faraday_middleware 0.10.0 → 1.2.0

data/lib/faraday_middleware/response/caching.rb

@@ -1,12 +1,14 @@
+# frozen_string_literal: true
+
 require 'faraday'
 require 'forwardable'
-# fixes normalizing query strings:
-require 'faraday_middleware/addressable_patch' if defined? ::Addressable::URI
+require 'digest/sha1'
 
 module FaradayMiddleware
   # Public: Caches GET responses and pulls subsequent ones from the cache.
   class Caching < Faraday::Middleware
     attr_reader :cache
+
     # Internal: List of status codes that can be cached:
     # * 200 - 'OK'
     # * 203 - 'Non-Authoritative Information'
@@ -15,41 +17,49 @@ module FaradayMiddleware
     # * 302 - 'Found'
     # * 404 - 'Not Found'
     # * 410 - 'Gone'
-    CACHEABLE_STATUS_CODES = [200, 203, 300, 301, 302, 404, 410]
+    CACHEABLE_STATUS_CODES = [200, 203, 300, 301, 302, 404, 410].freeze
 
     extend Forwardable
     def_delegators :'Faraday::Utils', :parse_query, :build_query
 
     # Public: initialize the middleware.
     #
-    # cache   - An object that responds to read, write and fetch (default: nil).
+    # cache   - An object that responds to read and write (default: nil).
     # options - An options Hash (default: {}):
-    #           :ignore_params - String name or Array names of query params
-    #                            that should be ignored when forming the cache
-    #                            key (default: []).
+    #           :ignore_params - String name or Array names of query
+    #                                    params that should be ignored when forming
+    #                                    the cache key (default: []).
+    #           :write_options - Hash of settings that should be passed as the
+    #                                    third options parameter to the cache's #write
+    #                                    method. If not specified, no options parameter
+    #                                    will be passed.
+    #           :full_key      - Boolean - use full URL as cache key:
+    #                                    (url.host + url.request_uri)
+    #           :status_codes  - Array of http status code to be cache
+    #                                    (default: CACHEABLE_STATUS_CODE)
     #
     # Yields if no cache is given. The block should return a cache object.
     def initialize(app, cache = nil, options = {})
       super(app)
-      options, cache = cache, nil if cache.is_a? Hash and block_given?
+      if cache.is_a?(Hash) && block_given?
+        options = cache
+        cache = nil
+      end
       @cache = cache || yield
       @options = options
     end
 
     def call(env)
-      if :get == env[:method]
+      if env[:method] == :get
         if env[:parallel_manager]
           # callback mode
           cache_on_complete(env)
         else
           # synchronous mode
           key = cache_key(env)
-          unless response = cache.read(key) and response
+          unless (response = cache.read(key)) && response
             response = @app.call(env)
-
-            if CACHEABLE_STATUS_CODES.include?(response.status)
-              cache.write(key, response)
-            end
+            store_response_in_cache(key, response)
           end
           finalize_response(response, env)
         end
@@ -62,29 +72,53 @@ module FaradayMiddleware
       url = env[:url].dup
       if url.query && params_to_ignore.any?
         params = parse_query url.query
-        params.reject! {|k,| params_to_ignore.include? k }
+        params.reject! { |k,| params_to_ignore.include? k }
         url.query = params.any? ? build_query(params) : nil
       end
       url.normalize!
-      url.request_uri
+      digest = full_key? ? url.host + url.request_uri : url.request_uri
+      Digest::SHA1.hexdigest(digest)
     end
 
     def params_to_ignore
-      @params_to_ignore ||= Array(@options[:ignore_params]).map { |p| p.to_s }
+      @params_to_ignore ||= Array(@options[:ignore_params]).map(&:to_s)
+    end
+
+    def full_key?
+      @full_key ||= @options[:full_key]
+    end
+
+    def custom_status_codes
+      @custom_status_codes ||= begin
+        codes = CACHEABLE_STATUS_CODES & Array(@options[:status_codes]).map(&:to_i)
+        codes.any? ? codes : CACHEABLE_STATUS_CODES
+      end
     end
 
     def cache_on_complete(env)
       key = cache_key(env)
-      if cached_response = cache.read(key)
+      if (cached_response = cache.read(key))
         finalize_response(cached_response, env)
       else
-        response = @app.call(env)
-        if CACHEABLE_STATUS_CODES.include?(response.status)
-          response.on_complete { cache.write(key, response) }
+        # response.status is nil at this point
+        # any checks need to be done inside on_complete block
+        @app.call(env).on_complete do |response_env|
+          store_response_in_cache(key, response_env.response)
+          response_env
         end
       end
     end
 
+    def store_response_in_cache(key, response)
+      return unless custom_status_codes.include?(response.status)
+
+      if @options[:write_options]
+        cache.write(key, response, @options[:write_options])
+      else
+        cache.write(key, response)
+      end
+    end
+
     def finalize_response(response, env)
       response = response.dup if response.frozen?
       env[:response] = response

data/lib/faraday_middleware/response/chunked.rb

@@ -1,16 +1,19 @@
+# frozen_string_literal: true
+
 require 'faraday_middleware/response_middleware'
 
 module FaradayMiddleware
-  # Public: Parse a Transfer-Encoding: Chunked response to just the original data
+  # Public: Parse a Transfer-Encoding. Chunks response to just the original data
   class Chunked < FaradayMiddleware::ResponseMiddleware
-    TRANSFER_ENCODING = 'transfer-encoding'.freeze
+    TRANSFER_ENCODING = 'transfer-encoding'
 
     define_parser do |raw_body|
       decoded_body = []
       until raw_body.empty?
         chunk_len, raw_body = raw_body.split("\r\n", 2)
-        chunk_len = chunk_len.split(';',2).first.hex
-        break if chunk_len == 0
+        chunk_len = chunk_len.split(';', 2).first.hex
+        break if chunk_len.zero?
+
         decoded_body << raw_body[0, chunk_len]
         # The 2 is to strip the extra CRLF at the end of the chunk
         raw_body = raw_body[chunk_len + 2, raw_body.length - chunk_len - 2]
@@ -19,11 +22,12 @@ module FaradayMiddleware
     end
 
     def parse_response?(env)
-      super and chunked_encoding?(env[:response_headers])
+      super && chunked_encoding?(env[:response_headers])
     end
 
     def chunked_encoding?(headers)
-      encoding = headers[TRANSFER_ENCODING] and encoding.split(',').include?('chunked')
+      (encoding = headers[TRANSFER_ENCODING]) &&
+        encoding.split(',').include?('chunked')
     end
   end
 end

data/lib/faraday_middleware/response/follow_redirects.rb

@@ -1,18 +1,10 @@
+# frozen_string_literal: true
+
 require 'faraday'
 require 'set'
 
 module FaradayMiddleware
-  # Public: Exception thrown when the maximum amount of requests is exceeded.
-  class RedirectLimitReached < Faraday::Error::ClientError
-    attr_reader :response
-
-    def initialize(response)
-      super "too many redirects; last one to: #{response['location']}"
-      @response = response
-    end
-  end
-
-  # Public: Follow HTTP 301, 302, 303, and 307 redirects.
+  # Public: Follow HTTP 301, 302, 303, 307, and 308 redirects.
   #
   # For HTTP 301, 302, and 303, the original GET, POST, PUT, DELETE, or PATCH
   # request gets converted into a GET. With `:standards_compliant => true`,
@@ -32,26 +24,37 @@ module FaradayMiddleware
   #   end
   class FollowRedirects < Faraday::Middleware
     # HTTP methods for which 30x redirects can be followed
-    ALLOWED_METHODS = Set.new [:head, :options, :get, :post, :put, :patch, :delete]
+    ALLOWED_METHODS = Set.new %i[head options get post put patch delete]
     # HTTP redirect status codes that this middleware implements
-    REDIRECT_CODES  = Set.new [301, 302, 303, 307]
+    REDIRECT_CODES  = Set.new [301, 302, 303, 307, 308]
     # Keys in env hash which will get cleared between requests
-    ENV_TO_CLEAR    = Set.new [:status, :response, :response_headers]
+    ENV_TO_CLEAR    = Set.new %i[status response response_headers]
 
     # Default value for max redirects followed
     FOLLOW_LIMIT = 3
 
     # Regex that matches characters that need to be escaped in URLs, sans
     # the "%" character which we assume already represents an escaped sequence.
-    URI_UNSAFE = /[^\-_.!~*'()a-zA-Z\d;\/?:@&=+$,\[\]%]/
+    URI_UNSAFE = %r{[^\-_.!~*'()a-zA-Z\d;/?:@&=+$,\[\]%]}.freeze
+
+    AUTH_HEADER = 'Authorization'
 
     # Public: Initialize the middleware.
     #
     # options - An options Hash (default: {}):
-    #           :limit               - A Numeric redirect limit (default: 3)
-    #           :standards_compliant - A Boolean indicating whether to respect
+    #     :limit                      - A Numeric redirect limit (default: 3)
+    #     :standards_compliant        - A Boolean indicating whether to respect
     #                                  the HTTP spec when following 301/302
     #                                  (default: false)
+    #     :callback                   - A callable used on redirects
+    #                                  with the old and new envs
+    #     :cookies                    - An Array of Strings (e.g.
+    #                                  ['cookie1', 'cookie2']) to choose
+    #                                  cookies to be kept, or :all to keep
+    #                                  all cookies (default: []).
+    #     :clear_authorization_header - A Boolean indicating whether the request
+    #                                  Authorization header should be cleared on
+    #                                  redirects (default: true)
     def initialize(app, options = {})
       super(app)
       @options = options
@@ -67,7 +70,7 @@ module FaradayMiddleware
     private
 
     def convert_to_get?(response)
-      ![:head, :options].include?(response.env[:method]) &&
+      !%i[head options].include?(response.env[:method]) &&
         @convert_to_get.include?(response.status)
     end
 
@@ -78,7 +81,9 @@ module FaradayMiddleware
       response.on_complete do |response_env|
         if follow_redirect?(response_env, response)
           raise RedirectLimitReached, response if follows.zero?
-          new_request_env = update_env(response_env, request_body, response)
+
+          new_request_env = update_env(response_env.dup, request_body, response)
+          callback&.call(response_env, new_request_env)
           response = perform_with_redirection(new_request_env, follows - 1)
         end
       end
@@ -86,7 +91,11 @@ module FaradayMiddleware
     end
 
     def update_env(env, request_body, response)
-      env[:url] += safe_escape(response['location'])
+      redirect_from_url = env[:url].to_s
+      redirect_to_url = safe_escape(response['location'] || '')
+      env[:url] += redirect_to_url
+
+      ENV_TO_CLEAR.each { |key| env.delete key }
 
       if convert_to_get?(response)
         env[:method] = :get
@@ -95,14 +104,14 @@ module FaradayMiddleware
         env[:body] = request_body
       end
 
-      ENV_TO_CLEAR.each {|key| env.delete key }
+      clear_authorization_header(env, redirect_from_url, redirect_to_url)
 
       env
     end
 
     def follow_redirect?(env, response)
-      ALLOWED_METHODS.include? env[:method] and
-        REDIRECT_CODES.include? response.status
+      ALLOWED_METHODS.include?(env[:method]) &&
+        REDIRECT_CODES.include?(response.status)
     end
 
     def follow_limit
@@ -113,14 +122,36 @@ module FaradayMiddleware
       @options.fetch(:standards_compliant, false)
     end
 
+    def callback
+      @options[:callback]
+    end
+
     # Internal: escapes unsafe characters from an URL which might be a path
     # component only or a fully qualified URI so that it can be joined onto an
     # URI:HTTP using the `+` operator. Doesn't escape "%" characters so to not
     # risk double-escaping.
     def safe_escape(uri)
-      uri.to_s.gsub(URI_UNSAFE) { |match|
-        '%' + match.unpack('H2' * match.bytesize).join('%').upcase
-      }
+      uri = uri.split('#')[0] # we want to remove the fragment if present
+      uri.to_s.gsub(URI_UNSAFE) do |match|
+        "%#{match.unpack('H2' * match.bytesize).join('%').upcase}"
+      end
+    end
+
+    def clear_authorization_header(env, from_url, to_url)
+      return env if redirect_to_same_host?(from_url, to_url)
+      return env unless @options.fetch(:clear_authorization_header, true)
+
+      env[:request_headers].delete(AUTH_HEADER)
+    end
+
+    def redirect_to_same_host?(from_url, to_url)
+      return true if to_url.start_with?('/')
+
+      from_uri = URI.parse(from_url)
+      to_uri = URI.parse(to_url)
+
+      [from_uri.scheme, from_uri.host, from_uri.port] ==
+        [to_uri.scheme, to_uri.host, to_uri.port]
     end
   end
 end

data/lib/faraday_middleware/response/mashify.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'faraday'
 
 module FaradayMiddleware

data/lib/faraday_middleware/response/parse_dates.rb

@@ -1,10 +1,13 @@
-require "time"
-require "faraday"
+# frozen_string_literal: true
+
+require 'time'
+require 'faraday'
 
 module FaradayMiddleware
   # Parse dates from response body
   class ParseDates < ::Faraday::Response::Middleware
-    ISO_DATE_FORMAT = /\A\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}(\.\d+)?Z\Z/m
+    ISO_DATE_FORMAT = /\A\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}(\.\d+)?
+    (Z|((\+|-)\d{2}:?\d{2}))\Z/xm.freeze
 
     def initialize(app, options = {})
       @regexp = options[:match] || ISO_DATE_FORMAT

data/lib/faraday_middleware/response/parse_json.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'faraday_middleware/response_middleware'
 
 module FaradayMiddleware
@@ -7,8 +9,8 @@ module FaradayMiddleware
       require 'json' unless defined?(::JSON)
     end
 
-    define_parser do |body|
-      ::JSON.parse body unless body.strip.empty?
+    define_parser do |body, parser_options|
+      ::JSON.parse(body, parser_options || {}) unless body.strip.empty?
     end
 
     # Public: Override the content-type of the response with "application/json"
@@ -18,7 +20,7 @@ module FaradayMiddleware
     # This is to fix responses from certain API providers that insist on serving
     # JSON with wrong MIME-types such as "text/javascript".
     class MimeTypeFix < ResponseMiddleware
-      MIME_TYPE = 'application/json'.freeze
+      MIME_TYPE = 'application/json'
 
       def process_response(env)
         old_type = env[:response_headers][CONTENT_TYPE].to_s
@@ -27,19 +29,17 @@ module FaradayMiddleware
         env[:response_headers][CONTENT_TYPE] = new_type
       end
 
-      BRACKETS = %w- [ { -
-      WHITESPACE = [ " ", "\n", "\r", "\t" ]
+      BRACKETS = %w-[ {-.freeze
+      WHITESPACE = [' ', "\n", "\r", "\t"].freeze
 
       def parse_response?(env)
-        super and BRACKETS.include? first_char(env[:body])
+        super && BRACKETS.include?(first_char(env[:body]))
       end
 
       def first_char(body)
         idx = -1
-        begin
-          char = body[idx += 1]
-          char = char.chr if char
-        end while char and WHITESPACE.include? char
+        char = body[idx += 1]
+        char = body[idx += 1] while char && WHITESPACE.include?(char)
         char
       end
     end

data/lib/faraday_middleware/response/parse_marshal.rb

@@ -1,10 +1,12 @@
+# frozen_string_literal: true
+
 require 'faraday_middleware/response_middleware'
 
 module FaradayMiddleware
   # Public: Restore marshalled Ruby objects in response bodies.
   class ParseMarshal < ResponseMiddleware
     define_parser do |body|
-      ::Marshal.load body unless body.empty?
+      ::Marshal.load(body) unless body.empty?
     end
   end
 end

data/lib/faraday_middleware/response/parse_xml.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'faraday_middleware/response_middleware'
 
 module FaradayMiddleware
@@ -5,8 +7,8 @@ module FaradayMiddleware
   class ParseXml < ResponseMiddleware
     dependency 'multi_xml'
 
-    define_parser do |body|
-      ::MultiXml.parse(body)
+    define_parser do |body, parser_options|
+      ::MultiXml.parse(body, parser_options || {})
     end
   end
 end

data/lib/faraday_middleware/response/parse_yaml.rb

@@ -1,29 +1,36 @@
+# frozen_string_literal: true
+
 require 'faraday_middleware/response_middleware'
 
 module FaradayMiddleware
   # Public: Parse response bodies as YAML.
   #
-  # Warning: this uses `YAML.load()` by default and as such is not safe against
-  # code injection or DoS attacks. If you're loading resources from an
-  # untrusted host or over HTTP, you should subclass this middleware and
-  # redefine it to use `safe_load()` if you're using a Psych version that
-  # supports it:
+  # Warning: This is not backwards compatible with versions of this middleware
+  # prior to faraday_middleware v0.12 - prior to this version, we used
+  # YAML.load rather than YAMl.safe_load, which exposes serious remote code
+  # execution risks - see https://github.com/ruby/psych/issues/119 for details.
+  # If you're sure you can trust YAML you're passing, you can set up an unsafe
+  # version of this middleware like this:
+  #
+  #     class UnsafelyParseYaml < FaradayMiddleware::ResponseMiddleware
+  #       dependency do
+  #         require 'yaml'
+  #       end
   #
-  #     class SafeYaml < FaradayMiddleware::ParseYaml
   #       define_parser do |body|
-  #         YAML.safe_load(body)
+  #         YAML.load body
   #       end
   #     end
   #
   #     Faraday.new(..) do |config|
-  #       config.use SafeYaml
+  #       config.use UnsafelyParseYaml
   #       ...
   #     end
   class ParseYaml < ResponseMiddleware
-    dependency 'yaml'
+    dependency 'safe_yaml/load'
 
-    define_parser do |body|
-      ::YAML.load body
+    define_parser do |body, parser_options|
+      SafeYAML.load(body, nil, parser_options || {})
     end
   end
 end

data/lib/faraday_middleware/response/rashify.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'faraday_middleware/response/mashify'
 
 module FaradayMiddleware
@@ -6,7 +8,7 @@ module FaradayMiddleware
   class Rashify < Mashify
     dependency do
       require 'rash'
-      self.mash_class = ::Hashie::Rash
+      self.mash_class = ::Hashie::Mash::Rash
     end
   end
 end

data/lib/faraday_middleware/response_middleware.rb

@@ -1,42 +1,48 @@
+# frozen_string_literal: true
+
 require 'faraday'
 
+# Main FaradayMiddleware module.
 module FaradayMiddleware
   # Internal: The base class for middleware that parses responses.
   class ResponseMiddleware < Faraday::Middleware
-    CONTENT_TYPE = 'Content-Type'.freeze
+    CONTENT_TYPE = 'Content-Type'
 
     class << self
       attr_accessor :parser
     end
 
     # Store a Proc that receives the body and returns the parsed result.
-    def self.define_parser(parser = nil)
-      @parser = parser || Proc.new
+    def self.define_parser(parser = nil, &block)
+      @parser = parser ||
+                block  ||
+                raise(ArgumentError, 'Define parser with a block')
     end
 
     def self.inherited(subclass)
       super
-      subclass.load_error = self.load_error if subclass.respond_to? :load_error=
-      subclass.parser = self.parser
+      subclass.load_error = load_error if subclass.respond_to? :load_error=
+      subclass.parser = parser
     end
 
     def initialize(app = nil, options = {})
       super(app)
       @options = options
+      @parser_options = options[:parser_options]
       @content_types = Array(options[:content_type])
     end
 
     def call(environment)
       @app.call(environment).on_complete do |env|
-        if process_response_type?(response_type(env)) and parse_response?(env)
-          process_response(env)
-        end
+        process_response(env) if process_response_type?(response_type(env)) && parse_response?(env)
       end
     end
 
     def process_response(env)
       env[:raw_body] = env[:body] if preserve_raw?(env)
       env[:body] = parse(env[:body])
+    rescue Faraday::ParsingError => e
+      raise Faraday::ParsingError.new(e.wrapped_exception, env[:response])
     end
 
     # Parse the response body.
@@ -45,10 +51,12 @@ module FaradayMiddleware
     def parse(body)
       if self.class.parser
         begin
-          self.class.parser.call(body)
-        rescue StandardError, SyntaxError => err
-          raise err if err.is_a? SyntaxError and err.class.name != 'Psych::SyntaxError'
-          raise Faraday::Error::ParsingError, err
+          self.class.parser.call(body, @parser_options)
+        rescue StandardError, SyntaxError => e
+          raise e if e.is_a?(SyntaxError) &&
+                     e.class.name != 'Psych::SyntaxError'
+
+          raise Faraday::ParsingError, e
         end
       else
         body
@@ -62,9 +70,9 @@ module FaradayMiddleware
     end
 
     def process_response_type?(type)
-      @content_types.empty? or @content_types.any? { |pattern|
+      @content_types.empty? || @content_types.any? do |pattern|
         pattern.is_a?(Regexp) ? type =~ pattern : type == pattern
-      }
+      end
     end
 
     def parse_response?(env)
@@ -81,17 +89,18 @@ module FaradayMiddleware
     attr_accessor :preserve_raw
 
     def to_hash
-      super.update(:preserve_raw => preserve_raw)
+      super.update(preserve_raw: preserve_raw)
     end
 
     def each
       return to_enum(:each) unless block_given?
+
       super
       yield :preserve_raw, preserve_raw
     end
 
     def fetch(key, *args)
-      if :preserve_raw == key
+      if key == :preserve_raw
         value = __send__(key)
         value.nil? ? args.fetch(0) : value
       else
@@ -102,9 +111,9 @@ module FaradayMiddleware
 
   if defined?(Faraday::RequestOptions)
     begin
-      Faraday::RequestOptions.from(:preserve_raw => true)
+      Faraday::RequestOptions.from(preserve_raw: true)
     rescue NoMethodError
-      Faraday::RequestOptions.send(:include, OptionsExtension)
+      Faraday::RequestOptions.include OptionsExtension
     end
   end
 end

data/lib/faraday_middleware/version.rb

@@ -1,3 +1,6 @@
+# frozen_string_literal: true
+
+# Main FaradayMiddleware module.
 module FaradayMiddleware
-  VERSION = "0.10.0" unless defined?(FaradayMiddleware::VERSION)
+  VERSION = '1.2.0' unless defined?(FaradayMiddleware::VERSION)
 end