rack-oauth2 0.6.9 → 0.7.0
Sign up to get free protection for your applications and to get access to all the features.
- data/.gitignore +0 -1
- data/Gemfile.lock +46 -0
- data/VERSION +1 -1
- data/lib/rack/oauth2/access_token/legacy.rb +1 -1
- data/lib/rack/oauth2/access_token/mac.rb +42 -38
- data/lib/rack/oauth2/access_token/mac/signature.rb +8 -21
- data/lib/rack/oauth2/server/resource/mac.rb +5 -5
- data/rack-oauth2.gemspec +1 -1
- data/spec/fake_response/tokens/mac.json +2 -2
- data/spec/rack/oauth2/access_token/legacy_spec.rb +5 -0
- data/spec/rack/oauth2/access_token/mac/body_hash_spec.rb +13 -0
- data/spec/rack/oauth2/access_token/mac/signature_spec.rb +43 -0
- data/spec/rack/oauth2/access_token/mac_spec.rb +17 -17
- data/spec/rack/oauth2/server/resource/mac_spec.rb +7 -7
- data/spec/spec_helper.rb +0 -3
- metadata +10 -2
data/.gitignore
CHANGED
data/Gemfile.lock
ADDED
|
@@ -0,0 +1,46 @@
|
|
|
1
|
+
PATH
|
|
2
|
+
remote: .
|
|
3
|
+
specs:
|
|
4
|
+
rack-oauth2 (0.6.9)
|
|
5
|
+
activesupport (>= 2.3)
|
|
6
|
+
attr_required (>= 0.0.3)
|
|
7
|
+
i18n
|
|
8
|
+
json (>= 1.4.3)
|
|
9
|
+
rack (>= 1.1)
|
|
10
|
+
restclient_with_cert
|
|
11
|
+
|
|
12
|
+
GEM
|
|
13
|
+
remote: http://rubygems.org/
|
|
14
|
+
specs:
|
|
15
|
+
activesupport (3.0.7)
|
|
16
|
+
attr_required (0.0.3)
|
|
17
|
+
diff-lcs (1.1.2)
|
|
18
|
+
fakeweb (1.3.0)
|
|
19
|
+
i18n (0.5.0)
|
|
20
|
+
json (1.5.1)
|
|
21
|
+
mime-types (1.16)
|
|
22
|
+
rack (1.2.2)
|
|
23
|
+
rake (0.8.7)
|
|
24
|
+
rcov (0.9.9)
|
|
25
|
+
rest-client (1.6.1)
|
|
26
|
+
mime-types (>= 1.16)
|
|
27
|
+
restclient_with_cert (0.0.7)
|
|
28
|
+
rest-client (>= 1.6)
|
|
29
|
+
rspec (2.5.0)
|
|
30
|
+
rspec-core (~> 2.5.0)
|
|
31
|
+
rspec-expectations (~> 2.5.0)
|
|
32
|
+
rspec-mocks (~> 2.5.0)
|
|
33
|
+
rspec-core (2.5.2)
|
|
34
|
+
rspec-expectations (2.5.0)
|
|
35
|
+
diff-lcs (~> 1.1.2)
|
|
36
|
+
rspec-mocks (2.5.0)
|
|
37
|
+
|
|
38
|
+
PLATFORMS
|
|
39
|
+
ruby
|
|
40
|
+
|
|
41
|
+
DEPENDENCIES
|
|
42
|
+
fakeweb (>= 1.3)
|
|
43
|
+
rack-oauth2!
|
|
44
|
+
rake (>= 0.8)
|
|
45
|
+
rcov (>= 0.9)
|
|
46
|
+
rspec (<= 2.5, >= 2)
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
0.
|
|
1
|
+
0.7.0
|
|
@@ -2,13 +2,19 @@ module Rack
|
|
|
2
2
|
module OAuth2
|
|
3
3
|
class AccessToken
|
|
4
4
|
class MAC < AccessToken
|
|
5
|
-
attr_required :
|
|
6
|
-
attr_optional :
|
|
5
|
+
attr_required :mac_key, :mac_algorithm
|
|
6
|
+
attr_optional :issued_at, :ext
|
|
7
|
+
attr_reader :nonce, :body_hash, :signature
|
|
8
|
+
|
|
9
|
+
def initialize(attributes = {})
|
|
10
|
+
super(attributes)
|
|
11
|
+
@issued_at ||= Time.now.utc
|
|
12
|
+
end
|
|
7
13
|
|
|
8
14
|
def token_response
|
|
9
15
|
super.merge(
|
|
10
|
-
:
|
|
11
|
-
:
|
|
16
|
+
:mac_key => mac_key,
|
|
17
|
+
:mac_algorithm => mac_algorithm
|
|
12
18
|
)
|
|
13
19
|
end
|
|
14
20
|
|
|
@@ -16,22 +22,20 @@ module Rack
|
|
|
16
22
|
if request.body_hash.present?
|
|
17
23
|
_body_hash_ = BodyHash.new(
|
|
18
24
|
:raw_body => request.body.read,
|
|
19
|
-
:algorithm => self.
|
|
25
|
+
:algorithm => self.mac_algorithm
|
|
20
26
|
)
|
|
21
27
|
_body_hash_.verify!(request.body_hash)
|
|
22
28
|
end
|
|
23
29
|
_signature_ = Signature.new(
|
|
24
|
-
:
|
|
25
|
-
:
|
|
26
|
-
:
|
|
27
|
-
:
|
|
28
|
-
:
|
|
29
|
-
:
|
|
30
|
-
:
|
|
31
|
-
:
|
|
32
|
-
:
|
|
33
|
-
:path => request.path,
|
|
34
|
-
:query => request.GET
|
|
30
|
+
:secret => self.mac_key,
|
|
31
|
+
:algorithm => self.mac_algorithm,
|
|
32
|
+
:nonce => request.nonce,
|
|
33
|
+
:method => request.request_method,
|
|
34
|
+
:request_uri => request.fullpath,
|
|
35
|
+
:host => request.host,
|
|
36
|
+
:port => request.port,
|
|
37
|
+
:body_hash => request.body_hash,
|
|
38
|
+
:ext => request.ext
|
|
35
39
|
)
|
|
36
40
|
_signature_.verify!(request.signature)
|
|
37
41
|
rescue Verifier::VerificationFailed => e
|
|
@@ -62,44 +66,44 @@ module Rack
|
|
|
62
66
|
|
|
63
67
|
def authenticate(method, url, headers = {}, payload = {})
|
|
64
68
|
_url_ = URI.parse(url)
|
|
65
|
-
|
|
66
|
-
self.nonce = generate_nonce
|
|
69
|
+
@nonce = generate_nonce
|
|
67
70
|
if payload.present?
|
|
68
71
|
raw_body = RestClient::Payload.generate(payload).to_s
|
|
69
72
|
_body_hash_ = BodyHash.new(
|
|
70
73
|
:raw_body => raw_body,
|
|
71
|
-
:algorithm => self.
|
|
74
|
+
:algorithm => self.mac_algorithm
|
|
72
75
|
)
|
|
73
|
-
|
|
76
|
+
@body_hash = _body_hash_.calculate
|
|
74
77
|
end
|
|
75
78
|
_signature_ = Signature.new(
|
|
76
|
-
:
|
|
77
|
-
:
|
|
78
|
-
:
|
|
79
|
-
:
|
|
80
|
-
:
|
|
81
|
-
:
|
|
82
|
-
:
|
|
83
|
-
:
|
|
84
|
-
:
|
|
85
|
-
:path => _url_.path,
|
|
86
|
-
:query => Rack::Utils.parse_nested_query(_url_.query)
|
|
79
|
+
:secret => self.mac_key,
|
|
80
|
+
:algorithm => self.mac_algorithm,
|
|
81
|
+
:nonce => self.nonce,
|
|
82
|
+
:method => method,
|
|
83
|
+
:request_uri => _url_.request_uri,
|
|
84
|
+
:host => _url_.host,
|
|
85
|
+
:port => _url_.port,
|
|
86
|
+
:body_hash => self.body_hash,
|
|
87
|
+
:ext => self.ext
|
|
87
88
|
)
|
|
88
|
-
|
|
89
|
+
@signature = _signature_.calculate
|
|
89
90
|
headers.merge(:AUTHORIZATION => authorization_header)
|
|
90
91
|
end
|
|
91
92
|
|
|
92
93
|
def authorization_header
|
|
93
94
|
header = "MAC"
|
|
94
|
-
header << "
|
|
95
|
-
header << " timestamp=\"#{timestamp}\","
|
|
95
|
+
header << " id=\"#{access_token}\","
|
|
96
96
|
header << " nonce=\"#{nonce}\","
|
|
97
|
-
header << " bodyhash=\"#{body_hash}\"," if
|
|
98
|
-
header << "
|
|
97
|
+
header << " bodyhash=\"#{body_hash}\"," if body_hash.present?
|
|
98
|
+
header << " ext=\"#{ext}\"," if ext.present?
|
|
99
|
+
header << " mac=\"#{signature}\""
|
|
99
100
|
end
|
|
100
101
|
|
|
101
102
|
def generate_nonce
|
|
102
|
-
|
|
103
|
+
[
|
|
104
|
+
(Time.now.utc - @issued_at).to_i,
|
|
105
|
+
ActiveSupport::SecureRandom.base64(16)
|
|
106
|
+
].join(':')
|
|
103
107
|
end
|
|
104
108
|
end
|
|
105
109
|
end
|
|
@@ -108,4 +112,4 @@ end
|
|
|
108
112
|
|
|
109
113
|
require 'rack/oauth2/access_token/mac/verifier'
|
|
110
114
|
require 'rack/oauth2/access_token/mac/body_hash'
|
|
111
|
-
require 'rack/oauth2/access_token/mac/signature'
|
|
115
|
+
require 'rack/oauth2/access_token/mac/signature'
|
|
@@ -3,8 +3,8 @@ module Rack
|
|
|
3
3
|
class AccessToken
|
|
4
4
|
class MAC
|
|
5
5
|
class Signature < Verifier
|
|
6
|
-
attr_required :
|
|
7
|
-
attr_optional :body_hash, :query
|
|
6
|
+
attr_required :secret, :nonce, :method, :request_uri, :host, :port
|
|
7
|
+
attr_optional :body_hash, :ext, :query
|
|
8
8
|
|
|
9
9
|
def calculate
|
|
10
10
|
Rack::OAuth2::Util.base64_encode OpenSSL::HMAC.digest(
|
|
@@ -15,31 +15,18 @@ module Rack
|
|
|
15
15
|
end
|
|
16
16
|
|
|
17
17
|
def normalized_request_string
|
|
18
|
-
|
|
19
|
-
token,
|
|
20
|
-
timestamp,
|
|
18
|
+
[
|
|
21
19
|
nonce,
|
|
22
|
-
body_hash || '',
|
|
23
20
|
method.to_s.upcase,
|
|
21
|
+
request_uri,
|
|
24
22
|
host,
|
|
25
23
|
port,
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
24
|
+
body_hash || '',
|
|
25
|
+
ext || '',
|
|
26
|
+
nil
|
|
27
|
+
].join("\n")
|
|
30
28
|
end
|
|
31
29
|
|
|
32
|
-
def normalized_query
|
|
33
|
-
if query.present?
|
|
34
|
-
query.inject([]) do |result, (key, value)|
|
|
35
|
-
result << [key, value]
|
|
36
|
-
end.sort.inject('') do |result, (key, value)|
|
|
37
|
-
result << "#{Rack::OAuth2::Util.rfc3986_encode key}=#{Rack::OAuth2::Util.rfc3986_encode value}\n"
|
|
38
|
-
end
|
|
39
|
-
else
|
|
40
|
-
''
|
|
41
|
-
end
|
|
42
|
-
end
|
|
43
30
|
end
|
|
44
31
|
end
|
|
45
32
|
end
|
|
@@ -11,15 +11,15 @@ module Rack
|
|
|
11
11
|
private
|
|
12
12
|
|
|
13
13
|
class Request < Resource::Request
|
|
14
|
-
attr_reader :
|
|
14
|
+
attr_reader :nonce, :body_hash, :ext, :signature
|
|
15
15
|
|
|
16
16
|
def setup!
|
|
17
17
|
auth_params = Rack::Auth::Digest::Params.parse(@auth_header.params).with_indifferent_access
|
|
18
|
-
@access_token = auth_params[:
|
|
19
|
-
@timestamp = auth_params[:timestamp]
|
|
18
|
+
@access_token = auth_params[:id]
|
|
20
19
|
@nonce = auth_params[:nonce]
|
|
21
20
|
@body_hash = auth_params[:bodyhash]
|
|
22
|
-
@
|
|
21
|
+
@ext = auth_params[:ext]
|
|
22
|
+
@signature = auth_params[:mac]
|
|
23
23
|
self
|
|
24
24
|
end
|
|
25
25
|
|
|
@@ -33,4 +33,4 @@ module Rack
|
|
|
33
33
|
end
|
|
34
34
|
end
|
|
35
35
|
|
|
36
|
-
require 'rack/oauth2/server/resource/mac/error'
|
|
36
|
+
require 'rack/oauth2/server/resource/mac/error'
|
data/rack-oauth2.gemspec
CHANGED
|
@@ -21,6 +21,6 @@ Gem::Specification.new do |s|
|
|
|
21
21
|
s.add_runtime_dependency "attr_required", ">= 0.0.3"
|
|
22
22
|
s.add_development_dependency "rake", ">= 0.8"
|
|
23
23
|
s.add_development_dependency "rcov", ">= 0.9"
|
|
24
|
-
s.add_development_dependency "rspec", ">= 2"
|
|
24
|
+
s.add_development_dependency "rspec", ">= 2", "<= 2.5"
|
|
25
25
|
s.add_development_dependency "fakeweb", ">= 1.3"
|
|
26
26
|
end
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
require 'spec_helper'
|
|
2
|
+
|
|
3
|
+
describe Rack::OAuth2::AccessToken::MAC::BodyHash do
|
|
4
|
+
# From the example of MAC spec section 3.2
|
|
5
|
+
# ref) http://tools.ietf.org/pdf/draft-ietf-oauth-v2-http-mac-00.pdf
|
|
6
|
+
subject do
|
|
7
|
+
Rack::OAuth2::AccessToken::MAC::BodyHash.new(
|
|
8
|
+
:algorithm => 'hmac-sha-1',
|
|
9
|
+
:raw_body => 'hello=world%21'
|
|
10
|
+
)
|
|
11
|
+
end
|
|
12
|
+
its(:calculate) { should == 'k9kbtCIy0CkI3/FEfpS/oIDjk6k=' }
|
|
13
|
+
end
|
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
require 'spec_helper'
|
|
2
|
+
|
|
3
|
+
describe Rack::OAuth2::AccessToken::MAC::Signature do
|
|
4
|
+
|
|
5
|
+
# From the example of MAC spec section 1.2
|
|
6
|
+
# ref) http://tools.ietf.org/pdf/draft-ietf-oauth-v2-http-mac-00.pdf
|
|
7
|
+
context 'when body_hash is given' do
|
|
8
|
+
subject do
|
|
9
|
+
Rack::OAuth2::AccessToken::MAC::Signature.new(
|
|
10
|
+
:secret => '8yfrufh348h',
|
|
11
|
+
:algorithm => 'hmac-sha-1',
|
|
12
|
+
:nonce => '273156:di3hvdf8',
|
|
13
|
+
:method => 'POST',
|
|
14
|
+
:request_uri => '/request',
|
|
15
|
+
:host => 'example.com',
|
|
16
|
+
:port => 80,
|
|
17
|
+
:body_hash => 'k9kbtCIy0CkI3/FEfpS/oIDjk6k=',
|
|
18
|
+
:ext => nil
|
|
19
|
+
)
|
|
20
|
+
end
|
|
21
|
+
its(:calculate) { should == 'W7bdMZbv9UWOTadASIQHagZyirA=' }
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
# From the example of MAC spec section 3.2
|
|
25
|
+
# ref) http://tools.ietf.org/pdf/draft-ietf-oauth-v2-http-mac-00.pdf
|
|
26
|
+
context 'otherwize' do
|
|
27
|
+
subject do
|
|
28
|
+
Rack::OAuth2::AccessToken::MAC::Signature.new(
|
|
29
|
+
:secret => '489dks293j39',
|
|
30
|
+
:algorithm => 'hmac-sha-1',
|
|
31
|
+
:nonce => '264095:dj83hs9s',
|
|
32
|
+
:method => 'GET',
|
|
33
|
+
:request_uri => '/resource/1?b=1&a=2',
|
|
34
|
+
:host => 'example.com',
|
|
35
|
+
:port => 80,
|
|
36
|
+
:body_hash => nil,
|
|
37
|
+
:ext => nil
|
|
38
|
+
)
|
|
39
|
+
end
|
|
40
|
+
its(:calculate) { should == 'SLDJd4mg43cjQfElUs3Qub4L6xE=' }
|
|
41
|
+
end
|
|
42
|
+
|
|
43
|
+
end
|
|
@@ -4,24 +4,24 @@ describe Rack::OAuth2::AccessToken::MAC do
|
|
|
4
4
|
let :token do
|
|
5
5
|
Rack::OAuth2::AccessToken::MAC.new(
|
|
6
6
|
:access_token => 'access_token',
|
|
7
|
-
:
|
|
8
|
-
:
|
|
7
|
+
:mac_key => 'secret',
|
|
8
|
+
:mac_algorithm => 'hmac-sha-256'
|
|
9
9
|
)
|
|
10
10
|
end
|
|
11
11
|
let(:resource_endpoint) { 'https://server.example.com/resources/fake' }
|
|
12
12
|
subject { token }
|
|
13
13
|
|
|
14
|
-
its(:
|
|
15
|
-
its(:
|
|
14
|
+
its(:mac_key) { should == 'secret' }
|
|
15
|
+
its(:mac_algorithm) { should == 'hmac-sha-256' }
|
|
16
16
|
its(:token_response) do
|
|
17
17
|
should == {
|
|
18
|
-
:token_type => :mac,
|
|
19
18
|
:access_token => 'access_token',
|
|
20
|
-
:secret => 'secret',
|
|
21
|
-
:algorithm => 'hmac-sha-256',
|
|
22
|
-
:expires_in => nil,
|
|
23
19
|
:refresh_token => nil,
|
|
24
|
-
:
|
|
20
|
+
:token_type => :mac,
|
|
21
|
+
:expires_in => nil,
|
|
22
|
+
:scope => '',
|
|
23
|
+
:mac_key => 'secret',
|
|
24
|
+
:mac_algorithm => 'hmac-sha-256'
|
|
25
25
|
}
|
|
26
26
|
end
|
|
27
27
|
its(:generate_nonce) { should be_a String }
|
|
@@ -37,7 +37,7 @@ describe Rack::OAuth2::AccessToken::MAC do
|
|
|
37
37
|
Time.fix(Time.at(1302361200)) do
|
|
38
38
|
RestClient.should_receive(:get).with(
|
|
39
39
|
resource_endpoint,
|
|
40
|
-
:AUTHORIZATION =>
|
|
40
|
+
:AUTHORIZATION => 'MAC id="access_token", nonce="51e74de734c05613f37520872e68db5f", mac="gMJ8AmvTGmfPFCJCf5DUwNTmT7ksw6GqyoGW2lUIUZ0="'
|
|
41
41
|
)
|
|
42
42
|
token.get resource_endpoint
|
|
43
43
|
end
|
|
@@ -50,7 +50,7 @@ describe Rack::OAuth2::AccessToken::MAC do
|
|
|
50
50
|
RestClient.should_receive(:post).with(
|
|
51
51
|
resource_endpoint,
|
|
52
52
|
{:key => :value},
|
|
53
|
-
{:AUTHORIZATION =>
|
|
53
|
+
{:AUTHORIZATION => 'MAC id="access_token", nonce="51e74de734c05613f37520872e68db5f", bodyhash="Vj8DVxGNBe8UXWvd8pZswj6Gyo8vAT+RXlZa/fCfeiM=", mac="7OOseGqNi14lThhRnwhItACXACM4Qp5GleBEuizzUpw="'}
|
|
54
54
|
)
|
|
55
55
|
token.post resource_endpoint, :key => :value
|
|
56
56
|
end
|
|
@@ -63,7 +63,7 @@ describe Rack::OAuth2::AccessToken::MAC do
|
|
|
63
63
|
RestClient.should_receive(:put).with(
|
|
64
64
|
resource_endpoint,
|
|
65
65
|
{:key => :value},
|
|
66
|
-
{:AUTHORIZATION =>
|
|
66
|
+
{:AUTHORIZATION => 'MAC id="access_token", nonce="51e74de734c05613f37520872e68db5f", bodyhash="Vj8DVxGNBe8UXWvd8pZswj6Gyo8vAT+RXlZa/fCfeiM=", mac="lxTg/F29zkE7vBEbAK9VULRpM4IN5uShqHbj2k7e9lA="'}
|
|
67
67
|
)
|
|
68
68
|
token.put resource_endpoint, :key => :value
|
|
69
69
|
end
|
|
@@ -75,7 +75,7 @@ describe Rack::OAuth2::AccessToken::MAC do
|
|
|
75
75
|
Time.fix(Time.at(1302361200)) do
|
|
76
76
|
RestClient.should_receive(:delete).with(
|
|
77
77
|
resource_endpoint,
|
|
78
|
-
:AUTHORIZATION =>
|
|
78
|
+
:AUTHORIZATION => 'MAC id="access_token", nonce="51e74de734c05613f37520872e68db5f", mac="JtOibEO1rBQNBGy6hUPT29L2cHSmLP09K+kUL4oEe/g="'
|
|
79
79
|
)
|
|
80
80
|
token.delete resource_endpoint
|
|
81
81
|
end
|
|
@@ -90,12 +90,12 @@ describe Rack::OAuth2::AccessToken::MAC do
|
|
|
90
90
|
let(:env) do
|
|
91
91
|
Rack::MockRequest.env_for(
|
|
92
92
|
'/protected_resources',
|
|
93
|
-
'HTTP_AUTHORIZATION' =>
|
|
93
|
+
'HTTP_AUTHORIZATION' => %{MAC id="access_token", nonce="51e74de734c05613f37520872e68db5f", mac="#{signature}"}
|
|
94
94
|
)
|
|
95
95
|
end
|
|
96
96
|
|
|
97
97
|
context 'when signature is valid' do
|
|
98
|
-
let(:signature) { '
|
|
98
|
+
let(:signature) { 'jWo6L7w86ZKNlkRYjzQxp/HJpSxZJXq60hfd+yw4si0=' }
|
|
99
99
|
it do
|
|
100
100
|
Time.fix(Time.at(1302361200)) do
|
|
101
101
|
token.verify!(request.setup!).should == :verified
|
|
@@ -122,7 +122,7 @@ describe Rack::OAuth2::AccessToken::MAC do
|
|
|
122
122
|
:params => {
|
|
123
123
|
:key1 => 'value1'
|
|
124
124
|
},
|
|
125
|
-
'HTTP_AUTHORIZATION' =>
|
|
125
|
+
'HTTP_AUTHORIZATION' => %{MAC id="access_token", nonce="51e74de734c05613f37520872e68db5f", bodyhash="#{body_hash}", mac="#{signature}"}
|
|
126
126
|
)
|
|
127
127
|
end
|
|
128
128
|
let(:signature) { 'invalid' }
|
|
@@ -141,7 +141,7 @@ describe Rack::OAuth2::AccessToken::MAC do
|
|
|
141
141
|
let(:body_hash) { 'TPzUbFn1S16mpfmwXCi1L+8oZHRxlLX9/D1ZwAV781o=' }
|
|
142
142
|
|
|
143
143
|
context 'when signature is valid' do
|
|
144
|
-
let(:signature) { '
|
|
144
|
+
let(:signature) { 'xNoae5ETuB9BVFH/vFV8y8S0fXdY41bSq0bekoLClwM=' }
|
|
145
145
|
it do
|
|
146
146
|
Time.fix(Time.at(1302361200)) do
|
|
147
147
|
token.verify!(request.setup!).should == :verified
|
|
@@ -7,8 +7,8 @@ describe Rack::OAuth2::Server::Resource::MAC do
|
|
|
7
7
|
when 'valid_token'
|
|
8
8
|
Rack::OAuth2::AccessToken::MAC.new(
|
|
9
9
|
:access_token => 'valid_token',
|
|
10
|
-
:
|
|
11
|
-
:
|
|
10
|
+
:mac_key => 'secret',
|
|
11
|
+
:mac_algorithm => 'hmac-sha-256'
|
|
12
12
|
).verify!(request)
|
|
13
13
|
when 'insufficient_scope_token'
|
|
14
14
|
request.insufficient_scope!
|
|
@@ -62,27 +62,27 @@ describe Rack::OAuth2::Server::Resource::MAC do
|
|
|
62
62
|
|
|
63
63
|
context 'when valid_token is given' do
|
|
64
64
|
context 'when other required params are missing' do
|
|
65
|
-
let(:env) { Rack::MockRequest.env_for('/protected_resource', 'HTTP_AUTHORIZATION' => 'MAC
|
|
65
|
+
let(:env) { Rack::MockRequest.env_for('/protected_resource', 'HTTP_AUTHORIZATION' => 'MAC id="valid_token"') }
|
|
66
66
|
it_behaves_like :unauthorized_mac_request
|
|
67
67
|
end
|
|
68
68
|
|
|
69
69
|
context 'when other required params are invalid' do
|
|
70
|
-
let(:env) { Rack::MockRequest.env_for('/protected_resource', 'HTTP_AUTHORIZATION' => 'MAC
|
|
70
|
+
let(:env) { Rack::MockRequest.env_for('/protected_resource', 'HTTP_AUTHORIZATION' => 'MAC id="valid_token", nonce="51e74de734c05613f37520872e68db5f", mac="invalid""') }
|
|
71
71
|
it_behaves_like :unauthorized_mac_request
|
|
72
72
|
end
|
|
73
73
|
|
|
74
74
|
context 'when all required params are valid' do
|
|
75
|
-
let(:env) { Rack::MockRequest.env_for('/protected_resource', 'HTTP_AUTHORIZATION' => 'MAC
|
|
75
|
+
let(:env) { Rack::MockRequest.env_for('/protected_resource', 'HTTP_AUTHORIZATION' => 'MAC id="valid_token", nonce="51e74de734c05613f37520872e68db5f", mac="H1laxA3HXmg4jjyhDmWUEGpdZwc6tcA4U9OMAUXtoFs="') }
|
|
76
76
|
it_behaves_like :authenticated_mac_request
|
|
77
77
|
end
|
|
78
78
|
end
|
|
79
79
|
|
|
80
80
|
context 'when invalid_token is given' do
|
|
81
|
-
let(:env) { Rack::MockRequest.env_for('/protected_resource', 'HTTP_AUTHORIZATION' => 'MAC
|
|
81
|
+
let(:env) { Rack::MockRequest.env_for('/protected_resource', 'HTTP_AUTHORIZATION' => 'MAC id="invalid_token"') }
|
|
82
82
|
it_behaves_like :unauthorized_mac_request
|
|
83
83
|
|
|
84
84
|
describe 'realm' do
|
|
85
|
-
let(:env) { Rack::MockRequest.env_for('/protected_resource', 'HTTP_AUTHORIZATION' => 'MAC
|
|
85
|
+
let(:env) { Rack::MockRequest.env_for('/protected_resource', 'HTTP_AUTHORIZATION' => 'MAC id="invalid_token"') }
|
|
86
86
|
|
|
87
87
|
context 'when specified' do
|
|
88
88
|
let(:realm) { 'server.example.com' }
|
data/spec/spec_helper.rb
CHANGED
metadata
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
name: rack-oauth2
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
4
|
prerelease:
|
|
5
|
-
version: 0.
|
|
5
|
+
version: 0.7.0
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
8
8
|
- nov matake
|
|
@@ -10,7 +10,7 @@ autorequire:
|
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
12
|
|
|
13
|
-
date: 2011-05-
|
|
13
|
+
date: 2011-05-18 00:00:00 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
name: rack
|
|
@@ -109,6 +109,9 @@ dependencies:
|
|
|
109
109
|
- - ">="
|
|
110
110
|
- !ruby/object:Gem::Version
|
|
111
111
|
version: "2"
|
|
112
|
+
- - <=
|
|
113
|
+
- !ruby/object:Gem::Version
|
|
114
|
+
version: "2.5"
|
|
112
115
|
type: :development
|
|
113
116
|
version_requirements: *id009
|
|
114
117
|
- !ruby/object:Gem::Dependency
|
|
@@ -136,6 +139,7 @@ files:
|
|
|
136
139
|
- .gitignore
|
|
137
140
|
- .rspec
|
|
138
141
|
- Gemfile
|
|
142
|
+
- Gemfile.lock
|
|
139
143
|
- LICENSE
|
|
140
144
|
- README.rdoc
|
|
141
145
|
- Rakefile
|
|
@@ -190,6 +194,8 @@ files:
|
|
|
190
194
|
- spec/helpers/time.rb
|
|
191
195
|
- spec/rack/oauth2/access_token/bearer_spec.rb
|
|
192
196
|
- spec/rack/oauth2/access_token/legacy_spec.rb
|
|
197
|
+
- spec/rack/oauth2/access_token/mac/body_hash_spec.rb
|
|
198
|
+
- spec/rack/oauth2/access_token/mac/signature_spec.rb
|
|
193
199
|
- spec/rack/oauth2/access_token/mac/verifier_spec.rb
|
|
194
200
|
- spec/rack/oauth2/access_token/mac_spec.rb
|
|
195
201
|
- spec/rack/oauth2/access_token_spec.rb
|
|
@@ -253,6 +259,8 @@ test_files:
|
|
|
253
259
|
- spec/helpers/time.rb
|
|
254
260
|
- spec/rack/oauth2/access_token/bearer_spec.rb
|
|
255
261
|
- spec/rack/oauth2/access_token/legacy_spec.rb
|
|
262
|
+
- spec/rack/oauth2/access_token/mac/body_hash_spec.rb
|
|
263
|
+
- spec/rack/oauth2/access_token/mac/signature_spec.rb
|
|
256
264
|
- spec/rack/oauth2/access_token/mac/verifier_spec.rb
|
|
257
265
|
- spec/rack/oauth2/access_token/mac_spec.rb
|
|
258
266
|
- spec/rack/oauth2/access_token_spec.rb
|