Skip to content

Commit c42324a

Browse files
committed
Fix code challenge generator
Changed method from #hexdigest to #digest. Includes test to confirm format is as expected according to RFC 7636.
1 parent 3876c35 commit c42324a

File tree

3 files changed

+23
-3
lines changed

3 files changed

+23
-3
lines changed

lib/micropublish/auth.rb

+6
Original file line numberDiff line numberDiff line change
@@ -86,6 +86,12 @@ def confirm_auth_server(me, authorization_endpoint)
8686
end
8787
end
8888

89+
def self.generate_code_challenge(code_verifier)
90+
Base64.urlsafe_encode64(
91+
Digest::SHA256.digest(code_verifier)
92+
).gsub(/=/, '')
93+
end
94+
8995
def self.valid_uri?(u)
9096
begin
9197
uri = URI.parse(u)

lib/micropublish/server.rb

+1-3
Original file line numberDiff line numberDiff line change
@@ -72,9 +72,7 @@ class Server < Sinatra::Application
7272
session[:me] = params[:me]
7373
# code challenge from code verified
7474
session[:code_verifier] = SecureRandom.alphanumeric(100)
75-
code_challenge = Base64.urlsafe_encode64(
76-
Digest::SHA256.hexdigest(session[:code_verifier])
77-
).gsub(/=/, '') # removes `=`s from base64 string
75+
code_challenge = Auth.generate_code_challenge(session[:code_verifier])
7876
# redirect to auth endpoint
7977
query = URI.encode_www_form({
8078
me: session[:me],

spec/micropublish/auth_spec.rb

+16
Original file line numberDiff line numberDiff line change
@@ -1,2 +1,18 @@
11
describe Micropublish::Auth do
2+
3+
before do
4+
# from https://tools.ietf.org/html/rfc7636#appendix-A
5+
@code_verifier = "dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk"
6+
@expected_code_challenge = "E9Melhoa2OwvFrEMTJguCHaoeK1t8URWbuGJSstw-cM"
7+
end
8+
9+
context "given a random string as a code verifier" do
10+
describe "#generate_code_challenge" do
11+
it "should generate a code challenge in the expected format" do
12+
code_challenge = Micropublish::Auth.generate_code_challenge(@code_verifier)
13+
expect(code_challenge).to eql(@expected_code_challenge)
14+
end
15+
end
16+
end
17+
218
end

0 commit comments

Comments
 (0)