Skip to content
This repository has been archived by the owner on Jan 24, 2019. It is now read-only.

Apply HMAC signatures to upstream requests #147

Closed
wants to merge 20 commits into from
Closed

Apply HMAC signatures to upstream requests #147

wants to merge 20 commits into from

Commits on Nov 9, 2015

  1. Signature package for SHA1 HMAC request signatures

    Mike Bland committed Nov 9, 2015
    Configuration menu
    Copy the full SHA
    99cffc1 View commit details
    Browse the repository at this point in the history

  2. Add signature flag options

    Mike Bland committed Nov 9, 2015
    Configuration menu
    Copy the full SHA
    bae6136 View commit details
    Browse the repository at this point in the history

  3. Sign requests before sending upstream

    Mike Bland committed Nov 9, 2015
    Configuration menu
    Copy the full SHA
    30cc2bf View commit details
    Browse the repository at this point in the history

  4. Extract NewTestProvider

    Mike Bland committed Nov 9, 2015
    Configuration menu
    Copy the full SHA
    7c4fa19 View commit details
    Browse the repository at this point in the history

  5. Tests to ensure upstream can validate signature

    Mike Bland committed Nov 9, 2015
    Configuration menu
    Copy the full SHA
    f9e1888 View commit details
    Browse the repository at this point in the history

  6. Update README with request signature information

    Mike Bland committed Nov 9, 2015
    Configuration menu
    Copy the full SHA
    43d1788 View commit details
    Browse the repository at this point in the history

  7. Allow for other signature algorithms than sha1

    Mike Bland committed Nov 9, 2015
    Configuration menu
    Copy the full SHA
    db8bc93 View commit details
    Browse the repository at this point in the history

  8. Use extracted 18F/hmacauth package

    Mike Bland committed Nov 9, 2015
    Configuration menu
    Copy the full SHA
    dae3719 View commit details
    Browse the repository at this point in the history

  9. Remove support for per-upstream secret keys

    Mike Bland committed Nov 9, 2015
    Configuration menu
    Copy the full SHA
    32be942 View commit details
    Browse the repository at this point in the history

  10. Signature header as a ValidateRequest parameter

    Mike Bland committed Nov 9, 2015
    Configuration menu
    Copy the full SHA
    ff08ca5 View commit details
    Browse the repository at this point in the history

  11. Use hmacauth.HmacAuth type

    Mike Bland committed Nov 9, 2015
    Configuration menu
    Copy the full SHA
    ecdf593 View commit details
    Browse the repository at this point in the history

  12. Use HmacAuth.SignRequest()

    Mike Bland committed Nov 9, 2015
    Configuration menu
    Copy the full SHA
    25cb80b View commit details
    Browse the repository at this point in the history

  13. Better SIGNATURE_HEADERS decl; eliminate init()

    Mike Bland committed Nov 9, 2015
    Configuration menu
    Copy the full SHA
    0bcc464 View commit details
    Browse the repository at this point in the history

  14. Update Godeps with 18F/hmacauth v0.0.0-pr-1

    Mike Bland committed Nov 9, 2015
    Configuration menu
    Copy the full SHA
    2bedf21 View commit details
    Browse the repository at this point in the history

  15. Update to hmacauth v0.0.1

    Mike Bland committed Nov 9, 2015
    Configuration menu
    Copy the full SHA
    98af10f View commit details
    Browse the repository at this point in the history

  16. Bump github.com/18F/hmacauth to v1.0.0

    Mike Bland committed Nov 9, 2015
    Configuration menu
    Copy the full SHA
    e08b9d8 View commit details
    Browse the repository at this point in the history

  17. s/Validate/Authenticate/g

    Mike Bland committed Nov 9, 2015
    Configuration menu
    Copy the full SHA
    742e3fc View commit details
    Browse the repository at this point in the history

  18. Simulate a request body buffer consumed by Read 

    Using fakeNetConn in the test exposes a bug in 18F/hmacauth when handling POST
requests, addressed by 18F/hmacauth#4. The bug was that the strings.Reader
does not consume its buffer contents the same way that a net.Conn does. So the
test would pass because its request body would still be intact after signing,
but during live testing, the request body would be consumed by
HmacAuth.requestSignature().

It also happened to expose a subsequent 18F/hmacauth bug addressed in
18F/hmacauth#5. It turns out that checking Request.ContentLength is an
unreliable way of detecting that a body is present, and checking body != nil
is sufficient.

18F/hmacauth#4 is already merged; when 18F/hmacauth#5 is in, I'll tag
18F/hmacauth v1.0.1 and update the Godeps to use that version, at which point
the test should pass.
    Mike Bland committed Nov 9, 2015
    Configuration menu
    Copy the full SHA
    a7be0cd View commit details
    Browse the repository at this point in the history

  19. Bump hmacauth to v1.0.1 

    v1.0.1 contains 18F/hmacauth#4 and 18F/hmacauth#5, needed to make
TestRequestSignaturePostRequest pass again.
    Mike Bland committed Nov 9, 2015
    Configuration menu
    Copy the full SHA
    8a0dacf View commit details
    Browse the repository at this point in the history

  20. README update

    Mike Bland committed Nov 9, 2015
    Configuration menu
    Copy the full SHA
    47696e0 View commit details
    Browse the repository at this point in the history