openstax_api 8.1.1 → 8.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/openstax/api/engine.rb +1 -0
- data/lib/openstax/api/params.rb +92 -0
- data/lib/openstax/api/representable_schema_printer.rb +3 -1
- data/lib/openstax/api/version.rb +1 -1
- data/spec/dummy/db/test.sqlite3 +0 -0
- data/spec/dummy/log/test.log +2253 -9380
- data/spec/lib/openstax/api/params_spec.rb +78 -0
- metadata +20 -3
|
@@ -0,0 +1,78 @@
|
|
|
1
|
+
# coding: utf-8
|
|
2
|
+
require 'rails_helper'
|
|
3
|
+
|
|
4
|
+
module OpenStax
|
|
5
|
+
module Api
|
|
6
|
+
describe Params do
|
|
7
|
+
|
|
8
|
+
let(:params) { {a: '1', b: 2, c: nil, d: '', e: '♥', f: true} }
|
|
9
|
+
let(:signed) { described_class.sign(params: params, secret: 'secret') }
|
|
10
|
+
|
|
11
|
+
it 'disallows blank secrets' do
|
|
12
|
+
expect{
|
|
13
|
+
described_class.sign(params: {}, secret: nil)
|
|
14
|
+
}.to raise_error(StandardError)
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
it 'signs and verifies' do
|
|
18
|
+
expect(signed[:timestamp]).not_to be_blank
|
|
19
|
+
expect(signed[:signature]).not_to be_blank
|
|
20
|
+
|
|
21
|
+
expect(
|
|
22
|
+
described_class.signature_and_timestamp_valid?(params: signed, secret: 'secret')
|
|
23
|
+
).to eq true
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
it 'does not verify is signature does not match' do
|
|
27
|
+
signed[:signature] += "a"
|
|
28
|
+
expect(
|
|
29
|
+
described_class.signature_and_timestamp_valid?(params: signed, secret: 'secret')
|
|
30
|
+
).to eq false
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
it 'does not verify if signature blank' do
|
|
34
|
+
signed[:signature] = " "
|
|
35
|
+
expect(
|
|
36
|
+
described_class.signature_and_timestamp_valid?(params: signed, secret: 'secret')
|
|
37
|
+
).to eq false
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
describe "altered params" do
|
|
41
|
+
|
|
42
|
+
it 'rejects additions' do
|
|
43
|
+
expect(
|
|
44
|
+
described_class.signature_and_timestamp_valid?(
|
|
45
|
+
params: signed.merge(evil: 'yes'),
|
|
46
|
+
secret: 'secret')
|
|
47
|
+
).to eq false
|
|
48
|
+
end
|
|
49
|
+
|
|
50
|
+
it 'rejects alterations' do
|
|
51
|
+
expect(
|
|
52
|
+
described_class.signature_and_timestamp_valid?(
|
|
53
|
+
params: signed.merge(b: 10000),
|
|
54
|
+
secret: 'secret')
|
|
55
|
+
).to eq false
|
|
56
|
+
end
|
|
57
|
+
|
|
58
|
+
it 'rejects deletions' do
|
|
59
|
+
expect(
|
|
60
|
+
described_class.signature_and_timestamp_valid?(
|
|
61
|
+
params: signed.except(:a),
|
|
62
|
+
secret: 'secret')
|
|
63
|
+
).to eq false
|
|
64
|
+
end
|
|
65
|
+
|
|
66
|
+
end
|
|
67
|
+
|
|
68
|
+
it 'does not verify if timestamp too long ago' do
|
|
69
|
+
expect(
|
|
70
|
+
described_class.signature_and_timestamp_valid?(params: signed,
|
|
71
|
+
secret: 'secret',
|
|
72
|
+
timestamp_window_width: 0.minutes)
|
|
73
|
+
).to eq false
|
|
74
|
+
end
|
|
75
|
+
|
|
76
|
+
end
|
|
77
|
+
end
|
|
78
|
+
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: openstax_api
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 8.
|
|
4
|
+
version: 8.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dante Soares
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2017-
|
|
12
|
+
date: 2017-09-13 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: rails
|
|
@@ -247,6 +247,20 @@ dependencies:
|
|
|
247
247
|
- - ">="
|
|
248
248
|
- !ruby/object:Gem::Version
|
|
249
249
|
version: '0'
|
|
250
|
+
- !ruby/object:Gem::Dependency
|
|
251
|
+
name: byebug
|
|
252
|
+
requirement: !ruby/object:Gem::Requirement
|
|
253
|
+
requirements:
|
|
254
|
+
- - ">="
|
|
255
|
+
- !ruby/object:Gem::Version
|
|
256
|
+
version: '0'
|
|
257
|
+
type: :development
|
|
258
|
+
prerelease: false
|
|
259
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
260
|
+
requirements:
|
|
261
|
+
- - ">="
|
|
262
|
+
- !ruby/object:Gem::Version
|
|
263
|
+
version: '0'
|
|
250
264
|
description: Provides models, controllers and libraries that help OpenStax products
|
|
251
265
|
define API's for user applications.
|
|
252
266
|
email:
|
|
@@ -267,6 +281,7 @@ files:
|
|
|
267
281
|
- lib/openstax/api/constraints.rb
|
|
268
282
|
- lib/openstax/api/doorkeeper_application_includes.rb
|
|
269
283
|
- lib/openstax/api/engine.rb
|
|
284
|
+
- lib/openstax/api/params.rb
|
|
270
285
|
- lib/openstax/api/representable_schema_printer.rb
|
|
271
286
|
- lib/openstax/api/responder_with_put_patch_delete_content.rb
|
|
272
287
|
- lib/openstax/api/roar.rb
|
|
@@ -324,6 +339,7 @@ files:
|
|
|
324
339
|
- spec/lib/openstax/api/apipie_spec.rb
|
|
325
340
|
- spec/lib/openstax/api/constraints_spec.rb
|
|
326
341
|
- spec/lib/openstax/api/doorkeeper_application_includes_spec.rb
|
|
342
|
+
- spec/lib/openstax/api/params_spec.rb
|
|
327
343
|
- spec/lib/openstax/api/representable_schema_printer_spec.rb
|
|
328
344
|
- spec/lib/openstax/api/roar_spec.rb
|
|
329
345
|
- spec/lib/openstax/api/routing_mapper_includes_spec.rb
|
|
@@ -352,7 +368,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
352
368
|
version: '0'
|
|
353
369
|
requirements: []
|
|
354
370
|
rubyforge_project:
|
|
355
|
-
rubygems_version: 2.
|
|
371
|
+
rubygems_version: 2.4.5.1
|
|
356
372
|
signing_key:
|
|
357
373
|
specification_version: 4
|
|
358
374
|
summary: API utilities for OpenStax products and tools.
|
|
@@ -407,6 +423,7 @@ test_files:
|
|
|
407
423
|
- spec/lib/openstax/api/apipie_spec.rb
|
|
408
424
|
- spec/lib/openstax/api/constraints_spec.rb
|
|
409
425
|
- spec/lib/openstax/api/doorkeeper_application_includes_spec.rb
|
|
426
|
+
- spec/lib/openstax/api/params_spec.rb
|
|
410
427
|
- spec/lib/openstax/api/representable_schema_printer_spec.rb
|
|
411
428
|
- spec/lib/openstax/api/roar_spec.rb
|
|
412
429
|
- spec/lib/openstax/api/routing_mapper_includes_spec.rb
|