diff --git a/lib/signature.rb b/lib/signature.rb index 48777bf..00bc576 100644 --- a/lib/signature.rb +++ b/lib/signature.rb @@ -36,6 +36,9 @@ def initialize(method, path, query) @path, @query_hash, @auth_hash = path, query_hash, auth_hash end + # Sign the request with the given token, and return the computed + # authentication parameters + # def sign(token) @auth_hash = { :auth_version => "1.0", @@ -59,6 +62,13 @@ def sign(token) # computed value # def authenticate_by_token!(token, timestamp_grace = 600) + # Validate that your code has provided a valid token. This does not + # raise an AuthenticationError since passing tokens with empty secret is + # a code error which should be fixed, not reported to the API's consumer + if token.secret.nil? || token.secret.empty? + raise "Provided token is missing secret" + end + validate_version! validate_timestamp!(timestamp_grace) validate_signature!(token) @@ -75,7 +85,7 @@ def authenticate(timestamp_grace = 600, &block) key = @auth_hash['auth_key'] raise AuthenticationError, "Authentication key required" unless key token = yield key - unless token && token.secret + unless token raise AuthenticationError, "Invalid authentication key" end authenticate_by_token!(token, timestamp_grace) diff --git a/spec/signature_spec.rb b/spec/signature_spec.rb index 09e3899..6a45e26 100644 --- a/spec/signature_spec.rb +++ b/spec/signature_spec.rb @@ -148,6 +148,15 @@ }.should raise_error('Version not supported') end + it "should validate that the provided token has a non-empty secret" do + token = Signature::Token.new('key', '') + request = Signature::Request.new('POST', '/some/path', @params) + + lambda { + request.authenticate_by_token!(token) + }.should raise_error('Provided token is missing secret') + end + describe "when used with optional block" do it "should optionally take a block which yields the signature" do request = Signature::Request.new('POST', '/some/path', @params)