warden-hmac-authentication 0.5.2 → 0.5.3

Sign up to get free protection for your applications and to get access to all the features.
Files changed (4) hide show
  1. data/bin/warden-hmac-authentication +64 -12
  2. data/lib/hmac/strategies/base.rb +13 -2
  3. data/lib/hmac/strategies/query.rb +9 -2
  4. metadata +31 -31
data/bin/warden-hmac-authentication CHANGED
@@ -1,16 +1,68 @@
1
1
  #!/usr/bin/env ruby
2
- #
3
- # This file was generated by Bundler.
4
- #
5
- # The application 'warden-hmac-authentication' is installed as part of a gem, and
6
- # this file is here to facilitate running it.
7
- #
8
2
 
9
- require 'pathname'
10
- ENV['BUNDLE_GEMFILE'] ||= File.expand_path("../../Gemfile",
11
- Pathname.new(__FILE__).realpath)
3
+ begin
4
+ require 'trollop'
5
+ rescue LoadError => e
6
+ puts ""
7
+ puts ""
8
+ puts "============= ERROR ================"
9
+ puts ""
10
+ puts "You need trollop installed or in your gemfile to use the signer"
11
+ puts ""
12
+ puts "============= ERROR ================"
13
+ puts ""
14
+ puts ""
15
+ exit(-1)
16
+ end
12
17
 
13
- require 'rubygems'
14
- require 'bundler/setup'
18
+ require 'hmac/signer'
15
19
 
16
- load Gem.bin_path('warden-hmac-authentication', 'warden-hmac-authentication')
20
+ opts = Trollop::options do
21
+
22
+ version "warden-hmac-sign 0.3.0 (c) 2011 Felix Gilcher, Florian Gilcher"
23
+ banner <<-EOS
24
+ warden-hmac-authentication is used to create and validate signed urls for
25
+ usage with the HMAC authentication scheme used by
26
+ https://github.com/Asquera/warden-hmac-authentication
27
+
28
+ Usage:
29
+ warden-hmac-authentication [options] <command> url
30
+
31
+ where command is one of
32
+
33
+ sign: signs the given url
34
+ validate: validates the given url
35
+
36
+ and where [options] are:
37
+
38
+ EOS
39
+
40
+ opt :algorithm, "The hashing algorithm to use for the HMAC", :type => :string, :default => "sha1"
41
+ opt :secret, "The shared secret for the HMAC", :type => :string, :required => true
42
+ opt :"auth-param", "The name for the auth param in the url", :default => "auth"
43
+ opt :"date", "The date to use for the signature (defaults to now)"
44
+ end
45
+
46
+ cmd = ARGV.shift
47
+ Trollop::die "You must give a command" if cmd.nil?
48
+ Trollop::die "You command must be one of [sign, validate]" unless ["sign", "validate"].include? cmd
49
+ Trollop::die "You must provide a URL" if ARGV.empty?
50
+ url = ARGV.shift
51
+
52
+ secret = opts.delete(:secret)
53
+ algorithm = opts.delete(:algorithm)
54
+
55
+ signer = HMAC::Signer.new(algorithm)
56
+
57
+ if "sign" == cmd
58
+ puts signer.sign_url(url, secret, opts)
59
+ else
60
+ success = signer.validate_url_signature(url, secret, opts)
61
+ if success
62
+ puts "URL #{url} is valid"
63
+ exit 0
64
+ else
65
+ puts "URL #{url} does not contain a valid signature"
66
+ exit 1
67
+ end
68
+ end
data/lib/hmac/strategies/base.rb CHANGED
@@ -23,7 +23,7 @@ module Warden
23
23
  debug("authentication attempt with an empty secret")
24
24
  return fail!("Cannot authenticate with an empty secret")
25
25
  end
26
-
26
+
27
27
  if check_ttl? && !timestamp_valid?
28
28
  debug("authentication attempt with an invalid timestamp. Given was #{timestamp}, expected was #{Time.now.gmtime}")
29
29
  return fail!("Invalid timestamp")
@@ -93,7 +93,11 @@ module Warden
93
93
 
94
94
  private
95
95
  def config
96
- env["warden"].config[:scope_defaults][scope][:hmac]
96
+ if env["warden"].config[:scope_defaults][scope][:hmac]
97
+ env["warden"].config[:scope_defaults][scope][:hmac]
98
+ else
99
+ {}
100
+ end
97
101
  end
98
102
 
99
103
  def auth_param
@@ -124,6 +128,13 @@ module Warden
124
128
  config[:auth_header_format] || '%{scheme} %{signature}'
125
129
  end
126
130
 
131
+ # check whether a nonce is set in the request
132
+ #
133
+ # @return [Bool] True if a nonce was given in the request
134
+ def has_nonce?
135
+ nonce && !nonce.to_s.empty?
136
+ end
137
+
127
138
  def auth_header_parse
128
139
  unless @auth_header_parse
129
140
  r = config[:auth_header_parse]
data/lib/hmac/strategies/query.rb CHANGED
@@ -15,12 +15,19 @@ module Warden
15
15
  # @return [Bool] true if all required authentication information is available in the request
16
16
  # @see https://github.com/hassox/warden/wiki/Strategies
17
17
  def valid?
18
- valid = auth_info.include? "signature"
18
+ valid = has_signature?
19
19
  valid = valid && has_timestamp? if check_ttl?
20
20
  valid = valid && has_nonce? if nonce_required?
21
21
  valid
22
22
  end
23
-
23
+
24
+ # Checks that the request contains a signature
25
+ #
26
+ # @return [Bool] true if the request contains a signature
27
+ def has_signature?
28
+ auth_info.include? "signature"
29
+ end
30
+
24
31
  # Check that the signature given in the request is valid.
25
32
  #
26
33
  # @return [Bool] true if the request is valid
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: warden-hmac-authentication
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.5.2
4
+ version: 0.5.3
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -10,11 +10,11 @@ authors:
10
10
  autorequire:
11
11
  bindir: bin
12
12
  cert_chain: []
13
- date: 2011-12-14 00:00:00.000000000Z
13
+ date: 2011-12-28 00:00:00.000000000Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: addressable
17
- requirement: &2155925200 !ruby/object:Gem::Requirement
17
+ requirement: &2154430420 !ruby/object:Gem::Requirement
18
18
  none: false
19
19
  requirements:
20
20
  - - ! '>='
@@ -22,10 +22,10 @@ dependencies:
22
22
  version: '0'
23
23
  type: :runtime
24
24
  prerelease: false
25
- version_requirements: *2155925200
25
+ version_requirements: *2154430420
26
26
  - !ruby/object:Gem::Dependency
27
27
  name: rack
28
- requirement: &2155924300 !ruby/object:Gem::Requirement
28
+ requirement: &2154429940 !ruby/object:Gem::Requirement
29
29
  none: false
30
30
  requirements:
31
31
  - - ! '>='
@@ -33,21 +33,10 @@ dependencies:
33
33
  version: '0'
34
34
  type: :runtime
35
35
  prerelease: false
36
- version_requirements: *2155924300
37
- - !ruby/object:Gem::Dependency
38
- name: trollop
39
- requirement: &2155923580 !ruby/object:Gem::Requirement
40
- none: false
41
- requirements:
42
- - - ! '>='
43
- - !ruby/object:Gem::Version
44
- version: '0'
45
- type: :runtime
46
- prerelease: false
47
- version_requirements: *2155923580
36
+ version_requirements: *2154429940
48
37
  - !ruby/object:Gem::Dependency
49
38
  name: warden
50
- requirement: &2155922780 !ruby/object:Gem::Requirement
39
+ requirement: &2154429480 !ruby/object:Gem::Requirement
51
40
  none: false
52
41
  requirements:
53
42
  - - ! '>='
@@ -55,10 +44,10 @@ dependencies:
55
44
  version: '0'
56
45
  type: :runtime
57
46
  prerelease: false
58
- version_requirements: *2155922780
47
+ version_requirements: *2154429480
59
48
  - !ruby/object:Gem::Dependency
60
49
  name: rake
61
- requirement: &2155922360 !ruby/object:Gem::Requirement
50
+ requirement: &2154428920 !ruby/object:Gem::Requirement
62
51
  none: false
63
52
  requirements:
64
53
  - - ! '>='
@@ -66,10 +55,10 @@ dependencies:
66
55
  version: '0'
67
56
  type: :development
68
57
  prerelease: false
69
- version_requirements: *2155922360
58
+ version_requirements: *2154428920
70
59
  - !ruby/object:Gem::Dependency
71
60
  name: rack-test
72
- requirement: &2155921780 !ruby/object:Gem::Requirement
61
+ requirement: &2154428340 !ruby/object:Gem::Requirement
73
62
  none: false
74
63
  requirements:
75
64
  - - ! '>='
@@ -77,10 +66,10 @@ dependencies:
77
66
  version: '0'
78
67
  type: :development
79
68
  prerelease: false
80
- version_requirements: *2155921780
69
+ version_requirements: *2154428340
81
70
  - !ruby/object:Gem::Dependency
82
71
  name: riot
83
- requirement: &2155921300 !ruby/object:Gem::Requirement
72
+ requirement: &2154421440 !ruby/object:Gem::Requirement
84
73
  none: false
85
74
  requirements:
86
75
  - - ! '>='
@@ -88,10 +77,10 @@ dependencies:
88
77
  version: '0'
89
78
  type: :development
90
79
  prerelease: false
91
- version_requirements: *2155921300
80
+ version_requirements: *2154421440
92
81
  - !ruby/object:Gem::Dependency
93
82
  name: timecop
94
- requirement: &2155920720 !ruby/object:Gem::Requirement
83
+ requirement: &2154420320 !ruby/object:Gem::Requirement
95
84
  none: false
96
85
  requirements:
97
86
  - - ! '>='
@@ -99,10 +88,10 @@ dependencies:
99
88
  version: '0'
100
89
  type: :development
101
90
  prerelease: false
102
- version_requirements: *2155920720
91
+ version_requirements: *2154420320
103
92
  - !ruby/object:Gem::Dependency
104
93
  name: simplecov
105
- requirement: &2155920200 !ruby/object:Gem::Requirement
94
+ requirement: &2154419880 !ruby/object:Gem::Requirement
106
95
  none: false
107
96
  requirements:
108
97
  - - ! '>='
@@ -110,10 +99,21 @@ dependencies:
110
99
  version: '0'
111
100
  type: :development
112
101
  prerelease: false
113
- version_requirements: *2155920200
102
+ version_requirements: *2154419880
114
103
  - !ruby/object:Gem::Dependency
115
104
  name: simplecov-html
116
- requirement: &2155919780 !ruby/object:Gem::Requirement
105
+ requirement: &2154419300 !ruby/object:Gem::Requirement
106
+ none: false
107
+ requirements:
108
+ - - ! '>='
109
+ - !ruby/object:Gem::Version
110
+ version: '0'
111
+ type: :development
112
+ prerelease: false
113
+ version_requirements: *2154419300
114
+ - !ruby/object:Gem::Dependency
115
+ name: trollop
116
+ requirement: &2154418520 !ruby/object:Gem::Requirement
117
117
  none: false
118
118
  requirements:
119
119
  - - ! '>='
@@ -121,7 +121,7 @@ dependencies:
121
121
  version: '0'
122
122
  type: :development
123
123
  prerelease: false
124
- version_requirements: *2155919780
124
+ version_requirements: *2154418520
125
125
  description: ! "This gem provides request authentication via [HMAC](http://en.wikipedia.org/wiki/Hmac).
126
126
  The main usage is request based, noninteractive\n authentication for API implementations.
127
127
  Two strategies are supported that differ mainly in how the authentication information