Class: Rack::Bug::ParamsSignature

Inherits:

Object

Object
Rack::Bug::ParamsSignature

show all

Extended by:: ERB::Util

Defined in:: lib/rack/bug/params_signature.rb

Instance Attribute Summary collapse

#request ⇒ Object readonly

Returns the value of attribute request.

Class Method Summary collapse

.sign(request, hash) ⇒ Object

Instance Method Summary collapse

#initialize(request) ⇒ ParamsSignature constructor

A new instance of ParamsSignature.
#secret_key ⇒ Object
#secret_key_blank? ⇒ Boolean
#signature(params) ⇒ Object
#signature_base(params) ⇒ Object
#validate! ⇒ Object

Constructor Details

#initialize(request) ⇒ `ParamsSignature`

Returns a new instance of ParamsSignature.



24
25
26

# File 'lib/rack/bug/params_signature.rb', line 24

def initialize(request)
  @request = request
end

Instance Attribute Details

#request ⇒ `Object` (readonly)

Returns the value of attribute request.



22
23
24

# File 'lib/rack/bug/params_signature.rb', line 22

def request
  @request
end

Class Method Details

.sign(request, hash) ⇒ `Object`

# File 'lib/rack/bug/params_signature.rb', line 9

def self.sign(request, hash)
  parts = []

  hash.keys.sort.each do |key|
    parts << "#{key}=#{u(hash[key])}"
  end

  signature = new(request).signature(hash)
  parts << "hash=#{u(signature)}"

  parts.join("&amp;")
end

Instance Method Details

#secret_key ⇒ `Object`



28
29
30

# File 'lib/rack/bug/params_signature.rb', line 28

def secret_key
  @request.env['rack-bug.secret_key']
end

#secret_key_blank? ⇒ `Boolean`

Returns:

(Boolean)



32
33
34

# File 'lib/rack/bug/params_signature.rb', line 32

def secret_key_blank?
  secret_key.nil? || secret_key == ""
end

#signature(params) ⇒ `Object`



46
47
48

# File 'lib/rack/bug/params_signature.rb', line 46

def signature(params)
  Digest::SHA1.hexdigest(signature_base(params))
end

#signature_base(params) ⇒ `Object`

# File 'lib/rack/bug/params_signature.rb', line 50

def signature_base(params)
  signature = []
  signature << secret_key

  params.keys.sort.each do |key|
    next if key == "hash"
    signature << params[key].to_s
  end

  signature.join(":")
end

#validate! ⇒ `Object`

# File 'lib/rack/bug/params_signature.rb', line 36

def validate!
  if secret_key_blank?
    raise SecurityError.new("Missing secret key")
  end

  if secret_key_blank? || request.params["hash"] != signature(request.params)
    raise SecurityError.new("Invalid query hash.")
  end
end

Class: Rack::Bug::ParamsSignature

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(request) ⇒ ParamsSignature

Instance Attribute Details

#request ⇒ Object (readonly)

Class Method Details

.sign(request, hash) ⇒ Object

Instance Method Details

#secret_key ⇒ Object

#secret_key_blank? ⇒ Boolean

#signature(params) ⇒ Object

#signature_base(params) ⇒ Object

#validate! ⇒ Object

#initialize(request) ⇒ `ParamsSignature`

#request ⇒ `Object` (readonly)

.sign(request, hash) ⇒ `Object`

#secret_key ⇒ `Object`

#secret_key_blank? ⇒ `Boolean`

#signature(params) ⇒ `Object`

#signature_base(params) ⇒ `Object`

#validate! ⇒ `Object`