castle-rb 4.3.0 → 7.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +148 -49
- data/lib/castle.rb +49 -28
- data/lib/castle/api.rb +21 -14
- data/lib/castle/api/approve_device.rb +20 -0
- data/lib/castle/api/authenticate.rb +37 -0
- data/lib/castle/api/end_impersonation.rb +24 -0
- data/lib/castle/api/filter.rb +37 -0
- data/lib/castle/api/get_device.rb +20 -0
- data/lib/castle/api/get_devices_for_user.rb +20 -0
- data/lib/castle/api/log.rb +37 -0
- data/lib/castle/api/report_device.rb +20 -0
- data/lib/castle/api/risk.rb +37 -0
- data/lib/castle/api/start_impersonation.rb +24 -0
- data/lib/castle/api/track.rb +21 -0
- data/lib/castle/client.rb +78 -51
- data/lib/castle/{extractors/client_id.rb → client_id/extract.rb} +2 -2
- data/lib/castle/commands/approve_device.rb +17 -0
- data/lib/castle/commands/authenticate.rb +13 -13
- data/lib/castle/commands/end_impersonation.rb +25 -0
- data/lib/castle/commands/filter.rb +22 -0
- data/lib/castle/commands/get_device.rb +17 -0
- data/lib/castle/commands/get_devices_for_user.rb +17 -0
- data/lib/castle/commands/log.rb +22 -0
- data/lib/castle/commands/report_device.rb +17 -0
- data/lib/castle/commands/risk.rb +22 -0
- data/lib/castle/commands/start_impersonation.rb +25 -0
- data/lib/castle/commands/track.rb +12 -13
- data/lib/castle/configuration.rb +49 -32
- data/lib/castle/context/{default.rb → get_default.rb} +5 -6
- data/lib/castle/context/{merger.rb → merge.rb} +3 -3
- data/lib/castle/context/prepare.rb +18 -0
- data/lib/castle/context/{sanitizer.rb → sanitize.rb} +1 -1
- data/lib/castle/core/get_connection.rb +27 -0
- data/lib/castle/{api/response.rb → core/process_response.rb} +8 -3
- data/lib/castle/core/process_webhook.rb +25 -0
- data/lib/castle/core/send_request.rb +42 -0
- data/lib/castle/errors.rb +38 -12
- data/lib/castle/failover/prepare_response.rb +18 -0
- data/lib/castle/failover/strategy.rb +23 -0
- data/lib/castle/headers/extract.rb +47 -0
- data/lib/castle/headers/filter.rb +40 -0
- data/lib/castle/headers/format.rb +24 -0
- data/lib/castle/{extractors/ip.rb → ips/extract.rb} +11 -7
- data/lib/castle/logger.rb +19 -0
- data/lib/castle/payload/prepare.rb +26 -0
- data/lib/castle/secure_mode.rb +7 -2
- data/lib/castle/session.rb +18 -0
- data/lib/castle/singleton_configuration.rb +9 -0
- data/lib/castle/support/hanami.rb +2 -6
- data/lib/castle/support/rails.rb +1 -3
- data/lib/castle/utils/clean_invalid_chars.rb +22 -0
- data/lib/castle/utils/clone.rb +15 -0
- data/lib/castle/utils/deep_symbolize_keys.rb +45 -0
- data/lib/castle/utils/get_timestamp.rb +15 -0
- data/lib/castle/utils/{merger.rb → merge.rb} +3 -3
- data/lib/castle/utils/secure_compare.rb +22 -0
- data/lib/castle/validators/not_supported.rb +1 -0
- data/lib/castle/validators/present.rb +1 -0
- data/lib/castle/verdict.rb +15 -0
- data/lib/castle/version.rb +1 -1
- data/lib/castle/webhooks/verify.rb +45 -0
- data/spec/integration/rails/rails_spec.rb +42 -14
- data/spec/integration/rails/support/application.rb +3 -1
- data/spec/integration/rails/support/home_controller.rb +50 -6
- data/spec/lib/castle/api/approve_device_spec.rb +21 -0
- data/spec/lib/castle/api/authenticate_spec.rb +136 -0
- data/spec/lib/castle/api/end_impersonation_spec.rb +65 -0
- data/spec/lib/castle/api/filter_spec.rb +5 -0
- data/spec/lib/castle/api/get_device_spec.rb +19 -0
- data/spec/lib/castle/api/get_devices_for_user_spec.rb +19 -0
- data/spec/lib/castle/api/log_spec.rb +5 -0
- data/spec/lib/castle/api/report_device_spec.rb +21 -0
- data/spec/lib/castle/api/risk_spec.rb +5 -0
- data/spec/lib/castle/api/start_impersonation_spec.rb +65 -0
- data/spec/lib/castle/api/track_spec.rb +72 -0
- data/spec/lib/castle/api_spec.rb +14 -15
- data/spec/lib/castle/{extractors/client_id_spec.rb → client_id/extract_spec.rb} +6 -15
- data/spec/lib/castle/client_spec.rb +108 -93
- data/spec/lib/castle/commands/approve_device_spec.rb +24 -0
- data/spec/lib/castle/commands/authenticate_spec.rb +15 -31
- data/spec/lib/castle/commands/end_impersonation_spec.rb +79 -0
- data/spec/lib/castle/commands/filter_spec.rb +72 -0
- data/spec/lib/castle/commands/get_device_spec.rb +24 -0
- data/spec/lib/castle/commands/{review_spec.rb → get_devices_for_user_spec.rb} +7 -7
- data/spec/lib/castle/commands/log_spec.rb +73 -0
- data/spec/lib/castle/commands/report_device_spec.rb +24 -0
- data/spec/lib/castle/commands/risk_spec.rb +73 -0
- data/spec/lib/castle/commands/start_impersonation_spec.rb +79 -0
- data/spec/lib/castle/commands/track_spec.rb +14 -34
- data/spec/lib/castle/configuration_spec.rb +8 -141
- data/spec/lib/castle/context/{default_spec.rb → get_default_spec.rb} +9 -10
- data/spec/lib/castle/context/{merger_spec.rb → merge_spec.rb} +1 -1
- data/spec/lib/castle/context/prepare_spec.rb +43 -0
- data/spec/lib/castle/context/{sanitizer_spec.rb → sanitize_spec.rb} +1 -1
- data/spec/lib/castle/core/get_connection_spec.rb +43 -0
- data/spec/lib/castle/{api/response_spec.rb → core/process_response_spec.rb} +49 -1
- data/spec/lib/castle/core/process_webhook_spec.rb +46 -0
- data/spec/lib/castle/core/send_request_spec.rb +77 -0
- data/spec/lib/castle/failover/strategy_spec.rb +12 -0
- data/spec/lib/castle/{extractors/headers_spec.rb → headers/extract_spec.rb} +18 -20
- data/spec/lib/castle/headers/filter_spec.rb +39 -0
- data/spec/lib/castle/headers/format_spec.rb +25 -0
- data/spec/lib/castle/{extractors/ip_spec.rb → ips/extract_spec.rb} +5 -14
- data/spec/lib/castle/logger_spec.rb +38 -0
- data/spec/lib/castle/payload/prepare_spec.rb +55 -0
- data/spec/lib/castle/session_spec.rb +65 -0
- data/spec/lib/castle/singleton_configuration_spec.rb +14 -0
- data/spec/lib/castle/utils/clean_invalid_chars_spec.rb +69 -0
- data/spec/lib/castle/utils/{cloner_spec.rb → clone_spec.rb} +3 -3
- data/spec/lib/castle/utils/deep_symbolize_keys_spec.rb +50 -0
- data/spec/lib/castle/utils/{timestamp_spec.rb → get_timestamp_spec.rb} +1 -1
- data/spec/lib/castle/utils/merge_spec.rb +15 -0
- data/spec/lib/castle/validators/present_spec.rb +5 -6
- data/spec/lib/castle/verdict_spec.rb +9 -0
- data/spec/lib/castle/webhooks/verify_spec.rb +53 -0
- data/spec/lib/castle_spec.rb +4 -10
- data/spec/spec_helper.rb +3 -3
- data/spec/support/shared_examples/action_request.rb +152 -0
- data/spec/support/shared_examples/configuration.rb +101 -0
- metadata +147 -67
- data/lib/castle/api/request.rb +0 -42
- data/lib/castle/api/session.rb +0 -39
- data/lib/castle/commands/identify.rb +0 -23
- data/lib/castle/commands/impersonate.rb +0 -26
- data/lib/castle/commands/review.rb +0 -14
- data/lib/castle/events.rb +0 -49
- data/lib/castle/extractors/headers.rb +0 -45
- data/lib/castle/failover_auth_response.rb +0 -21
- data/lib/castle/headers_filter.rb +0 -35
- data/lib/castle/headers_formatter.rb +0 -22
- data/lib/castle/review.rb +0 -11
- data/lib/castle/utils.rb +0 -55
- data/lib/castle/utils/cloner.rb +0 -11
- data/lib/castle/utils/timestamp.rb +0 -12
- data/spec/lib/castle/api/request_spec.rb +0 -72
- data/spec/lib/castle/api/session_spec.rb +0 -47
- data/spec/lib/castle/commands/identify_spec.rb +0 -88
- data/spec/lib/castle/commands/impersonate_spec.rb +0 -107
- data/spec/lib/castle/events_spec.rb +0 -5
- data/spec/lib/castle/headers_filter_spec.rb +0 -38
- data/spec/lib/castle/headers_formatter_spec.rb +0 -25
- data/spec/lib/castle/review_spec.rb +0 -19
- data/spec/lib/castle/utils/merger_spec.rb +0 -13
- data/spec/lib/castle/utils_spec.rb +0 -156
@@ -1,6 +1,6 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
describe Castle::
|
3
|
+
describe Castle::Core::ProcessResponse do
|
4
4
|
describe '#call' do
|
5
5
|
subject(:call) { described_class.call(response) }
|
6
6
|
|
@@ -10,6 +10,54 @@ describe Castle::API::Response do
|
|
10
10
|
it { expect(call).to eql(user: 1) }
|
11
11
|
end
|
12
12
|
|
13
|
+
describe 'authenticate' do
|
14
|
+
context 'when allow without any additional props' do
|
15
|
+
let(:response) { OpenStruct.new(body: '{"action":"allow","user_id":"12345"}', code: 200) }
|
16
|
+
|
17
|
+
it { expect(call).to eql({ action: 'allow', user_id: '12345' }) }
|
18
|
+
end
|
19
|
+
|
20
|
+
context 'when allow with additional props' do
|
21
|
+
let(:response) do
|
22
|
+
OpenStruct.new(body: '{"action":"allow","user_id":"12345","internal":{}}', code: 200)
|
23
|
+
end
|
24
|
+
|
25
|
+
it { expect(call).to eql({ action: 'allow', user_id: '12345', internal: {} }) }
|
26
|
+
end
|
27
|
+
|
28
|
+
context 'when deny without risk policy' do
|
29
|
+
let(:response) do
|
30
|
+
OpenStruct.new(body: '{"action":"deny","user_id":"1","device_token":"abc"}', code: 200)
|
31
|
+
end
|
32
|
+
|
33
|
+
it { expect(call).to eql({ action: 'deny', user_id: '1', device_token: 'abc' }) }
|
34
|
+
end
|
35
|
+
|
36
|
+
context 'when deny with risk policy' do
|
37
|
+
let(:body) do
|
38
|
+
'{"action":"deny","user_id":"1","device_token":"abc",
|
39
|
+
"risk_policy":{"id":"123","revision_id":"abc","name":"def","type":"bot"}}'
|
40
|
+
end
|
41
|
+
let(:response) { OpenStruct.new({ body: body, code: 200 }) }
|
42
|
+
|
43
|
+
let(:result) do
|
44
|
+
{
|
45
|
+
action: 'deny',
|
46
|
+
user_id: '1',
|
47
|
+
device_token: 'abc',
|
48
|
+
risk_policy: {
|
49
|
+
id: '123',
|
50
|
+
revision_id: 'abc',
|
51
|
+
name: 'def',
|
52
|
+
type: 'bot'
|
53
|
+
}
|
54
|
+
}
|
55
|
+
end
|
56
|
+
|
57
|
+
it { expect(call).to eql(result) }
|
58
|
+
end
|
59
|
+
end
|
60
|
+
|
13
61
|
context 'when response empty' do
|
14
62
|
let(:response) { OpenStruct.new(body: '', code: 200) }
|
15
63
|
|
@@ -0,0 +1,46 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
describe Castle::Core::ProcessWebhook do
|
4
|
+
describe '#call' do
|
5
|
+
subject(:call) { described_class.call(webhook) }
|
6
|
+
|
7
|
+
let(:webhook_body) do
|
8
|
+
{
|
9
|
+
api_version: 'v1',
|
10
|
+
app_id: '12345',
|
11
|
+
type: '$incident.confirmed',
|
12
|
+
created_at: '2020-12-18T12:55:21.779Z',
|
13
|
+
data: {
|
14
|
+
id: 'test',
|
15
|
+
device_token: 'token',
|
16
|
+
user_id: '',
|
17
|
+
trigger: '$login.succeeded',
|
18
|
+
context: {},
|
19
|
+
location: {},
|
20
|
+
user_agent: {}
|
21
|
+
},
|
22
|
+
user_traits: {},
|
23
|
+
properties: {},
|
24
|
+
policy: {}
|
25
|
+
}.to_json
|
26
|
+
end
|
27
|
+
|
28
|
+
let(:webhook) { OpenStruct.new(body: StringIO.new(webhook_body)) }
|
29
|
+
|
30
|
+
context 'when success' do
|
31
|
+
it { expect(call).to eql(webhook_body) }
|
32
|
+
end
|
33
|
+
|
34
|
+
context 'when webhook empty' do
|
35
|
+
let(:webhook) { OpenStruct.new(body: StringIO.new('')) }
|
36
|
+
|
37
|
+
it { expect { call }.to raise_error(Castle::ApiError, 'Invalid webhook from Castle API') }
|
38
|
+
end
|
39
|
+
|
40
|
+
context 'when webhook nil' do
|
41
|
+
let(:webhook) { OpenStruct.new(body: StringIO.new) }
|
42
|
+
|
43
|
+
it { expect { call }.to raise_error(Castle::ApiError, 'Invalid webhook from Castle API') }
|
44
|
+
end
|
45
|
+
end
|
46
|
+
end
|
@@ -0,0 +1,77 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
describe Castle::Core::SendRequest do
|
4
|
+
let(:config) { Castle.config }
|
5
|
+
|
6
|
+
describe '#call' do
|
7
|
+
let(:command) { Castle::Commands::Track.build(event: '$login.succeeded') }
|
8
|
+
let(:headers) { {} }
|
9
|
+
let(:request_build) { {} }
|
10
|
+
let(:expected_headers) { { 'Content-Type' => 'application/json' } }
|
11
|
+
let(:http) { instance_double('Net::HTTP') }
|
12
|
+
|
13
|
+
context 'without http arg provided' do
|
14
|
+
subject(:call) { described_class.call(command, headers, nil, config) }
|
15
|
+
|
16
|
+
let(:http) { instance_double('Net::HTTP') }
|
17
|
+
let(:command) { Castle::Commands::Track.build(event: '$login.succeeded') }
|
18
|
+
let(:headers) { {} }
|
19
|
+
let(:request_build) { {} }
|
20
|
+
let(:expected_headers) { { 'Content-Type' => 'application/json' } }
|
21
|
+
|
22
|
+
before do
|
23
|
+
allow(Castle::Core::GetConnection).to receive(:call).and_return(http)
|
24
|
+
allow(http).to receive(:request)
|
25
|
+
allow(described_class).to receive(:build).and_return(request_build)
|
26
|
+
call
|
27
|
+
end
|
28
|
+
|
29
|
+
it do
|
30
|
+
expect(described_class).to have_received(:build).with(command, expected_headers, config)
|
31
|
+
end
|
32
|
+
|
33
|
+
it { expect(http).to have_received(:request).with(request_build) }
|
34
|
+
end
|
35
|
+
|
36
|
+
context 'with http arg provided' do
|
37
|
+
subject(:call) { described_class.call(command, headers, http, config) }
|
38
|
+
|
39
|
+
before do
|
40
|
+
allow(Castle::Core::GetConnection).to receive(:call)
|
41
|
+
allow(http).to receive(:request)
|
42
|
+
allow(described_class).to receive(:build).and_return(request_build)
|
43
|
+
call
|
44
|
+
end
|
45
|
+
|
46
|
+
it { expect(Castle::Core::GetConnection).not_to have_received(:call) }
|
47
|
+
|
48
|
+
it do
|
49
|
+
expect(described_class).to have_received(:build).with(command, expected_headers, config)
|
50
|
+
end
|
51
|
+
|
52
|
+
it { expect(http).to have_received(:request).with(request_build) }
|
53
|
+
end
|
54
|
+
end
|
55
|
+
|
56
|
+
describe '#build' do
|
57
|
+
subject(:build) { described_class.build(command, headers, config) }
|
58
|
+
|
59
|
+
let(:headers) { { 'SAMPLE-HEADER' => '1' } }
|
60
|
+
let(:api_secret) { 'secret' }
|
61
|
+
|
62
|
+
context 'when post' do
|
63
|
+
let(:time) { Time.now.utc.iso8601(3) }
|
64
|
+
let(:command) { Castle::Commands::Track.build(event: '$login.succeeded', name: "\xC4") }
|
65
|
+
let(:expected_body) { { event: '$login.succeeded', name: '�', context: {}, sent_at: time } }
|
66
|
+
|
67
|
+
before { allow(Castle::Utils::GetTimestamp).to receive(:call).and_return(time) }
|
68
|
+
|
69
|
+
it { expect(build.body).to be_eql(expected_body.to_json) }
|
70
|
+
it { expect(build.method).to eql('POST') }
|
71
|
+
it { expect(build.path).to eql("/v1/#{command.path}") }
|
72
|
+
it { expect(build.to_hash).to have_key('authorization') }
|
73
|
+
it { expect(build.to_hash).to have_key('sample-header') }
|
74
|
+
it { expect(build.to_hash['sample-header']).to eql(['1']) }
|
75
|
+
end
|
76
|
+
end
|
77
|
+
end
|
@@ -0,0 +1,12 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
describe Castle::Failover::Strategy do
|
4
|
+
subject(:strategy) { described_class }
|
5
|
+
|
6
|
+
it { expect(strategy::ALLOW).to be_eql(:allow) }
|
7
|
+
it { expect(strategy::DENY).to be_eql(:deny) }
|
8
|
+
it { expect(strategy::CHALLENGE).to be_eql(:challenge) }
|
9
|
+
it { expect(strategy::THROW).to be_eql(:throw) }
|
10
|
+
|
11
|
+
it { expect(Castle::Failover::STRATEGIES).to be_eql(%i[allow deny challenge throw]) }
|
12
|
+
end
|
@@ -1,7 +1,7 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
describe Castle::
|
4
|
-
subject(:
|
3
|
+
describe Castle::Headers::Extract do
|
4
|
+
subject(:extract_call) { described_class.new(formatted_headers).call }
|
5
5
|
|
6
6
|
let(:formatted_headers) do
|
7
7
|
{
|
@@ -16,11 +16,11 @@ describe Castle::Extractors::Headers do
|
|
16
16
|
end
|
17
17
|
|
18
18
|
after do
|
19
|
-
Castle.config.
|
20
|
-
Castle.config.
|
19
|
+
Castle.config.allowlisted = %w[]
|
20
|
+
Castle.config.denylisted = %w[]
|
21
21
|
end
|
22
22
|
|
23
|
-
context 'when
|
23
|
+
context 'when allowlist is not set in the configuration' do
|
24
24
|
let(:result) do
|
25
25
|
{
|
26
26
|
'Accept' => 'application/json',
|
@@ -33,11 +33,11 @@ describe Castle::Extractors::Headers do
|
|
33
33
|
}
|
34
34
|
end
|
35
35
|
|
36
|
-
it { expect(
|
36
|
+
it { expect(extract_call).to eq(result) }
|
37
37
|
end
|
38
38
|
|
39
|
-
context 'when
|
40
|
-
before { Castle.config.
|
39
|
+
context 'when allowlist is set in the configuration' do
|
40
|
+
before { Castle.config.allowlisted = %w[Accept OK] }
|
41
41
|
|
42
42
|
let(:result) do
|
43
43
|
{
|
@@ -51,10 +51,10 @@ describe Castle::Extractors::Headers do
|
|
51
51
|
}
|
52
52
|
end
|
53
53
|
|
54
|
-
it { expect(
|
54
|
+
it { expect(extract_call).to eq(result) }
|
55
55
|
end
|
56
56
|
|
57
|
-
context 'when
|
57
|
+
context 'when denylist is set in the configuration' do
|
58
58
|
context 'with a User-Agent' do
|
59
59
|
let(:result) do
|
60
60
|
{
|
@@ -68,9 +68,9 @@ describe Castle::Extractors::Headers do
|
|
68
68
|
}
|
69
69
|
end
|
70
70
|
|
71
|
-
before { Castle.config.
|
71
|
+
before { Castle.config.denylisted = %w[User-Agent] }
|
72
72
|
|
73
|
-
it { expect(
|
73
|
+
it { expect(extract_call).to eq(result) }
|
74
74
|
end
|
75
75
|
|
76
76
|
context 'with a different header' do
|
@@ -86,20 +86,18 @@ describe Castle::Extractors::Headers do
|
|
86
86
|
}
|
87
87
|
end
|
88
88
|
|
89
|
-
before { Castle.config.
|
89
|
+
before { Castle.config.denylisted = %w[Accept] }
|
90
90
|
|
91
|
-
it { expect(
|
91
|
+
it { expect(extract_call).to eq(result) }
|
92
92
|
end
|
93
93
|
end
|
94
94
|
|
95
|
-
context 'when a header is both
|
95
|
+
context 'when a header is both allowlisted and denylisted' do
|
96
96
|
before do
|
97
|
-
Castle.config.
|
98
|
-
Castle.config.
|
97
|
+
Castle.config.allowlisted = %w[Accept]
|
98
|
+
Castle.config.denylisted = %w[Accept]
|
99
99
|
end
|
100
100
|
|
101
|
-
it
|
102
|
-
expect(headers['Accept']).to eq(true)
|
103
|
-
end
|
101
|
+
it { expect(extract_call['Accept']).to eq(true) }
|
104
102
|
end
|
105
103
|
end
|
@@ -0,0 +1,39 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
describe Castle::Headers::Filter do
|
4
|
+
subject(:filter_call) { described_class.new(request).call }
|
5
|
+
|
6
|
+
let(:env) do
|
7
|
+
result =
|
8
|
+
Rack::MockRequest.env_for(
|
9
|
+
'/',
|
10
|
+
'Action-Dispatch.request.content-Type' => 'application/json',
|
11
|
+
'HTTP_AUTHORIZATION' => 'Basic 123456',
|
12
|
+
'HTTP_COOKIE' => '__cid=abcd;other=efgh',
|
13
|
+
'HTTP_ACCEPT' => 'application/json',
|
14
|
+
'HTTP_X_FORWARDED_FOR' => '1.2.3.4',
|
15
|
+
'HTTP_USER_AGENT' => 'Mozilla 1234',
|
16
|
+
'TEST' => '1',
|
17
|
+
'REMOTE_ADDR' => '1.2.3.4'
|
18
|
+
)
|
19
|
+
result[:HTTP_OK] = 'OK'
|
20
|
+
result
|
21
|
+
end
|
22
|
+
let(:filtered) do
|
23
|
+
{
|
24
|
+
'Accept' => 'application/json',
|
25
|
+
'Authorization' => 'Basic 123456',
|
26
|
+
'Cookie' => '__cid=abcd;other=efgh',
|
27
|
+
'Content-Length' => '0',
|
28
|
+
'Ok' => 'OK',
|
29
|
+
'User-Agent' => 'Mozilla 1234',
|
30
|
+
'Remote-Addr' => '1.2.3.4',
|
31
|
+
'X-Forwarded-For' => '1.2.3.4'
|
32
|
+
}
|
33
|
+
end
|
34
|
+
let(:request) { Rack::Request.new(env) }
|
35
|
+
|
36
|
+
context 'with list of header' do
|
37
|
+
it { expect(filter_call).to eq(filtered) }
|
38
|
+
end
|
39
|
+
end
|
@@ -0,0 +1,25 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
describe Castle::Headers::Format do
|
4
|
+
subject(:format) { described_class }
|
5
|
+
|
6
|
+
it 'removes HTTP_' do
|
7
|
+
expect(format.call('HTTP_X_TEST')).to be_eql('X-Test')
|
8
|
+
end
|
9
|
+
|
10
|
+
it 'capitalizes header' do
|
11
|
+
expect(format.call('X_TEST')).to be_eql('X-Test')
|
12
|
+
end
|
13
|
+
|
14
|
+
it 'ignores letter case and -_ divider' do
|
15
|
+
expect(format.call('http-X_teST')).to be_eql('X-Test')
|
16
|
+
end
|
17
|
+
|
18
|
+
it 'does not remove http if there is no _- char' do
|
19
|
+
expect(format.call('httpX_teST')).to be_eql('Httpx-Test')
|
20
|
+
end
|
21
|
+
|
22
|
+
it 'capitalizes' do
|
23
|
+
expect(format.call(:clearance)).to be_eql('Clearance')
|
24
|
+
end
|
25
|
+
end
|
@@ -1,6 +1,6 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
describe Castle::
|
3
|
+
describe Castle::IPs::Extract do
|
4
4
|
subject(:extractor) { described_class.new(headers) }
|
5
5
|
|
6
6
|
describe 'ip' do
|
@@ -43,9 +43,7 @@ describe Castle::Extractors::IP do
|
|
43
43
|
end
|
44
44
|
|
45
45
|
context 'with all the trusted proxies' do
|
46
|
-
let(:http_x_header)
|
47
|
-
'127.0.0.1,10.0.0.1,172.31.0.1,192.168.0.1'
|
48
|
-
end
|
46
|
+
let(:http_x_header) { '127.0.0.1,10.0.0.1,172.31.0.1,192.168.0.1' }
|
49
47
|
|
50
48
|
let(:headers) { { 'Remote-Addr' => '127.0.0.1', 'X-Forwarded-For' => http_x_header } }
|
51
49
|
|
@@ -55,9 +53,7 @@ describe Castle::Extractors::IP do
|
|
55
53
|
end
|
56
54
|
|
57
55
|
context 'with trust_proxy_chain option' do
|
58
|
-
let(:http_x_header)
|
59
|
-
'6.6.6.6, 2.2.2.3, 6.6.6.5'
|
60
|
-
end
|
56
|
+
let(:http_x_header) { '6.6.6.6, 2.2.2.3, 6.6.6.5' }
|
61
57
|
|
62
58
|
let(:headers) { { 'Remote-Addr' => '6.6.6.4', 'X-Forwarded-For' => http_x_header } }
|
63
59
|
|
@@ -69,9 +65,7 @@ describe Castle::Extractors::IP do
|
|
69
65
|
end
|
70
66
|
|
71
67
|
context 'with trusted_proxy_depth option' do
|
72
|
-
let(:http_x_header)
|
73
|
-
'6.6.6.6, 2.2.2.3, 6.6.6.5'
|
74
|
-
end
|
68
|
+
let(:http_x_header) { '6.6.6.6, 2.2.2.3, 6.6.6.5' }
|
75
69
|
|
76
70
|
let(:headers) { { 'Remote-Addr' => '6.6.6.4', 'X-Forwarded-For' => http_x_header } }
|
77
71
|
|
@@ -84,10 +78,7 @@ describe Castle::Extractors::IP do
|
|
84
78
|
|
85
79
|
context 'when list of not trusted ips provided in X_FORWARDED_FOR' do
|
86
80
|
let(:headers) do
|
87
|
-
{
|
88
|
-
'X-Forwarded-For' => '6.6.6.6, 2.2.2.3, 192.168.0.7',
|
89
|
-
'Client-Ip' => '6.6.6.6'
|
90
|
-
}
|
81
|
+
{ 'X-Forwarded-For' => '6.6.6.6, 2.2.2.3, 192.168.0.7', 'Client-Ip' => '6.6.6.6' }
|
91
82
|
end
|
92
83
|
|
93
84
|
it 'does not allow to spoof ip' do
|
@@ -0,0 +1,38 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# tmp logger for testing
|
4
|
+
class TmpLogger
|
5
|
+
# @param _message [String]
|
6
|
+
def info(_message); end
|
7
|
+
end
|
8
|
+
|
9
|
+
describe Castle::Logger do
|
10
|
+
subject(:log) { described_class.call(message, data) }
|
11
|
+
|
12
|
+
let(:message) { 'https://localhost/test:' }
|
13
|
+
let(:integration_logger) { TmpLogger.new }
|
14
|
+
let(:data) { { a: 1 }.to_json }
|
15
|
+
let(:logger_message) { "[CASTLE] #{message} #{data}" }
|
16
|
+
|
17
|
+
before { allow(integration_logger).to receive(:info).and_call_original }
|
18
|
+
|
19
|
+
describe '.call' do
|
20
|
+
context 'without logger' do
|
21
|
+
before do
|
22
|
+
Castle.config.logger = nil
|
23
|
+
log
|
24
|
+
end
|
25
|
+
|
26
|
+
it { expect(integration_logger).not_to have_received(:info) }
|
27
|
+
end
|
28
|
+
|
29
|
+
context 'with logger' do
|
30
|
+
before do
|
31
|
+
Castle.config.logger = integration_logger
|
32
|
+
log
|
33
|
+
end
|
34
|
+
|
35
|
+
it { expect(integration_logger).to have_received(:info).with(logger_message) }
|
36
|
+
end
|
37
|
+
end
|
38
|
+
end
|