openstax_api 8.1.1 → 8.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/openstax/api/engine.rb +1 -0
- data/lib/openstax/api/params.rb +92 -0
- data/lib/openstax/api/representable_schema_printer.rb +3 -1
- data/lib/openstax/api/version.rb +1 -1
- data/spec/dummy/db/test.sqlite3 +0 -0
- data/spec/dummy/log/test.log +2253 -9380
- data/spec/lib/openstax/api/params_spec.rb +78 -0
- metadata +20 -3
@@ -0,0 +1,78 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
require 'rails_helper'
|
3
|
+
|
4
|
+
module OpenStax
|
5
|
+
module Api
|
6
|
+
describe Params do
|
7
|
+
|
8
|
+
let(:params) { {a: '1', b: 2, c: nil, d: '', e: '♥', f: true} }
|
9
|
+
let(:signed) { described_class.sign(params: params, secret: 'secret') }
|
10
|
+
|
11
|
+
it 'disallows blank secrets' do
|
12
|
+
expect{
|
13
|
+
described_class.sign(params: {}, secret: nil)
|
14
|
+
}.to raise_error(StandardError)
|
15
|
+
end
|
16
|
+
|
17
|
+
it 'signs and verifies' do
|
18
|
+
expect(signed[:timestamp]).not_to be_blank
|
19
|
+
expect(signed[:signature]).not_to be_blank
|
20
|
+
|
21
|
+
expect(
|
22
|
+
described_class.signature_and_timestamp_valid?(params: signed, secret: 'secret')
|
23
|
+
).to eq true
|
24
|
+
end
|
25
|
+
|
26
|
+
it 'does not verify is signature does not match' do
|
27
|
+
signed[:signature] += "a"
|
28
|
+
expect(
|
29
|
+
described_class.signature_and_timestamp_valid?(params: signed, secret: 'secret')
|
30
|
+
).to eq false
|
31
|
+
end
|
32
|
+
|
33
|
+
it 'does not verify if signature blank' do
|
34
|
+
signed[:signature] = " "
|
35
|
+
expect(
|
36
|
+
described_class.signature_and_timestamp_valid?(params: signed, secret: 'secret')
|
37
|
+
).to eq false
|
38
|
+
end
|
39
|
+
|
40
|
+
describe "altered params" do
|
41
|
+
|
42
|
+
it 'rejects additions' do
|
43
|
+
expect(
|
44
|
+
described_class.signature_and_timestamp_valid?(
|
45
|
+
params: signed.merge(evil: 'yes'),
|
46
|
+
secret: 'secret')
|
47
|
+
).to eq false
|
48
|
+
end
|
49
|
+
|
50
|
+
it 'rejects alterations' do
|
51
|
+
expect(
|
52
|
+
described_class.signature_and_timestamp_valid?(
|
53
|
+
params: signed.merge(b: 10000),
|
54
|
+
secret: 'secret')
|
55
|
+
).to eq false
|
56
|
+
end
|
57
|
+
|
58
|
+
it 'rejects deletions' do
|
59
|
+
expect(
|
60
|
+
described_class.signature_and_timestamp_valid?(
|
61
|
+
params: signed.except(:a),
|
62
|
+
secret: 'secret')
|
63
|
+
).to eq false
|
64
|
+
end
|
65
|
+
|
66
|
+
end
|
67
|
+
|
68
|
+
it 'does not verify if timestamp too long ago' do
|
69
|
+
expect(
|
70
|
+
described_class.signature_and_timestamp_valid?(params: signed,
|
71
|
+
secret: 'secret',
|
72
|
+
timestamp_window_width: 0.minutes)
|
73
|
+
).to eq false
|
74
|
+
end
|
75
|
+
|
76
|
+
end
|
77
|
+
end
|
78
|
+
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: openstax_api
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 8.
|
4
|
+
version: 8.2.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dante Soares
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2017-
|
12
|
+
date: 2017-09-13 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: rails
|
@@ -247,6 +247,20 @@ dependencies:
|
|
247
247
|
- - ">="
|
248
248
|
- !ruby/object:Gem::Version
|
249
249
|
version: '0'
|
250
|
+
- !ruby/object:Gem::Dependency
|
251
|
+
name: byebug
|
252
|
+
requirement: !ruby/object:Gem::Requirement
|
253
|
+
requirements:
|
254
|
+
- - ">="
|
255
|
+
- !ruby/object:Gem::Version
|
256
|
+
version: '0'
|
257
|
+
type: :development
|
258
|
+
prerelease: false
|
259
|
+
version_requirements: !ruby/object:Gem::Requirement
|
260
|
+
requirements:
|
261
|
+
- - ">="
|
262
|
+
- !ruby/object:Gem::Version
|
263
|
+
version: '0'
|
250
264
|
description: Provides models, controllers and libraries that help OpenStax products
|
251
265
|
define API's for user applications.
|
252
266
|
email:
|
@@ -267,6 +281,7 @@ files:
|
|
267
281
|
- lib/openstax/api/constraints.rb
|
268
282
|
- lib/openstax/api/doorkeeper_application_includes.rb
|
269
283
|
- lib/openstax/api/engine.rb
|
284
|
+
- lib/openstax/api/params.rb
|
270
285
|
- lib/openstax/api/representable_schema_printer.rb
|
271
286
|
- lib/openstax/api/responder_with_put_patch_delete_content.rb
|
272
287
|
- lib/openstax/api/roar.rb
|
@@ -324,6 +339,7 @@ files:
|
|
324
339
|
- spec/lib/openstax/api/apipie_spec.rb
|
325
340
|
- spec/lib/openstax/api/constraints_spec.rb
|
326
341
|
- spec/lib/openstax/api/doorkeeper_application_includes_spec.rb
|
342
|
+
- spec/lib/openstax/api/params_spec.rb
|
327
343
|
- spec/lib/openstax/api/representable_schema_printer_spec.rb
|
328
344
|
- spec/lib/openstax/api/roar_spec.rb
|
329
345
|
- spec/lib/openstax/api/routing_mapper_includes_spec.rb
|
@@ -352,7 +368,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
352
368
|
version: '0'
|
353
369
|
requirements: []
|
354
370
|
rubyforge_project:
|
355
|
-
rubygems_version: 2.
|
371
|
+
rubygems_version: 2.4.5.1
|
356
372
|
signing_key:
|
357
373
|
specification_version: 4
|
358
374
|
summary: API utilities for OpenStax products and tools.
|
@@ -407,6 +423,7 @@ test_files:
|
|
407
423
|
- spec/lib/openstax/api/apipie_spec.rb
|
408
424
|
- spec/lib/openstax/api/constraints_spec.rb
|
409
425
|
- spec/lib/openstax/api/doorkeeper_application_includes_spec.rb
|
426
|
+
- spec/lib/openstax/api/params_spec.rb
|
410
427
|
- spec/lib/openstax/api/representable_schema_printer_spec.rb
|
411
428
|
- spec/lib/openstax/api/roar_spec.rb
|
412
429
|
- spec/lib/openstax/api/routing_mapper_includes_spec.rb
|