signed_request 1.0.0 → 1.0.2
Sign up to get free protection for your applications and to get access to all the features.
- data/README.rdoc +1 -1
- data/VERSION +1 -1
- data/lib/signed_request.rb +10 -1
- data/signed_request.gemspec +2 -2
- data/spec/signed_request_spec.rb +16 -1
- metadata +2 -2
data/README.rdoc
CHANGED
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
1.0.
|
|
1
|
+
1.0.2
|
data/lib/signed_request.rb
CHANGED
|
@@ -3,10 +3,19 @@ require 'openssl'
|
|
|
3
3
|
require 'openssl/digest'
|
|
4
4
|
|
|
5
5
|
module SignedRequest
|
|
6
|
-
STRIP_PARAMS = ['action', 'controller']
|
|
6
|
+
STRIP_PARAMS = ['action', 'controller', 'format']
|
|
7
7
|
|
|
8
8
|
# Sign a request on the sending end.
|
|
9
9
|
def self.sign(params, secret_key)
|
|
10
|
+
params = params.dup
|
|
11
|
+
|
|
12
|
+
# Flatten any sub-hashes to a single string.
|
|
13
|
+
params.keys.each do |key|
|
|
14
|
+
if params[key].is_a?(Hash)
|
|
15
|
+
params[key] = params[key].sort_by { |k, v| k.to_s.downcase }.to_s
|
|
16
|
+
end
|
|
17
|
+
end
|
|
18
|
+
|
|
10
19
|
query = params.sort_by { |k,v| k.to_s.downcase }
|
|
11
20
|
digest = OpenSSL::Digest::Digest.new('sha1')
|
|
12
21
|
hmac = OpenSSL::HMAC.digest(digest, secret_key, query.to_s)
|
data/signed_request.gemspec
CHANGED
|
@@ -2,11 +2,11 @@
|
|
|
2
2
|
|
|
3
3
|
Gem::Specification.new do |s|
|
|
4
4
|
s.name = %q{signed_request}
|
|
5
|
-
s.version = "1.0.
|
|
5
|
+
s.version = "1.0.2"
|
|
6
6
|
|
|
7
7
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
|
8
8
|
s.authors = ["David Balatero"]
|
|
9
|
-
s.date = %q{2009-06-
|
|
9
|
+
s.date = %q{2009-06-30}
|
|
10
10
|
s.email = %q{dbalatero@evri.com}
|
|
11
11
|
s.extra_rdoc_files = [
|
|
12
12
|
"LICENSE",
|
data/spec/signed_request_spec.rb
CHANGED
|
@@ -17,8 +17,23 @@ describe SignedRequest do
|
|
|
17
17
|
result = SignedRequest.sign(params, @test_key)
|
|
18
18
|
result.should == "uoOmSftU4gnUMK6Q1ylyGnr5hEw="
|
|
19
19
|
end
|
|
20
|
-
end
|
|
21
20
|
|
|
21
|
+
it "should handle params with hashes as values deterministically" do
|
|
22
|
+
params = {
|
|
23
|
+
:user => {
|
|
24
|
+
:username => 'dbalatero',
|
|
25
|
+
:password => 'password',
|
|
26
|
+
:password_confirmation => 'password',
|
|
27
|
+
:token => 'z883481299kxkldksjkfdsalfdasfdas'
|
|
28
|
+
}
|
|
29
|
+
}
|
|
30
|
+
|
|
31
|
+
sig = SignedRequest.sign(params, @test_key)
|
|
32
|
+
20.times do
|
|
33
|
+
SignedRequest.sign(params.dup, @test_key).should == sig
|
|
34
|
+
end
|
|
35
|
+
end
|
|
36
|
+
end
|
|
22
37
|
|
|
23
38
|
describe "validate" do
|
|
24
39
|
it "should return true given a correct request" do
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: signed_request
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0.
|
|
4
|
+
version: 1.0.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- David Balatero
|
|
@@ -9,7 +9,7 @@ autorequire:
|
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
11
|
|
|
12
|
-
date: 2009-06-
|
|
12
|
+
date: 2009-06-30 00:00:00 -07:00
|
|
13
13
|
default_executable:
|
|
14
14
|
dependencies: []
|
|
15
15
|
|