Api Auth Versions Save

HMAC authentication for Rails and HTTP Clients

v2.1.0

7 years ago

Fixed a NoMethodError that might occur when using the NetHttp Driver (#130 grahamkenville)
More securely compare signatures in a way that prevents timing attacks (#56 leishman, #133 will0)
Remove support for MD2 and MD4 hashing algorithms since they are insecure (#134 will0)
Disallow requests that are too far in the future to limit the time available for a brute force signature guess (#119 fwininger)

v2.0.0

7 years ago

IMPORTANT: 2.0.0 is backwards incompatible with the default settings of v1.x v2.0.0 always includes the http method in the canonical string. You can use the upgrade strategy in v1.4.x and above to migrate to v2.0.0 without any down time. Please see the 1.4.0 release nodes for more info
Added support for other digest algorithms like SHA-256 (#98 fwininger)

v2.0.1

7 years ago

Support of api_auth_options in ActiveResource integration (#102 fwininger)
Replace use of #blank? with #nil? to not depend on ActiveSupport (#114 packrat386)
Fix Auth header matching to not match invalid SHA algorithms (#115 packrat386)
Replace alias_method_chain with alias_method in the railtie since alias_method_chain is deprecated in Rails 5 (#118 mlarraz)