RubyGems - gibbon - Versions diffs - 3.4.0 → 3.5.0 - Mend

gibbon 3.4.0 → 3.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6078387c488e567cb48e2c113c1201d412de3989ce740e04149bf77f37aaad97
-  data.tar.gz: 7adbe131b1b495bb3e8296edd7682b50db0fd5e886eae80668d45e442662b46e
+  metadata.gz: 61103c56f7d3ff60ca48fab8a2ca7c71949c1c01c784abd7ddb062dbd74d4560
+  data.tar.gz: 93f18505844eb71b72d189622547c61c0bda3c416bdb2a2caa4ec0358899e52b
 SHA512:
-  metadata.gz: ad43e961eba03d11441173b136e6b75315ab0a46ac54714caf85ea68d50a44fda5fb1e70f596fd61f3337a8759a7d3da878467e1be890927816ec290038ffeb8
-  data.tar.gz: cc37182cfaf77bd044d01a812ef3ba5d7d5a5c3475aaceb1b4c84b915fa9772b8b33317dff78b0ac2878925a53885e1bcbc5cc41d978e04d1d05f9c5c047fb40
+  metadata.gz: 7e4203bc006c80cc20c5fff0217673543faa842a28b57eb3620a373a63409c0e1b5f503335d44ff05d8ba8d124db1f5b984dcf5f98632aaa8ee077d525d0a413
+  data.tar.gz: ecc7c39379e218a5a10d92c4597fdb9e5f28c90c8297ef5a19d04189044a0b86a0f84120151369ecca4c989c3d88bb359fcc651de9527497cba368b608225d9d

data/.github/FUNDING.yml ADDED Viewed

@@ -0,0 +1,3 @@
+# These are supported funding model platforms
+github: [amro]

data/.travis.yml CHANGED Viewed

@@ -9,4 +9,5 @@ rvm:
   - 2.6.5
   - 2.7
   - 3.0.0
+  - 3.1
+  - 3.2

data/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,17 @@
-## [Unreleased][unreleased]
+## [3.5.0, unreleased] - 2022-06-05
+- Remove support for retired Export API
+## [3.4.4] - 2022-02-24
+- Remove non-alpha characters when parsing datacenter from API keys to prevent potential attackers from injecting a domain via the API key. This would only be possible if one were using user-provided API keys (e.g. from a form, etc.).
+## [3.4.3] - 2022-01-19
+- Support for Faraday 2.0, which requires new syntax for basic auth
+## [3.4.2] - 2021-09-21
+- Fixing the deprecation warning in version 3.4.2 requires moving to a minimum version of Faraday 1.0.0 (more than 2 years old).
+## [3.4.1] - 2021-09-12
+- Fix deprecation warning for upcoming versions of Faraday (2.x.x)
 ## [3.4.0] - 2021-03-12
 - Support for Faraday 1.x.x and higer

data/LICENSE.txt CHANGED Viewed

@@ -1,4 +1,4 @@
-Copyright (c) 2010-2020 Amro Mousa
+Copyright (c) 2010-2022 Amro Mousa
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

data/README.markdown CHANGED Viewed

@@ -2,7 +2,7 @@
 Gibbon is an API wrapper for MailChimp's [API](http://kb.mailchimp.com/api/).
-[![Build Status](https://travis-ci.com/amro/gibbon.svg?branch=master)](https://travis-ci.com/amro/gibbon)
+[![Build Status](https://travis-ci.com/amro/gibbon.svg?branch=master)](https://app.travis-ci.com/github/amro/gibbon)
 ## Important Notes
@@ -38,7 +38,7 @@ gibbon.open_timeout = 30
 You can read about `timeout` and `open_timeout` in the [Net::HTTP](https://ruby-doc.org/stdlib-2.3.3/libdoc/net/http/rdoc/Net/HTTP.html) doc.
 Now you can make requests using the resources defined in [MailChimp's docs](http://kb.mailchimp.com/api/resources). Resource IDs
-are specified inline and a `CRUD` (`create`, `retrieve`, `update`, `upsert`, or `delete`) verb initiates the request. `upsert` lets you update a record, if it exists, or insert it otherwise where supported by MailChimp's API.
+are specified inline and a `CRUD` (`create`, `retrieve` (or `get`), `update`, `upsert`, or `delete`) verb initiates the request. `upsert` lets you update a record, if it exists, or insert it otherwise where supported by MailChimp's API.
 ***Note*** `upsert` requires Gibbon version 2.1.0 or newer!
@@ -48,6 +48,8 @@ You can specify `headers`, `params`, and `body` when calling a `CRUD` method. Fo
 gibbon.lists.retrieve(headers: {"SomeHeader": "SomeHeaderValue"}, params: {"query_param": "query_param_value"})
 ```
+***Note*** `get` can be substituted for `retrieve` as of Gibbon version 3.4.1 or newer!
 Of course, `body` is only supported on `create`, `update`, and `upsert` calls. Those map to HTTP `POST`, `PATCH`, and `PUT` verbs respectively.
 You can set `api_key`, `timeout`, `open_timeout`, `faraday_adapter`, `proxy`, `symbolize_keys`, `logger`, and `debug` globally:
@@ -178,6 +180,12 @@ Get a specific member's information (open/click rates etc.) from MailChimp:
 gibbon.lists(list_id).members(lower_case_md5_hashed_email_address).retrieve
 ```
+Permanently delete a specific member from a list:
+```ruby
+gibbon.lists(list_id).members(lower_case_md5_hashed_email_address).actions.delete_permanent.create
+```
 ### Tags
 [Tags](https://mailchimp.com/help/getting-started-tags/) are a flexible way to organize (slice and dice) your list: for example, you can send a campaign directly to one or more tags.
@@ -472,33 +480,6 @@ Gibbon 2.x+:
 ```ruby
 gibbon.lists(list_id).members.create(body: {email_address: "foo@bar.com", status: "subscribed", merge_fields: {FNAME: "Bob", LNAME: "Smith"}})
 ```
-## Export API 1.0
-Gibbon 3.0.0+ supports MailChimp's [Export API 1.0](https://apidocs.mailchimp.com/export/1.0/). You can choose to handle the API response all at
-once or line by line by passing a block. To access the Export API with Gibbon, you must first create an instance of `Gibbon::Export`:
-```ruby
-export = Gibbon::Export.new(api_key: "your_api_key")
-```
-Next, call the method corresponding to the API endpoint you'd like to query:
-```ruby
-export.list(id: list_id)
-```
-This fetches and returns all of the results at once. Pass a block if you'd like to handle the response as individual lines:
-```ruby
-export = Gibbon::Export.new(api_key: "your_api_key", timeout: 1200)
-export.list(id: list_id) do |row|
-  puts row
-end
-```
-This is useful when handling large sets of data. Setting the `timeout` here is optional, but a high value is recommended given the nature of the Export API. The default timeout is 600 seconds.
-Gibbon supports all current Export API endpoints: `/list`, `/ecommOrders`, and `/campaignSubscriberActivity`. They're mapped onto Ruby methods with similar names: `list()`, `ecomm_orders()`, and `campaign_subscriber_activity()` respectively. Please see [MailChimp's API documentation](https://developer.mailchimp.com/documentation/mailchimp/guides/how-to-use-the-export-api/) for supported parameters.
 ## Thanks
@@ -506,5 +487,5 @@ Thanks to everyone who has [contributed](https://github.com/amro/gibbon/contribu
 ## Copyright
-* Copyright (c) 2010-2020 Amro Mousa. See LICENSE.txt for details.
-* MailChimp (c) 2001-2020 The Rocket Science Group.
+* Copyright (c) 2010-2022 Amro Mousa. See LICENSE.txt for details.
+* MailChimp (c) 2001-2022 The Rocket Science Group.

data/gibbon.gemspec CHANGED Viewed

@@ -9,8 +9,8 @@ Gem::Specification.new do |s|
   s.email       = ["amromousa@gmail.com"]
   s.homepage    = "http://github.com/amro/gibbon"
-  s.summary     = %q{A wrapper for MailChimp API 3.0 and Export API}
-  s.description = %q{A wrapper for MailChimp API 3.0 and Export API}
+  s.summary     = %q{A wrapper for MailChimp API 3.0}
+  s.description = %q{A wrapper for MailChimp API 3.0}
   s.license     = "MIT"
   s.files         = `git ls-files`.split("\n")
@@ -19,7 +19,7 @@ Gem::Specification.new do |s|
   s.require_paths = ["lib"]
   s.required_ruby_version = '>= 2.4.0'
-  s.add_dependency('faraday', '>= 0.16.0')
+  s.add_dependency('faraday', '>= 1.0')
   s.add_dependency('multi_json', '>= 1.11.0')
   s.add_development_dependency 'rake'

data/lib/gibbon/api_request.rb CHANGED Viewed

@@ -152,8 +152,14 @@ module Gibbon
         if @request_builder.debug
           faraday.response :logger, @request_builder.logger, bodies: true
         end
+        if Faraday::VERSION.to_i >= 2
+          faraday.request :authorization, :basic, 'apikey', self.api_key
+        else
+          faraday.request :basic_auth, 'apikey', self.api_key
+        end
       end
-      client.basic_auth('apikey', self.api_key)
       client
     end

data/lib/gibbon/gibbon_helpers.rb CHANGED Viewed

@@ -5,8 +5,12 @@ module Gibbon
       data_center = ""
       if api_key && api_key["-"]
-        # Add a period since the data_center is a subdomain and it keeps things dry
-        data_center = "#{api_key.split('-').last}."
+        # Remove all non-alphanumberic characters in case someone attempts to inject
+        # a different domain into the API key (e.g. when consuming user form-provided keys)
+        # This approach avoids assuming a 3 letter prefix (e.g. is MC were to create
+        # a us10 DC, this would continue to work), and will continue to hit MC's server
+        # rather than a would-be attacker's servers.
+        data_center = "#{api_key.split('-').last.gsub(/[^0-9a-z ]/i, '')}."
       end
       data_center

data/lib/gibbon/request.rb CHANGED Viewed

@@ -61,6 +61,10 @@ module Gibbon
       reset
     end
+    def get(params: nil, headers: nil)
+      retrieve(params: params, headers: headers)
+    end
     def retrieve(params: nil, headers: nil)
       APIRequest.new(builder: self).get(params: params, headers: headers)
     ensure

data/lib/gibbon/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module Gibbon
-  VERSION = "3.4.0"
+  VERSION = "3.5.0"
 end

data/lib/gibbon.rb CHANGED Viewed

@@ -9,7 +9,6 @@ require 'gibbon/mailchimp_error'
 require 'gibbon/request'
 require 'gibbon/api_request'
 require 'gibbon/response'
-require 'gibbon/export'
 module Gibbon
 end

data/spec/gibbon/gibbon_spec.rb CHANGED Viewed

@@ -14,6 +14,7 @@ describe Gibbon do
       @gibbon = Gibbon::Request.new
       expect(@gibbon.api_key).to be_nil
     end
     it "sets an API key in the constructor" do
       @gibbon = Gibbon::Request.new(api_key: @api_key)
       expect(@gibbon.api_key).to eq(@api_key)
@@ -162,6 +163,14 @@ describe Gibbon do
       @request = Gibbon::APIRequest.new(builder: @gibbon)
       expect {@request.validate_api_key}.not_to raise_error
     end
+    it "removes non-alpha characters from datacenter prefix" do
+      @api_key = "123-attacker.net/test/?"
+      @gibbon.api_key = @api_key
+      @gibbon.try
+      @request = Gibbon::APIRequest.new(builder: @gibbon)
+      expect(@request.api_url).to eq("https://attackernettest.api.mailchimp.com/3.0/try")
+    end
   end
   describe "class variables" do
@@ -213,7 +222,7 @@ describe Gibbon do
     it "set debug on new instances" do
       expect(Gibbon::Request.new.debug).to eq(Gibbon::Request.debug)
     end
     it "set faraday_adapter on new instances" do
       expect(Gibbon::Request.new.faraday_adapter).to eq(Gibbon::Request.faraday_adapter)
     end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: gibbon
 version: !ruby/object:Gem::Version
-  version: 3.4.0
+  version: 3.5.0
 platform: ruby
 authors:
 - Amro Mousa
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-03-12 00:00:00.000000000 Z
+date: 2023-06-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.16.0
+        version: '1.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.16.0
+        version: '1.0'
 - !ruby/object:Gem::Dependency
   name: multi_json
   requirement: !ruby/object:Gem::Requirement
@@ -80,7 +80,7 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '3.8'
-description: A wrapper for MailChimp API 3.0 and Export API
+description: A wrapper for MailChimp API 3.0
 email:
 - amromousa@gmail.com
 executables: []
@@ -88,6 +88,7 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".document"
+- ".github/FUNDING.yml"
 - ".gitignore"
 - ".travis.yml"
 - CHANGELOG.md
@@ -99,7 +100,6 @@ files:
 - gibbon.gemspec
 - lib/gibbon.rb
 - lib/gibbon/api_request.rb
-- lib/gibbon/export.rb
 - lib/gibbon/gibbon_error.rb
 - lib/gibbon/gibbon_helpers.rb
 - lib/gibbon/mailchimp_error.rb
@@ -107,7 +107,6 @@ files:
 - lib/gibbon/response.rb
 - lib/gibbon/version.rb
 - spec/gibbon/api_request_spec.rb
-- spec/gibbon/export_spec.rb
 - spec/gibbon/gibbon_spec.rb
 - spec/gibbon/mailchimp_error_spec.rb
 - spec/gibbon/upsert_spec.rb
@@ -131,13 +130,12 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.14
+rubygems_version: 3.2.27
 signing_key:
 specification_version: 4
-summary: A wrapper for MailChimp API 3.0 and Export API
+summary: A wrapper for MailChimp API 3.0
 test_files:
 - spec/gibbon/api_request_spec.rb
-- spec/gibbon/export_spec.rb
 - spec/gibbon/gibbon_spec.rb
 - spec/gibbon/mailchimp_error_spec.rb
 - spec/gibbon/upsert_spec.rb

data/lib/gibbon/export.rb DELETED Viewed

@@ -1,93 +0,0 @@
-require 'net/https'
-module Gibbon
-  class Export
-    include Helpers
-    attr_accessor :api_key, :timeout
-    def initialize(api_key: nil, timeout: nil)
-      @api_key = api_key || self.class.api_key || ENV['MAILCHIMP_API_KEY']
-      @timeout = timeout || self.class.timeout || 600
-    end
-    def list(params = {}, &block)
-      call("list", params, &block)
-    end
-    def ecomm_orders(params = {}, &block)
-      call("ecommOrders", params, &block)
-    end
-    def campaign_subscriber_activity(params = {}, &block)
-      call("campaignSubscriberActivity", params, &block)
-    end
-    protected
-    def export_api_url
-      "https://#{get_data_center_from_api_key(@api_key)}api.mailchimp.com/export/1.0/"
-    end
-    def call(method, params = {}, &block)
-      rows = []
-      api_url = export_api_url + method + "/"
-      params = params.merge({ apikey: @api_key })
-      block = Proc.new { |row| rows << row } unless block_given?
-      ensure_api_key(params)
-      url = URI.parse(api_url)
-      req = Net::HTTP::Post.new(url.path, initheader = {'Content-Type' => 'application/json'})
-      req.body = MultiJson.dump(params)
-      Net::HTTP.start(url.host, url.port, read_timeout: @timeout, use_ssl: true, ssl_version: :TLSv1_2) do |http|
-        # http://stackoverflow.com/questions/29598196/ruby-net-http-read-body-nethttpokread-body-called-twice-ioerror
-        http.request req do |response|
-          i = -1
-          last = ''
-          response.read_body do |chunk|
-            next if chunk.nil? or chunk.strip.empty?
-            infix = "\n" if last[-1, 1]==']'
-            lines, last = try_parse_line("#{last}#{infix}#{chunk}")
-            lines.each { |line| block.call(line, i += 1) }
-          end
-          block.call(parse_line(last), i += 1) unless last.nil? or last.empty?
-        end
-      end
-      rows unless block_given?
-    end
-    def try_parse_line(res)
-      lines = res.split("\n")
-      last = lines.pop || ''
-      lines.map! { |line| parse_line(line) }
-      [lines.compact, last]
-    rescue MultiJson::ParseError
-      [[], last]
-    end
-    def parse_line(line)
-      parsed_response = MultiJson.load(line)
-    rescue MultiJson::ParseError
-      return []
-    end
-    private
-    def ensure_api_key(params)
-      unless params[:apikey] && (get_data_center_from_api_key(params[:apikey]) != "")
-        raise Gibbon::GibbonError, "You must set an api_key prior to making a call"
-      end
-    end
-    class << self
-      attr_accessor :api_key, :timeout
-      def method_missing(sym, *args, &block)
-        new(api_key: self.api_key, timeout: self.timeout).send(sym, *args, &block)
-      end
-    end
-  end
-end

data/spec/gibbon/export_spec.rb DELETED Viewed

@@ -1,39 +0,0 @@
-require 'spec_helper'
-require 'webmock/rspec'
-describe Gibbon::Export do
-  before do
-    Gibbon::Export.send(:public, *Gibbon::Export.protected_instance_methods)
-    @export = Gibbon::Export.new
-  end
-  it "doesn't allow empty api key" do
-    expect {@export.list(id: "123456")}.to raise_error(Gibbon::GibbonError)
-  end
-  it "doesn't allow api key without data center" do
-    @api_key = "123"
-    @export.api_key = @api_key
-    expect {@export.list(id: "123456")}.to raise_error(Gibbon::GibbonError)
-  end
-  it "sets an API key from the 'MAILCHIMP_API_KEY' ENV variable" do
-    ENV['MAILCHIMP_API_KEY'] = 'TESTKEY-us1'
-    @export = Gibbon::Export.new
-    expect(@export.api_key).to eq('TESTKEY-us1')
-    ENV.delete('MAILCHIMP_API_KEY')
-  end
-  it "sets correct endpoint from api key" do
-    @api_key = "TESTKEY-us1"
-    @export.api_key = @api_key
-    expect(@export.export_api_url).to eq("https://us1.api.mailchimp.com/export/1.0/")
-  end
-  it "sets correct timeout" do
-    @api_key = "TESTKEY-us1"
-    @export.api_key = @api_key
-    @export.timeout = 9
-    expect(@export.timeout).to eq(9)
-  end
-end