mauth-client 6.2.1 → 6.4.1

data/lib/mauth/proxy.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'mauth/client'
 require 'faraday'
 require 'rack'
@@ -7,6 +9,8 @@ module MAuth
   # proxy them to a target URI. the responses from the target may be authenticated, with MAuth
   # (and are by default).
   class Proxy
+    EXCLUDED_RESPONSE_HEADERS = %w[Content-Length Transfer-Encoding].map(&:downcase)
+
     # target_uri is the base relative to which requests are made.
     #
     # options:
@@ -38,12 +42,11 @@ module MAuth
         end
       end
       @persistent_headers = {}
-      if options[:headers]
-        options[:headers].each do |cur|
-          raise "Headers must be in the format of [key]:[value]" unless cur.include?(':')
-          key, throw_away, value = cur.partition(':')
-          @persistent_headers[key.strip] = value.strip
-        end
+      options[:headers]&.each do |cur|
+        raise 'Headers must be in the format of [key]:[value]' unless cur.include?(':')
+
+        key, _throw_away, value = cur.partition(':')
+        @persistent_headers[key.strip] = value.strip
       end
     end
 
@@ -56,20 +59,20 @@ module MAuth
       request_headers = {}
       request_env.each do |k, v|
         if k.start_with?('HTTP_') && k != 'HTTP_HOST'
-          name = k.sub(/\AHTTP_/, '')
+          name = k.delete_prefix('HTTP_')
           request_headers[name] = v
         end
       end
       request_headers.merge!(@persistent_headers)
       if @browser_proxy
-        target_uri = request_env["REQUEST_URI"]
+        target_uri = request_env['REQUEST_URI']
         connection = @target_uris.any? { |u| target_uri.start_with? u } ? @signer_connection : @unsigned_connection
         response = connection.run_request(request_method, target_uri, request_body, request_headers)
       else
         response = @connection.run_request(request_method, request.fullpath, request_body, request_headers)
       end
       response_headers = response.headers.reject do |name, _value|
-        %w(Content-Length Transfer-Encoding).map(&:downcase).include?(name.downcase)
+        EXCLUDED_RESPONSE_HEADERS.include?(name.downcase)
       end
       [response.status, response_headers, [response.body || '']]
     end

data/lib/mauth/rack.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'mauth/middleware'
 require 'mauth/request_and_response'
 require 'rack/utils'
@@ -41,7 +43,7 @@ module MAuth
       # discards the body if REQUEST_METHOD is HEAD. sets the Content-Length.
       def handle_head(env)
         status, headers, body = *yield
-        headers["Content-Length"] = body.map(&:bytesize).inject(0, &:+).to_s
+        headers['Content-Length'] = body.sum(&:bytesize).to_s
         [status, headers, env['REQUEST_METHOD'].casecmp('head').zero? ? [] : body]
       end
 
@@ -75,7 +77,8 @@ module MAuth
         handle_head(env) do
           body = {
             'type' => 'errors:mauth:missing_v2',
-            'title' => 'This service requires mAuth v2 mcc-authentication header. Upgrade your mAuth library and configure it properly.'
+            'title' => 'This service requires mAuth v2 mcc-authentication header. Upgrade your mAuth library and ' \
+                       'configure it properly.'
           }
           [401, { 'Content-Type' => 'application/json' }, [JSON.pretty_generate(body)]]
         end
@@ -85,7 +88,7 @@ module MAuth
     # same as MAuth::Rack::RequestAuthenticator, but does not authenticate /app_status
     class RequestAuthenticatorNoAppStatus < RequestAuthenticator
       def should_authenticate?(env)
-        env['PATH_INFO'] != "/app_status" && super
+        env['PATH_INFO'] != '/app_status' && super
       end
     end
 
@@ -95,9 +98,10 @@ module MAuth
         unsigned_response = @app.call(env)
 
         method =
-          if env['mauth.protocol_version'] == 2
+          case env['mauth.protocol_version']
+          when 2
             :signed_v2
-          elsif env['mauth.protocol_version'] == 1
+          when 1
             :signed_v1
           else
             # if no protocol was supplied then use `signed` which either signs
@@ -115,6 +119,7 @@ module MAuth
     class Request < MAuth::Request
       include Signed
       attr_reader :env
+
       def initialize(env)
         @env = env
       end
@@ -165,8 +170,11 @@ module MAuth
 
       def attributes_for_signing
         @attributes_for_signing ||= begin
-          body = ''
-          @body.each { |part| body << part } # note: rack only requires #each be defined on the body, so not using map or inject
+          body = +''
+          # NOTE: rack only requires #each be defined on the body, so not using map or inject
+          @body.each do |part|
+            body << part
+          end
           { status_code: @status.to_i, body: body }
         end
       end

data/lib/mauth/request_and_response.rb

@@ -1,4 +1,6 @@
-require 'digest'
+# frozen_string_literal: true
+
+require 'openssl'
 require 'addressable'
 
 module MAuth
@@ -31,11 +33,15 @@ module MAuth
     #     current_seconds_since_epoch
     def string_to_sign_v1(more_attributes)
       attributes_for_signing = self.attributes_for_signing.merge(more_attributes)
-      missing_attributes = self.class::SIGNATURE_COMPONENTS.select { |key| !attributes_for_signing.key?(key) || attributes_for_signing[key].nil? }
+      missing_attributes = self.class::SIGNATURE_COMPONENTS.select do |key|
+        !attributes_for_signing.key?(key) || attributes_for_signing[key].nil?
+      end
       missing_attributes.delete(:body) # body may be omitted
       if missing_attributes.any?
-        raise(UnableToSignError, "Missing required attributes to sign: #{missing_attributes.inspect}\non object to sign: #{inspect}")
+        raise(UnableToSignError,
+          "Missing required attributes to sign: #{missing_attributes.inspect}\non object to sign: #{inspect}")
       end
+
       self.class::SIGNATURE_COMPONENTS.map { |k| attributes_for_signing[k].to_s }.join("\n")
     end
 
@@ -56,23 +62,25 @@ module MAuth
     #     app_uuid + <LF> +
     #     current_seconds_since_epoch
     def string_to_sign_v2(override_attrs)
-      attrs_with_overrides = self.attributes_for_signing.merge(override_attrs)
+      attrs_with_overrides = attributes_for_signing.merge(override_attrs)
 
       # memoization of body_digest to avoid hashing three times when we call
       # string_to_sign_v2 three times in client#signature_valid_v2!
       # note that if :body is nil we hash an empty string ('')
-      attrs_with_overrides[:body_digest] ||= Digest::SHA512.hexdigest(attrs_with_overrides[:body] || '')
-      attrs_with_overrides[:encoded_query_params] = unescape_encode_query_string(attrs_with_overrides[:query_string] || '')
+      attrs_with_overrides[:body_digest] ||= OpenSSL::Digest.hexdigest('SHA512', attrs_with_overrides[:body] || '')
+      attrs_with_overrides[:encoded_query_params] =
+        unescape_encode_query_string(attrs_with_overrides[:query_string] || '')
       attrs_with_overrides[:request_url] = normalize_path(attrs_with_overrides[:request_url])
 
       missing_attributes = self.class::SIGNATURE_COMPONENTS_V2.reject do |key|
-        attrs_with_overrides.dig(key)
+        attrs_with_overrides[key]
       end
 
       missing_attributes.delete(:body_digest) # body may be omitted
       missing_attributes.delete(:encoded_query_params) # query_string may be omitted
       if missing_attributes.any?
-        raise(UnableToSignError, "Missing required attributes to sign: #{missing_attributes.inspect}\non object to sign: #{inspect}")
+        raise(UnableToSignError,
+          "Missing required attributes to sign: #{missing_attributes.inspect}\non object to sign: #{inspect}")
       end
 
       self.class::SIGNATURE_COMPONENTS_V2.map do |k|
@@ -88,17 +96,17 @@ module MAuth
       #   i.e. /./example => /example ; /example/.. => /
       # String#squeeze removes duplicated slahes i.e. /// => /
       # String#gsub normalizes percent encoding to uppercase i.e. %cf%80 => %CF%80
-      Addressable::URI.normalize_path(path).squeeze('/').
-        gsub(/%[a-f0-9]{2}/, &:upcase)
+      Addressable::URI.normalize_path(path).squeeze('/')
+        .gsub(/%[a-f0-9]{2}/, &:upcase)
     end
 
     # sorts query string parameters by codepoint, uri encodes keys and values,
     # and rejoins parameters into a query string
     def unescape_encode_query_string(q_string)
-      fir = q_string.split('&').map do |part|
+      q_string.split('&').map do |part|
         k, _eq, v = part.partition('=')
         [CGI.unescape(k), CGI.unescape(v)]
-      end.sort.map do |k, v|
+      end.sort.map do |k, v| # rubocop:disable Style/MultilineBlockChain
         "#{uri_escape(k)}=#{uri_escape(v)}"
       end.join('&')
     end
@@ -172,7 +180,7 @@ module MAuth
 
     def mcc_data
       mcc_authentication&.match(
-        /\A(#{MAuth::Client::MWSV2_TOKEN}) ([^:]+):([^:]+)#{MAuth::Client::AUTH_HEADER_DELIMITER}\z/
+        /\A(#{MAuth::Client::MWSV2_TOKEN}) ([^:]+):([^:]+)#{MAuth::Client::AUTH_HEADER_DELIMITER}\z/o
       )
     end
 

data/lib/mauth/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module MAuth
-  VERSION = '6.2.1'
+  VERSION = '6.4.1'
 end

data/lib/mauth-client.rb

@@ -1 +1,3 @@
+# frozen_string_literal: true
+
 require 'mauth/client'

data/lib/rack/mauth.rb

@@ -1 +1,3 @@
+# frozen_string_literal: true
+
 require 'mauth/rack'

data/mauth-client.gemspec

@@ -1,4 +1,6 @@
-lib = File.expand_path('../lib', __FILE__)
+# frozen_string_literal: true
+
+lib = File.expand_path('lib', __dir__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 require 'mauth/version'
 
@@ -8,33 +10,36 @@ Gem::Specification.new do |spec|
   spec.authors       = ['Matthew Szenher', 'Aaron Suggs', 'Geoffrey Ducharme', 'Ethan']
   spec.email         = ['mszenher@mdsol.com']
   spec.summary       = 'Sign and authenticate requests and responses with mAuth authentication.'
-  spec.description   = 'Client for signing and authentication of requests and responses with mAuth authentication. Includes middleware for Rack and Faraday for incoming and outgoing requests and responses.'
+  spec.description   = 'Client for signing and authentication of requests and responses with mAuth authentication. ' \
+                       'Includes middleware for Rack and Faraday for incoming and outgoing requests and responses.'
   spec.homepage      = 'https://github.com/mdsol/mauth-client-ruby'
   spec.license       = 'MIT'
-  spec.required_ruby_version = '>= 2.3.0'
+  spec.required_ruby_version = '>= 2.6.0'
 
   spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
   spec.bindir        = 'exe'
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ['lib']
 
-  spec.add_dependency 'faraday', '>= 0.9', '< 2.0'
-  spec.add_dependency 'faraday_middleware', '>= 0.9', '< 2.0'
-  spec.add_dependency 'faraday-http-cache', '>= 2.0', '< 3.0'
-  spec.add_dependency 'term-ansicolor', '~> 1.0'
+  spec.add_dependency 'addressable', '~> 2.0'
   spec.add_dependency 'coderay', '~> 1.0'
-  spec.add_dependency 'rack'
   spec.add_dependency 'dice_bag', '>= 0.9', '< 2.0'
-  spec.add_dependency 'addressable', '~> 2.0'
+  spec.add_dependency 'faraday', '>= 0.9', '< 3.0'
+  spec.add_dependency 'faraday-http-cache', '>= 2.0', '< 3.0'
+  spec.add_dependency 'rack'
+  spec.add_dependency 'term-ansicolor', '~> 1.0'
 
   spec.add_development_dependency 'appraisal'
+  spec.add_development_dependency 'benchmark-ips', '~> 2.7'
   spec.add_development_dependency 'bundler', '>= 1.17'
   spec.add_development_dependency 'byebug'
   spec.add_development_dependency 'rack-test', '~> 1.1.0'
   spec.add_development_dependency 'rake', '~> 12.0'
   spec.add_development_dependency 'rspec', '~> 3.8'
+  spec.add_development_dependency 'rubocop', '= 1.25.1'
+  spec.add_development_dependency 'rubocop-mdsol', '~> 0.1'
+  spec.add_development_dependency 'rubocop-performance', '= 1.13.2'
   spec.add_development_dependency 'simplecov', '~> 0.16'
   spec.add_development_dependency 'timecop', '~> 0.9'
-  spec.add_development_dependency 'benchmark-ips', '~> 2.7'
   spec.add_development_dependency 'webmock', '~> 3.0'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: mauth-client
 version: !ruby/object:Gem::Version
-  version: 6.2.1
+  version: 6.4.1
 platform: ruby
 authors:
 - Matthew Szenher
@@ -11,10 +11,38 @@ authors:
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2021-09-23 00:00:00.000000000 Z
+date: 2022-02-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: faraday
+  name: addressable
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: coderay
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: dice_bag
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -34,7 +62,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '2.0'
 - !ruby/object:Gem::Dependency
-  name: faraday_middleware
+  name: faraday
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -42,7 +70,7 @@ dependencies:
         version: '0.9'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '2.0'
+        version: '3.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -52,7 +80,7 @@ dependencies:
         version: '0.9'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '2.0'
+        version: '3.0'
 - !ruby/object:Gem::Dependency
   name: faraday-http-cache
   requirement: !ruby/object:Gem::Requirement
@@ -74,21 +102,21 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '3.0'
 - !ruby/object:Gem::Dependency
-  name: term-ansicolor
+  name: rack
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '0'
 - !ruby/object:Gem::Dependency
-  name: coderay
+  name: term-ansicolor
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
@@ -102,13 +130,13 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '1.0'
 - !ruby/object:Gem::Dependency
-  name: rack
+  name: appraisal
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-  type: :runtime
+  type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
@@ -116,53 +144,19 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: dice_bag
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0.9'
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: '2.0'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0.9'
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: '2.0'
-- !ruby/object:Gem::Dependency
-  name: addressable
+  name: benchmark-ips
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.0'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '2.0'
-- !ruby/object:Gem::Dependency
-  name: appraisal
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
+        version: '2.7'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '2.7'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -234,47 +228,75 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '3.8'
 - !ruby/object:Gem::Dependency
-  name: simplecov
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 1.25.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 1.25.1
+- !ruby/object:Gem::Dependency
+  name: rubocop-mdsol
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.16'
+        version: '0.1'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.16'
+        version: '0.1'
 - !ruby/object:Gem::Dependency
-  name: timecop
+  name: rubocop-performance
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 1.13.2
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 1.13.2
+- !ruby/object:Gem::Dependency
+  name: simplecov
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.9'
+        version: '0.16'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.9'
+        version: '0.16'
 - !ruby/object:Gem::Dependency
-  name: benchmark-ips
+  name: timecop
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.7'
+        version: '0.9'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.7'
+        version: '0.9'
 - !ruby/object:Gem::Dependency
   name: webmock
   requirement: !ruby/object:Gem::Requirement
@@ -304,6 +326,8 @@ files:
 - ".gitignore"
 - ".gitmodules"
 - ".rspec"
+- ".rubocop.yml"
+- ".ruby-version"
 - ".travis.yml"
 - ".yardopts"
 - Appraisals
@@ -327,6 +351,7 @@ files:
 - exe/mauth-proxy
 - gemfiles/faraday_0.x.gemfile
 - gemfiles/faraday_1.x.gemfile
+- gemfiles/faraday_2.x.gemfile
 - lib/mauth-client.rb
 - lib/mauth/autoload.rb
 - lib/mauth/client.rb
@@ -362,14 +387,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.3.0
+      version: 2.6.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.8
+rubygems_version: 3.1.2
 signing_key: 
 specification_version: 4
 summary: Sign and authenticate requests and responses with mAuth authentication.