Module: Faye::Authentication

Defined in:
lib/faye/authentication.rb,
lib/faye/authentication/engine.rb,
lib/faye/authentication/version.rb,
lib/faye/authentication/extension.rb,
lib/faye/authentication/http_client.rb

Defined Under Namespace

Classes: Engine, Extension, HTTPClient

Constant Summary collapse

VERSION = 
"0.1.0"

Class Method Summary collapse

Class Method Details

.secure_compare(a, b) ⇒ Object

constant-time comparison algorithm to prevent timing attacks Copied from ActiveSupport::MessageVerifier



21
22
23
24
25
26
27
28
29
 
# File 'lib/faye/authentication.rb', line 21

def self.secure_compare(a, b)
  return false unless a.bytesize == b.bytesize

  l = a.unpack "C#{a.bytesize}"

  res = 0
  b.each_byte { |byte| res |= byte ^ l.shift }
  res == 0
end

.sign(message, secret) ⇒ Object 



9
10
11
 
# File 'lib/faye/authentication.rb', line 9

def self.sign(message, secret)
  OpenSSL::HMAC.hexdigest('sha1', secret, "#{message['channel']}-#{message['clientId']}")
end

.valid?(message, secret) ⇒ Boolean

Returns:

  • (Boolean) 


13
14
15
16
17
 
# File 'lib/faye/authentication.rb', line 13

def self.valid?(message, secret)
  signature = message.delete('signature')
  return false unless signature
  secure_compare(signature, sign(message, secret))
end