api-auth 1.3.2 → 1.4.0

data/spec/request_drivers/rest_client_spec.rb

@@ -0,0 +1,311 @@
+require 'spec_helper'
+
+describe ApiAuth::RequestDrivers::RestClientRequest do
+
+  let(:timestamp){ Time.now.utc.httpdate }
+
+  let(:request_path){ "/resource.xml?foo=bar&bar=foo" }
+
+  let(:request_headers){
+    {
+      'Authorization'  => 'APIAuth 1044:12345',
+      'Content-MD5' => '1B2M2Y8AsgTpgAmY7PhCfg==',
+      'Content-Type' => 'text/plain',
+      'Date' => timestamp
+    }
+  }
+
+  let(:request) do
+    RestClient::Request.new(
+      :url => "/resource.xml?foo=bar&bar=foo",
+      :headers => request_headers,
+      :method => :put,
+      :payload => "hello\nworld"
+    )
+  end
+
+  subject(:driven_request){ ApiAuth::RequestDrivers::RestClientRequest.new(request) }
+
+  describe "getting headers correctly" do
+    it "gets the content_type" do
+      expect(driven_request.content_type).to eq('text/plain')
+    end
+
+    it "gets the content_md5" do
+      expect(driven_request.content_md5).to eq('1B2M2Y8AsgTpgAmY7PhCfg==')
+    end
+
+    it "gets the request_uri" do
+      expect(driven_request.request_uri).to eq('/resource.xml?foo=bar&bar=foo')
+    end
+
+    it "gets the timestamp" do
+      expect(driven_request.timestamp).to eq(timestamp)
+    end
+
+    it "gets the authorization_header" do
+      expect(driven_request.authorization_header).to eq('APIAuth 1044:12345')
+    end
+
+    describe "#calculated_md5" do
+      it "calculates md5 from the body" do
+        expect(driven_request.calculated_md5).to eq('kZXQvrKoieG+Be1rsZVINw==')
+      end
+
+      it "treats no body as empty string" do
+        request = RestClient::Request.new(
+          :url => "/resource.xml?foo=bar&bar=foo",
+          :headers => request_headers,
+          :method => :put
+        )
+        driven_request = ApiAuth::RequestDrivers::RestClientRequest.new(request)
+        expect(driven_request.calculated_md5).to eq('1B2M2Y8AsgTpgAmY7PhCfg==')
+      end
+    end
+
+    describe "http_method" do
+      context "when put request" do
+        let(:request) do
+          RestClient::Request.new(
+            :url => "/resource.xml?foo=bar&bar=foo",
+            :headers => request_headers,
+            :method => :put
+          )
+        end
+
+        it "returns upcased put" do
+          expect(driven_request.http_method).to eq('PUT')
+        end
+      end
+
+      context "when get request" do
+        let(:request) do
+          RestClient::Request.new(
+            :url => "/resource.xml?foo=bar&bar=foo",
+            :headers => request_headers,
+            :method => :get
+          )
+        end
+
+        it "returns upcased get" do
+          expect(driven_request.http_method).to eq('GET')
+        end
+      end
+    end
+  end
+
+  describe "setting headers correctly" do
+    let(:request_headers){
+      {
+        'Content-Type' => 'text/plain'
+      }
+    }
+
+    describe "#populate_content_md5" do
+      context "when getting" do
+        let(:request) do
+          RestClient::Request.new(
+            :url => "/resource.xml?foo=bar&bar=foo",
+            :headers => request_headers,
+            :method => :get
+          )
+        end
+
+        it "doesn't populate content-md5" do
+          driven_request.populate_content_md5
+          expect(request.headers["Content-MD5"]).to be_nil
+        end
+      end
+
+      context "when posting" do
+        let(:request) do
+          RestClient::Request.new(
+            :url => "/resource.xml?foo=bar&bar=foo",
+            :headers => request_headers,
+            :method => :post,
+            :payload => "hello\nworld"
+          )
+        end
+
+        it "populates content-md5" do
+          driven_request.populate_content_md5
+          expect(request.headers["Content-MD5"]).to eq('kZXQvrKoieG+Be1rsZVINw==')
+        end
+      end
+
+      context "when putting" do
+        let(:request) do
+          RestClient::Request.new(
+            :url => "/resource.xml?foo=bar&bar=foo",
+            :headers => request_headers,
+            :method => :put,
+            :payload => "hello\nworld"
+          )
+        end
+
+        it "populates content-md5" do
+          driven_request.populate_content_md5
+          expect(request.headers["Content-MD5"]).to eq('kZXQvrKoieG+Be1rsZVINw==')
+        end
+      end
+
+      context "when deleting" do
+        let(:request) do
+          RestClient::Request.new(
+            :url => "/resource.xml?foo=bar&bar=foo",
+            :headers => request_headers,
+            :method => :delete
+          )
+        end
+
+        it "doesn't populate content-md5" do
+          driven_request.populate_content_md5
+          expect(request.headers["Content-MD5"]).to be_nil
+        end
+      end
+
+    end
+
+    describe "#set_date" do
+      it "sets the date" do
+        allow(Time).to receive_message_chain(:now, :utc, :httpdate).and_return(timestamp)
+        driven_request.set_date
+        expect(request.headers['DATE']).to eq(timestamp)
+      end
+    end
+
+    describe "#set_auth_header" do
+      it "sets the auth header" do
+        driven_request.set_auth_header('APIAuth 1044:54321')
+        expect(request.headers['Authorization']).to eq('APIAuth 1044:54321')
+      end
+    end
+  end
+
+  describe "md5_mismatch?" do
+
+    context "when getting" do
+      let(:request) do
+        RestClient::Request.new(
+          :url => "/resource.xml?foo=bar&bar=foo",
+          :headers => request_headers,
+          :method => :get
+        )
+      end
+
+      it "is false" do
+        expect(driven_request.md5_mismatch?).to be false
+      end
+    end
+
+    context "when posting" do
+      let(:request) do
+        RestClient::Request.new(
+          :url => "/resource.xml?foo=bar&bar=foo",
+          :headers => request_headers,
+          :method => :post,
+          :payload => "hello\nworld"
+        )
+      end
+
+      context "when calculated matches sent" do
+        let(:request_headers){
+          {
+            'Authorization'  => 'APIAuth 1044:12345',
+            'Content-MD5' => 'kZXQvrKoieG+Be1rsZVINw==',
+            'Content-Type' => 'text/plain',
+            'Date' => timestamp
+          }
+        }
+
+        it "is false" do
+          expect(driven_request.md5_mismatch?).to be false
+        end
+      end
+
+      context "when calculated doesn't match sent" do
+        let(:request_headers){
+          {
+            'Authorization'  => 'APIAuth 1044:12345',
+            'Content-MD5' => '3',
+            'Content-Type' => 'text/plain',
+            'Date' => timestamp
+          }
+        }
+
+        it "is true" do
+          expect(driven_request.md5_mismatch?).to be true
+        end
+      end
+    end
+
+    context "when putting" do
+      let(:request) do
+        RestClient::Request.new(
+          :url => "/resource.xml?foo=bar&bar=foo",
+          :headers => request_headers,
+          :method => :put,
+          :payload => "hello\nworld"
+        )
+      end
+
+      context "when calculated matches sent" do
+        let(:request_headers){
+          {
+            'Authorization'  => 'APIAuth 1044:12345',
+            'Content-MD5' => 'kZXQvrKoieG+Be1rsZVINw==',
+            'Content-Type' => 'text/plain',
+            'Date' => timestamp
+          }
+        }
+
+        it "is false" do
+          expect(driven_request.md5_mismatch?).to be false
+        end
+      end
+
+      context "when calculated doesn't match sent" do
+        let(:request_headers){
+          {
+            'Authorization'  => 'APIAuth 1044:12345',
+            'Content-MD5' => '3',
+            'Content-Type' => 'text/plain',
+            'Date' => timestamp
+          }
+        }
+
+        it "is true" do
+          expect(driven_request.md5_mismatch?).to be true
+        end
+      end
+    end
+
+    context "when deleting" do
+      let(:request) do
+        RestClient::Request.new(
+          :url => "/resource.xml?foo=bar&bar=foo",
+          :headers => request_headers,
+          :method => :delete
+        )
+      end
+
+      it "is false" do
+        expect(driven_request.md5_mismatch?).to be false
+      end
+    end
+  end
+
+  describe "edge cases" do
+    it "doesn't mess up symbol based headers" do
+      headers = { 'Content-MD5' => "e59ff97941044f85df5297e1c302d260",
+                  :content_type => "text/plain",
+                  'Date' => "Mon, 23 Jan 1984 03:29:56 GMT" }
+      request = RestClient::Request.new(:url => "/resource.xml?foo=bar&bar=foo",
+        :headers => headers,
+        :method => :put)
+      headers = ApiAuth::Headers.new(request)
+      ApiAuth.sign!(request, "some access id", "some secret key")
+      expect(request.processed_headers).to have_key('Content-Type')
+    end
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: api-auth
 version: !ruby/object:Gem::Version
-  version: 1.3.2
+  version: 1.4.0
 platform: ruby
 authors:
 - Mauricio Gomes
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-08-28 00:00:00.000000000 Z
+date: 2015-12-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: appraisal
@@ -58,56 +58,68 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.4.0
+        version: '3.4'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.4.0
+        version: '3.4'
 - !ruby/object:Gem::Dependency
   name: actionpack
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '5.0'
+    - - ">"
       - !ruby/object:Gem::Version
-        version: 3.0.0
+        version: 2.3.2
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '5.0'
+    - - ">"
       - !ruby/object:Gem::Version
-        version: 3.0.0
+        version: 2.3.2
 - !ruby/object:Gem::Dependency
   name: activesupport
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '5.0'
+    - - ">"
       - !ruby/object:Gem::Version
-        version: 3.0.0
+        version: 2.3.2
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '5.0'
+    - - ">"
       - !ruby/object:Gem::Version
-        version: 3.0.0
+        version: 2.3.2
 - !ruby/object:Gem::Dependency
   name: activeresource
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.0.0
+        version: '4.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.0.0
+        version: '4.0'
 - !ruby/object:Gem::Dependency
   name: rest-client
   requirement: !ruby/object:Gem::Requirement
@@ -209,6 +221,8 @@ files:
 - gemfiles/rails_4.gemfile.lock
 - gemfiles/rails_41.gemfile
 - gemfiles/rails_41.gemfile.lock
+- gemfiles/rails_42.gemfile
+- gemfiles/rails_42.gemfile.lock
 - lib/api-auth.rb
 - lib/api_auth.rb
 - lib/api_auth/base.rb
@@ -225,13 +239,19 @@ files:
 - lib/api_auth/request_drivers/rack.rb
 - lib/api_auth/request_drivers/rest_client.rb
 - spec/api_auth_spec.rb
-- spec/application_helper.rb
 - spec/fixtures/upload.png
 - spec/headers_spec.rb
 - spec/helpers_spec.rb
 - spec/railtie_spec.rb
+- spec/request_drivers/action_controller_spec.rb
+- spec/request_drivers/action_dispatch_spec.rb
+- spec/request_drivers/curb_spec.rb
+- spec/request_drivers/faraday_spec.rb
+- spec/request_drivers/httpi_spec.rb
+- spec/request_drivers/net_http_spec.rb
+- spec/request_drivers/rack_spec.rb
+- spec/request_drivers/rest_client_spec.rb
 - spec/spec_helper.rb
-- spec/test_helper.rb
 homepage: https://github.com/mgomes/api_auth
 licenses: []
 metadata: {}
@@ -257,11 +277,16 @@ specification_version: 4
 summary: Simple HMAC authentication for your APIs
 test_files:
 - spec/api_auth_spec.rb
-- spec/application_helper.rb
 - spec/fixtures/upload.png
 - spec/headers_spec.rb
 - spec/helpers_spec.rb
 - spec/railtie_spec.rb
+- spec/request_drivers/action_controller_spec.rb
+- spec/request_drivers/action_dispatch_spec.rb
+- spec/request_drivers/curb_spec.rb
+- spec/request_drivers/faraday_spec.rb
+- spec/request_drivers/httpi_spec.rb
+- spec/request_drivers/net_http_spec.rb
+- spec/request_drivers/rack_spec.rb
+- spec/request_drivers/rest_client_spec.rb
 - spec/spec_helper.rb
-- spec/test_helper.rb
-has_rdoc: