warden-hmac-authentication 0.5.4 → 0.5.5

Sign up to get free protection for your applications and to get access to all the features.
Files changed (4) hide show
  1. data/bin/warden-hmac-authentication +64 -12
  2. data/lib/hmac/strategies/base.rb +4 -4
  3. data/lib/hmac/strategies/header.rb +3 -3
  4. metadata +22 -22
data/bin/warden-hmac-authentication CHANGED
@@ -1,16 +1,68 @@
1
1
  #!/usr/bin/env ruby
2
- #
3
- # This file was generated by Bundler.
4
- #
5
- # The application 'warden-hmac-authentication' is installed as part of a gem, and
6
- # this file is here to facilitate running it.
7
- #
8
2
 
9
- require 'pathname'
10
- ENV['BUNDLE_GEMFILE'] ||= File.expand_path("../../Gemfile",
11
- Pathname.new(__FILE__).realpath)
3
+ begin
4
+ require 'trollop'
5
+ rescue LoadError => e
6
+ puts ""
7
+ puts ""
8
+ puts "============= ERROR ================"
9
+ puts ""
10
+ puts "You need trollop installed or in your gemfile to use the signer"
11
+ puts ""
12
+ puts "============= ERROR ================"
13
+ puts ""
14
+ puts ""
15
+ exit(-1)
16
+ end
12
17
 
13
- require 'rubygems'
14
- require 'bundler/setup'
18
+ require 'hmac/signer'
15
19
 
16
- load Gem.bin_path('warden-hmac-authentication', 'warden-hmac-authentication')
20
+ opts = Trollop::options do
21
+
22
+ version "warden-hmac-sign 0.3.0 (c) 2011 Felix Gilcher, Florian Gilcher"
23
+ banner <<-EOS
24
+ warden-hmac-authentication is used to create and validate signed urls for
25
+ usage with the HMAC authentication scheme used by
26
+ https://github.com/Asquera/warden-hmac-authentication
27
+
28
+ Usage:
29
+ warden-hmac-authentication [options] <command> url
30
+
31
+ where command is one of
32
+
33
+ sign: signs the given url
34
+ validate: validates the given url
35
+
36
+ and where [options] are:
37
+
38
+ EOS
39
+
40
+ opt :algorithm, "The hashing algorithm to use for the HMAC", :type => :string, :default => "sha1"
41
+ opt :secret, "The shared secret for the HMAC", :type => :string, :required => true
42
+ opt :"auth-param", "The name for the auth param in the url", :default => "auth"
43
+ opt :"date", "The date to use for the signature (defaults to now)"
44
+ end
45
+
46
+ cmd = ARGV.shift
47
+ Trollop::die "You must give a command" if cmd.nil?
48
+ Trollop::die "You command must be one of [sign, validate]" unless ["sign", "validate"].include? cmd
49
+ Trollop::die "You must provide a URL" if ARGV.empty?
50
+ url = ARGV.shift
51
+
52
+ secret = opts.delete(:secret)
53
+ algorithm = opts.delete(:algorithm)
54
+
55
+ signer = HMAC::Signer.new(algorithm)
56
+
57
+ if "sign" == cmd
58
+ puts signer.sign_url(url, secret, opts)
59
+ else
60
+ success = signer.validate_url_signature(url, secret, opts)
61
+ if success
62
+ puts "URL #{url} is valid"
63
+ exit 0
64
+ else
65
+ puts "URL #{url} does not contain a valid signature"
66
+ exit 1
67
+ end
68
+ end
data/lib/hmac/strategies/base.rb CHANGED
@@ -105,7 +105,7 @@ module Warden
105
105
  end
106
106
 
107
107
  def auth_header
108
- config[:auth_header] || "Authorization"
108
+ (config[:auth_header] || "Authorization").upcase
109
109
  end
110
110
 
111
111
  def auth_scheme_name
@@ -113,15 +113,15 @@ module Warden
113
113
  end
114
114
 
115
115
  def nonce_header_name
116
- config[:nonce_header] || "X-#{auth_scheme_name}-Nonce"
116
+ (config[:nonce_header] || "X-#{auth_scheme_name}-Nonce").upcase
117
117
  end
118
118
 
119
119
  def alternate_date_header_name
120
- config[:alternate_date_header] || "X-#{auth_scheme_name}-Date"
120
+ (config[:alternate_date_header] || "X-#{auth_scheme_name}-Date").upcase
121
121
  end
122
122
 
123
123
  def optional_headers
124
- (config[:optional_headers] || []) + ["Content-MD5", "Content-Type"]
124
+ ((config[:optional_headers] || []) + ["Content-MD5", "Content-Type"]).map {|h| h.upcase }
125
125
  end
126
126
 
127
127
  def auth_header_format
data/lib/hmac/strategies/header.rb CHANGED
@@ -15,7 +15,7 @@ module Warden
15
15
  # @return [Bool] true if all required authentication information is available in the request
16
16
  # @see https://github.com/hassox/warden/wiki/Strategies
17
17
  def valid?
18
- valid = required_headers.all? { |h| headers.include?(h) } && headers.include?("Authorization") && has_timestamp?
18
+ valid = required_headers.all? { |h| headers.include?(h) } && headers.include?("AUTHORIZATION") && has_timestamp?
19
19
  valid = valid && scheme_valid?
20
20
  valid
21
21
  end
@@ -97,9 +97,9 @@ module Warden
97
97
 
98
98
  def date_header
99
99
  if headers.include? alternate_date_header_name
100
- alternate_date_header_name
100
+ alternate_date_header_name.upcase
101
101
  else
102
- "Date"
102
+ "DATE"
103
103
  end
104
104
  end
105
105
 
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: warden-hmac-authentication
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.5.4
4
+ version: 0.5.5
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -10,11 +10,11 @@ authors:
10
10
  autorequire:
11
11
  bindir: bin
12
12
  cert_chain: []
13
- date: 2012-01-10 00:00:00.000000000Z
13
+ date: 2012-01-15 00:00:00.000000000Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: addressable
17
- requirement: &2160133740 !ruby/object:Gem::Requirement
17
+ requirement: &2157827400 !ruby/object:Gem::Requirement
18
18
  none: false
19
19
  requirements:
20
20
  - - ! '>='
@@ -22,10 +22,10 @@ dependencies:
22
22
  version: '0'
23
23
  type: :runtime
24
24
  prerelease: false
25
- version_requirements: *2160133740
25
+ version_requirements: *2157827400
26
26
  - !ruby/object:Gem::Dependency
27
27
  name: rack
28
- requirement: &2160132880 !ruby/object:Gem::Requirement
28
+ requirement: &2157826460 !ruby/object:Gem::Requirement
29
29
  none: false
30
30
  requirements:
31
31
  - - ! '>='
@@ -33,10 +33,10 @@ dependencies:
33
33
  version: '0'
34
34
  type: :runtime
35
35
  prerelease: false
36
- version_requirements: *2160132880
36
+ version_requirements: *2157826460
37
37
  - !ruby/object:Gem::Dependency
38
38
  name: warden
39
- requirement: &2160131880 !ruby/object:Gem::Requirement
39
+ requirement: &2157825640 !ruby/object:Gem::Requirement
40
40
  none: false
41
41
  requirements:
42
42
  - - ! '>='
@@ -44,10 +44,10 @@ dependencies:
44
44
  version: '0'
45
45
  type: :runtime
46
46
  prerelease: false
47
- version_requirements: *2160131880
47
+ version_requirements: *2157825640
48
48
  - !ruby/object:Gem::Dependency
49
49
  name: rake
50
- requirement: &2160130760 !ruby/object:Gem::Requirement
50
+ requirement: &2157824460 !ruby/object:Gem::Requirement
51
51
  none: false
52
52
  requirements:
53
53
  - - ! '>='
@@ -55,10 +55,10 @@ dependencies:
55
55
  version: '0'
56
56
  type: :development
57
57
  prerelease: false
58
- version_requirements: *2160130760
58
+ version_requirements: *2157824460
59
59
  - !ruby/object:Gem::Dependency
60
60
  name: rack-test
61
- requirement: &2160129280 !ruby/object:Gem::Requirement
61
+ requirement: &2157823380 !ruby/object:Gem::Requirement
62
62
  none: false
63
63
  requirements:
64
64
  - - ! '>='
@@ -66,10 +66,10 @@ dependencies:
66
66
  version: '0'
67
67
  type: :development
68
68
  prerelease: false
69
- version_requirements: *2160129280
69
+ version_requirements: *2157823380
70
70
  - !ruby/object:Gem::Dependency
71
71
  name: riot
72
- requirement: &2160128600 !ruby/object:Gem::Requirement
72
+ requirement: &2157822860 !ruby/object:Gem::Requirement
73
73
  none: false
74
74
  requirements:
75
75
  - - ! '>='
@@ -77,10 +77,10 @@ dependencies:
77
77
  version: '0'
78
78
  type: :development
79
79
  prerelease: false
80
- version_requirements: *2160128600
80
+ version_requirements: *2157822860
81
81
  - !ruby/object:Gem::Dependency
82
82
  name: timecop
83
- requirement: &2160127940 !ruby/object:Gem::Requirement
83
+ requirement: &2157822400 !ruby/object:Gem::Requirement
84
84
  none: false
85
85
  requirements:
86
86
  - - ! '>='
@@ -88,10 +88,10 @@ dependencies:
88
88
  version: '0'
89
89
  type: :development
90
90
  prerelease: false
91
- version_requirements: *2160127940
91
+ version_requirements: *2157822400
92
92
  - !ruby/object:Gem::Dependency
93
93
  name: simplecov
94
- requirement: &2160127140 !ruby/object:Gem::Requirement
94
+ requirement: &2157821680 !ruby/object:Gem::Requirement
95
95
  none: false
96
96
  requirements:
97
97
  - - ! '>='
@@ -99,10 +99,10 @@ dependencies:
99
99
  version: '0'
100
100
  type: :development
101
101
  prerelease: false
102
- version_requirements: *2160127140
102
+ version_requirements: *2157821680
103
103
  - !ruby/object:Gem::Dependency
104
104
  name: simplecov-html
105
- requirement: &2160126080 !ruby/object:Gem::Requirement
105
+ requirement: &2157820800 !ruby/object:Gem::Requirement
106
106
  none: false
107
107
  requirements:
108
108
  - - ! '>='
@@ -110,10 +110,10 @@ dependencies:
110
110
  version: '0'
111
111
  type: :development
112
112
  prerelease: false
113
- version_requirements: *2160126080
113
+ version_requirements: *2157820800
114
114
  - !ruby/object:Gem::Dependency
115
115
  name: trollop
116
- requirement: &2160124740 !ruby/object:Gem::Requirement
116
+ requirement: &2157820020 !ruby/object:Gem::Requirement
117
117
  none: false
118
118
  requirements:
119
119
  - - ! '>='
@@ -121,7 +121,7 @@ dependencies:
121
121
  version: '0'
122
122
  type: :development
123
123
  prerelease: false
124
- version_requirements: *2160124740
124
+ version_requirements: *2157820020
125
125
  description: ! "This gem provides request authentication via [HMAC](http://en.wikipedia.org/wiki/Hmac).
126
126
  The main usage is request based, noninteractive\n authentication for API implementations.
127
127
  Two strategies are supported that differ mainly in how the authentication information