quickbase 0.0.12 → 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: bb7aa9ed00a1e58a91709c83c6071dc3a8d7a533
+  data.tar.gz: 8b727513e2f934821254293bec240a16ca25eb9b
+SHA512:
+  metadata.gz: 93dbb3372277f563332168f9a34259b895461ce595cd99cebb1939eade4c722f8a40c8326c6457b8b3d804e4bf89bce752651dea4b10e05ddb3e758a989c3409
+  data.tar.gz: 35f9785c73be1def7d3902a418351df6f7888ff7378aeaca230d9a818773644f2f3d892bd6d83e050009f65989c333e07684f8db8ed893a4ef328e29ccc80809

data/README.rdoc

@@ -44,13 +44,20 @@ or, in your Gemfile
   quickbase.api.delete_record(7)
 
 == Setting a proxy
-  
+
   quickbase = Quickbase::Connection.new(:apptoken => "apptoken", :dbid => "dbid", :http_proxy => "http://my.proxy.com:80")
 
   the sytem http_proxy, https_proxy and no_proxy environment variable will be respected if you don't explicity pass a proxy
 
 == Changes
 
+  11/11/2016 - version 0.1.0
+  - fix security vulnerabilities to xml injections
+  - add vcr to tests
+  - add MIT license
+  - remove deprecated classes
+  - fix warnings with gemspec
+
   04/01/2015
   - Added proxy support
 

data/lib/classes/api.rb

@@ -1,11 +1,11 @@
 module Quickbase
   class API
     attr_accessor :connection
-  
+
     def initialize(connection)
-      instance_variable_set "@connection", connection
+      @connection = connection
     end
-  
+
     # Documentation at http://www.quickbase.com/api-guide/do_query.html
     def do_query(params)
       params[:fmt] = 'structured' if params[:fmt].nil? or params[:fmt].empty?
@@ -17,49 +17,44 @@ module Quickbase
       records = array_of_records.empty? ? response.xpath("//record") : array_of_records
       return [] if records.empty?
 
-      records.map{|record|
+      records.map do |record|
         array_of_fields = record.xpath("f[@type='array']/f")
         fields = array_of_fields.empty? ? record.xpath("f") : array_of_fields
-        Hash[fields.to_enum(:each_with_index).collect{|field,index|
+        Hash[fields.to_enum(:each_with_index).collect { |field,index|
           field_val = ""
           field_val_xpath = field.xpath("__content__").first
           field_val = field_val_xpath.content unless field_val_xpath.nil?
           Hash[keys[index],field_val]
         }.map(&:flatten)]
-      }
+      end
     end
-    
+
     def do_query_return_nokogiri_obj(params)
       #useful method for debugging
       params[:fmt] = 'structured' if params[:fmt].nil? or params[:fmt].empty?
       clist = params[:clist].to_s.split(".")
       friendly = params[:friendly].to_s.split(".")
       keys = friendly.empty? ? clist : friendly.map(&:to_sym)
-      response = connection.http.post("API_DoQuery", Quickbase::Helper.hash_to_xml(params))
-      return response
+      connection.http.post("API_DoQuery", Quickbase::Helper.hash_to_xml(params))
     end
-    
+
     # Documentation at http://www.quickbase.com/api-guide/add_record.html
     def add_record(fields)
       fields = Quickbase::Helper.generate_fields(fields)
       connection.http.post("API_AddRecord", fields)
     end
-    
+
     # Documentation at http://www.quickbase.com/api-guide/edit_record.html
     def edit_record(rid, fields)
       tags = Quickbase::Helper.generate_fields(fields)
       tags << Quickbase::Helper.hash_to_xml({:rid => rid.to_s})
       connection.http.post("API_EditRecord", tags)
     end
-    
+
     # Documentation at http://www.quickbase.com/api-guide/delete_record.html
     def delete_record(rid)
       tags = Quickbase::Helper.hash_to_xml({:rid => rid.to_s})
       connection.http.post("API_DeleteRecord", tags)
     end
   end
-  
-  class Api < API
-    puts "Class Api will be deprecated. Please use API instead."
-  end
-end
+end

data/lib/classes/connection.rb

@@ -1,9 +1,9 @@
 module Quickbase
   class Connection
     class << self
-      attr_writer :username, :password, :hours, :apptoken, :dbid, :org, :http_proxy
+      attr_writer :username, :password, :hours, :apptoken, :dbid, :org, :http_proxy, :usertoken
     end
-    attr_reader :username, :password, :hours, :apptoken, :dbid, :org, :http_proxy
+    attr_reader :username, :password, :hours, :apptoken, :dbid, :org, :http_proxy, :usertoken
 
     def self.expectant_reader(*attributes)
       attributes.each do |attribute|
@@ -13,24 +13,25 @@ module Quickbase
         end
       end
     end
-    expectant_reader :username, :password, :hours, :apptoken, :dbid, :org, :http_proxy
+    expectant_reader :username, :password, :hours, :apptoken, :dbid, :org, :http_proxy, :usertoken
 
     def initialize(options = {})
-      [:username, :password, :hours, :apptoken, :dbid, :org, :http_proxy].each do |attr|
+      [:username, :password, :hours, :apptoken, :dbid, :org, :http_proxy, :usertoken].each do |attr|
         instance_variable_set "@#{attr}", (options[attr].nil? ? Quickbase::Connection.send(attr) : options[attr])
       end
       instance_variable_set "@org", "www" if org.nil?
     end
 
     def instantiate
-      config = {
-          :username => username,
-          :password => password,
-          :hours => hours,
-          :apptoken => apptoken,
-          :dbid => dbid,
-          :org => org,
-          :http_proxy => http_proxy
+      {
+        username: username,
+        password: password,
+        hours: hours,
+        apptoken: apptoken,
+        dbid: dbid,
+        org: org,
+        http_proxy: http_proxy,
+        usertoken: usertoken
       }
     end
 
@@ -42,4 +43,4 @@ module Quickbase
       Quickbase::API.new(self)
     end
   end
-end
+end

data/lib/classes/helper.rb

@@ -1,21 +1,24 @@
 module Quickbase
   class Helper
-    def self.hash_to_xml(hash)
-      hash.map{|key,value|
+    def self.hash_to_xml(my_hash)
+      my_hash.map do |k,v|
+        key = k.to_s.encode(xml: :text)
+        value = v.to_s.encode(xml: :text)
         "<#{key}>#{value}</#{key}>"
-      }
+      end
     end
-    
-    def self.generate_xml(params)
-      Nokogiri::XML("<qdbapi>#{params.join}</qdbapi>")
+
+    def self.generate_xml(xml_input)
+      # xml_input is an array of xml strings
+      # you can use hash_to_xml to generate it
+      Nokogiri::XML("<qdbapi>#{xml_input.join}</qdbapi>")
     end
-    
+
     def self.generate_fields(fields)
-      fields.map{|key,value|
-        field = "<field "
-        fid = (key =~ /^[-+]?[0-9]+$/) ? field.concat('fid="'+key.to_s+'"') : field.concat('name="'+key.to_s+'"')
-        field.concat(">#{value}</field>")
-      }
+      fields.map do |key,value|
+        attr_name = (key =~ /^[-+]?[0-9]+$/) ? 'fid' : 'name'
+        "<field #{attr_name}=#{key.to_s.encode(xml: :attr)}>#{value.to_s.encode(xml: :text)}</field>"
+      end
     end
   end
-end
+end

data/lib/classes/http.rb

@@ -11,9 +11,8 @@ module Quickbase
       http_proxy = config[:http_proxy] || ENV['http_proxy']
       setup_proxy(http_proxy) if http_proxy
 
-      qb_params[:ticket] = auth_ticket config
-      qb_params[:apptoken] = config[:apptoken]
       qb_params[:dbid] = config[:dbid]
+      qb_params[:usertoken] = config[:usertoken]
     end
 
     def post(quickbase_action, params = [])
@@ -59,8 +58,4 @@ module Quickbase
       end
     end
   end
-
-  class Http < HTTP
-    puts "Class Http will be deprecated. Please use HTTP instead."
-  end
-end
+end

data/quickbase.gemspec

@@ -1,6 +1,6 @@
 Gem::Specification.new do |s|
   s.name = %q{quickbase}
-  s.version = "0.0.12"
+  s.version = "0.1.0"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 1.2") if s.respond_to? :required_rubygems_version=
   s.authors = ["Artem Kalinchuk"]
@@ -13,6 +13,8 @@ Gem::Specification.new do |s|
   s.rubyforge_project = %q{quickbase}
   s.rubygems_version = %q{1.8.5}
   s.summary = %q{Quickbase Ruby Gem}
+  s.homepage = 'https://github.com/kalinchuk/quickbase'
+  s.license = 'MIT'
   s.add_dependency(%q<nokogiri>, [">= 0"])
   s.add_dependency(%q<httparty>, [">= 0"])
   s.add_dependency(%q<activesupport>, [">= 0"])

data/spec/quickbase_spec.rb

@@ -4,80 +4,91 @@ require 'pp'
 require 'spec_helper'
 
 #fill in your own quickbase account / database
-Quickbase::Connection.username = ""
-Quickbase::Connection.password = ""
-Quickbase::Connection.org = ""
-apptoken = ""
-dbid = ""
+Quickbase::Connection.username = "username"
+Quickbase::Connection.password = "password"
+Quickbase::Connection.org = "intuitcorp"
+apptoken = "apptoken"
+dbid = "dbid"
 
 describe Quickbase::Connection do
+  let(:connection) { described_class.new(:apptoken => apptoken, :dbid => dbid) }
+  let(:connection_hash) do
+    {
+      apptoken: connection.apptoken,
+      dbid: connection.dbid,
+      hours: connection.hours,
+      org: connection.org,
+      password: connection.password,
+      username: connection.username
+    }
+  end
+
+  let(:default_values_hash) do
+    {
+      apptoken: apptoken,
+      dbid: dbid,
+      hours: nil,
+      org: described_class.org,
+      password: described_class.password,
+      username: described_class.username
+    }
+  end
+
   describe "initialize" do
     it "initializes successfully" do
-      quickbase = Quickbase::Connection.new(:apptoken => apptoken, :dbid => dbid)
-      
-      connection_hash = {
-        :apptoken => quickbase.apptoken,
-        :dbid => quickbase.dbid,
-        :hours => quickbase.hours,
-        :org => quickbase.org,
-        :password => quickbase.password,
-        :username => quickbase.username
-      }
-      
-      default_values_hash = {
-        :apptoken => apptoken,
-        :dbid => dbid,
-        :hours => nil,
-        :org => Quickbase::Connection.org,
-        :password => Quickbase::Connection.password,
-        :username => Quickbase::Connection.username
-      }
-      
-      connection_hash.should == default_values_hash
+      expect(connection_hash).to eq default_values_hash
     end
   end
 end
 
 describe Quickbase::Helper do
   describe "self.hash_to_xml" do
-    it "creates XML out of a hash" do
-      hash = {:test => "this is the content of the test tag", :test2 => "contents of test2"}
-    
-      Quickbase::Helper.hash_to_xml(hash).join.should == "<test>this is the content of the test tag</test><test2>contents of test2</test2>"
-    end
+    let(:params) { {test: "this is the content of the test tag", test2: "contents of test2"} }
+    let(:result) { ["<test>this is the content of the test tag</test>", "<test2>contents of test2</test2>"] }
+
+    subject { described_class.hash_to_xml(params) }
+
+    it { is_expected.to eq result }
   end
-  
+
   describe "self.generate_xml" do
-    it "returns a formatted Quickbase XML" do
-      hash = {:test => "this is the content of the test tag", :test2 => "contents of test2"}
-      Quickbase::Helper.generate_xml(Quickbase::Helper.hash_to_xml(hash)).to_s.should == Nokogiri::XML("<qdbapi><test>this is the content of the test tag</test><test2>contents of test2</test2></qdbapi>").to_s
+    let(:input) { ["<test>this is the content of the test tag</test>", "<test2>contents of test2</test2>"] }
+    let(:expect_xml) { Nokogiri::XML("<qdbapi><test>this is the content of the test tag</test><test2>contents of test2</test2></qdbapi>") }
+
+    subject { described_class.generate_xml(input).to_s }
+
+    it 'returns a formatted Quickbase XML' do
+      expect(subject).to eq expect_xml.to_s
     end
   end
-  
+
   describe "self.generate_fields" do
-    it "creates an array of tags with all the fields" do
-      fields = {:first_name => "John", :last_name => "Smith"}
-      Quickbase::Helper.generate_fields(fields).should ==  ["<field name=\"first_name\">John</field>", "<field name=\"last_name\">Smith</field>"]
-    end
+    let(:fields) { {first_name: "John", last_name: "Smith"} }
+    let(:result) { ["<field name=\"first_name\">John</field>", "<field name=\"last_name\">Smith</field>"] }
+
+    subject { described_class.generate_fields(fields) }
+
+    it { is_expected.to eq result }
   end
 end
 
 describe Quickbase::API do
-  describe "do_query" do
-    it "queries for data" do
-      quickbase = Quickbase::Connection.new(:apptoken => apptoken, :dbid => dbid)
-      
-      results = quickbase.api.do_query(:query => "{'1'.XEX.'1'}", :clist => "1.2", :slist => "1")
-      results.length.should_not == 0
-    end
+  let(:connection) { Quickbase::Connection.new(apptoken: apptoken, dbid: dbid) }
+  let(:api) { connection.api }
+
+  describe "do_query", vcr: {cassette_name: 'do_query'} do
+    subject { api.do_query(query: "{'1'.XEX.'1'}", clist: "1.2", slist: "1") }
+
+    it { is_expected.to eq [{"1"=>"1280355979800", "2"=>"1280355979800"}, {"1"=>"1280355979800", "2"=>"1280355979800"}] }
   end
-  
-  describe "do_query_return_xml" do
-    it "return xml" do
-      quickbase = Quickbase::Connection.new(:apptoken => apptoken, :dbid => dbid)
-      
-      xml = quickbase.api.do_query_return_nokogiri_obj(:query => "{'1'.XEX.'1'}", :clist => "1.2", :slist => "1")
-      xml.class.to_s.should == "Nokogiri::XML::Document"
+
+  describe "do_query_return_xml", vcr: {cassette_name: 'do_query'} do
+    let(:xml_response) { IO.read('./spec/fixtures/xml_response.xml') }
+    subject { api.do_query_return_nokogiri_obj(query: "{'1'.XEX.'1'}", clist: "1.2", slist: "1") }
+
+    it "returns xml" do
+      expect(subject).to be_a_kind_of Nokogiri::XML::Document
+      expect(subject.to_s).to eq xml_response
     end
   end
-end
+end

metadata

@@ -1,8 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: quickbase
 version: !ruby/object:Gem::Version
-  version: 0.0.12
-  prerelease: 
+  version: 0.1.0
 platform: ruby
 authors:
 - Artem Kalinchuk
@@ -14,49 +13,43 @@ dependencies:
 - !ruby/object:Gem::Dependency
   name: nokogiri
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: httparty
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: activesupport
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 description: The Quickbase Gem provides integration access to the Intuit Quickbase
@@ -66,40 +59,40 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- lib/quickbase.rb
-- quickbase.gemspec
 - README.rdoc
 - lib/classes/api.rb
 - lib/classes/connection.rb
 - lib/classes/helper.rb
 - lib/classes/http.rb
+- lib/quickbase.rb
+- quickbase.gemspec
 - spec/quickbase_spec.rb
-homepage: 
-licenses: []
+homepage: https://github.com/kalinchuk/quickbase
+licenses:
+- MIT
+metadata: {}
 post_install_message: 
 rdoc_options:
-- --line-numbers
-- --inline-source
-- --title
+- "--line-numbers"
+- "--inline-source"
+- "--title"
 - Quickbase
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '1.2'
 requirements: []
 rubyforge_project: quickbase
-rubygems_version: 1.8.23.2
+rubygems_version: 2.4.6
 signing_key: 
-specification_version: 3
+specification_version: 4
 summary: Quickbase Ruby Gem
 test_files: []