api-auth 2.3.0 → 2.3.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 92c94ba421b1f15829f9b16eb5bcbeb55c773298023134786011282639cba630
-  data.tar.gz: e14ce2ddf081464504b55a8aecd44afbc9526945a89c27e5a96d8bf500c1fa52
+  metadata.gz: b5a7d758deeb4447ee54a3024647e2fb02a4cca21bd4966bd902f381bcadf80a
+  data.tar.gz: ebfad82648a644a014d4d1b316c664564ba3add87db5033395ffd100bef9b988
 SHA512:
-  metadata.gz: d392d56ebd5dd7592a363d623c51fe00750d97fc212114d37d6c79a650bc3c0c7bfa020bf6e4c2f207f6c2dd71ac67cabf6affbbe28d4c7b6c1d757c67abc90a
-  data.tar.gz: f88c2d4d14dc61b5f9e867aecf4c3680e117ef6194617447963ddea1b6f93e5d3de7e414bc2da12e4c251d5803a4a2d28e91f5d817f29809aa7cc260d299af16
+  metadata.gz: c0f369dd45bad4407dacbfdae026d98fea20368f6d3deff3cbf1bdb7fd57abdb6495bbaa8098fc051204d0cfd9ab9733b8a42fca53114e60a05da863f83f2b9a
+  data.tar.gz: ef53f902cc3786257cadadaecf6009732de47a643cabf728f928ff8cb63933c04b59537a850f96d4729c8cb0c04e588c0b8521f630c3a318b3ebec4c5c8d7ef4

data/CHANGELOG.md

@@ -1,3 +1,6 @@
+# 2.3.1 (2018-11-06)
+- Fixed a regression in the http.rb driver (#173 tycooon)
+
 # 2.3.0 (2018-10-23)
 - Added support for Grape API (#169 phuongnd08 & dunghuynh)
 - Added option for specifying customer headers to sign via new `headers_to_sign`

data/README.md

@@ -1,6 +1,7 @@
 # ApiAuth
 
-[![Build Status](https://travis-ci.org/mgomes/api_auth.png?branch=master)](https://travis-ci.org/mgomes/api_auth)
+[![Build Status](https://travis-ci.org/mgomes/api_auth.svg?branch=master)](https://travis-ci.org/mgomes/api_auth)
+[![Gem Version](https://badge.fury.io/rb/api-auth.svg)](https://badge.fury.io/rb/api-auth)
 
 Logins and passwords are for humans. Communication between applications need to
 be protected through different means.
@@ -138,14 +139,6 @@ to:
 
     Authorization = APIAuth-HMAC-DIGEST_NAME 'client access id':'signature'
 
-If you want to sign custom headers, you can pass them as an array of strings in the options like so:
-
-``` ruby
-    @signed_request = ApiAuth.sign!(@request, @access_id, @secret_key, headers_to_sign: %w[HTTP_HEADER_NAME])
-```
-
-With the specified headers values being at the end of the canonical string in the same order.
-
 ### ActiveResource Clients
 
 ApiAuth can transparently protect your ActiveResource communications with a
@@ -209,6 +202,14 @@ The default span is 15 minutes, but you can override this:
     ApiAuth.authentic?(signed_request, secret_key, :clock_skew => 60) # or 1.minute in ActiveSupport
 ```
 
+If you want to sign custom headers, you can pass them as an array of strings in the options like so:
+
+``` ruby
+    ApiAuth.authentic?(signed_request, secret_key, headers_to_sign: %w[HTTP_HEADER_NAME])
+```
+
+With the specified headers values being at the end of the canonical string in the same order.
+
 If your server is a Rails app, the signed request will be the `request` object.
 
 In order to obtain the secret key for the client, you first need to look up the

data/VERSION

@@ -1 +1 @@
-2.3.0
+2.3.1

data/gemfiles/http4.gemfile

@@ -2,6 +2,6 @@
 
 source 'https://rubygems.org'
 
-gem 'http', github: 'httprb/http'
+gem 'http', '~> 4.0'
 
 gemspec path: '../'

data/lib/api_auth/base.rb

@@ -71,7 +71,7 @@ module ApiAuth
 
     private
 
-    AUTH_HEADER_PATTERN = /APIAuth(?:-HMAC-(MD5|SHA(?:1|224|256|384|512)?))? ([^:]+):(.+)$/
+    AUTH_HEADER_PATTERN = /APIAuth(?:-HMAC-(MD5|SHA(?:1|224|256|384|512)?))? ([^:]+):(.+)$/.freeze
 
     def request_within_time_window?(headers, clock_skew)
       Time.httpdate(headers.timestamp).utc > (Time.now.utc - clock_skew) &&

data/lib/api_auth/request_drivers/http.rb

@@ -72,6 +72,10 @@ module ApiAuth
         end
       end
 
+      def fetch_headers
+        capitalize_keys @request.headers.to_h
+      end
+
       private
 
       def find_header(keys)

data/spec/request_drivers/action_controller_spec.rb

@@ -80,12 +80,12 @@ if defined?(ActionController::Request)
     describe 'setting headers correctly' do
       let(:request) do
         ActionController::Request.new(
-          'PATH_INFO'      => '/resource.xml',
-          'QUERY_STRING'   => 'foo=bar&bar=foo',
+          'PATH_INFO' => '/resource.xml',
+          'QUERY_STRING' => 'foo=bar&bar=foo',
           'REQUEST_METHOD' => 'PUT',
-          'CONTENT_TYPE'   => 'text/plain',
+          'CONTENT_TYPE' => 'text/plain',
           'CONTENT_LENGTH' => '11',
-          'rack.input'     => StringIO.new("hello\nworld")
+          'rack.input' => StringIO.new("hello\nworld")
         )
       end
 
@@ -231,4 +231,10 @@ if defined?(ActionController::Request)
       end
     end
   end
+
+  describe 'fetch_headers' do
+    it 'returns request headers' do
+      expect(driven_request.fetch_headers).to include('CONTENT-TYPE' => 'text/plain')
+    end
+  end
 end

data/spec/request_drivers/action_dispatch_spec.rb

@@ -7,15 +7,15 @@ if defined?(ActionDispatch::Request)
 
     let(:request) do
       ActionDispatch::Request.new(
-        'AUTHORIZATION'  => 'APIAuth 1044:12345',
-        'PATH_INFO'      => '/resource.xml',
-        'QUERY_STRING'   => 'foo=bar&bar=foo',
+        'AUTHORIZATION' => 'APIAuth 1044:12345',
+        'PATH_INFO' => '/resource.xml',
+        'QUERY_STRING' => 'foo=bar&bar=foo',
         'REQUEST_METHOD' => 'PUT',
-        'CONTENT_MD5'    => '1B2M2Y8AsgTpgAmY7PhCfg==',
-        'CONTENT_TYPE'   => 'text/plain',
+        'CONTENT_MD5' => '1B2M2Y8AsgTpgAmY7PhCfg==',
+        'CONTENT_TYPE' => 'text/plain',
         'CONTENT_LENGTH' => '11',
-        'HTTP_DATE'      => timestamp,
-        'rack.input'     => StringIO.new("hello\nworld")
+        'HTTP_DATE' => timestamp,
+        'rack.input' => StringIO.new("hello\nworld")
       )
     end
 
@@ -80,12 +80,12 @@ if defined?(ActionDispatch::Request)
     describe 'setting headers correctly' do
       let(:request) do
         ActionDispatch::Request.new(
-          'PATH_INFO'      => '/resource.xml',
-          'QUERY_STRING'   => 'foo=bar&bar=foo',
+          'PATH_INFO' => '/resource.xml',
+          'QUERY_STRING' => 'foo=bar&bar=foo',
           'REQUEST_METHOD' => 'PUT',
-          'CONTENT_TYPE'   => 'text/plain',
+          'CONTENT_TYPE' => 'text/plain',
           'CONTENT_LENGTH' => '11',
-          'rack.input'     => StringIO.new("hello\nworld")
+          'rack.input' => StringIO.new("hello\nworld")
         )
       end
 
@@ -230,5 +230,11 @@ if defined?(ActionDispatch::Request)
         end
       end
     end
+
+    describe 'fetch_headers' do
+      it 'returns request headers' do
+        expect(driven_request.fetch_headers).to include('CONTENT_TYPE' => 'text/plain')
+      end
+    end
   end
 end

data/spec/request_drivers/curb_spec.rb

@@ -6,9 +6,9 @@ describe ApiAuth::RequestDrivers::CurbRequest do
   let(:request) do
     headers = {
       'Authorization' => 'APIAuth 1044:12345',
-      'Content-MD5'   => '1B2M2Y8AsgTpgAmY7PhCfg==',
-      'Content-Type'  => 'text/plain',
-      'Date'          => timestamp
+      'Content-MD5' => '1B2M2Y8AsgTpgAmY7PhCfg==',
+      'Content-Type' => 'text/plain',
+      'Date' => timestamp
     }
     Curl::Easy.new('/resource.xml?foo=bar&bar=foo') do |curl|
       curl.headers = headers
@@ -91,4 +91,10 @@ describe ApiAuth::RequestDrivers::CurbRequest do
       expect(driven_request.md5_mismatch?).to be false
     end
   end
+
+  describe 'fetch_headers' do
+    it 'returns request headers' do
+      expect(driven_request.fetch_headers).to include('CONTENT-TYPE' => 'text/plain')
+    end
+  end
 end

data/spec/request_drivers/faraday_spec.rb

@@ -256,4 +256,10 @@ describe ApiAuth::RequestDrivers::FaradayRequest do
       end
     end
   end
+
+  describe 'fetch_headers' do
+    it 'returns request headers' do
+      expect(driven_request.fetch_headers).to include('CONTENT-TYPE' => 'text/plain')
+    end
+  end
 end

data/spec/request_drivers/grape_request_spec.rb

@@ -268,4 +268,12 @@ describe ApiAuth::RequestDrivers::GrapeRequest do
       end
     end
   end
+
+  describe 'fetch_headers' do
+    it 'returns request headers' do
+      expect(driven_request.fetch_headers).to include(
+        'CONTENT_TYPE' => 'application/x-www-form-urlencoded'
+      )
+    end
+  end
 end

data/spec/request_drivers/http_spec.rb

@@ -181,4 +181,10 @@ describe ApiAuth::RequestDrivers::HttpRequest do
       end
     end
   end
+
+  describe 'fetch_headers' do
+    it 'returns request headers' do
+      expect(driven_request.fetch_headers).to include('CONTENT-TYPE' => 'text/plain')
+    end
+  end
 end

data/spec/request_drivers/httpi_spec.rb

@@ -151,4 +151,10 @@ describe ApiAuth::RequestDrivers::HttpiRequest do
       end
     end
   end
+
+  describe 'fetch_headers' do
+    it 'returns request headers' do
+      expect(driven_request.fetch_headers).to include('CONTENT-TYPE' => 'text/plain')
+    end
+  end
 end

data/spec/request_drivers/net_http_spec.rb

@@ -193,4 +193,10 @@ describe ApiAuth::RequestDrivers::NetHttpRequest do
       end
     end
   end
+
+  describe 'fetch_headers' do
+    it 'returns request headers' do
+      expect(driven_request.fetch_headers).to include('content-type' => ['text/plain'])
+    end
+  end
 end

data/spec/request_drivers/rack_spec.rb

@@ -301,4 +301,10 @@ describe ApiAuth::RequestDrivers::RackRequest do
       end
     end
   end
+
+  describe 'fetch_headers' do
+    it 'returns request headers' do
+      expect(driven_request.fetch_headers).to include('CONTENT-TYPE' => 'text/plain')
+    end
+  end
 end

data/spec/request_drivers/rest_client_spec.rb

@@ -395,4 +395,10 @@ describe ApiAuth::RequestDrivers::RestClientRequest do
       expect(request.processed_headers).to have_key('Content-Type')
     end
   end
+
+  describe 'fetch_headers' do
+    it 'returns request headers' do
+      expect(driven_request.fetch_headers).to include('CONTENT-TYPE' => 'text/plain')
+    end
+  end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: api-auth
 version: !ruby/object:Gem::Version
-  version: 2.3.0
+  version: 2.3.1
 platform: ruby
 authors:
 - Mauricio Gomes
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-10-23 00:00:00.000000000 Z
+date: 2018-11-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: actionpack