rack-simple_auth 0.0.6 → 0.0.7

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
- ---
2
- SHA1:
3
- metadata.gz: 9821660c1ff4703956f11cd39f67f3a09f98a9ad
4
- data.tar.gz: 6cab22a6d00d70e62411e28ec042def714c347d3
5
- SHA512:
6
- metadata.gz: 84068e6c7c66de24a364c6cc607c01ec65ec7d9ade78c8a7d3ab6a720b324084b73a3c0aa472afb7706b4ae510e82f5e8b63c160df94d4bfe1fb526e19eac491
7
- data.tar.gz: 4fed2416ba52add9e396e692a12c327d78f238d97fbf9829b496d8ff330e2b55313d3ea78780227b053626a6b1b4ce9f8c85ce371d6d891d8819d64d115152b6
1
+ ---
2
+ SHA1:
3
+ metadata.gz: 20e26bae6761147bd84d107005488530f5ecf65e
4
+ data.tar.gz: 405bff87cf1a3a7b3df20db785529b8ef89f78da
5
+ SHA512:
6
+ metadata.gz: 66df96dde2d25ccc0bd4ba392fcb9b28b41f6d43b5a2fca3a1c1710d953fa93295f6623b4db0cdb6f0056fa8e774a0cee51f1987d6eb1fc37ab5fc37a148a50c
7
+ data.tar.gz: a8736e1d82e10b4ac39e41c6adf06831fc448615599e98b145b7ca5ee1945c636289da8648e557fce0e7c422e25104daf35abe5f4939a1a9e6cf07c3a3a2129f
data/README.md CHANGED
@@ -34,10 +34,12 @@ Or install it yourself as:
34
34
 
35
35
  HMAC should be used for communication between website backend and api server/controller/whatever..
36
36
 
37
- For usage between Server <-> Client a sniffer could easily extract the signature/public key and
38
- the encrypted message which is for now the same for the same request (see TODO implement timestamp).
37
+ ~~For usage between Server <-> Client a sniffer could easily extract the signature/public key and
38
+ the encrypted message which is for now the same for the same request (see TODO implement timestamp).~~
39
39
 
40
- With these 2 informations a "secure" backend could be easily seen public...
40
+ ~~With these 2 informations a "secure" backend could be easily seen public...~~
41
+
42
+ In version 0.0.5 the timestamp has been added to the msg which will be encrypted, also the possibility to configure the allowed delay a request can have has been added.
41
43
 
42
44
  Uses Authorization HTTP Header, example:
43
45
  ```Authorization: MessageHash:Signature```
@@ -54,6 +56,7 @@ config = {
54
56
  'DELETE' => 'path',
55
57
  'PUT' => 'path',
56
58
  'PATCH' => 'path'
59
+ 'tolerance' => 2
57
60
  }
58
61
 
59
62
  map '/' do
@@ -65,6 +68,7 @@ end
65
68
  Note: Private Key and Signature should be served by a file which is not checked into git version control.
66
69
 
67
70
 
71
+
68
72
  #### Config Hash
69
73
 
70
74
  Via the config hash you are able to define the 'data' for each request method.<br />
@@ -82,6 +86,19 @@ The Message what will be HMAC encrypted is:
82
86
  message = { 'method' => 'GET', 'data' => '/get/user?name=rack' }.to_json
83
87
  ```
84
88
 
89
+ In Version 0.0.5 the timestamp has been added to the Message.
90
+
91
+ The new Message which will be encrypted looks like this:
92
+
93
+ ```ruby
94
+ message = { 'method' => 'GET', 'date' => Time.now.to_i +- delay range, 'data' => '/get/user?name=rack }.to_json
95
+ ```
96
+
97
+ The tolerance which is configureable in the config hash sets the possible delay a request could have and still will be authorized.
98
+
99
+ Notice: For a set tolerance a Encrypted Message array will be generated and compared with the MessageHash from the AUTH Header
100
+
101
+
85
102
  #### Logging
86
103
 
87
104
  With the 4th parameter for Rack::SimpleAuth::HMAC you can define a destination where the internal #log method should write to.
@@ -96,13 +113,16 @@ It contains following information:
96
113
  - The Signature which was expected
97
114
 
98
115
 
116
+
99
117
  ## TODO
100
118
 
101
- Add Timestamp to encryption..
119
+ ~~Add Timestamp to encryption..~~
120
+
121
+ ~~For now a sniffer could track a successfull request to the server and extract the HTTP_AUTHORIZATION HEADER for this request.~~
122
+
123
+ ~~He got the encrypted message for the specific request && signature -> No security anymore...~~
102
124
 
103
- For now a sniffer could track a successfull request to the server and extract the HTTP_AUTHORIZATION HEADER for this request.
104
125
 
105
- He got the encrypted message for the specific request && signature -> No security anymore...
106
126
 
107
127
  ## Contributing
108
128
 
@@ -116,3 +136,7 @@ He got the encrypted message for the specific request && signature -> No securit
116
136
 
117
137
 
118
138
 
139
+
140
+
141
+
142
+
@@ -60,14 +60,15 @@ module Rack
60
60
  hash_array = []
61
61
 
62
62
  (-(@tolerance)..@tolerance).each do |i|
63
- hash_array << OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new('sha256'), @secret, message(request, i))
63
+ hash_array << OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), @secret, message(request, i))
64
64
  end
65
65
 
66
66
  hash_array
67
67
  end
68
68
 
69
- # Get Message for current Request
69
+ # Get Message for current Request and delay
70
70
  # @param [Rack::Request] request [current Request]
71
+ # @param [Fixnum] delay [delay in timestamp format]
71
72
  # @return [Hash] message [message which will be encrypted]
72
73
  def message(request, delay = 0)
73
74
  date = Time.now.to_i + delay
@@ -122,7 +123,7 @@ module Rack
122
123
  end
123
124
  end
124
125
 
125
- private :log, :request_data, :message, :valid?
126
+ private :log, :request_data, :message, :valid?, :build_allowed_messages
126
127
  end
127
128
  end
128
129
  end
@@ -2,6 +2,6 @@ module Rack
2
2
  # Module which Contains different Authorization / Authentication Classes (HMAC, ..)
3
3
  module SimpleAuth
4
4
  # Current Gem Version
5
- VERSION = '0.0.6'
5
+ VERSION = '0.0.7'
6
6
  end
7
7
  end
@@ -14,13 +14,13 @@ class HMACFailTest < MiniTest::Unit::TestCase
14
14
  end
15
15
 
16
16
  def test_fail
17
- uri = '/'
17
+ uri = '/'
18
18
  content = { 'method' => 'GET', 'data' => uri }.to_json
19
- hash = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new('sha256'), @secret, content)
19
+ hash = OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), @secret, content)
20
20
 
21
21
  assert_raises(RuntimeError) { get uri, {}, 'HTTP_AUTHORIZATION' => "#{hash}:#{@signature}" }
22
22
  end
23
23
 
24
24
  def teardown
25
25
  end
26
- end
26
+ end
@@ -26,7 +26,7 @@ class HMACTest < MiniTest::Unit::TestCase
26
26
  def test_get_with_right_auth_header
27
27
  uri = '/'
28
28
  message = { 'method' => 'GET', 'date' => Time.now.to_i, 'data' => uri }.to_json
29
- hash = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new('sha256'), @secret, message)
29
+ hash = OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), @secret, message)
30
30
 
31
31
  get uri, {}, 'HTTP_AUTHORIZATION' => "#{hash}:#{@signature}"
32
32
 
@@ -36,7 +36,7 @@ class HMACTest < MiniTest::Unit::TestCase
36
36
  def test_get_with_delay_in_tolerance_range
37
37
  uri = '/'
38
38
  message = { 'method' => 'GET', 'date' => Time.now.to_i - 2, 'data' => uri }.to_json
39
- hash = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new('sha256'), @secret, message)
39
+ hash = OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), @secret, message)
40
40
 
41
41
  get uri, {}, 'HTTP_AUTHORIZATION' => "#{hash}:#{@signature}"
42
42
 
@@ -46,7 +46,7 @@ class HMACTest < MiniTest::Unit::TestCase
46
46
  def test_get_with_too_big_delay
47
47
  uri = '/'
48
48
  message = { 'method' => 'GET', 'date' => Time.now.to_i - 50, 'data' => uri }.to_json
49
- hash = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new('sha256'), @secret, message)
49
+ hash = OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), @secret, message)
50
50
 
51
51
  get uri, {}, 'HTTP_AUTHORIZATION' => "#{hash}:#{@signature}"
52
52
 
@@ -61,7 +61,7 @@ class HMACTest < MiniTest::Unit::TestCase
61
61
  def test_post_with_right_auth_header
62
62
  params = { 'name' => 'Bensn' }
63
63
  message = { 'method' => 'POST', 'date' => Time.now.to_i, 'data' => params }.to_json
64
- hash = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new('sha256'), @secret, message)
64
+ hash = OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), @secret, message)
65
65
 
66
66
  post '/', params, 'HTTP_AUTHORIZATION' => "#{hash}:#{@signature}"
67
67
 
@@ -76,7 +76,7 @@ class HMACTest < MiniTest::Unit::TestCase
76
76
  def test_delete_with_right_auth_header
77
77
  uri = '/'
78
78
  message = { 'method' => 'DELETE', 'date' => Time.now.to_i, 'data' => uri }.to_json
79
- hash = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new('sha256'), @secret, message)
79
+ hash = OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), @secret, message)
80
80
 
81
81
  delete uri, {}, 'HTTP_AUTHORIZATION' => "#{hash}:#{@signature}"
82
82
 
@@ -91,7 +91,7 @@ class HMACTest < MiniTest::Unit::TestCase
91
91
  def test_put_with_right_auth_header
92
92
  uri = '/'
93
93
  message = { 'method' => 'PUT', 'date' => Time.now.to_i, 'data' => uri }.to_json
94
- hash = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new('sha256'), @secret, message)
94
+ hash = OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), @secret, message)
95
95
 
96
96
  put uri, {}, 'HTTP_AUTHORIZATION' => "#{hash}:#{@signature}"
97
97
 
@@ -106,7 +106,7 @@ class HMACTest < MiniTest::Unit::TestCase
106
106
  def test_patch_with_right_auth_header
107
107
  uri = '/'
108
108
  message = { 'method' => 'PATCH', 'date' => Time.now.to_i, 'data' => uri }.to_json
109
- hash = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new('sha256'), @secret, message)
109
+ hash = OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), @secret, message)
110
110
 
111
111
  patch uri, {}, 'HTTP_AUTHORIZATION' => "#{hash}:#{@signature}"
112
112
 
metadata CHANGED
@@ -1,75 +1,96 @@
1
- --- !ruby/object:Gem::Specification
1
+ --- !ruby/object:Gem::Specification
2
2
  name: rack-simple_auth
3
- version: !ruby/object:Gem::Version
4
- version: 0.0.6
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.0.7
5
5
  platform: ruby
6
- authors:
6
+ authors:
7
7
  - Benny1992
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
-
12
- date: 2014-03-16 00:00:00 Z
13
- dependencies:
14
- - !ruby/object:Gem::Dependency
11
+ date: 2014-03-20 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
15
14
  name: rack
16
- prerelease: false
17
- requirement: &id001 !ruby/object:Gem::Requirement
18
- requirements:
19
- - &id003
20
- - ">="
21
- - !ruby/object:Gem::Version
22
- version: "0"
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - ">="
18
+ - !ruby/object:Gem::Version
19
+ version: '0'
23
20
  type: :runtime
24
- version_requirements: *id001
25
- - !ruby/object:Gem::Dependency
26
- name: bundler
27
21
  prerelease: false
28
- requirement: &id002 !ruby/object:Gem::Requirement
29
- requirements:
30
- - - ~>
31
- - !ruby/object:Gem::Version
32
- version: "1.5"
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - ">="
25
+ - !ruby/object:Gem::Version
26
+ version: '0'
27
+ - !ruby/object:Gem::Dependency
28
+ name: bundler
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - "~>"
32
+ - !ruby/object:Gem::Version
33
+ version: '1.5'
33
34
  type: :development
34
- version_requirements: *id002
35
- - !ruby/object:Gem::Dependency
36
- name: rake
37
35
  prerelease: false
38
- requirement: &id004 !ruby/object:Gem::Requirement
39
- requirements:
40
- - *id003
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - "~>"
39
+ - !ruby/object:Gem::Version
40
+ version: '1.5'
41
+ - !ruby/object:Gem::Dependency
42
+ name: rake
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - ">="
46
+ - !ruby/object:Gem::Version
47
+ version: '0'
41
48
  type: :development
42
- version_requirements: *id004
43
- - !ruby/object:Gem::Dependency
44
- name: coveralls
45
49
  prerelease: false
46
- requirement: &id005 !ruby/object:Gem::Requirement
47
- requirements:
48
- - *id003
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - ">="
53
+ - !ruby/object:Gem::Version
54
+ version: '0'
55
+ - !ruby/object:Gem::Dependency
56
+ name: coveralls
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - ">="
60
+ - !ruby/object:Gem::Version
61
+ version: '0'
49
62
  type: :development
50
- version_requirements: *id005
51
- - !ruby/object:Gem::Dependency
52
- name: rack-test
53
63
  prerelease: false
54
- requirement: &id006 !ruby/object:Gem::Requirement
55
- requirements:
56
- - *id003
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - ">="
67
+ - !ruby/object:Gem::Version
68
+ version: '0'
69
+ - !ruby/object:Gem::Dependency
70
+ name: rack-test
71
+ requirement: !ruby/object:Gem::Requirement
72
+ requirements:
73
+ - - ">="
74
+ - !ruby/object:Gem::Version
75
+ version: '0'
57
76
  type: :development
58
- version_requirements: *id006
77
+ prerelease: false
78
+ version_requirements: !ruby/object:Gem::Requirement
79
+ requirements:
80
+ - - ">="
81
+ - !ruby/object:Gem::Version
82
+ version: '0'
59
83
  description: SimpleAuth HMAC authentication
60
- email:
84
+ email:
61
85
  - klotz.benjamin@yahoo.de
62
86
  executables: []
63
-
64
87
  extensions: []
65
-
66
88
  extra_rdoc_files: []
67
-
68
- files:
69
- - .gitignore
70
- - .rubocop.yml
71
- - .travis.yml
72
- - .yardopts
89
+ files:
90
+ - ".gitignore"
91
+ - ".rubocop.yml"
92
+ - ".travis.yml"
93
+ - ".yardopts"
73
94
  - Gemfile
74
95
  - LICENSE.txt
75
96
  - MANIFEST
@@ -90,28 +111,28 @@ files:
90
111
  - test/rack/simple_auth/hmac_test.rb
91
112
  - test/test_helper.rb
92
113
  homepage: http://www.bennyklotz.at
93
- licenses:
114
+ licenses:
94
115
  - MIT
95
116
  metadata: {}
96
-
97
117
  post_install_message:
98
118
  rdoc_options: []
99
-
100
- require_paths:
119
+ require_paths:
101
120
  - lib
102
- required_ruby_version: !ruby/object:Gem::Requirement
103
- requirements:
104
- - *id003
105
- required_rubygems_version: !ruby/object:Gem::Requirement
106
- requirements:
107
- - *id003
121
+ required_ruby_version: !ruby/object:Gem::Requirement
122
+ requirements:
123
+ - - ">="
124
+ - !ruby/object:Gem::Version
125
+ version: '0'
126
+ required_rubygems_version: !ruby/object:Gem::Requirement
127
+ requirements:
128
+ - - ">="
129
+ - !ruby/object:Gem::Version
130
+ version: '0'
108
131
  requirements: []
109
-
110
132
  rubyforge_project:
111
133
  rubygems_version: 2.2.2
112
134
  signing_key:
113
135
  specification_version: 4
114
136
  summary: SimpleAuth HMAC authentication
115
137
  test_files: []
116
-
117
138
  has_rdoc: