Ruby gems - api-auth - Versions diffs - 1.2.3 → 1.2.4 - Diffend - OSS supply chain security and management platform

api-auth 1.2.3 → 1.2.4

Files changed (16) hide show

data/CHANGELOG.md +11 -1
data/Gemfile.lock +3 -1
data/VERSION +1 -1
data/api_auth.gemspec +1 -0
data/gemfiles/rails_23.gemfile.lock +3 -1
data/gemfiles/rails_30.gemfile.lock +3 -1
data/gemfiles/rails_31.gemfile.lock +3 -1
data/gemfiles/rails_32.gemfile.lock +3 -1
data/gemfiles/rails_4.gemfile.lock +3 -1
data/gemfiles/rails_41.gemfile.lock +3 -1
data/lib/api_auth/request_drivers/net_http.rb +8 -1
data/spec/api_auth_spec.rb +9 -0
data/spec/fixtures/upload.png +0 -0
data/spec/headers_spec.rb +19 -0
data/spec/spec_helper.rb +1 -0
metadata +26 -2

data/CHANGELOG.md CHANGED

@@ -1,9 +1,19 @@
+# 1.2.4 (2014-08-27)
+- Fix a bug in the Net::HTTP request driver where the md5 isn't calculated
+  correctly when the content of the request is set with the `.body_stream`
+  method. (#49 adamcrown)
+# 1.2.3 (2014-08-01)
+- Update action controller request driver to fix a bug with OLD versions of
+  Rails using CGI
 # 1.2.2 (2014-07-08)
 - Fix Rest Client driver to account for the generated date when signing (cjeeky)
 # 1.2.1 (2014-07-03)
-- Fix Rest Client driver to account for the generated md5 when signing (#45 cjeeky)
+- Fix Rest Client driver to account for the generated md5 when signing
+  (#45 cjeeky)
 - Support for testing against Rails 4.1 (#42  awendt)
 - Support all requests inheriting from Rack::Request (#43 mcls)

data/Gemfile.lock CHANGED

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    api-auth (1.2.3)
+    api-auth (1.2.4)
 GEM
   remote: https://rubygems.org/
@@ -40,6 +40,7 @@ GEM
       rubyntlm (~> 0.3.2)
     i18n (0.5.3)
     mime-types (1.17.2)
+    multipart-post (2.0.0)
     rack (1.2.8)
     rack-mount (0.6.14)
       rack (>= 1.0.0)
@@ -72,6 +73,7 @@ DEPENDENCIES
   appraisal
   curb (~> 0.8.1)
   httpi
+  multipart-post (~> 2.0)
   rake
   rest-client (~> 1.6.0)
   rspec (~> 2.4.0)

data/VERSION CHANGED

	@@ -1 +1 @@
1	- 1.2.3
1	+ 1.2.4

data/api_auth.gemspec CHANGED

@@ -20,6 +20,7 @@ Gem::Specification.new do |s|
   s.add_development_dependency "rest-client", "~> 1.6.0"
   s.add_development_dependency "curb", "~> 0.8.1"
   s.add_development_dependency "httpi"
+  s.add_development_dependency "multipart-post", "~> 2.0"
   s.files         = `git ls-files`.split("\n")
   s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")

data/gemfiles/rails_23.gemfile.lock CHANGED

@@ -1,7 +1,7 @@
 PATH
   remote: ../
   specs:
-    api-auth (1.2.3)
+    api-auth (1.2.4)
 GEM
   remote: https://rubygems.org/
@@ -24,6 +24,7 @@ GEM
       rack
       rubyntlm (~> 0.3.2)
     mime-types (1.25.1)
+    multipart-post (2.0.0)
     rack (1.1.6)
     rake (10.3.1)
     rest-client (1.6.7)
@@ -52,6 +53,7 @@ DEPENDENCIES
   appraisal
   curb (~> 0.8.1)
   httpi
+  multipart-post (~> 2.0)
   rake
   rest-client (~> 1.6.0)
   rspec (~> 2.4.0)

data/gemfiles/rails_30.gemfile.lock CHANGED

@@ -1,7 +1,7 @@
 PATH
   remote: ../
   specs:
-    api-auth (1.2.3)
+    api-auth (1.2.4)
 GEM
   remote: https://rubygems.org/
@@ -41,6 +41,7 @@ GEM
       rubyntlm (~> 0.3.2)
     i18n (0.5.3)
     mime-types (1.25.1)
+    multipart-post (2.0.0)
     rack (1.2.8)
     rack-mount (0.6.14)
       rack (>= 1.0.0)
@@ -74,6 +75,7 @@ DEPENDENCIES
   appraisal
   curb (~> 0.8.1)
   httpi
+  multipart-post (~> 2.0)
   rake
   rest-client (~> 1.6.0)
   rspec (~> 2.4.0)

data/gemfiles/rails_31.gemfile.lock CHANGED

@@ -1,7 +1,7 @@
 PATH
   remote: ../
   specs:
-    api-auth (1.2.3)
+    api-auth (1.2.4)
 GEM
   remote: https://rubygems.org/
@@ -42,6 +42,7 @@ GEM
     i18n (0.6.9)
     mime-types (1.25.1)
     multi_json (1.9.2)
+    multipart-post (2.0.0)
     rack (1.3.10)
     rack-cache (1.2)
       rack (>= 0.4)
@@ -80,6 +81,7 @@ DEPENDENCIES
   appraisal
   curb (~> 0.8.1)
   httpi
+  multipart-post (~> 2.0)
   rake
   rest-client (~> 1.6.0)
   rspec (~> 2.4.0)

data/gemfiles/rails_32.gemfile.lock CHANGED

@@ -1,7 +1,7 @@
 PATH
   remote: ../
   specs:
-    api-auth (1.2.3)
+    api-auth (1.2.4)
 GEM
   remote: https://rubygems.org/
@@ -42,6 +42,7 @@ GEM
     journey (1.0.4)
     mime-types (1.25.1)
     multi_json (1.9.2)
+    multipart-post (2.0.0)
     rack (1.4.5)
     rack-cache (1.2)
       rack (>= 0.4)
@@ -79,6 +80,7 @@ DEPENDENCIES
   appraisal
   curb (~> 0.8.1)
   httpi
+  multipart-post (~> 2.0)
   rake
   rest-client (~> 1.6.0)
   rspec (~> 2.4.0)

data/gemfiles/rails_4.gemfile.lock CHANGED

@@ -1,7 +1,7 @@
 PATH
   remote: ../
   specs:
-    api-auth (1.2.3)
+    api-auth (1.2.4)
 GEM
   remote: https://rubygems.org/
@@ -42,6 +42,7 @@ GEM
     mime-types (2.2)
     minitest (4.7.5)
     multi_json (1.9.2)
+    multipart-post (2.0.0)
     rack (1.5.2)
     rack-test (0.6.2)
       rack (>= 1.0)
@@ -76,6 +77,7 @@ DEPENDENCIES
   appraisal
   curb (~> 0.8.1)
   httpi
+  multipart-post (~> 2.0)
   rake
   rest-client (~> 1.6.0)
   rspec (~> 2.4.0)

data/gemfiles/rails_41.gemfile.lock CHANGED

@@ -1,7 +1,7 @@
 PATH
   remote: ../
   specs:
-    api-auth (1.2.3)
+    api-auth (1.2.4)
 GEM
   remote: https://rubygems.org/
@@ -45,6 +45,7 @@ GEM
     json (1.8.1)
     mime-types (2.2)
     minitest (5.3.4)
+    multipart-post (2.0.0)
     rack (1.5.2)
     rack-test (0.6.2)
       rack (>= 1.0)
@@ -80,6 +81,7 @@ DEPENDENCIES
   appraisal
   curb (~> 0.8.1)
   httpi
+  multipart-post (~> 2.0)
   rake
   rest-client (~> 1.6.0)
   rspec (~> 2.4.0)

data/lib/api_auth/request_drivers/net_http.rb CHANGED

@@ -19,7 +19,14 @@ module ApiAuth
       end
       def calculated_md5
-        md5_base64digest(@request.body || '')
+        if @request.respond_to?(:body_stream) && @request.body_stream
+          body = @request.body_stream.read
+          @request.body_stream.rewind
+        else
+          body = @request.body
+        end
+        md5_base64digest(body || '')
       end
       def populate_content_md5

data/spec/api_auth_spec.rb CHANGED

@@ -65,6 +65,15 @@ describe "ApiAuth" do
             signed_request = ApiAuth.sign!(request, @access_id, @secret_key)
             signed_request['Content-MD5'].should == "kZXQvrKoieG+Be1rsZVINw=="
           end
+          it "should calculate for real multipart content" do
+            request = Net::HTTP::Put.new("/resource.xml?foo=bar&bar=foo",
+              'content-type' => 'text/plain',
+              'date' => "Mon, 23 Jan 1984 03:29:56 GMT")
+            request.body_stream = File.new('spec/fixtures/upload.png')
+            signed_request = ApiAuth.sign!(request, @access_id, @secret_key)
+            signed_request['Content-MD5'].should == "k4U8MTA3RHDcewBzymVNEQ=="
+          end
         end
         it "should leave the content-md5 alone if provided" do

data/spec/fixtures/upload.png ADDED

Binary file

data/spec/headers_spec.rb CHANGED

@@ -4,6 +4,25 @@ describe "ApiAuth::Headers" do
   CANONICAL_STRING = "text/plain,e59ff97941044f85df5297e1c302d260,/resource.xml?foo=bar&bar=foo,Mon, 23 Jan 1984 03:29:56 GMT"
+  describe "with Net::HTTP::Put::Multipart" do
+    before(:each) do
+      request = Net::HTTP::Put::Multipart.new("/resource.xml?foo=bar&bar=foo",
+        'file' => UploadIO.new(File.new('spec/fixtures/upload.png'), 'image/png', 'upload.png'))
+      ApiAuth.sign!(request, "some access id", "some secret key")
+      @headers = ApiAuth::Headers.new(request)
+    end
+    it "should set the content-type" do
+      @headers.canonical_string.split(',')[0].should match 'multipart/form-data; boundary='
+    end
+    it "should generate the proper content-md5" do
+      @headers.canonical_string.split(',')[1].should match 'zap0d6zuh6wRBSrsvO2bcw=='
+    end
+  end
   describe "with Net::HTTP" do
     before(:each) do

data/spec/spec_helper.rb CHANGED

@@ -6,6 +6,7 @@ require 'amatch'
 require 'rest_client'
 require 'curb'
 require 'httpi'
+require 'net/http/post/multipart'
 require 'active_support'
 require 'active_support/test_case'

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: api-auth
 version: !ruby/object:Gem::Version
-  version: 1.2.3
+  version: 1.2.4
   prerelease:
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2014-08-01 00:00:00.000000000 Z
+date: 2014-08-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: appraisal
@@ -171,6 +171,22 @@ dependencies:
     - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: multipart-post
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '2.0'
 description: Full HMAC auth implementation for use in your gems and Rails apps.
 email: mauricio@edge14.com
 executables: []
@@ -218,6 +234,7 @@ files:
 - lib/api_auth/request_drivers/rest_client.rb
 - spec/api_auth_spec.rb
 - spec/application_helper.rb
+- spec/fixtures/upload.png
 - spec/headers_spec.rb
 - spec/helpers_spec.rb
 - spec/railtie_spec.rb
@@ -235,12 +252,18 @@ required_ruby_version: !ruby/object:Gem::Requirement
   - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
+      segments:
+      - 0
+      hash: -2860665435517215427
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements:
   - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
+      segments:
+      - 0
+      hash: -2860665435517215427
 requirements: []
 rubyforge_project:
 rubygems_version: 1.8.23.2
@@ -250,6 +273,7 @@ summary: Simple HMAC authentication for your APIs
 test_files:
 - spec/api_auth_spec.rb
 - spec/application_helper.rb
+- spec/fixtures/upload.png
 - spec/headers_spec.rb
 - spec/helpers_spec.rb
 - spec/railtie_spec.rb