rack-authenticate 0.2.0 → 0.3.0

data/lib/rack/authenticate/client.rb

@@ -11,14 +11,15 @@ module Rack
         @ajax = options[:ajax]
       end
 
-      def request_signature_headers(method, url, content_type = nil, content = nil)
+      def request_signature_headers(method, url, content = nil)
         {}.tap do |headers|
           headers[date_header_field] = date = Time.now.httpdate
           request = [method.to_s.upcase, url, date]
 
-          if content_md5 = content_md5_for(content_type, content)
+          if content
+            content_md5 = Digest::MD5.hexdigest(content)
             headers['Content-MD5'] = content_md5
-            request += [content_type, content_md5]
+            request << content_md5
           end
 
           digest = HMAC::SHA1.hexdigest(secret_key, request.join("\n"))
@@ -34,16 +35,6 @@ module Rack
         # Thus, we allow the custom X-Authorization-Date header to be used instead of Date.
         @ajax ? 'X-Authorization-Date' : 'Date'
       end
-
-      def content_md5_for(content_type, content)
-        if content_type.nil? && content.nil?
-          # no-op
-        elsif content_type && content
-          Digest::MD5.hexdigest(content)
-        else
-          raise ArgumentError.new("Both content_type and content must be given or neither.")
-        end
-      end
     end
   end
 end

data/lib/rack/authenticate/middleware.rb

@@ -54,7 +54,7 @@ module Rack
           return false unless date
 
           if has_content?
-            content_md5.to_s != '' && request.content_type.to_s != ''
+            content_md5.to_s != ''
           else
             true
           end
@@ -85,7 +85,7 @@ module Rack
 
         def canonicalized_request
           parts = [ request.request_method, request.url, date ]
-          parts += [ request.content_type, content_md5 ] if has_content?
+          parts << content_md5 if has_content?
           parts.join("\n")
         end
 

data/lib/rack/authenticate/version.rb

@@ -1,5 +1,5 @@
 module Rack
   module Authenticate
-    VERSION = "0.2.0"
+    VERSION = "0.3.0"
   end
 end

data/spec/rack/authenticate/client_spec.rb

@@ -20,18 +20,6 @@ module Rack
       subject { Client.new(access_id, secret_key, options) }
 
       describe "#request_signature_headers" do
-        it 'raises an Argument error if given a content type but not content' do
-          expect {
-            subject.request_signature_headers("get", "http://foo.com/", "text/plain", nil)
-          }.to raise_error(ArgumentError)
-        end
-
-        it 'raises an Argument error if given a content but no content type' do
-          expect {
-            subject.request_signature_headers("get", "http://foo.com/", nil, "content")
-          }.to raise_error(ArgumentError)
-        end
-
         it 'returns the auth header using the HMAC digest' do
           HMAC::SHA1.stub(:hexdigest => 'the-hex-digest')
           headers = subject.request_signature_headers("get", "http://foo.com/")
@@ -108,23 +96,23 @@ module Rack
           end
 
           it 'returns the Content-MD5 header in the headers hash' do
-            headers = subject.request_signature_headers("get", "http://foo.com/bar?q=buzz", "text/plain", "content")
+            headers = subject.request_signature_headers("get", "http://foo.com/bar?q=buzz", "content")
             headers.should include('Content-MD5' => content_md5)
           end
 
           it 'generates the Content-MD5 based on the content' do
             Digest::MD5.should_receive(:hexdigest).with("content")
-            subject.request_signature_headers("get", "http://foo.com/bar?q=buzz", "text/plain", "content")
+            subject.request_signature_headers("get", "http://foo.com/bar?q=buzz", "content")
           end
 
-          it 'uses the content type and content md5 in the digest' do
+          it 'uses the content md5 in the digest' do
             HMAC::SHA1.should_receive(:hexdigest) do |key, request|
               parts = request.split("\n")
-              parts.should have(5).parts
-              parts.last(2).should eq(['text/plain', 'the-content-md5'])
+              parts.should have(4).parts
+              parts.last.should eq('the-content-md5')
             end
 
-            subject.request_signature_headers("get", "http://foo.com/bar?q=buzz", "text/plain", "content")
+            subject.request_signature_headers("get", "http://foo.com/bar?q=buzz", "content")
           end
         end
       end

data/spec/rack/authenticate/middleware_spec.rb

@@ -85,16 +85,14 @@ module Rack
             Auth.new(basic_env).canonicalized_request
           end
 
-          it 'includes the content MD5 and Type when they are present' do
+          it 'includes the content MD5 when it is present' do
             basic_env['CONTENT_LENGTH'] = '10'
             basic_env['HTTP_CONTENT_MD5'] = content_md5
-            basic_env['CONTENT_TYPE'] = 'text/plain'
 
             Auth.new(basic_env).canonicalized_request.split("\n").should eq([
               'GET',
               'http://example.org/foo/bar',
               http_date,
-              'text/plain',
               content_md5
             ])
           end
@@ -155,19 +153,12 @@ module Rack
           context 'for a request with a body' do
             let(:env) { basic_env.merge('CONTENT_LENGTH' => '10') }
 
-            it 'returns true if it has a content type and content MD5' do
+            it 'returns true if it has a content MD5' do
               basic_env['HTTP_CONTENT_MD5'] = content_md5
-              basic_env['CONTENT_TYPE'] = 'text/plain'
               should have_all_required_parts
             end
 
             it 'returns false if it lacks the content md5 header' do
-              basic_env['CONTENT_TYPE'] = 'text/plain'
-              should_not have_all_required_parts
-            end
-
-            it 'returns false if it lacks the content type header' do
-              basic_env['HTTP_CONTENT_MD5'] = content_md5
               should_not have_all_required_parts
             end
           end
@@ -349,7 +340,7 @@ module Rack
 
         it 'generates the same signature as the client', :no_timecop do
           client = Client.new('abc', hmac_auth_creds['abc'])
-          client.request_signature_headers('post', 'http://example.org/foo', 'text/plain', "some content").each do |key, value|
+          client.request_signature_headers('post', 'http://example.org/foo', "some content").each do |key, value|
             header key, value
           end
 
@@ -360,7 +351,7 @@ module Rack
 
         it 'generates the same signature as an AJAX client', :no_timecop do
           client = Client.new('abc', hmac_auth_creds['abc'], :ajax => true)
-          client.request_signature_headers('post', 'http://example.org/foo', 'text/plain', "some content").each do |key, value|
+          client.request_signature_headers('post', 'http://example.org/foo', "some content").each do |key, value|
             header key, value
           end
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rack-authenticate
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.3.0
   prerelease: 
 platform: ruby
 authors:
@@ -9,11 +9,11 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2011-12-16 00:00:00.000000000Z
+date: 2011-12-19 00:00:00.000000000Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ruby-hmac
-  requirement: &2164691280 !ruby/object:Gem::Requirement
+  requirement: &2156269640 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -21,10 +21,10 @@ dependencies:
         version: 0.4.0
   type: :runtime
   prerelease: false
-  version_requirements: *2164691280
+  version_requirements: *2156269640
 - !ruby/object:Gem::Dependency
   name: rspec
-  requirement: &2164690620 !ruby/object:Gem::Requirement
+  requirement: &2156267980 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -32,10 +32,10 @@ dependencies:
         version: 2.8.0.rc1
   type: :development
   prerelease: false
-  version_requirements: *2164690620
+  version_requirements: *2156267980
 - !ruby/object:Gem::Dependency
   name: rack-test
-  requirement: &2164689740 !ruby/object:Gem::Requirement
+  requirement: &2156267060 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -43,10 +43,10 @@ dependencies:
         version: 0.6.1
   type: :development
   prerelease: false
-  version_requirements: *2164689740
+  version_requirements: *2156267060
 - !ruby/object:Gem::Dependency
   name: timecop
-  requirement: &2164689140 !ruby/object:Gem::Requirement
+  requirement: &2156266080 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -54,10 +54,10 @@ dependencies:
         version: 0.3.5
   type: :development
   prerelease: false
-  version_requirements: *2164689140
+  version_requirements: *2156266080
 - !ruby/object:Gem::Dependency
   name: rake
-  requirement: &2164688520 !ruby/object:Gem::Requirement
+  requirement: &2156265000 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -65,7 +65,7 @@ dependencies:
         version: 0.9.2.2
   type: :development
   prerelease: false
-  version_requirements: *2164688520
+  version_requirements: *2156265000
 description: A rack middleware that authenticates requests either using basic auth
   or via signed HMAC.
 email:
@@ -108,12 +108,18 @@ required_ruby_version: !ruby/object:Gem::Requirement
   - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
+      segments:
+      - 0
+      hash: 496392540953768214
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements:
   - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
+      segments:
+      - 0
+      hash: 496392540953768214
 requirements: []
 rubyforge_project: rack-authenticate
 rubygems_version: 1.8.6