rack-simple_auth 0.0.9 → 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.travis.yml +5 -0
- data/Rakefile +1 -0
- data/lib/rack/simple_auth/hmac.rb +9 -3
- data/lib/rack/simple_auth/version.rb +1 -1
- data/rack-simple_auth.gemspec +8 -5
- data/test/config.ru +3 -2
- data/test/rack/simple_auth/hmac_fail_test.rb +1 -1
- data/test/rack/simple_auth/hmac_test.rb +12 -2
- metadata +12 -13
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 4ed00cc40f3111fa03accfd030db1def811ad27a
|
|
4
|
+
data.tar.gz: cc12d38b646cb6f258e1914e42467258e1da1598
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: ee8ef0e6b86dc1d199fb32db40721ea0ac79be6d0ad2d1d561c2b9b8acb71b218bd96ddc1591cc5929f8f2cd967445c8d21de7994df700eb419cc0de7ac5d30e
|
|
7
|
+
data.tar.gz: 44443667ba5df710dfd7fd0340397eb2e6e45fd02f91ef8d208dc060a6a3a50fa12dfb3f14ea6719476042a542aebb20a8542109773853896c14554b23640ff5
|
data/.travis.yml
CHANGED
data/Rakefile
CHANGED
|
@@ -5,14 +5,14 @@ module Rack
|
|
|
5
5
|
class HMAC
|
|
6
6
|
# Constructor for Rack Middleware (passing the rack stack)
|
|
7
7
|
# @param [Rack Application] app [next middleware or rack app which gets called]
|
|
8
|
-
# @param [
|
|
9
|
-
# @param [String] secret [Secret used for Message Encryption]
|
|
8
|
+
# @param [Hash] config [config hash where tolerance, secret, signature etc.. are set]
|
|
10
9
|
def initialize(app, config)
|
|
11
10
|
@app = app
|
|
12
11
|
@signature = config['signature'] || ''
|
|
13
12
|
@secret = config['secret'] || ''
|
|
14
13
|
@tolerance = config['tolerance'] || 0 # 0 if tolerance not set in config hash
|
|
15
14
|
@logpath = config['logpath']
|
|
15
|
+
@steps = config['steps'] || 1
|
|
16
16
|
|
|
17
17
|
@config = config
|
|
18
18
|
end
|
|
@@ -60,7 +60,8 @@ module Rack
|
|
|
60
60
|
def build_allowed_messages(request)
|
|
61
61
|
hash_array = []
|
|
62
62
|
|
|
63
|
-
(-(@tolerance)..@tolerance).
|
|
63
|
+
(-(@tolerance)..@tolerance).step(@steps) do |i|
|
|
64
|
+
i = i.round(2)
|
|
64
65
|
hash_array << OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), @secret, message(request, i))
|
|
65
66
|
end
|
|
66
67
|
|
|
@@ -73,6 +74,11 @@ module Rack
|
|
|
73
74
|
# @return [Hash] message [message which will be encrypted]
|
|
74
75
|
def message(request, delay = 0)
|
|
75
76
|
date = Time.now.to_i + delay
|
|
77
|
+
|
|
78
|
+
if delay.eql?(0.0)
|
|
79
|
+
date = date.to_i
|
|
80
|
+
end
|
|
81
|
+
|
|
76
82
|
case request.request_method
|
|
77
83
|
when 'GET'
|
|
78
84
|
return { 'method' => request.request_method, 'date' => date, 'data' => request_data(request, @config) }.to_json
|
data/rack-simple_auth.gemspec
CHANGED
|
@@ -7,12 +7,15 @@ Gem::Specification.new do |spec|
|
|
|
7
7
|
spec.name = "rack-simple_auth"
|
|
8
8
|
spec.version = Rack::SimpleAuth::VERSION
|
|
9
9
|
spec.authors = ["Benny1992"]
|
|
10
|
-
spec.email = ["
|
|
10
|
+
spec.email = ["r3qnbenni@gmail.com"]
|
|
11
11
|
spec.summary = %q{SimpleAuth HMAC authentication}
|
|
12
12
|
spec.description = spec.summary
|
|
13
13
|
spec.homepage = "https://github.com/Benny1992/rack-simple_auth"
|
|
14
14
|
spec.license = "MIT"
|
|
15
15
|
|
|
16
|
+
spec.post_install_message = 'Please report any issues at: ' \
|
|
17
|
+
'https://github.com/Benny1992/rack-simple_auth/issues/new'
|
|
18
|
+
|
|
16
19
|
spec.files = File.read(File.expand_path('../MANIFEST', __FILE__)).split("\n")
|
|
17
20
|
spec.require_paths = ["lib"]
|
|
18
21
|
|
|
@@ -20,8 +23,8 @@ Gem::Specification.new do |spec|
|
|
|
20
23
|
|
|
21
24
|
spec.add_runtime_dependency "rack"
|
|
22
25
|
|
|
23
|
-
spec.add_development_dependency "bundler", "~> 1.
|
|
24
|
-
spec.add_development_dependency "rake", '~>
|
|
25
|
-
spec.add_development_dependency "coveralls", '~>
|
|
26
|
-
spec.add_development_dependency "rack-test", '~>
|
|
26
|
+
spec.add_development_dependency "bundler", "~> 1.6"
|
|
27
|
+
spec.add_development_dependency "rake", '~> 10.3'
|
|
28
|
+
spec.add_development_dependency "coveralls", '~> 0.7'
|
|
29
|
+
spec.add_development_dependency "rack-test", '~> 0.6'
|
|
27
30
|
end
|
data/test/config.ru
CHANGED
|
@@ -7,10 +7,11 @@ config = {
|
|
|
7
7
|
'DELETE' => 'path',
|
|
8
8
|
'PUT' => 'path',
|
|
9
9
|
'PATCH' => 'path',
|
|
10
|
-
'tolerance' =>
|
|
10
|
+
'tolerance' => 1,
|
|
11
11
|
'signature' => 'test_signature',
|
|
12
12
|
'secret' => 'test_secret',
|
|
13
|
-
'logpath' => "#{File.expand_path('..', __FILE__)}/logs"
|
|
13
|
+
'logpath' => "#{File.expand_path('..', __FILE__)}/logs",
|
|
14
|
+
'steps' => 0.1
|
|
14
15
|
}
|
|
15
16
|
|
|
16
17
|
use Rack::SimpleAuth::HMAC, config
|
|
@@ -35,7 +35,7 @@ class HMACTest < MiniTest::Unit::TestCase
|
|
|
35
35
|
|
|
36
36
|
def test_get_with_delay_in_tolerance_range
|
|
37
37
|
uri = '/'
|
|
38
|
-
message = { 'method' => 'GET', 'date' => Time.now.to_i -
|
|
38
|
+
message = { 'method' => 'GET', 'date' => Time.now.to_i - 0.5, 'data' => uri }.to_json
|
|
39
39
|
hash = OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), @secret, message)
|
|
40
40
|
|
|
41
41
|
get uri, {}, 'HTTP_AUTHORIZATION' => "#{hash}:#{@signature}"
|
|
@@ -53,6 +53,16 @@ class HMACTest < MiniTest::Unit::TestCase
|
|
|
53
53
|
assert_equal(401, last_response.status, 'Delay not in tolerance range should receive 401')
|
|
54
54
|
end
|
|
55
55
|
|
|
56
|
+
def test_get_with_wrong_step
|
|
57
|
+
uri = '/'
|
|
58
|
+
message = { 'method' => 'GET', 'date' => Time.now.to_i + 0.03, 'data' => uri }.to_json
|
|
59
|
+
hash = OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), @secret, message)
|
|
60
|
+
|
|
61
|
+
get uri, {}, 'HTTP_AUTHORIZATION' => "#{hash}:#{@signature}"
|
|
62
|
+
|
|
63
|
+
assert_equal(401, last_response.status, 'Message with wrong step should receive 401')
|
|
64
|
+
end
|
|
65
|
+
|
|
56
66
|
def test_post_with_wrong_auth_header
|
|
57
67
|
post '/', { 'name' => 'Bensn' }, 'HTTP_AUTHORIZATION' => 'wrong_header'
|
|
58
68
|
assert_equal(401, last_response.status, 'Wrong HTTP_AUTHORIZATION Header should receive 401')
|
|
@@ -90,7 +100,7 @@ class HMACTest < MiniTest::Unit::TestCase
|
|
|
90
100
|
|
|
91
101
|
def test_put_with_right_auth_header
|
|
92
102
|
uri = '/'
|
|
93
|
-
message = { 'method' => 'PUT', 'date' => Time.now.to_i, 'data' => uri }.to_json
|
|
103
|
+
message = { 'method' => 'PUT', 'date' => Time.now.to_i , 'data' => uri }.to_json
|
|
94
104
|
hash = OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), @secret, message)
|
|
95
105
|
|
|
96
106
|
put uri, {}, 'HTTP_AUTHORIZATION' => "#{hash}:#{@signature}"
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rack-simple_auth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0
|
|
4
|
+
version: 0.1.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Benny1992
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2014-04-
|
|
11
|
+
date: 2014-04-21 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rack
|
|
@@ -30,59 +30,59 @@ dependencies:
|
|
|
30
30
|
requirements:
|
|
31
31
|
- - "~>"
|
|
32
32
|
- !ruby/object:Gem::Version
|
|
33
|
-
version: '1.
|
|
33
|
+
version: '1.6'
|
|
34
34
|
type: :development
|
|
35
35
|
prerelease: false
|
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
|
37
37
|
requirements:
|
|
38
38
|
- - "~>"
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
|
-
version: '1.
|
|
40
|
+
version: '1.6'
|
|
41
41
|
- !ruby/object:Gem::Dependency
|
|
42
42
|
name: rake
|
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
|
44
44
|
requirements:
|
|
45
45
|
- - "~>"
|
|
46
46
|
- !ruby/object:Gem::Version
|
|
47
|
-
version: 10.
|
|
47
|
+
version: '10.3'
|
|
48
48
|
type: :development
|
|
49
49
|
prerelease: false
|
|
50
50
|
version_requirements: !ruby/object:Gem::Requirement
|
|
51
51
|
requirements:
|
|
52
52
|
- - "~>"
|
|
53
53
|
- !ruby/object:Gem::Version
|
|
54
|
-
version: 10.
|
|
54
|
+
version: '10.3'
|
|
55
55
|
- !ruby/object:Gem::Dependency
|
|
56
56
|
name: coveralls
|
|
57
57
|
requirement: !ruby/object:Gem::Requirement
|
|
58
58
|
requirements:
|
|
59
59
|
- - "~>"
|
|
60
60
|
- !ruby/object:Gem::Version
|
|
61
|
-
version: 0.7
|
|
61
|
+
version: '0.7'
|
|
62
62
|
type: :development
|
|
63
63
|
prerelease: false
|
|
64
64
|
version_requirements: !ruby/object:Gem::Requirement
|
|
65
65
|
requirements:
|
|
66
66
|
- - "~>"
|
|
67
67
|
- !ruby/object:Gem::Version
|
|
68
|
-
version: 0.7
|
|
68
|
+
version: '0.7'
|
|
69
69
|
- !ruby/object:Gem::Dependency
|
|
70
70
|
name: rack-test
|
|
71
71
|
requirement: !ruby/object:Gem::Requirement
|
|
72
72
|
requirements:
|
|
73
73
|
- - "~>"
|
|
74
74
|
- !ruby/object:Gem::Version
|
|
75
|
-
version: 0.6
|
|
75
|
+
version: '0.6'
|
|
76
76
|
type: :development
|
|
77
77
|
prerelease: false
|
|
78
78
|
version_requirements: !ruby/object:Gem::Requirement
|
|
79
79
|
requirements:
|
|
80
80
|
- - "~>"
|
|
81
81
|
- !ruby/object:Gem::Version
|
|
82
|
-
version: 0.6
|
|
82
|
+
version: '0.6'
|
|
83
83
|
description: SimpleAuth HMAC authentication
|
|
84
84
|
email:
|
|
85
|
-
-
|
|
85
|
+
- r3qnbenni@gmail.com
|
|
86
86
|
executables: []
|
|
87
87
|
extensions: []
|
|
88
88
|
extra_rdoc_files: []
|
|
@@ -114,7 +114,7 @@ homepage: https://github.com/Benny1992/rack-simple_auth
|
|
|
114
114
|
licenses:
|
|
115
115
|
- MIT
|
|
116
116
|
metadata: {}
|
|
117
|
-
post_install_message:
|
|
117
|
+
post_install_message: 'Please report any issues at: https://github.com/Benny1992/rack-simple_auth/issues/new'
|
|
118
118
|
rdoc_options: []
|
|
119
119
|
require_paths:
|
|
120
120
|
- lib
|
|
@@ -135,4 +135,3 @@ signing_key:
|
|
|
135
135
|
specification_version: 4
|
|
136
136
|
summary: SimpleAuth HMAC authentication
|
|
137
137
|
test_files: []
|
|
138
|
-
has_rdoc:
|