haveapi 0.26.5 → 0.27.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4c9848a4bb22d9242a42df08d018a4c504e242609e999c7225154b9dd36c559a
-  data.tar.gz: be4a7ba2e9a17314f1d778650d9ff1a0c4dab3151526345e6bce55593c1eb997
+  metadata.gz: 8307e5e40983cf927641fd3d4052058406209093520a83d89121883f64a9ba0e
+  data.tar.gz: b2d80c7621b7f8870e89dff0ae78c3f4f2d5587ddc9151733d795df0c279fbb7
 SHA512:
-  metadata.gz: 4cac3416fb41675be762aec72ec252b48d31ff34e76f05f603d8871973c901ffc57d003dd99b552065621044f8730918cb908f31a591eeb8bfb8b852cd426307
-  data.tar.gz: be0b3d8070d91c76cd870beae17cb046c8d9137c23c20eb75747849729974ab7c0d3a9a8180b50a6d8cbeacddd06c9df197d0734f33afa1696575b93ee2184ec
+  metadata.gz: b93b9411fb84cf5e67763e9384746da97f32903126e802ca2a47f545f68c9d37f66c54c280e78bc7b25e9abad19ca99e3a6d9ed68a985daa8c053119d459ed6d
+  data.tar.gz: 06fff468dc3e939c838689fbd515ae280cf590c9a05d1c36dc81ba7c2723ab344acadee67ece39fb782ff10c75baf7be906fa2e786e5f7cf9a9ae47fe110d9f1

data/.rspec

@@ -0,0 +1 @@
+--require spec_helper

data/Gemfile

@@ -5,10 +5,14 @@ gem 'haveapi-client', path: '../../clients/ruby'
 
 group :test do
   gem 'rack-test'
+  gem 'rackup'
   gem 'rspec'
-end
+  gem 'rubocop', require: false
+  gem 'rubocop-rspec', require: false
+  gem 'webrick'
 
-group :activerecord do
-  gem 'activerecord', '>= 6.0'
+  # ActiveRecord adapter specs (always run)
+  gem 'activerecord', '>= 8.0'
   gem 'sinatra-activerecord'
+  gem 'sqlite3'
 end

data/haveapi.gemspec

@@ -15,7 +15,7 @@ Gem::Specification.new do |s|
   s.required_ruby_version = ">= #{File.read('../../.ruby-version').strip}"
 
   s.add_dependency 'activesupport', '>= 7.1'
-  s.add_dependency 'haveapi-client', '~> 0.26.5'
+  s.add_dependency 'haveapi-client', '~> 0.27.0'
   s.add_dependency 'json'
   s.add_dependency 'mail'
   s.add_dependency 'nesty', '~> 1.0'

data/lib/haveapi/action.rb

@@ -372,7 +372,7 @@ module HaveAPI
         if tmp.empty?
           p e.message
           puts e.backtrace
-          error!('Server error occurred')
+          error!('Server error occurred', {}, http_status: 500)
         end
 
         unless tmp[:status]

data/lib/haveapi/authentication/base.rb

@@ -1,5 +1,7 @@
 module HaveAPI
   module Authentication
+    class TokenConflict < StandardError; end
+
     # Base class for authentication providers.
     class Base
       # Get or set auth method name

data/lib/haveapi/authentication/oauth2/provider.rb

@@ -117,7 +117,7 @@ module HaveAPI::Authentication
           request.params['access_token'],
           token_from_authorization_header(request),
           token_from_haveapi_header(request)
-        ].compact
+        ].select { |value| token_present?(value) }
 
         token =
           case tokens.length
@@ -126,7 +126,8 @@ module HaveAPI::Authentication
           when 1
             tokens.first
           else
-            raise 'Too many oauth2 tokens'
+            raise HaveAPI::Authentication::TokenConflict,
+                  'Multiple OAuth2 tokens provided'
           end
 
         token && config.find_user_by_access_token(request, token)
@@ -310,6 +311,13 @@ module HaveAPI::Authentication
       def header_to_env(header)
         "HTTP_#{header.upcase.gsub('-', '_')}"
       end
+
+      def token_present?(value)
+        return false if value.nil?
+        return false if value.respond_to?(:empty?) && value.empty?
+
+        true
+      end
     end
   end
 end

data/lib/haveapi/authentication/token/provider.rb

@@ -159,7 +159,24 @@ module HaveAPI::Authentication
       # @param request [Sinatra::Request]
       # @return [String]
       def token(request)
-        request.params[config.class.query_parameter] || request.env[header_to_env]
+        param = config.class.query_parameter
+        query_token = [
+          request.params[param],
+          request.params[param.to_s]
+        ].find { |value| token_present?(value) }
+        header_token = request.env[header_to_env]
+
+        tokens = [query_token, header_token].select { |value| token_present?(value) }
+
+        case tokens.length
+        when 0
+          nil
+        when 1
+          tokens.first
+        else
+          raise HaveAPI::Authentication::TokenConflict,
+                'Multiple authentication tokens provided'
+        end
       end
 
       def describe
@@ -176,6 +193,13 @@ module HaveAPI::Authentication
         "HTTP_#{config.class.http_header.upcase.gsub('-', '_')}"
       end
 
+      def token_present?(value)
+        return false if value.nil?
+        return false if value.respond_to?(:empty?) && value.empty?
+
+        true
+      end
+
       def token_resource
         provider = self
 

data/lib/haveapi/model_adapters/active_record.rb

@@ -142,12 +142,69 @@ module HaveAPI::ModelAdapters
 
     class Input < ::HaveAPI::ModelAdapter::Input
       def self.clean(model, raw, extra)
-        return if (raw.is_a?(String) && raw.empty?) || (!raw.is_a?(String) && !raw)
+        return nil if raw.nil?
+
+        original = raw
+
+        if raw.is_a?(String)
+          stripped = raw.strip
+          raise HaveAPI::ValidationError, "not a valid id #{original.inspect}" if stripped.empty?
+
+          raw = stripped
+
+        elsif [true, false].include?(raw)
+          raise HaveAPI::ValidationError, "not a valid id #{original.inspect}"
+        end
+
+        value = if integer_pk?(model)
+                  id = coerce_integer_id(raw, original)
+                  raise HaveAPI::ValidationError, "not a valid id #{original.inspect}" if id < 0
+
+                  id
+                else
+                  raw
+                end
 
         if extra[:fetch]
-          model.instance_exec(raw, &extra[:fetch])
+          model.instance_exec(value, &extra[:fetch])
+        else
+          model.find(value)
+        end
+      rescue ::ActiveRecord::RecordNotFound
+        raise HaveAPI::ValidationError, 'resource not found'
+      rescue ArgumentError, TypeError
+        raise HaveAPI::ValidationError, "not a valid id #{original.inspect}"
+      end
+
+      def self.integer_pk?(model)
+        pk = model.primary_key
+        return false unless pk.is_a?(String)
+        return false unless model.respond_to?(:type_for_attribute)
+
+        pk_type = model.type_for_attribute(pk).type
+        %i[integer bigint].include?(pk_type)
+      end
+
+      def self.coerce_integer_id(raw, original)
+        case raw
+        when Integer
+          raw
+        when Float
+          unless raw.finite? && (raw % 1) == 0
+            raise HaveAPI::ValidationError, "not a valid id #{original.inspect}"
+          end
+
+          raw.to_i
+        when String
+          s = raw.strip
+
+          if s.empty? || !s.match?(/\A[+-]?\d+\z/)
+            raise HaveAPI::ValidationError, "not a valid id #{original.inspect}"
+          end
+
+          Integer(s, 10)
         else
-          model.find(raw)
+          raise HaveAPI::ValidationError, "not a valid id #{original.inspect}"
         end
       end
     end
@@ -397,7 +454,7 @@ module HaveAPI::ModelAdapters
         opts[:min] = v.options[:greater_than_or_equal_to] if v.options[:greater_than_or_equal_to]
 
         if v.options[:equal_to]
-          validator(accept: v.options[:equal_to])
+          validator(:accept, v.options[:equal_to])
           next
         end
 

data/lib/haveapi/parameters/typed.rb

@@ -33,7 +33,7 @@ module HaveAPI::Parameters
     end
 
     def optional?
-      !@required
+      !required?
     end
 
     def fill?
@@ -82,20 +82,19 @@ module HaveAPI::Parameters
         nil
 
       elsif @type == Integer
-        raw.to_i
+        coerce_integer(raw)
 
       elsif @type == Float
-        raw.to_f
+        coerce_float(raw)
 
       elsif @type == Boolean
-        Boolean.to_b(raw)
+        coerce_boolean(raw)
 
       elsif @type == ::Datetime
-        begin
-          DateTime.iso8601(raw).to_time
-        rescue ArgumentError
-          raise HaveAPI::ValidationError, "not in ISO 8601 format '#{raw}'"
-        end
+        coerce_datetime(raw)
+
+      elsif @type == String || @type == Text
+        coerce_string(raw)
 
       else
         raw
@@ -122,12 +121,97 @@ module HaveAPI::Parameters
       elsif @type == Float
         v.to_f
 
-      elsif @type == String
+      elsif @type == String || @type == Text
         v.to_s
 
       else
         v
       end
     end
+
+    private
+
+    def coerce_integer(raw)
+      case raw
+      when Integer
+        raw
+      when Float
+        unless raw.finite? && (raw % 1) == 0
+          raise HaveAPI::ValidationError, "not a valid integer #{raw.inspect}"
+        end
+
+        raw.to_i
+      when String
+        s = raw.strip
+
+        if s.empty? || !s.match?(/\A[+-]?\d+\z/)
+          raise HaveAPI::ValidationError, "not a valid integer #{raw.inspect}"
+        end
+
+        Integer(s, 10)
+      else
+        raise HaveAPI::ValidationError, "not a valid integer #{raw.inspect}"
+      end
+    end
+
+    def coerce_float(raw)
+      if raw.is_a?(Numeric)
+        f = raw.to_f
+
+      elsif raw.is_a?(String)
+        s = raw.strip
+        raise HaveAPI::ValidationError, "not a valid float #{raw.inspect}" if s.empty?
+
+        begin
+          f = Float(s)
+        rescue ArgumentError
+          raise HaveAPI::ValidationError, "not a valid float #{raw.inspect}"
+        end
+
+      else
+        raise HaveAPI::ValidationError, "not a valid float #{raw.inspect}"
+      end
+
+      raise HaveAPI::ValidationError, "not a valid float #{raw.inspect}" unless f.finite?
+
+      f
+    end
+
+    def coerce_boolean(raw)
+      return true if raw == true
+      return false if raw == false
+
+      if raw.is_a?(Integer)
+        return false if raw == 0
+        return true if raw == 1
+
+      elsif raw.is_a?(String)
+        s = raw.strip
+        raise HaveAPI::ValidationError, "not a valid boolean #{raw.inspect}" if s.empty?
+
+        return true if %w[true t yes y 1].include?(s.downcase)
+        return false if %w[false f no n 0].include?(s.downcase)
+      end
+
+      raise HaveAPI::ValidationError, "not a valid boolean #{raw.inspect}"
+    end
+
+    def coerce_datetime(raw)
+      if raw.is_a?(String) && raw.strip.empty?
+        raise HaveAPI::ValidationError, "not in ISO 8601 format '#{raw}'"
+      end
+
+      DateTime.iso8601(raw).to_time
+    rescue ArgumentError
+      raise HaveAPI::ValidationError, "not in ISO 8601 format '#{raw}'"
+    end
+
+    def coerce_string(raw)
+      if raw.is_a?(Array) || raw.is_a?(Hash)
+        raise HaveAPI::ValidationError, "not a valid string #{raw.inspect}"
+      end
+
+      raw.to_s
+    end
   end
 end

data/lib/haveapi/params.rb

@@ -64,7 +64,12 @@ module HaveAPI
       return @cache[:namespace] = @namespace unless @namespace.nil?
 
       n = @action.resource.resource_name.underscore
-      n = n.pluralize if %i[object_list hash_list].include?(layout)
+      n = if %i[object_list hash_list].include?(layout)
+            n.pluralize
+          else
+            n.singularize
+          end
+
       @cache[:namespace] = n.to_sym
     end
 

data/lib/haveapi/resource.rb

@@ -116,7 +116,7 @@ module HaveAPI
       cls
     end
 
-    def self.define_action(name, superclass: Action, &)
+    def self.define_action(name, superclass: HaveAPI::Action, &)
       return false if const_defined?(name)
 
       cls = Class.new(superclass)

data/lib/haveapi/server.rb

@@ -65,7 +65,16 @@ module HaveAPI
       def authenticated?(v)
         return @current_user if @current_user
 
-        @current_user = settings.api_server.send(:do_authenticate, v, request)
+        begin
+          @current_user = settings.api_server.send(:do_authenticate, v, request)
+        rescue HaveAPI::Authentication::TokenConflict => e
+          unless @formatter
+            @formatter = OutputFormatter.new
+            @formatter.supports?([])
+          end
+
+          report_error(400, {}, e.message)
+        end
         settings.api_server.call_hooks_for(:post_authenticated, args: [@current_user])
         @current_user
       end

data/lib/haveapi/spec/api_builder.rb

@@ -14,7 +14,7 @@ module HaveAPI::Spec
     def api(mod = nil, &block)
       unless mod
         mod = Module.new do
-          def self.define_resource(name, superclass: Resource, &block)
+          def self.define_resource(name, superclass: HaveAPI::Resource, &block)
             return false if const_defined?(name)
 
             cls = Class.new(superclass)
@@ -39,7 +39,7 @@ module HaveAPI::Spec
 
     # Select API versions to be used.
     def use_version(v)
-      before(:each) do
+      before do
         self.class.opt(:versions, v)
       end
     end
@@ -49,6 +49,11 @@ module HaveAPI::Spec
       opt(:default_version, v)
     end
 
+    # Set action state backend to mount HaveAPI::Resources::ActionState
+    def action_state(backend)
+      opt(:action_state, backend)
+    end
+
     # Set a custom mount path.
     def mount_to(path)
       opt(:mount, path)
@@ -56,7 +61,7 @@ module HaveAPI::Spec
 
     # Login using HTTP basic.
     def login(*credentials)
-      before(:each) do
+      before do
         basic_authorize(*credentials)
       end
     end

data/lib/haveapi/spec/spec_methods.rb

@@ -13,6 +13,8 @@ module HaveAPI::Spec
       @api.auth_chain << auth if auth
       @api.use_version(get_opt(:versions) || :all)
       @api.default_version = default if default
+      as = get_opt(:action_state)
+      @api.action_state = as if as
       @api.mount(get_opt(:mount) || '/')
       @api.app
     end
@@ -39,20 +41,28 @@ module HaveAPI::Spec
           r_name, a_name
         )
 
-        method(action.http_method).call(
-          path,
-          params && params.to_json,
-          { 'content-type' => 'application/json' }
-        )
+        json_body = params && params.to_json
+        env = { 'CONTENT_TYPE' => 'application/json' }
+
+        if %i[get head options].include?(action.http_method.to_sym)
+          method(action.http_method).call(path, params, env)
+        else
+          env[:input] = json_body if json_body
+          method(action.http_method).call(path, nil, env)
+        end
 
       else
         http_method, path, params = args
 
-        method(http_method).call(
-          path,
-          params && params.to_json,
-          { 'content-type' => 'application/json' }
-        )
+        json_body = params && params.to_json
+        env = { 'CONTENT_TYPE' => 'application/json' }
+
+        if %i[get head options].include?(http_method.to_sym)
+          method(http_method).call(path, params, env)
+        else
+          env[:input] = json_body if json_body
+          method(http_method).call(path, nil, env)
+        end
       end
     end
 

data/lib/haveapi/version.rb

@@ -1,4 +1,4 @@
 module HaveAPI
   PROTOCOL_VERSION = '2.0'.freeze
-  VERSION = '0.26.5'.freeze
+  VERSION = '0.27.0'.freeze
 end