Module: Oauth2ProxyAuthentication

Defined in:

lib/oauth2_proxy_authentication/version.rb,
lib/oauth2_proxy_authentication/signature.rb

Constant Summary

VERSION =

'0.0.0'

HEADERS =

%w(
  Content-Length
  Content-Md5
  Content-Type
  Date
  Authorization
  X-Forwarded-User
  X-Forwarded-Email
  X-Forwarded-Access-Token
  Cookie
  Gap-Auth
)

NO_SIGNATURE =

1

INVALID_FORMAT =

2

UNSUPPORTED_ALGORITHM =

3

MATCH =

4

MISMATCH =

5

Class Method Summary

• .parse_digest(name) ⇒ Object
• .request_signature(request, digest, secret_key) ⇒ Object
• .signed_headers(request) ⇒ Object
• .string_to_sign(req) ⇒ Object
• .validate_request(request, key) ⇒ Object

Class Method Details

.parse_digest(name) ⇒ Object

# File 'lib/oauth2_proxy_authentication/signature.rb', line 38

def self.parse_digest(name)
  OpenSSL::Digest.new name
rescue
  nil
end

.request_signature(request, digest, secret_key) ⇒ Object

# File 'lib/oauth2_proxy_authentication/signature.rb', line 32

def self.request_signature(request, digest, secret_key)
  hmac = OpenSSL::HMAC.new secret_key, digest
  hmac << string_to_sign(request) << (request.body || '')
  digest.name.downcase + ' ' + Base64.strict_encode64(hmac.digest)
end

.signed_headers(request) ⇒ Object

# File 'lib/oauth2_proxy_authentication/signature.rb', line 24

def self.signed_headers(request)
  HEADERS.map { |name| request[name] || '' }
end

.string_to_sign(req) ⇒ Object

# File 'lib/oauth2_proxy_authentication/signature.rb', line 28

def self.string_to_sign(req)
  [req.method, signed_headers(req).join("\n"), req.uri.path].join("\n")
end

.validate_request(request, key) ⇒ Object

# File 'lib/oauth2_proxy_authentication/signature.rb', line 44

def self.validate_request(request, key)
  header = request['Gap-Signature']
  return NO_SIGNATURE unless header
  components = header.split ' '
  return INVALID_FORMAT, header unless components.size == 2
  digest = parse_digest components.first
  return UNSUPPORTED_ALGORITHM, header unless digest
  computed = request_signature(request, digest, key)
  [(header == computed) ? MATCH : MISMATCH, header, computed]
end