diff options
author | Thom May <thom@chef.io> | 2016-06-08 11:25:56 +0100 |
---|---|---|
committer | Thom May <thom@may.lt> | 2016-06-08 11:25:56 +0100 |
commit | 8cd4ab1ad2b48cf92b45cd980279f7d5b836892f (patch) | |
tree | b1226b3f5f56a05ed34bc7d55422be18106b3064 /lib | |
parent | 2dffcfb7ce778efb60834c66aa1e0cd4ec500901 (diff) | |
download | mixlib-authentication-8cd4ab1ad2b48cf92b45cd980279f7d5b836892f.tar.gz |
Chefstyle and modernisev1.4.1
Signed-off-by: Thom May <thom@may.lt>
Diffstat (limited to 'lib')
-rw-r--r-- | lib/mixlib/authentication.rb | 16 | ||||
-rw-r--r-- | lib/mixlib/authentication/digester.rb | 12 | ||||
-rw-r--r-- | lib/mixlib/authentication/http_authentication_request.rb | 11 | ||||
-rw-r--r-- | lib/mixlib/authentication/signatureverification.rb | 65 | ||||
-rw-r--r-- | lib/mixlib/authentication/signedheaderauth.rb | 52 | ||||
-rw-r--r-- | lib/mixlib/authentication/version.rb | 3 |
6 files changed, 75 insertions, 84 deletions
diff --git a/lib/mixlib/authentication.rb b/lib/mixlib/authentication.rb index 245aa24..443512e 100644 --- a/lib/mixlib/authentication.rb +++ b/lib/mixlib/authentication.rb @@ -6,9 +6,9 @@ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at -# +# # http://www.apache.org/licenses/LICENSE-2.0 -# +# # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -16,11 +16,11 @@ # limitations under the License. # -require 'mixlib/log' +require "mixlib/log" module Mixlib module Authentication - DEFAULT_SERVER_API_VERSION = '0' + DEFAULT_SERVER_API_VERSION = "0" class AuthenticationError < StandardError end @@ -29,12 +29,10 @@ module Mixlib end class Log - extend Mixlib::Log + extend Mixlib::Log end - + Log.level = :error - + end end - - diff --git a/lib/mixlib/authentication/digester.rb b/lib/mixlib/authentication/digester.rb index c456824..8628d53 100644 --- a/lib/mixlib/authentication/digester.rb +++ b/lib/mixlib/authentication/digester.rb @@ -6,9 +6,9 @@ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at -# +# # http://www.apache.org/licenses/LICENSE-2.0 -# +# # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -16,15 +16,15 @@ # limitations under the License. # -require 'mixlib/authentication' -require 'openssl' +require "mixlib/authentication" +require "openssl" module Mixlib module Authentication class Digester class << self - def hash_file(f, digest=OpenSSL::Digest::SHA1) + def hash_file(f, digest = OpenSSL::Digest::SHA1) digester = digest.new buf = "" while f.read(16384, buf) @@ -37,7 +37,7 @@ module Mixlib # # ====Parameters # - def hash_string(str, digest=OpenSSL::Digest::SHA1) + def hash_string(str, digest = OpenSSL::Digest::SHA1) ::Base64.encode64(digest.digest(str)).chomp end diff --git a/lib/mixlib/authentication/http_authentication_request.rb b/lib/mixlib/authentication/http_authentication_request.rb index ad8354f..819f8f5 100644 --- a/lib/mixlib/authentication/http_authentication_request.rb +++ b/lib/mixlib/authentication/http_authentication_request.rb @@ -6,9 +6,9 @@ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at -# +# # http://www.apache.org/licenses/LICENSE-2.0 -# +# # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -16,7 +16,7 @@ # limitations under the License. # -require 'mixlib/authentication' +require "mixlib/authentication" module Mixlib module Authentication @@ -33,7 +33,7 @@ module Mixlib end def headers - @headers ||= @request.env.inject({ }) { |memo, kv| memo[$2.gsub(/\-/,"_").downcase.to_sym] = kv[1] if kv[0] =~ /^(HTTP_)(.*)/; memo } + @headers ||= @request.env.inject({}) { |memo, kv| memo[$2.tr("-", "_").downcase.to_sym] = kv[1] if kv[0] =~ /^(HTTP_)(.*)/; memo } end def http_method @@ -70,13 +70,12 @@ module Mixlib def request_signature unless @request_signature - @request_signature = headers.find_all { |h| h[0].to_s =~ /^x_ops_authorization_/ }.sort { |x,y| x.to_s <=> y.to_s}.map { |i| i[1] }.join("\n") + @request_signature = headers.find_all { |h| h[0].to_s =~ /^x_ops_authorization_/ }.sort { |x, y| x.to_s <=> y.to_s }.map { |i| i[1] }.join("\n") Mixlib::Authentication::Log.debug "Reconstituted (user-supplied) request signature: #{@request_signature}" end @request_signature end - def validate_headers! missing_headers = MANDATORY_HEADERS - headers.keys unless missing_headers.empty? diff --git a/lib/mixlib/authentication/signatureverification.rb b/lib/mixlib/authentication/signatureverification.rb index 20b18a5..842fc1f 100644 --- a/lib/mixlib/authentication/signatureverification.rb +++ b/lib/mixlib/authentication/signatureverification.rb @@ -7,9 +7,9 @@ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at -# +# # http://www.apache.org/licenses/LICENSE-2.0 -# +# # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -17,11 +17,11 @@ # limitations under the License. # -require 'net/http' -require 'forwardable' -require 'mixlib/authentication' -require 'mixlib/authentication/http_authentication_request' -require 'mixlib/authentication/signedheaderauth' +require "net/http" +require "forwardable" +require "mixlib/authentication" +require "mixlib/authentication/http_authentication_request" +require "mixlib/authentication/signedheaderauth" module Mixlib module Authentication @@ -52,7 +52,7 @@ module Mixlib include Mixlib::Authentication::SignedHeaderAuth - def initialize(request=nil) + def initialize(request = nil) @auth_request = HTTPAuthenticationRequest.new(request) if request @valid_signature, @valid_timestamp, @valid_content_hash = false, false, false @@ -60,8 +60,7 @@ module Mixlib @hashed_body = nil end - - def authenticate_user_request(request, user_lookup, time_skew=(15*60)) + def authenticate_user_request(request, user_lookup, time_skew = (15 * 60)) @auth_request = HTTPAuthenticationRequest.new(request) authenticate_request(user_lookup, time_skew) end @@ -74,9 +73,9 @@ module Mixlib # X-Ops-Sign: algorithm=sha1;version=1.0; # X-Ops-UserId: <user_id> # X-Ops-Timestamp: - # X-Ops-Content-Hash: + # X-Ops-Content-Hash: # X-Ops-Authorization-#{line_number} - def authenticate_request(user_secret, time_skew=(15*60)) + def authenticate_request(user_secret, time_skew = (15 * 60)) Mixlib::Authentication::Log.debug "Initializing header auth : #{request.inspect}" @user_secret = user_secret @@ -87,14 +86,14 @@ module Mixlib # version 1.0 clients don't include their algorithm in the # signing description, so default to sha1 - parts[:algorithm] ||= 'sha1' + parts[:algorithm] ||= "sha1" verify_signature(parts[:algorithm], parts[:version]) verify_timestamp verify_content_hash - rescue StandardError=>se - raise AuthenticationError,"Failed to authenticate user request. Check your client key and clock: #{se.message}", se.backtrace + rescue StandardError => se + raise AuthenticationError, "Failed to authenticate user request. Check your client key and clock: #{se.message}", se.backtrace end if valid_request? @@ -121,11 +120,11 @@ module Mixlib end # The authorization header is a Base64-encoded version of an RSA signature. - # The client sent it on multiple header lines, starting at index 1 - + # The client sent it on multiple header lines, starting at index 1 - # X-Ops-Authorization-1, X-Ops-Authorization-2, etc. Pull them out and # concatenate. def headers - @headers ||= request.env.inject({ }) { |memo, kv| memo[$2.gsub(/\-/,"_").downcase.to_sym] = kv[1] if kv[0] =~ /^(HTTP_)(.*)/; memo } + @headers ||= request.env.inject({}) { |memo, kv| memo[$2.tr("-", "_").downcase.to_sym] = kv[1] if kv[0] =~ /^(HTTP_)(.*)/; memo } end private @@ -142,7 +141,7 @@ module Mixlib candidate_block = canonicalize_request(algorithm, version) signature = Base64.decode64(request_signature) @valid_signature = case version - when '1.3' + when "1.3" digest = validate_sign_version_digest!(algorithm, version) @user_secret.verify(digest.new, signature, candidate_block) else @@ -177,10 +176,9 @@ module Mixlib @valid_content_hash end - # The request signature is based on any file attached, if any. Otherwise # it's based on the body of the request. - def hashed_body(digest=Digest::SHA1) + def hashed_body(digest = Digest::SHA1) unless @hashed_body # TODO: tim: 2009-112-28: It'd be nice to remove this special case, and # always hash the entire request body. In the file case it would just be @@ -189,22 +187,22 @@ module Mixlib # Pull out any file that was attached to this request, using multipart # form uploads. # Depending on the server we're running in, multipart form uploads are - # handed to us differently. - # - In Passenger (Cookbooks Community Site), the File is handed to us - # directly in the params hash. The name is whatever the client used, - # its value is therefore a File or Tempfile. + # handed to us differently. + # - In Passenger (Cookbooks Community Site), the File is handed to us + # directly in the params hash. The name is whatever the client used, + # its value is therefore a File or Tempfile. # e.g. request['file_param'] = File - # - # - In Merb (Chef server), the File is wrapped. The original parameter + # + # - In Merb (Chef server), the File is wrapped. The original parameter # name used for the file is used, but its value is a Hash. Within - # the hash is a name/value pair named 'file' which actually + # the hash is a name/value pair named 'file' which actually # contains the Tempfile instance. # e.g. request['file_param'] = { :file => Tempfile } file_param = request.params.values.find { |value| value.respond_to?(:read) } # No file_param; we're running in Merb, or it's just not there.. if file_param.nil? - hash_param = request.params.values.find { |value| value.respond_to?(:has_key?) } # Hash responds to :has_key? . + hash_param = request.params.values.find { |value| value.respond_to?(:has_key?) } # Hash responds to :has_key? . if !hash_param.nil? file_param = hash_param.values.find { |value| value.respond_to?(:read) } # File/Tempfile responds to :read. end @@ -225,22 +223,19 @@ module Mixlib end # Compare the request timestamp with boundary time - # - # + # + # # ====Parameters # time1<Time>:: minuend # time2<Time>:: subtrahend # def timestamp_within_bounds?(time1, time2) - time_diff = (time2-time1).abs + time_diff = (time2 - time1).abs is_allowed = (time_diff < @allowed_time_skew) Mixlib::Authentication::Log.debug "Request time difference: #{time_diff}, within #{@allowed_time_skew} seconds? : #{!!is_allowed}" - is_allowed + is_allowed end end - end end - - diff --git a/lib/mixlib/authentication/signedheaderauth.rb b/lib/mixlib/authentication/signedheaderauth.rb index 09a22ee..ab8d989 100644 --- a/lib/mixlib/authentication/signedheaderauth.rb +++ b/lib/mixlib/authentication/signedheaderauth.rb @@ -17,11 +17,11 @@ # limitations under the License. # -require 'time' -require 'base64' -require 'openssl/digest' -require 'mixlib/authentication' -require 'mixlib/authentication/digester' +require "time" +require "base64" +require "openssl/digest" +require "mixlib/authentication" +require "mixlib/authentication/digester" module Mixlib module Authentication @@ -31,18 +31,18 @@ module Mixlib NULL_ARG = Object.new ALGORITHM_FOR_VERSION = { - '1.0' => 'sha1', - '1.1' => 'sha1', - '1.3' => 'sha256', + "1.0" => "sha1", + "1.1" => "sha1", + "1.3" => "sha256", }.freeze() # Use of SUPPORTED_ALGORITHMS and SUPPORTED_VERSIONS is deprecated. Use # ALGORITHM_FOR_VERSION instead - SUPPORTED_ALGORITHMS = ['sha1'].freeze - SUPPORTED_VERSIONS = ['1.0', '1.1'].freeze + SUPPORTED_ALGORITHMS = ["sha1"].freeze + SUPPORTED_VERSIONS = ["1.0", "1.1"].freeze - DEFAULT_SIGN_ALGORITHM = 'sha1'.freeze - DEFAULT_PROTO_VERSION = '1.0'.freeze + DEFAULT_SIGN_ALGORITHM = "sha1".freeze + DEFAULT_PROTO_VERSION = "1.0".freeze # === signing_object # This is the intended interface for signing requests with the @@ -72,7 +72,7 @@ module Mixlib # ==== Other Parameters: # These parameters are accepted but not used in the computation of the signature. # * `:host`: The host part of the URI - def self.signing_object(args={ }) + def self.signing_object(args = {}) SigningObject.new(args[:http_method], args[:path], args[:body], @@ -97,7 +97,7 @@ module Mixlib # compute the signature from the request, using the looked-up user secret # ====Parameters # private_key<OpenSSL::PKey::RSA>:: user's RSA private key. - def sign(private_key, sign_algorithm=algorithm, sign_version=proto_version) + def sign(private_key, sign_algorithm = algorithm, sign_version = proto_version) digest = validate_sign_version_digest!(sign_algorithm, sign_version) # Our multiline hash for authorization will be encoded in multiple header # lines - X-Ops-Authorization-1, ... (starts at 1, not 0!) @@ -132,9 +132,9 @@ module Mixlib end case sign_algorithm - when 'sha1' + when "sha1" OpenSSL::Digest::SHA1 - when 'sha256' + when "sha256" OpenSSL::Digest::SHA256 else # This case should never happen @@ -156,11 +156,11 @@ module Mixlib # ====Parameters # def canonical_path - p = path.gsub(/\/+/,'/') - p.length > 1 ? p.chomp('/') : p + p = path.gsub(/\/+/, "/") + p.length > 1 ? p.chomp("/") : p end - def hashed_body(digest=OpenSSL::Digest::SHA1) + def hashed_body(digest = OpenSSL::Digest::SHA1) # This is weird. sign() is called with the digest type and signing # version. These are also expected to be properties of the object. # Hence, we're going to assume the one that is passed to sign is @@ -189,7 +189,7 @@ module Mixlib # ====Parameters # # - def canonicalize_request(sign_algorithm=algorithm, sign_version=proto_version) + def canonicalize_request(sign_algorithm = algorithm, sign_version = proto_version) digest = validate_sign_version_digest!(sign_algorithm, sign_version) canonical_x_ops_user_id = canonicalize_user_id(user_id, sign_version, digest) case sign_version @@ -209,12 +209,12 @@ module Mixlib "Hashed Path:#{digester.hash_string(canonical_path, digest)}", "X-Ops-Content-Hash:#{hashed_body(digest)}", "X-Ops-Timestamp:#{canonical_time}", - "X-Ops-UserId:#{canonical_x_ops_user_id}" + "X-Ops-UserId:#{canonical_x_ops_user_id}", ].join("\n") end end - def canonicalize_user_id(user_id, proto_version, digest=OpenSSL::Digest::SHA1) + def canonicalize_user_id(user_id, proto_version, digest = OpenSSL::Digest::SHA1) case proto_version when "1.1" # and 1.2 if that ever gets implemented @@ -230,7 +230,7 @@ module Mixlib # ====Parameters # def parse_signing_description - parts = signing_description.strip.split(";").inject({ }) do |memo, part| + parts = signing_description.strip.split(";").inject({}) do |memo, part| field_name, field_value = part.split("=") memo[field_name.to_sym] = field_value.strip memo @@ -248,7 +248,7 @@ module Mixlib string_to_sign = canonicalize_request(sign_algorithm, sign_version) Mixlib::Authentication::Log.debug "String to sign: '#{string_to_sign}'" case sign_version - when '1.3' + when "1.3" private_key.sign(digest.new, string_to_sign) else private_key.private_encrypt(string_to_sign) @@ -269,12 +269,12 @@ module Mixlib include SignedHeaderAuth def proto_version - (self[:proto_version] or DEFAULT_PROTO_VERSION).to_s + (self[:proto_version] || DEFAULT_PROTO_VERSION).to_s end def server_api_version key = (self[:headers] || {}).keys.select do |k| - k.downcase == 'x-ops-server-api-version' + k.downcase == "x-ops-server-api-version" end.first if key self[:headers][key] diff --git a/lib/mixlib/authentication/version.rb b/lib/mixlib/authentication/version.rb index 3af3f48..8a832fd 100644 --- a/lib/mixlib/authentication/version.rb +++ b/lib/mixlib/authentication/version.rb @@ -13,9 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. - module Mixlib module Authentication - VERSION = '1.4.1' + VERSION = "1.4.1" end end |