rack-oauth2 0.6.9 → 0.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/.gitignore +0 -1
- data/Gemfile.lock +46 -0
- data/VERSION +1 -1
- data/lib/rack/oauth2/access_token/legacy.rb +1 -1
- data/lib/rack/oauth2/access_token/mac.rb +42 -38
- data/lib/rack/oauth2/access_token/mac/signature.rb +8 -21
- data/lib/rack/oauth2/server/resource/mac.rb +5 -5
- data/rack-oauth2.gemspec +1 -1
- data/spec/fake_response/tokens/mac.json +2 -2
- data/spec/rack/oauth2/access_token/legacy_spec.rb +5 -0
- data/spec/rack/oauth2/access_token/mac/body_hash_spec.rb +13 -0
- data/spec/rack/oauth2/access_token/mac/signature_spec.rb +43 -0
- data/spec/rack/oauth2/access_token/mac_spec.rb +17 -17
- data/spec/rack/oauth2/server/resource/mac_spec.rb +7 -7
- data/spec/spec_helper.rb +0 -3
- metadata +10 -2
data/.gitignore
CHANGED
data/Gemfile.lock
ADDED
|
@@ -0,0 +1,46 @@
|
|
|
1
|
+
PATH
|
|
2
|
+
remote: .
|
|
3
|
+
specs:
|
|
4
|
+
rack-oauth2 (0.6.9)
|
|
5
|
+
activesupport (>= 2.3)
|
|
6
|
+
attr_required (>= 0.0.3)
|
|
7
|
+
i18n
|
|
8
|
+
json (>= 1.4.3)
|
|
9
|
+
rack (>= 1.1)
|
|
10
|
+
restclient_with_cert
|
|
11
|
+
|
|
12
|
+
GEM
|
|
13
|
+
remote: http://rubygems.org/
|
|
14
|
+
specs:
|
|
15
|
+
activesupport (3.0.7)
|
|
16
|
+
attr_required (0.0.3)
|
|
17
|
+
diff-lcs (1.1.2)
|
|
18
|
+
fakeweb (1.3.0)
|
|
19
|
+
i18n (0.5.0)
|
|
20
|
+
json (1.5.1)
|
|
21
|
+
mime-types (1.16)
|
|
22
|
+
rack (1.2.2)
|
|
23
|
+
rake (0.8.7)
|
|
24
|
+
rcov (0.9.9)
|
|
25
|
+
rest-client (1.6.1)
|
|
26
|
+
mime-types (>= 1.16)
|
|
27
|
+
restclient_with_cert (0.0.7)
|
|
28
|
+
rest-client (>= 1.6)
|
|
29
|
+
rspec (2.5.0)
|
|
30
|
+
rspec-core (~> 2.5.0)
|
|
31
|
+
rspec-expectations (~> 2.5.0)
|
|
32
|
+
rspec-mocks (~> 2.5.0)
|
|
33
|
+
rspec-core (2.5.2)
|
|
34
|
+
rspec-expectations (2.5.0)
|
|
35
|
+
diff-lcs (~> 1.1.2)
|
|
36
|
+
rspec-mocks (2.5.0)
|
|
37
|
+
|
|
38
|
+
PLATFORMS
|
|
39
|
+
ruby
|
|
40
|
+
|
|
41
|
+
DEPENDENCIES
|
|
42
|
+
fakeweb (>= 1.3)
|
|
43
|
+
rack-oauth2!
|
|
44
|
+
rake (>= 0.8)
|
|
45
|
+
rcov (>= 0.9)
|
|
46
|
+
rspec (<= 2.5, >= 2)
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
0.
|
|
1
|
+
0.7.0
|
|
@@ -2,13 +2,19 @@ module Rack
|
|
|
2
2
|
module OAuth2
|
|
3
3
|
class AccessToken
|
|
4
4
|
class MAC < AccessToken
|
|
5
|
-
attr_required :
|
|
6
|
-
attr_optional :
|
|
5
|
+
attr_required :mac_key, :mac_algorithm
|
|
6
|
+
attr_optional :issued_at, :ext
|
|
7
|
+
attr_reader :nonce, :body_hash, :signature
|
|
8
|
+
|
|
9
|
+
def initialize(attributes = {})
|
|
10
|
+
super(attributes)
|
|
11
|
+
@issued_at ||= Time.now.utc
|
|
12
|
+
end
|
|
7
13
|
|
|
8
14
|
def token_response
|
|
9
15
|
super.merge(
|
|
10
|
-
:
|
|
11
|
-
:
|
|
16
|
+
:mac_key => mac_key,
|
|
17
|
+
:mac_algorithm => mac_algorithm
|
|
12
18
|
)
|
|
13
19
|
end
|
|
14
20
|
|
|
@@ -16,22 +22,20 @@ module Rack
|
|
|
16
22
|
if request.body_hash.present?
|
|
17
23
|
_body_hash_ = BodyHash.new(
|
|
18
24
|
:raw_body => request.body.read,
|
|
19
|
-
:algorithm => self.
|
|
25
|
+
:algorithm => self.mac_algorithm
|
|
20
26
|
)
|
|
21
27
|
_body_hash_.verify!(request.body_hash)
|
|
22
28
|
end
|
|
23
29
|
_signature_ = Signature.new(
|
|
24
|
-
:
|
|
25
|
-
:
|
|
26
|
-
:
|
|
27
|
-
:
|
|
28
|
-
:
|
|
29
|
-
:
|
|
30
|
-
:
|
|
31
|
-
:
|
|
32
|
-
:
|
|
33
|
-
:path => request.path,
|
|
34
|
-
:query => request.GET
|
|
30
|
+
:secret => self.mac_key,
|
|
31
|
+
:algorithm => self.mac_algorithm,
|
|
32
|
+
:nonce => request.nonce,
|
|
33
|
+
:method => request.request_method,
|
|
34
|
+
:request_uri => request.fullpath,
|
|
35
|
+
:host => request.host,
|
|
36
|
+
:port => request.port,
|
|
37
|
+
:body_hash => request.body_hash,
|
|
38
|
+
:ext => request.ext
|
|
35
39
|
)
|
|
36
40
|
_signature_.verify!(request.signature)
|
|
37
41
|
rescue Verifier::VerificationFailed => e
|
|
@@ -62,44 +66,44 @@ module Rack
|
|
|
62
66
|
|
|
63
67
|
def authenticate(method, url, headers = {}, payload = {})
|
|
64
68
|
_url_ = URI.parse(url)
|
|
65
|
-
|
|
66
|
-
self.nonce = generate_nonce
|
|
69
|
+
@nonce = generate_nonce
|
|
67
70
|
if payload.present?
|
|
68
71
|
raw_body = RestClient::Payload.generate(payload).to_s
|
|
69
72
|
_body_hash_ = BodyHash.new(
|
|
70
73
|
:raw_body => raw_body,
|
|
71
|
-
:algorithm => self.
|
|
74
|
+
:algorithm => self.mac_algorithm
|
|
72
75
|
)
|
|
73
|
-
|
|
76
|
+
@body_hash = _body_hash_.calculate
|
|
74
77
|
end
|
|
75
78
|
_signature_ = Signature.new(
|
|
76
|
-
:
|
|
77
|
-
:
|
|
78
|
-
:
|
|
79
|
-
:
|
|
80
|
-
:
|
|
81
|
-
:
|
|
82
|
-
:
|
|
83
|
-
:
|
|
84
|
-
:
|
|
85
|
-
:path => _url_.path,
|
|
86
|
-
:query => Rack::Utils.parse_nested_query(_url_.query)
|
|
79
|
+
:secret => self.mac_key,
|
|
80
|
+
:algorithm => self.mac_algorithm,
|
|
81
|
+
:nonce => self.nonce,
|
|
82
|
+
:method => method,
|
|
83
|
+
:request_uri => _url_.request_uri,
|
|
84
|
+
:host => _url_.host,
|
|
85
|
+
:port => _url_.port,
|
|
86
|
+
:body_hash => self.body_hash,
|
|
87
|
+
:ext => self.ext
|
|
87
88
|
)
|
|
88
|
-
|
|
89
|
+
@signature = _signature_.calculate
|
|
89
90
|
headers.merge(:AUTHORIZATION => authorization_header)
|
|
90
91
|
end
|
|
91
92
|
|
|
92
93
|
def authorization_header
|
|
93
94
|
header = "MAC"
|
|
94
|
-
header << "
|
|
95
|
-
header << " timestamp=\"#{timestamp}\","
|
|
95
|
+
header << " id=\"#{access_token}\","
|
|
96
96
|
header << " nonce=\"#{nonce}\","
|
|
97
|
-
header << " bodyhash=\"#{body_hash}\"," if
|
|
98
|
-
header << "
|
|
97
|
+
header << " bodyhash=\"#{body_hash}\"," if body_hash.present?
|
|
98
|
+
header << " ext=\"#{ext}\"," if ext.present?
|
|
99
|
+
header << " mac=\"#{signature}\""
|
|
99
100
|
end
|
|
100
101
|
|
|
101
102
|
def generate_nonce
|
|
102
|
-
|
|
103
|
+
[
|
|
104
|
+
(Time.now.utc - @issued_at).to_i,
|
|
105
|
+
ActiveSupport::SecureRandom.base64(16)
|
|
106
|
+
].join(':')
|
|
103
107
|
end
|
|
104
108
|
end
|
|
105
109
|
end
|
|
@@ -108,4 +112,4 @@ end
|
|
|
108
112
|
|
|
109
113
|
require 'rack/oauth2/access_token/mac/verifier'
|
|
110
114
|
require 'rack/oauth2/access_token/mac/body_hash'
|
|
111
|
-
require 'rack/oauth2/access_token/mac/signature'
|
|
115
|
+
require 'rack/oauth2/access_token/mac/signature'
|
|
@@ -3,8 +3,8 @@ module Rack
|
|
|
3
3
|
class AccessToken
|
|
4
4
|
class MAC
|
|
5
5
|
class Signature < Verifier
|
|
6
|
-
attr_required :
|
|
7
|
-
attr_optional :body_hash, :query
|
|
6
|
+
attr_required :secret, :nonce, :method, :request_uri, :host, :port
|
|
7
|
+
attr_optional :body_hash, :ext, :query
|
|
8
8
|
|
|
9
9
|
def calculate
|
|
10
10
|
Rack::OAuth2::Util.base64_encode OpenSSL::HMAC.digest(
|
|
@@ -15,31 +15,18 @@ module Rack
|
|
|
15
15
|
end
|
|
16
16
|
|
|
17
17
|
def normalized_request_string
|
|
18
|
-
|
|
19
|
-
token,
|
|
20
|
-
timestamp,
|
|
18
|
+
[
|
|
21
19
|
nonce,
|
|
22
|
-
body_hash || '',
|
|
23
20
|
method.to_s.upcase,
|
|
21
|
+
request_uri,
|
|
24
22
|
host,
|
|
25
23
|
port,
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
24
|
+
body_hash || '',
|
|
25
|
+
ext || '',
|
|
26
|
+
nil
|
|
27
|
+
].join("\n")
|
|
30
28
|
end
|
|
31
29
|
|
|
32
|
-
def normalized_query
|
|
33
|
-
if query.present?
|
|
34
|
-
query.inject([]) do |result, (key, value)|
|
|
35
|
-
result << [key, value]
|
|
36
|
-
end.sort.inject('') do |result, (key, value)|
|
|
37
|
-
result << "#{Rack::OAuth2::Util.rfc3986_encode key}=#{Rack::OAuth2::Util.rfc3986_encode value}\n"
|
|
38
|
-
end
|
|
39
|
-
else
|
|
40
|
-
''
|
|
41
|
-
end
|
|
42
|
-
end
|
|
43
30
|
end
|
|
44
31
|
end
|
|
45
32
|
end
|
|
@@ -11,15 +11,15 @@ module Rack
|
|
|
11
11
|
private
|
|
12
12
|
|
|
13
13
|
class Request < Resource::Request
|
|
14
|
-
attr_reader :
|
|
14
|
+
attr_reader :nonce, :body_hash, :ext, :signature
|
|
15
15
|
|
|
16
16
|
def setup!
|
|
17
17
|
auth_params = Rack::Auth::Digest::Params.parse(@auth_header.params).with_indifferent_access
|
|
18
|
-
@access_token = auth_params[:
|
|
19
|
-
@timestamp = auth_params[:timestamp]
|
|
18
|
+
@access_token = auth_params[:id]
|
|
20
19
|
@nonce = auth_params[:nonce]
|
|
21
20
|
@body_hash = auth_params[:bodyhash]
|
|
22
|
-
@
|
|
21
|
+
@ext = auth_params[:ext]
|
|
22
|
+
@signature = auth_params[:mac]
|
|
23
23
|
self
|
|
24
24
|
end
|
|
25
25
|
|
|
@@ -33,4 +33,4 @@ module Rack
|
|
|
33
33
|
end
|
|
34
34
|
end
|
|
35
35
|
|
|
36
|
-
require 'rack/oauth2/server/resource/mac/error'
|
|
36
|
+
require 'rack/oauth2/server/resource/mac/error'
|
data/rack-oauth2.gemspec
CHANGED
|
@@ -21,6 +21,6 @@ Gem::Specification.new do |s|
|
|
|
21
21
|
s.add_runtime_dependency "attr_required", ">= 0.0.3"
|
|
22
22
|
s.add_development_dependency "rake", ">= 0.8"
|
|
23
23
|
s.add_development_dependency "rcov", ">= 0.9"
|
|
24
|
-
s.add_development_dependency "rspec", ">= 2"
|
|
24
|
+
s.add_development_dependency "rspec", ">= 2", "<= 2.5"
|
|
25
25
|
s.add_development_dependency "fakeweb", ">= 1.3"
|
|
26
26
|
end
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
require 'spec_helper'
|
|
2
|
+
|
|
3
|
+
describe Rack::OAuth2::AccessToken::MAC::BodyHash do
|
|
4
|
+
# From the example of MAC spec section 3.2
|
|
5
|
+
# ref) http://tools.ietf.org/pdf/draft-ietf-oauth-v2-http-mac-00.pdf
|
|
6
|
+
subject do
|
|
7
|
+
Rack::OAuth2::AccessToken::MAC::BodyHash.new(
|
|
8
|
+
:algorithm => 'hmac-sha-1',
|
|
9
|
+
:raw_body => 'hello=world%21'
|
|
10
|
+
)
|
|
11
|
+
end
|
|
12
|
+
its(:calculate) { should == 'k9kbtCIy0CkI3/FEfpS/oIDjk6k=' }
|
|
13
|
+
end
|
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
require 'spec_helper'
|
|
2
|
+
|
|
3
|
+
describe Rack::OAuth2::AccessToken::MAC::Signature do
|
|
4
|
+
|
|
5
|
+
# From the example of MAC spec section 1.2
|
|
6
|
+
# ref) http://tools.ietf.org/pdf/draft-ietf-oauth-v2-http-mac-00.pdf
|
|
7
|
+
context 'when body_hash is given' do
|
|
8
|
+
subject do
|
|
9
|
+
Rack::OAuth2::AccessToken::MAC::Signature.new(
|
|
10
|
+
:secret => '8yfrufh348h',
|
|
11
|
+
:algorithm => 'hmac-sha-1',
|
|
12
|
+
:nonce => '273156:di3hvdf8',
|
|
13
|
+
:method => 'POST',
|
|
14
|
+
:request_uri => '/request',
|
|
15
|
+
:host => 'example.com',
|
|
16
|
+
:port => 80,
|
|
17
|
+
:body_hash => 'k9kbtCIy0CkI3/FEfpS/oIDjk6k=',
|
|
18
|
+
:ext => nil
|
|
19
|
+
)
|
|
20
|
+
end
|
|
21
|
+
its(:calculate) { should == 'W7bdMZbv9UWOTadASIQHagZyirA=' }
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
# From the example of MAC spec section 3.2
|
|
25
|
+
# ref) http://tools.ietf.org/pdf/draft-ietf-oauth-v2-http-mac-00.pdf
|
|
26
|
+
context 'otherwize' do
|
|
27
|
+
subject do
|
|
28
|
+
Rack::OAuth2::AccessToken::MAC::Signature.new(
|
|
29
|
+
:secret => '489dks293j39',
|
|
30
|
+
:algorithm => 'hmac-sha-1',
|
|
31
|
+
:nonce => '264095:dj83hs9s',
|
|
32
|
+
:method => 'GET',
|
|
33
|
+
:request_uri => '/resource/1?b=1&a=2',
|
|
34
|
+
:host => 'example.com',
|
|
35
|
+
:port => 80,
|
|
36
|
+
:body_hash => nil,
|
|
37
|
+
:ext => nil
|
|
38
|
+
)
|
|
39
|
+
end
|
|
40
|
+
its(:calculate) { should == 'SLDJd4mg43cjQfElUs3Qub4L6xE=' }
|
|
41
|
+
end
|
|
42
|
+
|
|
43
|
+
end
|
|
@@ -4,24 +4,24 @@ describe Rack::OAuth2::AccessToken::MAC do
|
|
|
4
4
|
let :token do
|
|
5
5
|
Rack::OAuth2::AccessToken::MAC.new(
|
|
6
6
|
:access_token => 'access_token',
|
|
7
|
-
:
|
|
8
|
-
:
|
|
7
|
+
:mac_key => 'secret',
|
|
8
|
+
:mac_algorithm => 'hmac-sha-256'
|
|
9
9
|
)
|
|
10
10
|
end
|
|
11
11
|
let(:resource_endpoint) { 'https://server.example.com/resources/fake' }
|
|
12
12
|
subject { token }
|
|
13
13
|
|
|
14
|
-
its(:
|
|
15
|
-
its(:
|
|
14
|
+
its(:mac_key) { should == 'secret' }
|
|
15
|
+
its(:mac_algorithm) { should == 'hmac-sha-256' }
|
|
16
16
|
its(:token_response) do
|
|
17
17
|
should == {
|
|
18
|
-
:token_type => :mac,
|
|
19
18
|
:access_token => 'access_token',
|
|
20
|
-
:secret => 'secret',
|
|
21
|
-
:algorithm => 'hmac-sha-256',
|
|
22
|
-
:expires_in => nil,
|
|
23
19
|
:refresh_token => nil,
|
|
24
|
-
:
|
|
20
|
+
:token_type => :mac,
|
|
21
|
+
:expires_in => nil,
|
|
22
|
+
:scope => '',
|
|
23
|
+
:mac_key => 'secret',
|
|
24
|
+
:mac_algorithm => 'hmac-sha-256'
|
|
25
25
|
}
|
|
26
26
|
end
|
|
27
27
|
its(:generate_nonce) { should be_a String }
|
|
@@ -37,7 +37,7 @@ describe Rack::OAuth2::AccessToken::MAC do
|
|
|
37
37
|
Time.fix(Time.at(1302361200)) do
|
|
38
38
|
RestClient.should_receive(:get).with(
|
|
39
39
|
resource_endpoint,
|
|
40
|
-
:AUTHORIZATION =>
|
|
40
|
+
:AUTHORIZATION => 'MAC id="access_token", nonce="51e74de734c05613f37520872e68db5f", mac="gMJ8AmvTGmfPFCJCf5DUwNTmT7ksw6GqyoGW2lUIUZ0="'
|
|
41
41
|
)
|
|
42
42
|
token.get resource_endpoint
|
|
43
43
|
end
|
|
@@ -50,7 +50,7 @@ describe Rack::OAuth2::AccessToken::MAC do
|
|
|
50
50
|
RestClient.should_receive(:post).with(
|
|
51
51
|
resource_endpoint,
|
|
52
52
|
{:key => :value},
|
|
53
|
-
{:AUTHORIZATION =>
|
|
53
|
+
{:AUTHORIZATION => 'MAC id="access_token", nonce="51e74de734c05613f37520872e68db5f", bodyhash="Vj8DVxGNBe8UXWvd8pZswj6Gyo8vAT+RXlZa/fCfeiM=", mac="7OOseGqNi14lThhRnwhItACXACM4Qp5GleBEuizzUpw="'}
|
|
54
54
|
)
|
|
55
55
|
token.post resource_endpoint, :key => :value
|
|
56
56
|
end
|
|
@@ -63,7 +63,7 @@ describe Rack::OAuth2::AccessToken::MAC do
|
|
|
63
63
|
RestClient.should_receive(:put).with(
|
|
64
64
|
resource_endpoint,
|
|
65
65
|
{:key => :value},
|
|
66
|
-
{:AUTHORIZATION =>
|
|
66
|
+
{:AUTHORIZATION => 'MAC id="access_token", nonce="51e74de734c05613f37520872e68db5f", bodyhash="Vj8DVxGNBe8UXWvd8pZswj6Gyo8vAT+RXlZa/fCfeiM=", mac="lxTg/F29zkE7vBEbAK9VULRpM4IN5uShqHbj2k7e9lA="'}
|
|
67
67
|
)
|
|
68
68
|
token.put resource_endpoint, :key => :value
|
|
69
69
|
end
|
|
@@ -75,7 +75,7 @@ describe Rack::OAuth2::AccessToken::MAC do
|
|
|
75
75
|
Time.fix(Time.at(1302361200)) do
|
|
76
76
|
RestClient.should_receive(:delete).with(
|
|
77
77
|
resource_endpoint,
|
|
78
|
-
:AUTHORIZATION =>
|
|
78
|
+
:AUTHORIZATION => 'MAC id="access_token", nonce="51e74de734c05613f37520872e68db5f", mac="JtOibEO1rBQNBGy6hUPT29L2cHSmLP09K+kUL4oEe/g="'
|
|
79
79
|
)
|
|
80
80
|
token.delete resource_endpoint
|
|
81
81
|
end
|
|
@@ -90,12 +90,12 @@ describe Rack::OAuth2::AccessToken::MAC do
|
|
|
90
90
|
let(:env) do
|
|
91
91
|
Rack::MockRequest.env_for(
|
|
92
92
|
'/protected_resources',
|
|
93
|
-
'HTTP_AUTHORIZATION' =>
|
|
93
|
+
'HTTP_AUTHORIZATION' => %{MAC id="access_token", nonce="51e74de734c05613f37520872e68db5f", mac="#{signature}"}
|
|
94
94
|
)
|
|
95
95
|
end
|
|
96
96
|
|
|
97
97
|
context 'when signature is valid' do
|
|
98
|
-
let(:signature) { '
|
|
98
|
+
let(:signature) { 'jWo6L7w86ZKNlkRYjzQxp/HJpSxZJXq60hfd+yw4si0=' }
|
|
99
99
|
it do
|
|
100
100
|
Time.fix(Time.at(1302361200)) do
|
|
101
101
|
token.verify!(request.setup!).should == :verified
|
|
@@ -122,7 +122,7 @@ describe Rack::OAuth2::AccessToken::MAC do
|
|
|
122
122
|
:params => {
|
|
123
123
|
:key1 => 'value1'
|
|
124
124
|
},
|
|
125
|
-
'HTTP_AUTHORIZATION' =>
|
|
125
|
+
'HTTP_AUTHORIZATION' => %{MAC id="access_token", nonce="51e74de734c05613f37520872e68db5f", bodyhash="#{body_hash}", mac="#{signature}"}
|
|
126
126
|
)
|
|
127
127
|
end
|
|
128
128
|
let(:signature) { 'invalid' }
|
|
@@ -141,7 +141,7 @@ describe Rack::OAuth2::AccessToken::MAC do
|
|
|
141
141
|
let(:body_hash) { 'TPzUbFn1S16mpfmwXCi1L+8oZHRxlLX9/D1ZwAV781o=' }
|
|
142
142
|
|
|
143
143
|
context 'when signature is valid' do
|
|
144
|
-
let(:signature) { '
|
|
144
|
+
let(:signature) { 'xNoae5ETuB9BVFH/vFV8y8S0fXdY41bSq0bekoLClwM=' }
|
|
145
145
|
it do
|
|
146
146
|
Time.fix(Time.at(1302361200)) do
|
|
147
147
|
token.verify!(request.setup!).should == :verified
|
|
@@ -7,8 +7,8 @@ describe Rack::OAuth2::Server::Resource::MAC do
|
|
|
7
7
|
when 'valid_token'
|
|
8
8
|
Rack::OAuth2::AccessToken::MAC.new(
|
|
9
9
|
:access_token => 'valid_token',
|
|
10
|
-
:
|
|
11
|
-
:
|
|
10
|
+
:mac_key => 'secret',
|
|
11
|
+
:mac_algorithm => 'hmac-sha-256'
|
|
12
12
|
).verify!(request)
|
|
13
13
|
when 'insufficient_scope_token'
|
|
14
14
|
request.insufficient_scope!
|
|
@@ -62,27 +62,27 @@ describe Rack::OAuth2::Server::Resource::MAC do
|
|
|
62
62
|
|
|
63
63
|
context 'when valid_token is given' do
|
|
64
64
|
context 'when other required params are missing' do
|
|
65
|
-
let(:env) { Rack::MockRequest.env_for('/protected_resource', 'HTTP_AUTHORIZATION' => 'MAC
|
|
65
|
+
let(:env) { Rack::MockRequest.env_for('/protected_resource', 'HTTP_AUTHORIZATION' => 'MAC id="valid_token"') }
|
|
66
66
|
it_behaves_like :unauthorized_mac_request
|
|
67
67
|
end
|
|
68
68
|
|
|
69
69
|
context 'when other required params are invalid' do
|
|
70
|
-
let(:env) { Rack::MockRequest.env_for('/protected_resource', 'HTTP_AUTHORIZATION' => 'MAC
|
|
70
|
+
let(:env) { Rack::MockRequest.env_for('/protected_resource', 'HTTP_AUTHORIZATION' => 'MAC id="valid_token", nonce="51e74de734c05613f37520872e68db5f", mac="invalid""') }
|
|
71
71
|
it_behaves_like :unauthorized_mac_request
|
|
72
72
|
end
|
|
73
73
|
|
|
74
74
|
context 'when all required params are valid' do
|
|
75
|
-
let(:env) { Rack::MockRequest.env_for('/protected_resource', 'HTTP_AUTHORIZATION' => 'MAC
|
|
75
|
+
let(:env) { Rack::MockRequest.env_for('/protected_resource', 'HTTP_AUTHORIZATION' => 'MAC id="valid_token", nonce="51e74de734c05613f37520872e68db5f", mac="H1laxA3HXmg4jjyhDmWUEGpdZwc6tcA4U9OMAUXtoFs="') }
|
|
76
76
|
it_behaves_like :authenticated_mac_request
|
|
77
77
|
end
|
|
78
78
|
end
|
|
79
79
|
|
|
80
80
|
context 'when invalid_token is given' do
|
|
81
|
-
let(:env) { Rack::MockRequest.env_for('/protected_resource', 'HTTP_AUTHORIZATION' => 'MAC
|
|
81
|
+
let(:env) { Rack::MockRequest.env_for('/protected_resource', 'HTTP_AUTHORIZATION' => 'MAC id="invalid_token"') }
|
|
82
82
|
it_behaves_like :unauthorized_mac_request
|
|
83
83
|
|
|
84
84
|
describe 'realm' do
|
|
85
|
-
let(:env) { Rack::MockRequest.env_for('/protected_resource', 'HTTP_AUTHORIZATION' => 'MAC
|
|
85
|
+
let(:env) { Rack::MockRequest.env_for('/protected_resource', 'HTTP_AUTHORIZATION' => 'MAC id="invalid_token"') }
|
|
86
86
|
|
|
87
87
|
context 'when specified' do
|
|
88
88
|
let(:realm) { 'server.example.com' }
|
data/spec/spec_helper.rb
CHANGED
metadata
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
name: rack-oauth2
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
4
|
prerelease:
|
|
5
|
-
version: 0.
|
|
5
|
+
version: 0.7.0
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
8
8
|
- nov matake
|
|
@@ -10,7 +10,7 @@ autorequire:
|
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
12
|
|
|
13
|
-
date: 2011-05-
|
|
13
|
+
date: 2011-05-18 00:00:00 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
name: rack
|
|
@@ -109,6 +109,9 @@ dependencies:
|
|
|
109
109
|
- - ">="
|
|
110
110
|
- !ruby/object:Gem::Version
|
|
111
111
|
version: "2"
|
|
112
|
+
- - <=
|
|
113
|
+
- !ruby/object:Gem::Version
|
|
114
|
+
version: "2.5"
|
|
112
115
|
type: :development
|
|
113
116
|
version_requirements: *id009
|
|
114
117
|
- !ruby/object:Gem::Dependency
|
|
@@ -136,6 +139,7 @@ files:
|
|
|
136
139
|
- .gitignore
|
|
137
140
|
- .rspec
|
|
138
141
|
- Gemfile
|
|
142
|
+
- Gemfile.lock
|
|
139
143
|
- LICENSE
|
|
140
144
|
- README.rdoc
|
|
141
145
|
- Rakefile
|
|
@@ -190,6 +194,8 @@ files:
|
|
|
190
194
|
- spec/helpers/time.rb
|
|
191
195
|
- spec/rack/oauth2/access_token/bearer_spec.rb
|
|
192
196
|
- spec/rack/oauth2/access_token/legacy_spec.rb
|
|
197
|
+
- spec/rack/oauth2/access_token/mac/body_hash_spec.rb
|
|
198
|
+
- spec/rack/oauth2/access_token/mac/signature_spec.rb
|
|
193
199
|
- spec/rack/oauth2/access_token/mac/verifier_spec.rb
|
|
194
200
|
- spec/rack/oauth2/access_token/mac_spec.rb
|
|
195
201
|
- spec/rack/oauth2/access_token_spec.rb
|
|
@@ -253,6 +259,8 @@ test_files:
|
|
|
253
259
|
- spec/helpers/time.rb
|
|
254
260
|
- spec/rack/oauth2/access_token/bearer_spec.rb
|
|
255
261
|
- spec/rack/oauth2/access_token/legacy_spec.rb
|
|
262
|
+
- spec/rack/oauth2/access_token/mac/body_hash_spec.rb
|
|
263
|
+
- spec/rack/oauth2/access_token/mac/signature_spec.rb
|
|
256
264
|
- spec/rack/oauth2/access_token/mac/verifier_spec.rb
|
|
257
265
|
- spec/rack/oauth2/access_token/mac_spec.rb
|
|
258
266
|
- spec/rack/oauth2/access_token_spec.rb
|