signed_request 1.0.3 → 1.0.4

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. data/CHANGELOG.markdown +4 -0
  2. data/Rakefile +1 -1
  3. data/VERSION +1 -1
  4. data/lib/signed_request.rb +7 -5
  5. data/signed_request.gemspec +5 -4
  6. data/spec/signed_request_spec.rb +15 -3
  7. metadata +14 -6
data/CHANGELOG.markdown ADDED
@@ -0,0 +1,4 @@
1
+ 1.0.4
2
+ -----
3
+ * Added the ability to pass an additional path to be signed as part of the
4
+ request.
data/Rakefile CHANGED
@@ -6,7 +6,7 @@ begin
6
6
  Jeweler::Tasks.new do |gem|
7
7
  gem.name = "signed_request"
8
8
  gem.summary = %Q{A simple gem that allows you to sign HTTP requests between two parties with a shared secret key.}
9
- gem.email = "dbalatero@evri.com"
9
+ gem.email = "dbalatero@gmail.com"
10
10
  gem.homepage = "http://github.com/dbalatero/signed_request"
11
11
  gem.authors = ["David Balatero"]
12
12
  gem.rubyforge_project = 'evrigems'
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.0.3
1
+ 1.0.4
data/lib/signed_request.rb CHANGED
@@ -3,10 +3,10 @@ require 'openssl'
3
3
  require 'openssl/digest'
4
4
 
5
5
  module SignedRequest
6
- STRIP_PARAMS = ['action', 'controller', 'format']
6
+ STRIP_PARAMS = ['action', 'controller', 'format']
7
7
 
8
8
  # Sign a request on the sending end.
9
- def self.sign(params, secret_key)
9
+ def self.sign(params, secret_key, options = {})
10
10
  params = params.dup
11
11
 
12
12
  # Flatten any sub-hashes to a single string.
@@ -17,18 +17,20 @@ module SignedRequest
17
17
  end
18
18
 
19
19
  query = params.sort_by { |k,v| k.to_s.downcase }
20
+ string_to_sign = options[:path].to_s + query.to_s
21
+
20
22
  digest = OpenSSL::Digest::Digest.new('sha1')
21
- hmac = OpenSSL::HMAC.digest(digest, secret_key, query.to_s)
23
+ hmac = OpenSSL::HMAC.digest(digest, secret_key, string_to_sign)
22
24
  encoded = Base64.encode64(hmac).chomp
23
25
  end
24
26
 
25
27
  # Validate an incoming request on the receiving end.
26
- def self.validate(params, secret_key)
28
+ def self.validate(params, secret_key, sign_options = {})
27
29
  signature = params.delete('signature') || params.delete(:signature)
28
30
  return false if !signature
29
31
 
30
32
  strip_keys_from!(params, *STRIP_PARAMS)
31
- actual_signature = sign(params, secret_key)
33
+ actual_signature = sign(params, secret_key, sign_options)
32
34
  actual_signature == signature
33
35
  end
34
36
 
data/signed_request.gemspec CHANGED
@@ -5,12 +5,12 @@
5
5
 
6
6
  Gem::Specification.new do |s|
7
7
  s.name = %q{signed_request}
8
- s.version = "1.0.3"
8
+ s.version = "1.0.4"
9
9
 
10
10
  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
11
11
  s.authors = ["David Balatero"]
12
- s.date = %q{2010-03-05}
13
- s.email = %q{dbalatero@evri.com}
12
+ s.date = %q{2010-07-12}
13
+ s.email = %q{dbalatero@gmail.com}
14
14
  s.extra_rdoc_files = [
15
15
  "LICENSE",
16
16
  "README.rdoc"
@@ -18,6 +18,7 @@ Gem::Specification.new do |s|
18
18
  s.files = [
19
19
  ".document",
20
20
  ".gitignore",
21
+ "CHANGELOG.markdown",
21
22
  "LICENSE",
22
23
  "README.rdoc",
23
24
  "Rakefile",
@@ -32,7 +33,7 @@ Gem::Specification.new do |s|
32
33
  s.rdoc_options = ["--charset=UTF-8"]
33
34
  s.require_paths = ["lib"]
34
35
  s.rubyforge_project = %q{evrigems}
35
- s.rubygems_version = %q{1.3.5}
36
+ s.rubygems_version = %q{1.3.6}
36
37
  s.summary = %q{A simple gem that allows you to sign HTTP requests between two parties with a shared secret key.}
37
38
  s.test_files = [
38
39
  "spec/signed_request_spec.rb",
data/spec/signed_request_spec.rb CHANGED
@@ -6,9 +6,21 @@ describe SignedRequest do
6
6
  end
7
7
 
8
8
  describe "sign" do
9
+ it "should sign the params and path and return the correct signed key as base64" do
10
+ params = {
11
+ "tokenID" => "N1CHGCG13NNB4JMVJN1Q1JXIKBQDO4DQ595NRSCTILAU47P7GA7JVQMMJNXRUJFM",
12
+ "callerReference" => "44441234567fdsa44",
13
+ "expiry" => "10/2014",
14
+ "status" => "SC"
15
+ }
16
+
17
+ result = SignedRequest.sign(params, @test_key, :path => '/v1/api/mypath')
18
+ result.should == "oT/QGLKMPAX3sI3hvFLAK5yyGE8="
19
+ end
20
+
9
21
  it "should sign the request and return the correct signed key as base64" do
10
22
  params = {
11
- "tokenID" => "N1CHGCG13NNB4JMVJN1Q1JXIKBQDO4DQ595NRSCTILAU47P7GA7JVQMMJNXRUJFM",
23
+ "tokenID" => "N1CHGCG13NNB4JMVJN1Q1JXIKBQDO4DQ595NRSCTILAU47P7GA7JVQMMJNXRUJFM",
12
24
  "callerReference" => "44441234567fdsa44",
13
25
  "expiry" => "10/2014",
14
26
  "status" => "SC"
@@ -56,7 +68,7 @@ describe SignedRequest do
56
68
 
57
69
  it "should return true given a correct request" do
58
70
  good_params = {
59
- "tokenID" => "N1CHGCG13NNB4JMVJN1Q1JXIKBQDO4DQ595NRSCTILAU47P7GA7JVQMMJNXRUJFM",
71
+ "tokenID" => "N1CHGCG13NNB4JMVJN1Q1JXIKBQDO4DQ595NRSCTILAU47P7GA7JVQMMJNXRUJFM",
60
72
  "callerReference" => "44441234567fdsa44",
61
73
  "action" => "amazon_return",
62
74
  "signature" => "uoOmSftU4gnUMK6Q1ylyGnr5hEw=",
@@ -70,7 +82,7 @@ describe SignedRequest do
70
82
 
71
83
  it "should return false if there is no signature given" do
72
84
  good_params_without_signature = {
73
- "tokenID" => "N1CHGCG13NNB4JMVJN1Q1JXIKBQDO4DQ595NRSCTILAU47P7GA7JVQMMJNXRUJFM",
85
+ "tokenID" => "N1CHGCG13NNB4JMVJN1Q1JXIKBQDO4DQ595NRSCTILAU47P7GA7JVQMMJNXRUJFM",
74
86
  "callerReference" => "44441234567fdsa44",
75
87
  "action" => "amazon_return",
76
88
  "controller" => "checkout",
metadata CHANGED
@@ -1,7 +1,12 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: signed_request
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.3
4
+ prerelease: false
5
+ segments:
6
+ - 1
7
+ - 0
8
+ - 4
9
+ version: 1.0.4
5
10
  platform: ruby
6
11
  authors:
7
12
  - David Balatero
@@ -9,12 +14,12 @@ autorequire:
9
14
  bindir: bin
10
15
  cert_chain: []
11
16
 
12
- date: 2010-03-05 00:00:00 -08:00
17
+ date: 2010-07-12 00:00:00 -07:00
13
18
  default_executable:
14
19
  dependencies: []
15
20
 
16
21
  description:
17
- email: dbalatero@evri.com
22
+ email: dbalatero@gmail.com
18
23
  executables: []
19
24
 
20
25
  extensions: []
@@ -25,6 +30,7 @@ extra_rdoc_files:
25
30
  files:
26
31
  - .document
27
32
  - .gitignore
33
+ - CHANGELOG.markdown
28
34
  - LICENSE
29
35
  - README.rdoc
30
36
  - Rakefile
@@ -47,18 +53,20 @@ required_ruby_version: !ruby/object:Gem::Requirement
47
53
  requirements:
48
54
  - - ">="
49
55
  - !ruby/object:Gem::Version
56
+ segments:
57
+ - 0
50
58
  version: "0"
51
- version:
52
59
  required_rubygems_version: !ruby/object:Gem::Requirement
53
60
  requirements:
54
61
  - - ">="
55
62
  - !ruby/object:Gem::Version
63
+ segments:
64
+ - 0
56
65
  version: "0"
57
- version:
58
66
  requirements: []
59
67
 
60
68
  rubyforge_project: evrigems
61
- rubygems_version: 1.3.5
69
+ rubygems_version: 1.3.6
62
70
  signing_key:
63
71
  specification_version: 3
64
72
  summary: A simple gem that allows you to sign HTTP requests between two parties with a shared secret key.