httparty 0.13.7 → 0.14.0

data/lib/httparty/net_digest_auth.rb

@@ -68,8 +68,10 @@ module Net
 
         header =~ /Digest (.*)/
         params = {}
-        non_quoted = $1.gsub(/(\w+)="(.*?)"/) { params[$1] = $2 }
-        non_quoted.gsub(/(\w+)=([^,]*)/) { params[$1] = $2 }
+        if $1
+          non_quoted = $1.gsub(/(\w+)="(.*?)"/) { params[$1] = $2 }
+          non_quoted.gsub(/(\w+)=([^,]*)/) { params[$1] = $2 }
+        end
         params
       end
 

data/lib/httparty/request.rb

@@ -9,7 +9,8 @@ module HTTParty
       Net::HTTP::Head,
       Net::HTTP::Options,
       Net::HTTP::Move,
-      Net::HTTP::Copy
+      Net::HTTP::Copy,
+      Net::HTTP::Mkcol,
     ]
 
     SupportedURISchemes  = ['http', 'https', 'webcal', nil]
@@ -93,7 +94,7 @@ module HTTParty
         base_uri += ":#{@last_uri.port}" if @last_uri.port != 80
         base_uri
       else
-        options[:base_uri]
+        options[:base_uri] && HTTParty.normalize_base_uri(options[:base_uri])
       end
     end
 
@@ -128,6 +129,7 @@ module HTTParty
       end
 
       handle_deflation unless http_method == Net::HTTP::Head
+      handle_host_redirection if response_redirects?
       handle_response(chunked_body, &block)
     end
 
@@ -174,7 +176,7 @@ module HTTParty
       @raw_request.body = body if body
       @raw_request.body_stream = options[:body_stream] if options[:body_stream]
       @raw_request.initialize_http_header(options[:headers].to_hash) if options[:headers].respond_to?(:to_hash)
-      @raw_request.basic_auth(username, password) if options[:basic_auth]
+      @raw_request.basic_auth(username, password) if options[:basic_auth] && send_authorization_header?
       setup_digest_auth if options[:digest_auth]
     end
 
@@ -298,6 +300,9 @@ module HTTParty
 
     # Inspired by Ruby 1.9
     def handle_deflation
+      return if response_redirects?
+      return if last_response.body.nil?
+
       case last_response["content-encoding"]
       when "gzip", "x-gzip"
         body_io = StringIO.new(last_response.body)
@@ -309,6 +314,24 @@ module HTTParty
       end
     end
 
+    def handle_host_redirection
+      check_duplicate_location_header
+      redirect_path = options[:uri_adapter].parse last_response['location']
+      return if redirect_path.relative? || path.host == redirect_path.host
+      @changed_hosts = true
+    end
+
+    def check_duplicate_location_header
+      location = last_response.get_fields('location')
+      if location.is_a?(Array) && location.count > 1
+        raise DuplicateLocationHeader.new(last_response)
+      end
+    end
+
+    def send_authorization_header?
+      !defined?(@changed_hosts)
+    end
+
     def response_redirects?
       case last_response
       when Net::HTTPNotModified # 304

data/lib/httparty/response.rb

@@ -17,6 +17,8 @@ module HTTParty
         logger = ::HTTParty::Logger.build(request.options[:logger], request.options[:log_level], request.options[:log_format])
         logger.format(request, self)
       end
+
+      throw_exception
     end
 
     def parsed_response
@@ -27,6 +29,12 @@ module HTTParty
       Response
     end
 
+    def is_a?(klass)
+      self.class == klass || self.class < klass
+    end
+
+    alias_method :kind_of?, :is_a?
+
     def code
       response.code.to_i
     end
@@ -41,11 +49,17 @@ module HTTParty
       %(#<#{self.class}:0x#{inspect_id} parsed_response=#{parsed_response.inspect}, @response=#{response.inspect}, @headers=#{headers.inspect}>)
     end
 
+    RESPOND_TO_METHODS = [:request, :response, :parsed_response, :body, :headers]
+
     CODES_TO_OBJ = ::Net::HTTPResponse::CODE_CLASS_TO_OBJ.merge ::Net::HTTPResponse::CODE_TO_OBJ
 
     CODES_TO_OBJ.each do |response_code, klass|
       name = klass.name.sub("Net::HTTP", '')
-      define_method("#{underscore(name)}?") do
+      name = "#{underscore(name)}?".to_sym
+
+      RESPOND_TO_METHODS << name
+
+      define_method(name) do
         klass === response
       end
     end
@@ -56,7 +70,7 @@ module HTTParty
     end
 
     def respond_to?(name, include_all = false)
-      return true if [:request, :response, :parsed_response, :body, :headers].include?(name)
+      return true if RESPOND_TO_METHODS.include?(name)
       parsed_response.respond_to?(name, include_all) || response.respond_to?(name, include_all)
     end
 
@@ -71,6 +85,12 @@ module HTTParty
         super
       end
     end
+
+    def throw_exception
+      if @request.options[:raise_on] && @request.options[:raise_on].include?(code)
+        ::Kernel.raise ::HTTParty::ResponseError.new(@response), "Code #{code} - #{body}"
+      end
+    end
   end
 end
 

data/lib/httparty/version.rb

@@ -1,3 +1,3 @@
 module HTTParty
-  VERSION = "0.13.7"
+  VERSION = "0.14.0"
 end

data/spec/httparty/connection_adapter_spec.rb

@@ -27,7 +27,7 @@ RSpec.describe HTTParty::ConnectionAdapter do
     it "sets the options" do
       options = {foo: :bar}
       adapter = HTTParty::ConnectionAdapter.new(uri, options)
-      expect(adapter.options).to be options
+      expect(adapter.options.keys).to include(:verify, :verify_peer, :foo)
     end
   end
 
@@ -325,6 +325,19 @@ RSpec.describe HTTParty::ConnectionAdapter do
         end
       end
 
+      context 'when providing nil as proxy address' do
+        let(:uri) { URI 'http://noproxytest.com' }
+        let(:options) { {http_proxyaddr: nil} }
+
+        it { is_expected.not_to be_a_proxy }
+
+        it "does pass nil proxy parameters to the connection, this forces to not use a proxy" do
+          http = Net::HTTP.new("noproxytest.com")
+          expect(Net::HTTP).to receive(:new).once.with("noproxytest.com", 80, nil, nil, nil, nil).and_return(http)
+          adapter.connection
+        end
+      end
+
       context 'when not providing a proxy address' do
         let(:uri) { URI 'http://proxytest.com' }
 
@@ -372,6 +385,13 @@ RSpec.describe HTTParty::ConnectionAdapter do
             expect(subject.verify_mode).to eq(OpenSSL::SSL::VERIFY_PEER)
           end
 
+          context "when options include verify=false" do
+            let(:options) { {pem: pem, pem_password: "password", verify: false} }
+
+            it "should not verify the certificate" do
+              expect(subject.verify_mode).to eq(OpenSSL::SSL::VERIFY_NONE)
+            end
+          end
           context "when options include verify_peer=false" do
             let(:options) { {pem: pem, pem_password: "password", verify_peer: false} }
 
@@ -423,6 +443,13 @@ RSpec.describe HTTParty::ConnectionAdapter do
             expect(subject.verify_mode).to eq(OpenSSL::SSL::VERIFY_PEER)
           end
 
+          context "when options include verify=false" do
+            let(:options) { {p12: p12, p12_password: "password", verify: false} }
+
+            it "should not verify the certificate" do
+              expect(subject.verify_mode).to eq(OpenSSL::SSL::VERIFY_NONE)
+            end
+          end
           context "when options include verify_peer=false" do
             let(:options) { {p12: p12, p12_password: "password", verify_peer: false} }
 

data/spec/httparty/cookie_hash_spec.rb

@@ -48,7 +48,7 @@ RSpec.describe HTTParty::CookieHash do
       it "should error" do
         expect {
           @cookie_hash.add_cookies([])
-        }.to raise_error
+        }.to raise_error(RuntimeError)
       end
     end
   end
@@ -79,5 +79,22 @@ RSpec.describe HTTParty::CookieHash do
       @s = @cookie_hash.to_cookie_string
       expect(@s).not_to match(/Path=\//)
     end
+
+    it "should not mutate the hash" do
+      original_hash = {
+        "session" => "91e25e8b-6e32-418d-c72f-2d18adf041cd",
+        "Max-Age" => "15552000",
+        "cart" => "91e25e8b-6e32-418d-c72f-2d18adf041cd",
+        "httponly" => nil,
+        "Path" => "/",
+        "secure" => nil,
+      }
+
+      cookie_hash = HTTParty::CookieHash[original_hash]
+
+      cookie_hash.to_cookie_string
+
+      expect(cookie_hash).to eq(original_hash)
+    end
   end
 end

data/spec/httparty/exception_spec.rb

@@ -35,4 +35,11 @@ RSpec.describe HTTParty::Error do
       it { is_expected.to include(HTTParty::ResponseError) }
     end
   end
+
+  describe HTTParty::DuplicateLocationHeader do
+    describe '#ancestors' do
+      subject { super().ancestors }
+      it { is_expected.to include(HTTParty::ResponseError) }
+    end
+  end
 end

data/spec/httparty/hash_conversions_spec.rb

@@ -22,6 +22,14 @@ RSpec.describe HTTParty::HashConversions do
       end
     end
 
+    context "value is an empty array" do
+      it "creates a params string" do
+        expect(
+          HTTParty::HashConversions.normalize_param(:people, [])
+        ).to eq("people[]=&")
+      end
+    end
+
     context "value is hash" do
       it "creates a params string" do
         expect(

data/spec/httparty/logger/curl_formatter_spec.rb

@@ -2,6 +2,107 @@ require File.expand_path(File.join(File.dirname(__FILE__), '..', '..', 'spec_hel
 
 RSpec.describe HTTParty::Logger::CurlFormatter do
   describe "#format" do
+    let(:logger)          { double('Logger') }
+    let(:response_object) { Net::HTTPOK.new('1.1', 200, 'OK') }
+    let(:parsed_response) { lambda { {"foo" => "bar"} } }
+
+    let(:response) do
+      HTTParty::Response.new(request, response_object, parsed_response)
+    end
+
+    let(:request) do
+      HTTParty::Request.new(Net::HTTP::Get, 'http://foo.bar.com/')
+    end
+
+    subject { described_class.new(logger, :info) }
+
+    before do
+      allow(logger).to receive(:info)
+      allow(request).to receive(:raw_body).and_return('content')
+      allow(response_object).to receive_messages(body: "{foo:'bar'}")
+      response_object['header-key'] = 'header-value'
+
+      subject.format request, response
+    end
+
+    context 'when request is logged' do
+      context "and request's option 'base_uri' is not present" do
+        it 'logs url' do
+          expect(logger).to have_received(:info).with(/\[HTTParty\] \[\d{4}-\d\d-\d\d \d\d:\d\d:\d\d\ [+-]\d{4}\] > GET http:\/\/foo.bar.com/)
+        end
+      end
+
+      context "and request's option 'base_uri' is present" do
+        let(:request) do
+          HTTParty::Request.new(Net::HTTP::Get, '/path', base_uri: 'http://foo.bar.com')
+        end
+
+        it 'logs url' do
+          expect(logger).to have_received(:info).with(/\[HTTParty\] \[\d{4}-\d\d-\d\d \d\d:\d\d:\d\d\ [+-]\d{4}\] > GET http:\/\/foo.bar.com\/path/)
+        end
+      end
+
+      context 'and headers are not present' do
+        it 'not log Headers' do
+          expect(logger).not_to have_received(:info).with(/Headers/)
+        end
+      end
+
+      context 'and headers are present' do
+        let(:request) do
+          HTTParty::Request.new(Net::HTTP::Get, '/path', base_uri: 'http://foo.bar.com', headers: { key: 'value' })
+        end
+
+        it 'logs Headers' do
+          expect(logger).to have_received(:info).with(/Headers/)
+        end
+
+        it 'logs headers keys' do
+          expect(logger).to have_received(:info).with(/key: value/)
+        end
+      end
+
+      context 'and query is not present' do
+        it 'not logs Query' do
+          expect(logger).not_to have_received(:info).with(/Query/)
+        end
+      end
+
+      context 'and query is present' do
+        let(:request) do
+          HTTParty::Request.new(Net::HTTP::Get, '/path', query: { key: 'value' })
+        end
+
+        it 'logs Query' do
+          expect(logger).to have_received(:info).with(/Query/)
+        end
+
+        it 'logs query params' do
+          expect(logger).to have_received(:info).with(/key: value/)
+        end
+      end
+
+      context 'when request raw_body is present' do
+        it 'not logs request body' do
+          expect(logger).to have_received(:info).with(/content/)
+        end
+      end
+    end
+
+    context 'when response is logged' do
+      it 'logs http version and response code' do
+        expect(logger).to have_received(:info).with(/HTTP\/1.1 200/)
+      end
+
+      it 'logs headers' do
+        expect(logger).to have_received(:info).with(/Header-key: header-value/)
+      end
+
+      it 'logs body' do
+        expect(logger).to have_received(:info).with(/{foo:'bar'}/)
+      end
+    end
+
     it "formats a response in a style that resembles a -v curl" do
       logger_double = double
       expect(logger_double).to receive(:info).with(

data/spec/httparty/net_digest_auth_spec.rb

@@ -152,6 +152,16 @@ RSpec.describe Net::HTTPHeader::DigestAuthenticator do
     end
   end
 
+  context "with http basic auth response when net digest auth expected" do
+    it "should not fail" do
+      @digest = setup_digest({
+                               'www-authenticate' => 'WWW-Authenticate: Basic realm="testrealm.com""'
+                           })
+
+      expect(authorization_header).to include("Digest")
+    end
+  end
+
   context "with multiple authenticate headers" do
     before do
       @digest = setup_digest({

data/spec/httparty/request_spec.rb

@@ -56,6 +56,24 @@ RSpec.describe HTTParty::Request do
       expect(request.connection_adapter).to eq(my_adapter)
     end
 
+    context "when using a query string" do
+      context "and it has an empty array" do
+        it "sets correct query string" do
+          request = HTTParty::Request.new(Net::HTTP::Get, 'http://google.com', query: { fake_array: [] })
+
+          expect(request.uri).to eq(URI.parse("http://google.com/?fake_array[]="))
+        end
+      end
+
+      context "when sending an array with only one element" do
+        it "sets correct query" do
+          request = HTTParty::Request.new(Net::HTTP::Get, 'http://google.com', query: { fake_array: [1] })
+
+          expect(request.uri).to eq(URI.parse("http://google.com/?fake_array[]=1"))
+        end
+      end
+    end
+
     context "when basic authentication credentials provided in uri" do
       context "when basic auth options wasn't set explicitly" do
         it "sets basic auth from uri" do
@@ -168,6 +186,14 @@ RSpec.describe HTTParty::Request do
       request.send(:setup_raw_request)
       expect(request.instance_variable_get(:@raw_request).body_stream).to eq(stream)
     end
+
+    it 'should normalize base uri when specified as request option' do
+      FakeWeb.register_uri(:get, 'http://foo.com/resource', :body => 'Bar')
+      response = HTTParty.get('/resource', {
+        base_uri: 'foo.com'
+      })
+      expect(response.code).to eq(200)
+    end
   end
 
   describe "#uri" do
@@ -213,10 +239,10 @@ RSpec.describe HTTParty::Request do
       end
 
       it "respects the query string normalization proc" do
-        empty_proc = lambda {|qs| ""}
+        empty_proc = lambda {|qs| "I"}
         @request.options[:query_string_normalizer] = empty_proc
         @request.options[:query] = {foo: :bar}
-        expect(CGI.unescape(@request.uri.query)).to eq("")
+        expect(CGI.unescape(@request.uri.query)).to eq("I")
       end
 
       it "does not append an ampersand when queries are embedded in paths" do
@@ -479,6 +505,12 @@ RSpec.describe HTTParty::Request do
           expect(response.parsed_response).to eq({"hash" => {"foo" => "bar"}})
         end
 
+        it "raises an error if redirect has duplicate location header" do
+          @request = HTTParty::Request.new(Net::HTTP::Get, 'http://test.com/redirect', format: :xml)
+          FakeWeb.register_uri(:get, "http://test.com/redirect", status: [300, "REDIRECT"], location: ["http://api.foo.com/v2","http://api.foo.com/v2"])
+          expect {@request.perform}.to raise_error(HTTParty::DuplicateLocationHeader)
+        end
+
         it "returns the HTTParty::Response when the 300 does not contain a location header" do
           stub_response '', 300
           expect(HTTParty::Response).to be === @request.perform
@@ -594,6 +626,11 @@ RSpec.describe HTTParty::Request do
           expect(@request.perform.parsed_response).to eq({"hash" => {"foo" => "bar"}})
         end
 
+        it "should be handled by MKCOL transparently" do
+          @request.http_method = Net::HTTP::Mkcol
+          expect(@request.perform.parsed_response).to eq({"hash" => {"foo" => "bar"}})
+        end
+
         it "should keep track of cookies between redirects" do
           @redirect['Set-Cookie'] = 'foo=bar; name=value; HTTPOnly'
           @request.perform
@@ -601,14 +638,14 @@ RSpec.describe HTTParty::Request do
           expect(@request.options[:headers]['Cookie']).to match(/name=value/)
         end
 
-        it 'should update cookies with rediects' do
+        it 'should update cookies with redirects' do
           @request.options[:headers] = {'Cookie' => 'foo=bar;'}
           @redirect['Set-Cookie'] = 'foo=tar;'
           @request.perform
           expect(@request.options[:headers]['Cookie']).to match(/foo=tar/)
         end
 
-        it 'should keep cookies between rediects' do
+        it 'should keep cookies between redirects' do
           @request.options[:headers] = {'Cookie' => 'keep=me'}
           @redirect['Set-Cookie'] = 'foo=tar;'
           @request.perform
@@ -715,6 +752,11 @@ RSpec.describe HTTParty::Request do
         expect(@request.perform.parsed_response).to eq({"hash" => {"foo" => "bar"}})
       end
 
+      it "should be handled by MKCOL transparently" do
+        @request.http_method = Net::HTTP::Mkcol
+        expect(@request.perform.parsed_response).to eq({"hash" => {"foo" => "bar"}})
+      end
+
       it "should keep track of cookies between redirects" do
         @redirect['Set-Cookie'] = 'foo=bar; name=value; HTTPOnly'
         @request.perform
@@ -722,14 +764,14 @@ RSpec.describe HTTParty::Request do
         expect(@request.options[:headers]['Cookie']).to match(/name=value/)
       end
 
-      it 'should update cookies with rediects' do
+      it 'should update cookies with redirects' do
         @request.options[:headers] = {'Cookie' => 'foo=bar;'}
         @redirect['Set-Cookie'] = 'foo=tar;'
         @request.perform
         expect(@request.options[:headers]['Cookie']).to match(/foo=tar/)
       end
 
-      it 'should keep cookies between rediects' do
+      it 'should keep cookies between redirects' do
         @request.options[:headers] = {'Cookie' => 'keep=me'}
         @redirect['Set-Cookie'] = 'foo=tar;'
         @request.perform
@@ -848,6 +890,11 @@ RSpec.describe HTTParty::Request do
       expect(@request.perform.code).to eq(304)
     end
 
+    it "should report 304 with a MKCOL request" do
+      @request.http_method = Net::HTTP::Mkcol
+      expect(@request.perform.code).to eq(304)
+    end
+
     it 'should not log the redirection' do
       logger_double = double
       expect(logger_double).to receive(:info).once
@@ -914,6 +961,11 @@ RSpec.describe HTTParty::Request do
           expect(@request.perform.parsed_response).to eq({"hash" => {"foo" => "bar"}})
         end
 
+        it "should be handled by MKCOL transparently" do
+          @request.http_method = Net::HTTP::Mkcol
+          expect(@request.perform.parsed_response).to eq({"hash" => {"foo" => "bar"}})
+        end
+
         it "should keep track of cookies between redirects" do
           @redirect['Set-Cookie'] = 'foo=bar; name=value; HTTPOnly'
           @request.perform
@@ -921,14 +973,14 @@ RSpec.describe HTTParty::Request do
           expect(@request.options[:headers]['Cookie']).to match(/name=value/)
         end
 
-        it 'should update cookies with rediects' do
+        it 'should update cookies with redirects' do
           @request.options[:headers] = {'Cookie' => 'foo=bar;'}
           @redirect['Set-Cookie'] = 'foo=tar;'
           @request.perform
           expect(@request.options[:headers]['Cookie']).to match(/foo=tar/)
         end
 
-        it 'should keep cookies between rediects' do
+        it 'should keep cookies between redirects' do
           @request.options[:headers] = {'Cookie' => 'keep=me'}
           @redirect['Set-Cookie'] = 'foo=tar;'
           @request.perform
@@ -1016,6 +1068,64 @@ RSpec.describe HTTParty::Request do
         expect(@request.last_response).to receive(:delete).with('content-encoding')
         @request.send(:handle_deflation)
       end
+
+      it "should not inflate a redirected response with content-encoding: gzip" do
+        allow(@last_response).to receive(:[]).with("content-encoding").and_return("gzip")
+        allow(@request).to receive(:last_response).and_return(@last_response)
+        allow(@request).to receive(:response_redirects?).and_return(true)
+        @request.send(:handle_deflation)
+      end
+
+      it "should not inflate a redirected response with content-encoding: deflate" do
+        allow(@last_response).to receive(:[]).with("content-encoding").and_return("deflate")
+        allow(@request).to receive(:last_response).and_return(@last_response)
+        allow(@request).to receive(:response_redirects?).and_return(true)
+        @request.send(:handle_deflation)
+      end
+    end
+  end
+
+  describe "#send_authorization_header?" do
+    context "basic_auth" do
+      before do
+        @credentials = { username: "username", password: "password" }
+        @authorization = "Basic dXNlcm5hbWU6cGFzc3dvcmQ="
+        @request.options[:basic_auth] = @credentials
+        @redirect = stub_response("", 302)
+        @ok = stub_response('<hash><foo>bar</foo></hash>', 200)
+      end
+
+      before(:each) do
+        allow(@http).to receive(:request).and_return(@redirect, @ok)
+      end
+
+      it "should not send Authorization header when redirecting to a different host" do
+        @redirect['location'] = 'http://example.com/'
+        @request.perform
+        @request.send(:setup_raw_request)
+        expect(@request.instance_variable_get(:@raw_request)['authorization']).to be_nil
+      end
+
+      it "should send Authorization header when redirecting to a relative path" do
+        @redirect['location'] = '/v3'
+        @request.perform
+        @request.send(:setup_raw_request)
+        expect(@request.instance_variable_get(:@raw_request)['authorization']).to eq(@authorization)
+      end
+
+      it "should send Authorization header when redirecting to the same host" do
+        @redirect['location'] = 'http://api.foo.com/v2'
+        @request.perform
+        @request.send(:setup_raw_request)
+        expect(@request.instance_variable_get(:@raw_request)['authorization']).to eq(@authorization)
+      end
+
+      it "should send Authorization header when redirecting to a different port on the same host" do
+        @redirect['location'] = 'http://api.foo.com:3000/v3'
+        @request.perform
+        @request.send(:setup_raw_request)
+        expect(@request.instance_variable_get(:@raw_request)['authorization']).to eq(@authorization)
+      end
     end
   end