stitches 4.2.0 → 4.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/stitches/api_client_access_wrapper.rb +6 -2
- data/lib/stitches/version.rb +1 -1
- data/spec/api_key_middleware_spec.rb +12 -4
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 076cbbf3b2dfdd8b9b01d5c9f80cc091c223f14008fd7d45ceb2fff58bf454a0
|
|
4
|
+
data.tar.gz: a0d73979c10617fd6567aa7089236da49c7d2f1e1f58648931af5f5a0d7562b4
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 46e0364ba7c84f2fe1ca66cac2b74236b173bd023b4573b41f0ed718c66828c1131075802e7cc388f427f7de81af6e9bc13c763429f68382ce6a8729d548e988
|
|
7
|
+
data.tar.gz: af3e5c6b23f9134ee842b300a65afcf13455d3842516696e3774e35a324d590271058f581db1451ecccbbf23c3c70f63ec2d12476c0306a1dfdf50825c7e5d55
|
|
@@ -33,7 +33,7 @@ module Stitches::ApiClientAccessWrapper
|
|
|
33
33
|
|
|
34
34
|
disabled_at = api_client.respond_to?(:disabled_at) ? api_client.disabled_at : nil
|
|
35
35
|
if disabled_at && disabled_at > configuration.disabled_key_leniency_in_seconds.seconds.ago
|
|
36
|
-
message = "Allowing disabled ApiClient: #{api_client.name} with key #{api_client
|
|
36
|
+
message = "Allowing disabled ApiClient: #{api_client.name} with key #{redact_key(api_client)} disabled at #{disabled_at}"
|
|
37
37
|
if disabled_at > configuration.disabled_key_leniency_error_log_threshold_in_seconds.seconds.ago
|
|
38
38
|
logger.warn(message)
|
|
39
39
|
else
|
|
@@ -41,11 +41,15 @@ module Stitches::ApiClientAccessWrapper
|
|
|
41
41
|
end
|
|
42
42
|
return api_client
|
|
43
43
|
else
|
|
44
|
-
logger.error("Rejecting disabled ApiClient: #{api_client.name} with key #{api_client
|
|
44
|
+
logger.error("Rejecting disabled ApiClient: #{api_client.name} with key #{redact_key(api_client)}")
|
|
45
45
|
end
|
|
46
46
|
nil
|
|
47
47
|
end
|
|
48
48
|
|
|
49
|
+
def self.redact_key(api_client)
|
|
50
|
+
"*****#{api_client.key.to_s[-8..-1]}"
|
|
51
|
+
end
|
|
52
|
+
|
|
49
53
|
def self.logger
|
|
50
54
|
if defined?(StitchFix::Logger::LogWriter)
|
|
51
55
|
StitchFix::Logger::LogWriter
|
data/lib/stitches/version.rb
CHANGED
|
@@ -102,10 +102,11 @@ RSpec.describe "/api/hellos", type: :request do
|
|
|
102
102
|
context "when disabled_at is set to a time older than three days ago" do
|
|
103
103
|
let(:disabled_at) { 4.day.ago }
|
|
104
104
|
|
|
105
|
-
it "
|
|
105
|
+
it "does not allow the call" do
|
|
106
106
|
execute_call
|
|
107
107
|
|
|
108
108
|
expect_unauthorized
|
|
109
|
+
|
|
109
110
|
end
|
|
110
111
|
end
|
|
111
112
|
|
|
@@ -162,7 +163,9 @@ RSpec.describe "/api/hellos", type: :request do
|
|
|
162
163
|
|
|
163
164
|
it "logs error about the disabled key to the Rails.logger" do
|
|
164
165
|
allow(Rails.logger).to receive(:warn)
|
|
165
|
-
allow(Rails.logger).to receive(:error)
|
|
166
|
+
allow(Rails.logger).to receive(:error) do |message1|
|
|
167
|
+
expect(message1).not_to include uuid
|
|
168
|
+
end
|
|
166
169
|
|
|
167
170
|
execute_call
|
|
168
171
|
|
|
@@ -210,7 +213,10 @@ RSpec.describe "/api/hellos", type: :request do
|
|
|
210
213
|
let(:disabled_at) { 101.seconds.ago }
|
|
211
214
|
|
|
212
215
|
it "forbids the call" do
|
|
213
|
-
allow(Rails.logger).to receive(:error)
|
|
216
|
+
allow(Rails.logger).to receive(:error) do |message1|
|
|
217
|
+
expect(message1).not_to include uuid
|
|
218
|
+
end
|
|
219
|
+
|
|
214
220
|
execute_call
|
|
215
221
|
|
|
216
222
|
expect_unauthorized
|
|
@@ -235,7 +241,9 @@ RSpec.describe "/api/hellos", type: :request do
|
|
|
235
241
|
let(:disabled_at) { 25.seconds.ago }
|
|
236
242
|
|
|
237
243
|
it "allows the call" do
|
|
238
|
-
allow(Rails.logger).to receive(:warn)
|
|
244
|
+
allow(Rails.logger).to receive(:warn) do |message1|
|
|
245
|
+
expect(message1).not_to include uuid
|
|
246
|
+
end
|
|
239
247
|
|
|
240
248
|
execute_call
|
|
241
249
|
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: stitches
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 4.2.
|
|
4
|
+
version: 4.2.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Stitch Fix Engineering
|
|
@@ -11,7 +11,7 @@ authors:
|
|
|
11
11
|
autorequire:
|
|
12
12
|
bindir: bin
|
|
13
13
|
cert_chain: []
|
|
14
|
-
date: 2021-
|
|
14
|
+
date: 2021-09-20 00:00:00.000000000 Z
|
|
15
15
|
dependencies:
|
|
16
16
|
- !ruby/object:Gem::Dependency
|
|
17
17
|
name: rails
|