Validate that provided token has nonempty secret

This is designed to avoid horrible authentication bugs which could otherwise slip through uncaught
YourAcclaim · Jun 21, 2012 · 7d381dc · 7d381dc
1 parent ff3b2e9
commit 7d381dc
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 1 deletion.
diff --git a/lib/signature.rb b/lib/signature.rb
@@ -36,6 +36,9 @@ def initialize(method, path, query)
       @path, @query_hash, @auth_hash = path, query_hash, auth_hash
     end
 
+    # Sign the request with the given token, and return the computed
+    # authentication parameters
+    #
     def sign(token)
       @auth_hash = {
         :auth_version => "1.0",
@@ -59,6 +62,13 @@ def sign(token)
     # computed value
     #
     def authenticate_by_token!(token, timestamp_grace = 600)
+      # Validate that your code has provided a valid token. This does not
+      # raise an AuthenticationError since passing tokens with empty secret is
+      # a code error which should be fixed, not reported to the API's consumer
+      if token.secret.nil? || token.secret.empty?
+        raise "Provided token is missing secret"
+      end
+
       validate_version!
       validate_timestamp!(timestamp_grace)
       validate_signature!(token)
@@ -75,7 +85,7 @@ def authenticate(timestamp_grace = 600, &block)
       key = @auth_hash['auth_key']
       raise AuthenticationError, "Authentication key required" unless key
       token = yield key
-      unless token && token.secret
+      unless token
         raise AuthenticationError, "Invalid authentication key"
       end
       authenticate_by_token!(token, timestamp_grace)

diff --git a/spec/signature_spec.rb b/spec/signature_spec.rb
@@ -148,6 +148,15 @@
       }.should raise_error('Version not supported')
     end
 
+    it "should validate that the provided token has a non-empty secret" do
+      token = Signature::Token.new('key', '')
+      request = Signature::Request.new('POST', '/some/path', @params)
+
+      lambda {
+        request.authenticate_by_token!(token)
+      }.should raise_error('Provided token is missing secret')
+    end
+
     describe "when used with optional block" do
       it "should optionally take a block which yields the signature" do
         request = Signature::Request.new('POST', '/some/path', @params)