Fix code challenge generator

Changed method from #hexdigest to #digest.
Includes test to confirm format is as expected according
to RFC 7636.

Author: barryf

lib/micropublish/auth.rb

@@ -86,6 +86,12 @@ def confirm_auth_server(me, authorization_endpoint)
       end
     end
 
+    def self.generate_code_challenge(code_verifier)
+      Base64.urlsafe_encode64(
+        Digest::SHA256.digest(code_verifier)
+      ).gsub(/=/, '')
+    end
+
     def self.valid_uri?(u)
       begin
         uri = URI.parse(u)

lib/micropublish/server.rb

@@ -72,9 +72,7 @@ class Server < Sinatra::Application
       session[:me] = params[:me]
       # code challenge from code verified
       session[:code_verifier] = SecureRandom.alphanumeric(100)
-      code_challenge = Base64.urlsafe_encode64(
-        Digest::SHA256.hexdigest(session[:code_verifier])
-      ).gsub(/=/, '') # removes `=`s from base64 string
+      code_challenge = Auth.generate_code_challenge(session[:code_verifier])
       # redirect to auth endpoint
       query = URI.encode_www_form({
         me: session[:me],

spec/micropublish/auth_spec.rb

@@ -1,2 +1,18 @@
 describe Micropublish::Auth do
+
+  before do
+    # from https://tools.ietf.org/html/rfc7636#appendix-A
+    @code_verifier = "dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk"
+    @expected_code_challenge = "E9Melhoa2OwvFrEMTJguCHaoeK1t8URWbuGJSstw-cM"
+  end
+
+  context "given a random string as a code verifier" do
+    describe "#generate_code_challenge" do
+      it "should generate a code challenge in the expected format" do
+        code_challenge = Micropublish::Auth.generate_code_challenge(@code_verifier)
+        expect(code_challenge).to eql(@expected_code_challenge)
+      end
+    end
+  end
+
 end