lib/poms/api/auth.rb in poms-1.2.2 vs lib/poms/api/auth.rb in poms-2.0.0.a

@@ -1,40 +1,60 @@
+require 'base64'
+
 module Poms
   module Api
     # This module can be used to create an authentication header for the Poms
     # API.
     #
     # see: http://wiki.publiekeomroep.nl/display/npoapi/Algemeen
     module Auth
-      # Create an auth header for the Poms API. This is a codified string
-      # consisting of a message that is hashed with a secret.
-      #
-      # @see message
-      # @param secret The Poms API secret key
-      # @param message The message that needs to be hashed.
-      def self.encode(secret, message)
+      module_function
+
+      extend SingleForwardable
+
+      delegate %i(origin secret key) => :@credentials
+
+      # @param request The prepared request
+      # @param credentials The Poms API credentials
+      # @param clock Defaults to current time, but can be provided as Time
+      def sign(request, credentials, clock = Time.now)
+        @credentials = credentials
+        timestamp = clock.rfc822
+        message = generate_message(request.uri, timestamp)
+
+        request['Origin'] = origin
+        request['X-NPO-Date'] = timestamp
+        request['Authorization'] = "NPO #{key}:#{encrypt(message)}"
+        request
+      end
+
+      # Create a message for the Authorization header. This is an encrypted
+      # stringconsisting of a message that is hashed with a shared secret.
+      def encrypt(message)
         sha256 = OpenSSL::Digest.new('sha256')
         digest = OpenSSL::HMAC.digest(sha256, secret, message)
-        Base64.encode64(digest)
+        Base64.encode64(digest).strip
       end
 
-      # Creates the header that is used for authenticating a request to the Poms
-      # API.
-      #
-      # @param uri The uri that is being requested
-      # @param origin The origin header
-      # @param date The date as an RFC822 string
-      # @param params The url params as a ruby hash
-      def self.message(uri, origin, date, params = {})
-        params_string = params.sort.map do |key, value|
-          "#{key}:#{value}"
-        end.join(',') if params.present?
+      # Creates a message in the required format as specified by POMS
+      # documentation.
+      # @param uri The Addressable::URI
+      # @param timestamp An rfc822 formatted timestamp
+      def generate_message(uri, timestamp)
         [
           "origin:#{origin}",
-          "x-npo-date:#{date}",
-          "uri:#{uri}",
-          params_string
+          "x-npo-date:#{timestamp}",
+          "uri:#{uri.path}",
+          params_string(uri.query_values)
         ].compact.join(',')
       end
+
+      # Convert a hash of parameters to the format expected by the message
+      def params_string(params)
+        return unless params
+        params.map { |key, value| "#{key}:#{value}" }.sort.join(',')
+      end
+
+      private_class_method :generate_message, :encrypt, :params_string
     end
   end
 end