mauth-client 6.4.3 → 7.1.0

data/lib/mauth/client/{local_authenticator.rb → authenticator.rb}

@@ -4,14 +4,135 @@ require 'mauth/client/security_token_cacher'
 require 'mauth/client/signer'
 require 'openssl'
 
-# methods to verify the authenticity of signed requests and responses locally, retrieving
-# public keys from the mAuth service as needed
+# methods to verify the authenticity of signed requests and responses
 
 module MAuth
   class Client
-    module LocalAuthenticator
+    module Authenticator
+      ALLOWED_DRIFT_SECONDS = 300
+
+      # takes an incoming request or response object, and returns whether
+      # the object is authentic according to its signature.
+      def authentic?(object)
+        log_authentication_request(object)
+        begin
+          authenticate!(object)
+          true
+        rescue InauthenticError, MAuthNotPresent, MissingV2Error
+          false
+        end
+      end
+
+      # raises InauthenticError unless the given object is authentic. Will only
+      # authenticate with v2 if the environment variable V2_ONLY_AUTHENTICATE
+      # is set. Otherwise will fall back to v1 when v2 authentication fails
+      def authenticate!(object)
+        case object.protocol_version
+        when 2
+          begin
+            authenticate_v2!(object)
+          rescue InauthenticError => e
+            raise e if v2_only_authenticate?
+            raise e if disable_fallback_to_v1_on_v2_failure?
+
+            object.fall_back_to_mws_signature_info
+            raise e unless object.signature
+
+            log_authentication_request(object)
+            authenticate_v1!(object)
+            logger.warn('Completed successful authentication attempt after fallback to v1')
+          end
+        when 1
+          if v2_only_authenticate?
+            # If v2 is required but not present and v1 is present we raise MissingV2Error
+            msg = 'This service requires mAuth v2 mcc-authentication header but only v1 x-mws-authentication is present'
+            logger.error(msg)
+            raise MissingV2Error, msg
+          end
+
+          authenticate_v1!(object)
+        else
+          sub_str = v2_only_authenticate? ? '' : 'X-MWS-Authentication header is blank, '
+          msg = "Authentication Failed. No mAuth signature present; #{sub_str}MCC-Authentication header is blank."
+          logger.warn("mAuth signature not present on #{object.class}. Exception: #{msg}")
+          raise MAuthNotPresent, msg
+        end
+      end
+
       private
 
+      # NOTE: This log is likely consumed downstream and the contents SHOULD NOT
+      # be changed without a thorough review of downstream consumers.
+      def log_authentication_request(object)
+        object_app_uuid = object.signature_app_uuid || '[none provided]'
+        object_token = object.signature_token || '[none provided]'
+        logger.info(
+          'Mauth-client attempting to authenticate request from app with mauth ' \
+          "app uuid #{object_app_uuid} to app with mauth app uuid #{client_app_uuid} " \
+          "using version #{object_token}."
+        )
+      end
+
+      def log_inauthentic(object, message)
+        logger.error("mAuth signature authentication failed for #{object.class}. Exception: #{message}")
+      end
+
+      def time_within_valid_range!(object, time_signed, now = Time.now)
+        return if (-ALLOWED_DRIFT_SECONDS..ALLOWED_DRIFT_SECONDS).cover?(now.to_i - time_signed)
+
+        msg = "Time verification failed. #{time_signed} not within #{ALLOWED_DRIFT_SECONDS} of #{now}"
+        log_inauthentic(object, msg)
+        raise InauthenticError, msg
+      end
+
+      # V1 helpers
+      def authenticate_v1!(object)
+        time_valid_v1!(object)
+        token_valid_v1!(object)
+        signature_valid_v1!(object)
+      end
+
+      def time_valid_v1!(object)
+        if object.x_mws_time.nil?
+          msg = 'Time verification failed. No x-mws-time present.'
+          log_inauthentic(object, msg)
+          raise InauthenticError, msg
+        end
+        time_within_valid_range!(object, object.x_mws_time.to_i)
+      end
+
+      def token_valid_v1!(object)
+        return if object.signature_token == MWS_TOKEN
+
+        msg = "Token verification failed. Expected #{MWS_TOKEN}; token was #{object.signature_token}"
+        log_inauthentic(object, msg)
+        raise InauthenticError, msg
+      end
+
+      # V2 helpers
+      def authenticate_v2!(object)
+        time_valid_v2!(object)
+        token_valid_v2!(object)
+        signature_valid_v2!(object)
+      end
+
+      def time_valid_v2!(object)
+        if object.mcc_time.nil?
+          msg = 'Time verification failed. No MCC-Time present.'
+          log_inauthentic(object, msg)
+          raise InauthenticError, msg
+        end
+        time_within_valid_range!(object, object.mcc_time.to_i)
+      end
+
+      def token_valid_v2!(object)
+        return if object.signature_token == MWSV2_TOKEN
+
+        msg = "Token verification failed. Expected #{MWSV2_TOKEN}; token was #{object.signature_token}"
+        log_inauthentic(object, msg)
+        raise InauthenticError, msg
+      end
+
       def signature_valid_v1!(object)
         # We are in an unfortunate situation in which Euresource is percent-encoding parts of paths, but not
         # all of them.  In particular, Euresource is percent-encoding all special characters save for '/'.

data/lib/mauth/client/security_token_cacher.rb

@@ -1,16 +1,24 @@
 # frozen_string_literal: true
 
 require 'faraday-http-cache'
+require 'faraday/retry'
+if Gem::Version.new(Faraday::VERSION) >= Gem::Version.new('2.0')
+  require 'faraday/net_http_persistent'
+else
+  require 'net/http/persistent'
+end
 require 'mauth/faraday'
 
 module MAuth
   class Client
-    module LocalAuthenticator
+    module Authenticator
       class SecurityTokenCacher
+        attr_reader :mauth_client
+
         def initialize(mauth_client)
           @mauth_client = mauth_client
           # TODO: should this be UnableToSignError?
-          @mauth_client.assert_private_key(
+          mauth_client.assert_private_key(
             UnableToAuthenticateError.new('Cannot fetch public keys from mAuth service without a private key!')
           )
         end
@@ -19,7 +27,7 @@ module MAuth
           # url-encode the app_uuid to prevent trickery like escaping upward with ../../ in a malicious
           # app_uuid - probably not exploitable, but this is the right way to do it anyway.
           url_encoded_app_uuid = CGI.escape(app_uuid)
-          path = "/mauth/#{@mauth_client.mauth_api_version}/security_tokens/#{url_encoded_app_uuid}.json"
+          path = "/mauth/#{mauth_client.mauth_api_version}/security_tokens/#{url_encoded_app_uuid}.json"
           response = signed_mauth_connection.get(path)
 
           case response.status
@@ -29,11 +37,11 @@ module MAuth
             # signing with a key mAuth doesn't know about is considered inauthentic
             raise InauthenticError, "mAuth service responded with 404 looking up public key for #{app_uuid}"
           else
-            @mauth_client.send(:mauth_service_response_error, response)
+            mauth_client.send(:mauth_service_response_error, response)
           end
         rescue ::Faraday::ConnectionFailed, ::Faraday::TimeoutError => e
           msg = "mAuth service did not respond; received #{e.class}: #{e.message}"
-          @mauth_client.logger.error("Unable to authenticate with MAuth. Exception #{msg}")
+          mauth_client.logger.error("Unable to authenticate with MAuth. Exception #{msg}")
           raise UnableToAuthenticateError, msg
         end
 
@@ -43,21 +51,20 @@ module MAuth
           JSON.parse response_body
         rescue JSON::ParserError => e
           msg = "mAuth service responded with unparseable json: #{response_body}\n#{e.class}: #{e.message}"
-          @mauth_client.logger.error("Unable to authenticate with MAuth. Exception #{msg}")
+          mauth_client.logger.error("Unable to authenticate with MAuth. Exception #{msg}")
           raise UnableToAuthenticateError, msg
         end
 
         def signed_mauth_connection
           @signed_mauth_connection ||= begin
-            if @mauth_client.ssl_certs_path
-              @mauth_client.faraday_options[:ssl] = { ca_path: @mauth_client.ssl_certs_path }
-            end
+            mauth_client.faraday_options[:ssl] = { ca_path: mauth_client.ssl_certs_path } if mauth_client.ssl_certs_path
 
-            ::Faraday.new(@mauth_client.mauth_baseurl, @mauth_client.faraday_options) do |builder|
+            ::Faraday.new(mauth_client.mauth_baseurl, mauth_client.faraday_options) do |builder|
               builder.use MAuth::Faraday::MAuthClientUserAgent
-              builder.use MAuth::Faraday::RequestSigner, 'mauth_client' => @mauth_client
-              builder.use :http_cache, logger: MAuth::Client.new.logger, shared_cache: false
-              builder.adapter ::Faraday.default_adapter
+              builder.use MAuth::Faraday::RequestSigner, 'mauth_client' => mauth_client
+              builder.use :http_cache, store: mauth_client.cache_store, logger: mauth_client.logger, shared_cache: false
+              builder.request :retry, max: 2
+              builder.adapter :net_http_persistent
             end
           end
         end

data/lib/mauth/client.rb

@@ -7,13 +7,12 @@ require 'json'
 require 'yaml'
 require 'mauth/core_ext'
 require 'mauth/autoload'
-require 'mauth/dice_bag/mauth_templates'
 require 'mauth/version'
-require 'mauth/client/authenticator_base'
-require 'mauth/client/local_authenticator'
-require 'mauth/client/remote_authenticator'
+require 'mauth/client/authenticator'
 require 'mauth/client/signer'
+require 'mauth/config_env'
 require 'mauth/errors'
+require 'mauth/private_key_helper'
 
 module MAuth
   # does operations which require a private key and corresponding app uuid. this is primarily:
@@ -31,66 +30,22 @@ module MAuth
     AUTH_HEADER_DELIMITER = ';'
     RACK_ENV_APP_UUID_KEY = 'mauth.app_uuid'
 
-    include AuthenticatorBase
+    include Authenticator
     include Signer
 
     # returns a configuration (to be passed to MAuth::Client.new) which is configured from information stored in
     # standard places. all of which is overridable by options in case some defaults do not apply.
     #
     # options (may be symbols or strings) - any or all may be omitted where your usage conforms to the defaults.
-    # - root: the path relative to which this method looks for configuration yaml files. defaults to Rails.root
-    #   if ::Rails is defined, otherwise ENV['RAILS_ROOT'], ENV['RACK_ROOT'], ENV['APP_ROOT'], or '.'
-    # - environment: the environment, pertaining to top-level keys of the configuration yaml files. by default,
-    #   tries Rails.environment, ENV['RAILS_ENV'], and ENV['RACK_ENV'], and falls back to 'development' if none
-    #   of these are set.
-    # - mauth_config - MAuth configuration. defaults to load this from a yaml file (see mauth_config_yml option)
-    #   which is assumed to be keyed with the environment at the root. if this is specified, no yaml file is
-    #   loaded, and the given config is passed through with any other defaults applied. at the moment, the only
-    #   other default is to set the logger.
-    # - mauth_config_yml - specifies where a mauth configuration yaml file can be found. by default checks
-    #   ENV['MAUTH_CONFIG_YML'] or a file 'config/mauth.yml' relative to the root.
+    # - mauth_config - MAuth configuration. defaults to load this from environment variables. if this is specified,
+    #   no environment variable is loaded, and the given config is passed through with any other defaults applied.
+    #   at the moment, the only other default is to set the logger.
     # - logger - by default checks ::Rails.logger
     def self.default_config(options = {})
       options = options.stringify_symbol_keys
 
-      # find the app_root (relative to which we look for yaml files). note that this
-      # is different than MAuth::Client.root, the root of the mauth-client library.
-      app_root = options['root'] || begin
-        if Object.const_defined?(:Rails) && ::Rails.respond_to?(:root) && ::Rails.root
-          Rails.root
-        else
-          ENV['RAILS_ROOT'] || ENV['RACK_ROOT'] || ENV['APP_ROOT'] || '.'
-        end
-      end
-
-      # find the environment (with which yaml files are keyed)
-      env = options['environment'] || begin
-        if Object.const_defined?(:Rails) && ::Rails.respond_to?(:environment)
-          Rails.environment
-        else
-          ENV['RAILS_ENV'] || ENV['RACK_ENV'] || 'development'
-        end
-      end
-
-      # find mauth config, given on options, or in a file at
-      # ENV['MAUTH_CONFIG_YML'] or config/mauth.yml in the app_root
-      mauth_config = options['mauth_config'] || begin
-        mauth_config_yml = options['mauth_config_yml']
-        mauth_config_yml ||= ENV['MAUTH_CONFIG_YML']
-        default_loc = 'config/mauth.yml'
-        default_yml = File.join(app_root, default_loc)
-        mauth_config_yml ||= default_yml if File.exist?(default_yml)
-        if mauth_config_yml && File.exist?(mauth_config_yml)
-          whole_config = ConfigFile.load(mauth_config_yml)
-          errmessage = "#{mauth_config_yml} config has no key #{env} - it has keys #{whole_config.keys.inspect}"
-          whole_config[env] || raise(MAuth::Client::ConfigurationError, errmessage)
-        else
-          raise MAuth::Client::ConfigurationError,
-            'could not find mauth config yaml file. this file may be ' \
-            "placed in #{default_loc}, specified with the mauth_config_yml option, or specified with the " \
-            'MAUTH_CONFIG_YML environment variable.'
-        end
-      end
+      # find mauth config
+      mauth_config = options['mauth_config'] || ConfigEnv.load
 
       unless mauth_config.key?('logger')
         # the logger. Rails.logger if it exists, otherwise, no logger
@@ -106,18 +61,13 @@ module MAuth
 
     # new client with the given App UUID and public key. config may include the following (all
     # config keys may be strings or symbols):
-    # - private_key - required for signing and for authenticating responses. may be omitted if
-    #   only remote authentication of requests is being performed (with
-    #   MAuth::Rack::RequestAuthenticator). may be given as a string or a OpenSSL::PKey::RSA
-    #   instance.
+    # - private_key - required for signing and for authentication.
+    #   may be given as a string or a OpenSSL::PKey::RSA instance.
     # - app_uuid - required in the same circumstances where a private_key is required
-    # - mauth_baseurl - required. needed for local authentication to retrieve public keys; needed
-    #   for remote authentication for hopefully obvious reasons.
+    # - mauth_baseurl - required. needed to retrieve public keys.
     # - mauth_api_version - required. only 'v1' exists / is supported as of this writing.
     # - logger - a Logger to which any useful information will be written. if this is omitted and
     #   Rails.logger exists, that will be used.
-    # - authenticator - this pretty much never needs to be specified. LocalAuthenticator or
-    #   RemoteRequestAuthenticator will be used as appropriate.
     def initialize(config = {})
       # stringify symbol keys
       given_config = config.stringify_symbol_keys
@@ -131,7 +81,7 @@ module MAuth
         when nil
           nil
         when String
-          OpenSSL::PKey::RSA.new(given_config['private_key'])
+          PrivateKeyHelper.load(given_config['private_key'])
         when OpenSSL::PKey::RSA
           given_config['private_key']
         else
@@ -153,31 +103,20 @@ module MAuth
         end
       end
 
-      request_config = { timeout: 10, open_timeout: 10 }
+      request_config = { timeout: 10, open_timeout: 3 }
       request_config.merge!(symbolize_keys(given_config['faraday_options'])) if given_config['faraday_options']
       @config['faraday_options'] = { request: request_config } || {}
       @config['ssl_certs_path'] = given_config['ssl_certs_path'] if given_config['ssl_certs_path']
       @config['v2_only_authenticate'] = given_config['v2_only_authenticate'].to_s.casecmp('true').zero?
       @config['v2_only_sign_requests'] = given_config['v2_only_sign_requests'].to_s.casecmp('true').zero?
-      @config['disable_fallback_to_v1_on_v2_failure'] =
-        given_config['disable_fallback_to_v1_on_v2_failure'].to_s.casecmp('true').zero?
       @config['v1_only_sign_requests'] = given_config['v1_only_sign_requests'].to_s.casecmp('true').zero?
-
       if @config['v2_only_sign_requests'] && @config['v1_only_sign_requests']
         raise MAuth::Client::ConfigurationError, 'v2_only_sign_requests and v1_only_sign_requests may not both be true'
       end
 
-      # if 'authenticator' was given, don't override that - including if it was given as nil / false
-      if given_config.key?('authenticator')
-        @config['authenticator'] = given_config['authenticator']
-      elsif client_app_uuid && private_key
-        @config['authenticator'] = LocalAuthenticator
-      # MAuth::Client can authenticate locally if it's provided a client_app_uuid and private_key
-      else
-        # otherwise, it will authenticate remotely (requests only)
-        @config['authenticator'] = RemoteRequestAuthenticator
-      end
-      extend @config['authenticator'] if @config['authenticator']
+      @config['disable_fallback_to_v1_on_v2_failure'] =
+        given_config['disable_fallback_to_v1_on_v2_failure'].to_s.casecmp('true').zero?
+      @config['use_rails_cache'] = given_config['use_rails_cache']
     end
 
     def logger
@@ -228,6 +167,10 @@ module MAuth
       raise err unless private_key
     end
 
+    def cache_store
+      Rails.cache if @config['use_rails_cache'] && Object.const_defined?(:Rails) && ::Rails.respond_to?(:cache)
+    end
+
     private
 
     def mauth_service_response_error(response)
@@ -246,27 +189,4 @@ module MAuth
       hash
     end
   end
-
-  module ConfigFile
-    GITHUB_URL = 'https://github.com/mdsol/mauth-client-ruby'
-    @config = {}
-
-    def self.load(path)
-      unless File.exist?(path)
-        raise "File #{path} not found. Please visit #{GITHUB_URL} for details."
-      end
-
-      @config[path] ||= yaml_safe_load_file(path)
-      unless @config[path]
-        raise "File #{path} does not contain proper YAML information. Visit #{GITHUB_URL} for details."
-      end
-
-      @config[path]
-    end
-
-    def self.yaml_safe_load_file(path)
-      yml_data = File.read(path)
-      YAML.safe_load(yml_data, aliases: true)
-    end
-  end
 end

data/lib/mauth/config_env.rb

@@ -0,0 +1,81 @@
+# frozen_string_literal: true
+
+module MAuth
+  class ConfigEnv
+    GITHUB_URL = 'https://github.com/mdsol/mauth-client-ruby'
+
+    ENV_STUFF = {
+      'MAUTH_URL' => nil,
+      'MAUTH_API_VERSION' => 'v1',
+      'MAUTH_APP_UUID' => nil,
+      'MAUTH_PRIVATE_KEY' => nil,
+      'MAUTH_PRIVATE_KEY_FILE' => 'config/mauth_key',
+      'MAUTH_V2_ONLY_AUTHENTICATE' => false,
+      'MAUTH_V2_ONLY_SIGN_REQUESTS' => false,
+      'MAUTH_DISABLE_FALLBACK_TO_V1_ON_V2_FAILURE' => false,
+      'MAUTH_V1_ONLY_SIGN_REQUESTS' => true,
+      'MAUTH_USE_RAILS_CACHE' => false
+    }.freeze
+
+    class << self
+      def load
+        validate! if production?
+
+        {
+          'mauth_baseurl' => env[:mauth_url] || 'http://localhost:7000',
+          'mauth_api_version' => env[:mauth_api_version],
+          'app_uuid' => env[:mauth_app_uuid] || 'fb17460e-9868-11e1-8399-0090f5ccb4d3',
+          'private_key' => private_key || PrivateKeyHelper.generate.to_s,
+          'v2_only_authenticate' => env[:mauth_v2_only_authenticate],
+          'v2_only_sign_requests' => env[:mauth_v2_only_sign_requests],
+          'disable_fallback_to_v1_on_v2_failure' => env[:mauth_disable_fallback_to_v1_on_v2_failure],
+          'v1_only_sign_requests' => env[:mauth_v1_only_sign_requests],
+          'use_rails_cache' => env[:mauth_use_rails_cache]
+        }
+      end
+
+      private
+
+      def validate!
+        errors = []
+        errors << 'The MAUTH_URL environment variable must be set' if env[:mauth_url].nil?
+        errors << 'The MAUTH_APP_UUID environment variable must be set' if env[:mauth_app_uuid].nil?
+        errors << 'The MAUTH_PRIVATE_KEY environment variable must be set' if env[:mauth_private_key].nil?
+        return if errors.empty?
+
+        errors.map! { |err| "#{err} => See #{GITHUB_URL}" }
+        errors.unshift('Invalid MAuth Client configuration:')
+        raise errors.join("\n")
+      end
+
+      def env
+        @env ||= ENV_STUFF.each_with_object({}) do |(key, default), hsh|
+          env_key = key.downcase.to_sym
+          hsh[env_key] = ENV.fetch(key, default)
+
+          case default
+          when TrueClass, FalseClass
+            hsh[env_key] = hsh[env_key].to_s.casecmp('true').zero?
+          end
+        end
+      end
+
+      def production?
+        environment.to_s.casecmp('production').zero?
+      end
+
+      def environment
+        return Rails.environment if Object.const_defined?(:Rails) && ::Rails.respond_to?(:environment)
+
+        ENV.fetch('RAILS_ENV') { ENV.fetch('RACK_ENV', 'development') }
+      end
+
+      def private_key
+        return env[:mauth_private_key] if env[:mauth_private_key]
+        return nil unless env[:mauth_private_key_file] && File.readable?(env[:mauth_private_key_file])
+
+        File.read(env[:mauth_private_key_file])
+      end
+    end
+  end
+end

data/lib/mauth/private_key_helper.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+require 'openssl'
+
+module MAuth
+  module PrivateKeyHelper
+    HEADER = '-----BEGIN RSA PRIVATE KEY-----'
+    FOOTER = '-----END RSA PRIVATE KEY-----'
+
+    module_function
+
+    def generate
+      OpenSSL::PKey::RSA.generate(2048)
+    end
+
+    def load(key)
+      OpenSSL::PKey::RSA.new(to_rsa_format(key))
+    rescue OpenSSL::PKey::RSAError
+      raise 'The private key provided is invalid'
+    end
+
+    def to_rsa_format(key)
+      return key if key.include?("\n")
+
+      body = key.strip.delete_prefix(HEADER).delete_suffix(FOOTER).strip
+      body = body.include?("\s") ? body.tr("\s", "\n") : body.scan(/.{1,64}/).join("\n")
+      "#{HEADER}\n#{body}\n#{FOOTER}"
+    end
+  end
+end

data/lib/mauth/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module MAuth
-  VERSION = '6.4.3'
+  VERSION = '7.1.0'
 end

data/mauth-client.gemspec

@@ -14,7 +14,7 @@ Gem::Specification.new do |spec|
                        'Includes middleware for Rack and Faraday for incoming and outgoing requests and responses.'
   spec.homepage      = 'https://github.com/mdsol/mauth-client-ruby'
   spec.license       = 'MIT'
-  spec.required_ruby_version = '>= 2.6.0'
+  spec.required_ruby_version = '>= 2.7.0'
 
   spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
   spec.bindir        = 'exe'
@@ -23,23 +23,11 @@ Gem::Specification.new do |spec|
 
   spec.add_dependency 'addressable', '~> 2.0'
   spec.add_dependency 'coderay', '~> 1.0'
-  spec.add_dependency 'dice_bag', '>= 0.9', '< 2.0'
-  spec.add_dependency 'faraday', '>= 0.9', '< 3.0'
+  spec.add_dependency 'faraday', '>= 1.9', '< 3.0'
   spec.add_dependency 'faraday-http-cache', '>= 2.0', '< 3.0'
+  spec.add_dependency 'faraday-net_http_persistent'
+  spec.add_dependency 'faraday-retry'
+  spec.add_dependency 'net-http-persistent', '>= 3.1'
   spec.add_dependency 'rack', '> 2.2.3'
   spec.add_dependency 'term-ansicolor', '~> 1.0'
-
-  spec.add_development_dependency 'appraisal'
-  spec.add_development_dependency 'benchmark-ips', '~> 2.7'
-  spec.add_development_dependency 'bundler', '>= 1.17'
-  spec.add_development_dependency 'byebug'
-  spec.add_development_dependency 'rack-test', '~> 1.1.0'
-  spec.add_development_dependency 'rake', '~> 12.0'
-  spec.add_development_dependency 'rspec', '~> 3.8'
-  spec.add_development_dependency 'rubocop', '= 1.25.1'
-  spec.add_development_dependency 'rubocop-mdsol', '~> 0.1'
-  spec.add_development_dependency 'rubocop-performance', '= 1.13.2'
-  spec.add_development_dependency 'simplecov', '~> 0.16'
-  spec.add_development_dependency 'timecop', '~> 0.9'
-  spec.add_development_dependency 'webmock', '~> 3.0'
 end