Class: Rack::Bug::ParamsSignature

Inherits:
Object
  • Object
show all
Extended by:
ERB::Util
Defined in:
lib/rack/bug/params_signature.rb

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(request) ⇒ ParamsSignature

Returns a new instance of ParamsSignature.



24
25
26
# File 'lib/rack/bug/params_signature.rb', line 24

def initialize(request)
  @request = request
end

Instance Attribute Details

#requestObject (readonly)

Returns the value of attribute request.



22
23
24
# File 'lib/rack/bug/params_signature.rb', line 22

def request
  @request
end

Class Method Details

.sign(request, hash) ⇒ Object



9
10
11
12
13
14
15
16
17
18
19
20
# File 'lib/rack/bug/params_signature.rb', line 9

def self.sign(request, hash)
  parts = []
  
  hash.keys.sort.each do |key|
    parts << "#{key}=#{u(hash[key])}"
  end
  
  signature = new(request).signature(hash)
  parts << "hash=#{u(signature)}"
  
  parts.join("&amp;")
end

Instance Method Details

#secret_keyObject



28
29
30
# File 'lib/rack/bug/params_signature.rb', line 28

def secret_key
  @request.env['rack-bug.secret_key']
end

#secret_key_blank?Boolean

Returns:

  • (Boolean)


32
33
34
# File 'lib/rack/bug/params_signature.rb', line 32

def secret_key_blank?
  secret_key.nil? || secret_key == ""
end

#signature(params) ⇒ Object



46
47
48
# File 'lib/rack/bug/params_signature.rb', line 46

def signature(params)
  Digest::SHA1.hexdigest(signature_base(params))
end

#signature_base(params) ⇒ Object



50
51
52
53
54
55
56
57
58
59
60
# File 'lib/rack/bug/params_signature.rb', line 50

def signature_base(params)
  signature = []
  signature << secret_key
  
  params.keys.sort.each do |key|
    next if key == "hash"
    signature << params[key].to_s
  end
  
  signature.join(":")
end

#validate!Object



36
37
38
39
40
41
42
43
44
# File 'lib/rack/bug/params_signature.rb', line 36

def validate!
  if secret_key_blank?
    raise SecurityError.new("Missing secret key")
  end
  
  if secret_key_blank? || request.params["hash"] != signature(request.params)
    raise SecurityError.new("Invalid query hash.")
  end
end