signed_request 1.0.3 → 1.0.4
Sign up to get free protection for your applications and to get access to all the features.
- data/CHANGELOG.markdown +4 -0
- data/Rakefile +1 -1
- data/VERSION +1 -1
- data/lib/signed_request.rb +7 -5
- data/signed_request.gemspec +5 -4
- data/spec/signed_request_spec.rb +15 -3
- metadata +14 -6
data/CHANGELOG.markdown
ADDED
data/Rakefile
CHANGED
@@ -6,7 +6,7 @@ begin
|
|
6
6
|
Jeweler::Tasks.new do |gem|
|
7
7
|
gem.name = "signed_request"
|
8
8
|
gem.summary = %Q{A simple gem that allows you to sign HTTP requests between two parties with a shared secret key.}
|
9
|
-
gem.email = "dbalatero@
|
9
|
+
gem.email = "dbalatero@gmail.com"
|
10
10
|
gem.homepage = "http://github.com/dbalatero/signed_request"
|
11
11
|
gem.authors = ["David Balatero"]
|
12
12
|
gem.rubyforge_project = 'evrigems'
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.0.
|
1
|
+
1.0.4
|
data/lib/signed_request.rb
CHANGED
@@ -3,10 +3,10 @@ require 'openssl'
|
|
3
3
|
require 'openssl/digest'
|
4
4
|
|
5
5
|
module SignedRequest
|
6
|
-
STRIP_PARAMS = ['action', 'controller', 'format']
|
6
|
+
STRIP_PARAMS = ['action', 'controller', 'format']
|
7
7
|
|
8
8
|
# Sign a request on the sending end.
|
9
|
-
def self.sign(params, secret_key)
|
9
|
+
def self.sign(params, secret_key, options = {})
|
10
10
|
params = params.dup
|
11
11
|
|
12
12
|
# Flatten any sub-hashes to a single string.
|
@@ -17,18 +17,20 @@ module SignedRequest
|
|
17
17
|
end
|
18
18
|
|
19
19
|
query = params.sort_by { |k,v| k.to_s.downcase }
|
20
|
+
string_to_sign = options[:path].to_s + query.to_s
|
21
|
+
|
20
22
|
digest = OpenSSL::Digest::Digest.new('sha1')
|
21
|
-
hmac = OpenSSL::HMAC.digest(digest, secret_key,
|
23
|
+
hmac = OpenSSL::HMAC.digest(digest, secret_key, string_to_sign)
|
22
24
|
encoded = Base64.encode64(hmac).chomp
|
23
25
|
end
|
24
26
|
|
25
27
|
# Validate an incoming request on the receiving end.
|
26
|
-
def self.validate(params, secret_key)
|
28
|
+
def self.validate(params, secret_key, sign_options = {})
|
27
29
|
signature = params.delete('signature') || params.delete(:signature)
|
28
30
|
return false if !signature
|
29
31
|
|
30
32
|
strip_keys_from!(params, *STRIP_PARAMS)
|
31
|
-
actual_signature = sign(params, secret_key)
|
33
|
+
actual_signature = sign(params, secret_key, sign_options)
|
32
34
|
actual_signature == signature
|
33
35
|
end
|
34
36
|
|
data/signed_request.gemspec
CHANGED
@@ -5,12 +5,12 @@
|
|
5
5
|
|
6
6
|
Gem::Specification.new do |s|
|
7
7
|
s.name = %q{signed_request}
|
8
|
-
s.version = "1.0.
|
8
|
+
s.version = "1.0.4"
|
9
9
|
|
10
10
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
11
11
|
s.authors = ["David Balatero"]
|
12
|
-
s.date = %q{2010-
|
13
|
-
s.email = %q{dbalatero@
|
12
|
+
s.date = %q{2010-07-12}
|
13
|
+
s.email = %q{dbalatero@gmail.com}
|
14
14
|
s.extra_rdoc_files = [
|
15
15
|
"LICENSE",
|
16
16
|
"README.rdoc"
|
@@ -18,6 +18,7 @@ Gem::Specification.new do |s|
|
|
18
18
|
s.files = [
|
19
19
|
".document",
|
20
20
|
".gitignore",
|
21
|
+
"CHANGELOG.markdown",
|
21
22
|
"LICENSE",
|
22
23
|
"README.rdoc",
|
23
24
|
"Rakefile",
|
@@ -32,7 +33,7 @@ Gem::Specification.new do |s|
|
|
32
33
|
s.rdoc_options = ["--charset=UTF-8"]
|
33
34
|
s.require_paths = ["lib"]
|
34
35
|
s.rubyforge_project = %q{evrigems}
|
35
|
-
s.rubygems_version = %q{1.3.
|
36
|
+
s.rubygems_version = %q{1.3.6}
|
36
37
|
s.summary = %q{A simple gem that allows you to sign HTTP requests between two parties with a shared secret key.}
|
37
38
|
s.test_files = [
|
38
39
|
"spec/signed_request_spec.rb",
|
data/spec/signed_request_spec.rb
CHANGED
@@ -6,9 +6,21 @@ describe SignedRequest do
|
|
6
6
|
end
|
7
7
|
|
8
8
|
describe "sign" do
|
9
|
+
it "should sign the params and path and return the correct signed key as base64" do
|
10
|
+
params = {
|
11
|
+
"tokenID" => "N1CHGCG13NNB4JMVJN1Q1JXIKBQDO4DQ595NRSCTILAU47P7GA7JVQMMJNXRUJFM",
|
12
|
+
"callerReference" => "44441234567fdsa44",
|
13
|
+
"expiry" => "10/2014",
|
14
|
+
"status" => "SC"
|
15
|
+
}
|
16
|
+
|
17
|
+
result = SignedRequest.sign(params, @test_key, :path => '/v1/api/mypath')
|
18
|
+
result.should == "oT/QGLKMPAX3sI3hvFLAK5yyGE8="
|
19
|
+
end
|
20
|
+
|
9
21
|
it "should sign the request and return the correct signed key as base64" do
|
10
22
|
params = {
|
11
|
-
"tokenID" => "N1CHGCG13NNB4JMVJN1Q1JXIKBQDO4DQ595NRSCTILAU47P7GA7JVQMMJNXRUJFM",
|
23
|
+
"tokenID" => "N1CHGCG13NNB4JMVJN1Q1JXIKBQDO4DQ595NRSCTILAU47P7GA7JVQMMJNXRUJFM",
|
12
24
|
"callerReference" => "44441234567fdsa44",
|
13
25
|
"expiry" => "10/2014",
|
14
26
|
"status" => "SC"
|
@@ -56,7 +68,7 @@ describe SignedRequest do
|
|
56
68
|
|
57
69
|
it "should return true given a correct request" do
|
58
70
|
good_params = {
|
59
|
-
"tokenID" => "N1CHGCG13NNB4JMVJN1Q1JXIKBQDO4DQ595NRSCTILAU47P7GA7JVQMMJNXRUJFM",
|
71
|
+
"tokenID" => "N1CHGCG13NNB4JMVJN1Q1JXIKBQDO4DQ595NRSCTILAU47P7GA7JVQMMJNXRUJFM",
|
60
72
|
"callerReference" => "44441234567fdsa44",
|
61
73
|
"action" => "amazon_return",
|
62
74
|
"signature" => "uoOmSftU4gnUMK6Q1ylyGnr5hEw=",
|
@@ -70,7 +82,7 @@ describe SignedRequest do
|
|
70
82
|
|
71
83
|
it "should return false if there is no signature given" do
|
72
84
|
good_params_without_signature = {
|
73
|
-
"tokenID" => "N1CHGCG13NNB4JMVJN1Q1JXIKBQDO4DQ595NRSCTILAU47P7GA7JVQMMJNXRUJFM",
|
85
|
+
"tokenID" => "N1CHGCG13NNB4JMVJN1Q1JXIKBQDO4DQ595NRSCTILAU47P7GA7JVQMMJNXRUJFM",
|
74
86
|
"callerReference" => "44441234567fdsa44",
|
75
87
|
"action" => "amazon_return",
|
76
88
|
"controller" => "checkout",
|
metadata
CHANGED
@@ -1,7 +1,12 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: signed_request
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
|
4
|
+
prerelease: false
|
5
|
+
segments:
|
6
|
+
- 1
|
7
|
+
- 0
|
8
|
+
- 4
|
9
|
+
version: 1.0.4
|
5
10
|
platform: ruby
|
6
11
|
authors:
|
7
12
|
- David Balatero
|
@@ -9,12 +14,12 @@ autorequire:
|
|
9
14
|
bindir: bin
|
10
15
|
cert_chain: []
|
11
16
|
|
12
|
-
date: 2010-
|
17
|
+
date: 2010-07-12 00:00:00 -07:00
|
13
18
|
default_executable:
|
14
19
|
dependencies: []
|
15
20
|
|
16
21
|
description:
|
17
|
-
email: dbalatero@
|
22
|
+
email: dbalatero@gmail.com
|
18
23
|
executables: []
|
19
24
|
|
20
25
|
extensions: []
|
@@ -25,6 +30,7 @@ extra_rdoc_files:
|
|
25
30
|
files:
|
26
31
|
- .document
|
27
32
|
- .gitignore
|
33
|
+
- CHANGELOG.markdown
|
28
34
|
- LICENSE
|
29
35
|
- README.rdoc
|
30
36
|
- Rakefile
|
@@ -47,18 +53,20 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
47
53
|
requirements:
|
48
54
|
- - ">="
|
49
55
|
- !ruby/object:Gem::Version
|
56
|
+
segments:
|
57
|
+
- 0
|
50
58
|
version: "0"
|
51
|
-
version:
|
52
59
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
53
60
|
requirements:
|
54
61
|
- - ">="
|
55
62
|
- !ruby/object:Gem::Version
|
63
|
+
segments:
|
64
|
+
- 0
|
56
65
|
version: "0"
|
57
|
-
version:
|
58
66
|
requirements: []
|
59
67
|
|
60
68
|
rubyforge_project: evrigems
|
61
|
-
rubygems_version: 1.3.
|
69
|
+
rubygems_version: 1.3.6
|
62
70
|
signing_key:
|
63
71
|
specification_version: 3
|
64
72
|
summary: A simple gem that allows you to sign HTTP requests between two parties with a shared secret key.
|