pact_broker 2.27.0 → 2.27.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 05fcf55e9f52ba3eab88ff971faffb939b8bf3a3
-  data.tar.gz: 15dd2c9ae6976e5f0ed924947072625fab619dfe
+SHA256:
+  metadata.gz: e67bad7e9a3ecb1e2ecd911350a937615bf9b2f90ac811ad48acf16185ffee41
+  data.tar.gz: e55c77c181b1d2e37e20a6b0a4f6b500ebdba7b0c861597c8f80b580915d9a3c
 SHA512:
-  metadata.gz: 74e9bf66eebb3355c4809b5423469242ccfb31d780eb29c3c0d28d6d6b140726826a4fa8ac204672631a5cd856356708580e6e7d205468b4a3e8f76e4c1c1e2d
-  data.tar.gz: 7e52f4d4457fa1a9c013a3d58340d5ccbc01b4075c0fd7ca7d787b66593e0a71736992e773bec72e4767e6cdddb5bb893087380e61896b1e75537e516dfd7e26
+  metadata.gz: 3fcd28aeb22cee45696bee504bb1c6b49cec7faa83185df24c5854e9a22fd2023bee57f62fbea2fad54f5c4f590e1de91febab56f3baa1a15a7656d692a0d816
+  data.tar.gz: 18a6fe1f7dd9c61143ea1fe7bf031576c8d1d615d0a212dc2b8e833ad5fd14de39c606e92ea021f82f8b64015ba3e12a7f8cccc317fd5979c30a965b153cb773

data/.travis.yml

@@ -11,6 +11,7 @@ env:
   global:
     - CC_TEST_REPORTER_ID=dc2c30b67c9e2a5309e1aef699c30fdab55ba4f0e4f1beac029ba93e293835db
     - GIT_COMMITTED_AT=$(if [ "$TRAVIS_PULL_REQUEST" == "false" ]; then git log -1 --pretty=format:%ct; else git log -1 --skip 1 --pretty=format:%ct; fi)
+    - INSTALL_MYSQL=true
   matrix:
     - DATABASE_ADAPTER=default RUBYOPT="-W0"
     - DATABASE_ADAPTER=postgres RUBYOPT="-W0"

data/CHANGELOG.md

@@ -1,3 +1,22 @@
+<a name="v2.27.2"></a>
+### v2.27.2 (2018-09-14)
+
+
+#### Features
+
+* use application/yaml instead of application/x-yaml to match Swaggerhub	 ([067d6ac7](/../../commit/067d6ac7))
+* treat .yaml requests as having header Accept: application/x-yaml	 ([1c8e199f](/../../commit/1c8e199f))
+
+* **webhook whitelist**
+  * allow hosts to be whitelisted using * domains	 ([150858a1](/../../commit/150858a1))
+
+
+#### Bug Fixes
+
+* **content-type**
+  * convert 404 content-type to application/hal+json #235	 ([83958db7](/../../commit/83958db7))
+
+
 <a name="v2.27.0"></a>
 ### v2.27.0 (2018-09-07)
 

data/Gemfile

@@ -3,3 +3,7 @@ source 'https://rubygems.org'
 gemspec
 
 gem 'simplecov', :require => false, :group => :test
+
+if ENV['INSTALL_MYSQL'] == "true"
+  gem 'mysql2', '~>0.3.15'
+end

data/lib/pact_broker/app.rb

@@ -12,6 +12,7 @@ require 'rack/pact_broker/accepts_html_filter'
 require 'rack/pact_broker/ui_authentication'
 require 'rack/pact_broker/configurable_make_it_later'
 require 'rack/pact_broker/no_auth'
+require 'rack/pact_broker/convert_404_to_hal'
 require 'sucker_punch'
 
 module PactBroker
@@ -145,6 +146,7 @@ module PactBroker
       require 'pact_broker/api'
       builder = ::Rack::Builder.new
       builder.use @make_it_later_api_auth
+      builder.use Rack::PactBroker::Convert404ToHal
       builder.use Rack::PactBroker::DatabaseTransaction, configuration.database_connection
       builder.run PactBroker::API
       builder

data/lib/pact_broker/doc/views/webhooks.markdown

@@ -123,7 +123,7 @@ Pact Broker Github repository.
 
 * **Host**: If the `webhook_host_whitelist` contains any entries, the host must match one or more of the entries. By default, it is empty. For security purposes, if the host whitelist is empty, the response details will not be logged to the UI (though they can be seen in the application logs at debug level).
 
-  The host whitelist may contain hostnames (eg `"github.com"`), IPs (eg `"192.0.345.4"`), network ranges (eg `"10.0.0.0/8"`) or regular expressions (eg `/.*\.foo\.com$/`). Note that IPs are not resolved, so if you specify an IP range, you need to use the IP in the webhook URL. If you wish to allow webhooks to any host (not recommended!), you can set `webhook_host_whitelist` to `[/.*/]`. Beware of any sensitive endpoints that may be exposed within the same network.
+  The host whitelist may contain hostnames (eg `"github.com"`), domains beginning with `*` (eg. `"*.foo.com"`), IPs (eg `"192.0.345.4"`), network ranges (eg `"10.0.0.0/8"`) or regular expressions (eg `/.*\.foo\.com$/`). Note that IPs are not resolved, so if you specify an IP range, you need to use the IP in the webhook URL. If you wish to allow webhooks to any host (not recommended!), you can set `webhook_host_whitelist` to `[/.*/]`. Beware of any sensitive endpoints that may be exposed within the same network.
 
   The recommended set of values to start with are:
 
@@ -131,7 +131,9 @@ Pact Broker Github repository.
     * your company chat (eg. Slack, for publishing notifications)
     * your code repository (eg. Github, for sending commit statuses)
 
-  Alternatively, you could use a regular expression to limit requests to your company's domain. eg `/.*\.foo\.com$/` (don't forget the end of string anchor). You can test Ruby regular expressions at [rubular.com](http://rubular.com).
+  Alternatively, you could use a domain beginning with a `*` to limit requests to your company's domain.
+
+  Note that the hostname/domain matching follows that used for SSL certificate hostnames, so `*.foo.com` will match `a.foo.com` but not `a.b.foo.com`. If you need more flexible matching because you have domains with variable "parts" (eg `a.b.foo.com`), you can use a regular expression (eg `/.*\.foo\.com$/` - don't forget the end of string anchor). You can test Ruby regular expressions at [rubular.com](http://rubular.com).
 
 ### Testing
 

data/lib/pact_broker/version.rb

@@ -1,3 +1,3 @@
 module PactBroker
-  VERSION = '2.27.0'
+  VERSION = '2.27.2'
 end

data/lib/pact_broker/webhooks/check_host_whitelist.rb

@@ -1,3 +1,5 @@
+require 'openssl'
+
 module PactBroker
   module Webhooks
     class CheckHostWhitelist
@@ -7,16 +9,34 @@ module PactBroker
       end
 
       def self.match?(host, whitelist_host)
-        if whitelist_host.is_a?(Regexp)
-          host =~ whitelist_host
+        if parse_ip_address(host)
+          ip_address_matches_range(host, whitelist_host)
+        elsif whitelist_host.is_a?(Regexp)
+          host_matches_regexp(host, whitelist_host)
+        elsif whitelist_host.start_with?("*")
+          OpenSSL::SSL.verify_hostname(host, whitelist_host)
         else
-          begin
-            IPAddr.new(whitelist_host) === IPAddr.new(host)
-          rescue IPAddr::Error
-            host == whitelist_host
-          end
+          host == whitelist_host
         end
       end
+
+      def self.parse_ip_address(addr)
+        IPAddr.new(addr)
+      rescue IPAddr::Error
+        nil
+      end
+
+      def self.ip_address_matches_range(host, maybe_whitelist_range)
+        parse_ip_address(maybe_whitelist_range) === parse_ip_address(host)
+      end
+
+      def self.host_matches_regexp(host, whitelist_regexp)
+        host =~ whitelist_regexp
+      end
+
+      def self.host_matches_domain_with_wildcard(host, whitelist_domain)
+        OpenSSL::SSL.verify_hostname(host, whitelist_domain)
+      end
     end
   end
 end

data/lib/rack/pact_broker/convert_404_to_hal.rb

@@ -0,0 +1,20 @@
+module Rack
+  module PactBroker
+    class Convert404ToHal
+
+      def initialize app
+        @app = app
+      end
+
+      def call env
+        response = @app.call(env)
+
+        if response.first == 404 && response[1]['Content-Type'] == 'text/html' && !(env['HTTP_ACCEPT'] =~ /html/)
+          [404, { 'Content-Type' => 'application/hal+json'},[]]
+        else
+          response
+        end
+      end
+    end
+  end
+end

data/lib/rack/pact_broker/convert_file_extension_to_accept_header.rb

@@ -1,14 +1,18 @@
 module Rack
   module PactBroker
-
     # If the HTML and the CSV group resources are both requested by the browser,
     # Chrome gets confused by the content types, and when you click back, it tries to load the CSV
     # instead of the HTML page. So we have to give the CSV resource a different URL (.csv)
 
     class ConvertFileExtensionToAcceptHeader
 
-      EXTENSIONS = {".csv" => "text/csv", ".svg" => "image/svg+xml", ".json" => "application/hal+json"}
-      EXTENSION_REGEXP = /\.\w+$/
+      EXTENSION_REGEXP = /\.\w+$/.freeze
+      EXTENSIONS = {
+        ".csv" => "text/csv",
+        ".svg" => "image/svg+xml",
+        ".json" => "application/hal+json",
+        ".yaml" => "application/yaml"
+      }
 
       def initialize app
         @app = app
@@ -37,8 +41,6 @@ module Rack
           "HTTP_ACCEPT" => EXTENSIONS[file_extension]
         )
       end
-
     end
-
   end
 end

data/pact_broker.gemspec

@@ -47,7 +47,6 @@ Gem::Specification.new do |gem|
   gem.add_development_dependency 'pry-byebug'
   gem.add_development_dependency 'rake', '~>10.0'
   gem.add_development_dependency 'fakefs', '~>0.4'
-  gem.add_development_dependency 'mysql2', '~>0.3.15'
   gem.add_development_dependency 'webmock', '~>2.3'
   gem.add_development_dependency 'rspec', '~>3.0'
   gem.add_development_dependency 'rspec-its', '~>1.2'

data/spec/lib/pact_broker/app_spec.rb

@@ -276,11 +276,27 @@ module PactBroker
         PactBroker::Database.truncate
       end
 
-      subject { put path, pact_content, {'CONTENT_TYPE' => 'application/json' }; last_response  }
+      subject { put path, pact_content, { 'CONTENT_TYPE' => 'application/json' }; last_response  }
 
       it "wraps the API with a database transaction" do
         expect { subject }.to_not change { PactBroker::Domain::Pacticipant.count }
       end
     end
+
+    describe "when resource is not found" do
+      subject { get("/does/not/exist", nil, { 'CONTENT_TYPE' => 'application/hal+json' })  }
+
+      it "returns a Content-Type of application/hal+json" do
+        expect(subject.headers['Content-Type']).to eq 'application/hal+json'
+      end
+
+      it "returns a JSON body" do
+        expect(subject.body).to eq ""
+      end
+
+      it "returns a 404" do
+        expect(subject.status).to eq 404
+      end
+    end
   end
 end

data/spec/lib/pact_broker/webhooks/check_host_whitelist_spec.rb

@@ -23,6 +23,44 @@ module PactBroker
         end
       end
 
+      context "when the whitelist includes *.foo.bar" do
+        let(:whitelist) { ["*.foo.bar"] }
+
+        it "matches host a.foo.bar" do
+          expect(CheckHostWhitelist.call("a.foo.bar", whitelist)).to eq whitelist
+        end
+
+        it "does not matche host a.b.foo.bar" do
+          expect(CheckHostWhitelist.call("a.b.foo.bar", whitelist)).to eq []
+        end
+
+        it "does not match a.foo.bar.b" do
+          expect(CheckHostWhitelist.call("a.foo.bar.b", whitelist)).to eq []
+        end
+
+        it "does not match foo.bar" do
+          expect(CheckHostWhitelist.call("foo.bar", whitelist)).to eq []
+        end
+
+        it "does not match 10.0.0.2" do
+          expect(CheckHostWhitelist.call("10.0.0.2", whitelist)).to eq []
+        end
+      end
+
+      context "when the whitelist includes *.2" do
+        it "does not match 10.0.0.2 as that's the wrong way to declare an IP range" do
+          expect(CheckHostWhitelist.call("10.0.0.2", ["*.0.0.2"])).to eq []
+        end
+      end
+
+      context "when the whitelist includes *.foo.*.bar" do
+        let(:whitelist) { ["*.foo.*.bar"] }
+
+        it "does not match host a.foo.b.bar, according to RFC 6125, section 6.4.3, subitem 1" do
+          expect(CheckHostWhitelist.call("a.foo.b.bar", whitelist)).to eq []
+        end
+      end
+
       context "when the host is localhost" do
         let(:host) { "localhost" }
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: pact_broker
 version: !ruby/object:Gem::Version
-  version: 2.27.0
+  version: 2.27.2
 platform: ruby
 authors:
 - Bethany Skurrie
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-09-07 00:00:00.000000000 Z
+date: 2018-09-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: httparty
@@ -380,20 +380,6 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.4'
-- !ruby/object:Gem::Dependency
-  name: mysql2
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 0.3.15
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 0.3.15
 - !ruby/object:Gem::Dependency
   name: webmock
   requirement: !ruby/object:Gem::Requirement
@@ -976,6 +962,7 @@ files:
 - lib/rack/pact_broker/accepts_html_filter.rb
 - lib/rack/pact_broker/add_pact_broker_version_header.rb
 - lib/rack/pact_broker/configurable_make_it_later.rb
+- lib/rack/pact_broker/convert_404_to_hal.rb
 - lib/rack/pact_broker/convert_file_extension_to_accept_header.rb
 - lib/rack/pact_broker/database_transaction.rb
 - lib/rack/pact_broker/invalid_uri_protection.rb
@@ -1351,7 +1338,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.6.11
+rubygems_version: 2.7.7
 signing_key: 
 specification_version: 4
 summary: See description