gibbon 3.4.0 → 3.4.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +11 -0
- data/LICENSE.txt +1 -1
- data/README.markdown +6 -4
- data/gibbon.gemspec +1 -1
- data/lib/gibbon/api_request.rb +7 -1
- data/lib/gibbon/gibbon_helpers.rb +6 -2
- data/lib/gibbon/request.rb +4 -0
- data/lib/gibbon/version.rb +1 -1
- data/spec/gibbon/gibbon_spec.rb +10 -1
- metadata +5 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a078fe9c806ec8909a1f808a6d6983de6f1d1414c361a9b54156b66f8a796bb3
|
|
4
|
+
data.tar.gz: d0ded539be8f09eae933da1d20cace7ee804529668add90f8c892e672c61c362
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9963ae0173d0189cfe674e1547313ad6570f3dc6f502198e77118e67f067bb842478b36dc46ed72bd675f692b42067f1bda0db59c47e43f8f215364818ac1d33
|
|
7
|
+
data.tar.gz: 6f855c6ad7a73d447ed9c3219ba6383cd624dfa33abf3effbb655207b888e4eb2006297413aabb62f481f0adfde56dc67c863c47eb287a599c9f907db5c29aa9
|
data/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,16 @@
|
|
|
1
1
|
## [Unreleased][unreleased]
|
|
2
2
|
|
|
3
|
+
## [3.4.4] - 2022-02-24
|
|
4
|
+
- Remove non-alpha characters when parsing datacenter from API keys to prevent potential attackers from injecting a domain via the API key. This would only be possible if one were using user-provided API keys (e.g. from a form, etc.).
|
|
5
|
+
|
|
6
|
+
## [3.4.3] - 2022-01-19
|
|
7
|
+
- Support for Faraday 2.0, which requires new syntax for basic auth
|
|
8
|
+
|
|
9
|
+
## [3.4.2] - 2021-09-21
|
|
10
|
+
- Fixing the deprecation warning in version 3.4.2 requires moving to a minimum version of Faraday 1.0.0 (more than 2 years old).
|
|
11
|
+
|
|
12
|
+
## [3.4.1] - 2021-09-12
|
|
13
|
+
- Fix deprecation warning for upcoming versions of Faraday (2.x.x)
|
|
3
14
|
|
|
4
15
|
## [3.4.0] - 2021-03-12
|
|
5
16
|
- Support for Faraday 1.x.x and higer
|
data/LICENSE.txt
CHANGED
data/README.markdown
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
Gibbon is an API wrapper for MailChimp's [API](http://kb.mailchimp.com/api/).
|
|
4
4
|
|
|
5
|
-
[](https://travis-ci.com/amro/gibbon)
|
|
5
|
+
[](https://app.travis-ci.com/github/amro/gibbon)
|
|
6
6
|
|
|
7
7
|
## Important Notes
|
|
8
8
|
|
|
@@ -38,7 +38,7 @@ gibbon.open_timeout = 30
|
|
|
38
38
|
You can read about `timeout` and `open_timeout` in the [Net::HTTP](https://ruby-doc.org/stdlib-2.3.3/libdoc/net/http/rdoc/Net/HTTP.html) doc.
|
|
39
39
|
|
|
40
40
|
Now you can make requests using the resources defined in [MailChimp's docs](http://kb.mailchimp.com/api/resources). Resource IDs
|
|
41
|
-
are specified inline and a `CRUD` (`create`, `retrieve
|
|
41
|
+
are specified inline and a `CRUD` (`create`, `retrieve` (or `get`), `update`, `upsert`, or `delete`) verb initiates the request. `upsert` lets you update a record, if it exists, or insert it otherwise where supported by MailChimp's API.
|
|
42
42
|
|
|
43
43
|
***Note*** `upsert` requires Gibbon version 2.1.0 or newer!
|
|
44
44
|
|
|
@@ -48,6 +48,8 @@ You can specify `headers`, `params`, and `body` when calling a `CRUD` method. Fo
|
|
|
48
48
|
gibbon.lists.retrieve(headers: {"SomeHeader": "SomeHeaderValue"}, params: {"query_param": "query_param_value"})
|
|
49
49
|
```
|
|
50
50
|
|
|
51
|
+
***Note*** `get` can be substituted for `retrieve` as of Gibbon version 3.4.1 or newer!
|
|
52
|
+
|
|
51
53
|
Of course, `body` is only supported on `create`, `update`, and `upsert` calls. Those map to HTTP `POST`, `PATCH`, and `PUT` verbs respectively.
|
|
52
54
|
|
|
53
55
|
You can set `api_key`, `timeout`, `open_timeout`, `faraday_adapter`, `proxy`, `symbolize_keys`, `logger`, and `debug` globally:
|
|
@@ -506,5 +508,5 @@ Thanks to everyone who has [contributed](https://github.com/amro/gibbon/contribu
|
|
|
506
508
|
|
|
507
509
|
## Copyright
|
|
508
510
|
|
|
509
|
-
* Copyright (c) 2010-
|
|
510
|
-
* MailChimp (c) 2001-
|
|
511
|
+
* Copyright (c) 2010-2022 Amro Mousa. See LICENSE.txt for details.
|
|
512
|
+
* MailChimp (c) 2001-2022 The Rocket Science Group.
|
data/gibbon.gemspec
CHANGED
|
@@ -19,7 +19,7 @@ Gem::Specification.new do |s|
|
|
|
19
19
|
s.require_paths = ["lib"]
|
|
20
20
|
s.required_ruby_version = '>= 2.4.0'
|
|
21
21
|
|
|
22
|
-
s.add_dependency('faraday', '>=
|
|
22
|
+
s.add_dependency('faraday', '>= 1.0')
|
|
23
23
|
s.add_dependency('multi_json', '>= 1.11.0')
|
|
24
24
|
|
|
25
25
|
s.add_development_dependency 'rake'
|
data/lib/gibbon/api_request.rb
CHANGED
|
@@ -152,8 +152,14 @@ module Gibbon
|
|
|
152
152
|
if @request_builder.debug
|
|
153
153
|
faraday.response :logger, @request_builder.logger, bodies: true
|
|
154
154
|
end
|
|
155
|
+
|
|
156
|
+
if Faraday::VERSION.to_i >= 2
|
|
157
|
+
faraday.request :authorization, :basic, 'apikey', self.api_key
|
|
158
|
+
else
|
|
159
|
+
faraday.request :basic_auth, 'apikey', self.api_key
|
|
160
|
+
end
|
|
155
161
|
end
|
|
156
|
-
|
|
162
|
+
|
|
157
163
|
client
|
|
158
164
|
end
|
|
159
165
|
|
|
@@ -5,8 +5,12 @@ module Gibbon
|
|
|
5
5
|
data_center = ""
|
|
6
6
|
|
|
7
7
|
if api_key && api_key["-"]
|
|
8
|
-
#
|
|
9
|
-
|
|
8
|
+
# Remove all non-alphanumberic characters in case someone attempts to inject
|
|
9
|
+
# a different domain into the API key (e.g. when consuming user form-provided keys)
|
|
10
|
+
# This approach avoids assuming a 3 letter prefix (e.g. is MC were to create
|
|
11
|
+
# a us10 DC, this would continue to work), and will continue to hit MC's server
|
|
12
|
+
# rather than a would-be attacker's servers.
|
|
13
|
+
data_center = "#{api_key.split('-').last.gsub(/[^0-9a-z ]/i, '')}."
|
|
10
14
|
end
|
|
11
15
|
|
|
12
16
|
data_center
|
data/lib/gibbon/request.rb
CHANGED
data/lib/gibbon/version.rb
CHANGED
data/spec/gibbon/gibbon_spec.rb
CHANGED
|
@@ -14,6 +14,7 @@ describe Gibbon do
|
|
|
14
14
|
@gibbon = Gibbon::Request.new
|
|
15
15
|
expect(@gibbon.api_key).to be_nil
|
|
16
16
|
end
|
|
17
|
+
|
|
17
18
|
it "sets an API key in the constructor" do
|
|
18
19
|
@gibbon = Gibbon::Request.new(api_key: @api_key)
|
|
19
20
|
expect(@gibbon.api_key).to eq(@api_key)
|
|
@@ -162,6 +163,14 @@ describe Gibbon do
|
|
|
162
163
|
@request = Gibbon::APIRequest.new(builder: @gibbon)
|
|
163
164
|
expect {@request.validate_api_key}.not_to raise_error
|
|
164
165
|
end
|
|
166
|
+
|
|
167
|
+
it "removes non-alpha characters from datacenter prefix" do
|
|
168
|
+
@api_key = "123-attacker.net/test/?"
|
|
169
|
+
@gibbon.api_key = @api_key
|
|
170
|
+
@gibbon.try
|
|
171
|
+
@request = Gibbon::APIRequest.new(builder: @gibbon)
|
|
172
|
+
expect(@request.api_url).to eq("https://attackernettest.api.mailchimp.com/3.0/try")
|
|
173
|
+
end
|
|
165
174
|
end
|
|
166
175
|
|
|
167
176
|
describe "class variables" do
|
|
@@ -213,7 +222,7 @@ describe Gibbon do
|
|
|
213
222
|
it "set debug on new instances" do
|
|
214
223
|
expect(Gibbon::Request.new.debug).to eq(Gibbon::Request.debug)
|
|
215
224
|
end
|
|
216
|
-
|
|
225
|
+
|
|
217
226
|
it "set faraday_adapter on new instances" do
|
|
218
227
|
expect(Gibbon::Request.new.faraday_adapter).to eq(Gibbon::Request.faraday_adapter)
|
|
219
228
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: gibbon
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.4.
|
|
4
|
+
version: 3.4.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Amro Mousa
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2022-02-24 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: faraday
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - ">="
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version:
|
|
19
|
+
version: '1.0'
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - ">="
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version:
|
|
26
|
+
version: '1.0'
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: multi_json
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -131,7 +131,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
131
131
|
- !ruby/object:Gem::Version
|
|
132
132
|
version: '0'
|
|
133
133
|
requirements: []
|
|
134
|
-
rubygems_version: 3.2.
|
|
134
|
+
rubygems_version: 3.2.27
|
|
135
135
|
signing_key:
|
|
136
136
|
specification_version: 4
|
|
137
137
|
summary: A wrapper for MailChimp API 3.0 and Export API
|