summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--lib/mixlib/authentication/http_authentication_request.rb7
-rw-r--r--lib/mixlib/authentication/signatureverification.rb21
-rw-r--r--spec/mixlib/authentication/http_authentication_request_spec.rb3
-rw-r--r--spec/mixlib/authentication/mixlib_authentication_spec.rb17
4 files changed, 37 insertions, 11 deletions
diff --git a/lib/mixlib/authentication/http_authentication_request.rb b/lib/mixlib/authentication/http_authentication_request.rb
index 68a2611..3522149 100644
--- a/lib/mixlib/authentication/http_authentication_request.rb
+++ b/lib/mixlib/authentication/http_authentication_request.rb
@@ -24,10 +24,11 @@ module Mixlib
MANDATORY_HEADERS = [:x_ops_sign, :x_ops_userid, :x_ops_timestamp, :host, :x_ops_content_hash]
+ attr_reader :request
+
def initialize(request)
@request = request
@request_signature = nil
- assert_required_headers_present
end
def headers
@@ -70,9 +71,8 @@ module Mixlib
@request_signature
end
- private
- def assert_required_headers_present
+ def validate_headers!
missing_headers = MANDATORY_HEADERS - headers.keys
unless missing_headers.empty?
missing_headers.map! { |h| h.to_s.upcase }
@@ -80,6 +80,7 @@ module Mixlib
end
end
+
end
end
end
diff --git a/lib/mixlib/authentication/signatureverification.rb b/lib/mixlib/authentication/signatureverification.rb
index c6f68a3..0562e12 100644
--- a/lib/mixlib/authentication/signatureverification.rb
+++ b/lib/mixlib/authentication/signatureverification.rb
@@ -47,18 +47,25 @@ module Mixlib
def_delegator :@auth_request, :content_hash
- include Mixlib::Authentication::SignedHeaderAuth
+ def_delegator :@auth_request, :request
- attr_reader :request
+ include Mixlib::Authentication::SignedHeaderAuth
attr_reader :auth_request
- def initialize
+ def initialize(request=nil)
+ @auth_request = HTTPAuthenticationRequest.new(request) if request
+
@valid_signature, @valid_timestamp, @valid_content_hash = false, false, false
+
@hashed_body = nil
- @request, @auth_request = nil, nil
end
+
+ def authenticate_user_request(request, user_lookup, time_skew=(15*60))
+ @auth_request = HTTPAuthenticationRequest.new(request)
+ authenticate_request(user_lookup, time_skew)
+ end
# Takes the request, boils down the pieces we are interested in,
# looks up the user, generates a signature, and compares to
# the signature in the request
@@ -69,15 +76,15 @@ module Mixlib
# X-Ops-Timestamp:
# X-Ops-Content-Hash:
# X-Ops-Authorization-#{line_number}
- def authenticate_user_request(request, user_lookup, time_skew=(15*60))
+ def authenticate_request(user_secret, time_skew=(15*60))
Mixlib::Authentication::Log.debug "Initializing header auth : #{request.inspect}"
@request = request
- @user_secret = user_lookup
+ @user_secret = user_secret
@allowed_time_skew = time_skew # in seconds
begin
- @auth_request = HTTPAuthenticationRequest.new(request)
+ @auth_request.validate_headers!
#BUGBUG Not doing anything with the signing description yet [cb]
parse_signing_description
diff --git a/spec/mixlib/authentication/http_authentication_request_spec.rb b/spec/mixlib/authentication/http_authentication_request_spec.rb
index bd5fe9c..563f8cc 100644
--- a/spec/mixlib/authentication/http_authentication_request_spec.rb
+++ b/spec/mixlib/authentication/http_authentication_request_spec.rb
@@ -82,7 +82,8 @@ describe Mixlib::Authentication::HTTPAuthenticationRequest do
it "raises an error when not all required headers are given" do
@merb_headers.delete("HTTP_X_OPS_SIGN")
exception = Mixlib::Authentication::MissingAuthenticationHeader
- lambda {Mixlib::Authentication::HTTPAuthenticationRequest.new(@request)}.should raise_error(exception)
+ auth_req = Mixlib::Authentication::HTTPAuthenticationRequest.new(@request)
+ lambda {auth_req.validate_headers!}.should raise_error(exception)
end
it "extracts the path from the request" do
diff --git a/spec/mixlib/authentication/mixlib_authentication_spec.rb b/spec/mixlib/authentication/mixlib_authentication_spec.rb
index 4a64580..94e8b3d 100644
--- a/spec/mixlib/authentication/mixlib_authentication_spec.rb
+++ b/spec/mixlib/authentication/mixlib_authentication_spec.rb
@@ -156,6 +156,23 @@ describe "Mixlib::Authentication::SignatureVerification" do
res.should_not be_nil
end
+ it "shouldn't authenticate if an Authorization header is missing" do
+ headers = MERB_HEADERS.clone
+ headers.delete("HTTP_X_OPS_SIGN")
+
+ mock_request = MockRequest.new(PATH, MERB_REQUEST_PARAMS, headers, BODY)
+ Time.stub!(:now).and_return(TIMESTAMP_OBJ)
+
+ auth_req = Mixlib::Authentication::SignatureVerification.new
+ lambda {auth_req.authenticate_user_request(mock_request, @user_private_key)}.should raise_error(Mixlib::Authentication::AuthenticationError)
+
+ auth_req.should_not be_a_valid_request
+ auth_req.should_not be_a_valid_timestamp
+ auth_req.should_not be_a_valid_signature
+ auth_req.should_not be_a_valid_content_hash
+ end
+
+
it "shouldn't authenticate if Authorization header is wrong" do
headers = MERB_HEADERS.clone
headers["HTTP_X_OPS_CONTENT_HASH"] += "_"