oauthenticator 1.3.5 → 1.4.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 16ab24b09d173ed8caca336faa49d9cc263513b5a1b918f656985dff431caa61
4
- data.tar.gz: d3439a11045ed50fb9c72ccb85d137c72ea04b04189d58729b24ca365744937f
3
+ metadata.gz: 98e9bd15e6f01dd9896f6d499d3141f56614f93fd13fc9ac000c24796e74c5c2
4
+ data.tar.gz: 5479b9b613a4a0b77758a325a007e258dbeaa9b9aaa430414223737870abb7b3
5
5
  SHA512:
6
- metadata.gz: bd14158bfbc8c6ff4f998226ae110d5d3c9d251fb011968dd5ddc7d3fd1d131450e5dce683e1590728218527ea2a9f31e82b17f81b674eb4ea391a4d68d0bdb0
7
- data.tar.gz: 82aef9ae6b004bcd95b5cf6a96c198089195022b3a131ec1346a62a2c18d3db1b6b2eae54af4ba41e665ef57677dc72bed6a9f886615fdeb53e7351e0a697918
6
+ metadata.gz: 6920168511a6582d34d4f4201e9c9d2c24adce1968389dc72e8d33878477b2a78d378aa4a140a817790ef41a8983c8ab620c631c83e6790333d7a7a3df41beff
7
+ data.tar.gz: 4260c1569b7a47d3bc1e9c3e40fb559cda77f5f1e888edeef1cb5943a927afd600f99348d0e6483a0de53005ad14707cd5e307e5509e41a138590c8190f9456f
@@ -1,3 +1,7 @@
1
+ # 1.4.0
2
+
3
+ - support signature methods HMAC-SHA256, HMAC-SHA512
4
+
1
5
  # 1.3.5
2
6
 
3
7
  - relax faraday and rack gem dependency constraints
@@ -66,9 +66,10 @@ module OAuthenticator
66
66
  end
67
67
 
68
68
  # the signature methods which the application will accept. this MUST be a subset of the signature methods
69
- # defined in the OAuth 1.0 protocol: `%w(HMAC-SHA1 RSA-SHA1 PLAINTEXT)`. the default value for this is all
70
- # allowed signature methods, and may remain unimplemented if you wish to allow all defined signature
71
- # methods.
69
+ # defined in the OAuth 1.0 protocol plus OAuthenticator-defined extensions:
70
+ # `%w(HMAC-SHA1 RSA-SHA1 PLAINTEXT HMAC-SHA512 HMAC-SHA256)`.
71
+ # the default value for this is all allowed signature methods, and may remain unimplemented if you wish
72
+ # to allow all defined signature methods.
72
73
  #
73
74
  # @return [Array<String>]
74
75
  def allowed_signature_methods
@@ -33,6 +33,7 @@ end
33
33
 
34
34
  class Rack::Test::Session
35
35
  actual_process_request = instance_method(:process_request)
36
+ remove_method(:process_request)
36
37
  define_method(:process_request) do |uri, env, &block|
37
38
  oauth_attrs = Thread.current[:oauthenticator_rack_test_attributes]
38
39
  if oauth_attrs
@@ -304,9 +304,33 @@ module OAuthenticator
304
304
  #
305
305
  # @return [String]
306
306
  def hmac_sha1_signature
307
+ hmac_digest_signature(OpenSSL::Digest::SHA1)
308
+ end
309
+
310
+ # signature, with method HMAC-SHA256. OAuthenticator extension, outside of spec. do not use.
311
+ # unless you want to.
312
+ #
313
+ # @return [String]
314
+ def hmac_sha256_signature
315
+ hmac_digest_signature(OpenSSL::Digest::SHA256)
316
+ end
317
+
318
+ # signature, with method HMAC-SHA512. OAuthenticator extension, outside of spec. do not use.
319
+ # unless you want to.
320
+ #
321
+ # @return [String]
322
+ def hmac_sha512_signature
323
+ hmac_digest_signature(OpenSSL::Digest::SHA512)
324
+ end
325
+
326
+ # signature with a HMAC digest
327
+ #
328
+ # @param digest_class [Class] the digest class
329
+ # @return [String]
330
+ def hmac_digest_signature(digest_class)
307
331
  # hmac secret is same as plaintext signature
308
332
  secret = plaintext_signature
309
- Base64.encode64(OpenSSL::HMAC.digest(OpenSSL::Digest::SHA1.new, secret, signature_base)).gsub(/\n/, '')
333
+ Base64.encode64(OpenSSL::HMAC.digest(digest_class.new, secret, signature_base)).gsub(/\n/, '')
310
334
  end
311
335
 
312
336
  # signature, with method plaintext. section 3.4.4
@@ -320,13 +344,39 @@ module OAuthenticator
320
344
  #
321
345
  # @return [String]
322
346
  def sha1_body_hash
323
- Base64.encode64(OpenSSL::Digest::SHA1.digest(read_body)).gsub(/\n/, '')
347
+ digest_body_hash(OpenSSL::Digest::SHA1)
348
+ end
349
+
350
+ # body hash, with a signature method which uses SHA256. OAuthenticator extension, outside of spec.
351
+ # do not use. unless you want to.
352
+ #
353
+ # @return [String]
354
+ def sha256_body_hash
355
+ digest_body_hash(OpenSSL::Digest::SHA256)
356
+ end
357
+
358
+ # body hash, with a signature method which uses SHA512. OAuthenticator extension, outside of spec.
359
+ # do not use. unless you want to.
360
+ #
361
+ # @return [String]
362
+ def sha512_body_hash
363
+ digest_body_hash(OpenSSL::Digest::SHA512)
364
+ end
365
+
366
+ # body hash with a given digest
367
+ #
368
+ # @param digest_class [Class] the digest class
369
+ # @return [String]
370
+ def digest_body_hash(digest_class)
371
+ Base64.encode64(digest_class.digest(read_body)).gsub(/\n/, '')
324
372
  end
325
373
 
326
374
  # map of oauth signature methods to their signature instance methods on this class
327
375
  SIGNATURE_METHODS = {
328
376
  'RSA-SHA1'.freeze => instance_method(:rsa_sha1_signature),
329
377
  'HMAC-SHA1'.freeze => instance_method(:hmac_sha1_signature),
378
+ 'HMAC-SHA256'.freeze => instance_method(:hmac_sha256_signature),
379
+ 'HMAC-SHA512'.freeze => instance_method(:hmac_sha512_signature),
330
380
  'PLAINTEXT'.freeze => instance_method(:plaintext_signature),
331
381
  }.freeze
332
382
 
@@ -335,6 +385,8 @@ module OAuthenticator
335
385
  BODY_HASH_METHODS = {
336
386
  'RSA-SHA1'.freeze => instance_method(:sha1_body_hash),
337
387
  'HMAC-SHA1'.freeze => instance_method(:sha1_body_hash),
388
+ 'HMAC-SHA256'.freeze => instance_method(:sha256_body_hash),
389
+ 'HMAC-SHA512'.freeze => instance_method(:sha512_body_hash),
338
390
  }.freeze
339
391
  end
340
392
  end
@@ -234,13 +234,13 @@ module OAuthenticator
234
234
  require 'oauthenticator/config_methods'
235
235
  include ConfigMethods
236
236
 
237
- private
238
-
239
237
  # hash of header params. keys should be a subset of OAUTH_ATTRIBUTE_KEYS.
240
238
  def oauth_header_params
241
239
  @oauth_header_params ||= OAuthenticator.parse_authorization(authorization)
242
240
  end
243
241
 
242
+ private
243
+
244
244
  # raise a nice error message for a method that needs to be implemented on a module of config methods
245
245
  def config_method_not_implemented
246
246
  caller_name = caller[0].match(%r(in `(.*?)'))[1]
@@ -1,5 +1,5 @@
1
1
  # OAuthenticator
2
2
  module OAuthenticator
3
3
  # OAuthenticator::VERSION
4
- VERSION = "1.3.5"
4
+ VERSION = "1.4.0"
5
5
  end
@@ -8,7 +8,7 @@ describe OAuthenticator::SignedRequest do
8
8
  exc = assert_raises(NotImplementedError) do
9
9
  OAuthenticator::SignedRequest.new({}).public_send(method_without_default)
10
10
  end
11
- assert_match /included in a subclass of OAuthenticator::SignedRequest/, exc.message
11
+ assert_match(/included in a subclass of OAuthenticator::SignedRequest/, exc.message)
12
12
  end
13
13
  it "uses the method #{method_without_default} when implemented" do
14
14
  called = false
@@ -21,7 +21,7 @@ describe OAuthenticator::SignedRequest do
21
21
  exc = assert_raises(NotImplementedError) do
22
22
  OAuthenticator::RackAuthenticator.new(proc {}, {:config_methods => Module.new}).call({'HTTP_AUTHORIZATION' => %q(OAuth oauth_timestamp="1")})
23
23
  end
24
- assert_match /passed to OAuthenticator::RackAuthenticator using the option :config_methods./, exc.message
24
+ assert_match(/passed to OAuthenticator::RackAuthenticator using the option :config_methods./, exc.message)
25
25
  end
26
26
  it "complains RackAuthenticator is not given config methods" do
27
27
  assert_raises(ArgumentError) do
@@ -36,7 +36,7 @@ describe OAuthenticator::SignedRequest do
36
36
  assert_equal 2, called
37
37
  end
38
38
  it 'uses the default value for allowed signature methods' do
39
- assert_equal %w(RSA-SHA1 HMAC-SHA1 PLAINTEXT).sort, OAuthenticator::SignedRequest.new({}).allowed_signature_methods.sort
39
+ assert_equal %w(RSA-SHA1 HMAC-SHA256 HMAC-SHA512 HMAC-SHA1 PLAINTEXT).sort, OAuthenticator::SignedRequest.new({}).allowed_signature_methods.sort
40
40
  end
41
41
  it 'uses default value for body_hash_required?' do
42
42
  assert_equal false, OAuthenticator::SignedRequest.new({}).body_hash_required?
@@ -127,7 +127,7 @@ describe OAuthenticator::SignableRequest do
127
127
  it 'complains about missing required params' do
128
128
  err = assert_raises(ArgumentError) { OAuthenticator::SignableRequest.new({}) }
129
129
  %w(request_method uri media_type body consumer_key signature_method).each do |required|
130
- assert_match /#{required}/, err.message
130
+ assert_match(/#{required}/, err.message)
131
131
  end
132
132
  end
133
133
  end
@@ -135,7 +135,7 @@ describe OAuthenticator::SignableRequest do
135
135
 
136
136
  describe 'the example in 3.1' do
137
137
  # a request with attributes from the oauth spec
138
- def spec_request(attributes={})
138
+ def spec_request
139
139
  example_request({
140
140
  :request_method => 'POST',
141
141
  :uri => 'http://example.com/request?b5=%3D%253D&a3=a&c%40=&a2=r%20b',
@@ -231,6 +231,20 @@ describe OAuthenticator::SignableRequest do
231
231
  end
232
232
  end
233
233
 
234
+ describe 'HMAC-SHA256' do
235
+ it 'signs with a HMAC-SHA256 digest of the signature base' do
236
+ request = example_request(
237
+ :token => 'a token',
238
+ :token_secret => 'a token secret',
239
+ :signature_method => 'HMAC-SHA256',
240
+ :nonce => 'a nonce',
241
+ :timestamp => 1397726597,
242
+ :hash_body? => false
243
+ )
244
+ assert_equal('Cb4UAr3l25eqC7p2PSm0l6j7lgXvh5SPnMOhPAJ1jWU=', request.signed_protocol_params['oauth_signature'])
245
+ end
246
+ end
247
+
234
248
  describe 'RSA-SHA1' do
235
249
  it 'signs with a RSA private key SHA1 signature' do
236
250
  request = example_request(
@@ -487,6 +501,10 @@ describe OAuthenticator::SignableRequest do
487
501
  request = example_request(:media_type => 'text/plain', :body => 'foo=bar', :signature_method => 'HMAC-SHA1')
488
502
  assert_equal('L7j0ARXdHmlcviPU+Xzlsftpfu4=', request.protocol_params['oauth_body_hash'])
489
503
  end
504
+ it 'includes by default with non-form-encoded and HMAC-SHA256' do
505
+ request = example_request(:media_type => 'text/plain', :body => 'foo=bar', :signature_method => 'HMAC-SHA256')
506
+ assert_equal('O6iQfnolIydIjfOQ7VF8Rblt6tAzYAIZvcpxB9HT+Io=', request.protocol_params['oauth_body_hash'])
507
+ end
490
508
  it 'includes by default with non-form-encoded and RSA-SHA1' do
491
509
  request = example_request(:media_type => 'text/plain', :body => 'foo=bar', :signature_method => 'RSA-SHA1', :consumer_secret => rsa_private_key)
492
510
  assert_equal('L7j0ARXdHmlcviPU+Xzlsftpfu4=', request.protocol_params['oauth_body_hash'])
@@ -499,6 +517,10 @@ describe OAuthenticator::SignableRequest do
499
517
  request = example_request(:media_type => 'application/x-www-form-urlencoded', :body => 'foo=bar', :signature_method => 'HMAC-SHA1')
500
518
  assert(!request.protocol_params.key?('oauth_body_hash'))
501
519
  end
520
+ it 'does not include by default with form-encoded and HMAC-SHA256' do
521
+ request = example_request(:media_type => 'application/x-www-form-urlencoded', :body => 'foo=bar', :signature_method => 'HMAC-SHA256')
522
+ assert(!request.protocol_params.key?('oauth_body_hash'))
523
+ end
502
524
  it 'does not include by default with form-encoded and RSA-SHA1' do
503
525
  request = example_request(:media_type => 'application/x-www-form-urlencoded', :body => 'foo=bar', :signature_method => 'RSA-SHA1', :consumer_secret => rsa_private_key)
504
526
  assert(!request.protocol_params.key?('oauth_body_hash'))
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: oauthenticator
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.3.5
4
+ version: 1.4.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Ethan
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-08-13 00:00:00.000000000 Z
11
+ date: 2021-01-13 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rack