Skip to content

Commit

Permalink
Fix #152 and 125
Browse files Browse the repository at this point in the history
Signed-off-by: Florian Wininger <[email protected]>
  • Loading branch information
fwininger committed Dec 14, 2017
1 parent 071dd69 commit 508f4d4
Show file tree
Hide file tree
Showing 4 changed files with 90 additions and 26 deletions.
2 changes: 1 addition & 1 deletion api_auth.gemspec
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ Gem::Specification.new do |s|
s.add_development_dependency 'httpi'
s.add_development_dependency 'multipart-post', '~> 2.0'
s.add_development_dependency 'rake'
s.add_development_dependency 'rest-client', '~> 1.6.0'
s.add_development_dependency 'rest-client', '~> 2.0'
s.add_development_dependency 'rspec', '~> 3.4'

s.files = `git ls-files`.split("\n")
Expand Down
4 changes: 2 additions & 2 deletions lib/api_auth/request_drivers/rest_client.rb
Original file line number Diff line number Diff line change
Expand Up @@ -29,13 +29,13 @@ def calculated_md5
end

def populate_content_md5
return unless %i[post put].include?(@request.method)
return unless %w[post put].include?(@request.method.to_s)
@request.headers['Content-MD5'] = calculated_md5
save_headers
end

def md5_mismatch?
if %i[post put].include?(@request.method)
if %w[post put].include?(@request.method.to_s)
calculated_md5 != content_md5
else
false
Expand Down
8 changes: 0 additions & 8 deletions spec/headers_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -7,14 +7,6 @@
subject(:headers) { described_class.new(request) }
let(:uri) { '' }

context 'empty uri' do
let(:uri) { ''.freeze }

it 'adds / to canonical string' do
expect(subject.canonical_string).to eq('GET,,,/,')
end
end

context 'uri with just host without /' do
let(:uri) { 'http://google.com'.freeze }

Expand Down
102 changes: 87 additions & 15 deletions spec/request_drivers/rest_client_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
describe ApiAuth::RequestDrivers::RestClientRequest do
let(:timestamp) { Time.now.utc.httpdate }

let(:request_path) { '/resource.xml?foo=bar&bar=foo' }
let(:request_path) { 'http://localhost/resource.xml?foo=bar&bar=foo' }

let(:request_headers) do
{
Expand All @@ -16,7 +16,7 @@

let(:request) do
RestClient::Request.new(
url: '/resource.xml?foo=bar&bar=foo',
url: 'http://localhost/resource.xml?foo=bar&bar=foo',
headers: request_headers,
method: :put,
payload: "hello\nworld"
Expand All @@ -35,7 +35,7 @@
end

it 'gets the request_uri' do
expect(driven_request.request_uri).to eq('/resource.xml?foo=bar&bar=foo')
expect(driven_request.request_uri).to eq('http://localhost/resource.xml?foo=bar&bar=foo')
end

it 'gets the timestamp' do
Expand All @@ -53,7 +53,7 @@

it 'treats no body as empty string' do
request = RestClient::Request.new(
url: '/resource.xml?foo=bar&bar=foo',
url: 'http://localhost/resource.xml?foo=bar&bar=foo',
headers: request_headers,
method: :put
)
Expand All @@ -66,7 +66,7 @@
context 'when put request' do
let(:request) do
RestClient::Request.new(
url: '/resource.xml?foo=bar&bar=foo',
url: 'http://localhost/resource.xml?foo=bar&bar=foo',
headers: request_headers,
method: :put
)
Expand All @@ -80,7 +80,7 @@
context 'when get request' do
let(:request) do
RestClient::Request.new(
url: '/resource.xml?foo=bar&bar=foo',
url: 'http://localhost/resource.xml?foo=bar&bar=foo',
headers: request_headers,
method: :get
)
Expand All @@ -104,7 +104,7 @@
context 'when getting' do
let(:request) do
RestClient::Request.new(
url: '/resource.xml?foo=bar&bar=foo',
url: 'http://localhost/resource.xml?foo=bar&bar=foo',
headers: request_headers,
method: :get
)
Expand All @@ -119,7 +119,7 @@
context 'when posting' do
let(:request) do
RestClient::Request.new(
url: '/resource.xml?foo=bar&bar=foo',
url: 'http://localhost/resource.xml?foo=bar&bar=foo',
headers: request_headers,
method: :post,
payload: "hello\nworld"
Expand All @@ -140,7 +140,7 @@
context 'when putting' do
let(:request) do
RestClient::Request.new(
url: '/resource.xml?foo=bar&bar=foo',
url: 'http://localhost/resource.xml?foo=bar&bar=foo',
headers: request_headers,
method: :put,
payload: "hello\nworld"
Expand All @@ -161,7 +161,7 @@
context 'when deleting' do
let(:request) do
RestClient::Request.new(
url: '/resource.xml?foo=bar&bar=foo',
url: 'http://localhost/resource.xml?foo=bar&bar=foo',
headers: request_headers,
method: :delete
)
Expand Down Expand Up @@ -203,7 +203,7 @@
context 'when getting' do
let(:request) do
RestClient::Request.new(
url: '/resource.xml?foo=bar&bar=foo',
url: 'http://localhost/resource.xml?foo=bar&bar=foo',
headers: request_headers,
method: :get
)
Expand All @@ -217,7 +217,7 @@
context 'when posting' do
let(:request) do
RestClient::Request.new(
url: '/resource.xml?foo=bar&bar=foo',
url: 'http://localhost/resource.xml?foo=bar&bar=foo',
headers: request_headers,
method: :post,
payload: "hello\nworld"
Expand Down Expand Up @@ -258,7 +258,7 @@
context 'when putting' do
let(:request) do
RestClient::Request.new(
url: '/resource.xml?foo=bar&bar=foo',
url: 'http://localhost/resource.xml?foo=bar&bar=foo',
headers: request_headers,
method: :put,
payload: "hello\nworld"
Expand Down Expand Up @@ -299,7 +299,7 @@
context 'when deleting' do
let(:request) do
RestClient::Request.new(
url: '/resource.xml?foo=bar&bar=foo',
url: 'http://localhost/resource.xml?foo=bar&bar=foo',
headers: request_headers,
method: :delete
)
Expand All @@ -311,12 +311,84 @@
end
end

describe 'authentics?' do
context 'when getting' do
let(:request) do
RestClient::Request.new(
url: 'http://localhost/resource.xml?foo=bar&bar=foo',
method: :get
)
end

let(:signed_request) do
ApiAuth.sign!(request, '1044', '123')
end

it 'validates that the signature in the request header matches the way we sign it' do
expect(ApiAuth.authentic?(signed_request, '123')).to eq true
end
end

context 'when posting' do
let(:request) do
RestClient::Request.new(
url: 'http://localhost/resource.xml?foo=bar&bar=foo',
method: :post,
payload: "hello\nworld"
)
end

let(:signed_request) do
ApiAuth.sign!(request, '1044', '123')
end

it 'validates that the signature in the request header matches the way we sign it' do
expect(ApiAuth.authentic?(signed_request, '123')).to eq true
end
end

context 'when putting' do
let(:request) do
RestClient::Request.new(
url: 'http://localhost/resource.xml?foo=bar&bar=foo',
method: :put,
payload: "hello\nworld"
)
end

let(:signed_request) do
ApiAuth.sign!(request, '1044', '123')
end

it 'validates that the signature in the request header matches the way we sign it' do
expect(ApiAuth.authentic?(signed_request, '123')).to eq true
end
end

context 'when deleting' do
let(:request) do
RestClient::Request.new(
url: 'http://localhost/resource.xml?foo=bar&bar=foo',
method: :delete
)
end

let(:signed_request) do
ApiAuth.sign!(request, '1044', '123')
end

it 'validates that the signature in the request header matches the way we sign it' do
expect(ApiAuth.authentic?(signed_request, '123')).to eq true
end
end
end

describe 'edge cases' do
it "doesn't mess up symbol based headers" do
headers = { 'Content-MD5' => 'e59ff97941044f85df5297e1c302d260',
:content_type => 'text/plain',
'Date' => 'Mon, 23 Jan 1984 03:29:56 GMT' }
request = RestClient::Request.new(url: '/resource.xml?foo=bar&bar=foo',
request = RestClient::Request.new(url: 'http://localhost/resource.xml?foo=bar&bar=foo',
headers: headers,
method: :put)
ApiAuth.sign!(request, 'some access id', 'some secret key')
Expand Down

0 comments on commit 508f4d4

Please sign in to comment.