api-auth 1.5.0 → 2.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 79cbdc86c27b9748d521ca8e0efe2038efa0641b
-  data.tar.gz: 2cc39d41382118e60496a8c9ca9693fb6a4baf02
+SHA256:
+  metadata.gz: b642f1c16d0ccca2a260e5440012a3d02fe3b333d3cb769a76e139ec97c39368
+  data.tar.gz: 5f68593348b4cbcf7b76250675c7bb355904b8f365129b8a57696e04fed5a802
 SHA512:
-  metadata.gz: f6f7a9271d443ffc86bb0cbb3f674febbe860832429e677a54c7e03cea418597768b746b8ce90f51789be20f21f97011be1e6ff50f1ba4ec3e665cc4351c6da7
-  data.tar.gz: 28873d74e56b7e7cb9b8aee01811841971a79a2d3fa459ca399ac28088495e9e29f26d35216369db5fd626e9f8917877dbcc53d40cb08a23c66bb48f5a6f4975
+  metadata.gz: f148aa229d78829b86af9772e962463866e3ad85653b9fc759494969c901717be7d9c6b11087f6873253777610d9dcf3b209189e0076249d72a5256dc2acf026
+  data.tar.gz: 6fab592a96c63ab8c52665c321c4291a5bd67fea0d366298a1c3efa82a6819e5a7434f2ed18c0cf48cac301cc219963fcdde831c237868e9a03cc5d09c3ae440

data/.github/workflows/main.yml

@@ -0,0 +1,71 @@
+name: main
+on:
+  - push
+  - pull_request
+jobs:
+  rspec:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: true
+      matrix:
+        ruby-version:
+          - 2.6
+          - 2.7
+          - 3.0
+          - 3.1
+        gemfile:
+          - rails_60.gemfile
+          - rails_61.gemfile
+          - rails_70.gemfile
+        exclude:
+          - ruby-version: 3.0
+            gemfile: rails_60.gemfile
+          - ruby-version: 3.1
+            gemfile: rails_60.gemfile 
+          - ruby-version: 2.6
+            gemfile: rails_70.gemfile
+          - ruby-version: 2.7
+            gemfile: rails_70.gemfile
+    steps:
+      - name: Install packages required for `curb` gem
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y libcurl4 libcurl3-gnutls libcurl4-openssl-dev
+
+      - name: Checkout repository
+        uses: actions/checkout@v2
+
+      - name: Install Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby-version }}
+          bundler-cache: true
+
+      - name: Install required gems
+        run: BUNDLE_GEMFILE=gemfiles/${{ matrix.gemfile }} bundle install
+
+      - name: Run rspec tests
+        run: BUNDLE_GEMFILE=gemfiles/${{ matrix.gemfile }} bundle exec rspec
+
+  rubocop:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Install packages required for `curb` gem
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y libcurl4 libcurl3-gnutls libcurl4-openssl-dev
+
+      - name: Checkout repository
+        uses: actions/checkout@v2
+
+      - name: Install Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: 3.1
+          bundler-cache: true
+
+      - name: Install required gems
+        run: bundle install
+
+      - name: Run rubocop
+        run: bundle exec rubocop

data/.gitignore

@@ -1,44 +1,13 @@
-.rvmrc
-
-# rcov generated
-coverage
-
-# rdoc generated
-rdoc
-
-# yard generated
-doc
-.yardoc
-
-# bundler
-.bundle
-
-# jeweler generated
-pkg
-
-# Have editor/IDE/OS specific files you need to ignore? Consider using a global gitignore: 
-#
-# * Create a file at ~/.gitignore
-# * Include files you want ignored
-# * Run: git config --global core.excludesfile ~/.gitignore
-#
-# After doing this, these files will be ignored in all your git projects,
-# saving you from having to 'pollute' every project you touch with them
-#
-# Not sure what to needs to be ignored for particular editors/OSes? Here's some ideas to get you started. (Remember, remove the leading # of the line)
-#
-# For MacOS:
-#
-#.DS_Store
-#
-# For TextMate
-#*.tmproj
-#tmtags
-#
-# For emacs:
-#*~
-#\#*
-#.\#*
-#
-# For vim:
-#*.swp
+/.bundle
+/.ruby-version
+/.rvmrc
+/Gemfile.lock
+/rdoc
+/pkg
+/coverage
+/doc
+/.yardoc
+gemfiles/*.lock
+gemfiles/.bundle/
+/.idea
+*.gem

data/.rubocop.yml

@@ -0,0 +1,39 @@
+inherit_from: .rubocop_todo.yml
+
+AllCops:
+  NewCops: enable
+  TargetRubyVersion: 2.6
+
+Metrics/AbcSize:
+  Max: 28
+
+# Configuration parameters: AllowHeredoc, AllowURI, URISchemes, IgnoreCopDirectives, IgnoredPatterns.
+# URISchemes: http, https
+Layout/LineLength:
+  Max: 140
+
+Metrics/MethodLength:
+  Max: 40
+
+Metrics/BlockLength:
+  Exclude:
+    - 'spec/**/*.rb'
+    - 'api_auth.gemspec'
+
+Naming/FileName:
+  Exclude:
+    - 'lib/api-auth.rb'
+
+Style/FrozenStringLiteralComment:
+  Enabled: false
+
+Style/StringLiterals:
+  Exclude:
+    - 'gemfiles/*.gemfile'
+
+Lint/DuplicateBranch:
+  Enabled: false
+
+# Development dependencies in gemspec is valid for gems
+Gemspec/DevelopmentDependencies:
+  Enabled: false

data/.rubocop_todo.yml

@@ -0,0 +1,83 @@
+# This configuration was generated by
+# `rubocop --auto-gen-config`
+# on 2022-08-03 07:19:11 UTC using RuboCop version 1.32.0.
+# The point is for the user to remove these configuration records
+# one by one as the offenses are removed from the code base.
+# Note that changes in the inspected code, or installation of new
+# versions of RuboCop, may require this file to be generated again.
+
+# Offense count: 1
+# Configuration parameters: AllowSafeAssignment.
+Lint/AssignmentInCondition:
+  Exclude:
+    - 'lib/api_auth/base.rb'
+
+# Offense count: 4
+# Configuration parameters: AllowedMethods.
+# AllowedMethods: enums
+Lint/ConstantDefinitionInBlock:
+  Exclude:
+    - 'spec/railtie_spec.rb'
+
+# Offense count: 9
+# Configuration parameters: CheckForMethodsWithNoSideEffects.
+Lint/Void:
+  Exclude:
+    - 'lib/api_auth/headers.rb'
+    - 'lib/api_auth/request_drivers/action_controller.rb'
+    - 'lib/api_auth/request_drivers/curb.rb'
+    - 'lib/api_auth/request_drivers/faraday.rb'
+    - 'lib/api_auth/request_drivers/grape_request.rb'
+    - 'lib/api_auth/request_drivers/httpi.rb'
+    - 'lib/api_auth/request_drivers/net_http.rb'
+    - 'lib/api_auth/request_drivers/rack.rb'
+    - 'lib/api_auth/request_drivers/rest_client.rb'
+
+# Offense count: 2
+# Configuration parameters: IgnoredMethods.
+Metrics/CyclomaticComplexity:
+  Max: 16
+
+# Offense count: 11
+Naming/AccessorMethodName:
+  Exclude:
+    - 'lib/api_auth/railtie.rb'
+    - 'lib/api_auth/request_drivers/action_controller.rb'
+    - 'lib/api_auth/request_drivers/curb.rb'
+    - 'lib/api_auth/request_drivers/faraday.rb'
+    - 'lib/api_auth/request_drivers/faraday_env.rb'
+    - 'lib/api_auth/request_drivers/grape_request.rb'
+    - 'lib/api_auth/request_drivers/http.rb'
+    - 'lib/api_auth/request_drivers/httpi.rb'
+    - 'lib/api_auth/request_drivers/net_http.rb'
+    - 'lib/api_auth/request_drivers/rack.rb'
+    - 'lib/api_auth/request_drivers/rest_client.rb'
+
+# Offense count: 3
+# Configuration parameters: MinNameLength, AllowNamesEndingInNumbers, AllowedNames, ForbiddenNames.
+# AllowedNames: at, by, db, id, in, io, ip, of, on, os, pp, to
+Naming/MethodParameterName:
+  Exclude:
+    - 'lib/api_auth/base.rb'
+    - 'spec/railtie_spec.rb'
+
+# Offense count: 4
+# Configuration parameters: AllowedConstants.
+Style/Documentation:
+  Exclude:
+    - 'spec/**/*'
+    - 'test/**/*'
+    - 'lib/api_auth/railtie.rb'
+    - 'lib/api_auth/request_drivers/rest_client.rb'
+
+# Offense count: 1
+# Configuration parameters: AllowedMethods.
+# AllowedMethods: respond_to_missing?
+Style/OptionalBooleanParameter:
+  Exclude:
+    - 'lib/api_auth/railtie.rb'
+
+# Offense count: 1
+Lint/UselessConstantScoping:
+  Exclude:
+    - 'lib/api_auth/base.rb'

data/Appraisals

@@ -1,41 +1,17 @@
-appraise "rails-42" do
-  gem "actionpack", "~> 4.2.0"
-  gem "activeresource", "~> 4.0.0"
-  gem "activesupport", "~> 4.2.0"
+appraise 'rails-60' do
+  gem 'actionpack', '~> 6.0'
+  gem 'activeresource', '~> 5.1'
+  gem 'activesupport', '~> 6.0'
 end
 
-appraise "rails-41" do
-  gem "actionpack", "~> 4.1.0"
-  gem "activeresource", "~> 4.0.0"
-  gem "activesupport", "~> 4.1.0"
+appraise 'rails-61' do
+  gem 'actionpack', '~> 6.1'
+  gem 'activeresource', '~> 5.1'
+  gem 'activesupport', '~> 6.1'
 end
 
-appraise "rails-4" do
-  gem "actionpack", "~> 4.0.4"
-  gem "activeresource", "~> 4.0.0"
-  gem "activesupport", "~> 4.0.4"
-end
-
-appraise "rails-32" do
-  gem "actionpack", "~> 3.2.17"
-  gem "activeresource", "~> 3.2.17"
-  gem "activesupport", "~> 3.2.17"
-end
-
-appraise "rails-31" do
-  gem "actionpack", "~> 3.1.0"
-  gem "activeresource", "~> 3.1.0"
-  gem "activesupport", "~> 3.1.0"
-end
-
-appraise "rails-30" do
-  gem "actionpack", "~> 3.0.20"
-  gem "activeresource", "~> 3.0.20"
-  gem "activesupport", "~> 3.0.20"
-end
-
-appraise "rails-23" do
-  gem "actionpack", "~> 2.3.2"
-  gem "activeresource", "~> 2.3.2"
-  gem "activesupport", "~> 2.3.2"
+appraise 'rails-70' do
+  gem 'actionpack', '~> 7.0'
+  gem 'activeresource', '~> 6.0'
+  gem 'activesupport', '~> 7.0'
 end

data/CHANGELOG.md

@@ -1,3 +1,77 @@
+# 2.6.0 (2025-01-18)
+- Add Faraday middleware support (#1322051 Frédéric Mangano)
+- Add MD5 compatibility option in authentic? method (#a618e15 Samir ALI CHERIF)
+- Add support for Ruby 3.1 and Rails 7.0 (#552cab0 fwininger)
+- Drop support for Rails 5 and Ruby 2.5 (#552cab0 fwininger)
+- Fix HTTPS URL handling (#c734a88 fwininger)
+- Update Grape to v2.0+ for Rails 7/Rack 3 compatibility
+- Update Rubocop to v1.50+ and Curb to v1.0+ for Ruby 3.x compatibility
+- Fix Ruby 2.6 compatibility with Rails 6.x (Logger loading issue)
+- Add drb gem dependency (2.0.4-2.0.5) for Ruby 3.4+ compatibility while avoiding Ruby 2.6 conflicts
+
+# 2.5.1 (2021-11-26)
+- Add spec coverage for all content hashes (#202 fwininger)
+- Require MFA for Rubygems (#203 fwininger)
+- Integration with GitHub Actions
+- Fix look up of `X-AUTHORIZATION-CONTENT-SHA256` header
+- Adding license information to the gemspec
+
+# 2.5.0 (2021-05-11)
+- Add support for Ruby 3.0 (#194 fwininger)
+- Add support for Rails 6.1 (#194 fwininger)
+- Drop support for Ruby 2.4 (#193 fwininger)
+- Drop support for Rails 5.0 (#194 fwininger)
+- Drop support for Rails 5.1 (#194 fwininger)
+- Fix Faraday warning: `WARNING: Faraday::Request#method is deprecated` (#191 fwininger)
+
+# 2.4.1 (2020-06-23)
+- Fix inadvertant ActiveSupport dependecy (#189 taylorthurlow)
+
+# 2.4.0 (2020-05-05)
+- Improved support for Rails 6.0 (#179 taylorthurlow, #177 fwininger)
+- Added Ruby 2.6.0 support (#174 fwininger)
+- README updates (#186 iranthau)
+
+# 2.3.1 (2018-11-06)
+- Fixed a regression in the http.rb driver (#173 tycooon)
+
+# 2.3.0 (2018-10-23)
+- Added support for Grape API (#169 phuongnd08 & dunghuynh)
+- Added option for specifying customer headers to sign via new `headers_to_sign`
+  argument (#170 fakenine)
+- Fix tests and drop support for Ruby < 2.3 (#171 fwininger)
+
+# 2.2.0 (2018-03-12)
+- Drop support ruby 1.x, rails 2.x, rails 3.x (#141 fwininger)
+- Add http.rb request driver (#164 tycooon)
+- Fix POST and PUT requests in RestClient (#151 fwininger)
+- Allow clock skew to be user-defined (#136 mlarraz)
+- Adds #original_uri method to all request drivers (#137 iMacTia)
+- Rubocop and test fixes (fwininger & nicolasleger)
+- Changed return type for request #content_md5 #timestamp #content_type (fwininger)
+- Fix URI edge case where a URI contains another URI (zfletch)
+- Updates to the README (zfletch)
+
+# 2.1.0 (2016-12-22)
+- Fixed a NoMethodError that might occur when using the NetHttp Driver (#130 grahamkenville)
+- More securely compare signatures in a way that prevents timing attacks (#56 leishman, #133 will0)
+- Remove support for MD2 and MD4 hashing algorithms since they are insecure (#134 will0)
+- Disallow requests that are too far in the future to limit the time available for a brute force signature guess (#119 fwininger)
+
+# 2.0.1 (2016-07-25)
+- Support of `api_auth_options` in ActiveResource integration (#102 fwininger)
+- Replace use of `#blank?` with `#nil?` to not depend on ActiveSupport (#114 packrat386)
+- Fix Auth header matching to not match invalid SHA algorithms (#115 packrat386)
+- Replace `alias_method_chain` with `alias_method` in the railtie since
+  alias_method_chain is deprecated in Rails 5 (#118 mlarraz)
+
+# 2.0.0 (2016-05-11)
+- IMPORTANT: 2.0.0 is backwards incompatible with the default settings of v1.x
+  v2.0.0 always includes the http method in the canonical string.
+  You can use the upgrade strategy in v1.4.x and above to migrate to v2.0.0
+  without any down time. Please see the 1.4.0 release nodes for more info
+- Added support for other digest algorithms like SHA-256 (#98 fwininger)
+
 # 1.5.0 (2016-01-21)
 - Added a sign_with_http_method configuration option to the ActiveResource
   rails tie to correspond to passing the `:with_http_method => true` into
@@ -7,7 +81,7 @@
 - Fixed an issue where getters wouldn't immediately have the correct value after
   setting a date or content md5 in some of the request drivers (#91)
 
-# 1.4 (2015-12-16)
+# 1.4.0 (2015-12-16)
 
 ## IMPORTANT SECURITY FIX (with backwards compatible fallback)