api-auth 1.5.0 → 2.0.0

data/spec/headers_spec.rb

@@ -1,9 +1,8 @@
 require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
 
 describe ApiAuth::Headers do
-
   describe '#canonical_string' do
-    context "uri edge cases" do
+    context 'uri edge cases' do
       let(:request) { RestClient::Request.new(:url => uri, :method => :get) }
       subject(:headers) { described_class.new(request) }
       let(:uri) { '' }
@@ -12,7 +11,7 @@ describe ApiAuth::Headers do
         let(:uri) { ''.freeze }
 
         it 'adds / to canonical string' do
-          expect(subject.canonical_string).to eq(',,/,')
+          expect(subject.canonical_string).to eq('GET,,,/,')
         end
       end
 
@@ -20,7 +19,7 @@ describe ApiAuth::Headers do
         let(:uri) { 'http://google.com'.freeze }
 
         it 'return / as canonical string path' do
-          expect(subject.canonical_string).to eq(',,/,')
+          expect(subject.canonical_string).to eq('GET,,,/,')
         end
 
         it 'does not change request url (by removing host)' do
@@ -32,7 +31,7 @@ describe ApiAuth::Headers do
         let(:uri) { 'http://google.com/'.freeze }
 
         it 'return / as canonical string path' do
-          expect(subject.canonical_string).to eq(',,/,')
+          expect(subject.canonical_string).to eq('GET,,,/,')
         end
 
         it 'does not change request url (by removing host)' do
@@ -41,107 +40,93 @@ describe ApiAuth::Headers do
       end
     end
 
-    context "string construction" do
-      let(:request){ RestClient::Request.new(:url => "http://google.com", :method => :get) }
-      subject(:headers) { described_class.new(request) }
-      let(:driver){ headers.instance_variable_get("@request")}
-
-      it "puts the canonical string together correctly" do
-        allow(driver).to receive(:content_type).and_return "text/html"
-        allow(driver).to receive(:content_md5).and_return "12345"
-        allow(driver).to receive(:request_uri).and_return "/foo"
-        allow(driver).to receive(:timestamp).and_return "Mon, 23 Jan 1984 03:29:56 GMT"
-        expect(headers.canonical_string).to eq "text/html,12345,/foo,Mon, 23 Jan 1984 03:29:56 GMT"
-      end
-    end
-  end
-
-  describe "#canonical_string_with_http_method" do
-    context "with a driver that supplies http_method" do
-      let(:request){ RestClient::Request.new(:url => "http://google.com", :method => :get) }
-      subject(:headers) { described_class.new(request) }
-      let(:driver){ headers.instance_variable_get("@request")}
-
-      before do
-        allow(driver).to receive(:http_method).and_return "GET"
-        allow(driver).to receive(:content_type).and_return "text/html"
-        allow(driver).to receive(:content_md5).and_return "12345"
-        allow(driver).to receive(:request_uri).and_return "/foo"
-        allow(driver).to receive(:timestamp).and_return "Mon, 23 Jan 1984 03:29:56 GMT"
-      end
+    context 'string construction' do
+      context 'with a driver that supplies http_method' do
+        let(:request) { RestClient::Request.new(:url => 'http://google.com', :method => :get) }
+        subject(:headers) { described_class.new(request) }
+        let(:driver) { headers.instance_variable_get('@request') }
+
+        before do
+          allow(driver).to receive(:http_method).and_return 'GET'
+          allow(driver).to receive(:content_type).and_return 'text/html'
+          allow(driver).to receive(:content_md5).and_return '12345'
+          allow(driver).to receive(:request_uri).and_return '/foo'
+          allow(driver).to receive(:timestamp).and_return 'Mon, 23 Jan 1984 03:29:56 GMT'
+        end
 
-      context "when not passed an override" do
-        it "constructs the canonical_string with the driver's http method" do
-          expect(headers.canonical_string_with_http_method).to eq "GET,text/html,12345,/foo,Mon, 23 Jan 1984 03:29:56 GMT"
+        context 'when not passed an override' do
+          it "constructs the canonical_string with the driver's http method" do
+            expect(headers.canonical_string).to eq 'GET,text/html,12345,/foo,Mon, 23 Jan 1984 03:29:56 GMT'
+          end
         end
-      end
 
-      context "when passed an override" do
-        it "constructs the canonical_string with the overridden http method" do
-          expect(headers.canonical_string_with_http_method("put")).to eq "PUT,text/html,12345,/foo,Mon, 23 Jan 1984 03:29:56 GMT"
+        context 'when passed an override' do
+          it 'constructs the canonical_string with the overridden http method' do
+            expect(headers.canonical_string('put')).to eq 'PUT,text/html,12345,/foo,Mon, 23 Jan 1984 03:29:56 GMT'
+          end
         end
       end
-    end
 
-    context "when a driver that doesn't supply http_method" do
-      let(:request) do
-        Curl::Easy.new("/resource.xml?foo=bar&bar=foo") do |curl|
-          curl.headers = { 'Content-Type'  => "text/plain" }
+      context "when a driver that doesn't supply http_method" do
+        let(:request) do
+          Curl::Easy.new('/resource.xml?foo=bar&bar=foo') do |curl|
+            curl.headers = { 'Content-Type' => 'text/plain' }
+          end
+        end
+        subject(:headers) { described_class.new(request) }
+        let(:driver) { headers.instance_variable_get('@request') }
+
+        before do
+          allow(driver).to receive(:http_method).and_return nil
+          allow(driver).to receive(:content_type).and_return 'text/html'
+          allow(driver).to receive(:content_md5).and_return '12345'
+          allow(driver).to receive(:request_uri).and_return '/foo'
+          allow(driver).to receive(:timestamp).and_return 'Mon, 23 Jan 1984 03:29:56 GMT'
         end
-      end
-      subject(:headers) { described_class.new(request) }
-      let(:driver){ headers.instance_variable_get("@request")}
-
-      before do
-        allow(driver).to receive(:http_method).and_return nil
-        allow(driver).to receive(:content_type).and_return "text/html"
-        allow(driver).to receive(:content_md5).and_return "12345"
-        allow(driver).to receive(:request_uri).and_return "/foo"
-        allow(driver).to receive(:timestamp).and_return "Mon, 23 Jan 1984 03:29:56 GMT"
-      end
 
-      context "when not passed an override" do
-        it "raises an error" do
-          expect{ headers.canonical_string_with_http_method }.to raise_error(ArgumentError)
+        context 'when not passed an override' do
+          it 'raises an error' do
+            expect { headers.canonical_string }.to raise_error(ArgumentError)
+          end
         end
-      end
 
-      context "when passed an override" do
-        it "constructs the canonical_string with the overridden http method" do
-          expect(headers.canonical_string_with_http_method("put")).to eq "PUT,text/html,12345,/foo,Mon, 23 Jan 1984 03:29:56 GMT"
+        context 'when passed an override' do
+          it 'constructs the canonical_string with the overridden http method' do
+            expect(headers.canonical_string('put')).to eq 'PUT,text/html,12345,/foo,Mon, 23 Jan 1984 03:29:56 GMT'
+          end
         end
       end
     end
   end
 
   describe '#calculate_md5' do
-    subject(:headers){ described_class.new(request) }
-    let(:driver){ headers.instance_variable_get("@request")}
+    subject(:headers) { described_class.new(request) }
+    let(:driver) { headers.instance_variable_get('@request') }
 
-    context "no md5 already calculated" do
-      let(:request) {
+    context 'no md5 already calculated' do
+      let(:request) do
         RestClient::Request.new(
           :url => 'http://google.com',
           :method => :post,
           :payload => "hello\nworld"
         )
-      }
+      end
 
-      it "populates the md5 header" do
+      it 'populates the md5 header' do
         expect(driver).to receive(:populate_content_md5)
         headers.calculate_md5
       end
     end
 
-    context "md5 already calculated" do
-      let(:request) {
+    context 'md5 already calculated' do
+      let(:request) do
         RestClient::Request.new(
           :url => 'http://google.com',
           :method => :post,
           :payload => "hello\nworld",
-          :headers => {:content_md5 => "abcd"}
+          :headers => { :content_md5 => 'abcd' }
         )
-      }
+      end
 
       it "doesn't populate the md5 header" do
         expect(driver).not_to receive(:populate_content_md5)
@@ -150,30 +135,30 @@ describe ApiAuth::Headers do
     end
   end
 
-  describe "#md5_mismatch?" do
-    let(:request){ RestClient::Request.new(:url => "http://google.com", :method => :get) }
-    subject(:headers){ described_class.new(request) }
-    let(:driver){ headers.instance_variable_get("@request") }
+  describe '#md5_mismatch?' do
+    let(:request) { RestClient::Request.new(:url => 'http://google.com', :method => :get) }
+    subject(:headers) { described_class.new(request) }
+    let(:driver) { headers.instance_variable_get('@request') }
 
-    context "when request has md5 header" do
-      it "asks the driver" do
-        allow(driver).to receive(:content_md5).and_return "1234"
+    context 'when request has md5 header' do
+      it 'asks the driver' do
+        allow(driver).to receive(:content_md5).and_return '1234'
 
         expect(driver).to receive(:md5_mismatch?).and_call_original
         headers.md5_mismatch?
       end
     end
 
-    context "when request has no md5" do
+    context 'when request has no md5' do
       it "doesn't ask the driver" do
-        allow(driver).to receive(:content_md5).and_return ""
+        allow(driver).to receive(:content_md5).and_return ''
 
         expect(driver).not_to receive(:md5_mismatch?).and_call_original
         headers.md5_mismatch?
       end
 
-      it "returns false" do
-        allow(driver).to receive(:content_md5).and_return ""
+      it 'returns false' do
+        allow(driver).to receive(:content_md5).and_return ''
 
         expect(headers.md5_mismatch?).to be false
       end

data/spec/helpers_spec.rb

@@ -1,14 +1,12 @@
 require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
 
-describe "ApiAuth::Helpers" do
-  
-  it "should strip the new line character on a Base64 encoding" do
-    expect(ApiAuth.b64_encode("some string")).not_to match(/\n/)
+describe 'ApiAuth::Helpers' do
+  it 'should strip the new line character on a Base64 encoding' do
+    expect(ApiAuth.b64_encode('some string')).not_to match(/\n/)
   end
-  
+
   it "should properly upcase a hash's keys" do
-    hsh = { "JoE" => "rOOLz" }
-    expect(ApiAuth.capitalize_keys(hsh)["JOE"]).to eq("rOOLz")
+    hsh = { 'JoE' => 'rOOLz' }
+    expect(ApiAuth.capitalize_keys(hsh)['JOE']).to eq('rOOLz')
   end
-  
-end
+end

data/spec/railtie_spec.rb

@@ -1,14 +1,11 @@
 require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
 
-describe "Rails integration" do
-
-  API_KEY_STORE = { "1044" => "l16imAXie1sRMcJODpOG7UwC1VyoqvO13jejkfpKWX4Z09W8DC9IrU23DvCwMry7pgSFW6c5S1GIfV0OY6F/vUA==" }
-
-  describe "Rails controller integration" do
+describe 'Rails integration' do
+  API_KEY_STORE = { '1044' => 'l16imAXie1sRMcJODpOG7UwC1VyoqvO13jejkfpKWX4Z09W8DC9IrU23DvCwMry7pgSFW6c5S1GIfV0OY6F/vUA==' }.freeze
 
+  describe 'Rails controller integration' do
     class ApplicationController < ActionController::Base
-
-    private
+      private
 
       def require_api_auth
         if (access_id = get_api_access_id_from_request)
@@ -16,12 +13,11 @@ describe "Rails integration" do
         end
 
         respond_to do |format|
-          format.xml { render :xml => "You are unauthorized to perform this action.", :status => 401 }
-          format.json { render :json => "You are unauthorized to perform this action.", :status => 401 }
-          format.html { render :text => "You are unauthorized to perform this action", :status => 401 }
+          format.xml { render :xml => 'You are unauthorized to perform this action.', :status => 401 }
+          format.json { render :json => 'You are unauthorized to perform this action.', :status => 401 }
+          format.html { render :text => 'You are unauthorized to perform this action', :status => 401 }
         end
       end
-
     end
 
     class TestController < ApplicationController
@@ -34,18 +30,20 @@ describe "Rails integration" do
       end
 
       def index
-        render :text => "OK"
+        render :text => 'OK'
       end
 
       def public
-        render :text => "OK"
+        render :text => 'OK'
       end
 
-      def rescue_action(e); raise(e); end
+      def rescue_action(e)
+        raise(e)
+      end
     end
 
     unless defined?(ActionDispatch)
-      ActionController::Routing::Routes.draw {|map| map.resources :test }
+      ActionController::Routing::Routes.draw { |map| map.resources :test }
     end
 
     def generated_response(request, action = :index)
@@ -58,102 +56,74 @@ describe "Rails integration" do
         response
       else
         request.action = action.to_s
-        request.path = "/#{action.to_s}"
+        request.path = "/#{action}"
         TestController.new.process(request, ActionController::TestResponse.new)
       end
     end
 
-    it "should permit a request with properly signed headers" do
+    it 'should permit a request with properly signed headers' do
       request = ActionController::TestRequest.new
       request.env['DATE'] = Time.now.utc.httpdate
-      ApiAuth.sign!(request, "1044", API_KEY_STORE["1044"])
+      ApiAuth.sign!(request, '1044', API_KEY_STORE['1044'])
       response = generated_response(request, :index)
-      expect(response.code).to eq("200")
+      expect(response.code).to eq('200')
     end
 
-    it "should forbid a request with properly signed headers but timestamp > 15 minutes" do
+    it 'should forbid a request with properly signed headers but timestamp > 15 minutes' do
       request = ActionController::TestRequest.new
-      request.env['DATE'] = "Mon, 23 Jan 1984 03:29:56 GMT"
-      ApiAuth.sign!(request, "1044", API_KEY_STORE["1044"])
+      request.env['DATE'] = 'Mon, 23 Jan 1984 03:29:56 GMT'
+      ApiAuth.sign!(request, '1044', API_KEY_STORE['1044'])
       response = generated_response(request, :index)
-      expect(response.code).to eq("401")
+      expect(response.code).to eq('401')
     end
 
     it "should insert a DATE header in the request when one hasn't been specified" do
       request = ActionController::TestRequest.new
-      ApiAuth.sign!(request, "1044", API_KEY_STORE["1044"])
+      ApiAuth.sign!(request, '1044', API_KEY_STORE['1044'])
       expect(request.headers['DATE']).not_to be_nil
     end
 
-    it "should forbid an unsigned request to a protected controller action" do
+    it 'should forbid an unsigned request to a protected controller action' do
       request = ActionController::TestRequest.new
       response = generated_response(request, :index)
-      expect(response.code).to eq("401")
+      expect(response.code).to eq('401')
     end
 
-    it "should forbid a request with a bogus signature" do
+    it 'should forbid a request with a bogus signature' do
       request = ActionController::TestRequest.new
-      request.env['Authorization'] = "APIAuth bogus:bogus"
+      request.env['Authorization'] = 'APIAuth bogus:bogus'
       response = generated_response(request, :index)
-      expect(response.code).to eq("401")
+      expect(response.code).to eq('401')
     end
 
-    it "should allow non-protected controller actions to function as before" do
+    it 'should allow non-protected controller actions to function as before' do
       request = ActionController::TestRequest.new
       response = generated_response(request, :public)
-      expect(response.code).to eq("200")
+      expect(response.code).to eq('200')
     end
-
   end
 
-  describe "Rails ActiveResource integration" do
-
+  describe 'Rails ActiveResource integration' do
     class TestResource < ActiveResource::Base
-      with_api_auth "1044", API_KEY_STORE["1044"]
-      self.site = "http://localhost/"
+      with_api_auth '1044', API_KEY_STORE['1044']
+      self.site = 'http://localhost/'
       self.format = :xml
     end
 
-    it "should send signed requests automagically" do
-      timestamp = Time.parse("Mon, 23 Jan 1984 03:29:56 GMT")
+    it 'should send signed requests automagically' do
+      timestamp = Time.parse('Mon, 23 Jan 1984 03:29:56 GMT')
       allow(Time).to receive(:now).at_least(1).times.and_return(timestamp)
       ActiveResource::HttpMock.respond_to do |mock|
-        mock.get "/test_resources/1.xml",
-          {
-            'Authorization' => 'APIAuth 1044:IbTx7VzSOGU55HNbV4y2jZDnVis=',
-            'Accept' => 'application/xml',
-            'DATE' => "Mon, 23 Jan 1984 03:29:56 GMT"
-          },
-          { :id => "1" }.to_xml(:root => 'test_resource')
+        mock.get '/test_resources/1.xml',
+                 {
+                   'Authorization' => 'APIAuth 1044:LZ1jujf3x1nnGR70/208WPXdUHw=',
+                   'Accept' => 'application/xml',
+                   'DATE' => 'Mon, 23 Jan 1984 03:29:56 GMT'
+                 },
+                 { :id => '1' }.to_xml(:root => 'test_resource')
       end
-      expect(ApiAuth).to receive(:sign!).with(anything, "1044", API_KEY_STORE["1044"], { :with_http_method => false }).and_call_original
+      expect(ApiAuth).to receive(:sign!).with(anything, '1044', API_KEY_STORE['1044']).and_call_original
       TestResource.find(1)
     end
-
-    context "when telling it to include the http method in the signature" do
-      class TestResourceForHttpMethod < ActiveResource::Base
-        with_api_auth "1044", API_KEY_STORE["1044"], :sign_with_http_method => true
-        self.site = "http://localhost/"
-        self.format = :xml
-      end
-
-      it "signs with the http method" do
-        timestamp = Time.parse("Mon, 23 Jan 1984 03:29:56 GMT")
-        allow(Time).to receive(:now).at_least(1).times.and_return(timestamp)
-        ActiveResource::HttpMock.respond_to do |mock|
-          mock.get "/test_resource_for_http_methods/1.xml",
-            {
-              'Authorization' => 'APIAuth 1044:Gq190cxgKm7oWH1fc+y8+wmD9ts=',
-              'Accept' => 'application/xml',
-              'DATE' => "Mon, 23 Jan 1984 03:29:56 GMT"
-            },
-            { :id => "1" }.to_xml(:root => 'test_resource')
-        end
-        expect(ApiAuth).to receive(:sign!).with(anything, "1044", API_KEY_STORE["1044"], { :with_http_method => true }).and_call_original
-        TestResourceForHttpMethod.find(1)
-      end
-    end
-
   end
-
 end