RubyGems - api-auth - Versions diffs - 2.2.0 → 2.4.1 - Mend

api-auth 2.2.0 → 2.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (45) hide show

checksums.yaml +4 -4
data/.rubocop.yml +11 -52
data/.rubocop_todo.yml +92 -0
data/.travis.yml +15 -14
data/CHANGELOG.md +28 -0
data/Gemfile +1 -1
data/README.md +77 -38
data/VERSION +1 -1
data/api_auth.gemspec +15 -11
data/gemfiles/http2.gemfile +7 -0
data/gemfiles/http3.gemfile +7 -0
data/gemfiles/http4.gemfile +7 -0
data/gemfiles/rails_5.gemfile +5 -7
data/gemfiles/rails_51.gemfile +5 -5
data/gemfiles/rails_52.gemfile +9 -0
data/gemfiles/rails_60.gemfile +11 -0
data/lib/api_auth.rb +3 -0
data/lib/api_auth/base.rb +2 -2
data/lib/api_auth/headers.rb +19 -8
data/lib/api_auth/railtie.rb +9 -5
data/lib/api_auth/request_drivers/action_controller.rb +1 -0
data/lib/api_auth/request_drivers/faraday.rb +2 -1
data/lib/api_auth/request_drivers/grape_request.rb +87 -0
data/lib/api_auth/request_drivers/http.rb +96 -0
data/lib/api_auth/request_drivers/httpi.rb +1 -0
data/lib/api_auth/request_drivers/net_http.rb +1 -1
data/lib/api_auth/request_drivers/rack.rb +1 -0
data/lib/api_auth/request_drivers/rest_client.rb +3 -2
data/spec/api_auth_spec.rb +7 -0
data/spec/headers_spec.rb +26 -8
data/spec/request_drivers/action_controller_spec.rb +10 -4
data/spec/request_drivers/action_dispatch_spec.rb +17 -11
data/spec/request_drivers/curb_spec.rb +9 -3
data/spec/request_drivers/faraday_spec.rb +6 -0
data/spec/request_drivers/grape_request_spec.rb +279 -0
data/spec/request_drivers/http_spec.rb +190 -0
data/spec/request_drivers/httpi_spec.rb +6 -0
data/spec/request_drivers/net_http_spec.rb +6 -0
data/spec/request_drivers/rack_spec.rb +6 -0
data/spec/request_drivers/rest_client_spec.rb +93 -15
data/spec/spec_helper.rb +3 -4
metadata +102 -66
data/gemfiles/rails_4.gemfile +0 -11
data/gemfiles/rails_41.gemfile +0 -11
data/gemfiles/rails_42.gemfile +0 -11

data/VERSION CHANGED

	@@ -1 +1 @@
1	- 2.2.0
1	+ 2.4.1

data/api_auth.gemspec CHANGED

@@ -1,4 +1,4 @@
-$LOAD_PATH.push File.expand_path('../lib', __FILE__)
+$LOAD_PATH.push File.expand_path('lib', __dir__)
 Gem::Specification.new do |s|
   s.name = 'api-auth'
@@ -9,19 +9,23 @@ Gem::Specification.new do |s|
   s.authors = ['Mauricio Gomes']
   s.email = 'mauricio@edge14.com'
-  s.add_development_dependency 'appraisal'
-  s.add_development_dependency 'rake'
+  s.required_ruby_version = '>= 2.4.0'
+  s.add_development_dependency 'actionpack', '< 6.1', '> 4.0'
+  s.add_development_dependency 'activeresource', '>= 4.0'
+  s.add_development_dependency 'activesupport', '< 6.1', '> 4.0'
   s.add_development_dependency 'amatch'
-  s.add_development_dependency 'rspec', '~> 3.4'
-  s.add_development_dependency 'actionpack', '< 6.0', '> 4.0'
-  s.add_development_dependency 'activesupport', '< 6.0', '> 4.0'
-  s.add_development_dependency 'activeresource', '~> 4.0'
-  s.add_development_dependency 'rest-client', '~> 1.6.0'
-  s.add_development_dependency 'curb', '~> 0.8.1'
-  s.add_development_dependency 'httpi'
+  s.add_development_dependency 'appraisal'
+  s.add_development_dependency 'curb', '~> 0.8'
   s.add_development_dependency 'faraday', '>= 0.10'
+  s.add_development_dependency 'http'
+  s.add_development_dependency 'httpi'
   s.add_development_dependency 'multipart-post', '~> 2.0'
-  s.add_development_dependency 'httparty', '~> 0.13.0'
+  s.add_development_dependency 'pry'
+  s.add_development_dependency 'rake'
+  s.add_development_dependency 'rest-client', '~> 2.0'
+  s.add_development_dependency 'grape', '~> 1.1.0'
+  s.add_development_dependency 'rspec', '~> 3.4'
   s.files         = `git ls-files`.split("\n")
   s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")

data/gemfiles/http2.gemfile ADDED

@@ -0,0 +1,7 @@
+# This file was generated by Appraisal
+source 'https://rubygems.org'
+gem 'http', '~> 2.0'
+gemspec path: '../'

data/gemfiles/http3.gemfile ADDED

@@ -0,0 +1,7 @@
+# This file was generated by Appraisal
+source 'https://rubygems.org'
+gem 'http', '~> 3.0'
+gemspec path: '../'

data/gemfiles/http4.gemfile ADDED

@@ -0,0 +1,7 @@
+# This file was generated by Appraisal
+source 'https://rubygems.org'
+gem 'http', '~> 4.0'
+gemspec path: '../'

data/gemfiles/rails_5.gemfile CHANGED

@@ -1,11 +1,9 @@
 # This file was generated by Appraisal
-source "https://rubygems.org"
+source 'https://rubygems.org'
-gem "actionpack", "~> 5.0.2"
-gem "activeresource", "~> 5.0.0", git: 'https://github.com/rails/activeresource.git'
-gem "activesupport", "~> 5.0.2"
+gem 'actionpack', '~> 5.0.2'
+gem 'activeresource', '~> 5.0.0'
+gem 'activesupport', '~> 5.0.2'
-gem "rubocop"
-gemspec :path => "../"
+gemspec path: '../'

data/gemfiles/rails_51.gemfile CHANGED

@@ -1,9 +1,9 @@
 # This file was generated by Appraisal
-source "https://rubygems.org"
+source 'https://rubygems.org'
-gem "actionpack", "~> 5.1.1"
-gem "activeresource", "~> 5.0.0", git: 'https://github.com/rails/activeresource.git'
-gem "activesupport", "~> 5.1.1"
+gem 'actionpack', '~> 5.1.1'
+gem 'activeresource', '~> 5.1.0'
+gem 'activesupport', '~> 5.1.1'
-gemspec :path => "../"
+gemspec path: '../'

data/gemfiles/rails_52.gemfile ADDED

@@ -0,0 +1,9 @@
+# This file was generated by Appraisal
+source 'https://rubygems.org'
+gem 'actionpack', '~> 5.2.1'
+gem 'activeresource', '~> 5.1.0'
+gem 'activesupport', '~> 5.2.1'
+gemspec path: '../'

data/gemfiles/rails_60.gemfile ADDED

@@ -0,0 +1,11 @@
+# This file was generated by Appraisal
+source 'https://rubygems.org'
+gem 'actionpack', '~> 6.0.0'
+gem 'activeresource', '~> 5.1.0'
+gem 'activesupport', '~> 6.0.0'
+gem 'rubocop'
+gemspec path: '../'

data/lib/api_auth.rb CHANGED

@@ -1,5 +1,6 @@
 require 'openssl'
 require 'base64'
+require 'time'
 require 'api_auth/errors'
 require 'api_auth/helpers'
@@ -8,10 +9,12 @@ require 'api_auth/request_drivers/net_http'
 require 'api_auth/request_drivers/curb'
 require 'api_auth/request_drivers/rest_client'
 require 'api_auth/request_drivers/action_controller'
+require 'api_auth/request_drivers/grape_request'
 require 'api_auth/request_drivers/action_dispatch'
 require 'api_auth/request_drivers/rack'
 require 'api_auth/request_drivers/httpi'
 require 'api_auth/request_drivers/faraday'
+require 'api_auth/request_drivers/http'
 require 'api_auth/headers'
 require 'api_auth/base'

data/lib/api_auth/base.rb CHANGED

@@ -71,7 +71,7 @@ module ApiAuth
     private
-    AUTH_HEADER_PATTERN = /APIAuth(?:-HMAC-(MD5|SHA(?:1|224|256|384|512)?))? ([^:]+):(.+)$/
+    AUTH_HEADER_PATTERN = /APIAuth(?:-HMAC-(MD5|SHA(?:1|224|256|384|512)?))? ([^:]+):(.+)$/.freeze
     def request_within_time_window?(headers, clock_skew)
       Time.httpdate(headers.timestamp).utc > (Time.now.utc - clock_skew) &&
@@ -105,7 +105,7 @@ module ApiAuth
     end
     def hmac_signature(headers, secret_key, options)
-      canonical_string = headers.canonical_string(options[:override_http_method])
+      canonical_string = headers.canonical_string(options[:override_http_method], options[:headers_to_sign])
       digest = OpenSSL::Digest.new(options[:digest])
       b64_encode(OpenSSL::HMAC.digest(digest, secret_key, canonical_string))
     end

data/lib/api_auth/headers.rb CHANGED

@@ -26,6 +26,8 @@ module ApiAuth
           else
             ActionControllerRequest.new(request)
           end
+        when /Grape::Request/
+          GrapeRequest.new(request)
         when /ActionDispatch::Request/
           ActionDispatchRequest.new(request)
         when /ActionController::CgiRequest/
@@ -34,10 +36,13 @@ module ApiAuth
           HttpiRequest.new(request)
         when /Faraday::Request/
           FaradayRequest.new(request)
+        when /HTTP::Request/
+          HttpRequest.new(request)
         end
       return new_request if new_request
       return RackRequest.new(request) if request.is_a?(Rack::Request)
       raise UnknownHTTPRequest, "#{request.class} is not yet supported."
     end
     private :initialize_request_driver
@@ -47,18 +52,24 @@ module ApiAuth
       @request.timestamp
     end
-    def canonical_string(override_method = nil)
+    def canonical_string(override_method = nil, headers_to_sign = [])
       request_method = override_method || @request.http_method
-      if request_method.nil?
-        raise ArgumentError, 'unable to determine the http method from the request, please supply an override'
+      raise ArgumentError, 'unable to determine the http method from the request, please supply an override' if request_method.nil?
+      headers = @request.fetch_headers
+      canonical_array = [request_method.upcase,
+                         @request.content_type,
+                         @request.content_md5,
+                         parse_uri(@request.original_uri || @request.request_uri),
+                         @request.timestamp]
+      if headers_to_sign.is_a?(Array) && headers_to_sign.any?
+        headers_to_sign.each { |h| canonical_array << headers[h] if headers[h].present? }
       end
-      [request_method.upcase,
-       @request.content_type,
-       @request.content_md5,
-       parse_uri(@request.original_uri || @request.request_uri),
-       @request.timestamp].join(',')
+      canonical_array.join(',')
     end
     # Returns the authorization header from the request's headers

data/lib/api_auth/railtie.rb CHANGED

@@ -13,8 +13,10 @@ module ApiAuth
         end
       end
-      if defined?(ActionController::Base)
-        ActionController::Base.send(:include, ControllerMethods::InstanceMethods)
+      if defined?(ActiveSupport)
+        ActiveSupport.on_load(:action_controller) do
+          ActionController::Base.include(ControllerMethods::InstanceMethods)
+        end
       end
     end # ControllerMethods
@@ -80,9 +82,11 @@ module ApiAuth
         end
       end # Connection
-      if defined?(ActiveResource)
-        ActiveResource::Base.send(:include, ActiveResourceApiAuth)
-        ActiveResource::Connection.send(:include, Connection)
+      if defined?(ActiveSupport)
+        ActiveSupport.on_load(:active_resource) do
+          ActiveResource::Base.include(ActiveResourceApiAuth)
+          ActiveResource::Connection.include(Connection)
+        end
       end
     end # ActiveResourceExtension
   end # Rails

data/lib/api_auth/request_drivers/action_controller.rb CHANGED

@@ -22,6 +22,7 @@ module ApiAuth
       def populate_content_md5
         return unless @request.put? || @request.post?
         @request.env['Content-MD5'] = calculated_md5
         fetch_headers
       end

data/lib/api_auth/request_drivers/faraday.rb CHANGED

@@ -16,12 +16,13 @@ module ApiAuth
       end
       def calculated_md5
-        body = @request.body ? @request.body : ''
+        body = @request.body || ''
         md5_base64digest(body)
       end
       def populate_content_md5
         return unless %w[POST PUT].include?(@request.method.to_s.upcase)
         @request.headers['Content-MD5'] = calculated_md5
         fetch_headers
       end

data/lib/api_auth/request_drivers/grape_request.rb ADDED

@@ -0,0 +1,87 @@
+module ApiAuth
+  module RequestDrivers # :nodoc:
+    class GrapeRequest # :nodoc:
+      include ApiAuth::Helpers
+      def initialize(request)
+        @request = request
+        save_headers
+        true
+      end
+      def set_auth_header(header)
+        @request.env['HTTP_AUTHORIZATION'] = header
+        save_headers # enforce update of processed_headers based on last updated headers
+        @request
+      end
+      def calculated_md5
+        body = @request.body.read
+        @request.body.rewind
+        md5_base64digest(body)
+      end
+      def populate_content_md5
+        return if !@request.put? && !@request.post?
+        @request.env['HTTP_CONTENT_MD5'] = calculated_md5
+        save_headers
+      end
+      def md5_mismatch?
+        if @request.put? || @request.post?
+          calculated_md5 != content_md5
+        else
+          false
+        end
+      end
+      def fetch_headers
+        capitalize_keys @request.env
+      end
+      def http_method
+        @request.request_method.upcase
+      end
+      def content_type
+        find_header %w[HTTP_X_HMAC_CONTENT_TYPE HTTP_X_CONTENT_TYPE CONTENT-TYPE CONTENT_TYPE HTTP_CONTENT_TYPE]
+      end
+      def content_md5
+        find_header %w[HTTP_X_HMAC_CONTENT_MD5 HTTP_X_CONTENT_MD5 CONTENT-MD5 CONTENT_MD5 HTTP_CONTENT_MD5]
+      end
+      def original_uri
+        find_header %w[HTTP_X_HMAC_ORIGINAL_URI HTTP_X_ORIGINAL_URI X-ORIGINAL-URI X_ORIGINAL_URI]
+      end
+      def request_uri
+        @request.url
+      end
+      def set_date
+        @request.env['HTTP_DATE'] = Time.now.utc.httpdate
+        save_headers
+      end
+      def timestamp
+        find_header %w[HTTP_X_HMAC_DATE HTTP_X_DATE DATE HTTP_DATE]
+      end
+      def authorization_header
+        find_header %w[HTTP_X_HMAC_AUTHORIZATION HTTP_X_AUTHORIZATION Authorization AUTHORIZATION HTTP_AUTHORIZATION]
+      end
+      private
+      def find_header(keys)
+        keys.map { |key| @headers[key] }.compact.first
+      end
+      def save_headers
+        @headers = fetch_headers
+      end
+    end
+  end
+end

data/lib/api_auth/request_drivers/http.rb ADDED

@@ -0,0 +1,96 @@
+module ApiAuth
+  module RequestDrivers # :nodoc:
+    class HttpRequest # :nodoc:
+      include ApiAuth::Helpers
+      def initialize(request)
+        @request = request
+      end
+      def set_auth_header(header)
+        @request['Authorization'] = header
+        @request
+      end
+      def calculated_md5
+        md5_base64digest(body)
+      end
+      def populate_content_md5
+        return unless %w[POST PUT].include?(http_method)
+        @request['Content-MD5'] = calculated_md5
+      end
+      def md5_mismatch?
+        if %w[POST PUT].include?(http_method)
+          calculated_md5 != content_md5
+        else
+          false
+        end
+      end
+      def http_method
+        @request.verb.to_s.upcase
+      end
+      def content_type
+        find_header(%w[CONTENT-TYPE CONTENT_TYPE HTTP_CONTENT_TYPE])
+      end
+      def content_md5
+        find_header(%w[CONTENT-MD5 CONTENT_MD5])
+      end
+      def original_uri
+        find_header(%w[X-ORIGINAL-URI X_ORIGINAL_URI HTTP_X_ORIGINAL_URI])
+      end
+      def request_uri
+        @request.uri.request_uri
+      end
+      def set_date
+        @request['Date'] = Time.now.utc.httpdate
+      end
+      def timestamp
+        find_header(%w[DATE HTTP_DATE])
+      end
+      def authorization_header
+        find_header %w[Authorization AUTHORIZATION HTTP_AUTHORIZATION]
+      end
+      def body
+        if body_source.respond_to?(:read)
+          result = body_source.read
+          body_source.rewind
+          result
+        else
+          body_source.to_s
+        end
+      end
+      def fetch_headers
+        capitalize_keys @request.headers.to_h
+      end
+      private
+      def find_header(keys)
+        keys.map { |key| @request[key] }.compact.first
+      end
+      def body_source
+        body = @request.body
+        if defined?(::HTTP::Request::Body)
+          body.respond_to?(:source) ? body.source : body.instance_variable_get(:@body)
+        else
+          body
+        end
+      end
+    end
+  end
+end