RubyGems - drillbit - Versions diffs - 2.11.0 → 3.0.0 - Mend

drillbit 2.11.0 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (92) hide show

checksums.yaml +4 -4
checksums.yaml.gz.sig +0 -0
data.tar.gz.sig +0 -0
data/lib/drillbit.rb +1 -0
data/lib/drillbit/accept_header.rb +1 -0
data/lib/drillbit/authorizable_resource.rb +61 -60
data/lib/drillbit/authorizers/parameters.rb +1 -0
data/lib/drillbit/authorizers/parameters/filtering.rb +7 -6
data/lib/drillbit/authorizers/parameters/inclusions.rb +6 -9
data/lib/drillbit/authorizers/parameters/resource.rb +20 -19
data/lib/drillbit/authorizers/query.rb +1 -0
data/lib/drillbit/authorizers/scope.rb +5 -4
data/lib/drillbit/compatibility/controllers.rb +1 -0
data/lib/drillbit/configuration.rb +14 -16
data/lib/drillbit/errors/invalid_api_request.rb +1 -0
data/lib/drillbit/errors/invalid_request_body.rb +1 -0
data/lib/drillbit/errors/invalid_subdomain.rb +1 -0
data/lib/drillbit/errors/invalid_token.rb +1 -0
data/lib/drillbit/errors/unpermitted_inclusions.rb +1 -0
data/lib/drillbit/matchers/accept_header.rb +1 -0
data/lib/drillbit/matchers/generic.rb +4 -3
data/lib/drillbit/matchers/subdomain.rb +5 -6
data/lib/drillbit/matchers/version.rb +3 -2
data/lib/drillbit/middleware/api_request_validator.rb +4 -3
data/lib/drillbit/middleware/parameter_parser.rb +1 -0
data/lib/drillbit/middleware/token_processor.rb +1 -0
data/lib/drillbit/parameters/filter.rb +12 -11
data/lib/drillbit/parameters/index.rb +3 -2
data/lib/drillbit/parameters/page.rb +1 -0
data/lib/drillbit/parameters/sort.rb +1 -0
data/lib/drillbit/requests/base.rb +1 -1
data/lib/drillbit/requests/rack.rb +3 -0
data/lib/drillbit/requests/rails.rb +1 -0
data/lib/drillbit/resource.rb +1 -0
data/lib/drillbit/resource/model.rb +5 -4
data/lib/drillbit/resource/naming.rb +11 -10
data/lib/drillbit/resource/processors/filtering.rb +1 -0
data/lib/drillbit/resource/processors/indexing.rb +1 -0
data/lib/drillbit/resource/processors/paging.rb +4 -3
data/lib/drillbit/resource/processors/sorting.rb +1 -0
data/lib/drillbit/responses/invalid_api_request.rb +3 -0
data/lib/drillbit/responses/invalid_request_body.rb +3 -0
data/lib/drillbit/responses/invalid_subdomain.rb +3 -0
data/lib/drillbit/responses/invalid_token.rb +3 -0
data/lib/drillbit/serializers/json_api.rb +12 -11
data/lib/drillbit/tokens/base64.rb +1 -0
data/lib/drillbit/tokens/base64s/invalid.rb +1 -0
data/lib/drillbit/tokens/base64s/null.rb +1 -0
data/lib/drillbit/tokens/invalid.rb +1 -0
data/lib/drillbit/tokens/json_web_token.rb +6 -5
data/lib/drillbit/tokens/json_web_tokens/invalid.rb +1 -0
data/lib/drillbit/tokens/json_web_tokens/null.rb +1 -0
data/lib/drillbit/tokens/json_web_tokens/password_reset.rb +1 -0
data/lib/drillbit/tokens/null.rb +1 -0
data/lib/drillbit/utilities/string.rb +1 -0
data/lib/drillbit/version.rb +2 -1
metadata +28 -94
metadata.gz.sig +0 -0
data/Rakefile +0 -2
data/spec/drillbit/accept_header_spec.rb +0 -119
data/spec/drillbit/authorizers/parameters/filtering_spec.rb +0 -101
data/spec/drillbit/authorizers/parameters/resource_spec.rb +0 -12
data/spec/drillbit/authorizers/parameters_spec.rb +0 -19
data/spec/drillbit/authorizers/query_spec.rb +0 -24
data/spec/drillbit/authorizers/scope_spec.rb +0 -21
data/spec/drillbit/errors/invalid_api_request_spec.rb +0 -31
data/spec/drillbit/errors/invalid_request_body_spec.rb +0 -25
data/spec/drillbit/errors/invalid_subdomain_spec.rb +0 -30
data/spec/drillbit/errors/invalid_token_spec.rb +0 -24
data/spec/drillbit/invalid_subdomain_spec.rb +0 -45
data/spec/drillbit/invalid_token_spec.rb +0 -44
data/spec/drillbit/matchers/accept_header_spec.rb +0 -114
data/spec/drillbit/matchers/subdomain_spec.rb +0 -78
data/spec/drillbit/matchers/version_spec.rb +0 -86
data/spec/drillbit/middleware/api_request_validator_spec.rb +0 -185
data/spec/drillbit/middleware/parameter_parser_spec.rb +0 -200
data/spec/drillbit/middleware/token_processor_spec.rb +0 -27
data/spec/drillbit/requests/base_spec.rb +0 -37
data/spec/drillbit/requests/rack_spec.rb +0 -252
data/spec/drillbit/requests/rails_spec.rb +0 -264
data/spec/drillbit/resource/model_spec.rb +0 -64
data/spec/drillbit/resource/processors/filtering_spec.rb +0 -106
data/spec/drillbit/resource/processors/indexing_spec.rb +0 -45
data/spec/drillbit/resource/processors/paging_spec.rb +0 -74
data/spec/drillbit/resource/processors/sorting_spec.rb +0 -66
data/spec/drillbit/tokens/base64_spec.rb +0 -44
data/spec/drillbit/tokens/json_web_token_spec.rb +0 -231
data/spec/drillbit/tokens/json_web_tokens/password_reset_spec.rb +0 -43
data/spec/fixtures/test_rsa_key +0 -27
data/spec/fixtures/test_rsa_key.pub +0 -9
data/spec/spec_helper.rb +0 -4
data/spec/support/private_keys.rb +0 -42

data/spec/drillbit/authorizers/parameters/filtering_spec.rb DELETED

@@ -1,101 +0,0 @@
-# frozen_string_literal: true
-require 'rspeckled'
-require 'drillbit/authorizers/parameters/filtering'
-module    Drillbit
-module    Authorizers
-class     Parameters
-describe  Filtering do
-  let(:params) { { filter: { name: 'Bill', age: 26 } } }
-  it 'can authorize new filter parameters', verify: false do
-    filter_params = Filtering.new(action: 'index',
-                                  token:  '1234',
-                                  user:   '1234',
-                                  issuer: 'my_issuer',
-                                  params: params)
-    allow(params).to receive(:permit)
-    filter_params.send(:add_filterable_parameters, :name, :age)
-    filter_params.call
-    expect(params).to have_received(:permit).
-    with(:sort,
-         :token,
-         :token_b64,
-         :token_jwt,
-         :format,
-         :accept,
-         :include,
-         include(
-           filter: include(:name, :age),
-         ))
-  end
-  it 'can authorize parameters if they come in as arrays', verify: false do
-    params = {
-      filter: {
-        name: 'Bill',
-        ary:  %w{hello},
-      },
-    }
-    filter_params = Filtering.new(action: 'index',
-                                  token:  '1234',
-                                  user:   '1234',
-                                  issuer: 'my_issuer',
-                                  params: params)
-    allow(params).to receive(:permit)
-    filter_params.send(:add_filterable_parameters, :name, :ary)
-    filter_params.call
-    expect(params).to have_received(:permit).
-    with(:sort,
-         :token,
-         :token_b64,
-         :token_jwt,
-         :format,
-         :accept,
-         :include,
-         include(
-           filter: include(:name, ary: []),
-         ))
-  end
-  it 'has default authorized parameters', verify: false do
-    filter_params = Filtering.new(action: 'index',
-                                  token:  '1234',
-                                  user:   '1234',
-                                  issuer: 'my_issuer',
-                                  params: params)
-    allow(params).to receive(:permit)
-    filter_params.call
-    expect(params).to have_received(:permit).
-    with(:sort,
-         :token,
-         :token_b64,
-         :token_jwt,
-         :format,
-         :accept,
-         :include,
-         page:   %i{
-                   number
-                   size
-                   offset
-                   limit
-                   cursor
-                 },
-         filter: [
-                   :query,
-                   {},
-                 ])
-  end
-end
-end
-end
-end

data/spec/drillbit/authorizers/parameters/resource_spec.rb DELETED

@@ -1,12 +0,0 @@
-# frozen_string_literal: true
-require 'rspeckled'
-require 'drillbit/authorizers/parameters/resource'
-module    Drillbit
-module    Authorizers
-class     Parameters
-describe  Resource do
-end
-end
-end
-end

data/spec/drillbit/authorizers/parameters_spec.rb DELETED

@@ -1,19 +0,0 @@
-# frozen_string_literal: true
-require 'rspeckled'
-require 'drillbit/authorizers/parameters'
-module    Drillbit
-module    Authorizers
-describe  Parameters do
-  it 'defaults to nothing' do
-    parameters = Parameters.new(action: 'index',
-                                token:  '123',
-                                user:   'my_user',
-                                issuer: 'my_issuer',
-                                params: { foo: 'bar' })
-    expect(parameters.call).to eql(foo: 'bar')
-  end
-end
-end
-end

data/spec/drillbit/authorizers/query_spec.rb DELETED

@@ -1,24 +0,0 @@
-# frozen_string_literal: true
-require 'rspeckled'
-require 'drillbit/authorizers/query'
-module    Drillbit
-module    Authorizers
-describe  Query do
-  it 'does not authorize the resource by default' do
-    authorizer = Query.new(action:   'index',
-                           token:    '123',
-                           user:     'my_user',
-                           issuer:   'my_issuer',
-                           resource: 'my_resource',
-                           params:   'my_params')
-    expect(authorizer).not_to be_able_to_index
-    expect(authorizer).not_to be_able_to_show
-    expect(authorizer).not_to be_able_to_create
-    expect(authorizer).not_to be_able_to_update
-    expect(authorizer).not_to be_able_to_destroy
-  end
-end
-end
-end

data/spec/drillbit/authorizers/scope_spec.rb DELETED

@@ -1,21 +0,0 @@
-# frozen_string_literal: true
-require 'rspeckled'
-require 'ostruct'
-require 'drillbit/authorizers/scope'
-module    Drillbit
-module    Authorizers
-describe  Scope do
-  it 'defaults to nothing' do
-    scope = Scope.new(action:     'index',
-                      token:      '123',
-                      user:       Object.new,
-                      issuer:     'my_issuer',
-                      params:     {},
-                      scope_root: OpenStruct.new(none: []))
-    expect(scope.call).to be_empty
-  end
-end
-end
-end

data/spec/drillbit/errors/invalid_api_request_spec.rb DELETED

@@ -1,31 +0,0 @@
-# frozen_string_literal: true
-require 'rspeckled/spec_helpers/rspeckled'
-require 'drillbit/errors/invalid_api_request'
-module    Drillbit
-module    Errors
-describe  InvalidApiRequest do
-  let(:error) { InvalidApiRequest.new }
-  it 'has a status of 400' do
-    expect(error.http_status).to eql 400
-  end
-  it 'has a code' do
-    expect(error.code).to eql 'errors.invalid_api_request'
-  end
-  it 'can output the detail' do
-    expect(error.detail).to eql 'The accept header that you passed in the ' \
-                                'request cannot be parsed, please refer to ' \
-                                'the documentation to verify.'
-  end
-  it 'can output the source' do
-    error = InvalidApiRequest.new accept_header: 'foo'
-    expect(error.source).to eql(accept_header: 'foo')
-  end
-end
-end
-end

data/spec/drillbit/errors/invalid_request_body_spec.rb DELETED

@@ -1,25 +0,0 @@
-# frozen_string_literal: true
-require 'rspeckled/spec_helpers/rspeckled'
-require 'drillbit/errors/invalid_request_body'
-module    Drillbit
-module    Errors
-describe  InvalidRequestBody do
-  let(:error) { InvalidRequestBody.new }
-  it 'has a status of 400' do
-    expect(error.http_status).to eql 400
-  end
-  it 'has a code' do
-    expect(error.code).to eql 'errors.invalid_request_body'
-  end
-  it 'can output the detail' do
-    expect(error.detail).to eql \
-      'The information you attempted to send in the request cannot be parsed as ' \
-      'a valid JSON document.'
-  end
-end
-end
-end

data/spec/drillbit/errors/invalid_subdomain_spec.rb DELETED

@@ -1,30 +0,0 @@
-# frozen_string_literal: true
-require 'rspeckled/spec_helpers/rspeckled'
-require 'drillbit/errors/invalid_subdomain'
-module    Drillbit
-module    Errors
-describe  InvalidSubdomain do
-  let(:error) { InvalidSubdomain.new }
-  it 'has a status of 404' do
-    expect(error.http_status).to eql 404
-  end
-  it 'has a code' do
-    expect(error.code).to eql 'errors.invalid_subdomain'
-  end
-  it 'can output the detail' do
-    expect(error.detail).to eql \
-      'The subdomain you attempted to access is not valid.  Please try again.'
-  end
-  it 'can output the source' do
-    error = InvalidSubdomain.new http_host: 'foo'
-    expect(error.source).to eql(http_host: 'foo')
-  end
-end
-end
-end

data/spec/drillbit/errors/invalid_token_spec.rb DELETED

@@ -1,24 +0,0 @@
-# frozen_string_literal: true
-require 'rspeckled/spec_helpers/rspeckled'
-require 'drillbit/errors/invalid_token'
-module    Drillbit
-module    Errors
-describe  InvalidToken do
-  let(:error) { InvalidToken.new }
-  it 'has a status of 401' do
-    expect(error.http_status).to eql 401
-  end
-  it 'has a code' do
-    expect(error.code).to eql 'errors.invalid_token'
-  end
-  it 'can output the detail' do
-    expect(error.detail).to eql \
-      'Either the token you passed is invalid or is not allowed to perform this action.'
-  end
-end
-end
-end

data/spec/drillbit/invalid_subdomain_spec.rb DELETED

@@ -1,45 +0,0 @@
-# frozen_string_literal: true
-require 'rspeckled/spec_helpers/rspeckled'
-require 'drillbit/responses/invalid_subdomain'
-module    Drillbit
-module    Responses
-describe  InvalidSubdomain, singletons: Erratum::Configuration do
-  it 'returns the proper response' do
-    Erratum.configuration.url_mappings = {
-      'external_documentation_urls'  => {
-        'errors.responses.invalid_subdomain' => 'http://example.com/foo',
-      },
-      'developer_documentation_urls' => {
-        'errors.responses.invalid_subdomain' => 'http://example.com/foo',
-      },
-    }
-    request                   = { 'HTTP_HOST' => 'api.example.com' }
-    status, headers, response = InvalidSubdomain.call(request)
-    expect(status).to                 eql 404
-    expect(headers).to                eql({})
-    expect(JSON.load(response[0])).to include(
-      'errors' => [
-                    include(
-                      'id'     => match(/[a-f0-9\-]+/),
-                      'links'  => {
-                        'about'         => nil,
-                        'documentation' => nil,
-                      },
-                      'status' => 404,
-                      'code'   => 'errors.invalid_subdomain',
-                      'title'  => 'Invalid Subdomain',
-                      'detail' => 'The subdomain you attempted to access is not valid.' \
-                                  '  Please try again.',
-                      'source' => {
-                        'http_host' => 'api.example.com',
-                      },
-                    ),
-                  ],
-    )
-  end
-end
-end
-end

data/spec/drillbit/invalid_token_spec.rb DELETED

@@ -1,44 +0,0 @@
-# frozen_string_literal: true
-require 'rspeckled/spec_helpers/rspeckled'
-require 'drillbit/responses/invalid_token'
-# rubocop:disable Metrics/LineLength
-module    Drillbit
-module    Responses
-describe  InvalidToken, singletons: Erratum::Configuration do
-  it 'returns the proper response' do
-    Erratum.configuration.url_mappings = {
-      'external_documentation_urls'  => {
-        'errors.responses.invalid_token' => 'http://example.com/foo',
-      },
-      'developer_documentation_urls' => {
-        'errors.responses.invalid_token' => 'http://example.com/foo',
-      },
-    }
-    request                   = { 'HTTP_HOST' => 'api.example.com' }
-    status, headers, response = InvalidToken.call(request, application_name: 'my_app')
-    expect(status).to                 eql 401
-    expect(headers).to                eql('WWW-Authenticate' => 'Token realm="my_app"')
-    expect(JSON.load(response[0])).to include(
-      'errors' => [
-                    include(
-                      'id'     => match(/[a-f0-9\-]+/),
-                      'links'  => {
-                        'about'         => nil,
-                        'documentation' => nil,
-                      },
-                      'status' => 401,
-                      'code'   => 'errors.invalid_token',
-                      'title'  => 'Invalid or Unauthorized Token',
-                      'detail' => 'Either the token you passed is invalid or is not allowed to ' \
-                                  'perform this action.',
-                      'source' => {},
-                    ),
-                  ],
-    )
-  end
-end
-end
-end

data/spec/drillbit/matchers/accept_header_spec.rb DELETED

@@ -1,114 +0,0 @@
-# frozen_string_literal: true
-require 'rspeckled/spec_helpers/rspeckled'
-require 'drillbit/requests/base'
-require 'drillbit/matchers/accept_header'
-# rubocop:disable Metrics/LineLength
-module    Drillbit
-module    Matchers
-describe  AcceptHeader do
-  it 'matches if the subdomain is API and the accept header is valid' do
-    env = {
-      'HTTP_ACCEPT'             => 'application/vnd.westeros+redkeep;version=1.0.0',
-      'HTTP_X_APPLICATION_NAME' => 'westeros',
-    }
-    request = Requests::Base.resolve(env)
-    matcher = AcceptHeader.new
-    expect(matcher.matches?(request)).to be_a TrueClass
-  end
-  it 'matches if the subdomain is API and the accept header is passed in as ' \
-     'a parameter' do
-    env = {
-      'QUERY_STRING'            => 'accept=application/vnd.westeros+redkeep;version=1.0.0',
-      'HTTP_X_APPLICATION_NAME' => 'westeros',
-    }
-    request = Requests::Base.resolve(env)
-    matcher = AcceptHeader.new
-    expect(matcher.matches?(request)).to be_a TrueClass
-  end
-  it 'matches if the subdomain is API and the accept header is passed in as a ' \
-     'secondary parameter' do
-    env = {
-      'QUERY_STRING'            => 'first=my_param&accept=application/vnd.westeros+redkeep;' \
-                                   'version=1.0.0',
-      'HTTP_X_APPLICATION_NAME' => 'westeros',
-    }
-    request = Requests::Base.resolve(env)
-    matcher = AcceptHeader.new
-    expect(matcher.matches?(request)).to be_a TrueClass
-  end
-  it 'matches the header accept header if the subdomain is API and the accept header ' \
-     'is passed both as a valid header and as a parameter' do
-    env = {
-      'HTTP_ACCEPT'             => 'application/vnd.westeros+redkeep;version=1.0.0',
-      'QUERY_STRING'            => 'accept=application/vnd.westeros+redkeep;version=2.0.0',
-      'HTTP_X_APPLICATION_NAME' => 'westeros',
-    }
-    request = Requests::Base.resolve(env)
-    matcher = AcceptHeader.new
-    matcher.matches?(request)
-    expect(matcher.accept_header.version).to eql '1.0.0'
-  end
-  it 'matches the accept header parameter if the subdomain is API and the accept ' \
-     'header is passed both as an invalid header as well as as a parameter' do
-    env = {
-      'HTTP_ACCEPT'             => 'application/vndwesteros+redkeep;version=1.0.0',
-      'QUERY_STRING'            => 'accept=application/vnd.westeros+redkeep;version=2.0.0',
-      'HTTP_X_APPLICATION_NAME' => 'westeros',
-    }
-    request = Requests::Base.resolve(env)
-    matcher = AcceptHeader.new
-    matcher.matches?(request)
-    expect(matcher.accept_header.version).to eql '2.0.0'
-  end
-  it 'matches the accept header parameter if the subdomain is API and the accept ' \
-     'header is passed both as an invalid header as well as as a parameter' do
-    env = {
-      'HTTP_ACCEPT'             => 'application/vndwesteros+redkeep;version=1.0.0',
-      'QUERY_STRING'            => '',
-      'HTTP_X_APPLICATION_NAME' => 'westeros',
-    }
-    request = Requests::Base.resolve(env)
-    matcher = AcceptHeader.new
-    matcher.matches?(request)
-    expect(matcher.accept_header.raw_accept_header).to eql \
-      'application/vndwesteros+redkeep;version=1.0.0'
-  end
-  it 'does not match if the subdomain is API but the accept header is invalid' do
-    env = {
-      'HTTP_ACCEPT'             => 'application/vndwesteros+redkeep;version=1.0.0',
-      'QUERY_STRING'            => '',
-      'HTTP_X_APPLICATION_NAME' => 'westeros',
-    }
-    request = Requests::Base.resolve(env)
-    matcher = AcceptHeader.new
-    expect(matcher.matches?(request)).to be_a FalseClass
-  end
-end
-end
-end