Add server signed response by fwininger · Pull Request #163 · mgomes/api_auth

fwininger · 2018-01-15T10:56:38Z

@kjg @adamlwgriffiths I try to do a PR for #112, can you take a look ?

If the approch seems to be good I implement the unit tests.

fwininger · 2018-01-26T21:12:03Z

Hi @kjg @mgomes can you take a quick look of this ?

fwininger · 2018-02-11T14:30:51Z

Hi @kjg @mgomes have you some time to take a quick look of this ? I need this feature in production before the end of the month and I prefers to not manage a hard fork of this gem.

kjg

Comments on individual lines, can you please add some tests as well.

Thanks so much for taking this on!

kjg · 2018-02-16T15:16:40Z

lib/api_auth/railtie.rb

+              if api_auth_options
+                response.headers['CONTENT-MD5'] ||= Digest::MD5.base64digest(json)
+                response.headers['Authorization'] ||= ApiAuth.sign!(
+                  request,


We'd want to pass in the response object here right?

I know that is strange, but we need to pass the request object because we need to access to the request.fullpath.
Secondly, we can use the already defined ActionDispatchRequest without any changed.

kjg · 2018-02-16T15:17:08Z

README.md


+### Server signing response
+
+The server can perform a validation of the response.


I think you're trying to say the server can sign the content of the response, right?

kjg · 2018-02-16T15:22:27Z

lib/api_auth/railtie.rb

      end

+      module ClassMethods
+        def validation_with_api_auth(api_auth_options = nil)


Can we call this something like api_auth_sign_response

kjg · 2018-02-16T15:25:21Z

lib/api_auth/railtie.rb

+
+              # API AUTH addition headers
+              if api_auth_options
+                response.headers['CONTENT-MD5'] ||= Digest::MD5.base64digest(json)


Is this needed because the response object won't have a body for ApiAuth to inspect yet?

In fact, the body is the json variable. I keep the same code as the classic JSON renderer. It's just a .to_json of the variable passed in the controller.

The source code is here : https://github.com/rails/rails/blob/master/actionpack/lib/action_controller/metal/renderers.rb#L156

I add a comment in the code for memory.

Signed-off-by: Florian Wininger <fw.centrale@gmail.com>

kjg reviewed Feb 16, 2018

View reviewed changes

fwininger force-pushed the signed_response branch from 8406260 to 047d805 Compare February 13, 2019 17:15

Add server signed response

a963725

Signed-off-by: Florian Wininger <fw.centrale@gmail.com>

fwininger force-pushed the signed_response branch from 047d805 to a963725 Compare August 27, 2019 13:36

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add server signed response#163

Add server signed response#163
fwininger wants to merge 1 commit intomgomes:masterfrom
fwininger:signed_response

fwininger commented Jan 15, 2018

Uh oh!

fwininger commented Jan 26, 2018

Uh oh!

fwininger commented Feb 11, 2018

Uh oh!

kjg left a comment

Uh oh!

kjg Feb 16, 2018

Uh oh!

fwininger Feb 26, 2018

Uh oh!

kjg Feb 16, 2018

Uh oh!

fwininger Feb 26, 2018

Uh oh!

kjg Feb 16, 2018

Uh oh!

fwininger Feb 26, 2018

Uh oh!

kjg Feb 16, 2018

Uh oh!

fwininger Feb 26, 2018

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants


		### Server signing response

		The server can perform a validation of the response.

Conversation

fwininger commented Jan 15, 2018

Uh oh!

fwininger commented Jan 26, 2018

Uh oh!

fwininger commented Feb 11, 2018

Uh oh!

kjg left a comment

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants