- Removed ruby-hmac dependency. Using OpenSSL::HMAC instead

- Updated the Request class and tests - Added .bundle to the ignore list
aflatter · Jul 1, 2010 · 0ee8f97 · 0ee8f97
1 parent 84c6ca2
commit 0ee8f97
Show file tree

Hide file tree

Showing 5 changed files with 11 additions and 7 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1 +1,2 @@
+.bundle
 **/.DS_Store
diff --git a/Gemfile b/Gemfile
@@ -2,4 +2,3 @@ source :gemcutter
 
 gem 'rspec', '>= 2.0.0.beta'
 gem 'activesupport', '>= 3.0.0.beta'
-gem 'ruby-hmac'
diff --git a/oauth2-server/lib/oauth2/server/request.rb b/oauth2-server/lib/oauth2/server/request.rb
@@ -1,5 +1,5 @@
+require 'openssl'
 require 'oauth2/attributes'
-require 'hmac-sha2'
 require 'active_support/base64'
 
 module OAuth2
@@ -84,9 +84,7 @@ def calculate_signature
           request_uri
         ].join(',')
 
-        digest = HMAC::SHA256.digest(secret, normalized_string)
-
-        ActiveSupport::Base64.encode64s(digest)
+        ActiveSupport::Base64.encode64s(OpenSSL::HMAC.digest(OpenSSL::Digest::Digest.new('sha256'), secret, normalized_string))
       end
 
       def validate_signature

diff --git a/oauth2-server/spec/server/request_spec.rb b/oauth2-server/spec/server/request_spec.rb
@@ -73,8 +73,8 @@
     subject.should_receive(:request_header).exactly(3).times.with(no_args).and_return(header)
     subject.should_receive(:secret).once.and_return("secret")
 
-    HMAC::SHA256.should_receive(:digest).once.
-                 with("secret", normalized_string).
+    OpenSSL::HMAC.should_receive(:digest).once.
+                 with(OpenSSL::Digest::Digest.new('sha256'), "secret", normalized_string).
                  and_return("digest")
 
     ActiveSupport::Base64.should_receive(:encode64s).

diff --git a/oauth2-server/spec/spec_helper.rb b/oauth2-server/spec/spec_helper.rb
@@ -19,6 +19,12 @@
   puts 'RSpec not found. Please install rspec with command bundle install'
 end
 
+begin
+  require 'openssl'
+rescue LoadError => e
+  puts 'OpenSSL not present. Please check your Ruby installation and make sure it includes the OpenSSL libraries'
+end
+
 require 'oauth2/server'
 
 Dir.glob(File.dirname(__FILE__) + "/support/**/*.rb").each do |file|