warden-hmac-authentication 0.5.5 → 0.6.0

data/bin/warden-hmac-authentication

@@ -1,68 +1,16 @@
 #!/usr/bin/env ruby
+#
+# This file was generated by Bundler.
+#
+# The application 'warden-hmac-authentication' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
 
-begin
-  require 'trollop'
-rescue LoadError => e
-  puts ""
-  puts ""
-  puts "============= ERROR ================"
-  puts ""
-  puts "You need trollop installed or in your gemfile to use the signer"
-  puts ""
-  puts "============= ERROR ================"
-  puts ""
-  puts ""
-  exit(-1)
-end
+require 'pathname'
+ENV['BUNDLE_GEMFILE'] ||= File.expand_path("../../Gemfile",
+  Pathname.new(__FILE__).realpath)
 
-require 'hmac/signer'
+require 'rubygems'
+require 'bundler/setup'
 
-opts = Trollop::options do
-  
-  version "warden-hmac-sign 0.3.0 (c) 2011 Felix Gilcher, Florian Gilcher"
-    banner <<-EOS
-  warden-hmac-authentication is used to create and validate signed urls for
-  usage with the HMAC authentication scheme used by 
-  https://github.com/Asquera/warden-hmac-authentication
-
-  Usage:
-         warden-hmac-authentication [options] <command> url
-  
-  where command is one of
-  
-    sign: signs the given url 
-    validate: validates the given url
-    
-  and where [options] are:
-  
-  EOS
-  
-  opt :algorithm, "The hashing algorithm to use for the HMAC", :type => :string, :default => "sha1"
-  opt :secret, "The shared secret for the HMAC", :type => :string, :required => true
-  opt :"auth-param", "The name for the auth param in the url", :default => "auth"
-  opt :"date", "The date to use for the signature (defaults to now)"
-end
-
-cmd = ARGV.shift
-Trollop::die "You must give a command" if cmd.nil?
-Trollop::die "You command must be one of [sign, validate]" unless ["sign", "validate"].include? cmd
-Trollop::die "You must provide a URL" if ARGV.empty?
-url = ARGV.shift
-
-secret = opts.delete(:secret)
-algorithm = opts.delete(:algorithm)
-
-signer = HMAC::Signer.new(algorithm)
-
-if "sign" == cmd
-  puts signer.sign_url(url, secret, opts)
-else
-  success = signer.validate_url_signature(url, secret, opts)
-  if success
-    puts "URL #{url} is valid"
-    exit 0
-  else
-    puts "URL #{url} does not contain a valid signature"
-    exit 1
-  end
-end
+load Gem.bin_path('warden-hmac-authentication', 'warden-hmac-authentication')

data/lib/hmac/signer.rb

@@ -12,6 +12,17 @@ module HMAC
   class Signer
     attr_accessor :secret, :algorithm, :default_opts
 
+    DEFAULT_OPTS = {
+      :auth_scheme => "HMAC",
+      :auth_param => "auth",
+      :auth_header => "Authorization",
+      :auth_header_format => "%{auth_scheme} %{signature}",
+      :query_based => false,
+      :use_alternate_date_header => false,
+      :extra_auth_params => {},
+      :ignore_params => []
+    }
+
     # create a new HMAC instance
     #
     # @param [String] algorithm   The hashing-algorithm to use. See the openssl documentation for valid values.
@@ -25,25 +36,18 @@ module HMAC
     # @option default_opts [String]             :alternate_date_header ('X-#{auth_scheme}-Date') The header name for the alternate date header
     # @option default_opts [Bool]               :query_based (false) Whether to use query based authentication
     # @option default_opts [Bool]               :use_alternate_date_header (false) Use the alternate date header instead of `Date`
+    # @option default_opts [Hash]               :extra_auth_params ({}) Additional parameters to inject in the auth parameter
+    # @option default_opts [Array<Symbol>]      :ignore_params ([]) Params to ignore for signing
     #
     def initialize(algorithm = "sha1", default_opts = {})
       self.algorithm = algorithm
-      self.default_opts = {
-        :auth_scheme => "HMAC",
-        :auth_param => "auth",
-        :auth_header => "Authorization",
-        :auth_header_format => "%{auth_scheme} %{signature}",
-        :nonce_header => "X-%{scheme}-Nonce" % {:scheme => (default_opts[:auth_scheme] || "HMAC")},
-        :alternate_date_header => "X-%{scheme}-Date" % {:scheme => (default_opts[:auth_scheme] || "HMAC")},
-        :query_based => false,
-        :use_alternate_date_header => false,
-        :extra_auth_params => {}
-      }.merge(default_opts)
-    
+      default_opts[:nonce_header] ||="X-%{scheme}-Nonce" % {:scheme => (default_opts[:auth_scheme] || "HMAC")}
+      default_opts[:alternate_date_header] ||= "X-%{scheme}-Date" % {:scheme => (default_opts[:auth_scheme] || "HMAC")}
+      self.default_opts = DEFAULT_OPTS.merge(default_opts)
     end
-  
+
     # Generate the signature from a hash representation
-    # 
+    #
     # returns nil if no secret or an empty secret was given
     #
     # @param [Hash] params the parameters to create the representation with
@@ -57,6 +61,7 @@ module HMAC
     # @option params [String]             :auth_scheme ('HMAC')   The name of the authorization scheme used in the Authorization header and to construct various header-names
     # @option params [String]             :auth_param ('auth')   The name of the authentication param to use for query based authentication
     # @option params [Hash]               :extra_auth_params ({}) Additional parameters to inject in the auth parameter
+    # @option params [Array<Symbol>]      :ignore_params ([]) Params to ignore for signing
     # @option params [String]             :auth_header ('Authorization') The name of the authorization header to use
     # @option params [String]             :auth_header_format ('%{auth_scheme} %{signature}') The format of the authorization header. Will be interpolated with the given options and the signature.
     # @option params [String]             :nonce_header ('X-#{auth_scheme}-Nonce') The header name for the request nonce
@@ -67,7 +72,7 @@ module HMAC
     # @return [String] the signature
     def generate_signature(params)
       secret = params.delete(:secret)
-      
+
       # jruby stumbles over empty secrets, we regard them as invalid anyways, so we return an empty digest if no scret was given
       if '' == secret.to_s
         nil
@@ -75,7 +80,7 @@ module HMAC
         OpenSSL::HMAC.hexdigest(algorithm, secret, canonical_representation(params))
       end
     end
-  
+
     # compares the given signature with the signature created from a hash representation
     #
     # @param [String] signature the signature to compare with
@@ -90,6 +95,7 @@ module HMAC
     # @option params [String]             :auth_scheme ('HMAC')   The name of the authorization scheme used in the Authorization header and to construct various header-names
     # @option params [String]             :auth_param ('auth')   The name of the authentication param to use for query based authentication
     # @option params [Hash]               :extra_auth_params ({}) Additional parameters to inject in the auth parameter
+    # @option params [Array<Symbol>]      :ignore_params ([]) Params to ignore for signing
     # @option params [String]             :auth_header ('Authorization') The name of the authorization header to use
     # @option params [String]             :auth_header_format ('%{auth_scheme} %{signature}') The format of the authorization header. Will be interpolated with the given options and the signature.
     # @option params [String]             :nonce_header ('X-#{auth_scheme}-Nonce') The header name for the request nonce
@@ -101,7 +107,7 @@ module HMAC
     def validate_signature(signature, params)
       signature == generate_signature(params)
     end
-  
+
     # convienience method to check the signature of a url with query-based authentication
     #
     # @param [String] url the url to test
@@ -114,18 +120,20 @@ module HMAC
     def validate_url_signature(url, secret, opts = {})
       opts = default_opts.merge(opts)
       opts[:query_based] = true
-    
+
       uri = Addressable::URI.parse(url)
       query_values = uri.query_values
       auth_params = query_values.delete(opts[:auth_param])
-    
+
+      return false unless auth_params
+
       date = auth_params["date"]
       nonce = auth_params["nonce"]
       validate_signature(auth_params["signature"], :secret => secret, :method => "GET", :path => uri.path, :date => date, :nonce => nonce, :query => query_values, :headers => {})
     end
-  
+
     # generates the canonical representation for a given request
-    # 
+    #
     # @param [Hash] params the parameters to create the representation with
     # @option params [String] :method The HTTP Verb of the request
     # @option params [String] :date The date of the request as it was formatted in the request
@@ -136,6 +144,7 @@ module HMAC
     # @option params [String] :auth_scheme ('HMAC')   The name of the authorization scheme used in the Authorization header and to construct various header-names
     # @option params [String] :auth_param ('auth')   The name of the authentication param to use for query based authentication
     # @option params [Hash]   :extra_auth_params ({}) Additional parameters to inject in the auth parameter
+    # @option params [Array<Symbol>]      :ignore_params ([]) Params to ignore for signing
     # @option params [String] :auth_header ('Authorization') The name of the authorization header to use
     # @option params [String] :auth_header_format ('%{auth_scheme} %{signature}') The format of the authorization header. Will be interpolated with the given options and the signature.
     # @option params [String] :nonce_header ('X-#{auth_scheme}-Nonce') The header name for the request nonce
@@ -146,20 +155,20 @@ module HMAC
     # @return [String] the canonical representation
     def canonical_representation(params)
       rep = ""
-    
-      rep << "#{params[:method].upcase}\n" 
+
+      rep << "#{params[:method].upcase}\n"
       rep << "date:#{params[:date]}\n"
       rep << "nonce:#{params[:nonce]}\n"
-    
+
       (params[:headers] || {}).sort.each do |pair|
         name,value = *pair
         rep << "#{name.downcase}:#{value}\n"
       end
-    
+
       rep << params[:path]
-    
+
       p = (params[:query] || {}).dup
-    
+
       if !p.empty?
         query = p.sort.map do |key, value|
           "%{key}=%{value}" % {
@@ -169,10 +178,10 @@ module HMAC
         end.join("&")
         rep << "?#{query}"
       end
-    
+
       rep
     end
-  
+
     # sign the given request
     #
     # @param [String] url     The url of the request
@@ -183,10 +192,11 @@ module HMAC
     # @option opts [String, #strftime]  :date (Time.now)      The date to use in the signature
     # @option opts [Hash]               :headers ({})         A list of optional headers to include in the signature
     # @option opts [String,Symbol]      :method ('GET')       The HTTP method to use in the signature
-    #                                   
+    #
     # @option opts [String]             :auth_scheme ('HMAC')   The name of the authorization scheme used in the Authorization header and to construct various header-names
     # @option opts [String]             :auth_param ('auth')   The name of the authentication param to use for query based authentication
     # @option opts [Hash]               :extra_auth_params ({}) Additional parameters to inject in the auth parameter
+    # @option opts [Array<Symbol>]      :ignore_params ([]) Params to ignore for signing
     # @option opts [String]             :auth_header ('Authorization') The name of the authorization header to use
     # @option opts [String]             :auth_header_format ('%{auth_scheme} %{signature}') The format of the authorization header. Will be interpolated with the given options and the signature.
     # @option opts [String]             :nonce_header ('X-#{auth_scheme}-Nonce') The header name for the request nonce
@@ -196,41 +206,49 @@ module HMAC
     #
     def sign_request(url, secret, opts = {})
       opts = default_opts.merge(opts)
-    
+
       uri = Addressable::URI.parse(url)
       headers = opts[:headers] || {}
-    
+
       date = opts[:date] || Time.now.gmtime
       date = date.gmtime.strftime('%a, %e %b %Y %T GMT') if date.respond_to? :strftime
 
       method = opts[:method] ? opts[:method].to_s.upcase : "GET"
-    
-      signature = generate_signature(:secret => secret, :method => method, :path => uri.path, :date => date, :nonce => opts[:nonce], :query => uri.query_values, :headers => opts[:headers])
-      
+
+      query_values = uri.query_values
+
+      if query_values
+        query_values.delete_if do |k,v|
+          opts[:ignore_params].one? { |param| (k == param) || (k == param.to_s) }
+        end
+      end
+
+      signature = generate_signature(:secret => secret, :method => method, :path => uri.path, :date => date, :nonce => opts[:nonce], :query => query_values, :headers => opts[:headers], :ignore_params => opts[:ignore_params])
+
       if opts[:query_based]
         auth_params = opts[:extra_auth_params].merge({
           "date" => date,
           "signature" => signature
         })
         auth_params[:nonce] = opts[:nonce] unless opts[:nonce].nil?
-        
+
         query_values =  uri.query_values || {}
         query_values[opts[:auth_param]] = auth_params
         uri.query_values = query_values
       else
         headers[opts[:auth_header]]   = opts[:auth_header_format] % opts.merge({:signature => signature})
         headers[opts[:nonce_header]]  = opts[:nonce] unless opts[:nonce].nil?
-      
-        if opts[:use_alternate_date_header] 
+
+        if opts[:use_alternate_date_header]
           headers[opts[:alternate_date_header]] = date
         else
           headers["Date"] = date
         end
       end
-    
+
       [headers, uri.to_s]
     end
-  
+
     # convienience method to sign a url for use with query-based authentication
     #
     # @param [String] url the url to sign
@@ -244,11 +262,10 @@ module HMAC
     def sign_url(url, secret, opts = {})
       opts = default_opts.merge(opts)
       opts[:query_based] = true
-    
+
       headers, url = *sign_request(url, secret, opts)
-      url  
+      url
     end
-  
-  
+
   end
 end

data/lib/hmac/string/jruby.rb

@@ -1,6 +1,6 @@
-# this is a ruby workaround for jruby issue http://jira.codehaus.org/browse/JRUBY-5338
+# this is a ruby workaround for jruby issue http://jira.codehaus.org/browse/JRUBY-5338 which was fixed in jruby-1.6.6
 
-if defined?(JRUBY_VERSION) && RUBY_VERSION =~ /^1\.9/
+if defined?(JRUBY_VERSION) && RUBY_VERSION =~ /^1\.9/ && JRUBY_VERSION < "1.6.6"
   class KeyError < IndexError
   end
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: warden-hmac-authentication
 version: !ruby/object:Gem::Version
-  version: 0.5.5
+  version: 0.6.0
   prerelease: 
 platform: ruby
 authors:
@@ -10,11 +10,11 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-01-15 00:00:00.000000000Z
+date: 2012-04-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: addressable
-  requirement: &2157827400 !ruby/object:Gem::Requirement
+  requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -22,10 +22,15 @@ dependencies:
         version: '0'
   type: :runtime
   prerelease: false
-  version_requirements: *2157827400
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rack
-  requirement: &2157826460 !ruby/object:Gem::Requirement
+  requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -33,10 +38,15 @@ dependencies:
         version: '0'
   type: :runtime
   prerelease: false
-  version_requirements: *2157826460
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: warden
-  requirement: &2157825640 !ruby/object:Gem::Requirement
+  requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -44,10 +54,15 @@ dependencies:
         version: '0'
   type: :runtime
   prerelease: false
-  version_requirements: *2157825640
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
-  requirement: &2157824460 !ruby/object:Gem::Requirement
+  requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -55,10 +70,15 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *2157824460
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rack-test
-  requirement: &2157823380 !ruby/object:Gem::Requirement
+  requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -66,10 +86,15 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *2157823380
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: riot
-  requirement: &2157822860 !ruby/object:Gem::Requirement
+  requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -77,10 +102,15 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *2157822860
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: timecop
-  requirement: &2157822400 !ruby/object:Gem::Requirement
+  requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -88,10 +118,15 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *2157822400
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: simplecov
-  requirement: &2157821680 !ruby/object:Gem::Requirement
+  requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -99,10 +134,15 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *2157821680
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: simplecov-html
-  requirement: &2157820800 !ruby/object:Gem::Requirement
+  requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -110,10 +150,15 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *2157820800
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: trollop
-  requirement: &2157820020 !ruby/object:Gem::Requirement
+  requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -121,7 +166,12 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *2157820020
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 description: ! "This gem provides request authentication via [HMAC](http://en.wikipedia.org/wiki/Hmac).
   The main usage is request based, noninteractive\n  authentication for API implementations.
   Two strategies are supported that differ mainly in how the authentication information
@@ -147,7 +197,8 @@ files:
 - lib/hmac/strategies/header.rb
 - lib/hmac/strategies/query.rb
 - lib/hmac/string/jruby.rb
-- bin/warden-hmac-authentication
+- !binary |-
+  YmluL3dhcmRlbi1obWFjLWF1dGhlbnRpY2F0aW9u
 homepage: https://github.com/Asquera/warden-hmac-authentication
 licenses: []
 post_install_message: 
@@ -168,7 +219,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 1.8.6
+rubygems_version: 1.8.21
 signing_key: 
 specification_version: 3
 summary: Provides request based, non-interactive authentication for APIs