api-auth 2.4.1 → 2.5.0

data/spec/request_drivers/curb_spec.rb

@@ -6,7 +6,7 @@ describe ApiAuth::RequestDrivers::CurbRequest do
   let(:request) do
     headers = {
       'Authorization' => 'APIAuth 1044:12345',
-      'Content-MD5' => '1B2M2Y8AsgTpgAmY7PhCfg==',
+      'X-Authorization-Content-SHA256' => '47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=',
       'Content-Type' => 'text/plain',
       'Date' => timestamp
     }
@@ -22,8 +22,8 @@ describe ApiAuth::RequestDrivers::CurbRequest do
       expect(driven_request.content_type).to eq('text/plain')
     end
 
-    it 'gets the content_md5' do
-      expect(driven_request.content_md5).to eq('1B2M2Y8AsgTpgAmY7PhCfg==')
+    it 'gets the content_hash' do
+      expect(driven_request.content_hash).to eq('47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=')
     end
 
     it 'gets the request_uri' do
@@ -55,10 +55,10 @@ describe ApiAuth::RequestDrivers::CurbRequest do
       end
     end
 
-    describe '#populate_content_md5' do
+    describe '#populate_content_hash' do
       it 'is a no-op' do
-        expect(driven_request.populate_content_md5).to be_nil
-        expect(request.headers['Content-MD5']).to be_nil
+        expect(driven_request.populate_content_hash).to be_nil
+        expect(request.headers['X-Authorization-Content-SHA256']).to be_nil
       end
     end
 
@@ -86,9 +86,9 @@ describe ApiAuth::RequestDrivers::CurbRequest do
     end
   end
 
-  describe 'md5_mismatch?' do
+  describe 'content_hash_mismatch?' do
     it 'is always false' do
-      expect(driven_request.md5_mismatch?).to be false
+      expect(driven_request.content_hash_mismatch?).to be false
     end
   end
 

data/spec/request_drivers/faraday_spec.rb

@@ -20,7 +20,7 @@ describe ApiAuth::RequestDrivers::FaradayRequest do
   let(:request_headers) do
     {
       'Authorization' => 'APIAuth 1044:12345',
-      'Content-MD5' => '1B2M2Y8AsgTpgAmY7PhCfg==',
+      'X-Authorization-Content-SHA256' => '47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=',
       'content-type' => 'text/plain',
       'DATE' => timestamp
     }
@@ -44,8 +44,8 @@ describe ApiAuth::RequestDrivers::FaradayRequest do
       expect(driven_request.content_type).to eq('text/plain')
     end
 
-    it 'gets the content_md5' do
-      expect(driven_request.content_md5).to eq('1B2M2Y8AsgTpgAmY7PhCfg==')
+    it 'gets the content_hash' do
+      expect(driven_request.content_hash).to eq('47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=')
     end
 
     it 'gets the request_uri' do
@@ -60,14 +60,14 @@ describe ApiAuth::RequestDrivers::FaradayRequest do
       expect(driven_request.authorization_header).to eq('APIAuth 1044:12345')
     end
 
-    describe '#calculated_md5' do
-      it 'calculates md5 from the body' do
-        expect(driven_request.calculated_md5).to eq('kZXQvrKoieG+Be1rsZVINw==')
+    describe '#calculated_hash' do
+      it 'calculates hash from the body' do
+        expect(driven_request.calculated_hash).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
       end
 
       it 'treats no body as empty string' do
         request.body = nil
-        expect(driven_request.calculated_md5).to eq('1B2M2Y8AsgTpgAmY7PhCfg==')
+        expect(driven_request.calculated_hash).to eq('47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=')
       end
     end
 
@@ -115,46 +115,46 @@ describe ApiAuth::RequestDrivers::FaradayRequest do
       }
     end
 
-    describe '#populate_content_md5' do
+    describe '#populate_content_hash' do
       context 'when getting' do
-        it "doesn't populate content-md5" do
-          request.method = :get
-          driven_request.populate_content_md5
-          expect(request.headers['Content-MD5']).to be_nil
+        it "doesn't populate content hash" do
+          request.http_method = :get
+          driven_request.populate_content_hash
+          expect(request.headers['X-Authorization-Content-SHA256']).to be_nil
         end
       end
 
       context 'when posting' do
-        it 'populates content-md5' do
-          request.method = :post
-          driven_request.populate_content_md5
-          expect(request.headers['Content-MD5']).to eq('kZXQvrKoieG+Be1rsZVINw==')
+        it 'populates content hash' do
+          request.http_method = :post
+          driven_request.populate_content_hash
+          expect(request.headers['X-Authorization-Content-SHA256']).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
         end
 
         it 'refreshes the cached headers' do
-          driven_request.populate_content_md5
-          expect(driven_request.content_md5).to eq('kZXQvrKoieG+Be1rsZVINw==')
+          driven_request.populate_content_hash
+          expect(driven_request.content_hash).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
         end
       end
 
       context 'when putting' do
-        it 'populates content-md5' do
-          request.method = :put
-          driven_request.populate_content_md5
-          expect(request.headers['Content-MD5']).to eq('kZXQvrKoieG+Be1rsZVINw==')
+        it 'populates content hash' do
+          request.http_method = :put
+          driven_request.populate_content_hash
+          expect(request.headers['X-Authorization-Content-SHA256']).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
         end
 
         it 'refreshes the cached headers' do
-          driven_request.populate_content_md5
-          expect(driven_request.content_md5).to eq('kZXQvrKoieG+Be1rsZVINw==')
+          driven_request.populate_content_hash
+          expect(driven_request.content_hash).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
         end
       end
 
       context 'when deleting' do
-        it "doesn't populate content-md5" do
-          request.method = :delete
-          driven_request.populate_content_md5
-          expect(request.headers['Content-MD5']).to be_nil
+        it "doesn't populate content hash" do
+          request.http_method = :delete
+          driven_request.populate_content_hash
+          expect(request.headers['X-Authorization-Content-SHA256']).to be_nil
         end
       end
     end
@@ -183,76 +183,76 @@ describe ApiAuth::RequestDrivers::FaradayRequest do
     end
   end
 
-  describe 'md5_mismatch?' do
+  describe 'content_hash_mismatch?' do
     context 'when getting' do
       before do
-        request.method = :get
+        request.http_method = :get
       end
 
       it 'is false' do
-        expect(driven_request.md5_mismatch?).to be false
+        expect(driven_request.content_hash_mismatch?).to be false
       end
     end
 
     context 'when posting' do
       before do
-        request.method = :post
+        request.http_method = :post
       end
 
       context 'when calculated matches sent' do
         before do
-          request.headers['Content-MD5'] = 'kZXQvrKoieG+Be1rsZVINw=='
+          request.headers['X-Authorization-Content-SHA256'] = 'JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g='
         end
 
         it 'is false' do
-          expect(driven_request.md5_mismatch?).to be false
+          expect(driven_request.content_hash_mismatch?).to be false
         end
       end
 
       context "when calculated doesn't match sent" do
         before do
-          request.headers['Content-MD5'] = '3'
+          request.headers['X-Authorization-Content-SHA256'] = '3'
         end
 
         it 'is true' do
-          expect(driven_request.md5_mismatch?).to be true
+          expect(driven_request.content_hash_mismatch?).to be true
         end
       end
     end
 
     context 'when putting' do
       before do
-        request.method = :put
+        request.http_method = :put
       end
 
       context 'when calculated matches sent' do
         before do
-          request.headers['Content-MD5'] = 'kZXQvrKoieG+Be1rsZVINw=='
+          request.headers['X-Authorization-Content-SHA256'] = 'JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g='
         end
 
         it 'is false' do
-          expect(driven_request.md5_mismatch?).to be false
+          expect(driven_request.content_hash_mismatch?).to be false
         end
       end
 
       context "when calculated doesn't match sent" do
         before do
-          request.headers['Content-MD5'] = '3'
+          request.headers['X-Authorization-Content-SHA256'] = '3'
         end
 
         it 'is true' do
-          expect(driven_request.md5_mismatch?).to be true
+          expect(driven_request.content_hash_mismatch?).to be true
         end
       end
     end
 
     context 'when deleting' do
       before do
-        request.method = :delete
+        request.http_method = :delete
       end
 
       it 'is false' do
-        expect(driven_request.md5_mismatch?).to be false
+        expect(driven_request.content_hash_mismatch?).to be false
       end
     end
   end

data/spec/request_drivers/grape_request_spec.rb

@@ -26,8 +26,8 @@ describe ApiAuth::RequestDrivers::GrapeRequest do
   let(:timestamp) { Time.now.utc.httpdate }
   let(:request_headers) do
     {
-      'HTTP_X_HMAC_AUTHORIZATION' => 'APIAuth 1044:12345',
-      'HTTP_X_HMAC_CONTENT_MD5' => 'WEqCyXEuRBYZbohpZmUyAw==',
+      'HTTP_X_AUTHORIZATION' => 'APIAuth 1044:12345',
+      'HTTP_X_AUTHORIZATION_CONTENT_SHA256' => 'bxVSdFeR6aHBtw7+EBi5Bt8KllUZpUutOg9ChQmaSPA=',
       'HTTP_X_HMAC_CONTENT_TYPE' => 'text/plain',
       'HTTP_X_HMAC_DATE' => timestamp
     }
@@ -40,8 +40,8 @@ describe ApiAuth::RequestDrivers::GrapeRequest do
       expect(driven_request.content_type).to eq('text/plain')
     end
 
-    it 'gets the content_md5' do
-      expect(driven_request.content_md5).to eq('WEqCyXEuRBYZbohpZmUyAw==')
+    it 'gets the content_hash' do
+      expect(driven_request.content_hash).to eq('bxVSdFeR6aHBtw7+EBi5Bt8KllUZpUutOg9ChQmaSPA=')
     end
 
     it 'gets the request_uri' do
@@ -56,16 +56,16 @@ describe ApiAuth::RequestDrivers::GrapeRequest do
       expect(driven_request.authorization_header).to eq('APIAuth 1044:12345')
     end
 
-    describe '#calculated_md5' do
-      it 'calculates md5 from the body' do
-        expect(driven_request.calculated_md5).to eq('WEqCyXEuRBYZbohpZmUyAw==')
+    describe '#calculated_hash' do
+      it 'calculates hash from the body' do
+        expect(driven_request.calculated_hash).to eq('bxVSdFeR6aHBtw7+EBi5Bt8KllUZpUutOg9ChQmaSPA=')
       end
 
       context 'no body' do
         let(:params) { {} }
 
         it 'treats no body as empty string' do
-          expect(driven_request.calculated_md5).to eq('1B2M2Y8AsgTpgAmY7PhCfg==')
+          expect(driven_request.calculated_hash).to eq('47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=')
         end
       end
     end
@@ -96,50 +96,50 @@ describe ApiAuth::RequestDrivers::GrapeRequest do
       }
     end
 
-    describe '#populate_content_md5' do
+    describe '#populate_content_hash' do
       context 'when getting' do
         let(:method) { 'get' }
 
-        it "doesn't populate content-md5" do
-          driven_request.populate_content_md5
-          expect(request.headers['Content-Md5']).to be_nil
+        it "doesn't populate content hash" do
+          driven_request.populate_content_hash
+          expect(request.headers['X-Authorization-Content-Sha256']).to be_nil
         end
       end
 
       context 'when posting' do
         let(:method) { 'post' }
 
-        it 'populates content-md5' do
-          driven_request.populate_content_md5
-          expect(request.headers['Content-Md5']).to eq('WEqCyXEuRBYZbohpZmUyAw==')
+        it 'populates content bash' do
+          driven_request.populate_content_hash
+          expect(request.headers['X-Authorization-Content-Sha256']).to eq('bxVSdFeR6aHBtw7+EBi5Bt8KllUZpUutOg9ChQmaSPA=')
         end
 
         it 'refreshes the cached headers' do
-          driven_request.populate_content_md5
-          expect(driven_request.content_md5).to eq('WEqCyXEuRBYZbohpZmUyAw==')
+          driven_request.populate_content_hash
+          expect(driven_request.content_hash).to eq('bxVSdFeR6aHBtw7+EBi5Bt8KllUZpUutOg9ChQmaSPA=')
         end
       end
 
       context 'when putting' do
         let(:method) { 'put' }
 
-        it 'populates content-md5' do
-          driven_request.populate_content_md5
-          expect(request.headers['Content-Md5']).to eq('WEqCyXEuRBYZbohpZmUyAw==')
+        it 'populates content hash' do
+          driven_request.populate_content_hash
+          expect(request.headers['X-Authorization-Content-Sha256']).to eq('bxVSdFeR6aHBtw7+EBi5Bt8KllUZpUutOg9ChQmaSPA=')
         end
 
         it 'refreshes the cached headers' do
-          driven_request.populate_content_md5
-          expect(driven_request.content_md5).to eq('WEqCyXEuRBYZbohpZmUyAw==')
+          driven_request.populate_content_hash
+          expect(driven_request.content_hash).to eq('bxVSdFeR6aHBtw7+EBi5Bt8KllUZpUutOg9ChQmaSPA=')
         end
       end
 
       context 'when deleting' do
         let(:method) { 'delete' }
 
-        it "doesn't populate content-md5" do
-          driven_request.populate_content_md5
-          expect(request.headers['Content-Md5']).to be_nil
+        it "doesn't populate content hash" do
+          driven_request.populate_content_hash
+          expect(request.headers['X-Authorization-Content-Sha256']).to be_nil
         end
       end
     end
@@ -169,12 +169,12 @@ describe ApiAuth::RequestDrivers::GrapeRequest do
     end
   end
 
-  describe 'md5_mismatch?' do
+  describe 'content_hash_mismatch?' do
     context 'when getting' do
       let(:method) { 'get' }
 
       it 'is false' do
-        expect(driven_request.md5_mismatch?).to be false
+        expect(driven_request.content_hash_mismatch?).to be false
       end
     end
 
@@ -183,7 +183,7 @@ describe ApiAuth::RequestDrivers::GrapeRequest do
 
       context 'when calculated matches sent' do
         it 'is false' do
-          expect(driven_request.md5_mismatch?).to be false
+          expect(driven_request.content_hash_mismatch?).to be false
         end
       end
 
@@ -191,7 +191,7 @@ describe ApiAuth::RequestDrivers::GrapeRequest do
         let(:params) { { 'message' => 'hello only' } }
 
         it 'is true' do
-          expect(driven_request.md5_mismatch?).to be true
+          expect(driven_request.content_hash_mismatch?).to be true
         end
       end
     end
@@ -201,14 +201,15 @@ describe ApiAuth::RequestDrivers::GrapeRequest do
 
       context 'when calculated matches sent' do
         it 'is false' do
-          expect(driven_request.md5_mismatch?).to be false
+          puts driven_request.calculated_hash
+          expect(driven_request.content_hash_mismatch?).to be false
         end
       end
 
       context "when calculated doesn't match sent" do
         let(:params) { { 'message' => 'hello only' } }
         it 'is true' do
-          expect(driven_request.md5_mismatch?).to be true
+          expect(driven_request.content_hash_mismatch?).to be true
         end
       end
     end
@@ -217,7 +218,7 @@ describe ApiAuth::RequestDrivers::GrapeRequest do
       let(:method) { 'delete' }
 
       it 'is false' do
-        expect(driven_request.md5_mismatch?).to be false
+        expect(driven_request.content_hash_mismatch?).to be false
       end
     end
   end

data/spec/request_drivers/http_spec.rb

@@ -19,7 +19,7 @@ describe ApiAuth::RequestDrivers::HttpRequest do
   let(:headers) do
     {
       'Authorization' => 'APIAuth 1044:12345',
-      'content-md5' => '1B2M2Y8AsgTpgAmY7PhCfg==',
+      'X-Authorization-Content-SHA256' => '47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=',
       'content-type' => 'text/plain',
       'date' => timestamp
     }
@@ -32,8 +32,8 @@ describe ApiAuth::RequestDrivers::HttpRequest do
       expect(driven_request.content_type).to eq('text/plain')
     end
 
-    it 'gets the content_md5' do
-      expect(driven_request.content_md5).to eq('1B2M2Y8AsgTpgAmY7PhCfg==')
+    it 'gets the content_hash' do
+      expect(driven_request.content_hash).to eq('47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=')
     end
 
     it 'gets the request_uri' do
@@ -48,9 +48,9 @@ describe ApiAuth::RequestDrivers::HttpRequest do
       expect(driven_request.authorization_header).to eq('APIAuth 1044:12345')
     end
 
-    describe '#calculated_md5' do
-      it 'calculates md5 from the body' do
-        expect(driven_request.calculated_md5).to eq('kZXQvrKoieG+Be1rsZVINw==')
+    describe '#calculated_hash' do
+      it 'calculates hash from the body' do
+        expect(driven_request.calculated_hash).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
         expect(driven_request.body.bytesize).to eq(11)
       end
 
@@ -58,7 +58,7 @@ describe ApiAuth::RequestDrivers::HttpRequest do
         let(:body) { nil }
 
         it 'treats no body as empty string' do
-          expect(driven_request.calculated_md5).to eq('1B2M2Y8AsgTpgAmY7PhCfg==')
+          expect(driven_request.calculated_hash).to eq('47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=')
           expect(driven_request.body.bytesize).to eq(0)
         end
       end
@@ -67,7 +67,7 @@ describe ApiAuth::RequestDrivers::HttpRequest do
         let(:body) { File.new('spec/fixtures/upload.png') }
 
         it 'calculates correctly for multipart content' do
-          expect(driven_request.calculated_md5).to eq('k4U8MTA3RHDcewBzymVNEQ==')
+          expect(driven_request.calculated_hash).to eq('AlKDe7kjMQhuKgKuNG8I7GA93MasHcaVJkJLaUT7+dY=')
           expect(driven_request.body.bytesize).to eq(5112)
         end
       end
@@ -99,27 +99,27 @@ describe ApiAuth::RequestDrivers::HttpRequest do
       }
     end
 
-    describe '#populate_content_md5' do
+    describe '#populate_content_hash' do
       context 'when request type has no body' do
         let(:verb) { :get }
 
-        it "doesn't populate content-md5" do
-          driven_request.populate_content_md5
-          expect(request['Content-MD5']).to be_nil
+        it "doesn't populate content hash" do
+          driven_request.populate_content_hash
+          expect(request['X-Authorization-Content-SHA256']).to be_nil
         end
       end
 
       context 'when request type has a body' do
         let(:verb) { :put }
 
-        it 'populates content-md5' do
-          driven_request.populate_content_md5
-          expect(request['Content-MD5']).to eq('kZXQvrKoieG+Be1rsZVINw==')
+        it 'populates content hash' do
+          driven_request.populate_content_hash
+          expect(request['X-Authorization-Content-SHA256']).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
         end
 
         it 'refreshes the cached headers' do
-          driven_request.populate_content_md5
-          expect(driven_request.content_md5).to eq('kZXQvrKoieG+Be1rsZVINw==')
+          driven_request.populate_content_hash
+          expect(driven_request.content_hash).to eq('JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g=')
         end
       end
     end
@@ -148,12 +148,12 @@ describe ApiAuth::RequestDrivers::HttpRequest do
     end
   end
 
-  describe 'md5_mismatch?' do
+  describe 'content_hash_mismatch?' do
     context 'when request type has no body' do
       let(:verb) { :get }
 
       it 'is false' do
-        expect(driven_request.md5_mismatch?).to be false
+        expect(driven_request.content_hash_mismatch?).to be false
       end
     end
 
@@ -162,21 +162,21 @@ describe ApiAuth::RequestDrivers::HttpRequest do
 
       context 'when calculated matches sent' do
         before do
-          request['Content-MD5'] = 'kZXQvrKoieG+Be1rsZVINw=='
+          request['X-Authorization-Content-SHA256'] = 'JsYKYdAdtYNspw/v1EpqAWYgQTyO9fJZpsVhLU9507g='
         end
 
         it 'is false' do
-          expect(driven_request.md5_mismatch?).to be false
+          expect(driven_request.content_hash_mismatch?).to be false
         end
       end
 
       context "when calculated doesn't match sent" do
         before do
-          request['Content-MD5'] = '3'
+          request['X-Authorization-Content-SHA256'] = '3'
         end
 
         it 'is true' do
-          expect(driven_request.md5_mismatch?).to be true
+          expect(driven_request.content_hash_mismatch?).to be true
         end
       end
     end