httpi 2.4.0 → 2.4.5

data/lib/httpi/adapter/net_http.rb

@@ -4,6 +4,8 @@ require "httpi/adapter/base"
 require "httpi/response"
 require 'kconv'
 require 'socket'
+require "socksify"
+require 'socksify/http'
 
 module HTTPI
   module Adapter
@@ -16,8 +18,7 @@ module HTTPI
 
       register :net_http, :deps => %w(net/https)
       def initialize(request)
-        check_net_ntlm_version!
-
+        check_net_ntlm_version! if request.auth.ntlm?
         @request = request
         @client = create_client
       end
@@ -27,8 +28,12 @@ module HTTPI
       # Executes arbitrary HTTP requests.
       # @see HTTPI.request
       def request(method)
-        unless REQUEST_METHODS.include? method
-          raise NotSupportedError, "Net::HTTP does not support custom HTTP methods"
+        # Determine if Net::HTTP supports the method using reflection
+        unless Net::HTTP.const_defined?(:"#{method.to_s.capitalize}") &&
+            Net::HTTP.const_get(:"#{method.to_s.capitalize}").class == Class
+
+          raise NotSupportedError, "Net::HTTP does not support "\
+            "#{method.to_s.upcase}"
         end
         do_request(method) do |http, http_request|
           http_request.body = @request.body
@@ -50,11 +55,15 @@ module HTTPI
       end
 
       private
+      def ntlm_version
+        Net::NTLM::VERSION::STRING
+      end
+
       def check_net_ntlm_version!
         begin
           require 'net/ntlm'
-          require 'net/ntlm/version' unless Net::NTLM.const_defined?(:VERSION)
-          unless Net::NTLM::VERSION::STRING >= '0.3.2'
+          require 'net/ntlm/version' unless Net::NTLM.const_defined?(:VERSION, false)
+          unless ntlm_version >= '0.3.2'
             raise ArgumentError, 'Invalid version of rubyntlm. Please use v0.3.2+.'
           end
         rescue LoadError
@@ -67,7 +76,11 @@ module HTTPI
 
       def create_client
         proxy_url = @request.proxy || URI("")
-        proxy = Net::HTTP::Proxy(proxy_url.host, proxy_url.port, proxy_url.user, proxy_url.password)
+        if URI(proxy_url).scheme == 'socks'
+          proxy =Net::HTTP.SOCKSProxy(proxy_url.host, proxy_url.port)
+        else
+          proxy = Net::HTTP::Proxy(proxy_url.host, proxy_url.port, proxy_url.user, proxy_url.password)
+        end
         proxy.new(@request.url.host, @request.url.port)
       end
 
@@ -92,9 +105,9 @@ module HTTPI
 
         # first figure out if we should use NTLM or Negotiate
         nego_auth_response = respond_with(requester.call(http, request_client(:head)))
-        if nego_auth_response.headers['www-authenticate'].include? 'Negotiate'
+        if nego_auth_response.headers['www-authenticate'] && nego_auth_response.headers['www-authenticate'].include?('Negotiate')
           auth_method = 'Negotiate'
-        elsif nego_auth_response.headers['www-authenticate'].include? 'NTLM'
+        elsif nego_auth_response.headers['www-authenticate'] && nego_auth_response.headers['www-authenticate'].include?('NTLM')
           auth_method = 'NTLM'
         else
           auth_method = 'NTLM'
@@ -142,6 +155,13 @@ module HTTPI
         @client.use_ssl = @request.ssl?
         @client.open_timeout = @request.open_timeout if @request.open_timeout
         @client.read_timeout = @request.read_timeout if @request.read_timeout
+        if @request.write_timeout
+          if @client.respond_to?(:write_timeout=) # Expected to appear in Ruby 2.6
+            @client.write_timeout = @request.write_timeout
+          else
+            raise NotSupportedError, "Net::HTTP supports write_timeout starting from Ruby 2.6"
+          end
+        end
       end
 
       def setup_ssl_auth
@@ -150,6 +170,8 @@ module HTTPI
         if @request.auth.ssl?
           unless ssl.verify_mode == :none
             @client.ca_file = ssl.ca_cert_file if ssl.ca_cert_file
+            @client.ca_path = ssl.ca_cert_path if ssl.ca_cert_path
+            @client.cert_store = ssl_cert_store(ssl)
           end
 
           # Send client-side certificate regardless of state of SSL verify mode
@@ -160,16 +182,21 @@ module HTTPI
         end
 
         @client.ssl_version = ssl.ssl_version if ssl.ssl_version
+        @client.min_version = ssl.min_version if ssl.min_version
+        @client.max_version = ssl.max_version if ssl.max_version
+      end
+
+      def ssl_cert_store(ssl)
+        return ssl.cert_store if ssl.cert_store
+
+        # Use the default cert store by default, i.e. system ca certs
+        cert_store = OpenSSL::X509::Store.new
+        cert_store.set_default_paths
+        cert_store
       end
 
       def request_client(type)
-        request_class = case type
-          when :get    then Net::HTTP::Get
-          when :post   then Net::HTTP::Post
-          when :head   then Net::HTTP::Head
-          when :put    then Net::HTTP::Put
-          when :delete then Net::HTTP::Delete
-        end
+        request_class = Net::HTTP.const_get(:"#{type.to_s.capitalize}")
 
         request_client = request_class.new @request.url.request_uri, @request.headers
         request_client.basic_auth(*@request.auth.credentials) if @request.auth.basic?

data/lib/httpi/adapter/net_http_persistent.rb

@@ -12,7 +12,11 @@ module HTTPI
       private
 
       def create_client
-        Net::HTTP::Persistent.new thread_key
+        if is_v3
+          Net::HTTP::Persistent.new name: thread_key
+        else
+          Net::HTTP::Persistent.new thread_key
+        end
       end
 
       def perform(http, http_request, &on_body)
@@ -32,12 +36,17 @@ module HTTPI
 
         @client.open_timeout = @request.open_timeout if @request.open_timeout
         @client.read_timeout = @request.read_timeout if @request.read_timeout
+        raise NotSupportedError, "Net::HTTP::Persistent does not support write_timeout" if @request.write_timeout
       end
 
       def thread_key
         @request.url.host.split(/\W/).reject{|p|p == ""}.join('-')
       end
 
+      def is_v3
+        Net::HTTP::Persistent::VERSION.start_with? "3."
+      end
+
     end
   end
 end

data/lib/httpi/adapter/rack.rb

@@ -1,3 +1,4 @@
+require 'base64'
 require 'httpi/adapter/base'
 require 'httpi/response'
 
@@ -61,17 +62,18 @@ module HTTPI
           raise NotSupportedError, "Rack adapter does not support custom HTTP methods"
         end
 
-        env = {}
-        @request.headers.each do |header, value|
-          env["HTTP_#{header.gsub('-', '_').upcase}"] = value
-        end
-
         if @request.proxy
           raise NotSupportedError, "Rack adapter does not support proxying"
         end
 
         if @request.auth.http?
-          raise NotSupportedError, "Rack adapter does not support HTTP auth"
+          if @request.auth.basic?
+            basic_auth = @request.auth.basic.join(':')
+            encoded = Base64.encode64(basic_auth).gsub('\n', '')
+            @request.headers['Authorization'] = "Basic #{encoded}"
+          else
+            raise NotSupportedError, "Rack adapter does not support HTTP #{@request.auth.type} auth"
+          end
         end
 
         if @request.auth.ssl?
@@ -82,6 +84,11 @@ module HTTPI
           raise NotSupportedError, "Rack adapter does not support response streaming"
         end
 
+        env = {}
+        @request.headers.each do |header, value|
+          env["HTTP_#{header.gsub('-', '_').upcase}"] = value
+        end
+
         response = @client.request(method.to_s.upcase, @request.url.to_s,
               { :fatal => true, :input => @request.body.to_s }.merge(env))
 

data/lib/httpi/auth/ssl.rb

@@ -10,7 +10,18 @@ module HTTPI
 
       VERIFY_MODES = [:none, :peer, :fail_if_no_peer_cert, :client_once]
       CERT_TYPES = [:pem, :der]
-      SSL_VERSIONS = OpenSSL::SSL::SSLContext::METHODS.reject { |method| method.match /server|client/ }.sort.reverse
+
+      # Fix for
+      # httpi/auth/ssl.rb:13: warning: constant OpenSSL::SSL::SSLContext::METHODS is deprecated
+      ssl_context = OpenSSL::SSL::SSLContext
+      SSL_VERSIONS = if ssl_context.const_defined? :METHODS_MAP
+        ssl_context.const_get(:METHODS_MAP).keys
+      else
+        ssl_context::METHODS.reject { |method| method.match(/server|client/) }
+      end.sort.reverse
+
+      # Returns OpenSSL::SSL::*_VERSION values for min_version and max_version
+      MIN_MAX_VERSIONS = OpenSSL::SSL.constants.select{|constant| constant =~/_VERSION$/}.map{|version| version.to_s.gsub(/_VERSION$/,'').to_sym}.reverse
 
       # Returns whether SSL configuration is present.
       def present?
@@ -31,6 +42,12 @@ module HTTPI
       # Accessor for the cacert file to validate SSL certificates.
       attr_accessor :ca_cert_file
 
+      # Accessor for the ca_path to validate SSL certificates.
+      attr_accessor :ca_cert_path
+
+      # Certificate store holds trusted CA certificates used to verify peer certificates.
+      attr_accessor :cert_store
+
       # Returns the cert type to validate SSL certificates PEM|DER.
       def cert_type
         @cert_type ||= :pem
@@ -63,7 +80,7 @@ module HTTPI
 
       # Returns the SSL version number. Defaults to <tt>nil</tt> (auto-negotiate).
       def ssl_version
-        @ssl_version
+        @ssl_version ||= nil
       end
 
       # Sets the SSL version number. Expects one of <tt>HTTPI::Auth::SSL::SSL_VERSIONS</tt>.
@@ -76,6 +93,36 @@ module HTTPI
         @ssl_version = version
       end
 
+      # Returns the SSL min_version number. Defaults to <tt>nil</tt> (auto-negotiate).
+      def min_version
+        @min_version ||= nil
+      end
+
+      # Sets the SSL min_version number. Expects one of <tt>HTTPI::Auth::SSL::MIN_MAX_VERSIONS</tt>.
+      def min_version=(version)
+        unless MIN_MAX_VERSIONS.include? version
+          raise ArgumentError, "Invalid SSL min_version #{version.inspect}\n" +
+                               "Please specify one of #{MIN_MAX_VERSIONS.inspect}"
+        end
+
+        @min_version = version
+      end
+
+      # Returns the SSL min_version number. Defaults to <tt>nil</tt> (auto-negotiate).
+      def max_version
+        @max_version ||= nil
+      end
+
+      # Sets the SSL min_version number. Expects one of <tt>HTTPI::Auth::SSL::MIN_MAX_VERSIONS</tt>.
+      def max_version=(version)
+        unless MIN_MAX_VERSIONS.include? version
+          raise ArgumentError, "Invalid SSL max_version #{version.inspect}\n" +
+                               "Please specify one of #{MIN_MAX_VERSIONS.inspect}"
+        end
+
+        @max_version = version
+      end
+
       # Returns an <tt>OpenSSL::X509::Certificate</tt> for the +cert_file+.
       def cert
         @cert ||= (OpenSSL::X509::Certificate.new File.read(cert_file) if cert_file)

data/lib/httpi/logger.rb

@@ -43,8 +43,13 @@ module HTTPI
     protected
 
     def log_request(method, request, adapter)
-      log("HTTPI #{method.to_s.upcase} request to #{request.url.host} (#{adapter})")
+      log("HTTPI #{request_ssl_info(request)} #{method.to_s.upcase} request to #{request.url.host} (#{adapter})")
     end
 
+    def request_ssl_info(request)
+      if request.auth && request.auth.ssl
+        "#{request.auth.ssl.ssl_version}/#{request.auth.ssl.verify_mode}"
+      end
+    end
   end
 end

data/lib/httpi/request.rb

@@ -11,7 +11,7 @@ module HTTPI
   class Request
 
     # Available attribute writers.
-    ATTRIBUTES = [:url, :proxy, :headers, :body, :open_timeout, :read_timeout, :follow_redirect, :query]
+    ATTRIBUTES = [:url, :proxy, :headers, :body, :open_timeout, :read_timeout, :write_timeout, :follow_redirect, :redirect_limit, :query]
 
     # Accepts a Hash of +args+ to mass assign attributes and authentication credentials.
     def initialize(args = {})
@@ -56,8 +56,7 @@ module HTTPI
 
     # Returns whether to use SSL.
     def ssl?
-      return @ssl unless @ssl.nil?
-      !!(url.to_s =~ /^https/)
+      @ssl ||= !!(url.to_s =~ /^https/)
     end
 
     # Sets whether to use SSL.
@@ -91,7 +90,7 @@ module HTTPI
       headers["Cookie"] = cookies if cookies
     end
 
-    attr_accessor :open_timeout, :read_timeout
+    attr_accessor :open_timeout, :read_timeout, :write_timeout
     attr_reader :body
 
     # Sets a body request given a String or a Hash.
@@ -102,6 +101,7 @@ module HTTPI
     # Sets the block to be called while processing the response. The block
     # accepts a single parameter - the chunked response body.
     def on_body(&block)
+      @on_body ||= nil
       if block_given? then
         @on_body = block
       end
@@ -130,6 +130,13 @@ module HTTPI
       @follow_redirect ||= false
     end
 
+    attr_writer :redirect_limit
+
+    # Returns how many redirects should be followed - defaults to 3 if not set.
+    def redirect_limit
+      @redirect_limit ||= 3
+    end
+
     private
 
     # Stores the cookies from past requests.
@@ -139,7 +146,7 @@ module HTTPI
 
     # Expects a +url+, validates its validity and returns a +URI+ object.
     def normalize_url!(url)
-      raise ArgumentError, "Invalid URL: #{url}" unless url.to_s =~ /^http/
+      raise ArgumentError, "Invalid URL: #{url}" unless url.to_s =~ /^http|socks/
       url.kind_of?(URI) ? url : URI(url)
     end
 

data/lib/httpi/response.rb

@@ -44,12 +44,14 @@ module HTTPI
 
     # Returns any DIME attachments.
     def attachments
+      @body ||= nil
       decode_body unless @body
       @attachments ||= []
     end
 
     # Returns the HTTP response body.
     def body
+      @body ||= nil
       decode_body unless @body
       @body
     end

data/lib/httpi/version.rb

@@ -1,3 +1,3 @@
 module HTTPI
-  VERSION = '2.4.0'
+  VERSION = '2.4.5'
 end

data/spec/httpi/adapter/curb_spec.rb

@@ -2,10 +2,30 @@ require "spec_helper"
 require "httpi/adapter/curb"
 require "httpi/request"
 
+require "integration/support/server"
+
 # curb does not run on jruby
 unless RUBY_PLATFORM =~ /java/
   HTTPI::Adapter.load_adapter(:curb)
 
+  describe "NTLM authentication" do
+    before :all do
+      @server = IntegrationServer.run
+    end
+
+    after :all do
+      @server.stop
+    end
+
+    it "supports ntlm authentication" do
+      request = HTTPI::Request.new(@server.url + "ntlm-auth")
+      adapter = HTTPI::Adapter::Curb.new(request)
+
+      request.auth.ntlm("tester", "vReqSoafRe5O")
+      expect(adapter.request(:get).body).to eq("ntlm-auth")
+    end
+  end
+
   describe HTTPI::Adapter::Curb do
 
     let(:adapter) { HTTPI::Adapter::Curb.new(request) }
@@ -126,29 +146,36 @@ unless RUBY_PLATFORM =~ /java/
         end
       end
 
-      describe "timeout" do
+      describe "timeout_ms" do
         it "is not set unless it's specified" do
-          curb.expects(:timeout=).never
+          curb.expects(:timeout_ms=).never
           adapter.request(:get)
         end
 
-        it "is set if specified" do
+        it "is set if specified read_timeout" do
           request.read_timeout = 30
-          curb.expects(:timeout=).with(request.read_timeout)
+          curb.expects(:timeout_ms=).with(30_000)
+
+          adapter.request(:get)
+        end
+
+        it "is set if specified write_timeout" do
+          request.write_timeout = 30
+          curb.expects(:timeout_ms=).with(30_000)
 
           adapter.request(:get)
         end
       end
 
-      describe "connect_timeout" do
+      describe "connect_timeout_ms" do
         it "is not set unless it's specified" do
-          curb.expects(:connect_timeout=).never
+          curb.expects(:connect_timeout_ms=).never
           adapter.request(:get)
         end
 
         it "is set if specified" do
           request.open_timeout = 30
-          curb.expects(:connect_timeout=).with(30)
+          curb.expects(:connect_timeout_ms=).with(30_000)
 
           adapter.request(:get)
         end
@@ -168,15 +195,6 @@ unless RUBY_PLATFORM =~ /java/
         end
       end
 
-      describe "NTLM authentication" do
-        it "is not supported" do
-          request.auth.ntlm("tester", "vReqSoafRe5O")
-
-          expect { adapter.request(:get) }.
-            to raise_error(HTTPI::NotSupportedError, /does not support NTLM authentication/)
-        end
-      end
-
       describe "http_auth_types" do
         it "is set to :basic for HTTP basic auth" do
           request.auth.basic "username", "password"
@@ -198,6 +216,13 @@ unless RUBY_PLATFORM =~ /java/
 
           adapter.request(:get)
         end
+
+        it "is set to :ntlm for HTTP NTLM auth" do
+          request.auth.ntlm("tester", "vReqSoafRe5O")
+          curb.expects(:http_auth_types=).with(:ntlm)
+
+          adapter.request(:get)
+        end
       end
 
       describe "username and password" do
@@ -239,8 +264,7 @@ unless RUBY_PLATFORM =~ /java/
           end
 
           it 'to 2 when ssl_version is specified as SSLv2/SSLv23' do
-            version = OpenSSL::SSL::SSLContext::METHODS.reject { |method| method.match /server|client/ }
-            version = version.select { |method| method.to_s.match /SSLv2|SSLv23/ }.first
+            version = HTTPI::Auth::SSL::SSL_VERSIONS.select { |method| method.to_s.match(/SSLv2|SSLv23/) }.first
             request.auth.ssl.ssl_version = version
             curb.expects(:ssl_version=).with(2)
 
@@ -254,6 +278,16 @@ unless RUBY_PLATFORM =~ /java/
             adapter.request(:get)
           end
         end
+        it 'raises error when min_version not nil' do
+          request.auth.ssl.min_version = :TLS1_2
+          expect{ adapter.request(:get) }.
+            to raise_error(HTTPI::NotSupportedError, 'Curb adapter does not support #min_version or #max_version. Please, use #ssl_version instead.')
+        end
+        it 'raises error when max_version not nil' do
+          request.auth.ssl.max_version = :TLS1_2
+          expect{ adapter.request(:get) }.
+            to raise_error(HTTPI::NotSupportedError, 'Curb adapter does not support #min_version or #max_version. Please, use #ssl_version instead.')
+        end
       end
 
       context "(for SSL client auth)" do
@@ -261,13 +295,16 @@ unless RUBY_PLATFORM =~ /java/
           request = HTTPI::Request.new("http://example.com")
           request.auth.ssl.cert_key_file = "spec/fixtures/client_key.pem"
           request.auth.ssl.cert_file = "spec/fixtures/client_cert.pem"
+          request.auth.ssl.cert_key_password = 'example'
           request
         end
 
         it "send certificate regardless of state of SSL verify mode" do
           request.auth.ssl.verify_mode = :none
+          curb.expects(:ssl_verify_host=).with(0) # avoid "SSL peer certificate" error
           curb.expects(:cert_key=).with(request.auth.ssl.cert_key_file)
           curb.expects(:cert=).with(request.auth.ssl.cert_file)
+          curb.expects(:certpassword=).with(request.auth.ssl.cert_key_password)
 
           adapter.request(:get)
         end
@@ -275,6 +312,7 @@ unless RUBY_PLATFORM =~ /java/
         it "cert_key, cert and ssl_verify_peer should be set" do
           curb.expects(:cert_key=).with(request.auth.ssl.cert_key_file)
           curb.expects(:cert=).with(request.auth.ssl.cert_file)
+          curb.expects(:certpassword=).with(request.auth.ssl.cert_key_password)
           curb.expects(:ssl_verify_peer=).with(true)
           curb.expects(:certtype=).with(request.auth.ssl.cert_type.to_s.upcase)