api-auth 1.5.0 → 2.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/.github/workflows/main.yml +71 -0
- data/.gitignore +13 -44
- data/.rubocop.yml +39 -0
- data/.rubocop_todo.yml +83 -0
- data/Appraisals +12 -36
- data/CHANGELOG.md +75 -1
- data/README.md +155 -52
- data/Rakefile +1 -1
- data/VERSION +1 -1
- data/api_auth.gemspec +35 -23
- data/gemfiles/rails_60.gemfile +9 -0
- data/gemfiles/rails_61.gemfile +9 -0
- data/gemfiles/rails_70.gemfile +9 -0
- data/lib/api-auth.rb +1 -1
- data/lib/api_auth/base.rb +41 -35
- data/lib/api_auth/errors.rb +4 -3
- data/lib/api_auth/headers.rb +38 -42
- data/lib/api_auth/helpers.rb +7 -16
- data/lib/api_auth/railtie.rb +34 -74
- data/lib/api_auth/request_drivers/action_controller.rb +27 -27
- data/lib/api_auth/request_drivers/action_dispatch.rb +0 -6
- data/lib/api_auth/request_drivers/curb.rb +16 -21
- data/lib/api_auth/request_drivers/faraday.rb +25 -34
- data/lib/api_auth/request_drivers/faraday_env.rb +102 -0
- data/lib/api_auth/request_drivers/grape_request.rb +87 -0
- data/lib/api_auth/request_drivers/http.rb +96 -0
- data/lib/api_auth/request_drivers/httpi.rb +22 -27
- data/lib/api_auth/request_drivers/net_http.rb +21 -26
- data/lib/api_auth/request_drivers/rack.rb +23 -28
- data/lib/api_auth/request_drivers/rest_client.rb +24 -29
- data/lib/api_auth.rb +4 -0
- data/lib/faraday/api_auth/middleware.rb +35 -0
- data/lib/faraday/api_auth.rb +8 -0
- data/spec/api_auth_spec.rb +135 -96
- data/spec/faraday_middleware_spec.rb +17 -0
- data/spec/headers_spec.rb +148 -108
- data/spec/helpers_spec.rb +8 -10
- data/spec/railtie_spec.rb +80 -99
- data/spec/request_drivers/action_controller_spec.rb +122 -79
- data/spec/request_drivers/action_dispatch_spec.rb +212 -85
- data/spec/request_drivers/curb_spec.rb +36 -33
- data/spec/request_drivers/faraday_env_spec.rb +188 -0
- data/spec/request_drivers/faraday_spec.rb +87 -83
- data/spec/request_drivers/grape_request_spec.rb +280 -0
- data/spec/request_drivers/http_spec.rb +190 -0
- data/spec/request_drivers/httpi_spec.rb +59 -59
- data/spec/request_drivers/net_http_spec.rb +70 -66
- data/spec/request_drivers/rack_spec.rb +101 -97
- data/spec/request_drivers/rest_client_spec.rb +218 -144
- data/spec/spec_helper.rb +15 -12
- metadata +144 -83
- data/.travis.yml +0 -40
- data/Gemfile.lock +0 -115
- data/gemfiles/rails_23.gemfile +0 -9
- data/gemfiles/rails_23.gemfile.lock +0 -70
- data/gemfiles/rails_30.gemfile +0 -9
- data/gemfiles/rails_30.gemfile.lock +0 -92
- data/gemfiles/rails_31.gemfile +0 -9
- data/gemfiles/rails_31.gemfile.lock +0 -98
- data/gemfiles/rails_32.gemfile +0 -9
- data/gemfiles/rails_32.gemfile.lock +0 -97
- data/gemfiles/rails_4.gemfile +0 -9
- data/gemfiles/rails_4.gemfile.lock +0 -94
- data/gemfiles/rails_41.gemfile +0 -9
- data/gemfiles/rails_41.gemfile.lock +0 -98
- data/gemfiles/rails_42.gemfile +0 -9
- data/gemfiles/rails_42.gemfile.lock +0 -115
|
@@ -1,306 +1,310 @@
|
|
|
1
1
|
require 'spec_helper'
|
|
2
2
|
|
|
3
3
|
describe ApiAuth::RequestDrivers::RackRequest do
|
|
4
|
+
let(:timestamp) { Time.now.utc.httpdate }
|
|
4
5
|
|
|
5
|
-
let(:
|
|
6
|
+
let(:request_path) { '/resource.xml?foo=bar&bar=foo' }
|
|
6
7
|
|
|
7
|
-
let(:
|
|
8
|
-
|
|
9
|
-
let(:request_headers){
|
|
8
|
+
let(:request_headers) do
|
|
10
9
|
{
|
|
11
|
-
'Authorization'
|
|
12
|
-
'Content-
|
|
10
|
+
'Authorization' => 'APIAuth 1044:12345',
|
|
11
|
+
'X-Authorization-Content-SHA256' => '47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=',
|
|
13
12
|
'Content-Type' => 'text/plain',
|
|
14
13
|
'Date' => timestamp
|
|
15
14
|
}
|
|
16
|
-
|
|
15
|
+
end
|
|
17
16
|
|
|
18
17
|
let(:request) do
|
|
19
18
|
Rack::Request.new(
|
|
20
19
|
Rack::MockRequest.env_for(
|
|
21
20
|
request_path,
|
|
22
|
-
:
|
|
23
|
-
:
|
|
21
|
+
method: :put,
|
|
22
|
+
input: "hello\nworld"
|
|
24
23
|
).merge!(request_headers)
|
|
25
24
|
)
|
|
26
25
|
end
|
|
27
26
|
|
|
28
|
-
subject(:driven_request){ ApiAuth::RequestDrivers::RackRequest.new(request) }
|
|
27
|
+
subject(:driven_request) { ApiAuth::RequestDrivers::RackRequest.new(request) }
|
|
29
28
|
|
|
30
|
-
describe
|
|
31
|
-
it
|
|
29
|
+
describe 'getting headers correctly' do
|
|
30
|
+
it 'gets the content_type' do
|
|
32
31
|
expect(driven_request.content_type).to eq('text/plain')
|
|
33
32
|
end
|
|
34
33
|
|
|
35
|
-
it
|
|
36
|
-
expect(driven_request.
|
|
34
|
+
it 'gets the content_hash' do
|
|
35
|
+
expect(driven_request.content_hash).to eq('47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=')
|
|
37
36
|
end
|
|
38
37
|
|
|
39
|
-
it
|
|
38
|
+
it 'gets the request_uri' do
|
|
40
39
|
expect(driven_request.request_uri).to eq('/resource.xml?foo=bar&bar=foo')
|
|
41
40
|
end
|
|
42
41
|
|
|
43
|
-
it
|
|
42
|
+
it 'gets the timestamp' do
|
|
44
43
|
expect(driven_request.timestamp).to eq(timestamp)
|
|
45
44
|
end
|
|
46
45
|
|
|
47
|
-
it
|
|
46
|
+
it 'gets the authorization_header' do
|
|
48
47
|
expect(driven_request.authorization_header).to eq('APIAuth 1044:12345')
|
|
49
48
|
end
|
|
50
49
|
|
|
51
|
-
describe
|
|
52
|
-
it
|
|
53
|
-
expect(driven_request.
|
|
50
|
+
describe '#calculated_hash' do
|
|
51
|
+
it 'calculates hash from the body' do
|
|
52
|
+
expect(driven_request.calculated_hash).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
|
|
54
53
|
end
|
|
55
54
|
|
|
56
|
-
it
|
|
55
|
+
it 'treats no body as empty string' do
|
|
57
56
|
request = Rack::Request.new(
|
|
58
57
|
Rack::MockRequest.env_for(
|
|
59
58
|
request_path,
|
|
60
|
-
:
|
|
59
|
+
method: :put
|
|
61
60
|
).merge!(request_headers)
|
|
62
61
|
)
|
|
63
62
|
driven_request = ApiAuth::RequestDrivers::RackRequest.new(request)
|
|
64
|
-
expect(driven_request.
|
|
63
|
+
expect(driven_request.calculated_hash).to eq('47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=')
|
|
65
64
|
end
|
|
66
65
|
end
|
|
67
66
|
|
|
68
|
-
describe
|
|
69
|
-
context
|
|
67
|
+
describe 'http_method' do
|
|
68
|
+
context 'when put request' do
|
|
70
69
|
let(:request) do
|
|
71
70
|
Rack::Request.new(
|
|
72
71
|
Rack::MockRequest.env_for(
|
|
73
72
|
request_path,
|
|
74
|
-
:
|
|
73
|
+
method: :put
|
|
75
74
|
).merge!(request_headers)
|
|
76
75
|
)
|
|
77
76
|
end
|
|
78
77
|
|
|
79
|
-
it
|
|
78
|
+
it 'returns upcased put' do
|
|
80
79
|
expect(driven_request.http_method).to eq('PUT')
|
|
81
80
|
end
|
|
82
81
|
end
|
|
83
82
|
|
|
84
|
-
context
|
|
83
|
+
context 'when get request' do
|
|
85
84
|
let(:request) do
|
|
86
85
|
Rack::Request.new(
|
|
87
86
|
Rack::MockRequest.env_for(
|
|
88
87
|
request_path,
|
|
89
|
-
:
|
|
88
|
+
method: :get
|
|
90
89
|
).merge!(request_headers)
|
|
91
90
|
)
|
|
92
91
|
end
|
|
93
92
|
|
|
94
|
-
it
|
|
93
|
+
it 'returns upcased get' do
|
|
95
94
|
expect(driven_request.http_method).to eq('GET')
|
|
96
95
|
end
|
|
97
96
|
end
|
|
98
97
|
end
|
|
99
98
|
end
|
|
100
99
|
|
|
101
|
-
describe
|
|
102
|
-
let(:request_headers)
|
|
100
|
+
describe 'setting headers correctly' do
|
|
101
|
+
let(:request_headers) do
|
|
103
102
|
{
|
|
104
103
|
'content-type' => 'text/plain'
|
|
105
104
|
}
|
|
106
|
-
|
|
105
|
+
end
|
|
107
106
|
|
|
108
|
-
describe
|
|
109
|
-
context
|
|
107
|
+
describe '#populate_content_hash' do
|
|
108
|
+
context 'when getting' do
|
|
110
109
|
let(:request) do
|
|
111
110
|
Rack::Request.new(
|
|
112
111
|
Rack::MockRequest.env_for(
|
|
113
112
|
request_path,
|
|
114
|
-
:
|
|
113
|
+
method: :get
|
|
115
114
|
).merge!(request_headers)
|
|
116
115
|
)
|
|
117
116
|
end
|
|
118
117
|
|
|
119
|
-
it "doesn't populate content
|
|
120
|
-
driven_request.
|
|
121
|
-
expect(request.env[
|
|
118
|
+
it "doesn't populate content hash" do
|
|
119
|
+
driven_request.populate_content_hash
|
|
120
|
+
expect(request.env['X-Authorization-Content-SHA256']).to be_nil
|
|
122
121
|
end
|
|
123
122
|
end
|
|
124
123
|
|
|
125
|
-
context
|
|
124
|
+
context 'when posting' do
|
|
126
125
|
let(:request) do
|
|
127
126
|
Rack::Request.new(
|
|
128
127
|
Rack::MockRequest.env_for(
|
|
129
128
|
request_path,
|
|
130
|
-
:
|
|
131
|
-
:
|
|
129
|
+
method: :post,
|
|
130
|
+
input: "hello\nworld"
|
|
132
131
|
).merge!(request_headers)
|
|
133
132
|
)
|
|
134
133
|
end
|
|
135
134
|
|
|
136
|
-
it
|
|
137
|
-
driven_request.
|
|
138
|
-
expect(request.env[
|
|
135
|
+
it 'populates content hash' do
|
|
136
|
+
driven_request.populate_content_hash
|
|
137
|
+
expect(request.env['X-Authorization-Content-SHA256']).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
|
|
139
138
|
end
|
|
140
139
|
|
|
141
|
-
it
|
|
142
|
-
driven_request.
|
|
143
|
-
expect(driven_request.
|
|
140
|
+
it 'refreshes the cached headers' do
|
|
141
|
+
driven_request.populate_content_hash
|
|
142
|
+
expect(driven_request.content_hash).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
|
|
144
143
|
end
|
|
145
144
|
end
|
|
146
145
|
|
|
147
|
-
context
|
|
146
|
+
context 'when putting' do
|
|
148
147
|
let(:request) do
|
|
149
148
|
Rack::Request.new(
|
|
150
149
|
Rack::MockRequest.env_for(
|
|
151
150
|
request_path,
|
|
152
|
-
:
|
|
153
|
-
:
|
|
151
|
+
method: :put,
|
|
152
|
+
input: "hello\nworld"
|
|
154
153
|
).merge!(request_headers)
|
|
155
154
|
)
|
|
156
155
|
end
|
|
157
156
|
|
|
158
|
-
it
|
|
159
|
-
driven_request.
|
|
160
|
-
expect(request.env[
|
|
157
|
+
it 'populates content hash' do
|
|
158
|
+
driven_request.populate_content_hash
|
|
159
|
+
expect(request.env['X-Authorization-Content-SHA256']).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
|
|
161
160
|
end
|
|
162
161
|
|
|
163
|
-
it
|
|
164
|
-
driven_request.
|
|
165
|
-
expect(driven_request.
|
|
162
|
+
it 'refreshes the cached headers' do
|
|
163
|
+
driven_request.populate_content_hash
|
|
164
|
+
expect(driven_request.content_hash).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
|
|
166
165
|
end
|
|
167
166
|
end
|
|
168
167
|
|
|
169
|
-
context
|
|
168
|
+
context 'when deleting' do
|
|
170
169
|
let(:request) do
|
|
171
170
|
Rack::Request.new(
|
|
172
171
|
Rack::MockRequest.env_for(
|
|
173
172
|
request_path,
|
|
174
|
-
:
|
|
173
|
+
method: :delete
|
|
175
174
|
).merge!(request_headers)
|
|
176
175
|
)
|
|
177
176
|
end
|
|
178
177
|
|
|
179
|
-
it "doesn't populate content
|
|
180
|
-
driven_request.
|
|
181
|
-
expect(request.env[
|
|
178
|
+
it "doesn't populate content hash" do
|
|
179
|
+
driven_request.populate_content_hash
|
|
180
|
+
expect(request.env['X-Authorization-Content-SHA256']).to be_nil
|
|
182
181
|
end
|
|
183
182
|
end
|
|
184
|
-
|
|
185
183
|
end
|
|
186
184
|
|
|
187
|
-
describe
|
|
185
|
+
describe '#set_date' do
|
|
188
186
|
before do
|
|
189
187
|
allow(Time).to receive_message_chain(:now, :utc, :httpdate).and_return(timestamp)
|
|
190
188
|
end
|
|
191
189
|
|
|
192
|
-
it
|
|
190
|
+
it 'sets the date header of the request' do
|
|
193
191
|
driven_request.set_date
|
|
194
192
|
expect(request.env['DATE']).to eq(timestamp)
|
|
195
193
|
end
|
|
196
194
|
|
|
197
|
-
it
|
|
195
|
+
it 'refreshes the cached headers' do
|
|
198
196
|
driven_request.set_date
|
|
199
197
|
expect(driven_request.timestamp).to eq(timestamp)
|
|
200
198
|
end
|
|
201
199
|
end
|
|
202
200
|
|
|
203
|
-
describe
|
|
204
|
-
it
|
|
201
|
+
describe '#set_auth_header' do
|
|
202
|
+
it 'sets the auth header' do
|
|
205
203
|
driven_request.set_auth_header('APIAuth 1044:54321')
|
|
206
204
|
expect(request.env['Authorization']).to eq('APIAuth 1044:54321')
|
|
207
205
|
end
|
|
208
206
|
end
|
|
209
207
|
end
|
|
210
208
|
|
|
211
|
-
describe
|
|
212
|
-
context
|
|
209
|
+
describe 'content_hash_mismatch?' do
|
|
210
|
+
context 'when getting' do
|
|
213
211
|
let(:request) do
|
|
214
212
|
Rack::Request.new(
|
|
215
213
|
Rack::MockRequest.env_for(
|
|
216
214
|
request_path,
|
|
217
|
-
:
|
|
215
|
+
method: :get
|
|
218
216
|
).merge!(request_headers)
|
|
219
217
|
)
|
|
220
218
|
end
|
|
221
219
|
|
|
222
|
-
it
|
|
223
|
-
expect(driven_request.
|
|
220
|
+
it 'is false' do
|
|
221
|
+
expect(driven_request.content_hash_mismatch?).to be false
|
|
224
222
|
end
|
|
225
223
|
end
|
|
226
224
|
|
|
227
|
-
context
|
|
225
|
+
context 'when posting' do
|
|
228
226
|
let(:request) do
|
|
229
227
|
Rack::Request.new(
|
|
230
228
|
Rack::MockRequest.env_for(
|
|
231
229
|
request_path,
|
|
232
|
-
:
|
|
233
|
-
:
|
|
230
|
+
method: :post,
|
|
231
|
+
input: "hello\nworld"
|
|
234
232
|
).merge!(request_headers)
|
|
235
233
|
)
|
|
236
234
|
end
|
|
237
235
|
|
|
238
|
-
context
|
|
236
|
+
context 'when calculated matches sent' do
|
|
239
237
|
before do
|
|
240
|
-
request.env[
|
|
238
|
+
request.env['X-Authorization-Content-SHA256'] = 'JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g='
|
|
241
239
|
end
|
|
242
240
|
|
|
243
|
-
it
|
|
244
|
-
expect(driven_request.
|
|
241
|
+
it 'is false' do
|
|
242
|
+
expect(driven_request.content_hash_mismatch?).to be false
|
|
245
243
|
end
|
|
246
244
|
end
|
|
247
245
|
|
|
248
246
|
context "when calculated doesn't match sent" do
|
|
249
247
|
before do
|
|
250
|
-
request.env[
|
|
248
|
+
request.env['X-Authorization-Content-SHA256'] = '3'
|
|
251
249
|
end
|
|
252
250
|
|
|
253
|
-
it
|
|
254
|
-
expect(driven_request.
|
|
251
|
+
it 'is true' do
|
|
252
|
+
expect(driven_request.content_hash_mismatch?).to be true
|
|
255
253
|
end
|
|
256
254
|
end
|
|
257
255
|
end
|
|
258
256
|
|
|
259
|
-
context
|
|
257
|
+
context 'when putting' do
|
|
260
258
|
let(:request) do
|
|
261
259
|
Rack::Request.new(
|
|
262
260
|
Rack::MockRequest.env_for(
|
|
263
261
|
request_path,
|
|
264
|
-
:
|
|
265
|
-
:
|
|
262
|
+
method: :put,
|
|
263
|
+
input: "hello\nworld"
|
|
266
264
|
).merge!(request_headers)
|
|
267
265
|
)
|
|
268
266
|
end
|
|
269
267
|
|
|
270
|
-
context
|
|
268
|
+
context 'when calculated matches sent' do
|
|
271
269
|
before do
|
|
272
|
-
request.env[
|
|
270
|
+
request.env['X-Authorization-Content-SHA256'] = 'JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g='
|
|
273
271
|
end
|
|
274
272
|
|
|
275
|
-
it
|
|
276
|
-
expect(driven_request.
|
|
273
|
+
it 'is false' do
|
|
274
|
+
expect(driven_request.content_hash_mismatch?).to be false
|
|
277
275
|
end
|
|
278
276
|
end
|
|
279
277
|
|
|
280
278
|
context "when calculated doesn't match sent" do
|
|
281
279
|
before do
|
|
282
|
-
request.env[
|
|
280
|
+
request.env['X-Authorization-Content-SHA256'] = '3'
|
|
283
281
|
end
|
|
284
282
|
|
|
285
|
-
it
|
|
286
|
-
expect(driven_request.
|
|
283
|
+
it 'is true' do
|
|
284
|
+
expect(driven_request.content_hash_mismatch?).to be true
|
|
287
285
|
end
|
|
288
286
|
end
|
|
289
287
|
end
|
|
290
288
|
|
|
291
|
-
context
|
|
289
|
+
context 'when deleting' do
|
|
292
290
|
let(:request) do
|
|
293
291
|
Rack::Request.new(
|
|
294
292
|
Rack::MockRequest.env_for(
|
|
295
293
|
request_path,
|
|
296
|
-
:
|
|
294
|
+
method: :delete
|
|
297
295
|
).merge!(request_headers)
|
|
298
296
|
)
|
|
299
297
|
end
|
|
300
298
|
|
|
301
|
-
it
|
|
302
|
-
expect(driven_request.
|
|
299
|
+
it 'is false' do
|
|
300
|
+
expect(driven_request.content_hash_mismatch?).to be false
|
|
303
301
|
end
|
|
304
302
|
end
|
|
305
303
|
end
|
|
304
|
+
|
|
305
|
+
describe 'fetch_headers' do
|
|
306
|
+
it 'returns request headers' do
|
|
307
|
+
expect(driven_request.fetch_headers).to include('CONTENT-TYPE' => 'text/plain')
|
|
308
|
+
end
|
|
309
|
+
end
|
|
306
310
|
end
|