rest-client 1.6.7 → 2.1.0

data/Rakefile

@@ -1,66 +1,140 @@
-require 'rake'
-
-require 'jeweler'
-
-Jeweler::Tasks.new do |s|
-  s.name = "rest-client"
-  s.description = "A simple HTTP and REST client for Ruby, inspired by the Sinatra microframework style of specifying actions: get, put, post, delete."
-  s.summary = "Simple HTTP and REST client for Ruby, inspired by microframework syntax for specifying actions."
-  s.authors = ["Adam Wiggins", "Julien Kirch"]
-  s.email = "rest.client@librelist.com"
-  s.homepage = "http://github.com/archiloque/rest-client"
-  s.files = FileList["[A-Z]*", "{bin,lib,spec}/**/*"]
-  s.test_files = FileList["{spec}/**/*"]
-  s.add_runtime_dependency("mime-types", ">= 1.16")
-  s.add_development_dependency("webmock", ">= 0.9.1")
-  s.add_development_dependency("rspec")
-  s.extra_rdoc_files = [ 'README.rdoc', 'history.md']
-end
+# load `rake build/install/release tasks'
+require 'bundler/setup'
+require_relative './lib/restclient/version'
 
-############################
+namespace :ruby do
+  Bundler::GemHelper.install_tasks(:name => 'rest-client')
+end
 
-require 'spec/rake/spectask'
+require "rspec/core/rake_task"
 
 desc "Run all specs"
-task :spec => ["spec:unit", "spec:integration"]
+RSpec::Core::RakeTask.new('spec')
 
 desc "Run unit specs"
-Spec::Rake::SpecTask.new('spec:unit') do |t|
-  t.spec_opts = ['--colour --format progress --loadby mtime --reverse']
-  t.spec_files = FileList['spec/*_spec.rb']
+RSpec::Core::RakeTask.new('spec:unit') do |t|
+  t.pattern = 'spec/unit/*_spec.rb'
 end
 
 desc "Run integration specs"
-Spec::Rake::SpecTask.new('spec:integration') do |t|
-  t.spec_opts = ['--colour --format progress --loadby mtime --reverse']
-  t.spec_files = FileList['spec/integration/*_spec.rb']
+RSpec::Core::RakeTask.new('spec:integration') do |t|
+  t.pattern = 'spec/integration/*_spec.rb'
 end
 
 desc "Print specdocs"
-Spec::Rake::SpecTask.new(:doc) do |t|
-  t.spec_opts = ["--format", "specdoc", "--dry-run"]
-  t.spec_files = FileList['spec/*_spec.rb']
+RSpec::Core::RakeTask.new(:doc) do |t|
+  t.rspec_opts = ["--format", "specdoc", "--dry-run"]
+  t.pattern = 'spec/**/*_spec.rb'
 end
 
 desc "Run all examples with RCov"
-Spec::Rake::SpecTask.new('rcov') do |t|
-  t.spec_files = FileList['spec/*_spec.rb']
+RSpec::Core::RakeTask.new('rcov') do |t|
+  t.pattern = 'spec/*_spec.rb'
   t.rcov = true
   t.rcov_opts = ['--exclude', 'examples']
 end
 
-task :default => :spec
+desc 'Regenerate authors file'
+task :authors do
+  Dir.chdir(File.dirname(__FILE__)) do
+    File.open('AUTHORS', 'w') do |f|
+      f.write <<-EOM
+The Ruby REST Client would not be what it is today without the help of
+the following kind souls:
+
+      EOM
+    end
+
+    sh 'git shortlog -s | cut -f 2 >> AUTHORS'
+  end
+end
+
+task :default do
+  sh 'rake -T'
+end
+
+def alias_task(alias_task, original)
+  desc "Alias for rake #{original}"
+  task alias_task, Rake.application[original].arg_names => original
+end
+alias_task(:test, :spec)
+
+############################
+
+WindowsPlatforms = %w{x86-mingw32 x64-mingw32 x86-mswin32}
+
+namespace :all do
+
+  desc "Build rest-client #{RestClient::VERSION} for all platforms"
+  task :build => ['ruby:build'] + \
+    WindowsPlatforms.map {|p| "windows:#{p}:build"}
+
+  desc "Create tag v#{RestClient::VERSION} and for all platforms build and " \
+    "push rest-client #{RestClient::VERSION} to Rubygems"
+  task :release => ['build', 'ruby:release'] + \
+    WindowsPlatforms.map {|p| "windows:#{p}:push"}
+
+end
+
+namespace :windows do
+  spec_path = File.join(File.dirname(__FILE__), 'rest-client.windows.gemspec')
+
+  WindowsPlatforms.each do |platform|
+    namespace platform do
+      gem_filename = "rest-client-#{RestClient::VERSION}-#{platform}.gem"
+      base = File.dirname(__FILE__)
+      pkg_dir = File.join(base, 'pkg')
+      gem_file_path = File.join(pkg_dir, gem_filename)
+
+      desc "Build #{gem_filename} into the pkg directory"
+      task 'build' do
+        orig_platform = ENV['BUILD_PLATFORM']
+        begin
+          ENV['BUILD_PLATFORM'] = platform
+
+          sh("gem build -V #{spec_path}") do |ok, res|
+            if ok
+              FileUtils.mkdir_p(pkg_dir)
+              FileUtils.mv(File.join(base, gem_filename), pkg_dir)
+              Bundler.ui.confirm("rest-client #{RestClient::VERSION} " \
+                                 "built to pkg/#{gem_filename}")
+            else
+              abort "Command `gem build` failed: #{res}"
+            end
+          end
+
+        ensure
+          ENV['BUILD_PLATFORM'] = orig_platform
+        end
+      end
+
+      desc "Push #{gem_filename} to Rubygems"
+      task 'push' do
+        sh("gem push #{gem_file_path}")
+      end
+    end
+  end
+
+end
 
 ############################
 
-require 'rake/rdoctask'
+require 'rdoc/task'
 
 Rake::RDocTask.new do |t|
   t.rdoc_dir = 'rdoc'
   t.title    = "rest-client, fetch RESTful resources effortlessly"
   t.options << '--line-numbers' << '--inline-source' << '-A cattr_accessor=object'
   t.options << '--charset' << 'utf-8'
-  t.rdoc_files.include('README.rdoc')
+  t.rdoc_files.include('README.md')
   t.rdoc_files.include('lib/*.rb')
 end
 
+############################
+
+require 'rubocop/rake_task'
+
+RuboCop::RakeTask.new(:rubocop) do |t|
+  t.options = ['--display-cop-names']
+end
+alias_task(:lint, :rubocop)

data/bin/restclient

@@ -1,6 +1,6 @@
 #!/usr/bin/env ruby
 
-$:.unshift File.dirname(__FILE__) + "/../lib"
+$LOAD_PATH.unshift File.dirname(__FILE__) + "/../lib"
 
 require 'rubygems'
 require 'restclient'
@@ -26,10 +26,10 @@ end
 
 config = YAML.load(File.read(ENV['HOME'] + "/.restclient")) rescue {}
 
-@url, @username, @password = if c = config[@url]
-  [c['url'], c['username'], c['password']]
+if (c = config[@url])
+  @url, @username, @password = [c['url'], c['username'], c['password']]
 else
-  [@url, * ARGV]
+  @url, @username, @password = [@url, * ARGV]
 end
 
 usage("invalid url '#{@url}") unless @url =~ /^https?/
@@ -50,17 +50,15 @@ if @verb
     end
     exit 0
   rescue RestClient::Exception => e
-    puts e.response.body if e.respond_to? :response
+    puts e.response.body if e.respond_to?(:response) && e.response
     raise
   end
 end
 
 POSSIBLE_VERBS.each do |m|
-  eval <<-end_eval
-def  #{m}(path, *args, &b)
-	r[path].#{m}(*args, &b)
-end
-  end_eval
+  define_method(m.to_sym) do |path, *args, &b|
+    r[path].public_send(m.to_sym, *args, &b)
+  end
 end
 
 def method_missing(s, * args, & b)
@@ -79,11 +77,12 @@ end
 require 'irb'
 require 'irb/completion'
 
-if File.exists? ".irbrc"
+if File.exist? ".irbrc"
   ENV['IRBRC'] = ".irbrc"
 end
 
-if File.exists?(File.expand_path(rcfile = "~/.restclientrc"))
+rcfile = File.expand_path("~/.restclientrc")
+if File.exist?(rcfile)
   load(rcfile)
 end
 

data/history.md

@@ -1,3 +1,246 @@
+# 2.1.0
+
+- Add a dependency on http-accept for parsing Content-Type charset headers.
+  This works around a bad memory leak introduced in MRI Ruby 2.4.0 and fixed in
+  Ruby 2.4.2. (#615)
+- Use mime/types/columnar from mime-types 2.6.1+, which is leaner in memory
+  usage than the older storage model of mime-types. (#393)
+- Add `:log` option to individual requests. This allows users to set a log on a
+  per-request / per-resource basis instead of the kludgy global log. (#538)
+- Log request duration by tracking request start and end times. Make
+  `log_response` a method on the Response object, and ensure the `size` method
+  works on RawResponse objects. (#126)
+  - `# => 200 OK | text/html 1270 bytes, 0.08s`
+  - Also add a new `:stream_log_percent` parameter, which is applicable only
+    when `:raw_response => true` is set. This causes progress logs to be
+    emitted only on every N% (default 10%) of the total download size rather
+    than on every chunk.
+- Drop custom handling of compression and use built-in Net::HTTP support for
+  supported Content-Encodings like gzip and deflate. Don't set any explicit
+  `Accept-Encoding` header, rely instead on Net::HTTP defaults. (#597)
+  - Note: this changes behavior for compressed responses when using
+    `:raw_response => true`. Previously the raw response would not have been
+    uncompressed by rest-client, but now Net::HTTP will uncompress it.
+- The previous fix to avoid having Netrc username/password override an
+  Authorization header was case-sensitive and incomplete. Fix this by
+  respecting existing Authorization headers, regardless of letter case. (#550)
+- Handle ParamsArray payloads. Previously, rest-client would silently drop a
+  ParamsArray passed as the payload. Instead, automatically use
+  Payload::Multipart if the ParamsArray contains a file handle, or use
+  Payload::UrlEncoded if it doesn't. (#508)
+- Gracefully handle Payload objects (Payload::Base or subclasses) that are
+  passed as a payload argument. Previously, `Payload.generate` would wrap a
+  Payload object in Payload::Streamed, creating a pointlessly nested payload.
+  Also add a `closed?` method to Payload objects, and don't error in
+  `short_inspect` if `size` returns nil. (#603)
+- Test with an image in the public domain to avoid licensing complexity. (#607)
+
+# 2.0.2
+
+- Suppress the header override warning introduced in 2.0.1 if the value is the
+  same. There's no conflict if the value is unchanged. (#578)
+
+# 2.0.1
+
+- Warn if auto-generated headers from the payload, such as Content-Type,
+  override headers set by the user. This is usually not what the user wants to
+  happen, and can be surprising. (#554)
+- Drop the old check for weak default TLS ciphers, and use the built-in Ruby
+  defaults. Ruby versions from Oct. 2014 onward use sane defaults, so this is
+  no longer needed. (#573)
+
+# 2.0.0
+
+This release is largely API compatible, but makes several breaking changes.
+
+- Drop support for Ruby 1.9
+- Allow mime-types as new as 3.x (requires ruby 2.0)
+- Respect Content-Type charset header provided by server. Previously,
+  rest-client would not override the string encoding chosen by Net::HTTP. Now
+  responses that specify a charset will yield a body string in that encoding.
+  For example, `Content-Type: text/plain; charset=EUC-JP` will return a String
+  encoded with `Encoding::EUC_JP`. (#361)
+- Change exceptions raised on request timeout. Instead of
+  `RestClient::RequestTimeout` (which is still used for HTTP 408), network
+  timeouts will now raise either `RestClient::Exceptions::ReadTimeout` or
+  `RestClient::Exceptions::OpenTimeout`, both of which inherit from
+  `RestClient::Exceptions::Timeout`. For backwards compatibility, this still
+  inherits from `RestClient::RequestTimeout` so existing uses will still work.
+  This may change in a future major release. These new timeout classes also
+  make the original wrapped exception available as `#original_exception`.
+- Unify request exceptions under `RestClient::RequestFailed`, which still
+  inherits from `ExceptionWithResponse`. Previously, HTTP 304, 401, and 404
+  inherited directly from `ExceptionWithResponse` rather than from
+  `RequestFailed`. Now _all_ HTTP status code exceptions inherit from both.
+- Rename the `:timeout` request option to `:read_timeout`. When `:timeout` is
+  passed, now set both `:read_timeout` and `:open_timeout`.
+- Change default HTTP Accept header to `*/*`
+- Use a more descriptive User-Agent header by default
+- Drop RC4-MD5 from default cipher list
+- Only prepend http:// to URIs without a scheme
+- Fix some support for using IPv6 addresses in URLs (still affected by Ruby
+  2.0+ bug https://bugs.ruby-lang.org/issues/9129, with the fix expected to be
+  backported to 2.0 and 2.1)
+- `Response` objects are now a subclass of `String` rather than a `String` that
+  mixes in the response functionality. Most of the methods remain unchanged,
+  but this makes it much easier to understand what is happening when you look
+  at a RestClient response object. There are a few additional changes:
+  - Response objects now implement `.inspect` to make this distinction clearer.
+  - `Response#to_i` will now behave like `String#to_i` instead of returning the
+    HTTP response code, which was very surprising behavior.
+  - `Response#body` and `#to_s` will now return a true `String` object rather
+    than self. Previously there was no easy way to get the true `String`
+    response instead of the Frankenstein response string object with
+    AbstractResponse mixed in.
+  - Response objects no longer accept an extra request args hash, but instead
+    access request args directly from the request object, which reduces
+    confusion and duplication.
+- Handle multiple HTTP response headers with the same name (except for
+  Set-Cookie, which is special) by joining the values with a comma space,
+  compliant with RFC 7230
+- Rewrite cookie support to be much smarter and to use cookie jars consistently
+  for requests, responses, and redirection in order to resolve long-standing
+  complaints about the previously broken behavior: (#498)
+  - The `:cookies` option may now be a Hash of Strings, an Array of
+    HTTP::Cookie objects, or a full HTTP::CookieJar.
+  - Add `RestClient::Request#cookie_jar` and reimplement `Request#cookies` to
+    be a wrapper around the cookie jar.
+  - Still support passing the `:cookies` option in the headers hash, but now
+    raise ArgumentError if that option is also passed to `Request#initialize`.
+  - Warn if both `:cookies` and a `Cookie` header are supplied.
+  - Use the `Request#cookie_jar` as the basis for `Response#cookie_jar`,
+    creating a copy of the jar and adding any newly received cookies.
+  - When following redirection, also use this same strategy so that cookies
+    from the original request are carried through in a standards-compliant way
+    by the cookie jar.
+- Don't set basic auth header if explicit `Authorization` header is specified
+- Add `:proxy` option to requests, which can be used for thread-safe
+  per-request proxy configuration, overriding `RestClient.proxy`
+- Allow overriding `ENV['http_proxy']` to disable proxies by setting
+  `RestClient.proxy` to a falsey value. Previously there was no way in Ruby 2.x
+  to turn off a proxy specified in the environment without changing `ENV`.
+- Add actual support for streaming request payloads. Previously rest-client
+  would call `.to_s` even on RestClient::Payload::Streamed objects. Instead,
+  treat any object that responds to `.read` as a streaming payload and pass it
+  through to `.body_stream=` on the Net:HTTP object. This massively reduces the
+  memory required for large file uploads.
+- Changes to redirection behavior: (#381, #484)
+  - Remove `RestClient::MaxRedirectsReached` in favor of the normal
+    `ExceptionWithResponse` subclasses. This makes the response accessible on
+    the exception object as `.response`, making it possible for callers to tell
+    what has actually happened when the redirect limit is reached.
+  - When following HTTP redirection, store a list of each previous response on
+    the response object as `.history`. This makes it possible to access the
+    original response headers and body before the redirection was followed.
+  - Follow redirection consistently, regardless of whether the HTTP method was
+    passed as a symbol or string. Under the hood rest-client now normalizes the
+    HTTP request method to a lowercase string.
+- Add `:before_execution_proc` option to `RestClient::Request`. This makes it
+  possible to add procs like `RestClient.add_before_execution_proc` to a single
+  request without global state.
+- Run tests on Travis's beta OS X support.
+- Make `Request#transmit` a private method, along with a few others.
+- Refactor URI parsing to happen earlier, in Request initialization.
+- Improve consistency and functionality of complex URL parameter handling:
+  - When adding URL params, handle URLs that already contain params.
+  - Add new convention for handling URL params containing deeply nested arrays
+    and hashes, unify handling of null/empty values, and use the same code for
+    GET and POST params. (#437)
+  - Add the RestClient::ParamsArray class, a simple array-like container that
+    can be used to pass multiple keys with same name or keys where the ordering
+    is significant.
+- Add a few more exception classes for obscure HTTP status codes.
+- Multipart: use a much more robust multipart boundary with greater entropy.
+- Make `RestClient::Payload::Base#inspect` stop pretending to be a String.
+- Add `Request#redacted_uri` and `Request#redacted_url` to display the URI
+  with any password redacted.
+
+# 2.0.0.rc1
+
+Changes in the release candidate that did not persist through the final 2.0.0
+release:
+- RestClient::Exceptions::Timeout was originally going to be a direct subclass
+  of RestClient::Exception in the release candidate. This exception tree was
+  made a subclass of RestClient::RequestTimeout prior to the final release.
+
+# 1.8.0
+
+- Security: implement standards compliant cookie handling by adding a
+  dependency on http-cookie. This breaks compatibility, but was necessary to
+  address a session fixation / cookie disclosure vulnerability.
+  (#369 / CVE-2015-1820)
+
+  Previously, any Set-Cookie headers found in an HTTP 30x response would be
+  sent to the redirection target, regardless of domain. Responses now expose a
+  cookie jar and respect standards compliant domain / path flags in Set-Cookie
+  headers.
+
+# 1.7.3
+
+- Security: redact password in URI from logs (#349 / OSVDB-117461)
+- Drop monkey patch on MIME::Types (added `type_for_extension` method, use
+  the public interface instead.
+
+# 1.7.2
+
+- Ignore duplicate certificates in CA store on Windows
+
+# 1.7.1
+
+- Relax mime-types dependency to continue supporting mime-types 1.x series.
+  There seem to be a large number of popular gems that have depended on
+  mime-types '~> 1.16' until very recently.
+- Improve urlencode performance
+- Clean up a number of style points
+
+# 1.7.0
+
+- This release drops support for Ruby 1.8.7 and breaks compatibility in a few
+  other relatively minor ways
+- Upgrade to mime-types ~> 2.0
+- Don't CGI.unescape cookie values sent to the server (issue #89)
+- Add support for reading credentials from netrc
+- Lots of SSL changes and enhancements: (#268)
+  - Enable peer verification by default (setting `VERIFY_PEER` with OpenSSL)
+  - By default, use the system default certificate store for SSL verification,
+    even on Windows (this uses a separate Windows build that pulls in ffi)
+  - Add support for SSL `ca_path`
+  - Add support for SSL `cert_store`
+  - Add support for SSL `verify_callback` (with some caveats for jruby, OS X, #277)
+  - Add support for SSL ciphers, and choose secure ones by default
+- Run tests under travis
+- Several other bugfixes and test improvements
+  - Convert Errno::ETIMEDOUT to RestClient::RequestTimeout
+  - Handle more HTTP response codes from recent standards
+  - Save raw responses to binary mode tempfile (#110)
+  - Disable timeouts with :timeout => nil rather than :timeout => -1
+  - Drop all Net::HTTP monkey patches
+
+# 1.6.14
+
+- This release is unchanged from 1.6.9. It was published in order to supersede
+  the malicious 1.6.10-13 versions, even for users who are still pinning to the
+  legacy 1.6.x series. All users are encouraged to upgrade to rest-client 2.x.
+
+# 1.6.10, 1.6.11, 1.6.12, 1.6.13 (CVE-2019-15224)
+
+- These versions were pushed by a malicious actor and included a backdoor permitting
+  remote code execution in Rails environments. (#713)
+- They were live for about five days before being yanked.
+
+# 1.6.9
+
+- Move rdoc to a development dependency
+
+# 1.6.8
+
+- The 1.6.x series will be the last to support Ruby 1.8.7
+- Pin mime-types to < 2.0 to maintain Ruby 1.8.7 support
+- Add Gemfile, AUTHORS, add license to gemspec
+- Point homepage at https://github.com/rest-client/rest-client
+- Clean up and fix various tests and ruby warnings
+- Backport `ssl_verify_callback` functionality from 1.7.0
+
 # 1.6.7
 
 - rebuild with 1.8.7 to avoid https://github.com/rubygems/rubygems/pull/57
@@ -131,4 +374,4 @@ The only breaking change should be the exception classes, but as the new classes
 
 All changes exept the last one should be fully compatible with the previous version.
 
-NOTE: due to a dependency problem and to the last change, heroku users should update their heroku gem to >= 1.5.3 to be able to use this version.
+NOTE: due to a dependency problem and to the last change, heroku users should update their heroku gem to >= 1.5.3 to be able to use this version.