RubyGems - cloudinary - Versions diffs - 2.2.0 → 2.3.1 - Mend

cloudinary 2.2.0 → 2.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

checksums.yaml +4 -4
data/.github/workflows/ci.yml +42 -0
data/CHANGELOG.md +17 -0
data/lib/cloudinary/api.rb +29 -6
data/lib/cloudinary/base_api.rb +1 -1
data/lib/cloudinary/cloudinary_controller.rb +7 -5
data/lib/cloudinary/helper.rb +7 -2
data/lib/cloudinary/preloaded_file.rb +1 -2
data/lib/cloudinary/uploader.rb +4 -4
data/lib/cloudinary/utils.rb +45 -6
data/lib/cloudinary/version.rb +1 -1
metadata +3 -3
data/.travis.yml +0 -23

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4f827756d17fc0b871d277a5bbdc6bc1ab3edeb30cf8765f29dd9fda17f6870d
-  data.tar.gz: 91e533b452f021f65255e26caed2271d5a96387a5c5728f5268720c9a2306fb6
+  metadata.gz: c0ad3ba5b49a838e7d13426ba67a292f27831034fca177ce31e8858bd3a214f6
+  data.tar.gz: 91b672ddf6bec07bdddd0691e29b8e50d28d757627bbd22384c62afd0661a73a
 SHA512:
-  metadata.gz: 837eb7160f55eed0b1df45d041c2a8deb18ccd0acd6ee405cf70f151ee7926bf5715bd9852f7da21ef393a28e8ad630d40770d47ed7b296c915a98dd5fb8f417
-  data.tar.gz: a724d55a25e2b09a33d2c722021ad3c335a034e822961f86312916b6296902d1b65417ae0f630537fa10f603cf7ff28f98b291f648777d371d578524a0062ba9
+  metadata.gz: b2189e9c87739637af5a46b989d76ee14b7ccf024228a785fdc54bd875176ece44a3f72ad46659bf10ec1a86a7686faca19921b89faa4b7deaed47c616257457
+  data.tar.gz: 644dbad25b178cbc92928b9b1c2e7e51b4fcd0c23a2bd1d7a48f054db6c4fea640e8b998138fe914cbd7ea3ea8b06c28a449429c5b0d20a45e6d2662140e98b2

data/.github/workflows/ci.yml ADDED Viewed

@@ -0,0 +1,42 @@
+name: Ruby Test 💎
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
+jobs:
+  test:
+    name: 💎 Test with Ruby ${{ matrix.ruby-version }}
+    strategy:
+      fail-fast: false
+      matrix:
+        ruby-version:
+          - '3.1.7'
+          - '3.2.8'
+          - '3.3.8'
+          - '3.4.4'
+    runs-on: ubuntu-22.04
+    steps:
+    - name: 🔄 Checkout Repository
+      uses: actions/checkout@v4
+    - name: 🛠️ Setup Ruby ${{ matrix.ruby-version }}
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: ${{ matrix.ruby-version }}
+        bundler-cache: true
+    - name: ☁️ Set up test cloud
+      run: |
+        export CLOUDINARY_URL=$(bash tools/get_test_cloud.sh)
+        echo "CLOUDINARY_URL=$CLOUDINARY_URL" >> $GITHUB_ENV
+        echo "cloud_name: $(echo $CLOUDINARY_URL | cut -d'@' -f2)"
+    - name: 🧪 Run tests
+      run: bundle exec rspec --format documentation --color
+      env:
+        CLOUDINARY_URL: ${{ env.CLOUDINARY_URL }}

data/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,20 @@
+2.3.1 / 2025-06-17
+==================
+  * Fix API parameters signature
+  * Allow passing tag attributes for `cloudinary_js_config` tag
+  * Fix `Cloudinary::Uploader.exists?` method
+2.3.0 / 2025-02-20
+==================
+New functionality and features
+------------------------------
+  * Add support for `429 Too Many Requests` HTTP status code
+  * Add support for `allow_dynamic_list_values` parameter in `MetadataField`
+  * Add support for `config` Admin API
 2.2.0 / 2024-09-08
 ==================

data/lib/cloudinary/api.rb CHANGED Viewed

@@ -14,6 +14,22 @@ class Cloudinary::Api
     call_api(:get, "ping", {}, options)
   end
+  # Retrieves account configuration details.
+  #
+  # @param [Hash] options The optional parameters.
+  #
+  # @return [Cloudinary::Api::Response]
+  #
+  # @raise [Cloudinary::Api::Error]
+  #
+  # @see https://cloudinary.com/documentation/admin_api#config
+  def self.config(options={})
+    uri = "config"
+    params = only(options, :settings)
+    call_api(:get, uri, params, options)
+  end
   # Gets cloud usage details.
   #
   # Returns a report detailing your current Cloudinary cloud usage details, including
@@ -1021,9 +1037,7 @@ class Cloudinary::Api
   #
   # @see https://cloudinary.com/documentation/admin_api#create_a_metadata_field
   def self.add_metadata_field(field, options = {})
-    params = only(field, :type, :external_id, :label, :mandatory, :default_value, :validation, :datasource)
-    call_metadata_api(:post, [], params, options)
+    call_metadata_api(:post, [], prepare_metadata_field_params(field), options)
   end
   # Updates a metadata field by external ID.
@@ -1040,10 +1054,19 @@ class Cloudinary::Api
   #
   # @see https://cloudinary.com/documentation/admin_api#update_a_metadata_field_by_external_id
   def self.update_metadata_field(field_external_id, field, options = {})
-    uri = [field_external_id]
-    params = only(field, :label, :mandatory, :default_value, :validation)
+    uri    = [field_external_id]
-    call_metadata_api(:put, uri, params, options)
+    call_metadata_api(:put, uri, prepare_metadata_field_params(field), options)
+  end
+  # Prepares optional parameters for add/update_metadata_field API calls.
+  # @param  [Hash]   options Additional options
+  # @return [Object]         Optional parameters
+  def self.prepare_metadata_field_params(field)
+    only(field,
+         :type, :external_id, :label, :mandatory, :restrictions, :default_value, :default_disabled,
+         :validation, :datasource, :allow_dynamic_list_values
+    )
   end
   # Deletes a metadata field definition by external ID.

data/lib/cloudinary/base_api.rb CHANGED Viewed

@@ -57,7 +57,7 @@ module Cloudinary::BaseApi
                       when 403 then NotAllowed
                       when 404 then NotFound
                       when 409 then AlreadyExists
-                      when 420 then RateLimited
+                      when 420, 429 then RateLimited
                       when 500 then GeneralError
                       else raise GeneralError.new("Server returned unexpected status code - #{response.status} - #{response.body}")
                       end

data/lib/cloudinary/cloudinary_controller.rb CHANGED Viewed

@@ -2,10 +2,12 @@ module Cloudinary::CloudinaryController
   protected
   def valid_cloudinary_response?
-    received_signature = request.query_parameters[:signature]
-    calculated_signature = Cloudinary::Utils.api_sign_request(
-      request.query_parameters.select{|key, value| [:public_id, :version].include?(key.to_sym)},
-      Cloudinary.config.api_secret)
-    return received_signature == calculated_signature
+    params = request.query_parameters.select { |key, value| [:public_id, :version, :signature].include?(key.to_sym) }.transform_keys(&:to_sym)
+    Cloudinary::Utils.verify_api_response_signature(
+      params[:public_id],
+      params[:version],
+      params[:signature]
+    )
   end
 end

data/lib/cloudinary/helper.rb CHANGED Viewed

@@ -219,14 +219,19 @@ module CloudinaryHelper
   end
   CLOUDINARY_JS_CONFIG_PARAMS = [:api_key, :cloud_name, :private_cdn, :secure_distribution, :cdn_subdomain]
-  def cloudinary_js_config
+  def cloudinary_js_config(**tag_options)
     params = {}
     CLOUDINARY_JS_CONFIG_PARAMS.each do
       |param|
       value = Cloudinary.config.send(param)
       params[param] = value if !value.nil?
     end
-    content_tag("script", "$.cloudinary.config(#{params.to_json});".html_safe, :type=>"text/javascript")
+    content_tag(
+      "script",
+      "$.cloudinary.config(#{params.to_json});".html_safe,
+      :type=>"text/javascript",
+      **tag_options
+    )
   end
   def cl_client_hints_meta_tag

data/lib/cloudinary/preloaded_file.rb CHANGED Viewed

@@ -9,8 +9,7 @@ class Cloudinary::PreloadedFile
   def valid?
     public_id = @resource_type == "raw" ? self.filename : self.public_id
-    expected_signature = Cloudinary::Utils.api_sign_request({:public_id=>public_id, :version=>version}, Cloudinary.config.api_secret)
-    @signature == expected_signature
+    Cloudinary::Utils.verify_api_response_signature(public_id, version, @signature)
   end
   def identifier

data/lib/cloudinary/uploader.rb CHANGED Viewed

@@ -150,12 +150,11 @@ class Cloudinary::Uploader
   def self.exists?(public_id, options={})
     cloudinary_url = Cloudinary::Utils.cloudinary_url(public_id, options)
     begin
-      code = RestClient::Request.execute(:method => :head, :url => cloudinary_url, :timeout => 5).code
+      code = Faraday.new(request: { timeout: 5 }).head(cloudinary_url).status
       code >= 200 && code < 300
-    rescue RestClient::ResourceNotFound
+    rescue Faraday::ResourceNotFound
       return false
     end
   end
   def self.explicit(public_id, options={})
@@ -361,7 +360,8 @@ class Cloudinary::Uploader
       api_key             = options[:api_key] || Cloudinary.config.api_key || raise(CloudinaryException, "Must supply api_key")
       api_secret          = options[:api_secret] || Cloudinary.config.api_secret || raise(CloudinaryException, "Must supply api_secret")
       signature_algorithm = options[:signature_algorithm]
-      params[:signature]  = Cloudinary::Utils.api_sign_request(params.reject { |k, v| non_signable.include?(k) }, api_secret, signature_algorithm)
+      signature_version   = options[:signature_version]
+      params[:signature]  = Cloudinary::Utils.api_sign_request(params.reject { |k, v| non_signable.include?(k) }, api_secret, signature_algorithm, signature_version)
       params[:api_key]    = api_key
     end

data/lib/cloudinary/utils.rb CHANGED Viewed

@@ -469,12 +469,50 @@ class Cloudinary::Utils
     end
   end
-  def self.api_string_to_sign(params_to_sign)
-    params_to_sign.map{|k,v| [k.to_s, v.is_a?(Array) ? v.join(",") : v]}.reject{|k,v| v.nil? || v == ""}.sort_by(&:first).map{|k,v| "#{k}=#{v}"}.join("&")
+  # Encodes a parameter for safe inclusion in URL query strings.
+  #
+  # Specifically replaces "&" characters with their percent-encoded equivalent "%26"
+  # to prevent them from being interpreted as parameter separators in URL query strings.
+  #
+  # @param [Object] value The parameter to encode
+  # @return [String] Encoded parameter
+  # @private
+  def self.encode_param(value)
+    value.to_s.gsub("&", "%26")
   end
-  def self.api_sign_request(params_to_sign, api_secret, signature_algorithm = nil)
-    to_sign = api_string_to_sign(params_to_sign)
+  # Generates a string to be signed for API requests
+  #
+  # @param [Hash] params_to_sign Parameters to include in the signature
+  # @param [Integer] signature_version Version of signature algorithm to use:
+  #   - Version 1: Original behavior without parameter encoding
+  #   - Version 2+ (default): Includes parameter encoding to prevent parameter smuggling
+  # @return [String] String to be signed
+  # @private
+  def self.api_string_to_sign(params_to_sign, signature_version = 2)
+    params_to_sign.map { |k, v| [k.to_s, v.is_a?(Array) ? v.join(",") : v] }
+                  .reject { |k, v| v.nil? || v == "" }
+                  .sort_by(&:first)
+                  .map { |k, v|
+                    param_string = "#{k}=#{v}"
+                    signature_version >= 2 ? encode_param(param_string) : param_string
+                  }
+                  .join("&")
+  end
+  # Signs API request parameters
+  #
+  # @param [Hash] params_to_sign Parameters to include in the signature
+  # @param [String] api_secret API secret for signing
+  # @param [Symbol|nil] signature_algorithm Hash algorithm to use (:sha1 or :sha256)
+  # @param [Integer|nil] signature_version Version of signature algorithm to use:
+  #   - Version 1: Original behavior without parameter encoding
+  #   - Version 2+ (default): Includes parameter encoding to prevent parameter smuggling
+  # @return [String] Hexadecimal signature
+  # @private
+  def self.api_sign_request(params_to_sign, api_secret, signature_algorithm = nil, signature_version = nil)
+    signature_version ||= Cloudinary.config.signature_version || 2
+    to_sign = api_string_to_sign(params_to_sign, signature_version)
     hash("#{to_sign}#{api_secret}", signature_algorithm, :hexdigest)
   end
@@ -746,8 +784,9 @@ class Cloudinary::Utils
     api_key = options[:api_key] || Cloudinary.config.api_key || raise(CloudinaryException, "Must supply api_key")
     api_secret = options[:api_secret] || Cloudinary.config.api_secret || raise(CloudinaryException, "Must supply api_secret")
     signature_algorithm = options[:signature_algorithm]
+    signature_version = options[:signature_version]
     params = params.reject{|k, v| self.safe_blank?(v)}
-    params[:signature] = api_sign_request(params, api_secret, signature_algorithm)
+    params[:signature] = api_sign_request(params, api_secret, signature_algorithm, signature_version)
     params[:api_key] = api_key
     params
   end
@@ -1351,7 +1390,7 @@ class Cloudinary::Utils
       :version => version
     }
-    signature == api_sign_request(parameters_to_sign, api_secret, signature_algorithm)
+    signature == api_sign_request(parameters_to_sign, api_secret, signature_algorithm, 1)
   end
   # Verifies the authenticity of a notification signature.

data/lib/cloudinary/version.rb CHANGED Viewed

@@ -1,4 +1,4 @@
 # Copyright Cloudinary
 module Cloudinary
-  VERSION = "2.2.0"
+  VERSION = "2.3.1"
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: cloudinary
 version: !ruby/object:Gem::Version
-  version: 2.2.0
+  version: 2.3.1
 platform: ruby
 authors:
 - Nadav Soferman
@@ -10,7 +10,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-09-08 00:00:00.000000000 Z
+date: 2025-06-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday
@@ -332,9 +332,9 @@ files:
 - ".github/ISSUE_TEMPLATE/bug_report.md"
 - ".github/ISSUE_TEMPLATE/feature_request.md"
 - ".github/pull_request_template.md"
+- ".github/workflows/ci.yml"
 - ".gitignore"
 - ".rspec"
-- ".travis.yml"
 - CHANGELOG.md
 - CONTRIBUTING.md
 - Gemfile

data/.travis.yml DELETED Viewed

@@ -1,23 +0,0 @@
-dist: jammy
-language: ruby
-rvm:
-  - 3.1.4
-  - 3.2.2
-  - 3.3.0
-matrix:
-  include:
-    # There is an OpenSSL issue on Jammy with Ruby 3.0
-    - name: "Ruby: 3.0.6"
-      dist: focal
-      rvm: 3.0.6
-before_script: >
-  export CLOUDINARY_URL=$(bash tools/get_test_cloud.sh);
-  echo cloud_name: "$(echo $CLOUDINARY_URL | cut -d'@' -f2)"
-script: bundle exec rspec
-notifications:
-  email:
-    recipients:
-      - sdk_developers@cloudinary.com