stitches 3.6.1 → 3.7.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8c3846c9b1a93294cd571810ca83039f181dba5ddd3d933ff43251da056c8b6c
-  data.tar.gz: a42a251585e41138e8f94dce4cd6c1d95c1a9d8809368fcf744d18238c7e3fa4
+  metadata.gz: e779533d1ae845c15bec064ad589e32d2e29bca1b3b966144358735d26026248
+  data.tar.gz: f9af71cd6d2bab7e70ef1d963c25f66a41aa76107b032dc409bb611c30bf7819
 SHA512:
-  metadata.gz: a4fee81d1d74bd4244caaa6fc9ef5c4c6f89d9a20f5f6786ec563388309d47b6ff64d7255724412bd672d80269b6123f2cc7a4956057bb692d27b755af2f2dac
-  data.tar.gz: a7a41bcd6b7ebae60daa58d414875aafd986910a9e21420afce8133d9ce1e68c22d0242e962cd85ca2244987dfcd094ff36ce34da826ca12bd80fb628f33ea95
+  metadata.gz: 5145e91908d5cd6f685b7389cf3cf2a17bca9f5355eb513c26f6bb5f2e66270ebdf9c649796b683f470014e12dae4b98b3c2b2ce151afc2c984c96f94aa38a2f
+  data.tar.gz: 921734574b5e142f5786c1c7088e389e0d8d243111d5fcbfe7fded4f6e8dbb85fee11b1a25ffc2017f58c8b270ee46c41a6e0a554c130f9f09fa9c4c960cb544

data/.travis.yml

@@ -1,7 +1,7 @@
 language: ruby
 rvm:
-  - 2.2.2
-  - 2.3.1
+  - 2.4.4
+  - 2.5.1
   - ruby-head
 notifications:
   email: false

data/lib/stitches/allowlist_middleware.rb

@@ -0,0 +1,29 @@
+module Stitches
+  # A middleware that will skip its behavior if the path matches an allowed URL
+  class AllowlistMiddleware
+    def initialize(app, options={})
+
+      @app           = app
+      @configuration = options[:configuration] ||  Stitches.configuration
+      @except        = options[:except]        || @configuration.allowlist_regexp
+
+      unless @except.nil? || @except.is_a?(Regexp)
+        raise ":except must be a Regexp"
+      end
+    end
+    def call(env)
+      if @except && @except.match(env["PATH_INFO"])
+        @app.call(env)
+      else
+        do_call(env)
+      end
+    end
+
+  protected
+
+    def do_call(env)
+      raise 'subclass must implement'
+    end
+
+  end
+end

data/lib/stitches/api_key.rb

@@ -1,4 +1,4 @@
-require_relative 'whitelisting_middleware'
+require_relative 'allowlist_middleware'
 
 module Stitches
   # A middleware that requires an API key for certain transactions, and makes its id available
@@ -18,7 +18,7 @@ module Stitches
   #
   # If that is the case, env[Stitches.configuration.env_var_to_hold_api_client_primary_key] will be the primary key of the
   # ApiClient that it maps to.
-  class ApiKey < Stitches::WhitelistingMiddleware
+  class ApiKey < Stitches::AllowlistMiddleware
 
     def initialize(app,options = {})
       super(app,options)

data/lib/stitches/configuration.rb

@@ -9,20 +9,25 @@ class Stitches::Configuration
 
   # Mainly for testing, this resets all configuration to the default value
   def reset_to_defaults!
-    @whitelist_regexp = nil
+    @allowlist_regexp = nil
     @custom_http_auth_scheme = UnsetString.new("custom_http_auth_scheme")
     @env_var_to_hold_api_client_primary_key = NonNullString.new("env_var_to_hold_api_client_primary_key","STITCHES_API_CLIENT_ID")
     @env_var_to_hold_api_client= NonNullString.new("env_var_to_hold_api_client","STITCHES_API_CLIENT")
   end
 
-  # A RegExp that whitelists URLS around the mime type and api key requirements.
+  # A RegExp that allows URLS around the mime type and api key requirements.
   # nil means that ever request must have a proper mime type and api key.
-  attr_reader :whitelist_regexp
-  def whitelist_regexp=(new_whitelist_regexp)
-    unless new_whitelist_regexp.nil? || new_whitelist_regexp.is_a?(Regexp)
-      raise "whitelist_regexp must be a Regexp, not a #{new_whitelist_regexp.class}"
+  attr_reader :allowlist_regexp
+  def allowlist_regexp=(new_allowlist_regexp)
+    unless new_allowlist_regexp.nil? || new_allowlist_regexp.is_a?(Regexp)
+      raise "allowlist_regexp must be a Regexp, not a #{new_allowlist_regexp.class}"
     end
-    @whitelist_regexp = new_whitelist_regexp
+    @allowlist_regexp = new_allowlist_regexp
+  end
+
+  def whitelist_regexp=(new_allowlist_regexp)
+    self.allowlist_regexp = new_allowlist_regexp
+    warn("⚠️ 'whitelist' is deprecated in stitches configuration, please use 'allowlist' or auto-update with:\n\n  bin/rails g stitches:update_configuration\n\n⚠️  'whitelist' will be removed in 4.0")
   end
 
   # The name of your custom http auth scheme.  This must be set, and has no default

data/lib/stitches/generator_files/config/initializers/stitches.rb

@@ -2,7 +2,7 @@ require 'stitches'
 
 Stitches.configure do |configuration|
   # Regexp of urls that do not require ApiKeys or valid, versioned mime types
-  configuration.whitelist_regexp = %r{\A/(resque|docs|assets)(\Z|/.*\Z)}
+  configuration.allowlist_regexp = %r{\A/(resque|docs|assets)(\Z|/.*\Z)}
 
   # Name of the custom Authorization scheme.  See http://www.ietf.org/rfc/rfc2617.txt for details,
   # but generally should be a string with no spaces or special characters.

data/lib/stitches/update_configuration_generator.rb

@@ -0,0 +1,16 @@
+require 'rails/generators'
+
+module Stitches
+  class UpdateConfigurationGenerator < Rails::Generators::Base
+    include Rails::Generators::Migration
+
+    source_root(File.expand_path(File.join(File.dirname(__FILE__),"generator_files")))
+
+    desc "Change your configuration to use 'allowlist' so you'll be ready for 4.x"
+    def update_to_allowlist
+      gsub_file "config/initializers/stitches.rb", /whitelist/, "allowlist"
+      puts "🎉 You are now good to go!"
+    end
+
+  end
+end

data/lib/stitches/valid_mime_type.rb

@@ -1,4 +1,4 @@
-require_relative 'whitelisting_middleware'
+require_relative 'allowlist_middleware'
 module Stitches
   # A middleware that requires all API calls to be for versioned JSON.  This means that the Accept
   # header (available to Rack apps as HTTP_ACCEPT) should be like so:
@@ -7,7 +7,7 @@ module Stitches
   #
   # This just checks that you've specified some numeric version.  ApiVersionConstraint should be used
   # to "lock down" the versions you accept.
-  class ValidMimeType < Stitches::WhitelistingMiddleware
+  class ValidMimeType < Stitches::AllowlistMiddleware
 
   protected
 
@@ -29,4 +29,4 @@ module Stitches
     end
 
   end
-end
+end

data/lib/stitches/version.rb

@@ -1,3 +1,3 @@
 module Stitches
-  VERSION = '3.6.1'
+  VERSION = '3.7.0'
 end

data/lib/stitches/whitelisting_middleware.rb

@@ -1,29 +1,5 @@
-module Stitches
-  # A middleware that will skip its behavior if the path matches a white-listed URL
-  class WhitelistingMiddleware
-    def initialize(app, options={})
-
-      @app           = app
-      @configuration = options[:configuration] ||  Stitches.configuration
-      @except        = options[:except]        || @configuration.whitelist_regexp
-
-      unless @except.nil? || @except.is_a?(Regexp)
-        raise ":except must be a Regexp"
-      end
-    end
-    def call(env)
-      if @except && @except.match(env["PATH_INFO"])
-        @app.call(env)
-      else
-        do_call(env)
-      end
-    end
+require_relative "allowlist_middleware"
 
-  protected
-
-    def do_call(env)
-      raise 'subclass must implement'
-    end
-
-  end
-end
+module Stitches
+  WhitelistingMiddleware = AllowlistMiddleware
+end

data/lib/stitches_norailtie.rb

@@ -14,6 +14,7 @@ require 'stitches/errors'
 require 'stitches/api_generator'
 require 'stitches/add_deprecation_generator'
 require 'stitches/add_enabled_to_api_clients_generator'
+require 'stitches/update_configuration_generator'
 require 'stitches/api_version_constraint'
 require 'stitches/api_key'
 require 'stitches/deprecation'

data/spec/api_key_spec.rb

@@ -49,7 +49,7 @@ describe Stitches::ApiKey do
 
   describe "#call" do
     context "not in namespace" do
-      context "not whitelisted" do
+      context "not allowlisted" do
         let(:env) {
           {
             "PATH_INFO" => "/index/apifoolingyou/home",
@@ -64,12 +64,12 @@ describe Stitches::ApiKey do
           let(:expected_body) { "Unauthorized - no authorization header" }
         end
       end
-      context "whitelisting" do
-        context "whitelist is explicit in middleware usage" do
+      context "allowlisting" do
+        context "allowlist is explicit in middleware usage" do
           before do
             @response = middleware.call(env)
           end
-          context "passes the whitelist" do
+          context "passes the allowlist" do
             subject(:middleware) { described_class.new(app, except: %r{\A/resque\/.*\Z}) }
             let(:env) {
               {
@@ -81,7 +81,7 @@ describe Stitches::ApiKey do
             end
           end
 
-          context "fails the whitelist" do
+          context "fails the allowlist" do
             subject(:middleware) { described_class.new(app, except: %r{\A/resque\/.*\Z}) }
             let(:env) {
               {
@@ -105,14 +105,14 @@ describe Stitches::ApiKey do
             end
           end
         end
-        context "whitelist is implicit from the configuration" do
+        context "allowlist is implicit from the configuration" do
 
           before do
-            Stitches.configuration.whitelist_regexp = %r{\A/resque/.*\Z}
+            Stitches.configuration.allowlist_regexp = %r{\A/resque/.*\Z}
             @response = middleware.call(env)
           end
 
-          context "passes the whitelist" do
+          context "passes the allowlist" do
             subject(:middleware) { described_class.new(app) }
             let(:env) {
               {
@@ -124,7 +124,7 @@ describe Stitches::ApiKey do
             end
           end
 
-          context "fails the whitelist" do
+          context "fails the allowlist" do
             subject(:middleware) { described_class.new(app) }
             let(:env) {
               {

data/spec/configuration_spec.rb

@@ -6,24 +6,24 @@ describe Stitches::Configuration do
   end
 
   describe "global configuration" do
-    let(:whitelist_regexp) { %r{foo} }
+    let(:allowlist_regexp) { %r{foo} }
     let(:custom_http_auth_scheme) { "Blah" }
     let(:env_var_to_hold_api_client_primary_key) { "FOOBAR" }
 
     it "can be configured globally" do
       Stitches.configure do |config|
-        config.whitelist_regexp                       = whitelist_regexp
+        config.allowlist_regexp                       = allowlist_regexp
         config.custom_http_auth_scheme                = custom_http_auth_scheme
         config.env_var_to_hold_api_client_primary_key = env_var_to_hold_api_client_primary_key
       end
 
-      expect(Stitches.configuration.whitelist_regexp).to                       eq(whitelist_regexp)
+      expect(Stitches.configuration.allowlist_regexp).to                       eq(allowlist_regexp)
       expect(Stitches.configuration.custom_http_auth_scheme).to                eq(custom_http_auth_scheme)
       expect(Stitches.configuration.env_var_to_hold_api_client_primary_key).to eq(env_var_to_hold_api_client_primary_key)
     end
 
-    it "defaults to nil for whitelist_regexp" do
-      expect(Stitches.configuration.whitelist_regexp).to be_nil
+    it "defaults to nil for allowlist_regexp" do
+      expect(Stitches.configuration.allowlist_regexp).to be_nil
     end
 
     it "sets a default for env_var_to_hold_api_client_primary_key" do
@@ -36,21 +36,21 @@ describe Stitches::Configuration do
       }.to raise_error(/you must set a value for custom_http_auth_scheme/i)
     end
   end
-  describe "whitelist_regexp" do
+  describe "allowlist_regexp" do
     let(:config) { Stitches::Configuration.new }
     it "must be a regexp" do
       expect {
-        config.whitelist_regexp = "foo"
-      }.to raise_error(/whitelist_regexp must be a Regexp/i)
+        config.allowlist_regexp = "foo"
+      }.to raise_error(/allowlist_regexp must be a Regexp/i)
     end
     it "may be nil" do
       expect {
-        config.whitelist_regexp = nil
+        config.allowlist_regexp = nil
       }.not_to raise_error
     end
     it "may be a regexp" do
       expect {
-        config.whitelist_regexp = /foo/
+        config.allowlist_regexp = /foo/
       }.not_to raise_error
     end
   end
@@ -102,4 +102,19 @@ describe Stitches::Configuration do
       }.not_to raise_error
     end
   end
+  context "deprecated options we want to support for backwards compatibility" do
+
+    let(:logger) { double("logger") }
+    before do
+      allow(Rails).to receive(:logger).and_return(logger)
+      allow(logger).to receive(:info)
+    end
+
+    it "'whitelist' still works for allowlist" do
+      Stitches.configure do |config|
+        config.whitelist_regexp = /foo/
+      end
+      expect(Stitches.configuration.allowlist_regexp).to eq(/foo/)
+    end
+  end
 end

data/spec/integration/add_to_rails_app_spec.rb

@@ -2,7 +2,7 @@ require "spec_helper"
 require "fileutils"
 require "open3"
 
-RSpec.describe "Adding Stitches to a New Rails App" do
+RSpec.describe "Adding Stitches to a New Rails App", :integration do
   let(:work_dir) { Dir.mktmpdir }
   let(:rails_app_name) { "swamp-thing" }
 
@@ -103,6 +103,38 @@ RSpec.describe "Adding Stitches to a New Rails App" do
     expect(include_line).to_not be_nil,lines.inspect
   end
 
+  it "inserts can update old configuration" do
+    run "bin/rails generate rspec:install"
+    run "bin/rails generate apitome:install"
+    run "bin/rails generate stitches:api"
+
+    rails_root = Pathname(work_dir) / rails_app_name
+    initializer = rails_root / "config" / "initializers" / "stitches.rb"
+
+    initializer_contents = File.read(initializer).split(/\n/)
+    found_initializer = false
+    File.open(initializer,"w") do |file|
+      initializer_contents.each do |line|
+        if line =~ /allowlist/
+          line = line.gsub("allowlist","whitelist")
+          found_initializer = true
+        end
+        file.puts line
+      end
+    end
+
+    raise "Didn't find 'allowlist' in the initializer?!" if !found_initializer
+
+    run "bin/rails generate stitches:update_configuration"
+
+    lines =  File.read(initializer).split(/\n/)
+    include_line = lines.detect { |line|
+      line =~ /whitelist/
+    }
+
+    expect(include_line).to be_nil,lines.inspect
+  end
+
   class RoutesFileAnalysis
     attr_reader :routes_file
     def initialize(routes_file, namespace: nil, module_scope: nil, resource: nil, mounted_engine: nil)

data/spec/valid_mime_type_spec.rb

@@ -23,7 +23,7 @@ describe Stitches::ValidMimeType do
 
   describe "#call" do
     context "not in namespace" do
-      context "not in whitelist" do
+      context "not in allowlist" do
         let(:env) {
           {
             "PATH_INFO" => "/index/home",
@@ -36,19 +36,19 @@ describe Stitches::ValidMimeType do
 
         it_behaves_like "an unacceptable response"
       end
-      context "whitelisting" do
+      context "allowlisting" do
         let(:env) {
           {
             "PATH_INFO" => "/index/home",
           }
         }
 
-        context "whitelist is explicit in middleware usage" do
+        context "allowlist is explicit in middleware usage" do
           before do
             @response = middleware.call(env)
           end
 
-          context "passes the whitelist" do
+          context "passes the allowlist" do
             subject(:middleware) { described_class.new(app, except: %r{\A/resque\/.*\Z}) }
             let(:env) {
               {
@@ -60,7 +60,7 @@ describe Stitches::ValidMimeType do
             end
           end
 
-          context "fails the whitelist" do
+          context "fails the allowlist" do
             subject(:middleware) { described_class.new(app, except: %r{\A/resque\/.*\Z}) }
             let(:env) {
               {
@@ -82,14 +82,14 @@ describe Stitches::ValidMimeType do
             end
           end
         end
-        context "whitelist is implicit from the configuration" do
+        context "allowlist is implicit from the configuration" do
 
           before do
-            Stitches.configuration.whitelist_regexp = %r{\A/resque/.*\Z}
+            Stitches.configuration.allowlist_regexp = %r{\A/resque/.*\Z}
             @response = middleware.call(env)
           end
 
-          context "passes the whitelist" do
+          context "passes the allowlist" do
             subject(:middleware) { described_class.new(app) }
             let(:env) {
               {
@@ -101,7 +101,7 @@ describe Stitches::ValidMimeType do
             end
           end
 
-          context "fails the whitelist" do
+          context "fails the allowlist" do
             subject(:middleware) { described_class.new(app) }
             let(:env) {
               {

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: stitches
 version: !ruby/object:Gem::Version
-  version: 3.6.1
+  version: 3.7.0
 platform: ruby
 authors:
 - Stitch Fix Engineering
@@ -11,7 +11,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-06-15 00:00:00.000000000 Z
+date: 2018-08-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -141,6 +141,7 @@ files:
 - lib/stitches.rb
 - lib/stitches/add_deprecation_generator.rb
 - lib/stitches/add_enabled_to_api_clients_generator.rb
+- lib/stitches/allowlist_middleware.rb
 - lib/stitches/api_generator.rb
 - lib/stitches/api_key.rb
 - lib/stitches/api_version_constraint.rb
@@ -171,6 +172,7 @@ files:
 - lib/stitches/spec/have_api_error.rb
 - lib/stitches/spec/show_deprecation.rb
 - lib/stitches/spec/test_headers.rb
+- lib/stitches/update_configuration_generator.rb
 - lib/stitches/valid_mime_type.rb
 - lib/stitches/version.rb
 - lib/stitches/whitelisting_middleware.rb