api-auth 2.4.1 → 2.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.rubocop.yml +6 -2
- data/.rubocop_todo.yml +29 -19
- data/.travis.yml +4 -11
- data/CHANGELOG.md +8 -0
- data/README.md +28 -26
- data/VERSION +1 -1
- data/api_auth.gemspec +5 -4
- data/gemfiles/rails_60.gemfile +0 -2
- data/gemfiles/{rails_51.gemfile → rails_61.gemfile} +4 -2
- data/lib/api_auth/base.rb +2 -2
- data/lib/api_auth/headers.rb +6 -6
- data/lib/api_auth/helpers.rb +2 -2
- data/lib/api_auth/railtie.rb +3 -1
- data/lib/api_auth/request_drivers/action_controller.rb +8 -8
- data/lib/api_auth/request_drivers/curb.rb +4 -4
- data/lib/api_auth/request_drivers/faraday.rb +11 -11
- data/lib/api_auth/request_drivers/grape_request.rb +8 -8
- data/lib/api_auth/request_drivers/http.rb +8 -8
- data/lib/api_auth/request_drivers/httpi.rb +8 -8
- data/lib/api_auth/request_drivers/net_http.rb +8 -8
- data/lib/api_auth/request_drivers/rack.rb +8 -8
- data/lib/api_auth/request_drivers/rest_client.rb +8 -8
- data/spec/api_auth_spec.rb +8 -8
- data/spec/headers_spec.rb +26 -26
- data/spec/helpers_spec.rb +1 -1
- data/spec/railtie_spec.rb +3 -3
- data/spec/request_drivers/action_controller_spec.rb +35 -35
- data/spec/request_drivers/action_dispatch_spec.rb +35 -35
- data/spec/request_drivers/curb_spec.rb +8 -8
- data/spec/request_drivers/faraday_spec.rb +43 -43
- data/spec/request_drivers/grape_request_spec.rb +33 -32
- data/spec/request_drivers/http_spec.rb +23 -23
- data/spec/request_drivers/httpi_spec.rb +22 -22
- data/spec/request_drivers/net_http_spec.rb +23 -23
- data/spec/request_drivers/rack_spec.rb +35 -35
- data/spec/request_drivers/rest_client_spec.rb +36 -36
- metadata +29 -19
- data/gemfiles/http2.gemfile +0 -7
- data/gemfiles/http3.gemfile +0 -7
- data/gemfiles/rails_5.gemfile +0 -9
- data/spec/.rubocop.yml +0 -5
data/spec/headers_spec.rb
CHANGED
@@ -1,4 +1,4 @@
|
|
1
|
-
require
|
1
|
+
require 'spec_helper'
|
2
2
|
|
3
3
|
describe ApiAuth::Headers do
|
4
4
|
describe '#canonical_string' do
|
@@ -53,7 +53,7 @@ describe ApiAuth::Headers do
|
|
53
53
|
before do
|
54
54
|
allow(driver).to receive(:http_method).and_return 'GET'
|
55
55
|
allow(driver).to receive(:content_type).and_return 'text/html'
|
56
|
-
allow(driver).to receive(:
|
56
|
+
allow(driver).to receive(:content_hash).and_return '12345'
|
57
57
|
allow(driver).to receive(:request_uri).and_return '/foo'
|
58
58
|
allow(driver).to receive(:timestamp).and_return 'Mon, 23 Jan 1984 03:29:56 GMT'
|
59
59
|
end
|
@@ -83,7 +83,7 @@ describe ApiAuth::Headers do
|
|
83
83
|
before do
|
84
84
|
allow(driver).to receive(:http_method).and_return nil
|
85
85
|
allow(driver).to receive(:content_type).and_return 'text/html'
|
86
|
-
allow(driver).to receive(:
|
86
|
+
allow(driver).to receive(:content_hash).and_return '12345'
|
87
87
|
allow(driver).to receive(:request_uri).and_return '/foo'
|
88
88
|
allow(driver).to receive(:timestamp).and_return 'Mon, 23 Jan 1984 03:29:56 GMT'
|
89
89
|
end
|
@@ -115,7 +115,7 @@ describe ApiAuth::Headers do
|
|
115
115
|
|
116
116
|
before do
|
117
117
|
allow(driver).to receive(:content_type).and_return 'text/html'
|
118
|
-
allow(driver).to receive(:
|
118
|
+
allow(driver).to receive(:content_hash).and_return '12345'
|
119
119
|
allow(driver).to receive(:timestamp).and_return 'Mon, 23 Jan 1984 03:29:56 GMT'
|
120
120
|
end
|
121
121
|
|
@@ -140,7 +140,7 @@ describe ApiAuth::Headers do
|
|
140
140
|
|
141
141
|
before do
|
142
142
|
allow(driver).to receive(:content_type).and_return 'text/html'
|
143
|
-
allow(driver).to receive(:
|
143
|
+
allow(driver).to receive(:content_hash).and_return '12345'
|
144
144
|
allow(driver).to receive(:timestamp).and_return 'Mon, 23 Jan 1984 03:29:56 GMT'
|
145
145
|
end
|
146
146
|
|
@@ -154,11 +154,11 @@ describe ApiAuth::Headers do
|
|
154
154
|
end
|
155
155
|
end
|
156
156
|
|
157
|
-
describe '#
|
157
|
+
describe '#calculate_hash' do
|
158
158
|
subject(:headers) { described_class.new(request) }
|
159
159
|
let(:driver) { headers.instance_variable_get('@request') }
|
160
160
|
|
161
|
-
context 'no
|
161
|
+
context 'no content hash already calculated' do
|
162
162
|
let(:request) do
|
163
163
|
RestClient::Request.new(
|
164
164
|
url: 'http://google.com',
|
@@ -167,55 +167,55 @@ describe ApiAuth::Headers do
|
|
167
167
|
)
|
168
168
|
end
|
169
169
|
|
170
|
-
it 'populates the
|
171
|
-
expect(driver).to receive(:
|
172
|
-
headers.
|
170
|
+
it 'populates the content hash header' do
|
171
|
+
expect(driver).to receive(:populate_content_hash)
|
172
|
+
headers.calculate_hash
|
173
173
|
end
|
174
174
|
end
|
175
175
|
|
176
|
-
context '
|
176
|
+
context 'hash already calculated' do
|
177
177
|
let(:request) do
|
178
178
|
RestClient::Request.new(
|
179
179
|
url: 'http://google.com',
|
180
180
|
method: :post,
|
181
181
|
payload: "hello\nworld",
|
182
|
-
headers: {
|
182
|
+
headers: { 'X-Authorization-Content-SHA256' => 'abcd' }
|
183
183
|
)
|
184
184
|
end
|
185
185
|
|
186
|
-
it "doesn't populate the
|
187
|
-
expect(driver).not_to receive(:
|
188
|
-
headers.
|
186
|
+
it "doesn't populate the X-Authorization-Content-SHA256 header" do
|
187
|
+
expect(driver).not_to receive(:populate_content_hash)
|
188
|
+
headers.calculate_hash
|
189
189
|
end
|
190
190
|
end
|
191
191
|
end
|
192
192
|
|
193
|
-
describe '#
|
193
|
+
describe '#content_hash_mismatch?' do
|
194
194
|
let(:request) { RestClient::Request.new(url: 'http://google.com', method: :get) }
|
195
195
|
subject(:headers) { described_class.new(request) }
|
196
196
|
let(:driver) { headers.instance_variable_get('@request') }
|
197
197
|
|
198
|
-
context 'when request has
|
198
|
+
context 'when request has X-Authorization-Content-SHA256 header' do
|
199
199
|
it 'asks the driver' do
|
200
|
-
allow(driver).to receive(:
|
200
|
+
allow(driver).to receive(:content_hash).and_return '1234'
|
201
201
|
|
202
|
-
expect(driver).to receive(:
|
203
|
-
headers.
|
202
|
+
expect(driver).to receive(:content_hash_mismatch?).and_call_original
|
203
|
+
headers.content_hash_mismatch?
|
204
204
|
end
|
205
205
|
end
|
206
206
|
|
207
|
-
context 'when request has no
|
207
|
+
context 'when request has no content hash' do
|
208
208
|
it "doesn't ask the driver" do
|
209
|
-
allow(driver).to receive(:
|
209
|
+
allow(driver).to receive(:content_hash).and_return nil
|
210
210
|
|
211
|
-
expect(driver).not_to receive(:
|
212
|
-
headers.
|
211
|
+
expect(driver).not_to receive(:content_hash_mismatch?).and_call_original
|
212
|
+
headers.content_hash_mismatch?
|
213
213
|
end
|
214
214
|
|
215
215
|
it 'returns false' do
|
216
|
-
allow(driver).to receive(:
|
216
|
+
allow(driver).to receive(:content_hash).and_return nil
|
217
217
|
|
218
|
-
expect(headers.
|
218
|
+
expect(headers.content_hash_mismatch?).to be false
|
219
219
|
end
|
220
220
|
end
|
221
221
|
end
|
data/spec/helpers_spec.rb
CHANGED
data/spec/railtie_spec.rb
CHANGED
@@ -1,4 +1,4 @@
|
|
1
|
-
require
|
1
|
+
require 'spec_helper'
|
2
2
|
|
3
3
|
describe 'Rails integration' do
|
4
4
|
API_KEY_STORE = { '1044' => 'l16imAXie1sRMcJODpOG7UwC1VyoqvO13jejkfpKWX4Z09W8DC9IrU23DvCwMry7pgSFW6c5S1GIfV0OY6F/vUA==' }.freeze
|
@@ -8,8 +8,8 @@ describe 'Rails integration' do
|
|
8
8
|
private
|
9
9
|
|
10
10
|
def require_api_auth
|
11
|
-
if (access_id = get_api_access_id_from_request)
|
12
|
-
return true
|
11
|
+
if (access_id = get_api_access_id_from_request) && api_authenticated?(API_KEY_STORE[access_id])
|
12
|
+
return true
|
13
13
|
end
|
14
14
|
|
15
15
|
respond_to do |format|
|
@@ -11,7 +11,7 @@ if defined?(ActionController::Request)
|
|
11
11
|
'PATH_INFO' => '/resource.xml',
|
12
12
|
'QUERY_STRING' => 'foo=bar&bar=foo',
|
13
13
|
'REQUEST_METHOD' => 'PUT',
|
14
|
-
'
|
14
|
+
'X-Authorization-Content-SHA256' => '47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=',
|
15
15
|
'CONTENT_TYPE' => 'text/plain',
|
16
16
|
'CONTENT_LENGTH' => '11',
|
17
17
|
'HTTP_DATE' => timestamp,
|
@@ -26,8 +26,8 @@ if defined?(ActionController::Request)
|
|
26
26
|
expect(driven_request.content_type).to eq('text/plain')
|
27
27
|
end
|
28
28
|
|
29
|
-
it 'gets the
|
30
|
-
expect(driven_request.
|
29
|
+
it 'gets the content_hash' do
|
30
|
+
expect(driven_request.content_hash).to eq('47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=')
|
31
31
|
end
|
32
32
|
|
33
33
|
it 'gets the request_uri' do
|
@@ -42,15 +42,15 @@ if defined?(ActionController::Request)
|
|
42
42
|
expect(driven_request.authorization_header).to eq('APIAuth 1044:12345')
|
43
43
|
end
|
44
44
|
|
45
|
-
describe '#
|
46
|
-
it 'calculates
|
47
|
-
expect(driven_request.
|
45
|
+
describe '#calculated_hash' do
|
46
|
+
it 'calculates hash from the body' do
|
47
|
+
expect(driven_request.calculated_hash).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
|
48
48
|
end
|
49
49
|
|
50
50
|
it 'treats no body as empty string' do
|
51
51
|
request.env['rack.input'] = StringIO.new
|
52
52
|
request.env['CONTENT_LENGTH'] = 0
|
53
|
-
expect(driven_request.
|
53
|
+
expect(driven_request.calculated_hash).to eq('47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=')
|
54
54
|
end
|
55
55
|
end
|
56
56
|
|
@@ -89,46 +89,46 @@ if defined?(ActionController::Request)
|
|
89
89
|
)
|
90
90
|
end
|
91
91
|
|
92
|
-
describe '#
|
92
|
+
describe '#populate_content_hash' do
|
93
93
|
context 'when getting' do
|
94
|
-
it "doesn't populate content
|
94
|
+
it "doesn't populate content hash" do
|
95
95
|
request.env['REQUEST_METHOD'] = 'GET'
|
96
|
-
driven_request.
|
97
|
-
expect(request.env['Content-
|
96
|
+
driven_request.populate_content_hash
|
97
|
+
expect(request.env['X-Authorization-Content-SHA256']).to be_nil
|
98
98
|
end
|
99
99
|
end
|
100
100
|
|
101
101
|
context 'when posting' do
|
102
|
-
it 'populates content
|
102
|
+
it 'populates content hash' do
|
103
103
|
request.env['REQUEST_METHOD'] = 'POST'
|
104
|
-
driven_request.
|
105
|
-
expect(request.env['Content-
|
104
|
+
driven_request.populate_content_hash
|
105
|
+
expect(request.env['X-Authorization-Content-SHA256']).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
|
106
106
|
end
|
107
107
|
|
108
108
|
it 'refreshes the cached headers' do
|
109
|
-
driven_request.
|
110
|
-
expect(driven_request.
|
109
|
+
driven_request.populate_content_hash
|
110
|
+
expect(driven_request.content_hash).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
|
111
111
|
end
|
112
112
|
end
|
113
113
|
|
114
114
|
context 'when putting' do
|
115
|
-
it 'populates content
|
115
|
+
it 'populates content hash' do
|
116
116
|
request.env['REQUEST_METHOD'] = 'PUT'
|
117
|
-
driven_request.
|
118
|
-
expect(request.env['Content-
|
117
|
+
driven_request.populate_content_hash
|
118
|
+
expect(request.env['X-Authorization-Content-SHA256']).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
|
119
119
|
end
|
120
120
|
|
121
121
|
it 'refreshes the cached headers' do
|
122
|
-
driven_request.
|
123
|
-
expect(driven_request.
|
122
|
+
driven_request.populate_content_hash
|
123
|
+
expect(driven_request.content_hash).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
|
124
124
|
end
|
125
125
|
end
|
126
126
|
|
127
127
|
context 'when deleting' do
|
128
|
-
it "doesn't populate content
|
128
|
+
it "doesn't populate content hash" do
|
129
129
|
request.env['REQUEST_METHOD'] = 'DELETE'
|
130
|
-
driven_request.
|
131
|
-
expect(request.env['Content-
|
130
|
+
driven_request.populate_content_hash
|
131
|
+
expect(request.env['X-Authorization-Content-SHA256']).to be_nil
|
132
132
|
end
|
133
133
|
end
|
134
134
|
end
|
@@ -157,14 +157,14 @@ if defined?(ActionController::Request)
|
|
157
157
|
end
|
158
158
|
end
|
159
159
|
|
160
|
-
describe '
|
160
|
+
describe 'content_hash_mismatch?' do
|
161
161
|
context 'when getting' do
|
162
162
|
before do
|
163
163
|
request.env['REQUEST_METHOD'] = 'GET'
|
164
164
|
end
|
165
165
|
|
166
166
|
it 'is false' do
|
167
|
-
expect(driven_request.
|
167
|
+
expect(driven_request.content_hash_mismatch?).to be false
|
168
168
|
end
|
169
169
|
end
|
170
170
|
|
@@ -175,21 +175,21 @@ if defined?(ActionController::Request)
|
|
175
175
|
|
176
176
|
context 'when calculated matches sent' do
|
177
177
|
before do
|
178
|
-
request.env['
|
178
|
+
request.env['X-Authorization-Content-SHA256'] = 'JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g='
|
179
179
|
end
|
180
180
|
|
181
181
|
it 'is false' do
|
182
|
-
expect(driven_request.
|
182
|
+
expect(driven_request.content_hash_mismatch?).to be false
|
183
183
|
end
|
184
184
|
end
|
185
185
|
|
186
186
|
context "when calculated doesn't match sent" do
|
187
187
|
before do
|
188
|
-
request.env['
|
188
|
+
request.env['X-Authorization-Content-SHA256'] = '3'
|
189
189
|
end
|
190
190
|
|
191
191
|
it 'is true' do
|
192
|
-
expect(driven_request.
|
192
|
+
expect(driven_request.content_hash_mismatch?).to be true
|
193
193
|
end
|
194
194
|
end
|
195
195
|
end
|
@@ -201,21 +201,21 @@ if defined?(ActionController::Request)
|
|
201
201
|
|
202
202
|
context 'when calculated matches sent' do
|
203
203
|
before do
|
204
|
-
request.env['
|
204
|
+
request.env['X-Authorization-Content-SHA256'] = 'JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g='
|
205
205
|
end
|
206
206
|
|
207
207
|
it 'is false' do
|
208
|
-
expect(driven_request.
|
208
|
+
expect(driven_request.content_hash_mismatch?).to be false
|
209
209
|
end
|
210
210
|
end
|
211
211
|
|
212
212
|
context "when calculated doesn't match sent" do
|
213
213
|
before do
|
214
|
-
request.env['
|
214
|
+
request.env['X-Authorization-Content-SHA256'] = '3'
|
215
215
|
end
|
216
216
|
|
217
217
|
it 'is true' do
|
218
|
-
expect(driven_request.
|
218
|
+
expect(driven_request.content_hash_mismatch?).to be true
|
219
219
|
end
|
220
220
|
end
|
221
221
|
end
|
@@ -226,7 +226,7 @@ if defined?(ActionController::Request)
|
|
226
226
|
end
|
227
227
|
|
228
228
|
it 'is false' do
|
229
|
-
expect(driven_request.
|
229
|
+
expect(driven_request.content_hash_mismatch?).to be false
|
230
230
|
end
|
231
231
|
end
|
232
232
|
end
|
@@ -11,7 +11,7 @@ if defined?(ActionDispatch::Request)
|
|
11
11
|
'PATH_INFO' => '/resource.xml',
|
12
12
|
'QUERY_STRING' => 'foo=bar&bar=foo',
|
13
13
|
'REQUEST_METHOD' => 'PUT',
|
14
|
-
'
|
14
|
+
'X-Authorization-Content-SHA256' => '47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=',
|
15
15
|
'CONTENT_TYPE' => 'text/plain',
|
16
16
|
'CONTENT_LENGTH' => '11',
|
17
17
|
'HTTP_DATE' => timestamp,
|
@@ -26,8 +26,8 @@ if defined?(ActionDispatch::Request)
|
|
26
26
|
expect(driven_request.content_type).to eq('text/plain')
|
27
27
|
end
|
28
28
|
|
29
|
-
it 'gets the
|
30
|
-
expect(driven_request.
|
29
|
+
it 'gets the content_hash' do
|
30
|
+
expect(driven_request.content_hash).to eq('47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=')
|
31
31
|
end
|
32
32
|
|
33
33
|
it 'gets the request_uri' do
|
@@ -42,15 +42,15 @@ if defined?(ActionDispatch::Request)
|
|
42
42
|
expect(driven_request.authorization_header).to eq('APIAuth 1044:12345')
|
43
43
|
end
|
44
44
|
|
45
|
-
describe '#
|
46
|
-
it 'calculates
|
47
|
-
expect(driven_request.
|
45
|
+
describe '#calculated_hash' do
|
46
|
+
it 'calculates hash from the body' do
|
47
|
+
expect(driven_request.calculated_hash).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
|
48
48
|
end
|
49
49
|
|
50
50
|
it 'treats no body as empty string' do
|
51
51
|
request.env['rack.input'] = StringIO.new
|
52
52
|
request.env['CONTENT_LENGTH'] = 0
|
53
|
-
expect(driven_request.
|
53
|
+
expect(driven_request.calculated_hash).to eq('47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=')
|
54
54
|
end
|
55
55
|
end
|
56
56
|
|
@@ -89,46 +89,46 @@ if defined?(ActionDispatch::Request)
|
|
89
89
|
)
|
90
90
|
end
|
91
91
|
|
92
|
-
describe '#
|
92
|
+
describe '#populate_content_hash' do
|
93
93
|
context 'when getting' do
|
94
|
-
it "doesn't populate content
|
94
|
+
it "doesn't populate content hash" do
|
95
95
|
request.env['REQUEST_METHOD'] = 'GET'
|
96
|
-
driven_request.
|
97
|
-
expect(request.env['
|
96
|
+
driven_request.populate_content_hash
|
97
|
+
expect(request.env['X-AUTHORIZATION-CONTENT-SHA256']).to be_nil
|
98
98
|
end
|
99
99
|
end
|
100
100
|
|
101
101
|
context 'when posting' do
|
102
|
-
it 'populates content
|
102
|
+
it 'populates content hash' do
|
103
103
|
request.env['REQUEST_METHOD'] = 'POST'
|
104
|
-
driven_request.
|
105
|
-
expect(request.env['
|
104
|
+
driven_request.populate_content_hash
|
105
|
+
expect(request.env['X-AUTHORIZATION-CONTENT-SHA256']).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
|
106
106
|
end
|
107
107
|
|
108
108
|
it 'refreshes the cached headers' do
|
109
|
-
driven_request.
|
110
|
-
expect(driven_request.
|
109
|
+
driven_request.populate_content_hash
|
110
|
+
expect(driven_request.content_hash).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
|
111
111
|
end
|
112
112
|
end
|
113
113
|
|
114
114
|
context 'when putting' do
|
115
|
-
it 'populates content
|
115
|
+
it 'populates content hash' do
|
116
116
|
request.env['REQUEST_METHOD'] = 'PUT'
|
117
|
-
driven_request.
|
118
|
-
expect(request.env['
|
117
|
+
driven_request.populate_content_hash
|
118
|
+
expect(request.env['X-AUTHORIZATION-CONTENT-SHA256']).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
|
119
119
|
end
|
120
120
|
|
121
121
|
it 'refreshes the cached headers' do
|
122
|
-
driven_request.
|
123
|
-
expect(driven_request.
|
122
|
+
driven_request.populate_content_hash
|
123
|
+
expect(driven_request.content_hash).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
|
124
124
|
end
|
125
125
|
end
|
126
126
|
|
127
127
|
context 'when deleting' do
|
128
|
-
it "doesn't populate content
|
128
|
+
it "doesn't populate content hash" do
|
129
129
|
request.env['REQUEST_METHOD'] = 'DELETE'
|
130
|
-
driven_request.
|
131
|
-
expect(request.env['
|
130
|
+
driven_request.populate_content_hash
|
131
|
+
expect(request.env['X-AUTHORIZATION-CONTENT-SHA256']).to be_nil
|
132
132
|
end
|
133
133
|
end
|
134
134
|
end
|
@@ -157,14 +157,14 @@ if defined?(ActionDispatch::Request)
|
|
157
157
|
end
|
158
158
|
end
|
159
159
|
|
160
|
-
describe '
|
160
|
+
describe 'content_hash_mismatch?' do
|
161
161
|
context 'when getting' do
|
162
162
|
before do
|
163
163
|
request.env['REQUEST_METHOD'] = 'GET'
|
164
164
|
end
|
165
165
|
|
166
166
|
it 'is false' do
|
167
|
-
expect(driven_request.
|
167
|
+
expect(driven_request.content_hash_mismatch?).to be false
|
168
168
|
end
|
169
169
|
end
|
170
170
|
|
@@ -175,21 +175,21 @@ if defined?(ActionDispatch::Request)
|
|
175
175
|
|
176
176
|
context 'when calculated matches sent' do
|
177
177
|
before do
|
178
|
-
request.env['
|
178
|
+
request.env['X-AUTHORIZATION-CONTENT-SHA256'] = 'JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g='
|
179
179
|
end
|
180
180
|
|
181
181
|
it 'is false' do
|
182
|
-
expect(driven_request.
|
182
|
+
expect(driven_request.content_hash_mismatch?).to be false
|
183
183
|
end
|
184
184
|
end
|
185
185
|
|
186
186
|
context "when calculated doesn't match sent" do
|
187
187
|
before do
|
188
|
-
request.env['
|
188
|
+
request.env['X-AUTHORIZATION-CONTENT-SHA256'] = '3'
|
189
189
|
end
|
190
190
|
|
191
191
|
it 'is true' do
|
192
|
-
expect(driven_request.
|
192
|
+
expect(driven_request.content_hash_mismatch?).to be true
|
193
193
|
end
|
194
194
|
end
|
195
195
|
end
|
@@ -201,21 +201,21 @@ if defined?(ActionDispatch::Request)
|
|
201
201
|
|
202
202
|
context 'when calculated matches sent' do
|
203
203
|
before do
|
204
|
-
request.env['
|
204
|
+
request.env['X-AUTHORIZATION-CONTENT-SHA256'] = 'JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g='
|
205
205
|
end
|
206
206
|
|
207
207
|
it 'is false' do
|
208
|
-
expect(driven_request.
|
208
|
+
expect(driven_request.content_hash_mismatch?).to be false
|
209
209
|
end
|
210
210
|
end
|
211
211
|
|
212
212
|
context "when calculated doesn't match sent" do
|
213
213
|
before do
|
214
|
-
request.env['
|
214
|
+
request.env['X-AUTHORIZATION-CONTENT-SHA256'] = '3'
|
215
215
|
end
|
216
216
|
|
217
217
|
it 'is true' do
|
218
|
-
expect(driven_request.
|
218
|
+
expect(driven_request.content_hash_mismatch?).to be true
|
219
219
|
end
|
220
220
|
end
|
221
221
|
end
|
@@ -226,7 +226,7 @@ if defined?(ActionDispatch::Request)
|
|
226
226
|
end
|
227
227
|
|
228
228
|
it 'is false' do
|
229
|
-
expect(driven_request.
|
229
|
+
expect(driven_request.content_hash_mismatch?).to be false
|
230
230
|
end
|
231
231
|
end
|
232
232
|
end
|