8936: address review comments

[arvados.git] / services / api / app / models / blob.rb

diff --git a/services/api/app/models/blob.rb b/services/api/app/models/blob.rb
index 91007fcc8aad42792a5fbff014965475940393c5..41d5b27093c3ab55c296f7a592b9defb7e25d6dc 100644 (file)
--- a/services/api/app/models/blob.rb
+++ b/services/api/app/models/blob.rb
@@ -49,11 +49,12 @@ class Blob
     end
     timestamp_hex = timestamp.to_s(16)
     # => "53163cb4"
+    blob_signature_ttl = Rails.configuration.blob_signature_ttl.to_s(16)
 
     # Generate a signature.
     signature =
       generate_signature((opts[:key] or Rails.configuration.blob_signing_key),
-                         blob_hash, opts[:api_token], timestamp_hex)
+                         blob_hash, opts[:api_token], timestamp_hex, blob_signature_ttl)
 
     blob_locator + '+A' + signature + '@' + timestamp_hex
   end
@@ -96,10 +97,11 @@ class Blob
     if timestamp.to_i(16) < (opts[:now] or db_current_time.to_i)
       raise Blob::InvalidSignatureError.new 'Signature expiry time has passed.'
     end
+    blob_signature_ttl = Rails.configuration.blob_signature_ttl.to_s(16)
 
     my_signature =
       generate_signature((opts[:key] or Rails.configuration.blob_signing_key),
-                         blob_hash, opts[:api_token], timestamp)
+                         blob_hash, opts[:api_token], timestamp, blob_signature_ttl)
 
     if my_signature != given_signature
       raise Blob::InvalidSignatureError.new 'Signature is invalid.'
@@ -108,11 +110,11 @@ class Blob
     true
   end
 
-  def self.generate_signature key, blob_hash, api_token, timestamp
+  def self.generate_signature key, blob_hash, api_token, timestamp, blob_signature_ttl
     OpenSSL::HMAC.hexdigest('sha1', key,
                             [blob_hash,
                              api_token,
                              timestamp,
-                             Rails.configuration.blob_signature_ttl].join('@'))
+                             blob_signature_ttl].join('@'))
   end
 end