escher 0.3.2 → 0.3.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: d00625f53cdd3b7ad66a39b9cabcea43acb62c0e
-  data.tar.gz: f7598ab91680f31be25a6e2e37f92f2cfc30a2eb
+  metadata.gz: bf5ca3954d669d4c1305dd98027a8b5d4fe37c49
+  data.tar.gz: 4a16a2338e1a81efade3a7bd9e01ac5bc888c453
 SHA512:
-  metadata.gz: 7ee2cac687e5f94ed8caac6da7218c420f195416084a03ba8753c589df441cd7e24116e3ac089609f78314b3201c98b2ce0a57f397a33582caf2f43b8f1d8a63
-  data.tar.gz: 0b506771ab44ad8bfc8f871cd61137a1b89e64028e492f27ca8d4275da80f35a5a2702c124dd88080ab131b7c2948199c6fdec9ac7b3d6825fefda7235efd108
+  metadata.gz: 7f121d4fc3afed7141855fc060e8a6f04af57f783d823b15a43f61bbad4dbcefc671514938b103d01e2fbbd605853aeb0cdb47a7d78762c2c86b5edf2820f133
+  data.tar.gz: 102ca5ed92167b8cfa9ddb9fca6d1cd54e5a6d32006a46e2965185cf575e91ff449012fa7e86be7578600687734adcfc9e6bc210d5ce81b25a409133d0b72c07

data/.travis.yml

@@ -1,4 +1,5 @@
 language: ruby
 rvm:
   - 1.9.3
-  - 2.1.2
+  - 2.1.2
+  - 2.2.1

data/LICENSE

@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright (c) 2014 Emarsys Technologies Kft.
+Copyright (c) 2014-2015 Emarsys Technologies Kft.
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

data/README.md

@@ -5,4 +5,4 @@ Escher helps you creating secure HTTP requests (for APIs) by signing HTTP(s) req
 
 The algorithm is based on [Amazon's _AWS Signature Version 4_](http://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html), but we have generalized and extended it.
 
-More details will be available at our [documentation site](https://documentation.emarsys.com/).
+More details will be available at our [documentation site](http://escherauth.io/).

data/escher.gemspec

@@ -21,6 +21,8 @@ Gem::Specification.new do |spec|
   spec.required_ruby_version = '>= 1.9'
 
   spec.add_development_dependency "bundler", "~> 1.6"
+  spec.add_development_dependency "rails"
+
   spec.add_development_dependency "rake", "~> 10"
   spec.add_development_dependency "rspec", "~> 2"
 

data/lib/escher/auth.rb

@@ -176,12 +176,12 @@ module Escher
       canonicalized_request = canonicalize(method, path, query_parts, body, headers, signed_headers.uniq)
       string_to_sign = get_string_to_sign(canonicalized_request)
 
-      signing_key = Digest::HMAC.digest(short_date(@current_time), @algo_prefix + api_secret, @algo)
+      signing_key = OpenSSL::HMAC.digest(@algo, @algo_prefix + api_secret, short_date(@current_time))
       @credential_scope.split('/').each { |data|
-        signing_key = Digest::HMAC.digest(data, signing_key, @algo)
+        signing_key = OpenSSL::HMAC.digest(@algo, signing_key, data)
       }
 
-      Digest::HMAC.hexdigest(string_to_sign, signing_key, @algo)
+      OpenSSL::HMAC.hexdigest(@algo, signing_key, string_to_sign)
     end
 
 
@@ -236,9 +236,9 @@ module Escher
     def create_algo
       case @hash_algo
         when 'SHA256'
-          @algo = Digest::SHA2.new(256)
+          @algo = OpenSSL::Digest::SHA256.new
         when 'SHA512'
-          @algo = Digest::SHA2.new(512)
+          @algo = OpenSSL::Digest::SHA521.new
         else
           raise EscherError, 'Unidentified hash algorithm'
       end

data/lib/escher/request/action_dispatch_request.rb

@@ -0,0 +1,42 @@
+module Escher
+  module Request
+    class ActionDispatchRequest < Base
+
+      def headers
+        request.env.
+          select { |header_name, _| header_name.start_with? "HTTP_" }.
+          map { |header_name, value| [header_name[5..-1].tr('_', '-'), value] }
+      end
+
+
+
+      def method
+        request.request_method
+      end
+
+
+
+      def body
+        request.body or ''
+      end
+
+
+
+      def path
+        request.env['REQUEST_PATH']
+      end
+
+
+
+      def query_values
+        Addressable::URI.new(:query => request.env['QUERY_STRING']).query_values(Array) or []
+      end
+
+
+
+      def set_header(header_name, value)
+      end
+
+    end
+  end
+end

data/lib/escher/request/base.rb

@@ -24,6 +24,39 @@ module Escher
         header[1]
       end
 
+
+
+      def method
+        raise("Implementation missing for #{__method__}")
+      end
+
+
+
+      def body
+        raise("Implementation missing for #{__method__}")
+      end
+
+
+
+      def headers
+        raise('Implementation missing, should return array of array with [key,value] pairs')
+      end
+
+
+
+      def path
+        raise("Implementation missing for #{__method__}")
+      end
+
+
+
+      def query_values
+        raise("Implementation missing for #{__method__}")
+      end
+
+
+
+
     end
   end
 end

data/lib/escher/request/factory.rb

@@ -1,8 +1,8 @@
-require_relative 'base'
-
-require_relative 'hash_request'
-require_relative 'legacy_request'
-require_relative 'rack_request'
+require 'escher/request/base'
+require 'escher/request/hash_request'
+require 'escher/request/rack_request'
+require 'escher/request/legacy_request'
+require 'escher/request/action_dispatch_request'
 
 module Escher
   module Request
@@ -10,12 +10,19 @@ module Escher
 
       def self.from_request(request)
         case request
+
+          when defined?(ActionDispatch::Request) && ActionDispatch::Request
+            ActionDispatchRequest.new(request)
+
+          when defined?(Rack::Request) && Rack::Request
+            RackRequest.new(request)
+
           when Hash
-            HashRequest.new request
-          when lambda { |request| request.class.ancestors.map(&:to_s).include? "Rack::Request" }
-            RackRequest.new request
+            HashRequest.new(request)
+
           else
-            Escher::Request::LegacyRequest.new request
+            Escher::Request::LegacyRequest.new(request)
+
         end
       end
 

data/lib/escher/request/rack_request.rb

@@ -1,42 +1,62 @@
-module Escher
-  module Request
-    class RackRequest < Base
+class Escher::Request::RackRequest < Escher::Request::Base
 
-      def headers
-        request.env.
-          select { |header_name, _| header_name.start_with? "HTTP_" }.
-          map { |header_name, value| [header_name[5..-1].tr('_', '-'), value] }
-      end
+  def initialize(request_env)
+    super(request_env)
+    @rack_request = request_env
+  end
 
+  def env
+    @rack_request.env
+  end
 
+  def rack_request
+    @rack_request
+  end
 
-      def method
-        request.request_method
-      end
+  def uri
+    @rack_request.env['REQUEST_URI']
+  end
 
+  def path
+    @rack_request.env['REQUEST_PATH']
+  end
 
+  def host
+    @rack_request.env['HTTP_HOST']
+  end
 
-      def body
-        request.body or ''
-      end
+  def headers
+    @headers ||= @rack_request.env.select { |k, v| k =~ /^HTTP_/i }.map { |k, v| [k.sub(/^HTTP_/i, '').gsub('_', '-'), v] }
+  end
 
+  def method
+    @rack_request.request_method rescue @rack_request.env['REQUEST_METHOD']
+  end
 
+  def payload
+    @payload ||= fetch_payload
+  end
 
-      def path
-        request.env['REQUEST_PATH']
-      end
+  alias body payload
 
+  def query_values
+    Addressable::URI.new(:query => request.env['QUERY_STRING']).query_values(Array) or []
+  end
 
+  def set_header(header_name, value)
+  end
 
-      def query_values
-        Addressable::URI.new(:query => request.env['QUERY_STRING']).query_values(Array) or []
-      end
+  protected
 
+  def fetch_payload
+    rack_input = @rack_request.body
 
+    return rack_input.to_s if rack_input.nil? || rack_input.is_a?(String)
 
-      def set_header(header_name, value)
-      end
+    payload = rack_input.read
+    @rack_request.body.rewind
+    payload
 
-    end
   end
-end
+
+end

data/lib/escher/version.rb

@@ -1,3 +1,3 @@
 module Escher
-  VERSION = '0.3.2'
+  VERSION = '0.3.3'
 end

data/lib/escher.rb

@@ -1,6 +1,6 @@
 require 'addressable/uri'
 require 'time'
-require 'digest'
+require 'openssl'
 
 require 'escher/version'
 require 'escher/request/factory'

data/spec/escher/request/action_dispatch_request_spec.rb

@@ -0,0 +1,114 @@
+require 'spec_helper'
+
+require 'action_dispatch'
+
+describe Escher::Request::ActionDispatchRequest do
+
+  let(:request_params) { {"PATH_INFO" => "/", } }
+  let(:request) { ActionDispatch::Request.new(request_params) }
+
+  subject { described_class.new request }
+
+  describe "#request" do
+    it "should return the underlying request object" do
+      expect(subject.request).to eq request
+    end
+  end
+
+
+  describe "#headers" do
+    it "should return only the HTTP request headers" do
+      request_params.merge! 'HTTP_HOST' => 'some host',
+                            'SOME_HEADER' => 'some header'
+
+      expect(subject.headers).to eq [['HOST', 'some host']]
+    end
+
+    it "should replace underscores with dashes in the header name" do
+      request_params.merge! 'HTTP_HOST_NAME' => 'some host'
+
+      expect(subject.headers).to eq [['HOST-NAME', 'some host']]
+    end
+  end
+
+
+  describe "#has_header?" do
+    it "should return true if request has specified header, false otherwise" do
+      request_params.merge! 'HTTP_HOST_NAME' => 'some host'
+
+      expect(subject.has_header? 'host-name').to be_truthy
+      expect(subject.has_header? 'no-such-header').to be_falsey
+    end
+  end
+
+
+  describe "#header" do
+    it "should return the value for the requested header" do
+      request_params.merge! 'HTTP_HOST' => 'some host'
+
+      expect(subject.header 'host').to eq 'some host'
+    end
+
+    it "should return nil if no such header exists" do
+      expect(subject.header 'host').to be_nil
+    end
+  end
+
+
+  describe "#method" do
+    it "should return the request method" do
+      request_params.merge! 'REQUEST_METHOD' => 'GET'
+
+      expect(subject.method).to eq 'GET'
+    end
+  end
+
+
+  describe "#body" do
+    it "should return the request body" do
+      request_params.merge! 'rack.input' => 'request body'
+
+      expect(subject.body).to eq 'request body'
+    end
+
+    it "should return empty string for no body" do
+      expect(subject.body).to eq ''
+    end
+  end
+
+
+  describe "#path" do
+    it "should return the request path" do
+      request_params.merge! 'REQUEST_PATH' => '/resources/id///'
+
+      expect(subject.path).to eq '/resources/id///'
+    end
+  end
+
+
+  describe "#query_values" do
+    it "should return the request query parameters as an array of key-value pairs" do
+      request_params.merge! 'QUERY_STRING' => 'search=query&param=value'
+
+      expect(subject.query_values).to eq [['search', 'query'], ['param', 'value']]
+    end
+
+    it "should return the query parameters regardless of fragments" do
+      request_params.merge! 'QUERY_STRING' => "@\#$%^&+=/,?><`\";:\\|][{}"
+
+      expect(subject.query_values).to eq [["@\#$%^"], ["+", "/,?><`\";:\\|][{}"]]
+    end
+
+    it "should return an empty array if the request has no query parameters" do
+      expect(subject.query_values).to eq []
+    end
+  end
+
+
+  describe "#set_header" do
+    it "should ignore calls" do
+      expect { subject.set_header 'test-header', 'test value' }.not_to raise_error
+    end
+  end
+
+end

data/spec/escher/request/factory_spec.rb

@@ -1,12 +1,20 @@
 require 'spec_helper'
+
+require 'rack'
 require 'rack/request'
+require 'action_dispatch'
 
 describe Escher::Request::Factory do
 
   describe ".from_request" do
-    {{uri: "request uri"} => Escher::Request::HashRequest,
-     Struct.new(:uri) => Escher::Request::LegacyRequest,
-     Rack::Request.new({}) => Escher::Request::RackRequest}.each do |request, expected_class|
+    {
+
+        {uri: "request uri"} => Escher::Request::HashRequest,
+        Struct.new(:uri) => Escher::Request::LegacyRequest,
+        Rack::Request.new({}) => Escher::Request::RackRequest,
+        ActionDispatch::Request.new({}) => Escher::Request::ActionDispatchRequest
+
+    }.each do |request, expected_class|
 
       it "should return a #{expected_class.name} when the request to be wrapped is a #{request.class.name}" do
         expect(expected_class).to receive(:new).with(request).and_return "#{expected_class.name} wrapping request"

data/spec/escher/request/rack_request_spec.rb

@@ -1,4 +1,6 @@
 require 'spec_helper'
+
+require 'rack'
 require 'rack/request'
 
 describe Escher::Request::RackRequest do

data/spec/spec_helper.rb

@@ -1 +1,3 @@
-require 'escher'
+lib = File.expand_path('../../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'escher'

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: escher
 version: !ruby/object:Gem::Version
-  version: 0.3.2
+  version: 0.3.3
 platform: ruby
 authors:
 - Andras Barthazi
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-02-10 00:00:00.000000000 Z
+date: 2015-04-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -24,6 +24,20 @@ dependencies:
     - - ~>
       - !ruby/object:Gem::Version
         version: '1.6'
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -97,6 +111,7 @@ files:
 - escher.gemspec
 - lib/escher.rb
 - lib/escher/auth.rb
+- lib/escher/request/action_dispatch_request.rb
 - lib/escher/request/base.rb
 - lib/escher/request/factory.rb
 - lib/escher/request/hash_request.rb
@@ -280,6 +295,7 @@ files:
 - spec/emarsys_testsuite/post-header-value-spaces.sreq
 - spec/emarsys_testsuite/post-header-value-spaces.sts
 - spec/escher/auth_spec.rb
+- spec/escher/request/action_dispatch_request_spec.rb
 - spec/escher/request/factory_spec.rb
 - spec/escher/request/hash_request_spec.rb
 - spec/escher/request/rack_request_spec.rb
@@ -486,6 +502,7 @@ test_files:
 - spec/emarsys_testsuite/post-header-value-spaces.sreq
 - spec/emarsys_testsuite/post-header-value-spaces.sts
 - spec/escher/auth_spec.rb
+- spec/escher/request/action_dispatch_request_spec.rb
 - spec/escher/request/factory_spec.rb
 - spec/escher/request/hash_request_spec.rb
 - spec/escher/request/rack_request_spec.rb