apipie-rails 1.1.0 → 1.2.1

data/lib/apipie/dsl_definition.rb

@@ -241,9 +241,11 @@ module Apipie
               method_params = self.class._apipie_get_method_params(action_name)
 
               if Apipie.configuration.validate_presence?
-                method_params.each do |_, param|
-                  # check if required parameters are present
-                  raise ParamMissing.new(param) if param.required && !params.key?(param.name)
+                Validator::BaseValidator.raise_if_missing_params do |missing|
+                  method_params.each do |_, param|
+                    # check if required parameters are present
+                    missing << param if param.required && !params.key?(param.name)
+                  end
                 end
               end
 
@@ -259,7 +261,7 @@ module Apipie
               if Apipie.configuration.validate_key?
                 params.reject{|k,_| %w[format controller action].include?(k.to_s) }.each_pair do |param, _|
                   # params allowed
-                  if method_params.select {|_,p| p.name.to_s == param.to_s}.empty?
+                  if method_params.none? {|_,p| p.name.to_s == param.to_s}
                     self.class._apipie_handle_validate_key_error params, param
                   end
                 end
@@ -285,7 +287,6 @@ module Apipie
               old_method.bind(self).call(*args)
             end
           end
-
         end
       end
 

data/lib/apipie/errors.rb

@@ -24,6 +24,20 @@ module Apipie
     end
   end
 
+  class ParamMultipleMissing < ParamError
+    attr_accessor :params
+
+    def initialize(params)
+      @params = params
+    end
+
+    def to_s
+      params.map do |param|
+        ParamMissing.new(param).to_s
+      end.join("\n")
+    end
+  end
+
   class ParamMissing < DefinedParamError
     def to_s
       unless @param.options[:missing_message].nil?

data/lib/apipie/extractor/collector.rb

@@ -19,7 +19,7 @@ module Apipie
       def ignore_call?(record)
         return true unless record[:controller]
         return true if @ignored.include?(record[:controller].name)
-        return true if @ignored.include?("#{Apipie.resource_id(record[:controller].name)}##{record[:action]}")
+        return true if @ignored.include?("#{Apipie.get_resource_id(record[:controller].name)}##{record[:action]}")
         return true unless @api_controllers_paths.include?(controller_full_path(record[:controller]))
       end
 

data/lib/apipie/extractor/recorder.rb

@@ -48,7 +48,7 @@ module Apipie
         else
           @query = request.query_string
         end
-        if response.content_type != 'application/pdf'
+        if response.media_type != 'application/pdf'
           @response_data = parse_data(response.body)
         end
         @code = response.code

data/lib/apipie/extractor.rb

@@ -15,10 +15,13 @@ class Apipie::Railtie
         end
       end
     end
-    app.middleware.use ::Apipie::Extractor::Recorder::Middleware
 
-    ActionController::TestCase.send(:prepend, Apipie::Extractor::Recorder::FunctionalTestRecording)
-    ActionController::TestCase::Behavior.send(:prepend, Apipie::Extractor::Recorder::FunctionalTestRecording)
+    if Apipie.configuration.record
+      app.middleware.use ::Apipie::Extractor::Recorder::Middleware
+
+      ActionController::TestCase.send(:prepend, Apipie::Extractor::Recorder::FunctionalTestRecording)
+      ActionController::TestCase::Behavior.send(:prepend, Apipie::Extractor::Recorder::FunctionalTestRecording)
+    end
   end
 end
 

data/lib/apipie/generator/swagger/config.rb

@@ -10,7 +10,7 @@ module Apipie
                              :json_input_uses_refs, :suppress_warnings, :api_host,
                              :generate_x_computed_id_field, :allow_additional_properties_in_response,
                              :responses_use_refs, :schemes, :security_definitions,
-                             :global_security].freeze
+                             :global_security, :skip_default_tags].freeze
 
         attr_accessor(*CONFIG_ATTRIBUTES)
 
@@ -43,6 +43,7 @@ module Apipie
         alias include_warning_tags? include_warning_tags
         alias json_input_uses_refs? json_input_uses_refs
         alias responses_use_refs? responses_use_refs
+        alias skip_default_tags? skip_default_tags
         alias generate_x_computed_id_field? generate_x_computed_id_field
         alias swagger_include_warning_tags? swagger_include_warning_tags
         alias swagger_json_input_uses_refs? swagger_json_input_uses_refs
@@ -61,6 +62,7 @@ module Apipie
           @schemes = [:https]
           @security_definitions = {}
           @global_security = []
+          @skip_default_tags = false
         end
 
         def self.deprecated_methods

data/lib/apipie/generator/swagger/method_description/api_schema_service.rb

@@ -47,9 +47,12 @@ class Apipie::Generator::Swagger::MethodDescription::ApiSchemaService
   end
 
   def tags
-    [@method_description.resource._id] +
-      warning_tags +
-      @method_description.tag_list.tags
+    tags = if Apipie.configuration.generator.swagger.skip_default_tags?
+             []
+           else
+             [@method_description.resource._id]
+           end
+    tags + warning_tags + @method_description.tag_list.tags
   end
 
   def warning_tags

data/lib/apipie/generator/swagger/warning.rb

@@ -59,7 +59,7 @@ class Apipie::Generator::Swagger::Warning
   #
   # @return [Apipie::Generator::Swagger::Warning]
   def self.for_code(code, method_id, message_attributes = {})
-    if !CODES.values.include?(code)
+    if !CODES.value?(code)
       raise ArgumentError, 'Unknown warning code'
     end
 

data/lib/apipie/resource_description.rb

@@ -26,7 +26,9 @@ module Apipie
       @controller = controller
       @_id = id
       @_version = version || Apipie.configuration.default_version
-      @_parent = Apipie.get_resource_description(controller.superclass, version)
+      @_parent = Apipie.value_from_parents(controller.superclass, version) do |parent, ver|
+        Apipie.get_resource_description(parent, ver)
+      end
 
       update_from_dsl_data(dsl_data) if dsl_data
     end
@@ -60,7 +62,16 @@ module Apipie
     end
 
     def name
-      @name ||= @_resource_name.presence || @_id.split('-').map(&:capitalize).join('::')
+      @name ||= case resource_name
+                when Proc
+          resource_name.call(controller)
+                when Symbol
+          controller.public_send(resource_name)
+                when String
+          resource_name
+        else
+          default_name
+        end
     end
     alias _name name
 
@@ -90,7 +101,9 @@ module Apipie
       Apipie.full_url crumbs.join('/')
     end
 
-    def api_url; "#{Apipie.api_base_url(_version)}#{@_path}"; end
+    def api_url
+      "#{Apipie.api_base_url(_version)}#{@_path}"
+    end
 
     def valid_method_name?(method_name)
       @_methods.keys.map(&:to_s).include?(method_name.to_s)
@@ -123,5 +136,17 @@ module Apipie
       }
     end
 
+    protected
+
+    def resource_name
+      @_resource_name.presence || @_parent&.resource_name
+    end
+
+    private
+
+    def default_name
+      @_id.split('-').map(&:capitalize).join('::')
+    end
+
   end
 end

data/lib/apipie/validator.rb

@@ -38,6 +38,16 @@ module Apipie
         return nil
       end
 
+      def self.raise_if_missing_params
+        missing_params = []
+        yield missing_params
+        if missing_params.size > 1
+          raise ParamMultipleMissing.new(missing_params)
+        elsif missing_params.size == 1
+          raise ParamMissing.new(missing_params.first)
+        end
+      end
+
       # check if value is valid
       def valid?(value)
         if self.validate(value)
@@ -345,14 +355,18 @@ module Apipie
 
       def validate(value)
         return false if !value.is_a? Hash
-        @hash_params&.each do |k, p|
-          if Apipie.configuration.validate_presence?
-            raise ParamMissing.new(p) if p.required && !value.key?(k)
-          end
-          if Apipie.configuration.validate_value?
-            p.validate(value[k]) if value.key?(k)
+
+        BaseValidator.raise_if_missing_params do |missing|
+          @hash_params&.each do |k, p|
+            if Apipie.configuration.validate_presence?
+              missing << p if p.required && !value.key?(k)
+            end
+            if Apipie.configuration.validate_value?
+              p.validate(value[k]) if value.key?(k)
+            end
           end
         end
+
         return true
       end
 

data/lib/apipie/version.rb

@@ -1,3 +1,3 @@
 module Apipie
-  VERSION = "1.1.0"
+  VERSION = "1.2.1"
 end

data/spec/controllers/api/v2/architectures_controller_spec.rb

@@ -1,12 +1,19 @@
 require 'spec_helper'
 
 describe Api::V2::ArchitecturesController do
+  let(:resource_description) { Apipie.get_resource_description(described_class, "2.0") }
+
   describe "resource description" do
-    subject { Apipie.get_resource_description(Api::V2::ArchitecturesController, "2.0") }
+    describe 'version' do
+      subject { resource_description._version }
 
-    it "should be version 2.0" do
-      expect(subject._version).to eq('2.0')
+      it { is_expected.to eq('2.0') }
     end
 
+    describe 'name' do
+      subject { resource_description.name }
+
+      it { is_expected.to eq('Architectures') }
+    end
   end
 end

data/spec/controllers/api/v2/empty_middle_controller_spec.rb

@@ -0,0 +1,23 @@
+require 'spec_helper'
+
+describe Api::V2::EmptyMiddleController do
+  let(:resource_description) { Apipie.get_resource_description(described_class, '2.0') }
+
+  describe 'resource description' do
+    subject { resource_description }
+
+    context 'when namespaced resources are enabled' do
+      before { Apipie.configuration.namespaced_resources = true }
+      after { Apipie.configuration.namespaced_resources = false }
+
+      # we don't actually expect the resource description to be nil, but resource IDs
+      # are computed at file load time, and altering the value of namespaced_resources
+      # after the fact doesn't change the resource ID, so it can't be found
+      it { is_expected.to be_nil }
+    end
+
+    context 'when namespaced resources are disabled' do
+      it { is_expected.to be_nil }
+    end
+  end
+end

data/spec/controllers/api/v2/nested/resources_controller_spec.rb

@@ -1,6 +1,22 @@
 require 'spec_helper'
 
 describe Api::V2::Nested::ResourcesController do
+  let(:resource_description) { Apipie.get_resource_description(described_class, "2.0") }
+
+  describe "resource description" do
+    describe 'version' do
+      subject { resource_description._version }
+
+      it { is_expected.to eq('2.0') }
+    end
+
+    describe 'name' do
+      subject { resource_description.name }
+
+      it { is_expected.to eq('Rsrcs') }
+    end
+  end
+
   describe '.get_resource_id' do
     subject { Apipie.get_resource_id(Api::V2::Nested::ResourcesController) }
 

data/spec/controllers/api/v2/sub/footguns_controller_spec.rb

@@ -0,0 +1,19 @@
+require 'spec_helper'
+
+describe Api::V2::Sub::FootgunsController do
+  let(:resource_description) { Apipie.get_resource_description(described_class, '2.0') }
+
+  describe 'resource description' do
+    describe 'version' do
+      subject { resource_description._version }
+
+      it { is_expected.to eq('2.0') }
+    end
+
+    describe 'name' do
+      subject { resource_description.name }
+
+      it { is_expected.to eq('snugtooF') }
+    end
+  end
+end

data/spec/controllers/users_controller_spec.rb

@@ -37,6 +37,7 @@ describe UsersController do
       expect(methods.keys).to include(:update)
       expect(methods.keys).to include(:two_urls)
       expect(methods.keys).to include(:action_with_headers)
+      expect(methods.keys).to include(:multiple_required_params)
     end
 
     it "should contain info about resource" do
@@ -101,6 +102,10 @@ describe UsersController do
             expect { get :show, :params => { :id => 5 }}.to raise_error(Apipie::ParamMissing, /session_parameter_is_required/)
           end
 
+          it "should fail if multiple required parameters are missing" do
+            expect { get :multiple_required_params }.to raise_error(Apipie::ParamMultipleMissing, /required_param1.*\n.*required_param2|required_param2.*\n.*required_parameter1/)
+          end
+
           it "should pass if required parameter has wrong type" do
             expect { get :show, :params => { :id => 5 , :session => "secret_hash" }}.not_to raise_error
             expect { get :show, :params => { :id => "ten" , :session => "secret_hash" }}.not_to raise_error
@@ -246,6 +251,11 @@ describe UsersController do
               post :create, :params => { :user => { :name => "root", :pass => "12345", :membership => "____" } }
             }.to raise_error(Apipie::ParamInvalid, /membership/)
 
+            # Should include both pass and name
+            expect {
+              post :create, :params => { :user => { :membership => "standard" } }
+            }.to raise_error(Apipie::ParamMultipleMissing, /pass.*\n.*name|name.*\n.*pass/)
+
             expect {
               post :create, :params => { :user => { :name => "root" } }
             }.to raise_error(Apipie::ParamMissing, /pass/)

data/spec/dummy/app/controllers/api/v2/base_controller.rb

@@ -5,6 +5,12 @@ module Api
         api_version '2.0'
         app_info 'Version 2.0 description'
         api_base_url '/api/v2'
+
+        name :reversed_name
+      end
+
+      def self.reversed_name
+        controller_name.capitalize.reverse
       end
     end
   end

data/spec/dummy/app/controllers/api/v2/empty_middle_controller.rb

@@ -0,0 +1,14 @@
+module Api
+  module V2
+    class EmptyMiddleController < V2::BaseController
+      # This is an empty controller, used to test cases where controllers
+      # may inherit from a middle controler that does not define a resource_description,
+      # but the middle controller's parent does.
+
+      def inconsequential_method
+        # This method is here to ensure that the controller is not empty.
+        # It triggers method_added, which is used to add the resource description.
+      end
+    end
+  end
+end

data/spec/dummy/app/controllers/api/v2/nested/resources_controller.rb

@@ -1,8 +1,8 @@
 module Api
   module V2
     class Nested::ResourcesController < V2::BaseController
-      resource_description do 
-        name 'Resources'
+      resource_description do
+        name ->(controller) { controller.controller_name.delete('aeiou').capitalize }
         resource_id "resource"
       end
       api :GET, "/nested/resources/", "List all nested resources."

data/spec/dummy/app/controllers/api/v2/sub/footguns_controller.rb

@@ -0,0 +1,30 @@
+module Api
+  module V2
+    module Sub
+      class FootgunsController < V2::EmptyMiddleController
+        resource_description do
+          short 'Footguns are bad'
+        end
+
+        api :GET, '/footguns/', 'List all footguns.'
+        def index; end
+
+        api :GET, '/footguns/:id/', 'Show a footgun.'
+        def show; end
+
+        api :POST, '/footguns/', 'Create a footgun.'
+        def create; end
+
+        api :PUT, '/footguns/:id/', 'Update a footgun.'
+        param :footgun, Hash, :required => true do
+          param :name, String
+        end
+        def update; end
+
+        api! 'Delete a footgun.'
+        api_version '2.0' # forces removal of the method description
+        def destroy; end
+      end
+    end
+  end
+end

data/spec/dummy/app/controllers/users_controller.rb

@@ -301,4 +301,10 @@ class UsersController < ApplicationController
   header :HeaderNameWithDefaultValue, 'Header with default value', required: true, default: 'default value'
   def action_with_headers
   end
+
+  api :GET, '/users/multiple_required_params'
+  param :required_param1, String, required: true
+  param :required_param2, String, required: true
+  def multiple_required_params
+  end
 end

data/spec/dummy/config/routes.rb

@@ -8,6 +8,7 @@ Dummy::Application.routes.draw do
       resources :users do
         collection do
           post :create_route
+          get :multiple_required_params
         end
       end
       resources :concerns, :only => [:index, :show]

data/spec/lib/apipie/apipies_controller_spec.rb

@@ -258,12 +258,12 @@ describe Apipie::ApipiesController, type: :controller do
 
     before do
       FileUtils.rm_r(cache_dir) if File.exist?(cache_dir)
-      FileUtils.mkdir_p(File.join(cache_dir, "apidoc", "v1", "resource"))
+      FileUtils.mkdir_p(File.join(cache_dir, "apidoc", "v1", "resource-with-namespace"))
       File.open(File.join(cache_dir, "apidoc", "v1.html"), "w") { |f| f << "apidoc.html cache v1" }
       File.open(File.join(cache_dir, "apidoc", "v2.html"), "w") { |f| f << "apidoc.html cache v2" }
       File.open(File.join(cache_dir, "apidoc", "v1.json"), "w") { |f| f << "apidoc.json cache" }
-      File.open(File.join(cache_dir, "apidoc", "v1", "resource.html"), "w") { |f| f << "resource.html cache" }
-      File.open(File.join(cache_dir, "apidoc", "v1", "resource", "method.html"), "w") { |f| f << "method.html cache" }
+      File.open(File.join(cache_dir, "apidoc", "v1", "resource-with-namespace.html"), "w") { |f| f << "resource-with-namespace.html cache" }
+      File.open(File.join(cache_dir, "apidoc", "v1", "resource-with-namespace", "method.html"), "w") { |f| f << "method.html cache" }
 
       Apipie.configuration.use_cache = true
       @orig_cache_dir = Apipie.configuration.cache_dir
@@ -279,24 +279,68 @@ describe Apipie::ApipiesController, type: :controller do
       # FileUtils.rm_r(cache_dir) if File.exist?(cache_dir)
     end
 
-    it "uses the file in cache dir instead of generating the content on runtime" do
-      get :index
-      expect(response.body).to eq("apidoc.html cache v1")
-      get :index, :params => { :version => 'v1' }
-      expect(response.body).to eq("apidoc.html cache v1")
-      get :index, :params => { :version => 'v2' }
-      expect(response.body).to eq("apidoc.html cache v2")
-      get :index, :params => { :version => 'v1', :format => "html" }
-      expect(response.body).to eq("apidoc.html cache v1")
-      get :index, :params => { :version => 'v1', :format => "json" }
-      expect(response.body).to eq("apidoc.json cache")
-      get :index, :params => { :version => 'v1', :format => "html", :resource => "resource" }
-      expect(response.body).to eq("resource.html cache")
-      get :index, :params => { :version => 'v1', :format => "html", :resource => "resource", :method => "method" }
-      expect(response.body).to eq("method.html cache")
+    context 'when the file exists' do
+      it "uses the file in cache dir instead of generating the content on runtime" do
+        get :index
+        expect(response.body).to eq("apidoc.html cache v1")
+
+        get :index, :params => { :version => 'v1' }
+        expect(response.body).to eq("apidoc.html cache v1")
+
+        get :index, :params => { :version => 'v2' }
+        expect(response.body).to eq("apidoc.html cache v2")
+
+        get :index, :params => { :version => 'v1', :format => "html" }
+        expect(response.body).to eq("apidoc.html cache v1")
+
+        get :index, :params => { :version => 'v1', :format => "json" }
+        expect(response.body).to eq("apidoc.json cache")
+
+        get :index, :params => { :version => 'v1', :format => "html", :resource => "resource-with-namespace" }
+        expect(response.body).to eq("resource-with-namespace.html cache")
+
+        get :index, :params => { :version => 'v1', :format => "html", :resource => "resource-with-namespace", :method => "method" }
+        expect(response.body).to eq("method.html cache")
+      end
     end
 
-  end
+    context 'when the file does not exist' do
+      it 'returns a not found' do
+        get :index, :params => { :version => 'v3-does-not-exist' }
+        expect(response).to have_http_status(:not_found)
+      end
+    end
+
+    context 'preventing path traversal' do
+      context 'when resource contains ..' do
+        it "returns a not found" do
+          get :index, :params => { :version => 'v1', :format => "html", :resource => "../resource-with-namespace", :method => "method" }
+          expect(response).to have_http_status(:not_found)
+        end
+      end
 
+      context 'when method contains ..' do
+        it "returns a not found" do
+          get :index, :params => { :version => 'v1', :format => "html", :resource => "resource-with-namespace", :method => "../method" }
+          expect(response).to have_http_status(:not_found)
+        end
+      end
+
+      context 'when version contains ..' do
+        it "returns a not found" do
+          get :index, :params => { :version => '../v1', :format => "html", :resource => "resource-with-namespace", :method => "method" }
+          expect(response).to have_http_status(:not_found)
+        end
+      end
+
+      context 'when format contains ..' do
+        it "returns a not found" do
+          get :index, :params => { :version => 'v1', :format => "../html", :resource => "resource-with-namespace", :method => "method" }
+          expect(response).to have_http_status(:not_found)
+        end
+      end
+    end
+
+  end
 
 end

data/spec/lib/apipie/extractor/collector_spec.rb

@@ -0,0 +1,57 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe Apipie::Extractor::Collector do
+  let(:recorder) { described_class.new }
+
+  describe '#ignore_call?' do
+    subject { recorder.ignore_call?(record) }
+
+    let(:record) { { controller: controller, action: action } }
+    let(:controller) { ActionController::Base }
+    let(:action) { nil }
+
+    context 'when controller is nil' do
+      let(:controller) { nil }
+
+      it { is_expected.to be true }
+    end
+
+    context 'when controller is ignored' do
+      before do
+        allow(Apipie.configuration).to receive(:ignored_by_recorder).and_return(['ActionController::Bas'])
+      end
+
+      it { is_expected.to be true }
+    end
+
+    context 'when resource#method is ignored' do
+      let(:action) { 'ignored_action' }
+
+      before do
+        allow(Apipie.configuration).to receive(:ignored_by_recorder).and_return(['ActionController::Bas#ignored_action'])
+      end
+
+      it { is_expected.to be true }
+    end
+
+    context 'when controller is not an API controller' do
+      before do
+        allow(Apipie::Extractor).to receive(:controller_path).with('action_controller/base').and_return('foo')
+        allow(Apipie).to receive(:api_controllers_paths).and_return([])
+      end
+
+      it { is_expected.to be true }
+    end
+
+    context 'when controller is an API controller' do
+      before do
+        allow(Apipie::Extractor).to receive(:controller_path).with('action_controller/base').and_return('foo')
+        allow(Apipie).to receive(:api_controllers_paths).and_return(['foo'])
+      end
+
+      it { is_expected.to be_falsey }
+    end
+  end
+end

data/spec/lib/apipie/generator/swagger/method_description/api_schema_service_spec.rb

@@ -64,6 +64,19 @@ describe Apipie::Generator::Swagger::MethodDescription::ApiSchemaService do
       it { is_expected.to include(*tags) }
     end
 
+    context 'when Apipie.configuration.generator.swagger.skip_default_tags is enabled' do
+      before { Apipie.configuration.generator.swagger.skip_default_tags = true }
+      after { Apipie.configuration.generator.swagger.skip_default_tags = false }
+
+      it { is_expected.to be_empty }
+
+      context 'when tags are available' do
+        let(:tags) { ['Tag 1', 'Tag 2'] }
+
+        it { is_expected.to eq(tags) }
+      end
+    end
+
     context 'when Apipie.configuration.generator.swagger.include_warning_tags is enabled' do
       before { Apipie.configuration.generator.swagger.include_warning_tags = true }
 

data/spec/test_engine/memes_controller_spec.rb

@@ -4,7 +4,7 @@ describe TestEngine::MemesController do
 
   describe "#index" do
     it "should have the full mounted path of engine" do
-      Apipie.routes_for_action(TestEngine::MemesController, :index, {}).first[:path].should eq("/test/memes")
+      expect(Apipie.routes_for_action(TestEngine::MemesController, :index, {}).first[:path]).to eq("/test/memes")
     end
   end
 end