api-auth 2.2.1 → 2.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.rubocop.yml +12 -2
- data/.rubocop_todo.yml +51 -9
- data/.travis.yml +9 -25
- data/CHANGELOG.md +36 -0
- data/Gemfile +1 -1
- data/README.md +91 -50
- data/VERSION +1 -1
- data/api_auth.gemspec +7 -5
- data/gemfiles/http4.gemfile +3 -3
- data/gemfiles/rails_52.gemfile +9 -0
- data/gemfiles/rails_60.gemfile +9 -0
- data/gemfiles/rails_61.gemfile +11 -0
- data/lib/api_auth.rb +1 -0
- data/lib/api_auth/base.rb +4 -4
- data/lib/api_auth/headers.rb +22 -11
- data/lib/api_auth/helpers.rb +2 -2
- data/lib/api_auth/railtie.rb +13 -5
- data/lib/api_auth/request_drivers/action_controller.rb +9 -8
- data/lib/api_auth/request_drivers/curb.rb +4 -4
- data/lib/api_auth/request_drivers/faraday.rb +13 -12
- data/lib/api_auth/request_drivers/grape_request.rb +87 -0
- data/lib/api_auth/request_drivers/http.rb +13 -8
- data/lib/api_auth/request_drivers/httpi.rb +9 -8
- data/lib/api_auth/request_drivers/net_http.rb +9 -8
- data/lib/api_auth/request_drivers/rack.rb +9 -8
- data/lib/api_auth/request_drivers/rest_client.rb +9 -8
- data/spec/api_auth_spec.rb +15 -8
- data/spec/headers_spec.rb +51 -25
- data/spec/helpers_spec.rb +1 -1
- data/spec/railtie_spec.rb +3 -3
- data/spec/request_drivers/action_controller_spec.rb +45 -39
- data/spec/request_drivers/action_dispatch_spec.rb +51 -45
- data/spec/request_drivers/curb_spec.rb +16 -10
- data/spec/request_drivers/faraday_spec.rb +49 -43
- data/spec/request_drivers/grape_request_spec.rb +280 -0
- data/spec/request_drivers/http_spec.rb +29 -23
- data/spec/request_drivers/httpi_spec.rb +28 -22
- data/spec/request_drivers/net_http_spec.rb +29 -23
- data/spec/request_drivers/rack_spec.rb +41 -35
- data/spec/request_drivers/rest_client_spec.rb +42 -36
- data/spec/spec_helper.rb +2 -1
- metadata +51 -26
- data/gemfiles/http2.gemfile +0 -7
- data/gemfiles/http3.gemfile +0 -7
- data/gemfiles/rails_4.gemfile +0 -11
- data/gemfiles/rails_41.gemfile +0 -11
- data/gemfiles/rails_42.gemfile +0 -11
- data/gemfiles/rails_5.gemfile +0 -11
- data/gemfiles/rails_51.gemfile +0 -9
- data/spec/.rubocop.yml +0 -5
|
@@ -19,7 +19,7 @@ describe ApiAuth::RequestDrivers::HttpRequest do
|
|
|
19
19
|
let(:headers) do
|
|
20
20
|
{
|
|
21
21
|
'Authorization' => 'APIAuth 1044:12345',
|
|
22
|
-
'
|
|
22
|
+
'X-Authorization-Content-SHA256' => '47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=',
|
|
23
23
|
'content-type' => 'text/plain',
|
|
24
24
|
'date' => timestamp
|
|
25
25
|
}
|
|
@@ -32,8 +32,8 @@ describe ApiAuth::RequestDrivers::HttpRequest do
|
|
|
32
32
|
expect(driven_request.content_type).to eq('text/plain')
|
|
33
33
|
end
|
|
34
34
|
|
|
35
|
-
it 'gets the
|
|
36
|
-
expect(driven_request.
|
|
35
|
+
it 'gets the content_hash' do
|
|
36
|
+
expect(driven_request.content_hash).to eq('47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=')
|
|
37
37
|
end
|
|
38
38
|
|
|
39
39
|
it 'gets the request_uri' do
|
|
@@ -48,9 +48,9 @@ describe ApiAuth::RequestDrivers::HttpRequest do
|
|
|
48
48
|
expect(driven_request.authorization_header).to eq('APIAuth 1044:12345')
|
|
49
49
|
end
|
|
50
50
|
|
|
51
|
-
describe '#
|
|
52
|
-
it 'calculates
|
|
53
|
-
expect(driven_request.
|
|
51
|
+
describe '#calculated_hash' do
|
|
52
|
+
it 'calculates hash from the body' do
|
|
53
|
+
expect(driven_request.calculated_hash).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
|
|
54
54
|
expect(driven_request.body.bytesize).to eq(11)
|
|
55
55
|
end
|
|
56
56
|
|
|
@@ -58,7 +58,7 @@ describe ApiAuth::RequestDrivers::HttpRequest do
|
|
|
58
58
|
let(:body) { nil }
|
|
59
59
|
|
|
60
60
|
it 'treats no body as empty string' do
|
|
61
|
-
expect(driven_request.
|
|
61
|
+
expect(driven_request.calculated_hash).to eq('47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=')
|
|
62
62
|
expect(driven_request.body.bytesize).to eq(0)
|
|
63
63
|
end
|
|
64
64
|
end
|
|
@@ -67,7 +67,7 @@ describe ApiAuth::RequestDrivers::HttpRequest do
|
|
|
67
67
|
let(:body) { File.new('spec/fixtures/upload.png') }
|
|
68
68
|
|
|
69
69
|
it 'calculates correctly for multipart content' do
|
|
70
|
-
expect(driven_request.
|
|
70
|
+
expect(driven_request.calculated_hash).to eq('AlKDe7kjMQhuKgKuNG8I7GA93MasHcaVJkJLaUT7+dY=')
|
|
71
71
|
expect(driven_request.body.bytesize).to eq(5112)
|
|
72
72
|
end
|
|
73
73
|
end
|
|
@@ -99,27 +99,27 @@ describe ApiAuth::RequestDrivers::HttpRequest do
|
|
|
99
99
|
}
|
|
100
100
|
end
|
|
101
101
|
|
|
102
|
-
describe '#
|
|
102
|
+
describe '#populate_content_hash' do
|
|
103
103
|
context 'when request type has no body' do
|
|
104
104
|
let(:verb) { :get }
|
|
105
105
|
|
|
106
|
-
it "doesn't populate content
|
|
107
|
-
driven_request.
|
|
108
|
-
expect(request['Content-
|
|
106
|
+
it "doesn't populate content hash" do
|
|
107
|
+
driven_request.populate_content_hash
|
|
108
|
+
expect(request['X-Authorization-Content-SHA256']).to be_nil
|
|
109
109
|
end
|
|
110
110
|
end
|
|
111
111
|
|
|
112
112
|
context 'when request type has a body' do
|
|
113
113
|
let(:verb) { :put }
|
|
114
114
|
|
|
115
|
-
it 'populates content
|
|
116
|
-
driven_request.
|
|
117
|
-
expect(request['Content-
|
|
115
|
+
it 'populates content hash' do
|
|
116
|
+
driven_request.populate_content_hash
|
|
117
|
+
expect(request['X-Authorization-Content-SHA256']).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
|
|
118
118
|
end
|
|
119
119
|
|
|
120
120
|
it 'refreshes the cached headers' do
|
|
121
|
-
driven_request.
|
|
122
|
-
expect(driven_request.
|
|
121
|
+
driven_request.populate_content_hash
|
|
122
|
+
expect(driven_request.content_hash).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
|
|
123
123
|
end
|
|
124
124
|
end
|
|
125
125
|
end
|
|
@@ -148,12 +148,12 @@ describe ApiAuth::RequestDrivers::HttpRequest do
|
|
|
148
148
|
end
|
|
149
149
|
end
|
|
150
150
|
|
|
151
|
-
describe '
|
|
151
|
+
describe 'content_hash_mismatch?' do
|
|
152
152
|
context 'when request type has no body' do
|
|
153
153
|
let(:verb) { :get }
|
|
154
154
|
|
|
155
155
|
it 'is false' do
|
|
156
|
-
expect(driven_request.
|
|
156
|
+
expect(driven_request.content_hash_mismatch?).to be false
|
|
157
157
|
end
|
|
158
158
|
end
|
|
159
159
|
|
|
@@ -162,23 +162,29 @@ describe ApiAuth::RequestDrivers::HttpRequest do
|
|
|
162
162
|
|
|
163
163
|
context 'when calculated matches sent' do
|
|
164
164
|
before do
|
|
165
|
-
request['Content-
|
|
165
|
+
request['X-Authorization-Content-SHA256'] = 'JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g='
|
|
166
166
|
end
|
|
167
167
|
|
|
168
168
|
it 'is false' do
|
|
169
|
-
expect(driven_request.
|
|
169
|
+
expect(driven_request.content_hash_mismatch?).to be false
|
|
170
170
|
end
|
|
171
171
|
end
|
|
172
172
|
|
|
173
173
|
context "when calculated doesn't match sent" do
|
|
174
174
|
before do
|
|
175
|
-
request['Content-
|
|
175
|
+
request['X-Authorization-Content-SHA256'] = '3'
|
|
176
176
|
end
|
|
177
177
|
|
|
178
178
|
it 'is true' do
|
|
179
|
-
expect(driven_request.
|
|
179
|
+
expect(driven_request.content_hash_mismatch?).to be true
|
|
180
180
|
end
|
|
181
181
|
end
|
|
182
182
|
end
|
|
183
183
|
end
|
|
184
|
+
|
|
185
|
+
describe 'fetch_headers' do
|
|
186
|
+
it 'returns request headers' do
|
|
187
|
+
expect(driven_request.fetch_headers).to include('CONTENT-TYPE' => 'text/plain')
|
|
188
|
+
end
|
|
189
|
+
end
|
|
184
190
|
end
|
|
@@ -6,7 +6,7 @@ describe ApiAuth::RequestDrivers::HttpiRequest do
|
|
|
6
6
|
let(:request) do
|
|
7
7
|
httpi_request = HTTPI::Request.new('http://localhost/resource.xml?foo=bar&bar=foo')
|
|
8
8
|
httpi_request.headers.merge!('Authorization' => 'APIAuth 1044:12345',
|
|
9
|
-
'
|
|
9
|
+
'X-Authorization-Content-SHA256' => '47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=',
|
|
10
10
|
'content-type' => 'text/plain',
|
|
11
11
|
'date' => timestamp)
|
|
12
12
|
httpi_request.body = "hello\nworld"
|
|
@@ -20,8 +20,8 @@ describe ApiAuth::RequestDrivers::HttpiRequest do
|
|
|
20
20
|
expect(driven_request.content_type).to eq('text/plain')
|
|
21
21
|
end
|
|
22
22
|
|
|
23
|
-
it 'gets the
|
|
24
|
-
expect(driven_request.
|
|
23
|
+
it 'gets the content_hash' do
|
|
24
|
+
expect(driven_request.content_hash).to eq('47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=')
|
|
25
25
|
end
|
|
26
26
|
|
|
27
27
|
it 'gets the request_uri' do
|
|
@@ -36,14 +36,14 @@ describe ApiAuth::RequestDrivers::HttpiRequest do
|
|
|
36
36
|
expect(driven_request.authorization_header).to eq('APIAuth 1044:12345')
|
|
37
37
|
end
|
|
38
38
|
|
|
39
|
-
describe '#
|
|
40
|
-
it 'calculates
|
|
41
|
-
expect(driven_request.
|
|
39
|
+
describe '#calculated_hash' do
|
|
40
|
+
it 'calculates hash from the body' do
|
|
41
|
+
expect(driven_request.calculated_hash).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
|
|
42
42
|
end
|
|
43
43
|
|
|
44
44
|
it 'treats no body as empty string' do
|
|
45
45
|
request.body = nil
|
|
46
|
-
expect(driven_request.
|
|
46
|
+
expect(driven_request.calculated_hash).to eq('47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=')
|
|
47
47
|
end
|
|
48
48
|
end
|
|
49
49
|
|
|
@@ -61,15 +61,15 @@ describe ApiAuth::RequestDrivers::HttpiRequest do
|
|
|
61
61
|
httpi_request
|
|
62
62
|
end
|
|
63
63
|
|
|
64
|
-
describe '#
|
|
64
|
+
describe '#populate_content_hash' do
|
|
65
65
|
context 'when there is no content body' do
|
|
66
66
|
before do
|
|
67
67
|
request.body = nil
|
|
68
68
|
end
|
|
69
69
|
|
|
70
|
-
it "doesn't populate content
|
|
71
|
-
driven_request.
|
|
72
|
-
expect(request.headers['Content-
|
|
70
|
+
it "doesn't populate content hash" do
|
|
71
|
+
driven_request.populate_content_hash
|
|
72
|
+
expect(request.headers['X-Authorization-Content-SHA256']).to be_nil
|
|
73
73
|
end
|
|
74
74
|
end
|
|
75
75
|
|
|
@@ -78,14 +78,14 @@ describe ApiAuth::RequestDrivers::HttpiRequest do
|
|
|
78
78
|
request.body = "hello\nworld"
|
|
79
79
|
end
|
|
80
80
|
|
|
81
|
-
it 'populates content
|
|
82
|
-
driven_request.
|
|
83
|
-
expect(request.headers['Content-
|
|
81
|
+
it 'populates content hash' do
|
|
82
|
+
driven_request.populate_content_hash
|
|
83
|
+
expect(request.headers['X-Authorization-Content-SHA256']).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
|
|
84
84
|
end
|
|
85
85
|
|
|
86
86
|
it 'refreshes the cached headers' do
|
|
87
|
-
driven_request.
|
|
88
|
-
expect(driven_request.
|
|
87
|
+
driven_request.populate_content_hash
|
|
88
|
+
expect(driven_request.content_hash).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
|
|
89
89
|
end
|
|
90
90
|
end
|
|
91
91
|
end
|
|
@@ -114,14 +114,14 @@ describe ApiAuth::RequestDrivers::HttpiRequest do
|
|
|
114
114
|
end
|
|
115
115
|
end
|
|
116
116
|
|
|
117
|
-
describe '
|
|
117
|
+
describe 'content_hash_mismatch?' do
|
|
118
118
|
context 'when there is no content body' do
|
|
119
119
|
before do
|
|
120
120
|
request.body = nil
|
|
121
121
|
end
|
|
122
122
|
|
|
123
123
|
it 'is false' do
|
|
124
|
-
expect(driven_request.
|
|
124
|
+
expect(driven_request.content_hash_mismatch?).to be false
|
|
125
125
|
end
|
|
126
126
|
end
|
|
127
127
|
|
|
@@ -132,23 +132,29 @@ describe ApiAuth::RequestDrivers::HttpiRequest do
|
|
|
132
132
|
|
|
133
133
|
context 'when calculated matches sent' do
|
|
134
134
|
before do
|
|
135
|
-
request.headers['Content-
|
|
135
|
+
request.headers['X-Authorization-Content-SHA256'] = 'JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g='
|
|
136
136
|
end
|
|
137
137
|
|
|
138
138
|
it 'is false' do
|
|
139
|
-
expect(driven_request.
|
|
139
|
+
expect(driven_request.content_hash_mismatch?).to be false
|
|
140
140
|
end
|
|
141
141
|
end
|
|
142
142
|
|
|
143
143
|
context "when calculated doesn't match sent" do
|
|
144
144
|
before do
|
|
145
|
-
request.headers['Content-
|
|
145
|
+
request.headers['X-Authorization-Content-SHA256'] = '3'
|
|
146
146
|
end
|
|
147
147
|
|
|
148
148
|
it 'is true' do
|
|
149
|
-
expect(driven_request.
|
|
149
|
+
expect(driven_request.content_hash_mismatch?).to be true
|
|
150
150
|
end
|
|
151
151
|
end
|
|
152
152
|
end
|
|
153
153
|
end
|
|
154
|
+
|
|
155
|
+
describe 'fetch_headers' do
|
|
156
|
+
it 'returns request headers' do
|
|
157
|
+
expect(driven_request.fetch_headers).to include('CONTENT-TYPE' => 'text/plain')
|
|
158
|
+
end
|
|
159
|
+
end
|
|
154
160
|
end
|
|
@@ -8,7 +8,7 @@ describe ApiAuth::RequestDrivers::NetHttpRequest do
|
|
|
8
8
|
let(:request_headers) do
|
|
9
9
|
{
|
|
10
10
|
'Authorization' => 'APIAuth 1044:12345',
|
|
11
|
-
'
|
|
11
|
+
'X-Authorization-Content-SHA256' => '47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=',
|
|
12
12
|
'content-type' => 'text/plain',
|
|
13
13
|
'date' => timestamp
|
|
14
14
|
}
|
|
@@ -36,8 +36,8 @@ describe ApiAuth::RequestDrivers::NetHttpRequest do
|
|
|
36
36
|
end
|
|
37
37
|
end
|
|
38
38
|
|
|
39
|
-
it 'gets the
|
|
40
|
-
expect(driven_request.
|
|
39
|
+
it 'gets the content_hash' do
|
|
40
|
+
expect(driven_request.content_hash).to eq('47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=')
|
|
41
41
|
end
|
|
42
42
|
|
|
43
43
|
it 'gets the request_uri' do
|
|
@@ -52,20 +52,20 @@ describe ApiAuth::RequestDrivers::NetHttpRequest do
|
|
|
52
52
|
expect(driven_request.authorization_header).to eq('APIAuth 1044:12345')
|
|
53
53
|
end
|
|
54
54
|
|
|
55
|
-
describe '#
|
|
56
|
-
it '
|
|
57
|
-
expect(driven_request.
|
|
55
|
+
describe '#calculated_hash' do
|
|
56
|
+
it 'calculate content hash from the body' do
|
|
57
|
+
expect(driven_request.calculated_hash).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
|
|
58
58
|
end
|
|
59
59
|
|
|
60
60
|
it 'treats no body as empty string' do
|
|
61
61
|
request.body = nil
|
|
62
|
-
expect(driven_request.
|
|
62
|
+
expect(driven_request.calculated_hash).to eq('47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=')
|
|
63
63
|
end
|
|
64
64
|
|
|
65
65
|
it 'calculates correctly for multipart content' do
|
|
66
66
|
request.body = nil
|
|
67
67
|
request.body_stream = File.new('spec/fixtures/upload.png')
|
|
68
|
-
expect(driven_request.
|
|
68
|
+
expect(driven_request.calculated_hash).to eq('AlKDe7kjMQhuKgKuNG8I7GA93MasHcaVJkJLaUT7+dY=')
|
|
69
69
|
end
|
|
70
70
|
end
|
|
71
71
|
|
|
@@ -99,15 +99,15 @@ describe ApiAuth::RequestDrivers::NetHttpRequest do
|
|
|
99
99
|
Net::HTTP::Put.new(request_path, request_headers)
|
|
100
100
|
end
|
|
101
101
|
|
|
102
|
-
describe '#
|
|
102
|
+
describe '#populate_content_hash' do
|
|
103
103
|
context 'when request type has no body' do
|
|
104
104
|
let(:request) do
|
|
105
105
|
Net::HTTP::Get.new(request_path, request_headers)
|
|
106
106
|
end
|
|
107
107
|
|
|
108
|
-
it "doesn't populate content
|
|
109
|
-
driven_request.
|
|
110
|
-
expect(request['Content-
|
|
108
|
+
it "doesn't populate content hash" do
|
|
109
|
+
driven_request.populate_content_hash
|
|
110
|
+
expect(request['X-Authorization-Content-SHA256']).to be_nil
|
|
111
111
|
end
|
|
112
112
|
end
|
|
113
113
|
|
|
@@ -118,14 +118,14 @@ describe ApiAuth::RequestDrivers::NetHttpRequest do
|
|
|
118
118
|
net_http_request
|
|
119
119
|
end
|
|
120
120
|
|
|
121
|
-
it 'populates content
|
|
122
|
-
driven_request.
|
|
123
|
-
expect(request['Content-
|
|
121
|
+
it 'populates content hash' do
|
|
122
|
+
driven_request.populate_content_hash
|
|
123
|
+
expect(request['X-Authorization-Content-SHA256']).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
|
|
124
124
|
end
|
|
125
125
|
|
|
126
126
|
it 'refreshes the cached headers' do
|
|
127
|
-
driven_request.
|
|
128
|
-
expect(driven_request.
|
|
127
|
+
driven_request.populate_content_hash
|
|
128
|
+
expect(driven_request.content_hash).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
|
|
129
129
|
end
|
|
130
130
|
end
|
|
131
131
|
end
|
|
@@ -154,14 +154,14 @@ describe ApiAuth::RequestDrivers::NetHttpRequest do
|
|
|
154
154
|
end
|
|
155
155
|
end
|
|
156
156
|
|
|
157
|
-
describe '
|
|
157
|
+
describe 'content_hash_mismatch?' do
|
|
158
158
|
context 'when request type has no body' do
|
|
159
159
|
let(:request) do
|
|
160
160
|
Net::HTTP::Get.new(request_path, request_headers)
|
|
161
161
|
end
|
|
162
162
|
|
|
163
163
|
it 'is false' do
|
|
164
|
-
expect(driven_request.
|
|
164
|
+
expect(driven_request.content_hash_mismatch?).to be false
|
|
165
165
|
end
|
|
166
166
|
end
|
|
167
167
|
|
|
@@ -174,23 +174,29 @@ describe ApiAuth::RequestDrivers::NetHttpRequest do
|
|
|
174
174
|
|
|
175
175
|
context 'when calculated matches sent' do
|
|
176
176
|
before do
|
|
177
|
-
request['Content-
|
|
177
|
+
request['X-Authorization-Content-SHA256'] = 'JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g='
|
|
178
178
|
end
|
|
179
179
|
|
|
180
180
|
it 'is false' do
|
|
181
|
-
expect(driven_request.
|
|
181
|
+
expect(driven_request.content_hash_mismatch?).to be false
|
|
182
182
|
end
|
|
183
183
|
end
|
|
184
184
|
|
|
185
185
|
context "when calculated doesn't match sent" do
|
|
186
186
|
before do
|
|
187
|
-
request['Content-
|
|
187
|
+
request['X-Authorization-Content-SHA256'] = '3'
|
|
188
188
|
end
|
|
189
189
|
|
|
190
190
|
it 'is true' do
|
|
191
|
-
expect(driven_request.
|
|
191
|
+
expect(driven_request.content_hash_mismatch?).to be true
|
|
192
192
|
end
|
|
193
193
|
end
|
|
194
194
|
end
|
|
195
195
|
end
|
|
196
|
+
|
|
197
|
+
describe 'fetch_headers' do
|
|
198
|
+
it 'returns request headers' do
|
|
199
|
+
expect(driven_request.fetch_headers).to include('content-type' => ['text/plain'])
|
|
200
|
+
end
|
|
201
|
+
end
|
|
196
202
|
end
|
|
@@ -8,7 +8,7 @@ describe ApiAuth::RequestDrivers::RackRequest do
|
|
|
8
8
|
let(:request_headers) do
|
|
9
9
|
{
|
|
10
10
|
'Authorization' => 'APIAuth 1044:12345',
|
|
11
|
-
'Content-
|
|
11
|
+
'X-Authorization-Content-SHA256' => '47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=',
|
|
12
12
|
'Content-Type' => 'text/plain',
|
|
13
13
|
'Date' => timestamp
|
|
14
14
|
}
|
|
@@ -31,8 +31,8 @@ describe ApiAuth::RequestDrivers::RackRequest do
|
|
|
31
31
|
expect(driven_request.content_type).to eq('text/plain')
|
|
32
32
|
end
|
|
33
33
|
|
|
34
|
-
it 'gets the
|
|
35
|
-
expect(driven_request.
|
|
34
|
+
it 'gets the content_hash' do
|
|
35
|
+
expect(driven_request.content_hash).to eq('47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=')
|
|
36
36
|
end
|
|
37
37
|
|
|
38
38
|
it 'gets the request_uri' do
|
|
@@ -47,9 +47,9 @@ describe ApiAuth::RequestDrivers::RackRequest do
|
|
|
47
47
|
expect(driven_request.authorization_header).to eq('APIAuth 1044:12345')
|
|
48
48
|
end
|
|
49
49
|
|
|
50
|
-
describe '#
|
|
51
|
-
it 'calculates
|
|
52
|
-
expect(driven_request.
|
|
50
|
+
describe '#calculated_hash' do
|
|
51
|
+
it 'calculates hash from the body' do
|
|
52
|
+
expect(driven_request.calculated_hash).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
|
|
53
53
|
end
|
|
54
54
|
|
|
55
55
|
it 'treats no body as empty string' do
|
|
@@ -60,7 +60,7 @@ describe ApiAuth::RequestDrivers::RackRequest do
|
|
|
60
60
|
).merge!(request_headers)
|
|
61
61
|
)
|
|
62
62
|
driven_request = ApiAuth::RequestDrivers::RackRequest.new(request)
|
|
63
|
-
expect(driven_request.
|
|
63
|
+
expect(driven_request.calculated_hash).to eq('47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=')
|
|
64
64
|
end
|
|
65
65
|
end
|
|
66
66
|
|
|
@@ -104,7 +104,7 @@ describe ApiAuth::RequestDrivers::RackRequest do
|
|
|
104
104
|
}
|
|
105
105
|
end
|
|
106
106
|
|
|
107
|
-
describe '#
|
|
107
|
+
describe '#populate_content_hash' do
|
|
108
108
|
context 'when getting' do
|
|
109
109
|
let(:request) do
|
|
110
110
|
Rack::Request.new(
|
|
@@ -115,9 +115,9 @@ describe ApiAuth::RequestDrivers::RackRequest do
|
|
|
115
115
|
)
|
|
116
116
|
end
|
|
117
117
|
|
|
118
|
-
it "doesn't populate content
|
|
119
|
-
driven_request.
|
|
120
|
-
expect(request.env['Content-
|
|
118
|
+
it "doesn't populate content hash" do
|
|
119
|
+
driven_request.populate_content_hash
|
|
120
|
+
expect(request.env['X-Authorization-Content-SHA256']).to be_nil
|
|
121
121
|
end
|
|
122
122
|
end
|
|
123
123
|
|
|
@@ -132,14 +132,14 @@ describe ApiAuth::RequestDrivers::RackRequest do
|
|
|
132
132
|
)
|
|
133
133
|
end
|
|
134
134
|
|
|
135
|
-
it 'populates content
|
|
136
|
-
driven_request.
|
|
137
|
-
expect(request.env['Content-
|
|
135
|
+
it 'populates content hash' do
|
|
136
|
+
driven_request.populate_content_hash
|
|
137
|
+
expect(request.env['X-Authorization-Content-SHA256']).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
|
|
138
138
|
end
|
|
139
139
|
|
|
140
140
|
it 'refreshes the cached headers' do
|
|
141
|
-
driven_request.
|
|
142
|
-
expect(driven_request.
|
|
141
|
+
driven_request.populate_content_hash
|
|
142
|
+
expect(driven_request.content_hash).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
|
|
143
143
|
end
|
|
144
144
|
end
|
|
145
145
|
|
|
@@ -154,14 +154,14 @@ describe ApiAuth::RequestDrivers::RackRequest do
|
|
|
154
154
|
)
|
|
155
155
|
end
|
|
156
156
|
|
|
157
|
-
it 'populates content
|
|
158
|
-
driven_request.
|
|
159
|
-
expect(request.env['Content-
|
|
157
|
+
it 'populates content hash' do
|
|
158
|
+
driven_request.populate_content_hash
|
|
159
|
+
expect(request.env['X-Authorization-Content-SHA256']).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
|
|
160
160
|
end
|
|
161
161
|
|
|
162
162
|
it 'refreshes the cached headers' do
|
|
163
|
-
driven_request.
|
|
164
|
-
expect(driven_request.
|
|
163
|
+
driven_request.populate_content_hash
|
|
164
|
+
expect(driven_request.content_hash).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
|
|
165
165
|
end
|
|
166
166
|
end
|
|
167
167
|
|
|
@@ -175,9 +175,9 @@ describe ApiAuth::RequestDrivers::RackRequest do
|
|
|
175
175
|
)
|
|
176
176
|
end
|
|
177
177
|
|
|
178
|
-
it "doesn't populate content
|
|
179
|
-
driven_request.
|
|
180
|
-
expect(request.env['Content-
|
|
178
|
+
it "doesn't populate content hash" do
|
|
179
|
+
driven_request.populate_content_hash
|
|
180
|
+
expect(request.env['X-Authorization-Content-SHA256']).to be_nil
|
|
181
181
|
end
|
|
182
182
|
end
|
|
183
183
|
end
|
|
@@ -206,7 +206,7 @@ describe ApiAuth::RequestDrivers::RackRequest do
|
|
|
206
206
|
end
|
|
207
207
|
end
|
|
208
208
|
|
|
209
|
-
describe '
|
|
209
|
+
describe 'content_hash_mismatch?' do
|
|
210
210
|
context 'when getting' do
|
|
211
211
|
let(:request) do
|
|
212
212
|
Rack::Request.new(
|
|
@@ -218,7 +218,7 @@ describe ApiAuth::RequestDrivers::RackRequest do
|
|
|
218
218
|
end
|
|
219
219
|
|
|
220
220
|
it 'is false' do
|
|
221
|
-
expect(driven_request.
|
|
221
|
+
expect(driven_request.content_hash_mismatch?).to be false
|
|
222
222
|
end
|
|
223
223
|
end
|
|
224
224
|
|
|
@@ -235,21 +235,21 @@ describe ApiAuth::RequestDrivers::RackRequest do
|
|
|
235
235
|
|
|
236
236
|
context 'when calculated matches sent' do
|
|
237
237
|
before do
|
|
238
|
-
request.env['Content-
|
|
238
|
+
request.env['X-Authorization-Content-SHA256'] = 'JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g='
|
|
239
239
|
end
|
|
240
240
|
|
|
241
241
|
it 'is false' do
|
|
242
|
-
expect(driven_request.
|
|
242
|
+
expect(driven_request.content_hash_mismatch?).to be false
|
|
243
243
|
end
|
|
244
244
|
end
|
|
245
245
|
|
|
246
246
|
context "when calculated doesn't match sent" do
|
|
247
247
|
before do
|
|
248
|
-
request.env['Content-
|
|
248
|
+
request.env['X-Authorization-Content-SHA256'] = '3'
|
|
249
249
|
end
|
|
250
250
|
|
|
251
251
|
it 'is true' do
|
|
252
|
-
expect(driven_request.
|
|
252
|
+
expect(driven_request.content_hash_mismatch?).to be true
|
|
253
253
|
end
|
|
254
254
|
end
|
|
255
255
|
end
|
|
@@ -267,21 +267,21 @@ describe ApiAuth::RequestDrivers::RackRequest do
|
|
|
267
267
|
|
|
268
268
|
context 'when calculated matches sent' do
|
|
269
269
|
before do
|
|
270
|
-
request.env['Content-
|
|
270
|
+
request.env['X-Authorization-Content-SHA256'] = 'JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g='
|
|
271
271
|
end
|
|
272
272
|
|
|
273
273
|
it 'is false' do
|
|
274
|
-
expect(driven_request.
|
|
274
|
+
expect(driven_request.content_hash_mismatch?).to be false
|
|
275
275
|
end
|
|
276
276
|
end
|
|
277
277
|
|
|
278
278
|
context "when calculated doesn't match sent" do
|
|
279
279
|
before do
|
|
280
|
-
request.env['Content-
|
|
280
|
+
request.env['X-Authorization-Content-SHA256'] = '3'
|
|
281
281
|
end
|
|
282
282
|
|
|
283
283
|
it 'is true' do
|
|
284
|
-
expect(driven_request.
|
|
284
|
+
expect(driven_request.content_hash_mismatch?).to be true
|
|
285
285
|
end
|
|
286
286
|
end
|
|
287
287
|
end
|
|
@@ -297,8 +297,14 @@ describe ApiAuth::RequestDrivers::RackRequest do
|
|
|
297
297
|
end
|
|
298
298
|
|
|
299
299
|
it 'is false' do
|
|
300
|
-
expect(driven_request.
|
|
300
|
+
expect(driven_request.content_hash_mismatch?).to be false
|
|
301
301
|
end
|
|
302
302
|
end
|
|
303
303
|
end
|
|
304
|
+
|
|
305
|
+
describe 'fetch_headers' do
|
|
306
|
+
it 'returns request headers' do
|
|
307
|
+
expect(driven_request.fetch_headers).to include('CONTENT-TYPE' => 'text/plain')
|
|
308
|
+
end
|
|
309
|
+
end
|
|
304
310
|
end
|