queue_it 1.1.5 → 2.0.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: dc03e572dc3b9709897e704c40dd3d9d42d2e84a
-  data.tar.gz: e82516ec9b5e40598d9dfa7974ba4ad89f38a368
+SHA256:
+  metadata.gz: 87e336fa29f833214ed5425988535193cd775810fb5d614b652e393dcdbe39be
+  data.tar.gz: f62d9a933de73a20a73a9d8f6886017ea53bc4e8ecdc6a33f913b48d49e0d2f4
 SHA512:
-  metadata.gz: 4142292b609ba1481f2007bc5de6caad7b031b20c86fd806fba92eb91087063e23e8790d916dcd7c1ca1b181074fe1904088b414e708424fcf106253f3fb56bb
-  data.tar.gz: 6fe22aacde3bb74c7cea4de2ef7f8d23d1a1b81c8dee485b3c2c5af88d95b2a3cb7050081a845cb3d1afba5bf9374b782f5a97655a4574d6af72f0b390cc044d
+  metadata.gz: 38b9b4495c80e794ef00490f6f0f5d30026579c97d2ec10cbe3f83aa0a9948e853f0b6559e76186ad49498ae2efe99e0f2a846734d63765ba00a44ba45b02d61
+  data.tar.gz: 3d2e2fdbb14a313939ff75dcd04d609e557d9f002c0894907a5bfe13763668f268758074a815c59d0b1fe7bcad2a8c1d58894aaaba37762c980fe2b8ef622aa9

data/CHANGELOG.md

@@ -1,3 +1,19 @@
+### 2.0.1 - 2021-04-26
+
+* Updated the queue and cancel URL from `q.queue-it.net` to `customer_id.queue-it.net`.
+* Updated the queue URLs to use https.
+
+### 2.0.0 - 2020-10-29
+
+* A customer ID is needed to create a client instance
+* Always include the Customer ID in the API request URL
+* Bump webmock to properly handle Ruby 2.4+
+
+### 1.1.6 - 2017-03-15
+
+* Now by default, during creation event, we support using redirect urls
+* Added possibility to pass redirect url for queue it
+
 ### 1.1.5 - 2016-06-02
 
 * Remove warning about circular argument reference - api_key in Ruby 2.3.1

data/README.md

@@ -80,7 +80,7 @@ end
 Initialize client to pass it as a dependency to `Event` instance.
 
 ``` ruby
-client = QueueIt::Api::Client.new(api_key: "SECRET_API_KEY")
+client = QueueIt::Api::Client.new("YOUR_CUSTOMER_ID", api_key: "SECRET_API_KEY")
 ```
 
 #### Event

data/lib/queue_it.rb

@@ -1,5 +1,5 @@
 require "queue_it/version"
-require "queue_it/known_user_checker"
+require "queue_it/extract_queue_number"
 require "queue_it/api/client"
 require "queue_it/api/event"
 

data/lib/queue_it/api/client.rb

@@ -8,11 +8,12 @@ module QueueIt
   module Api
     class Client
       JSON_FORMAT  = "application/json".freeze
-      ENDPOINT_URL = URI("https://api2.queue-it.net/2_0_beta/event").freeze
 
-      def initialize(api_key: nil, debug: false)
+      def initialize(customer_id, api_key: nil, debug: false)
+        self.customer_id = customer_id
         self.api_key = api_key
         self.debug   = debug
+        self.endpoint = URI("https://#{customer_id}.api2.queue-it.net/2_0/event")
       end
 
       def put(path, body)
@@ -21,11 +22,11 @@ module QueueIt
 
       private
 
-      attr_accessor :api_key, :debug
+      attr_accessor :api_key, :customer_id, :debug, :endpoint
 
       def options
         {
-          url: ENDPOINT_URL.dup,
+          url: endpoint.dup,
           headers: {
             accept: JSON_FORMAT,
             content_type: JSON_FORMAT,

data/lib/queue_it/api/event.rb

@@ -48,23 +48,23 @@ module QueueIt
       MICROSOFT_TIME_ZONE_INDEX_VALUES = {
         "Europe/Helsinki"   => "FLE Standard Time",
         "Helsinki"          => "FLE Standard Time",
-        
+
         "Europe/London"     => "GMT Standard Time",
         "London"            => "GMT Standard Time",
         "Edinburgh"         => "GMT Standard Time",
-        
+
         "Europe/Dublin"     => "GMT Standard Time",
         "Dublin"            => "GMT Standard Time",
-        
+
         "Europe/Copenhagen" => "Romance Standard Time",
         "Copenhagen"        => "Romance Standard Time",
-        
+
         "Europe/Paris"      => "Romance Standard Time",
         "Paris"             => "Romance Standard Time",
-        
+
         "Europe/Stockholm"  => "W. Europe Standard Time",
         "Stockholm"         => "W. Europe Standard Time",
-        
+
         "Europe/Rome"       => "W. Europe Standard Time",
         "Rome"              => "W. Europe Standard Time",
       }.freeze
@@ -113,7 +113,7 @@ module QueueIt
           "AfterEventRedirectPage"       => "",
           "UseSSL"                       => "Auto",
           "JavaScriptSupportEnabled"     => "False",
-          "TargetUrlSupportEnabled"      => "False",
+          "TargetUrlSupportEnabled"      => "True",
           "SafetyNetMode"                => "Disabled",
           "KnowUserSecurity"             => "MD5Hash",
           "KnowUserSecretKey"            => know_user_secret_key,

data/lib/queue_it/extract_queue_number.rb

@@ -0,0 +1,45 @@
+require 'digest/md5'
+
+module QueueIt
+  class ExtractQueueNumber
+    def call(secret_key:, request_url:, request_params:)
+      encrypted_place_in_queue = request_params['p']
+      expected_hash = request_params['h']
+
+      raise QueueIt::MissingArgsGiven.new if queue_it_params_missing?(request_params)
+
+      if verify_md5_hash?(request_url, expected_hash, secret_key)
+        return decrypted_place_in_queue(encrypted_place_in_queue)
+      else
+        raise QueueIt::NotAuthorized.new
+      end
+    end
+
+    private
+
+    def queue_it_params_missing?(params)
+      queue_id = params['q'] # A QuID, the user’s queue ID
+      encrypted_place_in_queue = params['p'] # A text, an encrypted version of the user’s queue number
+      expected_hash = params['h'] # An integer calculated hash
+      timestamp = params['ts'] # An integer timestamp counting number of seconds since 1970-01-01 00:00:00 UTC
+
+      [queue_id, encrypted_place_in_queue, timestamp, expected_hash].any?(&:nil?)
+    end
+
+    # uses one char of each string at a given starting point
+    # given b852fe78-0d10-4254-823c-f8749c401153 should get 4212870
+    def decrypted_place_in_queue(encrypted_place_in_queue)
+      return encrypted_place_in_queue[ 30..30 ] + encrypted_place_in_queue[ 3..3 ] + encrypted_place_in_queue[ 11..11 ] +
+             encrypted_place_in_queue[ 20..20 ] + encrypted_place_in_queue[ 7..7 ] + encrypted_place_in_queue[ 26..26 ] +
+             encrypted_place_in_queue[ 9..9 ]
+    end
+
+    # TODO add timestamp check
+    def verify_md5_hash?(url, expected_hash, secret_key)
+      url_no_hash = "#{url[ 0..-33 ]}#{secret_key}"
+      actual_hash = Digest::MD5.hexdigest(url_no_hash)
+
+      return (expected_hash == actual_hash)
+    end
+  end
+end

data/lib/queue_it/queueable.rb

@@ -1,14 +1,17 @@
+require 'queue_it/url_builder'
+
 module QueueIt
   module Queueable
     extend ActiveSupport::Concern
 
     included do
-      def protect_with_queue!(known_user_secret_key, event_id, customer_id)
+      def protect_with_queue!(known_user_secret_key, event_id, customer_id, redirect_url: nil)
         create_or_verify_queue_it_session(known_user_secret_key,
                                           event_id,
                                           customer_id,
-                                          request.url,
-                                          params)
+                                          request.original_url,
+                                          params,
+                                          redirect_url)
       end
 
       def queue_it_queue_id(event_id)
@@ -32,13 +35,16 @@ module QueueIt
 
     private
 
-      def create_or_verify_queue_it_session(secret_key, event_id, customer_id, request_url, params)
+      def create_or_verify_queue_it_session(secret_key, event_id, customer_id, request_url, params, current_tickets_url)
         # If there exists a session, we return. This needs to be refactored when we start to look at the timestamp parameter
         return if session[queue_it_session_variable(event_id)].present?
 
         begin
-          user_checker                                 = QueueIt::KnownUserChecker.new(secret_key, event_id, customer_id)
-          session[queue_it_session_variable(event_id)] = user_checker.create_or_verify_queue_it_session!(request_url, params)
+          queue_number = QueueIt::ExtractQueueNumber.new.(
+            secret_key: secret_key,
+            request_url: request_url,
+            request_params: params)
+          session[queue_it_session_variable(event_id)] = queue_number
 
           # If the request URL contains queue_it params we remove them and redirect
           # this is done to mask the params we use to create and verify the queue_it session
@@ -46,7 +52,7 @@ module QueueIt
             redirect_to QueueIt::UrlBuilder.clean_url(request_url) and return
           end
         rescue QueueIt::MissingArgsGiven
-          queue_url = QueueIt::UrlBuilder.build_queue_url(customer_id, event_id)
+          queue_url = QueueIt::UrlBuilder.build_queue_url(customer_id, event_id, current_tickets_url)
           destroy_all_queue_it_sessions
           render("queue_it/enter_queue", layout: false, locals: { queue_it_url: queue_url }) and return
         rescue QueueIt::NotAuthorized
@@ -55,8 +61,6 @@ module QueueIt
           render("queue_it/cheating_queue", layout: false, locals: { queue_it_url: queue_cancel_url }) and return
         end
       end
-
     end
-
   end
 end

data/lib/queue_it/url_builder.rb

@@ -2,12 +2,12 @@ require 'addressable/uri'
 
 module QueueIt
   class UrlBuilder
-    def self.build_queue_url(customer_id, event_id)
-      "http://q.queue-it.net/?c=#{customer_id}&e=#{event_id}"
+    def self.build_queue_url(customer_id, event_id, redirect_url)
+      "https://#{customer_id}.queue-it.net/?c=#{customer_id}&e=#{event_id}&t=#{CGI.escape(redirect_url)}"
     end
 
     def self.build_cancel_url(customer_id, event_id, queue_id = nil)
-      "http://q.queue-it.net/cancel.aspx?c=#{customer_id}&e=#{event_id}&q=#{queue_id}"
+      "https://#{customer_id}.queue-it.net/cancel.aspx?c=#{customer_id}&e=#{event_id}&q=#{queue_id}"
     end
 
     # Removes all queue_it params from URL

data/lib/queue_it/version.rb

@@ -1,3 +1,3 @@
 module QueueIt
-  VERSION = "1.1.5"
+  VERSION = "2.0.1"
 end

data/queue_it.gemspec

@@ -19,10 +19,10 @@ Gem::Specification.new do |spec|
   spec.require_paths = ["lib"]
 
   spec.add_runtime_dependency "addressable", "~> 2.3"
-  spec.add_runtime_dependency "faraday", "~> 0.9"
-  spec.add_runtime_dependency "faraday_middleware", "~> 0.9"
+  spec.add_runtime_dependency "faraday", "<= 2.0", ">= 0.9"
+  spec.add_runtime_dependency "faraday_middleware", "<= 2.0", ">= 0.9"
 
   spec.add_development_dependency "bundler", "~> 1.3"
   spec.add_development_dependency "rspec", "~> 3.2"
-  spec.add_development_dependency "webmock", "~> 1.21"
+  spec.add_development_dependency "webmock", "~> 3.3"
 end

data/spec/queue_it/api/client_spec.rb

@@ -5,7 +5,7 @@ require 'queue_it/api/client'
 module QueueIt
   module Api
     describe Client do
-      subject(:client) { described_class.new(api_key: "SECURE_KEY") }
+      subject(:client) { Client.new("customerid", api_key: "SECURE_KEY") }
 
       specify "PUT data under given endpoint & path in JSON format" do
         request_hash  = { "Request" => true }
@@ -71,7 +71,7 @@ module QueueIt
       end
 
       specify "debugging mode puts to STDOUT" do
-        client = Client.new(api_key: "SECURE_KEY", debug: true)
+        client = Client.new("customerid", api_key: "SECURE_KEY", debug: true)
 
         request_hash  = { "Request"  => true }
 
@@ -83,7 +83,7 @@ module QueueIt
       private
 
       def endpoint_url
-        Client::ENDPOINT_URL.to_s + "/fancy_event"
+        "https://customerid.api2.queue-it.net/2_0/event/fancy_event"
       end
 
       def stub_request_factory(method: :put, status: 200, request_body: "{}", response_body: "{}", content_type: "application/json")

data/spec/queue_it/api/event_spec.rb

@@ -108,12 +108,12 @@ module QueueIt
         end
 
         specify "Request hits proper endpoint" do
-          client        = Client.new(api_key: "SECURE_KEY")
+          client        = Client.new("customerid", api_key: "SECURE_KEY")
           event_adapter = Event.new(client)
 
           body = JSON.generate(valid_create_body)
 
-          stub = stub_request(:put, "https://api2.queue-it.net/2_0_beta/event/fancyevent")
+          stub = stub_request(:put, "https://customerid.api2.queue-it.net/2_0/event/fancyevent")
             .with(body: body, headers: headers)
 
           event_adapter.create_or_update(event_id:                         event_id,
@@ -148,7 +148,7 @@ module QueueIt
             "AfterEventRedirectPage"       => "",
             "UseSSL"                       => "Auto",
             "JavaScriptSupportEnabled"     => "False",
-            "TargetUrlSupportEnabled"      => "False",
+            "TargetUrlSupportEnabled"      => "True",
             "SafetyNetMode"                => "Disabled",
             "KnowUserSecurity"             => "MD5Hash",
             "KnowUserSecretKey"            => know_user_secret_key,
@@ -165,13 +165,13 @@ module QueueIt
       end
 
       context "#set_speed" do
-        let(:client)                   { Client.new(api_key: "SECURE_KEY") }
+        let(:client)                   { Client.new("customerid", api_key: "SECURE_KEY") }
         let(:max_redirects_per_minute) { 15 }
 
         specify "Proper speed value is set" do
           body = { "MaxRedirectsPerMinute" => "15" }
 
-          stub = stub_request(:put, "https://api2.queue-it.net/2_0_beta/event/fancyevent/queue/speed")
+          stub = stub_request(:put, "https://customerid.api2.queue-it.net/2_0/event/fancyevent/queue/speed")
             .with(body: body, headers: headers)
 
           event_adapter.set_speed(event_id: event_id, max_redirects_per_minute: max_redirects_per_minute)
@@ -182,7 +182,7 @@ module QueueIt
         specify "Speed must be greater than 5 so we send at least 5" do
           expected_body = { "MaxRedirectsPerMinute" => "5" }
 
-          stub = stub_request(:put, "https://api2.queue-it.net/2_0_beta/event/fancyevent/queue/speed")
+          stub = stub_request(:put, "https://customerid.api2.queue-it.net/2_0/event/fancyevent/queue/speed")
             .with(body: expected_body, headers: headers)
 
           event_adapter.set_speed(event_id: event_id, max_redirects_per_minute: 1)

data/spec/queue_it/extract_queue_number_spec.rb

@@ -0,0 +1,62 @@
+require 'queue_it'
+
+module QueueIt
+  RSpec.describe ExtractQueueNumber do
+    let(:secret_key) { "1c9950a7-f716-432e-b5fa-b148d00480db" }
+    let(:service) { ExtractQueueNumber.new }
+
+    specify "happy path" do
+      url = "https://example.com/some/path?q=2647344b-e639-4cd6-8a77-3a8801553716&p=053eeb2c-b272-41a2-aacf-2742bc99676c&ts=1489367379&c=examplecompany&e=someeventid42&rt=Queue&h=bbaf9807496ecb687c85bfcc1a8369e1"
+
+      result = service.(
+        secret_key: secret_key,
+        request_url: url,
+        request_params: parse_params(url))
+      expect(result).not_to be_empty
+    end
+
+    specify do
+      url = "https://example.com/some/path"
+
+      expect do
+        service.(secret_key: secret_key, request_url: url, request_params: {})
+      end.to raise_error(MissingArgsGiven)
+    end
+
+    specify "queue id param is required" do
+      url = "https://example.com/some/path?p=053eeb2c-b272-41a2-aacf-2742bc99676c&ts=1489367379&c=examplecompany&e=someeventid42&rt=Queue&h=bbaf9807496ecb687c85bfcc1a8369e1"
+
+      expect do
+        service.(secret_key: secret_key, request_url: url, request_params: parse_params(url))
+      end.to raise_error(MissingArgsGiven)
+    end
+
+    specify "timestamp param is required" do
+      url = "https://example.com/some/path?q=2647344b-e639-4cd6-8a77-3a8801553716&p=053eeb2c-b272-41a2-aacf-2742bc99676c&c=examplecompany&e=someeventid42&rt=Queue&h=bbaf9807496ecb687c85bfcc1a8369e1"
+
+      expect do
+        service.(secret_key: secret_key, request_url: url, request_params: parse_params(url))
+      end.to raise_error(MissingArgsGiven)
+    end
+
+    specify "encrypted place in queue param is required" do
+      url = "https://example.com/some/path?q=2647344b-e639-4cd6-8a77-3a8801553716&ts=1489367379&c=examplecompany&e=someeventid42&rt=Queue&h=bbaf9807496ecb687c85bfcc1a8369e1"
+
+      expect do
+        service.(secret_key: secret_key, request_url: url, request_params: parse_params(url))
+      end.to raise_error(MissingArgsGiven)
+    end
+
+    specify "hash is required" do
+      url = "https://example.com/some/path?q=2647345b-e639-4cd6-8a77-3a8801553716&p=053eeb2c-b272-41a2-aacf-2742bc99676c&ts=1489367379&c=examplecompany&e=someeventid42&rt=Queue"
+
+      expect do
+        service.(secret_key: secret_key, request_url: url, request_params: parse_params(url))
+      end.to raise_error(MissingArgsGiven)
+    end
+
+    def parse_params(url)
+      CGI.parse(URI.parse(url).query).each_with_object({}) {|(k,v),o| o[k] = v.first }
+    end
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: queue_it
 version: !ruby/object:Gem::Version
-  version: 1.1.5
+  version: 2.0.1
 platform: ruby
 authors:
 - Billetto
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2016-06-02 00:00:00.000000000 Z
+date: 2021-04-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: addressable
@@ -28,28 +28,40 @@ dependencies:
   name: faraday
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - "<="
+      - !ruby/object:Gem::Version
+        version: '2.0'
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0.9'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - "<="
+      - !ruby/object:Gem::Version
+        version: '2.0'
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0.9'
 - !ruby/object:Gem::Dependency
   name: faraday_middleware
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - "<="
+      - !ruby/object:Gem::Version
+        version: '2.0'
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0.9'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - "<="
+      - !ruby/object:Gem::Version
+        version: '2.0'
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0.9'
 - !ruby/object:Gem::Dependency
@@ -86,14 +98,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.21'
+        version: '3.3'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.21'
+        version: '3.3'
 description: Gem to handle the implementation of http://queue-it.net!
 email:
 - development@billetto.dk
@@ -114,7 +126,7 @@ files:
 - lib/queue_it/api/client.rb
 - lib/queue_it/api/error.rb
 - lib/queue_it/api/event.rb
-- lib/queue_it/known_user_checker.rb
+- lib/queue_it/extract_queue_number.rb
 - lib/queue_it/queueable.rb
 - lib/queue_it/railtie.rb
 - lib/queue_it/url_builder.rb
@@ -122,11 +134,12 @@ files:
 - queue_it.gemspec
 - spec/queue_it/api/client_spec.rb
 - spec/queue_it/api/event_spec.rb
+- spec/queue_it/extract_queue_number_spec.rb
 homepage: https://github.com/gfish/queue_it
 licenses:
 - GNU/GPLv3
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -141,11 +154,11 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.4.5
-signing_key: 
+rubygems_version: 3.2.3
+signing_key:
 specification_version: 4
 summary: Gem to handle the implementation of http://queue-it.net
 test_files:
 - spec/queue_it/api/client_spec.rb
 - spec/queue_it/api/event_spec.rb
+- spec/queue_it/extract_queue_number_spec.rb

data/lib/queue_it/known_user_checker.rb

@@ -1,60 +0,0 @@
-require 'digest/md5'
-require "queue_it/url_builder"
-
-module QueueIt
-  class KnownUserChecker
-
-    attr_accessor :shared_event_key, :event_id, :customer_id
-
-    def initialize(shared_event_key, event_id, customer_id)
-      self.shared_event_key = shared_event_key
-      self.event_id         = event_id
-      self.customer_id      = customer_id
-    end
-
-    # This is bound to Rails!
-    def create_or_verify_queue_it_session!(url, params)
-      queue_id                  = params['q' ] # A QuID, the user’s queue ID
-      encrypted_place_in_queue  = params['p' ] # A text, an encrypted version of the user’s queue number
-      expected_hash             = params['h' ] # An integer calculated hash
-      timestamp                 = params['ts'] # An integer timestamp counting number of seconds since 1970-01-01 00:00:00 UTC
-
-      verify_request!(url, queue_id, encrypted_place_in_queue, expected_hash, timestamp)
-    end
-
-    def verify_request!(url, queue_id, encrypted_place_in_queue, expected_hash, timestamp)
-      if verify_md5_hash?(url, queue_id, encrypted_place_in_queue, expected_hash, timestamp)
-        decrypted_place_in_queue(encrypted_place_in_queue)
-      else
-        raise QueueIt::NotAuthorized.new
-      end
-    end
-
-  private
-
-    # uses one char of each string at a given starting point
-    # given b852fe78-0d10-4254-823c-f8749c401153 should get 4212870
-    def decrypted_place_in_queue(encrypted_place_in_queue)
-      return encrypted_place_in_queue[ 30..30 ] + encrypted_place_in_queue[ 3..3 ] + encrypted_place_in_queue[ 11..11 ] +
-             encrypted_place_in_queue[ 20..20 ] + encrypted_place_in_queue[ 7..7 ] + encrypted_place_in_queue[ 26..26 ] +
-             encrypted_place_in_queue[ 9..9 ]
-    end
-
-    # TODO add timestamp check
-    def verify_md5_hash?(url, queue_id, encrypted_place_in_queue, expected_hash, timestamp)
-      raise QueueIt::MissingArgsGiven.new if [ url, queue_id, encrypted_place_in_queue, timestamp, expected_hash ].any?( &:nil? )
-
-      url_no_hash = "#{ url[ 0..-33 ] }#{ shared_event_key }" # Remove hash value and add SharedEventKey
-      actual_hash = Digest::MD5.hexdigest( utf8_encode( url_no_hash ) )
-
-      return false unless expected_hash == actual_hash
-      true
-    end
-
-    def utf8_encode(s)
-      s.encode('UTF-8', 'UTF-8')
-      s
-    end
-
-  end
-end