Security - Code Metrics - unrar/midb - Measure and Improve Code Quality continuously with Scrutinizer

Security A
last analyzed 2016-03-04 21:00 UTC

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	33
Duplicated Lines	0 %

Metric	Value
dl	0
loc	33
rs	10
wmc	3

3 Methods

Rating	Name	Size	Complexity
A	is_auth?	3	1
A	parse_auth()	3	1
A	check?	5	1

require 'hmac-sha1'
require 'base64'
require 'cgi'

module MIDB
  module API
    # Controller that handles API HMAC authentication.
    # 
    # @note This will probably become a separate project soon.
    class Security

      # Checks if an HTTP header is the authorization one
      #
      # @deprecated It's no longer used but kept for historical reasons.
      # @param header [String] A line of an HTTP header.
      # @return [Boolean] Whether it's an auth header or not.
      def self.is_auth?(header)
         return header.split(":")[0].downcase == "authentication"
      end

      # Parses an authentication header so to get the HMAC digest.
      #
      # @param header [String] A line of an HTTP header (should have been checked
      #                         to be an auth header)
      # @return [String] The HMAC digest as a string.
      def self.parse_auth(header)
        return header.split(" ")[1]
      end

      # Checks if an HMAC digest is properly authenticated.
      # 
      # @param header [String] A line of an HTTP header (see #parse_auth)
      # @param params [String] The data passed via the HTTP request.
      # @param key [String] The private API key.
      #
      # @return [Boolean] Whether the given digest matches the correct one or not.
      def self.check?(header, params, key)
        hmac = HMAC::SHA1.new(key)
        hmac.update(params)
        return self.parse_auth(header) == CGI.escape(Base64.encode64("#{hmac.digest}"))
      end
    end
  end
end


1			require 'hmac-sha1'
2			require 'base64'
3			require 'cgi'
4
5			module MIDB
6			module API
7			# Controller that handles API HMAC authentication.
8			#
9			# @note This will probably become a separate project soon.
10			class Security
11
12			# Checks if an HTTP header is the authorization one
13			#
14			# @deprecated It's no longer used but kept for historical reasons.
15			# @param header [String] A line of an HTTP header.
16			# @return [Boolean] Whether it's an auth header or not.
17			def self.is_auth?(header)
18			return header.split(":")[0].downcase == "authentication"
19			end
20
21			# Parses an authentication header so to get the HMAC digest.
22			#
23			# @param header [String] A line of an HTTP header (should have been checked
24			# to be an auth header)
25			# @return [String] The HMAC digest as a string.
26			def self.parse_auth(header)
27			return header.split(" ")[1]
28			end
29
30			# Checks if an HMAC digest is properly authenticated.
31			#
32			# @param header [String] A line of an HTTP header (see #parse_auth)
33			# @param params [String] The data passed via the HTTP request.
34			# @param key [String] The private API key.
35			#
36			# @return [Boolean] Whether the given digest matches the correct one or not.
37			def self.check?(header, params, key)
38			hmac = HMAC::SHA1.new(key)
39			hmac.update(params)
40			return self.parse_auth(header) == CGI.escape(Base64.encode64("#{hmac.digest}"))
41			end
42			end
43			end
44			end
45

unrar / midb

Security A last analyzed 2016-03-04 21:00 UTC

Complexity

Size/Duplication

3 Methods

Duplication Side-by-Side

Filter issues like

Security A
last analyzed 2016-03-04 21:00 UTC