stitches 4.2.2 → 5.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.circleci/config.yml +175 -209
- data/.env.example +1 -0
- data/.github/CODEOWNERS +1 -1
- data/.github/workflows/scheduled_cci.yml +14 -0
- data/.gitignore +3 -0
- data/.ruby-version +1 -1
- data/README.md +18 -9
- data/lib/stitches/api_generator.rb +1 -13
- data/lib/stitches/api_key.rb +2 -0
- data/lib/stitches/api_migration_generator.rb +23 -0
- data/lib/stitches/configuration.rb +2 -1
- data/lib/stitches/generator_files/config/initializers/stitches.rb +4 -0
- data/lib/stitches/generator_files/spec/acceptance/ping_v1_spec.rb +4 -2
- data/lib/stitches/generator_files/spec/features/api_spec.rb.erb +3 -0
- data/lib/stitches/railtie.rb +0 -1
- data/lib/stitches/spec/test_headers.rb +1 -1
- data/lib/stitches/version.rb +1 -1
- data/lib/stitches_norailtie.rb +1 -0
- data/owners.json +1 -1
- data/spec/api_key_middleware_spec.rb +257 -225
- data/spec/configuration_spec.rb +4 -0
- data/spec/fake_app/.ruby-version +1 -1
- data/spec/fake_app/Gemfile +5 -5
- data/spec/fake_app/config/application.rb +1 -3
- data/spec/fake_app/config/database.yml +9 -10
- data/spec/fake_app/config/initializers/assets.rb +0 -3
- data/spec/integration/add_to_rails_app_spec.rb +2 -1
- data/spec/rails_helper.rb +4 -2
- data/stitches.gemspec +2 -1
- metadata +21 -15
- data/Gemfile.rails-4.2 +0 -8
- data/Gemfile.rails-5.0 +0 -8
- data/Gemfile.rails-5.1 +0 -7
- data/Gemfile.rails-5.2 +0 -7
- data/Gemfile.rails-6.0 +0 -7
- data/Gemfile.rails-6.1 +0 -7
- data/build-matrix.json +0 -4
- data/spec/fake_app/db/development.sqlite3 +0 -0
- data/spec/fake_app/db/test.sqlite3 +0 -0
data/lib/stitches/railtie.rb
CHANGED
data/lib/stitches/version.rb
CHANGED
data/lib/stitches_norailtie.rb
CHANGED
@@ -12,6 +12,7 @@ require 'stitches/render_timestamps_in_iso8601_in_json'
|
|
12
12
|
require 'stitches/error'
|
13
13
|
require 'stitches/errors'
|
14
14
|
require 'stitches/api_generator'
|
15
|
+
require 'stitches/api_migration_generator'
|
15
16
|
require 'stitches/add_deprecation_generator'
|
16
17
|
require 'stitches/add_enabled_to_api_clients_generator'
|
17
18
|
require 'stitches/add_disabled_at_to_api_clients_generator'
|
data/owners.json
CHANGED
@@ -12,13 +12,6 @@ RSpec.describe "/api/hellos", type: :request do
|
|
12
12
|
let(:auth_header) { "MyAwesomeInternalScheme key=#{uuid}" }
|
13
13
|
let(:allowlist) { nil }
|
14
14
|
|
15
|
-
before do
|
16
|
-
Stitches.configuration.reset_to_defaults!
|
17
|
-
Stitches.configuration.custom_http_auth_scheme = 'MyAwesomeInternalScheme'
|
18
|
-
Stitches.configuration.allowlist_regexp = allowlist if allowlist
|
19
|
-
Stitches::ApiClientAccessWrapper.clear_api_cache
|
20
|
-
end
|
21
|
-
|
22
15
|
def execute_call(auth: auth_header)
|
23
16
|
headers = {
|
24
17
|
"Accept" => "application/json; version=1"
|
@@ -34,342 +27,381 @@ RSpec.describe "/api/hellos", type: :request do
|
|
34
27
|
expect(response.headers["WWW-Authenticate"]).to eq("MyAwesomeInternalScheme realm=FakeApp")
|
35
28
|
end
|
36
29
|
|
37
|
-
context "
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
ApiClient.create(name: "MyApiClient", key: uuid, enabled: api_client_enabled, created_at: 10.days.ago, disabled_at: disabled_at)
|
44
|
-
}
|
45
|
-
|
46
|
-
context "when path is not on allowlist" do
|
47
|
-
context "when api_client is valid" do
|
48
|
-
it "executes the correct controller" do
|
49
|
-
execute_call
|
50
|
-
|
51
|
-
expect(response.body).to include "Hello"
|
52
|
-
end
|
53
|
-
|
54
|
-
it "saves the api_client information used" do
|
55
|
-
execute_call
|
56
|
-
|
57
|
-
expect(response.body).to include "MyApiClient"
|
58
|
-
expect(response.body).to include "#{api_client.id}"
|
59
|
-
end
|
30
|
+
context "disabled api key support" do
|
31
|
+
before do
|
32
|
+
Stitches.configuration.reset_to_defaults!
|
33
|
+
Stitches.configuration.custom_http_auth_scheme = 'MyAwesomeInternalScheme'
|
34
|
+
Stitches.configuration.disable_api_key_support = true
|
35
|
+
end
|
60
36
|
|
61
|
-
|
62
|
-
before do
|
63
|
-
allow(ApiClient).to receive(:find_by).and_call_original
|
37
|
+
let(:uuid) { SecureRandom.uuid }
|
64
38
|
|
65
|
-
|
66
|
-
|
67
|
-
config.max_cache_size = 10
|
68
|
-
end
|
69
|
-
end
|
39
|
+
it "executes the correct controller" do
|
40
|
+
execute_call
|
70
41
|
|
71
|
-
|
72
|
-
|
73
|
-
execute_call
|
74
|
-
|
75
|
-
expect(response.body).to include "#{api_client.id}"
|
76
|
-
expect(ApiClient).to have_received(:find_by).once
|
77
|
-
end
|
78
|
-
end
|
79
|
-
end
|
80
|
-
|
81
|
-
context "when api client key does not match" do
|
82
|
-
let(:uuid) { SecureRandom.uuid } # random uuid
|
42
|
+
expect(response.body).to include "Hello"
|
43
|
+
end
|
83
44
|
|
84
|
-
|
85
|
-
|
45
|
+
it "does not look up information from the database" do
|
46
|
+
execute_call
|
86
47
|
|
87
|
-
|
88
|
-
|
89
|
-
|
48
|
+
expect(response.body).to include "NameNotFound"
|
49
|
+
expect(response.body).to include "IdNotFound"
|
50
|
+
end
|
90
51
|
|
91
|
-
|
92
|
-
|
52
|
+
it "indicates a successful response" do
|
53
|
+
execute_call
|
93
54
|
|
94
|
-
|
95
|
-
|
96
|
-
|
55
|
+
expect(response.status).to eq 200
|
56
|
+
end
|
57
|
+
end
|
97
58
|
|
98
|
-
|
99
|
-
|
100
|
-
|
59
|
+
context "enabled api key support" do
|
60
|
+
before do
|
61
|
+
Stitches.configuration.reset_to_defaults!
|
62
|
+
Stitches.configuration.custom_http_auth_scheme = 'MyAwesomeInternalScheme'
|
63
|
+
Stitches.configuration.allowlist_regexp = allowlist if allowlist
|
64
|
+
Stitches.configuration.disable_api_key_support = false
|
65
|
+
Stitches::ApiClientAccessWrapper.clear_api_cache
|
66
|
+
end
|
101
67
|
|
102
|
-
|
103
|
-
|
68
|
+
context "with modern schema" do
|
69
|
+
let(:api_client_enabled) { true }
|
70
|
+
let(:disabled_at) { nil }
|
71
|
+
let!(:api_client) {
|
72
|
+
uuid = SecureRandom.uuid
|
73
|
+
ApiClient.create(name: "MyApiClient", key: SecureRandom.uuid, enabled: false, created_at: 20.days.ago, disabled_at: 15.days.ago)
|
74
|
+
ApiClient.create(name: "MyApiClient", key: uuid, enabled: api_client_enabled, created_at: 10.days.ago, disabled_at: disabled_at)
|
75
|
+
}
|
104
76
|
|
105
|
-
|
77
|
+
context "when path is not on allowlist" do
|
78
|
+
context "when api_client is valid" do
|
79
|
+
it "executes the correct controller" do
|
106
80
|
execute_call
|
107
81
|
|
108
|
-
|
109
|
-
|
82
|
+
expect(response.body).to include "Hello"
|
110
83
|
end
|
111
|
-
end
|
112
84
|
|
113
|
-
|
114
|
-
let(:disabled_at) { 1.day.ago }
|
115
|
-
|
116
|
-
it "allows the call" do
|
85
|
+
it "saves the api_client information used" do
|
117
86
|
execute_call
|
118
87
|
|
119
|
-
expect(response.body).to include "Hello"
|
120
88
|
expect(response.body).to include "MyApiClient"
|
121
89
|
expect(response.body).to include "#{api_client.id}"
|
122
90
|
end
|
123
91
|
|
124
|
-
|
125
|
-
|
126
|
-
|
92
|
+
context "caching is enabled" do
|
93
|
+
before do
|
94
|
+
allow(ApiClient).to receive(:find_by).and_call_original
|
127
95
|
|
128
|
-
|
96
|
+
Stitches.configure do |config|
|
97
|
+
config.max_cache_ttl = 5
|
98
|
+
config.max_cache_size = 10
|
99
|
+
end
|
100
|
+
end
|
129
101
|
|
130
|
-
|
102
|
+
it "only gets the the api_client information once" do
|
103
|
+
execute_call
|
104
|
+
execute_call
|
105
|
+
|
106
|
+
expect(response.body).to include "#{api_client.id}"
|
107
|
+
expect(ApiClient).to have_received(:find_by).once
|
108
|
+
end
|
131
109
|
end
|
110
|
+
end
|
132
111
|
|
133
|
-
|
134
|
-
|
135
|
-
allow(Rails.logger).to receive(:error)
|
112
|
+
context "when api client key does not match" do
|
113
|
+
let(:uuid) { SecureRandom.uuid } # random uuid
|
136
114
|
|
115
|
+
it "rejects request" do
|
137
116
|
execute_call
|
138
117
|
|
139
|
-
|
140
|
-
expect(Rails.logger).not_to have_received(:error)
|
118
|
+
expect_unauthorized
|
141
119
|
end
|
142
120
|
end
|
143
121
|
|
144
|
-
context "when
|
145
|
-
let(:
|
122
|
+
context "when api client key not enabled" do
|
123
|
+
let(:api_client_enabled) { false }
|
146
124
|
|
147
|
-
|
148
|
-
|
125
|
+
context "when disabled_at is not set" do
|
126
|
+
it "rejects request" do
|
127
|
+
execute_call
|
149
128
|
|
150
|
-
|
151
|
-
|
152
|
-
expect(response.body).to include "#{api_client.id}"
|
129
|
+
expect_unauthorized
|
130
|
+
end
|
153
131
|
end
|
154
132
|
|
155
|
-
|
156
|
-
|
157
|
-
allow(StitchFix::Logger::LogWriter).to receive(:error)
|
133
|
+
context "when disabled_at is set to a time older than three days ago" do
|
134
|
+
let(:disabled_at) { 4.day.ago }
|
158
135
|
|
159
|
-
|
136
|
+
it "does not allow the call" do
|
137
|
+
execute_call
|
160
138
|
|
161
|
-
|
162
|
-
end
|
139
|
+
expect_unauthorized
|
163
140
|
|
164
|
-
it "logs error about the disabled key to the Rails.logger" do
|
165
|
-
allow(Rails.logger).to receive(:warn)
|
166
|
-
allow(Rails.logger).to receive(:error) do |message1|
|
167
|
-
expect(message1).not_to include uuid
|
168
141
|
end
|
142
|
+
end
|
169
143
|
|
170
|
-
|
144
|
+
context "when disabled_at is set to a recent time" do
|
145
|
+
let(:disabled_at) { 1.day.ago }
|
171
146
|
|
172
|
-
|
173
|
-
|
174
|
-
end
|
175
|
-
end
|
147
|
+
it "allows the call" do
|
148
|
+
execute_call
|
176
149
|
|
177
|
-
|
178
|
-
|
150
|
+
expect(response.body).to include "Hello"
|
151
|
+
expect(response.body).to include "MyApiClient"
|
152
|
+
expect(response.body).to include "#{api_client.id}"
|
153
|
+
end
|
179
154
|
|
180
|
-
|
181
|
-
|
155
|
+
it "warns about the disabled key to log writer when available" do
|
156
|
+
stub_const("StitchFix::Logger::LogWriter", FakeLogger.new)
|
157
|
+
allow(StitchFix::Logger::LogWriter).to receive(:warn)
|
182
158
|
|
183
|
-
|
184
|
-
end
|
159
|
+
execute_call
|
185
160
|
|
186
|
-
|
187
|
-
|
188
|
-
allow(StitchFix::Logger::LogWriter).to receive(:error)
|
161
|
+
expect(StitchFix::Logger::LogWriter).to have_received(:warn).once
|
162
|
+
end
|
189
163
|
|
190
|
-
|
164
|
+
it "warns about the disabled key to the Rails.logger" do
|
165
|
+
allow(Rails.logger).to receive(:warn)
|
166
|
+
allow(Rails.logger).to receive(:error)
|
167
|
+
|
168
|
+
execute_call
|
191
169
|
|
192
|
-
|
170
|
+
expect(Rails.logger).to have_received(:warn).once
|
171
|
+
expect(Rails.logger).not_to have_received(:error)
|
172
|
+
end
|
193
173
|
end
|
194
174
|
|
195
|
-
|
196
|
-
|
197
|
-
|
175
|
+
context "when disabled_at is set to a dangerously long time" do
|
176
|
+
let(:disabled_at) { 52.hours.ago }
|
177
|
+
|
178
|
+
it "allows the call" do
|
179
|
+
execute_call
|
198
180
|
|
199
|
-
|
181
|
+
expect(response.body).to include "Hello"
|
182
|
+
expect(response.body).to include "MyApiClient"
|
183
|
+
expect(response.body).to include "#{api_client.id}"
|
184
|
+
end
|
200
185
|
|
201
|
-
|
202
|
-
|
203
|
-
|
204
|
-
end
|
186
|
+
it "logs error about the disabled key to log writer when available" do
|
187
|
+
stub_const("StitchFix::Logger::LogWriter", FakeLogger.new)
|
188
|
+
allow(StitchFix::Logger::LogWriter).to receive(:error)
|
205
189
|
|
206
|
-
|
207
|
-
before do
|
208
|
-
Stitches.configuration.disabled_key_leniency_in_seconds = 100
|
209
|
-
Stitches.configuration.disabled_key_leniency_error_log_threshold_in_seconds = 50
|
210
|
-
end
|
190
|
+
execute_call
|
211
191
|
|
212
|
-
|
213
|
-
|
192
|
+
expect(StitchFix::Logger::LogWriter).to have_received(:error).once
|
193
|
+
end
|
214
194
|
|
215
|
-
it "
|
195
|
+
it "logs error about the disabled key to the Rails.logger" do
|
196
|
+
allow(Rails.logger).to receive(:warn)
|
216
197
|
allow(Rails.logger).to receive(:error) do |message1|
|
217
198
|
expect(message1).not_to include uuid
|
218
199
|
end
|
219
200
|
|
220
201
|
execute_call
|
221
202
|
|
222
|
-
expect_unauthorized
|
223
203
|
expect(Rails.logger).to have_received(:error).once
|
204
|
+
expect(Rails.logger).not_to have_received(:warn)
|
224
205
|
end
|
225
206
|
end
|
226
207
|
|
227
|
-
context "when disabled_at is set to
|
228
|
-
let(:disabled_at) {
|
208
|
+
context "when disabled_at is set to an unacceptably long time" do
|
209
|
+
let(:disabled_at) { 5.days.ago }
|
229
210
|
|
230
|
-
it "
|
211
|
+
it "forbids the call" do
|
212
|
+
execute_call
|
213
|
+
|
214
|
+
expect_unauthorized
|
215
|
+
end
|
216
|
+
|
217
|
+
it "logs error about the disabled key to log writer when available" do
|
218
|
+
stub_const("StitchFix::Logger::LogWriter", FakeLogger.new)
|
219
|
+
allow(StitchFix::Logger::LogWriter).to receive(:error)
|
220
|
+
|
221
|
+
execute_call
|
222
|
+
|
223
|
+
expect(StitchFix::Logger::LogWriter).to have_received(:error).once
|
224
|
+
end
|
225
|
+
|
226
|
+
it "logs error about the disabled key to the Rails.logger" do
|
227
|
+
allow(Rails.logger).to receive(:warn)
|
231
228
|
allow(Rails.logger).to receive(:error)
|
232
229
|
|
233
230
|
execute_call
|
234
231
|
|
235
|
-
expect(response.body).to include "Hello"
|
236
232
|
expect(Rails.logger).to have_received(:error).once
|
233
|
+
expect(Rails.logger).not_to have_received(:warn)
|
237
234
|
end
|
238
235
|
end
|
239
236
|
|
240
|
-
context "
|
241
|
-
|
237
|
+
context "custom leniency is set" do
|
238
|
+
before do
|
239
|
+
Stitches.configuration.disabled_key_leniency_in_seconds = 100
|
240
|
+
Stitches.configuration.disabled_key_leniency_error_log_threshold_in_seconds = 50
|
241
|
+
end
|
242
242
|
|
243
|
-
|
244
|
-
|
245
|
-
|
243
|
+
context "when disabled_at is set to an unacceptably long time" do
|
244
|
+
let(:disabled_at) { 101.seconds.ago }
|
245
|
+
|
246
|
+
it "forbids the call" do
|
247
|
+
allow(Rails.logger).to receive(:error) do |message1|
|
248
|
+
expect(message1).not_to include uuid
|
249
|
+
end
|
250
|
+
|
251
|
+
execute_call
|
252
|
+
|
253
|
+
expect_unauthorized
|
254
|
+
expect(Rails.logger).to have_received(:error).once
|
246
255
|
end
|
256
|
+
end
|
247
257
|
|
248
|
-
|
258
|
+
context "when disabled_at is set to a dangerously long time" do
|
259
|
+
let(:disabled_at) { 75.seconds.ago }
|
249
260
|
|
250
|
-
|
251
|
-
|
261
|
+
it "allows the call" do
|
262
|
+
allow(Rails.logger).to receive(:error)
|
263
|
+
|
264
|
+
execute_call
|
265
|
+
|
266
|
+
expect(response.body).to include "Hello"
|
267
|
+
expect(Rails.logger).to have_received(:error).once
|
268
|
+
end
|
269
|
+
end
|
270
|
+
|
271
|
+
context "when disabled_at is set to a short time ago" do
|
272
|
+
let(:disabled_at) { 25.seconds.ago }
|
273
|
+
|
274
|
+
it "allows the call" do
|
275
|
+
allow(Rails.logger).to receive(:warn) do |message1|
|
276
|
+
expect(message1).not_to include uuid
|
277
|
+
end
|
278
|
+
|
279
|
+
execute_call
|
280
|
+
|
281
|
+
expect(response.body).to include "Hello"
|
282
|
+
expect(Rails.logger).to have_received(:warn).once
|
283
|
+
end
|
252
284
|
end
|
253
285
|
end
|
254
286
|
end
|
255
|
-
end
|
256
287
|
|
257
|
-
|
258
|
-
|
259
|
-
|
288
|
+
context "when authorization header is missing" do
|
289
|
+
it "rejects request" do
|
290
|
+
execute_call(auth: nil)
|
260
291
|
|
261
|
-
|
292
|
+
expect_unauthorized
|
293
|
+
end
|
294
|
+
end
|
295
|
+
|
296
|
+
context "when scheme does not match" do
|
297
|
+
it "rejects request" do
|
298
|
+
execute_call(auth: "OtherScheme key=#{uuid}")
|
299
|
+
|
300
|
+
expect_unauthorized
|
301
|
+
end
|
262
302
|
end
|
263
303
|
end
|
264
304
|
|
265
|
-
context "when
|
266
|
-
|
267
|
-
execute_call(auth: "OtherScheme key=#{uuid}")
|
305
|
+
context "when path is on allowlist" do
|
306
|
+
let(:allowlist) { /.*hello.*/ }
|
268
307
|
|
269
|
-
|
308
|
+
context "when api_client is valid" do
|
309
|
+
it "executes the correct controller" do
|
310
|
+
execute_call
|
311
|
+
|
312
|
+
expect(response.body).to include "Hello"
|
313
|
+
end
|
314
|
+
|
315
|
+
it "does not save the api_client information used" do
|
316
|
+
execute_call
|
317
|
+
|
318
|
+
expect(response.body).to include "NameNotFound"
|
319
|
+
expect(response.body).to include "IdNotFound"
|
320
|
+
end
|
321
|
+
end
|
322
|
+
|
323
|
+
context "when api client key does not match" do
|
324
|
+
let(:uuid) { SecureRandom.uuid } # random uuid
|
325
|
+
|
326
|
+
it "executes the correct controller" do
|
327
|
+
execute_call
|
328
|
+
|
329
|
+
expect(response.body).to include "Hello"
|
330
|
+
end
|
270
331
|
end
|
271
332
|
end
|
272
333
|
end
|
273
334
|
|
274
|
-
context "when
|
275
|
-
|
335
|
+
context "when schema is old and missing disabled_at field" do
|
336
|
+
around(:each) do |example|
|
337
|
+
load 'fake_app/db/schema_missing_disabled_at.rb'
|
338
|
+
ApiClient.reset_column_information
|
339
|
+
example.run
|
340
|
+
load 'fake_app/db/schema_modern.rb'
|
341
|
+
ApiClient.reset_column_information
|
342
|
+
end
|
276
343
|
|
277
344
|
context "when api_client is valid" do
|
345
|
+
let!(:api_client) {
|
346
|
+
uuid = SecureRandom.uuid
|
347
|
+
ApiClient.create(name: "MyApiClient", key: uuid, created_at: Time.now(), enabled: true)
|
348
|
+
}
|
349
|
+
|
278
350
|
it "executes the correct controller" do
|
279
351
|
execute_call
|
280
352
|
|
281
353
|
expect(response.body).to include "Hello"
|
282
354
|
end
|
283
355
|
|
284
|
-
it "
|
356
|
+
it "saves the api_client information used" do
|
285
357
|
execute_call
|
286
358
|
|
287
|
-
expect(response.body).to include "
|
288
|
-
expect(response.body).to include "
|
359
|
+
expect(response.body).to include "MyApiClient"
|
360
|
+
expect(response.body).to include "#{api_client.id}"
|
289
361
|
end
|
290
362
|
end
|
291
363
|
|
292
|
-
context "when
|
293
|
-
let(:
|
364
|
+
context "when api_client is not enabled" do
|
365
|
+
let!(:api_client) {
|
366
|
+
uuid = SecureRandom.uuid
|
367
|
+
ApiClient.create(name: "MyApiClient", key: uuid, created_at: Time.now(), enabled: false)
|
368
|
+
}
|
294
369
|
|
295
|
-
it "
|
370
|
+
it "rejects request" do
|
296
371
|
execute_call
|
297
372
|
|
298
|
-
|
373
|
+
expect_unauthorized
|
299
374
|
end
|
300
375
|
end
|
301
376
|
end
|
302
|
-
end
|
303
|
-
|
304
|
-
context "when schema is old and missing disabled_at field" do
|
305
|
-
around(:each) do |example|
|
306
|
-
load 'fake_app/db/schema_missing_disabled_at.rb'
|
307
|
-
ApiClient.reset_column_information
|
308
|
-
example.run
|
309
|
-
load 'fake_app/db/schema_modern.rb'
|
310
|
-
ApiClient.reset_column_information
|
311
|
-
end
|
312
|
-
|
313
|
-
context "when api_client is valid" do
|
314
|
-
let!(:api_client) {
|
315
|
-
uuid = SecureRandom.uuid
|
316
|
-
ApiClient.create(name: "MyApiClient", key: uuid, created_at: Time.now(), enabled: true)
|
317
|
-
}
|
318
|
-
|
319
|
-
it "executes the correct controller" do
|
320
|
-
execute_call
|
321
377
|
|
322
|
-
|
378
|
+
context "when schema is old and missing enabled field" do
|
379
|
+
around(:each) do |example|
|
380
|
+
load 'fake_app/db/schema_missing_enabled.rb'
|
381
|
+
ApiClient.reset_column_information
|
382
|
+
example.run
|
383
|
+
load 'fake_app/db/schema_modern.rb'
|
384
|
+
ApiClient.reset_column_information
|
323
385
|
end
|
324
386
|
|
325
|
-
it "saves the api_client information used" do
|
326
|
-
execute_call
|
327
|
-
|
328
|
-
expect(response.body).to include "MyApiClient"
|
329
|
-
expect(response.body).to include "#{api_client.id}"
|
330
|
-
end
|
331
|
-
end
|
332
|
-
|
333
|
-
context "when api_client is not enabled" do
|
334
387
|
let!(:api_client) {
|
335
388
|
uuid = SecureRandom.uuid
|
336
|
-
ApiClient.create(name: "MyApiClient", key: uuid, created_at: Time.now()
|
389
|
+
ApiClient.create(name: "MyApiClient", key: uuid, created_at: Time.now())
|
337
390
|
}
|
338
391
|
|
339
|
-
|
340
|
-
|
341
|
-
|
342
|
-
expect_unauthorized
|
343
|
-
end
|
344
|
-
end
|
345
|
-
end
|
346
|
-
|
347
|
-
context "when schema is old and missing enabled field" do
|
348
|
-
around(:each) do |example|
|
349
|
-
load 'fake_app/db/schema_missing_enabled.rb'
|
350
|
-
ApiClient.reset_column_information
|
351
|
-
example.run
|
352
|
-
load 'fake_app/db/schema_modern.rb'
|
353
|
-
ApiClient.reset_column_information
|
354
|
-
end
|
355
|
-
|
356
|
-
let!(:api_client) {
|
357
|
-
uuid = SecureRandom.uuid
|
358
|
-
ApiClient.create(name: "MyApiClient", key: uuid, created_at: Time.now())
|
359
|
-
}
|
360
|
-
|
361
|
-
context "when api_client is valid" do
|
362
|
-
it "executes the correct controller" do
|
363
|
-
execute_call
|
392
|
+
context "when api_client is valid" do
|
393
|
+
it "executes the correct controller" do
|
394
|
+
execute_call
|
364
395
|
|
365
|
-
|
366
|
-
|
396
|
+
expect(response.body).to include "Hello"
|
397
|
+
end
|
367
398
|
|
368
|
-
|
369
|
-
|
399
|
+
it "saves the api_client information used" do
|
400
|
+
execute_call
|
370
401
|
|
371
|
-
|
372
|
-
|
402
|
+
expect(response.body).to include "MyApiClient"
|
403
|
+
expect(response.body).to include "#{api_client.id}"
|
404
|
+
end
|
373
405
|
end
|
374
406
|
end
|
375
407
|
end
|
data/spec/configuration_spec.rb
CHANGED
@@ -44,6 +44,10 @@ describe Stitches::Configuration do
|
|
44
44
|
expect(Stitches.configuration.max_cache_size).to eq(0)
|
45
45
|
end
|
46
46
|
|
47
|
+
it "sets a default of false for disable_api_key_support" do
|
48
|
+
expect(Stitches.configuration.disable_api_key_support).to be false
|
49
|
+
end
|
50
|
+
|
47
51
|
it "blows up if you try to use custom_http_auth_scheme without having set it" do
|
48
52
|
expect {
|
49
53
|
Stitches.configuration.custom_http_auth_scheme
|
data/spec/fake_app/.ruby-version
CHANGED
@@ -1 +1 @@
|
|
1
|
-
ruby-2.
|
1
|
+
ruby-3.2.3
|