faraday_middleware 0.9.1 → 0.9.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 281f479ebac151c76b6f622d3e2d919fcba90d3e
-  data.tar.gz: b536b23c23f5980b7d1645b5907a0bd8401369c3
+  metadata.gz: 64c9daf051fce97f6b839b78e9def268977e3db9
+  data.tar.gz: f0cb5693d722bdf1097671a2e6f4ecdf8cf91049
 SHA512:
-  metadata.gz: cb1e56ae090cdf939b3b9a74b366a7d6abb787486b019cbe8f9803295bfb600f78a276d47360af69e54138d601ea2d02c02e78fe7143e1b3a0bbb5158e709cff
-  data.tar.gz: ba124f9959f87f44128b8b7ab782360932d068077311a2ab15de90e37b784cb71350d1d2e47df0f660051e850ea6fbcd5917c741e36bbfdf50ab4295db02b255
+  metadata.gz: 00f5f605da468818380c4bf562e8d1cab6f20a5b6d175b7f10ed54a77eb12b1069ba167d3e4dd2e33225b2fba58044a7bcdf1176d7f79cd2b1c112ce9dad6fdb
+  data.tar.gz: ccae90f3b06312f241d28739ba818cbd4ab56f2e2886c84a6d38e6452999be54544d4e46d51b4128c1287544b6b1df5f57abbd2c2ead6ebb76c97e0668d1b9f9

data/CONTRIBUTING.md

@@ -35,7 +35,7 @@ Ideally, a bug report should include a pull request with failing specs.
 3. Add specs for your unimplemented feature or bug fix.
 4. Run `bundle exec rake spec`. If your specs pass, return to step 3.
 5. Implement your feature or bug fix.
-6. Run `bundle exec rake spec`. If your specs fail, return to step 5.
+6. Run `COVERAGE=true bundle exec rake spec`. If your specs fail, return to step 5.
 7. Run `open coverage/index.html`. If your changes are not completely covered
    by your tests, return to step 3.
 8. Add, commit, and push your changes.

data/faraday_middleware.gemspec

@@ -9,15 +9,12 @@ Gem::Specification.new do |spec|
   spec.authors = ["Erik Michaels-Ober", "Wynn Netherland"]
   spec.description = %q{Various middleware for Faraday}
   spec.email = ['sferik@gmail.com', 'wynn.netherland@gmail.com']
-  spec.files = %w(CHANGELOG.md CONTRIBUTING.md LICENSE.md README.md Rakefile faraday_middleware.gemspec)
-  spec.files += Dir.glob("lib/**/*.rb")
-  spec.files += Dir.glob("spec/**/*")
+  spec.files = %w(CHANGELOG.md CONTRIBUTING.md LICENSE.md README.md faraday_middleware.gemspec) + Dir['lib/**/*.rb']
   spec.homepage = 'https://github.com/lostisland/faraday_middleware'
   spec.licenses = ['MIT']
   spec.name = 'faraday_middleware'
   spec.require_paths = ['lib']
   spec.required_rubygems_version = '>= 1.3.5'
   spec.summary = spec.description
-  spec.test_files += Dir.glob("spec/**/*")
   spec.version = FaradayMiddleware::VERSION
 end

data/lib/faraday_middleware/instrumentation.rb

@@ -22,7 +22,7 @@ module FaradayMiddleware
     end
 
     def call(env)
-      ActiveSupport::Notifications.instrument(@name, env) do
+      ::ActiveSupport::Notifications.instrument(@name, env) do
         @app.call(env)
       end
     end

data/lib/faraday_middleware/rack_compatible.rb

@@ -58,7 +58,7 @@ module FaradayMiddleware
       headers.clear
 
       rack_env.each do |name, value|
-        next unless String === name
+        next unless String === name && String === value
         if NonPrefixedHeaders.include? name or name.index('HTTP_') == 0
           name = name.sub(/^HTTP_/, '').downcase.tr('_', '-')
           headers[name] = value

data/lib/faraday_middleware/response/follow_redirects.rb

@@ -43,6 +43,10 @@ module FaradayMiddleware
     # Default value for max redirects followed
     FOLLOW_LIMIT = 3
 
+    # Regex that matches characters that need to be escaped in URLs, sans
+    # the "%" character which we assume already represents an escaped sequence.
+    URI_UNSAFE = /[^\-_.!~*'()a-zA-Z\d;\/?:@&=+$,\[\]%]/
+
     # Public: Initialize the middleware.
     #
     # options - An options Hash (default: {}):
@@ -78,18 +82,18 @@ module FaradayMiddleware
       request_body = env[:body]
       response = @app.call(env)
 
-      response.on_complete do |env|
-        if follow_redirect?(env, response)
+      response.on_complete do |response_env|
+        if follow_redirect?(response_env, response)
           raise RedirectLimitReached, response if follows.zero?
-          env = update_env(env, request_body, response)
-          response = perform_with_redirection(env, follows - 1)
+          new_request_env = update_env(response_env, request_body, response)
+          response = perform_with_redirection(new_request_env, follows - 1)
         end
       end
       response
     end
 
     def update_env(env, request_body, response)
-      env[:url] += response['location']
+      env[:url] += safe_escape(response['location'])
       if @options[:cookies]
         cookies = keep_cookies(env)
         env[:request_headers][:cookies] = cookies unless cookies.nil?
@@ -138,5 +142,15 @@ module FaradayMiddleware
     def standards_compliant?
       @options.fetch(:standards_compliant, false)
     end
+
+    # Internal: escapes unsafe characters from an URL which might be a path
+    # component only or a fully qualified URI so that it can be joined onto an
+    # URI:HTTP using the `+` operator. Doesn't escape "%" characters so to not
+    # risk double-escaping.
+    def safe_escape(uri)
+      uri.to_s.gsub(URI_UNSAFE) { |match|
+        '%' + match.unpack('H2' * match.bytesize).join('%').upcase
+      }
+    end
   end
 end

data/lib/faraday_middleware/response/parse_yaml.rb

@@ -2,6 +2,23 @@ require 'faraday_middleware/response_middleware'
 
 module FaradayMiddleware
   # Public: Parse response bodies as YAML.
+  #
+  # Warning: this uses `YAML.load()` by default and as such is not safe against
+  # code injection or DoS attacks. If you're loading resources from an
+  # untrusted host or over HTTP, you should subclass this middleware and
+  # redefine it to use `safe_load()` if you're using a Psych version that
+  # supports it:
+  #
+  #     class SafeYaml < FaradayMiddleware::ParseYaml
+  #       define_parser do |body|
+  #         YAML.safe_load(body)
+  #       end
+  #     end
+  #
+  #     Faraday.new(..) do |config|
+  #       config.use SafeYaml
+  #       ...
+  #     end
   class ParseYaml < ResponseMiddleware
     dependency 'yaml'
 

data/lib/faraday_middleware/version.rb

@@ -1,3 +1,3 @@
 module FaradayMiddleware
-  VERSION = "0.9.1" unless defined?(FaradayMiddleware::VERSION)
+  VERSION = "0.9.2" unless defined?(FaradayMiddleware::VERSION)
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: faraday_middleware
 version: !ruby/object:Gem::Version
-  version: 0.9.1
+  version: 0.9.2
 platform: ruby
 authors:
 - Erik Michaels-Ober
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-04-19 00:00:00.000000000 Z
+date: 2015-07-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday
@@ -57,7 +57,6 @@ files:
 - CONTRIBUTING.md
 - LICENSE.md
 - README.md
-- Rakefile
 - faraday_middleware.gemspec
 - lib/faraday_middleware.rb
 - lib/faraday_middleware/addressable_patch.rb
@@ -80,21 +79,6 @@ files:
 - lib/faraday_middleware/response/rashify.rb
 - lib/faraday_middleware/response_middleware.rb
 - lib/faraday_middleware/version.rb
-- spec/caching_spec.rb
-- spec/chunked_spec.rb
-- spec/encode_json_spec.rb
-- spec/follow_redirects_spec.rb
-- spec/helper.rb
-- spec/mashify_spec.rb
-- spec/method_override_spec.rb
-- spec/oauth2_spec.rb
-- spec/oauth_spec.rb
-- spec/parse_dates_spec.rb
-- spec/parse_json_spec.rb
-- spec/parse_marshal_spec.rb
-- spec/parse_xml_spec.rb
-- spec/parse_yaml_spec.rb
-- spec/rashify_spec.rb
 homepage: https://github.com/lostisland/faraday_middleware
 licenses:
 - MIT
@@ -115,24 +99,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: 1.3.5
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.2.0
+rubygems_version: 2.2.2
 signing_key: 
 specification_version: 4
 summary: Various middleware for Faraday
-test_files:
-- spec/caching_spec.rb
-- spec/chunked_spec.rb
-- spec/encode_json_spec.rb
-- spec/follow_redirects_spec.rb
-- spec/helper.rb
-- spec/mashify_spec.rb
-- spec/method_override_spec.rb
-- spec/oauth2_spec.rb
-- spec/oauth_spec.rb
-- spec/parse_dates_spec.rb
-- spec/parse_json_spec.rb
-- spec/parse_marshal_spec.rb
-- spec/parse_xml_spec.rb
-- spec/parse_yaml_spec.rb
-- spec/rashify_spec.rb
-has_rdoc: 
+test_files: []

data/Rakefile

@@ -1,28 +0,0 @@
-ruby_19 = RUBY_VERSION > '1.9'
-ruby_mri = !defined?(RUBY_ENGINE) || 'ruby' == RUBY_ENGINE
-default_gemfile = ENV['BUNDLE_GEMFILE'] =~ /Gemfile$/
-
-if ruby_19 && ruby_mri && default_gemfile
-  task :default => [:enable_coverage, :spec, :quality]
-else
-  task :default => [:spec]
-end
-
-require 'bundler'
-Bundler::GemHelper.install_tasks
-
-require 'rspec/core/rake_task'
-RSpec::Core::RakeTask.new(:spec)
-
-task :enable_coverage do
-  ENV['COVERAGE'] = 'yes'
-end
-
-desc %(Check code quality metrics with Cane)
-task :quality do
-  sh 'cane',
-    '--abc-max=15',
-    '--style-measure=110',
-    '--gte=coverage/covered_percent,98.9',
-    '--max-violations=0'
-end

data/spec/caching_spec.rb

@@ -1,170 +0,0 @@
-require 'helper'
-require 'forwardable'
-require 'fileutils'
-require 'rack/cache'
-require 'faraday'
-require 'faraday_middleware/response/caching'
-require 'faraday_middleware/rack_compatible'
-
-describe FaradayMiddleware::Caching do
-  before do
-    @cache = TestCache.new
-    request_count = 0
-    response = lambda { |env|
-      [200, {'Content-Type' => 'text/plain'}, "request:#{request_count+=1}"]
-    }
-
-    @conn = Faraday.new do |b|
-      b.use CachingLint
-      b.use FaradayMiddleware::Caching, @cache, options
-      b.adapter :test do |stub|
-        stub.get('/', &response)
-        stub.get('/?foo=bar', &response)
-        stub.post('/', &response)
-        stub.get('/other', &response)
-      end
-    end
-  end
-
-  let(:options) { {} }
-
-  extend Forwardable
-  def_delegators :@conn, :get, :post
-
-  it 'caches get requests' do
-    expect(get('/').body).to eq('request:1')
-    expect(get('/').body).to eq('request:1')
-    expect(get('/other').body).to eq('request:2')
-    expect(get('/other').body).to eq('request:2')
-  end
-
-  it 'includes request params in the response' do
-    get('/') # make cache
-    response = get('/')
-    expect(response.env[:method]).to eq(:get)
-    expect(response.env[:url].request_uri).to eq('/')
-  end
-
-  it 'caches requests with query params' do
-    expect(get('/').body).to eq('request:1')
-    expect(get('/?foo=bar').body).to eq('request:2')
-    expect(get('/?foo=bar').body).to eq('request:2')
-    expect(get('/').body).to eq('request:1')
-  end
-
-  it 'does not cache post requests' do
-    expect(post('/').body).to eq('request:1')
-    expect(post('/').body).to eq('request:2')
-    expect(post('/').body).to eq('request:3')
-  end
-
-  context ":ignore_params" do
-    let(:options) { {:ignore_params => %w[ utm_source utm_term ]} }
-
-    it "strips ignored parameters from cache_key" do
-      expect(get('/').body).to eq('request:1')
-      expect(get('/?utm_source=a').body).to eq('request:1')
-      expect(get('/?utm_source=a&utm_term=b').body).to eq('request:1')
-      expect(get('/?utm_source=a&utm_term=b&foo=bar').body).to eq('request:2')
-      expect(get('/?foo=bar').body).to eq('request:2')
-    end
-  end
-
-  class TestCache < Hash
-    def read(key)
-      if cached = self[key]
-        Marshal.load(cached)
-      end
-    end
-
-    def write(key, data)
-      self[key] = Marshal.dump(data)
-    end
-
-    def fetch(key)
-      read(key) || yield.tap { |data| write(key, data) }
-    end
-  end
-
-  class CachingLint < Struct.new(:app)
-    def call(env)
-      app.call(env).on_complete do
-        raise "no headers" unless env[:response_headers].is_a? Hash
-        raise "no response" unless env[:response].is_a? Faraday::Response
-        # raise "env not identical" unless env[:response].env.object_id == env.object_id
-      end
-    end
-  end
-end
-
-# RackCompatible + Rack::Cache
-describe FaradayMiddleware::RackCompatible, 'caching' do
-  include FileUtils
-
-  CACHE_DIR = File.expand_path('../../tmp/cache', __FILE__)
-
-  before do
-    rm_r CACHE_DIR if File.exists? CACHE_DIR
-    # force reinitializing cache dirs
-    Rack::Cache::Storage.instance.clear
-
-    request_count = 0
-    response = lambda { |env|
-      [200, { 'Content-Type' => 'text/plain',
-              'Cache-Control' => 'public, max-age=900',
-            },
-            "request:#{request_count+=1}"]
-    }
-
-    @conn = Faraday.new do |b|
-      b.use RackErrorsComplainer
-
-      b.use FaradayMiddleware::RackCompatible, Rack::Cache::Context,
-        :metastore   => "file:#{CACHE_DIR}/rack/meta",
-        :entitystore => "file:#{CACHE_DIR}/rack/body",
-        :verbose     => true
-
-      b.adapter :test do |stub|
-        stub.get('/', &response)
-        stub.post('/', &response)
-      end
-    end
-  end
-
-  extend Forwardable
-  def_delegators :@conn, :get, :post
-
-  it 'caches get requests' do
-    response = get('/', :user_agent => 'test')
-    expect(response.body).to eq('request:1')
-    expect(response.env[:method]).to eq(:get)
-    expect(response.status).to eq(200)
-
-    response = get('/', :user_agent => 'test')
-    expect(response.body).to eq('request:1')
-    expect(response['content-type']).to eq('text/plain')
-    expect(response.env[:method]).to eq(:get)
-    expect(response.env[:request].respond_to?(:fetch)).to be_true
-    expect(response.status). to eq(200)
-
-    expect(post('/').body).to eq('request:2')
-  end
-
-  it 'does not cache post requests' do
-    expect(get('/').body).to eq('request:1')
-    expect(post('/').body).to eq('request:2')
-    expect(post('/').body).to eq('request:3')
-  end
-
-  # middleware to check whether "rack.errors" is free of error reports
-  class RackErrorsComplainer < Struct.new(:app)
-    def call(env)
-      response = app.call(env)
-      error_stream = env[:rack_errors]
-      if error_stream.respond_to?(:string) && error_stream.string.include?('error')
-        raise %(unexpected error in 'rack.errors': %p) % error_stream.string
-      end
-      response
-    end
-  end
-end

data/spec/chunked_spec.rb

@@ -1,78 +0,0 @@
-require 'helper'
-require 'faraday_middleware/response/chunked'
-
-describe FaradayMiddleware::Chunked, :type => :response do
-  context "no transfer-encoding" do
-    it "doesn't change nil body" do
-      expect(process(nil).body).to be_nil
-    end
-
-    it "doesn't change an empty body" do
-      expect(process('').body).to eq('')
-    end
-
-    it "doesn't change a normal body" do
-      expect(process('asdf').body).to eq('asdf')
-    end
-  end
-
-  context "transfer-encoding gzip" do
-    let(:headers) { {"transfer-encoding" => "gzip"}}
-
-    it "doesn't change nil body" do
-      expect(process(nil).body).to be_nil
-    end
-
-    it "doesn't change an empty body" do
-      expect(process('').body).to eq('')
-    end
-
-    it "doesn't change a normal body" do
-      expect(process('asdf').body).to eq('asdf')
-    end
-  end
-
-  context "transfer-encoding chunked" do
-    let(:headers) { {"transfer-encoding" => "chunked"}}
-
-    it "doesn't change nil body" do
-      expect(process(nil).body).to be_nil
-    end
-
-    it "doesn't change an empty body" do
-      expect(process('').body).to eq('')
-    end
-
-    it "parses a basic chunked body" do
-      expect(process("10\r\nasdfghjklasdfghj\r\n0\r\n").body).to eq('asdfghjklasdfghj')
-    end
-
-    it "parses a chunked body with no ending chunk" do
-      expect(process("10\r\nasdfghjklasdfghj\r\n").body).to eq('asdfghjklasdfghj')
-    end
-
-    it "parses a chunked body with no trailing CRLF on the data chunk" do
-      expect(process("10\r\nasdfghjklasdfghj0\r\n").body).to eq('asdfghjklasdfghj')
-    end
-
-    it "parses a chunked body with an extension" do
-      expect(process("10;foo=bar\r\nasdfghjklasdfghj\r\n0\r\n").body).to eq('asdfghjklasdfghj')
-    end
-
-    it "parses a chunked body with two extensions" do
-      expect(process("10;foo=bar;bar=baz\r\nasdfghjklasdfghj\r\n0\r\n").body).to eq('asdfghjklasdfghj')
-    end
-
-    it "parses a chunked body with two chunks" do
-      expect(process("8\r\nasdfghjk\r\n8\r\nlasdfghj\r\n0\r\n").body).to eq('asdfghjklasdfghj')
-    end
-  end
-
-  context "transfer-encoding chunked,chunked" do
-    let(:headers) { {"transfer-encoding" => "chunked,chunked"}}
-
-    it "parses a basic chunked body" do
-      expect(process("10\r\nasdfghjklasdfghj\r\n0\r\n").body).to eq('asdfghjklasdfghj')
-    end
-  end
-end