pusher-platform 0.11.1 → 0.11.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA256:
-  metadata.gz: a64852951fac9d5d9545436d7449809e91ec2b6a40d74efa687f8ea591201d11
-  data.tar.gz: 6b5a26e185961951b0bfcfe3a412a27cd4c3c628f161550ce4c1ee53471ba359
+SHA1:
+  metadata.gz: c6548b5f0d008ddd0747ad6c9555eab299cc5290
+  data.tar.gz: 983c96520cd1f1170be45485f7f01436e910e3b6
 SHA512:
-  metadata.gz: 66eb230011a45e84f11b0f3f3649bd53070cb79473e0ae322406705aa1ee3ea395458949584d64db2d6b7ba5f5f3f3a97170cb7d334e4b7ce9cc86b677100b82
-  data.tar.gz: 577ebf4e7aaf9bece8e0b3daaff3c7309db284d40a4579ec963903c060f92dfcc4a9f1226b7cfe8c6e9b169a14edacef1e73fb36e63dda60bc405450daa588d3
+  metadata.gz: 684ebbf7f39b9c23e972dc281532039f60a8942e296984fdaf97427492eb0026438728c8956fb77ee6447bb1aa39d757914ff1930f05e0d0a37e61557eba6115
+  data.tar.gz: 7e9a19ba538b364df7dfa5eea2ad834be0090f06196dcd5481b5470c04c25df9dd5423a590cdf0f5bb8a93b9da28c442439f8339b9dfd8bac698f62610823089

data/lib/pusher-platform/authenticator.rb

@@ -1,16 +1,19 @@
 require 'jwt'
-require 'rack'
 require_relative './common'
 require_relative './authentication_response'
+require_relative './rack_query_parser'
 
 module PusherPlatform
   TOKEN_EXPIRY = 24*60*60
 
   class Authenticator
+
     def initialize(instance_id, key_id, key_secret)
       @instance_id = instance_id
       @key_id = key_id
       @key_secret = key_secret
+      # see https://github.com/rack/rack/blob/5559676e7b5a3107d39552285ce8b714b672bde6/lib/rack/utils.rb#L27
+      @query_parser = QueryParser.make_default(65536, 100)
     end
 
     def authenticate(auth_payload, options)
@@ -30,7 +33,7 @@ module PusherPlatform
     end
 
     def authenticate_with_request(request, options)
-      auth_data = Rack::Utils.parse_nested_query request.body.read
+      auth_data = @query_parser.parse_nested_query request.body.read
       authenticate(auth_data, options)
     end
 
@@ -39,7 +42,7 @@ module PusherPlatform
     end
 
     def authenticate_with_refresh_token_and_request(request, options)
-      auth_data = Rack::Utils.parse_nested_query request.body.read
+      auth_data = @query_parser.parse_nested_query request.body.read
       authenticate_based_on_grant_type(auth_data, options)
     end
 

data/lib/pusher-platform/rack_query_parser.rb

@@ -0,0 +1,218 @@
+# Taken from https://github.com/rack/rack
+# sha: 5559676e7b5a3107d39552285ce8b714b672bde6
+#
+# The MIT License (MIT)
+#
+# Copyright (C) 2007-2018 Christian Neukirchen <http://chneukirchen.org/infopage.html>
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to
+# deal in the Software without restriction, including without limitation the
+# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+# sell copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+# THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+require 'uri'
+
+module PusherPlatform
+  class QueryParser
+    DEFAULT_SEP = /[&;] */n
+    COMMON_SEP = { ";" => /[;] */n, ";," => /[;,] */n, "&" => /[&] */n }
+
+    # ParameterTypeError is the error that is raised when incoming structural
+    # parameters (parsed by parse_nested_query) contain conflicting types.
+    class ParameterTypeError < TypeError; end
+
+    # InvalidParameterError is the error that is raised when incoming structural
+    # parameters (parsed by parse_nested_query) contain invalid format or byte
+    # sequence.
+    class InvalidParameterError < ArgumentError; end
+
+    def self.make_default(key_space_limit, param_depth_limit)
+      new Params, key_space_limit, param_depth_limit
+    end
+
+    attr_reader :key_space_limit, :param_depth_limit
+
+    def initialize(params_class, key_space_limit, param_depth_limit)
+      @params_class = params_class
+      @key_space_limit = key_space_limit
+      @param_depth_limit = param_depth_limit
+    end
+
+    # Stolen from Mongrel, with some small modifications:
+    # Parses a query string by breaking it up at the '&'
+    # and ';' characters.  You can also use this to parse
+    # cookies by changing the characters used in the second
+    # parameter (which defaults to '&;').
+    def parse_query(qs, d = nil, &unescaper)
+      unescaper ||= method(:unescape)
+
+      params = make_params
+
+      (qs || '').split(d ? (COMMON_SEP[d] || /[#{d}] */n) : DEFAULT_SEP).each do |p|
+        next if p.empty?
+        k, v = p.split('=', 2).map!(&unescaper)
+
+        if cur = params[k]
+          if cur.class == Array
+            params[k] << v
+          else
+            params[k] = [cur, v]
+          end
+        else
+          params[k] = v
+        end
+      end
+
+      return params.to_params_hash
+    end
+
+    # parse_nested_query expands a query string into structural types. Supported
+    # types are Arrays, Hashes and basic value types. It is possible to supply
+    # query strings with parameters of conflicting types, in this case a
+    # ParameterTypeError is raised. Users are encouraged to return a 400 in this
+    # case.
+    def parse_nested_query(qs, d = nil)
+      return {} if qs.nil? || qs.empty?
+      params = make_params
+
+      (qs || '').split(d ? (COMMON_SEP[d] || /[#{d}] */n) : DEFAULT_SEP).each do |p|
+        k, v = p.split('=', 2).map! { |s| unescape(s) }
+
+        normalize_params(params, k, v, param_depth_limit)
+      end
+
+      return params.to_params_hash
+    rescue ArgumentError => e
+      raise InvalidParameterError, e.message
+    end
+
+    # normalize_params recursively expands parameters into structural types. If
+    # the structural types represented by two different parameter names are in
+    # conflict, a ParameterTypeError is raised.
+    def normalize_params(params, name, v, depth)
+      raise RangeError if depth <= 0
+
+      name =~ %r(\A[\[\]]*([^\[\]]+)\]*)
+      k = $1 || ''
+      after = $' || ''
+
+      if k.empty?
+        if !v.nil? && name == "[]"
+          return Array(v)
+        else
+          return
+        end
+      end
+
+      if after == ''
+        params[k] = v
+      elsif after == "["
+        params[name] = v
+      elsif after == "[]"
+        params[k] ||= []
+        raise ParameterTypeError, "expected Array (got #{params[k].class.name}) for param `#{k}'" unless params[k].is_a?(Array)
+        params[k] << v
+      elsif after =~ %r(^\[\]\[([^\[\]]+)\]$) || after =~ %r(^\[\](.+)$)
+        child_key = $1
+        params[k] ||= []
+        raise ParameterTypeError, "expected Array (got #{params[k].class.name}) for param `#{k}'" unless params[k].is_a?(Array)
+        if params_hash_type?(params[k].last) && !params_hash_has_key?(params[k].last, child_key)
+          normalize_params(params[k].last, child_key, v, depth - 1)
+        else
+          params[k] << normalize_params(make_params, child_key, v, depth - 1)
+        end
+      else
+        params[k] ||= make_params
+        raise ParameterTypeError, "expected Hash (got #{params[k].class.name}) for param `#{k}'" unless params_hash_type?(params[k])
+        params[k] = normalize_params(params[k], after, v, depth - 1)
+      end
+
+      params
+    end
+
+    def make_params
+      @params_class.new @key_space_limit
+    end
+
+    def new_space_limit(key_space_limit)
+      self.class.new @params_class, key_space_limit, param_depth_limit
+    end
+
+    def new_depth_limit(param_depth_limit)
+      self.class.new @params_class, key_space_limit, param_depth_limit
+    end
+
+    private
+
+    def params_hash_type?(obj)
+      obj.kind_of?(@params_class)
+    end
+
+    def params_hash_has_key?(hash, key)
+      return false if key =~ /\[\]/
+
+      key.split(/[\[\]]+/).inject(hash) do |h, part|
+        next h if part == ''
+        return false unless params_hash_type?(h) && h.key?(part)
+        h[part]
+      end
+
+      true
+    end
+
+    def unescape(s)
+      URI.decode_www_form_component(s, Encoding::UTF_8)
+    end
+
+    class Params
+      def initialize(limit)
+        @limit  = limit
+        @size   = 0
+        @params = {}
+      end
+
+      def [](key)
+        @params[key]
+      end
+
+      def []=(key, value)
+        @size += key.size if key && !@params.key?(key)
+        raise RangeError, 'exceeded available parameter key space' if @size > @limit
+        @params[key] = value
+      end
+
+      def key?(key)
+        @params.key?(key)
+      end
+
+      def to_params_hash
+        hash = @params
+        hash.keys.each do |key|
+          value = hash[key]
+          if value.kind_of?(self.class)
+            if value.object_id == self.object_id
+              hash[key] = hash
+            else
+              hash[key] = value.to_params_hash
+            end
+          elsif value.kind_of?(Array)
+            value.map! {|x| x.kind_of?(self.class) ? x.to_params_hash : x}
+          end
+        end
+        hash
+      end
+    end
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: pusher-platform
 version: !ruby/object:Gem::Version
-  version: 0.11.1
+  version: 0.11.2
 platform: ruby
 authors:
 - Pusher
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-09-19 00:00:00.000000000 Z
+date: 2018-10-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: excon
@@ -38,20 +38,6 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '2.1'
-- !ruby/object:Gem::Dependency
-  name: rack
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 2.0.5
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 2.0.5
 description: 
 email: support@pusher.com
 executables: []
@@ -66,6 +52,7 @@ files:
 - lib/pusher-platform/error.rb
 - lib/pusher-platform/error_response.rb
 - lib/pusher-platform/instance.rb
+- lib/pusher-platform/rack_query_parser.rb
 - lib/pusher-platform/sdk_info.rb
 homepage: 
 licenses:
@@ -87,7 +74,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.7.7
+rubygems_version: 2.5.2.3
 signing_key: 
 specification_version: 4
 summary: Pusher Platform Ruby SDK