oauthenticator 1.3.5 → 1.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 16ab24b09d173ed8caca336faa49d9cc263513b5a1b918f656985dff431caa61
4
- data.tar.gz: d3439a11045ed50fb9c72ccb85d137c72ea04b04189d58729b24ca365744937f
3
+ metadata.gz: 98e9bd15e6f01dd9896f6d499d3141f56614f93fd13fc9ac000c24796e74c5c2
4
+ data.tar.gz: 5479b9b613a4a0b77758a325a007e258dbeaa9b9aaa430414223737870abb7b3
5
5
  SHA512:
6
- metadata.gz: bd14158bfbc8c6ff4f998226ae110d5d3c9d251fb011968dd5ddc7d3fd1d131450e5dce683e1590728218527ea2a9f31e82b17f81b674eb4ea391a4d68d0bdb0
7
- data.tar.gz: 82aef9ae6b004bcd95b5cf6a96c198089195022b3a131ec1346a62a2c18d3db1b6b2eae54af4ba41e665ef57677dc72bed6a9f886615fdeb53e7351e0a697918
6
+ metadata.gz: 6920168511a6582d34d4f4201e9c9d2c24adce1968389dc72e8d33878477b2a78d378aa4a140a817790ef41a8983c8ab620c631c83e6790333d7a7a3df41beff
7
+ data.tar.gz: 4260c1569b7a47d3bc1e9c3e40fb559cda77f5f1e888edeef1cb5943a927afd600f99348d0e6483a0de53005ad14707cd5e307e5509e41a138590c8190f9456f
@@ -1,3 +1,7 @@
1
+ # 1.4.0
2
+
3
+ - support signature methods HMAC-SHA256, HMAC-SHA512
4
+
1
5
  # 1.3.5
2
6
 
3
7
  - relax faraday and rack gem dependency constraints
@@ -66,9 +66,10 @@ module OAuthenticator
66
66
  end
67
67
 
68
68
  # the signature methods which the application will accept. this MUST be a subset of the signature methods
69
- # defined in the OAuth 1.0 protocol: `%w(HMAC-SHA1 RSA-SHA1 PLAINTEXT)`. the default value for this is all
70
- # allowed signature methods, and may remain unimplemented if you wish to allow all defined signature
71
- # methods.
69
+ # defined in the OAuth 1.0 protocol plus OAuthenticator-defined extensions:
70
+ # `%w(HMAC-SHA1 RSA-SHA1 PLAINTEXT HMAC-SHA512 HMAC-SHA256)`.
71
+ # the default value for this is all allowed signature methods, and may remain unimplemented if you wish
72
+ # to allow all defined signature methods.
72
73
  #
73
74
  # @return [Array<String>]
74
75
  def allowed_signature_methods
@@ -33,6 +33,7 @@ end
33
33
 
34
34
  class Rack::Test::Session
35
35
  actual_process_request = instance_method(:process_request)
36
+ remove_method(:process_request)
36
37
  define_method(:process_request) do |uri, env, &block|
37
38
  oauth_attrs = Thread.current[:oauthenticator_rack_test_attributes]
38
39
  if oauth_attrs
@@ -304,9 +304,33 @@ module OAuthenticator
304
304
  #
305
305
  # @return [String]
306
306
  def hmac_sha1_signature
307
+ hmac_digest_signature(OpenSSL::Digest::SHA1)
308
+ end
309
+
310
+ # signature, with method HMAC-SHA256. OAuthenticator extension, outside of spec. do not use.
311
+ # unless you want to.
312
+ #
313
+ # @return [String]
314
+ def hmac_sha256_signature
315
+ hmac_digest_signature(OpenSSL::Digest::SHA256)
316
+ end
317
+
318
+ # signature, with method HMAC-SHA512. OAuthenticator extension, outside of spec. do not use.
319
+ # unless you want to.
320
+ #
321
+ # @return [String]
322
+ def hmac_sha512_signature
323
+ hmac_digest_signature(OpenSSL::Digest::SHA512)
324
+ end
325
+
326
+ # signature with a HMAC digest
327
+ #
328
+ # @param digest_class [Class] the digest class
329
+ # @return [String]
330
+ def hmac_digest_signature(digest_class)
307
331
  # hmac secret is same as plaintext signature
308
332
  secret = plaintext_signature
309
- Base64.encode64(OpenSSL::HMAC.digest(OpenSSL::Digest::SHA1.new, secret, signature_base)).gsub(/\n/, '')
333
+ Base64.encode64(OpenSSL::HMAC.digest(digest_class.new, secret, signature_base)).gsub(/\n/, '')
310
334
  end
311
335
 
312
336
  # signature, with method plaintext. section 3.4.4
@@ -320,13 +344,39 @@ module OAuthenticator
320
344
  #
321
345
  # @return [String]
322
346
  def sha1_body_hash
323
- Base64.encode64(OpenSSL::Digest::SHA1.digest(read_body)).gsub(/\n/, '')
347
+ digest_body_hash(OpenSSL::Digest::SHA1)
348
+ end
349
+
350
+ # body hash, with a signature method which uses SHA256. OAuthenticator extension, outside of spec.
351
+ # do not use. unless you want to.
352
+ #
353
+ # @return [String]
354
+ def sha256_body_hash
355
+ digest_body_hash(OpenSSL::Digest::SHA256)
356
+ end
357
+
358
+ # body hash, with a signature method which uses SHA512. OAuthenticator extension, outside of spec.
359
+ # do not use. unless you want to.
360
+ #
361
+ # @return [String]
362
+ def sha512_body_hash
363
+ digest_body_hash(OpenSSL::Digest::SHA512)
364
+ end
365
+
366
+ # body hash with a given digest
367
+ #
368
+ # @param digest_class [Class] the digest class
369
+ # @return [String]
370
+ def digest_body_hash(digest_class)
371
+ Base64.encode64(digest_class.digest(read_body)).gsub(/\n/, '')
324
372
  end
325
373
 
326
374
  # map of oauth signature methods to their signature instance methods on this class
327
375
  SIGNATURE_METHODS = {
328
376
  'RSA-SHA1'.freeze => instance_method(:rsa_sha1_signature),
329
377
  'HMAC-SHA1'.freeze => instance_method(:hmac_sha1_signature),
378
+ 'HMAC-SHA256'.freeze => instance_method(:hmac_sha256_signature),
379
+ 'HMAC-SHA512'.freeze => instance_method(:hmac_sha512_signature),
330
380
  'PLAINTEXT'.freeze => instance_method(:plaintext_signature),
331
381
  }.freeze
332
382
 
@@ -335,6 +385,8 @@ module OAuthenticator
335
385
  BODY_HASH_METHODS = {
336
386
  'RSA-SHA1'.freeze => instance_method(:sha1_body_hash),
337
387
  'HMAC-SHA1'.freeze => instance_method(:sha1_body_hash),
388
+ 'HMAC-SHA256'.freeze => instance_method(:sha256_body_hash),
389
+ 'HMAC-SHA512'.freeze => instance_method(:sha512_body_hash),
338
390
  }.freeze
339
391
  end
340
392
  end
@@ -234,13 +234,13 @@ module OAuthenticator
234
234
  require 'oauthenticator/config_methods'
235
235
  include ConfigMethods
236
236
 
237
- private
238
-
239
237
  # hash of header params. keys should be a subset of OAUTH_ATTRIBUTE_KEYS.
240
238
  def oauth_header_params
241
239
  @oauth_header_params ||= OAuthenticator.parse_authorization(authorization)
242
240
  end
243
241
 
242
+ private
243
+
244
244
  # raise a nice error message for a method that needs to be implemented on a module of config methods
245
245
  def config_method_not_implemented
246
246
  caller_name = caller[0].match(%r(in `(.*?)'))[1]
@@ -1,5 +1,5 @@
1
1
  # OAuthenticator
2
2
  module OAuthenticator
3
3
  # OAuthenticator::VERSION
4
- VERSION = "1.3.5"
4
+ VERSION = "1.4.0"
5
5
  end
@@ -8,7 +8,7 @@ describe OAuthenticator::SignedRequest do
8
8
  exc = assert_raises(NotImplementedError) do
9
9
  OAuthenticator::SignedRequest.new({}).public_send(method_without_default)
10
10
  end
11
- assert_match /included in a subclass of OAuthenticator::SignedRequest/, exc.message
11
+ assert_match(/included in a subclass of OAuthenticator::SignedRequest/, exc.message)
12
12
  end
13
13
  it "uses the method #{method_without_default} when implemented" do
14
14
  called = false
@@ -21,7 +21,7 @@ describe OAuthenticator::SignedRequest do
21
21
  exc = assert_raises(NotImplementedError) do
22
22
  OAuthenticator::RackAuthenticator.new(proc {}, {:config_methods => Module.new}).call({'HTTP_AUTHORIZATION' => %q(OAuth oauth_timestamp="1")})
23
23
  end
24
- assert_match /passed to OAuthenticator::RackAuthenticator using the option :config_methods./, exc.message
24
+ assert_match(/passed to OAuthenticator::RackAuthenticator using the option :config_methods./, exc.message)
25
25
  end
26
26
  it "complains RackAuthenticator is not given config methods" do
27
27
  assert_raises(ArgumentError) do
@@ -36,7 +36,7 @@ describe OAuthenticator::SignedRequest do
36
36
  assert_equal 2, called
37
37
  end
38
38
  it 'uses the default value for allowed signature methods' do
39
- assert_equal %w(RSA-SHA1 HMAC-SHA1 PLAINTEXT).sort, OAuthenticator::SignedRequest.new({}).allowed_signature_methods.sort
39
+ assert_equal %w(RSA-SHA1 HMAC-SHA256 HMAC-SHA512 HMAC-SHA1 PLAINTEXT).sort, OAuthenticator::SignedRequest.new({}).allowed_signature_methods.sort
40
40
  end
41
41
  it 'uses default value for body_hash_required?' do
42
42
  assert_equal false, OAuthenticator::SignedRequest.new({}).body_hash_required?
@@ -127,7 +127,7 @@ describe OAuthenticator::SignableRequest do
127
127
  it 'complains about missing required params' do
128
128
  err = assert_raises(ArgumentError) { OAuthenticator::SignableRequest.new({}) }
129
129
  %w(request_method uri media_type body consumer_key signature_method).each do |required|
130
- assert_match /#{required}/, err.message
130
+ assert_match(/#{required}/, err.message)
131
131
  end
132
132
  end
133
133
  end
@@ -135,7 +135,7 @@ describe OAuthenticator::SignableRequest do
135
135
 
136
136
  describe 'the example in 3.1' do
137
137
  # a request with attributes from the oauth spec
138
- def spec_request(attributes={})
138
+ def spec_request
139
139
  example_request({
140
140
  :request_method => 'POST',
141
141
  :uri => 'http://example.com/request?b5=%3D%253D&a3=a&c%40=&a2=r%20b',
@@ -231,6 +231,20 @@ describe OAuthenticator::SignableRequest do
231
231
  end
232
232
  end
233
233
 
234
+ describe 'HMAC-SHA256' do
235
+ it 'signs with a HMAC-SHA256 digest of the signature base' do
236
+ request = example_request(
237
+ :token => 'a token',
238
+ :token_secret => 'a token secret',
239
+ :signature_method => 'HMAC-SHA256',
240
+ :nonce => 'a nonce',
241
+ :timestamp => 1397726597,
242
+ :hash_body? => false
243
+ )
244
+ assert_equal('Cb4UAr3l25eqC7p2PSm0l6j7lgXvh5SPnMOhPAJ1jWU=', request.signed_protocol_params['oauth_signature'])
245
+ end
246
+ end
247
+
234
248
  describe 'RSA-SHA1' do
235
249
  it 'signs with a RSA private key SHA1 signature' do
236
250
  request = example_request(
@@ -487,6 +501,10 @@ describe OAuthenticator::SignableRequest do
487
501
  request = example_request(:media_type => 'text/plain', :body => 'foo=bar', :signature_method => 'HMAC-SHA1')
488
502
  assert_equal('L7j0ARXdHmlcviPU+Xzlsftpfu4=', request.protocol_params['oauth_body_hash'])
489
503
  end
504
+ it 'includes by default with non-form-encoded and HMAC-SHA256' do
505
+ request = example_request(:media_type => 'text/plain', :body => 'foo=bar', :signature_method => 'HMAC-SHA256')
506
+ assert_equal('O6iQfnolIydIjfOQ7VF8Rblt6tAzYAIZvcpxB9HT+Io=', request.protocol_params['oauth_body_hash'])
507
+ end
490
508
  it 'includes by default with non-form-encoded and RSA-SHA1' do
491
509
  request = example_request(:media_type => 'text/plain', :body => 'foo=bar', :signature_method => 'RSA-SHA1', :consumer_secret => rsa_private_key)
492
510
  assert_equal('L7j0ARXdHmlcviPU+Xzlsftpfu4=', request.protocol_params['oauth_body_hash'])
@@ -499,6 +517,10 @@ describe OAuthenticator::SignableRequest do
499
517
  request = example_request(:media_type => 'application/x-www-form-urlencoded', :body => 'foo=bar', :signature_method => 'HMAC-SHA1')
500
518
  assert(!request.protocol_params.key?('oauth_body_hash'))
501
519
  end
520
+ it 'does not include by default with form-encoded and HMAC-SHA256' do
521
+ request = example_request(:media_type => 'application/x-www-form-urlencoded', :body => 'foo=bar', :signature_method => 'HMAC-SHA256')
522
+ assert(!request.protocol_params.key?('oauth_body_hash'))
523
+ end
502
524
  it 'does not include by default with form-encoded and RSA-SHA1' do
503
525
  request = example_request(:media_type => 'application/x-www-form-urlencoded', :body => 'foo=bar', :signature_method => 'RSA-SHA1', :consumer_secret => rsa_private_key)
504
526
  assert(!request.protocol_params.key?('oauth_body_hash'))
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: oauthenticator
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.3.5
4
+ version: 1.4.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Ethan
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-08-13 00:00:00.000000000 Z
11
+ date: 2021-01-13 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rack