rack-simple_auth 0.1.4 → 1.0.0rc

checksums.yaml

@@ -1,7 +1,7 @@
---- 
-SHA1: 
-  metadata.gz: a9eb2327a5e9743a78d600c3a79f6c10628d4d4e
-  data.tar.gz: 648aba592008e3d5da11eda588352f3940b67d86
-SHA512: 
-  metadata.gz: c485c387b2bfd02372758c937aae019acd9160acbd1ad0436027bdf8365197444d32a360c59a421e23cf427b86212e0f02f8cf84d3981f0e9ffc3d17189fc6d8
-  data.tar.gz: fc568199976dd711a630a5e584be13a82a741ff68f9873e67cd84e84c7c79f5d977b4ecccd7af4ae3f6cc3d768b9dfa5fd9e25d163f1da87f6eeb21dd0fb0cbd
+---
+SHA1:
+  metadata.gz: ebfdad444b3dd93872a40ed95da0113777be8be7
+  data.tar.gz: 6dd2b76e1ef8e8916dc4870a4567f71e624ff8f1
+SHA512:
+  metadata.gz: 847a3ef324399d4bc6a9a1edc40046d200c0112997f55163cd71d6e1edb798faa163479ed046e5f49b7f57559f988549ad90ad3bc043357996ed1ecb38eacc85
+  data.tar.gz: 092eb1391821c56ae96a20cfb66053ccb5b4d83992c964e9d2369f72ecd7949064e0eb05b21b3de0e2454d21f532b9e8cadea92907d40d32e9ca0802e1f43613

data/MANIFEST

@@ -10,21 +10,28 @@ Rakefile
 checksum/rack-simple_auth-0.0.9.gem.sha512
 checksum/rack-simple_auth-0.1.0.gem.sha512
 checksum/rack-simple_auth-0.1.1.gem.sha512
+checksum/rack-simple_auth-0.1.2.gem.sha512
 lib/rack/simple_auth.rb
-lib/rack/simple_auth/hmac.rb
+lib/rack/simple_auth/hmac/config.rb
+lib/rack/simple_auth/hmac/middleware.rb
+lib/rack/simple_auth/logger.rb
 lib/rack/simple_auth/version.rb
 rack-simple_auth.gemspec
 rubocop-todo.yml
 task/build.rake
 task/checksum.rake
+task/console.rake
 task/default.rake
 task/floodtest.rake
 task/manifest.rake
 task/test.rake
-test/config.ru
-test/config_fail.ru
-test/config_fail_step.ru
-test/config_fail_tolerance.ru
-test/rack/simple_auth/hmac_fail_test.rb
-test/rack/simple_auth/hmac_test.rb
+test/rack/simple_auth/hmac/config.ru
+test/rack/simple_auth/hmac/config_fail.ru
+test/rack/simple_auth/hmac/config_fail_option.ru
+test/rack/simple_auth/hmac/config_fail_run.ru
+test/rack/simple_auth/hmac/config_fail_step.ru
+test/rack/simple_auth/hmac/config_fail_tolerance.ru
+test/rack/simple_auth/hmac/hmac_fail_run_test.rb
+test/rack/simple_auth/hmac/hmac_fail_test.rb
+test/rack/simple_auth/hmac/hmac_test.rb
 test/test_helper.rb

data/README.md

@@ -28,115 +28,37 @@ Or install it yourself as:
 
 ## Usage
 
-### HMAC Authorization
+### HMAC
 
-HMAC should be used for communication between website backend and api server/controller/whatever..
-
-In version 0.0.5 the timestamp has been added to the msg which will be encrypted, also the possibility to configure the allowed delay a request can have has been added.
-
-Uses Authorization HTTP Header, example:
-```Authorization: MessageHash:Signature```
-
-- Signature is the "Public Key"
-- MessageHash is the HMAC encrypted Message
-
-#### Basic Usage:
+To use HMAC Authorization you have to use the ```Rack::SimpleAuth::HMAC::Middleware``` for your Rack App
 
+Basic Usage:
 ```ruby
-config = {
-  'GET' => 'path',
-  'POST' => 'params',
-  'DELETE' => 'path',
-  'PUT' => 'path',
-  'PATCH' => 'path'
-  'tolerance' => 1,
-  'steps' => 0.1,
-  'signature' => 'signature',
-  'secret' => 'secret',
-  'logpath' => '/path/to/log/file'
-}
-
-map '/' do
-  use Rack::SimpleAuth::HMAC, config
-  run MyApplication
-end
-```
-
-Note: Private Key and Signature should be served by a file which is not checked into git version control.
-
+  require 'rack/lobster'
+  require 'rack/simple_auth'
 
+  request_config = {
+    'GET' => 'path',
+    'POST' => 'params',
+    'DELETE' => 'path',
+    'PUT' => 'path',
+    'PATCH' => 'path'
+  }
 
+  use Rack::SimpleAuth::HMAC::Middleware do |options|
+    options.tolerance = 0.5
+    options.stepsize  = 0.01
 
+    options.secret = 'test_secret'
+    options.signature = 'test_signature'
 
-#### Config Hash
+    options.logpath = "#{File.expand_path('..', __FILE__)}/logs"
+    options.request_config = request_config
+  end
 
-
-Via the config hash you are able to define the 'data' for each request method.<br />
-This data + HTTP Methodname is your Message what will be encrypted.<br />
-
-For example ```GET '/get/user?name=rack'```:
-
-```ruby
-config = {
-    .
-    .
-  'GET' => 'path'
-    .
-    .
- }
+  run Rack::Lobster.new
 ```
 
-The Message what will be HMAC encrypted is:
-
-```ruby
-message = { 'method' => 'GET', 'data' => '/get/user?name=rack' }.to_json
-```
-
-In Version 0.0.5 the timestamp has been added to the Message.
-
-The new Message which will be encrypted looks like this:
-
-```ruby
-message = { 'method' => 'GET', 'date' => Time.now.to_i +- delay range, 'data' => '/get/user?name=rack }.to_json
-```
-
-The tolerance which is configureable in the config hash sets the possible delay a request could have and still will be authorized.
-
-Notice: For a set tolerance a Encrypted Message array will be generated and compared with the MessageHash from the AUTH Header
-
-In Version 0.1.0 the stepsize option has been added
-
-You can now specify how many valid hashes are created in a range between eg.: (-1..1) (= tolerance)
-
-A minimum stepsize of 0.01 is required (0.01 are 10 milliseconds, this is the minimum because of ruby's float disaster and therefore the gem has to use Float#round(2))
-
-Let me know if you need a smaller stepsize...
-
-
-#### Logging
-
-With config['logpath']  you can define a destination where the internal #log method should write to.
-
-The Logging will only be triggered when a path is defined (leave config['logpath'] for disable logging) and a request is not authorized!
-
-It contains following information:
-
-- HTTP_AUTHORIZATION Header
-- Config for the specific Request Method (GET => path etc ...)
-- The Encrypted Message Array which was expected
-- The Signature which was expected
-
-## TODO 
-
-~~Add Timestamp to encryption..~~
-
-~~For now a sniffer could track a successfull request to the server and extract the HTTP_AUTHORIZATION HEADER for this request.~~
-
-~~He got the encrypted message for the specific request && signature -> No security anymore...~~
-
-
-
-
 ## Contributing
 
 1. Fork it ( http://github.com/benny1992/rack-simple_auth/fork )
@@ -144,14 +66,3 @@ It contains following information:
 3. Commit your changes (`git commit -am 'Add some feature'`)
 4. Push to the branch (`git push origin my-new-feature`)
 5. Create new Pull Request
-
-
-
-
-
-
-
-
-
-
-

data/checksum/rack-simple_auth-0.1.2.gem.sha512

@@ -0,0 +1 @@
+7d8e86a09ec275f7531af9f17a77fb8e307bd95f0d4593627b94441d59f0deb95d4240757216ecb70b65a2e40a5d4d7cba8bc5bf002b458077ca73ad0f2cac11

data/lib/rack/simple_auth.rb

@@ -1,6 +1,9 @@
 require 'rack/simple_auth/version'
 require 'rack/simple_auth/logger'
-require 'rack/simple_auth/hmac'
+
+# HMAC utilities
+require 'rack/simple_auth/hmac/config'
+require 'rack/simple_auth/hmac/middleware'
 
 require 'json'
 

data/lib/rack/simple_auth/hmac/config.rb

@@ -0,0 +1,34 @@
+module Rack
+  module SimpleAuth
+    module HMAC
+      # class Config
+      # Config objects will be instantiated out of this class when using Rack::SimpleAuth::HMAC::Middleware
+      # Also the public instance attributes / virtual attributes will be populated via the Middleware DSL
+      class Config < Hash
+        attr_writer :tolerance, :stepsize
+        attr_writer :secret, :signature
+        attr_accessor :logpath, :request_config
+
+        def method_missing(name, *args)
+          fail "Unkown option #{name.to_s.gsub!('=', '')}"
+        end
+
+        def tolerance
+          @tolerance || 1
+        end
+
+        def stepsize
+          @stepsize || 1
+        end
+
+        def secret
+          @secret || ''
+        end
+
+        def signature
+          @signature || ''
+        end
+      end
+    end
+  end
+end

data/lib/rack/simple_auth/hmac/middleware.rb

@@ -0,0 +1,180 @@
+module Rack
+  # Module which Contains different Authorization / Authentication Classes (HMAC, ..)
+  module SimpleAuth
+    # module HMAC
+    # Contains different classes for authorizing against a hmac signed request
+    module HMAC
+      # class Middleware
+      # Middleware class which represents the interface to the rack api via Middleware#call
+      # and checks if a request is hmac authorized.
+      #
+      # Usage:
+      #
+      # require 'rack/lobster'
+      # require 'rack/simple_auth'
+      #
+      # request_config = {
+      #   'GET' => 'path',
+      #   'POST' => 'params',
+      #   'DELETE' => 'path',
+      #   'PUT' => 'path',
+      #   'PATCH' => 'path'
+      # }
+      #
+      # use Rack::SimpleAuth::HMAC::Middleware do |options|
+      #   options.tolerance = 0.5
+      #   options.stepsize  = 0.01
+      #
+      #   options.secret = 'test_secret'
+      #   options.signature = 'test_signature'
+      #
+      #   options.logpath = "#{File.expand_path('..', __FILE__)}/logs"
+      #   options.request_config = request_config
+      # end
+      #
+      # run Rack::Lobster.new
+      class Middleware
+        def self.method_missing(name, *args)
+          msg = "Did you try to use HMAC Middleware as Rack Application via 'run'?\n" if name.eql?(:call)
+          msg << "method: #{name}\n"
+          msg << "args: #{args.inspect}\n" unless name.eql?(:call)
+          msg << "on: #{self}"
+
+          fail NoMethodError, msg
+        end
+        # Constructor for Rack Middleware (passing the rack stack)
+        # @param [Rack Application] app [next middleware or rack app which gets called]
+        # @param [Hash] config [config hash where tolerance, secret, signature etc.. are set]
+        def initialize(app, &block)
+          @app, @config = app, Config.new
+          yield @config if block_given?
+
+          valid_stepsize?(0.01)
+          valid_tolerance?
+        end
+
+        # call Method for Rack Middleware/Application
+        # @param [Hash] env [Rack Env Hash which contains headers etc..]
+        def call(env)
+          @request = Rack::Request.new(env)
+
+          if valid_request?
+            @app.call(env)
+          else
+            response = Rack::Response.new('Unauthorized', 401, 'Content-Type' => 'text/html')
+            response.finish
+          end
+        end
+
+        # checks for valid HMAC Request
+        # @return [boolean] ValidationStatus [If authorized returns true, else false]
+        def valid_request?
+          if @request.env['HTTP_AUTHORIZATION'].nil?
+            log
+
+            return false
+          end
+
+          if request_signature == @config.signature && allowed_messages.include?(request_message)
+            true
+          else
+            log
+
+            false
+          end
+        end
+
+        private
+
+        # Get request signature
+        def request_signature
+          @request.env['HTTP_AUTHORIZATION'].split(':').last
+        end
+
+        # Get encrypted request message
+        def request_message
+          @request.env['HTTP_AUTHORIZATION'].split(':').first
+        end
+
+        # Builds Array of allowed message hashs
+        # @return [Array] hash_array [allowed message hashes as array]
+        def allowed_messages
+          messages = []
+
+          date = Time.now.to_i.freeze
+          (-(@config.tolerance)..@config.tolerance).step(@config.stepsize) do |i|
+            i = i.round(2)
+            messages << OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), @config.secret, message(date, i))
+          end
+
+          messages
+        end
+
+        # Get Message for current Request and delay
+        # @param [Fixnum] date [current date in timestamp format]
+        # @param [Fixnum] delay [delay in timestamp format]
+        # @return [Hash] message [message which will be encrypted]
+        def message(date, delay = 0)
+          date += delay
+          date = date.to_i if delay.eql?(0.0)
+
+          # Print out Delay and Timestamp for each range step in development environment
+          puts "Delay: #{delay}, Timestamp: #{date}" if ENV['RACK_ENV'].eql?('development')
+
+          { 'method' => @request.request_method, 'date' => date, 'data' => request_data(@config) }.to_json
+        end
+
+        # Get Request Data specified by Config
+        # @param [Hash] config [Config Hash containing what type of info is data for each request]
+        # @return [String|Hash] data [Data for each request]
+        def request_data(config)
+          if @config.request_config[@request.request_method] == 'path' || @config.request_config[@request.request_method] == 'params'
+            @request.send(@config.request_config[@request.request_method].to_sym)
+          else
+            fail "Not a valid option #{@config.request_config[@request.request_method]} - Use either params or path"
+          end
+        end
+
+        # Log to @config.logpath if request is unathorized
+        # Contains:
+        #   - allowed messages and received message
+        #   - time when request was made
+        #   - type of request
+        #   - requested path
+        def log
+          if @config.logpath
+            msg = "#{Time.new} - #{@request.request_method} #{@request.path} - 400 Unauthorized\n"
+            msg << "HTTP_AUTHORIZATION: #{@request.env['HTTP_AUTHORIZATION']}\n"
+            msg << "Auth Message Config: #{@config.request_config[@request.request_method]}\n"
+
+            if allowed_messages
+              msg << "Allowed Encrypted Messages:\n"
+              allowed_messages.each do |hash|
+                msg << "#{hash}\n"
+              end
+            end
+
+            msg << "Auth Signature: #{@config.signature}"
+
+            Rack::SimpleAuth::Logger.log(@config.logpath, ENV['RACK_ENV'], msg)
+          end
+        end
+
+        # Check if Stepsize is valid, if > min ensure stepsize is min stepsize
+        # @param [float] min [minimum allowed stepsize]
+        # check @config.stepsize < min
+        def valid_stepsize?(min)
+          fail "Minimum allowed stepsize is #{min}" if @config.stepsize < min
+        end
+
+        # Check if tolerance is valid, tolerance must be greater than stepsize
+        # check @config.tolerance < @config.stepsize
+        def valid_tolerance?
+          if @config.tolerance < @config.stepsize
+            fail "Tolerance must be greater than stepsize - Tolerance: #{@config.tolerance}, Stepsize: #{@config.stepsize}"
+          end
+        end
+      end # Middleware
+    end # HMAC
+  end # SimpleAuth
+end # Rack

data/lib/rack/simple_auth/logger.rb

@@ -0,0 +1,18 @@
+module Rack
+  module SimpleAuth
+    # class Logger
+    # This class receives a logpath, env and message and
+    # prints the message to the specified logpath for the proper env file (eg.: /path/to/file/test_error.log for test env)
+    module Logger
+      def self.log(logpath, env = 'development', msg)
+        system("mkdir #{logpath}") unless Dir.exist?("#{logpath}")
+        open("#{logpath}/#{env}_error.log", 'a') do |f|
+          f << "#{msg}\n"
+        end
+
+        # Print out log to stdout for dev env
+        puts msg if ENV['RACK_ENV'].eql?('development')
+      end
+    end # Logger
+  end # SimpleAuth
+end # Rack

data/lib/rack/simple_auth/version.rb

@@ -2,6 +2,6 @@ module Rack
   # Module which Contains different Authorization / Authentication Classes (HMAC, ..)
   module SimpleAuth
     # Current Gem Version
-    VERSION = '0.1.4'
+    VERSION = '1.0.0rc'
   end
 end

data/rubocop-todo.yml

@@ -11,7 +11,7 @@ CyclomaticComplexity:
 
 # Offense count: 55
 LineLength:
-  Max: 129
+  Max: 150
 
 # Offense count: 3
 # Configuration parameters: CountComments.

data/task/console.rake

@@ -0,0 +1,7 @@
+task :console do
+  require 'irb'
+  require 'irb/completion'
+  require 'rack/simple_auth'
+  ARGV.clear
+  IRB.start
+end

data/task/test.rake

@@ -16,7 +16,7 @@ namespace :test do
   # end
   
   task :cleanup do
-    system("rm -rf #{File.expand_path('../../', __FILE__)}/test/logs")
+    system("rm -rf #{File.expand_path('../../', __FILE__)}/test/rack/simple_auth/hmac/logs")
   end
 end
 

data/test/rack/simple_auth/hmac/config.ru

@@ -0,0 +1,23 @@
+require 'rack/lobster'
+require 'rack/simple_auth'
+
+request_config = {
+  'GET' => 'path',
+  'POST' => 'params',
+  'DELETE' => 'path',
+  'PUT' => 'path',
+  'PATCH' => 'path'
+}
+
+use Rack::SimpleAuth::HMAC::Middleware do |options|
+  options.tolerance = 0.5
+  options.stepsize  = 0.01
+
+  options.secret = 'test_secret'
+  options.signature = 'test_signature'
+
+  options.logpath = "#{File.expand_path('..', __FILE__)}/logs"
+  options.request_config = request_config
+end
+
+run Rack::Lobster.new

data/test/rack/simple_auth/hmac/config_fail.ru

@@ -0,0 +1,23 @@
+require 'rack/lobster'
+require 'rack/simple_auth'
+
+request_config = {
+  'GET' => 'pathasdf',
+  'POST' => 'paramas',
+  'DELETE' => 'path',
+  'PUT' => 'path',
+  'PATCH' => 'path',
+}
+
+use Rack::SimpleAuth::HMAC::Middleware do |options|
+  options.tolerance = 0.5
+  options.stepsize  = 0.01
+
+  options.secret = 'test_secret'
+  options.signature = 'test_signature'
+
+  options.logpath = "#{File.expand_path('..', __FILE__)}/logs"
+  options.request_config = request_config
+end
+
+run Rack::Lobster.new

data/test/rack/simple_auth/hmac/config_fail_option.ru

@@ -0,0 +1,24 @@
+require 'rack/lobster'
+require 'rack/simple_auth'
+
+request_config = {
+  'GET' => 'path',
+  'POST' => 'params',
+  'DELETE' => 'path',
+  'PUT' => 'path',
+  'PATCH' => 'path'
+}
+
+use Rack::SimpleAuth::HMAC::Middleware do |options|
+  options.tolerance = 0.5
+  options.stepsize  = 0.01
+
+  options.secret = 'test_secret'
+  options.signature = 'test_signature'
+
+  options.logpath = "#{File.expand_path('..', __FILE__)}/logs"
+  options.request_config = request_config
+  options.unknown_option = 'unknown'
+end
+
+run Rack::Lobster.new

data/test/rack/simple_auth/hmac/config_fail_run.ru

@@ -0,0 +1,22 @@
+require 'rack/lobster'
+require 'rack/simple_auth'
+
+request_config = {
+  'GET' => 'pathasdf',
+  'POST' => 'paramas',
+  'DELETE' => 'path',
+  'PUT' => 'path',
+  'PATCH' => 'path',
+}
+
+# Middleware should not be runnable...
+run Rack::SimpleAuth::HMAC::Middleware do |options|
+  options.tolerance = 0.5
+  options.stepsize  = 0.01
+
+  options.secret = 'test_secret'
+  options.signature = 'test_signature'
+
+  options.logpath = "#{File.expand_path('..', __FILE__)}/logs"
+  options.request_config = request_config
+end

data/test/rack/simple_auth/hmac/config_fail_step.ru

@@ -0,0 +1,23 @@
+require 'rack/lobster'
+require 'rack/simple_auth'
+
+request_config = {
+  'GET' => 'path',
+  'POST' => 'params',
+  'DELETE' => 'path',
+  'PUT' => 'path',
+  'PATCH' => 'path',
+}
+
+use Rack::SimpleAuth::HMAC::Middleware do |options|
+  options.tolerance = 1
+  options.stepsize  = 0.0001
+
+  options.secret = 'test_secret'
+  options.signature = 'test_signature'
+
+  options.logpath = "#{File.expand_path('..', __FILE__)}/logs"
+  options.request_config = request_config
+end
+
+run Rack::Lobster.new

data/test/rack/simple_auth/hmac/config_fail_tolerance.ru

@@ -0,0 +1,23 @@
+require 'rack/lobster'
+require 'rack/simple_auth'
+
+request_config = {
+  'GET' => 'path',
+  'POST' => 'params',
+  'DELETE' => 'path',
+  'PUT' => 'path',
+  'PATCH' => 'path',
+}
+
+use Rack::SimpleAuth::HMAC::Middleware do |options|
+  options.tolerance = 0.3
+  options.stepsize  = 0.5
+
+  options.secret = 'test_secret'
+  options.signature = 'test_signature'
+
+  options.logpath = "#{File.expand_path('..', __FILE__)}/logs"
+  options.request_config = request_config
+end
+
+run Rack::Lobster.new

data/test/rack/simple_auth/hmac/hmac_fail_run_test.rb

@@ -0,0 +1,26 @@
+require 'test_helper.rb'
+
+# Test HMAC Authorization Method
+class HMACFailRunTest < MiniTest::Unit::TestCase
+  include Rack::Test::Methods
+
+  def setup
+    @secret = 'test_secret'
+    @signature = 'test_signature'
+  end
+
+  def app
+    Rack::SimpleAuth::HMAC.failrunapp
+  end
+
+  def test_fail
+    uri = '/'
+    content = { 'method' => 'GET', 'data' => uri }.to_json
+    hash = OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), @secret, content)
+
+    assert_raises(NoMethodError) { get uri, {}, 'HTTP_AUTHORIZATION' => "#{hash}:#{@signature}" }
+  end
+
+  def teardown
+  end
+end

data/test/rack/simple_auth/{hmac_fail_test.rb → hmac/hmac_fail_test.rb}

@@ -10,7 +10,7 @@ class HMACFailTest < MiniTest::Unit::TestCase
   end
 
   def app
-    Rack::SimpleAuth.failapp
+    Rack::SimpleAuth::HMAC.failapp
   end
 
   def test_fail
@@ -22,11 +22,15 @@ class HMACFailTest < MiniTest::Unit::TestCase
   end
 
   def test_fail_step
-    assert_raises(RuntimeError) { Rack::Builder.parse_file("#{Rack::SimpleAuth.root}/test/config_fail_step.ru").first }
+    assert_raises(RuntimeError) { Rack::Builder.parse_file("#{Rack::SimpleAuth.root}/test/rack/simple_auth/hmac/config_fail_step.ru").first }
   end
 
   def test_fail_tolerance
-    assert_raises(RuntimeError) { Rack::Builder.parse_file("#{Rack::SimpleAuth.root}/test/config_fail_tolerance.ru").first }
+    assert_raises(RuntimeError) { Rack::Builder.parse_file("#{Rack::SimpleAuth.root}/test/rack/simple_auth/hmac/config_fail_tolerance.ru").first }
+  end
+
+  def test_unknown_dsl_option
+    assert_raises(RuntimeError) { Rack::Builder.parse_file("#{Rack::SimpleAuth.root}/test/rack/simple_auth/hmac/config_fail_option.ru").first }
   end
 
   def teardown

data/test/rack/simple_auth/{hmac_test.rb → hmac/hmac_test.rb}

@@ -10,7 +10,7 @@ class HMACTest < MiniTest::Unit::TestCase
   end
 
   def app
-    Rack::SimpleAuth.testapp
+    Rack::SimpleAuth::HMAC.testapp
   end
 
   def test_get_without_auth_header

data/test/test_helper.rb

@@ -33,14 +33,18 @@ require 'rack/simple_auth'
 module Rack
   # Module which Contains different Authorization / Authentication Classes (HMAC, ..)
   module SimpleAuth
-    class << self
-      attr_accessor :testapp, :failapp
+    # HMAC module
+    module HMAC
+      class << self
+        attr_accessor :testapp, :failapp, :failrunapp
+      end
     end
   end
 end
 
-Rack::SimpleAuth.testapp = Rack::Builder.parse_file("#{Rack::SimpleAuth.root}/test/config.ru").first
-Rack::SimpleAuth.failapp = Rack::Builder.parse_file("#{Rack::SimpleAuth.root}/test/config_fail.ru").first
+Rack::SimpleAuth::HMAC.testapp = Rack::Builder.parse_file("#{Rack::SimpleAuth.root}/test/rack/simple_auth/hmac/config.ru").first
+Rack::SimpleAuth::HMAC.failapp = Rack::Builder.parse_file("#{Rack::SimpleAuth.root}/test/rack/simple_auth/hmac/config_fail.ru").first
+Rack::SimpleAuth::HMAC.failrunapp = Rack::Builder.parse_file("#{Rack::SimpleAuth.root}/test/rack/simple_auth/hmac/config_fail_run.ru").first
 
 @logpath = "#{File.expand_path("..", __FILE__)}/logs"
 system("mkdir #{@logpath}")

metadata

@@ -1,81 +1,96 @@
---- !ruby/object:Gem::Specification 
+--- !ruby/object:Gem::Specification
 name: rack-simple_auth
-version: !ruby/object:Gem::Version 
-  version: 0.1.4
+version: !ruby/object:Gem::Version
+  version: 1.0.0rc
 platform: ruby
-authors: 
+authors:
 - Benny1992
 autorequire: 
 bindir: bin
 cert_chain: []
-
-date: 2014-04-28 00:00:00 Z
-dependencies: 
-- !ruby/object:Gem::Dependency 
+date: 2014-04-29 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
   name: rack
-  prerelease: false
-  requirement: &id001 !ruby/object:Gem::Requirement 
-    requirements: 
-    - &id006 
-      - ">="
-      - !ruby/object:Gem::Version 
-        version: "0"
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
   type: :runtime
-  version_requirements: *id001
-- !ruby/object:Gem::Dependency 
-  name: bundler
   prerelease: false
-  requirement: &id002 !ruby/object:Gem::Requirement 
-    requirements: 
-    - - ~>
-      - !ruby/object:Gem::Version 
-        version: "1.6"
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.6'
   type: :development
-  version_requirements: *id002
-- !ruby/object:Gem::Dependency 
-  name: rake
   prerelease: false
-  requirement: &id003 !ruby/object:Gem::Requirement 
-    requirements: 
-    - - ~>
-      - !ruby/object:Gem::Version 
-        version: "10.3"
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.6'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.3'
   type: :development
-  version_requirements: *id003
-- !ruby/object:Gem::Dependency 
-  name: coveralls
   prerelease: false
-  requirement: &id004 !ruby/object:Gem::Requirement 
-    requirements: 
-    - - ~>
-      - !ruby/object:Gem::Version 
-        version: "0.7"
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.3'
+- !ruby/object:Gem::Dependency
+  name: coveralls
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.7'
   type: :development
-  version_requirements: *id004
-- !ruby/object:Gem::Dependency 
-  name: rack-test
   prerelease: false
-  requirement: &id005 !ruby/object:Gem::Requirement 
-    requirements: 
-    - - ~>
-      - !ruby/object:Gem::Version 
-        version: "0.6"
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.7'
+- !ruby/object:Gem::Dependency
+  name: rack-test
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.6'
   type: :development
-  version_requirements: *id005
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.6'
 description: SimpleAuth HMAC authentication
-email: 
+email:
 - r3qnbenni@gmail.com
 executables: []
-
 extensions: []
-
 extra_rdoc_files: []
-
-files: 
-- .gitignore
-- .rubocop.yml
-- .travis.yml
-- .yardopts
+files:
+- ".gitignore"
+- ".rubocop.yml"
+- ".travis.yml"
+- ".yardopts"
 - Gemfile
 - LICENSE.txt
 - MANIFEST
@@ -84,48 +99,54 @@ files:
 - checksum/rack-simple_auth-0.0.9.gem.sha512
 - checksum/rack-simple_auth-0.1.0.gem.sha512
 - checksum/rack-simple_auth-0.1.1.gem.sha512
+- checksum/rack-simple_auth-0.1.2.gem.sha512
 - lib/rack/simple_auth.rb
-- lib/rack/simple_auth/hmac.rb
+- lib/rack/simple_auth/hmac/config.rb
+- lib/rack/simple_auth/hmac/middleware.rb
+- lib/rack/simple_auth/logger.rb
 - lib/rack/simple_auth/version.rb
 - rack-simple_auth.gemspec
 - rubocop-todo.yml
 - task/build.rake
 - task/checksum.rake
+- task/console.rake
 - task/default.rake
 - task/floodtest.rake
 - task/manifest.rake
 - task/test.rake
-- test/config.ru
-- test/config_fail.ru
-- test/config_fail_step.ru
-- test/config_fail_tolerance.ru
-- test/rack/simple_auth/hmac_fail_test.rb
-- test/rack/simple_auth/hmac_test.rb
+- test/rack/simple_auth/hmac/config.ru
+- test/rack/simple_auth/hmac/config_fail.ru
+- test/rack/simple_auth/hmac/config_fail_option.ru
+- test/rack/simple_auth/hmac/config_fail_run.ru
+- test/rack/simple_auth/hmac/config_fail_step.ru
+- test/rack/simple_auth/hmac/config_fail_tolerance.ru
+- test/rack/simple_auth/hmac/hmac_fail_run_test.rb
+- test/rack/simple_auth/hmac/hmac_fail_test.rb
+- test/rack/simple_auth/hmac/hmac_test.rb
 - test/test_helper.rb
 homepage: https://github.com/Benny1992/rack-simple_auth
-licenses: 
+licenses:
 - MIT
 metadata: {}
-
-post_install_message: "Please report any issues at: https://github.com/Benny1992/rack-simple_auth/issues/new"
+post_install_message: 'Please report any issues at: https://github.com/Benny1992/rack-simple_auth/issues/new'
 rdoc_options: []
-
-require_paths: 
+require_paths:
 - lib
-required_ruby_version: !ruby/object:Gem::Requirement 
-  requirements: 
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
   - - ">="
-    - !ruby/object:Gem::Version 
+    - !ruby/object:Gem::Version
       version: 1.8.7
-required_rubygems_version: !ruby/object:Gem::Requirement 
-  requirements: 
-  - *id006
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">"
+    - !ruby/object:Gem::Version
+      version: 1.3.1
 requirements: []
-
 rubyforge_project: 
 rubygems_version: 2.2.2
 signing_key: 
 specification_version: 4
 summary: SimpleAuth HMAC authentication
 test_files: []
-
+has_rdoc: 

data/lib/rack/simple_auth/hmac.rb

@@ -1,156 +0,0 @@
-module Rack
-  # Module which Contains different Authorization / Authentication Classes (HMAC, ..)
-  module SimpleAuth
-    # HMAC Middleware uses HMAC Authorization for Securing an REST API
-    class HMAC
-      # Constructor for Rack Middleware (passing the rack stack)
-      # @param [Rack Application] app [next middleware or rack app which gets called]
-      # @param [Hash] config [config hash where tolerance, secret, signature etc.. are set]
-      def initialize(app, config)
-        @app = app
-        @signature = config['signature'] || ''
-        @secret = config['secret'] || ''
-        @tolerance = config['tolerance'] || 1 # 0 if tolerance not set in config hash
-        @logpath = config['logpath']
-        @steps = config['steps'] || 1
-
-        valid_stepsize?(0.01)
-        valid_tolerance?
-
-        @config = config
-      end
-
-      # call Method for Rack Middleware/Application
-      # @param [Hash] env [Rack Env Hash which contains headers etc..]
-      def call(env)
-        @request = Rack::Request.new(env)
-
-        if valid_request?
-          @app.call(env)
-        else
-          response = Rack::Response.new('Unauthorized', 401, 'Content-Type' => 'text/html')
-          response.finish
-        end
-      end
-
-      # checks for valid HMAC Request
-      # @return [boolean] ValidationStatus [If authorized returns true, else false]
-      def valid_request?
-        if @request.env['HTTP_AUTHORIZATION'].nil?
-          log(allowed_messages)
-
-          return false
-        end
-
-        if request_signature == @signature && allowed_messages.include?(request_message)
-          true
-        else
-          log(allowed_messages)
-
-          false
-        end
-      end
-
-      private
-
-      # Get request signature
-      def request_signature
-        @request.env['HTTP_AUTHORIZATION'].split(':').last
-      end
-
-      # Get encrypted request message
-      def request_message
-        @request.env['HTTP_AUTHORIZATION'].split(':').first
-      end
-
-      # Builds Array of allowed message hashs
-      # @return [Array] hash_array [allowed message hashes as array]
-      def allowed_messages
-        messages = []
-
-        @date = Time.now.to_i.freeze
-        (-(@tolerance)..@tolerance).step(@steps) do |i|
-          i = i.round(2)
-          messages << OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), @secret, message(i))
-        end
-
-        messages
-      end
-
-      # Get Message for current Request and delay
-      # @param [Fixnum] delay [delay in timestamp format]
-      # @return [Hash] message [message which will be encrypted]
-      def message(delay = 0)
-        date = @date + delay
-        date = date.to_i if delay.eql?(0.0)
-
-        # Print out Delay and Timestamp for each range step in development environment
-        puts "Delay: #{delay}, Timestamp: #{date}" if ENV['RACK_ENV'].eql?('development')
-
-        case @request.request_method
-        when 'GET'
-          return { 'method' => @request.request_method, 'date' => date, 'data' => request_data(@config) }.to_json
-        when 'POST'
-          return { 'method' => @request.request_method, 'date' => date, 'data' => request_data(@config) }.to_json
-        when 'DELETE'
-          return { 'method' => @request.request_method, 'date' => date, 'data' => request_data(@config) }.to_json
-        when 'PUT'
-          return { 'method' => @request.request_method, 'date' => date, 'data' => request_data(@config) }.to_json
-        when 'PATCH'
-          return { 'method' => @request.request_method, 'date' => date, 'data' => request_data(@config) }.to_json
-        end
-      end
-
-      # Get Request Data specified by Config
-      # @param [Hash] config [Config Hash containing what type of info is data for each request]
-      # @return [String|Hash] data [Data for each request]
-      def request_data(config)
-        if config[@request.request_method] == 'path' || config[@request.request_method] == 'params'
-          @request.send(config[@request.request_method].to_sym)
-        else
-          fail "Not a valid option #{config[@request.request_method]} - Use either params or path"
-        end
-      end
-
-      # Log to @logpath if request is unathorized
-      # Contains:
-      #   - allowed messages and received message
-      #   - time when request was made
-      #   - type of request
-      #   - requested path
-      def log(hash_array)
-        if @logpath
-          msg = "#{Time.new} - #{@request.request_method} #{@request.path} - 400 Unauthorized\n"
-          msg << "HTTP_AUTHORIZATION: #{@request.env['HTTP_AUTHORIZATION']}\n"
-          msg << "Auth Message Config: #{@config[@request.request_method]}\n"
-
-          if hash_array
-            msg << "Allowed Encrypted Messages:\n"
-            hash_array.each do |hash|
-              msg << "#{hash}\n"
-            end
-          end
-
-          msg << "Auth Signature: #{@signature}"
-
-          Rack::SimpleAuth::Logger.log(@logpath, ENV['RACK_ENV'], msg)
-        end
-      end
-
-      # Check if Stepsize is valid, if > min ensure stepsize is min stepsize
-      # @param [float] min [minimum allowed stepsize]
-      def valid_stepsize?(min)
-        if @steps < min
-          fail "Minimum allowed stepsize is #{min}"
-        end
-      end
-
-      # Check if tolerance is valid, tolerance must be greater than stepsize
-      def valid_tolerance?
-        if @tolerance < @steps
-          fail "Tolerance must be greater than stepsize - Tolerance: #{@tolerance}, Stepsize: #{@steps}"
-        end
-      end
-    end # HMAC
-  end # SimpleAuth
-end # Rack

data/test/config.ru

@@ -1,18 +0,0 @@
-require 'rack/lobster'
-require 'rack/simple_auth'
-
-config = {
-  'GET' => 'path',
-  'POST' => 'params',
-  'DELETE' => 'path',
-  'PUT' => 'path',
-  'PATCH' => 'path',
-  'tolerance' => 0.5,
-  'signature' => 'test_signature',
-  'secret' => 'test_secret',
-  'logpath' => "#{File.expand_path('..', __FILE__)}/logs",
-  'steps' => 0.01
-}
-
-use Rack::SimpleAuth::HMAC, config
-run Rack::Lobster.new

data/test/config_fail.ru

@@ -1,15 +0,0 @@
-require 'rack/lobster'
-require 'rack/simple_auth'
-
-config = {
-  'GET' => 'pathasdf',
-  'POST' => 'paramas',
-  'DELETE' => 'path',
-  'PUT' => 'path',
-  'PATCH' => 'path',
-  'signature' => 'test_signature',
-  'secret' => 'test_secret'
-}
-
-use Rack::SimpleAuth::HMAC, config
-run Rack::Lobster.new

data/test/config_fail_step.ru

@@ -1,17 +0,0 @@
-require 'rack/lobster'
-require 'rack/simple_auth'
-
-config = {
-  'GET' => 'path',
-  'POST' => 'params',
-  'DELETE' => 'path',
-  'PUT' => 'path',
-  'PATCH' => 'path',
-  'signature' => 'test_signature',
-  'secret' => 'test_secret',
-  'steps' => 0.0001,
-  'tolerance' => 1
-}
-
-use Rack::SimpleAuth::HMAC, config
-run Rack::Lobster.new

data/test/config_fail_tolerance.ru

@@ -1,17 +0,0 @@
-require 'rack/lobster'
-require 'rack/simple_auth'
-
-config = {
-  'GET' => 'path',
-  'POST' => 'params',
-  'DELETE' => 'path',
-  'PUT' => 'path',
-  'PATCH' => 'path',
-  'signature' => 'test_signature',
-  'secret' => 'test_secret',
-  'steps' => 0.5,
-  'tolerance' => 0.3
-}
-
-use Rack::SimpleAuth::HMAC, config
-run Rack::Lobster.new