lhc 15.0.0 → 15.1.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3a34aeee4fa910b8099acfdd73813103beb630400b92b449dbfbf4d87de4e041
-  data.tar.gz: 846b8cc9e24b9b0b9189b24d38c3e7b485096b4afd970cfc6fe48c8ee3a76d7e
+  metadata.gz: 40a7523182b4a8d9a3a93cbc667d35e8df394f4751a1c6e9c0a6ccf71771f136
+  data.tar.gz: d1c16ba4e9cf1ba5cbdaf0833b1c04daf48e3d039cdf4e445c249a6792c9a67f
 SHA512:
-  metadata.gz: 067d2e56385e931f00caa829411888881705ec19a702979332ad5074bf1a6515f0893e09111314b825fa7dd6d559518c997ac309f17e06eee245faffe93fcebd
-  data.tar.gz: 5284f04c83ca525e774775c41bd88d9f2dc8feeaf8f1fb47d3b9bde5677eeaad9bec6be6213597c4d1f34a2a22f8703b9f8e7fef0a4a09a58f24a6f72b2bf66b
+  metadata.gz: 3ab7127d698a59dfeeefaa06d8f80a8d787a7fde26017f4a026473826681a0d85373a560cdc82b8a7ef551be990149a26025a5d77af77b5b54b350f4ef528d78
+  data.tar.gz: 12d1e327c10768fca97287b0efae094d966a3b291b5cf46933181a255a3245312b7fe68f63a232cd6aff50b10085e6dd1f9dfea2c6382fb1559075a9bb89fc23

data/.rubocop.yml

@@ -26,6 +26,9 @@ require:
 Bundler/OrderedGems:
   Enabled: false
 
+Gemspec/RequireMFA:
+  Enabled: false
+
 Lint/SuppressedException:
   Exclude:
     - spec/**/*
@@ -260,7 +263,7 @@ Style/CaseLikeIf:
   Enabled: false
 
 Style/HashEachMethods:
-  Enabled: false 
+  Enabled: false
 
 Style/HashConversion: # (new in 1.10)
   Enabled: false
@@ -268,6 +271,9 @@ Style/HashConversion: # (new in 1.10)
 Style/NilLambda: # (new in 1.3)
   Enabled: false
 
+Style/OpenStructUse:
+  Enabled: false
+
 RSpec/DescribeClass:
   Exclude:
     - spec/views/**/*

data/README.md

@@ -618,12 +618,18 @@ Adds the following to body of all requests:
 
 ##### Reauthenticate
 
-The current implementation can only offer reauthenticate for _client access tokens_. For this to work the following has to be given:
-
-* You have configured and implemented `LHC::Auth.refresh_client_token = -> { TokenRefreshUtil.client_access_token(true) }` which when called will force a refresh of the token and return the new value. It is also expected that this implementation will handle invalidating caches if necessary.
-* Your interceptors contain `LHC::Auth` and `LHC::Retry`, whereas `LHC::Retry` comes _after_ `LHC::Auth` in the chain.
+The current implementation offers only reauthentication for _client access tokens_.
+Make sure that your interceptors contain `LHC::Auth` and `LHC::Retry`, whereas `LHC::Retry` comes _after_ `LHC::Auth` in the chain.
+Provide the refresh token as following:
+```ruby
+LHC.get('http://local.ch', auth: { bearer: -> { access_token }, refresh_client_token: -> { TokenRefreshUtil.client_access_token(true) })
+```
+Where `TokenRefreshUtil.client_access_token(true)` forces a refresh of the token and returns the new token. It is also expected that this implementation will handle invalidating caches if necessary.
 
-##### Bearer Authentication with client access token
+You can also set a global `refresh_client_token`. This is not recommended for apps with multiple endpoint and different access tokens.
+```ruby
+LHC::Auth.refresh_client_token = -> { TokenRefreshUtil.client_access_token(true) }
+```
 
 Reauthentication will be initiated if:
 

data/lhc.gemspec

@@ -24,6 +24,7 @@ Gem::Specification.new do |s|
 
   s.add_dependency 'activesupport', '>= 5.2'
   s.add_dependency 'addressable'
+  s.add_dependency 'local_uri'
   s.add_dependency 'typhoeus', '>= 0.11'
 
   s.add_development_dependency 'geminabox'
@@ -35,6 +36,7 @@ Gem::Specification.new do |s|
   s.add_development_dependency 'rubocop', '~> 1.0'
   s.add_development_dependency 'rubocop-performance', '~> 1.0'
   s.add_development_dependency 'rubocop-rspec', '~> 1.26.0'
+  s.add_development_dependency 'sprockets-rails'
   s.add_development_dependency 'timecop'
   s.add_development_dependency 'webmock'
 

data/lib/lhc/error.rb

@@ -75,7 +75,7 @@ class LHC::Error < StandardError
     debug << "Options: #{request.scrubbed_options}"
     debug << "Headers: #{request.scrubbed_headers}"
     debug << "Response Code: #{response.code} (#{response.options[:return_code]})"
-    debug << "Response Options: #{response.options}"
+    debug << "Response Options: #{response.scrubbed_options}"
     debug << response.body
     debug << _message
     debug.map { |str| self.class.fix_invalid_encoding(str) }.join("\n")

data/lib/lhc/interceptors/auth.rb

@@ -39,7 +39,7 @@ class LHC::Auth < LHC::Interceptor
     set_bearer_authorization_header(token)
   end
 
-  # rubocop:disable Style/AccessorMethodName
+  # rubocop:disable Naming/AccessorMethodName
   def set_authorization_header(value)
     request.headers['Authorization'] = value
   end
@@ -53,7 +53,7 @@ class LHC::Auth < LHC::Interceptor
     request.options[:auth].merge!(bearer_token: token)
     set_authorization_header("Bearer #{token}")
   end
-  # rubocop:enable Style/AccessorMethodName
+  # rubocop:enable Naming/AccessorMethodName
 
   def reauthenticate!
     # refresh token and update header

data/lib/lhc/request.rb

@@ -72,6 +72,7 @@ class LHC::Request
 
   def scrubbed_options
     scrubbed_options = options.deep_dup
+    scrubbed_options[:cache] = LHC::CacheScrubber.new(scrubbed_options[:cache]).scrubbed
     scrubbed_options[:params] = LHC::ParamsScrubber.new(scrubbed_options[:params]).scrubbed
     scrubbed_options[:headers] = LHC::HeadersScrubber.new(scrubbed_options[:headers], scrubbed_options[:auth]).scrubbed
     scrubbed_options[:auth] = LHC::AuthScrubber.new(scrubbed_options[:auth]).scrubbed

data/lib/lhc/response.rb

@@ -54,6 +54,12 @@ class LHC::Response
     request.format
   end
 
+  def scrubbed_options
+    scrubbed_options = options.deep_dup
+    scrubbed_options[:effective_url] = LHC::EffectiveUrlScrubber.new(scrubbed_options[:effective_url]).scrubbed
+    scrubbed_options
+  end
+
   private
 
   attr_accessor :raw

data/lib/lhc/scrubbers/cache_scrubber.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+class LHC::CacheScrubber < LHC::Scrubber
+  def initialize(data)
+    super(data)
+    scrub_cache_options!
+  end
+
+  private
+
+  def scrub_cache_options!
+    return if scrubbed.blank?
+    return if scrub_elements.blank?
+
+    scrub_cache_key!
+  end
+
+  def scrub_cache_key!
+    return if scrubbed[:key].blank?
+
+    scrub_elements.each do |scrub_element|
+      matches = scrubbed[:key].match(/:#{scrub_element}=>"(.*?)"/)
+      next if matches.nil?
+
+      value = matches[-1]
+      scrubbed[:key].gsub!(value, SCRUB_DISPLAY)
+    end
+  end
+
+  def scrub_elements
+    # The cache key includes the whole request url inklusive params.
+    # We need to scrub those params from the cache key.
+    LHC.config.scrubs[:params]
+  end
+end

data/lib/lhc/scrubbers/effective_url_scrubber.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+class LHC::EffectiveUrlScrubber < LHC::Scrubber
+  def initialize(data)
+    super(data)
+    scrub_effective_url_options!
+  end
+
+  private
+
+  def scrub_effective_url_options!
+    return if scrubbed.blank?
+    return if scrub_elements.blank?
+
+    scrub_effective_url!
+  end
+
+  def scrub_effective_url!
+    return if scrubbed.blank?
+
+    scrub_elements.each do |scrub_element|
+      uri = LocalUri::URI.new(scrubbed)
+      self.scrubbed = CGI.unescape(uri.query.merge(scrub_element => SCRUB_DISPLAY).to_s)
+    end
+  end
+
+  def scrub_elements
+    # The effective url includes the params of the request
+    # so we need to scrub those params from the effective url.
+    LHC.config.scrubs[:params]
+  end
+end

data/lib/lhc/scrubbers/headers_scrubber.rb

@@ -25,14 +25,26 @@ class LHC::HeadersScrubber < LHC::Scrubber
   end
 
   def scrub_basic_authentication_headers!
-    return if auth_options[:basic].blank? || scrubbed['Authorization'].blank?
+    return if !scrub_basic_authentication_headers?
 
     scrubbed['Authorization'].gsub!(auth_options[:basic][:base_64_encoded_credentials], SCRUB_DISPLAY)
   end
 
   def scrub_bearer_authentication_headers!
-    return if auth_options[:bearer].blank? || scrubbed['Authorization'].blank?
+    return if !scrub_bearer_authentication_headers?
 
     scrubbed['Authorization'].gsub!(auth_options[:bearer_token], SCRUB_DISPLAY)
   end
+
+  def scrub_basic_authentication_headers?
+    auth_options[:basic].present? &&
+      scrubbed['Authorization'].present? &&
+      scrubbed['Authorization'].include?(auth_options[:basic][:base_64_encoded_credentials])
+  end
+
+  def scrub_bearer_authentication_headers?
+    auth_options[:bearer].present? &&
+      scrubbed['Authorization'].present? &&
+      scrubbed['Authorization'].include?(auth_options[:bearer_token])
+  end
 end

data/lib/lhc/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module LHC
-  VERSION ||= '15.0.0'
+  VERSION ||= '15.1.2'
 end

data/lib/lhc.rb

@@ -1,5 +1,6 @@
 # frozen_string_literal: true
 
+require 'local_uri'
 require 'typhoeus'
 require 'active_support/core_ext/object/blank'
 require 'active_support/core_ext/hash/keys'
@@ -119,6 +120,10 @@ module LHC
            'lhc/scrubbers/auth_scrubber'
   autoload :BodyScrubber,
            'lhc/scrubbers/body_scrubber'
+  autoload :CacheScrubber,
+           'lhc/scrubbers/cache_scrubber'
+  autoload :EffectiveUrlScrubber,
+           'lhc/scrubbers/effective_url_scrubber'
   autoload :HeadersScrubber,
            'lhc/scrubbers/headers_scrubber'
   autoload :ParamsScrubber,

data/spec/error/to_s_spec.rb

@@ -55,10 +55,12 @@ describe LHC::Error do
       end
 
       let(:response) do
+        options = { return_code: :internal_error, response_headers: "" }
         double('LHC::Response',
                request: request,
                code: 500,
-               options: { return_code: :internal_error, response_headers: "" },
+               options: options,
+               scrubbed_options: options,
                body: '{"status":500,"message":"undefined"}')
       end
 

data/spec/request/scrubbed_headers_spec.rb

@@ -59,19 +59,20 @@ describe LHC::Request do
       let(:authorization_header) { { 'Authorization' => "Bearer #{bearer_token}" } }
       let(:auth) { { bearer: -> { bearer_token } } }
 
-      it 'provides srubbed request headers' do
+      it 'scrubs only the bearer token' do
         expect(request.scrubbed_headers).to include('Authorization' => "Bearer #{LHC::Scrubber::SCRUB_DISPLAY}")
         expect(request.headers).to include(authorization_header)
       end
 
-      context 'when nothing should get scrubbed' do
-        before :each do
-          LHC.config.scrubs = {}
-        end
+      it 'scrubs whole "Authorization" header' do
+        LHC.config.scrubs[:headers] << 'Authorization'
+        expect(request.scrubbed_headers).to include('Authorization' => LHC::Scrubber::SCRUB_DISPLAY)
+        expect(request.headers).to include(authorization_header)
+      end
 
-        it 'does not filter beaerer auth' do
-          expect(request.scrubbed_headers).to include(authorization_header)
-        end
+      it 'scrubs nothing' do
+        LHC.config.scrubs = {}
+        expect(request.scrubbed_headers).to include(authorization_header)
       end
     end
 
@@ -82,19 +83,20 @@ describe LHC::Request do
       let(:authorization_header) { { 'Authorization' => "Basic #{credentials_base_64_codiert}" } }
       let(:auth) { { basic: { username: username, password: password } } }
 
-      it 'provides srubbed request headers' do
+      it 'scrubs only credentials' do
         expect(request.scrubbed_headers).to include('Authorization' => "Basic #{LHC::Scrubber::SCRUB_DISPLAY}")
         expect(request.headers).to include(authorization_header)
       end
 
-      context 'when nothing should get scrubbed' do
-        before :each do
-          LHC.config.scrubs = {}
-        end
+      it 'scrubs whole "Authorization" header' do
+        LHC.config.scrubs[:headers] << 'Authorization'
+        expect(request.scrubbed_headers).to include('Authorization' => LHC::Scrubber::SCRUB_DISPLAY)
+        expect(request.headers).to include(authorization_header)
+      end
 
-        it 'does not filter basic auth' do
-          expect(request.scrubbed_headers).to include(authorization_header)
-        end
+      it 'scrubs nothing' do
+        LHC.config.scrubs = {}
+        expect(request.scrubbed_headers).to include(authorization_header)
       end
     end
   end

data/spec/request/scrubbed_options_spec.rb

@@ -18,9 +18,12 @@ describe LHC::Request do
   let(:params) { { api_key: 'api-key-params' } }
   let(:headers) { { private_key: 'private-key-header' } }
   let(:body) { { user_token: 'user-token-body' } }
+  let(:cache) do
+    { key: "LHS_REQUEST_CYCLE_CACHE(v1) POST http://local.ch?#{params}" }
+  end
 
   let(:request) do
-    response = LHC.post(:local, params: params, headers: headers, body: body)
+    response = LHC.post(:local, params: params, headers: headers, body: body, cache: cache)
     response.request
   end
 
@@ -30,6 +33,8 @@ describe LHC::Request do
     expect(request.scrubbed_options[:body]).to include(user_token: LHC::Scrubber::SCRUB_DISPLAY)
     expect(request.scrubbed_options[:auth][:bearer_token]).to eq(LHC::Scrubber::SCRUB_DISPLAY)
     expect(request.scrubbed_options[:auth][:basic]).to be nil
+    expect(request.scrubbed_options[:cache])
+      .to include(key: "LHS_REQUEST_CYCLE_CACHE(v1) POST http://local.ch?{:api_key=>\"[FILTERED]\"}")
   end
 
   context 'when bearer auth is not a proc' do
@@ -53,6 +58,19 @@ describe LHC::Request do
     end
   end
 
+  context 'when parameter should not get scrubbed' do
+    let(:params) { { any_parameter: 'any-parameter' } }
+
+    let(:cache) do
+      { key: "LHS_REQUEST_CYCLE_CACHE(v1) POST http://local.ch?#{params}" }
+    end
+
+    it 'does not scrubb the parameter' do
+      expect(request.scrubbed_options[:cache])
+        .to include(key: "LHS_REQUEST_CYCLE_CACHE(v1) POST http://local.ch?#{params}")
+    end
+  end
+
   context 'when body data is nested' do
     let(:body) do
       {
@@ -104,6 +122,8 @@ describe LHC::Request do
       expect(request.scrubbed_options[:headers]).not_to include(private_key: LHC::Scrubber::SCRUB_DISPLAY)
       expect(request.scrubbed_options[:body]).not_to include(user_token: LHC::Scrubber::SCRUB_DISPLAY)
       expect(request.scrubbed_options[:auth][:bearer_token]).not_to eq(LHC::Scrubber::SCRUB_DISPLAY)
+      expect(request.scrubbed_options[:cache])
+        .not_to include(key: "LHS_REQUEST_CYCLE_CACHE(v1) POST http://local.ch?{:api_key=>\"[FILTERED]\"}")
     end
   end
 

data/spec/response/scrubbed_options_spec.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+describe LHC::Response do
+  let(:options) do
+    { effective_url: 'http://local.ch?api_key=api-key' }
+  end
+
+  let(:raw_response) { OpenStruct.new(options: options) }
+
+  before do
+    LHC.config.scrubs[:params] << 'api_key'
+  end
+
+  it 'scrubbes effective url' do
+    response = LHC::Response.new(raw_response, nil)
+    expect(response.scrubbed_options[:effective_url]).to eq "http://local.ch?api_key=#{LHC::Scrubber::SCRUB_DISPLAY}"
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: lhc
 version: !ruby/object:Gem::Version
-  version: 15.0.0
+  version: 15.1.2
 platform: ruby
 authors:
 - https://github.com/local-ch/lhc/contributors
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-05-12 00:00:00.000000000 Z
+date: 2022-01-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -38,6 +38,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: local_uri
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: typhoeus
   requirement: !ruby/object:Gem::Requirement
@@ -178,6 +192,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 1.26.0
+- !ruby/object:Gem::Dependency
+  name: sprockets-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: timecop
   requirement: !ruby/object:Gem::Requirement
@@ -273,6 +301,8 @@ files:
 - lib/lhc/scrubber.rb
 - lib/lhc/scrubbers/auth_scrubber.rb
 - lib/lhc/scrubbers/body_scrubber.rb
+- lib/lhc/scrubbers/cache_scrubber.rb
+- lib/lhc/scrubbers/effective_url_scrubber.rb
 - lib/lhc/scrubbers/headers_scrubber.rb
 - lib/lhc/scrubbers/params_scrubber.rb
 - lib/lhc/test/cache_helper.rb
@@ -401,6 +431,7 @@ files:
 - spec/response/effective_url_spec.rb
 - spec/response/headers_spec.rb
 - spec/response/options_spec.rb
+- spec/response/scrubbed_options_spec.rb
 - spec/response/success_spec.rb
 - spec/response/time_spec.rb
 - spec/spec_helper.rb
@@ -560,6 +591,7 @@ test_files:
 - spec/response/effective_url_spec.rb
 - spec/response/headers_spec.rb
 - spec/response/options_spec.rb
+- spec/response/scrubbed_options_spec.rb
 - spec/response/success_spec.rb
 - spec/response/time_spec.rb
 - spec/spec_helper.rb