api-auth 2.4.1 → 2.5.0

data/spec/headers_spec.rb

@@ -1,4 +1,4 @@
-require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
+require 'spec_helper'
 
 describe ApiAuth::Headers do
   describe '#canonical_string' do
@@ -53,7 +53,7 @@ describe ApiAuth::Headers do
         before do
           allow(driver).to receive(:http_method).and_return 'GET'
           allow(driver).to receive(:content_type).and_return 'text/html'
-          allow(driver).to receive(:content_md5).and_return '12345'
+          allow(driver).to receive(:content_hash).and_return '12345'
           allow(driver).to receive(:request_uri).and_return '/foo'
           allow(driver).to receive(:timestamp).and_return 'Mon, 23 Jan 1984 03:29:56 GMT'
         end
@@ -83,7 +83,7 @@ describe ApiAuth::Headers do
         before do
           allow(driver).to receive(:http_method).and_return nil
           allow(driver).to receive(:content_type).and_return 'text/html'
-          allow(driver).to receive(:content_md5).and_return '12345'
+          allow(driver).to receive(:content_hash).and_return '12345'
           allow(driver).to receive(:request_uri).and_return '/foo'
           allow(driver).to receive(:timestamp).and_return 'Mon, 23 Jan 1984 03:29:56 GMT'
         end
@@ -115,7 +115,7 @@ describe ApiAuth::Headers do
 
         before do
           allow(driver).to receive(:content_type).and_return 'text/html'
-          allow(driver).to receive(:content_md5).and_return '12345'
+          allow(driver).to receive(:content_hash).and_return '12345'
           allow(driver).to receive(:timestamp).and_return 'Mon, 23 Jan 1984 03:29:56 GMT'
         end
 
@@ -140,7 +140,7 @@ describe ApiAuth::Headers do
 
         before do
           allow(driver).to receive(:content_type).and_return 'text/html'
-          allow(driver).to receive(:content_md5).and_return '12345'
+          allow(driver).to receive(:content_hash).and_return '12345'
           allow(driver).to receive(:timestamp).and_return 'Mon, 23 Jan 1984 03:29:56 GMT'
         end
 
@@ -154,11 +154,11 @@ describe ApiAuth::Headers do
     end
   end
 
-  describe '#calculate_md5' do
+  describe '#calculate_hash' do
     subject(:headers) { described_class.new(request) }
     let(:driver) { headers.instance_variable_get('@request') }
 
-    context 'no md5 already calculated' do
+    context 'no content hash already calculated' do
       let(:request) do
         RestClient::Request.new(
           url: 'http://google.com',
@@ -167,55 +167,55 @@ describe ApiAuth::Headers do
         )
       end
 
-      it 'populates the md5 header' do
-        expect(driver).to receive(:populate_content_md5)
-        headers.calculate_md5
+      it 'populates the content hash header' do
+        expect(driver).to receive(:populate_content_hash)
+        headers.calculate_hash
       end
     end
 
-    context 'md5 already calculated' do
+    context 'hash already calculated' do
       let(:request) do
         RestClient::Request.new(
           url: 'http://google.com',
           method: :post,
           payload: "hello\nworld",
-          headers: { content_md5: 'abcd' }
+          headers: { 'X-Authorization-Content-SHA256' => 'abcd' }
         )
       end
 
-      it "doesn't populate the md5 header" do
-        expect(driver).not_to receive(:populate_content_md5)
-        headers.calculate_md5
+      it "doesn't populate the X-Authorization-Content-SHA256 header" do
+        expect(driver).not_to receive(:populate_content_hash)
+        headers.calculate_hash
       end
     end
   end
 
-  describe '#md5_mismatch?' do
+  describe '#content_hash_mismatch?' do
     let(:request) { RestClient::Request.new(url: 'http://google.com', method: :get) }
     subject(:headers) { described_class.new(request) }
     let(:driver) { headers.instance_variable_get('@request') }
 
-    context 'when request has md5 header' do
+    context 'when request has X-Authorization-Content-SHA256 header' do
       it 'asks the driver' do
-        allow(driver).to receive(:content_md5).and_return '1234'
+        allow(driver).to receive(:content_hash).and_return '1234'
 
-        expect(driver).to receive(:md5_mismatch?).and_call_original
-        headers.md5_mismatch?
+        expect(driver).to receive(:content_hash_mismatch?).and_call_original
+        headers.content_hash_mismatch?
       end
     end
 
-    context 'when request has no md5' do
+    context 'when request has no content hash' do
       it "doesn't ask the driver" do
-        allow(driver).to receive(:content_md5).and_return nil
+        allow(driver).to receive(:content_hash).and_return nil
 
-        expect(driver).not_to receive(:md5_mismatch?).and_call_original
-        headers.md5_mismatch?
+        expect(driver).not_to receive(:content_hash_mismatch?).and_call_original
+        headers.content_hash_mismatch?
       end
 
       it 'returns false' do
-        allow(driver).to receive(:content_md5).and_return nil
+        allow(driver).to receive(:content_hash).and_return nil
 
-        expect(headers.md5_mismatch?).to be false
+        expect(headers.content_hash_mismatch?).to be false
       end
     end
   end

data/spec/helpers_spec.rb

@@ -1,4 +1,4 @@
-require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
+require 'spec_helper'
 
 describe 'ApiAuth::Helpers' do
   it 'should strip the new line character on a Base64 encoding' do

data/spec/railtie_spec.rb

@@ -1,4 +1,4 @@
-require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
+require 'spec_helper'
 
 describe 'Rails integration' do
   API_KEY_STORE = { '1044' => 'l16imAXie1sRMcJODpOG7UwC1VyoqvO13jejkfpKWX4Z09W8DC9IrU23DvCwMry7pgSFW6c5S1GIfV0OY6F/vUA==' }.freeze
@@ -8,8 +8,8 @@ describe 'Rails integration' do
       private
 
       def require_api_auth
-        if (access_id = get_api_access_id_from_request)
-          return true if api_authenticated?(API_KEY_STORE[access_id])
+        if (access_id = get_api_access_id_from_request) && api_authenticated?(API_KEY_STORE[access_id])
+          return true
         end
 
         respond_to do |format|

data/spec/request_drivers/action_controller_spec.rb

@@ -11,7 +11,7 @@ if defined?(ActionController::Request)
         'PATH_INFO' => '/resource.xml',
         'QUERY_STRING' => 'foo=bar&bar=foo',
         'REQUEST_METHOD' => 'PUT',
-        'CONTENT_MD5' => '1B2M2Y8AsgTpgAmY7PhCfg==',
+        'X-Authorization-Content-SHA256' => '47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=',
         'CONTENT_TYPE' => 'text/plain',
         'CONTENT_LENGTH' => '11',
         'HTTP_DATE' => timestamp,
@@ -26,8 +26,8 @@ if defined?(ActionController::Request)
         expect(driven_request.content_type).to eq('text/plain')
       end
 
-      it 'gets the content_md5' do
-        expect(driven_request.content_md5).to eq('1B2M2Y8AsgTpgAmY7PhCfg==')
+      it 'gets the content_hash' do
+        expect(driven_request.content_hash).to eq('47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=')
       end
 
       it 'gets the request_uri' do
@@ -42,15 +42,15 @@ if defined?(ActionController::Request)
         expect(driven_request.authorization_header).to eq('APIAuth 1044:12345')
       end
 
-      describe '#calculated_md5' do
-        it 'calculates md5 from the body' do
-          expect(driven_request.calculated_md5).to eq('kZXQvrKoieG+Be1rsZVINw==')
+      describe '#calculated_hash' do
+        it 'calculates hash from the body' do
+          expect(driven_request.calculated_hash).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
         end
 
         it 'treats no body as empty string' do
           request.env['rack.input'] = StringIO.new
           request.env['CONTENT_LENGTH'] = 0
-          expect(driven_request.calculated_md5).to eq('1B2M2Y8AsgTpgAmY7PhCfg==')
+          expect(driven_request.calculated_hash).to eq('47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=')
         end
       end
 
@@ -89,46 +89,46 @@ if defined?(ActionController::Request)
         )
       end
 
-      describe '#populate_content_md5' do
+      describe '#populate_content_hash' do
         context 'when getting' do
-          it "doesn't populate content-md5" do
+          it "doesn't populate content hash" do
             request.env['REQUEST_METHOD'] = 'GET'
-            driven_request.populate_content_md5
-            expect(request.env['Content-MD5']).to be_nil
+            driven_request.populate_content_hash
+            expect(request.env['X-Authorization-Content-SHA256']).to be_nil
           end
         end
 
         context 'when posting' do
-          it 'populates content-md5' do
+          it 'populates content hash' do
             request.env['REQUEST_METHOD'] = 'POST'
-            driven_request.populate_content_md5
-            expect(request.env['Content-MD5']).to eq('kZXQvrKoieG+Be1rsZVINw==')
+            driven_request.populate_content_hash
+            expect(request.env['X-Authorization-Content-SHA256']).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
           end
 
           it 'refreshes the cached headers' do
-            driven_request.populate_content_md5
-            expect(driven_request.content_md5).to eq('kZXQvrKoieG+Be1rsZVINw==')
+            driven_request.populate_content_hash
+            expect(driven_request.content_hash).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
           end
         end
 
         context 'when putting' do
-          it 'populates content-md5' do
+          it 'populates content hash' do
             request.env['REQUEST_METHOD'] = 'PUT'
-            driven_request.populate_content_md5
-            expect(request.env['Content-MD5']).to eq('kZXQvrKoieG+Be1rsZVINw==')
+            driven_request.populate_content_hash
+            expect(request.env['X-Authorization-Content-SHA256']).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
           end
 
           it 'refreshes the cached headers' do
-            driven_request.populate_content_md5
-            expect(driven_request.content_md5).to eq('kZXQvrKoieG+Be1rsZVINw==')
+            driven_request.populate_content_hash
+            expect(driven_request.content_hash).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
           end
         end
 
         context 'when deleting' do
-          it "doesn't populate content-md5" do
+          it "doesn't populate content hash" do
             request.env['REQUEST_METHOD'] = 'DELETE'
-            driven_request.populate_content_md5
-            expect(request.env['Content-MD5']).to be_nil
+            driven_request.populate_content_hash
+            expect(request.env['X-Authorization-Content-SHA256']).to be_nil
           end
         end
       end
@@ -157,14 +157,14 @@ if defined?(ActionController::Request)
       end
     end
 
-    describe 'md5_mismatch?' do
+    describe 'content_hash_mismatch?' do
       context 'when getting' do
         before do
           request.env['REQUEST_METHOD'] = 'GET'
         end
 
         it 'is false' do
-          expect(driven_request.md5_mismatch?).to be false
+          expect(driven_request.content_hash_mismatch?).to be false
         end
       end
 
@@ -175,21 +175,21 @@ if defined?(ActionController::Request)
 
         context 'when calculated matches sent' do
           before do
-            request.env['CONTENT_MD5'] = 'kZXQvrKoieG+Be1rsZVINw=='
+            request.env['X-Authorization-Content-SHA256'] = 'JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g='
           end
 
           it 'is false' do
-            expect(driven_request.md5_mismatch?).to be false
+            expect(driven_request.content_hash_mismatch?).to be false
           end
         end
 
         context "when calculated doesn't match sent" do
           before do
-            request.env['CONTENT_MD5'] = '3'
+            request.env['X-Authorization-Content-SHA256'] = '3'
           end
 
           it 'is true' do
-            expect(driven_request.md5_mismatch?).to be true
+            expect(driven_request.content_hash_mismatch?).to be true
           end
         end
       end
@@ -201,21 +201,21 @@ if defined?(ActionController::Request)
 
         context 'when calculated matches sent' do
           before do
-            request.env['CONTENT_MD5'] = 'kZXQvrKoieG+Be1rsZVINw=='
+            request.env['X-Authorization-Content-SHA256'] = 'JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g='
           end
 
           it 'is false' do
-            expect(driven_request.md5_mismatch?).to be false
+            expect(driven_request.content_hash_mismatch?).to be false
           end
         end
 
         context "when calculated doesn't match sent" do
           before do
-            request.env['CONTENT_MD5'] = '3'
+            request.env['X-Authorization-Content-SHA256'] = '3'
           end
 
           it 'is true' do
-            expect(driven_request.md5_mismatch?).to be true
+            expect(driven_request.content_hash_mismatch?).to be true
           end
         end
       end
@@ -226,7 +226,7 @@ if defined?(ActionController::Request)
         end
 
         it 'is false' do
-          expect(driven_request.md5_mismatch?).to be false
+          expect(driven_request.content_hash_mismatch?).to be false
         end
       end
     end

data/spec/request_drivers/action_dispatch_spec.rb

@@ -11,7 +11,7 @@ if defined?(ActionDispatch::Request)
         'PATH_INFO' => '/resource.xml',
         'QUERY_STRING' => 'foo=bar&bar=foo',
         'REQUEST_METHOD' => 'PUT',
-        'CONTENT_MD5' => '1B2M2Y8AsgTpgAmY7PhCfg==',
+        'X-Authorization-Content-SHA256' => '47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=',
         'CONTENT_TYPE' => 'text/plain',
         'CONTENT_LENGTH' => '11',
         'HTTP_DATE' => timestamp,
@@ -26,8 +26,8 @@ if defined?(ActionDispatch::Request)
         expect(driven_request.content_type).to eq('text/plain')
       end
 
-      it 'gets the content_md5' do
-        expect(driven_request.content_md5).to eq('1B2M2Y8AsgTpgAmY7PhCfg==')
+      it 'gets the content_hash' do
+        expect(driven_request.content_hash).to eq('47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=')
       end
 
       it 'gets the request_uri' do
@@ -42,15 +42,15 @@ if defined?(ActionDispatch::Request)
         expect(driven_request.authorization_header).to eq('APIAuth 1044:12345')
       end
 
-      describe '#calculated_md5' do
-        it 'calculates md5 from the body' do
-          expect(driven_request.calculated_md5).to eq('kZXQvrKoieG+Be1rsZVINw==')
+      describe '#calculated_hash' do
+        it 'calculates hash from the body' do
+          expect(driven_request.calculated_hash).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
         end
 
         it 'treats no body as empty string' do
           request.env['rack.input'] = StringIO.new
           request.env['CONTENT_LENGTH'] = 0
-          expect(driven_request.calculated_md5).to eq('1B2M2Y8AsgTpgAmY7PhCfg==')
+          expect(driven_request.calculated_hash).to eq('47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=')
         end
       end
 
@@ -89,46 +89,46 @@ if defined?(ActionDispatch::Request)
         )
       end
 
-      describe '#populate_content_md5' do
+      describe '#populate_content_hash' do
         context 'when getting' do
-          it "doesn't populate content-md5" do
+          it "doesn't populate content hash" do
             request.env['REQUEST_METHOD'] = 'GET'
-            driven_request.populate_content_md5
-            expect(request.env['Content-MD5']).to be_nil
+            driven_request.populate_content_hash
+            expect(request.env['X-AUTHORIZATION-CONTENT-SHA256']).to be_nil
           end
         end
 
         context 'when posting' do
-          it 'populates content-md5' do
+          it 'populates content hash' do
             request.env['REQUEST_METHOD'] = 'POST'
-            driven_request.populate_content_md5
-            expect(request.env['Content-MD5']).to eq('kZXQvrKoieG+Be1rsZVINw==')
+            driven_request.populate_content_hash
+            expect(request.env['X-AUTHORIZATION-CONTENT-SHA256']).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
           end
 
           it 'refreshes the cached headers' do
-            driven_request.populate_content_md5
-            expect(driven_request.content_md5).to eq('kZXQvrKoieG+Be1rsZVINw==')
+            driven_request.populate_content_hash
+            expect(driven_request.content_hash).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
           end
         end
 
         context 'when putting' do
-          it 'populates content-md5' do
+          it 'populates content hash' do
             request.env['REQUEST_METHOD'] = 'PUT'
-            driven_request.populate_content_md5
-            expect(request.env['Content-MD5']).to eq('kZXQvrKoieG+Be1rsZVINw==')
+            driven_request.populate_content_hash
+            expect(request.env['X-AUTHORIZATION-CONTENT-SHA256']).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
           end
 
           it 'refreshes the cached headers' do
-            driven_request.populate_content_md5
-            expect(driven_request.content_md5).to eq('kZXQvrKoieG+Be1rsZVINw==')
+            driven_request.populate_content_hash
+            expect(driven_request.content_hash).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
           end
         end
 
         context 'when deleting' do
-          it "doesn't populate content-md5" do
+          it "doesn't populate content hash" do
             request.env['REQUEST_METHOD'] = 'DELETE'
-            driven_request.populate_content_md5
-            expect(request.env['Content-MD5']).to be_nil
+            driven_request.populate_content_hash
+            expect(request.env['X-AUTHORIZATION-CONTENT-SHA256']).to be_nil
           end
         end
       end
@@ -157,14 +157,14 @@ if defined?(ActionDispatch::Request)
       end
     end
 
-    describe 'md5_mismatch?' do
+    describe 'content_hash_mismatch?' do
       context 'when getting' do
         before do
           request.env['REQUEST_METHOD'] = 'GET'
         end
 
         it 'is false' do
-          expect(driven_request.md5_mismatch?).to be false
+          expect(driven_request.content_hash_mismatch?).to be false
         end
       end
 
@@ -175,21 +175,21 @@ if defined?(ActionDispatch::Request)
 
         context 'when calculated matches sent' do
           before do
-            request.env['CONTENT_MD5'] = 'kZXQvrKoieG+Be1rsZVINw=='
+            request.env['X-AUTHORIZATION-CONTENT-SHA256'] = 'JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g='
           end
 
           it 'is false' do
-            expect(driven_request.md5_mismatch?).to be false
+            expect(driven_request.content_hash_mismatch?).to be false
           end
         end
 
         context "when calculated doesn't match sent" do
           before do
-            request.env['CONTENT_MD5'] = '3'
+            request.env['X-AUTHORIZATION-CONTENT-SHA256'] = '3'
           end
 
           it 'is true' do
-            expect(driven_request.md5_mismatch?).to be true
+            expect(driven_request.content_hash_mismatch?).to be true
           end
         end
       end
@@ -201,21 +201,21 @@ if defined?(ActionDispatch::Request)
 
         context 'when calculated matches sent' do
           before do
-            request.env['CONTENT_MD5'] = 'kZXQvrKoieG+Be1rsZVINw=='
+            request.env['X-AUTHORIZATION-CONTENT-SHA256'] = 'JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g='
           end
 
           it 'is false' do
-            expect(driven_request.md5_mismatch?).to be false
+            expect(driven_request.content_hash_mismatch?).to be false
           end
         end
 
         context "when calculated doesn't match sent" do
           before do
-            request.env['CONTENT_MD5'] = '3'
+            request.env['X-AUTHORIZATION-CONTENT-SHA256'] = '3'
           end
 
           it 'is true' do
-            expect(driven_request.md5_mismatch?).to be true
+            expect(driven_request.content_hash_mismatch?).to be true
           end
         end
       end
@@ -226,7 +226,7 @@ if defined?(ActionDispatch::Request)
         end
 
         it 'is false' do
-          expect(driven_request.md5_mismatch?).to be false
+          expect(driven_request.content_hash_mismatch?).to be false
         end
       end
     end