rack-signature 0.0.6 → 0.0.7

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. data/lib/rack/signature/test_helpers.rb +40 -0
  2. data/lib/rack/signature/verify.rb +2 -2
  3. data/lib/rack/signature/version.rb +1 -1
  4. data/test/test_helper.rb +2 -0
  5. data/test/verify_test.rb +35 -33
  6. metadata +2 -1
data/lib/rack/signature/test_helpers.rb ADDED
@@ -0,0 +1,40 @@
1
+ require_relative 'build_message'
2
+ require_relative 'hmac_signature'
3
+
4
+ module Rack
5
+ module Signature
6
+ module TestHelpers
7
+ include Rack::Test::Methods
8
+
9
+ def generate_shared_token; ::SecureRandom.hex(8); end
10
+
11
+ def stringify_request_message(env)
12
+ ::Rack::Signature::BuildMessage.new(env).build!
13
+ end
14
+
15
+ def hmac_message(key, message)
16
+ ::Rack::Signature::HmacSignature.new(key, message).sign
17
+ end
18
+
19
+ def expected_signature(shared_key, env)
20
+ msg = stringify_request_message(env)
21
+ hmac_message(shared_key, msg)
22
+ end
23
+
24
+ def setup_request(uri, opts, key)
25
+ env = ::Rack::MockRequest.env_for(uri, opts)
26
+ sig = sign(env, key)
27
+ req = Rack::Request.new(env)
28
+ query_params = req.params
29
+
30
+ [uri, sig, opts, query_params, env]
31
+ end
32
+
33
+ def sign(env, key)
34
+ message = stringify_request_message(env)
35
+ hmac_message(key, message)
36
+ end
37
+
38
+ end
39
+ end
40
+ end
data/lib/rack/signature/verify.rb CHANGED
@@ -40,7 +40,7 @@ module Rack
40
40
  # compares the received Signature against what the Signature should be
41
41
  # (computed signature)
42
42
  def signature_is_valid?(env)
43
- received_signature = env["HTTP_X_AUTH_SIG"]
43
+ received_signature = env["X-Auth-Sig"]
44
44
  expected_signature = compute_signature(env)
45
45
 
46
46
  expected_signature == received_signature
@@ -55,7 +55,7 @@ module Rack
55
55
  # FIXME: This is here for now for a quick implementation within another
56
56
  # app. This will eventually need to be a rack app itself
57
57
  def shared_key(env)
58
- token = env["HTTP_#{options[:header_token]}"]
58
+ token = env[options[:header_token]]
59
59
  return '' if token.nil? || token == ''
60
60
  options[:klass].send(options[:method].to_s, token)
61
61
  end
data/lib/rack/signature/version.rb CHANGED
@@ -2,7 +2,7 @@ module Rack
2
2
  module Signature
3
3
  MAJOR = 0
4
4
  MINOR = 0
5
- PATCH = 6
5
+ PATCH = 7
6
6
 
7
7
  def self.version
8
8
  [MAJOR, MINOR, PATCH].join('.')
data/test/test_helper.rb CHANGED
@@ -2,3 +2,5 @@ require 'minitest/autorun'
2
2
  require 'rack/test'
3
3
  require 'rack/mock'
4
4
  require 'digest/sha2'
5
+ require 'securerandom'
6
+ require_relative '../lib/rack/signature/test_helpers'
data/test/verify_test.rb CHANGED
@@ -2,20 +2,40 @@ require_relative '../lib/rack/signature'
2
2
  require 'test_helper'
3
3
 
4
4
  describe "Verifying a signed request" do
5
- include Rack::Test::Methods
5
+ include Rack::Signature::TestHelpers
6
6
 
7
+ TOKEN = ::SecureRandom.hex(8)
7
8
  def setup
8
- @options = get_app_options
9
- @shared_key = key
10
- @signature = expected_signature
9
+ @klass_options = {klass: DemoClass, method: :get_shared_token, header_token: 'LOCKER-API-KEY'}
10
+ @uri, @sig, @headers, @params, @env = setup_request("http://example.com/api/login",
11
+ {"Content-Type" => "application/json",
12
+ "REQUEST_METHOD" => "POST",
13
+ "LOCKER-API-KEY" => '123',
14
+ input: "password=123456&email=me@home.com&name=me&age=1"
15
+ }, TOKEN)
11
16
  end
12
17
 
13
18
  let(:app) { lambda { |env| [200, {}, ['Hello World']] } }
14
- let(:rack_signature) { Rack::Signature.new(app, @options) }
19
+ let(:rack_signature) { Rack::Signature.new(app, @klass_options) }
15
20
  let(:mock_request) { Rack::MockRequest.new(rack_signature) }
16
21
 
22
+ class DemoClass
23
+ def self.get_shared_token(token = '')
24
+ TOKEN if token
25
+ end
26
+ end
27
+
28
+ let(:uri) { @uri }
29
+ let(:signature) { @sig }
30
+ let(:headers) { @headers }
31
+ let(:query_params) { @params }
32
+ let(:env) { @env }
33
+
17
34
  describe "when a request is made without a signature" do
18
- let(:response) { mock_request.get '/api/login?password=123456&email=me@home.com' }
35
+ before {
36
+ @response = mock_request.get '/api/login?password=123456&email=me@home.com'
37
+ }
38
+ let(:response) { @response }
19
39
 
20
40
  it 'returns a 403 status' do
21
41
  assert_equal 403, response.status
@@ -33,11 +53,11 @@ describe "Verifying a signed request" do
33
53
 
34
54
  describe "when a requests is sent with a valid signature" do
35
55
  let(:response) do
36
- mock_request.post("http://example.com/api/login",
56
+ mock_request.post(uri,
37
57
  "Content-Type" => "application/json",
38
58
  "REQUEST_METHOD" => "POST",
39
- "HTTP_X_AUTH_SIG" => @signature,
40
- "HTTP_API_TOKEN" => '123',
59
+ "LOCKER-API-KEY" => '123',
60
+ "X-Auth-Sig" => signature,
41
61
  input: "password=123456&email=me@home.com&name=me&age=1")
42
62
  end
43
63
 
@@ -50,14 +70,15 @@ describe "Verifying a signed request" do
50
70
  end
51
71
  end
52
72
 
73
+
53
74
  describe "when a requests is sent with a tampered signature" do
54
75
  let(:response) do
55
- mock_request.post("http://example.com/api/login",
56
- "Content-Type" => "application/json",
76
+ mock_request.post(uri,
77
+ {"Content-Type" => "application/json",
57
78
  "REQUEST_METHOD" => "POST",
58
- "HTTP_X_AUTH_SIG" => @signature,
59
- "HTTP_API_TOKEN" => '123',
60
- input: "password=1234567&email=me@home.com&name=me&age=1")
79
+ "LOCKER-API-KEY" => '123',
80
+ "X-Auth-Sig" => signature,
81
+ input: "password=1234567&email=me@home.com&name=me&age=1"})
61
82
  end
62
83
 
63
84
  it 'returns a 403 status' do
@@ -74,23 +95,4 @@ describe "Verifying a signed request" do
74
95
  end
75
96
  end
76
97
 
77
- # Helper Methods
78
- def key
79
- ::Digest::SHA2.hexdigest("shared-key")
80
- end
81
-
82
- def expected_signature
83
- "Z0qY8Hy4a/gJkGZI0gklzM6vZztsAVVDjA18vb1BvHg="
84
- end
85
-
86
- class DemoClass
87
- def self.get_shared_token(token = '')
88
- ::Digest::SHA2.hexdigest("shared-key") if token == '123'
89
- end
90
- end
91
-
92
- def get_app_options
93
- { klass: DemoClass, method: :get_shared_token, header_token: 'API_TOKEN' }
94
- end
95
-
96
98
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rack-signature
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.6
4
+ version: 0.0.7
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -91,6 +91,7 @@ files:
91
91
  - lib/rack/signature.rb
92
92
  - lib/rack/signature/build_message.rb
93
93
  - lib/rack/signature/hmac_signature.rb
94
+ - lib/rack/signature/test_helpers.rb
94
95
  - lib/rack/signature/verify.rb
95
96
  - lib/rack/signature/version.rb
96
97
  - rack-signature.gemspec