onfido 0.8.4 → 0.9.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/.rubocop.yml +1 -0
- data/CHANGELOG.md +5 -0
- data/README.md +11 -3
- data/lib/onfido.rb +0 -1
- data/lib/onfido/resource.rb +7 -0
- data/lib/onfido/resources/document.rb +2 -1
- data/lib/onfido/resources/live_photo.rb +2 -1
- data/lib/onfido/version.rb +1 -1
- data/onfido.gemspec +1 -0
- data/spec/integrations/document_spec.rb +21 -10
- data/spec/integrations/live_photo_spec.rb +20 -10
- metadata +4 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: 02ec5c2316de975b17ee9818699d45f47eff8e9f93bb89400e7ef4dd9d6b5170
|
4
|
+
data.tar.gz: ed1a1accb7575b5483eb17cd5631d0abe98641a5c34922b79a9c26bce13eab53
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: b51ceca16f8c19c95234e8ba5b5e5e86c3cca098273a79e3880c46175861c6efd9d97858bc463d6a8ad029268d66866306792b5dea822473cd89100c5f4a9b75
|
7
|
+
data.tar.gz: 0f149d1be7d19d1c3f4edbef29d80d0ac5ebfd4ed26e17a29b66e44afbc2e9aa4d473e5ce770d7247284d993a054e6349f043cce62f6d7c9315525b1b6558b92
|
data/.rubocop.yml
CHANGED
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,8 @@
|
|
1
|
+
## v0.9.0, 8 March 2018
|
2
|
+
|
3
|
+
- Remove the ability to create Documents and Live Photos from a remote URL or local path, mitigating a potential security vulnerability (see #45 for details) (@timrogers)
|
4
|
+
- Drop support for Ruby versions earlier than 2.2.0, since they have [reached end-of-life](https://www.ruby-lang.org/en/news/2017/04/01/support-of-ruby-2-1-has-ended/) (@timrogers)
|
5
|
+
|
1
6
|
## v0.8.4, 29 January 2018
|
2
7
|
|
3
8
|
- Replace use of `method_missing` with explicitly-defined accessors when accessing
|
data/README.md
CHANGED
@@ -12,9 +12,11 @@ This gem supports both `v1` and `v2` of the Onfido API. Refer to Onfido's [API d
|
|
12
12
|
Add this line to your application's Gemfile:
|
13
13
|
|
14
14
|
```ruby
|
15
|
-
gem 'onfido', '~> 0.
|
15
|
+
gem 'onfido', '~> 0.9.0'
|
16
16
|
```
|
17
17
|
|
18
|
+
The gem is compatible with Ruby 2.2.0 and onwards. Earlier versions of Ruby have [reached end-of-life](https://www.ruby-lang.org/en/news/2017/04/01/support-of-ruby-2-1-has-ended/), are no longer supported and no longer receive security fixes.
|
19
|
+
|
18
20
|
## Configuration
|
19
21
|
|
20
22
|
There are 5 configuration options:
|
@@ -72,7 +74,10 @@ api.document.download('applicant_id', 'document_id') # => Downloads a document a
|
|
72
74
|
api.document.all('applicant_id') # => Returns all applicant's documents
|
73
75
|
```
|
74
76
|
|
75
|
-
**Note:** The file parameter
|
77
|
+
**Note:** The file parameter must be a `File`-like object which responds to `#read` and `#path`.
|
78
|
+
Previous versions of this gem supported providing a URL to a file accessible over HTTP or a path
|
79
|
+
to a file in the local filesystem. You should instead load the file yourself and then pass it in
|
80
|
+
to `#create`.
|
76
81
|
|
77
82
|
#### Live Photos
|
78
83
|
|
@@ -83,7 +88,10 @@ They can only be created - the Onfido does not support finding or listing them.
|
|
83
88
|
api.live_photo.create('applicant_id', file: 'http://example.com')
|
84
89
|
```
|
85
90
|
|
86
|
-
**Note:** The file parameter
|
91
|
+
**Note:** The file parameter must be a `File`-like object which responds to `#read` and `#path`.
|
92
|
+
Previous versions of this gem supported providing a URL to a file accessible over HTTP or a path
|
93
|
+
to a file in the local filesystem. You should instead load the file yourself and then pass it in
|
94
|
+
to `#create`.
|
87
95
|
|
88
96
|
#### Checks
|
89
97
|
|
data/lib/onfido.rb
CHANGED
data/lib/onfido/resource.rb
CHANGED
@@ -144,5 +144,12 @@ module Onfido
|
|
144
144
|
|
145
145
|
raise ConnectionError.new(full_message)
|
146
146
|
end
|
147
|
+
|
148
|
+
def validate_file!(file)
|
149
|
+
return if file.respond_to?(:read) && file.respond_to?(:path)
|
150
|
+
|
151
|
+
raise ArgumentError, "File must be a `File`-like object which responds to " \
|
152
|
+
"`#read` and `#path`"
|
153
|
+
end
|
147
154
|
end
|
148
155
|
end
|
@@ -3,7 +3,8 @@ module Onfido
|
|
3
3
|
# with open-uri the file can be a link or an actual file
|
4
4
|
|
5
5
|
def create(applicant_id, payload)
|
6
|
-
|
6
|
+
validate_file!(payload.fetch(:file))
|
7
|
+
|
7
8
|
post(
|
8
9
|
url: url_for("applicants/#{applicant_id}/documents"),
|
9
10
|
payload: payload
|
@@ -3,8 +3,9 @@ module Onfido
|
|
3
3
|
# with open-uri the file can be a link or an actual file
|
4
4
|
|
5
5
|
def create(applicant_id, payload)
|
6
|
+
validate_file!(payload.fetch(:file))
|
6
7
|
payload[:applicant_id] = applicant_id
|
7
|
-
|
8
|
+
|
8
9
|
post(
|
9
10
|
url: url_for("/live_photos"),
|
10
11
|
payload: payload
|
data/lib/onfido/version.rb
CHANGED
data/onfido.gemspec
CHANGED
@@ -21,6 +21,7 @@ Gem::Specification.new do |spec|
|
|
21
21
|
spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
|
22
22
|
spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
|
23
23
|
spec.require_paths = ['lib']
|
24
|
+
spec.required_ruby_version = ">= 2.2.0"
|
24
25
|
|
25
26
|
spec.add_development_dependency 'bundler', '~> 1.7'
|
26
27
|
spec.add_development_dependency 'rake', '~> 12.0'
|
@@ -4,13 +4,6 @@ describe Onfido::Document do
|
|
4
4
|
subject(:document) { described_class.new }
|
5
5
|
|
6
6
|
describe '#create' do
|
7
|
-
after do
|
8
|
-
file.close
|
9
|
-
file.unlink
|
10
|
-
end
|
11
|
-
|
12
|
-
let(:file) { Tempfile.new(['passport', '.jpg']) }
|
13
|
-
before { allow(document).to receive(:open).and_return(:file) }
|
14
7
|
let(:params) do
|
15
8
|
{
|
16
9
|
type: 'passport',
|
@@ -20,9 +13,27 @@ describe Onfido::Document do
|
|
20
13
|
end
|
21
14
|
let(:applicant_id) { '1030303-123123-123123' }
|
22
15
|
|
23
|
-
|
24
|
-
|
25
|
-
|
16
|
+
context 'with a File-like object to upload' do
|
17
|
+
let(:file) { Tempfile.new(['passport', '.jpg']) }
|
18
|
+
|
19
|
+
after do
|
20
|
+
file.close
|
21
|
+
file.unlink
|
22
|
+
end
|
23
|
+
|
24
|
+
it 'creates a new document' do
|
25
|
+
response = document.create('foobar', params)
|
26
|
+
expect(response['id']).not_to be_nil
|
27
|
+
end
|
28
|
+
end
|
29
|
+
|
30
|
+
context 'passing in a non-File-like file to upload' do
|
31
|
+
let(:file) { 'https://onfido.com/images/logo.png' }
|
32
|
+
|
33
|
+
it 'raises an ArgumentError' do
|
34
|
+
expect { document.create('foobar', params) }.
|
35
|
+
to raise_error(ArgumentError, /must be a `File`-like object/)
|
36
|
+
end
|
26
37
|
end
|
27
38
|
end
|
28
39
|
|
@@ -4,19 +4,29 @@ describe Onfido::LivePhoto do
|
|
4
4
|
subject(:live_photo) { described_class.new }
|
5
5
|
|
6
6
|
describe '#create' do
|
7
|
-
|
8
|
-
|
9
|
-
|
7
|
+
let(:params) { { file: file } }
|
8
|
+
|
9
|
+
context 'with a File-like object to upload' do
|
10
|
+
let(:file) { Tempfile.new(['passport', '.jpg']) }
|
11
|
+
|
12
|
+
after do
|
13
|
+
file.close
|
14
|
+
file.unlink
|
15
|
+
end
|
16
|
+
|
17
|
+
it 'creates a new photo' do
|
18
|
+
response = live_photo.create('foobar', params)
|
19
|
+
expect(response['id']).not_to be_nil
|
20
|
+
end
|
10
21
|
end
|
11
22
|
|
12
|
-
|
13
|
-
|
14
|
-
let(:params) { { file: file } }
|
15
|
-
let(:applicant_id) { '1030303-123123-123123' }
|
23
|
+
context 'passing in a non-File-like file to upload' do
|
24
|
+
let(:file) { 'https://onfido.com/images/photo.jpg' }
|
16
25
|
|
17
|
-
|
18
|
-
|
19
|
-
|
26
|
+
it 'raises an ArgumentError' do
|
27
|
+
expect { live_photo.create('foobar', params) }.
|
28
|
+
to raise_error(ArgumentError, /must be a `File`-like object/)
|
29
|
+
end
|
20
30
|
end
|
21
31
|
end
|
22
32
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: onfido
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.9.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Pericles Theodorou
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2018-
|
12
|
+
date: 2018-03-08 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: bundler
|
@@ -224,7 +224,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
224
224
|
requirements:
|
225
225
|
- - ">="
|
226
226
|
- !ruby/object:Gem::Version
|
227
|
-
version:
|
227
|
+
version: 2.2.0
|
228
228
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
229
229
|
requirements:
|
230
230
|
- - ">="
|
@@ -232,7 +232,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
232
232
|
version: '0'
|
233
233
|
requirements: []
|
234
234
|
rubyforge_project:
|
235
|
-
rubygems_version: 2.
|
235
|
+
rubygems_version: 2.7.4
|
236
236
|
signing_key:
|
237
237
|
specification_version: 4
|
238
238
|
summary: A wrapper for Onfido API
|