github
/
chatops-controller
зеркало из https://github.com/github/chatops-controller.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Remove X- from chatops headers

This commit is contained in:
Ben Lavender 2017-05-16 09:37:29 -05:00
Родитель 24d89e2b43
Коммит 4c9f560f86
2 изменённых файлов: 28 добавлений и 28 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

10
lib/chatops/controller.rb
Просмотреть файл

@ -97,8 +97,8 @@ module ChatOps
raise ConfigurationError.new("You need to set the server's base URL to authenticate chatops RPC via CHATOPS_AUTH_BASE_URL") unless ENV["CHATOPS_AUTH_BASE_URL"].present?
url = ENV["CHATOPS_AUTH_BASE_URL"] + request.path
nonce = request.headers['X-Chatops-Nonce']
timestamp = request.headers['X-Chatops-Timestamp']
nonce = request.headers['Chatops-Nonce']
timestamp = request.headers['Chatops-Timestamp']
begin
time = Time.parse(timestamp)
if !(time > 1.minute.ago && time < 1.minute.from_now)
@ -107,7 +107,7 @@ module ChatOps
rescue ArgumentError, TypeError
return invalid_time
end
signature_header = request.headers['X-Chatops-Signature']
signature_header = request.headers['Chatops-Signature']
begin
signature_items = signature_header.split(" ", 2)[1].split(",").map { |item| item.split("=", 2) }.to_h
@ -122,7 +122,7 @@ module ChatOps
if url.present? && nonce.present? && timestamp.present? && signature.present?
body = request.raw_post || ""
signature_string = [url, nonce, timestamp, body].join("\n")
response.headers['X-Chatops-SignatureString'] = signature_string
response.headers['Chatops-SignatureString'] = signature_string
decoded_signature = Base64.decode64(signature)
digest = OpenSSL::Digest::SHA256.new
raise ConfigurationError.new("You need to add a client's public key in .pem format via CHATOPS_AUTH_PUBLIC_KEY") unless ENV["CHATOPS_AUTH_PUBLIC_KEY"].present?
@ -141,7 +141,7 @@ module ChatOps
end
def invalid_time
render :status => :forbidden, :plain => "Invalid X-Chatops-Timestamp: #{request.headers['X-Chatops-Timestamp']}"
render :status => :forbidden, :plain => "Invalid Chatops-Timestamp: #{request.headers['Chatops-Timestamp']}"
end
def ensure_method_exists

46
spec/lib/chatops/controller_spec.rb
Просмотреть файл

@ -62,7 +62,7 @@ describe ActionController::Base, type: :controller do
end
it "requires authentication" do
request.headers['X-Chatops-Timestamp'] = Time.now.utc.iso8601
request.headers['Chatops-Timestamp'] = Time.now.utc.iso8601
get :list
expect(response.status).to eq 403
end
@ -70,14 +70,14 @@ describe ActionController::Base, type: :controller do
it "allows public key authentication for a GET request" do
nonce = SecureRandom.hex(20)
timestamp = Time.now.utc.iso8601
request.headers['X-Chatops-Nonce'] = nonce
request.headers['X-Chatops-Timestamp'] = timestamp
request.headers['Chatops-Nonce'] = nonce
request.headers['Chatops-Timestamp'] = timestamp
digest = OpenSSL::Digest::SHA256.new
signature_string = "http://test.host/_chatops\n#{nonce}\n#{timestamp}\n"
signature = Base64.encode64(@private_key.sign(digest, signature_string))
request.headers['X-Chatops-Signature'] = "Signature keyid=foo,signature=#{signature}"
request.headers['Chatops-Signature'] = "Signature keyid=foo,signature=#{signature}"
get :list
expect(response.headers['X-Chatops-SignatureString']).to eq signature_string
expect(response.headers['Chatops-SignatureString']).to eq signature_string
expect(response.status).to eq 200
expect(response).to be_valid_json
end
@ -85,8 +85,8 @@ describe ActionController::Base, type: :controller do
it "allows public key authentication for a POST request" do
nonce = SecureRandom.hex(20)
timestamp = Time.now.utc.iso8601
request.headers['X-Chatops-Nonce'] = nonce
request.headers['X-Chatops-Timestamp'] = timestamp
request.headers['Chatops-Nonce'] = nonce
request.headers['Chatops-Timestamp'] = timestamp
digest = OpenSSL::Digest::SHA256.new
params = { :room_id => "123", :user => "bhuga", :params => {}}
@ -95,7 +95,7 @@ describe ActionController::Base, type: :controller do
@request.env["RAW_POST_DATA"] = body
signature_string = "http://test.host/_chatops/foobar\n#{nonce}\n#{timestamp}\n#{body}"
signature = Base64.encode64(@private_key.sign(digest, signature_string))
request.headers['X-Chatops-Signature'] = "Signature keyid=foo,signature=#{signature}"
request.headers['Chatops-Signature'] = "Signature keyid=foo,signature=#{signature}"
major_version = Rails.version.split('.')[0].to_i
if major_version >= 5
@ -114,12 +114,12 @@ describe ActionController::Base, type: :controller do
ENV["CHATOPS_AUTH_PUBLIC_KEY"] = other_key.public_key.to_pem
nonce = SecureRandom.hex(20)
timestamp = Time.now.utc.iso8601
request.headers['X-Chatops-Nonce'] = nonce
request.headers['X-Chatops-Timestamp'] = timestamp
request.headers['Chatops-Nonce'] = nonce
request.headers['Chatops-Timestamp'] = timestamp
digest = OpenSSL::Digest::SHA256.new
signature_string = "http://test.host/_chatops\n#{nonce}\n#{timestamp}\n"
signature = Base64.encode64(@private_key.sign(digest, signature_string))
request.headers['X-Chatops-Signature'] = "Signature keyid=foo,signature=#{signature}"
request.headers['Chatops-Signature'] = "Signature keyid=foo,signature=#{signature}"
get :list
expect(response.status).to eq 200
expect(response).to be_valid_json
@ -128,12 +128,12 @@ describe ActionController::Base, type: :controller do
it "raises an error trying to auth without a base url" do
nonce = SecureRandom.hex(20)
timestamp = Time.now.utc.iso8601
request.headers['X-Chatops-Nonce'] = nonce
request.headers['X-Chatops-Timestamp'] = timestamp
request.headers['Chatops-Nonce'] = nonce
request.headers['Chatops-Timestamp'] = timestamp
digest = OpenSSL::Digest::SHA256.new
signature_string = "http://test.host/_chatops\n#{nonce}\n#{timestamp}\n"
signature = Base64.encode64(@private_key.sign(digest, signature_string))
request.headers['X-Chatops-Signature'] = "Signature keyid=foo,signature=#{signature}"
request.headers['Chatops-Signature'] = "Signature keyid=foo,signature=#{signature}"
ENV.delete "CHATOPS_AUTH_BASE_URL"
expect {
get :list
@ -143,12 +143,12 @@ describe ActionController::Base, type: :controller do
it "raises an error trying to auth without a public key" do
nonce = SecureRandom.hex(20)
timestamp = Time.now.utc.iso8601
request.headers['X-Chatops-Nonce'] = nonce
request.headers['X-Chatops-Timestamp'] = timestamp
request.headers['Chatops-Nonce'] = nonce
request.headers['Chatops-Timestamp'] = timestamp
digest = OpenSSL::Digest::SHA256.new
signature_string = "http://test.host/_chatops\n#{nonce}\n#{timestamp}\n"
signature = Base64.encode64(@private_key.sign(digest, signature_string))
request.headers['X-Chatops-Signature'] = "Signature keyid=foo,signature=#{signature}"
request.headers['Chatops-Signature'] = "Signature keyid=foo,signature=#{signature}"
ENV.delete "CHATOPS_AUTH_PUBLIC_KEY"
expect {
get :list
@ -160,12 +160,12 @@ describe ActionController::Base, type: :controller do
ENV["CHATOPS_AUTH_PUBLIC_KEY"] = other_key.public_key.to_pem
nonce = SecureRandom.hex(20)
timestamp = Time.now.utc.iso8601
request.headers['X-Chatops-Nonce'] = nonce
request.headers['X-Chatops-Timestamp'] = timestamp
request.headers['Chatops-Nonce'] = nonce
request.headers['Chatops-Timestamp'] = timestamp
digest = OpenSSL::Digest::SHA256.new
signature_string = "http://test.host/_chatops\n#{nonce}\n#{timestamp}\n"
signature = Base64.encode64(@private_key.sign(digest, signature_string))
request.headers['X-Chatops-Signature'] = "Signature keyid=foo,signature=#{signature}"
request.headers['Chatops-Signature'] = "Signature keyid=foo,signature=#{signature}"
get :list
expect(response.status).to eq 403
end
@ -173,12 +173,12 @@ describe ActionController::Base, type: :controller do
it "doesn't allow requests more than 1 minute old" do
nonce = SecureRandom.hex(20)
timestamp = 2.minutes.ago.utc.iso8601
request.headers['X-Chatops-Nonce'] = nonce
request.headers['X-Chatops-Timestamp'] = timestamp
request.headers['Chatops-Nonce'] = nonce
request.headers['Chatops-Timestamp'] = timestamp
digest = OpenSSL::Digest::SHA256.new
signature_string = "http://test.host/_chatops\n#{nonce}\n#{timestamp}\n"
signature = Base64.encode64(@private_key.sign(digest, signature_string))
request.headers['X-Chatops-Signature'] = "Signature keyid=foo,signature=#{signature}"
request.headers['Chatops-Signature'] = "Signature keyid=foo,signature=#{signature}"
get :list
expect(response.status).to eq 403
end