bollard 1.0.3 → 2.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 74dc7d2be40f5a9ec28e38b88f6c9b8bd5925523
-  data.tar.gz: ef2dbea6f544d92e00ca47675aaadad73dcdabfa
+  metadata.gz: 9687b9297437ec802e5f2e5dcda2ca60354abf21
+  data.tar.gz: 17cc8bbce3ecf75cad13ab9a5c86b9794799979f
 SHA512:
-  metadata.gz: cb440c2fa6eda23b75d481dd2f27bd60dc5e087ca1b336369417499ecace553a60be376eaa74181d402deab9bed09f46fba79f6551cdf86d1619a18509e3d8b3
-  data.tar.gz: 2c39954a6066b5c7f9a2f6e01aaf1d53e35567cf9cb619de1b582682dde4b99f53218cda4338507ec1577669ecd34bac8ea0792d86396cdb51f3eaf805621c5b
+  metadata.gz: a0275e28c88eada5209443534874fd211b1f6a686dad5d801c77f575d992737e77395b71243fa6eef0e7d3c748df728e2c6f7f58e30a7e482febba25750b161e
+  data.tar.gz: f369b668086ffc82f4c129dc36b2b908675b09be7ced1ac0487d2b2e819e0a1fab1c3e1a0c415cd36045b58976098ed7963908bfb4466ef0211b4c4a79c1af5b

data/Gemfile.lock

@@ -1,9 +1,8 @@
 PATH
   remote: .
   specs:
-    bollard (1.0.2)
+    bollard (2.0.0)
       jwt
-      rest-client
 
 GEM
   remote: https://rubygems.org/
@@ -13,32 +12,14 @@ GEM
       i18n (>= 0.7, < 2)
       minitest (~> 5.1)
       tzinfo (~> 1.1)
-    addressable (2.5.2)
-      public_suffix (>= 2.0.2, < 4.0)
     byebug (10.0.2)
     concurrent-ruby (1.0.5)
-    crack (0.4.3)
-      safe_yaml (~> 1.0.0)
     diff-lcs (1.3)
-    domain_name (0.5.20180417)
-      unf (>= 0.0.5, < 1.0.0)
-    hashdiff (0.3.7)
-    http-cookie (1.0.3)
-      domain_name (~> 0.5)
     i18n (1.1.0)
       concurrent-ruby (~> 1.0)
     jwt (2.1.0)
-    mime-types (3.2.2)
-      mime-types-data (~> 3.2015)
-    mime-types-data (3.2018.0812)
     minitest (5.11.3)
-    netrc (0.11.0)
-    public_suffix (3.0.3)
     rake (12.3.1)
-    rest-client (2.0.2)
-      http-cookie (>= 1.0.2, < 2.0)
-      mime-types (>= 1.16, < 4.0)
-      netrc (~> 0.8)
     rspec (3.8.0)
       rspec-core (~> 3.8.0)
       rspec-expectations (~> 3.8.0)
@@ -52,17 +33,9 @@ GEM
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.8.0)
     rspec-support (3.8.0)
-    safe_yaml (1.0.4)
     thread_safe (0.3.6)
     tzinfo (1.2.5)
       thread_safe (~> 0.1)
-    unf (0.1.4)
-      unf_ext
-    unf_ext (0.0.7.5)
-    webmock (2.3.2)
-      addressable (>= 2.3.6)
-      crack (>= 0.3.2)
-      hashdiff
 
 PLATFORMS
   ruby
@@ -73,7 +46,6 @@ DEPENDENCIES
   byebug
   rake
   rspec (~> 3.7)
-  webmock (~> 2.3)
 
 BUNDLED WITH
    1.16.1

data/bollard.gemspec

@@ -18,11 +18,9 @@ Gem::Specification.new do |s|
   s.test_files  = `git ls-files -- {spec,gemfiles}/*`.split("\n")
 
   s.add_dependency "jwt"
-  s.add_dependency "rest-client"
 
   s.add_development_dependency "activesupport", ">= 3.1"
   s.add_development_dependency "rspec", "~> 3.7"
-  s.add_development_dependency "webmock", "~> 2.3"
   s.add_development_dependency "byebug"
   s.add_development_dependency "rake"
 end

data/lib/bollard.rb

@@ -1,14 +1,31 @@
+require 'bollard/version'
+require 'bollard/token'
 require 'bollard/signature'
-require 'bollard/post'
 
-module Bollard
-  def self.secure_post(url, payload, signing_secret, extra_headers: {}, auth_header: 'Bollard-Signature')
-    post = Post.new(url, payload, signing_secret, extra_headers, auth_header)
-    post.perform
+require 'securerandom'
+
+class Bollard
+  def self.generate_secret(length: 32)
+    SecureRandom.hex((length / 2.0).ceil)[0...length]
+  end
+
+
+  def initialize(signing_secret)
+    @signing_secret = signing_secret
+  end
+
+
+  def generate_token(payload, **args)
+    Token.generate(payload, signing_secret, **args)
   end
 
 
-  def self.verify_post(payload, header, signing_secret, tolerance: nil)
-    Signature.verify(payload, header, signing_secret, tolerance: tolerance)
+  def verify_payload(payload, token, **args)
+    Token.new(token, signing_secret).verify_payload(payload, **args)
   end
+
+
+  private
+
+  attr_reader :signing_secret
 end

data/lib/bollard/signature.rb

@@ -1,64 +1,32 @@
 require 'digest'
-require 'jwt'
-
-module Bollard
-  class SignatureVerificationError < RuntimeError
-    attr_reader :message, :sig_header, :http_body
-
-    def initialize(message, sig_header, http_body: nil)
-      @message = message
-      @sig_header = sig_header
-      @http_body = http_body
-    end
-  end
 
+class Bollard
   class Signature
     EXPECTED_ALGORITHM = "sig_v1".freeze
 
-
-    def self.generate(data, secret, ttl: 600)
-      iat = Time.now.to_i
-      payload = { iat: iat, exp: iat + ttl, sig_v1: Digest::SHA256.hexdigest(data) }
-      JWT.encode(payload, secret, 'HS256')
+    def self.calculate_signature(payload)
+      Digest::SHA256.hexdigest(payload)
     end
 
 
-    # Verifies the signature header for a given payload.
-    #
-    # Raises a SignatureVerificationError in the following cases:
-    # - the header does not match the expected format
-    # - no hash found with the expected algorithm
-    # - hash doesn't match the expected hash
-    #
-    # Returns true otherwise
-    def self.verify(payload, header, secret, tolerance: nil)
-      begin
-        decoded_token = JWT.decode(header, secret, true, { exp_leeway: tolerance })
-      rescue JWT::DecodeError => e
-        raise SignatureVerificationError.new(e.message, header, http_body: payload)
-      end
-
-      provided_hash = decoded_token[0][EXPECTED_ALGORITHM]
-      if provided_hash.blank?
-        raise SignatureVerificationError.new(
-          "No hash found with expected algorithm #{EXPECTED_ALGORITHM}",
-          header, http_body: payload
-        )
-      end
+    def initialize(signature)
+      @signature = signature
+    end
 
-      expected_hash = Digest::SHA256.hexdigest(payload)
-      unless secure_compare(provided_hash, expected_hash)
-        raise SignatureVerificationError.new("Hash mismatch for payload", header, http_body: payload)
-      end
 
-      true
+    def match?(payload)
+      secure_compare(signature, self.class.calculate_signature(payload))
     end
 
 
+    private
+
+    attr_reader :signature
+
     # Constant time string comparison to prevent timing attacks
 
     # Code borrowed from ActiveSupport
-    def self.secure_compare(a, b)
+    def secure_compare(a, b)
       return false unless a.bytesize == b.bytesize
 
       l = a.unpack "C#{a.bytesize}"
@@ -67,6 +35,5 @@ module Bollard
       b.each_byte { |byte| res |= byte ^ l.shift }
       res.zero?
     end
-    private_class_method :secure_compare
   end
 end

data/lib/bollard/token.rb

@@ -0,0 +1,64 @@
+require 'jwt'
+
+class Bollard
+  SignatureVerificationError = Class.new(RuntimeError)
+
+  class Token
+
+    # Generate the token header for a given payload.
+    # The token becomes invalid after `ttl` seconds.
+    #
+    # Returns a JWT with an iat, exp, and signature data
+    def self.generate(payload, signing_secret, ttl: 600)
+      iat = Time.now.to_i
+      signature = Signature.calculate_signature(payload)
+      jwt_payload = { iat: iat, exp: iat + ttl, Signature::EXPECTED_ALGORITHM => signature }
+      JWT.encode(jwt_payload, signing_secret, 'HS256')
+    end
+
+
+    def initialize(token, signing_secret)
+      @token = token
+      @signing_secret = signing_secret
+    end
+
+
+    # Verifies the token header for a given payload.
+    #
+    # Raises a SignatureVerificationError in the following cases:
+    # - the header does not match the expected format
+    # - no hash found with the expected algorithm
+    # - hash doesn't match the expected hash
+    #
+    # Returns true otherwise
+    def verify_payload(payload, tolerance: nil)
+      token_data, header = decode_token(tolerance)
+      signature = extract_signature(token_data)
+      verify_data(signature, payload)
+
+      true
+    end
+
+
+    private
+
+    attr_reader :token, :signing_secret
+
+    def decode_token(tolerance)
+      JWT.decode(token, signing_secret, true, { exp_leeway: tolerance })
+    rescue JWT::DecodeError => e
+      raise SignatureVerificationError.new(e.message)
+    end
+
+    def extract_signature(token_data)
+      signature = token_data[Signature::EXPECTED_ALGORITHM]
+      return Signature.new(signature) unless signature.blank?
+      raise SignatureVerificationError.new("No signature found with expected algorithm #{Signature::EXPECTED_ALGORITHM}")
+    end
+
+    def verify_data(signature, payload)
+      return true if signature.match?(payload)
+      raise SignatureVerificationError.new("Hash mismatch for payload")
+    end
+  end
+end

data/lib/bollard/version.rb

@@ -1,3 +1,3 @@
-module Bollard
-  VERSION = "1.0.3"
+class Bollard
+  VERSION = "2.0.0"
 end

data/spec/lib/bollard/signature_spec.rb

@@ -2,74 +2,26 @@ require "spec_helper"
 require 'digest'
 
 RSpec.describe Bollard::Signature do
-  describe ".generate" do
-    let(:jwt) { Bollard::Signature.generate("Some data", "super-secret") }
-    let(:jwt_payload) { JWT.decode(jwt, "super-secret", true)[0] }
-
-    it "generates a valid JWT for the given payload" do
-      expect { JWT.decode(jwt, "super-secret", true) }.not_to raise_error
-    end
-
-    it "adds an issued-at field" do
-      travel_to(Time.now) do
-        expect(jwt_payload["iat"]).to eq Time.now.to_i
-      end
+  describe ".calculate_signature" do
+    it "returns a signature" do
+      expect(Bollard::Signature.calculate_signature("Some test data")).to be_present
     end
 
-    it "adds an expires-at field" do
-      travel_to(Time.now) do
-        expect(jwt_payload["exp"]).to eq(Time.now.to_i + 600)
-      end
-    end
-
-    context "when given a ttl" do
-      let(:jwt) { Bollard::Signature.generate("Some data", "super-secret", ttl: 100) }
-
-      it "sets the expires-at field using the configurable ttl" do
-        travel_to(Time.now) do
-          expect(jwt_payload["exp"]).to eq(Time.now.to_i + 100)
-        end
-      end
-    end
-
-    it "adds a hash of the data" do
-      expect(jwt_payload["sig_v1"]).to eq(Digest::SHA256.hexdigest("Some data"))
-    end
-
-    it "signs the jwt with the secret so it can be verified" do
-      expect { JWT.decode(jwt, "not-the-same-secret", true) }.to raise_error(JWT::VerificationError, "Signature verification raised")
+    it "returns an SHA256 hex digest of the given data" do
+      expected_digest = "6e6ff23ec852afdf8fc294da163a55b2d246ec45b9659d290dc8871aea1502c0"
+      expect(Bollard::Signature.calculate_signature("Some test data")).to eq expected_digest
     end
   end
 
-  describe ".verify" do
-    it "verifies the signing secret matches the given secret" do
-      jwt = Bollard::Signature.generate("Some data", "super-secret")
-      expect { Bollard::Signature.verify("Some data", jwt, "different-super-secret") }.to raise_error(Bollard::SignatureVerificationError, "Signature verification raised")
-    end
-
-    it "verifies the payload matches the given hash" do
-      jwt = Bollard::Signature.generate("Some data", "super-secret")
-      expect { Bollard::Signature.verify("Some different data", jwt, "super-secret") }.to raise_error(Bollard::SignatureVerificationError, "Hash mismatch for payload")
-    end
-
-    it "verifies the format of the token" do
-      jwt = JWT.encode({ sig_v2: Digest::SHA256.hexdigest("Some data") }, "super-secret", 'HS256')
-
-      expect { Bollard::Signature.verify("Some data", jwt, "super-secret") }.to raise_error(Bollard::SignatureVerificationError, "No hash found with expected algorithm #{Bollard::Signature::EXPECTED_ALGORITHM}")
-    end
-
-    it "ensures that the jwt hasn't expired" do
-      jwt = Bollard::Signature.generate("Some data", "super-secret")
-      travel_to(Time.now + 1200) do
-        expect { Bollard::Signature.verify("Some data", jwt, "super-secret") }.to raise_error(Bollard::SignatureVerificationError, "Signature has expired")
-      end
+  describe "#match?" do
+    it "returns true if the given signature matches the given payload" do
+      expected_digest = "6e6ff23ec852afdf8fc294da163a55b2d246ec45b9659d290dc8871aea1502c0"
+      expect(Bollard::Signature.new(expected_digest).match?("Some test data")).to be true
     end
 
-    it "allows leeway for the expiry if set" do
-      jwt = Bollard::Signature.generate("Some data", "super-secret")
-      travel_to(Time.now + 1200) do
-        expect { Bollard::Signature.verify("Some data", jwt, "super-secret", tolerance: 1200) }.not_to raise_error
-      end
+    it "returns false if the given signature doesn't match the given payload" do
+      expected_digest = "6e6ff23ec852afdf8fc294da163a55b2d246ec45b9659d290dc8871aea1502c0"
+      expect(Bollard::Signature.new(expected_digest).match?("Some other test data")).to be false
     end
   end
 end

data/spec/lib/bollard/token_spec.rb

@@ -0,0 +1,86 @@
+require 'spec_helper'
+
+RSpec.describe Bollard::Token do
+  describe ".generate" do
+    it "returns a valid JWT" do
+      token = Bollard::Token.generate("Some test data", "-signing-secret-")
+      expect { JWT.decode(token, nil, false) }.not_to raise_error
+    end
+
+    it "returns a JWT signed with the given secret" do
+      token = Bollard::Token.generate("Some test data", "-signing-secret-")
+      expect { JWT.decode(token, "-signing-secret-", true) }.not_to raise_error
+    end
+
+    it "returns a JWT with an issued at timestamp (iat)" do
+      travel_to(Time.now) do
+        token = Bollard::Token.generate("Some test data", "-signing-secret-")
+        payload, header = JWT.decode(token, nil, false)
+        expect(payload['iat']).to eq Time.now.to_i
+      end
+    end
+
+    it "returns a JWT with an expiry timestamp (exp)" do
+      travel_to(Time.now) do
+        token = Bollard::Token.generate("Some test data", "-signing-secret-")
+        payload, header = JWT.decode(token, nil, false)
+        expect(payload['exp']).to eq Time.now.to_i + 600
+      end
+    end
+
+    it "returns a JWT with an expiry timestamp (exp) set to the expire after the given TTL" do
+      travel_to(Time.now) do
+        token = Bollard::Token.generate("Some test data", "-signing-secret-", ttl: 10)
+        payload, header = JWT.decode(token, nil, false)
+        expect(payload['exp']).to eq Time.now.to_i + 10
+      end
+    end
+  end
+
+  describe "#verify_payload" do
+    it "returns true if given a payload that matches the signature from the token" do
+      token = Bollard::Token.generate("Some test data", "-signing-secret-")
+      expect { Bollard::Token.new(token, "-signing-secret-").verify_payload("Some test data") }.not_to raise_error
+    end
+
+    it "raises an error if given a token that wasn't signed with the signing secret" do
+      token = Bollard::Token.generate("Some test data", "-signing-secret-")
+      expect { Bollard::Token.new(token, "-different-secret-").verify_payload("Some test data") }.to raise_error(
+        Bollard::SignatureVerificationError, "Signature verification raised"
+      )
+    end
+
+    it "raises an error if given a token that has expired" do
+      token = Bollard::Token.generate("Some test data", "-signing-secret-")
+      travel_to(Time.now + 1000) do
+        expect do
+          Bollard::Token.new(token, "-signing-secret-").verify_payload("Some test data")
+        end.to raise_error(Bollard::SignatureVerificationError, "Signature has expired")
+      end
+    end
+
+    it "allows some tolerance in the expiry if custom tolerance passed in" do
+      token = Bollard::Token.generate("Some test data", "-signing-secret-")
+      travel_to(Time.now + 1000) do
+        expect do
+          Bollard::Token.new(token, "-signing-secret-").verify_payload("Some test data", tolerance: 1000)
+        end.not_to raise_error
+      end
+    end
+
+    it "raises an error if given a token that doesn't contain expected signature information" do
+      token = JWT.encode({}, "-signing-secret-")
+      expected_error_message = "No signature found with expected algorithm #{Bollard::Signature::EXPECTED_ALGORITHM}"
+      expect do
+        Bollard::Token.new(token, "-signing-secret-").verify_payload("Some test data")
+      end.to raise_error(Bollard::SignatureVerificationError, expected_error_message)
+    end
+
+    it "raises an error if given a payload that doesn't match the signature contained in the token" do
+      token = Bollard::Token.generate("Some test data", "-signing-secret-")
+      expect do
+        Bollard::Token.new(token, "-signing-secret-").verify_payload("Some other test data")
+      end.to raise_error(Bollard::SignatureVerificationError, "Hash mismatch for payload")
+    end
+  end
+end

data/spec/lib/bollard_spec.rb

@@ -1,45 +1,70 @@
-require 'spec_helper'
+require "spec_helper"
 
 RSpec.describe Bollard do
-  describe ".secure_post" do
-    let(:post) { instance_double(Bollard::Post, perform: true) }
+  describe ".generate_secret" do
+    it "generates a secret key" do
+      expect(Bollard.generate_secret).to be_present
+    end
 
-    before do
-      allow(Bollard::Post).to receive(:new).and_return(post)
+    it "generates a secret key of the desired length" do
+      secret_key = Bollard.generate_secret(length: 67)
+      expect(secret_key.length).to be(67)
     end
 
-    it "delegates everything to Post" do
-      Bollard.secure_post("https://url.com", "{}", "secrets", extra_headers: { header_1: "1" }, auth_header: "Authorization")
-      expect(Bollard::Post).to have_received(:new).with("https://url.com", "{}", "secrets", { header_1: "1" }, "Authorization")
-      expect(post).to have_received(:perform)
+    it "doesn't generate the same secret key twice" do
+      secret_key = Bollard.generate_secret
+      other_secret_key = Bollard.generate_secret
+
+      expect(secret_key).not_to eq other_secret_key
     end
+  end
+
 
-    it "provides defaults for extra_headers" do
-      Bollard.secure_post("https://url.com", "{}", "secrets", auth_header: "Authorization")
-      expect(Bollard::Post).to have_received(:new).with("https://url.com", "{}", "secrets", {}, "Authorization")
+  describe "#generate_token" do
+    let(:bollard) { Bollard.new("-signing-secret-") }
+
+    it "returns a token" do
+      expect(bollard.generate_token("Some test data")).to be_present
     end
 
-    it "provides defaults for auth_header" do
-      Bollard.secure_post("https://url.com", "{}", "secrets", extra_headers: { header_1: "1" })
-      expect(Bollard::Post).to have_received(:new).with("https://url.com", "{}", "secrets", { header_1: "1" }, "Bollard-Signature")
+    it "generates a new token using Bollard::Token with the given payload" do
+      expect(Bollard::Token).to receive(:generate).with("Some test data", "-signing-secret-", {})
+
+      bollard.generate_token("Some test data")
+    end
+
+    it "passes on any given arguments" do
+      expect(Bollard::Token).to receive(:generate).with("Some test data", "-signing-secret-", ttl: 10)
+
+      bollard.generate_token("Some test data", ttl: 10)
     end
   end
 
-  describe ".verify_post" do
-    before do
-      allow(Bollard::Signature).to receive(:verify)
+
+  describe "#verify_payload" do
+    let(:bollard) { Bollard.new("-signing-secret-") }
+
+    it "verifies a payload" do
+      token = bollard.generate_token("Some test data")
+      expect(bollard.verify_payload("Some test data", token)).to eq true
     end
 
-    it "delegates everything to Signature" do
-      Bollard.verify_post("{}", "abc123", "secrets", tolerance: 100)
+    it "verifies the payload using Bollard::Token" do
+      token = instance_double(Bollard::Token, verify_payload: true)
+      allow(Bollard::Token).to receive(:new).with("-token-", "-signing-secret-").and_return(token)
+
+      bollard.verify_payload("Some test data", "-token-")
 
-      expect(Bollard::Signature).to have_received(:verify).with("{}", "abc123", "secrets", tolerance: 100)
+      expect(token).to have_received(:verify_payload).with("Some test data", {})
     end
 
-    it "provides a default for tolerance" do
-      Bollard.verify_post("{}", "abc123", "secrets")
+    it "passes on any given arguments" do
+      token = instance_double(Bollard::Token, verify_payload: true)
+      allow(Bollard::Token).to receive(:new).with("-token-", "-signing-secret-").and_return(token)
+
+      bollard.verify_payload("Some test data", "-token-", tolerance: 100)
 
-      expect(Bollard::Signature).to have_received(:verify).with("{}", "abc123", "secrets", tolerance: nil)
+      expect(token).to have_received(:verify_payload).with("Some test data", tolerance: 100)
     end
   end
 end

data/spec/spec_helper.rb

@@ -1,7 +1,6 @@
 require 'byebug'
 require 'active_support/testing/time_helpers'
 
-require 'webmock/rspec'
 require File.expand_path('../../lib/bollard', __FILE__)
 Dir[File.expand_path('../spec/support/**/*.rb', __FILE__)].each { |f| require f }
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: bollard
 version: !ruby/object:Gem::Version
-  version: 1.0.3
+  version: 2.0.0
 platform: ruby
 authors:
 - Michael Dilley
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-08-29 00:00:00.000000000 Z
+date: 2018-08-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: jwt
@@ -24,20 +24,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-- !ruby/object:Gem::Dependency
-  name: rest-client
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
 - !ruby/object:Gem::Dependency
   name: activesupport
   requirement: !ruby/object:Gem::Requirement
@@ -66,20 +52,6 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '3.7'
-- !ruby/object:Gem::Dependency
-  name: webmock
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '2.3'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '2.3'
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement
@@ -122,11 +94,11 @@ files:
 - Rakefile
 - bollard.gemspec
 - lib/bollard.rb
-- lib/bollard/post.rb
 - lib/bollard/signature.rb
+- lib/bollard/token.rb
 - lib/bollard/version.rb
-- spec/lib/bollard/post_spec.rb
 - spec/lib/bollard/signature_spec.rb
+- spec/lib/bollard/token_spec.rb
 - spec/lib/bollard_spec.rb
 - spec/spec_helper.rb
 homepage: https://github.com/vinomofo/bollard
@@ -154,7 +126,7 @@ signing_key:
 specification_version: 4
 summary: Send a secure post somewhere
 test_files:
-- spec/lib/bollard/post_spec.rb
 - spec/lib/bollard/signature_spec.rb
+- spec/lib/bollard/token_spec.rb
 - spec/lib/bollard_spec.rb
 - spec/spec_helper.rb

data/lib/bollard/post.rb

@@ -1,40 +0,0 @@
-require 'rest-client'
-
-module Bollard
-  class PostError < RuntimeError
-    attr_reader :response
-
-    def initialize(message, response: nil)
-      @response = response
-      super(message)
-    end
-  end
-
-  class Post
-    def initialize(url, payload, signing_secret, extra_headers, auth_header)
-      @url = url
-      @payload = payload
-      @signing_secret = signing_secret
-      @auth_header = auth_header
-      @extra_headers = extra_headers
-    end
-
-    def perform
-      RestClient.post(@url, @payload, headers)
-    rescue RestClient::ExceptionWithResponse => e
-      raise PostError.new(e.response.body, response: e.response)
-    rescue RestClient::Exception => e
-      raise PostError.new(e.message)
-    end
-
-    private
-
-    def headers
-      @extra_headers.merge({ @auth_header => signature })
-    end
-
-    def signature
-      Signature.generate(@payload, @signing_secret)
-    end
-  end
-end

data/spec/lib/bollard/post_spec.rb

@@ -1,33 +0,0 @@
-require 'spec_helper'
-
-RSpec.describe Bollard::Post do
-  it "posts the payload to the given URL" do
-    stub_request(:post, "https://test.localhost/")
-
-    post = Bollard::Post.new("https://test.localhost/", "{}", "secret", {}, "Bollard-Signature")
-    post.perform
-
-    expect(WebMock).to have_requested(:post, "https://test.localhost").with(body: "{}")
-  end
-
-  it "adds the correct signature header to the request" do
-    allow(Bollard::Signature).to receive(:generate).and_return("valid_signature")
-    stub_request(:post, "https://test.localhost/")
-
-    post = Bollard::Post.new("https://test.localhost/", "{}", "secret", {}, "Bollard-Signature")
-    post.perform
-
-    expect(WebMock).to have_requested(:post, "https://test.localhost")
-      .with(headers: { "Bollard-Signature" => "valid_signature" })
-  end
-
-  it "adds extra headers to the request" do
-    stub_request(:post, "https://test.localhost/")
-
-    post = Bollard::Post.new("https://test.localhost/", "{}", "secret", { content_type: :json, accept: :json }, "Bollard-Signature")
-    post.perform
-
-    expect(WebMock).to have_requested(:post, "https://test.localhost")
-      .with(headers: { content_type: 'application/json', accept: 'application/json' })
-  end
-end