rack-simple_auth 0.0.3 → 0.0.4

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
- ---
2
- SHA1:
3
- metadata.gz: 194bf948101879b2392d96345675f062df8b3a8f
4
- data.tar.gz: ea5e4a540ddec55db378f1837769162608d87fab
5
- SHA512:
6
- metadata.gz: 1a5786d41a4467a2a09ccd1fbd058e348d7b2681c793dc006c9b50290294f43d52b40b5dfbe9af371ac974949cf4fa51e1674eb04e60cb1a76f740fbe29152a2
7
- data.tar.gz: 1fdaab0051de2c771c4b75f8f44803646664e6b2c56fd4c831ab54b0a484b835b1e2f3148166fa67bfd6f2e2f217e4422523d8499fcffa2209ad37cc30865148
1
+ ---
2
+ SHA1:
3
+ metadata.gz: 1ddc2a8a4e31a86469b6294b78c31ce0a9b938cc
4
+ data.tar.gz: 081aed6f5c4d847f20297bd15a32a70a143f8f52
5
+ SHA512:
6
+ metadata.gz: df03c3b8b38e2648e130dbb14e3c82bfc848077151a8600615e2fd071a6d302533baa864f9455f3c72b4bc0d59e3f5aa0db6650700877cdc080a38d3a2a44853
7
+ data.tar.gz: df55389faa3883774789585ed0041ebfd5b87b8092504363640e910b7da72def4dc0ded4218ac03e1d01c73f6f532c039b9a2d79a9b9e3d34db2e1609dd4204e
data/MANIFEST ADDED
@@ -0,0 +1,23 @@
1
+ .gitignore
2
+ .rubocop.yml
3
+ .travis.yml
4
+ .yardopts
5
+ Gemfile
6
+ LICENSE.txt
7
+ MANIFEST
8
+ README.md
9
+ Rakefile
10
+ lib/rack/simple_auth.rb
11
+ lib/rack/simple_auth/hmac.rb
12
+ lib/rack/simple_auth/version.rb
13
+ rack-simple_auth.gemspec
14
+ task/default.rake
15
+ task/floodtest.rake
16
+ task/manifest.rake
17
+ task/test.rake
18
+ task/travis.rake
19
+ test/config.ru
20
+ test/config_fail.ru
21
+ test/rack/simple_auth/hmac_fail_test.rb
22
+ test/rack/simple_auth/hmac_test.rb
23
+ test/test_helper.rb
data/README.md CHANGED
@@ -29,6 +29,12 @@ Or install it yourself as:
29
29
 
30
30
  ### HMAC Authorization
31
31
 
32
+ HMAC should be used for communication between website backend and api server/controller/whatever..
33
+ For usage between Server <-> Client a sniffer could easily extract the signature/public key and
34
+ the encrypted message which is for now the same for the same request (see TODO implement timestamp).
35
+
36
+ With these 2 informations a "secure" backend could be easily seen public...
37
+
32
38
  Uses Authorization HTTP Header, example:
33
39
  ```Authorization: MessageHash:Signature```
34
40
 
@@ -47,13 +53,14 @@ config = {
47
53
  }
48
54
 
49
55
  map '/' do
50
- use Rack::SimpleAuth::HMAC, 'signature', 'private_key', config
56
+ use Rack::SimpleAuth::HMAC, 'signature', 'private_key', config, '/path/to/log/file'
51
57
  run MyApplication
52
58
  end
53
59
  ```
54
60
 
55
61
  Note: Private Key and Signature should be served by a file which is not checked into git version control.
56
62
 
63
+
57
64
  #### Config Hash
58
65
 
59
66
  Via the config hash you are able to define the 'data' for each request method.<br />
@@ -71,8 +78,26 @@ The Message what will be HMAC encrypted is:
71
78
  message = { 'method' => 'GET', 'data' => '/get/user?name=rack' }.to_json
72
79
  ```
73
80
 
81
+ #### Logging
82
+
83
+ With the 4th parameter for Rack::SimpleAuth::HMAC you can define a destination where the internal #log method should write to.
84
+
85
+ The Logging will only be triggered when a path is defined (leave 4th param for disable logging) and a request is not authorized!
86
+
87
+ It contains following information:
88
+
89
+ - HTTP_AUTHORIZATION Header
90
+ - Config for the specific Request Method (GET => path etc ...)
91
+ - The Encrypted Message which was expected
92
+ - The Signature which was expected
74
93
 
94
+ ## TODO
75
95
 
96
+ Add Timestamp to encryption..
97
+
98
+ For now a sniffer could track a successfull request to the server and extract the HTTP_AUTHORIZATION HEADER for this request.
99
+
100
+ He got the encrypted message for the specific request && signature -> No security anymore...
76
101
 
77
102
  ## Contributing
78
103
 
@@ -82,8 +107,3 @@ message = { 'method' => 'GET', 'data' => '/get/user?name=rack' }.to_json
82
107
  4. Push to the branch (`git push origin my-new-feature`)
83
108
  5. Create new Pull Request
84
109
 
85
-
86
-
87
-
88
-
89
-
data/Rakefile CHANGED
@@ -2,6 +2,6 @@ require "bundler/gem_tasks"
2
2
  require 'rake/testtask'
3
3
  # require 'cucumber/rake/task'
4
4
 
5
- Dir.glob('tasks/*.rake').each { |r| import r }
5
+ Dir.glob('task/*.rake').each { |r| import r }
6
6
 
7
7
 
@@ -7,11 +7,12 @@ module Rack
7
7
  # @param [Rack Application] app [next middleware or rack app which gets called]
8
8
  # @param [String] signature [Public Signature]
9
9
  # @param [String] secret [Secret used for Message Encryption]
10
- def initialize(app, signature, secret, config)
10
+ def initialize(app, signature, secret, config, logpath = nil)
11
11
  @app = app
12
12
  @signature = signature
13
13
  @secret = secret
14
14
  @config = config
15
+ @logpath = logpath
15
16
  end
16
17
 
17
18
  # call Method for Rack Middleware/Application
@@ -30,20 +31,23 @@ module Rack
30
31
  # @param [Rack::Request] request [current Request]
31
32
  # @return [boolean] ValidationStatus [If authorized returns true, else false]
32
33
  def valid?(request)
33
- return false if request.env['HTTP_AUTHORIZATION'].nil?
34
+ if request.env['HTTP_AUTHORIZATION'].nil?
35
+ log(request)
36
+
37
+ return false
38
+ end
34
39
 
35
40
  auth_array = request.env['HTTP_AUTHORIZATION'].split(':')
36
41
  message_hash = auth_array[0]
37
42
  signature = auth_array[1]
38
43
 
39
- hash = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new('sha256'), @secret, message(request))
40
- # puts request.request_method
41
- # puts "Hash to Check: #{hash}"
42
- # puts "Message Hash: #{message_hash}"
44
+ @hash = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new('sha256'), @secret, message(request))
43
45
 
44
- if signature == @signature && hash == message_hash
46
+ if signature == @signature && @hash == message_hash
45
47
  true
46
48
  else
49
+ log(request)
50
+
47
51
  false
48
52
  end
49
53
  end
@@ -77,6 +81,26 @@ module Rack
77
81
  fail "Not a valid option #{config[request.request_method]} - Use either params or path"
78
82
  end
79
83
  end
84
+
85
+ # Log to @logpath if request is unathorized
86
+ # @param [Rack::Request] request [current Request]
87
+ def log(request)
88
+ if @logpath
89
+ path = request.path
90
+ method = request.request_method
91
+
92
+ log = "#{Time.new} - #{method} #{path} - 400 Unauthorized - HTTP_AUTHORIZATION: #{request.env['HTTP_AUTHORIZATION']}\n"
93
+ log << "Auth Message Config: #{@config[request.request_method]}\n"
94
+ log << "Auth Encrypted Message: #{@hash}\n"
95
+ log << "Auth Signature: #{@signature}\n"
96
+
97
+ open("#{@logpath}/#{ENV['RACK_ENV']}_error.log", 'a') do |f|
98
+ f << "#{log}\n"
99
+ end
100
+ end
101
+ end
102
+
103
+ private :log, :request_data, :message, :valid?
80
104
  end
81
105
  end
82
106
  end
@@ -2,6 +2,6 @@ module Rack
2
2
  # Module which Contains different Authorization / Authentication Classes (HMAC, ..)
3
3
  module SimpleAuth
4
4
  # Current Gem Version
5
- VERSION = '0.0.3'
5
+ VERSION = '0.0.4'
6
6
  end
7
7
  end
@@ -9,13 +9,11 @@ Gem::Specification.new do |spec|
9
9
  spec.authors = ["Benny1992"]
10
10
  spec.email = ["klotz.benjamin@yahoo.de"]
11
11
  spec.summary = %q{SimpleAuth HMAC authentication}
12
- spec.description = %q{SimpleAuth HMAC authentication}
12
+ spec.description = spec.summary
13
13
  spec.homepage = "http://www.bennyklotz.at"
14
14
  spec.license = "MIT"
15
15
 
16
- spec.files = `git ls-files -z`.split("\x0")
17
- spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
18
- spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
16
+ spec.files = File.read(File.expand_path('../MANIFEST', __FILE__)).split("\n")
19
17
  spec.require_paths = ["lib"]
20
18
 
21
19
  spec.add_runtime_dependency "rack"
@@ -2,4 +2,5 @@ task :default do
2
2
  Rake::Task['test:unit'].invoke
3
3
  # Rake::Task['test:spec'].invoke
4
4
  # Rake::Task['test:feature'].invoke
5
+ Rake::Task['test:cleanup'].invoke
5
6
  end
File without changes
@@ -0,0 +1,8 @@
1
+ desc 'Generates the MANIFEST file'
2
+ task :manifest do
3
+ files = `git ls-files`.split("\n").sort
4
+ handle = File.open(File.expand_path('../../MANIFEST', __FILE__), 'w')
5
+
6
+ handle.write(files.join("\n"))
7
+ handle.close
8
+ end
@@ -14,6 +14,10 @@ namespace :test do
14
14
  # Cucumber::Rake::Task.new(:feature) do |t|
15
15
  # t.cucumber_opts = "features --format pretty"
16
16
  # end
17
+
18
+ task :cleanup do
19
+ system("rm -rf #{File.expand_path('../../', __FILE__)}/test/logs")
20
+ end
17
21
  end
18
22
 
19
23
 
File without changes
data/test/config.ru CHANGED
@@ -6,8 +6,8 @@ config = {
6
6
  'POST' => 'params',
7
7
  'DELETE' => 'path',
8
8
  'PUT' => 'path',
9
- 'PATCH' => 'path'
9
+ 'PATCH' => 'path',
10
10
  }
11
11
 
12
- use Rack::SimpleAuth::HMAC, 'test_signature', 'test_secret', config
13
- run Rack::Lobster.new
12
+ use Rack::SimpleAuth::HMAC, 'test_signature', 'test_secret', config, "#{File.expand_path('..', __FILE__)}/logs"
13
+ run Rack::Lobster.new
data/test/test_helper.rb CHANGED
@@ -1,3 +1,5 @@
1
+ ENV['RACK_ENV']='test'
2
+
1
3
  require 'simplecov'
2
4
  require 'coveralls'
3
5
 
@@ -39,3 +41,7 @@ end
39
41
 
40
42
  Rack::SimpleAuth.testapp = Rack::Builder.parse_file("#{Rack::SimpleAuth.root}/test/config.ru").first
41
43
  Rack::SimpleAuth.failapp = Rack::Builder.parse_file("#{Rack::SimpleAuth.root}/test/config_fail.ru").first
44
+
45
+ @logpath = "#{File.expand_path("..", __FILE__)}/logs"
46
+ system("mkdir #{@logpath}")
47
+
metadata CHANGED
@@ -1,118 +1,137 @@
1
- --- !ruby/object:Gem::Specification
1
+ --- !ruby/object:Gem::Specification
2
2
  name: rack-simple_auth
3
- version: !ruby/object:Gem::Version
4
- version: 0.0.3
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.0.4
5
5
  platform: ruby
6
- authors:
6
+ authors:
7
7
  - Benny1992
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
-
12
- date: 2014-03-11 00:00:00 Z
13
- dependencies:
14
- - !ruby/object:Gem::Dependency
11
+ date: 2014-03-14 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
15
14
  name: rack
16
- requirement: &id001 !ruby/object:Gem::Requirement
17
- requirements:
18
- - &id003
19
- - ">="
20
- - !ruby/object:Gem::Version
21
- version: "0"
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - ">="
18
+ - !ruby/object:Gem::Version
19
+ version: '0'
22
20
  type: :runtime
23
21
  prerelease: false
24
- version_requirements: *id001
25
- - !ruby/object:Gem::Dependency
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - ">="
25
+ - !ruby/object:Gem::Version
26
+ version: '0'
27
+ - !ruby/object:Gem::Dependency
26
28
  name: bundler
27
- requirement: &id002 !ruby/object:Gem::Requirement
28
- requirements:
29
- - - ~>
30
- - !ruby/object:Gem::Version
31
- version: "1.5"
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - "~>"
32
+ - !ruby/object:Gem::Version
33
+ version: '1.5'
32
34
  type: :development
33
35
  prerelease: false
34
- version_requirements: *id002
35
- - !ruby/object:Gem::Dependency
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - "~>"
39
+ - !ruby/object:Gem::Version
40
+ version: '1.5'
41
+ - !ruby/object:Gem::Dependency
36
42
  name: rake
37
- requirement: &id004 !ruby/object:Gem::Requirement
38
- requirements:
39
- - *id003
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - ">="
46
+ - !ruby/object:Gem::Version
47
+ version: '0'
40
48
  type: :development
41
49
  prerelease: false
42
- version_requirements: *id004
43
- - !ruby/object:Gem::Dependency
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - ">="
53
+ - !ruby/object:Gem::Version
54
+ version: '0'
55
+ - !ruby/object:Gem::Dependency
44
56
  name: coveralls
45
- requirement: &id005 !ruby/object:Gem::Requirement
46
- requirements:
47
- - *id003
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - ">="
60
+ - !ruby/object:Gem::Version
61
+ version: '0'
48
62
  type: :development
49
63
  prerelease: false
50
- version_requirements: *id005
51
- - !ruby/object:Gem::Dependency
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - ">="
67
+ - !ruby/object:Gem::Version
68
+ version: '0'
69
+ - !ruby/object:Gem::Dependency
52
70
  name: rack-test
53
- requirement: &id006 !ruby/object:Gem::Requirement
54
- requirements:
55
- - *id003
71
+ requirement: !ruby/object:Gem::Requirement
72
+ requirements:
73
+ - - ">="
74
+ - !ruby/object:Gem::Version
75
+ version: '0'
56
76
  type: :development
57
77
  prerelease: false
58
- version_requirements: *id006
78
+ version_requirements: !ruby/object:Gem::Requirement
79
+ requirements:
80
+ - - ">="
81
+ - !ruby/object:Gem::Version
82
+ version: '0'
59
83
  description: SimpleAuth HMAC authentication
60
- email:
84
+ email:
61
85
  - klotz.benjamin@yahoo.de
62
86
  executables: []
63
-
64
87
  extensions: []
65
-
66
88
  extra_rdoc_files: []
67
-
68
- files:
69
- - .gitignore
70
- - .rubocop.yml
71
- - .travis.yml
72
- - .yardopts
89
+ files:
90
+ - ".gitignore"
91
+ - ".rubocop.yml"
92
+ - ".travis.yml"
93
+ - ".yardopts"
73
94
  - Gemfile
74
95
  - LICENSE.txt
96
+ - MANIFEST
75
97
  - README.md
76
98
  - Rakefile
77
99
  - lib/rack/simple_auth.rb
78
100
  - lib/rack/simple_auth/hmac.rb
79
101
  - lib/rack/simple_auth/version.rb
80
102
  - rack-simple_auth.gemspec
81
- - tasks/default.rake
82
- - tasks/floodtest.rake
83
- - tasks/test.rake
84
- - tasks/travis.rake
103
+ - task/default.rake
104
+ - task/floodtest.rake
105
+ - task/manifest.rake
106
+ - task/test.rake
107
+ - task/travis.rake
85
108
  - test/config.ru
86
109
  - test/config_fail.ru
87
110
  - test/rack/simple_auth/hmac_fail_test.rb
88
111
  - test/rack/simple_auth/hmac_test.rb
89
112
  - test/test_helper.rb
90
113
  homepage: http://www.bennyklotz.at
91
- licenses:
114
+ licenses:
92
115
  - MIT
93
116
  metadata: {}
94
-
95
117
  post_install_message:
96
118
  rdoc_options: []
97
-
98
- require_paths:
119
+ require_paths:
99
120
  - lib
100
- required_ruby_version: !ruby/object:Gem::Requirement
101
- requirements:
102
- - *id003
103
- required_rubygems_version: !ruby/object:Gem::Requirement
104
- requirements:
105
- - *id003
121
+ required_ruby_version: !ruby/object:Gem::Requirement
122
+ requirements:
123
+ - - ">="
124
+ - !ruby/object:Gem::Version
125
+ version: '0'
126
+ required_rubygems_version: !ruby/object:Gem::Requirement
127
+ requirements:
128
+ - - ">="
129
+ - !ruby/object:Gem::Version
130
+ version: '0'
106
131
  requirements: []
107
-
108
132
  rubyforge_project:
109
133
  rubygems_version: 2.2.2
110
134
  signing_key:
111
135
  specification_version: 4
112
136
  summary: SimpleAuth HMAC authentication
113
- test_files:
114
- - test/config.ru
115
- - test/config_fail.ru
116
- - test/rack/simple_auth/hmac_fail_test.rb
117
- - test/rack/simple_auth/hmac_test.rb
118
- - test/test_helper.rb
137
+ test_files: []