RubyGems - easy-jsonapi - Versions diffs - 1.0.4 → 1.0.9 - Mend

easy-jsonapi 1.0.4 → 1.0.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (17) hide show

checksums.yaml +4 -4
data/.github/workflows/codecov.yml +7 -10
data/.github/workflows/publish.yml +3 -3
data/.rspec_status +492 -487
data/.rubocop.yml +1 -1
data/.ruby-version +1 -1
data/.travis.yml +1 -1
data/CHANGELOG.md +23 -0
data/Gemfile.lock +3 -3
data/README.md +5 -3
data/easy-jsonapi.gemspec +1 -1
data/lib/easy/jsonapi/exceptions/headers_exceptions.rb +15 -13
data/lib/easy/jsonapi/exceptions/query_params_exceptions.rb +1 -1
data/lib/easy/jsonapi/exceptions/user_defined_exceptions.rb +6 -2
data/lib/easy/jsonapi/middleware.rb +23 -25
data/lib/easy/jsonapi/parser/json_parser.rb +1 -1
metadata +3 -3

data/.rubocop.yml CHANGED Viewed

@@ -1,6 +1,6 @@
 AllCops:
   NewCops: enable
-  TargetRubyVersion: '3.0.0'
+  TargetRubyVersion: '3.0.1'
   SuggestExtensions: false
 Metrics/AbcSize:

data/.ruby-version CHANGED Viewed

	@@ -1 +1 @@
1	- 3.0.0
1	+ 3.0.1

data/.travis.yml CHANGED Viewed

@@ -1,7 +1,7 @@
 language: ruby
 cache: bundler
 rvm:
-  - 3.0.0
+  - 3.0.1
 before_install:
 - gem install bundler
 - bundler install

data/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,28 @@
 # CHANGELOG
+## 1.0.9 - 2020-05-04
+- Updated dependencies to fix security vulnerability in rexml
+## 1.0.8 - 2020-05-04
+- Updated dependencies to fix security vulnerability in rexml
+## 1.0.7 - 2020-03-31
+- Fixed bug in JSONAPI::Parser::JSONParser that would serialize hashes with symbol key values instead of string
+## 1.0.6 - 2020-03-30
+- Fixed bug in JSONAPI::Middleware that was not checking for environment variables properly
+## 1.0.5 - 2020-03-30
+- Fixed bug in JSONAPI::Exceptions::HeadersExceptions that didn't check for user required headers requirements
+- Fixed bug in JSONAPI::Exceptions::QueryParamExceptions that didn't check for user required query param requirements
+- Added more tests to the middleware
+- Updated Documentation
 ## 1.0.4 - 2020-03-28
 - Fixed JSONAPI::ExceptionsHeadersExceptions bug

data/Gemfile.lock CHANGED Viewed

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    easy-jsonapi (1.0.4)
+    easy-jsonapi (1.0.9)
       oj (~> 3.10)
 GEM
@@ -24,7 +24,7 @@ GEM
       racc (~> 1.4)
     nokogiri (1.11.2-x86_64-linux)
       racc (~> 1.4)
-    oj (3.11.3)
+    oj (3.11.5)
     parallel (1.20.1)
     parser (3.0.0.0)
       ast (~> 2.4.1)
@@ -36,7 +36,7 @@ GEM
     regexp_parser (2.1.1)
     reverse_markdown (2.0.0)
       nokogiri
-    rexml (3.2.4)
+    rexml (3.2.5)
     rspec (3.10.0)
       rspec-core (~> 3.10.0)
       rspec-expectations (~> 3.10.0)

data/README.md CHANGED Viewed

@@ -21,7 +21,7 @@ Ever wanted the benefits of [JSONAPI](https://jsonapi.org/) without the learning
 2. A `parser` to interact with requests in a typical Object-Oriented Fashion, providing convenient and efficient access to headers, query parameters, and document members.
 3. A `validator` to check your serialized responses for [JSONAPI](https://jsonapi.org/) compliance.
-With its only gem dependency being [Oj](https://github.com/ohler55/oj), ***easy-jsonapi*** is a lightweight, dependable tool, featuring comprehensive error messages and over ***500 unit tests*** allowing developers to spend less time debugging and more time creating.
+With its only gem dependency being [Oj](https://github.com/ohler55/oj), ***easy-jsonapi*** is a lightweight, dependable tool, featuring comprehensive error messages and over ***525 unit tests*** allowing developers to spend less time debugging and more time creating.
 As a bonus, flexible user configurations can be added to the middleware providing custom screening on all requests or individual requests depending on the resource type of the endpoint and the user-defined document, header, or query param restrictions.
@@ -31,6 +31,8 @@ As a bonus, flexible user configurations can be added to the middleware providin
 - [*RubyGems* *Repository*](https://rubygems.org/search?query=easy-jsonapi)
+- [*Class Diagram*](https://lucid.app/lucidchart/invitations/accept/3d543b29-4171-43cb-94db-9aeb346cdcac)
 ## Installation
 Add this line to your applications' Gemfile:
@@ -126,7 +128,7 @@ use JSONAPI::Middleware
 The easy-jsonapi middleware can operate in development or production mode.
-If `ENV['RACK_ENV']` is set to `:development` or not set at all, the middleware will be operating in development mode.
+If `ENV['RACK_ENV']` is set to `'development'` or not set at all, the middleware will be operating in development mode.
 When the middleware is in development mode it will raise an exception wherever it finds the http request to be non JSONAPI compliant.
@@ -137,7 +139,7 @@ The types of exceptions it will raise are:
 - `JSONAPI::Exceptions::QueryParamExceptions::InvalidQueryParam` when an included query parameter is non-compliant
 - `JSONAPI::Exceptions::DocumentExceptions::InvalidDocument` when the body is included and non-compliant
-If `ENV['RACK_ENV']` is set to something other than  `:development`, then the middleware will return the appropriate status code error given the JSON:API clause the headers, query params, or document violates.
+If `ENV['RACK_ENV']` is set to something other than  `'development'`, then the middleware will return the appropriate status code error given the JSON:API clause the headers, query params, or document violates.
 ### User Configurations

data/easy-jsonapi.gemspec CHANGED Viewed

@@ -2,7 +2,7 @@
 Gem::Specification.new do |spec|
   spec.name          = 'easy-jsonapi'
-  spec.version       = '1.0.4'
+  spec.version       = '1.0.9'
   spec.authors       = ['Joshua DeMoss, Joe Viscomi']
   spec.email         = ['demoss.joshua@gmail.com']

data/lib/easy/jsonapi/exceptions/headers_exceptions.rb CHANGED Viewed

@@ -25,9 +25,11 @@ module JSONAPI
       # Check http verb vs included headers
       # @param env [Hash] The rack environment variable
-      def self.check_request(env, body, config_manager = nil, opts = {})
+      # @param config_manager [JSONAPI::ConfigManager] The manager of user configurations
+      # @param opts [Hash] Includes http_method, path, and contains_body values
+      def self.check_request(env, config_manager = nil, opts = {})
         check_compliance(env, config_manager, opts)
-        check_http_method_against_headers(env, body)
+        check_http_method_against_headers(env, opts[:contains_body])
       end
       # Check jsonapi compliance
@@ -39,7 +41,7 @@ module JSONAPI
         hdrs = JSONAPI::Parser::HeadersParser.parse(env)
         usr_opts = { http_method: opts[:http_method], path: opts[:path] }
         err_msg = JSONAPI::Exceptions::UserDefinedExceptions.check_user_header_requirements(hdrs, config_manager, usr_opts)
-        return err_msg unless err_msg.nil?
+        raise err_msg unless err_msg.nil?
       end
       class << self
@@ -78,30 +80,30 @@ module JSONAPI
         #   error if the combination doesn't make sense
         # @param (see #compliant?)
         # @raise InvalidHeader the invalid header incombination with the http verb
-        def check_http_method_against_headers(env, body)
+        def check_http_method_against_headers(env, contains_body)
           case env['REQUEST_METHOD']
           when 'GET'
-            check_get_against_hdrs(env, body)
+            check_get_against_hdrs(env, contains_body)
           when 'POST' || 'PATCH' || 'PUT'
-            check_post_against_hdrs(env, body)
+            check_post_against_hdrs(env, contains_body)
           when 'DELETE'
-            check_delete_against_hdrs(env, body)
+            check_delete_against_hdrs(env, contains_body)
           end
         end
         # Raise error if a GET request has a body or a content type header
         # @param (see #compliant?)
-        def check_get_against_hdrs(env, body)
-          raise_error('GET requests cannot have a body.') unless body == ""
+        def check_get_against_hdrs(env, contains_body)
+          raise_error('GET requests cannot have a body.') if contains_body
           raise_error("GET request cannot have a 'CONTENT_TYPE' http header.") unless env['CONTENT_TYPE'].nil?
         end
         # POST, PUT, and PATCH request must have a content type header,
         #   a body, and a content-type and accept header that accepts jsonapi
         # @param (see #compliant?)
-        def check_post_against_hdrs(env, body)
+        def check_post_against_hdrs(env, contains_body)
           raise_error("POST, PUT, and PATCH requests must have a 'CONTENT_TYPE' header.") unless env['CONTENT_TYPE']
-          raise_error('POST, PUT, and PATCH requests must have a body.') if body == ""
+          raise_error('POST, PUT, and PATCH requests must have a body.') unless contains_body
           return if env['CONTENT_TYPE'] == 'application/vnd.api+json' && accepts_jsonapi?(env)
@@ -110,8 +112,8 @@ module JSONAPI
         end
         # Raise error if DELETE hdr has a body or a content type header
-        def check_delete_against_hdrs(env, body)
-          raise_error('DELETE requests cannot have a body.') unless body == ""
+        def check_delete_against_hdrs(env, contains_body)
+          raise_error('DELETE requests cannot have a body.') if contains_body
           raise_error("DELETE request cannot have a 'CONTENT_TYPE' http header.") unless env['CONTENT_TYPE'].nil?
         end

data/lib/easy/jsonapi/exceptions/query_params_exceptions.rb CHANGED Viewed

@@ -33,7 +33,7 @@ module JSONAPI
         end
         err_msg = JSONAPI::Exceptions::UserDefinedExceptions.check_user_query_param_requirements(rack_req_params, config_manager, opts)
-        return err_msg unless err_msg.nil?
+        raise err_msg unless err_msg.nil?
         nil
       end

data/lib/easy/jsonapi/exceptions/user_defined_exceptions.rb CHANGED Viewed

@@ -62,8 +62,10 @@ module JSONAPI
         #   with underscores instead of dashes.
         # @param config (see #check_user_document_requirements)
         def check_user_header_requirements(headers, config_manager, opts)
-          return if config_manager.nil? || config_manager.default?
+          return if config_manager.nil?
           config = get_config(config_manager, opts[:http_method], opts[:path])
+          return if config.default? && config_manager.size.positive?
           err =
             check_for_required_headers(headers, config.required_headers)
@@ -77,8 +79,10 @@ module JSONAPI
         # @param rack_req_params [Hash]  The hash of the query parameters given by Rack::Request
         # @param config (see #check_user_document_requirements)
         def check_user_query_param_requirements(rack_req_params, config_manager, opts)
-          return if config_manager.nil? || config_manager.default?
+          return if config_manager.nil?
           config = get_config(config_manager, opts[:http_method], opts[:path])
+          return if config.default? && config_manager.size.positive?
           err =
             check_for_required_params(rack_req_params, config.required_query_params)

data/lib/easy/jsonapi/middleware.rb CHANGED Viewed

@@ -23,8 +23,8 @@ module JSONAPI
     #   and error if any section is found to be non-compliant.
     # @param env The rack envirornment hash
     def call(env)
-      if in_maintenance_mode?(env)
-        return maintenance_response(env)
+      if in_maintenance_mode?
+        return maintenance_response
       end
       if jsonapi_request?(env)
@@ -38,17 +38,15 @@ module JSONAPI
     private
     # Checks the 'MAINTENANCE' environment variable
-    # @param (see #call)
     # @return [TrueClass | FalseClass]
-    def in_maintenance_mode?(env)
-      !env['MAINTENANCE'].nil?
+    def in_maintenance_mode?
+      !ENV['MAINTENANCE'].nil?
     end
     # Return 503 with or without msg depending on environment
-    # @param (see #call)
     # @return [Array] Http Error Responses
-    def maintenance_response(env)
-      if environment_development?(env)
+    def maintenance_response
+      if environment_development?
         [503, {}, ['MAINTENANCE envirornment variable set']]
       else
         [503, {}, []]
@@ -91,28 +89,28 @@ module JSONAPI
       # Store separately so you can rewind for next middleware or app
       body = env['rack.input'].read
       env['rack.input'].rewind
-      opts = { http_method: env['REQUEST_METHOD'], path: env['PATH_INFO'] }
+      opts = { http_method: env['REQUEST_METHOD'], path: env['PATH_INFO'], contains_body: body != "" }
-      header_error = check_headers_compliance(env, body, config_manager, opts)
+      header_error = check_headers_compliance(env, config_manager, opts)
       return header_error unless header_error.nil?
       req = Rack::Request.new(env)
-      param_error = check_query_param_compliance(env, req.GET, config_manager, opts)
+      param_error = check_query_param_compliance(req.GET, config_manager, opts)
       return param_error unless param_error.nil?
       return unless env['CONTENT_TYPE']
-      body_error = check_req_body_compliance(env, body, config_manager, opts)
+      body_error = check_body_compliance(body, config_manager, opts)
       return body_error unless body_error.nil?
     end
     # Checks whether the http headers are jsonapi compliant
     # @param (see #call)
     # @return [NilClass | Array] Nil meaning no error or a 400 level http response
-    def check_headers_compliance(env, body, config_manager, opts)
-      JSONAPI::Exceptions::HeadersExceptions.check_request(env, body, config_manager, opts)
-    rescue JSONAPI::Exceptions::HeadersExceptions::InvalidHeader || JSONAPI::Exceptions::UserDefinedExceptions::InvalidHeader => e
-      raise if environment_development?(env)
+    def check_headers_compliance(env, config_manager, opts)
+      JSONAPI::Exceptions::HeadersExceptions.check_request(env, config_manager, opts)
+    rescue JSONAPI::Exceptions::HeadersExceptions::InvalidHeader, JSONAPI::Exceptions::UserDefinedExceptions::InvalidHeader => e
+      raise if environment_development?
       [e.status_code, {}, []]
     end
@@ -120,10 +118,10 @@ module JSONAPI
     # @param query_params [Hash] The rack request query_param hash
     # @raise If the query parameters are not JSONAPI compliant
     # @return [NilClass | Array] Nil meaning no error or a 400 level http response
-    def check_query_param_compliance(env, query_params, config_manager, opts)
+    def check_query_param_compliance(query_params, config_manager, opts)
       JSONAPI::Exceptions::QueryParamsExceptions.check_compliance(query_params, config_manager, opts)
-    rescue JSONAPI::Exceptions::QueryParamsExceptions::InvalidQueryParameter || JSONAPI::Exceptions::UserDefinedExceptions::InvalidQueryParam => e
-      raise if environment_development?(env)
+    rescue JSONAPI::Exceptions::QueryParamsExceptions::InvalidQueryParameter, JSONAPI::Exceptions::UserDefinedExceptions::InvalidQueryParam => e
+      raise if environment_development?
       [e.status_code, {}, []]
     end
@@ -131,14 +129,14 @@ module JSONAPI
     # @param env (see #call)
     # @param req (see #check_query_param_compliance)
     # @raise If the document body is not JSONAPI compliant
-    def check_req_body_compliance(env, body, config_manager, opts)
+    def check_body_compliance(body, config_manager, opts)
       JSONAPI::Exceptions::DocumentExceptions.check_compliance(body, config_manager, opts)
-    rescue JSONAPI::Exceptions::DocumentExceptions::InvalidDocument || JSONAPI::Exceptions::UserDefinedExceptions::InvalidDocument => e
-      raise if environment_development?(env)
+    rescue JSONAPI::Exceptions::DocumentExceptions::InvalidDocument, JSONAPI::Exceptions::UserDefinedExceptions::InvalidDocument => e
+      raise if environment_development?
       [e.status_code, {}, []]
     rescue JSONAPI::Exceptions::JSONParseError
-      raise if environment_development?(env)
+      raise if environment_development?
       [400, {}, []]
     end
@@ -151,8 +149,8 @@ module JSONAPI
     end
     # @param (see #call)
-    def environment_development?(env)
-      env['RACK_ENV'].to_s.downcase == 'development' || env['RACK_ENV'].nil?
+    def environment_development?
+      ENV['RACK_ENV'].to_s.downcase == 'development' || ENV['RACK_ENV'].nil?
     end
   end
 end

data/lib/easy/jsonapi/parser/json_parser.rb CHANGED Viewed

@@ -21,7 +21,7 @@ module JSONAPI
       # Convert ruby hash into JSON
       # @param ruby_hash [Hash] THe hash to convert into JSON
       def self.dump(ruby_hash)
-        Oj.dump(ruby_hash)
+        Oj.dump(ruby_hash, mode: :compat)
       end
     end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: easy-jsonapi
 version: !ruby/object:Gem::Version
-  version: 1.0.4
+  version: 1.0.9
 platform: ruby
 authors:
 - Joshua DeMoss, Joe Viscomi
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2021-03-29 00:00:00.000000000 Z
+date: 2021-05-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -249,7 +249,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.3
+rubygems_version: 3.2.15
 signing_key:
 specification_version: 4
 summary: Middleware, Parser, and Validator for JSONAPI requests and serialized resopnses