http 3.1.0 → 5.3.1

data/spec/lib/http/features/raise_error_spec.rb

@@ -0,0 +1,62 @@
+# frozen_string_literal: true
+
+RSpec.describe HTTP::Features::RaiseError do
+  subject(:feature) { described_class.new(ignore: ignore) }
+
+  let(:connection) { double }
+  let(:status) { 200 }
+  let(:ignore) { [] }
+
+  describe "#wrap_response" do
+    subject(:result) { feature.wrap_response(response) }
+
+    let(:response) do
+      HTTP::Response.new(
+        version:    "1.1",
+        status:     status,
+        headers:    {},
+        connection: connection,
+        request:    HTTP::Request.new(verb: :get, uri: "https://example.com")
+      )
+    end
+
+    context "when status is 200" do
+      it "returns original request" do
+        expect(result).to be response
+      end
+    end
+
+    context "when status is 399" do
+      let(:status) { 399 }
+
+      it "returns original request" do
+        expect(result).to be response
+      end
+    end
+
+    context "when status is 400" do
+      let(:status) { 400 }
+
+      it "raises" do
+        expect { result }.to raise_error(HTTP::StatusError, "Unexpected status code 400")
+      end
+    end
+
+    context "when status is 599" do
+      let(:status) { 599 }
+
+      it "raises" do
+        expect { result }.to raise_error(HTTP::StatusError, "Unexpected status code 599")
+      end
+    end
+
+    context "when error status is ignored" do
+      let(:status) { 500 }
+      let(:ignore) { [500] }
+
+      it "returns original request" do
+        expect(result).to be response
+      end
+    end
+  end
+end

data/spec/lib/http/headers/normalizer_spec.rb

@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+RSpec.describe HTTP::Headers::Normalizer do
+  subject(:normalizer) { described_class.new }
+
+  include_context RSpec::Memory
+
+  describe "#call" do
+    it "normalizes the header" do
+      expect(normalizer.call("content_type")).to eq "Content-Type"
+    end
+
+    it "returns a non-frozen string" do
+      expect(normalizer.call("content_type")).not_to be_frozen
+    end
+
+    it "evicts the oldest item when cache is full" do
+      max_headers = (1..described_class::Cache::MAX_SIZE).map { |i| "Header#{i}" }
+      max_headers.each { |header| normalizer.call(header) }
+      normalizer.call("New-Header")
+      cache_store = normalizer.instance_variable_get(:@cache).instance_variable_get(:@store)
+      expect(cache_store.keys).to eq(max_headers[1..] + ["New-Header"])
+    end
+
+    it "retuns mutable strings" do
+      normalized_headers = Array.new(3) { normalizer.call("content_type") }
+
+      expect(normalized_headers)
+        .to satisfy { |arr| arr.uniq.size == 1 }
+        .and(satisfy { |arr| arr.map(&:object_id).uniq.size == normalized_headers.size })
+        .and(satisfy { |arr| arr.none?(&:frozen?) })
+    end
+
+    it "allocates minimal memory for normalization of the same header" do
+      normalizer.call("accept") # XXX: Ensure normalizer is pre-allocated
+
+      # On first call it is expected to allocate during normalization
+      expect { normalizer.call("content_type") }.to limit_allocations(
+        Array     => 1,
+        MatchData => 1,
+        String    => 6
+      )
+
+      # On subsequent call it is expected to only allocate copy of a cached string
+      expect { normalizer.call("content_type") }.to limit_allocations(
+        Array     => 0,
+        MatchData => 0,
+        String    => 1
+      )
+    end
+  end
+end

data/spec/lib/http/headers_spec.rb

@@ -13,7 +13,7 @@ RSpec.describe HTTP::Headers do
       expect(headers["Accept"]).to eq "application/json"
     end
 
-    it "normalizes header name" do
+    it "allows retrieval via normalized header name" do
       headers.set :content_type, "application/json"
       expect(headers["Content-Type"]).to eq "application/json"
     end
@@ -35,8 +35,15 @@ RSpec.describe HTTP::Headers do
         to raise_error HTTP::HeaderError
     end
 
-    it "fails with invalid header name" do
-      expect { headers.set "foo bar", "baz" }.
+    ["foo bar", "foo bar: ok\nfoo", "evil-header: evil-value\nfoo"].each do |name|
+      it "fails with invalid header name (#{name.inspect})" do
+        expect { headers.set name, "baz" }.
+          to raise_error HTTP::HeaderError
+      end
+    end
+
+    it "fails with invalid header value" do
+      expect { headers.set "foo", "bar\nEvil-Header: evil-value" }.
         to raise_error HTTP::HeaderError
     end
   end
@@ -47,7 +54,7 @@ RSpec.describe HTTP::Headers do
       expect(headers["Accept"]).to eq "application/json"
     end
 
-    it "normalizes header name" do
+    it "allows retrieval via normalized header name" do
       headers[:content_type] = "application/json"
       expect(headers["Content-Type"]).to eq "application/json"
     end
@@ -73,7 +80,7 @@ RSpec.describe HTTP::Headers do
       expect(headers["Content-Type"]).to be_nil
     end
 
-    it "normalizes header name" do
+    it "removes header that matches normalized version of specified name" do
       headers.delete :content_type
       expect(headers["Content-Type"]).to be_nil
     end
@@ -83,9 +90,11 @@ RSpec.describe HTTP::Headers do
         to raise_error HTTP::HeaderError
     end
 
-    it "fails with invalid header name" do
-      expect { headers.delete "foo bar" }.
-        to raise_error HTTP::HeaderError
+    ["foo bar", "foo bar: ok\nfoo"].each do |name|
+      it "fails with invalid header name (#{name.inspect})" do
+        expect { headers.delete name }.
+          to raise_error HTTP::HeaderError
+      end
     end
   end
 
@@ -95,13 +104,13 @@ RSpec.describe HTTP::Headers do
       expect(headers["Accept"]).to eq "application/json"
     end
 
-    it "normalizes header name" do
+    it "allows retrieval via normalized header name" do
       headers.add :content_type, "application/json"
       expect(headers["Content-Type"]).to eq "application/json"
     end
 
     it "appends new value if header exists" do
-      headers.add :set_cookie, "hoo=ray"
+      headers.add "Set-Cookie", "hoo=ray"
       headers.add :set_cookie, "woo=hoo"
       expect(headers["Set-Cookie"]).to eq %w[hoo=ray woo=hoo]
     end
@@ -117,8 +126,20 @@ RSpec.describe HTTP::Headers do
         to raise_error HTTP::HeaderError
     end
 
-    it "fails with invalid header name" do
-      expect { headers.add "foo bar", "baz" }.
+    ["foo bar", "foo bar: ok\nfoo"].each do |name|
+      it "fails with invalid header name (#{name.inspect})" do
+        expect { headers.add name, "baz" }.
+          to raise_error HTTP::HeaderError
+      end
+    end
+
+    it "fails with invalid header value" do
+      expect { headers.add "foo", "bar\nEvil-Header: evil-value" }.
+        to raise_error HTTP::HeaderError
+    end
+
+    it "fails when header name is not a String or Symbol" do
+      expect { headers.add 2, "foo" }.
         to raise_error HTTP::HeaderError
     end
   end
@@ -145,9 +166,11 @@ RSpec.describe HTTP::Headers do
         to raise_error HTTP::HeaderError
     end
 
-    it "fails with invalid header name" do
-      expect { headers.get("foo bar") }.
-        to raise_error HTTP::HeaderError
+    ["foo bar", "foo bar: ok\nfoo"].each do |name|
+      it "fails with invalid header name (#{name.inspect})" do
+        expect { headers.get name }.
+          to raise_error HTTP::HeaderError
+      end
     end
   end
 
@@ -296,8 +319,19 @@ RSpec.describe HTTP::Headers do
       )
     end
 
+    it "yields header keys specified as symbols in normalized form" do
+      keys = headers.each.map(&:first)
+      expect(keys).to eq(%w[Set-Cookie Content-Type Set-Cookie])
+    end
+
+    it "yields headers specified as strings without conversion" do
+      headers.add "X_kEy", "value"
+      keys = headers.each.map(&:first)
+      expect(keys).to eq(%w[Set-Cookie Content-Type Set-Cookie X_kEy])
+    end
+
     it "returns self instance if block given" do
-      expect(headers.each { |*| }).to be headers
+      expect(headers.each { |*| }).to be headers # rubocop:disable Lint/EmptyBlock
     end
 
     it "returns Enumerator if no block given" do
@@ -472,14 +506,15 @@ RSpec.describe HTTP::Headers do
     end
 
     context "with duplicate header keys (mixed case)" do
-      let(:headers) { {"Set-Cookie" => "hoo=ray", "set-cookie" => "woo=hoo"} }
+      let(:headers) { {"Set-Cookie" => "hoo=ray", "set_cookie" => "woo=hoo", :set_cookie => "ta=da"} }
 
       it "adds all headers" do
         expect(described_class.coerce(headers).to_a).
           to match_array(
             [
               %w[Set-Cookie hoo=ray],
-              %w[Set-Cookie woo=hoo]
+              %w[set_cookie woo=hoo],
+              %w[Set-Cookie ta=da]
             ]
           )
       end

data/spec/lib/http/options/headers_spec.rb

@@ -8,13 +8,17 @@ RSpec.describe HTTP::Options, "headers" do
   end
 
   it "may be specified with with_headers" do
-    opts2 = opts.with_headers("accept" => "json")
+    opts2 = opts.with_headers(:accept => "json")
     expect(opts.headers).to be_empty
     expect(opts2.headers).to eq([%w[Accept json]])
   end
 
   it "accepts any object that respond to :to_hash" do
-    x = Struct.new(:to_hash).new("accept" => "json")
+    x = if RUBY_VERSION >= "3.2.0"
+          Data.define(:to_hash).new(:to_hash => { "accept" => "json" })
+        else
+          Struct.new(:to_hash).new({ "accept" => "json" })
+        end
     expect(opts.with_headers(x).headers["accept"]).to eq("json")
   end
 end

data/spec/lib/http/options/merge_spec.rb

@@ -18,28 +18,28 @@ RSpec.describe HTTP::Options, "merge" do
     # FIXME: yuck :(
 
     foo = HTTP::Options.new(
-      :response  => :body,
-      :params    => {:baz => "bar"},
-      :form      => {:foo => "foo"},
-      :body      => "body-foo",
-      :json      => {:foo => "foo"},
-      :headers   => {:accept => "json", :foo => "foo"},
-      :proxy     => {},
-      :features  => {}
+      :response => :body,
+      :params   => {:baz => "bar"},
+      :form     => {:foo => "foo"},
+      :body     => "body-foo",
+      :json     => {:foo => "foo"},
+      :headers  => {:accept => "json", :foo => "foo"},
+      :proxy    => {},
+      :features => {}
     )
 
     bar = HTTP::Options.new(
-      :response   => :parsed_body,
-      :persistent => "https://www.googe.com",
-      :params     => {:plop => "plip"},
-      :form       => {:bar => "bar"},
-      :body       => "body-bar",
-      :json       => {:bar => "bar"},
+      :response           => :parsed_body,
+      :persistent         => "https://www.googe.com",
+      :params             => {:plop => "plip"},
+      :form               => {:bar => "bar"},
+      :body               => "body-bar",
+      :json               => {:bar => "bar"},
       :keep_alive_timeout => 10,
       :headers            => {:accept => "xml", :bar => "bar"},
       :timeout_options    => {:foo => :bar},
-      :ssl        => {:foo => "bar"},
-      :proxy      => {:proxy_address => "127.0.0.1", :proxy_port => 8080}
+      :ssl                => {:foo => "bar"},
+      :proxy              => {:proxy_address => "127.0.0.1", :proxy_port => 8080}
     )
 
     expect(foo.merge(bar).to_hash).to eq(

data/spec/lib/http/redirector_spec.rb

@@ -6,12 +6,17 @@ RSpec.describe HTTP::Redirector do
       :status  => status,
       :version => "1.1",
       :headers => headers,
-      :body    => body
+      :body    => body,
+      :request => HTTP::Request.new(:verb => :get, :uri => "http://example.com")
     )
   end
 
-  def redirect_response(status, location)
-    simple_response status, "", "Location" => location
+  def redirect_response(status, location, set_cookie = {})
+    res = simple_response status, "", "Location" => location
+    set_cookie.each do |name, value|
+      res.headers.add("Set-Cookie", "#{name}=#{value}; path=/; httponly; secure; SameSite=none; Secure")
+    end
+    res
   end
 
   describe "#strict" do
@@ -75,6 +80,101 @@ RSpec.describe HTTP::Redirector do
       expect(res.to_s).to eq "foo"
     end
 
+    it "concatenates multiple Location headers" do
+      req     = HTTP::Request.new :verb => :head, :uri => "http://example.com"
+      headers = HTTP::Headers.new
+
+      %w[http://example.com /123].each { |loc| headers.add("Location", loc) }
+
+      res = redirector.perform(req, simple_response(301, "", headers)) do |redirect|
+        simple_response(200, redirect.uri.to_s)
+      end
+
+      expect(res.to_s).to eq "http://example.com/123"
+    end
+
+    it "returns cookies in response" do
+      req  = HTTP::Request.new :verb => :head, :uri => "http://example.com"
+      hops = [
+        redirect_response(301, "http://example.com/1", {"foo" => "42"}),
+        redirect_response(301, "http://example.com/2", {"bar" => "53", "deleted" => "foo"}),
+        redirect_response(301, "http://example.com/3", {"baz" => "64", "deleted" => ""}),
+        redirect_response(301, "http://example.com/4", {"baz" => "65"}),
+        simple_response(200, "bar")
+      ]
+
+      request_cookies = [
+        {"foo" => "42"},
+        {"foo" => "42", "bar" => "53", "deleted" => "foo"},
+        {"foo" => "42", "bar" => "53", "baz" => "64"},
+        {"foo" => "42", "bar" => "53", "baz" => "65"}
+      ]
+
+      res = redirector.perform(req, hops.shift) do |request|
+        req_cookie = HTTP::Cookie.cookie_value_to_hash(request.headers["Cookie"] || "")
+        expect(req_cookie).to eq request_cookies.shift
+        hops.shift
+      end
+
+      expect(res.to_s).to eq "bar"
+      expect(res.cookies.cookies.to_h { |c| [c.name, c.value] }).to eq({
+        "foo" => "42",
+        "bar" => "53",
+        "baz" => "65"
+      })
+    end
+
+    it "returns original cookies in response" do
+      req = HTTP::Request.new :verb => :head, :uri => "http://example.com"
+      req.headers.set("Cookie", "foo=42; deleted=baz")
+      hops = [
+        redirect_response(301, "http://example.com/1", {"bar" => "64", "deleted" => ""}),
+        simple_response(200, "bar")
+      ]
+
+      request_cookies = [
+        {"foo" => "42", "bar" => "64"},
+        {"foo" => "42", "bar" => "64"}
+      ]
+
+      res = redirector.perform(req, hops.shift) do |request|
+        req_cookie = HTTP::Cookie.cookie_value_to_hash(request.headers["Cookie"] || "")
+        expect(req_cookie).to eq request_cookies.shift
+        hops.shift
+      end
+      expect(res.to_s).to eq "bar"
+      cookies = res.cookies.cookies.to_h { |c| [c.name, c.value] }
+      expect(cookies["foo"]).to eq "42"
+      expect(cookies["bar"]).to eq "64"
+      expect(cookies["deleted"]).to eq nil
+    end
+
+    context "with on_redirect callback" do
+      let(:options) do
+        {
+          :on_redirect => proc do |response, location|
+            @redirect_response = response
+            @redirect_location = location
+          end
+        }
+      end
+
+      it "calls on_redirect" do
+        req = HTTP::Request.new :verb => :head, :uri => "http://example.com"
+        hops = [
+          redirect_response(301, "http://example.com/1"),
+          redirect_response(301, "http://example.com/2"),
+          simple_response(200, "foo")
+        ]
+
+        redirector.perform(req, hops.shift) do |prev_req, _|
+          expect(@redirect_location.uri.to_s).to eq prev_req.uri.to_s
+          expect(@redirect_response.code).to eq 301
+          hops.shift
+        end
+      end
+    end
+
     context "following 300 redirect" do
       context "with strict mode" do
         let(:options) { {:strict => true} }
@@ -382,5 +482,49 @@ RSpec.describe HTTP::Redirector do
         end
       end
     end
+
+    describe "changing verbs during redirects" do
+      let(:options) { {:strict => false} }
+      let(:post_body) { HTTP::Request::Body.new("i might be way longer in real life") }
+      let(:cookie) { "dont=eat my cookies" }
+
+      def a_dangerous_request(verb)
+        HTTP::Request.new(
+          :verb => verb, :uri => "http://example.com",
+          :body => post_body, :headers => {
+            "Content-Type" => "meme",
+            "Cookie"       => cookie
+          }
+        )
+      end
+
+      def empty_body
+        HTTP::Request::Body.new(nil)
+      end
+
+      it "follows without body/content type if it has to change verb" do
+        req = a_dangerous_request(:post)
+        res = redirect_response 302, "http://example.com/1"
+
+        redirector.perform(req, res) do |prev_req, _|
+          expect(prev_req.body).to eq(empty_body)
+          expect(prev_req.headers["Cookie"]).to eq(cookie)
+          expect(prev_req.headers["Content-Type"]).to eq(nil)
+          simple_response 200
+        end
+      end
+
+      it "leaves body/content-type intact if it does not have to change verb" do
+        req = a_dangerous_request(:post)
+        res = redirect_response 307, "http://example.com/1"
+
+        redirector.perform(req, res) do |prev_req, _|
+          expect(prev_req.body).to eq(post_body)
+          expect(prev_req.headers["Cookie"]).to eq(cookie)
+          expect(prev_req.headers["Content-Type"]).to eq("meme")
+          simple_response 200
+        end
+      end
+    end
   end
 end

data/spec/lib/http/request/body_spec.rb

@@ -118,18 +118,56 @@ RSpec.describe HTTP::Request::Body do
     end
 
     context "when body is a non-Enumerable IO" do
-      let(:body) { FakeIO.new("a" * 16 * 1024 + "b" * 10 * 1024) }
+      let(:body) { FakeIO.new(("a" * 16 * 1024) + ("b" * 10 * 1024)) }
 
       it "yields chunks of content" do
-        expect(chunks.inject("", :+)).to eq "a" * 16 * 1024 + "b" * 10 * 1024
+        expect(chunks.inject("", :+)).to eq ("a" * 16 * 1024) + ("b" * 10 * 1024)
+      end
+    end
+
+    context "when body is a pipe" do
+      let(:ios)  { IO.pipe }
+      let(:body) { ios[0] }
+
+      around do |example|
+        writer = Thread.new(ios[1]) do |io|
+          io << "abcdef"
+          io.close
+        end
+
+        begin
+          example.run
+        ensure
+          writer.join
+        end
+      end
+
+      it "yields chunks of content" do
+        expect(chunks.inject("", :+)).to eq("abcdef")
       end
     end
 
     context "when body is an Enumerable IO" do
-      let(:body) { StringIO.new("a" * 16 * 1024 + "b" * 10 * 1024) }
+      let(:data) { ("a" * 16 * 1024) + ("b" * 10 * 1024) }
+      let(:body) { StringIO.new data }
 
       it "yields chunks of content" do
-        expect(chunks.inject("", :+)).to eq "a" * 16 * 1024 + "b" * 10 * 1024
+        expect(chunks.inject("", :+)).to eq data
+      end
+
+      it "allows to enumerate multiple times" do
+        results = []
+
+        2.times do
+          result = ""
+          subject.each { |chunk| result += chunk }
+          results << result
+        end
+
+        aggregate_failures do
+          expect(results.count).to eq 2
+          expect(results).to all eq data
+        end
       end
     end
 
@@ -141,4 +179,33 @@ RSpec.describe HTTP::Request::Body do
       end
     end
   end
+
+  describe "#==" do
+    context "when sources are equivalent" do
+      let(:body1) { HTTP::Request::Body.new("content") }
+      let(:body2) { HTTP::Request::Body.new("content") }
+
+      it "returns true" do
+        expect(body1).to eq body2
+      end
+    end
+
+    context "when sources are not equivalent" do
+      let(:body1) { HTTP::Request::Body.new("content") }
+      let(:body2) { HTTP::Request::Body.new(nil) }
+
+      it "returns false" do
+        expect(body1).not_to eq body2
+      end
+    end
+
+    context "when objects are not of the same class" do
+      let(:body1) { HTTP::Request::Body.new("content") }
+      let(:body2) { "content" }
+
+      it "returns false" do
+        expect(body1).not_to eq body2
+      end
+    end
+  end
 end

data/spec/lib/http/request/writer_spec.rb

@@ -1,5 +1,5 @@
-# frozen_string_literal: true
 # coding: utf-8
+# frozen_string_literal: true
 
 RSpec.describe HTTP::Request::Writer do
   let(:io)          { StringIO.new }
@@ -22,6 +22,18 @@ RSpec.describe HTTP::Request::Writer do
       end
     end
 
+    context "when headers are specified as strings with mixed case" do
+      let(:headers) { HTTP::Headers.coerce "content-Type" => "text", "X_MAX" => "200" }
+
+      it "writes the headers with the same casing" do
+        writer.stream
+        expect(io.string).to eq [
+          "#{headerstart}\r\n",
+          "content-Type: text\r\nX_MAX: 200\r\nContent-Length: 0\r\n\r\n"
+        ].join
+      end
+    end
+
     context "when body is nonempty" do
       let(:body) { HTTP::Request::Body.new("content") }
 
@@ -35,9 +47,20 @@ RSpec.describe HTTP::Request::Writer do
       end
     end
 
-    context "when body is empty" do
+    context "when body is not set" do
       let(:body) { HTTP::Request::Body.new(nil) }
 
+      it "doesn't write anything to the socket and doesn't set Content-Length" do
+        writer.stream
+        expect(io.string).to eq [
+          "#{headerstart}\r\n\r\n"
+        ].join
+      end
+    end
+
+    context "when body is empty" do
+      let(:body) { HTTP::Request::Body.new("") }
+
       it "doesn't write anything to the socket and sets Content-Length" do
         writer.stream
         expect(io.string).to eq [
@@ -74,5 +97,25 @@ RSpec.describe HTTP::Request::Writer do
         ].join
       end
     end
+
+    context "when server won't accept any more data" do
+      before do
+        expect(io).to receive(:write).and_raise(Errno::EPIPE)
+      end
+
+      it "aborts silently" do
+        writer.stream
+      end
+    end
+
+    context "when writing to socket raises an exception" do
+      before do
+        expect(io).to receive(:write).and_raise(Errno::ECONNRESET)
+      end
+
+      it "raises a ConnectionError" do
+        expect { writer.stream }.to raise_error(HTTP::ConnectionError)
+      end
+    end
   end
 end