rack-simple_auth 0.0.3 → 0.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
- ---
2
- SHA1:
3
- metadata.gz: 194bf948101879b2392d96345675f062df8b3a8f
4
- data.tar.gz: ea5e4a540ddec55db378f1837769162608d87fab
5
- SHA512:
6
- metadata.gz: 1a5786d41a4467a2a09ccd1fbd058e348d7b2681c793dc006c9b50290294f43d52b40b5dfbe9af371ac974949cf4fa51e1674eb04e60cb1a76f740fbe29152a2
7
- data.tar.gz: 1fdaab0051de2c771c4b75f8f44803646664e6b2c56fd4c831ab54b0a484b835b1e2f3148166fa67bfd6f2e2f217e4422523d8499fcffa2209ad37cc30865148
1
+ ---
2
+ SHA1:
3
+ metadata.gz: 1ddc2a8a4e31a86469b6294b78c31ce0a9b938cc
4
+ data.tar.gz: 081aed6f5c4d847f20297bd15a32a70a143f8f52
5
+ SHA512:
6
+ metadata.gz: df03c3b8b38e2648e130dbb14e3c82bfc848077151a8600615e2fd071a6d302533baa864f9455f3c72b4bc0d59e3f5aa0db6650700877cdc080a38d3a2a44853
7
+ data.tar.gz: df55389faa3883774789585ed0041ebfd5b87b8092504363640e910b7da72def4dc0ded4218ac03e1d01c73f6f532c039b9a2d79a9b9e3d34db2e1609dd4204e
data/MANIFEST ADDED
@@ -0,0 +1,23 @@
1
+ .gitignore
2
+ .rubocop.yml
3
+ .travis.yml
4
+ .yardopts
5
+ Gemfile
6
+ LICENSE.txt
7
+ MANIFEST
8
+ README.md
9
+ Rakefile
10
+ lib/rack/simple_auth.rb
11
+ lib/rack/simple_auth/hmac.rb
12
+ lib/rack/simple_auth/version.rb
13
+ rack-simple_auth.gemspec
14
+ task/default.rake
15
+ task/floodtest.rake
16
+ task/manifest.rake
17
+ task/test.rake
18
+ task/travis.rake
19
+ test/config.ru
20
+ test/config_fail.ru
21
+ test/rack/simple_auth/hmac_fail_test.rb
22
+ test/rack/simple_auth/hmac_test.rb
23
+ test/test_helper.rb
data/README.md CHANGED
@@ -29,6 +29,12 @@ Or install it yourself as:
29
29
 
30
30
  ### HMAC Authorization
31
31
 
32
+ HMAC should be used for communication between website backend and api server/controller/whatever..
33
+ For usage between Server <-> Client a sniffer could easily extract the signature/public key and
34
+ the encrypted message which is for now the same for the same request (see TODO implement timestamp).
35
+
36
+ With these 2 informations a "secure" backend could be easily seen public...
37
+
32
38
  Uses Authorization HTTP Header, example:
33
39
  ```Authorization: MessageHash:Signature```
34
40
 
@@ -47,13 +53,14 @@ config = {
47
53
  }
48
54
 
49
55
  map '/' do
50
- use Rack::SimpleAuth::HMAC, 'signature', 'private_key', config
56
+ use Rack::SimpleAuth::HMAC, 'signature', 'private_key', config, '/path/to/log/file'
51
57
  run MyApplication
52
58
  end
53
59
  ```
54
60
 
55
61
  Note: Private Key and Signature should be served by a file which is not checked into git version control.
56
62
 
63
+
57
64
  #### Config Hash
58
65
 
59
66
  Via the config hash you are able to define the 'data' for each request method.<br />
@@ -71,8 +78,26 @@ The Message what will be HMAC encrypted is:
71
78
  message = { 'method' => 'GET', 'data' => '/get/user?name=rack' }.to_json
72
79
  ```
73
80
 
81
+ #### Logging
82
+
83
+ With the 4th parameter for Rack::SimpleAuth::HMAC you can define a destination where the internal #log method should write to.
84
+
85
+ The Logging will only be triggered when a path is defined (leave 4th param for disable logging) and a request is not authorized!
86
+
87
+ It contains following information:
88
+
89
+ - HTTP_AUTHORIZATION Header
90
+ - Config for the specific Request Method (GET => path etc ...)
91
+ - The Encrypted Message which was expected
92
+ - The Signature which was expected
74
93
 
94
+ ## TODO
75
95
 
96
+ Add Timestamp to encryption..
97
+
98
+ For now a sniffer could track a successfull request to the server and extract the HTTP_AUTHORIZATION HEADER for this request.
99
+
100
+ He got the encrypted message for the specific request && signature -> No security anymore...
76
101
 
77
102
  ## Contributing
78
103
 
@@ -82,8 +107,3 @@ message = { 'method' => 'GET', 'data' => '/get/user?name=rack' }.to_json
82
107
  4. Push to the branch (`git push origin my-new-feature`)
83
108
  5. Create new Pull Request
84
109
 
85
-
86
-
87
-
88
-
89
-
data/Rakefile CHANGED
@@ -2,6 +2,6 @@ require "bundler/gem_tasks"
2
2
  require 'rake/testtask'
3
3
  # require 'cucumber/rake/task'
4
4
 
5
- Dir.glob('tasks/*.rake').each { |r| import r }
5
+ Dir.glob('task/*.rake').each { |r| import r }
6
6
 
7
7
 
@@ -7,11 +7,12 @@ module Rack
7
7
  # @param [Rack Application] app [next middleware or rack app which gets called]
8
8
  # @param [String] signature [Public Signature]
9
9
  # @param [String] secret [Secret used for Message Encryption]
10
- def initialize(app, signature, secret, config)
10
+ def initialize(app, signature, secret, config, logpath = nil)
11
11
  @app = app
12
12
  @signature = signature
13
13
  @secret = secret
14
14
  @config = config
15
+ @logpath = logpath
15
16
  end
16
17
 
17
18
  # call Method for Rack Middleware/Application
@@ -30,20 +31,23 @@ module Rack
30
31
  # @param [Rack::Request] request [current Request]
31
32
  # @return [boolean] ValidationStatus [If authorized returns true, else false]
32
33
  def valid?(request)
33
- return false if request.env['HTTP_AUTHORIZATION'].nil?
34
+ if request.env['HTTP_AUTHORIZATION'].nil?
35
+ log(request)
36
+
37
+ return false
38
+ end
34
39
 
35
40
  auth_array = request.env['HTTP_AUTHORIZATION'].split(':')
36
41
  message_hash = auth_array[0]
37
42
  signature = auth_array[1]
38
43
 
39
- hash = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new('sha256'), @secret, message(request))
40
- # puts request.request_method
41
- # puts "Hash to Check: #{hash}"
42
- # puts "Message Hash: #{message_hash}"
44
+ @hash = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new('sha256'), @secret, message(request))
43
45
 
44
- if signature == @signature && hash == message_hash
46
+ if signature == @signature && @hash == message_hash
45
47
  true
46
48
  else
49
+ log(request)
50
+
47
51
  false
48
52
  end
49
53
  end
@@ -77,6 +81,26 @@ module Rack
77
81
  fail "Not a valid option #{config[request.request_method]} - Use either params or path"
78
82
  end
79
83
  end
84
+
85
+ # Log to @logpath if request is unathorized
86
+ # @param [Rack::Request] request [current Request]
87
+ def log(request)
88
+ if @logpath
89
+ path = request.path
90
+ method = request.request_method
91
+
92
+ log = "#{Time.new} - #{method} #{path} - 400 Unauthorized - HTTP_AUTHORIZATION: #{request.env['HTTP_AUTHORIZATION']}\n"
93
+ log << "Auth Message Config: #{@config[request.request_method]}\n"
94
+ log << "Auth Encrypted Message: #{@hash}\n"
95
+ log << "Auth Signature: #{@signature}\n"
96
+
97
+ open("#{@logpath}/#{ENV['RACK_ENV']}_error.log", 'a') do |f|
98
+ f << "#{log}\n"
99
+ end
100
+ end
101
+ end
102
+
103
+ private :log, :request_data, :message, :valid?
80
104
  end
81
105
  end
82
106
  end
@@ -2,6 +2,6 @@ module Rack
2
2
  # Module which Contains different Authorization / Authentication Classes (HMAC, ..)
3
3
  module SimpleAuth
4
4
  # Current Gem Version
5
- VERSION = '0.0.3'
5
+ VERSION = '0.0.4'
6
6
  end
7
7
  end
@@ -9,13 +9,11 @@ Gem::Specification.new do |spec|
9
9
  spec.authors = ["Benny1992"]
10
10
  spec.email = ["klotz.benjamin@yahoo.de"]
11
11
  spec.summary = %q{SimpleAuth HMAC authentication}
12
- spec.description = %q{SimpleAuth HMAC authentication}
12
+ spec.description = spec.summary
13
13
  spec.homepage = "http://www.bennyklotz.at"
14
14
  spec.license = "MIT"
15
15
 
16
- spec.files = `git ls-files -z`.split("\x0")
17
- spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
18
- spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
16
+ spec.files = File.read(File.expand_path('../MANIFEST', __FILE__)).split("\n")
19
17
  spec.require_paths = ["lib"]
20
18
 
21
19
  spec.add_runtime_dependency "rack"
@@ -2,4 +2,5 @@ task :default do
2
2
  Rake::Task['test:unit'].invoke
3
3
  # Rake::Task['test:spec'].invoke
4
4
  # Rake::Task['test:feature'].invoke
5
+ Rake::Task['test:cleanup'].invoke
5
6
  end
File without changes
@@ -0,0 +1,8 @@
1
+ desc 'Generates the MANIFEST file'
2
+ task :manifest do
3
+ files = `git ls-files`.split("\n").sort
4
+ handle = File.open(File.expand_path('../../MANIFEST', __FILE__), 'w')
5
+
6
+ handle.write(files.join("\n"))
7
+ handle.close
8
+ end
@@ -14,6 +14,10 @@ namespace :test do
14
14
  # Cucumber::Rake::Task.new(:feature) do |t|
15
15
  # t.cucumber_opts = "features --format pretty"
16
16
  # end
17
+
18
+ task :cleanup do
19
+ system("rm -rf #{File.expand_path('../../', __FILE__)}/test/logs")
20
+ end
17
21
  end
18
22
 
19
23
 
File without changes
data/test/config.ru CHANGED
@@ -6,8 +6,8 @@ config = {
6
6
  'POST' => 'params',
7
7
  'DELETE' => 'path',
8
8
  'PUT' => 'path',
9
- 'PATCH' => 'path'
9
+ 'PATCH' => 'path',
10
10
  }
11
11
 
12
- use Rack::SimpleAuth::HMAC, 'test_signature', 'test_secret', config
13
- run Rack::Lobster.new
12
+ use Rack::SimpleAuth::HMAC, 'test_signature', 'test_secret', config, "#{File.expand_path('..', __FILE__)}/logs"
13
+ run Rack::Lobster.new
data/test/test_helper.rb CHANGED
@@ -1,3 +1,5 @@
1
+ ENV['RACK_ENV']='test'
2
+
1
3
  require 'simplecov'
2
4
  require 'coveralls'
3
5
 
@@ -39,3 +41,7 @@ end
39
41
 
40
42
  Rack::SimpleAuth.testapp = Rack::Builder.parse_file("#{Rack::SimpleAuth.root}/test/config.ru").first
41
43
  Rack::SimpleAuth.failapp = Rack::Builder.parse_file("#{Rack::SimpleAuth.root}/test/config_fail.ru").first
44
+
45
+ @logpath = "#{File.expand_path("..", __FILE__)}/logs"
46
+ system("mkdir #{@logpath}")
47
+
metadata CHANGED
@@ -1,118 +1,137 @@
1
- --- !ruby/object:Gem::Specification
1
+ --- !ruby/object:Gem::Specification
2
2
  name: rack-simple_auth
3
- version: !ruby/object:Gem::Version
4
- version: 0.0.3
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.0.4
5
5
  platform: ruby
6
- authors:
6
+ authors:
7
7
  - Benny1992
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
-
12
- date: 2014-03-11 00:00:00 Z
13
- dependencies:
14
- - !ruby/object:Gem::Dependency
11
+ date: 2014-03-14 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
15
14
  name: rack
16
- requirement: &id001 !ruby/object:Gem::Requirement
17
- requirements:
18
- - &id003
19
- - ">="
20
- - !ruby/object:Gem::Version
21
- version: "0"
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - ">="
18
+ - !ruby/object:Gem::Version
19
+ version: '0'
22
20
  type: :runtime
23
21
  prerelease: false
24
- version_requirements: *id001
25
- - !ruby/object:Gem::Dependency
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - ">="
25
+ - !ruby/object:Gem::Version
26
+ version: '0'
27
+ - !ruby/object:Gem::Dependency
26
28
  name: bundler
27
- requirement: &id002 !ruby/object:Gem::Requirement
28
- requirements:
29
- - - ~>
30
- - !ruby/object:Gem::Version
31
- version: "1.5"
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - "~>"
32
+ - !ruby/object:Gem::Version
33
+ version: '1.5'
32
34
  type: :development
33
35
  prerelease: false
34
- version_requirements: *id002
35
- - !ruby/object:Gem::Dependency
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - "~>"
39
+ - !ruby/object:Gem::Version
40
+ version: '1.5'
41
+ - !ruby/object:Gem::Dependency
36
42
  name: rake
37
- requirement: &id004 !ruby/object:Gem::Requirement
38
- requirements:
39
- - *id003
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - ">="
46
+ - !ruby/object:Gem::Version
47
+ version: '0'
40
48
  type: :development
41
49
  prerelease: false
42
- version_requirements: *id004
43
- - !ruby/object:Gem::Dependency
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - ">="
53
+ - !ruby/object:Gem::Version
54
+ version: '0'
55
+ - !ruby/object:Gem::Dependency
44
56
  name: coveralls
45
- requirement: &id005 !ruby/object:Gem::Requirement
46
- requirements:
47
- - *id003
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - ">="
60
+ - !ruby/object:Gem::Version
61
+ version: '0'
48
62
  type: :development
49
63
  prerelease: false
50
- version_requirements: *id005
51
- - !ruby/object:Gem::Dependency
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - ">="
67
+ - !ruby/object:Gem::Version
68
+ version: '0'
69
+ - !ruby/object:Gem::Dependency
52
70
  name: rack-test
53
- requirement: &id006 !ruby/object:Gem::Requirement
54
- requirements:
55
- - *id003
71
+ requirement: !ruby/object:Gem::Requirement
72
+ requirements:
73
+ - - ">="
74
+ - !ruby/object:Gem::Version
75
+ version: '0'
56
76
  type: :development
57
77
  prerelease: false
58
- version_requirements: *id006
78
+ version_requirements: !ruby/object:Gem::Requirement
79
+ requirements:
80
+ - - ">="
81
+ - !ruby/object:Gem::Version
82
+ version: '0'
59
83
  description: SimpleAuth HMAC authentication
60
- email:
84
+ email:
61
85
  - klotz.benjamin@yahoo.de
62
86
  executables: []
63
-
64
87
  extensions: []
65
-
66
88
  extra_rdoc_files: []
67
-
68
- files:
69
- - .gitignore
70
- - .rubocop.yml
71
- - .travis.yml
72
- - .yardopts
89
+ files:
90
+ - ".gitignore"
91
+ - ".rubocop.yml"
92
+ - ".travis.yml"
93
+ - ".yardopts"
73
94
  - Gemfile
74
95
  - LICENSE.txt
96
+ - MANIFEST
75
97
  - README.md
76
98
  - Rakefile
77
99
  - lib/rack/simple_auth.rb
78
100
  - lib/rack/simple_auth/hmac.rb
79
101
  - lib/rack/simple_auth/version.rb
80
102
  - rack-simple_auth.gemspec
81
- - tasks/default.rake
82
- - tasks/floodtest.rake
83
- - tasks/test.rake
84
- - tasks/travis.rake
103
+ - task/default.rake
104
+ - task/floodtest.rake
105
+ - task/manifest.rake
106
+ - task/test.rake
107
+ - task/travis.rake
85
108
  - test/config.ru
86
109
  - test/config_fail.ru
87
110
  - test/rack/simple_auth/hmac_fail_test.rb
88
111
  - test/rack/simple_auth/hmac_test.rb
89
112
  - test/test_helper.rb
90
113
  homepage: http://www.bennyklotz.at
91
- licenses:
114
+ licenses:
92
115
  - MIT
93
116
  metadata: {}
94
-
95
117
  post_install_message:
96
118
  rdoc_options: []
97
-
98
- require_paths:
119
+ require_paths:
99
120
  - lib
100
- required_ruby_version: !ruby/object:Gem::Requirement
101
- requirements:
102
- - *id003
103
- required_rubygems_version: !ruby/object:Gem::Requirement
104
- requirements:
105
- - *id003
121
+ required_ruby_version: !ruby/object:Gem::Requirement
122
+ requirements:
123
+ - - ">="
124
+ - !ruby/object:Gem::Version
125
+ version: '0'
126
+ required_rubygems_version: !ruby/object:Gem::Requirement
127
+ requirements:
128
+ - - ">="
129
+ - !ruby/object:Gem::Version
130
+ version: '0'
106
131
  requirements: []
107
-
108
132
  rubyforge_project:
109
133
  rubygems_version: 2.2.2
110
134
  signing_key:
111
135
  specification_version: 4
112
136
  summary: SimpleAuth HMAC authentication
113
- test_files:
114
- - test/config.ru
115
- - test/config_fail.ru
116
- - test/rack/simple_auth/hmac_fail_test.rb
117
- - test/rack/simple_auth/hmac_test.rb
118
- - test/test_helper.rb
137
+ test_files: []