api-auth 1.1.0 → 1.2.0

data/spec/headers_spec.rb

@@ -91,6 +91,18 @@ describe "ApiAuth::Headers" do
       headers.canonical_string
       request.headers['DATE'].should be_nil
     end
+
+    it "doesn't mess up symbol based headers" do
+      headers = { 'Content-MD5' => "e59ff97941044f85df5297e1c302d260",
+                  :content_type => "text/plain",
+                  'Date' => "Mon, 23 Jan 1984 03:29:56 GMT" }
+      @request = RestClient::Request.new(:url => "/resource.xml?foo=bar&bar=foo",
+        :headers => headers,
+        :method => :put)
+      @headers = ApiAuth::Headers.new(@request)
+      ApiAuth.sign!(@request, "some access id", "some secret key")
+      @request.processed_headers.should have_key('Content-Type')
+    end
   end
 
   describe "with Curb" do
@@ -138,8 +150,10 @@ describe "ApiAuth::Headers" do
 
   describe "with ActionController" do
 
+    let(:request_klass){ ActionDispatch::Request rescue ActionController::Request }
+
     before(:each) do
-      @request = ActionController::Request.new(
+      @request = request_klass.new(
         'PATH_INFO' => '/resource.xml',
         'QUERY_STRING' => 'foo=bar&bar=foo',
         'REQUEST_METHOD' => 'PUT',
@@ -159,7 +173,7 @@ describe "ApiAuth::Headers" do
     end
 
     it "should set the DATE header if one is not already present" do
-      @request = ActionController::Request.new(
+      @request = request_klass.new(
         'PATH_INFO' => '/resource.xml',
         'QUERY_STRING' => 'foo=bar&bar=foo',
         'REQUEST_METHOD' => 'PUT',
@@ -170,7 +184,7 @@ describe "ApiAuth::Headers" do
     end
 
     it "should not set the DATE header just by asking for the canonical_string" do
-      request = ActionController::Request.new(
+      request = request_klass.new(
         'PATH_INFO' => '/resource.xml',
         'QUERY_STRING' => 'foo=bar&bar=foo',
         'REQUEST_METHOD' => 'PUT',
@@ -220,4 +234,51 @@ describe "ApiAuth::Headers" do
     end
   end
 
+  describe "with HTTPI" do
+     before(:each) do
+       @request = HTTPI::Request.new("http://localhost/resource.xml?foo=bar&bar=foo")
+       @request.headers.merge!({
+         'content-type' => 'text/plain',
+         'content-md5'  => 'e59ff97941044f85df5297e1c302d260',
+         'date'         => "Mon, 23 Jan 1984 03:29:56 GMT"
+       })
+       @headers = ApiAuth::Headers.new(@request)
+     end
+
+     it "should generate the proper canonical string" do
+       @headers.canonical_string.should == CANONICAL_STRING
+     end
+
+     it "should set the authorization header" do
+       @headers.sign_header("alpha")
+       @headers.authorization_header.should == "alpha"
+     end
+
+     it "should set the DATE header if one is not already present" do
+       @request = Net::HTTP::Put.new("/resource.xml?foo=bar&bar=foo",
+         'content-type' => 'text/plain',
+         'content-md5' => 'e59ff97941044f85df5297e1c302d260')
+       ApiAuth.sign!(@request, "some access id", "some secret key")
+       @request['DATE'].should_not be_nil
+     end
+
+     it "should not set the DATE header just by asking for the canonical_string" do
+       request = Net::HTTP::Put.new("/resource.xml?foo=bar&bar=foo",
+         'content-type' => 'text/plain',
+         'content-md5' => 'e59ff97941044f85df5297e1c302d260')
+       headers = ApiAuth::Headers.new(request)
+       headers.canonical_string
+       request['DATE'].should be_nil
+     end
+
+     context "md5_mismatch?" do
+       it "is false if no md5 header is present" do
+         request = Net::HTTP::Put.new("/resource.xml?foo=bar&bar=foo",
+         'content-type' => 'text/plain')
+         headers = ApiAuth::Headers.new(request)
+         headers.md5_mismatch?.should be_false
+       end
+     end
+   end
+
 end

data/spec/railtie_spec.rb

@@ -1,20 +1,20 @@
 require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
 
 describe "Rails integration" do
-  
+
   API_KEY_STORE = { "1044" => "l16imAXie1sRMcJODpOG7UwC1VyoqvO13jejkfpKWX4Z09W8DC9IrU23DvCwMry7pgSFW6c5S1GIfV0OY6F/vUA==" }
-  
+
   describe "Rails controller integration" do
-    
+
     class ApplicationController < ActionController::Base
-      
+
     private
-    
+
       def require_api_auth
         if (access_id = get_api_access_id_from_request)
           return true if api_authenticated?(API_KEY_STORE[access_id])
         end
-        
+
         respond_to do |format|
           format.xml { render :xml => "You are unauthorized to perform this action.", :status => 401 }
           format.json { render :json => "You are unauthorized to perform this action.", :status => 401 }
@@ -23,82 +23,97 @@ describe "Rails integration" do
       end
 
     end
-    
+
     class TestController < ApplicationController
       before_filter :require_api_auth, :only => [:index]
-      
+
+      if defined?(ActionDispatch)
+        def self._routes
+          ActionDispatch::Routing::RouteSet.new
+        end
+      end
+
       def index
         render :text => "OK"
       end
-      
+
       def public
         render :text => "OK"
       end
 
       def rescue_action(e); raise(e); end
     end
-    ActionController::Routing::Routes.draw {|map| map.resources :test }
-    
+
+    unless defined?(ActionDispatch)
+      ActionController::Routing::Routes.draw {|map| map.resources :test }
+    end
+
+    def generated_response(request, action = :index)
+      if defined?(ActionDispatch)
+        TestController.action(action).call(request.env).last
+      else
+        request.action = action.to_s
+        request.path = "/#{action.to_s}"
+        TestController.new.process(request, ActionController::TestResponse.new)
+      end
+    end
+
     it "should permit a request with properly signed headers" do
       request = ActionController::TestRequest.new
       request.env['DATE'] = Time.now.utc.httpdate
-      request.action = 'index'
-      request.path = "/index"
       ApiAuth.sign!(request, "1044", API_KEY_STORE["1044"])
-      TestController.new.process(request, ActionController::TestResponse.new).code.should == "200"
+      response = generated_response(request, :index)
+      response.code.should == "200"
     end
-    
+
     it "should forbid a request with properly signed headers but timestamp > 15 minutes" do
       request = ActionController::TestRequest.new
       request.env['DATE'] = "Mon, 23 Jan 1984 03:29:56 GMT"
-      request.action = 'index'
-      request.path = "/index"
       ApiAuth.sign!(request, "1044", API_KEY_STORE["1044"])
-      TestController.new.process(request, ActionController::TestResponse.new).code.should == "401"
+      response = generated_response(request, :index)
+      response.code.should == "401"
     end
-    
+
     it "should insert a DATE header in the request when one hasn't been specified" do
       request = ActionController::TestRequest.new
-      request.action = 'index'
-      request.path = "/index"
       ApiAuth.sign!(request, "1044", API_KEY_STORE["1044"])
       request.headers['DATE'].should_not be_nil
     end
 
     it "should forbid an unsigned request to a protected controller action" do
       request = ActionController::TestRequest.new
-      request.action = 'index'
-      TestController.new.process(request, ActionController::TestResponse.new).code.should == "401"
+      response = generated_response(request, :index)
+      response.code.should == "401"
     end
 
     it "should forbid a request with a bogus signature" do
       request = ActionController::TestRequest.new
-      request.action = 'index'
       request.env['Authorization'] = "APIAuth bogus:bogus"
-      TestController.new.process(request, ActionController::TestResponse.new).code.should == "401"
+      response = generated_response(request, :index)
+      response.code.should == "401"
     end
-    
+
     it "should allow non-protected controller actions to function as before" do
       request = ActionController::TestRequest.new
-      request.action = 'public'
-      request.path('/public')
-      TestController.new.process(request, ActionController::TestResponse.new).code.should == "200"
+      response = generated_response(request, :public)
+      response.code.should == "200"
     end
-    
+
   end
-  
+
   describe "Rails ActiveResource integration" do
-    
+
     class TestResource < ActiveResource::Base
       with_api_auth "1044", API_KEY_STORE["1044"]
       self.site = "http://localhost/"
+      self.format = :xml
     end
-    
+
     it "should send signed requests automagically" do
       timestamp = Time.parse("Mon, 23 Jan 1984 03:29:56 GMT")
       Time.should_receive(:now).at_least(1).times.and_return(timestamp)
       ActiveResource::HttpMock.respond_to do |mock|
-        mock.get "/test_resources/1.xml", 
+        mock.get "/test_resources/1.xml",
           {
             'Authorization' => 'APIAuth 1044:IbTx7VzSOGU55HNbV4y2jZDnVis=',
             'Accept' => 'application/xml',
@@ -108,7 +123,7 @@ describe "Rails integration" do
       end
       TestResource.find(1)
     end
-    
+
   end
-  
+
 end

data/spec/spec_helper.rb

@@ -5,11 +5,12 @@ require 'api_auth'
 require 'amatch'
 require 'rest_client'
 require 'curb'
+require 'httpi'
 
 require 'active_support'
 require 'active_support/test_case'
 require 'action_controller'
-require 'action_controller/test_process'
+require 'action_controller/test_case'
 require 'active_resource'
 require 'active_resource/http_mock'
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: api-auth
 version: !ruby/object:Gem::Version
-  version: 1.1.0
+  version: 1.2.0
   prerelease: 
 platform: ruby
 authors:
@@ -9,8 +9,24 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-02-20 00:00:00.000000000 Z
+date: 2014-05-16 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: appraisal
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -66,7 +82,7 @@ dependencies:
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        version: 2.3.2
+        version: 3.0.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -74,7 +90,7 @@ dependencies:
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        version: 2.3.2
+        version: 3.0.0
 - !ruby/object:Gem::Dependency
   name: activesupport
   requirement: !ruby/object:Gem::Requirement
@@ -82,7 +98,7 @@ dependencies:
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        version: 2.3.2
+        version: 3.0.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -90,7 +106,7 @@ dependencies:
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        version: 2.3.2
+        version: 3.0.0
 - !ruby/object:Gem::Dependency
   name: activeresource
   requirement: !ruby/object:Gem::Requirement
@@ -98,7 +114,7 @@ dependencies:
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        version: 2.3.2
+        version: 3.0.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -106,7 +122,7 @@ dependencies:
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        version: 2.3.2
+        version: 3.0.0
 - !ruby/object:Gem::Dependency
   name: rest-client
   requirement: !ruby/object:Gem::Requirement
@@ -139,6 +155,22 @@ dependencies:
     - - ~>
       - !ruby/object:Gem::Version
         version: 0.8.1
+- !ruby/object:Gem::Dependency
+  name: httpi
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 description: Full HMAC auth implementation for use in your gems and Rails apps.
 email: mauricio@edge14.com
 executables: []
@@ -148,6 +180,9 @@ files:
 - .document
 - .gitignore
 - .rspec
+- .travis.yml
+- Appraisals
+- CHANGELOG.md
 - Gemfile
 - Gemfile.lock
 - LICENSE.txt
@@ -155,6 +190,16 @@ files:
 - Rakefile
 - VERSION
 - api_auth.gemspec
+- gemfiles/rails_23.gemfile
+- gemfiles/rails_23.gemfile.lock
+- gemfiles/rails_30.gemfile
+- gemfiles/rails_30.gemfile.lock
+- gemfiles/rails_31.gemfile
+- gemfiles/rails_31.gemfile.lock
+- gemfiles/rails_32.gemfile
+- gemfiles/rails_32.gemfile.lock
+- gemfiles/rails_4.gemfile
+- gemfiles/rails_4.gemfile.lock
 - lib/api-auth.rb
 - lib/api_auth.rb
 - lib/api_auth/base.rb
@@ -165,6 +210,7 @@ files:
 - lib/api_auth/request_drivers/action_controller.rb
 - lib/api_auth/request_drivers/action_dispatch.rb
 - lib/api_auth/request_drivers/curb.rb
+- lib/api_auth/request_drivers/httpi.rb
 - lib/api_auth/request_drivers/net_http.rb
 - lib/api_auth/request_drivers/rack.rb
 - lib/api_auth/request_drivers/rest_client.rb
@@ -195,7 +241,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 1.8.25
+rubygems_version: 1.8.23.2
 signing_key: 
 specification_version: 3
 summary: Simple HMAC authentication for your APIs