This repository has been archived by the owner on Jan 24, 2019. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1.2k
Apply HMAC signatures to upstream requests #147
Closed
Closed
Commits on Nov 9, 2015
-
Signature package for SHA1 HMAC request signatures
Mike Bland committedNov 9, 2015 Configuration menu - View commit details
-
Copy full SHA for 99cffc1 - Browse repository at this point
Copy the full SHA 99cffc1View commit details -
Mike Bland committed
Nov 9, 2015 Configuration menu - View commit details
-
Copy full SHA for bae6136 - Browse repository at this point
Copy the full SHA bae6136View commit details -
Sign requests before sending upstream
Mike Bland committedNov 9, 2015 Configuration menu - View commit details
-
Copy full SHA for 30cc2bf - Browse repository at this point
Copy the full SHA 30cc2bfView commit details -
Mike Bland committed
Nov 9, 2015 Configuration menu - View commit details
-
Copy full SHA for 7c4fa19 - Browse repository at this point
Copy the full SHA 7c4fa19View commit details -
Tests to ensure upstream can validate signature
Mike Bland committedNov 9, 2015 Configuration menu - View commit details
-
Copy full SHA for f9e1888 - Browse repository at this point
Copy the full SHA f9e1888View commit details -
Update README with request signature information
Mike Bland committedNov 9, 2015 Configuration menu - View commit details
-
Copy full SHA for 43d1788 - Browse repository at this point
Copy the full SHA 43d1788View commit details -
Allow for other signature algorithms than sha1
Mike Bland committedNov 9, 2015 Configuration menu - View commit details
-
Copy full SHA for db8bc93 - Browse repository at this point
Copy the full SHA db8bc93View commit details -
Use extracted 18F/hmacauth package
Mike Bland committedNov 9, 2015 Configuration menu - View commit details
-
Copy full SHA for dae3719 - Browse repository at this point
Copy the full SHA dae3719View commit details -
Remove support for per-upstream secret keys
Mike Bland committedNov 9, 2015 Configuration menu - View commit details
-
Copy full SHA for 32be942 - Browse repository at this point
Copy the full SHA 32be942View commit details -
Signature header as a ValidateRequest parameter
Mike Bland committedNov 9, 2015 Configuration menu - View commit details
-
Copy full SHA for ff08ca5 - Browse repository at this point
Copy the full SHA ff08ca5View commit details -
Mike Bland committed
Nov 9, 2015 Configuration menu - View commit details
-
Copy full SHA for ecdf593 - Browse repository at this point
Copy the full SHA ecdf593View commit details -
Mike Bland committed
Nov 9, 2015 Configuration menu - View commit details
-
Copy full SHA for 25cb80b - Browse repository at this point
Copy the full SHA 25cb80bView commit details -
Better SIGNATURE_HEADERS decl; eliminate init()
Mike Bland committedNov 9, 2015 Configuration menu - View commit details
-
Copy full SHA for 0bcc464 - Browse repository at this point
Copy the full SHA 0bcc464View commit details -
Update Godeps with 18F/hmacauth v0.0.0-pr-1
Mike Bland committedNov 9, 2015 Configuration menu - View commit details
-
Copy full SHA for 2bedf21 - Browse repository at this point
Copy the full SHA 2bedf21View commit details -
Mike Bland committed
Nov 9, 2015 Configuration menu - View commit details
-
Copy full SHA for 98af10f - Browse repository at this point
Copy the full SHA 98af10fView commit details -
Bump github.com/18F/hmacauth to v1.0.0
Mike Bland committedNov 9, 2015 Configuration menu - View commit details
-
Copy full SHA for e08b9d8 - Browse repository at this point
Copy the full SHA e08b9d8View commit details -
Mike Bland committed
Nov 9, 2015 Configuration menu - View commit details
-
Copy full SHA for 742e3fc - Browse repository at this point
Copy the full SHA 742e3fcView commit details -
Simulate a request body buffer consumed by Read
Using fakeNetConn in the test exposes a bug in 18F/hmacauth when handling POST requests, addressed by 18F/hmacauth#4. The bug was that the strings.Reader does not consume its buffer contents the same way that a net.Conn does. So the test would pass because its request body would still be intact after signing, but during live testing, the request body would be consumed by HmacAuth.requestSignature(). It also happened to expose a subsequent 18F/hmacauth bug addressed in 18F/hmacauth#5. It turns out that checking Request.ContentLength is an unreliable way of detecting that a body is present, and checking body != nil is sufficient. 18F/hmacauth#4 is already merged; when 18F/hmacauth#5 is in, I'll tag 18F/hmacauth v1.0.1 and update the Godeps to use that version, at which point the test should pass.
Mike Bland committedNov 9, 2015 Configuration menu - View commit details
-
Copy full SHA for a7be0cd - Browse repository at this point
Copy the full SHA a7be0cdView commit details -
v1.0.1 contains 18F/hmacauth#4 and 18F/hmacauth#5, needed to make TestRequestSignaturePostRequest pass again.
Mike Bland committedNov 9, 2015 Configuration menu - View commit details
-
Copy full SHA for 8a0dacf - Browse repository at this point
Copy the full SHA 8a0dacfView commit details -
Mike Bland committed
Nov 9, 2015 Configuration menu - View commit details
-
Copy full SHA for 47696e0 - Browse repository at this point
Copy the full SHA 47696e0View commit details
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.