warden-hmac-authentication 0.6.3 → 0.6.4

Sign up to get free protection for your applications and to get access to all the features.
data/README.md CHANGED
@@ -178,7 +178,8 @@ Some headers are optional but should be included in the signature of the request
178
178
  includes `Content-MD5` and `Content-Type`. The list of optional headers can be configured using the `:optional_headers` config option.
179
179
  Optional headers are always included in the canonical representation if they are found in the request and not blank. Optional headers
180
180
  will be included in the canonical representation for query-based authentication if they are present in the request so be careful
181
- not to include any header that is out of your clients control.
181
+ not to include any header that is out of your clients control. Optional headers are currently not validated in any other way, that is
182
+ the strategy does not check that they actually match the provided request body. This check is currently up to the application.
182
183
 
183
184
  ## Date and TTL
184
185
 
@@ -1,16 +1,68 @@
1
1
  #!/usr/bin/env ruby
2
- #
3
- # This file was generated by Bundler.
4
- #
5
- # The application 'warden-hmac-authentication' is installed as part of a gem, and
6
- # this file is here to facilitate running it.
7
- #
8
2
 
9
- require 'pathname'
10
- ENV['BUNDLE_GEMFILE'] ||= File.expand_path("../../Gemfile",
11
- Pathname.new(__FILE__).realpath)
3
+ begin
4
+ require 'trollop'
5
+ rescue LoadError => e
6
+ puts ""
7
+ puts ""
8
+ puts "============= ERROR ================"
9
+ puts ""
10
+ puts "You need trollop installed or in your gemfile to use the signer"
11
+ puts ""
12
+ puts "============= ERROR ================"
13
+ puts ""
14
+ puts ""
15
+ exit(-1)
16
+ end
12
17
 
13
- require 'rubygems'
14
- require 'bundler/setup'
18
+ require 'hmac/signer'
15
19
 
16
- load Gem.bin_path('warden-hmac-authentication', 'warden-hmac-authentication')
20
+ opts = Trollop::options do
21
+
22
+ version "warden-hmac-sign 0.3.0 (c) 2011 Felix Gilcher, Florian Gilcher"
23
+ banner <<-EOS
24
+ warden-hmac-authentication is used to create and validate signed urls for
25
+ usage with the HMAC authentication scheme used by
26
+ https://github.com/Asquera/warden-hmac-authentication
27
+
28
+ Usage:
29
+ warden-hmac-authentication [options] <command> url
30
+
31
+ where command is one of
32
+
33
+ sign: signs the given url
34
+ validate: validates the given url
35
+
36
+ and where [options] are:
37
+
38
+ EOS
39
+
40
+ opt :algorithm, "The hashing algorithm to use for the HMAC", :type => :string, :default => "sha1"
41
+ opt :secret, "The shared secret for the HMAC", :type => :string, :required => true
42
+ opt :"auth-param", "The name for the auth param in the url", :default => "auth"
43
+ opt :"date", "The date to use for the signature (defaults to now)"
44
+ end
45
+
46
+ cmd = ARGV.shift
47
+ Trollop::die "You must give a command" if cmd.nil?
48
+ Trollop::die "You command must be one of [sign, validate]" unless ["sign", "validate"].include? cmd
49
+ Trollop::die "You must provide a URL" if ARGV.empty?
50
+ url = ARGV.shift
51
+
52
+ secret = opts.delete(:secret)
53
+ algorithm = opts.delete(:algorithm)
54
+
55
+ signer = HMAC::Signer.new(algorithm)
56
+
57
+ if "sign" == cmd
58
+ puts signer.sign_url(url, secret, opts)
59
+ else
60
+ success = signer.validate_url_signature(url, secret, opts)
61
+ if success
62
+ puts "URL #{url} is valid"
63
+ exit 0
64
+ else
65
+ puts "URL #{url} does not contain a valid signature"
66
+ exit 1
67
+ end
68
+ end
@@ -3,7 +3,7 @@ require 'hmac/signer'
3
3
 
4
4
  module Faraday
5
5
  class Request::Hmac < Faraday::Middleware
6
-
6
+
7
7
  # create a new Hmac middleware instance
8
8
  #
9
9
  # @param [Object] app The url of the request
@@ -13,7 +13,7 @@ module Faraday
13
13
  # @option options [String] :nonce ('') The nonce to use in the signature
14
14
  # @option options [String, #strftime] :date (Time.now) The date to use in the signature
15
15
  # @option options [Hash] :headers ({}) A list of optional headers to include in the signature
16
- #
16
+ #
17
17
  # @option options [String] :auth_scheme ('HMAC') The name of the authorization scheme used in the Authorization header and to construct various header-names
18
18
  # @option options [String] :auth_param ('auth') The name of the authentication param to use for query based authentication
19
19
  # @option options [Hash] :extra_auth_params ({}) Additional parameters to inject in the auth parameter. This parameter is ignored unless :query_based evaluates to true.
@@ -27,21 +27,22 @@ module Faraday
27
27
  def initialize(app, secret, options = {})
28
28
  @app, @secret, @options, @query_values = app, secret, options
29
29
  end
30
-
30
+
31
31
  def call(env)
32
32
  sign(env)
33
33
  @app.call(env)
34
34
  end
35
-
35
+
36
36
  def sign(env)
37
37
  signer = HMAC::Signer.new
38
38
  url = env[:url]
39
- headers, url = *signer.sign_request(url, @secret, @options)
40
-
39
+ method = env[:method]
40
+ headers, url = *signer.sign_request(url, @secret, @options.merge(:method => env[:method]))
41
+
41
42
  env[:request_headers] = (env[:request_headers] || {}).merge(headers)
42
43
  env[:url] = URI.parse(url)
43
44
  env
44
45
  end
45
-
46
+
46
47
  end
47
- end
48
+ end
@@ -0,0 +1,55 @@
1
+ require 'faraday'
2
+ require 'hmac/signer'
3
+
4
+ module Faraday
5
+ class Request::Hmac < Faraday::Middleware
6
+
7
+ # create a new Hmac middleware instance
8
+ #
9
+ # @param [Object] app The url of the request
10
+ # @param [String] secret The shared secret for the signature
11
+ # @param [Hash] options Options for the signature generation
12
+ #
13
+ # @option options [String] :nonce ('') The nonce to use in the signature
14
+ # @option options [String, #strftime] :date (Time.now) The date to use in the signature
15
+ # @option options [Hash] :headers ({}) A list of optional headers to include in the signature
16
+ #
17
+ # @option options [String] :auth_scheme ('HMAC') The name of the authorization scheme used in the Authorization header and to construct various header-names
18
+ # @option options [String] :auth_param ('auth') The name of the authentication param to use for query based authentication
19
+ # @option options [Hash] :extra_auth_params ({}) Additional parameters to inject in the auth parameter. This parameter is ignored unless :query_based evaluates to true.
20
+ # @option options [String] :auth_header ('Authorization') The name of the authorization header to use
21
+ # @option options [String] :auth_header_format ('%{auth_scheme} %{signature}') The format of the authorization header. Will be interpolated with the given options and the signature.
22
+ # @option options [String] :nonce_header ('X-#{auth_scheme}-Nonce') The header name for the request nonce
23
+ # @option options [String] :alternate_date_header ('X-#{auth_scheme}-Date') The header name for the alternate date header
24
+ # @option options [Bool] :query_based (false) Whether to use query based authentication
25
+ # @option options [Bool] :use_alternate_date_header (false) Use the alternate date header instead of `Date`
26
+ #
27
+ def initialize(app, secret, options = {})
28
+ @app, @secret, @options, @query_values = app, secret, options
29
+ end
30
+
31
+ def call(env)
32
+ sign(env)
33
+ @app.call(env)
34
+ end
35
+
36
+ def sign(env)
37
+ signer = HMAC::Signer.new
38
+ url = env[:url]
39
+ <<<<<<< HEAD
40
+ method = env[:method]
41
+ headers, url = *signer.sign_request(url, @secret, @options.merge(:method => env[:method]))
42
+ =======
43
+
44
+ signer_options = { :method => env[:method] }.merge @options
45
+
46
+ headers, url = *signer.sign_request(url, @secret, signer_options)
47
+ >>>>>>> fc6d1ee3917881a31a9f68a37ece8f630a896840
48
+
49
+ env[:request_headers] = (env[:request_headers] || {}).merge(headers)
50
+ env[:url] = URI.parse(url)
51
+ env
52
+ end
53
+
54
+ end
55
+ end
metadata CHANGED
@@ -1,211 +1,212 @@
1
- --- !ruby/object:Gem::Specification
1
+ --- !ruby/object:Gem::Specification
2
2
  name: warden-hmac-authentication
3
- version: !ruby/object:Gem::Version
4
- version: 0.6.3
5
- prerelease:
3
+ version: !ruby/object:Gem::Version
4
+ hash: 15
5
+ prerelease: false
6
+ segments:
7
+ - 0
8
+ - 6
9
+ - 4
10
+ version: 0.6.4
6
11
  platform: ruby
7
- authors:
12
+ authors:
8
13
  - Felix Gilcher
9
14
  - Florian Gilcher
10
15
  autorequire:
11
16
  bindir: bin
12
17
  cert_chain: []
13
- date: 2012-10-08 00:00:00.000000000 Z
14
- dependencies:
15
- - !ruby/object:Gem::Dependency
18
+
19
+ date: 2013-04-08 00:00:00 +02:00
20
+ default_executable:
21
+ dependencies:
22
+ - !ruby/object:Gem::Dependency
16
23
  name: rack
17
- requirement: !ruby/object:Gem::Requirement
18
- none: false
19
- requirements:
20
- - - ! '>='
21
- - !ruby/object:Gem::Version
22
- version: '0'
23
- type: :runtime
24
24
  prerelease: false
25
- version_requirements: !ruby/object:Gem::Requirement
26
- none: false
27
- requirements:
28
- - - ! '>='
29
- - !ruby/object:Gem::Version
30
- version: '0'
31
- - !ruby/object:Gem::Dependency
32
- name: warden
33
- requirement: !ruby/object:Gem::Requirement
34
- none: false
35
- requirements:
36
- - - ! '>='
37
- - !ruby/object:Gem::Version
38
- version: '0'
25
+ requirement: &id001 !ruby/object:Gem::Requirement
26
+ none: false
27
+ requirements:
28
+ - - ">="
29
+ - !ruby/object:Gem::Version
30
+ hash: 3
31
+ segments:
32
+ - 0
33
+ version: "0"
39
34
  type: :runtime
35
+ version_requirements: *id001
36
+ - !ruby/object:Gem::Dependency
37
+ name: warden
40
38
  prerelease: false
41
- version_requirements: !ruby/object:Gem::Requirement
42
- none: false
43
- requirements:
44
- - - ! '>='
45
- - !ruby/object:Gem::Version
46
- version: '0'
47
- - !ruby/object:Gem::Dependency
39
+ requirement: &id002 !ruby/object:Gem::Requirement
40
+ none: false
41
+ requirements:
42
+ - - ">="
43
+ - !ruby/object:Gem::Version
44
+ hash: 3
45
+ segments:
46
+ - 0
47
+ version: "0"
48
+ type: :runtime
49
+ version_requirements: *id002
50
+ - !ruby/object:Gem::Dependency
48
51
  name: rake
49
- requirement: !ruby/object:Gem::Requirement
50
- none: false
51
- requirements:
52
- - - ! '>='
53
- - !ruby/object:Gem::Version
54
- version: '0'
55
- type: :development
56
52
  prerelease: false
57
- version_requirements: !ruby/object:Gem::Requirement
58
- none: false
59
- requirements:
60
- - - ! '>='
61
- - !ruby/object:Gem::Version
62
- version: '0'
63
- - !ruby/object:Gem::Dependency
64
- name: rack-test
65
- requirement: !ruby/object:Gem::Requirement
66
- none: false
67
- requirements:
68
- - - ! '>='
69
- - !ruby/object:Gem::Version
70
- version: '0'
53
+ requirement: &id003 !ruby/object:Gem::Requirement
54
+ none: false
55
+ requirements:
56
+ - - ">="
57
+ - !ruby/object:Gem::Version
58
+ hash: 3
59
+ segments:
60
+ - 0
61
+ version: "0"
71
62
  type: :development
63
+ version_requirements: *id003
64
+ - !ruby/object:Gem::Dependency
65
+ name: rack-test
72
66
  prerelease: false
73
- version_requirements: !ruby/object:Gem::Requirement
74
- none: false
75
- requirements:
76
- - - ! '>='
77
- - !ruby/object:Gem::Version
78
- version: '0'
79
- - !ruby/object:Gem::Dependency
80
- name: riot
81
- requirement: !ruby/object:Gem::Requirement
82
- none: false
83
- requirements:
84
- - - ! '>='
85
- - !ruby/object:Gem::Version
86
- version: '0'
67
+ requirement: &id004 !ruby/object:Gem::Requirement
68
+ none: false
69
+ requirements:
70
+ - - ">="
71
+ - !ruby/object:Gem::Version
72
+ hash: 3
73
+ segments:
74
+ - 0
75
+ version: "0"
87
76
  type: :development
77
+ version_requirements: *id004
78
+ - !ruby/object:Gem::Dependency
79
+ name: riot
88
80
  prerelease: false
89
- version_requirements: !ruby/object:Gem::Requirement
90
- none: false
91
- requirements:
92
- - - ! '>='
93
- - !ruby/object:Gem::Version
94
- version: '0'
95
- - !ruby/object:Gem::Dependency
96
- name: timecop
97
- requirement: !ruby/object:Gem::Requirement
98
- none: false
99
- requirements:
100
- - - ! '>='
101
- - !ruby/object:Gem::Version
102
- version: '0'
81
+ requirement: &id005 !ruby/object:Gem::Requirement
82
+ none: false
83
+ requirements:
84
+ - - ">="
85
+ - !ruby/object:Gem::Version
86
+ hash: 3
87
+ segments:
88
+ - 0
89
+ version: "0"
103
90
  type: :development
91
+ version_requirements: *id005
92
+ - !ruby/object:Gem::Dependency
93
+ name: timecop
104
94
  prerelease: false
105
- version_requirements: !ruby/object:Gem::Requirement
106
- none: false
107
- requirements:
108
- - - ! '>='
109
- - !ruby/object:Gem::Version
110
- version: '0'
111
- - !ruby/object:Gem::Dependency
112
- name: simplecov
113
- requirement: !ruby/object:Gem::Requirement
114
- none: false
115
- requirements:
116
- - - ! '>='
117
- - !ruby/object:Gem::Version
118
- version: '0'
95
+ requirement: &id006 !ruby/object:Gem::Requirement
96
+ none: false
97
+ requirements:
98
+ - - ">="
99
+ - !ruby/object:Gem::Version
100
+ hash: 3
101
+ segments:
102
+ - 0
103
+ version: "0"
119
104
  type: :development
105
+ version_requirements: *id006
106
+ - !ruby/object:Gem::Dependency
107
+ name: simplecov
120
108
  prerelease: false
121
- version_requirements: !ruby/object:Gem::Requirement
122
- none: false
123
- requirements:
124
- - - ! '>='
125
- - !ruby/object:Gem::Version
126
- version: '0'
127
- - !ruby/object:Gem::Dependency
128
- name: simplecov-html
129
- requirement: !ruby/object:Gem::Requirement
130
- none: false
131
- requirements:
132
- - - ! '>='
133
- - !ruby/object:Gem::Version
134
- version: '0'
109
+ requirement: &id007 !ruby/object:Gem::Requirement
110
+ none: false
111
+ requirements:
112
+ - - ">="
113
+ - !ruby/object:Gem::Version
114
+ hash: 3
115
+ segments:
116
+ - 0
117
+ version: "0"
135
118
  type: :development
119
+ version_requirements: *id007
120
+ - !ruby/object:Gem::Dependency
121
+ name: simplecov-html
136
122
  prerelease: false
137
- version_requirements: !ruby/object:Gem::Requirement
138
- none: false
139
- requirements:
140
- - - ! '>='
141
- - !ruby/object:Gem::Version
142
- version: '0'
143
- - !ruby/object:Gem::Dependency
144
- name: trollop
145
- requirement: !ruby/object:Gem::Requirement
146
- none: false
147
- requirements:
148
- - - ! '>='
149
- - !ruby/object:Gem::Version
150
- version: '0'
123
+ requirement: &id008 !ruby/object:Gem::Requirement
124
+ none: false
125
+ requirements:
126
+ - - ">="
127
+ - !ruby/object:Gem::Version
128
+ hash: 3
129
+ segments:
130
+ - 0
131
+ version: "0"
151
132
  type: :development
133
+ version_requirements: *id008
134
+ - !ruby/object:Gem::Dependency
135
+ name: trollop
152
136
  prerelease: false
153
- version_requirements: !ruby/object:Gem::Requirement
154
- none: false
155
- requirements:
156
- - - ! '>='
157
- - !ruby/object:Gem::Version
158
- version: '0'
159
- description: ! "This gem provides request authentication via [HMAC](http://en.wikipedia.org/wiki/Hmac).
160
- The main usage is request based, noninteractive\n authentication for API implementations.
161
- Two strategies are supported that differ mainly in how the authentication information
162
- is\n transferred to the server: One header-based authentication method and one
163
- query-based. The authentication scheme is in some parts based\n on ideas laid out
164
- in this article and the following discussion: \n http://broadcast.oreilly.com/2009/12/principles-for-standardized-rest-authentication.html\n\n
165
- \ The gem also provides a small helper class that can be used to generate request
166
- signatures."
167
- email:
137
+ requirement: &id009 !ruby/object:Gem::Requirement
138
+ none: false
139
+ requirements:
140
+ - - ">="
141
+ - !ruby/object:Gem::Version
142
+ hash: 3
143
+ segments:
144
+ - 0
145
+ version: "0"
146
+ type: :development
147
+ version_requirements: *id009
148
+ description: |-
149
+ This gem provides request authentication via [HMAC](http://en.wikipedia.org/wiki/Hmac). The main usage is request based, noninteractive
150
+ authentication for API implementations. Two strategies are supported that differ mainly in how the authentication information is
151
+ transferred to the server: One header-based authentication method and one query-based. The authentication scheme is in some parts based
152
+ on ideas laid out in this article and the following discussion:
153
+ http://broadcast.oreilly.com/2009/12/principles-for-standardized-rest-authentication.html
154
+
155
+ The gem also provides a small helper class that can be used to generate request signatures.
156
+ email:
168
157
  - felix.gilcher@asquera.de
169
158
  - florian.gilcher@asquera.de
170
- executables:
159
+ executables:
171
160
  - warden-hmac-authentication
172
161
  extensions: []
162
+
173
163
  extra_rdoc_files: []
174
- files:
164
+
165
+ files:
175
166
  - README.md
176
167
  - Rakefile
177
168
  - LICENSE
178
169
  - lib/faraday/request/hmac.rb
170
+ - lib/faraday/request/hmac.rb~
179
171
  - lib/hmac/signer.rb
180
172
  - lib/hmac/strategies/base.rb
181
173
  - lib/hmac/strategies/header.rb
182
174
  - lib/hmac/strategies/query.rb
183
175
  - lib/hmac/string/jruby.rb
184
- - !binary |-
185
- YmluL3dhcmRlbi1obWFjLWF1dGhlbnRpY2F0aW9u
176
+ - bin/warden-hmac-authentication
177
+ has_rdoc: true
186
178
  homepage: https://github.com/Asquera/warden-hmac-authentication
187
179
  licenses: []
180
+
188
181
  post_install_message:
189
182
  rdoc_options: []
190
- require_paths:
183
+
184
+ require_paths:
191
185
  - lib
192
- required_ruby_version: !ruby/object:Gem::Requirement
186
+ required_ruby_version: !ruby/object:Gem::Requirement
193
187
  none: false
194
- requirements:
195
- - - ! '>='
196
- - !ruby/object:Gem::Version
197
- version: '0'
198
- required_rubygems_version: !ruby/object:Gem::Requirement
188
+ requirements:
189
+ - - ">="
190
+ - !ruby/object:Gem::Version
191
+ hash: 3
192
+ segments:
193
+ - 0
194
+ version: "0"
195
+ required_rubygems_version: !ruby/object:Gem::Requirement
199
196
  none: false
200
- requirements:
201
- - - ! '>='
202
- - !ruby/object:Gem::Version
203
- version: '0'
197
+ requirements:
198
+ - - ">="
199
+ - !ruby/object:Gem::Version
200
+ hash: 3
201
+ segments:
202
+ - 0
203
+ version: "0"
204
204
  requirements: []
205
+
205
206
  rubyforge_project:
206
- rubygems_version: 1.8.24
207
+ rubygems_version: 1.3.7
207
208
  signing_key:
208
209
  specification_version: 3
209
210
  summary: Provides request based, non-interactive authentication for APIs
210
211
  test_files: []
211
- has_rdoc:
212
+