RubyGems - signauth - Versions diffs - 0.0.3 → 0.1.0 - Mend

signauth 0.0.3 → 0.1.0

Files changed (11) hide show

data/README.md +1 -37
data/lib/signauth/errors.rb +2 -0
data/lib/signauth/request.rb +9 -11
data/lib/signauth/signature/base.rb +56 -0
data/lib/signauth/signature/version_0.rb +36 -0
data/lib/signauth/signature/version_1.rb +16 -32
data/lib/signauth/signature/version_2.rb +3 -21
data/lib/signauth/signature.rb +2 -0
data/lib/signauth/signer.rb +7 -0
data/lib/signauth/version.rb +1 -1
metadata +6 -4

data/README.md CHANGED Viewed

@@ -18,43 +18,7 @@ Or install it yourself as:
 ## Examples
-Client example
-```ruby
-credentials = Signauth::Credentials.new('my_key', 'my_secret')
-http_method = "GET"
-host        = "localhost"
-path        = "/action"
-params      = { "some" => "param" }
-sig_version = 1
-req = Signauth::Request.new( http_method, host, path, params, sig_version)
-req.add_authorization!(credentials)
-p req.params # => {"some"=>"param", "access_key_id"=>"my_key", "signature_version"=>"1", "signature_method"=>"HMAC-SHA-256", "signature"=>"7JNcJhJuzcUAGj6azz2wslmqnVomhDIFXZzpXZR1nkI="}
-HTTParty.get('http://localhost/action', { :query => req.params })
-```
-Server example (rails)
-```ruby
-request; # ActionController::Request object
-begin
-  access_key_id = request.query_parameters['access_key_id']
-  credentials   = Signauth::Credentials.new(access_key_id, lookup_secret(access_key_id))
-  req = Signauth::Request.new(
-          request.request_method,
-          request.domain,
-          request.path,
-          request.query_parameters)
-  req.authenticate(credentials)
-rescue => e
-  render :status => :unauthorized, :text => "401 UNAUTHORIZED: #{e.message}\n"
-end
-```
+[Examples](https://github.com/arukoh/signauth/wiki/Examples)
 ## Contributing

data/lib/signauth/errors.rb CHANGED Viewed

@@ -1,5 +1,7 @@
 module Signauth
   module Errors
+    class MissingSecurityHeader < StandardError; end
+    class MissingAccessKeyId < StandardError; end
     class SignatureDoesNotMatch < StandardError; end
     class InvalidTimestamp < StandardError; end
     class RequestTimeTooSkewed < StandardError; end

data/lib/signauth/request.rb CHANGED Viewed

@@ -1,18 +1,16 @@
 module Signauth
   class Request
-    attr_reader :method
-    attr_reader :host
-    attr_reader :path
-    attr_reader :params
+    attr_accessor :method
+    attr_accessor :host
+    attr_accessor :path
+    attr_accessor :params
+    attr_accessor :headers
-    def initialize(method, host, path, params, signature_version = 1)
-      sig_version = params['signature_version'] ||= signature_version
-      extend(Signature.const_get("Version#{sig_version}"))
-      @method = method
-      @host   = host
-      @path   = path
-      @params = params.dup
+    def initialize(signature_version = 0)
+      extend(Signature.const_get("Version#{signature_version}"))
+      @params  = {}
+      @headers = {}
     end
   end

data/lib/signauth/signature/base.rb ADDED Viewed

@@ -0,0 +1,56 @@
+module Signauth
+  module Signature
+    module Base
+      protected
+      ISO8601 = "%Y-%m-%dT%H:%M:%SZ" #http://www.w3.org/TR/NOTE-datetime
+      def algorhyzhm
+        'HMAC-SHA-256'
+      end
+      def signature(credentials)
+        Signer.sign(credentials.secret_access_key, string_to_sign, algorhyzhm)
+      end
+      def string_to_sign
+        [
+          method.to_s.upcase,
+          host.to_s.downcase,
+          path.to_s,
+          params.sort.collect { |n, v| encoded(n, v) }.join('&'),
+        ].join("\n")
+      end
+      def encoded(name, value)
+        "#{URI.escape(name)}=#{URI.escape(value)}"
+      end
+      def validate_timestamp(timestamp, skew)
+        begin
+          time = Time.iso8601(timestamp)
+        rescue => e
+          raise Errors::InvalidTimestamp, "#{e.class}-#{e.message}"
+        end
+        current_time = Time.now
+        if (time.to_i - current_time.to_i).abs >= skew
+          raise Errors::RequestTimeTooSkewed,
+            "Timestamp expired: Given timestamp (#{timestamp}) "\
+            "not within #{skew}s of server time (#{current_time.utc.strftime(ISO8601)})"
+        end
+        true
+      end
+      def validate_signature(given, computed)
+        unless Signer.slow_string_comparison(given, computed)
+          raise Errors::SignatureDoesNotMatch,
+            "Invalid signature: should have sent "\
+            "Base64(#{algorhyzhm}(secret, #{string_to_sign.inspect}))"\
+            ", but given #{given}"
+        end
+      end
+    end
+  end
+end

data/lib/signauth/signature/version_0.rb ADDED Viewed

@@ -0,0 +1,36 @@
+module Signauth
+  module Signature
+    module Version0
+      include Base
+      def add_authorization!(credentials, scheme = 'signauth')
+        access_key_id = credentials.access_key_id
+        signature     = signature(credentials)
+        headers['Authorization'] = authorization(scheme, access_key_id, signature)
+      end
+      def authenticate(&block)
+        raise ArgumentError, "Block required" unless block_given?
+        scheme, access_key_id, given = authorization_parts
+        raise Errors::MissingSecurityHeader if scheme.nil? || access_key_id.nil? || given.nil?
+        credentials = yield(access_key_id)
+        validate_signature(given, signature(credentials))
+        true
+      end
+      private
+      def authorization(scheme, access_key_id, signature)
+        "#{scheme} #{access_key_id}:#{signature}"
+      end
+      def authorization_parts
+        headers['Authorization'].match(/^(\S+) (\S+):(\S+)/)[1, 3]
+      end
+    end
+  end
+end

data/lib/signauth/signature/version_1.rb CHANGED Viewed

@@ -1,28 +1,32 @@
 module Signauth
   module Signature
     module Version1
+      include Base
       def add_authorization!(credentials)
         params['access_key_id']     = credentials.access_key_id
         params['signature_version'] = version
-        params['signature_method']  = 'HMAC-SHA-256'
+        params['signature_method']  ||= 'HMAC-SHA-256'
         params.delete('signature')
         params['signature'] = signature(credentials)
         params
       end
-      def authenticate(credentials)
-        given    = params.delete('signature')
-        computed = signature(credentials)
-        unless slow_string_comparison(given, computed)
-          raise Errors::SignatureDoesNotMatch,
-            "Invalid signature: should have sent Base64(HmacSHA256(secret, #{string_to_sign.inspect}))"\
-            ", but given #{given}"
+      def authenticate(&block)
+        raise ArgumentError, "Block required" unless block_given?
+        access_key_id = params['access_key_id']
+        raise Erros::MissingAccessKeyId, 'must provide access_key_id parameter' if access_key_id.nil?
+        credentials = yield(access_key_id)
+        begin
+          given = params.delete('signature')
+          validate_signature(given, signature(credentials))
+        ensure
+          params['signature'] = given
         end
         true
-      ensure
-        params['signature'] = given
       end
       protected
@@ -31,28 +35,8 @@ module Signauth
         "1"
       end
-      def signature(credentials)
-        Signer.sign(credentials.secret_access_key, string_to_sign, params['signature_method'])
-      end
-      def string_to_sign
-        [
-          method.to_s.upcase,
-          host.to_s.downcase,
-          path.to_s,
-          params.sort.collect { |n, v| encoded(n, v) }.join('&'),
-        ].join("\n")
-      end
-      def encoded(name, value)
-        "#{URI.escape(name)}=#{URI.escape(value)}"
-      end
-      def slow_string_comparison(given, computed)
-        return false if given.nil? || computed.nil? || given.length != computed.length
-        match = true
-        computed.chars.each_with_index{|c, i| match &= c == given[i] }
-        match
+      def algorhyzhm
+        params['signature_method']
       end
     end

data/lib/signauth/signature/version_2.rb CHANGED Viewed

@@ -4,18 +4,15 @@ module Signauth
   module Signature
     module Version2
       include Version1
-      #http://www.w3.org/TR/NOTE-datetime
-      ISO8601 = "%Y-%m-%dT%H:%M:%SZ"
       def add_authorization!(credentials)
         params['timestamp'] = Time.now.utc.strftime(ISO8601)
         super
       end
-      def authenticate(credentials, skew = 15*60)
-        validate_timestamp(skew)
-        super(credentials)
+      def authenticate(skew = 15*60, &block)
+        validate_timestamp(params['timestamp'], skew)
+        super(&block)
       end
       protected
@@ -24,21 +21,6 @@ module Signauth
         "2"
       end
-      def validate_timestamp(skew)
-        begin
-          timestamp = Time.iso8601(params['timestamp'])
-        rescue => e
-          raise Errors::InvalidTimestamp, "#{e.class}-#{e.message}"
-        end
-        if (timestamp.to_i - Time.now.to_i).abs >= skew
-          raise Errors::RequestTimeTooSkewed,
-            "Timestamp expired: Given timestamp (#{timestamp.utc.strftime(ISO8601)}) "\
-            "not within #{skew}s of server time (#{Time.now.utc.strftime(ISO8601)})"
-        end
-        true
-      end
     end
   end
 end

data/lib/signauth/signature.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+require "signauth/signature/base"
+require "signauth/signature/version_0"
 require "signauth/signature/version_1"
 require "signauth/signature/version_2"

data/lib/signauth/signer.rb CHANGED Viewed

@@ -14,6 +14,13 @@ module Signauth
       OpenSSL::HMAC.digest(OpenSSL::Digest::Digest.new(digest), key, value)
     end
+    def slow_string_comparison(given, computed)
+      return false if given.nil? || computed.nil? || given.length != computed.length
+      match = true
+      computed.chars.each_with_index{|c, i| match &= c == given[i] }
+      match
+    end
     private
     def digest_name(algorithm)

data/lib/signauth/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module Signauth
-  VERSION = "0.0.3"
+  VERSION = "0.1.0"
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: signauth
 version: !ruby/object:Gem::Version
-  version: 0.0.3
+  version: 0.1.0
   prerelease:
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2012-10-24 00:00:00.000000000 Z
+date: 2012-10-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
@@ -61,6 +61,8 @@ files:
 - lib/signauth/errors.rb
 - lib/signauth/request.rb
 - lib/signauth/signature.rb
+- lib/signauth/signature/base.rb
+- lib/signauth/signature/version_0.rb
 - lib/signauth/signature/version_1.rb
 - lib/signauth/signature/version_2.rb
 - lib/signauth/signer.rb
@@ -82,7 +84,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: -965159027
+      hash: 805445105
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements:
@@ -91,7 +93,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: -965159027
+      hash: 805445105
 requirements: []
 rubyforge_project:
 rubygems_version: 1.8.24