shared-secret-authentication 0.1.0

data/.document

@@ -0,0 +1,5 @@
+README.rdoc
+lib/**/*.rb
+bin/*
+features/**/*.feature
+LICENSE

data/.gitignore

@@ -0,0 +1,21 @@
+## MAC OS
+.DS_Store
+
+## TEXTMATE
+*.tmproj
+tmtags
+
+## EMACS
+*~
+\#*
+.\#*
+
+## VIM
+*.swp
+
+## PROJECT::GENERAL
+coverage
+rdoc
+pkg
+
+## PROJECT::SPECIFIC

data/LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2009 Josh Moore
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.rdoc

@@ -0,0 +1,17 @@
+= shared-secret-authentication
+
+Description goes here.
+
+== Note on Patches/Pull Requests
+ 
+* Fork the project.
+* Make your feature addition or bug fix.
+* Add tests for it. This is important so I don't break it in a
+  future version unintentionally.
+* Commit, do not mess with rakefile, version, or history.
+  (if you want to have your own version, that is fine but bump version in a commit by itself I can ignore when I pull)
+* Send me a pull request. Bonus points for topic branches.
+
+== Copyright
+
+Copyright (c) 2010 Josh Moore. See LICENSE for details.

data/Rakefile

@@ -0,0 +1,45 @@
+require 'rubygems'
+require 'rake'
+
+begin
+  require 'jeweler'
+  Jeweler::Tasks.new do |gem|
+    gem.name = "shared-secret-authentication"
+    gem.summary = %Q{helper methods to make shared secret authentication easier}
+    gem.description = %Q{helper methods to make shared secret authentication easier}
+    gem.email = "joshsmoore@gmail.com"
+    gem.homepage = "http://github.com/joshsmoore@gmail.com/shared-secret-authentication"
+    gem.authors = ["Josh Moore"]
+    gem.add_development_dependency "rspec", ">= 1.2.9"
+    # gem is a Gem::Specification... see http://www.rubygems.org/read/chapter/20 for additional settings
+  end
+  Jeweler::GemcutterTasks.new
+rescue LoadError
+  puts "Jeweler (or a dependency) not available. Install it with: gem install jeweler"
+end
+
+require 'spec/rake/spectask'
+Spec::Rake::SpecTask.new(:spec) do |spec|
+  spec.libs << 'lib' << 'spec'
+  spec.spec_files = FileList['spec/**/*_spec.rb']
+end
+
+Spec::Rake::SpecTask.new(:rcov) do |spec|
+  spec.libs << 'lib' << 'spec'
+  spec.pattern = 'spec/**/*_spec.rb'
+  spec.rcov = true
+end
+
+task :spec => :check_dependencies
+
+task :default => :spec
+
+require 'rake/rdoctask'
+Rake::RDocTask.new do |rdoc|
+  version = File.exist?('VERSION') ? File.read('VERSION') : ""
+
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title = "shared-secret-authentication #{version}"
+  rdoc.rdoc_files.include('README*')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end

data/VERSION

@@ -0,0 +1 @@
+0.1.0

data/lib/shared-secret-authentication.rb

@@ -0,0 +1,7 @@
+require 'yaml'
+require 'digest'
+
+Dir['lib/shared-secret-authentication/*.rb'].each do |file|
+  require file
+end
+

data/lib/shared-secret-authentication/hash_signitures.rb

@@ -0,0 +1,24 @@
+module SharedSecretAuthentication
+  extend self
+
+  def self.sign_hash(hash)
+    hash.merge('signature' => hash_signature(hash))
+  end
+
+  def self.hash_signature_correct?(hash)
+    raise ArgumentError.new("hash must be signed (have a key of 'signature')") unless expected_signature = hash.delete('signature')
+    
+    hash_signature(hash) == expected_signature
+  end
+
+  def self.hash_signature(hash)
+    d = Digest::SHA2.new
+    string_keys = hash.keys.inject({}) {|keys, key| keys.merge!(key.to_s => key) }
+    string_keys.keys.sort.each do |key|
+      d.update key
+      d.update hash[string_keys[key]].to_s
+    end
+    d.update SHARED_SECRET
+    d.to_s
+  end
+end

data/lib/shared-secret-authentication/load_secret.rb

@@ -0,0 +1,5 @@
+require 'yaml'
+
+puts File.new('config/shared_secret.yml').read
+puts YAML.load(File.new('config/shared_secret.yml')).inspect
+SHARED_SECRET = YAML.load(File.new('config/shared_secret.yml'))

data/spec/shared-secret-authentication/hash_signitures_spec.rb

@@ -0,0 +1,55 @@
+require 'spec/spec_helper'
+
+describe SharedSecretAuthentication do
+  before(:all) do
+    Object.const_set(:SHARED_SECRET, 'test')
+  end
+  describe '.sign_hash' do
+    it 'should respond to sign_hash' do
+      SharedSecretAuthentication.should respond_to :sign_hash
+    end
+
+    it 'should add a "signature" key to the hash ' do
+      SharedSecretAuthentication.sign_hash({'test' => 'me'}).keys.should include 'signature'
+    end
+    
+    it 'should assign the signature of the hash plus the shared string and make this the value of signature' do
+      SharedSecretAuthentication.sign_hash('test' => 'me')['signature'].should == '95f5e1e8bc0f836d233fd108393d56f3c5532830c3fc29f54bd3a208de9699fd'
+    end
+  end
+
+  describe '.check_hash_signature' do
+    it 'should respond to check_hash_signature' do
+      SharedSecretAuthentication.should respond_to :hash_signature_correct?
+    end
+
+    it 'should raise an arguemtn error if the hash is not signed' do
+      lambda {SharedSecretAuthentication.hash_signature_correct?({})}.should raise_error ArgumentError
+    end
+
+
+    it 'should return true if the signature matches the expected signature' do
+      SharedSecretAuthentication.hash_signature_correct?({'test' => 'me', 'signature' => '95f5e1e8bc0f836d233fd108393d56f3c5532830c3fc29f54bd3a208de9699fd'}).should be_true
+    end
+
+    it 'should return false if the signatures do not match' do
+      SharedSecretAuthentication.hash_signature_correct?({'test' => 'me', 'signature' => '95f5e1e8bc0f836d233fd108393d56f3c5532830c3fc29f54bd3a200de9699fd'}).should be_false
+    end
+  end
+
+  describe '.hash_signature' do
+    it 'should calculate the checksum of the hash plus the shared string and make this the value of signature' do
+      SharedSecretAuthentication.hash_signature('test' => 'me').should == '95f5e1e8bc0f836d233fd108393d56f3c5532830c3fc29f54bd3a208de9699fd'
+    end
+
+
+    it 'should not matter what order the hash is defined it it should produce the same signature' do
+      SharedSecretAuthentication.hash_signature({'test' => 'me', 'different' => 'order', '1' => '2'}).should == SharedSecretAuthentication.hash_signature({'1' => '2', 'different' => 'order', 'test' => 'me'})
+    end
+
+    it 'should work for hash keys that are symbols' do
+      SharedSecretAuthentication.hash_signature(:test => 'me', :key => 'test').should == 'b1a4b3df933590f973f07e6f0a391e95a8423e7b5250973f24e3174d60e8a1ac'
+    end
+
+  end
+end

data/spec/shared-secret-authentication/load_secret_spec.rb

@@ -0,0 +1,19 @@
+require 'spec/spec_helper'
+
+describe 'load shared secret' do
+  it 'should declare a constant SHARED_SECRET' do
+    File.stub!(:new)
+    Object.const_defined?(:SHARED_SECRET).should be_true
+  end
+
+  it 'should load the shared_secret from config/shared_secret.yml' do
+    puts 'starting test'
+    file = StringIO.new(":shared_secret : my_shared_secret")
+    File.stub!(:new).and_return(file)
+
+    require 'lib/shared-secret-authentication/load_secret'
+    #file.should_receive(:read).once.and_return(file.read)
+
+    SHARED_SECRET.should == 'my_shared_secret'
+  end
+end

data/spec/shared-secret-authentication_spec.rb

@@ -0,0 +1,7 @@
+require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
+
+describe "SharedSecretAuthentication" do
+  it "fails" do
+    fail "hey buddy, you should probably rename this file and start specing for real"
+  end
+end

data/spec/spec.opts

@@ -0,0 +1 @@
+--color

data/spec/spec_helper.rb

@@ -0,0 +1,9 @@
+$LOAD_PATH.unshift(File.dirname(__FILE__))
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+require 'shared-secret-authentication'
+require 'spec'
+require 'spec/autorun'
+
+Spec::Runner.configure do |config|
+  
+end

data/watchr.rb

@@ -0,0 +1,36 @@
+puts "\n### Watching specs and features ... ###\n"
+
+#def cmd() 'bundle exec spec -O spec/spec.opts '; end
+def cmd() 'spec -O spec/spec.opts '; end
+ 
+def run_all_specs
+  system(cmd + 'spec/')
+end
+ 
+def run_spec(spec)
+  puts "Running #{spec}"
+  system(cmd + spec)
+  puts
+end
+
+
+def run_all_features
+  puts 'Running all features'
+  system 'rake cucumber'
+end
+ 
+watch('^spec/.*_spec\.rb') {|md| run_spec(md[0]) }
+watch('spec/spec_helper.rb') {|md| run_all_specs }
+watch('^lib/ruport/(.*)\.rb') {|md| run_spec("spec/lib/ruport/#{md[1]}_spec.rb")} 
+watch('^lib/(.*)\.rb') {|md| run_spec("spec/#{md[1]}_spec.rb")}
+
+# Ctrl-\
+Signal.trap('QUIT') do
+ puts "\n### Running all specs and features ###\n"
+ run_all_specs
+ run_all_features
+ puts
+end
+       
+# Ctrl-C
+Signal.trap('INT') { abort("\n") }

metadata

@@ -0,0 +1,101 @@
+--- !ruby/object:Gem::Specification 
+name: shared-secret-authentication
+version: !ruby/object:Gem::Version 
+  hash: 27
+  prerelease: false
+  segments: 
+  - 0
+  - 1
+  - 0
+  version: 0.1.0
+platform: ruby
+authors: 
+- Josh Moore
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2010-10-29 00:00:00 +08:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: rspec
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 13
+        segments: 
+        - 1
+        - 2
+        - 9
+        version: 1.2.9
+  type: :development
+  version_requirements: *id001
+description: helper methods to make shared secret authentication easier
+email: joshsmoore@gmail.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- LICENSE
+- README.rdoc
+files: 
+- .document
+- .gitignore
+- LICENSE
+- README.rdoc
+- Rakefile
+- VERSION
+- config/shared_secret.yml
+- lib/shared-secret-authentication.rb
+- lib/shared-secret-authentication/hash_signitures.rb
+- lib/shared-secret-authentication/load_secret.rb
+- spec/shared-secret-authentication/hash_signitures_spec.rb
+- spec/shared-secret-authentication/load_secret_spec.rb
+- spec/shared-secret-authentication_spec.rb
+- spec/spec.opts
+- spec/spec_helper.rb
+- watchr.rb
+has_rdoc: true
+homepage: http://github.com/joshsmoore@gmail.com/shared-secret-authentication
+licenses: []
+
+post_install_message: 
+rdoc_options: 
+- --charset=UTF-8
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.3.7
+signing_key: 
+specification_version: 3
+summary: helper methods to make shared secret authentication easier
+test_files: 
+- spec/shared-secret-authentication/hash_signitures_spec.rb
+- spec/shared-secret-authentication/load_secret_spec.rb
+- spec/shared-secret-authentication_spec.rb
+- spec/spec_helper.rb