api-auth 1.3.2 → 1.4.0

data/spec/helpers_spec.rb

@@ -3,12 +3,12 @@ require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
 describe "ApiAuth::Helpers" do
   
   it "should strip the new line character on a Base64 encoding" do
-    ApiAuth.b64_encode("some string").should_not match(/\n/)
+    expect(ApiAuth.b64_encode("some string")).not_to match(/\n/)
   end
   
   it "should properly upcase a hash's keys" do
     hsh = { "JoE" => "rOOLz" }
-    ApiAuth.capitalize_keys(hsh)["JOE"].should == "rOOLz"
+    expect(ApiAuth.capitalize_keys(hsh)["JOE"]).to eq("rOOLz")
   end
   
 end

data/spec/railtie_spec.rb

@@ -50,7 +50,12 @@ describe "Rails integration" do
 
     def generated_response(request, action = :index)
       if defined?(ActionDispatch)
-        TestController.action(action).call(request.env).last
+        response = ActionDispatch::TestResponse.new
+        controller = TestController.new
+        controller.request = request
+        controller.response = response
+        controller.process(action)
+        response
       else
         request.action = action.to_s
         request.path = "/#{action.to_s}"
@@ -63,7 +68,7 @@ describe "Rails integration" do
       request.env['DATE'] = Time.now.utc.httpdate
       ApiAuth.sign!(request, "1044", API_KEY_STORE["1044"])
       response = generated_response(request, :index)
-      response.code.should == "200"
+      expect(response.code).to eq("200")
     end
 
     it "should forbid a request with properly signed headers but timestamp > 15 minutes" do
@@ -71,32 +76,32 @@ describe "Rails integration" do
       request.env['DATE'] = "Mon, 23 Jan 1984 03:29:56 GMT"
       ApiAuth.sign!(request, "1044", API_KEY_STORE["1044"])
       response = generated_response(request, :index)
-      response.code.should == "401"
+      expect(response.code).to eq("401")
     end
 
     it "should insert a DATE header in the request when one hasn't been specified" do
       request = ActionController::TestRequest.new
       ApiAuth.sign!(request, "1044", API_KEY_STORE["1044"])
-      request.headers['DATE'].should_not be_nil
+      expect(request.headers['DATE']).not_to be_nil
     end
 
     it "should forbid an unsigned request to a protected controller action" do
       request = ActionController::TestRequest.new
       response = generated_response(request, :index)
-      response.code.should == "401"
+      expect(response.code).to eq("401")
     end
 
     it "should forbid a request with a bogus signature" do
       request = ActionController::TestRequest.new
       request.env['Authorization'] = "APIAuth bogus:bogus"
       response = generated_response(request, :index)
-      response.code.should == "401"
+      expect(response.code).to eq("401")
     end
 
     it "should allow non-protected controller actions to function as before" do
       request = ActionController::TestRequest.new
       response = generated_response(request, :public)
-      response.code.should == "200"
+      expect(response.code).to eq("200")
     end
 
   end
@@ -111,7 +116,7 @@ describe "Rails integration" do
 
     it "should send signed requests automagically" do
       timestamp = Time.parse("Mon, 23 Jan 1984 03:29:56 GMT")
-      Time.should_receive(:now).at_least(1).times.and_return(timestamp)
+      expect(Time).to receive(:now).at_least(1).times.and_return(timestamp)
       ActiveResource::HttpMock.respond_to do |mock|
         mock.get "/test_resources/1.xml",
           {

data/spec/request_drivers/action_controller_spec.rb

@@ -0,0 +1,218 @@
+require 'spec_helper'
+
+if defined?(ActionController::Request)
+
+  describe ApiAuth::RequestDrivers::ActionControllerRequest do
+
+    let(:timestamp){ Time.now.utc.httpdate }
+
+    let(:request) do
+      ActionController::Request.new(
+        'AUTHORIZATION'  => 'APIAuth 1044:12345',
+        'PATH_INFO' => '/resource.xml',
+        'QUERY_STRING' => 'foo=bar&bar=foo',
+        'REQUEST_METHOD' => 'PUT',
+        'CONTENT_MD5' => '1B2M2Y8AsgTpgAmY7PhCfg==',
+        'CONTENT_TYPE' => 'text/plain',
+        'CONTENT_LENGTH' => '11',
+        'HTTP_DATE' => timestamp,
+        'rack.input' => StringIO.new("hello\nworld")
+      )
+    end
+
+    subject(:driven_request){ ApiAuth::RequestDrivers::ActionControllerRequest.new(request) }
+
+    describe "getting headers correctly" do
+      it "gets the content_type" do
+        expect(driven_request.content_type).to eq('text/plain')
+      end
+
+      it "gets the content_md5" do
+        expect(driven_request.content_md5).to eq('1B2M2Y8AsgTpgAmY7PhCfg==')
+      end
+
+      it "gets the request_uri" do
+        expect(driven_request.request_uri).to eq('/resource.xml?foo=bar&bar=foo')
+      end
+
+      it "gets the timestamp" do
+        expect(driven_request.timestamp).to eq(timestamp)
+      end
+
+      it "gets the authorization_header" do
+        expect(driven_request.authorization_header).to eq('APIAuth 1044:12345')
+      end
+
+      describe "#calculated_md5" do
+        it "calculates md5 from the body" do
+          expect(driven_request.calculated_md5).to eq('kZXQvrKoieG+Be1rsZVINw==')
+        end
+
+        it "treats no body as empty string" do
+          request.env['rack.input'] = StringIO.new
+          request.env['CONTENT_LENGTH'] = 0
+          expect(driven_request.calculated_md5).to eq('1B2M2Y8AsgTpgAmY7PhCfg==')
+        end
+      end
+
+      describe "http_method" do
+        context "when put request" do
+          let(:request) do
+            ActionController::Request.new('REQUEST_METHOD' => 'PUT')
+          end
+
+          it "returns upcased put" do
+            expect(driven_request.http_method).to eq('PUT')
+          end
+        end
+
+        context "when get request" do
+          let(:request) do
+            ActionController::Request.new('REQUEST_METHOD' => 'GET')
+          end
+
+          it "returns upcased get" do
+            expect(driven_request.http_method).to eq('GET')
+          end
+        end
+      end
+    end
+
+    describe "setting headers correctly" do
+      let(:request) do
+        ActionController::Request.new(
+          'PATH_INFO'      => '/resource.xml',
+          'QUERY_STRING'   => 'foo=bar&bar=foo',
+          'REQUEST_METHOD' => 'PUT',
+          'CONTENT_TYPE'   => 'text/plain',
+          'CONTENT_LENGTH' => '11',
+          'rack.input'     => StringIO.new("hello\nworld")
+        )
+      end
+
+      describe "#populate_content_md5" do
+        context "when getting" do
+          it "doesn't populate content-md5" do
+            request.env['REQUEST_METHOD'] = 'GET'
+            driven_request.populate_content_md5
+            expect(request.env["Content-MD5"]).to be_nil
+          end
+        end
+
+        context "when posting" do
+          it "populates content-md5" do
+            request.env['REQUEST_METHOD'] = 'POST'
+            driven_request.populate_content_md5
+            expect(request.env["Content-MD5"]).to eq('kZXQvrKoieG+Be1rsZVINw==')
+          end
+        end
+
+        context "when putting" do
+          it "populates content-md5" do
+            request.env['REQUEST_METHOD'] = 'PUT'
+            driven_request.populate_content_md5
+            expect(request.env["Content-MD5"]).to eq('kZXQvrKoieG+Be1rsZVINw==')
+          end
+        end
+
+        context "when deleting" do
+          it "doesn't populate content-md5" do
+            request.env['REQUEST_METHOD'] = 'DELETE'
+            driven_request.populate_content_md5
+            expect(request.env["Content-MD5"]).to be_nil
+          end
+        end
+
+      end
+
+      describe "#set_date" do
+        it "sets the date" do
+          allow(Time).to receive_message_chain(:now, :utc, :httpdate).and_return(timestamp)
+          driven_request.set_date
+          expect(request.env['HTTP_DATE']).to eq(timestamp)
+        end
+      end
+
+      describe "#set_auth_header" do
+        it "sets the auth header" do
+          driven_request.set_auth_header('APIAuth 1044:54321')
+          expect(request.env['Authorization']).to eq('APIAuth 1044:54321')
+        end
+      end
+    end
+
+    describe "md5_mismatch?" do
+      context "when getting" do
+        before do
+          request.env['REQUEST_METHOD'] = 'GET'
+        end
+
+        it "is false" do
+          expect(driven_request.md5_mismatch?).to be false
+        end
+      end
+
+      context "when posting" do
+        before do
+          request.env['REQUEST_METHOD'] = 'POST'
+        end
+
+        context "when calculated matches sent" do
+          before do
+            request.env["CONTENT_MD5"] = 'kZXQvrKoieG+Be1rsZVINw=='
+          end
+
+          it "is false" do
+            expect(driven_request.md5_mismatch?).to be false
+          end
+        end
+
+        context "when calculated doesn't match sent" do
+          before do
+            request.env["CONTENT_MD5"] = "3"
+          end
+
+          it "is true" do
+            expect(driven_request.md5_mismatch?).to be true
+          end
+        end
+      end
+
+      context "when putting" do
+        before do
+          request.env['REQUEST_METHOD'] = 'PUT'
+        end
+
+        context "when calculated matches sent" do
+          before do
+            request.env["CONTENT_MD5"] = 'kZXQvrKoieG+Be1rsZVINw=='
+          end
+
+          it "is false" do
+            expect(driven_request.md5_mismatch?).to be false
+          end
+        end
+
+        context "when calculated doesn't match sent" do
+          before do
+            request.env["CONTENT_MD5"] = "3"
+          end
+
+          it "is true" do
+            expect(driven_request.md5_mismatch?).to be true
+          end
+        end
+      end
+
+      context "when deleting" do
+        before do
+          request.env['REQUEST_METHOD'] = 'DELETE'
+        end
+
+        it "is false" do
+          expect(driven_request.md5_mismatch?).to be false
+        end
+      end
+    end
+  end
+end

data/spec/request_drivers/action_dispatch_spec.rb

@@ -0,0 +1,219 @@
+require 'spec_helper'
+
+if defined?(ActionDispatch::Request)
+
+  describe ApiAuth::RequestDrivers::ActionDispatchRequest do
+
+    let(:timestamp){ Time.now.utc.httpdate }
+
+    let(:request) do
+      ActionDispatch::Request.new(
+        'AUTHORIZATION'  => 'APIAuth 1044:12345',
+        'PATH_INFO'      => '/resource.xml',
+        'QUERY_STRING'   => 'foo=bar&bar=foo',
+        'REQUEST_METHOD' => 'PUT',
+        'CONTENT_MD5'    => '1B2M2Y8AsgTpgAmY7PhCfg==',
+        'CONTENT_TYPE'   => 'text/plain',
+        'CONTENT_LENGTH' => '11',
+        'HTTP_DATE'      => timestamp,
+        'rack.input'     => StringIO.new("hello\nworld")
+      )
+    end
+
+    subject(:driven_request){ ApiAuth::RequestDrivers::ActionDispatchRequest.new(request) }
+
+    describe "getting headers correctly" do
+      it "gets the content_type" do
+        expect(driven_request.content_type).to eq('text/plain')
+      end
+
+      it "gets the content_md5" do
+        expect(driven_request.content_md5).to eq('1B2M2Y8AsgTpgAmY7PhCfg==')
+      end
+
+      it "gets the request_uri" do
+        expect(driven_request.request_uri).to eq('/resource.xml?foo=bar&bar=foo')
+      end
+
+      it "gets the timestamp" do
+        expect(driven_request.timestamp).to eq(timestamp)
+      end
+
+      it "gets the authorization_header" do
+        expect(driven_request.authorization_header).to eq('APIAuth 1044:12345')
+      end
+
+      describe "#calculated_md5" do
+        it "calculates md5 from the body" do
+          expect(driven_request.calculated_md5).to eq('kZXQvrKoieG+Be1rsZVINw==')
+        end
+
+        it "treats no body as empty string" do
+          request.env['rack.input'] = StringIO.new
+          request.env['CONTENT_LENGTH'] = 0
+          expect(driven_request.calculated_md5).to eq('1B2M2Y8AsgTpgAmY7PhCfg==')
+        end
+      end
+
+
+      describe "http_method" do
+        context "when put request" do
+          let(:request) do
+            ActionDispatch::Request.new('REQUEST_METHOD' => 'PUT')
+          end
+
+          it "returns upcased put" do
+            expect(driven_request.http_method).to eq('PUT')
+          end
+        end
+
+        context "when get request" do
+          let(:request) do
+            ActionDispatch::Request.new('REQUEST_METHOD' => 'GET')
+          end
+
+          it "returns upcased get" do
+            expect(driven_request.http_method).to eq('GET')
+          end
+        end
+      end
+    end
+
+    describe "setting headers correctly" do
+      let(:request) do
+        ActionDispatch::Request.new(
+          'PATH_INFO'      => '/resource.xml',
+          'QUERY_STRING'   => 'foo=bar&bar=foo',
+          'REQUEST_METHOD' => 'PUT',
+          'CONTENT_TYPE'   => 'text/plain',
+          'CONTENT_LENGTH' => '11',
+          'rack.input'     => StringIO.new("hello\nworld")
+        )
+      end
+
+      describe "#populate_content_md5" do
+        context "when getting" do
+          it "doesn't populate content-md5" do
+            request.env['REQUEST_METHOD'] = 'GET'
+            driven_request.populate_content_md5
+            expect(request.env["Content-MD5"]).to be_nil
+          end
+        end
+
+        context "when posting" do
+          it "populates content-md5" do
+            request.env['REQUEST_METHOD'] = 'POST'
+            driven_request.populate_content_md5
+            expect(request.env["Content-MD5"]).to eq('kZXQvrKoieG+Be1rsZVINw==')
+          end
+        end
+
+        context "when putting" do
+          it "populates content-md5" do
+            request.env['REQUEST_METHOD'] = 'PUT'
+            driven_request.populate_content_md5
+            expect(request.env["Content-MD5"]).to eq('kZXQvrKoieG+Be1rsZVINw==')
+          end
+        end
+
+        context "when deleting" do
+          it "doesn't populate content-md5" do
+            request.env['REQUEST_METHOD'] = 'DELETE'
+            driven_request.populate_content_md5
+            expect(request.env["Content-MD5"]).to be_nil
+          end
+        end
+
+      end
+
+      describe "#set_date" do
+        it "sets the date" do
+          allow(Time).to receive_message_chain(:now, :utc, :httpdate).and_return(timestamp)
+          driven_request.set_date
+          expect(request.env['HTTP_DATE']).to eq(timestamp)
+        end
+      end
+
+      describe "#set_auth_header" do
+        it "sets the auth header" do
+          driven_request.set_auth_header('APIAuth 1044:54321')
+          expect(request.env['Authorization']).to eq('APIAuth 1044:54321')
+        end
+      end
+    end
+
+    describe "md5_mismatch?" do
+      context "when getting" do
+        before do
+          request.env['REQUEST_METHOD'] = 'GET'
+        end
+
+        it "is false" do
+          expect(driven_request.md5_mismatch?).to be false
+        end
+      end
+
+      context "when posting" do
+        before do
+          request.env['REQUEST_METHOD'] = 'POST'
+        end
+
+        context "when calculated matches sent" do
+          before do
+            request.env["CONTENT_MD5"] = 'kZXQvrKoieG+Be1rsZVINw=='
+          end
+
+          it "is false" do
+            expect(driven_request.md5_mismatch?).to be false
+          end
+        end
+
+        context "when calculated doesn't match sent" do
+          before do
+            request.env["CONTENT_MD5"] = "3"
+          end
+
+          it "is true" do
+            expect(driven_request.md5_mismatch?).to be true
+          end
+        end
+      end
+
+      context "when putting" do
+        before do
+          request.env['REQUEST_METHOD'] = 'PUT'
+        end
+
+        context "when calculated matches sent" do
+          before do
+            request.env["CONTENT_MD5"] = 'kZXQvrKoieG+Be1rsZVINw=='
+          end
+
+          it "is false" do
+            expect(driven_request.md5_mismatch?).to be false
+          end
+        end
+
+        context "when calculated doesn't match sent" do
+          before do
+            request.env["CONTENT_MD5"] = "3"
+          end
+
+          it "is true" do
+            expect(driven_request.md5_mismatch?).to be true
+          end
+        end
+      end
+
+      context "when deleting" do
+        before do
+          request.env['REQUEST_METHOD'] = 'DELETE'
+        end
+
+        it "is false" do
+          expect(driven_request.md5_mismatch?).to be false
+        end
+      end
+    end
+  end
+end