pusher 1.3.3 → 1.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 7460762ae77605d5132b729dfccf7610ec5eb956
-  data.tar.gz: bf8ce2cb6c8a433e261d0c314dc65ec56e6fe9f7
+SHA256:
+  metadata.gz: d9eaaf4fa5fbc3d5223411cb0e1375ccee4f93275f27c20cb7bdd8f31e371fa1
+  data.tar.gz: be5be46dc24a06be058606742ee56497a6128e39af6cf7f03ddaadc86ac95f12
 SHA512:
-  metadata.gz: 98f95bce77fe09335f14f45b99edcf7e5d40f59cd1fd7660b3a6ba86678d34169747534bcdb9af64cdb364d60ca42ea03e1070e28594a5c4eacc5d34bfd75553
-  data.tar.gz: b79d4eba9c63c4a4e421b3d2f8a93f4017c9053d5dd6994d4405460c02f14a2c12aaadbff27408c88fc2a0b0df9871a45b309ca6683b9803c793b33e3c92eac6
+  metadata.gz: bd778cf80415b3d2af763583ebf41a4b1164339d0a458203cb55225aab078bdcfe4bf8801a824eeb6802a2f2b12db49df00569ceb631eb3ca20251ead29d3987
+  data.tar.gz: 187c968e1d1afef5a572bfe4bc22929843ef2843969fef9ac89862ff77b0d415b50cae82daa1b0d992374be2749053c0d8d52c1f1efa22ce7412e3c727c3edee

data/.github/stale.yml

@@ -0,0 +1,26 @@
+# Configuration for probot-stale - https://github.com/probot/stale
+
+# Number of days of inactivity before an Issue or Pull Request becomes stale
+daysUntilStale: 365
+
+# Number of days of inactivity before an Issue or Pull Request with the stale label is closed.
+# Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale.
+daysUntilClose: 7
+
+# Only issues or pull requests with all of these labels are check if stale. Defaults to `[]` (disabled)
+onlyLabels: []
+
+# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable
+exemptLabels:
+  - pinned
+  - security
+
+# Set to true to ignore issues with an assignee (defaults to false)
+exemptAssignees: true
+
+# Comment to post when marking as stale. Set to `false` to disable
+markComment: >
+  This issue has been automatically marked as stale because it has not had
+  recent activity. It will be closed if no further activity occurs. If you'd
+  like this issue to stay open please leave a comment indicating how this issue
+  is affecting you. Thankyou.

data/.travis.yml

@@ -1,12 +1,12 @@
+before_install:
+  - sudo apt-get -y install libsodium18
+
 language: ruby
 sudo: false
 rvm:
-  - 1.9.3
-  - 2.0
-  - 2.1
-  - 2.2
-  - 2.3.0
-  - 2.4.1
+  - 2.4
+  - 2.5
+  - 2.6
   - jruby
   - rbx-2
 

data/CHANGELOG.md

@@ -1,3 +1,22 @@
+1.4.0  / 2020-09-29
+==================
+
+  * Support for end-to-end encryption.
+
+1.3.3 / 2019-07-02
+==================
+
+  * Rewording to clarify "Pusher Channels" or simply "Channels" product name.
+
+1.3.2 / 2018-10-17
+==================
+
+  * Return a specific error for "Request Entity Too Large" (body over 10KB).
+  * Add a `use_tls` option for SSL (defaults to false).
+  * Add a `from_url` client method (in addition to existing `from_env` option).
+  * Improved documentation and fixed typos.
+  * Add Ruby 2.4 to test matrix.
+
 1.3.1 / 2017-03-15
 ==================
 
@@ -100,4 +119,3 @@ First release with a changelog !
 
   * Bump httpclient to v2.4. See #62 (POODLE SSL)
   * Fix limited channel count at README.md. Thanks @tricknotes
-

data/README.md

@@ -1,8 +1,8 @@
 # Gem for Pusher Channels
 
-This Gem provides a Ruby interface to [the Pusher HTTP API for Pusher Channels](https://pusher.com/docs/rest_api).
+This Gem provides a Ruby interface to [the Pusher HTTP API for Pusher Channels](https://pusher.com/docs/channels/library_auth_reference/rest-api).
 
-[![Build Status](https://secure.travis-ci.org/pusher/pusher-http-ruby.svg?branch=master)](http://travis-ci.org/pusher/pusher-http-ruby)
+[![Build Status](https://secure.travis-ci.org/pusher/pusher-http-ruby.svg?branch=master)](http://travis-ci.org/pusher/pusher-http-ruby) [![Gem Version](https://badge.fury.io/rb/pusher.svg)](https://badge.fury.io/rb/pusher)
 
 ## Installation and Configuration
 
@@ -18,7 +18,7 @@ or install via gem
 gem install pusher
 ```
 
-After registering at <https://dashboard.pusher.com/>, configure your Channels app with the security credentials.
+After registering at [Pusher](https://dashboard.pusher.com/accounts/sign_up), configure your Channels app with the security credentials.
 
 ### Instantiating a Pusher Channels client
 
@@ -27,7 +27,7 @@ Creating a new Pusher Channels `client` can be done as follows.
 ``` ruby
 require 'pusher'
 
-channels_client = Pusher::Client.new(
+pusher = Pusher::Client.new(
   app_id: 'your-app-id',
   key: 'your-app-key',
   secret: 'your-app-secret',
@@ -43,7 +43,7 @@ If you want to set a custom `host` value for your client then you can do so when
 ``` ruby
 require 'pusher'
 
-channels_client = Pusher::Client.new(
+pusher = Pusher::Client.new(
   app_id: 'your-app-id',
   key: 'your-app-key',
   secret: 'your-app-secret',
@@ -57,7 +57,7 @@ Finally, if you have the configuration set in an `PUSHER_URL` environment
 variable, you can use:
 
 ``` ruby
-channels_client = Pusher::Client.from_env
+pusher = Pusher::Client.from_env
 ```
 
 ### Global configuration
@@ -102,7 +102,7 @@ Handle errors by rescuing `Pusher::Error` (all errors are descendants of this er
 
 ``` ruby
 begin
-  channels_client.trigger('a_channel', 'an_event', :some => 'data')
+  pusher.trigger('a_channel', 'an_event', :some => 'data')
 rescue Pusher::Error => e
   # (Pusher::AuthenticationError, Pusher::HTTPError, or Pusher::Error)
 end
@@ -121,14 +121,14 @@ Pusher.logger = Rails.logger
 An event can be published to one or more channels (limited to 10) in one API call:
 
 ``` ruby
-channels_client.trigger('channel', 'event', foo: 'bar')
-channels_client.trigger(['channel_1', 'channel_2'], 'event_name', foo: 'bar')
+pusher.trigger('channel', 'event', foo: 'bar')
+pusher.trigger(['channel_1', 'channel_2'], 'event_name', foo: 'bar')
 ```
 
-An optional fourth argument may be used to send additional parameters to the API, for example to [exclude a single connection from receiving the event](http://pusher.com/docs/publisher_api_guide/publisher_excluding_recipients).
+An optional fourth argument may be used to send additional parameters to the API, for example to [exclude a single connection from receiving the event](https://pusher.com/docs/channels/server_api/excluding-event-recipients).
 
 ``` ruby
-channels_client.trigger('channel', 'event', {foo: 'bar'}, {socket_id: '123.456'})
+pusher.trigger('channel', 'event', {foo: 'bar'}, {socket_id: '123.456'})
 ```
 
 #### Batches
@@ -137,7 +137,7 @@ It's also possible to send multiple events with a single API call (max 10
 events per call on multi-tenant clusters):
 
 ``` ruby
-channels_client.trigger_batch([
+pusher.trigger_batch([
   {channel: 'channel_1', name: 'event_name', data: { foo: 'bar' }},
   {channel: 'channel_1', name: 'event_name', data: { hello: 'world' }}
 ])
@@ -151,19 +151,19 @@ Most examples and documentation will refer to the following syntax for triggerin
 Pusher['a_channel'].trigger('an_event', :some => 'data')
 ```
 
-This will continue to work, but has been replaced by `channels_client.trigger` which supports one or multiple channels.
+This will continue to work, but has been replaced by `pusher.trigger` which supports one or multiple channels.
 
 ### Getting information about the channels in your Pusher Channels app
 
-This gem provides methods for accessing information from the [Channels HTTP API](https://pusher.com/docs/rest_api). The documentation also shows an example of the responses from each of the API endpoints.
+This gem provides methods for accessing information from the [Channels HTTP API](https://pusher.com/docs/channels/library_auth_reference/rest-api). The documentation also shows an example of the responses from each of the API endpoints.
 
 The following methods are provided by the gem.
 
-- `channels_client.channel_info('channel_name')` returns information about that channel.
+- `pusher.channel_info('channel_name', {info:"user_count,subscription_count"})` returns a hash describing the state of the channel([docs](https://pusher.com/docs/channels/library_auth_reference/rest-api#get-channels-fetch-info-for-multiple-channels-)).
 
-- `channels_client.channel_users('channel_name')` returns a list of all the users subscribed to the channel.
+- `pusher.channel_users('presence-channel_name')` returns a list of all the users subscribed to the channel (only for Presence Channels) ([docs](https://pusher.com/docs/channels/library_auth_reference/rest-api#get-channels-fetch-info-for-multiple-channels-)).
 
-- `channels_client.channels` returns information about all the channels in your Channels application.
+- `pusher.channels({filter_by_prefix: 'presence-', info: 'user_count'})` returns a hash of occupied channels (optionally filtered by prefix, f.i. `presence-`), and optionally attributes for these channels ([docs](https://pusher.com/docs/channels/library_auth_reference/rest-api#get-channels-fetch-info-for-multiple-channels-)).
 
 ### Asynchronous requests
 
@@ -176,9 +176,9 @@ Asynchronous calls are supported either by using an event loop (eventmachine, pr
 
 The following methods are available (in each case the calling interface matches the non-async version):
 
-* `channels_client.get_async`
-* `channels_client.post_async`
-* `channels_client.trigger_async`
+* `pusher.get_async`
+* `pusher.post_async`
+* `pusher.trigger_async`
 
 It is of course also possible to make calls to the Channels HTTP API via a job queue. This approach is recommended if you're sending a large number of events.
 
@@ -190,7 +190,7 @@ It is of course also possible to make calls to the Channels HTTP API via a job q
 The `_async` methods return an `EM::Deferrable` which you can bind callbacks to:
 
 ``` ruby
-channels_client.get_async("/channels").callback { |response|
+pusher.get_async("/channels").callback { |response|
   # use reponse[:channels]
 }.errback { |error|
   # error is an instance of Pusher::Error
@@ -213,7 +213,7 @@ It's possible to use the gem to authenticate subscription requests to private or
 ### Private channels
 
 ``` ruby
-channels_client.authenticate('private-my_channel', params[:socket_id])
+pusher.authenticate('private-my_channel', params[:socket_id])
 ```
 
 ### Presence channels
@@ -221,7 +221,7 @@ channels_client.authenticate('private-my_channel', params[:socket_id])
 These work in a very similar way, but require a unique identifier for the user being authenticated, and optionally some attributes that are provided to clients via presence events:
 
 ``` ruby
-channels_client.authenticate('presence-my_channel', params[:socket_id],
+pusher.authenticate('presence-my_channel', params[:socket_id],
   user_id: 'user_id',
   user_info: {} # optional
 )
@@ -232,7 +232,7 @@ channels_client.authenticate('presence-my_channel', params[:socket_id],
 A WebHook object may be created to validate received WebHooks against your app credentials, and to extract events. It should be created with the `Rack::Request` object (available as `request` in Rails controllers or Sinatra handlers for example).
 
 ``` ruby
-webhook = channels_client.webhook(request)
+webhook = pusher.webhook(request)
 if webhook.valid?
   webhook.events.each do |event|
     case event["name"]
@@ -247,3 +247,52 @@ else
   render text: 'invalid', status: 401
 end
 ```
+
+### End-to-end encryption
+
+This library supports [end-to-end encrypted channels](https://pusher.com/docs/channels/using_channels/encrypted-channels). This means that only you and your connected clients will be able to read your messages. Pusher cannot decrypt them. You can enable this feature by following these steps:
+
+1. Install [Libsodium](https://github.com/jedisct1/libsodium), which we rely on to do the heavy lifting. [Follow the installation instructions for your platform.](https://github.com/RubyCrypto/rbnacl/wiki/Installing-libsodium)
+
+2. Encrypted channel subscriptions must be authenticated in the exact same way as private channels. You should therefore [create an authentication endpoint on your server](https://pusher.com/docs/authenticating_users).
+
+3. Next, generate your 32 byte master encryption key, encode it as base64 and pass it to the Pusher constructor.
+
+   This is secret and you should never share this with anyone.
+   Not even Pusher.
+
+   ```bash
+   openssl rand -base64 32
+   ```
+
+   ```rb
+   pusher = new Pusher::Client.new({
+     app_id: 'your-app-id',
+     key: 'your-app-key',
+     secret: 'your-app-secret',
+     cluster: 'your-app-cluster',
+     use_tls: true
+     encryption_master_key_base64: '<KEY GENERATED BY PREVIOUS COMMAND>',
+   });
+   ```
+
+4. Channels where you wish to use end-to-end encryption should be prefixed with `private-encrypted-`.
+
+5. Subscribe to these channels in your client, and you're done! You can verify it is working by checking out the debug console on the [https://dashboard.pusher.com/](dashboard) and seeing the scrambled ciphertext.
+
+**Important note: This will __not__ encrypt messages on channels that are not prefixed by `private-encrypted-`.**
+
+**Limitation**: you cannot trigger a single event on multiple channels in a call to `trigger`, e.g.
+
+```rb
+pusher.trigger(
+  ['channel-1', 'private-encrypted-channel-2'],
+  'test_event',
+  { message: 'hello world' },
+)
+```
+
+Rationale: the methods in this library map directly to individual Channels HTTP API requests. If we allowed triggering a single event on multiple channels (some encrypted, some unencrypted), then it would require two API requests: one where the event is encrypted to the encrypted channels, and one where the event is unencrypted for unencrypted channels.
+
+## Supported Ruby versions
+2.4+

data/examples/presence_channels/presence_channels.rb

@@ -0,0 +1,56 @@
+require 'sinatra'
+require 'sinatra/cookies'
+require 'sinatra/json'
+require 'pusher'
+
+# You can get these variables from http://dashboard.pusher.com
+pusher = Pusher::Client.new(
+  app_id: 'your-app-id',
+  key: 'your-app-key',
+  secret: 'your-app-secret',
+  cluster: 'your-app-cluster'
+)
+
+set :public_folder, 'public'
+
+get "/" do
+  redirect '/presence_channels.html'
+end
+
+# Emulate rails behaviour where this information would be stored in session
+get '/signin' do
+  cookies[:user_id] = 'example_cookie'
+  'Ok'
+end
+
+# Auth endpoint: https://pusher.com/docs/channels/server_api/authenticating-users
+post '/pusher/auth' do
+  channel_data = {
+      user_id: 'example_user',
+      user_info: {
+        name: 'example_name',
+        email: 'example_email'
+      }
+    }
+
+  if cookies[:user_id] == 'example_cookie'
+    response = pusher.authenticate(params[:channel_name], params[:socket_id], channel_data)
+    json response
+  else
+    status 403
+  end
+end
+
+get '/pusher_trigger' do
+  channels = ['presence-channel-test'];
+
+  begin
+    pusher.trigger(channels, 'test-event', {
+      message: 'hello world'
+    })
+  rescue Pusher::Error => e
+  # (Pusher::AuthenticationError, Pusher::HTTPError, or Pusher::Error)
+  end
+
+  'Triggered!'
+end

data/examples/presence_channels/public/presence_channels.html

@@ -0,0 +1,28 @@
+<!DOCTYPE html>
+<head>
+  <title>Pusher Test</title>
+  <script src="https://js.pusher.com/5.0/pusher.min.js"></script>
+  <script>
+
+    // Enable pusher logging - don't include this in production
+    Pusher.logToConsole = true;
+
+    var pusher = new Pusher('your-app-key', {
+      cluster: 'your-app-cluster',
+      forceTLS: true,
+      authEndpoint: '/pusher/auth'
+    });
+
+    var channel = pusher.subscribe('presence-channel-test');
+    channel.bind('test-event', function(data) {
+      alert(JSON.stringify(data));
+    });
+  </script>
+</head>
+<body>
+  <h1>Pusher Test</h1>
+  <p>
+    Try publishing an event to channel <code>presence-channel-test</code>
+    with event name <code>test-event</code>.
+  </p>
+</body>

data/lib/pusher/client.rb

@@ -1,8 +1,10 @@
+require 'base64'
+
 require 'pusher-signature'
 
 module Pusher
   class Client
-    attr_accessor :scheme, :host, :port, :app_id, :key, :secret, :notification_host, :notification_scheme
+    attr_accessor :scheme, :host, :port, :app_id, :key, :secret, :notification_host, :notification_scheme, :encryption_master_key
     attr_reader :http_proxy, :proxy
     attr_writer :connect_timeout, :send_timeout, :receive_timeout,
                 :keep_alive_timeout
@@ -55,6 +57,11 @@ module Pusher
           :scheme, :host, :port, :app_id, :key, :secret, :notification_host, :notification_scheme
         )
 
+      if options.has_key?(:encryption_master_key_base64)
+        @encryption_master_key =
+          Base64.decode64(options[:encryption_master_key_base64])
+      end
+
       @http_proxy = nil
       self.http_proxy = options[:http_proxy] if options[:http_proxy]
 
@@ -138,6 +145,12 @@ module Pusher
       @connect_timeout, @send_timeout, @receive_timeout = value, value, value
     end
 
+    # Set an encryption_master_key to use with private-encrypted channels from
+    # a base64 encoded string.
+    def encryption_master_key_base64=(s)
+      @encryption_master_key = s ? Base64.decode64(s) : nil
+    end
+
     ## INTERACT WITH THE API ##
 
     def resource(path)
@@ -413,10 +426,17 @@ module Pusher
       channels = Array(channels).map(&:to_s)
       raise Pusher::Error, "Too many channels (#{channels.length}), max 10" if channels.length > 10
 
+      encoded_data = if channels.any?{ |c| c.match(/^private-encrypted-/) } then
+        raise Pusher::Error, "Cannot trigger to multiple channels if any are encrypted" if channels.length > 1
+        encrypt(channels[0], encode_data(data))
+      else
+        encode_data(data)
+      end
+
       params.merge({
         name: event_name,
         channels: channels,
-        data: encode_data(data),
+        data: encoded_data,
       })
     end
 
@@ -424,7 +444,11 @@ module Pusher
       {
         batch: events.map do |event|
           event.dup.tap do |e|
-            e[:data] = encode_data(e[:data])
+            e[:data] = if e[:channel].match(/^private-encrypted-/) then
+              encrypt(e[:channel], encode_data(e[:data]))
+            else
+              encode_data(e[:data])
+            end
           end
         end
       }
@@ -436,6 +460,28 @@ module Pusher
       MultiJson.encode(data)
     end
 
+    # Encrypts a message with a key derived from the master key and channel
+    # name
+    def encrypt(channel, encoded_data)
+      raise ConfigurationError, :encryption_master_key unless @encryption_master_key
+
+      # Only now load rbnacl, so that people that aren't using it don't need to
+      # install libsodium
+      require 'rbnacl'
+
+      secret_box = RbNaCl::SecretBox.new(
+        RbNaCl::Hash.sha256(channel + @encryption_master_key)
+      )
+
+      nonce = RbNaCl::Random.random_bytes(secret_box.nonce_bytes)
+      ciphertext = secret_box.encrypt(nonce, encoded_data)
+
+      MultiJson.encode({
+        "nonce" => Base64::encode64(nonce),
+        "ciphertext" => Base64::encode64(ciphertext),
+      })
+    end
+
     def configured?
       host && scheme && key && secret && app_id
     end

data/lib/pusher/version.rb

@@ -1,3 +1,3 @@
 module Pusher
-  VERSION = '1.3.3'
+  VERSION = '1.4.0'
 end

data/pusher.gemspec

@@ -13,18 +13,19 @@ Gem::Specification.new do |s|
   s.description = %q{Wrapper for Pusher Channels REST api: : https://pusher.com/channels}
   s.license     = "MIT"
 
-  s.add_dependency "multi_json", "~> 1.0"
+  s.add_dependency "multi_json", "~> 1.15"
   s.add_dependency 'pusher-signature', "~> 0.1.8"
-  s.add_dependency "httpclient", "~> 2.7"
+  s.add_dependency "httpclient", "~> 2.8"
   s.add_dependency "jruby-openssl" if defined?(JRUBY_VERSION)
+  s.add_dependency "rbnacl", "~> 7.1"
 
-  s.add_development_dependency "rspec", "~> 3.0"
-  s.add_development_dependency "webmock"
-  s.add_development_dependency "em-http-request", "~> 1.1.0"
-  s.add_development_dependency "addressable", "=2.4.0"
-  s.add_development_dependency "rake", "~> 10.4.2"
-  s.add_development_dependency "rack", "~> 1.6.4"
-  s.add_development_dependency "json", "~> 1.8.3"
+  s.add_development_dependency "rspec", "~> 3.9"
+  s.add_development_dependency "webmock", "~> 3.9"
+  s.add_development_dependency "em-http-request", "~> 1.1"
+  s.add_development_dependency "addressable", "~> 2.7"
+  s.add_development_dependency "rake", "~> 13.0"
+  s.add_development_dependency "rack", "~> 2.2"
+  s.add_development_dependency "json", "~> 2.3"
 
   s.files         = `git ls-files`.split("\n")
   s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")

data/spec/client_spec.rb

@@ -1,7 +1,12 @@
-require 'spec_helper'
+require 'base64'
 
+require 'rbnacl'
 require 'em-http'
 
+require 'spec_helper'
+
+encryption_master_key = RbNaCl::Random.random_bytes(32)
+
 describe Pusher do
   # The behaviour should be the same when using the Client object, or the
   # 'global' client delegated through the Pusher class
@@ -171,11 +176,22 @@ describe Pusher do
       end
     end
 
+    describe 'can set encryption_master_key_base64' do
+      it "sets encryption_master_key" do
+        @client.encryption_master_key_base64 =
+          Base64.encode64(encryption_master_key)
+
+        expect(@client.encryption_master_key).to eq(encryption_master_key)
+      end
+    end
+
     describe 'when configured' do
       before :each do
         @client.app_id = '20'
         @client.key    = '12345678900000001'
         @client.secret = '12345678900000001'
+        @client.encryption_master_key_base64 =
+          Base64.encode64(encryption_master_key)
       end
 
       describe '#[]' do
@@ -321,6 +337,46 @@ describe Pusher do
             }
           end
         end
+
+        it "should fail to publish to encrypted channels when missing key" do
+          @client.encryption_master_key_base64 = nil
+          expect {
+            @client.trigger('private-encrypted-channel', 'event', {'some' => 'data'})
+          }.to raise_error(Pusher::ConfigurationError)
+          expect(WebMock).not_to have_requested(:post, @api_path)
+        end
+
+        it "should fail to publish to multiple channels if one is encrypted" do
+          expect {
+            @client.trigger(
+              ['private-encrypted-channel', 'some-other-channel'],
+              'event',
+              {'some' => 'data'},
+            )
+          }.to raise_error(Pusher::Error)
+          expect(WebMock).not_to have_requested(:post, @api_path)
+        end
+
+        it "should encrypt publishes to encrypted channels" do
+          @client.trigger(
+            'private-encrypted-channel',
+            'event',
+            {'some' => 'data'},
+          )
+
+          expect(WebMock).to have_requested(:post, @api_path).with { |req|
+            data = MultiJson.decode(MultiJson.decode(req.body)["data"])
+
+            key = RbNaCl::Hash.sha256(
+              'private-encrypted-channel' + encryption_master_key
+            )
+
+            expect(MultiJson.decode(RbNaCl::SecretBox.new(key).decrypt(
+              Base64.decode64(data["nonce"]),
+              Base64.decode64(data["ciphertext"]),
+            ))).to eq({ 'some' => 'data' })
+          }
+        end
       end
 
       describe '#trigger_batch' do
@@ -352,6 +408,55 @@ describe Pusher do
             )
           }
         end
+
+        it "should fail to publish to encrypted channels when missing key" do
+          @client.encryption_master_key_base64 = nil
+          expect {
+            @client.trigger_batch(
+              {
+                channel: 'private-encrypted-channel',
+                name: 'event',
+                data: {'some' => 'data'},
+              },
+              {channel: 'mychannel', name: 'event', data: 'already encoded'},
+            )
+          }.to raise_error(Pusher::ConfigurationError)
+          expect(WebMock).not_to have_requested(:post, @api_path)
+        end
+
+        it "should encrypt publishes to encrypted channels" do
+          @client.trigger_batch(
+            {
+              channel: 'private-encrypted-channel',
+              name: 'event',
+              data: {'some' => 'data'},
+            },
+            {channel: 'mychannel', name: 'event', data: 'already encoded'},
+          )
+
+          expect(WebMock).to have_requested(:post, @api_path).with { |req|
+            batch = MultiJson.decode(req.body)["batch"]
+            expect(batch.length).to eq(2)
+
+            expect(batch[0]["channel"]).to eq("private-encrypted-channel")
+            expect(batch[0]["name"]).to eq("event")
+
+            data = MultiJson.decode(batch[0]["data"])
+
+            key = RbNaCl::Hash.sha256(
+              'private-encrypted-channel' + encryption_master_key
+            )
+
+            expect(MultiJson.decode(RbNaCl::SecretBox.new(key).decrypt(
+              Base64.decode64(data["nonce"]),
+              Base64.decode64(data["ciphertext"]),
+            ))).to eq({ 'some' => 'data' })
+
+            expect(batch[1]["channel"]).to eq("mychannel")
+            expect(batch[1]["name"]).to eq("event")
+            expect(batch[1]["data"]).to eq("already encoded")
+          }
+        end
       end
 
       describe '#trigger_async' do

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: pusher
 version: !ruby/object:Gem::Version
-  version: 1.3.3
+  version: 1.4.0
 platform: ruby
 authors:
 - Pusher
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-07-02 00:00:00.000000000 Z
+date: 2020-10-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: multi_json
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '1.15'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '1.15'
 - !ruby/object:Gem::Dependency
   name: pusher-signature
   requirement: !ruby/object:Gem::Requirement
@@ -44,112 +44,126 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.7'
+        version: '2.8'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.7'
+        version: '2.8'
+- !ruby/object:Gem::Dependency
+  name: rbnacl
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '7.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '7.1'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: '3.9'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: '3.9'
 - !ruby/object:Gem::Dependency
   name: webmock
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '3.9'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '3.9'
 - !ruby/object:Gem::Dependency
   name: em-http-request
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.1.0
+        version: '1.1'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.1.0
+        version: '1.1'
 - !ruby/object:Gem::Dependency
   name: addressable
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.4.0
+        version: '2.7'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.4.0
+        version: '2.7'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 10.4.2
+        version: '13.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 10.4.2
+        version: '13.0'
 - !ruby/object:Gem::Dependency
   name: rack
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.6.4
+        version: '2.2'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.6.4
+        version: '2.2'
 - !ruby/object:Gem::Dependency
   name: json
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.8.3
+        version: '2.3'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.8.3
+        version: '2.3'
 description: 'Wrapper for Pusher Channels REST api: : https://pusher.com/channels'
 email:
 - support@pusher.com
@@ -159,6 +173,7 @@ extra_rdoc_files: []
 files:
 - ".document"
 - ".gemtest"
+- ".github/stale.yml"
 - ".gitignore"
 - ".travis.yml"
 - CHANGELOG.md
@@ -167,6 +182,8 @@ files:
 - README.md
 - Rakefile
 - examples/async_message.rb
+- examples/presence_channels/presence_channels.rb
+- examples/presence_channels/public/presence_channels.html
 - lib/pusher.rb
 - lib/pusher/channel.rb
 - lib/pusher/client.rb
@@ -199,8 +216,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.5.2.2
+rubygems_version: 3.1.2
 signing_key: 
 specification_version: 4
 summary: Pusher Channels API client