committee 2.0.1 → 2.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: d8e95c038f0a60b8733804e45d07d86d06fe443b
-  data.tar.gz: 50bd54f25decd41bbd3f0408a27d96945cdcbf4c
+  metadata.gz: 6b64e50881610fea8f1bb4ee2f0c5ec42f196d15
+  data.tar.gz: b1a449811bf1750b00f3dde8acd48520a42af196
 SHA512:
-  metadata.gz: 1882ae94a7ebc433f0c477fb8af1e39c9e54315387d276ecf1d2fa9c00aea9181ea343e1ce26628d06a01d062c82fdf9ca62728ee16afab2555594d0d1d14a39
-  data.tar.gz: 31e11c118cac2fddee6723cd56434b49e91dedd5d32203446db4de8e8843403a943ce1ff9851a918df1ca844da39ce37d94b8930e3a52f245b2d7c87844fd4cf
+  metadata.gz: 577dcd6f0ff08f595af7c031d3f37cd96b9186858066716b27a9d6d150141309da0ccfab324b6c03fc38784a8456b0ddb523b1c37493b29d9d6baa343ee2ef53
+  data.tar.gz: 4193d95a73e0af8d5e66d51a05e2cd5e500874712c1bb498b7a9f89f829c9d4fac2ec69c9c27ed79e87d6ed3977e7966d3bcd924700559aec743c6c882a8ff28

data/lib/committee/drivers/open_api_2.rb

@@ -81,19 +81,66 @@ module Committee::Drivers
       # data.
       attr_accessor :target_schema
 
+      attr_accessor :header_schema
+
       def rel
         raise "Committee: rel not implemented for OpenAPI"
       end
     end
 
-    # ParameterSchemaBuilder converts OpenAPI 2 link parameters, which are not
-    # quite JSON schemas (but will be in OpenAPI 3) into synthetic schemas that
-    # we can use to do some basic request validation.
-    class ParameterSchemaBuilder
+    class SchemaBuilder
       def initialize(link_data)
         self.link_data = link_data
       end
 
+      private
+
+      LINK_REQUIRED_FIELDS = [
+        :name
+      ].map(&:to_s).freeze
+
+      attr_accessor :link_data
+
+      def check_required_fields!(param_data)
+        LINK_REQUIRED_FIELDS.each do |field|
+          if !param_data[field]
+            raise ArgumentError,
+                  "Committee: no #{field} section in link data."
+          end
+        end
+      end
+    end
+
+    class HeaderSchemaBuilder < SchemaBuilder
+      def call
+        if link_data["parameters"]
+          link_schema = JsonSchema::Schema.new
+          link_schema.properties = {}
+          link_schema.required = []
+
+          header_parameters = link_data["parameters"].select { |param_data| param_data["in"] == "header" }
+          header_parameters.each do |param_data|
+            check_required_fields!(param_data)
+
+            param_schema = JsonSchema::Schema.new
+
+            param_schema.type = [param_data["type"]]
+
+            link_schema.properties[param_data["name"]] = param_schema
+            if param_data["required"] == true
+              link_schema.required << param_data["name"]
+            end
+          end
+
+          link_schema
+        end
+      end
+    end
+
+    # ParameterSchemaBuilder converts OpenAPI 2 link parameters, which are not
+    # quite JSON schemas (but will be in OpenAPI 3) into synthetic schemas that
+    # we can use to do some basic request validation.
+    class ParameterSchemaBuilder < SchemaBuilder
       # Returns a tuple of (schema, schema_data) where only one of the two
       # values is present. This is either a full schema that's ready to go _or_
       # a hash of unparsed schema data.
@@ -115,7 +162,8 @@ module Committee::Drivers
             link_schema.properties = {}
             link_schema.required = []
 
-            link_data["parameters"].each do |param_data|
+            parameters = link_data["parameters"].reject { |param_data| param_data["in"] == "header" }
+            parameters.each do |param_data|
               check_required_fields!(param_data)
 
               param_schema = JsonSchema::Schema.new
@@ -143,23 +191,6 @@ module Committee::Drivers
           end
         end
       end
-
-      private
-
-      LINK_REQUIRED_FIELDS = [
-        :name
-      ].map(&:to_s).freeze
-
-      attr_accessor :link_data
-
-      def check_required_fields!(param_data)
-        LINK_REQUIRED_FIELDS.each do |field|
-          if !param_data[field]
-            raise ArgumentError,
-              "Committee: no #{field} section in link data."
-          end
-        end
-      end
     end
 
     class Schema < Committee::Drivers::Schema
@@ -266,6 +297,7 @@ module Committee::Drivers
           # Convert the spec's parameter pseudo-schemas into JSON schemas that
           # we can use for some basic request validation.
           link.schema, schema_data = ParameterSchemaBuilder.new(link_data).call
+          link.header_schema = HeaderSchemaBuilder.new(link_data).call
 
           # If data came back instead of a schema (this occurs when a route has
           # a single `body` parameter instead of a collection of URL/query/form

data/lib/committee/middleware/base.rb

@@ -5,6 +5,7 @@ module Committee::Middleware
 
       @error_class = options.fetch(:error_class, Committee::ValidationError)
       @params_key = options[:params_key] || "committee.params"
+      @headers_key = options[:headers_key] || "committee.headers"
       @raise = options[:raise]
       @schema = get_schema(options[:schema] ||
         raise(ArgumentError, "Committee: need option `schema`"))

data/lib/committee/middleware/request_validation.rb

@@ -6,6 +6,7 @@ module Committee::Middleware
       @allow_form_params   = options.fetch(:allow_form_params, true)
       @allow_query_params  = options.fetch(:allow_query_params, true)
       @check_content_type  = options.fetch(:check_content_type, true)
+      @check_header        = options.fetch(:check_header, true)
       @optimistic_json     = options.fetch(:optimistic_json, false)
       @strict              = options[:strict]
       @coerce_date_times   = options.fetch(:coerce_date_times, false)
@@ -39,7 +40,7 @@ module Committee::Middleware
         end
       end
 
-      request.env[@params_key] = Committee::RequestUnpacker.new(
+      request.env[@params_key], request.env[@headers_key] = Committee::RequestUnpacker.new(
         request,
         allow_form_params:  @allow_form_params,
         allow_query_params: @allow_query_params,
@@ -51,8 +52,8 @@ module Committee::Middleware
       request.env[@params_key].merge!(param_matches) if param_matches
 
       if link
-        validator = Committee::RequestValidator.new(link, check_content_type: @check_content_type)
-        validator.call(request, request.env[@params_key])
+        validator = Committee::RequestValidator.new(link, check_content_type: @check_content_type, check_header: @check_header)
+        validator.call(request, request.env[@params_key], request.env[@headers_key])
 
         parameter_coerce!(request, link, @params_key)
         parameter_coerce!(request, link, "rack.request.query_hash") if !request.GET.nil? && !link.schema.nil?

data/lib/committee/request_unpacker.rb

@@ -40,9 +40,9 @@ module Committee
       end
 
       if @allow_query_params
-        indifferent_params(@request.GET).merge(params)
+        [indifferent_params(@request.GET).merge(params), headers]
       else
-        params
+        [params, headers]
       end
     end
 
@@ -87,5 +87,14 @@ module Committee
         nil
       end
     end
+
+    def headers
+      env = @request.env
+      env.keys.grep(/HTTP_/).inject({}) do |headers, key|
+        headerized_key = key.gsub(/^HTTP_/, '').gsub(/_/, '-')
+        headers[headerized_key] = env[key]
+        headers
+      end
+    end
   end
 end

data/lib/committee/request_validator.rb

@@ -3,12 +3,21 @@ module Committee
     def initialize(link, options = {})
       @link = link
       @check_content_type = options.fetch(:check_content_type, true)
+      @check_header = options.fetch(:check_header, true)
     end
 
-    def call(request, data)
-      check_content_type!(request, data) if @check_content_type
+    def call(request, params, headers)
+      check_content_type!(request, params) if @check_content_type
       if @link.schema
-        valid, errors = @link.schema.validate(data)
+        valid, errors = @link.schema.validate(params)
+        if !valid
+          errors = JsonSchema::SchemaError.aggregate(errors).join("\n")
+          raise InvalidRequest, "Invalid request.\n\n#{errors}"
+        end
+      end
+
+      if @check_header && @link.respond_to?(:header_schema) && @link.header_schema
+        valid, errors = @link.header_schema.validate(headers)
         if !valid
           errors = JsonSchema::SchemaError.aggregate(errors).join("\n")
           raise InvalidRequest, "Invalid request.\n\n#{errors}"

data/test/drivers/open_api_2_test.rb

@@ -298,3 +298,26 @@ describe Committee::Drivers::OpenAPI2::ParameterSchemaBuilder do
     Committee::Drivers::OpenAPI2::ParameterSchemaBuilder.new(data).call
   end
 end
+
+describe Committee::Drivers::OpenAPI2::HeaderSchemaBuilder do
+  it "returns schema data for header" do
+    data = {
+      "parameters" => [
+        {
+          "name" => "AUTH_TOKEN",
+          "type" => "string",
+          "in" => "header",
+        }
+      ]
+    }
+    schema = call(data)
+
+    assert_equal ["string"], schema.properties["AUTH_TOKEN"].type
+  end
+
+  private
+
+  def call(data)
+    Committee::Drivers::OpenAPI2::HeaderSchemaBuilder.new(data).call
+  end
+end

data/test/middleware/request_validation_test.rb

@@ -347,13 +347,13 @@ describe Committee::Middleware::RequestValidation do
     }
 
     @app = new_rack_app_with_lambda(check_parameter, schema: open_api_2_schema)
-    get "/api/pets?limit=3"
+    get "/api/pets?limit=3", nil, { "HTTP_AUTH_TOKEN" => "xxx" }
     assert_equal 200, last_response.status
   end
 
   it "detects an invalid request for OpenAPI" do
     @app = new_rack_app(schema: open_api_2_schema)
-    get "/api/pets?limit=foo"
+    get "/api/pets?limit=foo", nil, { "HTTP_AUTH_TOKEN" => "xxx" }
     assert_equal 400, last_response.status
     assert_match /invalid request/i, last_response.body
   end

data/test/parameter_coercer_test.rb

@@ -7,7 +7,7 @@ describe Committee::ParameterCoercer do
     @schema = JsonSchema.parse!(hyper_schema_data)
     @schema.expand_references!
     # POST /apps/:id
-    @link = @link = @schema.properties["app"].links[0]
+    @link = @schema.properties["app"].links[0]
   end
 
   it "pass datetime string" do

data/test/request_unpacker_test.rb

@@ -9,7 +9,7 @@ describe Committee::RequestUnpacker do
       "rack.input"   => StringIO.new('{"x":"y"}'),
     }
     request = Rack::Request.new(env)
-    params = Committee::RequestUnpacker.new(request).call
+    params, _ = Committee::RequestUnpacker.new(request).call
     assert_equal({ "x" => "y" }, params)
   end
 
@@ -18,7 +18,7 @@ describe Committee::RequestUnpacker do
       "rack.input"   => StringIO.new('{"x":"y"}'),
     }
     request = Rack::Request.new(env)
-    params = Committee::RequestUnpacker.new(request).call
+    params, _ = Committee::RequestUnpacker.new(request).call
     assert_equal({ "x" => "y" }, params)
   end
 
@@ -28,7 +28,7 @@ describe Committee::RequestUnpacker do
       "rack.input"   => StringIO.new('{"x":"y"}'),
     }
     request = Rack::Request.new(env)
-    params = Committee::RequestUnpacker.new(request).call
+    params, _ = Committee::RequestUnpacker.new(request).call
     assert_equal({}, params)
   end
 
@@ -38,7 +38,7 @@ describe Committee::RequestUnpacker do
       "rack.input"   => StringIO.new('{"x":"y"}'),
     }
     request = Rack::Request.new(env)
-    params = Committee::RequestUnpacker.new(request, optimistic_json: true).call
+    params, _ = Committee::RequestUnpacker.new(request, optimistic_json: true).call
     assert_equal({ "x" => "y" }, params)
   end
 
@@ -48,7 +48,7 @@ describe Committee::RequestUnpacker do
       "rack.input"   => StringIO.new('x=y&foo=42'),
     }
     request = Rack::Request.new(env)
-    params = Committee::RequestUnpacker.new(request, optimistic_json: true).call
+    params, _ = Committee::RequestUnpacker.new(request, optimistic_json: true).call
     assert_equal({}, params)
   end
 
@@ -58,7 +58,7 @@ describe Committee::RequestUnpacker do
       "rack.input"   => StringIO.new(""),
     }
     request = Rack::Request.new(env)
-    params = Committee::RequestUnpacker.new(request).call
+    params, _ = Committee::RequestUnpacker.new(request).call
     assert_equal({}, params)
   end
 
@@ -68,7 +68,7 @@ describe Committee::RequestUnpacker do
       "rack.input"   => StringIO.new("x=y"),
     }
     request = Rack::Request.new(env)
-    params = Committee::RequestUnpacker.new(request).call
+    params, _ = Committee::RequestUnpacker.new(request).call
     assert_equal({}, params)
   end
 
@@ -78,7 +78,7 @@ describe Committee::RequestUnpacker do
       "rack.input"   => StringIO.new("x=y"),
     }
     request = Rack::Request.new(env)
-    params = Committee::RequestUnpacker.new(request, allow_form_params: true).call
+    params, _ = Committee::RequestUnpacker.new(request, allow_form_params: true).call
     assert_equal({ "x" => "y" }, params)
   end
 
@@ -92,7 +92,7 @@ describe Committee::RequestUnpacker do
       "rack.input"   => StringIO.new("x=1"),
     }
     request = Rack::Request.new(env)
-    params = Committee::RequestUnpacker.new(
+    params, _ = Committee::RequestUnpacker.new(
       request,
       allow_form_params: true,
       coerce_form_params: true,
@@ -108,7 +108,7 @@ describe Committee::RequestUnpacker do
       "QUERY_STRING" => "a=b"
     }
     request = Rack::Request.new(env)
-    params = Committee::RequestUnpacker.new(request, allow_form_params: true, allow_query_params: true).call
+    params, _ = Committee::RequestUnpacker.new(request, allow_form_params: true, allow_query_params: true).call
     assert_equal({ "x" => "y", "a" => "b" }, params)
   end
 
@@ -118,7 +118,7 @@ describe Committee::RequestUnpacker do
       "QUERY_STRING" => "a=b"
     }
     request = Rack::Request.new(env)
-    params = Committee::RequestUnpacker.new(request, allow_query_params: true).call
+    params, _ = Committee::RequestUnpacker.new(request, allow_query_params: true).call
     assert_equal({ "a" => "b" }, params)
   end
 
@@ -139,7 +139,7 @@ describe Committee::RequestUnpacker do
       "rack.input"   => StringIO.new('{"x":"y"}'),
     }
     request = Rack::Request.new(env)
-    params = Committee::RequestUnpacker.new(request).call
+    params, _ = Committee::RequestUnpacker.new(request).call
     assert_equal({}, params)
   end
 
@@ -149,7 +149,17 @@ describe Committee::RequestUnpacker do
       "rack.input" => StringIO.new('{"x":[]}'),
     }
     request = Rack::Request.new(env)
-    params = Committee::RequestUnpacker.new(request).call
+    params, _ = Committee::RequestUnpacker.new(request).call
     assert_equal({ "x" => [] }, params)
   end
+
+  it "unpacks http header" do
+    env = {
+      "HTTP_FOO_BAR" => "some header value",
+      "rack.input"   => StringIO.new(""),
+    }
+    request = Rack::Request.new(env)
+    _, headers = Committee::RequestUnpacker.new(request, { allow_header_params: true }).call
+    assert_equal({ "FOO-BAR" => "some header value" }, headers)
+  end
 end

data/test/request_validator_test.rb

@@ -3,102 +3,147 @@ require_relative "test_helper"
 require "stringio"
 
 describe Committee::RequestValidator do
-  before do
-    @schema = JsonSchema.parse!(hyper_schema_data)
-    @schema.expand_references!
-    # POST /apps/:id
-    @link = @link = @schema.properties["app"].links[0]
-    @request = Rack::Request.new({
-      "CONTENT_TYPE"   => "application/json",
-      "rack.input"     => StringIO.new("{}"),
-      "REQUEST_METHOD" => "POST"
-    })
-  end
+  describe 'HyperSchema' do
+    before do
+      @schema = JsonSchema.parse!(hyper_schema_data)
+      @schema.expand_references!
+      # POST /apps/:id
+      @link = @schema.properties["app"].links[0]
+      @request = Rack::Request.new({
+                                     "CONTENT_TYPE"   => "application/json",
+                                     "rack.input"     => StringIO.new("{}"),
+                                     "REQUEST_METHOD" => "POST"
+                                   })
+    end
 
-  it "passes through a valid request with Content-Type options" do
-    @headers = { "Content-Type" => "application/json; charset=utf-8" }
-    call({})
-  end
+    it "passes through a valid request with Content-Type options" do
+      @headers = { "Content-Type" => "application/json; charset=utf-8" }
+      call({})
+    end
 
-  it "passes through a valid request" do
-    data = {
-      "name" => "heroku-api",
-    }
-    call(data)
-  end
+    it "passes through a valid request" do
+      data = {
+        "name" => "heroku-api",
+      }
+      call(data)
+    end
 
-  it "passes through a valid request with Content-Type options" do
-    @request =
-      Rack::Request.new({
-      "CONTENT_TYPE" => "application/json; charset=utf-8",
-      "rack.input"   => StringIO.new("{}"),
-    })
-    data = {
-      "name" => "heroku-api",
-    }
-    call(data)
-  end
+    it "passes through a valid request with Content-Type options" do
+      @request =
+        Rack::Request.new({
+                            "CONTENT_TYPE" => "application/json; charset=utf-8",
+                            "rack.input"   => StringIO.new("{}"),
+                          })
+      data = {
+        "name" => "heroku-api",
+      }
+      call(data)
+    end
+
+    it "detects an invalid request Content-Type" do
+      e = assert_raises(Committee::InvalidRequest) {
+        @request =
+          Rack::Request.new({
+                              "CONTENT_TYPE" => "application/x-www-form-urlencoded",
+                              "rack.input"   => StringIO.new("{}"),
+                            })
+        call({})
+      }
+      message =
+        %{"Content-Type" request header must be set to "application/json".}
+      assert_equal message, e.message
+    end
 
-  it "detects an invalid request Content-Type" do
-    e = assert_raises(Committee::InvalidRequest) {
+    it "allows skipping content_type check" do
       @request =
         Rack::Request.new({
-          "CONTENT_TYPE" => "application/x-www-form-urlencoded",
-          "rack.input"   => StringIO.new("{}"),
-        })
-      call({})
-    }
-    message =
-      %{"Content-Type" request header must be set to "application/json".}
-    assert_equal message, e.message
-  end
+                            "CONTENT_TYPE" => "application/x-www-form-urlencoded",
+                            "rack.input"   => StringIO.new("{}"),
+                          })
+      call({}, {}, check_content_type: false)
+    end
 
-  it "allows skipping content_type check" do
-    @request =
-      Rack::Request.new({
-        "CONTENT_TYPE" => "application/x-www-form-urlencoded",
-        "rack.input"   => StringIO.new("{}"),
-      })
-    call({}, check_content_type: false)
-  end
+    it "detects an missing parameter in GET requests" do
+      # GET /apps/search?query=...
+      @link = @schema.properties["app"].links[5]
+      @request = Rack::Request.new({})
+      e = assert_raises(Committee::InvalidRequest) do
+        call({})
+      end
+      message =
+        %{Invalid request.\n\n#: failed schema #/definitions/app/links/5/schema: "query" wasn't supplied.}
+      assert_equal message, e.message
+    end
 
-  it "detects an missing parameter in GET requests" do
-    # GET /apps/search?query=...
-    @link = @link = @schema.properties["app"].links[5]
-    @request = Rack::Request.new({})
-    e = assert_raises(Committee::InvalidRequest) do
+    it "allows an invalid Content-Type with an empty body" do
+      @request =
+        Rack::Request.new({
+                            "CONTENT_TYPE" => "application/x-www-form-urlencoded",
+                            "rack.input"   => StringIO.new(""),
+                          })
       call({})
     end
-    message =
-      %{Invalid request.\n\n#: failed schema #/definitions/app/links/5/schema: "query" wasn't supplied.}
-    assert_equal message, e.message
-  end
 
-  it "allows an invalid Content-Type with an empty body" do
-    @request =
-      Rack::Request.new({
-        "CONTENT_TYPE" => "application/x-www-form-urlencoded",
-        "rack.input"   => StringIO.new(""),
-      })
-    call({})
-  end
+    it "detects a parameter of the wrong pattern" do
+      data = {
+        "name" => "%@!"
+      }
+      e = assert_raises(Committee::InvalidRequest) do
+        call(data)
+      end
+      message = %{Invalid request.\n\n#/name: failed schema #/definitions/app/links/0/schema/properties/name: %@! does not match /^[a-z][a-z0-9-]{3,30}$/.}
+      assert_equal message, e.message
+    end
 
-  it "detects a parameter of the wrong pattern" do
-    data = {
-      "name" => "%@!"
-    }
-    e = assert_raises(Committee::InvalidRequest) do
-      call(data)
+    private
+
+    def call(data, headers={}, options={})
+      # hyper-schema link should be dropped into driver wrapper before it's used
+      link = Committee::Drivers::HyperSchema::Link.new(@link)
+      Committee::RequestValidator.new(link, options).call(@request, data, headers)
     end
-    message = %{Invalid request.\n\n#/name: failed schema #/definitions/app/links/0/schema/properties/name: %@! does not match /^[a-z][a-z0-9-]{3,30}$/.}
-    assert_equal message, e.message
   end
 
-  private
+  describe 'OpenAPI 2' do
+    before do
+      @schema = open_api_2_schema
+      @link = @schema.routes['GET'][0][1]
+      @request = Rack::Request.new({
+                                     "CONTENT_TYPE"   => "application/json",
+                                     "rack.input"     => StringIO.new("{}"),
+                                     "REQUEST_METHOD" => "POST"
+                                   })
+    end
+
+
+    it "passes through a valid request" do
+      headers = {
+        "AUTH-TOKEN" => "xxx"
+      }
+      call({}, headers)
+    end
+
+    it "detects an missing header parameter in GET requests" do
+      @link = @schema.routes['GET'][0][1]
+      @request = Rack::Request.new({})
+      e = assert_raises(Committee::InvalidRequest) do
+        call({}, {})
+      end
+      message = %{Invalid request.\n\n#: failed schema : "AUTH-TOKEN" wasn't supplied.}
+      assert_equal message, e.message
+    end
 
-  def call(data, options={})
-    # hyper-schema link should be dropped into driver wrapper before it's used
-    link = Committee::Drivers::HyperSchema::Link.new(@link)
-    Committee::RequestValidator.new(link, options).call(@request, data)
+    it "allows skipping header schema check" do
+      @link = @schema.routes['GET'][0][1]
+      @request = Rack::Request.new({})
+      call({}, {}, { check_header: false })
+    end
+
+    private
+
+    def call(data, headers={}, options={})
+      # hyper-schema link should be dropped into driver wrapper before it's used
+      Committee::RequestValidator.new(@link, options).call(@request, data, headers)
+    end
   end
 end

data/test/string_params_coercer_test.rb

@@ -5,7 +5,7 @@ describe Committee::StringParamsCoercer do
     @schema = JsonSchema.parse!(hyper_schema_data)
     @schema.expand_references!
     # GET /search/apps
-    @link = @link = @schema.properties["app"].links[5]
+    @link = @schema.properties["app"].links[5]
   end
 
   it "doesn't coerce params not in the schema" do

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: committee
 version: !ruby/object:Gem::Version
-  version: 2.0.1
+  version: 2.1.0
 platform: ruby
 authors:
 - Brandur
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-02-27 00:00:00.000000000 Z
+date: 2018-03-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: json_schema
@@ -212,7 +212,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.5.1
+rubygems_version: 2.6.14
 signing_key: 
 specification_version: 4
 summary: A collection of Rack middleware to support JSON Schema.