s2s-auth 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 30476f1d68de002751a1e5002c3f75f9fe4997e2
+  data.tar.gz: cae731a5d7b0c9db173f5d2d72e4df6c1d6d8ae7
+SHA512:
+  metadata.gz: c045d152483d4f1769250940ee61e8f2a98caaee76a0b8017091005287e6b65cab415472df79f11d84571e5dff066233a9a92676d740729c035e92b6b93e772e
+  data.tar.gz: 33bc93af12c8405feb4f37c328421a4ff22469c1a24dbe8638aeb50554424eb569b0d51cc21a4aba6878590d822ee5904bcc18b62f002f56c09d0a41befb3b40

data/.gitignore

@@ -0,0 +1,18 @@
+*.gem
+*.rbc
+.bundle
+.config
+coverage
+InstalledFiles
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp
+
+# YARD artifacts
+.yardoc
+_yardoc
+doc/

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in s2s-auth.gemspec
+gemspec

data/Gemfile.lock

@@ -0,0 +1,42 @@
+PATH
+  remote: .
+  specs:
+    s2s-auth (0.0.1)
+      activesupport (>= 3.0)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    activesupport (4.1.0.beta1)
+      i18n (~> 0.6, >= 0.6.9)
+      json (~> 1.7, >= 1.7.7)
+      minitest (~> 5.1)
+      thread_safe (~> 0.1)
+      tzinfo (~> 1.1)
+    atomic (1.1.14)
+    diff-lcs (1.2.5)
+    i18n (0.6.9)
+    json (1.7.7)
+    minitest (5.2.2)
+    rake (0.9.6)
+    rspec (2.14.1)
+      rspec-core (~> 2.14.0)
+      rspec-expectations (~> 2.14.0)
+      rspec-mocks (~> 2.14.0)
+    rspec-core (2.14.7)
+    rspec-expectations (2.14.5)
+      diff-lcs (>= 1.1.3, < 2.0)
+    rspec-mocks (2.14.5)
+    thread_safe (0.1.3)
+      atomic
+    tzinfo (1.1.0)
+      thread_safe (~> 0.1)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bundler (~> 1.5)
+  rake
+  rspec
+  s2s-auth!

data/LICENSE

@@ -0,0 +1,20 @@
+The MIT License (MIT)
+
+Copyright (c) 2014 Matt Aimonetti
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software is furnished to do so,
+subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2014 Matt Aimonetti
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,50 @@
+# S2S::Auth
+
+This gem creates a S2S authentication header to make S2S API requests.
+S2S header format: Bearer <token>
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 's2s-auth'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install s2s-auth
+
+## Usage
+
+You need to setup the gem by setting four values:
+
+* app name
+* secret
+* encryption salt
+* signature salt
+
+```ruby
+require "s2s/auth"
+
+# setup
+S2S::Auth.setup({secret: "this is my secret",
+    app: "test",
+    salt: "f7b5763636f4c1f3ff4bd444eacccca2",
+    sign_salt: "95d87b990cc104124017ad70550edcfd22b8e89465338254e0b608592a9aac29"
+})
+
+# generate http authorization header
+S2S::Auth.header
+# => {:Authorization=>"Bearer bUcweFFKcUpCcWxPQTczcjZTMm1yYkxBL3RDUFk1L2xKVVY4VjU2R1EwbkExTE00eUI0RkxmNzFwbWM4WS8waS0tQ1hiUWVMZ0FwVVZCOGVqQVc5cFJGQT09--afa1f7353e789cc8fc1a332b0c355fb07a7efb03"}
+
+# generate just the token
+S2S::Auth.generate_token
+# => "TWRsNE16ZzR3dG9qVjcwKzlEc1B4R0h4UGwyTHcyVTlRZ0szV0EybE1jV3R6VjF1WHpPSnNDcjRaRVdIeGFlYS0tT3FqQktYbmU2cVpvVzdTZzM3ditMdz09--09144f0202ef708622ac8d778cc062f5d62c22a3"
+
+# parse the token
+S2S::Auth.parse_token(S2S::Auth.generate_token)
+# => {"app"=>"test", "ts"=>"2014-02-11T06:33:39Z"}
+```

data/Rakefile

@@ -0,0 +1 @@
+require "bundler/gem_tasks"

data/lib/s2s/auth.rb

@@ -0,0 +1,93 @@
+require "s2s/auth/version"
+require "time"
+require "active_support/key_generator"
+require "active_support/message_verifier"
+require "active_support/message_encryptor"
+require "active_support/key_generator"
+require "json"
+
+module S2S
+  module Auth
+    module_function
+
+    @secret = nil
+    @salt = nil
+    @sign_salt = nil
+    @app_name = nil
+    @encryptor = nil
+
+    # Setups the S2S::Auth module.
+    #
+    # @arg [Hash] opts
+    # @raise [ArgumentError] if the passed option doesn't contain a
+    # secret.
+    # @return [Bool] true
+    def setup(opts={})
+      clear
+      @secret = opts[:secret] || opts["secret"]
+      @app_name = opts[:app] || opts["app"] 
+      @salt = opts[:salt] || opts["salt"]
+      @sign_salt = opts[:sign_salt] || opts["sign_salt"]
+      if [@secret, @app_name, @salt, @sign_salt].any?{|v| v.nil? || v.empty?}
+        raise ArgumentError.new("This module needs to be setup following keys: secret, app, salt, sign_salt")
+      end
+      @iterations = opts[:iterations] || opts["iterations"] || 1000
+      @serializer = opts[:serializer] || opts["serializer"] || JSON
+      keygen = ActiveSupport::CachingKeyGenerator.new(ActiveSupport::KeyGenerator.new(@secret, iterations: @iteration))
+      secret = keygen.generate_key(@salt)
+      sign_secret = keygen.generate_key(@sign_salt)
+      @encryptor = ActiveSupport::MessageEncryptor.new(secret, sign_secret, { serializer: @serializer } )
+      return true
+    end
+
+    # Clears the settings that were set during setup.
+    def clear
+      @secret = nil
+      @salt = nil
+      @sign_salt = nil
+      @app_name = nil
+      @iterations = nil
+      @encryptor = nil
+      @serializer = nil
+    end
+
+    # Returns the module's settings.
+    def settings
+      {
+        secret: @secret,
+        salt: @salt,
+        sign_salt: @sign_salt,
+        app_name: @app_name,
+        serializer: @serializer,
+        iterations: @iterations,
+        encryptor: @encryptor
+      }
+    end
+
+    # Returns a hash representing the auth header needed to be
+    # sent with the S2S request.
+    # Make sure to call #setup first.
+    #
+    # @return
+    def header
+      {Authorization: "Bearer #{generate_token}"}
+    end
+
+    # Generate an encypted and signed token.
+    # Tokens are time sensitive and usually expire in a few seconds.
+    def generate_token
+      if @app_name.nil? || @encryptor.nil?
+        raise ArgumentError.new("Can't generate a S2S header before setting up the class")
+      end
+      @encryptor.encrypt_and_sign({app: @app_name, ts: Time.now.utc.iso8601})
+    end
+
+    # Checks that a token is valid and return a hash with its content.
+    # Note that no logic is done to verify that the token is recent.
+    # @raise [ActiveSupport::MessageVerifier::InvalidSignature]
+    def parse_token(token)
+      @encryptor.decrypt_and_verify(token)
+    end
+
+  end
+end

data/lib/s2s/auth/version.rb

@@ -0,0 +1,5 @@
+module S2S
+  module Auth
+    VERSION = "0.0.1"
+  end
+end

data/s2s-auth.gemspec

@@ -0,0 +1,26 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 's2s/auth/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "s2s-auth"
+  spec.version       = S2S::Auth::VERSION
+  spec.authors       = ["Matt Aimonetti"]
+  spec.email         = ["mattaimonetti@gmail.com"]
+  spec.summary       = %q{S2S authentication lib based on ActiveSupport's crypto.}
+  spec.description   = %q{Generates/parses encrypted and signed tokens.}
+  spec.homepage      = ""
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files -z`.split("\x0")
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 1.5"
+  spec.add_development_dependency "rake"
+  spec.add_development_dependency "rspec"
+
+  spec.add_dependency "activesupport", ">= 3.0"
+end

data/spec/auth_spec.rb

@@ -0,0 +1,69 @@
+require 'spec_helper'
+
+describe S2S::Auth do
+  context "setup" do
+
+    it "complains if you don't pass a required keys" do
+      expect{ S2S::Auth.setup({})}.to raise_exception
+    end
+
+    it "sets values" do
+      S2S::Auth.setup({secret: "this is my secret",
+                       app: "test",
+                       salt: "f7b5763636f4c1f3ff4bd444eacccca2",
+                       sign_salt: "95d87b990cc104124017ad70550edcfd22b8e89465338254e0b608592a9aac29"
+      })
+
+      expect(S2S::Auth.settings[:app_name]).to eql("test")
+      expect(S2S::Auth.settings[:salt]).to eql("f7b5763636f4c1f3ff4bd444eacccca2")
+      expect(S2S::Auth.settings[:sign_salt]).to eql("95d87b990cc104124017ad70550edcfd22b8e89465338254e0b608592a9aac29")
+    end
+
+    it "sets an encryptor" do
+      expect(S2S::Auth.settings[:encryptor]).to_not be_nil
+    end
+
+  end
+
+  context "generate an auth header" do
+    before(:all) do
+      S2S::Auth.setup({secret: "this is my secret",
+                       app: "another_test",
+                       salt: "f7b5763636f4c1f3ff4bd444eacccca2",
+                       sign_salt: "95d87b990cc104124017ad70550edcfd22b8e89465338254e0b608592a9aac29"
+      })
+    end
+
+    it "can generate a header" do
+      header = S2S::Auth.header
+      expect(header.has_key?(:Authorization)).to be_true
+      expect(header[:Authorization]).to match(/Bearer\s.{162}/)
+    end
+
+    it "can generate a token that can be converted back" do
+      token = S2S::Auth.generate_token
+      expect(token.length).to eql(194)
+      crypt = S2S::Auth.settings[:encryptor]
+      data = crypt.decrypt_and_verify(token)
+      expect(data["app"]).to eql("another_test")
+      # check that the time matches by getting the amount of seconds
+      # since epoch.
+      expect(Time.parse(data["ts"]).to_i).to eql(Time.now.to_i)
+    end
+
+    it "can parse a valid token" do
+      token = S2S::Auth.generate_token
+      data = S2S::Auth.parse_token(token)
+      expect(data["app"]).to eql("another_test")
+      # check that the time matches by getting the amount of seconds
+      # since epoch.
+      expect(Time.parse(data["ts"]).to_i).to eql(Time.now.to_i)
+    end
+
+    it "fails to parse a bad token" do
+      token = "abFwNFBXSjhtRGZtZFJURzlvaG4zeTM1eTRMVVcvUmFjUFR4bWI0VjlSQUJuSWpGZWpFRjlHUnNxSWJWeENGNi0tKzgyMXRjeTU2TGJHL1pkSGlaUjBxZz09--454c07f2ae8dc744094128a6e68a02bc07dee003"
+      expect{ S2S::Auth.parse_token(token) }.to raise_exception(ActiveSupport::MessageVerifier::InvalidSignature)
+    end
+
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,2 @@
+require_relative "../lib/s2s/auth"
+require 'rspec/autorun'

metadata

@@ -0,0 +1,114 @@
+--- !ruby/object:Gem::Specification
+name: s2s-auth
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Matt Aimonetti
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2014-02-11 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.5'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.5'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '3.0'
+description: Generates/parses encrypted and signed tokens.
+email:
+- mattaimonetti@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- Gemfile
+- Gemfile.lock
+- LICENSE
+- LICENSE.txt
+- README.md
+- Rakefile
+- lib/s2s/auth.rb
+- lib/s2s/auth/version.rb
+- s2s-auth.gemspec
+- spec/auth_spec.rb
+- spec/spec_helper.rb
+homepage: ''
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.2.2
+signing_key: 
+specification_version: 4
+summary: S2S authentication lib based on ActiveSupport's crypto.
+test_files:
+- spec/auth_spec.rb
+- spec/spec_helper.rb