Hello community,
here is the log from the commit of package rubygem-mixlib-authentication for
openSUSE:Factory checked in at 2017-09-12 19:56:53
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/rubygem-mixlib-authentication (Old)
and /work/SRC/openSUSE:Factory/.rubygem-mixlib-authentication.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rubygem-mixlib-authentication"
Tue Sep 12 19:56:53 2017 rev:7 rq:523553 version:1.4.2
Changes:
--------
---
/work/SRC/openSUSE:Factory/rubygem-mixlib-authentication/rubygem-mixlib-authentication.changes
2016-07-01 09:59:25.000000000 +0200
+++
/work/SRC/openSUSE:Factory/.rubygem-mixlib-authentication.new/rubygem-mixlib-authentication.changes
2017-09-12 19:56:54.594295919 +0200
@@ -1,0 +2,6 @@
+Mon Sep 11 12:43:10 UTC 2017 - [email protected]
+
+- updated to version 1.4.2
+ no changelog found
+
+-------------------------------------------------------------------
Old:
----
mixlib-authentication-1.4.1.gem
New:
----
mixlib-authentication-1.4.2.gem
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ rubygem-mixlib-authentication.spec ++++++
--- /var/tmp/diff_new_pack.zRKalw/_old 2017-09-12 19:56:55.078227875 +0200
+++ /var/tmp/diff_new_pack.zRKalw/_new 2017-09-12 19:56:55.082227312 +0200
@@ -1,7 +1,7 @@
#
# spec file for package rubygem-mixlib-authentication
#
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -24,7 +24,7 @@
#
Name: rubygem-mixlib-authentication
-Version: 1.4.1
+Version: 1.4.2
Release: 0
%define mod_name mixlib-authentication
%define mod_full_name %{mod_name}-%{version}
@@ -33,7 +33,7 @@
BuildRequires: %{ruby}
BuildRequires: ruby-macros >= 5
Url: https://www.chef.io
-Source: http://rubygems.org/gems/%{mod_full_name}.gem
+Source: https://rubygems.org/gems/%{mod_full_name}.gem
Source1: gem2rpm.yml
Summary: Mixes in simple per-request authentication
License: Apache-2.0
++++++ mixlib-authentication-1.4.1.gem -> mixlib-authentication-1.4.2.gem ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Gemfile new/Gemfile
--- old/Gemfile 2016-06-08 12:26:14.000000000 +0200
+++ new/Gemfile 2017-08-17 21:39:03.000000000 +0200
@@ -3,4 +3,5 @@
group(:development) do
gem "pry"
+ gem "mixlib-log"
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Rakefile new/Rakefile
--- old/Rakefile 2016-06-08 12:26:14.000000000 +0200
+++ new/Rakefile 2017-08-17 21:39:03.000000000 +0200
@@ -11,7 +11,7 @@
RuboCop::RakeTask.new(:style) do |task|
task.options += ["--display-cop-names", "--no-color"]
end
-rescue
+rescue LoadError
puts "chefstyle/rubocop is not available."
end
Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/mixlib/authentication/digester.rb
new/lib/mixlib/authentication/digester.rb
--- old/lib/mixlib/authentication/digester.rb 2016-06-08 12:26:14.000000000
+0200
+++ new/lib/mixlib/authentication/digester.rb 2017-08-17 21:39:03.000000000
+0200
@@ -27,9 +27,7 @@
def hash_file(f, digest = OpenSSL::Digest::SHA1)
digester = digest.new
buf = ""
- while f.read(16384, buf)
- digester.update buf
- end
+ digester.update buf while f.read(16384, buf)
::Base64.encode64(digester.digest).chomp
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/lib/mixlib/authentication/http_authentication_request.rb
new/lib/mixlib/authentication/http_authentication_request.rb
--- old/lib/mixlib/authentication/http_authentication_request.rb
2016-06-08 12:26:14.000000000 +0200
+++ new/lib/mixlib/authentication/http_authentication_request.rb
2017-08-17 21:39:03.000000000 +0200
@@ -70,7 +70,8 @@
def request_signature
unless @request_signature
- @request_signature = headers.find_all { |h| h[0].to_s =~
/^x_ops_authorization_/ }.sort { |x, y| x.to_s <=> y.to_s }.map { |i| i[1]
}.join("\n")
+ @request_signature = headers.find_all { |h| h[0].to_s =~
/^x_ops_authorization_/ }
+ .sort { |x, y| x.to_s[/\d+/].to_i <=> y.to_s[/\d+/].to_i }.map {
|i| i[1] }.join("\n")
Mixlib::Authentication::Log.debug "Reconstituted (user-supplied)
request signature: #{@request_signature}"
end
@request_signature
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/mixlib/authentication/null_logger.rb
new/lib/mixlib/authentication/null_logger.rb
--- old/lib/mixlib/authentication/null_logger.rb 1970-01-01
01:00:00.000000000 +0100
+++ new/lib/mixlib/authentication/null_logger.rb 2017-08-17
21:39:03.000000000 +0200
@@ -0,0 +1,24 @@
+module Mixlib
+ module Authentication
+ module NullLogger
+
+ attr_accessor :level
+
+ %i{debug info warn error fatal}.each do |method_name|
+ class_eval(<<-METHOD_DEFN, __FILE__, __LINE__)
+ def #{method_name}(msg=nil, &block)
+ true
+ end
+ METHOD_DEFN
+ end
+
+ %i{debug? info? warn? error? fatal?}.each do |method_name|
+ class_eval(<<-METHOD_DEFN, __FILE__, __LINE__)
+ def #{method_name}
+ false
+ end
+ METHOD_DEFN
+ end
+ end
+ end
+end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/mixlib/authentication/signatureverification.rb
new/lib/mixlib/authentication/signatureverification.rb
--- old/lib/mixlib/authentication/signatureverification.rb 2016-06-08
12:26:14.000000000 +0200
+++ new/lib/mixlib/authentication/signatureverification.rb 2017-08-17
21:39:03.000000000 +0200
@@ -76,7 +76,7 @@
# X-Ops-Content-Hash:
# X-Ops-Authorization-#{line_number}
def authenticate_request(user_secret, time_skew = (15 * 60))
- Mixlib::Authentication::Log.debug "Initializing header auth :
#{request.inspect}"
+ Mixlib::Authentication.logger.debug "Initializing header auth :
#{request.inspect}"
@user_secret = user_secret
@allowed_time_skew = time_skew # in seconds
@@ -150,14 +150,14 @@
end
# Keep the debug messages lined up so it's easy to scan them
- Mixlib::Authentication::Log.debug("Verifying request signature:")
- Mixlib::Authentication::Log.debug(" Expected Block is:
'#{candidate_block}'")
- Mixlib::Authentication::Log.debug("Decrypted block is:
'#{request_decrypted_block}'")
- Mixlib::Authentication::Log.debug("Signatures match? :
'#{@valid_signature}'")
+ Mixlib::Authentication.logger.debug("Verifying request signature:")
+ Mixlib::Authentication.logger.debug(" Expected Block is:
'#{candidate_block}'")
+ Mixlib::Authentication.logger.debug("Decrypted block is:
'#{request_decrypted_block}'")
+ Mixlib::Authentication.logger.debug("Signatures match? :
'#{@valid_signature}'")
@valid_signature
rescue => e
- Mixlib::Authentication::Log.debug("Failed to verify request signature:
#{e.class.name}: #{e.message}")
+ Mixlib::Authentication.logger.debug("Failed to verify request
signature: #{e.class.name}: #{e.message}")
@valid_signature = false
end
@@ -169,9 +169,9 @@
@valid_content_hash = (content_hash == hashed_body)
# Keep the debug messages lined up so it's easy to scan them
- Mixlib::Authentication::Log.debug("Expected content hash is:
'#{hashed_body}'")
- Mixlib::Authentication::Log.debug(" Request Content Hash is:
'#{content_hash}'")
- Mixlib::Authentication::Log.debug(" Hashes match?:
#{@valid_content_hash}")
+ Mixlib::Authentication.logger.debug("Expected content hash is:
'#{hashed_body}'")
+ Mixlib::Authentication.logger.debug(" Request Content Hash is:
'#{content_hash}'")
+ Mixlib::Authentication.logger.debug(" Hashes match?:
#{@valid_content_hash}")
@valid_content_hash
end
@@ -211,11 +211,11 @@
# Any file that's included in the request is hashed if it's there.
Otherwise,
# we hash the body.
if file_param
- Mixlib::Authentication::Log.debug "Digesting file_param:
'#{file_param.inspect}'"
+ Mixlib::Authentication.logger.debug "Digesting file_param:
'#{file_param.inspect}'"
@hashed_body = digester.hash_file(file_param, digest)
else
body = request.raw_post
- Mixlib::Authentication::Log.debug "Digesting body: '#{body}'"
+ Mixlib::Authentication.logger.debug "Digesting body: '#{body}'"
@hashed_body = digester.hash_string(body, digest)
end
end
@@ -232,7 +232,7 @@
def timestamp_within_bounds?(time1, time2)
time_diff = (time2 - time1).abs
is_allowed = (time_diff < @allowed_time_skew)
- Mixlib::Authentication::Log.debug "Request time difference:
#{time_diff}, within #{@allowed_time_skew} seconds? : #{!!is_allowed}"
+ Mixlib::Authentication.logger.debug "Request time difference:
#{time_diff}, within #{@allowed_time_skew} seconds? : #{!!is_allowed}"
is_allowed
end
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/mixlib/authentication/signedheaderauth.rb
new/lib/mixlib/authentication/signedheaderauth.rb
--- old/lib/mixlib/authentication/signedheaderauth.rb 2016-06-08
12:26:14.000000000 +0200
+++ new/lib/mixlib/authentication/signedheaderauth.rb 2017-08-17
21:39:03.000000000 +0200
@@ -115,7 +115,7 @@
header_hash[key] = signature_lines[idx]
end
- Mixlib::Authentication::Log.debug "Header hash: #{header_hash.inspect}"
+ Mixlib::Authentication.logger.debug "Header hash:
#{header_hash.inspect}"
header_hash
end
@@ -166,7 +166,8 @@
# Hence, we're going to assume the one that is passed to sign is
# the correct one and needs to passed through all the functions
# that do any sort of digest.
- if @hashed_body_digest != nil && @hashed_body_digest != digest
+ @hashed_body_digest = nil unless defined?(@hashed_body_digest)
+ if !@hashed_body_digest.nil? && @hashed_body_digest != digest
raise "hashed_body must always be called with the same digest"
else
@hashed_body_digest = digest
@@ -176,10 +177,10 @@
# TODO: tim 2009-12-28: It'd be nice to just remove this special case,
# always sign the entire request body, using the expanded multipart
# body in the case of a file being include.
- @hashed_body ||= if self.file && self.file.respond_to?(:read)
- digester.hash_file(self.file, digest)
+ @hashed_body ||= if file && file.respond_to?(:read)
+ digester.hash_file(file, digest)
else
- digester.hash_string(self.body, digest)
+ digester.hash_string(body, digest)
end
end
@@ -235,7 +236,7 @@
memo[field_name.to_sym] = field_value.strip
memo
end
- Mixlib::Authentication::Log.debug "Parsed signing description:
#{parts.inspect}"
+ Mixlib::Authentication.logger.debug "Parsed signing description:
#{parts.inspect}"
parts
end
@@ -246,7 +247,7 @@
# private
def do_sign(private_key, digest, sign_algorithm, sign_version)
string_to_sign = canonicalize_request(sign_algorithm, sign_version)
- Mixlib::Authentication::Log.debug "String to sign: '#{string_to_sign}'"
+ Mixlib::Authentication.logger.debug "String to sign:
'#{string_to_sign}'"
case sign_version
when "1.3"
private_key.sign(digest.new, string_to_sign)
@@ -263,18 +264,19 @@
# A Struct-based value object that contains the necessary information to
# generate a request signature. `SignedHeaderAuth.signing_object()`
# provides a more convenient interface to the constructor.
- class SigningObject < Struct.new(:http_method, :path, :body, :host,
+ SigningObject = Struct.new(:http_method, :path, :body, :host,
:timestamp, :user_id, :file,
:proto_version,
- :headers)
+ :headers) do
+
include SignedHeaderAuth
def proto_version
- (self[:proto_version] || DEFAULT_PROTO_VERSION).to_s
+ (self[:proto_version] || SignedHeaderAuth::DEFAULT_PROTO_VERSION).to_s
end
def server_api_version
key = (self[:headers] || {}).keys.select do |k|
- k.downcase == "x-ops-server-api-version"
+ k.casecmp("x-ops-server-api-version") == 0
end.first
if key
self[:headers][key]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/mixlib/authentication/version.rb
new/lib/mixlib/authentication/version.rb
--- old/lib/mixlib/authentication/version.rb 2016-06-08 12:26:14.000000000
+0200
+++ new/lib/mixlib/authentication/version.rb 2017-08-17 21:39:03.000000000
+0200
@@ -15,6 +15,6 @@
module Mixlib
module Authentication
- VERSION = "1.4.1"
+ VERSION = "1.4.2"
end
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/mixlib/authentication.rb
new/lib/mixlib/authentication.rb
--- old/lib/mixlib/authentication.rb 2016-06-08 12:26:14.000000000 +0200
+++ new/lib/mixlib/authentication.rb 2017-08-17 21:39:03.000000000 +0200
@@ -16,12 +16,13 @@
# limitations under the License.
#
-require "mixlib/log"
-
module Mixlib
module Authentication
DEFAULT_SERVER_API_VERSION = "0"
+ attr_accessor :logger
+ module_function :logger, :logger=
+
class AuthenticationError < StandardError
end
@@ -29,10 +30,17 @@
end
class Log
- extend Mixlib::Log
end
- Log.level = :error
+ begin
+ require "mixlib/log"
+ Mixlib::Authentication::Log.extend(Mixlib::Log)
+ rescue LoadError
+ require "mixlib/authentication/null_logger"
+ Mixlib::Authentication::Log.extend(Mixlib::Authentication::NullLogger)
+ end
+ Mixlib::Authentication.logger = Mixlib::Authentication::Log
+ Mixlib::Authentication.logger.level = :error
end
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/metadata new/metadata
--- old/metadata 2016-06-08 12:26:14.000000000 +0200
+++ new/metadata 2017-08-17 21:39:03.000000000 +0200
@@ -1,30 +1,16 @@
--- !ruby/object:Gem::Specification
name: mixlib-authentication
version: !ruby/object:Gem::Version
- version: 1.4.1
+ version: 1.4.2
platform: ruby
authors:
- Chef Software, Inc.
autorequire:
bindir: bin
cert_chain: []
-date: 2016-06-08 00:00:00.000000000 Z
+date: 2017-08-17 00:00:00.000000000 Z
dependencies:
- !ruby/object:Gem::Dependency
- name: mixlib-log
- requirement: !ruby/object:Gem::Requirement
- requirements:
- - - ">="
- - !ruby/object:Gem::Version
- version: '0'
- type: :runtime
- prerelease: false
- version_requirements: !ruby/object:Gem::Requirement
- requirements:
- - - ">="
- - !ruby/object:Gem::Version
- version: '0'
-- !ruby/object:Gem::Dependency
name: rspec-core
requirement: !ruby/object:Gem::Requirement
requirements:
@@ -86,14 +72,14 @@
requirements:
- - "~>"
- !ruby/object:Gem::Version
- version: '10.4'
+ version: '11'
type: :development
prerelease: false
version_requirements: !ruby/object:Gem::Requirement
requirements:
- - "~>"
- !ruby/object:Gem::Version
- version: '10.4'
+ version: '11'
description: Mixes in simple per-request authentication
email: [email protected]
executables: []
@@ -108,6 +94,7 @@
- lib/mixlib/authentication.rb
- lib/mixlib/authentication/digester.rb
- lib/mixlib/authentication/http_authentication_request.rb
+- lib/mixlib/authentication/null_logger.rb
- lib/mixlib/authentication/signatureverification.rb
- lib/mixlib/authentication/signedheaderauth.rb
- lib/mixlib/authentication/version.rb
@@ -115,6 +102,7 @@
- spec/mixlib/authentication/digester_spec.rb
- spec/mixlib/authentication/http_authentication_request_spec.rb
- spec/mixlib/authentication/mixlib_authentication_spec.rb
+- spec/mixlib/authentication/mixlib_log_missing_spec.rb
- spec/spec_helper.rb
homepage: https://www.chef.io
licenses:
@@ -136,7 +124,7 @@
version: '0'
requirements: []
rubyforge_project:
-rubygems_version: 2.4.5.1
+rubygems_version: 2.6.11
signing_key:
specification_version: 4
summary: Mixes in simple per-request authentication
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/mixlib-authentication.gemspec
new/mixlib-authentication.gemspec
--- old/mixlib-authentication.gemspec 2016-06-08 12:26:14.000000000 +0200
+++ new/mixlib-authentication.gemspec 2017-08-17 21:39:03.000000000 +0200
@@ -12,14 +12,11 @@
s.email = "[email protected]"
s.homepage = "https://www.chef.io";
- # Uncomment this to add a dependency
- s.add_dependency "mixlib-log"
-
s.require_path = "lib"
s.files = %w{LICENSE README.md Gemfile Rakefile NOTICE} +
Dir.glob("*.gemspec") +
Dir.glob("{lib,spec}/**/*", File::FNM_DOTMATCH).reject { |f|
File.directory?(f) }
%w{rspec-core rspec-expectations rspec-mocks}.each { |gem|
s.add_development_dependency gem, "~> 3.2" }
s.add_development_dependency "chefstyle"
- s.add_development_dependency "rake", "~> 10.4"
+ s.add_development_dependency "rake", "~> 11"
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/spec/mixlib/authentication/digester_spec.rb
new/spec/mixlib/authentication/digester_spec.rb
--- old/spec/mixlib/authentication/digester_spec.rb 2016-06-08
12:26:14.000000000 +0200
+++ new/spec/mixlib/authentication/digester_spec.rb 2017-08-17
21:39:03.000000000 +0200
@@ -7,14 +7,14 @@
let(:test_string) { "hello" }
let(:test_string_checksum) { "qvTGHdzF6KLavt4PO0gs2a6pQ00=" }
- describe '#hash_file' do
+ describe "#hash_file" do
it "should default to use SHA1" do
expect(described_class.hash_file(StringIO.new(test_string))).to(
eq(test_string_checksum))
end
end
- describe '#hash_string' do
+ describe "#hash_string" do
it "should default to use SHA1" do
expect(described_class.hash_string(test_string)).to(
eq(test_string_checksum))
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/spec/mixlib/authentication/mixlib_authentication_spec.rb
new/spec/mixlib/authentication/mixlib_authentication_spec.rb
--- old/spec/mixlib/authentication/mixlib_authentication_spec.rb
2016-06-08 12:26:14.000000000 +0200
+++ new/spec/mixlib/authentication/mixlib_authentication_spec.rb
2017-08-17 21:39:03.000000000 +0200
@@ -63,8 +63,7 @@
end
# Uncomment this to get some more info from the methods we're testing.
-#Mixlib::Authentication::Log.logger = Logger.new(STDERR)
-#Mixlib::Authentication::Log.level :debug
+#Mixlib::Authentication.logger.level = :debug
describe "Mixlib::Authentication::SignedHeaderAuth" do
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/spec/mixlib/authentication/mixlib_log_missing_spec.rb
new/spec/mixlib/authentication/mixlib_log_missing_spec.rb
--- old/spec/mixlib/authentication/mixlib_log_missing_spec.rb 1970-01-01
01:00:00.000000000 +0100
+++ new/spec/mixlib/authentication/mixlib_log_missing_spec.rb 2017-08-17
21:39:03.000000000 +0200
@@ -0,0 +1,55 @@
+describe "Mixlib::Authentication::Log" do
+ before do
+ Mixlib::Authentication.send(:remove_const, "DEFAULT_SERVER_API_VERSION")
+ Mixlib::Authentication.send(:remove_const, "Log")
+ end
+
+ context "without mixlib-log" do
+ before do
+ @mixlib_path = $LOAD_PATH.find { |p| p.match("mixlib-log") }
+ $LOAD_PATH.reject! { |p| p.match("mixlib-log") }
+
+ load "mixlib/authentication.rb"
+ end
+
+ after do
+ $LOAD_PATH.unshift(@mixlib_path)
+ end
+
+ it "uses MixlibLogMissing" do
+ expect(Mixlib::Authentication::Log.singleton_class.included_modules)
+ .to include(Mixlib::Authentication::NullLogger)
+ end
+
+ it "default log level is :error" do
+ expect(Mixlib::Authentication::Log.level).to eq(:error)
+ end
+
+ %w{debug info warn error fatal}.each do |level|
+ it "logs at level #{level}" do
+ expect(Mixlib::Authentication::Log).to receive(level).with("foo")
+
+ Mixlib::Authentication.logger.send(level, "foo")
+ end
+ end
+ end
+
+ context "with mixlib-log" do
+ before do
+ load "mixlib/authentication.rb"
+ end
+
+ it "uses Mixlib::Log" do
+ expect(Mixlib::Authentication::Log.singleton_class.included_modules)
+ .to include(Mixlib::Log)
+ end
+
+ %w{debug info warn error fatal}.each do |level|
+ it "forward #{level} to mixlib-log" do
+ expect(Mixlib::Authentication::Log.logger).to
receive(level).with("foo")
+
+ Mixlib::Authentication.logger.send(level, "foo")
+ end
+ end
+ end
+end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/spec/spec_helper.rb new/spec/spec_helper.rb
--- old/spec/spec_helper.rb 2016-06-08 12:26:14.000000000 +0200
+++ new/spec/spec_helper.rb 2017-08-17 21:39:03.000000000 +0200
@@ -18,6 +18,5 @@
#
$:.unshift File.expand_path(File.join(File.dirname(__FILE__), "..", "lib")) #
lib in mixlib-authentication
-$:.unshift File.expand_path(File.join(File.dirname(__FILE__), "..", "..",
"mixlib-log", "lib")) # mixlib-log/log
require "rubygems"
