signed_request 1.0.3 → 1.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. data/CHANGELOG.markdown +4 -0
  2. data/Rakefile +1 -1
  3. data/VERSION +1 -1
  4. data/lib/signed_request.rb +7 -5
  5. data/signed_request.gemspec +5 -4
  6. data/spec/signed_request_spec.rb +15 -3
  7. metadata +14 -6
data/CHANGELOG.markdown ADDED
@@ -0,0 +1,4 @@
1
+ 1.0.4
2
+ -----
3
+ * Added the ability to pass an additional path to be signed as part of the
4
+ request.
data/Rakefile CHANGED
@@ -6,7 +6,7 @@ begin
6
6
  Jeweler::Tasks.new do |gem|
7
7
  gem.name = "signed_request"
8
8
  gem.summary = %Q{A simple gem that allows you to sign HTTP requests between two parties with a shared secret key.}
9
- gem.email = "dbalatero@evri.com"
9
+ gem.email = "dbalatero@gmail.com"
10
10
  gem.homepage = "http://github.com/dbalatero/signed_request"
11
11
  gem.authors = ["David Balatero"]
12
12
  gem.rubyforge_project = 'evrigems'
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.0.3
1
+ 1.0.4
data/lib/signed_request.rb CHANGED
@@ -3,10 +3,10 @@ require 'openssl'
3
3
  require 'openssl/digest'
4
4
 
5
5
  module SignedRequest
6
- STRIP_PARAMS = ['action', 'controller', 'format']
6
+ STRIP_PARAMS = ['action', 'controller', 'format']
7
7
 
8
8
  # Sign a request on the sending end.
9
- def self.sign(params, secret_key)
9
+ def self.sign(params, secret_key, options = {})
10
10
  params = params.dup
11
11
 
12
12
  # Flatten any sub-hashes to a single string.
@@ -17,18 +17,20 @@ module SignedRequest
17
17
  end
18
18
 
19
19
  query = params.sort_by { |k,v| k.to_s.downcase }
20
+ string_to_sign = options[:path].to_s + query.to_s
21
+
20
22
  digest = OpenSSL::Digest::Digest.new('sha1')
21
- hmac = OpenSSL::HMAC.digest(digest, secret_key, query.to_s)
23
+ hmac = OpenSSL::HMAC.digest(digest, secret_key, string_to_sign)
22
24
  encoded = Base64.encode64(hmac).chomp
23
25
  end
24
26
 
25
27
  # Validate an incoming request on the receiving end.
26
- def self.validate(params, secret_key)
28
+ def self.validate(params, secret_key, sign_options = {})
27
29
  signature = params.delete('signature') || params.delete(:signature)
28
30
  return false if !signature
29
31
 
30
32
  strip_keys_from!(params, *STRIP_PARAMS)
31
- actual_signature = sign(params, secret_key)
33
+ actual_signature = sign(params, secret_key, sign_options)
32
34
  actual_signature == signature
33
35
  end
34
36
 
data/signed_request.gemspec CHANGED
@@ -5,12 +5,12 @@
5
5
 
6
6
  Gem::Specification.new do |s|
7
7
  s.name = %q{signed_request}
8
- s.version = "1.0.3"
8
+ s.version = "1.0.4"
9
9
 
10
10
  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
11
11
  s.authors = ["David Balatero"]
12
- s.date = %q{2010-03-05}
13
- s.email = %q{dbalatero@evri.com}
12
+ s.date = %q{2010-07-12}
13
+ s.email = %q{dbalatero@gmail.com}
14
14
  s.extra_rdoc_files = [
15
15
  "LICENSE",
16
16
  "README.rdoc"
@@ -18,6 +18,7 @@ Gem::Specification.new do |s|
18
18
  s.files = [
19
19
  ".document",
20
20
  ".gitignore",
21
+ "CHANGELOG.markdown",
21
22
  "LICENSE",
22
23
  "README.rdoc",
23
24
  "Rakefile",
@@ -32,7 +33,7 @@ Gem::Specification.new do |s|
32
33
  s.rdoc_options = ["--charset=UTF-8"]
33
34
  s.require_paths = ["lib"]
34
35
  s.rubyforge_project = %q{evrigems}
35
- s.rubygems_version = %q{1.3.5}
36
+ s.rubygems_version = %q{1.3.6}
36
37
  s.summary = %q{A simple gem that allows you to sign HTTP requests between two parties with a shared secret key.}
37
38
  s.test_files = [
38
39
  "spec/signed_request_spec.rb",
data/spec/signed_request_spec.rb CHANGED
@@ -6,9 +6,21 @@ describe SignedRequest do
6
6
  end
7
7
 
8
8
  describe "sign" do
9
+ it "should sign the params and path and return the correct signed key as base64" do
10
+ params = {
11
+ "tokenID" => "N1CHGCG13NNB4JMVJN1Q1JXIKBQDO4DQ595NRSCTILAU47P7GA7JVQMMJNXRUJFM",
12
+ "callerReference" => "44441234567fdsa44",
13
+ "expiry" => "10/2014",
14
+ "status" => "SC"
15
+ }
16
+
17
+ result = SignedRequest.sign(params, @test_key, :path => '/v1/api/mypath')
18
+ result.should == "oT/QGLKMPAX3sI3hvFLAK5yyGE8="
19
+ end
20
+
9
21
  it "should sign the request and return the correct signed key as base64" do
10
22
  params = {
11
- "tokenID" => "N1CHGCG13NNB4JMVJN1Q1JXIKBQDO4DQ595NRSCTILAU47P7GA7JVQMMJNXRUJFM",
23
+ "tokenID" => "N1CHGCG13NNB4JMVJN1Q1JXIKBQDO4DQ595NRSCTILAU47P7GA7JVQMMJNXRUJFM",
12
24
  "callerReference" => "44441234567fdsa44",
13
25
  "expiry" => "10/2014",
14
26
  "status" => "SC"
@@ -56,7 +68,7 @@ describe SignedRequest do
56
68
 
57
69
  it "should return true given a correct request" do
58
70
  good_params = {
59
- "tokenID" => "N1CHGCG13NNB4JMVJN1Q1JXIKBQDO4DQ595NRSCTILAU47P7GA7JVQMMJNXRUJFM",
71
+ "tokenID" => "N1CHGCG13NNB4JMVJN1Q1JXIKBQDO4DQ595NRSCTILAU47P7GA7JVQMMJNXRUJFM",
60
72
  "callerReference" => "44441234567fdsa44",
61
73
  "action" => "amazon_return",
62
74
  "signature" => "uoOmSftU4gnUMK6Q1ylyGnr5hEw=",
@@ -70,7 +82,7 @@ describe SignedRequest do
70
82
 
71
83
  it "should return false if there is no signature given" do
72
84
  good_params_without_signature = {
73
- "tokenID" => "N1CHGCG13NNB4JMVJN1Q1JXIKBQDO4DQ595NRSCTILAU47P7GA7JVQMMJNXRUJFM",
85
+ "tokenID" => "N1CHGCG13NNB4JMVJN1Q1JXIKBQDO4DQ595NRSCTILAU47P7GA7JVQMMJNXRUJFM",
74
86
  "callerReference" => "44441234567fdsa44",
75
87
  "action" => "amazon_return",
76
88
  "controller" => "checkout",
metadata CHANGED
@@ -1,7 +1,12 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: signed_request
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.3
4
+ prerelease: false
5
+ segments:
6
+ - 1
7
+ - 0
8
+ - 4
9
+ version: 1.0.4
5
10
  platform: ruby
6
11
  authors:
7
12
  - David Balatero
@@ -9,12 +14,12 @@ autorequire:
9
14
  bindir: bin
10
15
  cert_chain: []
11
16
 
12
- date: 2010-03-05 00:00:00 -08:00
17
+ date: 2010-07-12 00:00:00 -07:00
13
18
  default_executable:
14
19
  dependencies: []
15
20
 
16
21
  description:
17
- email: dbalatero@evri.com
22
+ email: dbalatero@gmail.com
18
23
  executables: []
19
24
 
20
25
  extensions: []
@@ -25,6 +30,7 @@ extra_rdoc_files:
25
30
  files:
26
31
  - .document
27
32
  - .gitignore
33
+ - CHANGELOG.markdown
28
34
  - LICENSE
29
35
  - README.rdoc
30
36
  - Rakefile
@@ -47,18 +53,20 @@ required_ruby_version: !ruby/object:Gem::Requirement
47
53
  requirements:
48
54
  - - ">="
49
55
  - !ruby/object:Gem::Version
56
+ segments:
57
+ - 0
50
58
  version: "0"
51
- version:
52
59
  required_rubygems_version: !ruby/object:Gem::Requirement
53
60
  requirements:
54
61
  - - ">="
55
62
  - !ruby/object:Gem::Version
63
+ segments:
64
+ - 0
56
65
  version: "0"
57
- version:
58
66
  requirements: []
59
67
 
60
68
  rubyforge_project: evrigems
61
- rubygems_version: 1.3.5
69
+ rubygems_version: 1.3.6
62
70
  signing_key:
63
71
  specification_version: 3
64
72
  summary: A simple gem that allows you to sign HTTP requests between two parties with a shared secret key.