rack-simple_auth 0.0.3 → 0.0.4

checksums.yaml

@@ -1,7 +1,7 @@
---- 
-SHA1: 
-  metadata.gz: 194bf948101879b2392d96345675f062df8b3a8f
-  data.tar.gz: ea5e4a540ddec55db378f1837769162608d87fab
-SHA512: 
-  metadata.gz: 1a5786d41a4467a2a09ccd1fbd058e348d7b2681c793dc006c9b50290294f43d52b40b5dfbe9af371ac974949cf4fa51e1674eb04e60cb1a76f740fbe29152a2
-  data.tar.gz: 1fdaab0051de2c771c4b75f8f44803646664e6b2c56fd4c831ab54b0a484b835b1e2f3148166fa67bfd6f2e2f217e4422523d8499fcffa2209ad37cc30865148
+---
+SHA1:
+  metadata.gz: 1ddc2a8a4e31a86469b6294b78c31ce0a9b938cc
+  data.tar.gz: 081aed6f5c4d847f20297bd15a32a70a143f8f52
+SHA512:
+  metadata.gz: df03c3b8b38e2648e130dbb14e3c82bfc848077151a8600615e2fd071a6d302533baa864f9455f3c72b4bc0d59e3f5aa0db6650700877cdc080a38d3a2a44853
+  data.tar.gz: df55389faa3883774789585ed0041ebfd5b87b8092504363640e910b7da72def4dc0ded4218ac03e1d01c73f6f532c039b9a2d79a9b9e3d34db2e1609dd4204e

data/MANIFEST

@@ -0,0 +1,23 @@
+.gitignore
+.rubocop.yml
+.travis.yml
+.yardopts
+Gemfile
+LICENSE.txt
+MANIFEST
+README.md
+Rakefile
+lib/rack/simple_auth.rb
+lib/rack/simple_auth/hmac.rb
+lib/rack/simple_auth/version.rb
+rack-simple_auth.gemspec
+task/default.rake
+task/floodtest.rake
+task/manifest.rake
+task/test.rake
+task/travis.rake
+test/config.ru
+test/config_fail.ru
+test/rack/simple_auth/hmac_fail_test.rb
+test/rack/simple_auth/hmac_test.rb
+test/test_helper.rb

data/README.md

@@ -29,6 +29,12 @@ Or install it yourself as:
 
 ### HMAC Authorization
 
+HMAC should be used for communication between website backend and api server/controller/whatever..
+For usage between Server <-> Client a sniffer could easily extract the signature/public key and 
+the encrypted message which is for now the same for the same request (see TODO implement timestamp).
+
+With these 2 informations a "secure" backend could be easily seen public...
+
 Uses Authorization HTTP Header, example:
 ```Authorization: MessageHash:Signature```
 
@@ -47,13 +53,14 @@ config = {
 }
 
 map '/' do
-  use Rack::SimpleAuth::HMAC, 'signature', 'private_key', config
+  use Rack::SimpleAuth::HMAC, 'signature', 'private_key', config, '/path/to/log/file'
   run MyApplication
 end
 ```
 
 Note: Private Key and Signature should be served by a file which is not checked into git version control.
 
+
 #### Config Hash
 
 Via the config hash you are able to define the 'data' for each request method.<br />
@@ -71,8 +78,26 @@ The Message what will be HMAC encrypted is:
 message = { 'method' => 'GET', 'data' => '/get/user?name=rack' }.to_json
 ```
 
+#### Logging
+
+With the 4th parameter for Rack::SimpleAuth::HMAC you can define a destination where the internal #log method should write to.
+
+The Logging will only be triggered when a path is defined (leave 4th param for disable logging) and a request is not authorized!
+
+It contains following information:
+
+- HTTP_AUTHORIZATION Header
+- Config for the specific Request Method (GET => path etc ...)
+- The Encrypted Message which was expected
+- The Signature which was expected
 
+## TODO 
 
+Add Timestamp to encryption..
+
+For now a sniffer could track a successfull request to the server and extract the HTTP_AUTHORIZATION HEADER for this request.
+
+He got the encrypted message for the specific request && signature -> No security anymore...
 
 ## Contributing
 
@@ -82,8 +107,3 @@ message = { 'method' => 'GET', 'data' => '/get/user?name=rack' }.to_json
 4. Push to the branch (`git push origin my-new-feature`)
 5. Create new Pull Request
 
-
-
-
-
-

data/Rakefile

@@ -2,6 +2,6 @@ require "bundler/gem_tasks"
 require 'rake/testtask'
 # require 'cucumber/rake/task'
 
-Dir.glob('tasks/*.rake').each { |r| import r }
+Dir.glob('task/*.rake').each { |r| import r }
 
 

data/lib/rack/simple_auth/hmac.rb

@@ -7,11 +7,12 @@ module Rack
       # @param [Rack Application] app [next middleware or rack app which gets called]
       # @param [String] signature [Public Signature]
       # @param [String] secret [Secret used for Message Encryption]
-      def initialize(app, signature, secret, config)
+      def initialize(app, signature, secret, config, logpath = nil)
         @app = app
         @signature = signature
         @secret = secret
         @config = config
+        @logpath = logpath
       end
 
       # call Method for Rack Middleware/Application
@@ -30,20 +31,23 @@ module Rack
       # @param [Rack::Request] request [current Request]
       # @return [boolean] ValidationStatus [If authorized returns true, else false]
       def valid?(request)
-        return false if request.env['HTTP_AUTHORIZATION'].nil?
+        if request.env['HTTP_AUTHORIZATION'].nil?
+          log(request)
+
+          return false
+        end
 
         auth_array = request.env['HTTP_AUTHORIZATION'].split(':')
         message_hash = auth_array[0]
         signature = auth_array[1]
 
-        hash = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new('sha256'), @secret, message(request))
-        # puts request.request_method
-        # puts "Hash to Check: #{hash}"
-        # puts "Message Hash: #{message_hash}"
+        @hash = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new('sha256'), @secret, message(request))
 
-        if signature == @signature && hash == message_hash
+        if signature == @signature && @hash == message_hash
           true
         else
+          log(request)
+
           false
         end
       end
@@ -77,6 +81,26 @@ module Rack
           fail "Not a valid option #{config[request.request_method]} - Use either params or path"
         end
       end
+
+      # Log to @logpath if request is unathorized
+      # @param [Rack::Request] request [current Request]
+      def log(request)
+        if @logpath
+          path = request.path
+          method = request.request_method
+
+          log = "#{Time.new} - #{method} #{path} - 400 Unauthorized - HTTP_AUTHORIZATION: #{request.env['HTTP_AUTHORIZATION']}\n"
+          log << "Auth Message Config: #{@config[request.request_method]}\n"
+          log << "Auth Encrypted Message: #{@hash}\n"
+          log << "Auth Signature: #{@signature}\n"
+
+          open("#{@logpath}/#{ENV['RACK_ENV']}_error.log", 'a') do |f|
+            f << "#{log}\n"
+          end
+        end
+      end
+
+      private :log, :request_data, :message, :valid?
     end
   end
 end

data/lib/rack/simple_auth/version.rb

@@ -2,6 +2,6 @@ module Rack
   # Module which Contains different Authorization / Authentication Classes (HMAC, ..)
   module SimpleAuth
     # Current Gem Version
-    VERSION = '0.0.3'
+    VERSION = '0.0.4'
   end
 end

data/rack-simple_auth.gemspec

@@ -9,13 +9,11 @@ Gem::Specification.new do |spec|
   spec.authors       = ["Benny1992"]
   spec.email         = ["klotz.benjamin@yahoo.de"]
   spec.summary       = %q{SimpleAuth HMAC authentication}
-  spec.description   = %q{SimpleAuth HMAC authentication}
+  spec.description   = spec.summary
   spec.homepage      = "http://www.bennyklotz.at"
   spec.license       = "MIT"
 
-  spec.files         = `git ls-files -z`.split("\x0")
-  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
-  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.files = File.read(File.expand_path('../MANIFEST', __FILE__)).split("\n")
   spec.require_paths = ["lib"]
 
   spec.add_runtime_dependency "rack"

data/{tasks → task}/default.rake

@@ -2,4 +2,5 @@ task :default do
   Rake::Task['test:unit'].invoke
   # Rake::Task['test:spec'].invoke
   # Rake::Task['test:feature'].invoke
+  Rake::Task['test:cleanup'].invoke
 end

data/task/manifest.rake

@@ -0,0 +1,8 @@
+desc 'Generates the MANIFEST file'
+task :manifest do
+  files  = `git ls-files`.split("\n").sort
+  handle = File.open(File.expand_path('../../MANIFEST', __FILE__), 'w')
+
+  handle.write(files.join("\n"))
+  handle.close
+end

data/{tasks → task}/test.rake

@@ -14,6 +14,10 @@ namespace :test do
   # Cucumber::Rake::Task.new(:feature) do |t|
     # t.cucumber_opts = "features --format pretty"
   # end
+  
+  task :cleanup do
+    system("rm -rf #{File.expand_path('../../', __FILE__)}/test/logs")
+  end
 end
 
 

data/test/config.ru

@@ -6,8 +6,8 @@ config = {
   'POST' => 'params',
   'DELETE' => 'path',
   'PUT' => 'path',
-  'PATCH' => 'path'
+  'PATCH' => 'path',
 }
 
-use Rack::SimpleAuth::HMAC, 'test_signature', 'test_secret', config
-run Rack::Lobster.new
+use Rack::SimpleAuth::HMAC, 'test_signature', 'test_secret', config, "#{File.expand_path('..', __FILE__)}/logs"
+run Rack::Lobster.new

data/test/test_helper.rb

@@ -1,3 +1,5 @@
+ENV['RACK_ENV']='test'
+
 require 'simplecov'
 require 'coveralls'
 
@@ -39,3 +41,7 @@ end
 
 Rack::SimpleAuth.testapp = Rack::Builder.parse_file("#{Rack::SimpleAuth.root}/test/config.ru").first
 Rack::SimpleAuth.failapp = Rack::Builder.parse_file("#{Rack::SimpleAuth.root}/test/config_fail.ru").first
+
+@logpath = "#{File.expand_path("..", __FILE__)}/logs"
+system("mkdir #{@logpath}")
+

metadata

@@ -1,118 +1,137 @@
---- !ruby/object:Gem::Specification 
+--- !ruby/object:Gem::Specification
 name: rack-simple_auth
-version: !ruby/object:Gem::Version 
-  version: 0.0.3
+version: !ruby/object:Gem::Version
+  version: 0.0.4
 platform: ruby
-authors: 
+authors:
 - Benny1992
 autorequire: 
 bindir: bin
 cert_chain: []
-
-date: 2014-03-11 00:00:00 Z
-dependencies: 
-- !ruby/object:Gem::Dependency 
+date: 2014-03-14 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
   name: rack
-  requirement: &id001 !ruby/object:Gem::Requirement 
-    requirements: 
-    - &id003 
-      - ">="
-      - !ruby/object:Gem::Version 
-        version: "0"
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
   type: :runtime
   prerelease: false
-  version_requirements: *id001
-- !ruby/object:Gem::Dependency 
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
   name: bundler
-  requirement: &id002 !ruby/object:Gem::Requirement 
-    requirements: 
-    - - ~>
-      - !ruby/object:Gem::Version 
-        version: "1.5"
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.5'
   type: :development
   prerelease: false
-  version_requirements: *id002
-- !ruby/object:Gem::Dependency 
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.5'
+- !ruby/object:Gem::Dependency
   name: rake
-  requirement: &id004 !ruby/object:Gem::Requirement 
-    requirements: 
-    - *id003
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
   type: :development
   prerelease: false
-  version_requirements: *id004
-- !ruby/object:Gem::Dependency 
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
   name: coveralls
-  requirement: &id005 !ruby/object:Gem::Requirement 
-    requirements: 
-    - *id003
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
   type: :development
   prerelease: false
-  version_requirements: *id005
-- !ruby/object:Gem::Dependency 
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
   name: rack-test
-  requirement: &id006 !ruby/object:Gem::Requirement 
-    requirements: 
-    - *id003
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
   type: :development
   prerelease: false
-  version_requirements: *id006
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: SimpleAuth HMAC authentication
-email: 
+email:
 - klotz.benjamin@yahoo.de
 executables: []
-
 extensions: []
-
 extra_rdoc_files: []
-
-files: 
-- .gitignore
-- .rubocop.yml
-- .travis.yml
-- .yardopts
+files:
+- ".gitignore"
+- ".rubocop.yml"
+- ".travis.yml"
+- ".yardopts"
 - Gemfile
 - LICENSE.txt
+- MANIFEST
 - README.md
 - Rakefile
 - lib/rack/simple_auth.rb
 - lib/rack/simple_auth/hmac.rb
 - lib/rack/simple_auth/version.rb
 - rack-simple_auth.gemspec
-- tasks/default.rake
-- tasks/floodtest.rake
-- tasks/test.rake
-- tasks/travis.rake
+- task/default.rake
+- task/floodtest.rake
+- task/manifest.rake
+- task/test.rake
+- task/travis.rake
 - test/config.ru
 - test/config_fail.ru
 - test/rack/simple_auth/hmac_fail_test.rb
 - test/rack/simple_auth/hmac_test.rb
 - test/test_helper.rb
 homepage: http://www.bennyklotz.at
-licenses: 
+licenses:
 - MIT
 metadata: {}
-
 post_install_message: 
 rdoc_options: []
-
-require_paths: 
+require_paths:
 - lib
-required_ruby_version: !ruby/object:Gem::Requirement 
-  requirements: 
-  - *id003
-required_rubygems_version: !ruby/object:Gem::Requirement 
-  requirements: 
-  - *id003
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
 requirements: []
-
 rubyforge_project: 
 rubygems_version: 2.2.2
 signing_key: 
 specification_version: 4
 summary: SimpleAuth HMAC authentication
-test_files: 
-- test/config.ru
-- test/config_fail.ru
-- test/rack/simple_auth/hmac_fail_test.rb
-- test/rack/simple_auth/hmac_test.rb
-- test/test_helper.rb
+test_files: []