oauthenticator 1.3.5 → 1.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -0
- data/lib/oauthenticator/config_methods.rb +4 -3
- data/lib/oauthenticator/rack_test_signer.rb +1 -0
- data/lib/oauthenticator/signable_request.rb +54 -2
- data/lib/oauthenticator/signed_request.rb +2 -2
- data/lib/oauthenticator/version.rb +1 -1
- data/test/config_methods_test.rb +3 -3
- data/test/signable_request_test.rb +24 -2
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 98e9bd15e6f01dd9896f6d499d3141f56614f93fd13fc9ac000c24796e74c5c2
|
4
|
+
data.tar.gz: 5479b9b613a4a0b77758a325a007e258dbeaa9b9aaa430414223737870abb7b3
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 6920168511a6582d34d4f4201e9c9d2c24adce1968389dc72e8d33878477b2a78d378aa4a140a817790ef41a8983c8ab620c631c83e6790333d7a7a3df41beff
|
7
|
+
data.tar.gz: 4260c1569b7a47d3bc1e9c3e40fb559cda77f5f1e888edeef1cb5943a927afd600f99348d0e6483a0de53005ad14707cd5e307e5509e41a138590c8190f9456f
|
data/CHANGELOG.md
CHANGED
@@ -66,9 +66,10 @@ module OAuthenticator
|
|
66
66
|
end
|
67
67
|
|
68
68
|
# the signature methods which the application will accept. this MUST be a subset of the signature methods
|
69
|
-
# defined in the OAuth 1.0 protocol
|
70
|
-
#
|
71
|
-
# methods
|
69
|
+
# defined in the OAuth 1.0 protocol plus OAuthenticator-defined extensions:
|
70
|
+
# `%w(HMAC-SHA1 RSA-SHA1 PLAINTEXT HMAC-SHA512 HMAC-SHA256)`.
|
71
|
+
# the default value for this is all allowed signature methods, and may remain unimplemented if you wish
|
72
|
+
# to allow all defined signature methods.
|
72
73
|
#
|
73
74
|
# @return [Array<String>]
|
74
75
|
def allowed_signature_methods
|
@@ -33,6 +33,7 @@ end
|
|
33
33
|
|
34
34
|
class Rack::Test::Session
|
35
35
|
actual_process_request = instance_method(:process_request)
|
36
|
+
remove_method(:process_request)
|
36
37
|
define_method(:process_request) do |uri, env, &block|
|
37
38
|
oauth_attrs = Thread.current[:oauthenticator_rack_test_attributes]
|
38
39
|
if oauth_attrs
|
@@ -304,9 +304,33 @@ module OAuthenticator
|
|
304
304
|
#
|
305
305
|
# @return [String]
|
306
306
|
def hmac_sha1_signature
|
307
|
+
hmac_digest_signature(OpenSSL::Digest::SHA1)
|
308
|
+
end
|
309
|
+
|
310
|
+
# signature, with method HMAC-SHA256. OAuthenticator extension, outside of spec. do not use.
|
311
|
+
# unless you want to.
|
312
|
+
#
|
313
|
+
# @return [String]
|
314
|
+
def hmac_sha256_signature
|
315
|
+
hmac_digest_signature(OpenSSL::Digest::SHA256)
|
316
|
+
end
|
317
|
+
|
318
|
+
# signature, with method HMAC-SHA512. OAuthenticator extension, outside of spec. do not use.
|
319
|
+
# unless you want to.
|
320
|
+
#
|
321
|
+
# @return [String]
|
322
|
+
def hmac_sha512_signature
|
323
|
+
hmac_digest_signature(OpenSSL::Digest::SHA512)
|
324
|
+
end
|
325
|
+
|
326
|
+
# signature with a HMAC digest
|
327
|
+
#
|
328
|
+
# @param digest_class [Class] the digest class
|
329
|
+
# @return [String]
|
330
|
+
def hmac_digest_signature(digest_class)
|
307
331
|
# hmac secret is same as plaintext signature
|
308
332
|
secret = plaintext_signature
|
309
|
-
Base64.encode64(OpenSSL::HMAC.digest(
|
333
|
+
Base64.encode64(OpenSSL::HMAC.digest(digest_class.new, secret, signature_base)).gsub(/\n/, '')
|
310
334
|
end
|
311
335
|
|
312
336
|
# signature, with method plaintext. section 3.4.4
|
@@ -320,13 +344,39 @@ module OAuthenticator
|
|
320
344
|
#
|
321
345
|
# @return [String]
|
322
346
|
def sha1_body_hash
|
323
|
-
|
347
|
+
digest_body_hash(OpenSSL::Digest::SHA1)
|
348
|
+
end
|
349
|
+
|
350
|
+
# body hash, with a signature method which uses SHA256. OAuthenticator extension, outside of spec.
|
351
|
+
# do not use. unless you want to.
|
352
|
+
#
|
353
|
+
# @return [String]
|
354
|
+
def sha256_body_hash
|
355
|
+
digest_body_hash(OpenSSL::Digest::SHA256)
|
356
|
+
end
|
357
|
+
|
358
|
+
# body hash, with a signature method which uses SHA512. OAuthenticator extension, outside of spec.
|
359
|
+
# do not use. unless you want to.
|
360
|
+
#
|
361
|
+
# @return [String]
|
362
|
+
def sha512_body_hash
|
363
|
+
digest_body_hash(OpenSSL::Digest::SHA512)
|
364
|
+
end
|
365
|
+
|
366
|
+
# body hash with a given digest
|
367
|
+
#
|
368
|
+
# @param digest_class [Class] the digest class
|
369
|
+
# @return [String]
|
370
|
+
def digest_body_hash(digest_class)
|
371
|
+
Base64.encode64(digest_class.digest(read_body)).gsub(/\n/, '')
|
324
372
|
end
|
325
373
|
|
326
374
|
# map of oauth signature methods to their signature instance methods on this class
|
327
375
|
SIGNATURE_METHODS = {
|
328
376
|
'RSA-SHA1'.freeze => instance_method(:rsa_sha1_signature),
|
329
377
|
'HMAC-SHA1'.freeze => instance_method(:hmac_sha1_signature),
|
378
|
+
'HMAC-SHA256'.freeze => instance_method(:hmac_sha256_signature),
|
379
|
+
'HMAC-SHA512'.freeze => instance_method(:hmac_sha512_signature),
|
330
380
|
'PLAINTEXT'.freeze => instance_method(:plaintext_signature),
|
331
381
|
}.freeze
|
332
382
|
|
@@ -335,6 +385,8 @@ module OAuthenticator
|
|
335
385
|
BODY_HASH_METHODS = {
|
336
386
|
'RSA-SHA1'.freeze => instance_method(:sha1_body_hash),
|
337
387
|
'HMAC-SHA1'.freeze => instance_method(:sha1_body_hash),
|
388
|
+
'HMAC-SHA256'.freeze => instance_method(:sha256_body_hash),
|
389
|
+
'HMAC-SHA512'.freeze => instance_method(:sha512_body_hash),
|
338
390
|
}.freeze
|
339
391
|
end
|
340
392
|
end
|
@@ -234,13 +234,13 @@ module OAuthenticator
|
|
234
234
|
require 'oauthenticator/config_methods'
|
235
235
|
include ConfigMethods
|
236
236
|
|
237
|
-
private
|
238
|
-
|
239
237
|
# hash of header params. keys should be a subset of OAUTH_ATTRIBUTE_KEYS.
|
240
238
|
def oauth_header_params
|
241
239
|
@oauth_header_params ||= OAuthenticator.parse_authorization(authorization)
|
242
240
|
end
|
243
241
|
|
242
|
+
private
|
243
|
+
|
244
244
|
# raise a nice error message for a method that needs to be implemented on a module of config methods
|
245
245
|
def config_method_not_implemented
|
246
246
|
caller_name = caller[0].match(%r(in `(.*?)'))[1]
|
data/test/config_methods_test.rb
CHANGED
@@ -8,7 +8,7 @@ describe OAuthenticator::SignedRequest do
|
|
8
8
|
exc = assert_raises(NotImplementedError) do
|
9
9
|
OAuthenticator::SignedRequest.new({}).public_send(method_without_default)
|
10
10
|
end
|
11
|
-
assert_match
|
11
|
+
assert_match(/included in a subclass of OAuthenticator::SignedRequest/, exc.message)
|
12
12
|
end
|
13
13
|
it "uses the method #{method_without_default} when implemented" do
|
14
14
|
called = false
|
@@ -21,7 +21,7 @@ describe OAuthenticator::SignedRequest do
|
|
21
21
|
exc = assert_raises(NotImplementedError) do
|
22
22
|
OAuthenticator::RackAuthenticator.new(proc {}, {:config_methods => Module.new}).call({'HTTP_AUTHORIZATION' => %q(OAuth oauth_timestamp="1")})
|
23
23
|
end
|
24
|
-
assert_match
|
24
|
+
assert_match(/passed to OAuthenticator::RackAuthenticator using the option :config_methods./, exc.message)
|
25
25
|
end
|
26
26
|
it "complains RackAuthenticator is not given config methods" do
|
27
27
|
assert_raises(ArgumentError) do
|
@@ -36,7 +36,7 @@ describe OAuthenticator::SignedRequest do
|
|
36
36
|
assert_equal 2, called
|
37
37
|
end
|
38
38
|
it 'uses the default value for allowed signature methods' do
|
39
|
-
assert_equal %w(RSA-SHA1 HMAC-SHA1 PLAINTEXT).sort, OAuthenticator::SignedRequest.new({}).allowed_signature_methods.sort
|
39
|
+
assert_equal %w(RSA-SHA1 HMAC-SHA256 HMAC-SHA512 HMAC-SHA1 PLAINTEXT).sort, OAuthenticator::SignedRequest.new({}).allowed_signature_methods.sort
|
40
40
|
end
|
41
41
|
it 'uses default value for body_hash_required?' do
|
42
42
|
assert_equal false, OAuthenticator::SignedRequest.new({}).body_hash_required?
|
@@ -127,7 +127,7 @@ describe OAuthenticator::SignableRequest do
|
|
127
127
|
it 'complains about missing required params' do
|
128
128
|
err = assert_raises(ArgumentError) { OAuthenticator::SignableRequest.new({}) }
|
129
129
|
%w(request_method uri media_type body consumer_key signature_method).each do |required|
|
130
|
-
assert_match
|
130
|
+
assert_match(/#{required}/, err.message)
|
131
131
|
end
|
132
132
|
end
|
133
133
|
end
|
@@ -135,7 +135,7 @@ describe OAuthenticator::SignableRequest do
|
|
135
135
|
|
136
136
|
describe 'the example in 3.1' do
|
137
137
|
# a request with attributes from the oauth spec
|
138
|
-
def spec_request
|
138
|
+
def spec_request
|
139
139
|
example_request({
|
140
140
|
:request_method => 'POST',
|
141
141
|
:uri => 'http://example.com/request?b5=%3D%253D&a3=a&c%40=&a2=r%20b',
|
@@ -231,6 +231,20 @@ describe OAuthenticator::SignableRequest do
|
|
231
231
|
end
|
232
232
|
end
|
233
233
|
|
234
|
+
describe 'HMAC-SHA256' do
|
235
|
+
it 'signs with a HMAC-SHA256 digest of the signature base' do
|
236
|
+
request = example_request(
|
237
|
+
:token => 'a token',
|
238
|
+
:token_secret => 'a token secret',
|
239
|
+
:signature_method => 'HMAC-SHA256',
|
240
|
+
:nonce => 'a nonce',
|
241
|
+
:timestamp => 1397726597,
|
242
|
+
:hash_body? => false
|
243
|
+
)
|
244
|
+
assert_equal('Cb4UAr3l25eqC7p2PSm0l6j7lgXvh5SPnMOhPAJ1jWU=', request.signed_protocol_params['oauth_signature'])
|
245
|
+
end
|
246
|
+
end
|
247
|
+
|
234
248
|
describe 'RSA-SHA1' do
|
235
249
|
it 'signs with a RSA private key SHA1 signature' do
|
236
250
|
request = example_request(
|
@@ -487,6 +501,10 @@ describe OAuthenticator::SignableRequest do
|
|
487
501
|
request = example_request(:media_type => 'text/plain', :body => 'foo=bar', :signature_method => 'HMAC-SHA1')
|
488
502
|
assert_equal('L7j0ARXdHmlcviPU+Xzlsftpfu4=', request.protocol_params['oauth_body_hash'])
|
489
503
|
end
|
504
|
+
it 'includes by default with non-form-encoded and HMAC-SHA256' do
|
505
|
+
request = example_request(:media_type => 'text/plain', :body => 'foo=bar', :signature_method => 'HMAC-SHA256')
|
506
|
+
assert_equal('O6iQfnolIydIjfOQ7VF8Rblt6tAzYAIZvcpxB9HT+Io=', request.protocol_params['oauth_body_hash'])
|
507
|
+
end
|
490
508
|
it 'includes by default with non-form-encoded and RSA-SHA1' do
|
491
509
|
request = example_request(:media_type => 'text/plain', :body => 'foo=bar', :signature_method => 'RSA-SHA1', :consumer_secret => rsa_private_key)
|
492
510
|
assert_equal('L7j0ARXdHmlcviPU+Xzlsftpfu4=', request.protocol_params['oauth_body_hash'])
|
@@ -499,6 +517,10 @@ describe OAuthenticator::SignableRequest do
|
|
499
517
|
request = example_request(:media_type => 'application/x-www-form-urlencoded', :body => 'foo=bar', :signature_method => 'HMAC-SHA1')
|
500
518
|
assert(!request.protocol_params.key?('oauth_body_hash'))
|
501
519
|
end
|
520
|
+
it 'does not include by default with form-encoded and HMAC-SHA256' do
|
521
|
+
request = example_request(:media_type => 'application/x-www-form-urlencoded', :body => 'foo=bar', :signature_method => 'HMAC-SHA256')
|
522
|
+
assert(!request.protocol_params.key?('oauth_body_hash'))
|
523
|
+
end
|
502
524
|
it 'does not include by default with form-encoded and RSA-SHA1' do
|
503
525
|
request = example_request(:media_type => 'application/x-www-form-urlencoded', :body => 'foo=bar', :signature_method => 'RSA-SHA1', :consumer_secret => rsa_private_key)
|
504
526
|
assert(!request.protocol_params.key?('oauth_body_hash'))
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: oauthenticator
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.4.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Ethan
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2021-01-13 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rack
|