api-auth 1.5.0 → 2.6.0

data/spec/request_drivers/faraday_env_spec.rb

@@ -0,0 +1,188 @@
+require 'spec_helper'
+
+describe ApiAuth::RequestDrivers::FaradayEnv do
+  let(:timestamp) { Time.now.utc.httpdate }
+
+  let(:request) do
+    Faraday::Env.new(verb, body, URI(uri), {}, Faraday::Utils::Headers.new(headers))
+  end
+
+  let(:verb) { :put }
+  let(:uri) { 'https://localhost/resource.xml?foo=bar&bar=foo' }
+  let(:body) { "hello\nworld" }
+
+  let(:headers) do
+    {
+      'Authorization' => 'APIAuth 1044:12345',
+      'X-Authorization-Content-SHA256' => '47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=',
+      'content-type' => 'text/plain',
+      'date' => timestamp
+    }
+  end
+
+  subject(:driven_request) { described_class.new(request) }
+
+  describe 'getting headers correctly' do
+    it 'gets the content_type' do
+      expect(driven_request.content_type).to eq('text/plain')
+    end
+
+    context 'without Content-Type' do
+      let(:headers) { {} }
+
+      it 'defaults to url-encoded' do
+        expect(driven_request.content_type).to eq 'application/x-www-form-urlencoded'
+      end
+    end
+
+    it 'gets the content_hash' do
+      expect(driven_request.content_hash).to eq('47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=')
+    end
+
+    it 'gets the request_uri' do
+      expect(driven_request.request_uri).to eq('/resource.xml?foo=bar&bar=foo')
+    end
+
+    it 'gets the timestamp' do
+      expect(driven_request.timestamp).to eq(timestamp)
+    end
+
+    it 'gets the authorization_header' do
+      expect(driven_request.authorization_header).to eq('APIAuth 1044:12345')
+    end
+
+    describe '#calculated_hash' do
+      it 'calculates hash from the body' do
+        expect(driven_request.calculated_hash).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
+        expect(driven_request.body.bytesize).to eq(11)
+      end
+
+      context 'no body' do
+        let(:body) { nil }
+
+        it 'treats no body as empty string' do
+          expect(driven_request.calculated_hash).to eq('47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=')
+          expect(driven_request.body.bytesize).to eq(0)
+        end
+      end
+
+      context 'multipart content' do
+        let(:body) { File.new('spec/fixtures/upload.png') }
+
+        it 'calculates correctly for multipart content' do
+          expect(driven_request.calculated_hash).to eq('AlKDe7kjMQhuKgKuNG8I7GA93MasHcaVJkJLaUT7+dY=')
+          expect(driven_request.body.bytesize).to eq(5112)
+        end
+      end
+    end
+
+    describe 'http_method' do
+      context 'when put request' do
+        let(:verb) { :put }
+
+        it 'returns upcased put' do
+          expect(driven_request.http_method).to eq('PUT')
+        end
+      end
+
+      context 'when get request' do
+        let(:verb) { :get }
+
+        it 'returns upcased get' do
+          expect(driven_request.http_method).to eq('GET')
+        end
+      end
+    end
+  end
+
+  describe 'setting headers correctly' do
+    let(:headers) do
+      {
+        'content-type' => 'text/plain'
+      }
+    end
+
+    describe '#populate_content_hash' do
+      context 'when request type has no body' do
+        let(:verb) { :get }
+
+        it "doesn't populate content hash" do
+          driven_request.populate_content_hash
+          expect(request.request_headers['X-Authorization-Content-SHA256']).to be_nil
+        end
+      end
+
+      context 'when request type has a body' do
+        let(:verb) { :put }
+
+        it 'populates content hash' do
+          driven_request.populate_content_hash
+          expect(request.request_headers['X-Authorization-Content-SHA256']).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
+        end
+
+        it 'refreshes the cached headers' do
+          driven_request.populate_content_hash
+          expect(driven_request.content_hash).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
+        end
+      end
+    end
+
+    describe '#set_date' do
+      before do
+        allow(Time).to receive_message_chain(:now, :utc, :httpdate).and_return(timestamp)
+      end
+
+      it 'sets the date header of the request' do
+        driven_request.set_date
+        expect(request.request_headers['DATE']).to eq(timestamp)
+      end
+    end
+
+    describe '#set_auth_header' do
+      it 'sets the auth header' do
+        driven_request.set_auth_header('APIAuth 1044:54321')
+        expect(request.request_headers['Authorization']).to eq('APIAuth 1044:54321')
+      end
+    end
+  end
+
+  describe 'content_hash_mismatch?' do
+    context 'when request type has no body' do
+      let(:verb) { :get }
+
+      it 'is false' do
+        expect(driven_request.content_hash_mismatch?).to be false
+      end
+    end
+
+    context 'when request type has a body' do
+      let(:verb) { :put }
+
+      context 'when calculated matches sent' do
+        before do
+          request.request_headers['X-Authorization-Content-SHA256'] = 'JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g='
+        end
+
+        it 'is false' do
+          expect(driven_request.content_hash_mismatch?).to be false
+        end
+      end
+
+      context "when calculated doesn't match sent" do
+        before do
+          request['X-Authorization-Content-SHA256'] = '3'
+        end
+
+        it 'is true' do
+          expect(driven_request.content_hash_mismatch?).to be true
+        end
+      end
+    end
+  end
+
+  describe 'fetch_headers' do
+    it 'returns request headers' do
+      expect(driven_request.fetch_headers).to include('CONTENT-TYPE' => 'text/plain')
+    end
+  end
+end

data/spec/request_drivers/faraday_spec.rb

@@ -1,8 +1,7 @@
 require 'spec_helper'
 
 describe ApiAuth::RequestDrivers::FaradayRequest do
-
-  let(:timestamp){ Time.now.utc.httpdate }
+  let(:timestamp) { Time.now.utc.httpdate }
 
   let(:faraday_stubs) do
     Faraday::Adapter::Test::Stubs.new do |stub|
@@ -20,8 +19,8 @@ describe ApiAuth::RequestDrivers::FaradayRequest do
 
   let(:request_headers) do
     {
-      'Authorization'  => 'APIAuth 1044:12345',
-      'Content-MD5' => "1B2M2Y8AsgTpgAmY7PhCfg==",
+      'Authorization' => 'APIAuth 1044:12345',
+      'X-Authorization-Content-SHA256' => '47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=',
       'content-type' => 'text/plain',
       'DATE' => timestamp
     }
@@ -38,42 +37,42 @@ describe ApiAuth::RequestDrivers::FaradayRequest do
     faraday_request
   end
 
-  subject(:driven_request){ ApiAuth::RequestDrivers::FaradayRequest.new(request) }
+  subject(:driven_request) { ApiAuth::RequestDrivers::FaradayRequest.new(request) }
 
-  describe "getting headers correctly" do
-    it "gets the content_type" do
+  describe 'getting headers correctly' do
+    it 'gets the content_type' do
       expect(driven_request.content_type).to eq('text/plain')
     end
 
-    it "gets the content_md5" do
-      expect(driven_request.content_md5).to eq('1B2M2Y8AsgTpgAmY7PhCfg==')
+    it 'gets the content_hash' do
+      expect(driven_request.content_hash).to eq('47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=')
     end
 
-    it "gets the request_uri" do
+    it 'gets the request_uri' do
       expect(driven_request.request_uri).to eq('/resource.xml?bar=foo&foo=bar')
     end
 
-    it "gets the timestamp" do
+    it 'gets the timestamp' do
       expect(driven_request.timestamp).to eq(timestamp)
     end
 
-    it "gets the authorization_header" do
+    it 'gets the authorization_header' do
       expect(driven_request.authorization_header).to eq('APIAuth 1044:12345')
     end
 
-    describe "#calculated_md5" do
-      it "calculates md5 from the body" do
-        expect(driven_request.calculated_md5).to eq('kZXQvrKoieG+Be1rsZVINw==')
+    describe '#calculated_hash' do
+      it 'calculates hash from the body' do
+        expect(driven_request.calculated_hash).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
       end
 
-      it "treats no body as empty string" do
+      it 'treats no body as empty string' do
         request.body = nil
-        expect(driven_request.calculated_md5).to eq('1B2M2Y8AsgTpgAmY7PhCfg==')
+        expect(driven_request.calculated_hash).to eq('47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=')
       end
     end
 
-    describe "http_method" do
-      context "when put request" do
+    describe 'http_method' do
+      context 'when put request' do
         let(:request) do
           faraday_request = nil
 
@@ -85,12 +84,12 @@ describe ApiAuth::RequestDrivers::FaradayRequest do
           faraday_request
         end
 
-        it "returns upcased put" do
+        it 'returns upcased put' do
           expect(driven_request.http_method).to eq('PUT')
         end
       end
 
-      context "when get request" do
+      context 'when get request' do
         let(:request) do
           faraday_request = nil
 
@@ -102,160 +101,165 @@ describe ApiAuth::RequestDrivers::FaradayRequest do
           faraday_request
         end
 
-        it "returns upcased get" do
+        it 'returns upcased get' do
           expect(driven_request.http_method).to eq('GET')
         end
       end
     end
   end
 
-  describe "setting headers correctly" do
+  describe 'setting headers correctly' do
     let(:request_headers) do
       {
         'content-type' => 'text/plain'
       }
     end
 
-    describe "#populate_content_md5" do
-      context "when getting" do
-        it "doesn't populate content-md5" do
-          request.method = :get
-          driven_request.populate_content_md5
-          expect(request.headers["Content-MD5"]).to be_nil
+    describe '#populate_content_hash' do
+      context 'when getting' do
+        it "doesn't populate content hash" do
+          request.http_method = :get
+          driven_request.populate_content_hash
+          expect(request.headers['X-Authorization-Content-SHA256']).to be_nil
         end
       end
 
-      context "when posting" do
-        it "populates content-md5" do
-          request.method = :post
-          driven_request.populate_content_md5
-          expect(request.headers["Content-MD5"]).to eq('kZXQvrKoieG+Be1rsZVINw==')
+      context 'when posting' do
+        it 'populates content hash' do
+          request.http_method = :post
+          driven_request.populate_content_hash
+          expect(request.headers['X-Authorization-Content-SHA256']).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
         end
 
-        it "refreshes the cached headers" do
-          driven_request.populate_content_md5
-          expect(driven_request.content_md5).to eq('kZXQvrKoieG+Be1rsZVINw==')
+        it 'refreshes the cached headers' do
+          driven_request.populate_content_hash
+          expect(driven_request.content_hash).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
         end
       end
 
-      context "when putting" do
-        it "populates content-md5" do
-          request.method = :put
-          driven_request.populate_content_md5
-          expect(request.headers["Content-MD5"]).to eq('kZXQvrKoieG+Be1rsZVINw==')
+      context 'when putting' do
+        it 'populates content hash' do
+          request.http_method = :put
+          driven_request.populate_content_hash
+          expect(request.headers['X-Authorization-Content-SHA256']).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
         end
 
-        it "refreshes the cached headers" do
-          driven_request.populate_content_md5
-          expect(driven_request.content_md5).to eq('kZXQvrKoieG+Be1rsZVINw==')
+        it 'refreshes the cached headers' do
+          driven_request.populate_content_hash
+          expect(driven_request.content_hash).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
         end
       end
 
-      context "when deleting" do
-        it "doesn't populate content-md5" do
-          request.method = :delete
-          driven_request.populate_content_md5
-          expect(request.headers["Content-MD5"]).to be_nil
+      context 'when deleting' do
+        it "doesn't populate content hash" do
+          request.http_method = :delete
+          driven_request.populate_content_hash
+          expect(request.headers['X-Authorization-Content-SHA256']).to be_nil
         end
       end
-
     end
 
-    describe "#set_date" do
+    describe '#set_date' do
       before do
         allow(Time).to receive_message_chain(:now, :utc, :httpdate).and_return(timestamp)
       end
 
-      it "sets the date header of the request" do
+      it 'sets the date header of the request' do
         driven_request.set_date
         expect(request.headers['DATE']).to eq(timestamp)
       end
 
-      it "refreshes the cached headers" do
+      it 'refreshes the cached headers' do
         driven_request.set_date
         expect(driven_request.timestamp).to eq(timestamp)
       end
     end
 
-    describe "#set_auth_header" do
-      it "sets the auth header" do
+    describe '#set_auth_header' do
+      it 'sets the auth header' do
         driven_request.set_auth_header('APIAuth 1044:54321')
         expect(request.headers['Authorization']).to eq('APIAuth 1044:54321')
       end
     end
   end
 
-  describe "md5_mismatch?" do
-    context "when getting" do
+  describe 'content_hash_mismatch?' do
+    context 'when getting' do
       before do
-        request.method = :get
+        request.http_method = :get
       end
 
-      it "is false" do
-        expect(driven_request.md5_mismatch?).to be false
+      it 'is false' do
+        expect(driven_request.content_hash_mismatch?).to be false
       end
     end
 
-    context "when posting" do
+    context 'when posting' do
       before do
-        request.method = :post
+        request.http_method = :post
       end
 
-      context "when calculated matches sent" do
+      context 'when calculated matches sent' do
         before do
-          request.headers["Content-MD5"] = 'kZXQvrKoieG+Be1rsZVINw=='
+          request.headers['X-Authorization-Content-SHA256'] = 'JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g='
         end
 
-        it "is false" do
-          expect(driven_request.md5_mismatch?).to be false
+        it 'is false' do
+          expect(driven_request.content_hash_mismatch?).to be false
         end
       end
 
       context "when calculated doesn't match sent" do
         before do
-          request.headers["Content-MD5"] = "3"
+          request.headers['X-Authorization-Content-SHA256'] = '3'
         end
 
-        it "is true" do
-          expect(driven_request.md5_mismatch?).to be true
+        it 'is true' do
+          expect(driven_request.content_hash_mismatch?).to be true
         end
       end
     end
 
-    context "when putting" do
+    context 'when putting' do
       before do
-        request.method = :put
+        request.http_method = :put
       end
 
-      context "when calculated matches sent" do
+      context 'when calculated matches sent' do
         before do
-          request.headers["Content-MD5"] = 'kZXQvrKoieG+Be1rsZVINw=='
+          request.headers['X-Authorization-Content-SHA256'] = 'JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g='
         end
 
-        it "is false" do
-          expect(driven_request.md5_mismatch?).to be false
+        it 'is false' do
+          expect(driven_request.content_hash_mismatch?).to be false
         end
       end
 
       context "when calculated doesn't match sent" do
         before do
-          request.headers["Content-MD5"] = "3"
+          request.headers['X-Authorization-Content-SHA256'] = '3'
         end
 
-        it "is true" do
-          expect(driven_request.md5_mismatch?).to be true
+        it 'is true' do
+          expect(driven_request.content_hash_mismatch?).to be true
         end
       end
     end
 
-    context "when deleting" do
+    context 'when deleting' do
       before do
-        request.method = :delete
+        request.http_method = :delete
       end
 
-      it "is false" do
-        expect(driven_request.md5_mismatch?).to be false
+      it 'is false' do
+        expect(driven_request.content_hash_mismatch?).to be false
       end
     end
   end
+
+  describe 'fetch_headers' do
+    it 'returns request headers' do
+      expect(driven_request.fetch_headers).to include('CONTENT-TYPE' => 'text/plain')
+    end
+  end
 end