api-auth 2.4.0 → 2.5.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (49) hide show
  1. checksums.yaml +4 -4
  2. data/.github/workflows/main.yml +67 -0
  3. data/.gitignore +2 -0
  4. data/.rubocop.yml +16 -3
  5. data/.rubocop_todo.yml +29 -19
  6. data/Appraisals +12 -18
  7. data/CHANGELOG.md +11 -0
  8. data/Gemfile +0 -2
  9. data/README.md +29 -27
  10. data/VERSION +1 -1
  11. data/api_auth.gemspec +11 -4
  12. data/gemfiles/rails_52.gemfile +5 -5
  13. data/gemfiles/rails_60.gemfile +5 -7
  14. data/gemfiles/rails_61.gemfile +9 -0
  15. data/lib/api_auth/base.rb +2 -2
  16. data/lib/api_auth/headers.rb +6 -6
  17. data/lib/api_auth/helpers.rb +2 -2
  18. data/lib/api_auth/railtie.rb +12 -6
  19. data/lib/api_auth/request_drivers/action_controller.rb +8 -8
  20. data/lib/api_auth/request_drivers/curb.rb +4 -4
  21. data/lib/api_auth/request_drivers/faraday.rb +11 -11
  22. data/lib/api_auth/request_drivers/grape_request.rb +8 -8
  23. data/lib/api_auth/request_drivers/http.rb +8 -8
  24. data/lib/api_auth/request_drivers/httpi.rb +8 -8
  25. data/lib/api_auth/request_drivers/net_http.rb +8 -8
  26. data/lib/api_auth/request_drivers/rack.rb +8 -8
  27. data/lib/api_auth/request_drivers/rest_client.rb +8 -8
  28. data/spec/api_auth_spec.rb +8 -8
  29. data/spec/headers_spec.rb +26 -26
  30. data/spec/helpers_spec.rb +1 -1
  31. data/spec/railtie_spec.rb +3 -3
  32. data/spec/request_drivers/action_controller_spec.rb +74 -35
  33. data/spec/request_drivers/action_dispatch_spec.rb +74 -35
  34. data/spec/request_drivers/curb_spec.rb +8 -8
  35. data/spec/request_drivers/faraday_spec.rb +43 -43
  36. data/spec/request_drivers/grape_request_spec.rb +33 -32
  37. data/spec/request_drivers/http_spec.rb +23 -23
  38. data/spec/request_drivers/httpi_spec.rb +22 -22
  39. data/spec/request_drivers/net_http_spec.rb +23 -23
  40. data/spec/request_drivers/rack_spec.rb +35 -35
  41. data/spec/request_drivers/rest_client_spec.rb +36 -36
  42. metadata +51 -26
  43. data/.travis.yml +0 -39
  44. data/gemfiles/http2.gemfile +0 -7
  45. data/gemfiles/http3.gemfile +0 -7
  46. data/gemfiles/http4.gemfile +0 -7
  47. data/gemfiles/rails_5.gemfile +0 -9
  48. data/gemfiles/rails_51.gemfile +0 -9
  49. data/spec/.rubocop.yml +0 -5
@@ -20,7 +20,7 @@ describe ApiAuth::RequestDrivers::FaradayRequest do
20
20
  let(:request_headers) do
21
21
  {
22
22
  'Authorization' => 'APIAuth 1044:12345',
23
- 'Content-MD5' => '1B2M2Y8AsgTpgAmY7PhCfg==',
23
+ 'X-Authorization-Content-SHA256' => '47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=',
24
24
  'content-type' => 'text/plain',
25
25
  'DATE' => timestamp
26
26
  }
@@ -44,8 +44,8 @@ describe ApiAuth::RequestDrivers::FaradayRequest do
44
44
  expect(driven_request.content_type).to eq('text/plain')
45
45
  end
46
46
 
47
- it 'gets the content_md5' do
48
- expect(driven_request.content_md5).to eq('1B2M2Y8AsgTpgAmY7PhCfg==')
47
+ it 'gets the content_hash' do
48
+ expect(driven_request.content_hash).to eq('47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=')
49
49
  end
50
50
 
51
51
  it 'gets the request_uri' do
@@ -60,14 +60,14 @@ describe ApiAuth::RequestDrivers::FaradayRequest do
60
60
  expect(driven_request.authorization_header).to eq('APIAuth 1044:12345')
61
61
  end
62
62
 
63
- describe '#calculated_md5' do
64
- it 'calculates md5 from the body' do
65
- expect(driven_request.calculated_md5).to eq('kZXQvrKoieG+Be1rsZVINw==')
63
+ describe '#calculated_hash' do
64
+ it 'calculates hash from the body' do
65
+ expect(driven_request.calculated_hash).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
66
66
  end
67
67
 
68
68
  it 'treats no body as empty string' do
69
69
  request.body = nil
70
- expect(driven_request.calculated_md5).to eq('1B2M2Y8AsgTpgAmY7PhCfg==')
70
+ expect(driven_request.calculated_hash).to eq('47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=')
71
71
  end
72
72
  end
73
73
 
@@ -115,46 +115,46 @@ describe ApiAuth::RequestDrivers::FaradayRequest do
115
115
  }
116
116
  end
117
117
 
118
- describe '#populate_content_md5' do
118
+ describe '#populate_content_hash' do
119
119
  context 'when getting' do
120
- it "doesn't populate content-md5" do
121
- request.method = :get
122
- driven_request.populate_content_md5
123
- expect(request.headers['Content-MD5']).to be_nil
120
+ it "doesn't populate content hash" do
121
+ request.http_method = :get
122
+ driven_request.populate_content_hash
123
+ expect(request.headers['X-Authorization-Content-SHA256']).to be_nil
124
124
  end
125
125
  end
126
126
 
127
127
  context 'when posting' do
128
- it 'populates content-md5' do
129
- request.method = :post
130
- driven_request.populate_content_md5
131
- expect(request.headers['Content-MD5']).to eq('kZXQvrKoieG+Be1rsZVINw==')
128
+ it 'populates content hash' do
129
+ request.http_method = :post
130
+ driven_request.populate_content_hash
131
+ expect(request.headers['X-Authorization-Content-SHA256']).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
132
132
  end
133
133
 
134
134
  it 'refreshes the cached headers' do
135
- driven_request.populate_content_md5
136
- expect(driven_request.content_md5).to eq('kZXQvrKoieG+Be1rsZVINw==')
135
+ driven_request.populate_content_hash
136
+ expect(driven_request.content_hash).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
137
137
  end
138
138
  end
139
139
 
140
140
  context 'when putting' do
141
- it 'populates content-md5' do
142
- request.method = :put
143
- driven_request.populate_content_md5
144
- expect(request.headers['Content-MD5']).to eq('kZXQvrKoieG+Be1rsZVINw==')
141
+ it 'populates content hash' do
142
+ request.http_method = :put
143
+ driven_request.populate_content_hash
144
+ expect(request.headers['X-Authorization-Content-SHA256']).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
145
145
  end
146
146
 
147
147
  it 'refreshes the cached headers' do
148
- driven_request.populate_content_md5
149
- expect(driven_request.content_md5).to eq('kZXQvrKoieG+Be1rsZVINw==')
148
+ driven_request.populate_content_hash
149
+ expect(driven_request.content_hash).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
150
150
  end
151
151
  end
152
152
 
153
153
  context 'when deleting' do
154
- it "doesn't populate content-md5" do
155
- request.method = :delete
156
- driven_request.populate_content_md5
157
- expect(request.headers['Content-MD5']).to be_nil
154
+ it "doesn't populate content hash" do
155
+ request.http_method = :delete
156
+ driven_request.populate_content_hash
157
+ expect(request.headers['X-Authorization-Content-SHA256']).to be_nil
158
158
  end
159
159
  end
160
160
  end
@@ -183,76 +183,76 @@ describe ApiAuth::RequestDrivers::FaradayRequest do
183
183
  end
184
184
  end
185
185
 
186
- describe 'md5_mismatch?' do
186
+ describe 'content_hash_mismatch?' do
187
187
  context 'when getting' do
188
188
  before do
189
- request.method = :get
189
+ request.http_method = :get
190
190
  end
191
191
 
192
192
  it 'is false' do
193
- expect(driven_request.md5_mismatch?).to be false
193
+ expect(driven_request.content_hash_mismatch?).to be false
194
194
  end
195
195
  end
196
196
 
197
197
  context 'when posting' do
198
198
  before do
199
- request.method = :post
199
+ request.http_method = :post
200
200
  end
201
201
 
202
202
  context 'when calculated matches sent' do
203
203
  before do
204
- request.headers['Content-MD5'] = 'kZXQvrKoieG+Be1rsZVINw=='
204
+ request.headers['X-Authorization-Content-SHA256'] = 'JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g='
205
205
  end
206
206
 
207
207
  it 'is false' do
208
- expect(driven_request.md5_mismatch?).to be false
208
+ expect(driven_request.content_hash_mismatch?).to be false
209
209
  end
210
210
  end
211
211
 
212
212
  context "when calculated doesn't match sent" do
213
213
  before do
214
- request.headers['Content-MD5'] = '3'
214
+ request.headers['X-Authorization-Content-SHA256'] = '3'
215
215
  end
216
216
 
217
217
  it 'is true' do
218
- expect(driven_request.md5_mismatch?).to be true
218
+ expect(driven_request.content_hash_mismatch?).to be true
219
219
  end
220
220
  end
221
221
  end
222
222
 
223
223
  context 'when putting' do
224
224
  before do
225
- request.method = :put
225
+ request.http_method = :put
226
226
  end
227
227
 
228
228
  context 'when calculated matches sent' do
229
229
  before do
230
- request.headers['Content-MD5'] = 'kZXQvrKoieG+Be1rsZVINw=='
230
+ request.headers['X-Authorization-Content-SHA256'] = 'JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g='
231
231
  end
232
232
 
233
233
  it 'is false' do
234
- expect(driven_request.md5_mismatch?).to be false
234
+ expect(driven_request.content_hash_mismatch?).to be false
235
235
  end
236
236
  end
237
237
 
238
238
  context "when calculated doesn't match sent" do
239
239
  before do
240
- request.headers['Content-MD5'] = '3'
240
+ request.headers['X-Authorization-Content-SHA256'] = '3'
241
241
  end
242
242
 
243
243
  it 'is true' do
244
- expect(driven_request.md5_mismatch?).to be true
244
+ expect(driven_request.content_hash_mismatch?).to be true
245
245
  end
246
246
  end
247
247
  end
248
248
 
249
249
  context 'when deleting' do
250
250
  before do
251
- request.method = :delete
251
+ request.http_method = :delete
252
252
  end
253
253
 
254
254
  it 'is false' do
255
- expect(driven_request.md5_mismatch?).to be false
255
+ expect(driven_request.content_hash_mismatch?).to be false
256
256
  end
257
257
  end
258
258
  end
@@ -26,8 +26,8 @@ describe ApiAuth::RequestDrivers::GrapeRequest do
26
26
  let(:timestamp) { Time.now.utc.httpdate }
27
27
  let(:request_headers) do
28
28
  {
29
- 'HTTP_X_HMAC_AUTHORIZATION' => 'APIAuth 1044:12345',
30
- 'HTTP_X_HMAC_CONTENT_MD5' => 'WEqCyXEuRBYZbohpZmUyAw==',
29
+ 'HTTP_X_AUTHORIZATION' => 'APIAuth 1044:12345',
30
+ 'HTTP_X_AUTHORIZATION_CONTENT_SHA256' => 'bxVSdFeR6aHBtw7+EBi5Bt8KllUZpUutOg9ChQmaSPA=',
31
31
  'HTTP_X_HMAC_CONTENT_TYPE' => 'text/plain',
32
32
  'HTTP_X_HMAC_DATE' => timestamp
33
33
  }
@@ -40,8 +40,8 @@ describe ApiAuth::RequestDrivers::GrapeRequest do
40
40
  expect(driven_request.content_type).to eq('text/plain')
41
41
  end
42
42
 
43
- it 'gets the content_md5' do
44
- expect(driven_request.content_md5).to eq('WEqCyXEuRBYZbohpZmUyAw==')
43
+ it 'gets the content_hash' do
44
+ expect(driven_request.content_hash).to eq('bxVSdFeR6aHBtw7+EBi5Bt8KllUZpUutOg9ChQmaSPA=')
45
45
  end
46
46
 
47
47
  it 'gets the request_uri' do
@@ -56,16 +56,16 @@ describe ApiAuth::RequestDrivers::GrapeRequest do
56
56
  expect(driven_request.authorization_header).to eq('APIAuth 1044:12345')
57
57
  end
58
58
 
59
- describe '#calculated_md5' do
60
- it 'calculates md5 from the body' do
61
- expect(driven_request.calculated_md5).to eq('WEqCyXEuRBYZbohpZmUyAw==')
59
+ describe '#calculated_hash' do
60
+ it 'calculates hash from the body' do
61
+ expect(driven_request.calculated_hash).to eq('bxVSdFeR6aHBtw7+EBi5Bt8KllUZpUutOg9ChQmaSPA=')
62
62
  end
63
63
 
64
64
  context 'no body' do
65
65
  let(:params) { {} }
66
66
 
67
67
  it 'treats no body as empty string' do
68
- expect(driven_request.calculated_md5).to eq('1B2M2Y8AsgTpgAmY7PhCfg==')
68
+ expect(driven_request.calculated_hash).to eq('47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=')
69
69
  end
70
70
  end
71
71
  end
@@ -96,50 +96,50 @@ describe ApiAuth::RequestDrivers::GrapeRequest do
96
96
  }
97
97
  end
98
98
 
99
- describe '#populate_content_md5' do
99
+ describe '#populate_content_hash' do
100
100
  context 'when getting' do
101
101
  let(:method) { 'get' }
102
102
 
103
- it "doesn't populate content-md5" do
104
- driven_request.populate_content_md5
105
- expect(request.headers['Content-Md5']).to be_nil
103
+ it "doesn't populate content hash" do
104
+ driven_request.populate_content_hash
105
+ expect(request.headers['X-Authorization-Content-Sha256']).to be_nil
106
106
  end
107
107
  end
108
108
 
109
109
  context 'when posting' do
110
110
  let(:method) { 'post' }
111
111
 
112
- it 'populates content-md5' do
113
- driven_request.populate_content_md5
114
- expect(request.headers['Content-Md5']).to eq('WEqCyXEuRBYZbohpZmUyAw==')
112
+ it 'populates content bash' do
113
+ driven_request.populate_content_hash
114
+ expect(request.headers['X-Authorization-Content-Sha256']).to eq('bxVSdFeR6aHBtw7+EBi5Bt8KllUZpUutOg9ChQmaSPA=')
115
115
  end
116
116
 
117
117
  it 'refreshes the cached headers' do
118
- driven_request.populate_content_md5
119
- expect(driven_request.content_md5).to eq('WEqCyXEuRBYZbohpZmUyAw==')
118
+ driven_request.populate_content_hash
119
+ expect(driven_request.content_hash).to eq('bxVSdFeR6aHBtw7+EBi5Bt8KllUZpUutOg9ChQmaSPA=')
120
120
  end
121
121
  end
122
122
 
123
123
  context 'when putting' do
124
124
  let(:method) { 'put' }
125
125
 
126
- it 'populates content-md5' do
127
- driven_request.populate_content_md5
128
- expect(request.headers['Content-Md5']).to eq('WEqCyXEuRBYZbohpZmUyAw==')
126
+ it 'populates content hash' do
127
+ driven_request.populate_content_hash
128
+ expect(request.headers['X-Authorization-Content-Sha256']).to eq('bxVSdFeR6aHBtw7+EBi5Bt8KllUZpUutOg9ChQmaSPA=')
129
129
  end
130
130
 
131
131
  it 'refreshes the cached headers' do
132
- driven_request.populate_content_md5
133
- expect(driven_request.content_md5).to eq('WEqCyXEuRBYZbohpZmUyAw==')
132
+ driven_request.populate_content_hash
133
+ expect(driven_request.content_hash).to eq('bxVSdFeR6aHBtw7+EBi5Bt8KllUZpUutOg9ChQmaSPA=')
134
134
  end
135
135
  end
136
136
 
137
137
  context 'when deleting' do
138
138
  let(:method) { 'delete' }
139
139
 
140
- it "doesn't populate content-md5" do
141
- driven_request.populate_content_md5
142
- expect(request.headers['Content-Md5']).to be_nil
140
+ it "doesn't populate content hash" do
141
+ driven_request.populate_content_hash
142
+ expect(request.headers['X-Authorization-Content-Sha256']).to be_nil
143
143
  end
144
144
  end
145
145
  end
@@ -169,12 +169,12 @@ describe ApiAuth::RequestDrivers::GrapeRequest do
169
169
  end
170
170
  end
171
171
 
172
- describe 'md5_mismatch?' do
172
+ describe 'content_hash_mismatch?' do
173
173
  context 'when getting' do
174
174
  let(:method) { 'get' }
175
175
 
176
176
  it 'is false' do
177
- expect(driven_request.md5_mismatch?).to be false
177
+ expect(driven_request.content_hash_mismatch?).to be false
178
178
  end
179
179
  end
180
180
 
@@ -183,7 +183,7 @@ describe ApiAuth::RequestDrivers::GrapeRequest do
183
183
 
184
184
  context 'when calculated matches sent' do
185
185
  it 'is false' do
186
- expect(driven_request.md5_mismatch?).to be false
186
+ expect(driven_request.content_hash_mismatch?).to be false
187
187
  end
188
188
  end
189
189
 
@@ -191,7 +191,7 @@ describe ApiAuth::RequestDrivers::GrapeRequest do
191
191
  let(:params) { { 'message' => 'hello only' } }
192
192
 
193
193
  it 'is true' do
194
- expect(driven_request.md5_mismatch?).to be true
194
+ expect(driven_request.content_hash_mismatch?).to be true
195
195
  end
196
196
  end
197
197
  end
@@ -201,14 +201,15 @@ describe ApiAuth::RequestDrivers::GrapeRequest do
201
201
 
202
202
  context 'when calculated matches sent' do
203
203
  it 'is false' do
204
- expect(driven_request.md5_mismatch?).to be false
204
+ puts driven_request.calculated_hash
205
+ expect(driven_request.content_hash_mismatch?).to be false
205
206
  end
206
207
  end
207
208
 
208
209
  context "when calculated doesn't match sent" do
209
210
  let(:params) { { 'message' => 'hello only' } }
210
211
  it 'is true' do
211
- expect(driven_request.md5_mismatch?).to be true
212
+ expect(driven_request.content_hash_mismatch?).to be true
212
213
  end
213
214
  end
214
215
  end
@@ -217,7 +218,7 @@ describe ApiAuth::RequestDrivers::GrapeRequest do
217
218
  let(:method) { 'delete' }
218
219
 
219
220
  it 'is false' do
220
- expect(driven_request.md5_mismatch?).to be false
221
+ expect(driven_request.content_hash_mismatch?).to be false
221
222
  end
222
223
  end
223
224
  end
@@ -19,7 +19,7 @@ describe ApiAuth::RequestDrivers::HttpRequest do
19
19
  let(:headers) do
20
20
  {
21
21
  'Authorization' => 'APIAuth 1044:12345',
22
- 'content-md5' => '1B2M2Y8AsgTpgAmY7PhCfg==',
22
+ 'X-Authorization-Content-SHA256' => '47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=',
23
23
  'content-type' => 'text/plain',
24
24
  'date' => timestamp
25
25
  }
@@ -32,8 +32,8 @@ describe ApiAuth::RequestDrivers::HttpRequest do
32
32
  expect(driven_request.content_type).to eq('text/plain')
33
33
  end
34
34
 
35
- it 'gets the content_md5' do
36
- expect(driven_request.content_md5).to eq('1B2M2Y8AsgTpgAmY7PhCfg==')
35
+ it 'gets the content_hash' do
36
+ expect(driven_request.content_hash).to eq('47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=')
37
37
  end
38
38
 
39
39
  it 'gets the request_uri' do
@@ -48,9 +48,9 @@ describe ApiAuth::RequestDrivers::HttpRequest do
48
48
  expect(driven_request.authorization_header).to eq('APIAuth 1044:12345')
49
49
  end
50
50
 
51
- describe '#calculated_md5' do
52
- it 'calculates md5 from the body' do
53
- expect(driven_request.calculated_md5).to eq('kZXQvrKoieG+Be1rsZVINw==')
51
+ describe '#calculated_hash' do
52
+ it 'calculates hash from the body' do
53
+ expect(driven_request.calculated_hash).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
54
54
  expect(driven_request.body.bytesize).to eq(11)
55
55
  end
56
56
 
@@ -58,7 +58,7 @@ describe ApiAuth::RequestDrivers::HttpRequest do
58
58
  let(:body) { nil }
59
59
 
60
60
  it 'treats no body as empty string' do
61
- expect(driven_request.calculated_md5).to eq('1B2M2Y8AsgTpgAmY7PhCfg==')
61
+ expect(driven_request.calculated_hash).to eq('47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=')
62
62
  expect(driven_request.body.bytesize).to eq(0)
63
63
  end
64
64
  end
@@ -67,7 +67,7 @@ describe ApiAuth::RequestDrivers::HttpRequest do
67
67
  let(:body) { File.new('spec/fixtures/upload.png') }
68
68
 
69
69
  it 'calculates correctly for multipart content' do
70
- expect(driven_request.calculated_md5).to eq('k4U8MTA3RHDcewBzymVNEQ==')
70
+ expect(driven_request.calculated_hash).to eq('AlKDe7kjMQhuKgKuNG8I7GA93MasHcaVJkJLaUT7+dY=')
71
71
  expect(driven_request.body.bytesize).to eq(5112)
72
72
  end
73
73
  end
@@ -99,27 +99,27 @@ describe ApiAuth::RequestDrivers::HttpRequest do
99
99
  }
100
100
  end
101
101
 
102
- describe '#populate_content_md5' do
102
+ describe '#populate_content_hash' do
103
103
  context 'when request type has no body' do
104
104
  let(:verb) { :get }
105
105
 
106
- it "doesn't populate content-md5" do
107
- driven_request.populate_content_md5
108
- expect(request['Content-MD5']).to be_nil
106
+ it "doesn't populate content hash" do
107
+ driven_request.populate_content_hash
108
+ expect(request['X-Authorization-Content-SHA256']).to be_nil
109
109
  end
110
110
  end
111
111
 
112
112
  context 'when request type has a body' do
113
113
  let(:verb) { :put }
114
114
 
115
- it 'populates content-md5' do
116
- driven_request.populate_content_md5
117
- expect(request['Content-MD5']).to eq('kZXQvrKoieG+Be1rsZVINw==')
115
+ it 'populates content hash' do
116
+ driven_request.populate_content_hash
117
+ expect(request['X-Authorization-Content-SHA256']).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
118
118
  end
119
119
 
120
120
  it 'refreshes the cached headers' do
121
- driven_request.populate_content_md5
122
- expect(driven_request.content_md5).to eq('kZXQvrKoieG+Be1rsZVINw==')
121
+ driven_request.populate_content_hash
122
+ expect(driven_request.content_hash).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
123
123
  end
124
124
  end
125
125
  end
@@ -148,12 +148,12 @@ describe ApiAuth::RequestDrivers::HttpRequest do
148
148
  end
149
149
  end
150
150
 
151
- describe 'md5_mismatch?' do
151
+ describe 'content_hash_mismatch?' do
152
152
  context 'when request type has no body' do
153
153
  let(:verb) { :get }
154
154
 
155
155
  it 'is false' do
156
- expect(driven_request.md5_mismatch?).to be false
156
+ expect(driven_request.content_hash_mismatch?).to be false
157
157
  end
158
158
  end
159
159
 
@@ -162,21 +162,21 @@ describe ApiAuth::RequestDrivers::HttpRequest do
162
162
 
163
163
  context 'when calculated matches sent' do
164
164
  before do
165
- request['Content-MD5'] = 'kZXQvrKoieG+Be1rsZVINw=='
165
+ request['X-Authorization-Content-SHA256'] = 'JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g='
166
166
  end
167
167
 
168
168
  it 'is false' do
169
- expect(driven_request.md5_mismatch?).to be false
169
+ expect(driven_request.content_hash_mismatch?).to be false
170
170
  end
171
171
  end
172
172
 
173
173
  context "when calculated doesn't match sent" do
174
174
  before do
175
- request['Content-MD5'] = '3'
175
+ request['X-Authorization-Content-SHA256'] = '3'
176
176
  end
177
177
 
178
178
  it 'is true' do
179
- expect(driven_request.md5_mismatch?).to be true
179
+ expect(driven_request.content_hash_mismatch?).to be true
180
180
  end
181
181
  end
182
182
  end
@@ -6,7 +6,7 @@ describe ApiAuth::RequestDrivers::HttpiRequest do
6
6
  let(:request) do
7
7
  httpi_request = HTTPI::Request.new('http://localhost/resource.xml?foo=bar&bar=foo')
8
8
  httpi_request.headers.merge!('Authorization' => 'APIAuth 1044:12345',
9
- 'content-md5' => '1B2M2Y8AsgTpgAmY7PhCfg==',
9
+ 'X-Authorization-Content-SHA256' => '47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=',
10
10
  'content-type' => 'text/plain',
11
11
  'date' => timestamp)
12
12
  httpi_request.body = "hello\nworld"
@@ -20,8 +20,8 @@ describe ApiAuth::RequestDrivers::HttpiRequest do
20
20
  expect(driven_request.content_type).to eq('text/plain')
21
21
  end
22
22
 
23
- it 'gets the content_md5' do
24
- expect(driven_request.content_md5).to eq('1B2M2Y8AsgTpgAmY7PhCfg==')
23
+ it 'gets the content_hash' do
24
+ expect(driven_request.content_hash).to eq('47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=')
25
25
  end
26
26
 
27
27
  it 'gets the request_uri' do
@@ -36,14 +36,14 @@ describe ApiAuth::RequestDrivers::HttpiRequest do
36
36
  expect(driven_request.authorization_header).to eq('APIAuth 1044:12345')
37
37
  end
38
38
 
39
- describe '#calculated_md5' do
40
- it 'calculates md5 from the body' do
41
- expect(driven_request.calculated_md5).to eq('kZXQvrKoieG+Be1rsZVINw==')
39
+ describe '#calculated_hash' do
40
+ it 'calculates hash from the body' do
41
+ expect(driven_request.calculated_hash).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
42
42
  end
43
43
 
44
44
  it 'treats no body as empty string' do
45
45
  request.body = nil
46
- expect(driven_request.calculated_md5).to eq('1B2M2Y8AsgTpgAmY7PhCfg==')
46
+ expect(driven_request.calculated_hash).to eq('47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=')
47
47
  end
48
48
  end
49
49
 
@@ -61,15 +61,15 @@ describe ApiAuth::RequestDrivers::HttpiRequest do
61
61
  httpi_request
62
62
  end
63
63
 
64
- describe '#populate_content_md5' do
64
+ describe '#populate_content_hash' do
65
65
  context 'when there is no content body' do
66
66
  before do
67
67
  request.body = nil
68
68
  end
69
69
 
70
- it "doesn't populate content-md5" do
71
- driven_request.populate_content_md5
72
- expect(request.headers['Content-MD5']).to be_nil
70
+ it "doesn't populate content hash" do
71
+ driven_request.populate_content_hash
72
+ expect(request.headers['X-Authorization-Content-SHA256']).to be_nil
73
73
  end
74
74
  end
75
75
 
@@ -78,14 +78,14 @@ describe ApiAuth::RequestDrivers::HttpiRequest do
78
78
  request.body = "hello\nworld"
79
79
  end
80
80
 
81
- it 'populates content-md5' do
82
- driven_request.populate_content_md5
83
- expect(request.headers['Content-MD5']).to eq('kZXQvrKoieG+Be1rsZVINw==')
81
+ it 'populates content hash' do
82
+ driven_request.populate_content_hash
83
+ expect(request.headers['X-Authorization-Content-SHA256']).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
84
84
  end
85
85
 
86
86
  it 'refreshes the cached headers' do
87
- driven_request.populate_content_md5
88
- expect(driven_request.content_md5).to eq('kZXQvrKoieG+Be1rsZVINw==')
87
+ driven_request.populate_content_hash
88
+ expect(driven_request.content_hash).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
89
89
  end
90
90
  end
91
91
  end
@@ -114,14 +114,14 @@ describe ApiAuth::RequestDrivers::HttpiRequest do
114
114
  end
115
115
  end
116
116
 
117
- describe 'md5_mismatch?' do
117
+ describe 'content_hash_mismatch?' do
118
118
  context 'when there is no content body' do
119
119
  before do
120
120
  request.body = nil
121
121
  end
122
122
 
123
123
  it 'is false' do
124
- expect(driven_request.md5_mismatch?).to be false
124
+ expect(driven_request.content_hash_mismatch?).to be false
125
125
  end
126
126
  end
127
127
 
@@ -132,21 +132,21 @@ describe ApiAuth::RequestDrivers::HttpiRequest do
132
132
 
133
133
  context 'when calculated matches sent' do
134
134
  before do
135
- request.headers['Content-MD5'] = 'kZXQvrKoieG+Be1rsZVINw=='
135
+ request.headers['X-Authorization-Content-SHA256'] = 'JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g='
136
136
  end
137
137
 
138
138
  it 'is false' do
139
- expect(driven_request.md5_mismatch?).to be false
139
+ expect(driven_request.content_hash_mismatch?).to be false
140
140
  end
141
141
  end
142
142
 
143
143
  context "when calculated doesn't match sent" do
144
144
  before do
145
- request.headers['Content-MD5'] = '3'
145
+ request.headers['X-Authorization-Content-SHA256'] = '3'
146
146
  end
147
147
 
148
148
  it 'is true' do
149
- expect(driven_request.md5_mismatch?).to be true
149
+ expect(driven_request.content_hash_mismatch?).to be true
150
150
  end
151
151
  end
152
152
  end