ably 0.8.11 → 0.8.12

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: c2940c3999a909ad6243c5c9f7b58577bb754a65
-  data.tar.gz: a26e8dcb896d65db2ac1037fda94229a6cafa0b7
+  metadata.gz: 83a334452c78f5a9522b8aef6edef8a376da22c4
+  data.tar.gz: e00a360302db7a510633beeb840c1a81d565d3f8
 SHA512:
-  metadata.gz: 17a1afa89167265c13c1f63ed0a534f8af6cfbe799684cdac328331e24fe33851341cc5ac2ff214feb8fa5092ec6d461eb8c8d37e56032b870e294bca32c3d4b
-  data.tar.gz: c69805bf390839041e2d82283e0aedc1d22baa181386deeb870f267093f235d97419399c246fa7ed04dedd22c4430b6ec8f22f5325d2890559c12619fbb48c66
+  metadata.gz: 46211a7336813fdcbc6160b161c97a7a66af8cc95ad02b40757d55326f30839a9754db67c95235a394805d1cea7afe52618311556c55436127f99f92349a26e0
+  data.tar.gz: 67674b15c02b127e72d0b982b40735f1366b6b0384e8e0cbe0945334e6c724fd2e1c162dac12c99d9c8a12a8d19fa78685749036da4ab3ac972ba9e3274890d8

data/CHANGELOG.md

@@ -1,12 +1,28 @@
 # Change Log
 
-## [v0.8.9](https://github.com/ably/ably-ruby/tree/v0.8.9) (2016-04-01)
+## [v0.8.12](https://github.com/ably/ably-ruby/tree/v0.8.12)
 
-[Full Changelog](https://github.com/ably/ably-ruby/compare/v0.8.9...v0.8.10)
+[Full Changelog](https://github.com/ably/ably-ruby/compare/v0.8.11...v0.8.12)
 
 **Fixed bugs:**
 
-- API keys have hyphens
+- Ably::Exceptions::ConnectionError: SSL\_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed [\#87](https://github.com/ably/ably-ruby/issues/87)
+
+**Merged pull requests:**
+
+- Reauthorise [\#90](https://github.com/ably/ably-ruby/pull/90) ([mattheworiordan](https://github.com/mattheworiordan))
+
+## [v0.8.11](https://github.com/ably/ably-ruby/tree/v0.8.11) (2016-04-05)
+
+[Full Changelog](https://github.com/ably/ably-ruby/compare/v0.8.10...v0.8.11)
+
+**Merged pull requests:**
+
+- Ensure message emitter callbacks are safe \(i.e. cannot break the EM\) [\#85](https://github.com/ably/ably-ruby/pull/85) ([mattheworiordan](https://github.com/mattheworiordan))
+
+## [v0.8.10](https://github.com/ably/ably-ruby/tree/v0.8.10) (2016-04-01)
+
+[Full Changelog](https://github.com/ably/ably-ruby/compare/v0.8.9...v0.8.10)
 
 ## [v0.8.9](https://github.com/ably/ably-ruby/tree/v0.8.9) (2016-03-01)
 

data/lib/ably/auth.rb

@@ -72,6 +72,7 @@ module Ably
       end
 
       split_api_key_into_key_and_secret! options if options[:key]
+      store_and_delete_basic_auth_key_from_options! options
 
       if using_basic_auth? && !api_key_present?
         raise ArgumentError, 'key is missing. Either an API key, token, or token auth method must be provided'
@@ -104,9 +105,9 @@ module Ably
     #
     # In the event that a new token request is made, the provided options are used.
     #
-    # @param [Hash] token_params the token params used for future token requests
-    # @param [Hash] auth_options the authentication options used for future token requests
-    # @option auth_options [Boolean]   :force   obtains a new token even if the current token is valid
+    # @param [Hash, nil] token_params the token params used for future token requests. When nil, previously configured token params are used
+    # @param [Hash, nil] auth_options the authentication options used for future token requests. When nil, previously configure authentication options are used
+    # @option auth_options [Boolean]   :force   obtains a new token even if the current token is valid. If the provided +auth_options+ Hash contains only this +:force+ attribute, the existing configured authentication options are not overwriten
     # @option (see #request_token)
     #
     # @return (see #create_token_request)
@@ -122,23 +123,54 @@ module Ably
     #      token_request
     #    end
     #
-    def authorise(token_params = {}, auth_options = {})
-      ensure_valid_auth_attributes auth_options
+    def authorise(token_params = nil, auth_options = nil)
+      if auth_options == { force: true }
+        auth_options = options.merge(force: true)
+      elsif auth_options.nil?
+        auth_options = options
+      else
+        ensure_valid_auth_attributes auth_options
 
-      auth_options = auth_options.clone
+        auth_options = auth_options.clone
 
-      if current_token_details && !auth_options.delete(:force)
-        return current_token_details unless current_token_details.expired?
+        if auth_options[:token_params]
+          token_params = auth_options.delete(:token_params).merge(token_params || {})
+        end
+
+        # If basic credentials are provided then overwrite existing options
+        # otherwise we need to retain the existing credentials in the auth options
+        split_api_key_into_key_and_secret! auth_options if auth_options[:key]
+        if auth_options[:key_name] && auth_options[:key_secret]
+          store_and_delete_basic_auth_key_from_options! auth_options
+        end
+
+        @options = auth_options.clone
+
+        # Force reauth and query the server time only happens once
+        # the otpions remain in auth_options though so they are passed to request_token
+        @options.delete(:query_time)
+        @options.delete(:force)
+
+        @options.freeze
       end
 
-      split_api_key_into_key_and_secret! auth_options if auth_options[:key]
-      @options = @options.merge(auth_options) # update defaults
+      unless token_params.nil?
+        @token_params = token_params
+        @token_params.freeze
+      end
 
-      token_params = (auth_options.delete(:token_params) || {}).merge(token_params)
-      @token_params = @token_params.merge(token_params) # update defaults
+      if current_token_details && !auth_options[:force]
+        return current_token_details unless current_token_details.expired?
+      end
 
-      authorise_with_token(request_token(token_params, auth_options)).tap do |new_token_details|
+      authorise_with_token(request_token(@token_params, auth_options)).tap do |new_token_details|
         logger.debug "Auth: new token following authorisation: #{new_token_details}"
+
+        # If authorise was forced allow a block to be called so that the realtime library
+        # can force upgrade the authorisation
+        if auth_options[:force] && block_given?
+          yield new_token_details
+        end
       end
     end
 
@@ -240,11 +272,8 @@ module Ably
 
       raise Ably::Exceptions::TokenRequestFailed, 'Key Name and Key Secret are required to generate a new token request' unless request_key_name && request_key_secret
 
-      timestamp = if auth_options[:query_time]
-        client.time
-      else
-        token_params.delete(:timestamp) || Time.now
-      end
+      ensure_current_time_is_based_on_server_time if auth_options[:query_time]
+      timestamp = token_params.delete(:timestamp) || current_time
       timestamp = Time.at(timestamp) if timestamp.kind_of?(Integer)
 
       ttl = [
@@ -276,11 +305,11 @@ module Ably
     end
 
     def key_name
-      options[:key_name]
+      @key_name
     end
 
     def key_secret
-      options[:key_secret]
+      @key_secret
     end
 
     # True when Basic Auth is being used to authenticate with Ably
@@ -413,6 +442,24 @@ module Ably
       @token_option
     end
 
+    # Returns the current device clock time unless the
+    # the server time has previously been requested with query_time: true
+    # and the @server_time_offset is configured
+    def current_time
+      if @server_time_offset
+        Time.now + @server_time_offset
+      else
+        Time.now
+      end
+    end
+
+    # Get the difference in time between the server
+    # and the local clock and store this for future time requests
+    def ensure_current_time_is_based_on_server_time
+      server_time = client.time
+      @server_time_offset = server_time.to_f - Time.now.to_f
+    end
+
     def ensure_valid_auth_attributes(attributes)
       if attributes[:timestamp]
         unless attributes[:timestamp].kind_of?(Time) || attributes[:timestamp].kind_of?(Numeric)
@@ -471,6 +518,11 @@ module Ably
       options.delete :key
     end
 
+    def store_and_delete_basic_auth_key_from_options!(options)
+      @key_name = options.delete(:key_name)
+      @key_secret = options.delete(:key_secret)
+    end
+
     # Returns the current token if it exists or authorises and retrieves a token
     def token_auth_string
       if !current_token_details && token_option

data/lib/ably/realtime/auth.rb

@@ -67,9 +67,9 @@ module Ably
       #      token_details #=> Ably::Models::TokenDetails
       #    end
       #
-      def authorise(token_params = {}, auth_options = {}, &success_callback)
+      def authorise(token_params = nil, auth_options = nil, &success_callback)
         async_wrap(success_callback) do
-          auth_sync.authorise(token_params, auth_options)
+          auth_sync.authorise(token_params, auth_options, &method(:upgrade_authentication_block).to_proc)
         end.tap do |deferrable|
           deferrable.errback do |error|
             client.connection.transition_state_machine :failed, reason: error if error.kind_of?(Ably::Exceptions::IncompatibleClientId)
@@ -82,8 +82,8 @@ module Ably
       # @option (see Ably::Auth#authorise)
       # @return [Ably::Models::TokenDetails]
       #
-      def authorise_sync(token_params = {}, auth_options = {})
-        auth_sync.authorise(token_params, auth_options)
+      def authorise_sync(token_params = nil, auth_options = nil)
+        auth_sync.authorise(token_params, auth_options, &method(:upgrade_authentication_block).to_proc)
       end
 
       # def_delegator :auth_sync, :request_token, :request_token_sync
@@ -196,6 +196,24 @@ module Ably
       def client
         @client
       end
+
+      # If authorise is called with true, this block is executed so that it
+      # can perform the authentication upgrade
+      def upgrade_authentication_block(new_token)
+        # This block is called if the authorisation was forced
+        if client.connection.connected? || client.connection.connecting?
+          logger.debug "Realtime::Auth - authorise called with { force: true } so forcibly disconnecting transport to initiate auth upgrade"
+          block = Proc.new do
+            if client.connection.transport
+              logger.debug "Realtime::Auth - current transport disconnected"
+              client.connection.transport.disconnect
+            else
+              EventMachine.add_timer(0.1, &block)
+            end
+          end
+          block.call
+        end
+      end
     end
   end
 end

data/lib/ably/realtime/client/incoming_message_dispatcher.rb

@@ -144,7 +144,7 @@ module Ably::Realtime
       end
 
       def process_connection_error(protocol_message)
-        connection.manager.error_received_from_server protocol_message.error
+        connection.manager.error_received_from_server(protocol_message.error || Ably::Models::ErrorInfo.new(message: 'Error reason unknown'))
       end
 
       def process_connected_message(protocol_message)

data/lib/ably/realtime/connection/connection_manager.rb

@@ -402,7 +402,7 @@ module Ably::Realtime
           @renewing_token = true
           logger.info "ConnectionManager: Token has expired and is renewable, renewing token now"
 
-          client.auth.authorise({}, force: true).tap do |authorise_deferrable|
+          client.auth.authorise(nil, force: true).tap do |authorise_deferrable|
             authorise_deferrable.callback do |token_details|
               logger.info 'ConnectionManager: Token renewed succesfully following expiration'
 

data/lib/ably/rest/client.rb

@@ -376,7 +376,7 @@ module Ably
         yield
       rescue Ably::Exceptions::TokenExpired => e
         if auth.token_renewable?
-          auth.authorise({}, force: true)
+          auth.authorise(nil, force: true)
           yield
         else
           raise e

data/lib/ably/version.rb

@@ -1,3 +1,3 @@
 module Ably
-  VERSION = '0.8.11'
+  VERSION = '0.8.12'
 end

data/spec/acceptance/realtime/auth_spec.rb

@@ -254,6 +254,195 @@ describe Ably::Realtime::Auth, :event_machine do
             end
           end
         end
+
+        context 'with force: true to trigger an authentication upgrade' do
+          let(:rest_client)      { Ably::Rest::Client.new(default_options) }
+          let(:client_publisher) { auto_close Ably::Realtime::Client.new(default_options) }
+          let(:basic_capability) { JSON.dump("foo" => ["subscribe"]) }
+          let(:basic_token_cb)   { Proc.new do
+            rest_client.auth.create_token_request({ capability: basic_capability })
+          end }
+          let(:upgraded_capability) { JSON.dump({ "foo" => ["subscribe", "publish"] }) }
+          let(:upgraded_token_cb)   { Proc.new do
+            rest_client.auth.create_token_request({ capability: upgraded_capability })
+          end }
+          let(:identified_token_cb) { Proc.new do
+            rest_client.auth.create_token_request({ client_id: 'bob' })
+          end }
+          let(:downgraded_capability) { JSON.dump({ "bar" => ["subscribe"] }) }
+          let(:downgraded_token_cb)   { Proc.new do
+            rest_client.auth.create_token_request({ capability: downgraded_capability })
+          end }
+
+          let(:client_options) { default_options.merge(auth_callback: basic_token_cb) }
+
+          it 'forces the connection to disconnect and reconnect with a new token when in the CONNECTED state' do
+            client.connection.once(:connected) do
+              existing_token = client.auth.current_token_details
+              client.auth.authorise(nil, force: true)
+              client.connection.once(:disconnected) do
+                client.connection.once(:connected) do
+                  expect(existing_token).to_not eql(client.auth.current_token_details)
+                  stop_reactor
+                end
+              end
+            end
+          end
+
+          it 'forces the connection to disconnect and reconnect with a new token when in the CONNECTING state' do
+            client.connection.once(:connecting) do
+              existing_token = client.auth.current_token_details
+              client.auth.authorise(nil, force: true)
+              client.connection.once(:disconnected) do
+                client.connection.once(:connected) do
+                  expect(existing_token).to_not eql(client.auth.current_token_details)
+                  stop_reactor
+                end
+              end
+            end
+          end
+
+          context 'when client is identified' do
+            let(:client_options) { default_options.merge(auth_callback: basic_token_cb, log_level: :none) }
+
+            let(:basic_token_cb)   { Proc.new do
+              rest_client.auth.create_token_request({ client_id: 'mike', capability: basic_capability })
+            end }
+
+            it 'transisitions the connection state to FAILED if the client_id changes' do
+              client.connection.once(:connected) do
+                client.auth.authorise(nil, auth_callback: identified_token_cb, force: true)
+                client.connection.once(:failed) do
+                  expect(client.connection.error_reason.message).to match(/incompatible.*client ID/)
+                  stop_reactor
+                end
+              end
+            end
+          end
+
+          context 'when upgrading capabilities' do
+            let(:client_options) { default_options.merge(auth_callback: basic_token_cb, log_level: :error) }
+
+            it 'is allowed' do
+              client.connection.once(:connected) do
+                channel = client.channels.get('foo')
+                channel.publish('not-allowed').errback do |error|
+                  expect(error.code).to eql(40160)
+                  expect(error.message).to match(/permission denied/)
+                  client.auth.authorise(nil, auth_callback: upgraded_token_cb, force: true)
+                  client.connection.once(:connected) do
+                    expect(client.connection.error_reason).to be_nil
+                    channel.subscribe('allowed') do |message|
+                      stop_reactor
+                    end
+                    channel.publish 'allowed'
+                  end
+                end
+              end
+            end
+          end
+
+          context 'when downgrading capabilities' do
+            let(:client_options) { default_options.merge(auth_callback: basic_token_cb, log_level: :none) }
+
+            it 'is allowed and channels are detached' do
+              client.connection.once(:connected) do
+                channel = client.channels.get('foo')
+                channel.attach do
+                  client.auth.authorise(nil, auth_callback: downgraded_token_cb, force: true)
+                  channel.once(:failed) do
+                    expect(channel.error_reason.code).to eql(40160)
+                    expect(channel.error_reason.message).to match(/Channel denied access/)
+                    stop_reactor
+                  end
+                end
+              end
+            end
+          end
+
+          it 'ensures message delivery continuity whilst upgrading' do
+            received_messages = []
+            subscriber_channel = client.channels.get('foo')
+            publisher_channel  = client_publisher.channels.get('foo')
+            subscriber_channel.attach do
+              subscriber_channel.subscribe do |message|
+                received_messages << message
+              end
+              publisher_channel.attach do
+                publisher_channel.publish('foo') do
+                  EventMachine.add_timer(2) do
+                    expect(received_messages.length).to eql(1)
+                    client.auth.authorise(nil, force: true)
+                    client.connection.once(:disconnected) do
+                      publisher_channel.publish('bar') do
+                        expect(received_messages.length).to eql(1)
+                      end
+                    end
+                    client.connection.once(:connected) do
+                      EventMachine.add_timer(2) do
+                        expect(received_messages.length).to eql(2)
+                        stop_reactor
+                      end
+                    end
+                  end
+                end
+              end
+            end
+          end
+
+          it 'does not change the connection state if current connection state is closing' do
+            client.connection.once(:connected) do
+              client.connection.once(:closing) do
+                client.auth.authorise(nil, force: true)
+                client.connection.once(:connected) do
+                  raise "Should not reconnect following auth force: true"
+                end
+                EventMachine.add_timer(4) do
+                  expect(client.connection).to be_closed
+                  stop_reactor
+                end
+              end
+              client.connection.close
+            end
+          end
+
+          it 'does not change the connection state if current connection state is closed' do
+            client.connection.once(:connected) do
+              client.connection.once(:closed) do
+                client.auth.authorise(nil, force: true)
+                client.connection.once(:connected) do
+                  raise "Should not reconnect following auth force: true"
+                end
+                EventMachine.add_timer(4) do
+                  expect(client.connection).to be_closed
+                  stop_reactor
+                end
+              end
+              client.connection.close
+            end
+          end
+
+          context 'when state is failed' do
+            let(:client_options) { default_options.merge(auth_callback: basic_token_cb, log_level: :none) }
+
+            it 'does not change the connection state' do
+              client.connection.once(:connected) do
+                client.connection.once(:failed) do
+                  client.auth.authorise(nil, force: true)
+                  client.connection.once(:connected) do
+                    raise "Should not reconnect following auth force: true"
+                  end
+                  EventMachine.add_timer(4) do
+                    expect(client.connection).to be_failed
+                    stop_reactor
+                  end
+                end
+                protocol_message = Ably::Models::ProtocolMessage.new(action: Ably::Models::ProtocolMessage::ACTION.Error.to_i)
+                client.connection.__incoming_protocol_msgbus__.publish :protocol_message, protocol_message
+              end
+            end
+          end
+        end
       end
 
       context '#authorise_async' do

data/spec/acceptance/rest/auth_spec.rb

@@ -612,6 +612,87 @@ describe Ably::Auth do
         end
       end
 
+      context 'query_time: true' do
+        let(:local_time)  { @now - 60 }
+        let(:server_time) { @now }
+
+        before do
+          @now = Time.now
+          allow(Time).to receive(:now).and_return(local_time)
+        end
+
+        it 'only queries the server time once and then works out the offset, query_time option is never persisted' do
+          expect(client).to receive(:time).once.and_return(server_time)
+
+          auth.authorise({}, query_time: true)
+          auth.authorise({}, force: true)
+          expect(auth.auth_options).to_not have_key(:query_time)
+        end
+      end
+
+      context 'TokenParams argument' do
+        let(:default_token_params) { { ttl: 23 } }
+
+        before do
+          auth.authorise default_token_params
+        end
+
+        it 'has no effect on the defaults when null and TokenParam defaults remain the same' do
+          old_token = auth.current_token_details
+          auth.authorise(nil, force: true)
+          expect(old_token).to_not eql(auth.current_token_details)
+          expect(auth.token_params[:ttl]).to eql(23)
+        end
+
+        it 'updates defaults when present and all previous configured TokenParams are discarded' do
+          old_token = auth.current_token_details
+          auth.authorise({ client_id: 'bob' }, { force: true })
+          expect(old_token).to_not eql(auth.current_token_details)
+          expect(auth.token_params[:ttl]).to_not eql(23)
+          expect(auth.token_params[:client_id]).to eql('bob')
+        end
+
+        it 'updates Auth#token_params attribute with an immutable hash' do
+          auth.authorise({ client_id: 'bob' }, { force: true })
+          expect { auth.token_params['key_name'] = 'new_name' }.to raise_error RuntimeError, /can't modify frozen.*Hash/
+        end
+      end
+
+      context 'AuthOptions argument' do
+        let(:token_ttl) { 2 }
+        let(:auth_callback) { Proc.new do
+          auth.create_token_request(ttl: token_ttl)
+        end }
+        let(:default_auth_options) { { auth_callback: auth_callback } }
+
+        before do
+          stub_const 'Ably::Models::TokenDetails::TOKEN_EXPIRY_BUFFER', 0 # allow token to be used even if about to expire
+          stub_const 'Ably::Auth::TOKEN_DEFAULTS', Ably::Auth::TOKEN_DEFAULTS.merge(renew_token_buffer: 0) # Ensure tokens issued expire immediately after issue
+
+          auth.authorise(nil, default_auth_options)
+          @old_token = auth.current_token_details
+          sleep token_ttl + 0.5
+        end
+
+        it 'has no effect on the defaults when null and AuthOptions defaults remain the same' do
+          auth.authorise(nil, nil)
+          expect(@old_token).to_not eql(auth.current_token_details)
+          expect(auth.options[:auth_callback]).to eql(auth_callback)
+        end
+
+        it 'updates defaults when present and all previous configured AuthOptions are discarded' do
+          auth.authorise(nil, auth_method: :post)
+          expect(@old_token).to_not eql(auth.current_token_details)
+          expect(auth.options[:auth_callback]).to be_nil
+          expect(auth.options[:auth_method]).to eql(:post)
+        end
+
+        it 'updates Auth#options attribute with an immutable hash' do
+          auth.authorise(nil, auth_callback: Proc.new { '1231232.12321:12321312' })
+          expect { auth.options['key_name'] = 'new_name' }.to raise_error RuntimeError, /can't modify frozen.*Hash/
+        end
+      end
+
       context 'with previous authorisation' do
         before do
           auth.authorise
@@ -640,10 +721,10 @@ describe Ably::Auth do
         expect(auth.token_params[:ttl]).to eql(26)
       end
 
-      it 'updates the persisted token params that are then used for subsequent authorise requests' do
-        expect(auth.options[:query_time]).to_not eql(true)
-        auth.authorise({}, query_time: true)
-        expect(auth.options[:query_time]).to eql(true)
+      it 'updates the persisted auth options that are then used for subsequent authorise requests' do
+        expect(auth.options[:authUrl]).to be_nil
+        auth.authorise({}, authUrl: 'http://foo.com')
+        expect(auth.options[:authUrl]).to eql('http://foo.com')
       end
 
       context 'with a Proc for the :auth_callback option' do

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: ably
 version: !ruby/object:Gem::Version
-  version: 0.8.11
+  version: 0.8.12
 platform: ruby
 authors:
 - Lewis Marshall
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-04-05 00:00:00.000000000 Z
+date: 2016-05-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: eventmachine