Class: AuthHMAC

Inherits:

Object

• Object
• AuthHMAC

Includes:

Headers

Defined in:

lib/auth-hmac.rb,
lib/auth-hmac/version.rb

Overview

This module provides a HMAC Authentication method for HTTP requests. It should work with net/http request classes and CGIRequest classes and hence Rails.

It is loosely based on the Amazon Web Services Authentication mechanism but generalized to be useful to any application that requires HMAC based authentication. As a result of the generalization, it won’t work with AWS because it doesn’t support the Amazon extension headers.

Defined Under Namespace

Modules: Headers, VERSION Classes: CanonicalString, Rails

Class Method Summary

• .authenticated?(request, access_key_id, secret) ⇒ Boolean
• .sign!(request, access_key_id, secret) ⇒ Object

  Signs a request using a given access key id and secret.

Instance Method Summary

• #authenticated?(request) ⇒ Boolean

  Authenticates a request using HMAC.

• #initialize(credential_store) ⇒ AuthHMAC constructor

  Create an AuthHMAC instance using a given credential store.

• #sign!(request, access_key_id) ⇒ Object

  Signs a request using the access_key_id and the secret associated with that id in the credential store.

Methods included from Headers

#find_header, #headers

Constructor Details

#initialize(credential_store) ⇒ AuthHMAC

Create an AuthHMAC instance using a given credential store.

A credential store must respond to the [] method and return the secret for the access key id passed to [].

# File 'lib/auth-hmac.rb', line 61

def initialize(credential_store)
  @credential_store = credential_store
end

Class Method Details

.authenticated?(request, access_key_id, secret) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/auth-hmac.rb', line 52

def AuthHMAC.authenticated?(request, access_key_id, secret)
  self.new(access_key_id => secret).authenticated?(request)
end

.sign!(request, access_key_id, secret) ⇒ Object

Signs a request using a given access key id and secret.

# File 'lib/auth-hmac.rb', line 48

def AuthHMAC.sign!(request, access_key_id, secret)
  self.new(access_key_id => secret).sign!(request, access_key_id)
end

Instance Method Details

#authenticated?(request) ⇒ Boolean

Authenticates a request using HMAC

Returns true if the request has an AuthHMAC Authorization header and the access id and HMAC match an id and HMAC produced for the secret in the credential store. Otherwise returns false.

Returns:

• (Boolean)

# File 'lib/auth-hmac.rb', line 86

def authenticated?(request)
  if md = /^AuthHMAC ([^:]+):(.+)$/.match(find_header(%w(Authorization HTTP_AUTHORIZATION), headers(request)))
    access_key_id = md[1]
    hmac = md[2]
    secret = @credential_store[access_key_id]      
    !secret.nil? && hmac == build_signature(request, secret)
  else
    false
  end
end

#sign!(request, access_key_id) ⇒ Object

Signs a request using the access_key_id and the secret associated with that id in the credential store.

Signing a requests adds an Authorization header to the request in the format:

AuthHMAC <access_key_id>:<signature>

where <signature> is the Base64 encoded HMAC-SHA1 of the CanonicalString and the secret.

Raises:

• (ArgumentError)

# File 'lib/auth-hmac.rb', line 74

def sign!(request, access_key_id)
  secret = @credential_store[access_key_id]
  raise ArgumentError, "No secret found for key id '#{access_key_id}'" if secret.nil?
  request['Authorization'] = build_authorization_header(request, access_key_id, secret)
end