Class: Insight::ParamsSignature

Inherits:

Object

Object
Insight::ParamsSignature

show all

Extended by:: ERB::Util

Defined in:: lib/insight/params_signature.rb

Instance Attribute Summary collapse

#request ⇒ Object readonly

Returns the value of attribute request.

Class Method Summary collapse

.sign(request, hash) ⇒ Object

Instance Method Summary collapse

#initialize(request) ⇒ ParamsSignature constructor

A new instance of ParamsSignature.
#secret_key ⇒ Object
#secret_key_blank? ⇒ Boolean
#signature(params) ⇒ Object
#signature_base(params) ⇒ Object
#validate! ⇒ Object

Constructor Details

#initialize(request) ⇒ `ParamsSignature`

Returns a new instance of ParamsSignature.



23
24
25

# File 'lib/insight/params_signature.rb', line 23

def initialize(request)
  @request = request
end

Instance Attribute Details

#request ⇒ `Object` (readonly)

Returns the value of attribute request.



21
22
23

# File 'lib/insight/params_signature.rb', line 21

def request
  @request
end

Class Method Details

.sign(request, hash) ⇒ `Object`

# File 'lib/insight/params_signature.rb', line 8

def self.sign(request, hash)
  parts = []

  hash.keys.sort.each do |key|
    parts << "#{key}=#{u(hash[key])}"
  end

  signature = new(request).signature(hash)
  parts << "hash=#{u(signature)}"

  parts.join("&amp;")
end

Instance Method Details

#secret_key ⇒ `Object`



27
28
29

# File 'lib/insight/params_signature.rb', line 27

def secret_key
  @request.env['insight.secret_key']
end

#secret_key_blank? ⇒ `Boolean`

Returns:

(Boolean)



31
32
33

# File 'lib/insight/params_signature.rb', line 31

def secret_key_blank?
  secret_key.nil? || secret_key == ""
end

#signature(params) ⇒ `Object`



43
44
45

# File 'lib/insight/params_signature.rb', line 43

def signature(params)
  Digest::SHA1.hexdigest(signature_base(params))
end

#signature_base(params) ⇒ `Object`

# File 'lib/insight/params_signature.rb', line 47

def signature_base(params)
  signature = []
  signature << secret_key

  params.keys.sort.each do |key|
    next if key == "hash"
    signature << params[key].to_s
  end

  signature.join(":")
end

#validate! ⇒ `Object`

# File 'lib/insight/params_signature.rb', line 35

def validate!
  if secret_key_blank?
    raise SecurityError.new("Missing secret key")
  elsif request.params["hash"] != signature(request.params)
    raise SecurityError.new("Invalid query hash.")
  end
end

Class: Insight::ParamsSignature

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(request) ⇒ ParamsSignature

Instance Attribute Details

#request ⇒ Object (readonly)

Class Method Details

.sign(request, hash) ⇒ Object

Instance Method Details

#secret_key ⇒ Object

#secret_key_blank? ⇒ Boolean

#signature(params) ⇒ Object

#signature_base(params) ⇒ Object

#validate! ⇒ Object

#initialize(request) ⇒ `ParamsSignature`

#request ⇒ `Object` (readonly)

.sign(request, hash) ⇒ `Object`

#secret_key ⇒ `Object`

#secret_key_blank? ⇒ `Boolean`

#signature(params) ⇒ `Object`

#signature_base(params) ⇒ `Object`

#validate! ⇒ `Object`