rack-simple_auth 0.0.4 → 0.0.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -7
- data/README.md +9 -0
- data/lib/rack/simple_auth/hmac.rb +30 -10
- data/lib/rack/simple_auth/version.rb +1 -1
- data/test/config.ru +1 -0
- data/test/rack/simple_auth/hmac_test.rb +25 -5
- metadata +64 -84
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
|
-
---
|
|
2
|
-
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
5
|
-
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
1
|
+
---
|
|
2
|
+
SHA1:
|
|
3
|
+
metadata.gz: 679543cc4da776a8986f3d8477153db2daa11c3f
|
|
4
|
+
data.tar.gz: befc0a5d1bae82ae0b1bf169af01270124a63b0c
|
|
5
|
+
SHA512:
|
|
6
|
+
metadata.gz: 02c9398175da001fbb27384be1c6c2d39b2b385e45751924cb5edf567b903e6c55f6bccce0edbeb57e700d6b74209185d451659a734246f9ef9df8e92a59c887
|
|
7
|
+
data.tar.gz: f32117cd429abfe524be90fd69a4627d765427fc6f2d5fe5e2d7dc89130be0ba6a327d29f1216adb0f22222e5bf931bd498c0ad879b583cd82c39afd7fd4adff
|
data/README.md
CHANGED
|
@@ -25,11 +25,15 @@ Or install it yourself as:
|
|
|
25
25
|
[](http://badge.fury.io/rb/rack-simple_auth)
|
|
26
26
|
[](https://gemnasium.com/Benny1992/rack-simple_auth)
|
|
27
27
|
|
|
28
|
+
|
|
29
|
+
|
|
30
|
+
|
|
28
31
|
## Usage
|
|
29
32
|
|
|
30
33
|
### HMAC Authorization
|
|
31
34
|
|
|
32
35
|
HMAC should be used for communication between website backend and api server/controller/whatever..
|
|
36
|
+
|
|
33
37
|
For usage between Server <-> Client a sniffer could easily extract the signature/public key and
|
|
34
38
|
the encrypted message which is for now the same for the same request (see TODO implement timestamp).
|
|
35
39
|
|
|
@@ -91,6 +95,7 @@ It contains following information:
|
|
|
91
95
|
- The Encrypted Message which was expected
|
|
92
96
|
- The Signature which was expected
|
|
93
97
|
|
|
98
|
+
|
|
94
99
|
## TODO
|
|
95
100
|
|
|
96
101
|
Add Timestamp to encryption..
|
|
@@ -107,3 +112,7 @@ He got the encrypted message for the specific request && signature -> No securit
|
|
|
107
112
|
4. Push to the branch (`git push origin my-new-feature`)
|
|
108
113
|
5. Create new Pull Request
|
|
109
114
|
|
|
115
|
+
|
|
116
|
+
|
|
117
|
+
|
|
118
|
+
|
|
@@ -12,6 +12,7 @@ module Rack
|
|
|
12
12
|
@signature = signature
|
|
13
13
|
@secret = secret
|
|
14
14
|
@config = config
|
|
15
|
+
@tolerance = config['tolerance'] || 0 # 0 if tolerance not set in config hash
|
|
15
16
|
@logpath = logpath
|
|
16
17
|
end
|
|
17
18
|
|
|
@@ -41,9 +42,9 @@ module Rack
|
|
|
41
42
|
message_hash = auth_array[0]
|
|
42
43
|
signature = auth_array[1]
|
|
43
44
|
|
|
44
|
-
@
|
|
45
|
+
@hash_array = build_allowed_messages(request)
|
|
45
46
|
|
|
46
|
-
if signature == @signature && @
|
|
47
|
+
if signature == @signature && @hash_array.include?(message_hash)
|
|
47
48
|
true
|
|
48
49
|
else
|
|
49
50
|
log(request)
|
|
@@ -52,21 +53,35 @@ module Rack
|
|
|
52
53
|
end
|
|
53
54
|
end
|
|
54
55
|
|
|
56
|
+
# Builds Array of allowed message hashs
|
|
57
|
+
# @param [Rack::Request] request [current Request]
|
|
58
|
+
# @return [Array] hash_array [allowed message hashes as array]
|
|
59
|
+
def build_allowed_messages(request)
|
|
60
|
+
hash_array = []
|
|
61
|
+
|
|
62
|
+
(-(@tolerance)..@tolerance).each do |i|
|
|
63
|
+
hash_array << OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new('sha256'), @secret, message(request, i))
|
|
64
|
+
end
|
|
65
|
+
|
|
66
|
+
hash_array
|
|
67
|
+
end
|
|
68
|
+
|
|
55
69
|
# Get Message for current Request
|
|
56
70
|
# @param [Rack::Request] request [current Request]
|
|
57
71
|
# @return [Hash] message [message which will be encrypted]
|
|
58
|
-
def message(request)
|
|
72
|
+
def message(request, delay = 0)
|
|
73
|
+
date = Time.now.to_i + delay
|
|
59
74
|
case request.request_method
|
|
60
75
|
when 'GET'
|
|
61
|
-
return { 'method' => request.request_method, 'data' => request_data(request, @config) }.to_json
|
|
76
|
+
return { 'method' => request.request_method, 'date' => date, 'data' => request_data(request, @config) }.to_json
|
|
62
77
|
when 'POST'
|
|
63
|
-
return { 'method' => request.request_method, 'data' => request_data(request, @config) }.to_json
|
|
78
|
+
return { 'method' => request.request_method, 'date' => date, 'data' => request_data(request, @config) }.to_json
|
|
64
79
|
when 'DELETE'
|
|
65
|
-
return { 'method' => request.request_method, 'data' => request_data(request, @config) }.to_json
|
|
80
|
+
return { 'method' => request.request_method, 'date' => date, 'data' => request_data(request, @config) }.to_json
|
|
66
81
|
when 'PUT'
|
|
67
|
-
return { 'method' => request.request_method, 'data' => request_data(request, @config) }.to_json
|
|
82
|
+
return { 'method' => request.request_method, 'date' => date, 'data' => request_data(request, @config) }.to_json
|
|
68
83
|
when 'PATCH'
|
|
69
|
-
return { 'method' => request.request_method, 'data' => request_data(request, @config) }.to_json
|
|
84
|
+
return { 'method' => request.request_method, 'date' => date, 'data' => request_data(request, @config) }.to_json
|
|
70
85
|
end
|
|
71
86
|
end
|
|
72
87
|
|
|
@@ -91,8 +106,13 @@ module Rack
|
|
|
91
106
|
|
|
92
107
|
log = "#{Time.new} - #{method} #{path} - 400 Unauthorized - HTTP_AUTHORIZATION: #{request.env['HTTP_AUTHORIZATION']}\n"
|
|
93
108
|
log << "Auth Message Config: #{@config[request.request_method]}\n"
|
|
94
|
-
log << "
|
|
95
|
-
|
|
109
|
+
log << "Allowed Encrypted Messages:\n"
|
|
110
|
+
|
|
111
|
+
@hash_array.each do |hash|
|
|
112
|
+
log << "#{hash}\n"
|
|
113
|
+
end
|
|
114
|
+
|
|
115
|
+
log << "Auth Signature: #{@signature}"
|
|
96
116
|
|
|
97
117
|
open("#{@logpath}/#{ENV['RACK_ENV']}_error.log", 'a') do |f|
|
|
98
118
|
f << "#{log}\n"
|
data/test/config.ru
CHANGED
|
@@ -25,7 +25,7 @@ class HMACTest < MiniTest::Unit::TestCase
|
|
|
25
25
|
|
|
26
26
|
def test_get_with_right_auth_header
|
|
27
27
|
uri = '/'
|
|
28
|
-
message = { 'method' => 'GET', 'data' => uri }.to_json
|
|
28
|
+
message = { 'method' => 'GET', 'date' => Time.now.to_i, 'data' => uri }.to_json
|
|
29
29
|
hash = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new('sha256'), @secret, message)
|
|
30
30
|
|
|
31
31
|
get uri, {}, 'HTTP_AUTHORIZATION' => "#{hash}:#{@signature}"
|
|
@@ -33,6 +33,26 @@ class HMACTest < MiniTest::Unit::TestCase
|
|
|
33
33
|
assert_equal(200, last_response.status, 'Authorized Request should receive 200')
|
|
34
34
|
end
|
|
35
35
|
|
|
36
|
+
def test_get_with_delay_in_tolerance_range
|
|
37
|
+
uri = '/'
|
|
38
|
+
message = { 'method' => 'GET', 'date' => Time.now.to_i - 2, 'data' => uri }.to_json
|
|
39
|
+
hash = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new('sha256'), @secret, message)
|
|
40
|
+
|
|
41
|
+
get uri, {}, 'HTTP_AUTHORIZATION' => "#{hash}:#{@signature}"
|
|
42
|
+
|
|
43
|
+
assert_equal(200, last_response.status, 'Delay in tolerance range should receive 200')
|
|
44
|
+
end
|
|
45
|
+
|
|
46
|
+
def test_get_with_too_big_delay
|
|
47
|
+
uri = '/'
|
|
48
|
+
message = { 'method' => 'GET', 'date' => Time.now.to_i - 50, 'data' => uri }.to_json
|
|
49
|
+
hash = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new('sha256'), @secret, message)
|
|
50
|
+
|
|
51
|
+
get uri, {}, 'HTTP_AUTHORIZATION' => "#{hash}:#{@signature}"
|
|
52
|
+
|
|
53
|
+
assert_equal(401, last_response.status, 'Delay not in tolerance range should receive 401')
|
|
54
|
+
end
|
|
55
|
+
|
|
36
56
|
def test_post_with_wrong_auth_header
|
|
37
57
|
post '/', { 'name' => 'Bensn' }, 'HTTP_AUTHORIZATION' => 'wrong_header'
|
|
38
58
|
assert_equal(401, last_response.status, 'Wrong HTTP_AUTHORIZATION Header should receive 401')
|
|
@@ -40,7 +60,7 @@ class HMACTest < MiniTest::Unit::TestCase
|
|
|
40
60
|
|
|
41
61
|
def test_post_with_right_auth_header
|
|
42
62
|
params = { 'name' => 'Bensn' }
|
|
43
|
-
message = { 'method' => 'POST', 'data' => params }.to_json
|
|
63
|
+
message = { 'method' => 'POST', 'date' => Time.now.to_i, 'data' => params }.to_json
|
|
44
64
|
hash = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new('sha256'), @secret, message)
|
|
45
65
|
|
|
46
66
|
post '/', params, 'HTTP_AUTHORIZATION' => "#{hash}:#{@signature}"
|
|
@@ -55,7 +75,7 @@ class HMACTest < MiniTest::Unit::TestCase
|
|
|
55
75
|
|
|
56
76
|
def test_delete_with_right_auth_header
|
|
57
77
|
uri = '/'
|
|
58
|
-
message = { 'method' => 'DELETE', 'data' => uri }.to_json
|
|
78
|
+
message = { 'method' => 'DELETE', 'date' => Time.now.to_i, 'data' => uri }.to_json
|
|
59
79
|
hash = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new('sha256'), @secret, message)
|
|
60
80
|
|
|
61
81
|
delete uri, {}, 'HTTP_AUTHORIZATION' => "#{hash}:#{@signature}"
|
|
@@ -70,7 +90,7 @@ class HMACTest < MiniTest::Unit::TestCase
|
|
|
70
90
|
|
|
71
91
|
def test_put_with_right_auth_header
|
|
72
92
|
uri = '/'
|
|
73
|
-
message = { 'method' => 'PUT', 'data' => uri }.to_json
|
|
93
|
+
message = { 'method' => 'PUT', 'date' => Time.now.to_i, 'data' => uri }.to_json
|
|
74
94
|
hash = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new('sha256'), @secret, message)
|
|
75
95
|
|
|
76
96
|
put uri, {}, 'HTTP_AUTHORIZATION' => "#{hash}:#{@signature}"
|
|
@@ -85,7 +105,7 @@ class HMACTest < MiniTest::Unit::TestCase
|
|
|
85
105
|
|
|
86
106
|
def test_patch_with_right_auth_header
|
|
87
107
|
uri = '/'
|
|
88
|
-
message = { 'method' => 'PATCH', 'data' => uri }.to_json
|
|
108
|
+
message = { 'method' => 'PATCH', 'date' => Time.now.to_i, 'data' => uri }.to_json
|
|
89
109
|
hash = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new('sha256'), @secret, message)
|
|
90
110
|
|
|
91
111
|
patch uri, {}, 'HTTP_AUTHORIZATION' => "#{hash}:#{@signature}"
|
metadata
CHANGED
|
@@ -1,96 +1,75 @@
|
|
|
1
|
-
--- !ruby/object:Gem::Specification
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rack-simple_auth
|
|
3
|
-
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
3
|
+
version: !ruby/object:Gem::Version
|
|
4
|
+
version: 0.0.5
|
|
5
5
|
platform: ruby
|
|
6
|
-
authors:
|
|
6
|
+
authors:
|
|
7
7
|
- Benny1992
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
11
|
+
|
|
12
|
+
date: 2014-03-16 00:00:00 Z
|
|
13
|
+
dependencies:
|
|
14
|
+
- !ruby/object:Gem::Dependency
|
|
14
15
|
name: rack
|
|
15
|
-
requirement: !ruby/object:Gem::Requirement
|
|
16
|
-
requirements:
|
|
17
|
-
- - ">="
|
|
18
|
-
- !ruby/object:Gem::Version
|
|
19
|
-
version: '0'
|
|
20
|
-
type: :runtime
|
|
21
16
|
prerelease: false
|
|
22
|
-
|
|
23
|
-
requirements:
|
|
24
|
-
-
|
|
25
|
-
-
|
|
26
|
-
|
|
27
|
-
|
|
17
|
+
requirement: &id001 !ruby/object:Gem::Requirement
|
|
18
|
+
requirements:
|
|
19
|
+
- &id003
|
|
20
|
+
- ">="
|
|
21
|
+
- !ruby/object:Gem::Version
|
|
22
|
+
version: "0"
|
|
23
|
+
type: :runtime
|
|
24
|
+
version_requirements: *id001
|
|
25
|
+
- !ruby/object:Gem::Dependency
|
|
28
26
|
name: bundler
|
|
29
|
-
requirement: !ruby/object:Gem::Requirement
|
|
30
|
-
requirements:
|
|
31
|
-
- - "~>"
|
|
32
|
-
- !ruby/object:Gem::Version
|
|
33
|
-
version: '1.5'
|
|
34
|
-
type: :development
|
|
35
27
|
prerelease: false
|
|
36
|
-
|
|
37
|
-
requirements:
|
|
38
|
-
- -
|
|
39
|
-
- !ruby/object:Gem::Version
|
|
40
|
-
version:
|
|
41
|
-
- !ruby/object:Gem::Dependency
|
|
42
|
-
name: rake
|
|
43
|
-
requirement: !ruby/object:Gem::Requirement
|
|
44
|
-
requirements:
|
|
45
|
-
- - ">="
|
|
46
|
-
- !ruby/object:Gem::Version
|
|
47
|
-
version: '0'
|
|
28
|
+
requirement: &id002 !ruby/object:Gem::Requirement
|
|
29
|
+
requirements:
|
|
30
|
+
- - ~>
|
|
31
|
+
- !ruby/object:Gem::Version
|
|
32
|
+
version: "1.5"
|
|
48
33
|
type: :development
|
|
34
|
+
version_requirements: *id002
|
|
35
|
+
- !ruby/object:Gem::Dependency
|
|
36
|
+
name: rake
|
|
49
37
|
prerelease: false
|
|
50
|
-
|
|
51
|
-
requirements:
|
|
52
|
-
-
|
|
53
|
-
- !ruby/object:Gem::Version
|
|
54
|
-
version: '0'
|
|
55
|
-
- !ruby/object:Gem::Dependency
|
|
56
|
-
name: coveralls
|
|
57
|
-
requirement: !ruby/object:Gem::Requirement
|
|
58
|
-
requirements:
|
|
59
|
-
- - ">="
|
|
60
|
-
- !ruby/object:Gem::Version
|
|
61
|
-
version: '0'
|
|
38
|
+
requirement: &id004 !ruby/object:Gem::Requirement
|
|
39
|
+
requirements:
|
|
40
|
+
- *id003
|
|
62
41
|
type: :development
|
|
42
|
+
version_requirements: *id004
|
|
43
|
+
- !ruby/object:Gem::Dependency
|
|
44
|
+
name: coveralls
|
|
63
45
|
prerelease: false
|
|
64
|
-
|
|
65
|
-
requirements:
|
|
66
|
-
-
|
|
67
|
-
- !ruby/object:Gem::Version
|
|
68
|
-
version: '0'
|
|
69
|
-
- !ruby/object:Gem::Dependency
|
|
70
|
-
name: rack-test
|
|
71
|
-
requirement: !ruby/object:Gem::Requirement
|
|
72
|
-
requirements:
|
|
73
|
-
- - ">="
|
|
74
|
-
- !ruby/object:Gem::Version
|
|
75
|
-
version: '0'
|
|
46
|
+
requirement: &id005 !ruby/object:Gem::Requirement
|
|
47
|
+
requirements:
|
|
48
|
+
- *id003
|
|
76
49
|
type: :development
|
|
50
|
+
version_requirements: *id005
|
|
51
|
+
- !ruby/object:Gem::Dependency
|
|
52
|
+
name: rack-test
|
|
77
53
|
prerelease: false
|
|
78
|
-
|
|
79
|
-
requirements:
|
|
80
|
-
-
|
|
81
|
-
|
|
82
|
-
|
|
54
|
+
requirement: &id006 !ruby/object:Gem::Requirement
|
|
55
|
+
requirements:
|
|
56
|
+
- *id003
|
|
57
|
+
type: :development
|
|
58
|
+
version_requirements: *id006
|
|
83
59
|
description: SimpleAuth HMAC authentication
|
|
84
|
-
email:
|
|
60
|
+
email:
|
|
85
61
|
- klotz.benjamin@yahoo.de
|
|
86
62
|
executables: []
|
|
63
|
+
|
|
87
64
|
extensions: []
|
|
65
|
+
|
|
88
66
|
extra_rdoc_files: []
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
-
|
|
92
|
-
-
|
|
93
|
-
-
|
|
67
|
+
|
|
68
|
+
files:
|
|
69
|
+
- .gitignore
|
|
70
|
+
- .rubocop.yml
|
|
71
|
+
- .travis.yml
|
|
72
|
+
- .yardopts
|
|
94
73
|
- Gemfile
|
|
95
74
|
- LICENSE.txt
|
|
96
75
|
- MANIFEST
|
|
@@ -111,27 +90,28 @@ files:
|
|
|
111
90
|
- test/rack/simple_auth/hmac_test.rb
|
|
112
91
|
- test/test_helper.rb
|
|
113
92
|
homepage: http://www.bennyklotz.at
|
|
114
|
-
licenses:
|
|
93
|
+
licenses:
|
|
115
94
|
- MIT
|
|
116
95
|
metadata: {}
|
|
96
|
+
|
|
117
97
|
post_install_message:
|
|
118
98
|
rdoc_options: []
|
|
119
|
-
|
|
99
|
+
|
|
100
|
+
require_paths:
|
|
120
101
|
- lib
|
|
121
|
-
required_ruby_version: !ruby/object:Gem::Requirement
|
|
122
|
-
requirements:
|
|
123
|
-
-
|
|
124
|
-
|
|
125
|
-
|
|
126
|
-
|
|
127
|
-
requirements:
|
|
128
|
-
- - ">="
|
|
129
|
-
- !ruby/object:Gem::Version
|
|
130
|
-
version: '0'
|
|
102
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
|
103
|
+
requirements:
|
|
104
|
+
- *id003
|
|
105
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
106
|
+
requirements:
|
|
107
|
+
- *id003
|
|
131
108
|
requirements: []
|
|
109
|
+
|
|
132
110
|
rubyforge_project:
|
|
133
111
|
rubygems_version: 2.2.2
|
|
134
112
|
signing_key:
|
|
135
113
|
specification_version: 4
|
|
136
114
|
summary: SimpleAuth HMAC authentication
|
|
137
115
|
test_files: []
|
|
116
|
+
|
|
117
|
+
has_rdoc:
|