api-auth 1.3.2 → 1.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (47) hide show
  1. checksums.yaml +4 -4
  2. data/.rspec +2 -2
  3. data/.travis.yml +4 -0
  4. data/Appraisals +6 -0
  5. data/CHANGELOG.md +36 -0
  6. data/Gemfile.lock +77 -44
  7. data/README.md +15 -8
  8. data/VERSION +1 -1
  9. data/api_auth.gemspec +4 -4
  10. data/gemfiles/rails_23.gemfile +1 -1
  11. data/gemfiles/rails_23.gemfile.lock +19 -11
  12. data/gemfiles/rails_30.gemfile +1 -1
  13. data/gemfiles/rails_30.gemfile.lock +19 -11
  14. data/gemfiles/rails_31.gemfile +1 -1
  15. data/gemfiles/rails_31.gemfile.lock +19 -11
  16. data/gemfiles/rails_32.gemfile +1 -1
  17. data/gemfiles/rails_32.gemfile.lock +19 -11
  18. data/gemfiles/rails_4.gemfile +1 -1
  19. data/gemfiles/rails_4.gemfile.lock +19 -11
  20. data/gemfiles/rails_41.gemfile +1 -1
  21. data/gemfiles/rails_41.gemfile.lock +19 -11
  22. data/gemfiles/rails_42.gemfile +9 -0
  23. data/gemfiles/rails_42.gemfile.lock +115 -0
  24. data/lib/api_auth/base.rb +37 -23
  25. data/lib/api_auth/headers.rb +23 -3
  26. data/lib/api_auth/request_drivers/action_controller.rb +4 -0
  27. data/lib/api_auth/request_drivers/curb.rb +4 -0
  28. data/lib/api_auth/request_drivers/faraday.rb +4 -0
  29. data/lib/api_auth/request_drivers/httpi.rb +5 -1
  30. data/lib/api_auth/request_drivers/net_http.rb +4 -0
  31. data/lib/api_auth/request_drivers/rack.rb +5 -1
  32. data/lib/api_auth/request_drivers/rest_client.rb +4 -0
  33. data/spec/api_auth_spec.rb +112 -628
  34. data/spec/headers_spec.rb +132 -289
  35. data/spec/helpers_spec.rb +2 -2
  36. data/spec/railtie_spec.rb +13 -8
  37. data/spec/request_drivers/action_controller_spec.rb +218 -0
  38. data/spec/request_drivers/action_dispatch_spec.rb +219 -0
  39. data/spec/request_drivers/curb_spec.rb +89 -0
  40. data/spec/request_drivers/faraday_spec.rb +243 -0
  41. data/spec/request_drivers/httpi_spec.rb +147 -0
  42. data/spec/request_drivers/net_http_spec.rb +185 -0
  43. data/spec/request_drivers/rack_spec.rb +288 -0
  44. data/spec/request_drivers/rest_client_spec.rb +311 -0
  45. metadata +44 -19
  46. data/spec/application_helper.rb +0 -2
  47. data/spec/test_helper.rb +0 -2
@@ -0,0 +1,311 @@
1
+ require 'spec_helper'
2
+
3
+ describe ApiAuth::RequestDrivers::RestClientRequest do
4
+
5
+ let(:timestamp){ Time.now.utc.httpdate }
6
+
7
+ let(:request_path){ "/resource.xml?foo=bar&bar=foo" }
8
+
9
+ let(:request_headers){
10
+ {
11
+ 'Authorization' => 'APIAuth 1044:12345',
12
+ 'Content-MD5' => '1B2M2Y8AsgTpgAmY7PhCfg==',
13
+ 'Content-Type' => 'text/plain',
14
+ 'Date' => timestamp
15
+ }
16
+ }
17
+
18
+ let(:request) do
19
+ RestClient::Request.new(
20
+ :url => "/resource.xml?foo=bar&bar=foo",
21
+ :headers => request_headers,
22
+ :method => :put,
23
+ :payload => "hello\nworld"
24
+ )
25
+ end
26
+
27
+ subject(:driven_request){ ApiAuth::RequestDrivers::RestClientRequest.new(request) }
28
+
29
+ describe "getting headers correctly" do
30
+ it "gets the content_type" do
31
+ expect(driven_request.content_type).to eq('text/plain')
32
+ end
33
+
34
+ it "gets the content_md5" do
35
+ expect(driven_request.content_md5).to eq('1B2M2Y8AsgTpgAmY7PhCfg==')
36
+ end
37
+
38
+ it "gets the request_uri" do
39
+ expect(driven_request.request_uri).to eq('/resource.xml?foo=bar&bar=foo')
40
+ end
41
+
42
+ it "gets the timestamp" do
43
+ expect(driven_request.timestamp).to eq(timestamp)
44
+ end
45
+
46
+ it "gets the authorization_header" do
47
+ expect(driven_request.authorization_header).to eq('APIAuth 1044:12345')
48
+ end
49
+
50
+ describe "#calculated_md5" do
51
+ it "calculates md5 from the body" do
52
+ expect(driven_request.calculated_md5).to eq('kZXQvrKoieG+Be1rsZVINw==')
53
+ end
54
+
55
+ it "treats no body as empty string" do
56
+ request = RestClient::Request.new(
57
+ :url => "/resource.xml?foo=bar&bar=foo",
58
+ :headers => request_headers,
59
+ :method => :put
60
+ )
61
+ driven_request = ApiAuth::RequestDrivers::RestClientRequest.new(request)
62
+ expect(driven_request.calculated_md5).to eq('1B2M2Y8AsgTpgAmY7PhCfg==')
63
+ end
64
+ end
65
+
66
+ describe "http_method" do
67
+ context "when put request" do
68
+ let(:request) do
69
+ RestClient::Request.new(
70
+ :url => "/resource.xml?foo=bar&bar=foo",
71
+ :headers => request_headers,
72
+ :method => :put
73
+ )
74
+ end
75
+
76
+ it "returns upcased put" do
77
+ expect(driven_request.http_method).to eq('PUT')
78
+ end
79
+ end
80
+
81
+ context "when get request" do
82
+ let(:request) do
83
+ RestClient::Request.new(
84
+ :url => "/resource.xml?foo=bar&bar=foo",
85
+ :headers => request_headers,
86
+ :method => :get
87
+ )
88
+ end
89
+
90
+ it "returns upcased get" do
91
+ expect(driven_request.http_method).to eq('GET')
92
+ end
93
+ end
94
+ end
95
+ end
96
+
97
+ describe "setting headers correctly" do
98
+ let(:request_headers){
99
+ {
100
+ 'Content-Type' => 'text/plain'
101
+ }
102
+ }
103
+
104
+ describe "#populate_content_md5" do
105
+ context "when getting" do
106
+ let(:request) do
107
+ RestClient::Request.new(
108
+ :url => "/resource.xml?foo=bar&bar=foo",
109
+ :headers => request_headers,
110
+ :method => :get
111
+ )
112
+ end
113
+
114
+ it "doesn't populate content-md5" do
115
+ driven_request.populate_content_md5
116
+ expect(request.headers["Content-MD5"]).to be_nil
117
+ end
118
+ end
119
+
120
+ context "when posting" do
121
+ let(:request) do
122
+ RestClient::Request.new(
123
+ :url => "/resource.xml?foo=bar&bar=foo",
124
+ :headers => request_headers,
125
+ :method => :post,
126
+ :payload => "hello\nworld"
127
+ )
128
+ end
129
+
130
+ it "populates content-md5" do
131
+ driven_request.populate_content_md5
132
+ expect(request.headers["Content-MD5"]).to eq('kZXQvrKoieG+Be1rsZVINw==')
133
+ end
134
+ end
135
+
136
+ context "when putting" do
137
+ let(:request) do
138
+ RestClient::Request.new(
139
+ :url => "/resource.xml?foo=bar&bar=foo",
140
+ :headers => request_headers,
141
+ :method => :put,
142
+ :payload => "hello\nworld"
143
+ )
144
+ end
145
+
146
+ it "populates content-md5" do
147
+ driven_request.populate_content_md5
148
+ expect(request.headers["Content-MD5"]).to eq('kZXQvrKoieG+Be1rsZVINw==')
149
+ end
150
+ end
151
+
152
+ context "when deleting" do
153
+ let(:request) do
154
+ RestClient::Request.new(
155
+ :url => "/resource.xml?foo=bar&bar=foo",
156
+ :headers => request_headers,
157
+ :method => :delete
158
+ )
159
+ end
160
+
161
+ it "doesn't populate content-md5" do
162
+ driven_request.populate_content_md5
163
+ expect(request.headers["Content-MD5"]).to be_nil
164
+ end
165
+ end
166
+
167
+ end
168
+
169
+ describe "#set_date" do
170
+ it "sets the date" do
171
+ allow(Time).to receive_message_chain(:now, :utc, :httpdate).and_return(timestamp)
172
+ driven_request.set_date
173
+ expect(request.headers['DATE']).to eq(timestamp)
174
+ end
175
+ end
176
+
177
+ describe "#set_auth_header" do
178
+ it "sets the auth header" do
179
+ driven_request.set_auth_header('APIAuth 1044:54321')
180
+ expect(request.headers['Authorization']).to eq('APIAuth 1044:54321')
181
+ end
182
+ end
183
+ end
184
+
185
+ describe "md5_mismatch?" do
186
+
187
+ context "when getting" do
188
+ let(:request) do
189
+ RestClient::Request.new(
190
+ :url => "/resource.xml?foo=bar&bar=foo",
191
+ :headers => request_headers,
192
+ :method => :get
193
+ )
194
+ end
195
+
196
+ it "is false" do
197
+ expect(driven_request.md5_mismatch?).to be false
198
+ end
199
+ end
200
+
201
+ context "when posting" do
202
+ let(:request) do
203
+ RestClient::Request.new(
204
+ :url => "/resource.xml?foo=bar&bar=foo",
205
+ :headers => request_headers,
206
+ :method => :post,
207
+ :payload => "hello\nworld"
208
+ )
209
+ end
210
+
211
+ context "when calculated matches sent" do
212
+ let(:request_headers){
213
+ {
214
+ 'Authorization' => 'APIAuth 1044:12345',
215
+ 'Content-MD5' => 'kZXQvrKoieG+Be1rsZVINw==',
216
+ 'Content-Type' => 'text/plain',
217
+ 'Date' => timestamp
218
+ }
219
+ }
220
+
221
+ it "is false" do
222
+ expect(driven_request.md5_mismatch?).to be false
223
+ end
224
+ end
225
+
226
+ context "when calculated doesn't match sent" do
227
+ let(:request_headers){
228
+ {
229
+ 'Authorization' => 'APIAuth 1044:12345',
230
+ 'Content-MD5' => '3',
231
+ 'Content-Type' => 'text/plain',
232
+ 'Date' => timestamp
233
+ }
234
+ }
235
+
236
+ it "is true" do
237
+ expect(driven_request.md5_mismatch?).to be true
238
+ end
239
+ end
240
+ end
241
+
242
+ context "when putting" do
243
+ let(:request) do
244
+ RestClient::Request.new(
245
+ :url => "/resource.xml?foo=bar&bar=foo",
246
+ :headers => request_headers,
247
+ :method => :put,
248
+ :payload => "hello\nworld"
249
+ )
250
+ end
251
+
252
+ context "when calculated matches sent" do
253
+ let(:request_headers){
254
+ {
255
+ 'Authorization' => 'APIAuth 1044:12345',
256
+ 'Content-MD5' => 'kZXQvrKoieG+Be1rsZVINw==',
257
+ 'Content-Type' => 'text/plain',
258
+ 'Date' => timestamp
259
+ }
260
+ }
261
+
262
+ it "is false" do
263
+ expect(driven_request.md5_mismatch?).to be false
264
+ end
265
+ end
266
+
267
+ context "when calculated doesn't match sent" do
268
+ let(:request_headers){
269
+ {
270
+ 'Authorization' => 'APIAuth 1044:12345',
271
+ 'Content-MD5' => '3',
272
+ 'Content-Type' => 'text/plain',
273
+ 'Date' => timestamp
274
+ }
275
+ }
276
+
277
+ it "is true" do
278
+ expect(driven_request.md5_mismatch?).to be true
279
+ end
280
+ end
281
+ end
282
+
283
+ context "when deleting" do
284
+ let(:request) do
285
+ RestClient::Request.new(
286
+ :url => "/resource.xml?foo=bar&bar=foo",
287
+ :headers => request_headers,
288
+ :method => :delete
289
+ )
290
+ end
291
+
292
+ it "is false" do
293
+ expect(driven_request.md5_mismatch?).to be false
294
+ end
295
+ end
296
+ end
297
+
298
+ describe "edge cases" do
299
+ it "doesn't mess up symbol based headers" do
300
+ headers = { 'Content-MD5' => "e59ff97941044f85df5297e1c302d260",
301
+ :content_type => "text/plain",
302
+ 'Date' => "Mon, 23 Jan 1984 03:29:56 GMT" }
303
+ request = RestClient::Request.new(:url => "/resource.xml?foo=bar&bar=foo",
304
+ :headers => headers,
305
+ :method => :put)
306
+ headers = ApiAuth::Headers.new(request)
307
+ ApiAuth.sign!(request, "some access id", "some secret key")
308
+ expect(request.processed_headers).to have_key('Content-Type')
309
+ end
310
+ end
311
+ end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: api-auth
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.3.2
4
+ version: 1.4.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Mauricio Gomes
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-08-28 00:00:00.000000000 Z
11
+ date: 2015-12-16 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: appraisal
@@ -58,56 +58,68 @@ dependencies:
58
58
  requirements:
59
59
  - - "~>"
60
60
  - !ruby/object:Gem::Version
61
- version: 2.4.0
61
+ version: '3.4'
62
62
  type: :development
63
63
  prerelease: false
64
64
  version_requirements: !ruby/object:Gem::Requirement
65
65
  requirements:
66
66
  - - "~>"
67
67
  - !ruby/object:Gem::Version
68
- version: 2.4.0
68
+ version: '3.4'
69
69
  - !ruby/object:Gem::Dependency
70
70
  name: actionpack
71
71
  requirement: !ruby/object:Gem::Requirement
72
72
  requirements:
73
- - - "~>"
73
+ - - "<"
74
+ - !ruby/object:Gem::Version
75
+ version: '5.0'
76
+ - - ">"
74
77
  - !ruby/object:Gem::Version
75
- version: 3.0.0
78
+ version: 2.3.2
76
79
  type: :development
77
80
  prerelease: false
78
81
  version_requirements: !ruby/object:Gem::Requirement
79
82
  requirements:
80
- - - "~>"
83
+ - - "<"
84
+ - !ruby/object:Gem::Version
85
+ version: '5.0'
86
+ - - ">"
81
87
  - !ruby/object:Gem::Version
82
- version: 3.0.0
88
+ version: 2.3.2
83
89
  - !ruby/object:Gem::Dependency
84
90
  name: activesupport
85
91
  requirement: !ruby/object:Gem::Requirement
86
92
  requirements:
87
- - - "~>"
93
+ - - "<"
94
+ - !ruby/object:Gem::Version
95
+ version: '5.0'
96
+ - - ">"
88
97
  - !ruby/object:Gem::Version
89
- version: 3.0.0
98
+ version: 2.3.2
90
99
  type: :development
91
100
  prerelease: false
92
101
  version_requirements: !ruby/object:Gem::Requirement
93
102
  requirements:
94
- - - "~>"
103
+ - - "<"
104
+ - !ruby/object:Gem::Version
105
+ version: '5.0'
106
+ - - ">"
95
107
  - !ruby/object:Gem::Version
96
- version: 3.0.0
108
+ version: 2.3.2
97
109
  - !ruby/object:Gem::Dependency
98
110
  name: activeresource
99
111
  requirement: !ruby/object:Gem::Requirement
100
112
  requirements:
101
113
  - - "~>"
102
114
  - !ruby/object:Gem::Version
103
- version: 3.0.0
115
+ version: '4.0'
104
116
  type: :development
105
117
  prerelease: false
106
118
  version_requirements: !ruby/object:Gem::Requirement
107
119
  requirements:
108
120
  - - "~>"
109
121
  - !ruby/object:Gem::Version
110
- version: 3.0.0
122
+ version: '4.0'
111
123
  - !ruby/object:Gem::Dependency
112
124
  name: rest-client
113
125
  requirement: !ruby/object:Gem::Requirement
@@ -209,6 +221,8 @@ files:
209
221
  - gemfiles/rails_4.gemfile.lock
210
222
  - gemfiles/rails_41.gemfile
211
223
  - gemfiles/rails_41.gemfile.lock
224
+ - gemfiles/rails_42.gemfile
225
+ - gemfiles/rails_42.gemfile.lock
212
226
  - lib/api-auth.rb
213
227
  - lib/api_auth.rb
214
228
  - lib/api_auth/base.rb
@@ -225,13 +239,19 @@ files:
225
239
  - lib/api_auth/request_drivers/rack.rb
226
240
  - lib/api_auth/request_drivers/rest_client.rb
227
241
  - spec/api_auth_spec.rb
228
- - spec/application_helper.rb
229
242
  - spec/fixtures/upload.png
230
243
  - spec/headers_spec.rb
231
244
  - spec/helpers_spec.rb
232
245
  - spec/railtie_spec.rb
246
+ - spec/request_drivers/action_controller_spec.rb
247
+ - spec/request_drivers/action_dispatch_spec.rb
248
+ - spec/request_drivers/curb_spec.rb
249
+ - spec/request_drivers/faraday_spec.rb
250
+ - spec/request_drivers/httpi_spec.rb
251
+ - spec/request_drivers/net_http_spec.rb
252
+ - spec/request_drivers/rack_spec.rb
253
+ - spec/request_drivers/rest_client_spec.rb
233
254
  - spec/spec_helper.rb
234
- - spec/test_helper.rb
235
255
  homepage: https://github.com/mgomes/api_auth
236
256
  licenses: []
237
257
  metadata: {}
@@ -257,11 +277,16 @@ specification_version: 4
257
277
  summary: Simple HMAC authentication for your APIs
258
278
  test_files:
259
279
  - spec/api_auth_spec.rb
260
- - spec/application_helper.rb
261
280
  - spec/fixtures/upload.png
262
281
  - spec/headers_spec.rb
263
282
  - spec/helpers_spec.rb
264
283
  - spec/railtie_spec.rb
284
+ - spec/request_drivers/action_controller_spec.rb
285
+ - spec/request_drivers/action_dispatch_spec.rb
286
+ - spec/request_drivers/curb_spec.rb
287
+ - spec/request_drivers/faraday_spec.rb
288
+ - spec/request_drivers/httpi_spec.rb
289
+ - spec/request_drivers/net_http_spec.rb
290
+ - spec/request_drivers/rack_spec.rb
291
+ - spec/request_drivers/rest_client_spec.rb
265
292
  - spec/spec_helper.rb
266
- - spec/test_helper.rb
267
- has_rdoc: