rack-signature 0.0.5 → 0.0.6
Sign up to get free protection for your applications and to get access to all the features.
- data/lib/rack/signature.rb +2 -2
- data/lib/rack/signature/verify.rb +13 -4
- data/lib/rack/signature/version.rb +1 -1
- data/test/verify_test.rb +14 -1
- metadata +2 -2
data/lib/rack/signature.rb
CHANGED
@@ -9,16 +9,17 @@ require_relative 'hmac_signature'
|
|
9
9
|
module Rack
|
10
10
|
module Signature
|
11
11
|
class Verify
|
12
|
+
attr_reader :options
|
12
13
|
|
13
14
|
# Initializes the Rack Middleware
|
14
15
|
#
|
15
16
|
# ==== Attributes
|
16
17
|
#
|
17
18
|
# * +app+ - A Rack app
|
18
|
-
# * +
|
19
|
+
# * +options+ - A hash of options
|
19
20
|
#
|
20
|
-
def initialize(app,
|
21
|
-
@app, @
|
21
|
+
def initialize(app, options)
|
22
|
+
@app, @options = app, options
|
22
23
|
end
|
23
24
|
|
24
25
|
def call(env)
|
@@ -48,7 +49,15 @@ module Rack
|
|
48
49
|
# builds the request message and tells HmacSignature to sign the message
|
49
50
|
def compute_signature(env)
|
50
51
|
message = BuildMessage.new(env).build!
|
51
|
-
HmacSignature.new(
|
52
|
+
HmacSignature.new(shared_key(env), message).sign
|
53
|
+
end
|
54
|
+
|
55
|
+
# FIXME: This is here for now for a quick implementation within another
|
56
|
+
# app. This will eventually need to be a rack app itself
|
57
|
+
def shared_key(env)
|
58
|
+
token = env["HTTP_#{options[:header_token]}"]
|
59
|
+
return '' if token.nil? || token == ''
|
60
|
+
options[:klass].send(options[:method].to_s, token)
|
52
61
|
end
|
53
62
|
|
54
63
|
end
|
data/test/verify_test.rb
CHANGED
@@ -5,12 +5,13 @@ describe "Verifying a signed request" do
|
|
5
5
|
include Rack::Test::Methods
|
6
6
|
|
7
7
|
def setup
|
8
|
+
@options = get_app_options
|
8
9
|
@shared_key = key
|
9
10
|
@signature = expected_signature
|
10
11
|
end
|
11
12
|
|
12
13
|
let(:app) { lambda { |env| [200, {}, ['Hello World']] } }
|
13
|
-
let(:rack_signature) { Rack::Signature.new(app, @
|
14
|
+
let(:rack_signature) { Rack::Signature.new(app, @options) }
|
14
15
|
let(:mock_request) { Rack::MockRequest.new(rack_signature) }
|
15
16
|
|
16
17
|
describe "when a request is made without a signature" do
|
@@ -36,6 +37,7 @@ describe "Verifying a signed request" do
|
|
36
37
|
"Content-Type" => "application/json",
|
37
38
|
"REQUEST_METHOD" => "POST",
|
38
39
|
"HTTP_X_AUTH_SIG" => @signature,
|
40
|
+
"HTTP_API_TOKEN" => '123',
|
39
41
|
input: "password=123456&email=me@home.com&name=me&age=1")
|
40
42
|
end
|
41
43
|
|
@@ -54,6 +56,7 @@ describe "Verifying a signed request" do
|
|
54
56
|
"Content-Type" => "application/json",
|
55
57
|
"REQUEST_METHOD" => "POST",
|
56
58
|
"HTTP_X_AUTH_SIG" => @signature,
|
59
|
+
"HTTP_API_TOKEN" => '123',
|
57
60
|
input: "password=1234567&email=me@home.com&name=me&age=1")
|
58
61
|
end
|
59
62
|
|
@@ -80,4 +83,14 @@ describe "Verifying a signed request" do
|
|
80
83
|
"Z0qY8Hy4a/gJkGZI0gklzM6vZztsAVVDjA18vb1BvHg="
|
81
84
|
end
|
82
85
|
|
86
|
+
class DemoClass
|
87
|
+
def self.get_shared_token(token = '')
|
88
|
+
::Digest::SHA2.hexdigest("shared-key") if token == '123'
|
89
|
+
end
|
90
|
+
end
|
91
|
+
|
92
|
+
def get_app_options
|
93
|
+
{ klass: DemoClass, method: :get_shared_token, header_token: 'API_TOKEN' }
|
94
|
+
end
|
95
|
+
|
83
96
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rack-signature
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.6
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2012-12-
|
12
|
+
date: 2012-12-13 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: rack
|