castle-rb 5.0.0 → 7.1.1

data/spec/lib/castle/context/{sanitizer_spec.rb → sanitize_spec.rb}

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-describe Castle::Context::Sanitizer do
+describe Castle::Context::Sanitize do
   let(:paylod) { { test: 'test' } }
 
   describe '#call' do

data/spec/lib/castle/core/get_connection_spec.rb

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+describe Castle::Core::GetConnection do
+  describe '.call' do
+    subject(:class_call) { described_class.call }
+
+    context 'when ssl false' do
+      let(:localhost) { 'localhost' }
+      let(:port) { 3002 }
+      let(:api_url) { '/test' }
+
+      before do
+        Castle.config.base_url = 'http://localhost:3002'
+
+        allow(Net::HTTP).to receive(:new).with(localhost, port).and_call_original
+      end
+
+      it do
+        class_call
+
+        expect(Net::HTTP).to have_received(:new).with(localhost, port)
+      end
+
+      it { expect(class_call).to be_an_instance_of(Net::HTTP) }
+    end
+
+    context 'when ssl true' do
+      let(:localhost) { 'localhost' }
+      let(:port) { 443 }
+
+      before { Castle.config.base_url = 'https://localhost' }
+
+      context 'with block' do
+        let(:api_url) { '/test' }
+        let(:request) { Net::HTTP::Get.new(api_url) }
+
+        before { allow(Net::HTTP).to receive(:new).with(localhost, port).and_call_original }
+
+        it { expect(class_call).to be_an_instance_of(Net::HTTP) }
+      end
+    end
+  end
+end

data/spec/lib/castle/{api/response_spec.rb → core/process_response_spec.rb}

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-describe Castle::API::Response do
+describe Castle::Core::ProcessResponse do
   describe '#call' do
     subject(:call) { described_class.call(response) }
 
@@ -10,6 +10,54 @@ describe Castle::API::Response do
       it { expect(call).to eql(user: 1) }
     end
 
+    describe 'authenticate' do
+      context 'when allow without any additional props' do
+        let(:response) { OpenStruct.new(body: '{"action":"allow","user_id":"12345"}', code: 200) }
+
+        it { expect(call).to eql({ action: 'allow', user_id: '12345' }) }
+      end
+
+      context 'when allow with additional props' do
+        let(:response) do
+          OpenStruct.new(body: '{"action":"allow","user_id":"12345","internal":{}}', code: 200)
+        end
+
+        it { expect(call).to eql({ action: 'allow', user_id: '12345', internal: {} }) }
+      end
+
+      context 'when deny without risk policy' do
+        let(:response) do
+          OpenStruct.new(body: '{"action":"deny","user_id":"1","device_token":"abc"}', code: 200)
+        end
+
+        it { expect(call).to eql({ action: 'deny', user_id: '1', device_token: 'abc' }) }
+      end
+
+      context 'when deny with risk policy' do
+        let(:body) do
+          '{"action":"deny","user_id":"1","device_token":"abc",
+          "risk_policy":{"id":"123","revision_id":"abc","name":"def","type":"bot"}}'
+        end
+        let(:response) { OpenStruct.new({ body: body, code: 200 }) }
+
+        let(:result) do
+          {
+            action: 'deny',
+            user_id: '1',
+            device_token: 'abc',
+            risk_policy: {
+              id: '123',
+              revision_id: 'abc',
+              name: 'def',
+              type: 'bot'
+            }
+          }
+        end
+
+        it { expect(call).to eql(result) }
+      end
+    end
+
     context 'when response empty' do
       let(:response) { OpenStruct.new(body: '', code: 200) }
 

data/spec/lib/castle/core/process_webhook_spec.rb

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+describe Castle::Core::ProcessWebhook do
+  describe '#call' do
+    subject(:call) { described_class.call(webhook) }
+
+    let(:webhook_body) do
+      {
+        api_version: 'v1',
+        app_id: '12345',
+        type: '$incident.confirmed',
+        created_at: '2020-12-18T12:55:21.779Z',
+        data: {
+          id: 'test',
+          device_token: 'token',
+          user_id: '',
+          trigger: '$login.succeeded',
+          context: {},
+          location: {},
+          user_agent: {}
+        },
+        user_traits: {},
+        properties: {},
+        policy: {}
+      }.to_json
+    end
+
+    let(:webhook) { OpenStruct.new(body: StringIO.new(webhook_body)) }
+
+    context 'when success' do
+      it { expect(call).to eql(webhook_body) }
+    end
+
+    context 'when webhook empty' do
+      let(:webhook) { OpenStruct.new(body: StringIO.new('')) }
+
+      it { expect { call }.to raise_error(Castle::ApiError, 'Invalid webhook from Castle API') }
+    end
+
+    context 'when webhook nil' do
+      let(:webhook) { OpenStruct.new(body: StringIO.new) }
+
+      it { expect { call }.to raise_error(Castle::ApiError, 'Invalid webhook from Castle API') }
+    end
+  end
+end

data/spec/lib/castle/{api/request_spec.rb → core/send_request_spec.rb}

@@ -1,52 +1,52 @@
 # frozen_string_literal: true
 
-describe Castle::API::Request do
+describe Castle::Core::SendRequest do
+  let(:config) { Castle.config }
+
   describe '#call' do
-    let(:command) { Castle::Commands::Track.new({}).build(event: '$login.succeeded') }
+    let(:command) { Castle::Commands::Track.build(event: '$login.succeeded') }
     let(:headers) { {} }
-    let(:api_secret) { 'secret' }
     let(:request_build) { {} }
     let(:expected_headers) { { 'Content-Type' => 'application/json' } }
     let(:http) { instance_double('Net::HTTP') }
 
     context 'without http arg provided' do
-      subject(:call) { described_class.call(command, api_secret, headers) }
+      subject(:call) { described_class.call(command, headers, nil, config) }
 
       let(:http) { instance_double('Net::HTTP') }
-      let(:command) { Castle::Commands::Track.new({}).build(event: '$login.succeeded') }
+      let(:command) { Castle::Commands::Track.build(event: '$login.succeeded') }
       let(:headers) { {} }
-      let(:api_secret) { 'secret' }
       let(:request_build) { {} }
       let(:expected_headers) { { 'Content-Type' => 'application/json' } }
 
       before do
-        allow(Castle::API::Connection).to receive(:call).and_return(http)
+        allow(Castle::Core::GetConnection).to receive(:call).and_return(http)
         allow(http).to receive(:request)
         allow(described_class).to receive(:build).and_return(request_build)
         call
       end
 
       it do
-        expect(described_class).to have_received(:build).with(command, expected_headers, api_secret)
+        expect(described_class).to have_received(:build).with(command, expected_headers, config)
       end
 
       it { expect(http).to have_received(:request).with(request_build) }
     end
 
     context 'with http arg provided' do
-      subject(:call) { described_class.call(command, api_secret, headers, http) }
+      subject(:call) { described_class.call(command, headers, http, config) }
 
       before do
-        allow(Castle::API::Connection).to receive(:call)
+        allow(Castle::Core::GetConnection).to receive(:call)
         allow(http).to receive(:request)
         allow(described_class).to receive(:build).and_return(request_build)
         call
       end
 
-      it { expect(Castle::API::Connection).not_to have_received(:call) }
+      it { expect(Castle::Core::GetConnection).not_to have_received(:call) }
 
       it do
-        expect(described_class).to have_received(:build).with(command, expected_headers, api_secret)
+        expect(described_class).to have_received(:build).with(command, expected_headers, config)
       end
 
       it { expect(http).to have_received(:request).with(request_build) }
@@ -54,38 +54,17 @@ describe Castle::API::Request do
   end
 
   describe '#build' do
-    subject(:build) { described_class.build(command, headers, api_secret) }
+    subject(:build) { described_class.build(command, headers, config) }
 
     let(:headers) { { 'SAMPLE-HEADER' => '1' } }
     let(:api_secret) { 'secret' }
 
-    context 'when get' do
-      let(:command) { Castle::Commands::Review.build(review_id) }
-      let(:review_id) { SecureRandom.uuid }
-
-      it { expect(build.body).to be_nil }
-      it { expect(build.method).to eql('GET') }
-      it { expect(build.path).to eql("/v1/#{command.path}") }
-      it { expect(build.to_hash).to have_key('authorization') }
-      it { expect(build.to_hash).to have_key('sample-header') }
-      it { expect(build.to_hash['sample-header']).to eql(['1']) }
-    end
-
     context 'when post' do
       let(:time) { Time.now.utc.iso8601(3) }
-      let(:command) do
-        Castle::Commands::Track.new({}).build(event: '$login.succeeded', name: "\xC4")
-      end
-      let(:expected_body) do
-        {
-          event: '$login.succeeded',
-          name: '�',
-          context: {},
-          sent_at: time
-        }
-      end
+      let(:command) { Castle::Commands::Track.build(event: '$login.succeeded', name: "\xC4") }
+      let(:expected_body) { { event: '$login.succeeded', name: '�', context: {}, sent_at: time } }
 
-      before { allow(Castle::Utils::Timestamp).to receive(:call).and_return(time) }
+      before { allow(Castle::Utils::GetTimestamp).to receive(:call).and_return(time) }
 
       it { expect(build.body).to be_eql(expected_body.to_json) }
       it { expect(build.method).to eql('POST') }

data/spec/lib/castle/failover/strategy_spec.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+describe Castle::Failover::Strategy do
+  subject(:strategy) { described_class }
+
+  it { expect(strategy::ALLOW).to be_eql(:allow) }
+  it { expect(strategy::DENY).to be_eql(:deny) }
+  it { expect(strategy::CHALLENGE).to be_eql(:challenge) }
+  it { expect(strategy::THROW).to be_eql(:throw) }
+
+  it { expect(Castle::Failover::STRATEGIES).to be_eql(%i[allow deny challenge throw]) }
+end

data/spec/lib/castle/{extractors/headers_spec.rb → headers/extract_spec.rb}

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
-describe Castle::Extractors::Headers do
-  subject(:headers) { described_class.new(formatted_headers).call }
+describe Castle::Headers::Extract do
+  subject(:extract_call) { described_class.new(formatted_headers).call }
 
   let(:formatted_headers) do
     {
@@ -33,7 +33,7 @@ describe Castle::Extractors::Headers do
       }
     end
 
-    it { expect(headers).to eq(result) }
+    it { expect(extract_call).to eq(result) }
   end
 
   context 'when allowlist is set in the configuration' do
@@ -51,7 +51,7 @@ describe Castle::Extractors::Headers do
       }
     end
 
-    it { expect(headers).to eq(result) }
+    it { expect(extract_call).to eq(result) }
   end
 
   context 'when denylist is set in the configuration' do
@@ -70,7 +70,7 @@ describe Castle::Extractors::Headers do
 
       before { Castle.config.denylisted = %w[User-Agent] }
 
-      it { expect(headers).to eq(result) }
+      it { expect(extract_call).to eq(result) }
     end
 
     context 'with a different header' do
@@ -88,7 +88,7 @@ describe Castle::Extractors::Headers do
 
       before { Castle.config.denylisted = %w[Accept] }
 
-      it { expect(headers).to eq(result) }
+      it { expect(extract_call).to eq(result) }
     end
   end
 
@@ -98,8 +98,6 @@ describe Castle::Extractors::Headers do
       Castle.config.denylisted = %w[Accept]
     end
 
-    it do
-      expect(headers['Accept']).to eq(true)
-    end
+    it { expect(extract_call['Accept']).to eq(true) }
   end
 end

data/spec/lib/castle/headers/filter_spec.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+describe Castle::Headers::Filter do
+  subject(:filter_call) { described_class.new(request).call }
+
+  let(:env) do
+    result =
+      Rack::MockRequest.env_for(
+        '/',
+        'Action-Dispatch.request.content-Type' => 'application/json',
+        'HTTP_AUTHORIZATION' => 'Basic 123456',
+        'HTTP_COOKIE' => '__cid=abcd;other=efgh',
+        'HTTP_ACCEPT' => 'application/json',
+        'HTTP_X_FORWARDED_FOR' => '1.2.3.4',
+        'HTTP_USER_AGENT' => 'Mozilla 1234',
+        'TEST' => '1',
+        'REMOTE_ADDR' => '1.2.3.4'
+      )
+    result[:HTTP_OK] = 'OK'
+    result
+  end
+  let(:filtered) do
+    {
+      'Accept' => 'application/json',
+      'Authorization' => 'Basic 123456',
+      'Cookie' => '__cid=abcd;other=efgh',
+      'Content-Length' => '0',
+      'Ok' => 'OK',
+      'User-Agent' => 'Mozilla 1234',
+      'Remote-Addr' => '1.2.3.4',
+      'X-Forwarded-For' => '1.2.3.4'
+    }
+  end
+  let(:request) { Rack::Request.new(env) }
+
+  context 'with list of header' do
+    it { expect(filter_call).to eq(filtered) }
+  end
+end

data/spec/lib/castle/headers/format_spec.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+describe Castle::Headers::Format do
+  subject(:format) { described_class }
+
+  it 'removes HTTP_' do
+    expect(format.call('HTTP_X_TEST')).to be_eql('X-Test')
+  end
+
+  it 'capitalizes header' do
+    expect(format.call('X_TEST')).to be_eql('X-Test')
+  end
+
+  it 'ignores letter case and -_ divider' do
+    expect(format.call('http-X_teST')).to be_eql('X-Test')
+  end
+
+  it 'does not remove http if there is no _- char' do
+    expect(format.call('httpX_teST')).to be_eql('Httpx-Test')
+  end
+
+  it 'capitalizes' do
+    expect(format.call(:clearance)).to be_eql('Clearance')
+  end
+end

data/spec/lib/castle/{extractors/ip_spec.rb → ips/extract_spec.rb}

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-describe Castle::Extractors::IP do
+describe Castle::IPs::Extract do
   subject(:extractor) { described_class.new(headers) }
 
   describe 'ip' do
@@ -43,9 +43,7 @@ describe Castle::Extractors::IP do
     end
 
     context 'with all the trusted proxies' do
-      let(:http_x_header) do
-        '127.0.0.1,10.0.0.1,172.31.0.1,192.168.0.1'
-      end
+      let(:http_x_header) { '127.0.0.1,10.0.0.1,172.31.0.1,192.168.0.1' }
 
       let(:headers) { { 'Remote-Addr' => '127.0.0.1', 'X-Forwarded-For' => http_x_header } }
 
@@ -55,9 +53,7 @@ describe Castle::Extractors::IP do
     end
 
     context 'with trust_proxy_chain option' do
-      let(:http_x_header) do
-        '6.6.6.6, 2.2.2.3, 6.6.6.5'
-      end
+      let(:http_x_header) { '6.6.6.6, 2.2.2.3, 6.6.6.5' }
 
       let(:headers) { { 'Remote-Addr' => '6.6.6.4', 'X-Forwarded-For' => http_x_header } }
 
@@ -69,9 +65,7 @@ describe Castle::Extractors::IP do
     end
 
     context 'with trusted_proxy_depth option' do
-      let(:http_x_header) do
-        '6.6.6.6, 2.2.2.3, 6.6.6.5'
-      end
+      let(:http_x_header) { '6.6.6.6, 2.2.2.3, 6.6.6.5' }
 
       let(:headers) { { 'Remote-Addr' => '6.6.6.4', 'X-Forwarded-For' => http_x_header } }
 
@@ -84,10 +78,7 @@ describe Castle::Extractors::IP do
 
     context 'when list of not trusted ips provided in X_FORWARDED_FOR' do
       let(:headers) do
-        {
-          'X-Forwarded-For' => '6.6.6.6, 2.2.2.3, 192.168.0.7',
-          'Client-Ip' => '6.6.6.6'
-        }
+        { 'X-Forwarded-For' => '6.6.6.6, 2.2.2.3, 192.168.0.7', 'Client-Ip' => '6.6.6.6' }
       end
 
       it 'does not allow to spoof ip' do