stitches 4.2.2 → 5.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.circleci/config.yml +175 -209
- data/.env.example +1 -0
- data/.github/CODEOWNERS +1 -1
- data/.github/workflows/scheduled_cci.yml +14 -0
- data/.gitignore +3 -0
- data/.ruby-version +1 -1
- data/README.md +18 -9
- data/lib/stitches/api_generator.rb +1 -13
- data/lib/stitches/api_key.rb +2 -0
- data/lib/stitches/api_migration_generator.rb +23 -0
- data/lib/stitches/configuration.rb +2 -1
- data/lib/stitches/generator_files/config/initializers/stitches.rb +4 -0
- data/lib/stitches/generator_files/spec/acceptance/ping_v1_spec.rb +4 -2
- data/lib/stitches/generator_files/spec/features/api_spec.rb.erb +3 -0
- data/lib/stitches/railtie.rb +0 -1
- data/lib/stitches/spec/test_headers.rb +1 -1
- data/lib/stitches/version.rb +1 -1
- data/lib/stitches_norailtie.rb +1 -0
- data/owners.json +1 -1
- data/spec/api_key_middleware_spec.rb +257 -225
- data/spec/configuration_spec.rb +4 -0
- data/spec/fake_app/.ruby-version +1 -1
- data/spec/fake_app/Gemfile +5 -5
- data/spec/fake_app/config/application.rb +1 -3
- data/spec/fake_app/config/database.yml +9 -10
- data/spec/fake_app/config/initializers/assets.rb +0 -3
- data/spec/integration/add_to_rails_app_spec.rb +2 -1
- data/spec/rails_helper.rb +4 -2
- data/stitches.gemspec +2 -1
- metadata +21 -15
- data/Gemfile.rails-4.2 +0 -8
- data/Gemfile.rails-5.0 +0 -8
- data/Gemfile.rails-5.1 +0 -7
- data/Gemfile.rails-5.2 +0 -7
- data/Gemfile.rails-6.0 +0 -7
- data/Gemfile.rails-6.1 +0 -7
- data/build-matrix.json +0 -4
- data/spec/fake_app/db/development.sqlite3 +0 -0
- data/spec/fake_app/db/test.sqlite3 +0 -0
data/lib/stitches/railtie.rb
CHANGED
data/lib/stitches/version.rb
CHANGED
data/lib/stitches_norailtie.rb
CHANGED
@@ -12,6 +12,7 @@ require 'stitches/render_timestamps_in_iso8601_in_json'
|
|
12
12
|
require 'stitches/error'
|
13
13
|
require 'stitches/errors'
|
14
14
|
require 'stitches/api_generator'
|
15
|
+
require 'stitches/api_migration_generator'
|
15
16
|
require 'stitches/add_deprecation_generator'
|
16
17
|
require 'stitches/add_enabled_to_api_clients_generator'
|
17
18
|
require 'stitches/add_disabled_at_to_api_clients_generator'
|
data/owners.json
CHANGED
@@ -12,13 +12,6 @@ RSpec.describe "/api/hellos", type: :request do
|
|
12
12
|
let(:auth_header) { "MyAwesomeInternalScheme key=#{uuid}" }
|
13
13
|
let(:allowlist) { nil }
|
14
14
|
|
15
|
-
before do
|
16
|
-
Stitches.configuration.reset_to_defaults!
|
17
|
-
Stitches.configuration.custom_http_auth_scheme = 'MyAwesomeInternalScheme'
|
18
|
-
Stitches.configuration.allowlist_regexp = allowlist if allowlist
|
19
|
-
Stitches::ApiClientAccessWrapper.clear_api_cache
|
20
|
-
end
|
21
|
-
|
22
15
|
def execute_call(auth: auth_header)
|
23
16
|
headers = {
|
24
17
|
"Accept" => "application/json; version=1"
|
@@ -34,342 +27,381 @@ RSpec.describe "/api/hellos", type: :request do
|
|
34
27
|
expect(response.headers["WWW-Authenticate"]).to eq("MyAwesomeInternalScheme realm=FakeApp")
|
35
28
|
end
|
36
29
|
|
37
|
-
context "
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
ApiClient.create(name: "MyApiClient", key: uuid, enabled: api_client_enabled, created_at: 10.days.ago, disabled_at: disabled_at)
|
44
|
-
}
|
45
|
-
|
46
|
-
context "when path is not on allowlist" do
|
47
|
-
context "when api_client is valid" do
|
48
|
-
it "executes the correct controller" do
|
49
|
-
execute_call
|
50
|
-
|
51
|
-
expect(response.body).to include "Hello"
|
52
|
-
end
|
53
|
-
|
54
|
-
it "saves the api_client information used" do
|
55
|
-
execute_call
|
56
|
-
|
57
|
-
expect(response.body).to include "MyApiClient"
|
58
|
-
expect(response.body).to include "#{api_client.id}"
|
59
|
-
end
|
30
|
+
context "disabled api key support" do
|
31
|
+
before do
|
32
|
+
Stitches.configuration.reset_to_defaults!
|
33
|
+
Stitches.configuration.custom_http_auth_scheme = 'MyAwesomeInternalScheme'
|
34
|
+
Stitches.configuration.disable_api_key_support = true
|
35
|
+
end
|
60
36
|
|
61
|
-
|
62
|
-
before do
|
63
|
-
allow(ApiClient).to receive(:find_by).and_call_original
|
37
|
+
let(:uuid) { SecureRandom.uuid }
|
64
38
|
|
65
|
-
|
66
|
-
|
67
|
-
config.max_cache_size = 10
|
68
|
-
end
|
69
|
-
end
|
39
|
+
it "executes the correct controller" do
|
40
|
+
execute_call
|
70
41
|
|
71
|
-
|
72
|
-
|
73
|
-
execute_call
|
74
|
-
|
75
|
-
expect(response.body).to include "#{api_client.id}"
|
76
|
-
expect(ApiClient).to have_received(:find_by).once
|
77
|
-
end
|
78
|
-
end
|
79
|
-
end
|
80
|
-
|
81
|
-
context "when api client key does not match" do
|
82
|
-
let(:uuid) { SecureRandom.uuid } # random uuid
|
42
|
+
expect(response.body).to include "Hello"
|
43
|
+
end
|
83
44
|
|
84
|
-
|
85
|
-
|
45
|
+
it "does not look up information from the database" do
|
46
|
+
execute_call
|
86
47
|
|
87
|
-
|
88
|
-
|
89
|
-
|
48
|
+
expect(response.body).to include "NameNotFound"
|
49
|
+
expect(response.body).to include "IdNotFound"
|
50
|
+
end
|
90
51
|
|
91
|
-
|
92
|
-
|
52
|
+
it "indicates a successful response" do
|
53
|
+
execute_call
|
93
54
|
|
94
|
-
|
95
|
-
|
96
|
-
|
55
|
+
expect(response.status).to eq 200
|
56
|
+
end
|
57
|
+
end
|
97
58
|
|
98
|
-
|
99
|
-
|
100
|
-
|
59
|
+
context "enabled api key support" do
|
60
|
+
before do
|
61
|
+
Stitches.configuration.reset_to_defaults!
|
62
|
+
Stitches.configuration.custom_http_auth_scheme = 'MyAwesomeInternalScheme'
|
63
|
+
Stitches.configuration.allowlist_regexp = allowlist if allowlist
|
64
|
+
Stitches.configuration.disable_api_key_support = false
|
65
|
+
Stitches::ApiClientAccessWrapper.clear_api_cache
|
66
|
+
end
|
101
67
|
|
102
|
-
|
103
|
-
|
68
|
+
context "with modern schema" do
|
69
|
+
let(:api_client_enabled) { true }
|
70
|
+
let(:disabled_at) { nil }
|
71
|
+
let!(:api_client) {
|
72
|
+
uuid = SecureRandom.uuid
|
73
|
+
ApiClient.create(name: "MyApiClient", key: SecureRandom.uuid, enabled: false, created_at: 20.days.ago, disabled_at: 15.days.ago)
|
74
|
+
ApiClient.create(name: "MyApiClient", key: uuid, enabled: api_client_enabled, created_at: 10.days.ago, disabled_at: disabled_at)
|
75
|
+
}
|
104
76
|
|
105
|
-
|
77
|
+
context "when path is not on allowlist" do
|
78
|
+
context "when api_client is valid" do
|
79
|
+
it "executes the correct controller" do
|
106
80
|
execute_call
|
107
81
|
|
108
|
-
|
109
|
-
|
82
|
+
expect(response.body).to include "Hello"
|
110
83
|
end
|
111
|
-
end
|
112
84
|
|
113
|
-
|
114
|
-
let(:disabled_at) { 1.day.ago }
|
115
|
-
|
116
|
-
it "allows the call" do
|
85
|
+
it "saves the api_client information used" do
|
117
86
|
execute_call
|
118
87
|
|
119
|
-
expect(response.body).to include "Hello"
|
120
88
|
expect(response.body).to include "MyApiClient"
|
121
89
|
expect(response.body).to include "#{api_client.id}"
|
122
90
|
end
|
123
91
|
|
124
|
-
|
125
|
-
|
126
|
-
|
92
|
+
context "caching is enabled" do
|
93
|
+
before do
|
94
|
+
allow(ApiClient).to receive(:find_by).and_call_original
|
127
95
|
|
128
|
-
|
96
|
+
Stitches.configure do |config|
|
97
|
+
config.max_cache_ttl = 5
|
98
|
+
config.max_cache_size = 10
|
99
|
+
end
|
100
|
+
end
|
129
101
|
|
130
|
-
|
102
|
+
it "only gets the the api_client information once" do
|
103
|
+
execute_call
|
104
|
+
execute_call
|
105
|
+
|
106
|
+
expect(response.body).to include "#{api_client.id}"
|
107
|
+
expect(ApiClient).to have_received(:find_by).once
|
108
|
+
end
|
131
109
|
end
|
110
|
+
end
|
132
111
|
|
133
|
-
|
134
|
-
|
135
|
-
allow(Rails.logger).to receive(:error)
|
112
|
+
context "when api client key does not match" do
|
113
|
+
let(:uuid) { SecureRandom.uuid } # random uuid
|
136
114
|
|
115
|
+
it "rejects request" do
|
137
116
|
execute_call
|
138
117
|
|
139
|
-
|
140
|
-
expect(Rails.logger).not_to have_received(:error)
|
118
|
+
expect_unauthorized
|
141
119
|
end
|
142
120
|
end
|
143
121
|
|
144
|
-
context "when
|
145
|
-
let(:
|
122
|
+
context "when api client key not enabled" do
|
123
|
+
let(:api_client_enabled) { false }
|
146
124
|
|
147
|
-
|
148
|
-
|
125
|
+
context "when disabled_at is not set" do
|
126
|
+
it "rejects request" do
|
127
|
+
execute_call
|
149
128
|
|
150
|
-
|
151
|
-
|
152
|
-
expect(response.body).to include "#{api_client.id}"
|
129
|
+
expect_unauthorized
|
130
|
+
end
|
153
131
|
end
|
154
132
|
|
155
|
-
|
156
|
-
|
157
|
-
allow(StitchFix::Logger::LogWriter).to receive(:error)
|
133
|
+
context "when disabled_at is set to a time older than three days ago" do
|
134
|
+
let(:disabled_at) { 4.day.ago }
|
158
135
|
|
159
|
-
|
136
|
+
it "does not allow the call" do
|
137
|
+
execute_call
|
160
138
|
|
161
|
-
|
162
|
-
end
|
139
|
+
expect_unauthorized
|
163
140
|
|
164
|
-
it "logs error about the disabled key to the Rails.logger" do
|
165
|
-
allow(Rails.logger).to receive(:warn)
|
166
|
-
allow(Rails.logger).to receive(:error) do |message1|
|
167
|
-
expect(message1).not_to include uuid
|
168
141
|
end
|
142
|
+
end
|
169
143
|
|
170
|
-
|
144
|
+
context "when disabled_at is set to a recent time" do
|
145
|
+
let(:disabled_at) { 1.day.ago }
|
171
146
|
|
172
|
-
|
173
|
-
|
174
|
-
end
|
175
|
-
end
|
147
|
+
it "allows the call" do
|
148
|
+
execute_call
|
176
149
|
|
177
|
-
|
178
|
-
|
150
|
+
expect(response.body).to include "Hello"
|
151
|
+
expect(response.body).to include "MyApiClient"
|
152
|
+
expect(response.body).to include "#{api_client.id}"
|
153
|
+
end
|
179
154
|
|
180
|
-
|
181
|
-
|
155
|
+
it "warns about the disabled key to log writer when available" do
|
156
|
+
stub_const("StitchFix::Logger::LogWriter", FakeLogger.new)
|
157
|
+
allow(StitchFix::Logger::LogWriter).to receive(:warn)
|
182
158
|
|
183
|
-
|
184
|
-
end
|
159
|
+
execute_call
|
185
160
|
|
186
|
-
|
187
|
-
|
188
|
-
allow(StitchFix::Logger::LogWriter).to receive(:error)
|
161
|
+
expect(StitchFix::Logger::LogWriter).to have_received(:warn).once
|
162
|
+
end
|
189
163
|
|
190
|
-
|
164
|
+
it "warns about the disabled key to the Rails.logger" do
|
165
|
+
allow(Rails.logger).to receive(:warn)
|
166
|
+
allow(Rails.logger).to receive(:error)
|
167
|
+
|
168
|
+
execute_call
|
191
169
|
|
192
|
-
|
170
|
+
expect(Rails.logger).to have_received(:warn).once
|
171
|
+
expect(Rails.logger).not_to have_received(:error)
|
172
|
+
end
|
193
173
|
end
|
194
174
|
|
195
|
-
|
196
|
-
|
197
|
-
|
175
|
+
context "when disabled_at is set to a dangerously long time" do
|
176
|
+
let(:disabled_at) { 52.hours.ago }
|
177
|
+
|
178
|
+
it "allows the call" do
|
179
|
+
execute_call
|
198
180
|
|
199
|
-
|
181
|
+
expect(response.body).to include "Hello"
|
182
|
+
expect(response.body).to include "MyApiClient"
|
183
|
+
expect(response.body).to include "#{api_client.id}"
|
184
|
+
end
|
200
185
|
|
201
|
-
|
202
|
-
|
203
|
-
|
204
|
-
end
|
186
|
+
it "logs error about the disabled key to log writer when available" do
|
187
|
+
stub_const("StitchFix::Logger::LogWriter", FakeLogger.new)
|
188
|
+
allow(StitchFix::Logger::LogWriter).to receive(:error)
|
205
189
|
|
206
|
-
|
207
|
-
before do
|
208
|
-
Stitches.configuration.disabled_key_leniency_in_seconds = 100
|
209
|
-
Stitches.configuration.disabled_key_leniency_error_log_threshold_in_seconds = 50
|
210
|
-
end
|
190
|
+
execute_call
|
211
191
|
|
212
|
-
|
213
|
-
|
192
|
+
expect(StitchFix::Logger::LogWriter).to have_received(:error).once
|
193
|
+
end
|
214
194
|
|
215
|
-
it "
|
195
|
+
it "logs error about the disabled key to the Rails.logger" do
|
196
|
+
allow(Rails.logger).to receive(:warn)
|
216
197
|
allow(Rails.logger).to receive(:error) do |message1|
|
217
198
|
expect(message1).not_to include uuid
|
218
199
|
end
|
219
200
|
|
220
201
|
execute_call
|
221
202
|
|
222
|
-
expect_unauthorized
|
223
203
|
expect(Rails.logger).to have_received(:error).once
|
204
|
+
expect(Rails.logger).not_to have_received(:warn)
|
224
205
|
end
|
225
206
|
end
|
226
207
|
|
227
|
-
context "when disabled_at is set to
|
228
|
-
let(:disabled_at) {
|
208
|
+
context "when disabled_at is set to an unacceptably long time" do
|
209
|
+
let(:disabled_at) { 5.days.ago }
|
229
210
|
|
230
|
-
it "
|
211
|
+
it "forbids the call" do
|
212
|
+
execute_call
|
213
|
+
|
214
|
+
expect_unauthorized
|
215
|
+
end
|
216
|
+
|
217
|
+
it "logs error about the disabled key to log writer when available" do
|
218
|
+
stub_const("StitchFix::Logger::LogWriter", FakeLogger.new)
|
219
|
+
allow(StitchFix::Logger::LogWriter).to receive(:error)
|
220
|
+
|
221
|
+
execute_call
|
222
|
+
|
223
|
+
expect(StitchFix::Logger::LogWriter).to have_received(:error).once
|
224
|
+
end
|
225
|
+
|
226
|
+
it "logs error about the disabled key to the Rails.logger" do
|
227
|
+
allow(Rails.logger).to receive(:warn)
|
231
228
|
allow(Rails.logger).to receive(:error)
|
232
229
|
|
233
230
|
execute_call
|
234
231
|
|
235
|
-
expect(response.body).to include "Hello"
|
236
232
|
expect(Rails.logger).to have_received(:error).once
|
233
|
+
expect(Rails.logger).not_to have_received(:warn)
|
237
234
|
end
|
238
235
|
end
|
239
236
|
|
240
|
-
context "
|
241
|
-
|
237
|
+
context "custom leniency is set" do
|
238
|
+
before do
|
239
|
+
Stitches.configuration.disabled_key_leniency_in_seconds = 100
|
240
|
+
Stitches.configuration.disabled_key_leniency_error_log_threshold_in_seconds = 50
|
241
|
+
end
|
242
242
|
|
243
|
-
|
244
|
-
|
245
|
-
|
243
|
+
context "when disabled_at is set to an unacceptably long time" do
|
244
|
+
let(:disabled_at) { 101.seconds.ago }
|
245
|
+
|
246
|
+
it "forbids the call" do
|
247
|
+
allow(Rails.logger).to receive(:error) do |message1|
|
248
|
+
expect(message1).not_to include uuid
|
249
|
+
end
|
250
|
+
|
251
|
+
execute_call
|
252
|
+
|
253
|
+
expect_unauthorized
|
254
|
+
expect(Rails.logger).to have_received(:error).once
|
246
255
|
end
|
256
|
+
end
|
247
257
|
|
248
|
-
|
258
|
+
context "when disabled_at is set to a dangerously long time" do
|
259
|
+
let(:disabled_at) { 75.seconds.ago }
|
249
260
|
|
250
|
-
|
251
|
-
|
261
|
+
it "allows the call" do
|
262
|
+
allow(Rails.logger).to receive(:error)
|
263
|
+
|
264
|
+
execute_call
|
265
|
+
|
266
|
+
expect(response.body).to include "Hello"
|
267
|
+
expect(Rails.logger).to have_received(:error).once
|
268
|
+
end
|
269
|
+
end
|
270
|
+
|
271
|
+
context "when disabled_at is set to a short time ago" do
|
272
|
+
let(:disabled_at) { 25.seconds.ago }
|
273
|
+
|
274
|
+
it "allows the call" do
|
275
|
+
allow(Rails.logger).to receive(:warn) do |message1|
|
276
|
+
expect(message1).not_to include uuid
|
277
|
+
end
|
278
|
+
|
279
|
+
execute_call
|
280
|
+
|
281
|
+
expect(response.body).to include "Hello"
|
282
|
+
expect(Rails.logger).to have_received(:warn).once
|
283
|
+
end
|
252
284
|
end
|
253
285
|
end
|
254
286
|
end
|
255
|
-
end
|
256
287
|
|
257
|
-
|
258
|
-
|
259
|
-
|
288
|
+
context "when authorization header is missing" do
|
289
|
+
it "rejects request" do
|
290
|
+
execute_call(auth: nil)
|
260
291
|
|
261
|
-
|
292
|
+
expect_unauthorized
|
293
|
+
end
|
294
|
+
end
|
295
|
+
|
296
|
+
context "when scheme does not match" do
|
297
|
+
it "rejects request" do
|
298
|
+
execute_call(auth: "OtherScheme key=#{uuid}")
|
299
|
+
|
300
|
+
expect_unauthorized
|
301
|
+
end
|
262
302
|
end
|
263
303
|
end
|
264
304
|
|
265
|
-
context "when
|
266
|
-
|
267
|
-
execute_call(auth: "OtherScheme key=#{uuid}")
|
305
|
+
context "when path is on allowlist" do
|
306
|
+
let(:allowlist) { /.*hello.*/ }
|
268
307
|
|
269
|
-
|
308
|
+
context "when api_client is valid" do
|
309
|
+
it "executes the correct controller" do
|
310
|
+
execute_call
|
311
|
+
|
312
|
+
expect(response.body).to include "Hello"
|
313
|
+
end
|
314
|
+
|
315
|
+
it "does not save the api_client information used" do
|
316
|
+
execute_call
|
317
|
+
|
318
|
+
expect(response.body).to include "NameNotFound"
|
319
|
+
expect(response.body).to include "IdNotFound"
|
320
|
+
end
|
321
|
+
end
|
322
|
+
|
323
|
+
context "when api client key does not match" do
|
324
|
+
let(:uuid) { SecureRandom.uuid } # random uuid
|
325
|
+
|
326
|
+
it "executes the correct controller" do
|
327
|
+
execute_call
|
328
|
+
|
329
|
+
expect(response.body).to include "Hello"
|
330
|
+
end
|
270
331
|
end
|
271
332
|
end
|
272
333
|
end
|
273
334
|
|
274
|
-
context "when
|
275
|
-
|
335
|
+
context "when schema is old and missing disabled_at field" do
|
336
|
+
around(:each) do |example|
|
337
|
+
load 'fake_app/db/schema_missing_disabled_at.rb'
|
338
|
+
ApiClient.reset_column_information
|
339
|
+
example.run
|
340
|
+
load 'fake_app/db/schema_modern.rb'
|
341
|
+
ApiClient.reset_column_information
|
342
|
+
end
|
276
343
|
|
277
344
|
context "when api_client is valid" do
|
345
|
+
let!(:api_client) {
|
346
|
+
uuid = SecureRandom.uuid
|
347
|
+
ApiClient.create(name: "MyApiClient", key: uuid, created_at: Time.now(), enabled: true)
|
348
|
+
}
|
349
|
+
|
278
350
|
it "executes the correct controller" do
|
279
351
|
execute_call
|
280
352
|
|
281
353
|
expect(response.body).to include "Hello"
|
282
354
|
end
|
283
355
|
|
284
|
-
it "
|
356
|
+
it "saves the api_client information used" do
|
285
357
|
execute_call
|
286
358
|
|
287
|
-
expect(response.body).to include "
|
288
|
-
expect(response.body).to include "
|
359
|
+
expect(response.body).to include "MyApiClient"
|
360
|
+
expect(response.body).to include "#{api_client.id}"
|
289
361
|
end
|
290
362
|
end
|
291
363
|
|
292
|
-
context "when
|
293
|
-
let(:
|
364
|
+
context "when api_client is not enabled" do
|
365
|
+
let!(:api_client) {
|
366
|
+
uuid = SecureRandom.uuid
|
367
|
+
ApiClient.create(name: "MyApiClient", key: uuid, created_at: Time.now(), enabled: false)
|
368
|
+
}
|
294
369
|
|
295
|
-
it "
|
370
|
+
it "rejects request" do
|
296
371
|
execute_call
|
297
372
|
|
298
|
-
|
373
|
+
expect_unauthorized
|
299
374
|
end
|
300
375
|
end
|
301
376
|
end
|
302
|
-
end
|
303
|
-
|
304
|
-
context "when schema is old and missing disabled_at field" do
|
305
|
-
around(:each) do |example|
|
306
|
-
load 'fake_app/db/schema_missing_disabled_at.rb'
|
307
|
-
ApiClient.reset_column_information
|
308
|
-
example.run
|
309
|
-
load 'fake_app/db/schema_modern.rb'
|
310
|
-
ApiClient.reset_column_information
|
311
|
-
end
|
312
|
-
|
313
|
-
context "when api_client is valid" do
|
314
|
-
let!(:api_client) {
|
315
|
-
uuid = SecureRandom.uuid
|
316
|
-
ApiClient.create(name: "MyApiClient", key: uuid, created_at: Time.now(), enabled: true)
|
317
|
-
}
|
318
|
-
|
319
|
-
it "executes the correct controller" do
|
320
|
-
execute_call
|
321
377
|
|
322
|
-
|
378
|
+
context "when schema is old and missing enabled field" do
|
379
|
+
around(:each) do |example|
|
380
|
+
load 'fake_app/db/schema_missing_enabled.rb'
|
381
|
+
ApiClient.reset_column_information
|
382
|
+
example.run
|
383
|
+
load 'fake_app/db/schema_modern.rb'
|
384
|
+
ApiClient.reset_column_information
|
323
385
|
end
|
324
386
|
|
325
|
-
it "saves the api_client information used" do
|
326
|
-
execute_call
|
327
|
-
|
328
|
-
expect(response.body).to include "MyApiClient"
|
329
|
-
expect(response.body).to include "#{api_client.id}"
|
330
|
-
end
|
331
|
-
end
|
332
|
-
|
333
|
-
context "when api_client is not enabled" do
|
334
387
|
let!(:api_client) {
|
335
388
|
uuid = SecureRandom.uuid
|
336
|
-
ApiClient.create(name: "MyApiClient", key: uuid, created_at: Time.now()
|
389
|
+
ApiClient.create(name: "MyApiClient", key: uuid, created_at: Time.now())
|
337
390
|
}
|
338
391
|
|
339
|
-
|
340
|
-
|
341
|
-
|
342
|
-
expect_unauthorized
|
343
|
-
end
|
344
|
-
end
|
345
|
-
end
|
346
|
-
|
347
|
-
context "when schema is old and missing enabled field" do
|
348
|
-
around(:each) do |example|
|
349
|
-
load 'fake_app/db/schema_missing_enabled.rb'
|
350
|
-
ApiClient.reset_column_information
|
351
|
-
example.run
|
352
|
-
load 'fake_app/db/schema_modern.rb'
|
353
|
-
ApiClient.reset_column_information
|
354
|
-
end
|
355
|
-
|
356
|
-
let!(:api_client) {
|
357
|
-
uuid = SecureRandom.uuid
|
358
|
-
ApiClient.create(name: "MyApiClient", key: uuid, created_at: Time.now())
|
359
|
-
}
|
360
|
-
|
361
|
-
context "when api_client is valid" do
|
362
|
-
it "executes the correct controller" do
|
363
|
-
execute_call
|
392
|
+
context "when api_client is valid" do
|
393
|
+
it "executes the correct controller" do
|
394
|
+
execute_call
|
364
395
|
|
365
|
-
|
366
|
-
|
396
|
+
expect(response.body).to include "Hello"
|
397
|
+
end
|
367
398
|
|
368
|
-
|
369
|
-
|
399
|
+
it "saves the api_client information used" do
|
400
|
+
execute_call
|
370
401
|
|
371
|
-
|
372
|
-
|
402
|
+
expect(response.body).to include "MyApiClient"
|
403
|
+
expect(response.body).to include "#{api_client.id}"
|
404
|
+
end
|
373
405
|
end
|
374
406
|
end
|
375
407
|
end
|
data/spec/configuration_spec.rb
CHANGED
@@ -44,6 +44,10 @@ describe Stitches::Configuration do
|
|
44
44
|
expect(Stitches.configuration.max_cache_size).to eq(0)
|
45
45
|
end
|
46
46
|
|
47
|
+
it "sets a default of false for disable_api_key_support" do
|
48
|
+
expect(Stitches.configuration.disable_api_key_support).to be false
|
49
|
+
end
|
50
|
+
|
47
51
|
it "blows up if you try to use custom_http_auth_scheme without having set it" do
|
48
52
|
expect {
|
49
53
|
Stitches.configuration.custom_http_auth_scheme
|
data/spec/fake_app/.ruby-version
CHANGED
@@ -1 +1 @@
|
|
1
|
-
ruby-2.
|
1
|
+
ruby-3.2.3
|