lhc 13.0.0 → 15.0.0

data/spec/interceptors/monitoring/caching_spec.rb

@@ -0,0 +1,66 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+describe LHC::Monitoring do
+  let(:stub) do
+    stub_request(:get, 'http://local.ch').to_return(status: 200, body: 'The Website')
+  end
+
+  module Statsd
+    def self.count(_path, _value); end
+
+    def self.timing(_path, _value); end
+  end
+
+  before(:each) do
+    LHC::Monitoring.statsd = Statsd
+    Rails.cache.clear
+    allow(Statsd).to receive(:count).with('lhc.dummy.test.local_ch.get.before_request', 1)
+    allow(Statsd).to receive(:count).with('lhc.dummy.test.local_ch.get.count', 1)
+    allow(Statsd).to receive(:count).with('lhc.dummy.test.local_ch.get.after_request', 1)
+    allow(Statsd).to receive(:count).with('lhc.dummy.test.local_ch.get.200', 1)
+  end
+
+  context 'interceptors configured correctly' do
+    before do
+      LHC.config.interceptors = [LHC::Caching, LHC::Monitoring]
+    end
+
+    context 'requesting with cache option' do
+      it 'monitors miss/hit for caching' do
+        stub
+        expect(Statsd).to receive(:count).with('lhc.dummy.test.local_ch.get.cache.miss', 1)
+        expect(Statsd).to receive(:count).with('lhc.dummy.test.local_ch.get.cache.hit', 1)
+        LHC.get('http://local.ch', cache: true)
+        LHC.get('http://local.ch', cache: true)
+      end
+    end
+
+    context 'request uncached' do
+      it 'requesting without cache option' do
+        stub
+        expect(Statsd).not_to receive(:count).with('lhc.dummy.test.local_ch.get.cache.miss', 1)
+        expect(Statsd).not_to receive(:count).with('lhc.dummy.test.local_ch.get.cache.hit', 1)
+        LHC.get('http://local.ch')
+        LHC.get('http://local.ch')
+      end
+    end
+  end
+
+  context 'wrong interceptor order' do
+    before(:each) do
+      LHC.config.interceptors = [LHC::Monitoring, LHC::Caching] # monitoring needs to be after Caching
+    end
+
+    it 'does monitors miss/hit for caching and warns about wrong order of interceptors' do
+      stub
+      expect(Statsd).not_to receive(:count).with('lhc.dummy.test.local_ch.get.cache.miss', 1)
+      expect(Statsd).not_to receive(:count).with('lhc.dummy.test.local_ch.get.cache.hit', 1)
+      expect(-> {
+        LHC.get('http://local.ch', cache: true)
+        LHC.get('http://local.ch', cache: true)
+      }).to output("[WARNING] Your interceptors must include LHC::Caching and LHC::Monitoring and also in that order.\n[WARNING] Your interceptors must include LHC::Caching and LHC::Monitoring and also in that order.\n").to_stderr
+    end
+  end
+end

data/spec/interceptors/response_competition_spec.rb

@@ -12,7 +12,7 @@ describe LHC do
 
         def before_request
           if @@cached
-            return LHC::Response.new(Typhoeus::Response.new(response_body: 'Im served from local cache'), nil)
+            return LHC::Response.new(Typhoeus::Response.new(response_code: 200, return_code: :ok, response_body: 'Im served from local cache'), nil)
           end
         end
       end
@@ -22,7 +22,7 @@ describe LHC do
 
         def before_request
           if request.response.nil?
-            return LHC::Response.new(Typhoeus::Response.new(response_body: 'Im served from remote cache'), nil)
+            return LHC::Response.new(Typhoeus::Response.new(response_code: 200, return_code: :ok, response_body: 'Im served from remote cache'), nil)
           end
         end
       end

data/spec/interceptors/return_response_spec.rb

@@ -8,7 +8,7 @@ describe LHC do
       class CacheInterceptor < LHC::Interceptor
 
         def before_request
-          LHC::Response.new(Typhoeus::Response.new(response_body: 'Im served from cache'), nil)
+          LHC::Response.new(Typhoeus::Response.new(response_code: 200, return_code: :ok, response_body: 'Im served from cache'), nil)
         end
       end
       LHC.configure { |c| c.interceptors = [CacheInterceptor] }
@@ -23,7 +23,7 @@ describe LHC do
       before(:each) do
         class AnotherInterceptor < LHC::Interceptor
           def before_request
-            LHC::Response.new(Typhoeus::Response.new({}), nil)
+            LHC::Response.new(Typhoeus::Response.new(response_code: 200, return_code: :ok), nil)
           end
         end
       end

data/spec/interceptors/rollbar/main_spec.rb

@@ -36,22 +36,34 @@ describe LHC::Rollbar do
         )
     end
 
-    context 'additional params' do
-      it 'does report errors to rollbar with additional data' do
-        stub_request(:get, 'http://local.ch')
-          .to_return(status: 400)
-        expect(-> { LHC.get('http://local.ch', rollbar: { additional: 'data' }) })
-          .to raise_error LHC::BadRequest
-        expect(::Rollbar).to have_received(:warning)
-          .with(
-            'Status: 400 URL: http://local.ch',
-            hash_including(
-              response: anything,
-              request: anything,
-              additional: 'data'
-            )
+    it 'does report errors to rollbar with additional data' do
+      stub_request(:get, 'http://local.ch')
+        .to_return(status: 400)
+      expect(-> { LHC.get('http://local.ch', rollbar: { additional: 'data' }) })
+        .to raise_error LHC::BadRequest
+      expect(::Rollbar).to have_received(:warning)
+        .with(
+          'Status: 400 URL: http://local.ch',
+          hash_including(
+            response: anything,
+            request: anything,
+            additional: 'data'
           )
-      end
+        )
+    end
+
+    it 'scrubs sensitive data' do
+      LHC.config.scrubs[:params] << 'api_key'
+      LHC.config.scrubs[:headers] << 'private_key'
+      stub_request(:get, 'http://local.ch?api_key=123-abc').to_return(status: 400)
+      expect(-> { LHC.get('http://local.ch', params: { api_key: '123-abc' }, headers: { private_key: 'abc-123' }) })
+        .to raise_error LHC::BadRequest
+      expect(::Rollbar).to have_received(:warning)
+        .with(
+          'Status: 400 URL: http://local.ch',
+          response: hash_including(body: anything, code: anything, headers: anything, time: anything, timeout?: anything),
+          request: hash_including(url: anything, method: anything, headers: hash_including(private_key: LHC::Scrubber::SCRUB_DISPLAY), params: { api_key: LHC::Scrubber::SCRUB_DISPLAY })
+        )
     end
   end
 end

data/spec/request/scrubbed_headers_spec.rb

@@ -0,0 +1,101 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+describe LHC::Request do
+  let(:headers) { { private_key: 'xyz-123' } }
+  let(:response) { LHC.get(:local, headers: headers) }
+  let(:auth) { {} }
+
+  before :each do
+    LHC.config.endpoint(:local, 'http://local.ch', auth: auth)
+    stub_request(:get, 'http://local.ch').with(headers: headers)
+  end
+
+  it 'scrubs "private_key"' do
+    LHC.config.scrubs[:headers] << 'private_key'
+    expect(response.request.scrubbed_headers).to include(private_key: LHC::Scrubber::SCRUB_DISPLAY)
+  end
+
+  it 'does not add a new attribute when a non existing header should be scrubbed' do
+    LHC.config.scrubs[:headers] << 'anything'
+    expect(response.request.scrubbed_headers).not_to include('anything' => LHC::Scrubber::SCRUB_DISPLAY)
+  end
+
+  context 'when strings instead of symbols are provided' do
+    let(:headers) { { 'private_key' => 'xyz-123' } }
+
+    it 'scrubs "private_key"' do
+      LHC.config.scrubs[:headers] << 'private_key'
+      expect(response.request.scrubbed_headers).to include('private_key' => LHC::Scrubber::SCRUB_DISPLAY)
+    end
+  end
+
+  context 'other authentication strategy' do
+    let(:api_key) { '123456' }
+    let(:authorization_header) { { 'Authorization' => "Apikey #{api_key}" } }
+    let(:headers) { authorization_header }
+
+    it 'provides srubbed Authorization header' do
+      LHC.config.scrubs[:headers] << 'Authorization'
+      expect(response.request.scrubbed_headers).to include('Authorization' => LHC::Scrubber::SCRUB_DISPLAY)
+      expect(response.request.headers).to include(authorization_header)
+    end
+  end
+
+  describe 'auth' do
+    before :each do
+      LHC.config.interceptors = [LHC::Auth]
+      stub_request(:get, 'http://local.ch').with(headers: authorization_header)
+    end
+
+    let(:request) do
+      response = LHC.get(:local)
+      response.request
+    end
+
+    context 'bearer authentication' do
+      let(:bearer_token) { '123456' }
+      let(:authorization_header) { { 'Authorization' => "Bearer #{bearer_token}" } }
+      let(:auth) { { bearer: -> { bearer_token } } }
+
+      it 'provides srubbed request headers' do
+        expect(request.scrubbed_headers).to include('Authorization' => "Bearer #{LHC::Scrubber::SCRUB_DISPLAY}")
+        expect(request.headers).to include(authorization_header)
+      end
+
+      context 'when nothing should get scrubbed' do
+        before :each do
+          LHC.config.scrubs = {}
+        end
+
+        it 'does not filter beaerer auth' do
+          expect(request.scrubbed_headers).to include(authorization_header)
+        end
+      end
+    end
+
+    context 'basic authentication' do
+      let(:username) { 'steve' }
+      let(:password) { 'abcdefg' }
+      let(:credentials_base_64_codiert) { Base64.strict_encode64("#{username}:#{password}").chomp }
+      let(:authorization_header) { { 'Authorization' => "Basic #{credentials_base_64_codiert}" } }
+      let(:auth) { { basic: { username: username, password: password } } }
+
+      it 'provides srubbed request headers' do
+        expect(request.scrubbed_headers).to include('Authorization' => "Basic #{LHC::Scrubber::SCRUB_DISPLAY}")
+        expect(request.headers).to include(authorization_header)
+      end
+
+      context 'when nothing should get scrubbed' do
+        before :each do
+          LHC.config.scrubs = {}
+        end
+
+        it 'does not filter basic auth' do
+          expect(request.scrubbed_headers).to include(authorization_header)
+        end
+      end
+    end
+  end
+end

data/spec/request/scrubbed_options_spec.rb

@@ -0,0 +1,194 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+describe LHC::Request do
+  before :each do
+    LHC.config.interceptors = [LHC::Auth]
+    LHC.config.endpoint(:local, 'http://local.ch', auth: auth)
+    LHC.config.scrubs[:params] << 'api_key'
+    LHC.config.scrubs[:headers] << 'private_key'
+    LHC.config.scrubs[:body] << 'user_token'
+    stub_request(:post, "http://local.ch?#{params.to_query}").with(headers: authorization_header.merge(headers), body: body.to_json)
+  end
+
+  let(:bearer_token) { '123456' }
+  let(:authorization_header) { { 'Authorization' => "Bearer #{bearer_token}" } }
+  let(:auth) { { bearer: -> { bearer_token } } }
+  let(:params) { { api_key: 'api-key-params' } }
+  let(:headers) { { private_key: 'private-key-header' } }
+  let(:body) { { user_token: 'user-token-body' } }
+
+  let(:request) do
+    response = LHC.post(:local, params: params, headers: headers, body: body)
+    response.request
+  end
+
+  it 'provides srubbed request options' do
+    expect(request.scrubbed_options[:params]).to include(api_key: LHC::Scrubber::SCRUB_DISPLAY)
+    expect(request.scrubbed_options[:headers]).to include(private_key: LHC::Scrubber::SCRUB_DISPLAY)
+    expect(request.scrubbed_options[:body]).to include(user_token: LHC::Scrubber::SCRUB_DISPLAY)
+    expect(request.scrubbed_options[:auth][:bearer_token]).to eq(LHC::Scrubber::SCRUB_DISPLAY)
+    expect(request.scrubbed_options[:auth][:basic]).to be nil
+  end
+
+  context 'when bearer auth is not a proc' do
+    let(:auth) { { bearer: bearer_token } }
+
+    it 'also scrubbes the bearer' do
+      expect(request.scrubbed_options[:auth][:bearer]).to eq(LHC::Scrubber::SCRUB_DISPLAY)
+      expect(request.scrubbed_options[:auth][:bearer_token]).to eq(LHC::Scrubber::SCRUB_DISPLAY)
+    end
+  end
+
+  context 'when options do not have auth' do
+    let(:authorization_header) { {} }
+    let(:auth) { nil }
+
+    it 'provides srubbed request options' do
+      expect(request.scrubbed_options[:params]).to include(api_key: LHC::Scrubber::SCRUB_DISPLAY)
+      expect(request.scrubbed_options[:headers]).to include(private_key: LHC::Scrubber::SCRUB_DISPLAY)
+      expect(request.scrubbed_options[:body]).to include(user_token: LHC::Scrubber::SCRUB_DISPLAY)
+      expect(request.scrubbed_options[:auth]).to be nil
+    end
+  end
+
+  context 'when body data is nested' do
+    let(:body) do
+      {
+        data: {
+          attributes: {
+            employee: {
+              name: 'Muster',
+              surname: 'Hans',
+              password: 'test-1234',
+              password_confirmation: 'test-1234'
+            }
+          }
+        }
+      }
+    end
+
+    it 'srubbes nested attributes' do
+      expect(request.scrubbed_options[:params]).to include(api_key: LHC::Scrubber::SCRUB_DISPLAY)
+      expect(request.scrubbed_options[:headers]).to include(private_key: LHC::Scrubber::SCRUB_DISPLAY)
+      expect(request.scrubbed_options[:body][:data][:attributes][:employee]).to include(password: LHC::Scrubber::SCRUB_DISPLAY)
+      expect(request.scrubbed_options[:body][:data][:attributes][:employee]).to include(password_confirmation: LHC::Scrubber::SCRUB_DISPLAY)
+      expect(request.scrubbed_options[:auth][:bearer_token]).to eq(LHC::Scrubber::SCRUB_DISPLAY)
+      expect(request.scrubbed_options[:auth][:basic]).to be nil
+    end
+  end
+
+  context 'basic authentication' do
+    let(:username) { 'steve' }
+    let(:password) { 'abcdefg' }
+    let(:credentials_base_64_codiert) { Base64.strict_encode64("#{username}:#{password}").chomp }
+    let(:authorization_header) { { 'Authorization' => "Basic #{credentials_base_64_codiert}" } }
+    let(:auth) { { basic: { username: username, password: password } } }
+
+    it 'provides srubbed request headers' do
+      expect(request.scrubbed_options[:auth][:basic][:username]).to eq(LHC::Scrubber::SCRUB_DISPLAY)
+      expect(request.scrubbed_options[:auth][:basic][:password]).to eq(LHC::Scrubber::SCRUB_DISPLAY)
+      expect(request.scrubbed_options[:auth][:basic][:base_64_encoded_credentials]).to eq(LHC::Scrubber::SCRUB_DISPLAY)
+      expect(request.scrubbed_options[:auth][:bearer]).to be nil
+    end
+  end
+
+  context 'when nothing should get scrubbed' do
+    before :each do
+      LHC.config.scrubs = {}
+    end
+
+    it 'does not filter anything' do
+      expect(request.scrubbed_options[:params]).not_to include(api_key: LHC::Scrubber::SCRUB_DISPLAY)
+      expect(request.scrubbed_options[:headers]).not_to include(private_key: LHC::Scrubber::SCRUB_DISPLAY)
+      expect(request.scrubbed_options[:body]).not_to include(user_token: LHC::Scrubber::SCRUB_DISPLAY)
+      expect(request.scrubbed_options[:auth][:bearer_token]).not_to eq(LHC::Scrubber::SCRUB_DISPLAY)
+    end
+  end
+
+  context 'custom data structures that respond to as_json (like LHS data or record)' do
+    before do
+      class CustomStructure
+
+        def initialize(data)
+          @data = data
+        end
+
+        def as_json
+          @data.as_json
+        end
+
+        def to_json
+          as_json.to_json
+        end
+      end
+
+      stub_request(:post, 'http://local.ch').with(body: custom_structure.to_json)
+    end
+
+    let(:custom_structure) do
+      CustomStructure.new(user_token: '12345')
+    end
+
+    let(:request) do
+      response = LHC.post(:local, body: custom_structure)
+      response.request
+    end
+
+    it 'provides srubbed request options' do
+      expect(request.scrubbed_options[:body]).to include('user_token' => LHC::Scrubber::SCRUB_DISPLAY)
+    end
+  end
+
+  context 'encoded data hash' do
+    let(:body) { { user_token: 'user-token-body' } }
+
+    let(:request) do
+      response = LHC.post(:local, body: body.to_json)
+      response.request
+    end
+
+    before :each do
+      stub_request(:post, 'http://local.ch').with(body: body.to_json)
+    end
+
+    it 'provides srubbed request options' do
+      expect(request.scrubbed_options[:body]).to include('user_token' => LHC::Scrubber::SCRUB_DISPLAY)
+    end
+  end
+
+  context 'array' do
+    let(:body) { [{ user_token: 'user-token-body' }] }
+
+    let(:request) do
+      response = LHC.post(:local, body: body)
+      response.request
+    end
+
+    before :each do
+      stub_request(:post, 'http://local.ch').with(body: body.to_json)
+    end
+
+    it 'provides srubbed request options' do
+      expect(request.scrubbed_options[:body]).to eq([user_token: LHC::Scrubber::SCRUB_DISPLAY])
+    end
+  end
+
+  context 'encoded array' do
+    let(:body) { [{ user_token: 'user-token-body' }] }
+
+    let(:request) do
+      response = LHC.post(:local, body: body.to_json)
+      response.request
+    end
+
+    before :each do
+      stub_request(:post, 'http://local.ch').with(body: body.to_json)
+    end
+
+    it 'provides srubbed request options' do
+      expect(request.scrubbed_options[:body]).to eq(['user_token' => LHC::Scrubber::SCRUB_DISPLAY])
+    end
+  end
+end