escher 0.2.1 → 0.3.1

data/lib/escher.rb

@@ -1,3 +1,7 @@
-require 'escher/base'
+require 'addressable/uri'
+require 'time'
+require 'digest'
+
 require 'escher/version'
-require 'escher/request'
+require 'escher/request/factory'
+require 'escher/auth'

data/spec/escher/auth_spec.rb

@@ -0,0 +1,408 @@
+require 'spec_helper'
+
+module Escher
+  describe Auth do
+
+    test_suites = {
+      # 'get-header-key-duplicate',
+      # 'get-header-value-order',
+      aws4: %w(
+        get-header-value-trim
+        get-relative
+        get-relative-relative
+        get-slash
+        get-slash-dot-slash
+        get-slash-pointless-dot
+        get-slashes
+        get-space
+        get-unreserved
+        get-utf8
+        get-vanilla
+        get-vanilla-empty-query-key
+        get-vanilla-query
+        get-vanilla-query-order-key
+        get-vanilla-query-order-key-case
+        get-vanilla-query-order-value
+        get-vanilla-query-unreserved
+        get-vanilla-ut8-query
+        post-header-key-case
+        post-header-key-sort
+        post-header-value-case
+        post-vanilla
+        post-vanilla-empty-query-value
+        post-vanilla-query
+        post-vanilla-query-nonunreserved
+        post-vanilla-query-space
+        post-x-www-form-urlencoded
+        post-x-www-form-urlencoded-parameters
+      ),
+      emarsys: %w(
+        get-header-key-duplicate
+        post-header-key-order
+        post-header-value-spaces
+        post-header-value-spaces-within-quotes
+      )
+    }
+
+    ESCHER_AWS4_OPTIONS = {
+      algo_prefix: 'AWS4', vendor_key: 'AWS4', hash_algo: 'SHA256', auth_header_name: 'Authorization', date_header_name: 'Date'
+    }
+
+    ESCHER_MIXED_OPTIONS = {
+      algo_prefix: 'EMS', vendor_key: 'EMS', hash_algo: 'SHA256', auth_header_name: 'Authorization', date_header_name: 'Date', clock_skew: 10
+    }
+
+    ESCHER_EMARSYS_OPTIONS = ESCHER_MIXED_OPTIONS.merge(auth_header_name: 'X-Ems-Auth', date_header_name: 'X-Ems-Date')
+
+    GOOD_AUTH_HEADER = 'AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20110909/us-east-1/host/aws4_request, SignedHeaders=date;host, Signature=b27ccfbfa7df52a200ff74193ca6e32d4b48b8856fab7ebf1c595d0670a7e470'
+
+
+
+    def key_db
+      {
+        'AKIDEXAMPLE' => 'wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY',
+        'th3K3y' => 'very_secure',
+      }
+    end
+
+
+
+    def credential_scope
+      %w(us-east-1 host aws4_request)
+    end
+
+
+
+    def client
+      {:api_key_id => 'AKIDEXAMPLE', :api_secret => 'wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY'}
+    end
+
+
+
+    test_suites.each do |suite, tests|
+      tests.each do |test|
+        it "should calculate canonicalized request for #{test} in #{suite}" do
+          escher = described_class.new('us-east-1/host/aws4_request', ESCHER_AWS4_OPTIONS)
+          method, request_uri, body, headers = read_request(suite, test)
+          headers_to_sign = headers.map { |k| k[0].downcase }
+          path, query_parts = escher.parse_uri(request_uri)
+          canonicalized_request = escher.canonicalize(method, path, query_parts, body, headers, headers_to_sign)
+          check_canonicalized_request(canonicalized_request, suite, test)
+        end
+      end
+    end
+
+
+    test_suites.each do |suite, tests|
+      tests.each do |test|
+        it "should calculate string to sign for #{test} in #{suite}" do
+          method, request_uri, body, headers, date = read_request(suite, test)
+          escher = described_class.new('us-east-1/host/aws4_request', ESCHER_AWS4_OPTIONS.merge(current_time: Time.parse(date)))
+          headers_to_sign = headers.map { |k| k[0].downcase }
+          path, query_parts = escher.parse_uri(request_uri)
+          canonicalized_request = escher.canonicalize(method, path, query_parts, body, headers, headers_to_sign)
+          string_to_sign = escher.get_string_to_sign(canonicalized_request)
+          expect(string_to_sign).to eq(fixture(suite, test, 'sts'))
+        end
+      end
+    end
+
+
+    test_suites.each do |suite, tests|
+      tests.each do |test|
+        it "should calculate auth header for #{test} in #{suite}" do
+          method, request_uri, body, headers, date = read_request(suite, test)
+          escher = described_class.new('us-east-1/host/aws4_request', ESCHER_AWS4_OPTIONS.merge(current_time: Time.parse(date)))
+          headers_to_sign = headers.map { |k| k[0].downcase }
+          request = {
+            method: method,
+            uri: request_uri,
+            body: body,
+            headers: headers,
+          }
+          signed_headers = escher.sign!(request, client, headers_to_sign)[:headers].map { |k, v| {k.downcase => v} }.reduce({}, &:merge)
+          expect(signed_headers['authorization']).to eq(fixture(suite, test, 'authz'))
+        end
+      end
+    end
+
+
+    it 'should sign request' do
+      escher = described_class.new('us-east-1/iam/aws4_request', ESCHER_EMARSYS_OPTIONS.merge(current_time: Time.parse('20110909T233600Z')))
+      client = {:api_key_id => 'AKIDEXAMPLE', :api_secret => 'wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY'}
+
+      input_headers = [
+        ['host', 'iam.amazonaws.com'],
+        ['content-type', 'application/x-www-form-urlencoded; charset=utf-8'],
+      ]
+
+      expected_headers = {
+        'content-type' => 'application/x-www-form-urlencoded; charset=utf-8',
+        'host' => 'iam.amazonaws.com',
+        'x-ems-date' => '20110909T233600Z',
+        'x-ems-auth' => 'EMS-HMAC-SHA256 Credential=AKIDEXAMPLE/20110909/us-east-1/iam/aws4_request, SignedHeaders=content-type;host;x-ems-date, Signature=f36c21c6e16a71a6e8dc56673ad6354aeef49c577a22fd58a190b5fcf8891dbd',
+      }
+      headers_to_sign = %w(content-type)
+
+      request = {
+        method: 'POST',
+        uri: '/',
+        body: 'Action=ListUsers&Version=2010-05-08',
+        headers: input_headers,
+      }
+
+      downcase = escher.sign!(request, client, headers_to_sign)[:headers].map { |k, v| {k.downcase => v} }.reduce({}, &:merge)
+      expect(downcase).to eq expected_headers
+    end
+
+
+    it 'should generate presigned url' do
+      escher = described_class.new('us-east-1/host/aws4_request', ESCHER_MIXED_OPTIONS.merge(current_time: Time.parse('2011/05/11 12:00:00 UTC')))
+      expected_url =
+        'http://example.com/something?foo=bar&' + 'baz=barbaz&' +
+          'X-EMS-Algorithm=EMS-HMAC-SHA256&' +
+          'X-EMS-Credentials=th3K3y%2F20110511%2Fus-east-1%2Fhost%2Faws4_request&' +
+          'X-EMS-Date=20110511T120000Z&' +
+          'X-EMS-Expires=123456&' +
+          'X-EMS-SignedHeaders=host&' +
+          'X-EMS-Signature=fbc9dbb91670e84d04ad2ae7505f4f52ab3ff9e192b8233feeae57e9022c2b67'
+
+      client = {:api_key_id => 'th3K3y', :api_secret => 'very_secure'}
+      expect(escher.generate_signed_url('http://example.com/something?foo=bar&baz=barbaz', client, 123456)).to eq expected_url
+    end
+
+
+    it 'should validate presigned url' do
+      escher = described_class.new('us-east-1/host/aws4_request', ESCHER_MIXED_OPTIONS.merge(current_time: Time.parse('2011/05/12 21:59:00 UTC')))
+      presigned_uri =
+        '/something?foo=bar&' + 'baz=barbaz&' +
+          'X-EMS-Algorithm=EMS-HMAC-SHA256&' +
+          'X-EMS-Credentials=th3K3y%2F20110511%2Fus-east-1%2Fhost%2Faws4_request&' +
+          'X-EMS-Date=20110511T120000Z&' +
+          'X-EMS-Expires=123456&' +
+          'X-EMS-SignedHeaders=host&' +
+          'X-EMS-Signature=fbc9dbb91670e84d04ad2ae7505f4f52ab3ff9e192b8233feeae57e9022c2b67'
+
+      client = {:api_key_id => 'th3K3y', :api_secret => 'very_secure'}
+      expect { escher.authenticate({
+                                     :method => 'GET',
+                                     :headers => [%w(host example.com)],
+                                     :uri => presigned_uri,
+                                     :body => 'IRRELEVANT'
+                                   }, key_db) }.not_to raise_error
+    end
+
+
+    it 'should validate expiration' do
+      escher = described_class.new('us-east-1/host/aws4_request', ESCHER_MIXED_OPTIONS.merge(current_time: Time.parse('2011/05/12 22:20:00 UTC')))
+      presigned_uri =
+        '/something?foo=bar&' + 'baz=barbaz&' +
+          'X-EMS-Algorithm=EMS-HMAC-SHA256&' +
+          'X-EMS-Credentials=th3K3y%2F20110511%2Fus-east-1%2Fhost%2Faws4_request&' +
+          'X-EMS-Date=20110511T120000Z&' +
+          'X-EMS-Expires=123456&' +
+          'X-EMS-SignedHeaders=host&' +
+          'X-EMS-Signature=fbc9dbb91670e84d04ad2ae7505f4f52ab3ff9e192b8233feeae57e9022c2b67'
+
+      client = {:api_key_id => 'th3K3y', :api_secret => 'very_secure'}
+      expect { escher.authenticate({
+                                     :method => 'GET',
+                                     :headers => [%w(host example.com)],
+                                     :uri => presigned_uri,
+                                     :body => 'IRRELEVANT'
+                                   }, key_db) }.to raise_error(EscherError, 'The request date is not within the accepted time range')
+    end
+
+
+    it 'should validate request' do
+      headers = [
+        %w(Host host.foo.com),
+        ['Date', 'Mon, 09 Sep 2011 23:36:00 GMT'],
+        ['Authorization', GOOD_AUTH_HEADER],
+      ]
+      expect { call_validate(headers) }.not_to raise_error
+    end
+
+
+    it 'should authenticate' do
+      headers = [
+        %w(Host host.foo.com),
+        ['Date', 'Mon, 09 Sep 2011 23:36:00 GMT'],
+        ['Authorization', GOOD_AUTH_HEADER],
+      ]
+      expect(call_validate(headers)).to eq 'AKIDEXAMPLE'
+    end
+
+
+    it 'should detect if signatures do not match' do
+      headers = [
+        %w(Host host.foo.com),
+        ['Date', 'Mon, 09 Sep 2011 23:36:00 GMT'],
+        ['Authorization', 'AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20110909/us-east-1/host/aws4_request, SignedHeaders=date;host, Signature=ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff'],
+      ]
+      expect { call_validate(headers) }.to raise_error(EscherError, 'The signatures do not match')
+    end
+
+
+    it 'should detect if dates are not on the same day' do
+      yesterday = '08'
+      headers = [
+        %w(Host host.foo.com),
+        ['Date', "Mon, #{yesterday} Sep 2011 23:36:00 GMT"],
+        ['Authorization', GOOD_AUTH_HEADER],
+      ]
+      expect { call_validate(headers) }.to raise_error(EscherError, 'Invalid request date')
+    end
+
+
+    it 'should detect if date is not within the 15 minutes range' do
+      long_ago = '00'
+      headers = [
+        %w(Host host.foo.com),
+        ['Date', "Mon, 09 Sep 2011 23:#{long_ago}:00 GMT"],
+        ['Authorization', GOOD_AUTH_HEADER],
+      ]
+      expect { call_validate(headers) }.to raise_error(EscherError, 'The request date is not within the accepted time range')
+    end
+
+
+    it 'should detect missing host header' do
+      headers = [
+        ['Date', 'Mon, 09 Sep 2011 23:36:00 GMT'],
+        ['Authorization', GOOD_AUTH_HEADER],
+      ]
+      expect { call_validate(headers) }.to raise_error(EscherError, 'Missing header: Host')
+    end
+
+
+    it 'should detect missing date header' do
+      headers = [
+        %w(Host host.foo.com),
+        ['Authorization', GOOD_AUTH_HEADER],
+      ]
+      expect { call_validate(headers) }.to raise_error(EscherError, 'Missing header: Date')
+    end
+
+
+    it 'should detect missing auth header' do
+      headers = [
+        %w(Host host.foo.com),
+        ['Date', 'Mon, 09 Sep 2011 23:36:00 GMT'],
+      ]
+      expect { call_validate(headers) }.to raise_error(EscherError, 'Missing header: Authorization')
+    end
+
+
+    it 'should detect malformed auth header' do
+      headers = [
+        %w(Host host.foo.com),
+        ['Date', 'Mon, 09 Sep 2011 23:36:00 GMT'],
+        ['Authorization', 'AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20110909/us-east-1/host/aws4_request, SignedHeaders=date;host, Signature=UNPARSABLE'],
+      ]
+      expect { call_validate(headers) }.to raise_error(EscherError, 'Malformed authorization header')
+    end
+
+
+    it 'should detect malformed credential scope' do
+      headers = [
+        %w(Host host.foo.com),
+        ['Date', 'Mon, 09 Sep 2011 23:36:00 GMT'],
+        ['Authorization', 'AWS4-HMAC-SHA256 Credential=BAD-CREDENTIAL-SCOPE, SignedHeaders=date;host, Signature=b27ccfbfa7df52a200ff74193ca6e32d4b48b8856fab7ebf1c595d0670a7e470'],
+      ]
+      expect { call_validate(headers) }.to raise_error(EscherError, 'Malformed authorization header')
+    end
+
+
+    it 'should check mandatory signed headers: host' do
+      headers = [
+        %w(Host host.foo.com),
+        ['Date', 'Mon, 09 Sep 2011 23:36:00 GMT'],
+        ['Authorization', 'AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20110909/us-east-1/host/aws4_request, SignedHeaders=date, Signature=b27ccfbfa7df52a200ff74193ca6e32d4b48b8856fab7ebf1c595d0670a7e470'],
+      ]
+      expect { call_validate(headers) }.to raise_error(EscherError, 'Host header is not signed')
+    end
+
+
+    it 'should check mandatory signed headers: date' do
+      headers = [
+        %w(Host host.foo.com),
+        ['Date', 'Mon, 09 Sep 2011 23:36:00 GMT'],
+        ['Authorization', 'AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20110909/us-east-1/host/aws4_request, SignedHeaders=host, Signature=b27ccfbfa7df52a200ff74193ca6e32d4b48b8856fab7ebf1c595d0670a7e470'],
+      ]
+      expect { call_validate(headers) }.to raise_error(EscherError, 'Date header is not signed')
+    end
+
+
+    it 'should check algorithm' do
+      headers = [
+        %w(Host host.foo.com),
+        ['Date', 'Mon, 09 Sep 2011 23:36:00 GMT'],
+        ['Authorization', 'AWS4-HMAC-INVALID Credential=AKIDEXAMPLE/20110909/us-east-1/host/aws4_request, SignedHeaders=date;host, Signature=b27ccfbfa7df52a200ff74193ca6e32d4b48b8856fab7ebf1c595d0670a7e470'],
+      ]
+      expect { call_validate(headers) }.to raise_error(EscherError, 'Only SHA256 and SHA512 hash algorithms are allowed')
+    end
+
+
+    it 'should check credential scope' do
+      headers = [
+        %w(Host host.foo.com),
+        ['Date', 'Mon, 09 Sep 2011 23:36:00 GMT'],
+        ['Authorization', 'AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20110909/us-east-1/INVALID/aws4_request, SignedHeaders=date;host, Signature=b27ccfbfa7df52a200ff74193ca6e32d4b48b8856fab7ebf1c595d0670a7e470'],
+      ]
+      expect { call_validate(headers) }.to raise_error(EscherError, 'Invalid credentials')
+    end
+
+
+    it 'should convert dates' do
+      date_str = 'Fri, 09 Sep 2011 23:36:00 GMT'
+      expect(described_class.new('irrelevant', date_header_name: 'date', current_time: Time.parse(date_str)).format_date_for_header).to eq date_str
+    end
+
+
+
+    def call_validate(headers)
+      escher = described_class.new('us-east-1/host/aws4_request', ESCHER_AWS4_OPTIONS.merge(current_time: Time.parse('Mon, 09 Sep 2011 23:40:00 GMT')))
+      escher.authenticate({
+                            :method => 'GET',
+                            :headers => headers,
+                            :uri => '/',
+                            :body => '',
+                          }, key_db)
+    end
+
+
+
+    def fixture(suite, test, extension)
+      open("spec/#{suite}_testsuite/#{test}.#{extension}").read
+    end
+
+
+
+    def get_host(headers)
+      headers.detect { |header| header[0].downcase == 'host' }[1]
+    end
+
+
+
+    def get_date(headers)
+      headers.detect { |header| header[0].downcase == 'date' }[1]
+    end
+
+
+
+    def read_request(suite, test, extension = 'req')
+      lines = (fixture(suite, test, extension) + "\n").lines.map(&:chomp)
+      method, uri = lines[0].split ' '
+      headers = lines[1..-3].map { |header| k, v = header.split(':', 2); [k, v] }
+      body = lines[-1]
+      [method, uri, body, headers, get_date(headers), get_host(headers)]
+    end
+
+
+
+    def check_canonicalized_request(creq, suite, test)
+      expect(creq).to eq(fixture(suite, test, 'creq'))
+    end
+
+  end
+end

data/spec/escher/request/factory_spec.rb

@@ -0,0 +1,20 @@
+require 'spec_helper'
+require 'rack/request'
+
+describe Escher::Request::Factory do
+
+  describe ".from_request" do
+    {{uri: "request uri"} => Escher::Request::HashRequest,
+     Struct.new(:uri) => Escher::Request::LegacyRequest,
+     Rack::Request.new({}) => Escher::Request::RackRequest}.each do |request, expected_class|
+
+      it "should return a #{expected_class.name} when the request to be wrapped is a #{request.class.name}" do
+        expect(expected_class).to receive(:new).with(request).and_return "#{expected_class.name} wrapping request"
+
+        expect(described_class.from_request request).to eq "#{expected_class.name} wrapping request"
+      end
+
+    end
+
+  end
+end

data/spec/escher/request/hash_request_spec.rb

@@ -0,0 +1,121 @@
+require 'spec_helper'
+
+describe Escher::Request::HashRequest do
+
+  let(:request) { {headers: [], uri: '/'} }
+  subject { described_class.new request }
+
+
+  describe "#request" do
+    it "should return the underlying request object" do
+      expect(subject.request).to eq request
+    end
+  end
+
+
+  describe "#headers" do
+    it "should return the request headers" do
+      request[:headers] = [['HOST', 'some host'],
+                           ['SOME_HEADER', 'some header']]
+
+      expect(subject.headers).to eq [['HOST', 'some host'],
+                                     ['SOME-HEADER', 'some header']]
+    end
+  end
+
+
+  describe "#has_header?" do
+    it "should return true if request has specified header, false otherwise" do
+      request[:headers] = [['HOST', 'some host']]
+
+      expect(subject.has_header? 'host').to be_truthy
+      expect(subject.has_header? 'no-such-header').to be_falsey
+    end
+  end
+
+
+  describe "#header" do
+    it "should return the value for the requested header" do
+      request[:headers] = [['HOST', 'some host']]
+
+      expect(subject.header 'host').to eq 'some host'
+    end
+
+    it "should return nil if no such header exists" do
+      expect(subject.header 'host').to be_nil
+    end
+  end
+
+
+  describe "#set_header" do
+    it "should add the specified header to the request" do
+      subject.set_header 'TEST_HEADER', 'test value'
+
+      expect(subject.has_header? 'test-header').to be_truthy
+      expect(subject.header 'test-header').to eq 'test value'
+    end
+
+    it "should return nil if no such header exists" do
+      expect(subject.header 'no-such-header').to be_nil
+    end
+  end
+
+
+  describe "#method" do
+    it "should return the request method" do
+      request[:method] = 'GET'
+
+      expect(subject.method).to eq 'GET'
+    end
+  end
+
+
+  describe "#body" do
+    it "should return the request body" do
+      request[:body] = 'request body'
+
+      expect(subject.body).to eq 'request body'
+    end
+
+    it "should return empty string for no body" do
+      expect(subject.body).to eq ''
+    end
+  end
+
+
+  describe "#path" do
+    it "should return the request path" do
+      request[:uri] = '/resources/id?search=query'
+
+      expect(subject.path).to eq '/resources/id'
+    end
+
+    it "should return the original path unnormalized" do
+      request[:uri] = '//'
+
+      expect(subject.path).to eq '//'
+    end
+  end
+
+
+  describe "#query_values" do
+    it "should return the request query parameters as an array of key-value pairs" do
+      request[:uri] = '/resources/id?search=query&param=value'
+
+      expect(subject.query_values).to eq [['search', 'query'], ['param', 'value']]
+    end
+
+    it "should return the query parameters regardless of fragments" do
+      request[:uri] = "/?@\#$%^&+=/,?><`\";:\\|][{}"
+
+      expect(subject.query_values).to eq [["@\#$%^"], ["+", "/,?><`\";:\\|][{}"]]
+    end
+
+    it "should return an empty array if the request has no query parameters" do
+      request[:uri] = '/resources/id'
+
+      expect(subject.query_values).to eq []
+    end
+  end
+
+end

data/spec/escher/request/rack_request_spec.rb

@@ -0,0 +1,114 @@
+require 'spec_helper'
+require 'rack/request'
+
+describe Escher::Request::RackRequest do
+
+  let(:request_params) { {"PATH_INFO" => "/", } }
+  let(:request) { Rack::Request.new request_params }
+
+  subject { described_class.new request }
+
+
+  describe "#request" do
+    it "should return the underlying request object" do
+      expect(subject.request).to eq request
+    end
+  end
+
+
+  describe "#headers" do
+    it "should return only the HTTP request headers" do
+      request_params.merge! 'HTTP_HOST' => 'some host',
+                            'SOME_HEADER' => 'some header'
+
+      expect(subject.headers).to eq [['HOST', 'some host']]
+    end
+
+    it "should replace underscores with dashes in the header name" do
+      request_params.merge! 'HTTP_HOST_NAME' => 'some host'
+
+      expect(subject.headers).to eq [['HOST-NAME', 'some host']]
+    end
+  end
+
+
+  describe "#has_header?" do
+    it "should return true if request has specified header, false otherwise" do
+      request_params.merge! 'HTTP_HOST_NAME' => 'some host'
+
+      expect(subject.has_header? 'host-name').to be_truthy
+      expect(subject.has_header? 'no-such-header').to be_falsey
+    end
+  end
+
+
+  describe "#header" do
+    it "should return the value for the requested header" do
+      request_params.merge! 'HTTP_HOST' => 'some host'
+
+      expect(subject.header 'host').to eq 'some host'
+    end
+
+    it "should return nil if no such header exists" do
+      expect(subject.header 'host').to be_nil
+    end
+  end
+
+
+  describe "#method" do
+    it "should return the request method" do
+      request_params.merge! 'REQUEST_METHOD' => 'GET'
+
+      expect(subject.method).to eq 'GET'
+    end
+  end
+
+
+  describe "#body" do
+    it "should return the request body" do
+      request_params.merge! 'rack.input' => 'request body'
+
+      expect(subject.body).to eq 'request body'
+    end
+
+    it "should return empty string for no body" do
+      expect(subject.body).to eq ''
+    end
+  end
+
+
+  describe "#path" do
+    it "should return the request path" do
+      request_params.merge! 'REQUEST_PATH' => '/resources/id///'
+
+      expect(subject.path).to eq '/resources/id///'
+    end
+  end
+
+
+  describe "#query_values" do
+    it "should return the request query parameters as an array of key-value pairs" do
+      request_params.merge! 'QUERY_STRING' => 'search=query&param=value'
+
+      expect(subject.query_values).to eq [['search', 'query'], ['param', 'value']]
+    end
+
+    it "should return the query parameters regardless of fragments" do
+      request_params.merge! 'QUERY_STRING' => "@\#$%^&+=/,?><`\";:\\|][{}"
+
+      expect(subject.query_values).to eq [["@\#$%^"], ["+", "/,?><`\";:\\|][{}"]]
+    end
+
+    it "should return an empty array if the request has no query parameters" do
+      expect(subject.query_values).to eq []
+    end
+  end
+
+
+  describe "#set_header" do
+    it "should ignore calls" do
+      expect { subject.set_header 'test-header', 'test value' }.not_to raise_error
+    end
+  end
+
+end