Merge pull request #80 from superacidjax/master

fixes #79 -- changes from Digest::HMAC to OpenSSL
opentok · Jan 6, 2015 · 9a7f59b · 9a7f59b
2 parents 158007d + d1cf45a
commit 9a7f59b
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 5 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -3,6 +3,7 @@ rvm:
 - 1.9.3
 - 2.0.0
 - 2.1.0
+- 2.2.0
 - rbx-2
 notifications:
   slack:

diff --git a/lib/opentok/token_generator.rb b/lib/opentok/token_generator.rb
@@ -3,7 +3,7 @@
 
 require "base64"
 require "addressable/uri"
-require "digest/hmac"
+require "openssl"
 require "active_support/time"
 
 module OpenTok
@@ -81,11 +81,11 @@ def generate_token
         end
         data_params[:connection_data] = data
       end
-
+      digest = OpenSSL::Digest.new('sha1')
       data_string = Addressable::URI.form_encode data_params
       meta_string = Addressable::URI.form_encode({
         :partner_id => api_key,
-        :sig => Digest::HMAC.hexdigest(data_string, api_secret, Digest::SHA1)
+        :sig => OpenSSL::HMAC.hexdigest(digest, api_secret, data_string)
       })
 
       TOKEN_SENTINEL + Base64.strict_encode64(meta_string + ":" + data_string)

diff --git a/spec/matchers/token.rb b/spec/matchers/token.rb
@@ -1,7 +1,7 @@
 require "rspec/matchers"
 
 require "base64"
-require "digest/hmac"
+require "openssl"
 require "addressable/uri"
 
 RSpec::Matchers.define :carry_token_data do |input_data|
@@ -40,9 +40,10 @@
   match do |token|
     decoded_token = Base64.decode64(token[4..token.length])
     metadata, data_string = decoded_token.split(':')
+    digest = OpenSSL::Digest.new('sha1')
     # form_unencode returns an array of arrays, annoying so hardcoded lookup
     # expected format: [["partner_id", "..."], ["sig", "..."]]
     signature = Addressable::URI.form_unencode(metadata)[1][1]
-    signature == Digest::HMAC.hexdigest(data_string, api_secret, Digest::SHA1)
+    signature == OpenSSL::HMAC.hexdigest(digest, api_secret, data_string)
   end
 end