cronofy 0.37.1 → 0.37.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a805a11bb064f04901d8cb57e9941bb71db91224c3c61f351b827c75074d1db5
-  data.tar.gz: ec146b1c4c31ced2d208bca1f066b15a4b162edacaac0bc0f7cf1da079f0d1d2
+  metadata.gz: 1338eaab0825a963c74f2c5fd3c434d01185a4bbc36fa57504b0e1edd539fe9e
+  data.tar.gz: 55a045316dbb1545ee7e4f14284ebbbc0aa7b91848ba28d165968125d2221bb3
 SHA512:
-  metadata.gz: 38b1b55c2f736c9692c0e11ebd03d803709e485b7d51ce2522c0a32b2333b75faa2ca56658315f9390b44b7f6a0a1b3b2abfdeca98f22a94d8e4dddf6cada60c
-  data.tar.gz: 22645a8c38f429465ec6bcbacc2f8a9463a1895597d68b21f853a4c57c2630cb4db0adcbd1204d9a2187a33e598df0de9c94e20dd63794b9e807b621648df110
+  metadata.gz: 38ee7c99226bfe70c6e970a22477de0130e93fe07130b9d2c0a596e17178f66435ec58a97be5f18e9b6ac5624eefef7dde96443a8cc91c85f02818016ed64f7d
+  data.tar.gz: 8d0d1641e57b0751988ac5f7978571d2dbd6d6ea12b96ff2314a33d0d9b87c7a11eb5e16775c55b070a312c2efb6b8b353dc3c3f7a8cbe9b3f42c943d6afa21a

data/CHANGELOG.md

@@ -1,3 +1,15 @@
+## [0.37.4]
+
+* Support client_secret only clients being able to authorize `#availability` calls. [#97]
+
+## [0.37.3]
+
+ * Support `hmac_valid` as well as the original `hmac_match` for Client to verify a HMAC from a push notification using the client's secret.[#95] 
+
+## [0.37.2]
+
+ * Support `query_periods` as well as the original `available_periods` for Availability Query and Sequenced Availability [#91] 
+
 ## [0.37.1]
 
  * Rename `data_centre` to `data_centre` (with aliases for backwards compatibility) [#90] 
@@ -182,6 +194,9 @@
 [0.36.1]: https://github.com/cronofy/cronofy-ruby/releases/tag/v0.36.1
 [0.37.0]: https://github.com/cronofy/cronofy-ruby/releases/tag/v0.37.0
 [0.37.1]: https://github.com/cronofy/cronofy-ruby/releases/tag/v0.37.1
+[0.37.2]: https://github.com/cronofy/cronofy-ruby/releases/tag/v0.37.2
+[0.37.3]: https://github.com/cronofy/cronofy-ruby/releases/tag/v0.37.3
+[0.37.4]: https://github.com/cronofy/cronofy-ruby/releases/tag/v0.37.4
 
 [#13]: https://github.com/cronofy/cronofy-ruby/pull/13
 [#16]: https://github.com/cronofy/cronofy-ruby/pull/16
@@ -225,3 +240,6 @@
 [#85]: https://github.com/cronofy/cronofy-ruby/pull/85
 [#86]: https://github.com/cronofy/cronofy-ruby/pull/86
 [#90]: https://github.com/cronofy/cronofy-ruby/pull/90
+[#91]: https://github.com/cronofy/cronofy-ruby/pull/91
+[#95]: https://github.com/cronofy/cronofy-ruby/pull/95
+[#97]: https://github.com/cronofy/cronofy-ruby/pull/97

data/README.md

@@ -1,6 +1,6 @@
 # Cronofy
 
-[![Build Status](https://travis-ci.org/cronofy/cronofy-ruby.svg?branch=master)](https://travis-ci.org/cronofy/cronofy-ruby)
+[![ruby CI](https://github.com/cronofy/cronofy-ruby/actions/workflows/ci.yml/badge.svg)](https://github.com/cronofy/cronofy-ruby/actions/workflows/ci.yml)
 [![Gem Version](https://badge.fury.io/rb/cronofy.svg)](http://badge.fury.io/rb/cronofy)
 
 [Cronofy](https://www.cronofy.com) - the scheduling platform for business
@@ -134,6 +134,15 @@ To delete an event from user's calendar:
 cronofy.delete_event(calendar_id, 'uniq-id')
 ```
 
+## A feature I want is not in the SDK, how do I get it?
+
+We add features to this SDK as they are requested, to focus on developing the Cronofy API.
+
+If you're comfortable contributing support for an endpoint or attribute, then we love to receive pull requests!
+Please create a PR mentioning the feature/API endpoint you’ve added and we’ll review it as soon as we can.
+
+If you would like to request a feature is added by our team then please let us know by getting in touch via [support@cronofy.com](mailto:support@cronofy.com).
+
 ## Links
 
  * [API documentation](https://www.cronofy.com/developers/api)

data/lib/cronofy/client.rb

@@ -471,24 +471,33 @@ module Cronofy
       parse_json(Channel, "channel", response)
     end
 
+    # DEPRECATED: Please use hmac_valid instead.
+    def hmac_match?(args)
+      warn "[DEPRECATION] `hmac_match?` is deprecated. Please use `hmac_valid?` instead."
+      hmac_valid?(args)
+    end
+
     # Public: Verifies a HMAC from a push notification using the client secret.
     #
     # args - A Hash containing the details of the push notification:
     #        :body - A String of the body of the notification.
-    #        :hmac - A String of the HMAC of the notification taken from the
+    #        :hmac - A String containing comma-separated values describing HMACs of the notification taken from the
     #                Cronofy-HMAC-SHA256 header.
     #
-    # Returns true if the HMAC provided matches the one calculated using the
+    # Returns true if one of the HMAC provided matches the one calculated using the
     # client secret, otherwise false.
-    def hmac_match?(args)
+    def hmac_valid?(args)
       body = args[:body]
       hmac = args[:hmac]
 
+      return false if hmac.nil? || hmac.empty?
+
       sha256 = OpenSSL::Digest.new('sha256')
       digest = OpenSSL::HMAC.digest(sha256, @client_secret, body)
       calculated = Base64.encode64(digest).strip
 
-      calculated == hmac
+      hmac_list = hmac.split(',')
+      hmac_list.include?(calculated)
     end
 
     # Public: Lists all the notification channels for the account.
@@ -803,7 +812,7 @@ module Cronofy
     #                                for a single participant group.
     #           :required_duration - An Integer representing the minimum number
     #                                of minutes of availability required.
-    #           :available_periods - An Array of available time periods Hashes,
+    #           :query_periods     - An Array of available time periods Hashes,
     #                                each must specify a start and end Time.
     #           :start_interval    - An Integer representing the start interval
     #                                of minutes for the availability query.
@@ -833,9 +842,9 @@ module Cronofy
         options[:buffer] = map_availability_buffer(buffer)
       end
 
-      translate_available_periods(options[:available_periods])
+      translate_available_periods(options[:query_periods] || options[:available_periods])
 
-      response = post("/v1/availability", options)
+      response = availability_post("/v1/availability", options)
 
       parse_collections(
         response,
@@ -847,7 +856,7 @@ module Cronofy
     # Public: Performs an sequenced availability query.
     #
     # options - The Hash options used to refine the selection (default: {}):
-    #           :sequence          - An Array of sequence defintions containing
+    #             :sequence          - An Array of sequence defintions containing
     #                                a Hash of:
     #             :sequence_id       - A String to uniquely identify this part
     #                                of the proposed sequence.
@@ -861,7 +870,7 @@ module Cronofy
     #                                of minutes for the availability query.
     #             :buffer            - An Hash containing the buffer to apply to
     #                                the availability query.
-    #           :available_periods - An Array of available time periods Hashes,
+    #             :query_periods     - An Array of available time periods Hashes,
     #                                each must specify a start and end Time.
     #
     # Returns an Array of Sequences.
@@ -878,9 +887,9 @@ module Cronofy
     def sequenced_availability(options = {})
       options[:sequence] = map_availability_sequence(options[:sequence])
 
-      translate_available_periods(options[:available_periods])
+      translate_available_periods(options[:query_periods] || options[:available_periods])
 
-      response = post("/v1/sequenced_availability", options)
+      response = availability_post("/v1/sequenced_availability", options)
       parse_collection(Sequence, "sequences", response)
     end
 
@@ -1802,6 +1811,17 @@ module Cronofy
       wrapped_request { @auth.api_client.request(:post, url, json_request_args(body)) }
     end
 
+    # Availability Query could originally be authenticated via an access_token
+    # Whilst it should be authed via an API key now, we try access_token first
+    # for backward compatibility
+    def availability_post(url, body)
+      if @auth.access_token
+        post(url, body)
+      else
+        wrapped_request { api_key!.post(url, json_request_args(body)) }
+      end
+    end
+
     def wrapped_request
       yield
     rescue OAuth2::Error => e

data/lib/cronofy/version.rb

@@ -1,3 +1,3 @@
 module Cronofy
-  VERSION = "0.37.1".freeze
+  VERSION = "0.37.4".freeze
 end

data/spec/lib/cronofy/client_spec.rb

@@ -266,6 +266,7 @@ describe Cronofy::Client do
           ],
         }
       end
+
       let(:request_body) do
         {
           :event_id => "qTtZdczOccgaPncGJaCiLg",
@@ -1256,6 +1257,17 @@ describe Cronofy::Client do
       let(:request_url) { 'https://api.cronofy.com/v1/availability' }
       let(:request_headers) { json_request_headers }
 
+      let(:client_id) { 'example_id' }
+      let(:client_secret) { 'example_secret' }
+      let(:token) { client_secret }
+
+      let(:client) do
+        Cronofy::Client.new(
+          client_id: client_id,
+          client_secret: client_secret,
+        )
+      end
+
       let(:request_body) do
         {
           "participants" => [
@@ -1718,6 +1730,138 @@ describe Cronofy::Client do
         it_behaves_like 'a Cronofy request'
         it_behaves_like 'a Cronofy request with mapped return value'
       end
+
+      context "when given query_periods instead of available_periods" do
+        let(:participants) do
+          { members: %w{acc_567236000909002 acc_678347111010113} }
+        end
+
+        let(:required_duration) { 60 }
+
+        let(:query_periods) do
+          [
+            { start: Time.parse("2017-01-03T09:00:00Z"), end: Time.parse("2017-01-03T18:00:00Z") },
+            { start: Time.parse("2017-01-04T09:00:00Z"), end: Time.parse("2017-01-04T18:00:00Z") },
+          ]
+        end
+
+        let(:request_body) do
+          {
+            "participants" => [
+              {
+                "members" => [
+                  { "sub" => "acc_567236000909002" },
+                  { "sub" => "acc_678347111010113" }
+                ],
+                "required" => "all"
+              }
+            ],
+            "query_periods" => [
+              {
+                "start" => "2017-01-03T09:00:00Z",
+                "end" => "2017-01-03T18:00:00Z"
+              },
+              {
+                "start" => "2017-01-04T09:00:00Z",
+                "end" => "2017-01-04T18:00:00Z"
+              }
+            ],
+            "required_duration" => { "minutes" => 60 },
+          }
+        end
+
+        subject do
+          client.availability(
+            participants: participants,
+            required_duration: required_duration,
+            query_periods: query_periods
+          )
+        end
+
+        it_behaves_like 'a Cronofy request'
+        it_behaves_like 'a Cronofy request with mapped return value'
+      end
+
+      context "when trying to auth with only an access_token, as originally implemented" do
+        let(:access_token) { "access_token_123"}
+        let(:client) { Cronofy::Client.new(access_token: access_token) }
+        let(:request_headers) do
+          {
+            "Authorization" => "Bearer #{access_token}",
+            "User-Agent" => "Cronofy Ruby #{::Cronofy::VERSION}",
+            "Content-Type" => "application/json; charset=utf-8",
+          }
+        end
+
+        let(:participants) do
+          { members: %w{acc_567236000909002 acc_678347111010113} }
+        end
+
+        let(:required_duration) { 60 }
+
+        let(:available_periods) do
+          [
+            { start: Time.parse("2017-01-03T09:00:00Z"), end: Time.parse("2017-01-03T18:00:00Z") },
+            { start: Time.parse("2017-01-04T09:00:00Z"), end: Time.parse("2017-01-04T18:00:00Z") },
+          ]
+        end
+
+        it_behaves_like 'a Cronofy request'
+        it_behaves_like 'a Cronofy request with mapped return value'
+      end
+
+      context "when trying to auth with both a client_secret and access_token" do
+        let(:access_token) { "access_token_123" }
+        let(:client_secret) { "client_secret_456" }
+        let(:client) { Cronofy::Client.new(access_token: access_token, client_secret: client_secret) }
+        let(:request_headers) do
+          {
+            "Authorization" => "Bearer #{access_token}",
+            "User-Agent" => "Cronofy Ruby #{::Cronofy::VERSION}",
+            "Content-Type" => "application/json; charset=utf-8",
+          }
+        end
+
+        let(:participants) do
+          { members: %w{acc_567236000909002 acc_678347111010113} }
+        end
+
+        let(:required_duration) { 60 }
+
+        let(:available_periods) do
+          [
+            { start: Time.parse("2017-01-03T09:00:00Z"), end: Time.parse("2017-01-03T18:00:00Z") },
+            { start: Time.parse("2017-01-04T09:00:00Z"), end: Time.parse("2017-01-04T18:00:00Z") },
+          ]
+        end
+
+        describe "it prefers the access_token for backward compatibility" do
+          it_behaves_like 'a Cronofy request'
+          it_behaves_like 'a Cronofy request with mapped return value'
+        end
+      end
+
+      context "when trying to auth without a client_secret or access_token" do
+        let(:client) { Cronofy::Client.new }
+
+        let(:participants) do
+          { members: %w{acc_567236000909002 acc_678347111010113} }
+        end
+
+        let(:required_duration) { 60 }
+
+        let(:available_periods) do
+          [
+            { start: Time.parse("2017-01-03T09:00:00Z"), end: Time.parse("2017-01-03T18:00:00Z") },
+            { start: Time.parse("2017-01-04T09:00:00Z"), end: Time.parse("2017-01-04T18:00:00Z") },
+          ]
+        end
+
+
+        it "raises an API Key error" do
+          expect{ subject }.to raise_error(Cronofy::CredentialsMissingError)
+        end
+      end
     end
   end
 
@@ -1727,6 +1871,17 @@ describe Cronofy::Client do
       let(:request_url) { 'https://api.cronofy.com/v1/sequenced_availability' }
       let(:request_headers) { json_request_headers }
 
+      let(:client_id) { 'example_id' }
+      let(:client_secret) { 'example_secret' }
+      let(:token) { client_secret }
+
+      let(:client) do
+        Cronofy::Client.new(
+          client_id: client_id,
+          client_secret: client_secret,
+        )
+      end
+
       let(:request_body) do
         {
           "sequence" => [
@@ -1873,6 +2028,57 @@ describe Cronofy::Client do
 
       it_behaves_like 'a Cronofy request'
       it_behaves_like 'a Cronofy request with mapped return value'
+
+      context "when passing query_periods instead" do
+        before do
+          args[:query_periods] = args[:available_periods]
+          args.delete(:available_periods)
+          request_body["query_periods"] = request_body["available_periods"]
+          request_body.delete("available_periods")
+        end
+
+        it_behaves_like 'a Cronofy request'
+        it_behaves_like 'a Cronofy request with mapped return value'
+      end
+
+      context "when trying to auth with access_token only" do
+        let(:access_token) { "access_token_123"}
+        let(:client) { Cronofy::Client.new(access_token: access_token) }
+        let(:request_headers) do
+          {
+            "Authorization" => "Bearer #{access_token}",
+            "User-Agent" => "Cronofy Ruby #{::Cronofy::VERSION}",
+            "Content-Type" => "application/json; charset=utf-8",
+          }
+        end
+
+        it_behaves_like 'a Cronofy request'
+        it_behaves_like 'a Cronofy request with mapped return value'
+      end
+
+      context "when trying to auth with both access_token and client_secret provided" do
+        let(:client_id) { 'example_id' }
+        let(:client_secret) { 'example_secret' }
+        let(:access_token) { "access_token_123"}
+
+        let(:client) do
+          Cronofy::Client.new(
+            client_id: client_id,
+            client_secret: client_secret,
+            access_token: access_token,
+          )
+        end
+        let(:request_headers) do
+          {
+            "Authorization" => "Bearer #{access_token}",
+            "User-Agent" => "Cronofy Ruby #{::Cronofy::VERSION}",
+            "Content-Type" => "application/json; charset=utf-8",
+          }
+        end
+
+        it_behaves_like 'a Cronofy request'
+        it_behaves_like 'a Cronofy request with mapped return value'
+      end
     end
   end
 
@@ -2417,11 +2623,27 @@ describe Cronofy::Client do
     let(:body) { "{\"example\":\"well-known\"}" }
 
     it "verifies the correct HMAC" do
-      expect(client.hmac_match?(body: body, hmac: "6r2/HjBkqymGegX0wOfifieeUXbbHwtV/LohHS+jv6c=")).to be true
+      expect(client.hmac_valid?(body: body, hmac: "6r2/HjBkqymGegX0wOfifieeUXbbHwtV/LohHS+jv6c=")).to be true
     end
 
     it "rejects an incorrect HMAC" do
-      expect(client.hmac_match?(body: body, hmac: "something-else")).to be false
+      expect(client.hmac_valid?(body: body, hmac: "something-else")).to be false
+    end
+
+    it "verifies the correct HMAC when one of the multiple HMACs splitted by ',' match" do
+      expect(client.hmac_valid?(body: body, hmac: "6r2/HjBkqymGegX0wOfifieeUXbbHwtV/LohHS+jv6c=,something-else")).to be true
+    end
+
+    it "rejects incorrect when multiple HMACs splitted by ',' don't match" do
+      expect(client.hmac_valid?(body: body, hmac: "something-else,something-else2")).to be false
+    end
+
+    it "rejects if empty HMAC" do
+      expect(client.hmac_valid?(body: body, hmac: "")).to be false
+    end
+
+    it "rejects if nil HMAC" do
+      expect(client.hmac_valid?(body: body, hmac: nil)).to be false
     end
   end
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: cronofy
 version: !ruby/object:Gem::Version
-  version: 0.37.1
+  version: 0.37.4
 platform: ruby
 authors:
 - Sergii Paryzhskyi
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-01-14 00:00:00.000000000 Z
+date: 2022-03-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: hashie
@@ -156,7 +156,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.4
+rubygems_version: 3.2.32
 signing_key:
 specification_version: 4
 summary: Cronofy - the scheduling platform for business