RubyGems - rack-simple_auth - Versions diffs - 0.1.0 → 0.1.1 - Mend

rack-simple_auth 0.1.0 → 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

checksums.yaml +4 -4
data/.rubocop.yml +1 -2
data/README.md +12 -12
data/lib/rack/simple_auth/hmac.rb +64 -45
data/lib/rack/simple_auth/version.rb +1 -1
data/test/config.ru +2 -2
data/test/rack/simple_auth/hmac_fail_test.rb +12 -0
data/test/rack/simple_auth/hmac_test.rb +2 -2
data/test/test_helper.rb +1 -2
metadata +3 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 4ed00cc40f3111fa03accfd030db1def811ad27a
-  data.tar.gz: cc12d38b646cb6f258e1914e42467258e1da1598
+  metadata.gz: 7da6de52a27fba5b232011cb9259c8c31ba95473
+  data.tar.gz: 35f166b707a7da786ed0358eb958591bd82ecb67
 SHA512:
-  metadata.gz: ee8ef0e6b86dc1d199fb32db40721ea0ac79be6d0ad2d1d561c2b9b8acb71b218bd96ddc1591cc5929f8f2cd967445c8d21de7994df700eb419cc0de7ac5d30e
-  data.tar.gz: 44443667ba5df710dfd7fd0340397eb2e6e45fd02f91ef8d208dc060a6a3a50fa12dfb3f14ea6719476042a542aebb20a8542109773853896c14554b23640ff5
+  metadata.gz: b7f297881cad83bf4a6123fc2f072e8d487b32f2440f667a9902c16e9ac8af608d07190c88a79a038f51869ec4a795ed39929f0ea9f0fd2932444efe818f90ba
+  data.tar.gz: 758c2e12bc71f147f0a9bce5c5ba9072efc37ca2a6fca980c5f20dc7aa258a0c53ac2698e71a4ca56ba1d8a94670b54c557da74d3d89fb4f216b61a7529f0f57

data/.rubocop.yml CHANGED Viewed

@@ -1,2 +1 @@
-LineLength:
-  Max: 160
+inherit_from: rubocop-todo.yml

data/README.md CHANGED Viewed

@@ -25,20 +25,12 @@ Or install it yourself as:
 [![Gem Version](https://badge.fury.io/rb/rack-simple_auth.png)](http://badge.fury.io/rb/rack-simple_auth)
 [![Dependency Status](https://gemnasium.com/Benny1992/rack-simple_auth.png)](https://gemnasium.com/Benny1992/rack-simple_auth)
 ## Usage
 ### HMAC Authorization
 HMAC should be used for communication between website backend and api server/controller/whatever..
-~~For usage between Server <-> Client a sniffer could easily extract the signature/public key and
-the encrypted message which is for now the same for the same request (see TODO implement timestamp).~~
-~~With these 2 informations a "secure" backend could be easily seen public...~~
 In version 0.0.5 the timestamp has been added to the msg which will be encrypted, also the possibility to configure the allowed delay a request can have has been added.
 Uses Authorization HTTP Header, example:
@@ -56,7 +48,8 @@ config = {
   'DELETE' => 'path',
   'PUT' => 'path',
   'PATCH' => 'path'
-  'tolerance' => 2,
+  'tolerance' => 1,
+  'steps' => 0.1,
   'signature' => 'signature',
   'secret' => 'secret',
   'logpath' => '/path/to/log/file'
@@ -73,6 +66,7 @@ Note: Private Key and Signature should be served by a file which is not checked
 #### Config Hash
@@ -109,6 +103,14 @@ The tolerance which is configureable in the config hash sets the possible delay
 Notice: For a set tolerance a Encrypted Message array will be generated and compared with the MessageHash from the AUTH Header
+In Version 0.1.0 the stepsize option has been added
+You can now specify how many valid hashes are created in a range between eg.: (-1..1) (= tolerance)
+A minimum stepsize of 0.01 is required (0.01 are 10 milliseconds, this is the minimum because of ruby's float disaster and therefore the gem has to use Float#round(2))
+Let me know if you need a smaller stepsize...
 #### Logging
@@ -123,9 +125,6 @@ It contains following information:
 - The Encrypted Message Array which was expected
 - The Signature which was expected
 ## TODO
 ~~Add Timestamp to encryption..~~
@@ -154,3 +153,4 @@ It contains following information:

data/lib/rack/simple_auth/hmac.rb CHANGED Viewed

@@ -10,18 +10,22 @@ module Rack
         @app = app
         @signature = config['signature'] || ''
         @secret = config['secret'] || ''
-        @tolerance = config['tolerance'] || 0 # 0 if tolerance not set in config hash
+        @tolerance = config['tolerance'] || 1 # 0 if tolerance not set in config hash
         @logpath = config['logpath']
         @steps = config['steps'] || 1
+        valid_stepsize?(0.01)
+        valid_tolerance?
         @config = config
       end
       # call Method for Rack Middleware/Application
       # @param [Hash] env [Rack Env Hash which contains headers etc..]
       def call(env)
-        request = Rack::Request.new(env)
-        if valid?(request)
+        @request = Rack::Request.new(env)
+        if valid_request?
           @app.call(env)
         else
           response = Rack::Response.new('Unauthorized', 401, 'Content-Type' => 'text/html')
@@ -30,90 +34,91 @@ module Rack
       end
       # checks for valid HMAC Request
-      # @param [Rack::Request] request [current Request]
       # @return [boolean] ValidationStatus [If authorized returns true, else false]
-      def valid?(request)
-        hash_array = build_allowed_messages(request)
-        if request.env['HTTP_AUTHORIZATION'].nil?
-          log(request, hash_array)
+      def valid_request?
+        if @request.env['HTTP_AUTHORIZATION'].nil?
+          log(allowed_messages)
           return false
         end
-        auth_array = request.env['HTTP_AUTHORIZATION'].split(':')
-        message_hash = auth_array[0]
-        signature = auth_array[1]
-        if signature == @signature && hash_array.include?(message_hash)
+        if request_signature == @signature && allowed_messages.include?(request_message)
           true
         else
-          log(request, hash_array)
+          log(allowed_messages)
           false
         end
       end
+      private
+      # Get request signature
+      def request_signature
+        @request.env['HTTP_AUTHORIZATION'].split(':').last
+      end
+      # Get encrypted request message
+      def request_message
+        @request.env['HTTP_AUTHORIZATION'].split(':').first
+      end
       # Builds Array of allowed message hashs
-      # @param [Rack::Request] request [current Request]
       # @return [Array] hash_array [allowed message hashes as array]
-      def build_allowed_messages(request)
-        hash_array = []
+      def allowed_messages
+        messages = []
         (-(@tolerance)..@tolerance).step(@steps) do |i|
           i = i.round(2)
-          hash_array << OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), @secret, message(request, i))
+          messages << OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), @secret, message(i))
         end
-        hash_array
+        messages
       end
       # Get Message for current Request and delay
-      # @param [Rack::Request] request [current Request]
       # @param [Fixnum] delay [delay in timestamp format]
       # @return [Hash] message [message which will be encrypted]
-      def message(request, delay = 0)
+      def message(delay = 0)
         date = Time.now.to_i + delay
+        date = date.to_i if delay.eql?(0.0)
-        if delay.eql?(0.0)
-          date = date.to_i
-        end
-        case request.request_method
+        case @request.request_method
         when 'GET'
-          return { 'method' => request.request_method, 'date' => date, 'data' => request_data(request, @config) }.to_json
+          return { 'method' => @request.request_method, 'date' => date, 'data' => request_data(@config) }.to_json
         when 'POST'
-          return { 'method' => request.request_method, 'date' => date, 'data' => request_data(request, @config) }.to_json
+          return { 'method' => @request.request_method, 'date' => date, 'data' => request_data(@config) }.to_json
         when 'DELETE'
-          return { 'method' => request.request_method, 'date' => date, 'data' => request_data(request, @config) }.to_json
+          return { 'method' => @request.request_method, 'date' => date, 'data' => request_data(@config) }.to_json
         when 'PUT'
-          return { 'method' => request.request_method, 'date' => date, 'data' => request_data(request, @config) }.to_json
+          return { 'method' => @request.request_method, 'date' => date, 'data' => request_data(@config) }.to_json
         when 'PATCH'
-          return { 'method' => request.request_method, 'date' => date, 'data' => request_data(request, @config) }.to_json
+          return { 'method' => @request.request_method, 'date' => date, 'data' => request_data(@config) }.to_json
         end
       end
       # Get Request Data specified by Config
-      # @param [Rack::Request] request [current Request]
       # @param [Hash] config [Config Hash containing what type of info is data for each request]
       # @return [String|Hash] data [Data for each request]
-      def request_data(request, config)
-        if config[request.request_method] == 'path' || config[request.request_method] == 'params'
-          request.send(config[request.request_method].to_sym)
+      def request_data(config)
+        if config[@request.request_method] == 'path' || config[@request.request_method] == 'params'
+          @request.send(config[@request.request_method].to_sym)
         else
-          fail "Not a valid option #{config[request.request_method]} - Use either params or path"
+          fail "Not a valid option #{config[@request.request_method]} - Use either params or path"
         end
       end
       # Log to @logpath if request is unathorized
-      # @param [Rack::Request] request [current Request]
-      def log(request, hash_array)
+      # Contains:
+      #   - allowed messages and received message
+      #   - time when request was made
+      #   - type of request
+      #   - requested path
+      def log(hash_array)
         if @logpath
-          path = request.path
-          method = request.request_method
-          log = "#{Time.new} - #{method} #{path} - 400 Unauthorized - HTTP_AUTHORIZATION: #{request.env['HTTP_AUTHORIZATION']}\n"
-          log << "Auth Message Config: #{@config[request.request_method]}\n"
+          log = "#{Time.new} - #{@request.request_method} #{@request.path} - 400 Unauthorized\n"
+          log << "HTTP_AUTHORIZATION: #{@request.env['HTTP_AUTHORIZATION']}\n"
+          log << "Auth Message Config: #{@config[@request.request_method]}\n"
           if hash_array
             log << "Allowed Encrypted Messages:\n"
@@ -130,7 +135,21 @@ module Rack
         end
       end
-      private :log, :request_data, :message, :valid?, :build_allowed_messages
+      # Check if Stepsize is valid, if > min ensure stepsize is min stepsize
+      # @param [float] min [minimum allowed stepsize]
+      def valid_stepsize?(min)
+        if @steps < min
+          puts "Warning: Minimum allowed stepsize is #{min}"
+          @steps = min
+        end
+      end
+      # Check if tolerance is valid, tolerance must be greater than stepsize
+      def valid_tolerance?
+        if @tolerance < @steps
+          fail "Tolerance must be greater than stepsize - Tolerance: #{@tolerance}, Stepsize: #{@steps}"
+        end
+      end
     end
   end
 end

data/lib/rack/simple_auth/version.rb CHANGED Viewed

@@ -2,6 +2,6 @@ module Rack
   # Module which Contains different Authorization / Authentication Classes (HMAC, ..)
   module SimpleAuth
     # Current Gem Version
-    VERSION = '0.1.0'
+    VERSION = '0.1.1'
   end
 end

data/test/config.ru CHANGED Viewed

@@ -7,11 +7,11 @@ config = {
   'DELETE' => 'path',
   'PUT' => 'path',
   'PATCH' => 'path',
-  'tolerance' => 1,
+  'tolerance' => 0.5,
   'signature' => 'test_signature',
   'secret' => 'test_secret',
   'logpath' => "#{File.expand_path('..', __FILE__)}/logs",
-  'steps' => 0.1
+  'steps' => 0.01
 }
 use Rack::SimpleAuth::HMAC, config

data/test/rack/simple_auth/hmac_fail_test.rb CHANGED Viewed

@@ -21,6 +21,18 @@ class HMACFailTest < MiniTest::Unit::TestCase
     assert_raises(RuntimeError) { get uri, {}, 'HTTP_AUTHORIZATION' => "#{hash}:#{@signature}" }
   end
+  def test_fail_step
+    out, err = capture_io do
+      Rack::Builder.parse_file("#{Rack::SimpleAuth.root}/test/config_fail_step.ru").first
+    end
+    assert_match('Warning: Minimum allowed stepsize is 0.01', out, 'Warning should be printed if stepsize is below 0.01')
+  end
+  def test_fail_tolerance
+    assert_raises(RuntimeError) { Rack::Builder.parse_file("#{Rack::SimpleAuth.root}/test/config_fail_tolerance.ru").first }
+  end
   def teardown
   end
 end

data/test/rack/simple_auth/hmac_test.rb CHANGED Viewed

@@ -41,7 +41,7 @@ class HMACTest < MiniTest::Unit::TestCase
     get uri, {}, 'HTTP_AUTHORIZATION' => "#{hash}:#{@signature}"
     assert_equal(200, last_response.status, 'Delay in tolerance range should receive 200')
- end
+  end
   def test_get_with_too_big_delay
     uri = '/'
@@ -55,7 +55,7 @@ class HMACTest < MiniTest::Unit::TestCase
   def test_get_with_wrong_step
     uri = '/'
-    message = { 'method' => 'GET', 'date' => Time.now.to_i + 0.03, 'data' => uri }.to_json
+    message = { 'method' => 'GET', 'date' => Time.now.to_i + 0.035, 'data' => uri }.to_json
     hash = OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), @secret, message)
     get uri, {}, 'HTTP_AUTHORIZATION' => "#{hash}:#{@signature}"

data/test/test_helper.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-ENV['RACK_ENV']='test'
+ENV['RACK_ENV'] = 'test'
 require 'simplecov'
 require 'coveralls'
@@ -44,4 +44,3 @@ Rack::SimpleAuth.failapp = Rack::Builder.parse_file("#{Rack::SimpleAuth.root}/te
 @logpath = "#{File.expand_path("..", __FILE__)}/logs"
 system("mkdir #{@logpath}")

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rack-simple_auth
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.1.1
 platform: ruby
 authors:
 - Benny1992
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2014-04-21 00:00:00.000000000 Z
+date: 2014-04-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -135,3 +135,4 @@ signing_key:
 specification_version: 4
 summary: SimpleAuth HMAC authentication
 test_files: []
+has_rdoc: