castle-rb 7.1.2 → 8.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e2d022daae00e63158ee2f9d886faa5dbf3f70b89c16775c14f9328b0096f446
-  data.tar.gz: 1820e1afb9bd65683f5dd1a183369ed231b616c8466ee5c2b3d3cdd59d704319
+  metadata.gz: e9dc06eac5803e36c8576d9938442ba1c1f6bb852420c7a736044127deea50b8
+  data.tar.gz: 5d89738c670359a0345d51b41d0137d614622002711f20665238a4c289f28bab
 SHA512:
-  metadata.gz: '009de5db675b53f46bb90f0f2cfe57cb081598c5af02d3770125d79d27739b03e82e6170013b86d5e74321e26a9f053023f6914ae68c1a7770b3ee2496c0482b'
-  data.tar.gz: 2dee44618c8c3318ba1dacc2f4484187fc8e28d2413db81531c9e46451da61dfcbea6aa5916a6df2d0eceaf6e5f97bed4c81f08bb3f9e1607f4ac798c90561ea
+  metadata.gz: 118236690b20da223208e043cb4aafea5c1d9870e0d2e44d87106a45122652ca894f8bfbc79bf465e474923a026b9b2253a6c7a1ab2c2f5157b0b21d51459d6c
+  data.tar.gz: 223933e1de62111635ba5d22fed064541a1d54aee9c9374fc8524a808b27b623245ee0d5240a42d0eff4ac72e214cc4f61ce44bb72f15591d3944790d8bc3e0d

data/README.md

@@ -4,7 +4,7 @@
 [![Coverage Status](https://coveralls.io/repos/github/castle/castle-ruby/badge.svg?branch=coveralls)](https://coveralls.io/github/castle/castle-ruby?branch=coveralls)
 [![Gem Version](https://badge.fury.io/rb/castle-rb.svg)](https://badge.fury.io/rb/castle-rb)
 
-**[Castle](https://castle.io) analyzes device, location, and interaction patterns in your web and mobile apps and lets you stop account takeover attacks in real-time..**
+**[Castle](https://castle.io) analyzes user behavior in web and mobile apps to stop fraud before it happens.**
 
 ## Installation
 
@@ -26,11 +26,11 @@ Castle.api_secret = 'YOUR_API_SECRET'
 
 A Castle client instance will be made available as `castle` in your
 
-* Rails controllers when you add `require 'castle/support/rails'`
+- Rails controllers when you add `require 'castle/support/rails'`
 
-* Padrino controllers when you add `require 'castle/support/padrino'`
+- Padrino controllers when you add `require 'castle/support/padrino'`
 
-* Sinatra app when you add `require 'castle/support/sinatra'` (and additionally explicitly add `register Sinatra::Castle` to your `Sinatra::Base` class if you have a modular application)
+- Sinatra app when you add `require 'castle/support/sinatra'` (and additionally explicitly add `register Sinatra::Castle` to your `Sinatra::Base` class if you have a modular application)
 
 ```ruby
 require 'castle/support/sinatra'
@@ -40,7 +40,7 @@ class ApplicationController < Sinatra::Base
 end
 ```
 
-* Hanami when you add `require 'castle/support/hanami'` and include `Castle::Hanami` to your Hanami application
+- Hanami when you add `require 'castle/support/hanami'` and include `Castle::Hanami` to your Hanami application
 
 ```ruby
 require 'castle/support/hanami'
@@ -119,8 +119,10 @@ Castle.configure do |config|
   # you can achieve this by listing all the proxies ip defined by string or regular expressions
   # in the trusted_proxies setting
   config.trusted_proxies = []
+
   # or by providing number of trusted proxies used in the chain
   config.trusted_proxy_depth = 0
+
   # note that you must pick one approach over the other.
 
   # If there is no possibility to define options above and there is no other header that holds the client IP,
@@ -138,10 +140,11 @@ It is also possible to define multiple configs within one application.
 
 ```ruby
 # Initialize new instance of Castle::Configuration
-config = Castle::Configuration.new.tap do |c|
-  # and set any attribute
-  c.api_secret = 'YOUR_API_SECRET'
-end
+config =
+  Castle::Configuration.new.tap do |c|
+    # and set any attribute
+    c.api_secret = 'YOUR_API_SECRET'
+  end
 ```
 
 After a successful setup, you can pass the config to any API command as follows:
@@ -150,159 +153,11 @@ After a successful setup, you can pass the config to any API command as follows:
 ::Castle::API::GetDevice.call(device_token: device_token, config: config)
 ```
 
-## Event Context
-
-The client will automatically configure the context for each request.
-
-### Overriding Default Context Properties
-
-If you need to modify the event context properties or if you desire to add additional properties such as user traits to the context, you can pass the properties along with the other data. For example:
-```ruby
-{
-  event: '$login.succeeded',
-  user_id: user.id,
-  properties: {
-    key: 'value'
-  },
-  user_traits: {
-    key: 'value'
-  },
-  context: {
-    section: 'mobile'
-  }
-}
-```
-
-## Tracking
-
-Here is a simple example of a track event.
-
-```ruby
-begin
-  castle.track(
-    event: '$login.succeeded',
-    user_id: user.id
-  )
-rescue Castle::Error => e
-  puts e.message
-end
-```
-
-## Signature
+## Usage
 
-`Castle::SecureMode.signature(user_id)` will create a signed user_id.
-
-## Async tracking
-
-By default Castle sends requests synchronously. To eg. use Sidekiq to send requests in a background worker you can pass data to the worker:
-
-#### castle_tracking_worker.rb
-
-```ruby
-class CastleTrackingWorker
-  include Sidekiq::Worker
-
-  def perform(payload = {})
-    ::Castle::API::Track.call(payload)
-  end
-end
-```
-
-#### tracking_controller.rb
-
-```ruby
-payload = ::Castle::Payload::Prepare.call(
-  {
-    event: '$login.succeeded',
-    user_id: user.id,
-    properties: {
-      key: 'value'
-    },
-    user_traits: {
-      key: 'value'
-    }
-  },
-  request
-)
-CastleTrackingWorker.perform_async(payload)
-```
-
-## Connection reuse
-
-If you want to reuse the connection to send multiple events:
-
-```ruby
-Castle::Session.call do |http|
-  castle.track(
-    event: '$logout.succeeded',
-    user_id: user2.id
-    http: http
-  )
-  castle.track(
-    event: '$login.succeeded',
-    user_id: user1.id
-    http: http
-  )
-end
-```
-
-## Events
-
-List of Recognized Events can be found in the [docs](https://docs.castle.io/v1/reference/events/)
-
-## Device management
-
-This SDK allows issuing requests to [Castle's Device Management Endpoints](https://docs.castle.io/v1/reference/api-reference/#devices). Use these endpoints for admin-level management of end-user devices (i.e., for an internal dashboard).
-
-Fetching device data, approving a device, reporting a device requires a valid `device_token`.
-
-```ruby
-# Get device data
-::Castle::API::GetDevice.call(device_token: device_token)
-# Approve a device
-::Castle::API::ApproveDevice.call(device_token: device_token)
-# Report a device
-::Castle::API::ReportDevice.call(device_token: device_token)
-```
-
-#### castle_device_reporting_worker.rb
-
-```ruby
-class CastleDeviceReportingWorker
-  include Sidekiq::Worker
-
-  def perform(device_token)
-    ::Castle::API::ReportDevice.call(device_token: device_token)
-  end
-end
-```
-
-Fetching available devices that belong to a given user requires a valid `user_id`.
-
-```ruby
-# Get user's devices data
-::Castle::API::GetDevicesForUser.call(user_id: user.id)
-```
-
-## Impersonation mode
-
-https://castle.io/docs/impersonation_mode
+See [documentation](https://docs.castle.io/docs/) for how to use this SDK with the Castle APIs
 
 ## Exceptions
 
 `Castle::Error` will be thrown if the Castle API returns a 400 or a 500 level HTTP response.
 You can also choose to catch a more [finegrained error](https://github.com/castle/castle-ruby/blob/master/lib/castle/errors.rb).
-
-## Webhooks
-
-Castle uses webhooks to notify about `$incident.confirmed` or `$review.opened` events. Each webhook has `X-Castle-Signature` header that allows verifying webhook's source.
-
-```ruby
-# Verify the webhook, passed as a Request object
-::Castle::Webhooks::Verify.call(webhook_request)
-# Castle::WebhookVerificationError is raised when the signature is not matching
-```
-
-## Documentation
-
-[Official Castle docs](https://docs.castle.io/)

data/lib/castle/api/authenticate.rb

@@ -7,26 +7,17 @@ module Castle
         # @param options [Hash]
         # return [Hash]
         def call(options = {})
-          unless options[:no_symbolize]
-            options = Castle::Utils::DeepSymbolizeKeys.call(options || {})
-          end
+          options = Castle::Utils::DeepSymbolizeKeys.call(options || {}) unless options[:no_symbolize]
           options.delete(:no_symbolize)
           http = options.delete(:http)
           config = options.delete(:config) || Castle.config
 
-          response =
-            Castle::API.call(Castle::Commands::Authenticate.build(options), {}, http, config)
+          response = Castle::API.call(Castle::Commands::Authenticate.build(options), {}, http, config)
           response.merge(failover: false, failover_reason: nil)
         rescue Castle::RequestError, Castle::InternalServerError => e
           unless config.failover_strategy == :throw
             strategy = (config || Castle.config).failover_strategy
-            return(
-              Castle::Failover::PrepareResponse.new(
-                options[:user_id],
-                reason: e.to_s,
-                strategy: strategy
-              ).call
-            )
+            return(Castle::Failover::PrepareResponse.new(options[:user_id], reason: e.to_s, strategy: strategy).call)
           end
 
           raise e

data/lib/castle/api/end_impersonation.rb

@@ -7,9 +7,7 @@ module Castle
       class << self
         # @param options [Hash]
         def call(options = {})
-          unless options[:no_symbolize]
-            options = Castle::Utils::DeepSymbolizeKeys.call(options || {})
-          end
+          options = Castle::Utils::DeepSymbolizeKeys.call(options || {}) unless options[:no_symbolize]
           options.delete(:no_symbolize)
           http = options.delete(:http)
           config = options.delete(:config) || Castle.config

data/lib/castle/api/filter.rb

@@ -8,9 +8,7 @@ module Castle
         # @param options [Hash]
         # return [Hash]
         def call(options = {})
-          unless options[:no_symbolize]
-            options = Castle::Utils::DeepSymbolizeKeys.call(options || {})
-          end
+          options = Castle::Utils::DeepSymbolizeKeys.call(options || {}) unless options[:no_symbolize]
           options.delete(:no_symbolize)
           http = options.delete(:http)
           config = options.delete(:config) || Castle.config
@@ -20,13 +18,7 @@ module Castle
         rescue Castle::RequestError, Castle::InternalServerError => e
           unless config.failover_strategy == :throw
             strategy = (config || Castle.config).failover_strategy
-            return(
-              Castle::Failover::PrepareResponse.new(
-                options[:user][:id],
-                reason: e.to_s,
-                strategy: strategy
-              ).call
-            )
+            return(Castle::Failover::PrepareResponse.new(options[:user][:id], reason: e.to_s, strategy: strategy).call)
           end
 
           raise e

data/lib/castle/api/log.rb

@@ -8,9 +8,7 @@ module Castle
         # @param options [Hash]
         # return [Hash]
         def call(options = {})
-          unless options[:no_symbolize]
-            options = Castle::Utils::DeepSymbolizeKeys.call(options || {})
-          end
+          options = Castle::Utils::DeepSymbolizeKeys.call(options || {}) unless options[:no_symbolize]
           options.delete(:no_symbolize)
           http = options.delete(:http)
           config = options.delete(:config) || Castle.config
@@ -20,13 +18,7 @@ module Castle
         rescue Castle::RequestError, Castle::InternalServerError => e
           unless config.failover_strategy == :throw
             strategy = (config || Castle.config).failover_strategy
-            return(
-              Castle::Failover::PrepareResponse.new(
-                options[:user][:id],
-                reason: e.to_s,
-                strategy: strategy
-              ).call
-            )
+            return(Castle::Failover::PrepareResponse.new(options[:user][:id], reason: e.to_s, strategy: strategy).call)
           end
 
           raise e

data/lib/castle/api/risk.rb

@@ -8,9 +8,7 @@ module Castle
         # @param options [Hash]
         # return [Hash]
         def call(options = {})
-          unless options[:no_symbolize]
-            options = Castle::Utils::DeepSymbolizeKeys.call(options || {})
-          end
+          options = Castle::Utils::DeepSymbolizeKeys.call(options || {}) unless options[:no_symbolize]
           options.delete(:no_symbolize)
           http = options.delete(:http)
           config = options.delete(:config) || Castle.config
@@ -20,13 +18,7 @@ module Castle
         rescue Castle::RequestError, Castle::InternalServerError => e
           unless config.failover_strategy == :throw
             strategy = (config || Castle.config).failover_strategy
-            return(
-              Castle::Failover::PrepareResponse.new(
-                options[:user][:id],
-                reason: e.to_s,
-                strategy: strategy
-              ).call
-            )
+            return(Castle::Failover::PrepareResponse.new(options[:user][:id], reason: e.to_s, strategy: strategy).call)
           end
 
           raise e

data/lib/castle/api/start_impersonation.rb

@@ -7,9 +7,7 @@ module Castle
       class << self
         # @param options [Hash]
         def call(options = {})
-          unless options[:no_symbolize]
-            options = Castle::Utils::DeepSymbolizeKeys.call(options || {})
-          end
+          options = Castle::Utils::DeepSymbolizeKeys.call(options || {}) unless options[:no_symbolize]
           options.delete(:no_symbolize)
           http = options.delete(:http)
           config = options.delete(:config) || Castle.config

data/lib/castle/api/track.rb

@@ -6,9 +6,7 @@ module Castle
       class << self
         # @param options [Hash]
         def call(options = {})
-          unless options[:no_symbolize]
-            options = Castle::Utils::DeepSymbolizeKeys.call(options || {})
-          end
+          options = Castle::Utils::DeepSymbolizeKeys.call(options || {}) unless options[:no_symbolize]
           options.delete(:no_symbolize)
           http = options.delete(:http)
           config = options.delete(:config) || Castle.config

data/lib/castle/client.rb

@@ -123,11 +123,7 @@ module Castle
 
     # @param user_id [String, Boolean]
     def generate_do_not_track_response(user_id)
-      Castle::Failover::PrepareResponse.new(
-        user_id,
-        strategy: :allow,
-        reason: 'Castle is set to do not track.'
-      ).call
+      Castle::Failover::PrepareResponse.new(user_id, strategy: :allow, reason: 'Castle is set to do not track.').call
     end
 
     # @param options [Hash]

data/lib/castle/commands/log.rb

@@ -10,11 +10,7 @@ module Castle
         def build(options = {})
           context = Castle::Context::Sanitize.call(options[:context])
 
-          Castle::Command.new(
-            'log',
-            options.merge(context: context, sent_at: Castle::Utils::GetTimestamp.call),
-            :post
-          )
+          Castle::Command.new('log', options.merge(context: context, sent_at: Castle::Utils::GetTimestamp.call), :post)
         end
       end
     end

data/lib/castle/commands/risk.rb

@@ -10,11 +10,7 @@ module Castle
         def build(options = {})
           context = Castle::Context::Sanitize.call(options[:context])
 
-          Castle::Command.new(
-            'risk',
-            options.merge(context: context, sent_at: Castle::Utils::GetTimestamp.call),
-            :post
-          )
+          Castle::Command.new('risk', options.merge(context: context, sent_at: Castle::Utils::GetTimestamp.call), :post)
         end
       end
     end

data/lib/castle/configuration.rb

@@ -45,7 +45,6 @@ module Castle
       Te
       Upgrade-Insecure-Requests
       User-Agent
-      X-Castle-Client-Id
       X-Requested-With
     ].freeze
 
@@ -105,9 +104,7 @@ module Castle
     # sets trusted proxies
     # @param value [Array<String,Regexp>]
     def trusted_proxies=(value)
-      unless value.is_a?(Array)
-        raise Castle::ConfigurationError, 'trusted proxies must be an Array'
-      end
+      raise Castle::ConfigurationError, 'trusted proxies must be an Array' unless value.is_a?(Array)
 
       @trusted_proxies = value
     end
@@ -122,8 +119,7 @@ module Castle
     end
 
     def failover_strategy=(value)
-      @failover_strategy =
-        Castle::Failover::STRATEGIES.detect { |strategy| strategy == value.to_sym }
+      @failover_strategy = Castle::Failover::STRATEGIES.detect { |strategy| strategy == value.to_sym }
       raise Castle::ConfigurationError, 'unrecognized failover strategy' if @failover_strategy.nil?
     end
 

data/lib/castle/core/process_response.rb

@@ -10,9 +10,11 @@ module Castle
         403 => Castle::ForbiddenError,
         404 => Castle::NotFoundError,
         419 => Castle::UserUnauthorizedError,
-        422 => Castle::InvalidParametersError
+        429 => Castle::RateLimitError
       }.freeze
 
+      INVALID_REQUEST_TOKEN = 'invalid_request_token'
+
       class << self
         # @param response [Response]
         # @param config [Castle::Configuration, Castle::SingletonConfiguration, nil]
@@ -36,8 +38,29 @@ module Castle
 
           raise Castle::InternalServerError if response.code.to_i.between?(500, 599)
 
+          raise_error422(response) if response.code.to_i == 422
+
           error = RESPONSE_ERRORS.fetch(response.code.to_i, Castle::ApiError)
-          raise error, response[:message]
+
+          raise error
+        end
+
+        def raise_error422(response)
+          if response.body
+            begin
+              parsed_body = JSON.parse(response.body, symbolize_names: true)
+              if parsed_body.is_a?(Hash) && parsed_body.key?(:type)
+                if parsed_body[:type] == INVALID_REQUEST_TOKEN
+                  raise Castle::InvalidRequestTokenError, parsed_body[:message]
+                end
+
+                raise Castle::InvalidParametersError, parsed_body[:message]
+              end
+            rescue JSON::ParserError
+            end
+          end
+
+          raise Castle::InvalidParametersError
         end
       end
     end

data/lib/castle/core/process_webhook.rb

@@ -10,14 +10,11 @@ module Castle
         # @param config [Castle::Configuration, Castle::SingletonConfiguration, nil]
         # @return [String]
         def call(webhook, config = nil)
-          webhook
-            .body
-            .read
-            .tap do |result|
-              raise Castle::ApiError, 'Invalid webhook from Castle API' if result.blank?
+          webhook.body.read.tap do |result|
+            raise Castle::ApiError, 'Invalid webhook from Castle API' if result.blank?
 
-              Castle::Logger.call('webhook:', result.to_s, config)
-            end
+            Castle::Logger.call('webhook:', result.to_s, config)
+          end
         end
       end
     end

data/lib/castle/core/send_request.rb

@@ -15,9 +15,7 @@ module Castle
         # @param http [Net::HTTP]
         # @param config [Castle::Configuration, Castle::SingletonConfiguration, nil]
         def call(command, headers, http = nil, config = nil)
-          (http || Castle::Core::GetConnection.call).request(
-            build(command, headers.merge(DEFAULT_HEADERS), config)
-          )
+          (http || Castle::Core::GetConnection.call).request(build(command, headers.merge(DEFAULT_HEADERS), config))
         end
 
         # @param command [String]

data/lib/castle/errors.rb

@@ -53,10 +53,18 @@ module Castle
   class InvalidParametersError < Castle::ApiError
   end
 
+  # api error invalid param 422 (invalid token)
+  class InvalidRequestTokenError < Castle::ApiError
+  end
+
   # api error unauthorized 401
   class UnauthorizedError < Castle::ApiError
   end
 
+  # api error too many requests 429
+  class RateLimitError < Castle::ApiError
+  end
+
   # all internal server errors
   class InternalServerError < Castle::ApiError
   end

data/lib/castle/headers/extract.rb

@@ -23,9 +23,7 @@ module Castle
       # Serialize HTTP headers
       # @return [Hash]
       def call
-        @headers.each_with_object({}) do |(name, value), acc|
-          acc[name] = header_value(name, value)
-        end
+        @headers.each_with_object({}) { |(name, value), acc| acc[name] = header_value(name, value) }
       end
 
       private

data/lib/castle/headers/filter.rb

@@ -12,8 +12,7 @@ module Castle
       HTTP(?:_|-).*|
         CONTENT(?:_|-)LENGTH|
       REMOTE(?:_|-)ADDR
-      $/xi
-        .freeze
+      $/xi.freeze
 
       private_constant :VALUABLE_HEADERS
 
@@ -32,7 +31,7 @@ module Castle
             next unless header_name.match(VALUABLE_HEADERS)
 
             formatted_name = @header_format.call(header_name)
-            acc[formatted_name] = @request_env[header_name]
+            acc[formatted_name] = @request_env[header_name].to_s
           end
       end
     end

data/lib/castle/payload/prepare.rb

@@ -12,8 +12,7 @@ module Castle
         def call(payload_options, request, options = {})
           context = Castle::Context::Prepare.call(request, payload_options.merge(options))
 
-          payload =
-            Castle::Utils::DeepSymbolizeKeys.call(payload_options || {}).merge(context: context)
+          payload = Castle::Utils::DeepSymbolizeKeys.call(payload_options || {}).merge(context: context)
           payload[:timestamp] ||= Castle::Utils::GetTimestamp.call
 
           warn '[DEPRECATION] use user_traits instead of traits key' if payload.key?(:traits)

data/lib/castle/session.rb

@@ -9,7 +9,7 @@ module Castle
 
     class << self
       def call(&block)
-        return unless block_given?
+        return unless block
 
         Castle::Core::GetConnection.call.start(&block)
       end

data/lib/castle/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Castle
-  VERSION = '7.1.2'
+  VERSION = '8.0.0'
 end

data/lib/castle.rb

@@ -67,9 +67,7 @@
 module Castle
   class << self
     def configure(config_hash = nil)
-      (config_hash || {}).each do |config_name, config_value|
-        config.send("#{config_name}=", config_value)
-      end
+      (config_hash || {}).each { |config_name, config_value| config.send(:"#{config_name}=", config_value) }
 
       yield(config) if block_given?
     end

data/spec/integration/rails/rails_spec.rb

@@ -24,11 +24,12 @@ RSpec.describe HomeController, type: :request do
             'Accept' =>
               'text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5',
             'Authorization' => true,
-            'Content-Length' => '0',
             'Cookie' => true,
+            'Content-Length' => '0',
             'Host' => 'www.example.com',
             'X-Forwarded-For' => '5.5.5.5, 1.2.3.4',
-            'Remote-Addr' => '127.0.0.1'
+            'Remote-Addr' => '127.0.0.1',
+            'Version' => 'HTTP/1.0'
           },
           'ip' => '1.2.3.4',
           'library' => {
@@ -40,7 +41,12 @@ RSpec.describe HomeController, type: :request do
     end
     let(:now) { Time.now }
     let(:headers) do
-      { 'HTTP_AUTHORIZATION' => 'Basic 123', 'HTTP_X_FORWARDED_FOR' => '5.5.5.5, 1.2.3.4' }
+      {
+        'HTTP_AUTHORIZATION' => 'Basic 123',
+        'HTTP_X_FORWARDED_FOR' => '5.5.5.5, 1.2.3.4',
+        'HTTP_VERSION' => 'HTTP/1.0',
+        'HTTP_CONTENT_LENGTH' => '0'
+      }
     end
 
     before do

data/spec/integration/rails/support/application.rb

@@ -3,8 +3,8 @@
 require 'action_controller/railtie'
 
 class TestApp < Rails::Application
-  secrets.secret_token = 'secret_token'
-  secrets.secret_key_base = 'secret_key_base'
+  credentials.secret_token = 'secret_token'
+  credentials.secret_key_base = 'secret_key_base'
 
   config.logger = Logger.new($stdout)
   Rails.logger = config.logger