Module: EY::ApiHMAC::SSO

Defined in:

lib/ey_api_hmac/sso.rb

Class Method Summary

• .authenticate!(url, &lookup) ⇒ Object
• .authenticated?(url, auth_id, auth_key) ⇒ Boolean
• .sign(url, parameters, auth_id, auth_key) ⇒ Object
• .signature_param(signed_string, auth_id, auth_key) ⇒ Object

Class Method Details

.authenticate!(url, &lookup) ⇒ Object

# File 'lib/ey_api_hmac/sso.rb', line 19

def self.authenticate!(url, &lookup)
  uri = URI.parse(url)
  unless uri.query
    raise HmacAuthFail, "Url has no query"
  end
  parameters = CGI.parse(uri.query)
  signature = parameters["signature"]
  unless signature
    raise HmacAuthFail, "Url has no signature"
  end
  return false unless signature
  signature = signature.first
  if md = Regexp.new("AuthHMAC ([^:]+):(.+)$").match(signature)
    access_key_id = md[1]
    hmac = md[2]
    secret = lookup.call(access_key_id)
    unless secret
      raise HmacAuthFail, "Authentication failed (lookup didn't find #{access_key_id})"
    end
    unless authenticated?(url, access_key_id, secret)
      raise HmacAuthFail, "Authentication failed for #{access_key_id}"
    end
    access_key_id
  else
    raise HmacAuthFail, "Incorrect signature"
  end
end

.authenticated?(url, auth_id, auth_key) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/ey_api_hmac/sso.rb', line 47

def self.authenticated?(url, auth_id, auth_key)
  uri = URI.parse(url)
  return false unless uri.query
  query_params = CGI.parse(uri.query)
  signature = arr_to_string(query_params.delete("signature"))
  uri.query = params_to_string(query_params)
  expected = signature_param(uri.to_s, auth_id, auth_key)
  signature == expected
end

.sign(url, parameters, auth_id, auth_key) ⇒ Object

# File 'lib/ey_api_hmac/sso.rb', line 5

def self.sign(url, parameters, auth_id, auth_key)
  uri = URI.parse(url)
  if uri.query
    extra_params = CGI.parse(uri.query)
    verify_params!(url, extra_params, parameters)
    parameters.merge!(extra_params)
  end
  uri.query = params_to_string(parameters)
  signature = CGI.escape(signature_param(uri.to_s, auth_id, auth_key))
  sig_param = uri.query.empty? ? "signature=#{signature}" : "&signature=#{signature}"
  uri.query += sig_param
  uri.to_s
end

.signature_param(signed_string, auth_id, auth_key) ⇒ Object

# File 'lib/ey_api_hmac/sso.rb', line 57

def self.signature_param(signed_string, auth_id, auth_key)
  ApiHMAC.auth_string(auth_id, ApiHMAC.base64digest(signed_string, auth_key))
end