castle-rb 4.1.0 → 6.0.0

data/spec/lib/castle/utils/clean_invalid_chars_spec.rb

@@ -0,0 +1,69 @@
+# frozen_string_literal: true
+
+describe Castle::Utils::CleanInvalidChars do
+  describe '::call' do
+    subject { described_class.call(input) }
+
+    context 'when input is a string' do
+      let(:input) { '1234' }
+
+      it { is_expected.to eq input }
+    end
+
+    context 'when input is an array' do
+      let(:input) { [1, 2, 3, '4'] }
+
+      it { is_expected.to eq input }
+    end
+
+    context 'when input is a hash' do
+      let(:input) { { user_id: 1 } }
+
+      it { is_expected.to eq input }
+    end
+
+    context 'when input is nil' do
+      let(:input) { nil }
+
+      it { is_expected.to eq input }
+    end
+
+    context 'when input is a nested hash' do
+      let(:input) { { user: { id: 1 } } }
+
+      it { is_expected.to eq input }
+    end
+
+    context 'with invalid UTF-8 characters' do
+      context 'when input is a hash' do
+        let(:input) { { user_id: "inv\xC4lid" } }
+
+        it { is_expected.to eq(user_id: 'inv�lid') }
+      end
+
+      context 'when input is a nested hash' do
+        let(:input) { { user: { id: "inv\xC4lid" } } }
+
+        it { is_expected.to eq(user: { id: 'inv�lid' }) }
+      end
+
+      context 'when input is an array of hashes' do
+        let(:input) { [{ user: "inv\xC4lid" }] * 2 }
+
+        it { is_expected.to eq([{ user: 'inv�lid' }, { user: 'inv�lid' }]) }
+      end
+
+      context 'when input is an array' do
+        let(:input) { ["inv\xC4lid"] * 2 }
+
+        it { is_expected.to eq(['inv�lid', 'inv�lid']) }
+      end
+
+      context 'when input is a hash with array in key' do
+        let(:input) { { items: ["inv\xC4lid"] * 2 } }
+
+        it { is_expected.to eq(items: ['inv�lid', 'inv�lid']) }
+      end
+    end
+  end
+end

data/spec/lib/castle/utils/{cloner_spec.rb → clone_spec.rb}

@@ -1,13 +1,13 @@
 # frozen_string_literal: true
 
-describe Castle::Utils::Cloner do
-  subject(:cloner) { described_class }
+describe Castle::Utils::Clone do
+  subject(:clone) { described_class }
 
   describe 'call' do
     let(:nested) { { c: '3' } }
     let(:first) { { test: { test1: { c: '4' }, test2: nested, a: '1', b: '2' } } }
     let(:result) { { test: { test1: { c: '4' }, test2: { c: '3' }, a: '1', b: '2' } } }
-    let(:cloned) { cloner.call(first) }
+    let(:cloned) { clone.call(first) }
 
     before { cloned }
 

data/spec/lib/castle/utils/deep_symbolize_keys_spec.rb

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+
+describe Castle::Utils::DeepSymbolizeKeys do
+  let(:nested_strings) { { 'a' => { 'b' => { 'c' => 3 } } } }
+  let(:nested_symbols) { { a: { b: { c: 3 } } } }
+  let(:nested_mixed) { { 'a' => { b: { 'c' => 3 } } } }
+  let(:string_array_of_hashes) { { 'a' => [{ 'b' => 2 }, { 'c' => 3 }, 4] } }
+  let(:symbol_array_of_hashes) { { a: [{ b: 2 }, { c: 3 }, 4] } }
+  let(:mixed_array_of_hashes) { { a: [{ b: 2 }, { 'c' => 3 }, 4] } }
+
+  describe '::call' do
+    subject { described_class.call(hash) }
+
+    context 'when nested_symbols' do
+      let(:hash) { nested_symbols }
+
+      it { is_expected.to eq(nested_symbols) }
+    end
+
+    context 'when nested_strings' do
+      let(:hash) { nested_strings }
+
+      it { is_expected.to eq(nested_symbols) }
+    end
+
+    context 'when nested_mixed' do
+      let(:hash) { nested_mixed }
+
+      it { is_expected.to eq(nested_symbols) }
+    end
+
+    context 'when string_array_of_hashes' do
+      let(:hash) { string_array_of_hashes }
+
+      it { is_expected.to eq(symbol_array_of_hashes) }
+    end
+
+    context 'when symbol_array_of_hashes' do
+      let(:hash) { symbol_array_of_hashes }
+
+      it { is_expected.to eq(symbol_array_of_hashes) }
+    end
+
+    context 'when mixed_array_of_hashes' do
+      let(:hash) { mixed_array_of_hashes }
+
+      it { is_expected.to eq(symbol_array_of_hashes) }
+    end
+  end
+end

data/spec/lib/castle/utils/{timestamp_spec.rb → get_timestamp_spec.rb}

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-describe Castle::Utils::Timestamp do
+describe Castle::Utils::GetTimestamp do
   subject(:timestamp) { described_class.call }
 
   let(:time_string) { '2018-01-10T14:14:24.407Z' }

data/spec/lib/castle/utils/{merger_spec.rb → merge_spec.rb}

@@ -1,13 +1,13 @@
 # frozen_string_literal: true
 
-describe Castle::Utils::Merger do
-  subject(:merger) { described_class }
+describe Castle::Utils::Merge do
+  subject(:merge) { described_class }
 
   describe 'call' do
     let(:first) { { test: { test1: { c: '4' }, test2: { c: '3' }, a: '1', b: '2' } } }
     let(:second) { { test2: '2', test: { 'test1' => { d: '5' }, test2: '6', a: nil, b: '3' } } }
     let(:result) { { test2: '2', test: { test1: { c: '4', d: '5' }, test2: '6', b: '3' } } }
 
-    it { expect(merger.call(first, second)).to be_eql(result) }
+    it { expect(merge.call(first, second)).to be_eql(result) }
   end
 end

data/spec/lib/castle/verdict_spec.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+describe Castle::Verdict do
+  subject(:verdict) { described_class }
+
+  it { expect(verdict::ALLOW).to be_eql('allow') }
+  it { expect(verdict::DENY).to be_eql('deny') }
+  it { expect(verdict::CHALLENGE).to be_eql('challenge') }
+end

data/spec/lib/castle/webhooks/verify_spec.rb

@@ -0,0 +1,69 @@
+# frozen_string_literal: true
+
+describe Castle::Webhooks::Verify do
+  describe '#call' do
+    subject(:call) { described_class.call(webhook) }
+
+    let(:env) do
+      Rack::MockRequest.env_for(
+        '/',
+        'HTTP_X_CASTLE_SIGNATURE' => signature
+      )
+    end
+
+    let(:webhook) { Rack::Request.new(env) }
+    let(:user_id) { '12345' }
+    let(:webhook_body) do
+      {
+        api_version: 'v1',
+        app_id: '12345',
+        type: '$incident.confirmed',
+        created_at: '2020-12-18T12:55:21.779Z',
+        data: {
+          id: 'test',
+          device_token: 'token',
+          user_id: user_id,
+          trigger: '$login.succeeded',
+          context: {},
+          location: {},
+          user_agent: {}
+        },
+        user_traits: {},
+        properties: {},
+        policy: {}
+      }.to_json
+    end
+
+    context 'when success' do
+      let(:signature) { '3ptx3rUOBnGEqPjMrbcJn2UUfzwTKP54dFyP5uyPY+Y=' }
+
+      before do
+        allow(Castle::Core::ProcessWebhook)
+          .to receive(:call)
+          .and_return(webhook_body)
+      end
+
+      it do
+        expect { call }.not_to raise_error
+      end
+    end
+
+    context 'when signature is malformed' do
+      let(:signature) { '123' }
+
+      before do
+        allow(Castle::Core::ProcessWebhook)
+          .to receive(:call)
+          .and_return(webhook_body)
+      end
+
+      it do
+        expect { call }
+          .to raise_error(
+            Castle::WebhookVerificationError,
+            'Signature not matching the expected signature'
+          )
+      end
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -14,6 +14,8 @@ require 'castle'
 
 WebMock.disable_net_connect!(allow_localhost: true)
 
+Dir['./spec/support/**/*.rb'].sort.each { |f| require f }
+
 RSpec.configure do |config|
   config.before do
     Castle.config.reset

data/spec/support/shared_examples/configuration.rb

@@ -0,0 +1,129 @@
+# frozen_string_literal: true
+
+shared_examples 'configuration_host' do
+  describe 'host' do
+    context 'with default' do
+      it { expect(config.base_url.host).to be_eql('api.castle.io') }
+    end
+
+    context 'with setter' do
+      before { config.base_url = 'http://api.castle.dev/v2' }
+
+      it { expect(config.base_url.host).to be_eql('api.castle.dev') }
+    end
+  end
+end
+
+shared_examples 'configuration_request_timeout' do
+  describe 'request_timeout' do
+    it do
+      expect(config.request_timeout).to be_eql(1000)
+    end
+
+    context 'with setter' do
+      let(:value) { 50.0 }
+
+      before do
+        config.request_timeout = value
+      end
+
+      it do
+        expect(config.request_timeout).to be_eql(value)
+      end
+    end
+  end
+end
+
+shared_examples 'configuration_allowlisted' do
+  describe 'allowlisted' do
+    it do
+      expect(config.allowlisted.size).to be_eql(0)
+    end
+
+    context 'with setter' do
+      before do
+        config.allowlisted = ['header']
+      end
+
+      it do
+        expect(config.allowlisted).to be_eql(['Header'])
+      end
+    end
+  end
+end
+
+shared_examples 'configuration_denylisted' do
+  describe 'denylisted' do
+    it do
+      expect(config.denylisted.size).to be_eql(0)
+    end
+
+    context 'with setter' do
+      before do
+        config.denylisted = ['header']
+      end
+
+      it do
+        expect(config.denylisted).to be_eql(['Header'])
+      end
+    end
+  end
+end
+
+shared_examples 'configuration_failover_strategy' do
+  describe 'failover_strategy' do
+    it do
+      expect(config.failover_strategy).to be_eql(Castle::Failover::Strategy::ALLOW)
+    end
+
+    context 'with setter' do
+      before do
+        config.failover_strategy = Castle::Failover::Strategy::DENY
+      end
+
+      it do
+        expect(config.failover_strategy).to be_eql(Castle::Failover::Strategy::DENY)
+      end
+    end
+
+    context 'when broken' do
+      it do
+        expect do
+          config.failover_strategy = :unicorn
+        end.to raise_error(Castle::ConfigurationError)
+      end
+    end
+  end
+end
+
+shared_examples 'configuration_api_secret' do
+  describe 'api_secret' do
+    context 'with env' do
+      let(:secret_key_env) { 'secret_key_env' }
+      let(:secret_key) { 'secret_key' }
+
+      before do
+        allow(ENV).to receive(:fetch).with(
+          'CASTLE_API_SECRET', ''
+        ).and_return(secret_key_env)
+        config.reset
+      end
+
+      it { expect(config.api_secret).to be_eql(secret_key_env) }
+
+      context 'when key is overwritten' do
+        before { config.api_secret = secret_key }
+
+        it { expect(config.api_secret).to be_eql(secret_key) }
+      end
+    end
+
+    context 'with setter' do
+      let(:value) { 'new_secret' }
+
+      before { config.api_secret = value }
+
+      it { expect(config.api_secret).to be_eql(value) }
+    end
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: castle-rb
 version: !ruby/object:Gem::Version
-  version: 4.1.0
+  version: 6.0.0
 platform: ruby
 authors:
 - Johan Brissmyr
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-03-27 00:00:00.000000000 Z
+date: 2021-01-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: appraisal
@@ -34,81 +34,132 @@ files:
 - lib/castle-rb.rb
 - lib/castle.rb
 - lib/castle/api.rb
-- lib/castle/api/request.rb
-- lib/castle/api/response.rb
-- lib/castle/api/session.rb
+- lib/castle/api/approve_device.rb
+- lib/castle/api/authenticate.rb
+- lib/castle/api/end_impersonation.rb
+- lib/castle/api/get_device.rb
+- lib/castle/api/get_devices_for_user.rb
+- lib/castle/api/identify.rb
+- lib/castle/api/report_device.rb
+- lib/castle/api/review.rb
+- lib/castle/api/start_impersonation.rb
+- lib/castle/api/track.rb
 - lib/castle/client.rb
+- lib/castle/client_id/extract.rb
 - lib/castle/command.rb
+- lib/castle/commands/approve_device.rb
 - lib/castle/commands/authenticate.rb
+- lib/castle/commands/end_impersonation.rb
+- lib/castle/commands/get_device.rb
+- lib/castle/commands/get_devices_for_user.rb
 - lib/castle/commands/identify.rb
-- lib/castle/commands/impersonate.rb
+- lib/castle/commands/report_device.rb
 - lib/castle/commands/review.rb
+- lib/castle/commands/start_impersonation.rb
 - lib/castle/commands/track.rb
 - lib/castle/configuration.rb
-- lib/castle/context/default.rb
-- lib/castle/context/merger.rb
-- lib/castle/context/sanitizer.rb
+- lib/castle/context/get_default.rb
+- lib/castle/context/merge.rb
+- lib/castle/context/prepare.rb
+- lib/castle/context/sanitize.rb
+- lib/castle/core/get_connection.rb
+- lib/castle/core/process_response.rb
+- lib/castle/core/process_webhook.rb
+- lib/castle/core/send_request.rb
 - lib/castle/errors.rb
 - lib/castle/events.rb
-- lib/castle/extractors/client_id.rb
-- lib/castle/extractors/headers.rb
-- lib/castle/extractors/ip.rb
-- lib/castle/failover_auth_response.rb
-- lib/castle/headers_filter.rb
-- lib/castle/headers_formatter.rb
-- lib/castle/review.rb
+- lib/castle/failover/prepare_response.rb
+- lib/castle/failover/strategy.rb
+- lib/castle/headers/extract.rb
+- lib/castle/headers/filter.rb
+- lib/castle/headers/format.rb
+- lib/castle/ip/extract.rb
+- lib/castle/logger.rb
+- lib/castle/payload/prepare.rb
 - lib/castle/secure_mode.rb
+- lib/castle/session.rb
+- lib/castle/singleton_configuration.rb
 - lib/castle/support/hanami.rb
 - lib/castle/support/padrino.rb
 - lib/castle/support/rails.rb
 - lib/castle/support/sinatra.rb
-- lib/castle/utils.rb
-- lib/castle/utils/cloner.rb
-- lib/castle/utils/merger.rb
-- lib/castle/utils/timestamp.rb
+- lib/castle/utils/clean_invalid_chars.rb
+- lib/castle/utils/clone.rb
+- lib/castle/utils/deep_symbolize_keys.rb
+- lib/castle/utils/get_timestamp.rb
+- lib/castle/utils/merge.rb
+- lib/castle/utils/secure_compare.rb
 - lib/castle/validators/not_supported.rb
 - lib/castle/validators/present.rb
+- lib/castle/verdict.rb
 - lib/castle/version.rb
+- lib/castle/webhooks/verify.rb
 - spec/integration/rails/rails_spec.rb
 - spec/integration/rails/support/all.rb
 - spec/integration/rails/support/application.rb
 - spec/integration/rails/support/home_controller.rb
-- spec/lib/castle/api/request_spec.rb
-- spec/lib/castle/api/response_spec.rb
+- spec/lib/castle/api/approve_device_spec.rb
+- spec/lib/castle/api/authenticate_spec.rb
+- spec/lib/castle/api/end_impersonation_spec.rb
+- spec/lib/castle/api/get_device_spec.rb
+- spec/lib/castle/api/get_devices_for_user_spec.rb
+- spec/lib/castle/api/identify_spec.rb
+- spec/lib/castle/api/report_device_spec.rb
+- spec/lib/castle/api/review_spec.rb
+- spec/lib/castle/api/start_impersonation_spec.rb
+- spec/lib/castle/api/track_spec.rb
 - spec/lib/castle/api_spec.rb
+- spec/lib/castle/client_id/extract_spec.rb
 - spec/lib/castle/client_spec.rb
 - spec/lib/castle/command_spec.rb
+- spec/lib/castle/commands/approve_device_spec.rb
 - spec/lib/castle/commands/authenticate_spec.rb
+- spec/lib/castle/commands/end_impersonation_spec.rb
+- spec/lib/castle/commands/get_device_spec.rb
+- spec/lib/castle/commands/get_devices_for_user_spec.rb
 - spec/lib/castle/commands/identify_spec.rb
-- spec/lib/castle/commands/impersonate_spec.rb
+- spec/lib/castle/commands/report_device_spec.rb
 - spec/lib/castle/commands/review_spec.rb
+- spec/lib/castle/commands/start_impersonation_spec.rb
 - spec/lib/castle/commands/track_spec.rb
 - spec/lib/castle/configuration_spec.rb
-- spec/lib/castle/context/default_spec.rb
-- spec/lib/castle/context/merger_spec.rb
-- spec/lib/castle/context/sanitizer_spec.rb
+- spec/lib/castle/context/get_default_spec.rb
+- spec/lib/castle/context/merge_spec.rb
+- spec/lib/castle/context/prepare_spec.rb
+- spec/lib/castle/context/sanitize_spec.rb
+- spec/lib/castle/core/get_connection_spec.rb
+- spec/lib/castle/core/process_response_spec.rb
+- spec/lib/castle/core/process_webhook_spec.rb
+- spec/lib/castle/core/send_request_spec.rb
 - spec/lib/castle/events_spec.rb
-- spec/lib/castle/extractors/client_id_spec.rb
-- spec/lib/castle/extractors/headers_spec.rb
-- spec/lib/castle/extractors/ip_spec.rb
-- spec/lib/castle/headers_filter_spec.rb
-- spec/lib/castle/headers_formatter_spec.rb
-- spec/lib/castle/review_spec.rb
+- spec/lib/castle/failover/strategy_spec.rb
+- spec/lib/castle/headers/extract_spec.rb
+- spec/lib/castle/headers/filter_spec.rb
+- spec/lib/castle/headers/format_spec.rb
+- spec/lib/castle/ip/extract_spec.rb
+- spec/lib/castle/logger_spec.rb
+- spec/lib/castle/payload/prepare_spec.rb
 - spec/lib/castle/secure_mode_spec.rb
-- spec/lib/castle/utils/cloner_spec.rb
-- spec/lib/castle/utils/merger_spec.rb
-- spec/lib/castle/utils/timestamp_spec.rb
-- spec/lib/castle/utils_spec.rb
+- spec/lib/castle/session_spec.rb
+- spec/lib/castle/singleton_configuration_spec.rb
+- spec/lib/castle/utils/clean_invalid_chars_spec.rb
+- spec/lib/castle/utils/clone_spec.rb
+- spec/lib/castle/utils/deep_symbolize_keys_spec.rb
+- spec/lib/castle/utils/get_timestamp_spec.rb
+- spec/lib/castle/utils/merge_spec.rb
 - spec/lib/castle/validators/not_supported_spec.rb
 - spec/lib/castle/validators/present_spec.rb
+- spec/lib/castle/verdict_spec.rb
 - spec/lib/castle/version_spec.rb
+- spec/lib/castle/webhooks/verify_spec.rb
 - spec/lib/castle_spec.rb
 - spec/spec_helper.rb
+- spec/support/shared_examples/configuration.rb
 homepage: https://castle.io
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -123,8 +174,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.6
-signing_key: 
+rubygems_version: 3.1.3
+signing_key:
 specification_version: 4
 summary: Castle
 test_files:
@@ -133,33 +184,59 @@ test_files:
 - spec/integration/rails/support/all.rb
 - spec/integration/rails/support/home_controller.rb
 - spec/integration/rails/rails_spec.rb
+- spec/support/shared_examples/configuration.rb
 - spec/lib/castle_spec.rb
-- spec/lib/castle/review_spec.rb
-- spec/lib/castle/headers_filter_spec.rb
+- spec/lib/castle/session_spec.rb
+- spec/lib/castle/verdict_spec.rb
 - spec/lib/castle/client_spec.rb
-- spec/lib/castle/context/default_spec.rb
-- spec/lib/castle/context/merger_spec.rb
-- spec/lib/castle/context/sanitizer_spec.rb
+- spec/lib/castle/context/get_default_spec.rb
+- spec/lib/castle/context/prepare_spec.rb
+- spec/lib/castle/context/sanitize_spec.rb
+- spec/lib/castle/context/merge_spec.rb
+- spec/lib/castle/core/get_connection_spec.rb
+- spec/lib/castle/core/process_webhook_spec.rb
+- spec/lib/castle/core/send_request_spec.rb
+- spec/lib/castle/core/process_response_spec.rb
 - spec/lib/castle/api_spec.rb
+- spec/lib/castle/logger_spec.rb
+- spec/lib/castle/client_id/extract_spec.rb
 - spec/lib/castle/configuration_spec.rb
 - spec/lib/castle/version_spec.rb
-- spec/lib/castle/utils/cloner_spec.rb
-- spec/lib/castle/utils/timestamp_spec.rb
-- spec/lib/castle/utils/merger_spec.rb
+- spec/lib/castle/payload/prepare_spec.rb
+- spec/lib/castle/utils/clean_invalid_chars_spec.rb
+- spec/lib/castle/utils/deep_symbolize_keys_spec.rb
+- spec/lib/castle/utils/get_timestamp_spec.rb
+- spec/lib/castle/utils/clone_spec.rb
+- spec/lib/castle/utils/merge_spec.rb
 - spec/lib/castle/command_spec.rb
-- spec/lib/castle/headers_formatter_spec.rb
-- spec/lib/castle/api/request_spec.rb
-- spec/lib/castle/api/response_spec.rb
+- spec/lib/castle/headers/format_spec.rb
+- spec/lib/castle/headers/extract_spec.rb
+- spec/lib/castle/headers/filter_spec.rb
+- spec/lib/castle/api/review_spec.rb
+- spec/lib/castle/api/report_device_spec.rb
+- spec/lib/castle/api/authenticate_spec.rb
+- spec/lib/castle/api/track_spec.rb
+- spec/lib/castle/api/get_device_spec.rb
+- spec/lib/castle/api/start_impersonation_spec.rb
+- spec/lib/castle/api/approve_device_spec.rb
+- spec/lib/castle/api/get_devices_for_user_spec.rb
+- spec/lib/castle/api/end_impersonation_spec.rb
+- spec/lib/castle/api/identify_spec.rb
 - spec/lib/castle/commands/review_spec.rb
+- spec/lib/castle/commands/report_device_spec.rb
 - spec/lib/castle/commands/authenticate_spec.rb
 - spec/lib/castle/commands/track_spec.rb
-- spec/lib/castle/commands/impersonate_spec.rb
+- spec/lib/castle/commands/get_device_spec.rb
+- spec/lib/castle/commands/start_impersonation_spec.rb
+- spec/lib/castle/commands/approve_device_spec.rb
+- spec/lib/castle/commands/get_devices_for_user_spec.rb
+- spec/lib/castle/commands/end_impersonation_spec.rb
 - spec/lib/castle/commands/identify_spec.rb
 - spec/lib/castle/validators/not_supported_spec.rb
 - spec/lib/castle/validators/present_spec.rb
-- spec/lib/castle/extractors/ip_spec.rb
-- spec/lib/castle/extractors/headers_spec.rb
-- spec/lib/castle/extractors/client_id_spec.rb
-- spec/lib/castle/utils_spec.rb
+- spec/lib/castle/webhooks/verify_spec.rb
+- spec/lib/castle/ip/extract_spec.rb
+- spec/lib/castle/failover/strategy_spec.rb
 - spec/lib/castle/secure_mode_spec.rb
+- spec/lib/castle/singleton_configuration_spec.rb
 - spec/lib/castle/events_spec.rb