rack-simple_auth 0.0.1 → 0.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +42 -8
- data/lib/rack/simple_auth/hmac.rb +34 -14
- data/lib/rack/simple_auth/version.rb +1 -1
- data/test/config.ru +9 -1
- data/test/config_fail.ru +13 -0
- data/test/rack/simple_auth/hmac_fail_test.rb +26 -0
- data/test/rack/simple_auth/hmac_test.rb +27 -12
- data/test/test_helper.rb +2 -1
- metadata +6 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 4d1332c61244522343025971bc83670b33abec89
|
|
4
|
+
data.tar.gz: 5dd72b9648fd2a736b6c7c578e1a012bec201650
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 29fdfd05f22c0fa6a9987c9a02c486ce7ff622d2c149398ae3483b9fa45cf59b6ee62a72ca7a4343985494184727894ae21b8dd1a9e32bb3aa919d69a54c199a
|
|
7
|
+
data.tar.gz: 490235fb4734189062125bbd42c868ceebec5355aeba21d0837f27bd05d796a924992701afe28b660e894bd25149cb7721d814939ff9e336cf433072101f04d9
|
data/README.md
CHANGED
|
@@ -1,6 +1,8 @@
|
|
|
1
1
|
# Rack::SimpleAuth
|
|
2
2
|
|
|
3
|
-
Rack
|
|
3
|
+
Rack::SimpleAuth will contain different Authentication Class Middlewares
|
|
4
|
+
|
|
5
|
+
Until now only HMAC is implemented...
|
|
4
6
|
|
|
5
7
|
## Installation
|
|
6
8
|
|
|
@@ -20,30 +22,62 @@ Or install it yourself as:
|
|
|
20
22
|
|
|
21
23
|
[](https://travis-ci.org/Benny1992/rack-simple_auth)
|
|
22
24
|
[](https://coveralls.io/r/Benny1992/rack-simple_auth?branch=master)
|
|
23
|
-
[](http://badge.fury.io/rb/rack-simple_auth)
|
|
26
|
+
[](https://gemnasium.com/Benny1992/rack-simple_auth)
|
|
24
27
|
|
|
25
28
|
## Usage
|
|
26
29
|
|
|
30
|
+
### HMAC Authorization
|
|
31
|
+
|
|
27
32
|
Uses Authorization HTTP Header, example:
|
|
28
|
-
```Authorization:
|
|
33
|
+
```Authorization: MessageHash:Signature```
|
|
29
34
|
|
|
30
|
-
Signature is the "Public Key"
|
|
35
|
+
- Signature is the "Public Key"
|
|
36
|
+
- MessageHash is the HMAC encrypted Message
|
|
31
37
|
|
|
32
|
-
|
|
38
|
+
#### Basic Usage:
|
|
33
39
|
|
|
34
40
|
```ruby
|
|
41
|
+
config = {
|
|
42
|
+
'GET' => 'path',
|
|
43
|
+
'POST' => 'params',
|
|
44
|
+
'DELETE' => 'path',
|
|
45
|
+
'PUT' => 'path',
|
|
46
|
+
'PATCH' => 'path'
|
|
47
|
+
}
|
|
48
|
+
|
|
35
49
|
map '/' do
|
|
36
|
-
use Rack::SimpleAuth::HMAC, 'signature', 'private_key'
|
|
50
|
+
use Rack::SimpleAuth::HMAC, 'signature', 'private_key', config
|
|
37
51
|
run MyApplication
|
|
38
52
|
end
|
|
39
53
|
```
|
|
40
54
|
|
|
41
|
-
Private Key and Signature should be served by a file which is not checked into git version control.
|
|
55
|
+
Note: Private Key and Signature should be served by a file which is not checked into git version control.
|
|
56
|
+
|
|
57
|
+
#### Config Hash
|
|
58
|
+
|
|
59
|
+
Via the config hash you are able to define the 'data' for each request method.<br />
|
|
60
|
+
This data + HTTP Methodname is your Message what will be encrypted.<br />
|
|
61
|
+
|
|
62
|
+
For example ```GET '/get/user?name=rack'```:
|
|
63
|
+
```ruby
|
|
64
|
+
config = { 'GET => 'path' }
|
|
65
|
+
```
|
|
66
|
+
|
|
67
|
+
The Message what will be HMAC encrypted is:
|
|
68
|
+
```ruby
|
|
69
|
+
message = { 'method' => 'GET', 'data' => '/get/user?name=rack' }.to_json
|
|
70
|
+
```
|
|
71
|
+
|
|
42
72
|
|
|
43
73
|
## Contributing
|
|
44
74
|
|
|
45
|
-
1. Fork it ( http://github.com
|
|
75
|
+
1. Fork it ( http://github.com/benny1992/rack-simple_auth/fork )
|
|
46
76
|
2. Create your feature branch (`git checkout -b my-new-feature`)
|
|
47
77
|
3. Commit your changes (`git commit -am 'Add some feature'`)
|
|
48
78
|
4. Push to the branch (`git push origin my-new-feature`)
|
|
49
79
|
5. Create new Pull Request
|
|
80
|
+
|
|
81
|
+
|
|
82
|
+
|
|
83
|
+
|
|
@@ -7,10 +7,11 @@ module Rack
|
|
|
7
7
|
# @param [Rack Application] app [next middleware or rack app which gets called]
|
|
8
8
|
# @param [String] signature [Public Signature]
|
|
9
9
|
# @param [String] secret [Secret used for Message Encryption]
|
|
10
|
-
def initialize(app, signature, secret)
|
|
10
|
+
def initialize(app, signature, secret, config)
|
|
11
11
|
@app = app
|
|
12
12
|
@signature = signature
|
|
13
13
|
@secret = secret
|
|
14
|
+
@config = config
|
|
14
15
|
end
|
|
15
16
|
|
|
16
17
|
# call Method for Rack Middleware/Application
|
|
@@ -32,29 +33,48 @@ module Rack
|
|
|
32
33
|
return false if request.env['HTTP_AUTHORIZATION'].nil?
|
|
33
34
|
|
|
34
35
|
auth_array = request.env['HTTP_AUTHORIZATION'].split(':')
|
|
35
|
-
|
|
36
|
+
message_hash = auth_array[0]
|
|
36
37
|
signature = auth_array[1]
|
|
37
38
|
|
|
39
|
+
hash = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new('sha256'), @secret, message(request))
|
|
40
|
+
# puts request.request_method
|
|
41
|
+
# puts "Hash to Check: #{hash}"
|
|
42
|
+
# puts "Message Hash: #{message_hash}"
|
|
43
|
+
|
|
44
|
+
if signature == @signature && hash == message_hash
|
|
45
|
+
true
|
|
46
|
+
else
|
|
47
|
+
false
|
|
48
|
+
end
|
|
49
|
+
end
|
|
50
|
+
|
|
51
|
+
# Get Message for current Request
|
|
52
|
+
# @param [Rack::Request] request [current Request]
|
|
53
|
+
# @return [Hash] message [message which will be encrypted]
|
|
54
|
+
def message(request)
|
|
38
55
|
case request.request_method
|
|
39
56
|
when 'GET'
|
|
40
|
-
|
|
57
|
+
return { 'method' => request.request_method, 'data' => request_data(request, @config) }.to_json
|
|
41
58
|
when 'POST'
|
|
42
|
-
|
|
59
|
+
return { 'method' => request.request_method, 'data' => request_data(request, @config) }.to_json
|
|
43
60
|
when 'DELETE'
|
|
44
|
-
|
|
61
|
+
return { 'method' => request.request_method, 'data' => request_data(request, @config) }.to_json
|
|
45
62
|
when 'PUT'
|
|
46
|
-
|
|
63
|
+
return { 'method' => request.request_method, 'data' => request_data(request, @config) }.to_json
|
|
64
|
+
when 'PATCH'
|
|
65
|
+
return { 'method' => request.request_method, 'data' => request_data(request, @config) }.to_json
|
|
47
66
|
end
|
|
67
|
+
end
|
|
48
68
|
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
if
|
|
55
|
-
|
|
69
|
+
# Get Request Data specified by Config
|
|
70
|
+
# @param [Rack::Request] request [current Request]
|
|
71
|
+
# @param [Hash] config [Config Hash containing what type of info is data for each request]
|
|
72
|
+
# @return [String|Hash] data [Data for each request]
|
|
73
|
+
def request_data(request, config)
|
|
74
|
+
if config[request.request_method] == 'path' || config[request.request_method] == 'params'
|
|
75
|
+
request.send(config[request.request_method].to_sym)
|
|
56
76
|
else
|
|
57
|
-
|
|
77
|
+
fail "Not a valid option #{config[request.request_method]} - Use either params or path"
|
|
58
78
|
end
|
|
59
79
|
end
|
|
60
80
|
end
|
data/test/config.ru
CHANGED
|
@@ -1,5 +1,13 @@
|
|
|
1
1
|
require 'rack/lobster'
|
|
2
2
|
require 'rack/simple_auth'
|
|
3
3
|
|
|
4
|
-
|
|
4
|
+
config = {
|
|
5
|
+
'GET' => 'path',
|
|
6
|
+
'POST' => 'params',
|
|
7
|
+
'DELETE' => 'path',
|
|
8
|
+
'PUT' => 'path',
|
|
9
|
+
'PATCH' => 'path'
|
|
10
|
+
}
|
|
11
|
+
|
|
12
|
+
use Rack::SimpleAuth::HMAC, 'test_signature', 'test_secret', config
|
|
5
13
|
run Rack::Lobster.new
|
data/test/config_fail.ru
ADDED
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
require 'rack/lobster'
|
|
2
|
+
require 'rack/simple_auth'
|
|
3
|
+
|
|
4
|
+
config = {
|
|
5
|
+
'GET' => 'pathasdf',
|
|
6
|
+
'POST' => 'paramas',
|
|
7
|
+
'DELETE' => 'path',
|
|
8
|
+
'PUT' => 'path',
|
|
9
|
+
'PATCH' => 'path'
|
|
10
|
+
}
|
|
11
|
+
|
|
12
|
+
use Rack::SimpleAuth::HMAC, 'test_signature', 'test_secret', config
|
|
13
|
+
run Rack::Lobster.new
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
require 'test_helper.rb'
|
|
2
|
+
|
|
3
|
+
# Test HMAC Authorization Method
|
|
4
|
+
class HMACFailTest < MiniTest::Unit::TestCase
|
|
5
|
+
include Rack::Test::Methods
|
|
6
|
+
|
|
7
|
+
def setup
|
|
8
|
+
@secret = 'test_secret'
|
|
9
|
+
@signature = 'test_signature'
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def app
|
|
13
|
+
Rack::SimpleAuth.failapp
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
def test_fail
|
|
17
|
+
uri = '/'
|
|
18
|
+
content = { 'method' => 'GET', 'data' => uri }.to_json
|
|
19
|
+
hash = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new('sha256'), @secret, content)
|
|
20
|
+
|
|
21
|
+
assert_raises(RuntimeError) { get uri, {}, 'HTTP_AUTHORIZATION' => "#{hash}:#{@signature}" }
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
def teardown
|
|
25
|
+
end
|
|
26
|
+
end
|
|
@@ -25,8 +25,8 @@ class HMACTest < MiniTest::Unit::TestCase
|
|
|
25
25
|
|
|
26
26
|
def test_get_with_right_auth_header
|
|
27
27
|
uri = '/'
|
|
28
|
-
|
|
29
|
-
hash = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new('sha256'), @secret,
|
|
28
|
+
message = { 'method' => 'GET', 'data' => uri }.to_json
|
|
29
|
+
hash = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new('sha256'), @secret, message)
|
|
30
30
|
|
|
31
31
|
get uri, {}, 'HTTP_AUTHORIZATION' => "#{hash}:#{@signature}"
|
|
32
32
|
|
|
@@ -40,8 +40,8 @@ class HMACTest < MiniTest::Unit::TestCase
|
|
|
40
40
|
|
|
41
41
|
def test_post_with_right_auth_header
|
|
42
42
|
params = { 'name' => 'Bensn' }
|
|
43
|
-
|
|
44
|
-
hash = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new('sha256'), @secret,
|
|
43
|
+
message = { 'method' => 'POST', 'data' => params }.to_json
|
|
44
|
+
hash = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new('sha256'), @secret, message)
|
|
45
45
|
|
|
46
46
|
post '/', params, 'HTTP_AUTHORIZATION' => "#{hash}:#{@signature}"
|
|
47
47
|
|
|
@@ -55,8 +55,8 @@ class HMACTest < MiniTest::Unit::TestCase
|
|
|
55
55
|
|
|
56
56
|
def test_delete_with_right_auth_header
|
|
57
57
|
uri = '/'
|
|
58
|
-
|
|
59
|
-
hash = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new('sha256'), @secret,
|
|
58
|
+
message = { 'method' => 'DELETE', 'data' => uri }.to_json
|
|
59
|
+
hash = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new('sha256'), @secret, message)
|
|
60
60
|
|
|
61
61
|
delete uri, {}, 'HTTP_AUTHORIZATION' => "#{hash}:#{@signature}"
|
|
62
62
|
|
|
@@ -64,16 +64,31 @@ class HMACTest < MiniTest::Unit::TestCase
|
|
|
64
64
|
end
|
|
65
65
|
|
|
66
66
|
def test_put_with_wrong_auth_header
|
|
67
|
-
put '/', {
|
|
67
|
+
put '/', {}, 'HTTP_AUTHORIZATION' => 'wrong_header'
|
|
68
68
|
assert_equal(401, last_response.status, 'Wrong HTTP_AUTHORIZATION Header should receive 401')
|
|
69
69
|
end
|
|
70
70
|
|
|
71
|
-
def
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
hash = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new('sha256'), @secret,
|
|
71
|
+
def test_put_with_right_auth_header
|
|
72
|
+
uri = '/'
|
|
73
|
+
message = { 'method' => 'PUT', 'data' => uri }.to_json
|
|
74
|
+
hash = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new('sha256'), @secret, message)
|
|
75
|
+
|
|
76
|
+
put uri, {}, 'HTTP_AUTHORIZATION' => "#{hash}:#{@signature}"
|
|
77
|
+
|
|
78
|
+
assert_equal(200, last_response.status, 'Authorized Request should receive 200')
|
|
79
|
+
end
|
|
80
|
+
|
|
81
|
+
def test_patch_with_wrong_auth_header
|
|
82
|
+
patch '/', {}, 'HTTP_AUTHORIZATION' => 'wrong_header'
|
|
83
|
+
assert_equal(401, last_response.status, 'Wrong HTTP_AUTHORIZATION Header should receive 401')
|
|
84
|
+
end
|
|
85
|
+
|
|
86
|
+
def test_patch_with_right_auth_header
|
|
87
|
+
uri = '/'
|
|
88
|
+
message = { 'method' => 'PATCH', 'data' => uri }.to_json
|
|
89
|
+
hash = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new('sha256'), @secret, message)
|
|
75
90
|
|
|
76
|
-
|
|
91
|
+
patch uri, {}, 'HTTP_AUTHORIZATION' => "#{hash}:#{@signature}"
|
|
77
92
|
|
|
78
93
|
assert_equal(200, last_response.status, 'Authorized Request should receive 200')
|
|
79
94
|
end
|
data/test/test_helper.rb
CHANGED
|
@@ -32,9 +32,10 @@ module Rack
|
|
|
32
32
|
# Module which Contains different Authorization / Authentication Classes (HMAC, ..)
|
|
33
33
|
module SimpleAuth
|
|
34
34
|
class << self
|
|
35
|
-
attr_accessor :testapp
|
|
35
|
+
attr_accessor :testapp, :failapp
|
|
36
36
|
end
|
|
37
37
|
end
|
|
38
38
|
end
|
|
39
39
|
|
|
40
40
|
Rack::SimpleAuth.testapp = Rack::Builder.parse_file("#{Rack::SimpleAuth.root}/test/config.ru").first
|
|
41
|
+
Rack::SimpleAuth.failapp = Rack::Builder.parse_file("#{Rack::SimpleAuth.root}/test/config_fail.ru").first
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rack-simple_auth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Benny1992
|
|
@@ -9,7 +9,7 @@ autorequire:
|
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
11
|
|
|
12
|
-
date: 2014-03-
|
|
12
|
+
date: 2014-03-10 00:00:00 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
requirement: &id001 !ruby/object:Gem::Requirement
|
|
@@ -83,6 +83,8 @@ files:
|
|
|
83
83
|
- tasks/test.rake
|
|
84
84
|
- tasks/travis.rake
|
|
85
85
|
- test/config.ru
|
|
86
|
+
- test/config_fail.ru
|
|
87
|
+
- test/rack/simple_auth/hmac_fail_test.rb
|
|
86
88
|
- test/rack/simple_auth/hmac_test.rb
|
|
87
89
|
- test/test_helper.rb
|
|
88
90
|
homepage: http://www.bennyklotz.at
|
|
@@ -110,5 +112,7 @@ specification_version: 4
|
|
|
110
112
|
summary: SimpleAuth HMAC authentication
|
|
111
113
|
test_files:
|
|
112
114
|
- test/config.ru
|
|
115
|
+
- test/config_fail.ru
|
|
116
|
+
- test/rack/simple_auth/hmac_fail_test.rb
|
|
113
117
|
- test/rack/simple_auth/hmac_test.rb
|
|
114
118
|
- test/test_helper.rb
|