diff options
author | Daniel DeLeo <dan@opscode.com> | 2010-07-21 22:04:57 -0700 |
---|---|---|
committer | Daniel DeLeo <dan@opscode.com> | 2010-07-21 22:04:57 -0700 |
commit | 81a224651317063a65fb7b8318cc220fd5930045 (patch) | |
tree | 32aefc39c64b35e187bed4ec6c47cc6b949cff86 | |
parent | 48df6b6096cef7cb0c366525d82e20befcf8e345 (diff) | |
download | mixlib-authentication-81a224651317063a65fb7b8318cc220fd5930045.tar.gz |
[CHEF-761] revert to verifying the headers in initialize
...so that malformed requests are caught before we try to use any of
their headers
-rw-r--r-- | lib/mixlib/authentication/http_authentication_request.rb | 1 | ||||
-rw-r--r-- | lib/mixlib/authentication/signatureverification.rb | 3 |
2 files changed, 2 insertions, 2 deletions
diff --git a/lib/mixlib/authentication/http_authentication_request.rb b/lib/mixlib/authentication/http_authentication_request.rb index 3522149..cc6b566 100644 --- a/lib/mixlib/authentication/http_authentication_request.rb +++ b/lib/mixlib/authentication/http_authentication_request.rb @@ -29,6 +29,7 @@ module Mixlib def initialize(request) @request = request @request_signature = nil + validate_headers! end def headers diff --git a/lib/mixlib/authentication/signatureverification.rb b/lib/mixlib/authentication/signatureverification.rb index 0562e12..f2dee9a 100644 --- a/lib/mixlib/authentication/signatureverification.rb +++ b/lib/mixlib/authentication/signatureverification.rb @@ -79,12 +79,11 @@ module Mixlib def authenticate_request(user_secret, time_skew=(15*60)) Mixlib::Authentication::Log.debug "Initializing header auth : #{request.inspect}" - @request = request @user_secret = user_secret @allowed_time_skew = time_skew # in seconds begin - @auth_request.validate_headers! + @auth_request #BUGBUG Not doing anything with the signing description yet [cb] parse_signing_description |