api-auth 2.3.1 → 2.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (53) hide show
  1. checksums.yaml +4 -4
  2. data/.github/workflows/main.yml +67 -0
  3. data/.gitignore +2 -0
  4. data/.rubocop.yml +16 -3
  5. data/.rubocop_todo.yml +30 -20
  6. data/Appraisals +12 -18
  7. data/CHANGELOG.md +16 -0
  8. data/Gemfile +0 -2
  9. data/README.md +82 -50
  10. data/VERSION +1 -1
  11. data/api_auth.gemspec +11 -4
  12. data/gemfiles/rails_52.gemfile +5 -5
  13. data/gemfiles/rails_60.gemfile +9 -0
  14. data/gemfiles/rails_61.gemfile +9 -0
  15. data/lib/api_auth/base.rb +2 -2
  16. data/lib/api_auth/headers.rb +6 -6
  17. data/lib/api_auth/helpers.rb +2 -2
  18. data/lib/api_auth/railtie.rb +13 -5
  19. data/lib/api_auth/request_drivers/action_controller.rb +8 -8
  20. data/lib/api_auth/request_drivers/curb.rb +4 -4
  21. data/lib/api_auth/request_drivers/faraday.rb +11 -11
  22. data/lib/api_auth/request_drivers/grape_request.rb +8 -8
  23. data/lib/api_auth/request_drivers/http.rb +8 -8
  24. data/lib/api_auth/request_drivers/httpi.rb +8 -8
  25. data/lib/api_auth/request_drivers/net_http.rb +8 -8
  26. data/lib/api_auth/request_drivers/rack.rb +8 -8
  27. data/lib/api_auth/request_drivers/rest_client.rb +8 -8
  28. data/spec/api_auth_spec.rb +8 -8
  29. data/spec/headers_spec.rb +26 -26
  30. data/spec/helpers_spec.rb +1 -1
  31. data/spec/railtie_spec.rb +3 -3
  32. data/spec/request_drivers/action_controller_spec.rb +74 -35
  33. data/spec/request_drivers/action_dispatch_spec.rb +74 -35
  34. data/spec/request_drivers/curb_spec.rb +8 -8
  35. data/spec/request_drivers/faraday_spec.rb +43 -43
  36. data/spec/request_drivers/grape_request_spec.rb +33 -32
  37. data/spec/request_drivers/http_spec.rb +23 -23
  38. data/spec/request_drivers/httpi_spec.rb +22 -22
  39. data/spec/request_drivers/net_http_spec.rb +23 -23
  40. data/spec/request_drivers/rack_spec.rb +35 -35
  41. data/spec/request_drivers/rest_client_spec.rb +36 -36
  42. data/spec/spec_helper.rb +1 -1
  43. metadata +52 -30
  44. data/.travis.yml +0 -34
  45. data/gemfiles/http2.gemfile +0 -7
  46. data/gemfiles/http3.gemfile +0 -7
  47. data/gemfiles/http4.gemfile +0 -7
  48. data/gemfiles/rails_4.gemfile +0 -11
  49. data/gemfiles/rails_41.gemfile +0 -11
  50. data/gemfiles/rails_42.gemfile +0 -11
  51. data/gemfiles/rails_5.gemfile +0 -11
  52. data/gemfiles/rails_51.gemfile +0 -9
  53. data/spec/.rubocop.yml +0 -5
data/spec/request_drivers/faraday_spec.rb CHANGED
@@ -20,7 +20,7 @@ describe ApiAuth::RequestDrivers::FaradayRequest do
20
20
  let(:request_headers) do
21
21
  {
22
22
  'Authorization' => 'APIAuth 1044:12345',
23
- 'Content-MD5' => '1B2M2Y8AsgTpgAmY7PhCfg==',
23
+ 'X-Authorization-Content-SHA256' => '47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=',
24
24
  'content-type' => 'text/plain',
25
25
  'DATE' => timestamp
26
26
  }
@@ -44,8 +44,8 @@ describe ApiAuth::RequestDrivers::FaradayRequest do
44
44
  expect(driven_request.content_type).to eq('text/plain')
45
45
  end
46
46
 
47
- it 'gets the content_md5' do
48
- expect(driven_request.content_md5).to eq('1B2M2Y8AsgTpgAmY7PhCfg==')
47
+ it 'gets the content_hash' do
48
+ expect(driven_request.content_hash).to eq('47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=')
49
49
  end
50
50
 
51
51
  it 'gets the request_uri' do
@@ -60,14 +60,14 @@ describe ApiAuth::RequestDrivers::FaradayRequest do
60
60
  expect(driven_request.authorization_header).to eq('APIAuth 1044:12345')
61
61
  end
62
62
 
63
- describe '#calculated_md5' do
64
- it 'calculates md5 from the body' do
65
- expect(driven_request.calculated_md5).to eq('kZXQvrKoieG+Be1rsZVINw==')
63
+ describe '#calculated_hash' do
64
+ it 'calculates hash from the body' do
65
+ expect(driven_request.calculated_hash).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
66
66
  end
67
67
 
68
68
  it 'treats no body as empty string' do
69
69
  request.body = nil
70
- expect(driven_request.calculated_md5).to eq('1B2M2Y8AsgTpgAmY7PhCfg==')
70
+ expect(driven_request.calculated_hash).to eq('47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=')
71
71
  end
72
72
  end
73
73
 
@@ -115,46 +115,46 @@ describe ApiAuth::RequestDrivers::FaradayRequest do
115
115
  }
116
116
  end
117
117
 
118
- describe '#populate_content_md5' do
118
+ describe '#populate_content_hash' do
119
119
  context 'when getting' do
120
- it "doesn't populate content-md5" do
121
- request.method = :get
122
- driven_request.populate_content_md5
123
- expect(request.headers['Content-MD5']).to be_nil
120
+ it "doesn't populate content hash" do
121
+ request.http_method = :get
122
+ driven_request.populate_content_hash
123
+ expect(request.headers['X-Authorization-Content-SHA256']).to be_nil
124
124
  end
125
125
  end
126
126
 
127
127
  context 'when posting' do
128
- it 'populates content-md5' do
129
- request.method = :post
130
- driven_request.populate_content_md5
131
- expect(request.headers['Content-MD5']).to eq('kZXQvrKoieG+Be1rsZVINw==')
128
+ it 'populates content hash' do
129
+ request.http_method = :post
130
+ driven_request.populate_content_hash
131
+ expect(request.headers['X-Authorization-Content-SHA256']).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
132
132
  end
133
133
 
134
134
  it 'refreshes the cached headers' do
135
- driven_request.populate_content_md5
136
- expect(driven_request.content_md5).to eq('kZXQvrKoieG+Be1rsZVINw==')
135
+ driven_request.populate_content_hash
136
+ expect(driven_request.content_hash).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
137
137
  end
138
138
  end
139
139
 
140
140
  context 'when putting' do
141
- it 'populates content-md5' do
142
- request.method = :put
143
- driven_request.populate_content_md5
144
- expect(request.headers['Content-MD5']).to eq('kZXQvrKoieG+Be1rsZVINw==')
141
+ it 'populates content hash' do
142
+ request.http_method = :put
143
+ driven_request.populate_content_hash
144
+ expect(request.headers['X-Authorization-Content-SHA256']).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
145
145
  end
146
146
 
147
147
  it 'refreshes the cached headers' do
148
- driven_request.populate_content_md5
149
- expect(driven_request.content_md5).to eq('kZXQvrKoieG+Be1rsZVINw==')
148
+ driven_request.populate_content_hash
149
+ expect(driven_request.content_hash).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
150
150
  end
151
151
  end
152
152
 
153
153
  context 'when deleting' do
154
- it "doesn't populate content-md5" do
155
- request.method = :delete
156
- driven_request.populate_content_md5
157
- expect(request.headers['Content-MD5']).to be_nil
154
+ it "doesn't populate content hash" do
155
+ request.http_method = :delete
156
+ driven_request.populate_content_hash
157
+ expect(request.headers['X-Authorization-Content-SHA256']).to be_nil
158
158
  end
159
159
  end
160
160
  end
@@ -183,76 +183,76 @@ describe ApiAuth::RequestDrivers::FaradayRequest do
183
183
  end
184
184
  end
185
185
 
186
- describe 'md5_mismatch?' do
186
+ describe 'content_hash_mismatch?' do
187
187
  context 'when getting' do
188
188
  before do
189
- request.method = :get
189
+ request.http_method = :get
190
190
  end
191
191
 
192
192
  it 'is false' do
193
- expect(driven_request.md5_mismatch?).to be false
193
+ expect(driven_request.content_hash_mismatch?).to be false
194
194
  end
195
195
  end
196
196
 
197
197
  context 'when posting' do
198
198
  before do
199
- request.method = :post
199
+ request.http_method = :post
200
200
  end
201
201
 
202
202
  context 'when calculated matches sent' do
203
203
  before do
204
- request.headers['Content-MD5'] = 'kZXQvrKoieG+Be1rsZVINw=='
204
+ request.headers['X-Authorization-Content-SHA256'] = 'JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g='
205
205
  end
206
206
 
207
207
  it 'is false' do
208
- expect(driven_request.md5_mismatch?).to be false
208
+ expect(driven_request.content_hash_mismatch?).to be false
209
209
  end
210
210
  end
211
211
 
212
212
  context "when calculated doesn't match sent" do
213
213
  before do
214
- request.headers['Content-MD5'] = '3'
214
+ request.headers['X-Authorization-Content-SHA256'] = '3'
215
215
  end
216
216
 
217
217
  it 'is true' do
218
- expect(driven_request.md5_mismatch?).to be true
218
+ expect(driven_request.content_hash_mismatch?).to be true
219
219
  end
220
220
  end
221
221
  end
222
222
 
223
223
  context 'when putting' do
224
224
  before do
225
- request.method = :put
225
+ request.http_method = :put
226
226
  end
227
227
 
228
228
  context 'when calculated matches sent' do
229
229
  before do
230
- request.headers['Content-MD5'] = 'kZXQvrKoieG+Be1rsZVINw=='
230
+ request.headers['X-Authorization-Content-SHA256'] = 'JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g='
231
231
  end
232
232
 
233
233
  it 'is false' do
234
- expect(driven_request.md5_mismatch?).to be false
234
+ expect(driven_request.content_hash_mismatch?).to be false
235
235
  end
236
236
  end
237
237
 
238
238
  context "when calculated doesn't match sent" do
239
239
  before do
240
- request.headers['Content-MD5'] = '3'
240
+ request.headers['X-Authorization-Content-SHA256'] = '3'
241
241
  end
242
242
 
243
243
  it 'is true' do
244
- expect(driven_request.md5_mismatch?).to be true
244
+ expect(driven_request.content_hash_mismatch?).to be true
245
245
  end
246
246
  end
247
247
  end
248
248
 
249
249
  context 'when deleting' do
250
250
  before do
251
- request.method = :delete
251
+ request.http_method = :delete
252
252
  end
253
253
 
254
254
  it 'is false' do
255
- expect(driven_request.md5_mismatch?).to be false
255
+ expect(driven_request.content_hash_mismatch?).to be false
256
256
  end
257
257
  end
258
258
  end
data/spec/request_drivers/grape_request_spec.rb CHANGED
@@ -26,8 +26,8 @@ describe ApiAuth::RequestDrivers::GrapeRequest do
26
26
  let(:timestamp) { Time.now.utc.httpdate }
27
27
  let(:request_headers) do
28
28
  {
29
- 'HTTP_X_HMAC_AUTHORIZATION' => 'APIAuth 1044:12345',
30
- 'HTTP_X_HMAC_CONTENT_MD5' => 'WEqCyXEuRBYZbohpZmUyAw==',
29
+ 'HTTP_X_AUTHORIZATION' => 'APIAuth 1044:12345',
30
+ 'HTTP_X_AUTHORIZATION_CONTENT_SHA256' => 'bxVSdFeR6aHBtw7+EBi5Bt8KllUZpUutOg9ChQmaSPA=',
31
31
  'HTTP_X_HMAC_CONTENT_TYPE' => 'text/plain',
32
32
  'HTTP_X_HMAC_DATE' => timestamp
33
33
  }
@@ -40,8 +40,8 @@ describe ApiAuth::RequestDrivers::GrapeRequest do
40
40
  expect(driven_request.content_type).to eq('text/plain')
41
41
  end
42
42
 
43
- it 'gets the content_md5' do
44
- expect(driven_request.content_md5).to eq('WEqCyXEuRBYZbohpZmUyAw==')
43
+ it 'gets the content_hash' do
44
+ expect(driven_request.content_hash).to eq('bxVSdFeR6aHBtw7+EBi5Bt8KllUZpUutOg9ChQmaSPA=')
45
45
  end
46
46
 
47
47
  it 'gets the request_uri' do
@@ -56,16 +56,16 @@ describe ApiAuth::RequestDrivers::GrapeRequest do
56
56
  expect(driven_request.authorization_header).to eq('APIAuth 1044:12345')
57
57
  end
58
58
 
59
- describe '#calculated_md5' do
60
- it 'calculates md5 from the body' do
61
- expect(driven_request.calculated_md5).to eq('WEqCyXEuRBYZbohpZmUyAw==')
59
+ describe '#calculated_hash' do
60
+ it 'calculates hash from the body' do
61
+ expect(driven_request.calculated_hash).to eq('bxVSdFeR6aHBtw7+EBi5Bt8KllUZpUutOg9ChQmaSPA=')
62
62
  end
63
63
 
64
64
  context 'no body' do
65
65
  let(:params) { {} }
66
66
 
67
67
  it 'treats no body as empty string' do
68
- expect(driven_request.calculated_md5).to eq('1B2M2Y8AsgTpgAmY7PhCfg==')
68
+ expect(driven_request.calculated_hash).to eq('47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=')
69
69
  end
70
70
  end
71
71
  end
@@ -96,50 +96,50 @@ describe ApiAuth::RequestDrivers::GrapeRequest do
96
96
  }
97
97
  end
98
98
 
99
- describe '#populate_content_md5' do
99
+ describe '#populate_content_hash' do
100
100
  context 'when getting' do
101
101
  let(:method) { 'get' }
102
102
 
103
- it "doesn't populate content-md5" do
104
- driven_request.populate_content_md5
105
- expect(request.headers['Content-Md5']).to be_nil
103
+ it "doesn't populate content hash" do
104
+ driven_request.populate_content_hash
105
+ expect(request.headers['X-Authorization-Content-Sha256']).to be_nil
106
106
  end
107
107
  end
108
108
 
109
109
  context 'when posting' do
110
110
  let(:method) { 'post' }
111
111
 
112
- it 'populates content-md5' do
113
- driven_request.populate_content_md5
114
- expect(request.headers['Content-Md5']).to eq('WEqCyXEuRBYZbohpZmUyAw==')
112
+ it 'populates content bash' do
113
+ driven_request.populate_content_hash
114
+ expect(request.headers['X-Authorization-Content-Sha256']).to eq('bxVSdFeR6aHBtw7+EBi5Bt8KllUZpUutOg9ChQmaSPA=')
115
115
  end
116
116
 
117
117
  it 'refreshes the cached headers' do
118
- driven_request.populate_content_md5
119
- expect(driven_request.content_md5).to eq('WEqCyXEuRBYZbohpZmUyAw==')
118
+ driven_request.populate_content_hash
119
+ expect(driven_request.content_hash).to eq('bxVSdFeR6aHBtw7+EBi5Bt8KllUZpUutOg9ChQmaSPA=')
120
120
  end
121
121
  end
122
122
 
123
123
  context 'when putting' do
124
124
  let(:method) { 'put' }
125
125
 
126
- it 'populates content-md5' do
127
- driven_request.populate_content_md5
128
- expect(request.headers['Content-Md5']).to eq('WEqCyXEuRBYZbohpZmUyAw==')
126
+ it 'populates content hash' do
127
+ driven_request.populate_content_hash
128
+ expect(request.headers['X-Authorization-Content-Sha256']).to eq('bxVSdFeR6aHBtw7+EBi5Bt8KllUZpUutOg9ChQmaSPA=')
129
129
  end
130
130
 
131
131
  it 'refreshes the cached headers' do
132
- driven_request.populate_content_md5
133
- expect(driven_request.content_md5).to eq('WEqCyXEuRBYZbohpZmUyAw==')
132
+ driven_request.populate_content_hash
133
+ expect(driven_request.content_hash).to eq('bxVSdFeR6aHBtw7+EBi5Bt8KllUZpUutOg9ChQmaSPA=')
134
134
  end
135
135
  end
136
136
 
137
137
  context 'when deleting' do
138
138
  let(:method) { 'delete' }
139
139
 
140
- it "doesn't populate content-md5" do
141
- driven_request.populate_content_md5
142
- expect(request.headers['Content-Md5']).to be_nil
140
+ it "doesn't populate content hash" do
141
+ driven_request.populate_content_hash
142
+ expect(request.headers['X-Authorization-Content-Sha256']).to be_nil
143
143
  end
144
144
  end
145
145
  end
@@ -169,12 +169,12 @@ describe ApiAuth::RequestDrivers::GrapeRequest do
169
169
  end
170
170
  end
171
171
 
172
- describe 'md5_mismatch?' do
172
+ describe 'content_hash_mismatch?' do
173
173
  context 'when getting' do
174
174
  let(:method) { 'get' }
175
175
 
176
176
  it 'is false' do
177
- expect(driven_request.md5_mismatch?).to be false
177
+ expect(driven_request.content_hash_mismatch?).to be false
178
178
  end
179
179
  end
180
180
 
@@ -183,7 +183,7 @@ describe ApiAuth::RequestDrivers::GrapeRequest do
183
183
 
184
184
  context 'when calculated matches sent' do
185
185
  it 'is false' do
186
- expect(driven_request.md5_mismatch?).to be false
186
+ expect(driven_request.content_hash_mismatch?).to be false
187
187
  end
188
188
  end
189
189
 
@@ -191,7 +191,7 @@ describe ApiAuth::RequestDrivers::GrapeRequest do
191
191
  let(:params) { { 'message' => 'hello only' } }
192
192
 
193
193
  it 'is true' do
194
- expect(driven_request.md5_mismatch?).to be true
194
+ expect(driven_request.content_hash_mismatch?).to be true
195
195
  end
196
196
  end
197
197
  end
@@ -201,14 +201,15 @@ describe ApiAuth::RequestDrivers::GrapeRequest do
201
201
 
202
202
  context 'when calculated matches sent' do
203
203
  it 'is false' do
204
- expect(driven_request.md5_mismatch?).to be false
204
+ puts driven_request.calculated_hash
205
+ expect(driven_request.content_hash_mismatch?).to be false
205
206
  end
206
207
  end
207
208
 
208
209
  context "when calculated doesn't match sent" do
209
210
  let(:params) { { 'message' => 'hello only' } }
210
211
  it 'is true' do
211
- expect(driven_request.md5_mismatch?).to be true
212
+ expect(driven_request.content_hash_mismatch?).to be true
212
213
  end
213
214
  end
214
215
  end
@@ -217,7 +218,7 @@ describe ApiAuth::RequestDrivers::GrapeRequest do
217
218
  let(:method) { 'delete' }
218
219
 
219
220
  it 'is false' do
220
- expect(driven_request.md5_mismatch?).to be false
221
+ expect(driven_request.content_hash_mismatch?).to be false
221
222
  end
222
223
  end
223
224
  end
data/spec/request_drivers/http_spec.rb CHANGED
@@ -19,7 +19,7 @@ describe ApiAuth::RequestDrivers::HttpRequest do
19
19
  let(:headers) do
20
20
  {
21
21
  'Authorization' => 'APIAuth 1044:12345',
22
- 'content-md5' => '1B2M2Y8AsgTpgAmY7PhCfg==',
22
+ 'X-Authorization-Content-SHA256' => '47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=',
23
23
  'content-type' => 'text/plain',
24
24
  'date' => timestamp
25
25
  }
@@ -32,8 +32,8 @@ describe ApiAuth::RequestDrivers::HttpRequest do
32
32
  expect(driven_request.content_type).to eq('text/plain')
33
33
  end
34
34
 
35
- it 'gets the content_md5' do
36
- expect(driven_request.content_md5).to eq('1B2M2Y8AsgTpgAmY7PhCfg==')
35
+ it 'gets the content_hash' do
36
+ expect(driven_request.content_hash).to eq('47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=')
37
37
  end
38
38
 
39
39
  it 'gets the request_uri' do
@@ -48,9 +48,9 @@ describe ApiAuth::RequestDrivers::HttpRequest do
48
48
  expect(driven_request.authorization_header).to eq('APIAuth 1044:12345')
49
49
  end
50
50
 
51
- describe '#calculated_md5' do
52
- it 'calculates md5 from the body' do
53
- expect(driven_request.calculated_md5).to eq('kZXQvrKoieG+Be1rsZVINw==')
51
+ describe '#calculated_hash' do
52
+ it 'calculates hash from the body' do
53
+ expect(driven_request.calculated_hash).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
54
54
  expect(driven_request.body.bytesize).to eq(11)
55
55
  end
56
56
 
@@ -58,7 +58,7 @@ describe ApiAuth::RequestDrivers::HttpRequest do
58
58
  let(:body) { nil }
59
59
 
60
60
  it 'treats no body as empty string' do
61
- expect(driven_request.calculated_md5).to eq('1B2M2Y8AsgTpgAmY7PhCfg==')
61
+ expect(driven_request.calculated_hash).to eq('47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=')
62
62
  expect(driven_request.body.bytesize).to eq(0)
63
63
  end
64
64
  end
@@ -67,7 +67,7 @@ describe ApiAuth::RequestDrivers::HttpRequest do
67
67
  let(:body) { File.new('spec/fixtures/upload.png') }
68
68
 
69
69
  it 'calculates correctly for multipart content' do
70
- expect(driven_request.calculated_md5).to eq('k4U8MTA3RHDcewBzymVNEQ==')
70
+ expect(driven_request.calculated_hash).to eq('AlKDe7kjMQhuKgKuNG8I7GA93MasHcaVJkJLaUT7+dY=')
71
71
  expect(driven_request.body.bytesize).to eq(5112)
72
72
  end
73
73
  end
@@ -99,27 +99,27 @@ describe ApiAuth::RequestDrivers::HttpRequest do
99
99
  }
100
100
  end
101
101
 
102
- describe '#populate_content_md5' do
102
+ describe '#populate_content_hash' do
103
103
  context 'when request type has no body' do
104
104
  let(:verb) { :get }
105
105
 
106
- it "doesn't populate content-md5" do
107
- driven_request.populate_content_md5
108
- expect(request['Content-MD5']).to be_nil
106
+ it "doesn't populate content hash" do
107
+ driven_request.populate_content_hash
108
+ expect(request['X-Authorization-Content-SHA256']).to be_nil
109
109
  end
110
110
  end
111
111
 
112
112
  context 'when request type has a body' do
113
113
  let(:verb) { :put }
114
114
 
115
- it 'populates content-md5' do
116
- driven_request.populate_content_md5
117
- expect(request['Content-MD5']).to eq('kZXQvrKoieG+Be1rsZVINw==')
115
+ it 'populates content hash' do
116
+ driven_request.populate_content_hash
117
+ expect(request['X-Authorization-Content-SHA256']).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
118
118
  end
119
119
 
120
120
  it 'refreshes the cached headers' do
121
- driven_request.populate_content_md5
122
- expect(driven_request.content_md5).to eq('kZXQvrKoieG+Be1rsZVINw==')
121
+ driven_request.populate_content_hash
122
+ expect(driven_request.content_hash).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
123
123
  end
124
124
  end
125
125
  end
@@ -148,12 +148,12 @@ describe ApiAuth::RequestDrivers::HttpRequest do
148
148
  end
149
149
  end
150
150
 
151
- describe 'md5_mismatch?' do
151
+ describe 'content_hash_mismatch?' do
152
152
  context 'when request type has no body' do
153
153
  let(:verb) { :get }
154
154
 
155
155
  it 'is false' do
156
- expect(driven_request.md5_mismatch?).to be false
156
+ expect(driven_request.content_hash_mismatch?).to be false
157
157
  end
158
158
  end
159
159
 
@@ -162,21 +162,21 @@ describe ApiAuth::RequestDrivers::HttpRequest do
162
162
 
163
163
  context 'when calculated matches sent' do
164
164
  before do
165
- request['Content-MD5'] = 'kZXQvrKoieG+Be1rsZVINw=='
165
+ request['X-Authorization-Content-SHA256'] = 'JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g='
166
166
  end
167
167
 
168
168
  it 'is false' do
169
- expect(driven_request.md5_mismatch?).to be false
169
+ expect(driven_request.content_hash_mismatch?).to be false
170
170
  end
171
171
  end
172
172
 
173
173
  context "when calculated doesn't match sent" do
174
174
  before do
175
- request['Content-MD5'] = '3'
175
+ request['X-Authorization-Content-SHA256'] = '3'
176
176
  end
177
177
 
178
178
  it 'is true' do
179
- expect(driven_request.md5_mismatch?).to be true
179
+ expect(driven_request.content_hash_mismatch?).to be true
180
180
  end
181
181
  end
182
182
  end
data/spec/request_drivers/httpi_spec.rb CHANGED
@@ -6,7 +6,7 @@ describe ApiAuth::RequestDrivers::HttpiRequest do
6
6
  let(:request) do
7
7
  httpi_request = HTTPI::Request.new('http://localhost/resource.xml?foo=bar&bar=foo')
8
8
  httpi_request.headers.merge!('Authorization' => 'APIAuth 1044:12345',
9
- 'content-md5' => '1B2M2Y8AsgTpgAmY7PhCfg==',
9
+ 'X-Authorization-Content-SHA256' => '47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=',
10
10
  'content-type' => 'text/plain',
11
11
  'date' => timestamp)
12
12
  httpi_request.body = "hello\nworld"
@@ -20,8 +20,8 @@ describe ApiAuth::RequestDrivers::HttpiRequest do
20
20
  expect(driven_request.content_type).to eq('text/plain')
21
21
  end
22
22
 
23
- it 'gets the content_md5' do
24
- expect(driven_request.content_md5).to eq('1B2M2Y8AsgTpgAmY7PhCfg==')
23
+ it 'gets the content_hash' do
24
+ expect(driven_request.content_hash).to eq('47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=')
25
25
  end
26
26
 
27
27
  it 'gets the request_uri' do
@@ -36,14 +36,14 @@ describe ApiAuth::RequestDrivers::HttpiRequest do
36
36
  expect(driven_request.authorization_header).to eq('APIAuth 1044:12345')
37
37
  end
38
38
 
39
- describe '#calculated_md5' do
40
- it 'calculates md5 from the body' do
41
- expect(driven_request.calculated_md5).to eq('kZXQvrKoieG+Be1rsZVINw==')
39
+ describe '#calculated_hash' do
40
+ it 'calculates hash from the body' do
41
+ expect(driven_request.calculated_hash).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
42
42
  end
43
43
 
44
44
  it 'treats no body as empty string' do
45
45
  request.body = nil
46
- expect(driven_request.calculated_md5).to eq('1B2M2Y8AsgTpgAmY7PhCfg==')
46
+ expect(driven_request.calculated_hash).to eq('47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=')
47
47
  end
48
48
  end
49
49
 
@@ -61,15 +61,15 @@ describe ApiAuth::RequestDrivers::HttpiRequest do
61
61
  httpi_request
62
62
  end
63
63
 
64
- describe '#populate_content_md5' do
64
+ describe '#populate_content_hash' do
65
65
  context 'when there is no content body' do
66
66
  before do
67
67
  request.body = nil
68
68
  end
69
69
 
70
- it "doesn't populate content-md5" do
71
- driven_request.populate_content_md5
72
- expect(request.headers['Content-MD5']).to be_nil
70
+ it "doesn't populate content hash" do
71
+ driven_request.populate_content_hash
72
+ expect(request.headers['X-Authorization-Content-SHA256']).to be_nil
73
73
  end
74
74
  end
75
75
 
@@ -78,14 +78,14 @@ describe ApiAuth::RequestDrivers::HttpiRequest do
78
78
  request.body = "hello\nworld"
79
79
  end
80
80
 
81
- it 'populates content-md5' do
82
- driven_request.populate_content_md5
83
- expect(request.headers['Content-MD5']).to eq('kZXQvrKoieG+Be1rsZVINw==')
81
+ it 'populates content hash' do
82
+ driven_request.populate_content_hash
83
+ expect(request.headers['X-Authorization-Content-SHA256']).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
84
84
  end
85
85
 
86
86
  it 'refreshes the cached headers' do
87
- driven_request.populate_content_md5
88
- expect(driven_request.content_md5).to eq('kZXQvrKoieG+Be1rsZVINw==')
87
+ driven_request.populate_content_hash
88
+ expect(driven_request.content_hash).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
89
89
  end
90
90
  end
91
91
  end
@@ -114,14 +114,14 @@ describe ApiAuth::RequestDrivers::HttpiRequest do
114
114
  end
115
115
  end
116
116
 
117
- describe 'md5_mismatch?' do
117
+ describe 'content_hash_mismatch?' do
118
118
  context 'when there is no content body' do
119
119
  before do
120
120
  request.body = nil
121
121
  end
122
122
 
123
123
  it 'is false' do
124
- expect(driven_request.md5_mismatch?).to be false
124
+ expect(driven_request.content_hash_mismatch?).to be false
125
125
  end
126
126
  end
127
127
 
@@ -132,21 +132,21 @@ describe ApiAuth::RequestDrivers::HttpiRequest do
132
132
 
133
133
  context 'when calculated matches sent' do
134
134
  before do
135
- request.headers['Content-MD5'] = 'kZXQvrKoieG+Be1rsZVINw=='
135
+ request.headers['X-Authorization-Content-SHA256'] = 'JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g='
136
136
  end
137
137
 
138
138
  it 'is false' do
139
- expect(driven_request.md5_mismatch?).to be false
139
+ expect(driven_request.content_hash_mismatch?).to be false
140
140
  end
141
141
  end
142
142
 
143
143
  context "when calculated doesn't match sent" do
144
144
  before do
145
- request.headers['Content-MD5'] = '3'
145
+ request.headers['X-Authorization-Content-SHA256'] = '3'
146
146
  end
147
147
 
148
148
  it 'is true' do
149
- expect(driven_request.md5_mismatch?).to be true
149
+ expect(driven_request.content_hash_mismatch?).to be true
150
150
  end
151
151
  end
152
152
  end