queue_it 1.1.5 → 1.1.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: dc03e572dc3b9709897e704c40dd3d9d42d2e84a
-  data.tar.gz: e82516ec9b5e40598d9dfa7974ba4ad89f38a368
+  metadata.gz: 587c18b540a06d28dee61fffa7ad6edba32dbd61
+  data.tar.gz: a658b21277dac5846d7d65a211f38a92e890d115
 SHA512:
-  metadata.gz: 4142292b609ba1481f2007bc5de6caad7b031b20c86fd806fba92eb91087063e23e8790d916dcd7c1ca1b181074fe1904088b414e708424fcf106253f3fb56bb
-  data.tar.gz: 6fe22aacde3bb74c7cea4de2ef7f8d23d1a1b81c8dee485b3c2c5af88d95b2a3cb7050081a845cb3d1afba5bf9374b782f5a97655a4574d6af72f0b390cc044d
+  metadata.gz: b1c61dc1c06bcd8856d390a97153146bc4e9cffd03a9715b7cee7c0c7dec9cf1d734094df2eb149dfcb0375e020f54454d758401faac2fab8df18bbe4116440d
+  data.tar.gz: 60251cb3097573560e11d35af2d6499d7b9546f7712154c4b9ea3aa765bb3b6dfab9fc3c387919193c69fda24f6a0ae8ea339a066f294c2825e891190b857de6

data/CHANGELOG.md

@@ -1,3 +1,8 @@
+### 1.1.6 - 2017-03-15
+
+* Now by default, during creation event, we support using redirect urls
+* Added possibility to pass redirect url for queue it
+
 ### 1.1.5 - 2016-06-02
 
 * Remove warning about circular argument reference - api_key in Ruby 2.3.1

data/lib/queue_it.rb

@@ -1,5 +1,5 @@
 require "queue_it/version"
-require "queue_it/known_user_checker"
+require "queue_it/extract_queue_number"
 require "queue_it/api/client"
 require "queue_it/api/event"
 

data/lib/queue_it/api/event.rb

@@ -48,23 +48,23 @@ module QueueIt
       MICROSOFT_TIME_ZONE_INDEX_VALUES = {
         "Europe/Helsinki"   => "FLE Standard Time",
         "Helsinki"          => "FLE Standard Time",
-        
+
         "Europe/London"     => "GMT Standard Time",
         "London"            => "GMT Standard Time",
         "Edinburgh"         => "GMT Standard Time",
-        
+
         "Europe/Dublin"     => "GMT Standard Time",
         "Dublin"            => "GMT Standard Time",
-        
+
         "Europe/Copenhagen" => "Romance Standard Time",
         "Copenhagen"        => "Romance Standard Time",
-        
+
         "Europe/Paris"      => "Romance Standard Time",
         "Paris"             => "Romance Standard Time",
-        
+
         "Europe/Stockholm"  => "W. Europe Standard Time",
         "Stockholm"         => "W. Europe Standard Time",
-        
+
         "Europe/Rome"       => "W. Europe Standard Time",
         "Rome"              => "W. Europe Standard Time",
       }.freeze
@@ -113,7 +113,7 @@ module QueueIt
           "AfterEventRedirectPage"       => "",
           "UseSSL"                       => "Auto",
           "JavaScriptSupportEnabled"     => "False",
-          "TargetUrlSupportEnabled"      => "False",
+          "TargetUrlSupportEnabled"      => "True",
           "SafetyNetMode"                => "Disabled",
           "KnowUserSecurity"             => "MD5Hash",
           "KnowUserSecretKey"            => know_user_secret_key,

data/lib/queue_it/extract_queue_number.rb

@@ -0,0 +1,45 @@
+require 'digest/md5'
+
+module QueueIt
+  class ExtractQueueNumber
+    def call(secret_key:, request_url:, request_params:)
+      encrypted_place_in_queue = request_params['p']
+      expected_hash = request_params['h']
+
+      raise QueueIt::MissingArgsGiven.new if queue_it_params_missing?(request_params)
+
+      if verify_md5_hash?(request_url, expected_hash, secret_key)
+        return decrypted_place_in_queue(encrypted_place_in_queue)
+      else
+        raise QueueIt::NotAuthorized.new
+      end
+    end
+
+    private
+
+    def queue_it_params_missing?(params)
+      queue_id = params['q'] # A QuID, the user’s queue ID
+      encrypted_place_in_queue = params['p'] # A text, an encrypted version of the user’s queue number
+      expected_hash = params['h'] # An integer calculated hash
+      timestamp = params['ts'] # An integer timestamp counting number of seconds since 1970-01-01 00:00:00 UTC
+
+      [queue_id, encrypted_place_in_queue, timestamp, expected_hash].any?(&:nil?)
+    end
+
+    # uses one char of each string at a given starting point
+    # given b852fe78-0d10-4254-823c-f8749c401153 should get 4212870
+    def decrypted_place_in_queue(encrypted_place_in_queue)
+      return encrypted_place_in_queue[ 30..30 ] + encrypted_place_in_queue[ 3..3 ] + encrypted_place_in_queue[ 11..11 ] +
+             encrypted_place_in_queue[ 20..20 ] + encrypted_place_in_queue[ 7..7 ] + encrypted_place_in_queue[ 26..26 ] +
+             encrypted_place_in_queue[ 9..9 ]
+    end
+
+    # TODO add timestamp check
+    def verify_md5_hash?(url, expected_hash, secret_key)
+      url_no_hash = "#{url[ 0..-33 ]}#{secret_key}"
+      actual_hash = Digest::MD5.hexdigest(url_no_hash)
+
+      return (expected_hash == actual_hash)
+    end
+  end
+end

data/lib/queue_it/queueable.rb

@@ -1,14 +1,17 @@
+require 'queue_it/url_builder'
+
 module QueueIt
   module Queueable
     extend ActiveSupport::Concern
 
     included do
-      def protect_with_queue!(known_user_secret_key, event_id, customer_id)
+      def protect_with_queue!(known_user_secret_key, event_id, customer_id, redirect_url: nil)
         create_or_verify_queue_it_session(known_user_secret_key,
                                           event_id,
                                           customer_id,
-                                          request.url,
-                                          params)
+                                          request.original_url,
+                                          params,
+                                          redirect_url)
       end
 
       def queue_it_queue_id(event_id)
@@ -32,13 +35,16 @@ module QueueIt
 
     private
 
-      def create_or_verify_queue_it_session(secret_key, event_id, customer_id, request_url, params)
+      def create_or_verify_queue_it_session(secret_key, event_id, customer_id, request_url, params, current_tickets_url)
         # If there exists a session, we return. This needs to be refactored when we start to look at the timestamp parameter
         return if session[queue_it_session_variable(event_id)].present?
 
         begin
-          user_checker                                 = QueueIt::KnownUserChecker.new(secret_key, event_id, customer_id)
-          session[queue_it_session_variable(event_id)] = user_checker.create_or_verify_queue_it_session!(request_url, params)
+          queue_number = QueueIt::ExtractQueueNumber.new.(
+            secret_key: secret_key,
+            request_url: request_url,
+            request_params: params)
+          session[queue_it_session_variable(event_id)] = queue_number
 
           # If the request URL contains queue_it params we remove them and redirect
           # this is done to mask the params we use to create and verify the queue_it session
@@ -46,7 +52,7 @@ module QueueIt
             redirect_to QueueIt::UrlBuilder.clean_url(request_url) and return
           end
         rescue QueueIt::MissingArgsGiven
-          queue_url = QueueIt::UrlBuilder.build_queue_url(customer_id, event_id)
+          queue_url = QueueIt::UrlBuilder.build_queue_url(customer_id, event_id, current_tickets_url)
           destroy_all_queue_it_sessions
           render("queue_it/enter_queue", layout: false, locals: { queue_it_url: queue_url }) and return
         rescue QueueIt::NotAuthorized
@@ -55,8 +61,6 @@ module QueueIt
           render("queue_it/cheating_queue", layout: false, locals: { queue_it_url: queue_cancel_url }) and return
         end
       end
-
     end
-
   end
 end

data/lib/queue_it/url_builder.rb

@@ -2,8 +2,8 @@ require 'addressable/uri'
 
 module QueueIt
   class UrlBuilder
-    def self.build_queue_url(customer_id, event_id)
-      "http://q.queue-it.net/?c=#{customer_id}&e=#{event_id}"
+    def self.build_queue_url(customer_id, event_id, redirect_url)
+      "http://q.queue-it.net/?c=#{customer_id}&e=#{event_id}&t=#{CGI.escape(redirect_url)}"
     end
 
     def self.build_cancel_url(customer_id, event_id, queue_id = nil)

data/lib/queue_it/version.rb

@@ -1,3 +1,3 @@
 module QueueIt
-  VERSION = "1.1.5"
+  VERSION = "1.1.6"
 end

data/spec/queue_it/api/event_spec.rb

@@ -148,7 +148,7 @@ module QueueIt
             "AfterEventRedirectPage"       => "",
             "UseSSL"                       => "Auto",
             "JavaScriptSupportEnabled"     => "False",
-            "TargetUrlSupportEnabled"      => "False",
+            "TargetUrlSupportEnabled"      => "True",
             "SafetyNetMode"                => "Disabled",
             "KnowUserSecurity"             => "MD5Hash",
             "KnowUserSecretKey"            => know_user_secret_key,

data/spec/queue_it/extract_queue_number_spec.rb

@@ -0,0 +1,62 @@
+require 'queue_it'
+
+module QueueIt
+  RSpec.describe ExtractQueueNumber do
+    let(:secret_key) { "1c9950a7-f716-432e-b5fa-b148d00480db" }
+    let(:service) { ExtractQueueNumber.new }
+
+    specify "happy path" do
+      url = "https://example.com/some/path?q=2647344b-e639-4cd6-8a77-3a8801553716&p=053eeb2c-b272-41a2-aacf-2742bc99676c&ts=1489367379&c=examplecompany&e=someeventid42&rt=Queue&h=bbaf9807496ecb687c85bfcc1a8369e1"
+
+      result = service.(
+        secret_key: secret_key,
+        request_url: url,
+        request_params: parse_params(url))
+      expect(result).not_to be_empty
+    end
+
+    specify do
+      url = "https://example.com/some/path"
+
+      expect do
+        service.(secret_key: secret_key, request_url: url, request_params: {})
+      end.to raise_error(MissingArgsGiven)
+    end
+
+    specify "queue id param is required" do
+      url = "https://example.com/some/path?p=053eeb2c-b272-41a2-aacf-2742bc99676c&ts=1489367379&c=examplecompany&e=someeventid42&rt=Queue&h=bbaf9807496ecb687c85bfcc1a8369e1"
+
+      expect do
+        service.(secret_key: secret_key, request_url: url, request_params: parse_params(url))
+      end.to raise_error(MissingArgsGiven)
+    end
+
+    specify "timestamp param is required" do
+      url = "https://example.com/some/path?q=2647344b-e639-4cd6-8a77-3a8801553716&p=053eeb2c-b272-41a2-aacf-2742bc99676c&c=examplecompany&e=someeventid42&rt=Queue&h=bbaf9807496ecb687c85bfcc1a8369e1"
+
+      expect do
+        service.(secret_key: secret_key, request_url: url, request_params: parse_params(url))
+      end.to raise_error(MissingArgsGiven)
+    end
+
+    specify "encrypted place in queue param is required" do
+      url = "https://example.com/some/path?q=2647344b-e639-4cd6-8a77-3a8801553716&ts=1489367379&c=examplecompany&e=someeventid42&rt=Queue&h=bbaf9807496ecb687c85bfcc1a8369e1"
+
+      expect do
+        service.(secret_key: secret_key, request_url: url, request_params: parse_params(url))
+      end.to raise_error(MissingArgsGiven)
+    end
+
+    specify "hash is required" do
+      url = "https://example.com/some/path?q=2647345b-e639-4cd6-8a77-3a8801553716&p=053eeb2c-b272-41a2-aacf-2742bc99676c&ts=1489367379&c=examplecompany&e=someeventid42&rt=Queue"
+
+      expect do
+        service.(secret_key: secret_key, request_url: url, request_params: parse_params(url))
+      end.to raise_error(MissingArgsGiven)
+    end
+
+    def parse_params(url)
+      CGI.parse(URI.parse(url).query).each_with_object({}) {|(k,v),o| o[k] = v.first }
+    end
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: queue_it
 version: !ruby/object:Gem::Version
-  version: 1.1.5
+  version: 1.1.6
 platform: ruby
 authors:
 - Billetto
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-06-02 00:00:00.000000000 Z
+date: 2017-03-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: addressable
@@ -114,7 +114,7 @@ files:
 - lib/queue_it/api/client.rb
 - lib/queue_it/api/error.rb
 - lib/queue_it/api/event.rb
-- lib/queue_it/known_user_checker.rb
+- lib/queue_it/extract_queue_number.rb
 - lib/queue_it/queueable.rb
 - lib/queue_it/railtie.rb
 - lib/queue_it/url_builder.rb
@@ -122,6 +122,7 @@ files:
 - queue_it.gemspec
 - spec/queue_it/api/client_spec.rb
 - spec/queue_it/api/event_spec.rb
+- spec/queue_it/extract_queue_number_spec.rb
 homepage: https://github.com/gfish/queue_it
 licenses:
 - GNU/GPLv3
@@ -142,10 +143,11 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.5
+rubygems_version: 2.5.1
 signing_key: 
 specification_version: 4
 summary: Gem to handle the implementation of http://queue-it.net
 test_files:
 - spec/queue_it/api/client_spec.rb
 - spec/queue_it/api/event_spec.rb
+- spec/queue_it/extract_queue_number_spec.rb

data/lib/queue_it/known_user_checker.rb

@@ -1,60 +0,0 @@
-require 'digest/md5'
-require "queue_it/url_builder"
-
-module QueueIt
-  class KnownUserChecker
-
-    attr_accessor :shared_event_key, :event_id, :customer_id
-
-    def initialize(shared_event_key, event_id, customer_id)
-      self.shared_event_key = shared_event_key
-      self.event_id         = event_id
-      self.customer_id      = customer_id
-    end
-
-    # This is bound to Rails!
-    def create_or_verify_queue_it_session!(url, params)
-      queue_id                  = params['q' ] # A QuID, the user’s queue ID
-      encrypted_place_in_queue  = params['p' ] # A text, an encrypted version of the user’s queue number
-      expected_hash             = params['h' ] # An integer calculated hash
-      timestamp                 = params['ts'] # An integer timestamp counting number of seconds since 1970-01-01 00:00:00 UTC
-
-      verify_request!(url, queue_id, encrypted_place_in_queue, expected_hash, timestamp)
-    end
-
-    def verify_request!(url, queue_id, encrypted_place_in_queue, expected_hash, timestamp)
-      if verify_md5_hash?(url, queue_id, encrypted_place_in_queue, expected_hash, timestamp)
-        decrypted_place_in_queue(encrypted_place_in_queue)
-      else
-        raise QueueIt::NotAuthorized.new
-      end
-    end
-
-  private
-
-    # uses one char of each string at a given starting point
-    # given b852fe78-0d10-4254-823c-f8749c401153 should get 4212870
-    def decrypted_place_in_queue(encrypted_place_in_queue)
-      return encrypted_place_in_queue[ 30..30 ] + encrypted_place_in_queue[ 3..3 ] + encrypted_place_in_queue[ 11..11 ] +
-             encrypted_place_in_queue[ 20..20 ] + encrypted_place_in_queue[ 7..7 ] + encrypted_place_in_queue[ 26..26 ] +
-             encrypted_place_in_queue[ 9..9 ]
-    end
-
-    # TODO add timestamp check
-    def verify_md5_hash?(url, queue_id, encrypted_place_in_queue, expected_hash, timestamp)
-      raise QueueIt::MissingArgsGiven.new if [ url, queue_id, encrypted_place_in_queue, timestamp, expected_hash ].any?( &:nil? )
-
-      url_no_hash = "#{ url[ 0..-33 ] }#{ shared_event_key }" # Remove hash value and add SharedEventKey
-      actual_hash = Digest::MD5.hexdigest( utf8_encode( url_no_hash ) )
-
-      return false unless expected_hash == actual_hash
-      true
-    end
-
-    def utf8_encode(s)
-      s.encode('UTF-8', 'UTF-8')
-      s
-    end
-
-  end
-end