castle-rb 4.3.0 → 7.1.0

data/spec/lib/castle/payload/prepare_spec.rb

@@ -0,0 +1,55 @@
+# frozen_string_literal: true
+
+describe Castle::Payload::Prepare do
+  let(:ip) { '1.2.3.4' }
+  let(:cookie_id) { 'abcd' }
+  let(:ua) { 'Chrome' }
+  let(:env) do
+    Rack::MockRequest.env_for(
+      '/',
+      'HTTP_USER_AGENT' => ua,
+      'HTTP_X_FORWARDED_FOR' => ip,
+      'HTTP_COOKIE' => "__cid=#{cookie_id};other=efgh"
+    )
+  end
+  let(:request) { Rack::Request.new(env) }
+
+  let(:headers) do
+    { 'Content-Length': '0', 'User-Agent': ua, 'X-Forwarded-For': ip.to_s, 'Cookie': true }
+  end
+  let(:context) do
+    {
+      client_id: 'abcd',
+      active: true,
+      user_agent: ua,
+      headers: headers,
+      ip: ip,
+      library: {
+        name: 'castle-rb',
+        version: '2.2.0'
+      }
+    }
+  end
+
+  let(:time_now) { Time.now }
+  let(:time_formatted) { time_now.utc.iso8601(3) }
+  let(:payload_options) { { user_id: '1234', user_traits: { name: 'Jo' } } }
+  let(:result) do
+    { user_id: '1234', user_traits: { name: 'Jo' }, timestamp: time_formatted, context: context }
+  end
+
+  before do
+    Timecop.freeze(time_now)
+    stub_const('Castle::VERSION', '2.2.0')
+  end
+
+  after { Timecop.return }
+
+  describe '#call' do
+    subject(:generated) { described_class.call(payload_options, request) }
+
+    context 'when active true' do
+      it { is_expected.to eql(result) }
+    end
+  end
+end

data/spec/lib/castle/session_spec.rb

@@ -0,0 +1,65 @@
+# frozen_string_literal: true
+
+describe Castle::Session do
+  describe '.call' do
+    context 'when ssl false' do
+      let(:localhost) { 'localhost' }
+      let(:port) { 3002 }
+
+      before do
+        Castle.config.base_url = 'http://localhost:3002'
+        stub_request(:get, 'localhost:3002/test').to_return(status: 200, body: '{}', headers: {})
+      end
+
+      context 'with block' do
+        let(:api_url) { '/test' }
+        let(:request) { Net::HTTP::Get.new(api_url) }
+
+        before do
+          allow(Net::HTTP).to receive(:new).with(localhost, port).and_call_original
+
+          described_class.call { |http| http.request(request) }
+        end
+
+        it { expect(Net::HTTP).to have_received(:new).with(localhost, port) }
+
+        it { expect(a_request(:get, 'localhost:3002/test')).to have_been_made.once }
+      end
+
+      context 'without block' do
+        before { described_class.call }
+
+        it { expect(a_request(:get, 'localhost:3002/test')).not_to have_been_made }
+      end
+    end
+
+    context 'when ssl true' do
+      let(:localhost) { 'localhost' }
+      let(:port) { 443 }
+
+      before do
+        Castle.config.base_url = 'https://localhost'
+        stub_request(:get, 'https://localhost/test').to_return(
+          status: 200,
+          body: '{}',
+          headers: {}
+        )
+      end
+
+      context 'with block' do
+        let(:api_url) { '/test' }
+        let(:request) { Net::HTTP::Get.new(api_url) }
+
+        before do
+          allow(Net::HTTP).to receive(:new).with(localhost, port).and_call_original
+
+          allow(Net::HTTP).to receive(:start)
+
+          described_class.call { |http| http.request(request) }
+        end
+
+        it { expect(Net::HTTP).to have_received(:new).with(localhost, port) }
+      end
+    end
+  end
+end

data/spec/lib/castle/singleton_configuration_spec.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+describe Castle::SingletonConfiguration do
+  subject(:config) { described_class.instance }
+
+  it_behaves_like 'configuration_host'
+  it_behaves_like 'configuration_request_timeout'
+  it_behaves_like 'configuration_allowlisted'
+  it_behaves_like 'configuration_denylisted'
+  it_behaves_like 'configuration_failover_strategy'
+  it_behaves_like 'configuration_api_secret'
+
+  it { expect(config.api_secret).to be_eql('secret') }
+end

data/spec/lib/castle/utils/clean_invalid_chars_spec.rb

@@ -0,0 +1,69 @@
+# frozen_string_literal: true
+
+describe Castle::Utils::CleanInvalidChars do
+  describe '::call' do
+    subject { described_class.call(input) }
+
+    context 'when input is a string' do
+      let(:input) { '1234' }
+
+      it { is_expected.to eq input }
+    end
+
+    context 'when input is an array' do
+      let(:input) { [1, 2, 3, '4'] }
+
+      it { is_expected.to eq input }
+    end
+
+    context 'when input is a hash' do
+      let(:input) { { user_id: 1 } }
+
+      it { is_expected.to eq input }
+    end
+
+    context 'when input is nil' do
+      let(:input) { nil }
+
+      it { is_expected.to eq input }
+    end
+
+    context 'when input is a nested hash' do
+      let(:input) { { user: { id: 1 } } }
+
+      it { is_expected.to eq input }
+    end
+
+    context 'with invalid UTF-8 characters' do
+      context 'when input is a hash' do
+        let(:input) { { user_id: "inv\xC4lid" } }
+
+        it { is_expected.to eq(user_id: 'inv�lid') }
+      end
+
+      context 'when input is a nested hash' do
+        let(:input) { { user: { id: "inv\xC4lid" } } }
+
+        it { is_expected.to eq(user: { id: 'inv�lid' }) }
+      end
+
+      context 'when input is an array of hashes' do
+        let(:input) { [{ user: "inv\xC4lid" }] * 2 }
+
+        it { is_expected.to eq([{ user: 'inv�lid' }, { user: 'inv�lid' }]) }
+      end
+
+      context 'when input is an array' do
+        let(:input) { ["inv\xC4lid"] * 2 }
+
+        it { is_expected.to eq(%w[inv�lid inv�lid]) }
+      end
+
+      context 'when input is a hash with array in key' do
+        let(:input) { { items: ["inv\xC4lid"] * 2 } }
+
+        it { is_expected.to eq(items: %w[inv�lid inv�lid]) }
+      end
+    end
+  end
+end

data/spec/lib/castle/utils/{cloner_spec.rb → clone_spec.rb}

@@ -1,13 +1,13 @@
 # frozen_string_literal: true
 
-describe Castle::Utils::Cloner do
-  subject(:cloner) { described_class }
+describe Castle::Utils::Clone do
+  subject(:clone) { described_class }
 
   describe 'call' do
     let(:nested) { { c: '3' } }
     let(:first) { { test: { test1: { c: '4' }, test2: nested, a: '1', b: '2' } } }
     let(:result) { { test: { test1: { c: '4' }, test2: { c: '3' }, a: '1', b: '2' } } }
-    let(:cloned) { cloner.call(first) }
+    let(:cloned) { clone.call(first) }
 
     before { cloned }
 

data/spec/lib/castle/utils/deep_symbolize_keys_spec.rb

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+
+describe Castle::Utils::DeepSymbolizeKeys do
+  let(:nested_strings) { { 'a' => { 'b' => { 'c' => 3 } } } }
+  let(:nested_symbols) { { a: { b: { c: 3 } } } }
+  let(:nested_mixed) { { 'a' => { b: { 'c' => 3 } } } }
+  let(:string_array_of_hashes) { { 'a' => [{ 'b' => 2 }, { 'c' => 3 }, 4] } }
+  let(:symbol_array_of_hashes) { { a: [{ b: 2 }, { c: 3 }, 4] } }
+  let(:mixed_array_of_hashes) { { a: [{ b: 2 }, { 'c' => 3 }, 4] } }
+
+  describe '::call' do
+    subject { described_class.call(hash) }
+
+    context 'when nested_symbols' do
+      let(:hash) { nested_symbols }
+
+      it { is_expected.to eq(nested_symbols) }
+    end
+
+    context 'when nested_strings' do
+      let(:hash) { nested_strings }
+
+      it { is_expected.to eq(nested_symbols) }
+    end
+
+    context 'when nested_mixed' do
+      let(:hash) { nested_mixed }
+
+      it { is_expected.to eq(nested_symbols) }
+    end
+
+    context 'when string_array_of_hashes' do
+      let(:hash) { string_array_of_hashes }
+
+      it { is_expected.to eq(symbol_array_of_hashes) }
+    end
+
+    context 'when symbol_array_of_hashes' do
+      let(:hash) { symbol_array_of_hashes }
+
+      it { is_expected.to eq(symbol_array_of_hashes) }
+    end
+
+    context 'when mixed_array_of_hashes' do
+      let(:hash) { mixed_array_of_hashes }
+
+      it { is_expected.to eq(symbol_array_of_hashes) }
+    end
+  end
+end

data/spec/lib/castle/utils/{timestamp_spec.rb → get_timestamp_spec.rb}

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-describe Castle::Utils::Timestamp do
+describe Castle::Utils::GetTimestamp do
   subject(:timestamp) { described_class.call }
 
   let(:time_string) { '2018-01-10T14:14:24.407Z' }

data/spec/lib/castle/utils/merge_spec.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+describe Castle::Utils::Merge do
+  subject(:merge) { described_class }
+
+  describe 'call' do
+    let(:first) { { test: { test1: { c: '4' }, test2: { c: '3' }, a: '1', b: '2' } } }
+    let(:second) do
+      { test2: '2', test: { 'test1' => { d: '5' }, :test2 => '6', :a => nil, :b => '3' } }
+    end
+    let(:result) { { test2: '2', test: { test1: { c: '4', d: '5' }, test2: '6', b: '3' } } }
+
+    it { expect(merge.call(first, second)).to be_eql(result) }
+  end
+end

data/spec/lib/castle/validators/present_spec.rb

@@ -8,9 +8,7 @@ describe Castle::Validators::Present do
       let(:keys) { %i[second third] }
 
       it do
-        expect do
-          call
-        end.to raise_error(Castle::InvalidParametersError, 'third is missing or empty')
+        expect { call }.to raise_error(Castle::InvalidParametersError, 'third is missing or empty')
       end
     end
 
@@ -18,9 +16,10 @@ describe Castle::Validators::Present do
       let(:keys) { %i[second invalid] }
 
       it do
-        expect do
-          call
-        end.to raise_error(Castle::InvalidParametersError, 'invalid is missing or empty')
+        expect { call }.to raise_error(
+          Castle::InvalidParametersError,
+          'invalid is missing or empty'
+        )
       end
     end
 

data/spec/lib/castle/verdict_spec.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+describe Castle::Verdict do
+  subject(:verdict) { described_class }
+
+  it { expect(verdict::ALLOW).to be_eql('allow') }
+  it { expect(verdict::DENY).to be_eql('deny') }
+  it { expect(verdict::CHALLENGE).to be_eql('challenge') }
+end

data/spec/lib/castle/webhooks/verify_spec.rb

@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+
+describe Castle::Webhooks::Verify do
+  describe '#call' do
+    subject(:call) { described_class.call(webhook) }
+
+    let(:env) { Rack::MockRequest.env_for('/', 'HTTP_X_CASTLE_SIGNATURE' => signature) }
+
+    let(:webhook) { Rack::Request.new(env) }
+    let(:user_id) { '12345' }
+    let(:webhook_body) do
+      {
+        api_version: 'v1',
+        app_id: '12345',
+        type: '$incident.confirmed',
+        created_at: '2020-12-18T12:55:21.779Z',
+        data: {
+          id: 'test',
+          device_token: 'token',
+          user_id: user_id,
+          trigger: '$login.succeeded',
+          context: {},
+          location: {},
+          user_agent: {}
+        },
+        user_traits: {},
+        properties: {},
+        policy: {}
+      }.to_json
+    end
+
+    context 'when success' do
+      let(:signature) { '3ptx3rUOBnGEqPjMrbcJn2UUfzwTKP54dFyP5uyPY+Y=' }
+
+      before { allow(Castle::Core::ProcessWebhook).to receive(:call).and_return(webhook_body) }
+
+      it { expect { call }.not_to raise_error }
+    end
+
+    context 'when signature is malformed' do
+      let(:signature) { '123' }
+
+      before { allow(Castle::Core::ProcessWebhook).to receive(:call).and_return(webhook_body) }
+
+      it do
+        expect { call }.to raise_error(
+          Castle::WebhookVerificationError,
+          'Signature not matching the expected signature'
+        )
+      end
+    end
+  end
+end

data/spec/lib/castle_spec.rb

@@ -42,11 +42,7 @@ describe Castle do
     end
 
     context 'with block and options' do
-      before do
-        castle.configure(request_timeout: timeout) do |config|
-          config.api_secret = value
-        end
-      end
+      before { castle.configure(request_timeout: timeout) { |config| config.api_secret = value } }
 
       it_behaves_like 'config_setup'
     end
@@ -56,11 +52,9 @@ describe Castle do
     let(:value) { 'new_secret' }
 
     it do
-      expect do
-        castle.configure do |config|
-          config.wrong_config = value
-        end
-      end.to raise_error(Castle::ConfigurationError)
+      expect { castle.configure { |config| config.wrong_config = value } }.to raise_error(
+        Castle::ConfigurationError
+      )
     end
   end
 end

data/spec/spec_helper.rb

@@ -14,11 +14,11 @@ require 'castle'
 
 WebMock.disable_net_connect!(allow_localhost: true)
 
+Dir['./spec/support/**/*.rb'].sort.each { |f| require f }
+
 RSpec.configure do |config|
   config.before do
     Castle.config.reset
-    Castle.configure do |cfg|
-      cfg.api_secret = 'secret'
-    end
+    Castle.configure { |cfg| cfg.api_secret = 'secret' }
   end
 end

data/spec/support/shared_examples/action_request.rb

@@ -0,0 +1,152 @@
+# frozen_string_literal: true
+
+RSpec.shared_examples_for 'action request' do |action|
+  subject(:request_response) { client.send(action.to_sym, options) }
+
+  let(:options) do
+    {
+      request_token: request_token,
+      event: event,
+      status: status,
+      user: user,
+      context: context,
+      properties: properties
+    }
+  end
+  let(:request_token) { '7e51335b-f4bc-4bc7-875d-b713fb61eb23-bf021a3022a1a302' }
+  let(:event) { '$login' }
+  let(:status) { '$succeeded' }
+  let(:user) { { id: '1234', email: 'foobar@mail.com' } }
+  let(:properties) { {} }
+  let(:request_body) do
+    {
+      request_token: request_token,
+      event: event,
+      status: status,
+      user: user,
+      context: context,
+      properties: properties,
+      timestamp: time_auto,
+      sent_at: time_auto
+    }
+  end
+
+  context 'when used with symbol keys' do
+    it do
+      request_response
+
+      assert_requested :post, "https://api.castle.io/v1/#{action}", times: 1 do |req|
+        JSON.parse(req.body) == JSON.parse(request_body.to_json)
+      end
+    end
+
+    context 'when passed timestamp in options and no defined timestamp' do
+      let(:client) { client_with_no_timestamp }
+
+      before do
+        options[:timestamp] = time_user
+        request_body[:timestamp] = time_user
+
+        request_response
+      end
+
+      it do
+        assert_requested :post, "https://api.castle.io/v1/#{action}", times: 1 do |req|
+          JSON.parse(req.body) == JSON.parse(request_body.to_json)
+        end
+      end
+    end
+
+    context 'with client initialized with timestamp' do
+      let(:client) { client_with_user_timestamp }
+
+      before do
+        request_body[:timestamp] = time_user
+
+        request_response
+      end
+
+      it do
+        assert_requested :post, "https://api.castle.io/v1/#{action}", times: 1 do |req|
+          JSON.parse(req.body) == JSON.parse(request_body.to_json)
+        end
+      end
+    end
+  end
+
+  context 'when used with string keys' do
+    before { request_response }
+
+    it do
+      assert_requested :post, "https://api.castle.io/v1/#{action}", times: 1 do |req|
+        JSON.parse(req.body) == JSON.parse(request_body.to_json)
+      end
+    end
+  end
+
+  context 'when tracking enabled' do
+    before { request_response }
+
+    it do
+      assert_requested :post, "https://api.castle.io/v1/#{action}", times: 1 do |req|
+        JSON.parse(req.body) == JSON.parse(request_body.to_json)
+      end
+    end
+
+    it { expect(request_response[:failover]).to be false }
+    it { expect(request_response[:failover_reason]).to be_nil }
+  end
+
+  context 'when tracking disabled' do
+    before do
+      client.disable_tracking
+      request_response
+    end
+
+    it { assert_not_requested :post, "https://api.castle.io/v1/#{action}" }
+    it { expect(request_response[:action]).to be_eql(Castle::Verdict::ALLOW) }
+    it { expect(request_response[:user_id]).to be_eql('1234') }
+    it { expect(request_response[:failover]).to be true }
+    it { expect(request_response[:failover_reason]).to be_eql('Castle is set to do not track.') }
+  end
+
+  context 'when request with fail' do
+    before do
+      allow(Castle::API).to receive(:send_request).and_raise(
+        Castle::RequestError.new(Timeout::Error)
+      )
+    end
+
+    context 'with request error and throw strategy' do
+      before { allow(Castle.config).to receive(:failover_strategy).and_return(:throw) }
+
+      it { expect { request_response }.to raise_error(Castle::RequestError) }
+    end
+
+    context 'with request error and not throw on eg deny strategy' do
+      it { assert_not_requested :post, "https:/:secret@api.castle.io/v1/#{action}" }
+      it { expect(request_response[:action]).to be_eql('allow') }
+      it { expect(request_response[:user_id]).to be_eql('1234') }
+      it { expect(request_response[:failover]).to be true }
+      it { expect(request_response[:failover_reason]).to be_eql('Castle::RequestError') }
+    end
+  end
+
+  context 'when request is internal server error' do
+    before { allow(Castle::API).to receive(:send_request).and_raise(Castle::InternalServerError) }
+
+    describe 'throw strategy' do
+      before { allow(Castle.config).to receive(:failover_strategy).and_return(:throw) }
+
+      it { expect { request_response }.to raise_error(Castle::InternalServerError) }
+    end
+
+    describe 'not throw on eg deny strategy' do
+      it { assert_not_requested :post, "https:/:secret@api.castle.io/v1/#{action}" }
+      it { expect(request_response[:action]).to be_eql('allow') }
+      it { expect(request_response[:user_id]).to be_eql('1234') }
+      it { expect(request_response[:failover]).to be true }
+      it { expect(request_response[:failover_reason]).to be_eql('Castle::InternalServerError') }
+    end
+  end
+end