RubyGems - api-auth - Versions diffs - 2.2.1 → 2.5.0 - Mend

api-auth 2.2.1 → 2.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (51) hide show

checksums.yaml +4 -4
data/.rubocop.yml +12 -2
data/.rubocop_todo.yml +51 -9
data/.travis.yml +9 -25
data/CHANGELOG.md +36 -0
data/Gemfile +1 -1
data/README.md +91 -50
data/VERSION +1 -1
data/api_auth.gemspec +7 -5
data/gemfiles/http4.gemfile +3 -3
data/gemfiles/rails_52.gemfile +9 -0
data/gemfiles/rails_60.gemfile +9 -0
data/gemfiles/rails_61.gemfile +11 -0
data/lib/api_auth.rb +1 -0
data/lib/api_auth/base.rb +4 -4
data/lib/api_auth/headers.rb +22 -11
data/lib/api_auth/helpers.rb +2 -2
data/lib/api_auth/railtie.rb +13 -5
data/lib/api_auth/request_drivers/action_controller.rb +9 -8
data/lib/api_auth/request_drivers/curb.rb +4 -4
data/lib/api_auth/request_drivers/faraday.rb +13 -12
data/lib/api_auth/request_drivers/grape_request.rb +87 -0
data/lib/api_auth/request_drivers/http.rb +13 -8
data/lib/api_auth/request_drivers/httpi.rb +9 -8
data/lib/api_auth/request_drivers/net_http.rb +9 -8
data/lib/api_auth/request_drivers/rack.rb +9 -8
data/lib/api_auth/request_drivers/rest_client.rb +9 -8
data/spec/api_auth_spec.rb +15 -8
data/spec/headers_spec.rb +51 -25
data/spec/helpers_spec.rb +1 -1
data/spec/railtie_spec.rb +3 -3
data/spec/request_drivers/action_controller_spec.rb +45 -39
data/spec/request_drivers/action_dispatch_spec.rb +51 -45
data/spec/request_drivers/curb_spec.rb +16 -10
data/spec/request_drivers/faraday_spec.rb +49 -43
data/spec/request_drivers/grape_request_spec.rb +280 -0
data/spec/request_drivers/http_spec.rb +29 -23
data/spec/request_drivers/httpi_spec.rb +28 -22
data/spec/request_drivers/net_http_spec.rb +29 -23
data/spec/request_drivers/rack_spec.rb +41 -35
data/spec/request_drivers/rest_client_spec.rb +42 -36
data/spec/spec_helper.rb +2 -1
metadata +51 -26
data/gemfiles/http2.gemfile +0 -7
data/gemfiles/http3.gemfile +0 -7
data/gemfiles/rails_4.gemfile +0 -11
data/gemfiles/rails_41.gemfile +0 -11
data/gemfiles/rails_42.gemfile +0 -11
data/gemfiles/rails_5.gemfile +0 -11
data/gemfiles/rails_51.gemfile +0 -9
data/spec/.rubocop.yml +0 -5

data/spec/request_drivers/action_controller_spec.rb CHANGED Viewed

@@ -11,7 +11,7 @@ if defined?(ActionController::Request)
         'PATH_INFO' => '/resource.xml',
         'QUERY_STRING' => 'foo=bar&bar=foo',
         'REQUEST_METHOD' => 'PUT',
-        'CONTENT_MD5' => '1B2M2Y8AsgTpgAmY7PhCfg==',
+        'X-Authorization-Content-SHA256' => '47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=',
         'CONTENT_TYPE' => 'text/plain',
         'CONTENT_LENGTH' => '11',
         'HTTP_DATE' => timestamp,
@@ -26,8 +26,8 @@ if defined?(ActionController::Request)
         expect(driven_request.content_type).to eq('text/plain')
       end
-      it 'gets the content_md5' do
-        expect(driven_request.content_md5).to eq('1B2M2Y8AsgTpgAmY7PhCfg==')
+      it 'gets the content_hash' do
+        expect(driven_request.content_hash).to eq('47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=')
       end
       it 'gets the request_uri' do
@@ -42,15 +42,15 @@ if defined?(ActionController::Request)
         expect(driven_request.authorization_header).to eq('APIAuth 1044:12345')
       end
-      describe '#calculated_md5' do
-        it 'calculates md5 from the body' do
-          expect(driven_request.calculated_md5).to eq('kZXQvrKoieG+Be1rsZVINw==')
+      describe '#calculated_hash' do
+        it 'calculates hash from the body' do
+          expect(driven_request.calculated_hash).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
         end
         it 'treats no body as empty string' do
           request.env['rack.input'] = StringIO.new
           request.env['CONTENT_LENGTH'] = 0
-          expect(driven_request.calculated_md5).to eq('1B2M2Y8AsgTpgAmY7PhCfg==')
+          expect(driven_request.calculated_hash).to eq('47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=')
         end
       end
@@ -80,55 +80,55 @@ if defined?(ActionController::Request)
     describe 'setting headers correctly' do
       let(:request) do
         ActionController::Request.new(
-          'PATH_INFO'      => '/resource.xml',
-          'QUERY_STRING'   => 'foo=bar&bar=foo',
+          'PATH_INFO' => '/resource.xml',
+          'QUERY_STRING' => 'foo=bar&bar=foo',
           'REQUEST_METHOD' => 'PUT',
-          'CONTENT_TYPE'   => 'text/plain',
+          'CONTENT_TYPE' => 'text/plain',
           'CONTENT_LENGTH' => '11',
-          'rack.input'     => StringIO.new("hello\nworld")
+          'rack.input' => StringIO.new("hello\nworld")
         )
       end
-      describe '#populate_content_md5' do
+      describe '#populate_content_hash' do
         context 'when getting' do
-          it "doesn't populate content-md5" do
+          it "doesn't populate content hash" do
             request.env['REQUEST_METHOD'] = 'GET'
-            driven_request.populate_content_md5
-            expect(request.env['Content-MD5']).to be_nil
+            driven_request.populate_content_hash
+            expect(request.env['X-Authorization-Content-SHA256']).to be_nil
           end
         end
         context 'when posting' do
-          it 'populates content-md5' do
+          it 'populates content hash' do
             request.env['REQUEST_METHOD'] = 'POST'
-            driven_request.populate_content_md5
-            expect(request.env['Content-MD5']).to eq('kZXQvrKoieG+Be1rsZVINw==')
+            driven_request.populate_content_hash
+            expect(request.env['X-Authorization-Content-SHA256']).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
           end
           it 'refreshes the cached headers' do
-            driven_request.populate_content_md5
-            expect(driven_request.content_md5).to eq('kZXQvrKoieG+Be1rsZVINw==')
+            driven_request.populate_content_hash
+            expect(driven_request.content_hash).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
           end
         end
         context 'when putting' do
-          it 'populates content-md5' do
+          it 'populates content hash' do
             request.env['REQUEST_METHOD'] = 'PUT'
-            driven_request.populate_content_md5
-            expect(request.env['Content-MD5']).to eq('kZXQvrKoieG+Be1rsZVINw==')
+            driven_request.populate_content_hash
+            expect(request.env['X-Authorization-Content-SHA256']).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
           end
           it 'refreshes the cached headers' do
-            driven_request.populate_content_md5
-            expect(driven_request.content_md5).to eq('kZXQvrKoieG+Be1rsZVINw==')
+            driven_request.populate_content_hash
+            expect(driven_request.content_hash).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
           end
         end
         context 'when deleting' do
-          it "doesn't populate content-md5" do
+          it "doesn't populate content hash" do
             request.env['REQUEST_METHOD'] = 'DELETE'
-            driven_request.populate_content_md5
-            expect(request.env['Content-MD5']).to be_nil
+            driven_request.populate_content_hash
+            expect(request.env['X-Authorization-Content-SHA256']).to be_nil
           end
         end
       end
@@ -157,14 +157,14 @@ if defined?(ActionController::Request)
       end
     end
-    describe 'md5_mismatch?' do
+    describe 'content_hash_mismatch?' do
       context 'when getting' do
         before do
           request.env['REQUEST_METHOD'] = 'GET'
         end
         it 'is false' do
-          expect(driven_request.md5_mismatch?).to be false
+          expect(driven_request.content_hash_mismatch?).to be false
         end
       end
@@ -175,21 +175,21 @@ if defined?(ActionController::Request)
         context 'when calculated matches sent' do
           before do
-            request.env['CONTENT_MD5'] = 'kZXQvrKoieG+Be1rsZVINw=='
+            request.env['X-Authorization-Content-SHA256'] = 'JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g='
           end
           it 'is false' do
-            expect(driven_request.md5_mismatch?).to be false
+            expect(driven_request.content_hash_mismatch?).to be false
           end
         end
         context "when calculated doesn't match sent" do
           before do
-            request.env['CONTENT_MD5'] = '3'
+            request.env['X-Authorization-Content-SHA256'] = '3'
           end
           it 'is true' do
-            expect(driven_request.md5_mismatch?).to be true
+            expect(driven_request.content_hash_mismatch?).to be true
           end
         end
       end
@@ -201,21 +201,21 @@ if defined?(ActionController::Request)
         context 'when calculated matches sent' do
           before do
-            request.env['CONTENT_MD5'] = 'kZXQvrKoieG+Be1rsZVINw=='
+            request.env['X-Authorization-Content-SHA256'] = 'JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g='
           end
           it 'is false' do
-            expect(driven_request.md5_mismatch?).to be false
+            expect(driven_request.content_hash_mismatch?).to be false
           end
         end
         context "when calculated doesn't match sent" do
           before do
-            request.env['CONTENT_MD5'] = '3'
+            request.env['X-Authorization-Content-SHA256'] = '3'
           end
           it 'is true' do
-            expect(driven_request.md5_mismatch?).to be true
+            expect(driven_request.content_hash_mismatch?).to be true
           end
         end
       end
@@ -226,9 +226,15 @@ if defined?(ActionController::Request)
         end
         it 'is false' do
-          expect(driven_request.md5_mismatch?).to be false
+          expect(driven_request.content_hash_mismatch?).to be false
         end
       end
     end
   end
+  describe 'fetch_headers' do
+    it 'returns request headers' do
+      expect(driven_request.fetch_headers).to include('CONTENT-TYPE' => 'text/plain')
+    end
+  end
 end

data/spec/request_drivers/action_dispatch_spec.rb CHANGED Viewed

@@ -7,15 +7,15 @@ if defined?(ActionDispatch::Request)
     let(:request) do
       ActionDispatch::Request.new(
-        'AUTHORIZATION'  => 'APIAuth 1044:12345',
-        'PATH_INFO'      => '/resource.xml',
-        'QUERY_STRING'   => 'foo=bar&bar=foo',
+        'AUTHORIZATION' => 'APIAuth 1044:12345',
+        'PATH_INFO' => '/resource.xml',
+        'QUERY_STRING' => 'foo=bar&bar=foo',
         'REQUEST_METHOD' => 'PUT',
-        'CONTENT_MD5'    => '1B2M2Y8AsgTpgAmY7PhCfg==',
-        'CONTENT_TYPE'   => 'text/plain',
+        'X-Authorization-Content-SHA256' => '47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=',
+        'CONTENT_TYPE' => 'text/plain',
         'CONTENT_LENGTH' => '11',
-        'HTTP_DATE'      => timestamp,
-        'rack.input'     => StringIO.new("hello\nworld")
+        'HTTP_DATE' => timestamp,
+        'rack.input' => StringIO.new("hello\nworld")
       )
     end
@@ -26,8 +26,8 @@ if defined?(ActionDispatch::Request)
         expect(driven_request.content_type).to eq('text/plain')
       end
-      it 'gets the content_md5' do
-        expect(driven_request.content_md5).to eq('1B2M2Y8AsgTpgAmY7PhCfg==')
+      it 'gets the content_hash' do
+        expect(driven_request.content_hash).to eq('47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=')
       end
       it 'gets the request_uri' do
@@ -42,15 +42,15 @@ if defined?(ActionDispatch::Request)
         expect(driven_request.authorization_header).to eq('APIAuth 1044:12345')
       end
-      describe '#calculated_md5' do
-        it 'calculates md5 from the body' do
-          expect(driven_request.calculated_md5).to eq('kZXQvrKoieG+Be1rsZVINw==')
+      describe '#calculated_hash' do
+        it 'calculates hash from the body' do
+          expect(driven_request.calculated_hash).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
         end
         it 'treats no body as empty string' do
           request.env['rack.input'] = StringIO.new
           request.env['CONTENT_LENGTH'] = 0
-          expect(driven_request.calculated_md5).to eq('1B2M2Y8AsgTpgAmY7PhCfg==')
+          expect(driven_request.calculated_hash).to eq('47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=')
         end
       end
@@ -80,55 +80,55 @@ if defined?(ActionDispatch::Request)
     describe 'setting headers correctly' do
       let(:request) do
         ActionDispatch::Request.new(
-          'PATH_INFO'      => '/resource.xml',
-          'QUERY_STRING'   => 'foo=bar&bar=foo',
+          'PATH_INFO' => '/resource.xml',
+          'QUERY_STRING' => 'foo=bar&bar=foo',
           'REQUEST_METHOD' => 'PUT',
-          'CONTENT_TYPE'   => 'text/plain',
+          'CONTENT_TYPE' => 'text/plain',
           'CONTENT_LENGTH' => '11',
-          'rack.input'     => StringIO.new("hello\nworld")
+          'rack.input' => StringIO.new("hello\nworld")
         )
       end
-      describe '#populate_content_md5' do
+      describe '#populate_content_hash' do
         context 'when getting' do
-          it "doesn't populate content-md5" do
+          it "doesn't populate content hash" do
             request.env['REQUEST_METHOD'] = 'GET'
-            driven_request.populate_content_md5
-            expect(request.env['Content-MD5']).to be_nil
+            driven_request.populate_content_hash
+            expect(request.env['X-AUTHORIZATION-CONTENT-SHA256']).to be_nil
           end
         end
         context 'when posting' do
-          it 'populates content-md5' do
+          it 'populates content hash' do
             request.env['REQUEST_METHOD'] = 'POST'
-            driven_request.populate_content_md5
-            expect(request.env['Content-MD5']).to eq('kZXQvrKoieG+Be1rsZVINw==')
+            driven_request.populate_content_hash
+            expect(request.env['X-AUTHORIZATION-CONTENT-SHA256']).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
           end
           it 'refreshes the cached headers' do
-            driven_request.populate_content_md5
-            expect(driven_request.content_md5).to eq('kZXQvrKoieG+Be1rsZVINw==')
+            driven_request.populate_content_hash
+            expect(driven_request.content_hash).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
           end
         end
         context 'when putting' do
-          it 'populates content-md5' do
+          it 'populates content hash' do
             request.env['REQUEST_METHOD'] = 'PUT'
-            driven_request.populate_content_md5
-            expect(request.env['Content-MD5']).to eq('kZXQvrKoieG+Be1rsZVINw==')
+            driven_request.populate_content_hash
+            expect(request.env['X-AUTHORIZATION-CONTENT-SHA256']).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
           end
           it 'refreshes the cached headers' do
-            driven_request.populate_content_md5
-            expect(driven_request.content_md5).to eq('kZXQvrKoieG+Be1rsZVINw==')
+            driven_request.populate_content_hash
+            expect(driven_request.content_hash).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
           end
         end
         context 'when deleting' do
-          it "doesn't populate content-md5" do
+          it "doesn't populate content hash" do
             request.env['REQUEST_METHOD'] = 'DELETE'
-            driven_request.populate_content_md5
-            expect(request.env['Content-MD5']).to be_nil
+            driven_request.populate_content_hash
+            expect(request.env['X-AUTHORIZATION-CONTENT-SHA256']).to be_nil
           end
         end
       end
@@ -157,14 +157,14 @@ if defined?(ActionDispatch::Request)
       end
     end
-    describe 'md5_mismatch?' do
+    describe 'content_hash_mismatch?' do
       context 'when getting' do
         before do
           request.env['REQUEST_METHOD'] = 'GET'
         end
         it 'is false' do
-          expect(driven_request.md5_mismatch?).to be false
+          expect(driven_request.content_hash_mismatch?).to be false
         end
       end
@@ -175,21 +175,21 @@ if defined?(ActionDispatch::Request)
         context 'when calculated matches sent' do
           before do
-            request.env['CONTENT_MD5'] = 'kZXQvrKoieG+Be1rsZVINw=='
+            request.env['X-AUTHORIZATION-CONTENT-SHA256'] = 'JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g='
           end
           it 'is false' do
-            expect(driven_request.md5_mismatch?).to be false
+            expect(driven_request.content_hash_mismatch?).to be false
           end
         end
         context "when calculated doesn't match sent" do
           before do
-            request.env['CONTENT_MD5'] = '3'
+            request.env['X-AUTHORIZATION-CONTENT-SHA256'] = '3'
           end
           it 'is true' do
-            expect(driven_request.md5_mismatch?).to be true
+            expect(driven_request.content_hash_mismatch?).to be true
           end
         end
       end
@@ -201,21 +201,21 @@ if defined?(ActionDispatch::Request)
         context 'when calculated matches sent' do
           before do
-            request.env['CONTENT_MD5'] = 'kZXQvrKoieG+Be1rsZVINw=='
+            request.env['X-AUTHORIZATION-CONTENT-SHA256'] = 'JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g='
           end
           it 'is false' do
-            expect(driven_request.md5_mismatch?).to be false
+            expect(driven_request.content_hash_mismatch?).to be false
           end
         end
         context "when calculated doesn't match sent" do
           before do
-            request.env['CONTENT_MD5'] = '3'
+            request.env['X-AUTHORIZATION-CONTENT-SHA256'] = '3'
           end
           it 'is true' do
-            expect(driven_request.md5_mismatch?).to be true
+            expect(driven_request.content_hash_mismatch?).to be true
           end
         end
       end
@@ -226,9 +226,15 @@ if defined?(ActionDispatch::Request)
         end
         it 'is false' do
-          expect(driven_request.md5_mismatch?).to be false
+          expect(driven_request.content_hash_mismatch?).to be false
         end
       end
     end
+    describe 'fetch_headers' do
+      it 'returns request headers' do
+        expect(driven_request.fetch_headers).to include('CONTENT_TYPE' => 'text/plain')
+      end
+    end
   end
 end

data/spec/request_drivers/curb_spec.rb CHANGED Viewed

@@ -6,9 +6,9 @@ describe ApiAuth::RequestDrivers::CurbRequest do
   let(:request) do
     headers = {
       'Authorization' => 'APIAuth 1044:12345',
-      'Content-MD5'   => '1B2M2Y8AsgTpgAmY7PhCfg==',
-      'Content-Type'  => 'text/plain',
-      'Date'          => timestamp
+      'X-Authorization-Content-SHA256' => '47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=',
+      'Content-Type' => 'text/plain',
+      'Date' => timestamp
     }
     Curl::Easy.new('/resource.xml?foo=bar&bar=foo') do |curl|
       curl.headers = headers
@@ -22,8 +22,8 @@ describe ApiAuth::RequestDrivers::CurbRequest do
       expect(driven_request.content_type).to eq('text/plain')
     end
-    it 'gets the content_md5' do
-      expect(driven_request.content_md5).to eq('1B2M2Y8AsgTpgAmY7PhCfg==')
+    it 'gets the content_hash' do
+      expect(driven_request.content_hash).to eq('47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=')
     end
     it 'gets the request_uri' do
@@ -55,10 +55,10 @@ describe ApiAuth::RequestDrivers::CurbRequest do
       end
     end
-    describe '#populate_content_md5' do
+    describe '#populate_content_hash' do
       it 'is a no-op' do
-        expect(driven_request.populate_content_md5).to be_nil
-        expect(request.headers['Content-MD5']).to be_nil
+        expect(driven_request.populate_content_hash).to be_nil
+        expect(request.headers['X-Authorization-Content-SHA256']).to be_nil
       end
     end
@@ -86,9 +86,15 @@ describe ApiAuth::RequestDrivers::CurbRequest do
     end
   end
-  describe 'md5_mismatch?' do
+  describe 'content_hash_mismatch?' do
     it 'is always false' do
-      expect(driven_request.md5_mismatch?).to be false
+      expect(driven_request.content_hash_mismatch?).to be false
+    end
+  end
+  describe 'fetch_headers' do
+    it 'returns request headers' do
+      expect(driven_request.fetch_headers).to include('CONTENT-TYPE' => 'text/plain')
     end
   end
 end