api-auth 2.2.1 → 2.5.0

data/spec/request_drivers/action_controller_spec.rb

@@ -11,7 +11,7 @@ if defined?(ActionController::Request)
         'PATH_INFO' => '/resource.xml',
         'QUERY_STRING' => 'foo=bar&bar=foo',
         'REQUEST_METHOD' => 'PUT',
-        'CONTENT_MD5' => '1B2M2Y8AsgTpgAmY7PhCfg==',
+        'X-Authorization-Content-SHA256' => '47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=',
         'CONTENT_TYPE' => 'text/plain',
         'CONTENT_LENGTH' => '11',
         'HTTP_DATE' => timestamp,
@@ -26,8 +26,8 @@ if defined?(ActionController::Request)
         expect(driven_request.content_type).to eq('text/plain')
       end
 
-      it 'gets the content_md5' do
-        expect(driven_request.content_md5).to eq('1B2M2Y8AsgTpgAmY7PhCfg==')
+      it 'gets the content_hash' do
+        expect(driven_request.content_hash).to eq('47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=')
       end
 
       it 'gets the request_uri' do
@@ -42,15 +42,15 @@ if defined?(ActionController::Request)
         expect(driven_request.authorization_header).to eq('APIAuth 1044:12345')
       end
 
-      describe '#calculated_md5' do
-        it 'calculates md5 from the body' do
-          expect(driven_request.calculated_md5).to eq('kZXQvrKoieG+Be1rsZVINw==')
+      describe '#calculated_hash' do
+        it 'calculates hash from the body' do
+          expect(driven_request.calculated_hash).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
         end
 
         it 'treats no body as empty string' do
           request.env['rack.input'] = StringIO.new
           request.env['CONTENT_LENGTH'] = 0
-          expect(driven_request.calculated_md5).to eq('1B2M2Y8AsgTpgAmY7PhCfg==')
+          expect(driven_request.calculated_hash).to eq('47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=')
         end
       end
 
@@ -80,55 +80,55 @@ if defined?(ActionController::Request)
     describe 'setting headers correctly' do
       let(:request) do
         ActionController::Request.new(
-          'PATH_INFO'      => '/resource.xml',
-          'QUERY_STRING'   => 'foo=bar&bar=foo',
+          'PATH_INFO' => '/resource.xml',
+          'QUERY_STRING' => 'foo=bar&bar=foo',
           'REQUEST_METHOD' => 'PUT',
-          'CONTENT_TYPE'   => 'text/plain',
+          'CONTENT_TYPE' => 'text/plain',
           'CONTENT_LENGTH' => '11',
-          'rack.input'     => StringIO.new("hello\nworld")
+          'rack.input' => StringIO.new("hello\nworld")
         )
       end
 
-      describe '#populate_content_md5' do
+      describe '#populate_content_hash' do
         context 'when getting' do
-          it "doesn't populate content-md5" do
+          it "doesn't populate content hash" do
             request.env['REQUEST_METHOD'] = 'GET'
-            driven_request.populate_content_md5
-            expect(request.env['Content-MD5']).to be_nil
+            driven_request.populate_content_hash
+            expect(request.env['X-Authorization-Content-SHA256']).to be_nil
           end
         end
 
         context 'when posting' do
-          it 'populates content-md5' do
+          it 'populates content hash' do
             request.env['REQUEST_METHOD'] = 'POST'
-            driven_request.populate_content_md5
-            expect(request.env['Content-MD5']).to eq('kZXQvrKoieG+Be1rsZVINw==')
+            driven_request.populate_content_hash
+            expect(request.env['X-Authorization-Content-SHA256']).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
           end
 
           it 'refreshes the cached headers' do
-            driven_request.populate_content_md5
-            expect(driven_request.content_md5).to eq('kZXQvrKoieG+Be1rsZVINw==')
+            driven_request.populate_content_hash
+            expect(driven_request.content_hash).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
           end
         end
 
         context 'when putting' do
-          it 'populates content-md5' do
+          it 'populates content hash' do
             request.env['REQUEST_METHOD'] = 'PUT'
-            driven_request.populate_content_md5
-            expect(request.env['Content-MD5']).to eq('kZXQvrKoieG+Be1rsZVINw==')
+            driven_request.populate_content_hash
+            expect(request.env['X-Authorization-Content-SHA256']).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
           end
 
           it 'refreshes the cached headers' do
-            driven_request.populate_content_md5
-            expect(driven_request.content_md5).to eq('kZXQvrKoieG+Be1rsZVINw==')
+            driven_request.populate_content_hash
+            expect(driven_request.content_hash).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
           end
         end
 
         context 'when deleting' do
-          it "doesn't populate content-md5" do
+          it "doesn't populate content hash" do
             request.env['REQUEST_METHOD'] = 'DELETE'
-            driven_request.populate_content_md5
-            expect(request.env['Content-MD5']).to be_nil
+            driven_request.populate_content_hash
+            expect(request.env['X-Authorization-Content-SHA256']).to be_nil
           end
         end
       end
@@ -157,14 +157,14 @@ if defined?(ActionController::Request)
       end
     end
 
-    describe 'md5_mismatch?' do
+    describe 'content_hash_mismatch?' do
       context 'when getting' do
         before do
           request.env['REQUEST_METHOD'] = 'GET'
         end
 
         it 'is false' do
-          expect(driven_request.md5_mismatch?).to be false
+          expect(driven_request.content_hash_mismatch?).to be false
         end
       end
 
@@ -175,21 +175,21 @@ if defined?(ActionController::Request)
 
         context 'when calculated matches sent' do
           before do
-            request.env['CONTENT_MD5'] = 'kZXQvrKoieG+Be1rsZVINw=='
+            request.env['X-Authorization-Content-SHA256'] = 'JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g='
           end
 
           it 'is false' do
-            expect(driven_request.md5_mismatch?).to be false
+            expect(driven_request.content_hash_mismatch?).to be false
           end
         end
 
         context "when calculated doesn't match sent" do
           before do
-            request.env['CONTENT_MD5'] = '3'
+            request.env['X-Authorization-Content-SHA256'] = '3'
           end
 
           it 'is true' do
-            expect(driven_request.md5_mismatch?).to be true
+            expect(driven_request.content_hash_mismatch?).to be true
           end
         end
       end
@@ -201,21 +201,21 @@ if defined?(ActionController::Request)
 
         context 'when calculated matches sent' do
           before do
-            request.env['CONTENT_MD5'] = 'kZXQvrKoieG+Be1rsZVINw=='
+            request.env['X-Authorization-Content-SHA256'] = 'JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g='
           end
 
           it 'is false' do
-            expect(driven_request.md5_mismatch?).to be false
+            expect(driven_request.content_hash_mismatch?).to be false
           end
         end
 
         context "when calculated doesn't match sent" do
           before do
-            request.env['CONTENT_MD5'] = '3'
+            request.env['X-Authorization-Content-SHA256'] = '3'
           end
 
           it 'is true' do
-            expect(driven_request.md5_mismatch?).to be true
+            expect(driven_request.content_hash_mismatch?).to be true
           end
         end
       end
@@ -226,9 +226,15 @@ if defined?(ActionController::Request)
         end
 
         it 'is false' do
-          expect(driven_request.md5_mismatch?).to be false
+          expect(driven_request.content_hash_mismatch?).to be false
         end
       end
     end
   end
+
+  describe 'fetch_headers' do
+    it 'returns request headers' do
+      expect(driven_request.fetch_headers).to include('CONTENT-TYPE' => 'text/plain')
+    end
+  end
 end

data/spec/request_drivers/action_dispatch_spec.rb

@@ -7,15 +7,15 @@ if defined?(ActionDispatch::Request)
 
     let(:request) do
       ActionDispatch::Request.new(
-        'AUTHORIZATION'  => 'APIAuth 1044:12345',
-        'PATH_INFO'      => '/resource.xml',
-        'QUERY_STRING'   => 'foo=bar&bar=foo',
+        'AUTHORIZATION' => 'APIAuth 1044:12345',
+        'PATH_INFO' => '/resource.xml',
+        'QUERY_STRING' => 'foo=bar&bar=foo',
         'REQUEST_METHOD' => 'PUT',
-        'CONTENT_MD5'    => '1B2M2Y8AsgTpgAmY7PhCfg==',
-        'CONTENT_TYPE'   => 'text/plain',
+        'X-Authorization-Content-SHA256' => '47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=',
+        'CONTENT_TYPE' => 'text/plain',
         'CONTENT_LENGTH' => '11',
-        'HTTP_DATE'      => timestamp,
-        'rack.input'     => StringIO.new("hello\nworld")
+        'HTTP_DATE' => timestamp,
+        'rack.input' => StringIO.new("hello\nworld")
       )
     end
 
@@ -26,8 +26,8 @@ if defined?(ActionDispatch::Request)
         expect(driven_request.content_type).to eq('text/plain')
       end
 
-      it 'gets the content_md5' do
-        expect(driven_request.content_md5).to eq('1B2M2Y8AsgTpgAmY7PhCfg==')
+      it 'gets the content_hash' do
+        expect(driven_request.content_hash).to eq('47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=')
       end
 
       it 'gets the request_uri' do
@@ -42,15 +42,15 @@ if defined?(ActionDispatch::Request)
         expect(driven_request.authorization_header).to eq('APIAuth 1044:12345')
       end
 
-      describe '#calculated_md5' do
-        it 'calculates md5 from the body' do
-          expect(driven_request.calculated_md5).to eq('kZXQvrKoieG+Be1rsZVINw==')
+      describe '#calculated_hash' do
+        it 'calculates hash from the body' do
+          expect(driven_request.calculated_hash).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
         end
 
         it 'treats no body as empty string' do
           request.env['rack.input'] = StringIO.new
           request.env['CONTENT_LENGTH'] = 0
-          expect(driven_request.calculated_md5).to eq('1B2M2Y8AsgTpgAmY7PhCfg==')
+          expect(driven_request.calculated_hash).to eq('47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=')
         end
       end
 
@@ -80,55 +80,55 @@ if defined?(ActionDispatch::Request)
     describe 'setting headers correctly' do
       let(:request) do
         ActionDispatch::Request.new(
-          'PATH_INFO'      => '/resource.xml',
-          'QUERY_STRING'   => 'foo=bar&bar=foo',
+          'PATH_INFO' => '/resource.xml',
+          'QUERY_STRING' => 'foo=bar&bar=foo',
           'REQUEST_METHOD' => 'PUT',
-          'CONTENT_TYPE'   => 'text/plain',
+          'CONTENT_TYPE' => 'text/plain',
           'CONTENT_LENGTH' => '11',
-          'rack.input'     => StringIO.new("hello\nworld")
+          'rack.input' => StringIO.new("hello\nworld")
         )
       end
 
-      describe '#populate_content_md5' do
+      describe '#populate_content_hash' do
         context 'when getting' do
-          it "doesn't populate content-md5" do
+          it "doesn't populate content hash" do
             request.env['REQUEST_METHOD'] = 'GET'
-            driven_request.populate_content_md5
-            expect(request.env['Content-MD5']).to be_nil
+            driven_request.populate_content_hash
+            expect(request.env['X-AUTHORIZATION-CONTENT-SHA256']).to be_nil
           end
         end
 
         context 'when posting' do
-          it 'populates content-md5' do
+          it 'populates content hash' do
             request.env['REQUEST_METHOD'] = 'POST'
-            driven_request.populate_content_md5
-            expect(request.env['Content-MD5']).to eq('kZXQvrKoieG+Be1rsZVINw==')
+            driven_request.populate_content_hash
+            expect(request.env['X-AUTHORIZATION-CONTENT-SHA256']).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
           end
 
           it 'refreshes the cached headers' do
-            driven_request.populate_content_md5
-            expect(driven_request.content_md5).to eq('kZXQvrKoieG+Be1rsZVINw==')
+            driven_request.populate_content_hash
+            expect(driven_request.content_hash).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
           end
         end
 
         context 'when putting' do
-          it 'populates content-md5' do
+          it 'populates content hash' do
             request.env['REQUEST_METHOD'] = 'PUT'
-            driven_request.populate_content_md5
-            expect(request.env['Content-MD5']).to eq('kZXQvrKoieG+Be1rsZVINw==')
+            driven_request.populate_content_hash
+            expect(request.env['X-AUTHORIZATION-CONTENT-SHA256']).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
           end
 
           it 'refreshes the cached headers' do
-            driven_request.populate_content_md5
-            expect(driven_request.content_md5).to eq('kZXQvrKoieG+Be1rsZVINw==')
+            driven_request.populate_content_hash
+            expect(driven_request.content_hash).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
           end
         end
 
         context 'when deleting' do
-          it "doesn't populate content-md5" do
+          it "doesn't populate content hash" do
             request.env['REQUEST_METHOD'] = 'DELETE'
-            driven_request.populate_content_md5
-            expect(request.env['Content-MD5']).to be_nil
+            driven_request.populate_content_hash
+            expect(request.env['X-AUTHORIZATION-CONTENT-SHA256']).to be_nil
           end
         end
       end
@@ -157,14 +157,14 @@ if defined?(ActionDispatch::Request)
       end
     end
 
-    describe 'md5_mismatch?' do
+    describe 'content_hash_mismatch?' do
       context 'when getting' do
         before do
           request.env['REQUEST_METHOD'] = 'GET'
         end
 
         it 'is false' do
-          expect(driven_request.md5_mismatch?).to be false
+          expect(driven_request.content_hash_mismatch?).to be false
         end
       end
 
@@ -175,21 +175,21 @@ if defined?(ActionDispatch::Request)
 
         context 'when calculated matches sent' do
           before do
-            request.env['CONTENT_MD5'] = 'kZXQvrKoieG+Be1rsZVINw=='
+            request.env['X-AUTHORIZATION-CONTENT-SHA256'] = 'JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g='
           end
 
           it 'is false' do
-            expect(driven_request.md5_mismatch?).to be false
+            expect(driven_request.content_hash_mismatch?).to be false
           end
         end
 
         context "when calculated doesn't match sent" do
           before do
-            request.env['CONTENT_MD5'] = '3'
+            request.env['X-AUTHORIZATION-CONTENT-SHA256'] = '3'
           end
 
           it 'is true' do
-            expect(driven_request.md5_mismatch?).to be true
+            expect(driven_request.content_hash_mismatch?).to be true
           end
         end
       end
@@ -201,21 +201,21 @@ if defined?(ActionDispatch::Request)
 
         context 'when calculated matches sent' do
           before do
-            request.env['CONTENT_MD5'] = 'kZXQvrKoieG+Be1rsZVINw=='
+            request.env['X-AUTHORIZATION-CONTENT-SHA256'] = 'JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g='
           end
 
           it 'is false' do
-            expect(driven_request.md5_mismatch?).to be false
+            expect(driven_request.content_hash_mismatch?).to be false
           end
         end
 
         context "when calculated doesn't match sent" do
           before do
-            request.env['CONTENT_MD5'] = '3'
+            request.env['X-AUTHORIZATION-CONTENT-SHA256'] = '3'
           end
 
           it 'is true' do
-            expect(driven_request.md5_mismatch?).to be true
+            expect(driven_request.content_hash_mismatch?).to be true
           end
         end
       end
@@ -226,9 +226,15 @@ if defined?(ActionDispatch::Request)
         end
 
         it 'is false' do
-          expect(driven_request.md5_mismatch?).to be false
+          expect(driven_request.content_hash_mismatch?).to be false
         end
       end
     end
+
+    describe 'fetch_headers' do
+      it 'returns request headers' do
+        expect(driven_request.fetch_headers).to include('CONTENT_TYPE' => 'text/plain')
+      end
+    end
   end
 end

data/spec/request_drivers/curb_spec.rb

@@ -6,9 +6,9 @@ describe ApiAuth::RequestDrivers::CurbRequest do
   let(:request) do
     headers = {
       'Authorization' => 'APIAuth 1044:12345',
-      'Content-MD5'   => '1B2M2Y8AsgTpgAmY7PhCfg==',
-      'Content-Type'  => 'text/plain',
-      'Date'          => timestamp
+      'X-Authorization-Content-SHA256' => '47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=',
+      'Content-Type' => 'text/plain',
+      'Date' => timestamp
     }
     Curl::Easy.new('/resource.xml?foo=bar&bar=foo') do |curl|
       curl.headers = headers
@@ -22,8 +22,8 @@ describe ApiAuth::RequestDrivers::CurbRequest do
       expect(driven_request.content_type).to eq('text/plain')
     end
 
-    it 'gets the content_md5' do
-      expect(driven_request.content_md5).to eq('1B2M2Y8AsgTpgAmY7PhCfg==')
+    it 'gets the content_hash' do
+      expect(driven_request.content_hash).to eq('47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=')
     end
 
     it 'gets the request_uri' do
@@ -55,10 +55,10 @@ describe ApiAuth::RequestDrivers::CurbRequest do
       end
     end
 
-    describe '#populate_content_md5' do
+    describe '#populate_content_hash' do
       it 'is a no-op' do
-        expect(driven_request.populate_content_md5).to be_nil
-        expect(request.headers['Content-MD5']).to be_nil
+        expect(driven_request.populate_content_hash).to be_nil
+        expect(request.headers['X-Authorization-Content-SHA256']).to be_nil
       end
     end
 
@@ -86,9 +86,15 @@ describe ApiAuth::RequestDrivers::CurbRequest do
     end
   end
 
-  describe 'md5_mismatch?' do
+  describe 'content_hash_mismatch?' do
     it 'is always false' do
-      expect(driven_request.md5_mismatch?).to be false
+      expect(driven_request.content_hash_mismatch?).to be false
+    end
+  end
+
+  describe 'fetch_headers' do
+    it 'returns request headers' do
+      expect(driven_request.fetch_headers).to include('CONTENT-TYPE' => 'text/plain')
     end
   end
 end