api-auth 2.2.0 → 2.4.1

data/spec/request_drivers/http_spec.rb

@@ -0,0 +1,190 @@
+require 'spec_helper'
+
+describe ApiAuth::RequestDrivers::HttpRequest do
+  let(:timestamp) { Time.now.utc.httpdate }
+
+  let(:request) do
+    HTTP::Request.new(
+      verb: verb,
+      uri: uri,
+      headers: headers,
+      body: body
+    )
+  end
+
+  let(:verb) { :put }
+  let(:uri) { 'http://localhost/resource.xml?foo=bar&bar=foo' }
+  let(:body) { "hello\nworld" }
+
+  let(:headers) do
+    {
+      'Authorization' => 'APIAuth 1044:12345',
+      'content-md5' => '1B2M2Y8AsgTpgAmY7PhCfg==',
+      'content-type' => 'text/plain',
+      'date' => timestamp
+    }
+  end
+
+  subject(:driven_request) { described_class.new(request) }
+
+  describe 'getting headers correctly' do
+    it 'gets the content_type' do
+      expect(driven_request.content_type).to eq('text/plain')
+    end
+
+    it 'gets the content_md5' do
+      expect(driven_request.content_md5).to eq('1B2M2Y8AsgTpgAmY7PhCfg==')
+    end
+
+    it 'gets the request_uri' do
+      expect(driven_request.request_uri).to eq('/resource.xml?foo=bar&bar=foo')
+    end
+
+    it 'gets the timestamp' do
+      expect(driven_request.timestamp).to eq(timestamp)
+    end
+
+    it 'gets the authorization_header' do
+      expect(driven_request.authorization_header).to eq('APIAuth 1044:12345')
+    end
+
+    describe '#calculated_md5' do
+      it 'calculates md5 from the body' do
+        expect(driven_request.calculated_md5).to eq('kZXQvrKoieG+Be1rsZVINw==')
+        expect(driven_request.body.bytesize).to eq(11)
+      end
+
+      context 'no body' do
+        let(:body) { nil }
+
+        it 'treats no body as empty string' do
+          expect(driven_request.calculated_md5).to eq('1B2M2Y8AsgTpgAmY7PhCfg==')
+          expect(driven_request.body.bytesize).to eq(0)
+        end
+      end
+
+      context 'multipart content' do
+        let(:body) { File.new('spec/fixtures/upload.png') }
+
+        it 'calculates correctly for multipart content' do
+          expect(driven_request.calculated_md5).to eq('k4U8MTA3RHDcewBzymVNEQ==')
+          expect(driven_request.body.bytesize).to eq(5112)
+        end
+      end
+    end
+
+    describe 'http_method' do
+      context 'when put request' do
+        let(:verb) { :put }
+
+        it 'returns upcased put' do
+          expect(driven_request.http_method).to eq('PUT')
+        end
+      end
+
+      context 'when get request' do
+        let(:verb) { :get }
+
+        it 'returns upcased get' do
+          expect(driven_request.http_method).to eq('GET')
+        end
+      end
+    end
+  end
+
+  describe 'setting headers correctly' do
+    let(:headers) do
+      {
+        'content-type' => 'text/plain'
+      }
+    end
+
+    describe '#populate_content_md5' do
+      context 'when request type has no body' do
+        let(:verb) { :get }
+
+        it "doesn't populate content-md5" do
+          driven_request.populate_content_md5
+          expect(request['Content-MD5']).to be_nil
+        end
+      end
+
+      context 'when request type has a body' do
+        let(:verb) { :put }
+
+        it 'populates content-md5' do
+          driven_request.populate_content_md5
+          expect(request['Content-MD5']).to eq('kZXQvrKoieG+Be1rsZVINw==')
+        end
+
+        it 'refreshes the cached headers' do
+          driven_request.populate_content_md5
+          expect(driven_request.content_md5).to eq('kZXQvrKoieG+Be1rsZVINw==')
+        end
+      end
+    end
+
+    describe '#set_date' do
+      before do
+        allow(Time).to receive_message_chain(:now, :utc, :httpdate).and_return(timestamp)
+      end
+
+      it 'sets the date header of the request' do
+        driven_request.set_date
+        expect(request['DATE']).to eq(timestamp)
+      end
+
+      it 'refreshes the cached headers' do
+        driven_request.set_date
+        expect(driven_request.timestamp).to eq(timestamp)
+      end
+    end
+
+    describe '#set_auth_header' do
+      it 'sets the auth header' do
+        driven_request.set_auth_header('APIAuth 1044:54321')
+        expect(request['Authorization']).to eq('APIAuth 1044:54321')
+      end
+    end
+  end
+
+  describe 'md5_mismatch?' do
+    context 'when request type has no body' do
+      let(:verb) { :get }
+
+      it 'is false' do
+        expect(driven_request.md5_mismatch?).to be false
+      end
+    end
+
+    context 'when request type has a body' do
+      let(:verb) { :put }
+
+      context 'when calculated matches sent' do
+        before do
+          request['Content-MD5'] = 'kZXQvrKoieG+Be1rsZVINw=='
+        end
+
+        it 'is false' do
+          expect(driven_request.md5_mismatch?).to be false
+        end
+      end
+
+      context "when calculated doesn't match sent" do
+        before do
+          request['Content-MD5'] = '3'
+        end
+
+        it 'is true' do
+          expect(driven_request.md5_mismatch?).to be true
+        end
+      end
+    end
+  end
+
+  describe 'fetch_headers' do
+    it 'returns request headers' do
+      expect(driven_request.fetch_headers).to include('CONTENT-TYPE' => 'text/plain')
+    end
+  end
+end

data/spec/request_drivers/httpi_spec.rb

@@ -151,4 +151,10 @@ describe ApiAuth::RequestDrivers::HttpiRequest do
       end
     end
   end
+
+  describe 'fetch_headers' do
+    it 'returns request headers' do
+      expect(driven_request.fetch_headers).to include('CONTENT-TYPE' => 'text/plain')
+    end
+  end
 end

data/spec/request_drivers/net_http_spec.rb

@@ -193,4 +193,10 @@ describe ApiAuth::RequestDrivers::NetHttpRequest do
       end
     end
   end
+
+  describe 'fetch_headers' do
+    it 'returns request headers' do
+      expect(driven_request.fetch_headers).to include('content-type' => ['text/plain'])
+    end
+  end
 end

data/spec/request_drivers/rack_spec.rb

@@ -301,4 +301,10 @@ describe ApiAuth::RequestDrivers::RackRequest do
       end
     end
   end
+
+  describe 'fetch_headers' do
+    it 'returns request headers' do
+      expect(driven_request.fetch_headers).to include('CONTENT-TYPE' => 'text/plain')
+    end
+  end
 end

data/spec/request_drivers/rest_client_spec.rb

@@ -3,7 +3,7 @@ require 'spec_helper'
 describe ApiAuth::RequestDrivers::RestClientRequest do
   let(:timestamp) { Time.now.utc.httpdate }
 
-  let(:request_path) { '/resource.xml?foo=bar&bar=foo' }
+  let(:request_path) { 'http://localhost/resource.xml?foo=bar&bar=foo' }
 
   let(:request_headers) do
     {
@@ -16,7 +16,7 @@ describe ApiAuth::RequestDrivers::RestClientRequest do
 
   let(:request) do
     RestClient::Request.new(
-      url: '/resource.xml?foo=bar&bar=foo',
+      url: 'http://localhost/resource.xml?foo=bar&bar=foo',
       headers: request_headers,
       method: :put,
       payload: "hello\nworld"
@@ -35,7 +35,7 @@ describe ApiAuth::RequestDrivers::RestClientRequest do
     end
 
     it 'gets the request_uri' do
-      expect(driven_request.request_uri).to eq('/resource.xml?foo=bar&bar=foo')
+      expect(driven_request.request_uri).to eq('http://localhost/resource.xml?foo=bar&bar=foo')
     end
 
     it 'gets the timestamp' do
@@ -53,7 +53,7 @@ describe ApiAuth::RequestDrivers::RestClientRequest do
 
       it 'treats no body as empty string' do
         request = RestClient::Request.new(
-          url: '/resource.xml?foo=bar&bar=foo',
+          url: 'http://localhost/resource.xml?foo=bar&bar=foo',
           headers: request_headers,
           method: :put
         )
@@ -66,7 +66,7 @@ describe ApiAuth::RequestDrivers::RestClientRequest do
       context 'when put request' do
         let(:request) do
           RestClient::Request.new(
-            url: '/resource.xml?foo=bar&bar=foo',
+            url: 'http://localhost/resource.xml?foo=bar&bar=foo',
             headers: request_headers,
             method: :put
           )
@@ -80,7 +80,7 @@ describe ApiAuth::RequestDrivers::RestClientRequest do
       context 'when get request' do
         let(:request) do
           RestClient::Request.new(
-            url: '/resource.xml?foo=bar&bar=foo',
+            url: 'http://localhost/resource.xml?foo=bar&bar=foo',
             headers: request_headers,
             method: :get
           )
@@ -104,7 +104,7 @@ describe ApiAuth::RequestDrivers::RestClientRequest do
       context 'when getting' do
         let(:request) do
           RestClient::Request.new(
-            url: '/resource.xml?foo=bar&bar=foo',
+            url: 'http://localhost/resource.xml?foo=bar&bar=foo',
             headers: request_headers,
             method: :get
           )
@@ -119,7 +119,7 @@ describe ApiAuth::RequestDrivers::RestClientRequest do
       context 'when posting' do
         let(:request) do
           RestClient::Request.new(
-            url: '/resource.xml?foo=bar&bar=foo',
+            url: 'http://localhost/resource.xml?foo=bar&bar=foo',
             headers: request_headers,
             method: :post,
             payload: "hello\nworld"
@@ -140,7 +140,7 @@ describe ApiAuth::RequestDrivers::RestClientRequest do
       context 'when putting' do
         let(:request) do
           RestClient::Request.new(
-            url: '/resource.xml?foo=bar&bar=foo',
+            url: 'http://localhost/resource.xml?foo=bar&bar=foo',
             headers: request_headers,
             method: :put,
             payload: "hello\nworld"
@@ -161,7 +161,7 @@ describe ApiAuth::RequestDrivers::RestClientRequest do
       context 'when deleting' do
         let(:request) do
           RestClient::Request.new(
-            url: '/resource.xml?foo=bar&bar=foo',
+            url: 'http://localhost/resource.xml?foo=bar&bar=foo',
             headers: request_headers,
             method: :delete
           )
@@ -203,7 +203,7 @@ describe ApiAuth::RequestDrivers::RestClientRequest do
     context 'when getting' do
       let(:request) do
         RestClient::Request.new(
-          url: '/resource.xml?foo=bar&bar=foo',
+          url: 'http://localhost/resource.xml?foo=bar&bar=foo',
           headers: request_headers,
           method: :get
         )
@@ -217,7 +217,7 @@ describe ApiAuth::RequestDrivers::RestClientRequest do
     context 'when posting' do
       let(:request) do
         RestClient::Request.new(
-          url: '/resource.xml?foo=bar&bar=foo',
+          url: 'http://localhost/resource.xml?foo=bar&bar=foo',
           headers: request_headers,
           method: :post,
           payload: "hello\nworld"
@@ -258,7 +258,7 @@ describe ApiAuth::RequestDrivers::RestClientRequest do
     context 'when putting' do
       let(:request) do
         RestClient::Request.new(
-          url: '/resource.xml?foo=bar&bar=foo',
+          url: 'http://localhost/resource.xml?foo=bar&bar=foo',
           headers: request_headers,
           method: :put,
           payload: "hello\nworld"
@@ -299,7 +299,7 @@ describe ApiAuth::RequestDrivers::RestClientRequest do
     context 'when deleting' do
       let(:request) do
         RestClient::Request.new(
-          url: '/resource.xml?foo=bar&bar=foo',
+          url: 'http://localhost/resource.xml?foo=bar&bar=foo',
           headers: request_headers,
           method: :delete
         )
@@ -311,16 +311,94 @@ describe ApiAuth::RequestDrivers::RestClientRequest do
     end
   end
 
+  describe 'authentics?' do
+    context 'when getting' do
+      let(:request) do
+        RestClient::Request.new(
+          url: 'http://localhost/resource.xml?foo=bar&bar=foo',
+          method: :get
+        )
+      end
+
+      let(:signed_request) do
+        ApiAuth.sign!(request, '1044', '123')
+      end
+
+      it 'validates that the signature in the request header matches the way we sign it' do
+        expect(ApiAuth.authentic?(signed_request, '123')).to eq true
+      end
+    end
+
+    context 'when posting' do
+      let(:request) do
+        RestClient::Request.new(
+          url: 'http://localhost/resource.xml?foo=bar&bar=foo',
+          method: :post,
+          payload: "hello\nworld"
+        )
+      end
+
+      let(:signed_request) do
+        ApiAuth.sign!(request, '1044', '123')
+      end
+
+      it 'validates that the signature in the request header matches the way we sign it' do
+        expect(ApiAuth.authentic?(signed_request, '123')).to eq true
+      end
+    end
+
+    context 'when putting' do
+      let(:request) do
+        RestClient::Request.new(
+          url: 'http://localhost/resource.xml?foo=bar&bar=foo',
+          method: :put,
+          payload: "hello\nworld"
+        )
+      end
+
+      let(:signed_request) do
+        ApiAuth.sign!(request, '1044', '123')
+      end
+
+      it 'validates that the signature in the request header matches the way we sign it' do
+        expect(ApiAuth.authentic?(signed_request, '123')).to eq true
+      end
+    end
+
+    context 'when deleting' do
+      let(:request) do
+        RestClient::Request.new(
+          url: 'http://localhost/resource.xml?foo=bar&bar=foo',
+          method: :delete
+        )
+      end
+
+      let(:signed_request) do
+        ApiAuth.sign!(request, '1044', '123')
+      end
+
+      it 'validates that the signature in the request header matches the way we sign it' do
+        expect(ApiAuth.authentic?(signed_request, '123')).to eq true
+      end
+    end
+  end
+
   describe 'edge cases' do
     it "doesn't mess up symbol based headers" do
       headers = { 'Content-MD5' => 'e59ff97941044f85df5297e1c302d260',
                   :content_type => 'text/plain',
                   'Date' => 'Mon, 23 Jan 1984 03:29:56 GMT' }
-      request = RestClient::Request.new(url: '/resource.xml?foo=bar&bar=foo',
+      request = RestClient::Request.new(url: 'http://localhost/resource.xml?foo=bar&bar=foo',
                                         headers: headers,
                                         method: :put)
       ApiAuth.sign!(request, 'some access id', 'some secret key')
       expect(request.processed_headers).to have_key('Content-Type')
     end
   end
+
+  describe 'fetch_headers' do
+    it 'returns request headers' do
+      expect(driven_request.fetch_headers).to include('CONTENT-TYPE' => 'text/plain')
+    end
+  end
 end

data/spec/spec_helper.rb

@@ -13,13 +13,12 @@ require 'api_auth'
 require 'amatch'
 require 'rest_client'
 require 'curb'
+require 'http'
 require 'httpi'
 require 'faraday'
+require 'grape'
 require 'net/http/post/multipart'
 
 # Requires supporting files with custom matchers and macros, etc,
 # in ./support/ and its subdirectories.
-Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each { |f| require f }
-
-RSpec.configure do |config|
-end
+Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].sort.each { |f| require f }