roadie 3.1.0.rc1 → 3.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 8a3f338440d0c7a3c9dbe8c3c333cb0c15bf37d7
-  data.tar.gz: 4d4b97f7ffee5eea3d8d0a0f6d700ed0b84d9799
+  metadata.gz: 3ea2ec3b852bbfcc4562e71aad5d934164f513ca
+  data.tar.gz: cdde955813d54457a745a16b81be79185884a997
 SHA512:
-  metadata.gz: 4674757cf96c11bb3e4c8f6a5b4d18f9b6ccb9396ef8c281ef1b04d32ea3435c3349ac64fc46b1885f572d588e821d02ff336be5b463ca0df89f3f4974a22fe9
-  data.tar.gz: d280f0f055a9a7baa033c3fcb7389621319bd09ec4255c3ec4fa95b129699e6d30421c9369497b1ed2ff6ef58bd98d39f3cc8bab19af4c0428bd012a4f4fc8e0
+  metadata.gz: d89044d3d2ac136f025b86a1a92df95f44b895411840478f127642875a40f8cbc4f743c4a4b6be6ee2e9fb95c95c328e5386262142a92cf7dfc26004f274b4b7
+  data.tar.gz: f53d0fca7bf1fd95bfcc2036c434d242e67babefe183b2752bb82d1ca506c0f5bfb9c19114842d4fcaed104fbbdfa8dceb943375493f30231584113640b20005

data/Changelog.md

@@ -1,9 +1,17 @@
 ### dev
 
-[full changelog](https://github.com/Mange/roadie/compare/v3.1.0.rc1...master)
+[full changelog](https://github.com/Mange/roadie/compare/v3.1.0...master)
 
 * Nothing yet.
 
+### 3.1.0
+
+[full changelog](https://github.com/Mange/roadie/compare/v3.1.0.rc1...v3.1.0)
+
+* Enchancements:
+  * `NetHttpProvider` validates the whitelist hostnames; passing an invalid hostname will raise `ArgumentError`.
+  * `NetHttpProvider` supports scheme-less URLs (`//foo.com/`), defaulting to `https`.
+
 ### 3.1.0.rc1
 
 [full changelog](https://github.com/Mange/roadie/compare/v3.0.5...v3.1.0.rc1)

data/lib/roadie/net_http_provider.rb

@@ -2,6 +2,7 @@
 require 'set'
 require 'uri'
 require 'net/http'
+require 'net/https' # For Ruby 1.9.3 support
 
 module Roadie
   # @api public
@@ -22,7 +23,7 @@ module Roadie
 
     # @option options [Array<String>] :whitelist ([]) A list of host names that downloads are allowed from. Empty set means everything is allowed.
     def initialize(options = {})
-      @whitelist = Array(options.fetch(:whitelist, [])).to_set
+      @whitelist = host_set(Array(options.fetch(:whitelist, [])))
     end
 
     def find_stylesheet(url)
@@ -46,15 +47,36 @@ module Roadie
     def inspect() "#<#{self.class} whitelist: #{whitelist.inspect}>" end
 
     private
+    def host_set(hosts)
+      hosts.each { |host| validate_host(host) }.to_set
+    end
+
+    def validate_host(host)
+      if host.nil? || host.empty? || host == "." || host.include?("/")
+        raise ArgumentError, "#{host.inspect} is not a valid hostname"
+      end
+    end
+
     def download(url)
+      url = "https:#{url}" if url.start_with?("//")
       uri = URI.parse(url)
       if access_granted_to?(uri.host)
-        Net::HTTP.get_response(uri)
+        get_response(uri)
       else
         raise CssNotFound.new(url, "#{uri.host} is not part of whitelist!", self)
       end
     end
 
+    def get_response(uri)
+      if RUBY_VERSION >= "2.0.0"
+        Net::HTTP.get_response(uri)
+      else
+        Net::HTTP.start(uri.host, uri.port, use_ssl: (uri.scheme == 'https')) do |http|
+          http.request(Net::HTTP::Get.new(uri.request_uri))
+        end
+      end
+    end
+
     def access_granted_to?(host)
       whitelist.empty? || whitelist.include?(host)
     end

data/lib/roadie/version.rb

@@ -1,3 +1,3 @@
 module Roadie
-  VERSION = '3.1.0.rc1'
+  VERSION = '3.1.0'
 end

data/spec/lib/roadie/net_http_provider_spec.rb

@@ -23,6 +23,26 @@ module Roadie
       end
     end
 
+    it "can download over HTTPS" do
+      stub_request(:get, "https://example.com/style.css").and_return(body: "p { color: green; }")
+      expect {
+        NetHttpProvider.new.find_stylesheet!("https://example.com/style.css")
+      }.to_not raise_error
+    end
+
+    it "assumes HTTPS when given a scheme-less URL" do
+      # Some people might re-use the same template as they use on a webpage,
+      # and browsers support URLs without a scheme in them, replacing the
+      # scheme with the current one. There's no "current" scheme when doing
+      # asset inlining, but the scheme-less URL implies that there should exist
+      # both a HTTP and a HTTPS endpoint. Let's take the secure one in that
+      # case!
+      stub_request(:get, "https://example.com/style.css").and_return(body: "p { color: green; }")
+      expect {
+        NetHttpProvider.new.find_stylesheet!("//example.com/style.css")
+      }.to_not raise_error
+    end
+
     describe "error handling" do
       it "handles timeouts" do
         stub_request(:get, url).and_timeout
@@ -84,6 +104,14 @@ module Roadie
       it "is displayed in the string representation" do
         expect(NetHttpProvider.new(whitelist: ["bar.baz"]).to_s).to include "bar.baz"
       end
+
+      it "raises error when given invalid hostnames" do
+        expect { NetHttpProvider.new(whitelist: [nil]) }.to raise_error(ArgumentError)
+        expect { NetHttpProvider.new(whitelist: [""]) }.to raise_error(ArgumentError)
+        expect { NetHttpProvider.new(whitelist: ["."]) }.to raise_error(ArgumentError)
+        expect { NetHttpProvider.new(whitelist: ["http://foo.bar"]) }.to raise_error(ArgumentError)
+        expect { NetHttpProvider.new(whitelist: ["foo/bar"]) }.to raise_error(ArgumentError)
+      end
     end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: roadie
 version: !ruby/object:Gem::Version
-  version: 3.1.0.rc1
+  version: 3.1.0
 platform: ruby
 authors:
 - Magnus Bergmark
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-09-14 00:00:00.000000000 Z
+date: 2015-11-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: nokogiri
@@ -182,12 +182,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '1.9'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">"
+  - - ">="
     - !ruby/object:Gem::Version
-      version: 1.3.1
+      version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.6
+rubygems_version: 2.2.2
 signing_key: 
 specification_version: 4
 summary: Making HTML emails comfortable for the Ruby rockstars