|
+
end
|
124
|
+
end
|
@@ -0,0 +1,25 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
lib = File.expand_path('../lib', __FILE__)
|
3
|
+
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
4
|
+
require 'oauth2_hmac_header/version'
|
5
|
+
|
6
|
+
Gem::Specification.new do |spec|
|
7
|
+
spec.name = "oauth2_hmac_header"
|
8
|
+
spec.version = Oauth2HmacHeader::VERSION
|
9
|
+
spec.authors = ["Mustafa TURAN"]
|
10
|
+
spec.email = ["mustafaturan.net@gmail.com"]
|
11
|
+
|
12
|
+
spec.summary = %q{Authorization header generator, parser and validator Oauth v2 HTTP MAC authentication.}
|
13
|
+
spec.description = %q{Generate, parse and verify header information for oauth v2 http mac authentication.}
|
14
|
+
spec.homepage = "https://github.com/mustafaturan/oauth2_hmac_header"
|
15
|
+
|
16
|
+
spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
|
17
|
+
spec.bindir = "exe"
|
18
|
+
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
19
|
+
spec.require_paths = ["lib"]
|
20
|
+
|
21
|
+
spec.add_dependency "oauth2_hmac_sign"
|
22
|
+
spec.add_development_dependency "bundler"
|
23
|
+
spec.add_development_dependency "rake"
|
24
|
+
spec.add_development_dependency "rspec"
|
25
|
+
end
|
metadata
ADDED
@@ -0,0 +1,111 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: oauth2_hmac_header
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.1.0
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Mustafa TURAN
|
8
|
+
autorequire:
|
9
|
+
bindir: exe
|
10
|
+
cert_chain: []
|
11
|
+
date: 2015-08-02 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: oauth2_hmac_sign
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - ">="
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '0'
|
20
|
+
type: :runtime
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - ">="
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '0'
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: bundler
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - ">="
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: '0'
|
34
|
+
type: :development
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - ">="
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: '0'
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: rake
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - ">="
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: '0'
|
48
|
+
type: :development
|
49
|
+
prerelease: false
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - ">="
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: '0'
|
55
|
+
- !ruby/object:Gem::Dependency
|
56
|
+
name: rspec
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
58
|
+
requirements:
|
59
|
+
- - ">="
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: '0'
|
62
|
+
type: :development
|
63
|
+
prerelease: false
|
64
|
+
version_requirements: !ruby/object:Gem::Requirement
|
65
|
+
requirements:
|
66
|
+
- - ">="
|
67
|
+
- !ruby/object:Gem::Version
|
68
|
+
version: '0'
|
69
|
+
description: Generate, parse and verify header information for oauth v2 http mac authentication.
|
70
|
+
email:
|
71
|
+
- mustafaturan.net@gmail.com
|
72
|
+
executables: []
|
73
|
+
extensions: []
|
74
|
+
extra_rdoc_files: []
|
75
|
+
files:
|
76
|
+
- ".gitignore"
|
77
|
+
- ".rspec"
|
78
|
+
- ".travis.yml"
|
79
|
+
- Gemfile
|
80
|
+
- README.md
|
81
|
+
- Rakefile
|
82
|
+
- bin/console
|
83
|
+
- bin/setup
|
84
|
+
- lib/oauth2_hmac_header.rb
|
85
|
+
- lib/oauth2_hmac_header/authorization_header.rb
|
86
|
+
- lib/oauth2_hmac_header/version.rb
|
87
|
+
- oauth2_hmac_header.gemspec
|
88
|
+
homepage: https://github.com/mustafaturan/oauth2_hmac_header
|
89
|
+
licenses: []
|
90
|
+
metadata: {}
|
91
|
+
post_install_message:
|
92
|
+
rdoc_options: []
|
93
|
+
require_paths:
|
94
|
+
- lib
|
95
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
96
|
+
requirements:
|
97
|
+
- - ">="
|
98
|
+
- !ruby/object:Gem::Version
|
99
|
+
version: '0'
|
100
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
101
|
+
requirements:
|
102
|
+
- - ">="
|
103
|
+
- !ruby/object:Gem::Version
|
104
|
+
version: '0'
|
105
|
+
requirements: []
|
106
|
+
rubyforge_project:
|
107
|
+
rubygems_version: 2.4.5
|
108
|
+
signing_key:
|
109
|
+
specification_version: 4
|
110
|
+
summary: Authorization header generator, parser and validator Oauth v2 HTTP MAC authentication.
|
111
|
+
test_files: []
|