RubyGems - rack-signature - Versions diffs - 0.0.6 → 0.0.7 - Mend

rack-signature 0.0.6 → 0.0.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

data/lib/rack/signature/test_helpers.rb +40 -0
data/lib/rack/signature/verify.rb +2 -2
data/lib/rack/signature/version.rb +1 -1
data/test/test_helper.rb +2 -0
data/test/verify_test.rb +35 -33
metadata +2 -1

data/lib/rack/signature/test_helpers.rb ADDED Viewed

@@ -0,0 +1,40 @@
+require_relative 'build_message'
+require_relative 'hmac_signature'
+module Rack
+  module Signature
+    module TestHelpers
+      include Rack::Test::Methods
+      def generate_shared_token; ::SecureRandom.hex(8); end
+      def stringify_request_message(env)
+        ::Rack::Signature::BuildMessage.new(env).build!
+      end
+      def hmac_message(key, message)
+        ::Rack::Signature::HmacSignature.new(key, message).sign
+      end
+      def expected_signature(shared_key, env)
+        msg = stringify_request_message(env)
+        hmac_message(shared_key, msg)
+      end
+      def setup_request(uri, opts, key)
+        env  = ::Rack::MockRequest.env_for(uri, opts)
+        sig  = sign(env, key)
+        req  = Rack::Request.new(env)
+        query_params = req.params
+        [uri, sig, opts, query_params, env]
+      end
+      def sign(env, key)
+        message = stringify_request_message(env)
+        hmac_message(key, message)
+      end
+    end
+  end
+end

data/lib/rack/signature/verify.rb CHANGED Viewed

@@ -40,7 +40,7 @@ module Rack
       # compares the received Signature against what the Signature should be
       # (computed signature)
       def signature_is_valid?(env)
-        received_signature = env["HTTP_X_AUTH_SIG"]
+        received_signature = env["X-Auth-Sig"]
         expected_signature = compute_signature(env)
         expected_signature == received_signature
@@ -55,7 +55,7 @@ module Rack
       # FIXME: This is here for now for a quick implementation within another
       # app. This will eventually need to be a rack app itself
       def shared_key(env)
-        token = env["HTTP_#{options[:header_token]}"]
+        token = env[options[:header_token]]
         return '' if token.nil? || token == ''
         options[:klass].send(options[:method].to_s, token)
       end

data/lib/rack/signature/version.rb CHANGED Viewed

@@ -2,7 +2,7 @@ module Rack
   module Signature
     MAJOR = 0
     MINOR = 0
-    PATCH = 6
+    PATCH = 7
     def self.version
       [MAJOR, MINOR, PATCH].join('.')

data/test/test_helper.rb CHANGED Viewed

@@ -2,3 +2,5 @@ require 'minitest/autorun'
 require 'rack/test'
 require 'rack/mock'
 require 'digest/sha2'
+require 'securerandom'
+require_relative '../lib/rack/signature/test_helpers'

data/test/verify_test.rb CHANGED Viewed

@@ -2,20 +2,40 @@ require_relative '../lib/rack/signature'
 require 'test_helper'
 describe "Verifying a signed request" do
-  include Rack::Test::Methods
+  include Rack::Signature::TestHelpers
+  TOKEN = ::SecureRandom.hex(8)
   def setup
-    @options    = get_app_options
-    @shared_key = key
-    @signature  = expected_signature
+    @klass_options = {klass: DemoClass, method: :get_shared_token, header_token: 'LOCKER-API-KEY'}
+    @uri, @sig, @headers, @params, @env = setup_request("http://example.com/api/login",
+      {"Content-Type"   => "application/json",
+      "REQUEST_METHOD"  => "POST",
+      "LOCKER-API-KEY"  => '123',
+      input: "password=123456&email=me@home.com&name=me&age=1"
+      }, TOKEN)
   end
   let(:app)             { lambda { |env| [200, {}, ['Hello World']] } }
-  let(:rack_signature)  { Rack::Signature.new(app, @options) }
+  let(:rack_signature)  { Rack::Signature.new(app, @klass_options) }
   let(:mock_request)    { Rack::MockRequest.new(rack_signature) }
+  class DemoClass
+    def self.get_shared_token(token = '')
+      TOKEN if token
+    end
+  end
+  let(:uri) { @uri }
+  let(:signature) { @sig }
+  let(:headers) { @headers }
+  let(:query_params) { @params }
+  let(:env) { @env }
   describe "when a request is made without a signature" do
-    let(:response) { mock_request.get '/api/login?password=123456&email=me@home.com' }
+    before {
+      @response = mock_request.get '/api/login?password=123456&email=me@home.com'
+    }
+    let(:response) { @response }
     it 'returns a 403 status' do
       assert_equal 403, response.status
@@ -33,11 +53,11 @@ describe "Verifying a signed request" do
   describe "when a requests is sent with a valid signature" do
     let(:response) do
-      mock_request.post("http://example.com/api/login",
+      mock_request.post(uri,
         "Content-Type"    => "application/json",
         "REQUEST_METHOD"  => "POST",
-        "HTTP_X_AUTH_SIG" => @signature,
-        "HTTP_API_TOKEN"  => '123',
+        "LOCKER-API-KEY"  => '123',
+        "X-Auth-Sig"      => signature,
         input: "password=123456&email=me@home.com&name=me&age=1")
     end
@@ -50,14 +70,15 @@ describe "Verifying a signed request" do
     end
   end
   describe "when a requests is sent with a tampered signature" do
     let(:response) do
-      mock_request.post("http://example.com/api/login",
-        "Content-Type"    => "application/json",
+      mock_request.post(uri,
+        {"Content-Type"   => "application/json",
         "REQUEST_METHOD"  => "POST",
-        "HTTP_X_AUTH_SIG" => @signature,
-        "HTTP_API_TOKEN"  => '123',
-        input: "password=1234567&email=me@home.com&name=me&age=1")
+        "LOCKER-API-KEY"  => '123',
+        "X-Auth-Sig"      => signature,
+        input: "password=1234567&email=me@home.com&name=me&age=1"})
     end
     it 'returns a 403 status' do
@@ -74,23 +95,4 @@ describe "Verifying a signed request" do
     end
   end
-  # Helper Methods
-  def key
-    ::Digest::SHA2.hexdigest("shared-key")
-  end
-  def expected_signature
-    "Z0qY8Hy4a/gJkGZI0gklzM6vZztsAVVDjA18vb1BvHg="
-  end
-  class DemoClass
-    def self.get_shared_token(token = '')
-      ::Digest::SHA2.hexdigest("shared-key") if token == '123'
-    end
-  end
-  def get_app_options
-    { klass: DemoClass, method: :get_shared_token, header_token: 'API_TOKEN' }
-  end
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rack-signature
 version: !ruby/object:Gem::Version
-  version: 0.0.6
+  version: 0.0.7
   prerelease:
 platform: ruby
 authors:
@@ -91,6 +91,7 @@ files:
 - lib/rack/signature.rb
 - lib/rack/signature/build_message.rb
 - lib/rack/signature/hmac_signature.rb
+- lib/rack/signature/test_helpers.rb
 - lib/rack/signature/verify.rb
 - lib/rack/signature/version.rb
 - rack-signature.gemspec