castle-rb 3.5.2 → 3.6.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (10) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +1 -0
  3. data/lib/castle/api.rb +2 -2
  4. data/lib/castle/client.rb +2 -2
  5. data/lib/castle/extractors/headers.rb +8 -3
  6. data/lib/castle/version.rb +1 -1
  7. data/spec/lib/castle/client_spec.rb +12 -2
  8. data/spec/lib/castle/context/default_spec.rb +8 -1
  9. data/spec/lib/castle/extractors/headers_spec.rb +7 -1
  10. metadata +4 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 24c43b5fce4ad8c26dd2ebd12986ca7c7cd8ba8cec976dfdff4e3885c1966247
4
- data.tar.gz: 4056b857b4352aed10385049f2bb6a2f55879493f7ddbec7a2a6c7b199bb5224
3
+ metadata.gz: 10971e0d6aaf51fd108b6a4316e938fd223146eb65bf1d1216c585816a0d8e2c
4
+ data.tar.gz: 52bae4bd484b9ccc79d6665f2a80c3839532442f4850c9fa4b1a0a7768fc3426
5
5
  SHA512:
6
- metadata.gz: 65344ead893ec01aa9502203f23707b5bb5288a1785b535e301c2a0dd45c7a2eacbfec4f008a422448e7ee0f847354fff392a98fb05b0ef3c9f4c5ffc30ad4e0
7
- data.tar.gz: f3a12fdd744d44fabb08f4ceb2c61274997168ddb5600d83e1b882abd181471c57b94518cf43feafb9bba52b4112be020fb3185216cab3e4647fb9a0cd1aa65d
6
+ metadata.gz: fa31103ea67d58adb41aad80a1e925173892d73c9cad31b1028bf38194044128c9d3bedfaf399050603749e0f84ae87e48edb922124c99b9cd99b063a65734dd
7
+ data.tar.gz: c203a28c0bb5bde14212282e3565123d41797ea3af151cc5e7405666bea63f58b98decb0807d7fb95de262e066f1f154d3448b1d9714545964842a78fefc0e75
data/README.md CHANGED
@@ -67,6 +67,7 @@ Castle.configure do |config|
67
67
 
68
68
  # Whitelisted and Blacklisted headers are case insensitive and allow to use _ and - as a separator, http prefixes are removed
69
69
  # Whitelisted headers
70
+ # @note In case of the whitelist, we won't send the values of other headers but we will send their names
70
71
  config.whitelisted = ['X_HEADER']
71
72
  # or append to default
72
73
  config.whitelisted += ['http-x-header']
data/lib/castle/api.rb CHANGED
@@ -28,11 +28,11 @@ module Castle
28
28
  headers
29
29
  )
30
30
  )
31
- rescue *HANDLED_ERRORS => error
31
+ rescue *HANDLED_ERRORS => e
32
32
  # @note We need to initialize the error, as the original error is a cause for this
33
33
  # custom exception. If we would do it the default Ruby way, the original error
34
34
  # would get converted into a string
35
- raise Castle::RequestError.new(error) # rubocop:disable Style/RaiseArgs
35
+ raise Castle::RequestError.new(e) # rubocop:disable Style/RaiseArgs
36
36
  end
37
37
  end
38
38
  end
data/lib/castle/client.rb CHANGED
@@ -43,9 +43,9 @@ module Castle
43
43
  command = Castle::Commands::Authenticate.new(@context).build(options)
44
44
  begin
45
45
  Castle::API.request(command).merge(failover: false, failover_reason: nil)
46
- rescue Castle::RequestError, Castle::InternalServerError => error
46
+ rescue Castle::RequestError, Castle::InternalServerError => e
47
47
  self.class.failover_response_or_raise(
48
- FailoverAuthResponse.new(options[:user_id], reason: error.to_s), error
48
+ FailoverAuthResponse.new(options[:user_id], reason: e.to_s), e
49
49
  )
50
50
  end
51
51
  else
data/lib/castle/extractors/headers.rb CHANGED
@@ -14,9 +14,14 @@ module Castle
14
14
  def call
15
15
  @request_env.keys.each_with_object({}) do |header, acc|
16
16
  name = @formatter.call(header)
17
- next unless Castle.config.whitelisted.include?(name)
18
- next if Castle.config.blacklisted.include?(name)
19
- acc[name] = @request_env[header]
17
+
18
+ if Castle.config.whitelisted.include?(name) && !Castle.config.blacklisted.include?(name)
19
+ acc[name] = @request_env[header]
20
+ else
21
+ # When a header is not whitelisted or blacklisted, we're not suppose to send
22
+ # it's value but we should send it's name to indicate it's presence
23
+ acc[name] = true
24
+ end
20
25
  end
21
26
  end
22
27
  end
data/lib/castle/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Castle
4
- VERSION = '3.5.2'
4
+ VERSION = '3.6.0'
5
5
  end
data/spec/lib/castle/client_spec.rb CHANGED
@@ -20,14 +20,24 @@ describe Castle::Client do
20
20
  end
21
21
  let(:client_with_no_timestamp) { described_class.new(request_to_context) }
22
22
 
23
- let(:headers) { { 'X-Forwarded-For' => ip.to_s, 'User-Agent' => ua } }
23
+ let(:headers) do
24
+ {
25
+ 'Rack.version': true, 'Rack.input': true, 'Rack.errors': true,
26
+ 'Rack.multithread': true, 'Rack.multiprocess': true, 'Rack.run-Once': true,
27
+ 'Request-Method': true, 'Server-Name': true, 'Server-Port': true,
28
+ 'Query-String': true, 'Path-Info': true, 'Rack.url-Scheme': true,
29
+ 'Https': true, 'Script-Name': true, 'Content-Length': true,
30
+ 'User-Agent': ua, 'X-Forwarded-For': ip.to_s, 'Rack.request.cookie-Hash': true,
31
+ 'Rack.request.cookie-String': true, 'Cookie': true
32
+ }
33
+ end
24
34
  let(:context) do
25
35
  {
26
36
  client_id: 'abcd',
27
37
  active: true,
28
38
  origin: 'web',
29
39
  user_agent: ua,
30
- headers: { 'X-Forwarded-For': ip.to_s, 'User-Agent': ua },
40
+ headers: headers,
31
41
  ip: ip,
32
42
  library: { name: 'castle-rb', version: '2.2.0' }
33
43
  }
data/spec/lib/castle/context/default_spec.rb CHANGED
@@ -25,7 +25,14 @@ describe Castle::Context::Default do
25
25
  it { expect(default_context[:origin]).to be_eql('web') }
26
26
  it {
27
27
  expect(default_context[:headers]).to be_eql(
28
- 'X-Forwarded-For' => '1.2.3.4', 'Accept-Language' => 'en', 'User-Agent' => 'test'
28
+ 'Rack.version' => true, 'Rack.input' => true, 'Rack.errors' => true,
29
+ 'Rack.multithread' => true, 'Rack.multiprocess' => true, 'Rack.run-Once' => true,
30
+ 'Request-Method' => true, 'Server-Name' => true, 'Server-Port' => true,
31
+ 'Query-String' => true, 'Path-Info' => true, 'Rack.url-Scheme' => true,
32
+ 'Https' => true, 'Script-Name' => true, 'Content-Length' => true,
33
+ 'X-Forwarded-For' => '1.2.3.4', 'Accept-Language' => 'en', 'User-Agent' => 'test',
34
+ 'Rack.request.cookie-Hash' => true, 'Rack.request.cookie-String' => true,
35
+ 'Cookie' => true
29
36
  )
30
37
  }
31
38
  it { expect(default_context[:ip]).to be_eql(ip) }
data/spec/lib/castle/extractors/headers_spec.rb CHANGED
@@ -19,7 +19,13 @@ describe Castle::Extractors::Headers do
19
19
  end
20
20
  it do
21
21
  expect(extractor.call).to eql(
22
- 'X-Forwarded-For' => '1.2.3.4', 'Test' => '1'
22
+ 'Test' => '1', 'Ok' => true, 'Rack.version' => true,
23
+ 'Rack.input' => true, 'Rack.errors' => true, 'Rack.multithread' => true,
24
+ 'Rack.multiprocess' => true, 'Rack.run-Once' => true, 'Request-Method' => true,
25
+ 'Server-Name' => true, 'Server-Port' => true, 'Query-String' => true,
26
+ 'Path-Info' => true, 'Rack.url-Scheme' => true, 'Https' => true,
27
+ 'Script-Name' => true, 'Content-Length' => true, 'X-Forwarded-For' => '1.2.3.4',
28
+ 'Cookie' => true
23
29
  )
24
30
  end
25
31
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: castle-rb
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.5.2
4
+ version: 3.6.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Johan Brissmyr
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-01-09 00:00:00.000000000 Z
11
+ date: 2020-01-07 00:00:00.000000000 Z
12
12
  dependencies: []
13
13
  description: Castle protects your users from account compromise
14
14
  email: johan@castle.io
@@ -95,15 +95,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
95
95
  requirements:
96
96
  - - ">="
97
97
  - !ruby/object:Gem::Version
98
- version: 2.2.6
98
+ version: '2.4'
99
99
  required_rubygems_version: !ruby/object:Gem::Requirement
100
100
  requirements:
101
101
  - - ">="
102
102
  - !ruby/object:Gem::Version
103
103
  version: '0'
104
104
  requirements: []
105
- rubyforge_project:
106
- rubygems_version: 2.7.6
105
+ rubygems_version: 3.0.6
107
106
  signing_key:
108
107
  specification_version: 4
109
108
  summary: Castle