api-auth 2.2.1 → 2.5.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.rubocop.yml +12 -2
- data/.rubocop_todo.yml +51 -9
- data/.travis.yml +9 -25
- data/CHANGELOG.md +36 -0
- data/Gemfile +1 -1
- data/README.md +91 -50
- data/VERSION +1 -1
- data/api_auth.gemspec +7 -5
- data/gemfiles/http4.gemfile +3 -3
- data/gemfiles/rails_52.gemfile +9 -0
- data/gemfiles/rails_60.gemfile +9 -0
- data/gemfiles/rails_61.gemfile +11 -0
- data/lib/api_auth.rb +1 -0
- data/lib/api_auth/base.rb +4 -4
- data/lib/api_auth/headers.rb +22 -11
- data/lib/api_auth/helpers.rb +2 -2
- data/lib/api_auth/railtie.rb +13 -5
- data/lib/api_auth/request_drivers/action_controller.rb +9 -8
- data/lib/api_auth/request_drivers/curb.rb +4 -4
- data/lib/api_auth/request_drivers/faraday.rb +13 -12
- data/lib/api_auth/request_drivers/grape_request.rb +87 -0
- data/lib/api_auth/request_drivers/http.rb +13 -8
- data/lib/api_auth/request_drivers/httpi.rb +9 -8
- data/lib/api_auth/request_drivers/net_http.rb +9 -8
- data/lib/api_auth/request_drivers/rack.rb +9 -8
- data/lib/api_auth/request_drivers/rest_client.rb +9 -8
- data/spec/api_auth_spec.rb +15 -8
- data/spec/headers_spec.rb +51 -25
- data/spec/helpers_spec.rb +1 -1
- data/spec/railtie_spec.rb +3 -3
- data/spec/request_drivers/action_controller_spec.rb +45 -39
- data/spec/request_drivers/action_dispatch_spec.rb +51 -45
- data/spec/request_drivers/curb_spec.rb +16 -10
- data/spec/request_drivers/faraday_spec.rb +49 -43
- data/spec/request_drivers/grape_request_spec.rb +280 -0
- data/spec/request_drivers/http_spec.rb +29 -23
- data/spec/request_drivers/httpi_spec.rb +28 -22
- data/spec/request_drivers/net_http_spec.rb +29 -23
- data/spec/request_drivers/rack_spec.rb +41 -35
- data/spec/request_drivers/rest_client_spec.rb +42 -36
- data/spec/spec_helper.rb +2 -1
- metadata +51 -26
- data/gemfiles/http2.gemfile +0 -7
- data/gemfiles/http3.gemfile +0 -7
- data/gemfiles/rails_4.gemfile +0 -11
- data/gemfiles/rails_41.gemfile +0 -11
- data/gemfiles/rails_42.gemfile +0 -11
- data/gemfiles/rails_5.gemfile +0 -11
- data/gemfiles/rails_51.gemfile +0 -9
- data/spec/.rubocop.yml +0 -5
|
@@ -19,7 +19,7 @@ describe ApiAuth::RequestDrivers::HttpRequest do
|
|
|
19
19
|
let(:headers) do
|
|
20
20
|
{
|
|
21
21
|
'Authorization' => 'APIAuth 1044:12345',
|
|
22
|
-
'
|
|
22
|
+
'X-Authorization-Content-SHA256' => '47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=',
|
|
23
23
|
'content-type' => 'text/plain',
|
|
24
24
|
'date' => timestamp
|
|
25
25
|
}
|
|
@@ -32,8 +32,8 @@ describe ApiAuth::RequestDrivers::HttpRequest do
|
|
|
32
32
|
expect(driven_request.content_type).to eq('text/plain')
|
|
33
33
|
end
|
|
34
34
|
|
|
35
|
-
it 'gets the
|
|
36
|
-
expect(driven_request.
|
|
35
|
+
it 'gets the content_hash' do
|
|
36
|
+
expect(driven_request.content_hash).to eq('47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=')
|
|
37
37
|
end
|
|
38
38
|
|
|
39
39
|
it 'gets the request_uri' do
|
|
@@ -48,9 +48,9 @@ describe ApiAuth::RequestDrivers::HttpRequest do
|
|
|
48
48
|
expect(driven_request.authorization_header).to eq('APIAuth 1044:12345')
|
|
49
49
|
end
|
|
50
50
|
|
|
51
|
-
describe '#
|
|
52
|
-
it 'calculates
|
|
53
|
-
expect(driven_request.
|
|
51
|
+
describe '#calculated_hash' do
|
|
52
|
+
it 'calculates hash from the body' do
|
|
53
|
+
expect(driven_request.calculated_hash).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
|
|
54
54
|
expect(driven_request.body.bytesize).to eq(11)
|
|
55
55
|
end
|
|
56
56
|
|
|
@@ -58,7 +58,7 @@ describe ApiAuth::RequestDrivers::HttpRequest do
|
|
|
58
58
|
let(:body) { nil }
|
|
59
59
|
|
|
60
60
|
it 'treats no body as empty string' do
|
|
61
|
-
expect(driven_request.
|
|
61
|
+
expect(driven_request.calculated_hash).to eq('47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=')
|
|
62
62
|
expect(driven_request.body.bytesize).to eq(0)
|
|
63
63
|
end
|
|
64
64
|
end
|
|
@@ -67,7 +67,7 @@ describe ApiAuth::RequestDrivers::HttpRequest do
|
|
|
67
67
|
let(:body) { File.new('spec/fixtures/upload.png') }
|
|
68
68
|
|
|
69
69
|
it 'calculates correctly for multipart content' do
|
|
70
|
-
expect(driven_request.
|
|
70
|
+
expect(driven_request.calculated_hash).to eq('AlKDe7kjMQhuKgKuNG8I7GA93MasHcaVJkJLaUT7+dY=')
|
|
71
71
|
expect(driven_request.body.bytesize).to eq(5112)
|
|
72
72
|
end
|
|
73
73
|
end
|
|
@@ -99,27 +99,27 @@ describe ApiAuth::RequestDrivers::HttpRequest do
|
|
|
99
99
|
}
|
|
100
100
|
end
|
|
101
101
|
|
|
102
|
-
describe '#
|
|
102
|
+
describe '#populate_content_hash' do
|
|
103
103
|
context 'when request type has no body' do
|
|
104
104
|
let(:verb) { :get }
|
|
105
105
|
|
|
106
|
-
it "doesn't populate content
|
|
107
|
-
driven_request.
|
|
108
|
-
expect(request['Content-
|
|
106
|
+
it "doesn't populate content hash" do
|
|
107
|
+
driven_request.populate_content_hash
|
|
108
|
+
expect(request['X-Authorization-Content-SHA256']).to be_nil
|
|
109
109
|
end
|
|
110
110
|
end
|
|
111
111
|
|
|
112
112
|
context 'when request type has a body' do
|
|
113
113
|
let(:verb) { :put }
|
|
114
114
|
|
|
115
|
-
it 'populates content
|
|
116
|
-
driven_request.
|
|
117
|
-
expect(request['Content-
|
|
115
|
+
it 'populates content hash' do
|
|
116
|
+
driven_request.populate_content_hash
|
|
117
|
+
expect(request['X-Authorization-Content-SHA256']).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
|
|
118
118
|
end
|
|
119
119
|
|
|
120
120
|
it 'refreshes the cached headers' do
|
|
121
|
-
driven_request.
|
|
122
|
-
expect(driven_request.
|
|
121
|
+
driven_request.populate_content_hash
|
|
122
|
+
expect(driven_request.content_hash).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
|
|
123
123
|
end
|
|
124
124
|
end
|
|
125
125
|
end
|
|
@@ -148,12 +148,12 @@ describe ApiAuth::RequestDrivers::HttpRequest do
|
|
|
148
148
|
end
|
|
149
149
|
end
|
|
150
150
|
|
|
151
|
-
describe '
|
|
151
|
+
describe 'content_hash_mismatch?' do
|
|
152
152
|
context 'when request type has no body' do
|
|
153
153
|
let(:verb) { :get }
|
|
154
154
|
|
|
155
155
|
it 'is false' do
|
|
156
|
-
expect(driven_request.
|
|
156
|
+
expect(driven_request.content_hash_mismatch?).to be false
|
|
157
157
|
end
|
|
158
158
|
end
|
|
159
159
|
|
|
@@ -162,23 +162,29 @@ describe ApiAuth::RequestDrivers::HttpRequest do
|
|
|
162
162
|
|
|
163
163
|
context 'when calculated matches sent' do
|
|
164
164
|
before do
|
|
165
|
-
request['Content-
|
|
165
|
+
request['X-Authorization-Content-SHA256'] = 'JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g='
|
|
166
166
|
end
|
|
167
167
|
|
|
168
168
|
it 'is false' do
|
|
169
|
-
expect(driven_request.
|
|
169
|
+
expect(driven_request.content_hash_mismatch?).to be false
|
|
170
170
|
end
|
|
171
171
|
end
|
|
172
172
|
|
|
173
173
|
context "when calculated doesn't match sent" do
|
|
174
174
|
before do
|
|
175
|
-
request['Content-
|
|
175
|
+
request['X-Authorization-Content-SHA256'] = '3'
|
|
176
176
|
end
|
|
177
177
|
|
|
178
178
|
it 'is true' do
|
|
179
|
-
expect(driven_request.
|
|
179
|
+
expect(driven_request.content_hash_mismatch?).to be true
|
|
180
180
|
end
|
|
181
181
|
end
|
|
182
182
|
end
|
|
183
183
|
end
|
|
184
|
+
|
|
185
|
+
describe 'fetch_headers' do
|
|
186
|
+
it 'returns request headers' do
|
|
187
|
+
expect(driven_request.fetch_headers).to include('CONTENT-TYPE' => 'text/plain')
|
|
188
|
+
end
|
|
189
|
+
end
|
|
184
190
|
end
|
|
@@ -6,7 +6,7 @@ describe ApiAuth::RequestDrivers::HttpiRequest do
|
|
|
6
6
|
let(:request) do
|
|
7
7
|
httpi_request = HTTPI::Request.new('http://localhost/resource.xml?foo=bar&bar=foo')
|
|
8
8
|
httpi_request.headers.merge!('Authorization' => 'APIAuth 1044:12345',
|
|
9
|
-
'
|
|
9
|
+
'X-Authorization-Content-SHA256' => '47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=',
|
|
10
10
|
'content-type' => 'text/plain',
|
|
11
11
|
'date' => timestamp)
|
|
12
12
|
httpi_request.body = "hello\nworld"
|
|
@@ -20,8 +20,8 @@ describe ApiAuth::RequestDrivers::HttpiRequest do
|
|
|
20
20
|
expect(driven_request.content_type).to eq('text/plain')
|
|
21
21
|
end
|
|
22
22
|
|
|
23
|
-
it 'gets the
|
|
24
|
-
expect(driven_request.
|
|
23
|
+
it 'gets the content_hash' do
|
|
24
|
+
expect(driven_request.content_hash).to eq('47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=')
|
|
25
25
|
end
|
|
26
26
|
|
|
27
27
|
it 'gets the request_uri' do
|
|
@@ -36,14 +36,14 @@ describe ApiAuth::RequestDrivers::HttpiRequest do
|
|
|
36
36
|
expect(driven_request.authorization_header).to eq('APIAuth 1044:12345')
|
|
37
37
|
end
|
|
38
38
|
|
|
39
|
-
describe '#
|
|
40
|
-
it 'calculates
|
|
41
|
-
expect(driven_request.
|
|
39
|
+
describe '#calculated_hash' do
|
|
40
|
+
it 'calculates hash from the body' do
|
|
41
|
+
expect(driven_request.calculated_hash).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
|
|
42
42
|
end
|
|
43
43
|
|
|
44
44
|
it 'treats no body as empty string' do
|
|
45
45
|
request.body = nil
|
|
46
|
-
expect(driven_request.
|
|
46
|
+
expect(driven_request.calculated_hash).to eq('47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=')
|
|
47
47
|
end
|
|
48
48
|
end
|
|
49
49
|
|
|
@@ -61,15 +61,15 @@ describe ApiAuth::RequestDrivers::HttpiRequest do
|
|
|
61
61
|
httpi_request
|
|
62
62
|
end
|
|
63
63
|
|
|
64
|
-
describe '#
|
|
64
|
+
describe '#populate_content_hash' do
|
|
65
65
|
context 'when there is no content body' do
|
|
66
66
|
before do
|
|
67
67
|
request.body = nil
|
|
68
68
|
end
|
|
69
69
|
|
|
70
|
-
it "doesn't populate content
|
|
71
|
-
driven_request.
|
|
72
|
-
expect(request.headers['Content-
|
|
70
|
+
it "doesn't populate content hash" do
|
|
71
|
+
driven_request.populate_content_hash
|
|
72
|
+
expect(request.headers['X-Authorization-Content-SHA256']).to be_nil
|
|
73
73
|
end
|
|
74
74
|
end
|
|
75
75
|
|
|
@@ -78,14 +78,14 @@ describe ApiAuth::RequestDrivers::HttpiRequest do
|
|
|
78
78
|
request.body = "hello\nworld"
|
|
79
79
|
end
|
|
80
80
|
|
|
81
|
-
it 'populates content
|
|
82
|
-
driven_request.
|
|
83
|
-
expect(request.headers['Content-
|
|
81
|
+
it 'populates content hash' do
|
|
82
|
+
driven_request.populate_content_hash
|
|
83
|
+
expect(request.headers['X-Authorization-Content-SHA256']).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
|
|
84
84
|
end
|
|
85
85
|
|
|
86
86
|
it 'refreshes the cached headers' do
|
|
87
|
-
driven_request.
|
|
88
|
-
expect(driven_request.
|
|
87
|
+
driven_request.populate_content_hash
|
|
88
|
+
expect(driven_request.content_hash).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
|
|
89
89
|
end
|
|
90
90
|
end
|
|
91
91
|
end
|
|
@@ -114,14 +114,14 @@ describe ApiAuth::RequestDrivers::HttpiRequest do
|
|
|
114
114
|
end
|
|
115
115
|
end
|
|
116
116
|
|
|
117
|
-
describe '
|
|
117
|
+
describe 'content_hash_mismatch?' do
|
|
118
118
|
context 'when there is no content body' do
|
|
119
119
|
before do
|
|
120
120
|
request.body = nil
|
|
121
121
|
end
|
|
122
122
|
|
|
123
123
|
it 'is false' do
|
|
124
|
-
expect(driven_request.
|
|
124
|
+
expect(driven_request.content_hash_mismatch?).to be false
|
|
125
125
|
end
|
|
126
126
|
end
|
|
127
127
|
|
|
@@ -132,23 +132,29 @@ describe ApiAuth::RequestDrivers::HttpiRequest do
|
|
|
132
132
|
|
|
133
133
|
context 'when calculated matches sent' do
|
|
134
134
|
before do
|
|
135
|
-
request.headers['Content-
|
|
135
|
+
request.headers['X-Authorization-Content-SHA256'] = 'JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g='
|
|
136
136
|
end
|
|
137
137
|
|
|
138
138
|
it 'is false' do
|
|
139
|
-
expect(driven_request.
|
|
139
|
+
expect(driven_request.content_hash_mismatch?).to be false
|
|
140
140
|
end
|
|
141
141
|
end
|
|
142
142
|
|
|
143
143
|
context "when calculated doesn't match sent" do
|
|
144
144
|
before do
|
|
145
|
-
request.headers['Content-
|
|
145
|
+
request.headers['X-Authorization-Content-SHA256'] = '3'
|
|
146
146
|
end
|
|
147
147
|
|
|
148
148
|
it 'is true' do
|
|
149
|
-
expect(driven_request.
|
|
149
|
+
expect(driven_request.content_hash_mismatch?).to be true
|
|
150
150
|
end
|
|
151
151
|
end
|
|
152
152
|
end
|
|
153
153
|
end
|
|
154
|
+
|
|
155
|
+
describe 'fetch_headers' do
|
|
156
|
+
it 'returns request headers' do
|
|
157
|
+
expect(driven_request.fetch_headers).to include('CONTENT-TYPE' => 'text/plain')
|
|
158
|
+
end
|
|
159
|
+
end
|
|
154
160
|
end
|
|
@@ -8,7 +8,7 @@ describe ApiAuth::RequestDrivers::NetHttpRequest do
|
|
|
8
8
|
let(:request_headers) do
|
|
9
9
|
{
|
|
10
10
|
'Authorization' => 'APIAuth 1044:12345',
|
|
11
|
-
'
|
|
11
|
+
'X-Authorization-Content-SHA256' => '47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=',
|
|
12
12
|
'content-type' => 'text/plain',
|
|
13
13
|
'date' => timestamp
|
|
14
14
|
}
|
|
@@ -36,8 +36,8 @@ describe ApiAuth::RequestDrivers::NetHttpRequest do
|
|
|
36
36
|
end
|
|
37
37
|
end
|
|
38
38
|
|
|
39
|
-
it 'gets the
|
|
40
|
-
expect(driven_request.
|
|
39
|
+
it 'gets the content_hash' do
|
|
40
|
+
expect(driven_request.content_hash).to eq('47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=')
|
|
41
41
|
end
|
|
42
42
|
|
|
43
43
|
it 'gets the request_uri' do
|
|
@@ -52,20 +52,20 @@ describe ApiAuth::RequestDrivers::NetHttpRequest do
|
|
|
52
52
|
expect(driven_request.authorization_header).to eq('APIAuth 1044:12345')
|
|
53
53
|
end
|
|
54
54
|
|
|
55
|
-
describe '#
|
|
56
|
-
it '
|
|
57
|
-
expect(driven_request.
|
|
55
|
+
describe '#calculated_hash' do
|
|
56
|
+
it 'calculate content hash from the body' do
|
|
57
|
+
expect(driven_request.calculated_hash).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
|
|
58
58
|
end
|
|
59
59
|
|
|
60
60
|
it 'treats no body as empty string' do
|
|
61
61
|
request.body = nil
|
|
62
|
-
expect(driven_request.
|
|
62
|
+
expect(driven_request.calculated_hash).to eq('47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=')
|
|
63
63
|
end
|
|
64
64
|
|
|
65
65
|
it 'calculates correctly for multipart content' do
|
|
66
66
|
request.body = nil
|
|
67
67
|
request.body_stream = File.new('spec/fixtures/upload.png')
|
|
68
|
-
expect(driven_request.
|
|
68
|
+
expect(driven_request.calculated_hash).to eq('AlKDe7kjMQhuKgKuNG8I7GA93MasHcaVJkJLaUT7+dY=')
|
|
69
69
|
end
|
|
70
70
|
end
|
|
71
71
|
|
|
@@ -99,15 +99,15 @@ describe ApiAuth::RequestDrivers::NetHttpRequest do
|
|
|
99
99
|
Net::HTTP::Put.new(request_path, request_headers)
|
|
100
100
|
end
|
|
101
101
|
|
|
102
|
-
describe '#
|
|
102
|
+
describe '#populate_content_hash' do
|
|
103
103
|
context 'when request type has no body' do
|
|
104
104
|
let(:request) do
|
|
105
105
|
Net::HTTP::Get.new(request_path, request_headers)
|
|
106
106
|
end
|
|
107
107
|
|
|
108
|
-
it "doesn't populate content
|
|
109
|
-
driven_request.
|
|
110
|
-
expect(request['Content-
|
|
108
|
+
it "doesn't populate content hash" do
|
|
109
|
+
driven_request.populate_content_hash
|
|
110
|
+
expect(request['X-Authorization-Content-SHA256']).to be_nil
|
|
111
111
|
end
|
|
112
112
|
end
|
|
113
113
|
|
|
@@ -118,14 +118,14 @@ describe ApiAuth::RequestDrivers::NetHttpRequest do
|
|
|
118
118
|
net_http_request
|
|
119
119
|
end
|
|
120
120
|
|
|
121
|
-
it 'populates content
|
|
122
|
-
driven_request.
|
|
123
|
-
expect(request['Content-
|
|
121
|
+
it 'populates content hash' do
|
|
122
|
+
driven_request.populate_content_hash
|
|
123
|
+
expect(request['X-Authorization-Content-SHA256']).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
|
|
124
124
|
end
|
|
125
125
|
|
|
126
126
|
it 'refreshes the cached headers' do
|
|
127
|
-
driven_request.
|
|
128
|
-
expect(driven_request.
|
|
127
|
+
driven_request.populate_content_hash
|
|
128
|
+
expect(driven_request.content_hash).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
|
|
129
129
|
end
|
|
130
130
|
end
|
|
131
131
|
end
|
|
@@ -154,14 +154,14 @@ describe ApiAuth::RequestDrivers::NetHttpRequest do
|
|
|
154
154
|
end
|
|
155
155
|
end
|
|
156
156
|
|
|
157
|
-
describe '
|
|
157
|
+
describe 'content_hash_mismatch?' do
|
|
158
158
|
context 'when request type has no body' do
|
|
159
159
|
let(:request) do
|
|
160
160
|
Net::HTTP::Get.new(request_path, request_headers)
|
|
161
161
|
end
|
|
162
162
|
|
|
163
163
|
it 'is false' do
|
|
164
|
-
expect(driven_request.
|
|
164
|
+
expect(driven_request.content_hash_mismatch?).to be false
|
|
165
165
|
end
|
|
166
166
|
end
|
|
167
167
|
|
|
@@ -174,23 +174,29 @@ describe ApiAuth::RequestDrivers::NetHttpRequest do
|
|
|
174
174
|
|
|
175
175
|
context 'when calculated matches sent' do
|
|
176
176
|
before do
|
|
177
|
-
request['Content-
|
|
177
|
+
request['X-Authorization-Content-SHA256'] = 'JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g='
|
|
178
178
|
end
|
|
179
179
|
|
|
180
180
|
it 'is false' do
|
|
181
|
-
expect(driven_request.
|
|
181
|
+
expect(driven_request.content_hash_mismatch?).to be false
|
|
182
182
|
end
|
|
183
183
|
end
|
|
184
184
|
|
|
185
185
|
context "when calculated doesn't match sent" do
|
|
186
186
|
before do
|
|
187
|
-
request['Content-
|
|
187
|
+
request['X-Authorization-Content-SHA256'] = '3'
|
|
188
188
|
end
|
|
189
189
|
|
|
190
190
|
it 'is true' do
|
|
191
|
-
expect(driven_request.
|
|
191
|
+
expect(driven_request.content_hash_mismatch?).to be true
|
|
192
192
|
end
|
|
193
193
|
end
|
|
194
194
|
end
|
|
195
195
|
end
|
|
196
|
+
|
|
197
|
+
describe 'fetch_headers' do
|
|
198
|
+
it 'returns request headers' do
|
|
199
|
+
expect(driven_request.fetch_headers).to include('content-type' => ['text/plain'])
|
|
200
|
+
end
|
|
201
|
+
end
|
|
196
202
|
end
|
|
@@ -8,7 +8,7 @@ describe ApiAuth::RequestDrivers::RackRequest do
|
|
|
8
8
|
let(:request_headers) do
|
|
9
9
|
{
|
|
10
10
|
'Authorization' => 'APIAuth 1044:12345',
|
|
11
|
-
'Content-
|
|
11
|
+
'X-Authorization-Content-SHA256' => '47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=',
|
|
12
12
|
'Content-Type' => 'text/plain',
|
|
13
13
|
'Date' => timestamp
|
|
14
14
|
}
|
|
@@ -31,8 +31,8 @@ describe ApiAuth::RequestDrivers::RackRequest do
|
|
|
31
31
|
expect(driven_request.content_type).to eq('text/plain')
|
|
32
32
|
end
|
|
33
33
|
|
|
34
|
-
it 'gets the
|
|
35
|
-
expect(driven_request.
|
|
34
|
+
it 'gets the content_hash' do
|
|
35
|
+
expect(driven_request.content_hash).to eq('47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=')
|
|
36
36
|
end
|
|
37
37
|
|
|
38
38
|
it 'gets the request_uri' do
|
|
@@ -47,9 +47,9 @@ describe ApiAuth::RequestDrivers::RackRequest do
|
|
|
47
47
|
expect(driven_request.authorization_header).to eq('APIAuth 1044:12345')
|
|
48
48
|
end
|
|
49
49
|
|
|
50
|
-
describe '#
|
|
51
|
-
it 'calculates
|
|
52
|
-
expect(driven_request.
|
|
50
|
+
describe '#calculated_hash' do
|
|
51
|
+
it 'calculates hash from the body' do
|
|
52
|
+
expect(driven_request.calculated_hash).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
|
|
53
53
|
end
|
|
54
54
|
|
|
55
55
|
it 'treats no body as empty string' do
|
|
@@ -60,7 +60,7 @@ describe ApiAuth::RequestDrivers::RackRequest do
|
|
|
60
60
|
).merge!(request_headers)
|
|
61
61
|
)
|
|
62
62
|
driven_request = ApiAuth::RequestDrivers::RackRequest.new(request)
|
|
63
|
-
expect(driven_request.
|
|
63
|
+
expect(driven_request.calculated_hash).to eq('47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=')
|
|
64
64
|
end
|
|
65
65
|
end
|
|
66
66
|
|
|
@@ -104,7 +104,7 @@ describe ApiAuth::RequestDrivers::RackRequest do
|
|
|
104
104
|
}
|
|
105
105
|
end
|
|
106
106
|
|
|
107
|
-
describe '#
|
|
107
|
+
describe '#populate_content_hash' do
|
|
108
108
|
context 'when getting' do
|
|
109
109
|
let(:request) do
|
|
110
110
|
Rack::Request.new(
|
|
@@ -115,9 +115,9 @@ describe ApiAuth::RequestDrivers::RackRequest do
|
|
|
115
115
|
)
|
|
116
116
|
end
|
|
117
117
|
|
|
118
|
-
it "doesn't populate content
|
|
119
|
-
driven_request.
|
|
120
|
-
expect(request.env['Content-
|
|
118
|
+
it "doesn't populate content hash" do
|
|
119
|
+
driven_request.populate_content_hash
|
|
120
|
+
expect(request.env['X-Authorization-Content-SHA256']).to be_nil
|
|
121
121
|
end
|
|
122
122
|
end
|
|
123
123
|
|
|
@@ -132,14 +132,14 @@ describe ApiAuth::RequestDrivers::RackRequest do
|
|
|
132
132
|
)
|
|
133
133
|
end
|
|
134
134
|
|
|
135
|
-
it 'populates content
|
|
136
|
-
driven_request.
|
|
137
|
-
expect(request.env['Content-
|
|
135
|
+
it 'populates content hash' do
|
|
136
|
+
driven_request.populate_content_hash
|
|
137
|
+
expect(request.env['X-Authorization-Content-SHA256']).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
|
|
138
138
|
end
|
|
139
139
|
|
|
140
140
|
it 'refreshes the cached headers' do
|
|
141
|
-
driven_request.
|
|
142
|
-
expect(driven_request.
|
|
141
|
+
driven_request.populate_content_hash
|
|
142
|
+
expect(driven_request.content_hash).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
|
|
143
143
|
end
|
|
144
144
|
end
|
|
145
145
|
|
|
@@ -154,14 +154,14 @@ describe ApiAuth::RequestDrivers::RackRequest do
|
|
|
154
154
|
)
|
|
155
155
|
end
|
|
156
156
|
|
|
157
|
-
it 'populates content
|
|
158
|
-
driven_request.
|
|
159
|
-
expect(request.env['Content-
|
|
157
|
+
it 'populates content hash' do
|
|
158
|
+
driven_request.populate_content_hash
|
|
159
|
+
expect(request.env['X-Authorization-Content-SHA256']).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
|
|
160
160
|
end
|
|
161
161
|
|
|
162
162
|
it 'refreshes the cached headers' do
|
|
163
|
-
driven_request.
|
|
164
|
-
expect(driven_request.
|
|
163
|
+
driven_request.populate_content_hash
|
|
164
|
+
expect(driven_request.content_hash).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
|
|
165
165
|
end
|
|
166
166
|
end
|
|
167
167
|
|
|
@@ -175,9 +175,9 @@ describe ApiAuth::RequestDrivers::RackRequest do
|
|
|
175
175
|
)
|
|
176
176
|
end
|
|
177
177
|
|
|
178
|
-
it "doesn't populate content
|
|
179
|
-
driven_request.
|
|
180
|
-
expect(request.env['Content-
|
|
178
|
+
it "doesn't populate content hash" do
|
|
179
|
+
driven_request.populate_content_hash
|
|
180
|
+
expect(request.env['X-Authorization-Content-SHA256']).to be_nil
|
|
181
181
|
end
|
|
182
182
|
end
|
|
183
183
|
end
|
|
@@ -206,7 +206,7 @@ describe ApiAuth::RequestDrivers::RackRequest do
|
|
|
206
206
|
end
|
|
207
207
|
end
|
|
208
208
|
|
|
209
|
-
describe '
|
|
209
|
+
describe 'content_hash_mismatch?' do
|
|
210
210
|
context 'when getting' do
|
|
211
211
|
let(:request) do
|
|
212
212
|
Rack::Request.new(
|
|
@@ -218,7 +218,7 @@ describe ApiAuth::RequestDrivers::RackRequest do
|
|
|
218
218
|
end
|
|
219
219
|
|
|
220
220
|
it 'is false' do
|
|
221
|
-
expect(driven_request.
|
|
221
|
+
expect(driven_request.content_hash_mismatch?).to be false
|
|
222
222
|
end
|
|
223
223
|
end
|
|
224
224
|
|
|
@@ -235,21 +235,21 @@ describe ApiAuth::RequestDrivers::RackRequest do
|
|
|
235
235
|
|
|
236
236
|
context 'when calculated matches sent' do
|
|
237
237
|
before do
|
|
238
|
-
request.env['Content-
|
|
238
|
+
request.env['X-Authorization-Content-SHA256'] = 'JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g='
|
|
239
239
|
end
|
|
240
240
|
|
|
241
241
|
it 'is false' do
|
|
242
|
-
expect(driven_request.
|
|
242
|
+
expect(driven_request.content_hash_mismatch?).to be false
|
|
243
243
|
end
|
|
244
244
|
end
|
|
245
245
|
|
|
246
246
|
context "when calculated doesn't match sent" do
|
|
247
247
|
before do
|
|
248
|
-
request.env['Content-
|
|
248
|
+
request.env['X-Authorization-Content-SHA256'] = '3'
|
|
249
249
|
end
|
|
250
250
|
|
|
251
251
|
it 'is true' do
|
|
252
|
-
expect(driven_request.
|
|
252
|
+
expect(driven_request.content_hash_mismatch?).to be true
|
|
253
253
|
end
|
|
254
254
|
end
|
|
255
255
|
end
|
|
@@ -267,21 +267,21 @@ describe ApiAuth::RequestDrivers::RackRequest do
|
|
|
267
267
|
|
|
268
268
|
context 'when calculated matches sent' do
|
|
269
269
|
before do
|
|
270
|
-
request.env['Content-
|
|
270
|
+
request.env['X-Authorization-Content-SHA256'] = 'JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g='
|
|
271
271
|
end
|
|
272
272
|
|
|
273
273
|
it 'is false' do
|
|
274
|
-
expect(driven_request.
|
|
274
|
+
expect(driven_request.content_hash_mismatch?).to be false
|
|
275
275
|
end
|
|
276
276
|
end
|
|
277
277
|
|
|
278
278
|
context "when calculated doesn't match sent" do
|
|
279
279
|
before do
|
|
280
|
-
request.env['Content-
|
|
280
|
+
request.env['X-Authorization-Content-SHA256'] = '3'
|
|
281
281
|
end
|
|
282
282
|
|
|
283
283
|
it 'is true' do
|
|
284
|
-
expect(driven_request.
|
|
284
|
+
expect(driven_request.content_hash_mismatch?).to be true
|
|
285
285
|
end
|
|
286
286
|
end
|
|
287
287
|
end
|
|
@@ -297,8 +297,14 @@ describe ApiAuth::RequestDrivers::RackRequest do
|
|
|
297
297
|
end
|
|
298
298
|
|
|
299
299
|
it 'is false' do
|
|
300
|
-
expect(driven_request.
|
|
300
|
+
expect(driven_request.content_hash_mismatch?).to be false
|
|
301
301
|
end
|
|
302
302
|
end
|
|
303
303
|
end
|
|
304
|
+
|
|
305
|
+
describe 'fetch_headers' do
|
|
306
|
+
it 'returns request headers' do
|
|
307
|
+
expect(driven_request.fetch_headers).to include('CONTENT-TYPE' => 'text/plain')
|
|
308
|
+
end
|
|
309
|
+
end
|
|
304
310
|
end
|