api-auth 2.3.1 → 2.5.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/workflows/main.yml +67 -0
- data/.gitignore +2 -0
- data/.rubocop.yml +16 -3
- data/.rubocop_todo.yml +30 -20
- data/Appraisals +12 -18
- data/CHANGELOG.md +16 -0
- data/Gemfile +0 -2
- data/README.md +82 -50
- data/VERSION +1 -1
- data/api_auth.gemspec +11 -4
- data/gemfiles/rails_52.gemfile +5 -5
- data/gemfiles/rails_60.gemfile +9 -0
- data/gemfiles/rails_61.gemfile +9 -0
- data/lib/api_auth/base.rb +2 -2
- data/lib/api_auth/headers.rb +6 -6
- data/lib/api_auth/helpers.rb +2 -2
- data/lib/api_auth/railtie.rb +13 -5
- data/lib/api_auth/request_drivers/action_controller.rb +8 -8
- data/lib/api_auth/request_drivers/curb.rb +4 -4
- data/lib/api_auth/request_drivers/faraday.rb +11 -11
- data/lib/api_auth/request_drivers/grape_request.rb +8 -8
- data/lib/api_auth/request_drivers/http.rb +8 -8
- data/lib/api_auth/request_drivers/httpi.rb +8 -8
- data/lib/api_auth/request_drivers/net_http.rb +8 -8
- data/lib/api_auth/request_drivers/rack.rb +8 -8
- data/lib/api_auth/request_drivers/rest_client.rb +8 -8
- data/spec/api_auth_spec.rb +8 -8
- data/spec/headers_spec.rb +26 -26
- data/spec/helpers_spec.rb +1 -1
- data/spec/railtie_spec.rb +3 -3
- data/spec/request_drivers/action_controller_spec.rb +74 -35
- data/spec/request_drivers/action_dispatch_spec.rb +74 -35
- data/spec/request_drivers/curb_spec.rb +8 -8
- data/spec/request_drivers/faraday_spec.rb +43 -43
- data/spec/request_drivers/grape_request_spec.rb +33 -32
- data/spec/request_drivers/http_spec.rb +23 -23
- data/spec/request_drivers/httpi_spec.rb +22 -22
- data/spec/request_drivers/net_http_spec.rb +23 -23
- data/spec/request_drivers/rack_spec.rb +35 -35
- data/spec/request_drivers/rest_client_spec.rb +36 -36
- data/spec/spec_helper.rb +1 -1
- metadata +52 -30
- data/.travis.yml +0 -34
- data/gemfiles/http2.gemfile +0 -7
- data/gemfiles/http3.gemfile +0 -7
- data/gemfiles/http4.gemfile +0 -7
- data/gemfiles/rails_4.gemfile +0 -11
- data/gemfiles/rails_41.gemfile +0 -11
- data/gemfiles/rails_42.gemfile +0 -11
- data/gemfiles/rails_5.gemfile +0 -11
- data/gemfiles/rails_51.gemfile +0 -9
- data/spec/.rubocop.yml +0 -5
@@ -4,6 +4,7 @@ if defined?(ActionController::Request)
|
|
4
4
|
|
5
5
|
describe ApiAuth::RequestDrivers::ActionControllerRequest do
|
6
6
|
let(:timestamp) { Time.now.utc.httpdate }
|
7
|
+
let(:content_sha256) { '47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' }
|
7
8
|
|
8
9
|
let(:request) do
|
9
10
|
ActionController::Request.new(
|
@@ -11,7 +12,35 @@ if defined?(ActionController::Request)
|
|
11
12
|
'PATH_INFO' => '/resource.xml',
|
12
13
|
'QUERY_STRING' => 'foo=bar&bar=foo',
|
13
14
|
'REQUEST_METHOD' => 'PUT',
|
14
|
-
'
|
15
|
+
'HTTP_X_AUTHORIZATION_CONTENT_SHA256' => content_sha256,
|
16
|
+
'CONTENT_TYPE' => 'text/plain',
|
17
|
+
'CONTENT_LENGTH' => '11',
|
18
|
+
'HTTP_DATE' => timestamp,
|
19
|
+
'rack.input' => StringIO.new("hello\nworld")
|
20
|
+
)
|
21
|
+
end
|
22
|
+
|
23
|
+
let(:request2) do
|
24
|
+
ActionController::Request.new(
|
25
|
+
'AUTHORIZATION' => 'APIAuth 1044:12345',
|
26
|
+
'PATH_INFO' => '/resource.xml',
|
27
|
+
'QUERY_STRING' => 'foo=bar&bar=foo',
|
28
|
+
'REQUEST_METHOD' => 'PUT',
|
29
|
+
'X_AUTHORIZATION_CONTENT_SHA256' => content_sha256,
|
30
|
+
'CONTENT_TYPE' => 'text/plain',
|
31
|
+
'CONTENT_LENGTH' => '11',
|
32
|
+
'HTTP_DATE' => timestamp,
|
33
|
+
'rack.input' => StringIO.new("hello\nworld")
|
34
|
+
)
|
35
|
+
end
|
36
|
+
|
37
|
+
let(:request3) do
|
38
|
+
ActionController::Request.new(
|
39
|
+
'AUTHORIZATION' => 'APIAuth 1044:12345',
|
40
|
+
'PATH_INFO' => '/resource.xml',
|
41
|
+
'QUERY_STRING' => 'foo=bar&bar=foo',
|
42
|
+
'REQUEST_METHOD' => 'PUT',
|
43
|
+
'X-AUTHORIZATION-CONTENT-SHA256' => content_sha256,
|
15
44
|
'CONTENT_TYPE' => 'text/plain',
|
16
45
|
'CONTENT_LENGTH' => '11',
|
17
46
|
'HTTP_DATE' => timestamp,
|
@@ -26,8 +55,18 @@ if defined?(ActionController::Request)
|
|
26
55
|
expect(driven_request.content_type).to eq('text/plain')
|
27
56
|
end
|
28
57
|
|
29
|
-
it 'gets the
|
30
|
-
expect(driven_request.
|
58
|
+
it 'gets the content_hash' do
|
59
|
+
expect(driven_request.content_hash).to eq(content_sha256)
|
60
|
+
end
|
61
|
+
|
62
|
+
it 'gets the content_hash for request 2' do
|
63
|
+
example_request = ApiAuth::RequestDrivers::ActionControllerRequest.new(request2)
|
64
|
+
expect(example_request.content_hash).to eq(content_sha256)
|
65
|
+
end
|
66
|
+
|
67
|
+
it 'gets the content_hash for request 3' do
|
68
|
+
example_request = ApiAuth::RequestDrivers::ActionControllerRequest.new(request3)
|
69
|
+
expect(example_request.content_hash).to eq(content_sha256)
|
31
70
|
end
|
32
71
|
|
33
72
|
it 'gets the request_uri' do
|
@@ -42,15 +81,15 @@ if defined?(ActionController::Request)
|
|
42
81
|
expect(driven_request.authorization_header).to eq('APIAuth 1044:12345')
|
43
82
|
end
|
44
83
|
|
45
|
-
describe '#
|
46
|
-
it 'calculates
|
47
|
-
expect(driven_request.
|
84
|
+
describe '#calculated_hash' do
|
85
|
+
it 'calculates hash from the body' do
|
86
|
+
expect(driven_request.calculated_hash).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
|
48
87
|
end
|
49
88
|
|
50
89
|
it 'treats no body as empty string' do
|
51
90
|
request.env['rack.input'] = StringIO.new
|
52
91
|
request.env['CONTENT_LENGTH'] = 0
|
53
|
-
expect(driven_request.
|
92
|
+
expect(driven_request.calculated_hash).to eq(content_sha256)
|
54
93
|
end
|
55
94
|
end
|
56
95
|
|
@@ -89,46 +128,46 @@ if defined?(ActionController::Request)
|
|
89
128
|
)
|
90
129
|
end
|
91
130
|
|
92
|
-
describe '#
|
131
|
+
describe '#populate_content_hash' do
|
93
132
|
context 'when getting' do
|
94
|
-
it "doesn't populate content
|
133
|
+
it "doesn't populate content hash" do
|
95
134
|
request.env['REQUEST_METHOD'] = 'GET'
|
96
|
-
driven_request.
|
97
|
-
expect(request.env['Content-
|
135
|
+
driven_request.populate_content_hash
|
136
|
+
expect(request.env['X-Authorization-Content-SHA256']).to be_nil
|
98
137
|
end
|
99
138
|
end
|
100
139
|
|
101
140
|
context 'when posting' do
|
102
|
-
it 'populates content
|
141
|
+
it 'populates content hash' do
|
103
142
|
request.env['REQUEST_METHOD'] = 'POST'
|
104
|
-
driven_request.
|
105
|
-
expect(request.env['Content-
|
143
|
+
driven_request.populate_content_hash
|
144
|
+
expect(request.env['X-Authorization-Content-SHA256']).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
|
106
145
|
end
|
107
146
|
|
108
147
|
it 'refreshes the cached headers' do
|
109
|
-
driven_request.
|
110
|
-
expect(driven_request.
|
148
|
+
driven_request.populate_content_hash
|
149
|
+
expect(driven_request.content_hash).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
|
111
150
|
end
|
112
151
|
end
|
113
152
|
|
114
153
|
context 'when putting' do
|
115
|
-
it 'populates content
|
154
|
+
it 'populates content hash' do
|
116
155
|
request.env['REQUEST_METHOD'] = 'PUT'
|
117
|
-
driven_request.
|
118
|
-
expect(request.env['Content-
|
156
|
+
driven_request.populate_content_hash
|
157
|
+
expect(request.env['X-Authorization-Content-SHA256']).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
|
119
158
|
end
|
120
159
|
|
121
160
|
it 'refreshes the cached headers' do
|
122
|
-
driven_request.
|
123
|
-
expect(driven_request.
|
161
|
+
driven_request.populate_content_hash
|
162
|
+
expect(driven_request.content_hash).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
|
124
163
|
end
|
125
164
|
end
|
126
165
|
|
127
166
|
context 'when deleting' do
|
128
|
-
it "doesn't populate content
|
167
|
+
it "doesn't populate content hash" do
|
129
168
|
request.env['REQUEST_METHOD'] = 'DELETE'
|
130
|
-
driven_request.
|
131
|
-
expect(request.env['Content-
|
169
|
+
driven_request.populate_content_hash
|
170
|
+
expect(request.env['X-Authorization-Content-SHA256']).to be_nil
|
132
171
|
end
|
133
172
|
end
|
134
173
|
end
|
@@ -157,14 +196,14 @@ if defined?(ActionController::Request)
|
|
157
196
|
end
|
158
197
|
end
|
159
198
|
|
160
|
-
describe '
|
199
|
+
describe 'content_hash_mismatch?' do
|
161
200
|
context 'when getting' do
|
162
201
|
before do
|
163
202
|
request.env['REQUEST_METHOD'] = 'GET'
|
164
203
|
end
|
165
204
|
|
166
205
|
it 'is false' do
|
167
|
-
expect(driven_request.
|
206
|
+
expect(driven_request.content_hash_mismatch?).to be false
|
168
207
|
end
|
169
208
|
end
|
170
209
|
|
@@ -175,21 +214,21 @@ if defined?(ActionController::Request)
|
|
175
214
|
|
176
215
|
context 'when calculated matches sent' do
|
177
216
|
before do
|
178
|
-
request.env['
|
217
|
+
request.env['X-Authorization-Content-SHA256'] = 'JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g='
|
179
218
|
end
|
180
219
|
|
181
220
|
it 'is false' do
|
182
|
-
expect(driven_request.
|
221
|
+
expect(driven_request.content_hash_mismatch?).to be false
|
183
222
|
end
|
184
223
|
end
|
185
224
|
|
186
225
|
context "when calculated doesn't match sent" do
|
187
226
|
before do
|
188
|
-
request.env['
|
227
|
+
request.env['X-Authorization-Content-SHA256'] = '3'
|
189
228
|
end
|
190
229
|
|
191
230
|
it 'is true' do
|
192
|
-
expect(driven_request.
|
231
|
+
expect(driven_request.content_hash_mismatch?).to be true
|
193
232
|
end
|
194
233
|
end
|
195
234
|
end
|
@@ -201,21 +240,21 @@ if defined?(ActionController::Request)
|
|
201
240
|
|
202
241
|
context 'when calculated matches sent' do
|
203
242
|
before do
|
204
|
-
request.env['
|
243
|
+
request.env['X-Authorization-Content-SHA256'] = 'JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g='
|
205
244
|
end
|
206
245
|
|
207
246
|
it 'is false' do
|
208
|
-
expect(driven_request.
|
247
|
+
expect(driven_request.content_hash_mismatch?).to be false
|
209
248
|
end
|
210
249
|
end
|
211
250
|
|
212
251
|
context "when calculated doesn't match sent" do
|
213
252
|
before do
|
214
|
-
request.env['
|
253
|
+
request.env['X-Authorization-Content-SHA256'] = '3'
|
215
254
|
end
|
216
255
|
|
217
256
|
it 'is true' do
|
218
|
-
expect(driven_request.
|
257
|
+
expect(driven_request.content_hash_mismatch?).to be true
|
219
258
|
end
|
220
259
|
end
|
221
260
|
end
|
@@ -226,7 +265,7 @@ if defined?(ActionController::Request)
|
|
226
265
|
end
|
227
266
|
|
228
267
|
it 'is false' do
|
229
|
-
expect(driven_request.
|
268
|
+
expect(driven_request.content_hash_mismatch?).to be false
|
230
269
|
end
|
231
270
|
end
|
232
271
|
end
|
@@ -4,6 +4,7 @@ if defined?(ActionDispatch::Request)
|
|
4
4
|
|
5
5
|
describe ApiAuth::RequestDrivers::ActionDispatchRequest do
|
6
6
|
let(:timestamp) { Time.now.utc.httpdate }
|
7
|
+
let(:content_sha256) { '47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' }
|
7
8
|
|
8
9
|
let(:request) do
|
9
10
|
ActionDispatch::Request.new(
|
@@ -11,7 +12,35 @@ if defined?(ActionDispatch::Request)
|
|
11
12
|
'PATH_INFO' => '/resource.xml',
|
12
13
|
'QUERY_STRING' => 'foo=bar&bar=foo',
|
13
14
|
'REQUEST_METHOD' => 'PUT',
|
14
|
-
'
|
15
|
+
'HTTP_X_AUTHORIZATION_CONTENT_SHA256' => content_sha256,
|
16
|
+
'CONTENT_TYPE' => 'text/plain',
|
17
|
+
'CONTENT_LENGTH' => '11',
|
18
|
+
'HTTP_DATE' => timestamp,
|
19
|
+
'rack.input' => StringIO.new("hello\nworld")
|
20
|
+
)
|
21
|
+
end
|
22
|
+
|
23
|
+
let(:request2) do
|
24
|
+
ActionDispatch::Request.new(
|
25
|
+
'AUTHORIZATION' => 'APIAuth 1044:12345',
|
26
|
+
'PATH_INFO' => '/resource.xml',
|
27
|
+
'QUERY_STRING' => 'foo=bar&bar=foo',
|
28
|
+
'REQUEST_METHOD' => 'PUT',
|
29
|
+
'X_AUTHORIZATION_CONTENT_SHA256' => content_sha256,
|
30
|
+
'CONTENT_TYPE' => 'text/plain',
|
31
|
+
'CONTENT_LENGTH' => '11',
|
32
|
+
'HTTP_DATE' => timestamp,
|
33
|
+
'rack.input' => StringIO.new("hello\nworld")
|
34
|
+
)
|
35
|
+
end
|
36
|
+
|
37
|
+
let(:request3) do
|
38
|
+
ActionDispatch::Request.new(
|
39
|
+
'AUTHORIZATION' => 'APIAuth 1044:12345',
|
40
|
+
'PATH_INFO' => '/resource.xml',
|
41
|
+
'QUERY_STRING' => 'foo=bar&bar=foo',
|
42
|
+
'REQUEST_METHOD' => 'PUT',
|
43
|
+
'X-AUTHORIZATION-CONTENT-SHA256' => content_sha256,
|
15
44
|
'CONTENT_TYPE' => 'text/plain',
|
16
45
|
'CONTENT_LENGTH' => '11',
|
17
46
|
'HTTP_DATE' => timestamp,
|
@@ -26,8 +55,18 @@ if defined?(ActionDispatch::Request)
|
|
26
55
|
expect(driven_request.content_type).to eq('text/plain')
|
27
56
|
end
|
28
57
|
|
29
|
-
it 'gets the
|
30
|
-
expect(driven_request.
|
58
|
+
it 'gets the content_hash' do
|
59
|
+
expect(driven_request.content_hash).to eq(content_sha256)
|
60
|
+
end
|
61
|
+
|
62
|
+
it 'gets the content_hash for request 2' do
|
63
|
+
example_request = ApiAuth::RequestDrivers::ActionDispatchRequest.new(request2)
|
64
|
+
expect(example_request.content_hash).to eq(content_sha256)
|
65
|
+
end
|
66
|
+
|
67
|
+
it 'gets the content_hash for request 3' do
|
68
|
+
example_request = ApiAuth::RequestDrivers::ActionDispatchRequest.new(request3)
|
69
|
+
expect(example_request.content_hash).to eq(content_sha256)
|
31
70
|
end
|
32
71
|
|
33
72
|
it 'gets the request_uri' do
|
@@ -42,15 +81,15 @@ if defined?(ActionDispatch::Request)
|
|
42
81
|
expect(driven_request.authorization_header).to eq('APIAuth 1044:12345')
|
43
82
|
end
|
44
83
|
|
45
|
-
describe '#
|
46
|
-
it 'calculates
|
47
|
-
expect(driven_request.
|
84
|
+
describe '#calculated_hash' do
|
85
|
+
it 'calculates hash from the body' do
|
86
|
+
expect(driven_request.calculated_hash).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
|
48
87
|
end
|
49
88
|
|
50
89
|
it 'treats no body as empty string' do
|
51
90
|
request.env['rack.input'] = StringIO.new
|
52
91
|
request.env['CONTENT_LENGTH'] = 0
|
53
|
-
expect(driven_request.
|
92
|
+
expect(driven_request.calculated_hash).to eq('47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=')
|
54
93
|
end
|
55
94
|
end
|
56
95
|
|
@@ -89,46 +128,46 @@ if defined?(ActionDispatch::Request)
|
|
89
128
|
)
|
90
129
|
end
|
91
130
|
|
92
|
-
describe '#
|
131
|
+
describe '#populate_content_hash' do
|
93
132
|
context 'when getting' do
|
94
|
-
it "doesn't populate content
|
133
|
+
it "doesn't populate content hash" do
|
95
134
|
request.env['REQUEST_METHOD'] = 'GET'
|
96
|
-
driven_request.
|
97
|
-
expect(request.env['
|
135
|
+
driven_request.populate_content_hash
|
136
|
+
expect(request.env['X-AUTHORIZATION-CONTENT-SHA256']).to be_nil
|
98
137
|
end
|
99
138
|
end
|
100
139
|
|
101
140
|
context 'when posting' do
|
102
|
-
it 'populates content
|
141
|
+
it 'populates content hash' do
|
103
142
|
request.env['REQUEST_METHOD'] = 'POST'
|
104
|
-
driven_request.
|
105
|
-
expect(request.env['
|
143
|
+
driven_request.populate_content_hash
|
144
|
+
expect(request.env['X-AUTHORIZATION-CONTENT-SHA256']).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
|
106
145
|
end
|
107
146
|
|
108
147
|
it 'refreshes the cached headers' do
|
109
|
-
driven_request.
|
110
|
-
expect(driven_request.
|
148
|
+
driven_request.populate_content_hash
|
149
|
+
expect(driven_request.content_hash).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
|
111
150
|
end
|
112
151
|
end
|
113
152
|
|
114
153
|
context 'when putting' do
|
115
|
-
it 'populates content
|
154
|
+
it 'populates content hash' do
|
116
155
|
request.env['REQUEST_METHOD'] = 'PUT'
|
117
|
-
driven_request.
|
118
|
-
expect(request.env['
|
156
|
+
driven_request.populate_content_hash
|
157
|
+
expect(request.env['X-AUTHORIZATION-CONTENT-SHA256']).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
|
119
158
|
end
|
120
159
|
|
121
160
|
it 'refreshes the cached headers' do
|
122
|
-
driven_request.
|
123
|
-
expect(driven_request.
|
161
|
+
driven_request.populate_content_hash
|
162
|
+
expect(driven_request.content_hash).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
|
124
163
|
end
|
125
164
|
end
|
126
165
|
|
127
166
|
context 'when deleting' do
|
128
|
-
it "doesn't populate content
|
167
|
+
it "doesn't populate content hash" do
|
129
168
|
request.env['REQUEST_METHOD'] = 'DELETE'
|
130
|
-
driven_request.
|
131
|
-
expect(request.env['
|
169
|
+
driven_request.populate_content_hash
|
170
|
+
expect(request.env['X-AUTHORIZATION-CONTENT-SHA256']).to be_nil
|
132
171
|
end
|
133
172
|
end
|
134
173
|
end
|
@@ -157,14 +196,14 @@ if defined?(ActionDispatch::Request)
|
|
157
196
|
end
|
158
197
|
end
|
159
198
|
|
160
|
-
describe '
|
199
|
+
describe 'content_hash_mismatch?' do
|
161
200
|
context 'when getting' do
|
162
201
|
before do
|
163
202
|
request.env['REQUEST_METHOD'] = 'GET'
|
164
203
|
end
|
165
204
|
|
166
205
|
it 'is false' do
|
167
|
-
expect(driven_request.
|
206
|
+
expect(driven_request.content_hash_mismatch?).to be false
|
168
207
|
end
|
169
208
|
end
|
170
209
|
|
@@ -175,21 +214,21 @@ if defined?(ActionDispatch::Request)
|
|
175
214
|
|
176
215
|
context 'when calculated matches sent' do
|
177
216
|
before do
|
178
|
-
request.env['
|
217
|
+
request.env['X-AUTHORIZATION-CONTENT-SHA256'] = 'JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g='
|
179
218
|
end
|
180
219
|
|
181
220
|
it 'is false' do
|
182
|
-
expect(driven_request.
|
221
|
+
expect(driven_request.content_hash_mismatch?).to be false
|
183
222
|
end
|
184
223
|
end
|
185
224
|
|
186
225
|
context "when calculated doesn't match sent" do
|
187
226
|
before do
|
188
|
-
request.env['
|
227
|
+
request.env['X-AUTHORIZATION-CONTENT-SHA256'] = '3'
|
189
228
|
end
|
190
229
|
|
191
230
|
it 'is true' do
|
192
|
-
expect(driven_request.
|
231
|
+
expect(driven_request.content_hash_mismatch?).to be true
|
193
232
|
end
|
194
233
|
end
|
195
234
|
end
|
@@ -201,21 +240,21 @@ if defined?(ActionDispatch::Request)
|
|
201
240
|
|
202
241
|
context 'when calculated matches sent' do
|
203
242
|
before do
|
204
|
-
request.env['
|
243
|
+
request.env['X-AUTHORIZATION-CONTENT-SHA256'] = 'JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g='
|
205
244
|
end
|
206
245
|
|
207
246
|
it 'is false' do
|
208
|
-
expect(driven_request.
|
247
|
+
expect(driven_request.content_hash_mismatch?).to be false
|
209
248
|
end
|
210
249
|
end
|
211
250
|
|
212
251
|
context "when calculated doesn't match sent" do
|
213
252
|
before do
|
214
|
-
request.env['
|
253
|
+
request.env['X-AUTHORIZATION-CONTENT-SHA256'] = '3'
|
215
254
|
end
|
216
255
|
|
217
256
|
it 'is true' do
|
218
|
-
expect(driven_request.
|
257
|
+
expect(driven_request.content_hash_mismatch?).to be true
|
219
258
|
end
|
220
259
|
end
|
221
260
|
end
|
@@ -226,7 +265,7 @@ if defined?(ActionDispatch::Request)
|
|
226
265
|
end
|
227
266
|
|
228
267
|
it 'is false' do
|
229
|
-
expect(driven_request.
|
268
|
+
expect(driven_request.content_hash_mismatch?).to be false
|
230
269
|
end
|
231
270
|
end
|
232
271
|
end
|
@@ -6,7 +6,7 @@ describe ApiAuth::RequestDrivers::CurbRequest do
|
|
6
6
|
let(:request) do
|
7
7
|
headers = {
|
8
8
|
'Authorization' => 'APIAuth 1044:12345',
|
9
|
-
'Content-
|
9
|
+
'X-Authorization-Content-SHA256' => '47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=',
|
10
10
|
'Content-Type' => 'text/plain',
|
11
11
|
'Date' => timestamp
|
12
12
|
}
|
@@ -22,8 +22,8 @@ describe ApiAuth::RequestDrivers::CurbRequest do
|
|
22
22
|
expect(driven_request.content_type).to eq('text/plain')
|
23
23
|
end
|
24
24
|
|
25
|
-
it 'gets the
|
26
|
-
expect(driven_request.
|
25
|
+
it 'gets the content_hash' do
|
26
|
+
expect(driven_request.content_hash).to eq('47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=')
|
27
27
|
end
|
28
28
|
|
29
29
|
it 'gets the request_uri' do
|
@@ -55,10 +55,10 @@ describe ApiAuth::RequestDrivers::CurbRequest do
|
|
55
55
|
end
|
56
56
|
end
|
57
57
|
|
58
|
-
describe '#
|
58
|
+
describe '#populate_content_hash' do
|
59
59
|
it 'is a no-op' do
|
60
|
-
expect(driven_request.
|
61
|
-
expect(request.headers['Content-
|
60
|
+
expect(driven_request.populate_content_hash).to be_nil
|
61
|
+
expect(request.headers['X-Authorization-Content-SHA256']).to be_nil
|
62
62
|
end
|
63
63
|
end
|
64
64
|
|
@@ -86,9 +86,9 @@ describe ApiAuth::RequestDrivers::CurbRequest do
|
|
86
86
|
end
|
87
87
|
end
|
88
88
|
|
89
|
-
describe '
|
89
|
+
describe 'content_hash_mismatch?' do
|
90
90
|
it 'is always false' do
|
91
|
-
expect(driven_request.
|
91
|
+
expect(driven_request.content_hash_mismatch?).to be false
|
92
92
|
end
|
93
93
|
end
|
94
94
|
|