shared-secret-authentication 0.1.5 → 0.1.6

data/README.rdoc

@@ -1,6 +1,37 @@
 = shared-secret-authentication
 
-Description goes here.
+The shared secret authentication gem's purpose it to authenticate the communication
+between to web services using a shared secret. While there are many means to accomplish
+this the currently implemented approach is to secure the parameters that are passed
+between the two applications. The parameters are secured by sending the SHA2
+signature of the parameters plus the shared secret along with the request.
+The receiving application can then check the signature and if it matches it knows
+that the request is not only came from an authorized application but that the
+parameters have not been tampered with either.
+
+== Setup
+
+Besides installing the shared-secret-authentication gem the only other required setup
+is a shared_secret.yml file in the config directory (relative to the root of the
+project).  The yaml file should look like this:
+
+shared_secret : your_shared_secret
+
+Once this file is in place you are ready to go.
+
+== Usage
+
+To sign a hash simply call <tt>SharedSecretAuthentication.sign_hash(hash)</tt>
+(hash is the hash you want to sign) and a key of 'signature' with a value of the
+checksum will be added to the hash.  Please note this changes the originally passed
+in hash.
+
+On the other side use <tt>SharedSecretAuthentication.hash_signature_correct?(hash)</tt>
+(hash is the hash you want to check the signature of).  True or false is returned if
+the checksum in 'signature' matches the checksum that is calculated locally.
+If the passed in hash does not have a key of 'signature' an exception is raised.
+Also the 'signature' key is deleted during this process.
+
 
 == Note on Patches/Pull Requests
  

data/VERSION

@@ -1 +1 @@
-0.1.5
+0.1.6

data/lib/shared-secret-authentication/hash_signatures.rb

@@ -20,7 +20,11 @@ module SharedSecretAuthentication
       if value.instance_of? Hash
         value = value.collect {|k,v| 
           if v.respond_to? :strftime
-            k.to_s + v.strftime('%a %b %m %H:%M:%S %Y')
+            if v.respond_to? :utc
+              k.to_s + v.utc.strftime('%a %b %m %H:%M:%S %Y')
+            else
+              k.to_s + v.strftime('%a %b %m %H:%M:%S %Y')
+            end
           else
             k.to_s + v.to_s
           end

data/shared-secret-authentication.gemspec

@@ -1,53 +1,51 @@
 # Generated by jeweler
 # DO NOT EDIT THIS FILE DIRECTLY
-# Instead, edit Jeweler::Tasks in Rakefile, and run the gemspec command
+# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
 # -*- encoding: utf-8 -*-
 
 Gem::Specification.new do |s|
   s.name = %q{shared-secret-authentication}
-  s.version = "0.1.5"
+  s.version = "0.1.6"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Josh Moore"]
-  s.date = %q{2010-11-16}
+  s.date = %q{2011-01-20}
   s.description = %q{helper methods to make shared secret authentication easier}
   s.email = %q{joshsmoore@gmail.com}
   s.extra_rdoc_files = [
     "LICENSE",
-     "README.rdoc"
+    "README.rdoc"
   ]
   s.files = [
     ".document",
-     ".gitignore",
-     "LICENSE",
-     "README.rdoc",
-     "Rakefile",
-     "VERSION",
-     "config/shared_secret.yml",
-     "lib/shared-secret-authentication.rb",
-     "lib/shared-secret-authentication/generator.rb",
-     "lib/shared-secret-authentication/hash_signatures.rb",
-     "lib/shared-secret-authentication/load_secret.rb",
-     "shared-secret-authentication.gemspec",
-     "spec/shared-secret-authentication/generator_spec.rb",
-     "spec/shared-secret-authentication/hash_signatures_spec.rb",
-     "spec/shared-secret-authentication/load_secret_spec.rb",
-     "spec/shared-secret-authentication_spec.rb",
-     "spec/spec.opts",
-     "spec/spec_helper.rb",
-     "watchr.rb"
+    "LICENSE",
+    "README.rdoc",
+    "Rakefile",
+    "VERSION",
+    "config/shared_secret.yml",
+    "lib/shared-secret-authentication.rb",
+    "lib/shared-secret-authentication/generator.rb",
+    "lib/shared-secret-authentication/hash_signatures.rb",
+    "lib/shared-secret-authentication/load_secret.rb",
+    "shared-secret-authentication.gemspec",
+    "spec/shared-secret-authentication/generator_spec.rb",
+    "spec/shared-secret-authentication/hash_signatures_spec.rb",
+    "spec/shared-secret-authentication/load_secret_spec.rb",
+    "spec/shared-secret-authentication_spec.rb",
+    "spec/spec.opts",
+    "spec/spec_helper.rb",
+    "watchr.rb"
   ]
   s.homepage = %q{http://github.com/joshsmoore@gmail.com/shared-secret-authentication}
-  s.rdoc_options = ["--charset=UTF-8"]
   s.require_paths = ["lib"]
   s.rubygems_version = %q{1.3.7}
   s.summary = %q{helper methods to make shared secret authentication easier}
   s.test_files = [
     "spec/shared-secret-authentication/generator_spec.rb",
-     "spec/shared-secret-authentication/hash_signatures_spec.rb",
-     "spec/shared-secret-authentication/load_secret_spec.rb",
-     "spec/shared-secret-authentication_spec.rb",
-     "spec/spec_helper.rb"
+    "spec/shared-secret-authentication/hash_signatures_spec.rb",
+    "spec/shared-secret-authentication/load_secret_spec.rb",
+    "spec/shared-secret-authentication_spec.rb",
+    "spec/spec_helper.rb"
   ]
 
   if s.respond_to? :specification_version then

data/spec/shared-secret-authentication/hash_signatures_spec.rb

@@ -48,16 +48,18 @@ describe SharedSecretAuthentication do
       SharedSecretAuthentication.hash_signature('test' => 'me').should == '95f5e1e8bc0f836d233fd108393d56f3c5532830c3fc29f54bd3a208de9699fd'
     end
 
-
     it 'should not matter what order the hash is defined it it should produce the same signature' do
       SharedSecretAuthentication.hash_signature({'test' => 'me', 'different' => 'order', '1' => '2'}).should == SharedSecretAuthentication.hash_signature({'1' => '2', 'different' => 'order', 'test' => 'me'})
     end
 
-
     it 'should work for hash keys that are symbols' do
       SharedSecretAuthentication.hash_signature(:test => 'me', :key => 'test').should == 'b1a4b3df933590f973f07e6f0a391e95a8423e7b5250973f24e3174d60e8a1ac'
     end
 
+    it 'should work if the hash is signed in a different time zone' do
+      SharedSecretAuthentication.hash_signature_correct?({'visits' => {'visit_date' => Time.parse('2010-06-04T16:48:46Z'), 'mysql_id' => 1}, 'signature' => "d461a73c904fe4cd55b0eaa7212a89973f3126067bccf97775767575a26a148f"}).should be_true
+    end
+
     context 'edge cases' do
       it 'should produce the same signature for both hashes' do
         hash1 = {"practices"=>{"name"=>"Body Image Physical Therapy & Fitness P.C.", "mysql_updated_at"=>Time.parse("Thu, 03 Jun 2010 19:15:03 UTC +00:00"), "mysql_id"=>79}}

data/spec/spec_helper.rb

@@ -6,6 +6,7 @@ $LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
 require 'shared-secret-authentication'
 require 'rspec'
 require 'rspec/autorun'
+require 'time'
 
 
 RSpec.configure do |config|

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: shared-secret-authentication
 version: !ruby/object:Gem::Version 
-  hash: 17
+  hash: 23
   prerelease: false
   segments: 
   - 0
   - 1
-  - 5
-  version: 0.1.5
+  - 6
+  version: 0.1.6
 platform: ruby
 authors: 
 - Josh Moore
@@ -15,7 +15,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2010-11-16 00:00:00 +08:00
+date: 2011-01-20 00:00:00 -10:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -45,7 +45,6 @@ extra_rdoc_files:
 - README.rdoc
 files: 
 - .document
-- .gitignore
 - LICENSE
 - README.rdoc
 - Rakefile
@@ -68,8 +67,8 @@ homepage: http://github.com/joshsmoore@gmail.com/shared-secret-authentication
 licenses: []
 
 post_install_message: 
-rdoc_options: 
-- --charset=UTF-8
+rdoc_options: []
+
 require_paths: 
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement 

data/.gitignore

@@ -1,23 +0,0 @@
-## MAC OS
-.DS_Store
-
-## TEXTMATE
-*.tmproj
-tmtags
-
-.idea
-
-## EMACS
-*~
-\#*
-.\#*
-
-## VIM
-*.swp
-
-## PROJECT::GENERAL
-coverage
-rdoc
-pkg
-
-## PROJECT::SPECIFIC