Ease debugging failures by recording actual signature sent in exception

YourAcclaim · Jul 20, 2010 · 03e675c · 03e675c
1 parent ddc782c
commit 03e675c
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 2 deletions.
diff --git a/lib/signature.rb b/lib/signature.rb
@@ -133,7 +133,8 @@ def validate_timestamp!(grace)
       def validate_signature!(token)
         unless @auth_hash["auth_signature"] == signature(token)
           raise AuthenticationError, "Invalid signature: you should have "\
-            "sent HmacSHA256Hex(#{string_to_sign.inspect}, your_secret_key)"
+            "sent HmacSHA256Hex(#{string_to_sign.inspect}, your_secret_key)"\
+            ", but you sent #{@auth_hash["auth_signature"].inspect}"
         end
         return true
       end

diff --git a/spec/signature_spec.rb b/spec/signature_spec.rb
@@ -88,7 +88,7 @@
       request = Signature::Request.new('POST', '/some/path', @params)
       lambda {
         request.authenticate_by_token!(@token)
-      }.should raise_error('Invalid signature: you should have sent HmacSHA256Hex("POST\n/some/path\nauth_key=key&auth_timestamp=1234&auth_version=1.0&go=here&query=params", your_secret_key)')
+      }.should raise_error('Invalid signature: you should have sent HmacSHA256Hex("POST\n/some/path\nauth_key=key&auth_timestamp=1234&auth_version=1.0&go=here&query=params", your_secret_key), but you sent "asdf"')
     end
 
     it "should raise error if timestamp not available" do