castle-rb 8.0.0 → 9.0.0

data/spec/lib/castle/context/merge_spec.rb

@@ -1,23 +0,0 @@
-# frozen_string_literal: true
-
-describe Castle::Context::Merge do
-  let(:first) { { test: { test1: { c: '4' } } } }
-
-  describe '#call' do
-    subject { described_class.call(first, second) }
-
-    let(:result) { { test: { test1: { c: '4', d: '5' } } } }
-
-    context 'with symbol keys' do
-      let(:second) { { test: { test1: { d: '5' } } } }
-
-      it { is_expected.to eq(result) }
-    end
-
-    context 'with string keys' do
-      let(:second) { { 'test' => { 'test1' => { 'd' => '5' } } } }
-
-      it { is_expected.to eq(result) }
-    end
-  end
-end

data/spec/lib/castle/context/prepare_spec.rb

@@ -1,42 +0,0 @@
-# frozen_string_literal: true
-
-describe Castle::Context::Prepare do
-  let(:ip) { '1.2.3.4' }
-  let(:cookie_id) { 'abcd' }
-  let(:ua) { 'Chrome' }
-  let(:env) do
-    Rack::MockRequest.env_for(
-      '/',
-      'HTTP_USER_AGENT' => ua,
-      'HTTP_X_FORWARDED_FOR' => ip,
-      'HTTP_COOKIE' => "__cid=#{cookie_id};other=efgh",
-      'HTTP_CONTENT_LENGTH' => '0'
-    )
-  end
-  let(:request) { Rack::Request.new(env) }
-  let(:context) do
-    {
-      client_id: 'abcd',
-      active: true,
-      user_agent: ua,
-      headers: headers,
-      ip: ip,
-      library: {
-        name: 'castle-rb',
-        version: '6.0.0'
-      }
-    }
-  end
-
-  let(:headers) { { 'Content-Length': '0', 'User-Agent': ua, 'X-Forwarded-For': ip.to_s, Cookie: true } }
-
-  before { stub_const('Castle::VERSION', '6.0.0') }
-
-  describe '#call' do
-    subject(:generated) { described_class.call(request) }
-
-    context 'when active true' do
-      it { is_expected.to eql(context) }
-    end
-  end
-end

data/spec/lib/castle/context/sanitize_spec.rb

@@ -1,27 +0,0 @@
-# frozen_string_literal: true
-
-describe Castle::Context::Sanitize do
-  let(:paylod) { { test: 'test' } }
-
-  describe '#call' do
-    subject { described_class.call(context) }
-
-    context 'when active true' do
-      let(:context) { paylod.merge(active: true) }
-
-      it { is_expected.to eql(context) }
-    end
-
-    context 'when active false' do
-      let(:context) { paylod.merge(active: false) }
-
-      it { is_expected.to eql(context) }
-    end
-
-    context 'when active string' do
-      let(:context) { paylod.merge(active: 'uknown') }
-
-      it { is_expected.to eql(paylod) }
-    end
-  end
-end

data/spec/lib/castle/core/get_connection_spec.rb

@@ -1,43 +0,0 @@
-# frozen_string_literal: true
-
-describe Castle::Core::GetConnection do
-  describe '.call' do
-    subject(:class_call) { described_class.call }
-
-    context 'when ssl false' do
-      let(:localhost) { 'localhost' }
-      let(:port) { 3002 }
-      let(:api_url) { '/test' }
-
-      before do
-        Castle.config.base_url = 'http://localhost:3002'
-
-        allow(Net::HTTP).to receive(:new).with(localhost, port).and_call_original
-      end
-
-      it do
-        class_call
-
-        expect(Net::HTTP).to have_received(:new).with(localhost, port)
-      end
-
-      it { expect(class_call).to be_an_instance_of(Net::HTTP) }
-    end
-
-    context 'when ssl true' do
-      let(:localhost) { 'localhost' }
-      let(:port) { 443 }
-
-      before { Castle.config.base_url = 'https://localhost' }
-
-      context 'with block' do
-        let(:api_url) { '/test' }
-        let(:request) { Net::HTTP::Get.new(api_url) }
-
-        before { allow(Net::HTTP).to receive(:new).with(localhost, port).and_call_original }
-
-        it { expect(class_call).to be_an_instance_of(Net::HTTP) }
-      end
-    end
-  end
-end

data/spec/lib/castle/core/process_response_spec.rb

@@ -1,103 +0,0 @@
-# frozen_string_literal: true
-
-describe Castle::Core::ProcessResponse do
-  describe '#call' do
-    subject(:call) { described_class.call(response) }
-
-    context 'when success' do
-      let(:response) { OpenStruct.new(body: '{"user":1}', code: 200) }
-
-      it { expect(call).to eql(user: 1) }
-    end
-
-    describe 'authenticate' do
-      context 'when allow without any additional props' do
-        let(:response) { OpenStruct.new(body: '{"action":"allow","user_id":"12345"}', code: 200) }
-
-        it { expect(call).to eql({ action: 'allow', user_id: '12345' }) }
-      end
-
-      context 'when allow with additional props' do
-        let(:response) { OpenStruct.new(body: '{"action":"allow","user_id":"12345","internal":{}}', code: 200) }
-
-        it { expect(call).to eql({ action: 'allow', user_id: '12345', internal: {} }) }
-      end
-
-      context 'when deny without risk policy' do
-        let(:response) { OpenStruct.new(body: '{"action":"deny","user_id":"1","device_token":"abc"}', code: 200) }
-
-        it { expect(call).to eql({ action: 'deny', user_id: '1', device_token: 'abc' }) }
-      end
-
-      context 'when deny with risk policy' do
-        let(:body) do
-          '{"action":"deny","user_id":"1","device_token":"abc",
-          "risk_policy":{"id":"123","revision_id":"abc","name":"def","type":"bot"}}'
-        end
-        let(:response) { OpenStruct.new({ body: body, code: 200 }) }
-
-        let(:result) do
-          {
-            action: 'deny',
-            user_id: '1',
-            device_token: 'abc',
-            risk_policy: {
-              id: '123',
-              revision_id: 'abc',
-              name: 'def',
-              type: 'bot'
-            }
-          }
-        end
-
-        it { expect(call).to eql(result) }
-      end
-    end
-
-    context 'when response empty' do
-      let(:response) { OpenStruct.new(body: '', code: 200) }
-
-      it { expect(call).to eql({}) }
-    end
-
-    context 'when response nil' do
-      let(:response) { OpenStruct.new(code: 200) }
-
-      it { expect(call).to eql({}) }
-    end
-
-    context 'when json is malformed' do
-      let(:response) { OpenStruct.new(body: '{a', code: 200) }
-
-      it { expect { call }.to raise_error(Castle::ApiError) }
-    end
-  end
-
-  describe '#verify!' do
-    subject(:verify!) { described_class.verify!(response) }
-
-    context 'without error when response is 2xx' do
-      let(:response) { OpenStruct.new(code: 200) }
-
-      it { expect { verify! }.not_to raise_error }
-    end
-
-    shared_examples 'response_failed' do |code, error|
-      let(:response) { OpenStruct.new(code: code) }
-
-      it "fail when response is #{code}" do
-        expect { verify! }.to raise_error(error)
-      end
-    end
-
-    it_behaves_like 'response_failed', '400', Castle::BadRequestError
-    it_behaves_like 'response_failed', '401', Castle::UnauthorizedError
-    it_behaves_like 'response_failed', '403', Castle::ForbiddenError
-    it_behaves_like 'response_failed', '404', Castle::NotFoundError
-    it_behaves_like 'response_failed', '419', Castle::UserUnauthorizedError
-    it_behaves_like 'response_failed', '422', Castle::InvalidParametersError
-    it_behaves_like 'response_failed', '429', Castle::RateLimitError
-    it_behaves_like 'response_failed', '499', Castle::ApiError
-    it_behaves_like 'response_failed', '500', Castle::InternalServerError
-  end
-end

data/spec/lib/castle/core/process_webhook_spec.rb

@@ -1,52 +0,0 @@
-# frozen_string_literal: true
-
-describe Castle::Core::ProcessWebhook do
-  describe '#call' do
-    subject(:call) { described_class.call(webhook) }
-
-    let(:webhook_body) do
-      {
-        api_version: 'v1',
-        app_id: '12345',
-        type: '$incident.confirmed',
-        created_at: '2020-12-18T12:55:21.779Z',
-        data: {
-          id: 'test',
-          device_token: 'token',
-          user_id: '',
-          trigger: '$login.succeeded',
-          context: {
-          },
-          location: {
-          },
-          user_agent: {
-          }
-        },
-        user_traits: {
-        },
-        properties: {
-        },
-        policy: {
-        }
-      }.to_json
-    end
-
-    let(:webhook) { OpenStruct.new(body: StringIO.new(webhook_body)) }
-
-    context 'when success' do
-      it { expect(call).to eql(webhook_body) }
-    end
-
-    context 'when webhook empty' do
-      let(:webhook) { OpenStruct.new(body: StringIO.new('')) }
-
-      it { expect { call }.to raise_error(Castle::ApiError, 'Invalid webhook from Castle API') }
-    end
-
-    context 'when webhook nil' do
-      let(:webhook) { OpenStruct.new(body: StringIO.new) }
-
-      it { expect { call }.to raise_error(Castle::ApiError, 'Invalid webhook from Castle API') }
-    end
-  end
-end

data/spec/lib/castle/core/send_request_spec.rb

@@ -1,97 +0,0 @@
-# frozen_string_literal: true
-
-describe Castle::Core::SendRequest do
-  let(:config) { Castle.config }
-
-  describe '#call' do
-    let(:command) { Castle::Commands::Track.build(event: '$login.succeeded') }
-    let(:headers) { {} }
-    let(:request_build) { {} }
-    let(:expected_headers) { { 'Content-Type' => 'application/json' } }
-    let(:http) { instance_double(Net::HTTP) }
-
-    context 'without http arg provided' do
-      subject(:call) { described_class.call(command, headers, nil, config) }
-
-      let(:http) { instance_double(Net::HTTP) }
-      let(:command) { Castle::Commands::Track.build(event: '$login.succeeded') }
-      let(:headers) { {} }
-      let(:request_build) { {} }
-      let(:expected_headers) { { 'Content-Type' => 'application/json' } }
-
-      before do
-        allow(Castle::Core::GetConnection).to receive(:call).and_return(http)
-        allow(http).to receive(:request)
-        allow(described_class).to receive(:build).and_return(request_build)
-        call
-      end
-
-      it { expect(described_class).to have_received(:build).with(command, expected_headers, config) }
-
-      it { expect(http).to have_received(:request).with(request_build) }
-    end
-
-    context 'with http arg provided' do
-      subject(:call) { described_class.call(command, headers, http, config) }
-
-      before do
-        allow(Castle::Core::GetConnection).to receive(:call)
-        allow(http).to receive(:request)
-        allow(described_class).to receive(:build).and_return(request_build)
-        call
-      end
-
-      it { expect(Castle::Core::GetConnection).not_to have_received(:call) }
-
-      it { expect(described_class).to have_received(:build).with(command, expected_headers, config) }
-
-      it { expect(http).to have_received(:request).with(request_build) }
-    end
-  end
-
-  describe '#build' do
-    subject(:build) { described_class.build(command, headers, config) }
-
-    let(:headers) { { 'SAMPLE-HEADER' => '1' } }
-    let(:api_secret) { 'secret' }
-
-    context 'when post' do
-      let(:time) { Time.now.utc.iso8601(3) }
-      let(:command) { Castle::Commands::Track.build(event: '$login.succeeded', name: "\xC4") }
-      let(:expected_body) { { event: '$login.succeeded', name: '�', context: {}, sent_at: time } }
-
-      before { allow(Castle::Utils::GetTimestamp).to receive(:call).and_return(time) }
-
-      it { expect(build.body).to eql(expected_body.to_json) }
-      it { expect(build.method).to eql('POST') }
-      it { expect(build.path).to eql("/v1/#{command.path}") }
-      it { expect(build.to_hash).to have_key('authorization') }
-      it { expect(build.to_hash).to have_key('sample-header') }
-      it { expect(build.to_hash['sample-header']).to eql(['1']) }
-    end
-
-    context 'when get' do
-      let(:time) { Time.now.utc.iso8601(3) }
-      let(:command) { Castle::Commands::GetDevice.build(device_token: '1') }
-      let(:expected_body) { {} }
-
-      before { allow(Castle::Utils::GetTimestamp).to receive(:call).and_return(time) }
-
-      it { expect(build.body).to eql(expected_body.to_json) }
-      it { expect(build.method).to eql('GET') }
-      it { expect(build.path).to eql("/v1/#{command.path}") }
-    end
-
-    context 'when put' do
-      let(:time) { Time.now.utc.iso8601(3) }
-      let(:command) { Castle::Commands::ApproveDevice.build(device_token: '1') }
-      let(:expected_body) { {} }
-
-      before { allow(Castle::Utils::GetTimestamp).to receive(:call).and_return(time) }
-
-      it { expect(build.body).to eql(expected_body.to_json) }
-      it { expect(build.method).to eql('PUT') }
-      it { expect(build.path).to eql("/v1/#{command.path}") }
-    end
-  end
-end

data/spec/lib/castle/failover/strategy_spec.rb

@@ -1,12 +0,0 @@
-# frozen_string_literal: true
-
-describe Castle::Failover::Strategy do
-  subject(:strategy) { described_class }
-
-  it { expect(strategy::ALLOW).to be(:allow) }
-  it { expect(strategy::DENY).to be(:deny) }
-  it { expect(strategy::CHALLENGE).to be(:challenge) }
-  it { expect(strategy::THROW).to be(:throw) }
-
-  it { expect(Castle::Failover::STRATEGIES).to eql(%i[allow deny challenge throw]) }
-end

data/spec/lib/castle/headers/extract_spec.rb

@@ -1,103 +0,0 @@
-# frozen_string_literal: true
-
-describe Castle::Headers::Extract do
-  subject(:extract_call) { described_class.new(formatted_headers).call }
-
-  let(:formatted_headers) do
-    {
-      'Content-Length' => '0',
-      'Authorization' => 'Basic 123456',
-      'Cookie' => '__cid=abcd;other=efgh',
-      'Ok' => 'OK',
-      'Accept' => 'application/json',
-      'X-Forwarded-For' => '1.2.3.4',
-      'User-Agent' => 'Mozilla 1234'
-    }
-  end
-
-  after do
-    Castle.config.allowlisted = %w[]
-    Castle.config.denylisted = %w[]
-  end
-
-  context 'when allowlist is not set in the configuration' do
-    let(:result) do
-      {
-        'Accept' => 'application/json',
-        'Authorization' => true,
-        'Cookie' => true,
-        'Content-Length' => '0',
-        'Ok' => 'OK',
-        'User-Agent' => 'Mozilla 1234',
-        'X-Forwarded-For' => '1.2.3.4'
-      }
-    end
-
-    it { expect(extract_call).to eq(result) }
-  end
-
-  context 'when allowlist is set in the configuration' do
-    before { Castle.config.allowlisted = %w[Accept OK] }
-
-    let(:result) do
-      {
-        'Accept' => 'application/json',
-        'Authorization' => true,
-        'Cookie' => true,
-        'Content-Length' => true,
-        'Ok' => 'OK',
-        'User-Agent' => 'Mozilla 1234',
-        'X-Forwarded-For' => true
-      }
-    end
-
-    it { expect(extract_call).to eq(result) }
-  end
-
-  context 'when denylist is set in the configuration' do
-    context 'with a User-Agent' do
-      let(:result) do
-        {
-          'Accept' => 'application/json',
-          'Authorization' => true,
-          'Cookie' => true,
-          'Content-Length' => '0',
-          'Ok' => 'OK',
-          'User-Agent' => 'Mozilla 1234',
-          'X-Forwarded-For' => '1.2.3.4'
-        }
-      end
-
-      before { Castle.config.denylisted = %w[User-Agent] }
-
-      it { expect(extract_call).to eq(result) }
-    end
-
-    context 'with a different header' do
-      let(:result) do
-        {
-          'Accept' => true,
-          'Authorization' => true,
-          'Cookie' => true,
-          'Content-Length' => '0',
-          'Ok' => 'OK',
-          'User-Agent' => 'Mozilla 1234',
-          'X-Forwarded-For' => '1.2.3.4'
-        }
-      end
-
-      before { Castle.config.denylisted = %w[Accept] }
-
-      it { expect(extract_call).to eq(result) }
-    end
-  end
-
-  context 'when a header is both allowlisted and denylisted' do
-    before do
-      Castle.config.allowlisted = %w[Accept]
-      Castle.config.denylisted = %w[Accept]
-    end
-
-    it { expect(extract_call['Accept']).to be(true) }
-  end
-end

data/spec/lib/castle/headers/filter_spec.rb

@@ -1,42 +0,0 @@
-# frozen_string_literal: true
-
-describe Castle::Headers::Filter do
-  subject(:filter_call) { described_class.new(request).call }
-
-  let(:env) do
-    result =
-      Rack::MockRequest.env_for(
-        '/',
-        'Action-Dispatch.request.content-Type' => 'application/json',
-        'HTTP_AUTHORIZATION' => 'Basic 123456',
-        'HTTP_COOKIE' => '__cid=abcd;other=efgh',
-        'HTTP_ACCEPT' => 'application/json',
-        'HTTP_X_FORWARDED_FOR' => '1.2.3.4',
-        'HTTP_USER_AGENT' => 'Mozilla 1234',
-        'TEST' => '1',
-        'REMOTE_ADDR' => '1.2.3.4',
-        'HTTP_CONTENT_LENGTH' => '0',
-        'http_accept_language.parser' => -> { 'noop' }
-      )
-    result[:HTTP_OK] = 'OK'
-    result
-  end
-  let(:filtered) do
-    {
-      'Accept' => 'application/json',
-      'Authorization' => 'Basic 123456',
-      'Cookie' => '__cid=abcd;other=efgh',
-      'Content-Length' => '0',
-      'Ok' => 'OK',
-      'User-Agent' => 'Mozilla 1234',
-      'Remote-Addr' => '1.2.3.4',
-      'X-Forwarded-For' => '1.2.3.4',
-      'Accept-Language.parser' => start_with('#<Proc')
-    }
-  end
-  let(:request) { Rack::Request.new(env) }
-
-  context 'with list of header' do
-    it { expect(filter_call).to match(filtered) }
-  end
-end

data/spec/lib/castle/headers/format_spec.rb

@@ -1,25 +0,0 @@
-# frozen_string_literal: true
-
-describe Castle::Headers::Format do
-  subject(:format) { described_class }
-
-  it 'removes HTTP_' do
-    expect(format.call('HTTP_X_TEST')).to eql('X-Test')
-  end
-
-  it 'capitalizes header' do
-    expect(format.call('X_TEST')).to eql('X-Test')
-  end
-
-  it 'ignores letter case and -_ divider' do
-    expect(format.call('http-X_teST')).to eql('X-Test')
-  end
-
-  it 'does not remove http if there is no _- char' do
-    expect(format.call('httpX_teST')).to eql('Httpx-Test')
-  end
-
-  it 'capitalizes' do
-    expect(format.call(:clearance)).to eql('Clearance')
-  end
-end

data/spec/lib/castle/ips/extract_spec.rb

@@ -1,91 +0,0 @@
-# frozen_string_literal: true
-
-describe Castle::IPs::Extract do
-  subject(:extractor) { described_class.new(headers) }
-
-  describe 'ip' do
-    after do
-      Castle.config.ip_headers = []
-      Castle.config.trusted_proxies = []
-    end
-
-    context 'when regular ip' do
-      let(:headers) { { 'X-Forwarded-For' => '1.2.3.5' } }
-
-      it { expect(extractor.call).to eql('1.2.3.5') }
-    end
-
-    context 'when we need to use other ip header' do
-      let(:headers) { { 'Cf-Connecting-Ip' => '1.2.3.4', 'X-Forwarded-For' => '1.1.1.1, 1.2.2.2, 1.2.3.5' } }
-
-      context 'with uppercase format' do
-        before { Castle.config.ip_headers = %w[CF_CONNECTING_IP X-Forwarded-For] }
-
-        it { expect(extractor.call).to eql('1.2.3.4') }
-      end
-
-      context 'with regular format' do
-        before { Castle.config.ip_headers = %w[Cf-Connecting-Ip X-Forwarded-For] }
-
-        it { expect(extractor.call).to eql('1.2.3.4') }
-      end
-
-      context 'with value from trusted proxies it get seconds header' do
-        before do
-          Castle.config.ip_headers = %w[Cf-Connecting-Ip X-Forwarded-For]
-          Castle.config.trusted_proxies = %w[1.2.3.4]
-        end
-
-        it { expect(extractor.call).to eql('1.2.3.5') }
-      end
-    end
-
-    context 'with all the trusted proxies' do
-      let(:http_x_header) { '127.0.0.1,10.0.0.1,172.31.0.1,192.168.0.1' }
-
-      let(:headers) { { 'Remote-Addr' => '127.0.0.1', 'X-Forwarded-For' => http_x_header } }
-
-      it 'fallbacks to first available header when all headers are marked trusted proxy' do
-        expect(extractor.call).to eql('127.0.0.1')
-      end
-    end
-
-    context 'with trust_proxy_chain option' do
-      let(:http_x_header) { '6.6.6.6, 2.2.2.3, 6.6.6.5' }
-
-      let(:headers) { { 'Remote-Addr' => '6.6.6.4', 'X-Forwarded-For' => http_x_header } }
-
-      before { Castle.config.trust_proxy_chain = true }
-
-      it 'selects first available header' do
-        expect(extractor.call).to eql('6.6.6.6')
-      end
-    end
-
-    context 'with trusted_proxy_depth option' do
-      let(:http_x_header) { '6.6.6.6, 2.2.2.3, 6.6.6.5' }
-
-      let(:headers) { { 'Remote-Addr' => '6.6.6.4', 'X-Forwarded-For' => http_x_header } }
-
-      before { Castle.config.trusted_proxy_depth = 1 }
-
-      it 'selects first available header' do
-        expect(extractor.call).to eql('2.2.2.3')
-      end
-    end
-
-    context 'when list of not trusted ips provided in X_FORWARDED_FOR' do
-      let(:headers) { { 'X-Forwarded-For' => '6.6.6.6, 2.2.2.3, 192.168.0.7', 'Client-Ip' => '6.6.6.6' } }
-
-      it 'does not allow to spoof ip' do
-        expect(extractor.call).to eql('2.2.2.3')
-      end
-
-      context 'when marked 2.2.2.3 as trusted proxy' do
-        before { Castle.config.trusted_proxies = [/^2.2.2.\d$/] }
-
-        it { expect(extractor.call).to eql('6.6.6.6') }
-      end
-    end
-  end
-end