api-auth 2.3.1 → 2.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (53) hide show
  1. checksums.yaml +4 -4
  2. data/.github/workflows/main.yml +67 -0
  3. data/.gitignore +2 -0
  4. data/.rubocop.yml +16 -3
  5. data/.rubocop_todo.yml +30 -20
  6. data/Appraisals +12 -18
  7. data/CHANGELOG.md +16 -0
  8. data/Gemfile +0 -2
  9. data/README.md +82 -50
  10. data/VERSION +1 -1
  11. data/api_auth.gemspec +11 -4
  12. data/gemfiles/rails_52.gemfile +5 -5
  13. data/gemfiles/rails_60.gemfile +9 -0
  14. data/gemfiles/rails_61.gemfile +9 -0
  15. data/lib/api_auth/base.rb +2 -2
  16. data/lib/api_auth/headers.rb +6 -6
  17. data/lib/api_auth/helpers.rb +2 -2
  18. data/lib/api_auth/railtie.rb +13 -5
  19. data/lib/api_auth/request_drivers/action_controller.rb +8 -8
  20. data/lib/api_auth/request_drivers/curb.rb +4 -4
  21. data/lib/api_auth/request_drivers/faraday.rb +11 -11
  22. data/lib/api_auth/request_drivers/grape_request.rb +8 -8
  23. data/lib/api_auth/request_drivers/http.rb +8 -8
  24. data/lib/api_auth/request_drivers/httpi.rb +8 -8
  25. data/lib/api_auth/request_drivers/net_http.rb +8 -8
  26. data/lib/api_auth/request_drivers/rack.rb +8 -8
  27. data/lib/api_auth/request_drivers/rest_client.rb +8 -8
  28. data/spec/api_auth_spec.rb +8 -8
  29. data/spec/headers_spec.rb +26 -26
  30. data/spec/helpers_spec.rb +1 -1
  31. data/spec/railtie_spec.rb +3 -3
  32. data/spec/request_drivers/action_controller_spec.rb +74 -35
  33. data/spec/request_drivers/action_dispatch_spec.rb +74 -35
  34. data/spec/request_drivers/curb_spec.rb +8 -8
  35. data/spec/request_drivers/faraday_spec.rb +43 -43
  36. data/spec/request_drivers/grape_request_spec.rb +33 -32
  37. data/spec/request_drivers/http_spec.rb +23 -23
  38. data/spec/request_drivers/httpi_spec.rb +22 -22
  39. data/spec/request_drivers/net_http_spec.rb +23 -23
  40. data/spec/request_drivers/rack_spec.rb +35 -35
  41. data/spec/request_drivers/rest_client_spec.rb +36 -36
  42. data/spec/spec_helper.rb +1 -1
  43. metadata +52 -30
  44. data/.travis.yml +0 -34
  45. data/gemfiles/http2.gemfile +0 -7
  46. data/gemfiles/http3.gemfile +0 -7
  47. data/gemfiles/http4.gemfile +0 -7
  48. data/gemfiles/rails_4.gemfile +0 -11
  49. data/gemfiles/rails_41.gemfile +0 -11
  50. data/gemfiles/rails_42.gemfile +0 -11
  51. data/gemfiles/rails_5.gemfile +0 -11
  52. data/gemfiles/rails_51.gemfile +0 -9
  53. data/spec/.rubocop.yml +0 -5
@@ -61,7 +61,7 @@ module ApiAuth
61
61
 
62
62
  canonical_array = [request_method.upcase,
63
63
  @request.content_type,
64
- @request.content_md5,
64
+ @request.content_hash,
65
65
  parse_uri(@request.original_uri || @request.request_uri),
66
66
  @request.timestamp]
67
67
 
@@ -81,15 +81,15 @@ module ApiAuth
81
81
  @request.set_date if @request.timestamp.nil?
82
82
  end
83
83
 
84
- def calculate_md5
85
- @request.populate_content_md5 if @request.content_md5.nil?
84
+ def calculate_hash
85
+ @request.populate_content_hash if @request.content_hash.nil?
86
86
  end
87
87
 
88
- def md5_mismatch?
89
- if @request.content_md5.nil?
88
+ def content_hash_mismatch?
89
+ if @request.content_hash.nil?
90
90
  false
91
91
  else
92
- @request.md5_mismatch?
92
+ @request.content_hash_mismatch?
93
93
  end
94
94
  end
95
95
 
@@ -4,8 +4,8 @@ module ApiAuth
4
4
  Base64.strict_encode64(string)
5
5
  end
6
6
 
7
- def md5_base64digest(string)
8
- Digest::MD5.base64digest(string)
7
+ def sha256_base64digest(string)
8
+ Digest::SHA256.base64digest(string)
9
9
  end
10
10
 
11
11
  # Capitalizes the keys of a hash
@@ -13,7 +13,11 @@ module ApiAuth
13
13
  end
14
14
  end
15
15
 
16
- ActionController::Base.send(:include, ControllerMethods::InstanceMethods) if defined?(ActionController::Base)
16
+ if defined?(ActiveSupport)
17
+ ActiveSupport.on_load(:action_controller) do
18
+ ActionController::Base.include(ControllerMethods::InstanceMethods)
19
+ end
20
+ end
17
21
  end # ControllerMethods
18
22
 
19
23
  module ActiveResourceExtension # :nodoc:
@@ -69,7 +73,9 @@ module ApiAuth
69
73
  tmp = "Net::HTTP::#{method.to_s.capitalize}".constantize.new(path, h)
70
74
  tmp.body = arguments[0] if arguments.length > 1
71
75
  ApiAuth.sign!(tmp, hmac_access_id, hmac_secret_key, api_auth_options)
72
- arguments.last['Content-MD5'] = tmp['Content-MD5'] if tmp['Content-MD5']
76
+ if tmp['X-Authorization-Content-SHA256']
77
+ arguments.last['X-Authorization-Content-SHA256'] = tmp['X-Authorization-Content-SHA256']
78
+ end
73
79
  arguments.last['DATE'] = tmp['DATE']
74
80
  arguments.last['Authorization'] = tmp['Authorization']
75
81
  end
@@ -78,9 +84,11 @@ module ApiAuth
78
84
  end
79
85
  end # Connection
80
86
 
81
- if defined?(ActiveResource)
82
- ActiveResource::Base.send(:include, ActiveResourceApiAuth)
83
- ActiveResource::Connection.send(:include, Connection)
87
+ if defined?(ActiveSupport)
88
+ ActiveSupport.on_load(:active_resource) do
89
+ ActiveResource::Base.include(ActiveResourceApiAuth)
90
+ ActiveResource::Connection.include(Connection)
91
+ end
84
92
  end
85
93
  end # ActiveResourceExtension
86
94
  end # Rails
@@ -15,21 +15,21 @@ module ApiAuth
15
15
  @request
16
16
  end
17
17
 
18
- def calculated_md5
18
+ def calculated_hash
19
19
  body = @request.raw_post
20
- md5_base64digest(body)
20
+ sha256_base64digest(body)
21
21
  end
22
22
 
23
- def populate_content_md5
23
+ def populate_content_hash
24
24
  return unless @request.put? || @request.post?
25
25
 
26
- @request.env['Content-MD5'] = calculated_md5
26
+ @request.env['X-AUTHORIZATION-CONTENT-SHA256'] = calculated_hash
27
27
  fetch_headers
28
28
  end
29
29
 
30
- def md5_mismatch?
30
+ def content_hash_mismatch?
31
31
  if @request.put? || @request.post?
32
- calculated_md5 != content_md5
32
+ calculated_hash != content_hash
33
33
  else
34
34
  false
35
35
  end
@@ -47,8 +47,8 @@ module ApiAuth
47
47
  find_header(%w[CONTENT-TYPE CONTENT_TYPE HTTP_CONTENT_TYPE])
48
48
  end
49
49
 
50
- def content_md5
51
- find_header(%w[CONTENT-MD5 CONTENT_MD5 HTTP_CONTENT_MD5])
50
+ def content_hash
51
+ find_header(%w[X-AUTHORIZATION-CONTENT-SHA256 X_AUTHORIZATION_CONTENT_SHA256 HTTP_X_AUTHORIZATION_CONTENT_SHA256])
52
52
  end
53
53
 
54
54
  def original_uri
@@ -15,11 +15,11 @@ module ApiAuth
15
15
  @request
16
16
  end
17
17
 
18
- def populate_content_md5
18
+ def populate_content_hash
19
19
  nil # doesn't appear to be possible
20
20
  end
21
21
 
22
- def md5_mismatch?
22
+ def content_hash_mismatch?
23
23
  false
24
24
  end
25
25
 
@@ -35,8 +35,8 @@ module ApiAuth
35
35
  find_header(%w[CONTENT-TYPE CONTENT_TYPE HTTP_CONTENT_TYPE])
36
36
  end
37
37
 
38
- def content_md5
39
- find_header(%w[CONTENT-MD5 CONTENT_MD5])
38
+ def content_hash
39
+ find_header(%w[X-AUTHORIZATION-CONTENT-SHA256])
40
40
  end
41
41
 
42
42
  def original_uri
@@ -15,21 +15,21 @@ module ApiAuth
15
15
  @request
16
16
  end
17
17
 
18
- def calculated_md5
18
+ def calculated_hash
19
19
  body = @request.body || ''
20
- md5_base64digest(body)
20
+ sha256_base64digest(body)
21
21
  end
22
22
 
23
- def populate_content_md5
24
- return unless %w[POST PUT].include?(@request.method.to_s.upcase)
23
+ def populate_content_hash
24
+ return unless %w[POST PUT].include?(@request.http_method.to_s.upcase)
25
25
 
26
- @request.headers['Content-MD5'] = calculated_md5
26
+ @request.headers['X-Authorization-Content-SHA256'] = calculated_hash
27
27
  fetch_headers
28
28
  end
29
29
 
30
- def md5_mismatch?
31
- if %w[POST PUT].include?(@request.method.to_s.upcase)
32
- calculated_md5 != content_md5
30
+ def content_hash_mismatch?
31
+ if %w[POST PUT].include?(@request.http_method.to_s.upcase)
32
+ calculated_hash != content_hash
33
33
  else
34
34
  false
35
35
  end
@@ -40,15 +40,15 @@ module ApiAuth
40
40
  end
41
41
 
42
42
  def http_method
43
- @request.method.to_s.upcase
43
+ @request.http_method.to_s.upcase
44
44
  end
45
45
 
46
46
  def content_type
47
47
  find_header(%w[CONTENT-TYPE CONTENT_TYPE HTTP_CONTENT_TYPE])
48
48
  end
49
49
 
50
- def content_md5
51
- find_header(%w[CONTENT-MD5 CONTENT_MD5 HTTP-CONTENT-MD5 HTTP_CONTENT_MD5])
50
+ def content_hash
51
+ find_header(%w[X-AUTHORIZATION-CONTENT-SHA256])
52
52
  end
53
53
 
54
54
  def original_uri
@@ -15,22 +15,22 @@ module ApiAuth
15
15
  @request
16
16
  end
17
17
 
18
- def calculated_md5
18
+ def calculated_hash
19
19
  body = @request.body.read
20
20
  @request.body.rewind
21
- md5_base64digest(body)
21
+ sha256_base64digest(body)
22
22
  end
23
23
 
24
- def populate_content_md5
24
+ def populate_content_hash
25
25
  return if !@request.put? && !@request.post?
26
26
 
27
- @request.env['HTTP_CONTENT_MD5'] = calculated_md5
27
+ @request.env['HTTP_X_AUTHORIZATION_CONTENT_SHA256'] = calculated_hash
28
28
  save_headers
29
29
  end
30
30
 
31
- def md5_mismatch?
31
+ def content_hash_mismatch?
32
32
  if @request.put? || @request.post?
33
- calculated_md5 != content_md5
33
+ calculated_hash != content_hash
34
34
  else
35
35
  false
36
36
  end
@@ -48,8 +48,8 @@ module ApiAuth
48
48
  find_header %w[HTTP_X_HMAC_CONTENT_TYPE HTTP_X_CONTENT_TYPE CONTENT-TYPE CONTENT_TYPE HTTP_CONTENT_TYPE]
49
49
  end
50
50
 
51
- def content_md5
52
- find_header %w[HTTP_X_HMAC_CONTENT_MD5 HTTP_X_CONTENT_MD5 CONTENT-MD5 CONTENT_MD5 HTTP_CONTENT_MD5]
51
+ def content_hash
52
+ find_header %w[HTTP_X_AUTHORIZATION_CONTENT_SHA256]
53
53
  end
54
54
 
55
55
  def original_uri
@@ -12,19 +12,19 @@ module ApiAuth
12
12
  @request
13
13
  end
14
14
 
15
- def calculated_md5
16
- md5_base64digest(body)
15
+ def calculated_hash
16
+ sha256_base64digest(body)
17
17
  end
18
18
 
19
- def populate_content_md5
19
+ def populate_content_hash
20
20
  return unless %w[POST PUT].include?(http_method)
21
21
 
22
- @request['Content-MD5'] = calculated_md5
22
+ @request['X-Authorization-Content-SHA256'] = calculated_hash
23
23
  end
24
24
 
25
- def md5_mismatch?
25
+ def content_hash_mismatch?
26
26
  if %w[POST PUT].include?(http_method)
27
- calculated_md5 != content_md5
27
+ calculated_hash != content_hash
28
28
  else
29
29
  false
30
30
  end
@@ -38,8 +38,8 @@ module ApiAuth
38
38
  find_header(%w[CONTENT-TYPE CONTENT_TYPE HTTP_CONTENT_TYPE])
39
39
  end
40
40
 
41
- def content_md5
42
- find_header(%w[CONTENT-MD5 CONTENT_MD5])
41
+ def content_hash
42
+ find_header(%w[X-AUTHORIZATION-CONTENT-SHA256])
43
43
  end
44
44
 
45
45
  def original_uri
@@ -15,20 +15,20 @@ module ApiAuth
15
15
  @request
16
16
  end
17
17
 
18
- def calculated_md5
19
- md5_base64digest(@request.body || '')
18
+ def calculated_hash
19
+ sha256_base64digest(@request.body || '')
20
20
  end
21
21
 
22
- def populate_content_md5
22
+ def populate_content_hash
23
23
  return unless @request.body
24
24
 
25
- @request.headers['Content-MD5'] = calculated_md5
25
+ @request.headers['X-Authorization-Content-SHA256'] = calculated_hash
26
26
  fetch_headers
27
27
  end
28
28
 
29
- def md5_mismatch?
29
+ def content_hash_mismatch?
30
30
  if @request.body
31
- calculated_md5 != content_md5
31
+ calculated_hash != content_hash
32
32
  else
33
33
  false
34
34
  end
@@ -46,8 +46,8 @@ module ApiAuth
46
46
  find_header(%w[CONTENT-TYPE CONTENT_TYPE HTTP_CONTENT_TYPE])
47
47
  end
48
48
 
49
- def content_md5
50
- find_header(%w[CONTENT-MD5 CONTENT_MD5])
49
+ def content_hash
50
+ find_header(%w[X-AUTHORIZATION-CONTENT-SHA256])
51
51
  end
52
52
 
53
53
  def original_uri
@@ -15,7 +15,7 @@ module ApiAuth
15
15
  @request
16
16
  end
17
17
 
18
- def calculated_md5
18
+ def calculated_hash
19
19
  if @request.respond_to?(:body_stream) && @request.body_stream
20
20
  body = @request.body_stream.read
21
21
  @request.body_stream.rewind
@@ -23,18 +23,18 @@ module ApiAuth
23
23
  body = @request.body
24
24
  end
25
25
 
26
- md5_base64digest(body || '')
26
+ sha256_base64digest(body || '')
27
27
  end
28
28
 
29
- def populate_content_md5
29
+ def populate_content_hash
30
30
  return unless @request.class::REQUEST_HAS_BODY
31
31
 
32
- @request['Content-MD5'] = calculated_md5
32
+ @request['X-Authorization-Content-SHA256'] = calculated_hash
33
33
  end
34
34
 
35
- def md5_mismatch?
35
+ def content_hash_mismatch?
36
36
  if @request.class::REQUEST_HAS_BODY
37
- calculated_md5 != content_md5
37
+ calculated_hash != content_hash
38
38
  else
39
39
  false
40
40
  end
@@ -52,8 +52,8 @@ module ApiAuth
52
52
  find_header(%w[CONTENT-TYPE CONTENT_TYPE HTTP_CONTENT_TYPE])
53
53
  end
54
54
 
55
- def content_md5
56
- find_header(%w[CONTENT-MD5 CONTENT_MD5])
55
+ def content_hash
56
+ find_header(%w[X-Authorization-Content-SHA256])
57
57
  end
58
58
 
59
59
  def original_uri
@@ -15,26 +15,26 @@ module ApiAuth
15
15
  @request
16
16
  end
17
17
 
18
- def calculated_md5
18
+ def calculated_hash
19
19
  if @request.body
20
20
  body = @request.body.read
21
21
  @request.body.rewind
22
22
  else
23
23
  body = ''
24
24
  end
25
- md5_base64digest(body)
25
+ sha256_base64digest(body)
26
26
  end
27
27
 
28
- def populate_content_md5
28
+ def populate_content_hash
29
29
  return unless %w[POST PUT].include?(@request.request_method)
30
30
 
31
- @request.env['Content-MD5'] = calculated_md5
31
+ @request.env['X-Authorization-Content-SHA256'] = calculated_hash
32
32
  fetch_headers
33
33
  end
34
34
 
35
- def md5_mismatch?
35
+ def content_hash_mismatch?
36
36
  if %w[POST PUT].include?(@request.request_method)
37
- calculated_md5 != content_md5
37
+ calculated_hash != content_hash
38
38
  else
39
39
  false
40
40
  end
@@ -52,8 +52,8 @@ module ApiAuth
52
52
  find_header(%w[CONTENT-TYPE CONTENT_TYPE HTTP_CONTENT_TYPE])
53
53
  end
54
54
 
55
- def content_md5
56
- find_header(%w[CONTENT-MD5 CONTENT_MD5 HTTP-CONTENT-MD5 HTTP_CONTENT_MD5])
55
+ def content_hash
56
+ find_header(%w[X-AUTHORIZATION-CONTENT-SHA256])
57
57
  end
58
58
 
59
59
  def original_uri
@@ -18,26 +18,26 @@ module ApiAuth
18
18
  @request
19
19
  end
20
20
 
21
- def calculated_md5
21
+ def calculated_hash
22
22
  if @request.payload
23
23
  body = @request.payload.read
24
24
  @request.payload.instance_variable_get(:@stream).seek(0)
25
25
  else
26
26
  body = ''
27
27
  end
28
- md5_base64digest(body)
28
+ sha256_base64digest(body)
29
29
  end
30
30
 
31
- def populate_content_md5
31
+ def populate_content_hash
32
32
  return unless %w[post put].include?(@request.method.to_s)
33
33
 
34
- @request.headers['Content-MD5'] = calculated_md5
34
+ @request.headers['X-Authorization-Content-SHA256'] = calculated_hash
35
35
  save_headers
36
36
  end
37
37
 
38
- def md5_mismatch?
38
+ def content_hash_mismatch?
39
39
  if %w[post put].include?(@request.method.to_s)
40
- calculated_md5 != content_md5
40
+ calculated_hash != content_hash
41
41
  else
42
42
  false
43
43
  end
@@ -55,8 +55,8 @@ module ApiAuth
55
55
  find_header(%w[CONTENT-TYPE CONTENT_TYPE HTTP_CONTENT_TYPE])
56
56
  end
57
57
 
58
- def content_md5
59
- find_header(%w[CONTENT-MD5 CONTENT_MD5])
58
+ def content_hash
59
+ find_header(%w[X-AUTHORIZATION-CONTENT-SHA256])
60
60
  end
61
61
 
62
62
  def original_uri
@@ -1,4 +1,4 @@
1
- require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
1
+ require 'spec_helper'
2
2
 
3
3
  describe 'ApiAuth' do
4
4
  describe 'generating secret keys' do
@@ -36,9 +36,9 @@ describe 'ApiAuth' do
36
36
  ApiAuth.sign!(request, 'abc', '123')
37
37
  end
38
38
 
39
- it 'generates content-md5 header before signing' do
39
+ it 'generates X-Authorization-Content-SHA256 header before signing' do
40
40
  expect(ApiAuth::Headers).to receive(:new).and_return(headers)
41
- expect(headers).to receive(:calculate_md5).ordered
41
+ expect(headers).to receive(:calculate_hash).ordered
42
42
  expect(headers).to receive(:sign_header).ordered
43
43
 
44
44
  ApiAuth.sign!(request, 'abc', '123')
@@ -58,7 +58,7 @@ describe 'ApiAuth' do
58
58
  let(:request) do
59
59
  Net::HTTP::Put.new('/resource.xml?foo=bar&bar=foo',
60
60
  'content-type' => 'text/plain',
61
- 'content-md5' => '1B2M2Y8AsgTpgAmY7PhCfg==',
61
+ 'content-hash' => '47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=',
62
62
  'date' => Time.now.utc.httpdate)
63
63
  end
64
64
 
@@ -76,7 +76,7 @@ describe 'ApiAuth' do
76
76
  let(:request) do
77
77
  Net::HTTP::Put.new('/resource.xml?foo=bar&bar=foo',
78
78
  'content-type' => 'text/plain',
79
- 'content-md5' => '1B2M2Y8AsgTpgAmY7PhCfg==',
79
+ 'X-Authorization-Content-SHA256' => '47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=',
80
80
  'date' => Time.now.utc.httpdate)
81
81
  end
82
82
 
@@ -94,8 +94,8 @@ describe 'ApiAuth' do
94
94
  expect(ApiAuth.authentic?(signed_request, '456')).to eq false
95
95
  end
96
96
 
97
- it 'fails to validate non matching md5' do
98
- request['content-md5'] = '12345'
97
+ it 'fails to validate non matching hash' do
98
+ request['X-Authorization-Content-SHA256'] = '12345'
99
99
  expect(ApiAuth.authentic?(signed_request, '123')).to eq false
100
100
  end
101
101
 
@@ -125,7 +125,7 @@ describe 'ApiAuth' do
125
125
  let(:request) do
126
126
  new_request = Net::HTTP::Put.new('/resource.xml?foo=bar&bar=foo',
127
127
  'content-type' => 'text/plain',
128
- 'content-md5' => '1B2M2Y8AsgTpgAmY7PhCfg==',
128
+ 'X-Authorization-Content-SHA256' => '47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=',
129
129
  'date' => Time.now.utc.httpdate)
130
130
  canonical_string = ApiAuth::Headers.new(new_request).canonical_string
131
131
  signature = hmac('123', new_request, canonical_string, 'sha256')
data/spec/headers_spec.rb CHANGED
@@ -1,4 +1,4 @@
1
- require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
1
+ require 'spec_helper'
2
2
 
3
3
  describe ApiAuth::Headers do
4
4
  describe '#canonical_string' do
@@ -53,7 +53,7 @@ describe ApiAuth::Headers do
53
53
  before do
54
54
  allow(driver).to receive(:http_method).and_return 'GET'
55
55
  allow(driver).to receive(:content_type).and_return 'text/html'
56
- allow(driver).to receive(:content_md5).and_return '12345'
56
+ allow(driver).to receive(:content_hash).and_return '12345'
57
57
  allow(driver).to receive(:request_uri).and_return '/foo'
58
58
  allow(driver).to receive(:timestamp).and_return 'Mon, 23 Jan 1984 03:29:56 GMT'
59
59
  end
@@ -83,7 +83,7 @@ describe ApiAuth::Headers do
83
83
  before do
84
84
  allow(driver).to receive(:http_method).and_return nil
85
85
  allow(driver).to receive(:content_type).and_return 'text/html'
86
- allow(driver).to receive(:content_md5).and_return '12345'
86
+ allow(driver).to receive(:content_hash).and_return '12345'
87
87
  allow(driver).to receive(:request_uri).and_return '/foo'
88
88
  allow(driver).to receive(:timestamp).and_return 'Mon, 23 Jan 1984 03:29:56 GMT'
89
89
  end
@@ -115,7 +115,7 @@ describe ApiAuth::Headers do
115
115
 
116
116
  before do
117
117
  allow(driver).to receive(:content_type).and_return 'text/html'
118
- allow(driver).to receive(:content_md5).and_return '12345'
118
+ allow(driver).to receive(:content_hash).and_return '12345'
119
119
  allow(driver).to receive(:timestamp).and_return 'Mon, 23 Jan 1984 03:29:56 GMT'
120
120
  end
121
121
 
@@ -140,7 +140,7 @@ describe ApiAuth::Headers do
140
140
 
141
141
  before do
142
142
  allow(driver).to receive(:content_type).and_return 'text/html'
143
- allow(driver).to receive(:content_md5).and_return '12345'
143
+ allow(driver).to receive(:content_hash).and_return '12345'
144
144
  allow(driver).to receive(:timestamp).and_return 'Mon, 23 Jan 1984 03:29:56 GMT'
145
145
  end
146
146
 
@@ -154,11 +154,11 @@ describe ApiAuth::Headers do
154
154
  end
155
155
  end
156
156
 
157
- describe '#calculate_md5' do
157
+ describe '#calculate_hash' do
158
158
  subject(:headers) { described_class.new(request) }
159
159
  let(:driver) { headers.instance_variable_get('@request') }
160
160
 
161
- context 'no md5 already calculated' do
161
+ context 'no content hash already calculated' do
162
162
  let(:request) do
163
163
  RestClient::Request.new(
164
164
  url: 'http://google.com',
@@ -167,55 +167,55 @@ describe ApiAuth::Headers do
167
167
  )
168
168
  end
169
169
 
170
- it 'populates the md5 header' do
171
- expect(driver).to receive(:populate_content_md5)
172
- headers.calculate_md5
170
+ it 'populates the content hash header' do
171
+ expect(driver).to receive(:populate_content_hash)
172
+ headers.calculate_hash
173
173
  end
174
174
  end
175
175
 
176
- context 'md5 already calculated' do
176
+ context 'hash already calculated' do
177
177
  let(:request) do
178
178
  RestClient::Request.new(
179
179
  url: 'http://google.com',
180
180
  method: :post,
181
181
  payload: "hello\nworld",
182
- headers: { content_md5: 'abcd' }
182
+ headers: { 'X-Authorization-Content-SHA256' => 'abcd' }
183
183
  )
184
184
  end
185
185
 
186
- it "doesn't populate the md5 header" do
187
- expect(driver).not_to receive(:populate_content_md5)
188
- headers.calculate_md5
186
+ it "doesn't populate the X-Authorization-Content-SHA256 header" do
187
+ expect(driver).not_to receive(:populate_content_hash)
188
+ headers.calculate_hash
189
189
  end
190
190
  end
191
191
  end
192
192
 
193
- describe '#md5_mismatch?' do
193
+ describe '#content_hash_mismatch?' do
194
194
  let(:request) { RestClient::Request.new(url: 'http://google.com', method: :get) }
195
195
  subject(:headers) { described_class.new(request) }
196
196
  let(:driver) { headers.instance_variable_get('@request') }
197
197
 
198
- context 'when request has md5 header' do
198
+ context 'when request has X-Authorization-Content-SHA256 header' do
199
199
  it 'asks the driver' do
200
- allow(driver).to receive(:content_md5).and_return '1234'
200
+ allow(driver).to receive(:content_hash).and_return '1234'
201
201
 
202
- expect(driver).to receive(:md5_mismatch?).and_call_original
203
- headers.md5_mismatch?
202
+ expect(driver).to receive(:content_hash_mismatch?).and_call_original
203
+ headers.content_hash_mismatch?
204
204
  end
205
205
  end
206
206
 
207
- context 'when request has no md5' do
207
+ context 'when request has no content hash' do
208
208
  it "doesn't ask the driver" do
209
- allow(driver).to receive(:content_md5).and_return nil
209
+ allow(driver).to receive(:content_hash).and_return nil
210
210
 
211
- expect(driver).not_to receive(:md5_mismatch?).and_call_original
212
- headers.md5_mismatch?
211
+ expect(driver).not_to receive(:content_hash_mismatch?).and_call_original
212
+ headers.content_hash_mismatch?
213
213
  end
214
214
 
215
215
  it 'returns false' do
216
- allow(driver).to receive(:content_md5).and_return nil
216
+ allow(driver).to receive(:content_hash).and_return nil
217
217
 
218
- expect(headers.md5_mismatch?).to be false
218
+ expect(headers.content_hash_mismatch?).to be false
219
219
  end
220
220
  end
221
221
  end
data/spec/helpers_spec.rb CHANGED
@@ -1,4 +1,4 @@
1
- require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
1
+ require 'spec_helper'
2
2
 
3
3
  describe 'ApiAuth::Helpers' do
4
4
  it 'should strip the new line character on a Base64 encoding' do
data/spec/railtie_spec.rb CHANGED
@@ -1,4 +1,4 @@
1
- require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
1
+ require 'spec_helper'
2
2
 
3
3
  describe 'Rails integration' do
4
4
  API_KEY_STORE = { '1044' => 'l16imAXie1sRMcJODpOG7UwC1VyoqvO13jejkfpKWX4Z09W8DC9IrU23DvCwMry7pgSFW6c5S1GIfV0OY6F/vUA==' }.freeze
@@ -8,8 +8,8 @@ describe 'Rails integration' do
8
8
  private
9
9
 
10
10
  def require_api_auth
11
- if (access_id = get_api_access_id_from_request)
12
- return true if api_authenticated?(API_KEY_STORE[access_id])
11
+ if (access_id = get_api_access_id_from_request) && api_authenticated?(API_KEY_STORE[access_id])
12
+ return true
13
13
  end
14
14
 
15
15
  respond_to do |format|