search

mgomes / api_auth

HMAC authentication for Rails and HTTP Clients
MIT License
480 stars 147 forks source link

POST requests is not authentic #152

Closed istickz closed 6 years ago

istickz commented 7 years ago

I have a two requests get and post

request = RestClient::Request.new(
  url: "http://localhost:3000/api/v1/accounts",
  method: :get
)

signed_request = ApiAuth.sign!(request, access_id, secret_key)

res = signed_request.execute

GET request have a good response and "authentic" is true

request = RestClient::Request.new(
  url: "http://localhost:3000/api/v1/accounts",
  method: :post
)

signed_request = ApiAuth.sign!(request, access_id, secret_key)

res = signed_request.execute

POST request has "authentic" false

How to fix post requests?

mgomes commented 7 years ago

PUT and POST requests undergo an additional check to verify the request's body match an MD5 checksum. Since you're using RestClient, I think maybe you are running into #125. Do you think you'd be able to have a look and maybe submit a PR for that? It'd be very much appreciated as I don't use RestClient very much these days.