halloffame/api_auth_version_test.rb

## api_auth_version_test.rb
require 'rack'

# Since the requests are time-sensitive, you will need to regenerate the
# mock client requests for each of the versions before testing them
# against the different API versions. Otherwise they will all just return false.
API_AUTH_VERSION = '1.3.2'

# gem 'api-auth', '1.3.2'
# gem 'api-auth', '1.4.1'
# gem 'api-auth', '1.5.0'
# gem 'api-auth', '2.0.1'
gem 'api-auth', API_AUTH_VERSION
require 'api_auth'

SECRET_KEY = 'alkjdsfkjsdflkjs'
ACCESS_ID = '3084029348029'

def signed_request(with_http_method: false)
  Rack::Request.new({ 'REQUEST_METHOD' => 'GET', 'HTTP_HOST'=>'localhost:3000',
    'PATH_INFO'=>'/super', 'rack.url_scheme'=>'https' }).tap do |r|
    if with_http_method
      ApiAuth.sign! r, ACCESS_ID, SECRET_KEY, {:with_http_method => with_http_method}
    else
      ApiAuth.sign! r, ACCESS_ID, SECRET_KEY
    end
  end
end

def mock_signed_request(attrs)
  Rack::Request.new(attrs)
end

def authentic?(req)
  ApiAuth.authentic? req, SECRET_KEY
end


### Mock Client Requests. These are time-sensitive and will need to be regenerated before you run the tests since they expire after 15 minutes ###
# 1.3.2
req13 = {"REQUEST_METHOD"=>"GET", "HTTP_HOST"=>"localhost:3000", "PATH_INFO"=>"/super", "rack.url_scheme"=>"https", "DATE"=>"Thu, 15 Sep 2016 19:51:34 GMT", "Authorization"=>"APIAuth 3084029348029:jHdQ+A8VfcOT1swb1K1JlWxtGBA="}
# 1.4.1
req14_0 = {"REQUEST_METHOD"=>"GET", "HTTP_HOST"=>"localhost:3000", "PATH_INFO"=>"/super", "rack.url_scheme"=>"https", "DATE"=>"Thu, 15 Sep 2016 19:52:01 GMT", "Authorization"=>"APIAuth 3084029348029:1ZliackQOR/EHyTCSYnkSB4S7h8="}
# 1.4.1 with http method
req14_1 = {"REQUEST_METHOD"=>"GET", "HTTP_HOST"=>"localhost:3000", "PATH_INFO"=>"/super", "rack.url_scheme"=>"https", "DATE"=>"Thu, 15 Sep 2016 19:52:01 GMT", "Authorization"=>"APIAuth 3084029348029:Z+bC7ovAltcVfglYhIBrqZLHzDI="}
# 1.5.0
req15_0 = {"REQUEST_METHOD"=>"GET", "HTTP_HOST"=>"localhost:3000", "PATH_INFO"=>"/super", "rack.url_scheme"=>"https", "DATE"=>"Thu, 15 Sep 2016 19:52:46 GMT", "Authorization"=>"APIAuth 3084029348029:4Q3MLuu+8C/Y9dCIfK09RzY6dpc="}
# 1.5.0 with http method
req15_1 = {"REQUEST_METHOD"=>"GET", "HTTP_HOST"=>"localhost:3000", "PATH_INFO"=>"/super", "rack.url_scheme"=>"https", "DATE"=>"Thu, 15 Sep 2016 19:52:46 GMT", "Authorization"=>"APIAuth 3084029348029:OZjKABOm1EWRQsCWiigCZ2zXFOY="}

# These lines are used to generate the above requests for the set version
puts("\nSample client requests: ")
puts("# #{API_AUTH_VERSION}: ")
puts(signed_request.env)
if API_AUTH_VERSION.to_f >= 1.4
  puts("# #{API_AUTH_VERSION} with http method: ")
  puts(signed_request(with_http_method: true).env)
end
puts("")

puts("VERSION #{API_AUTH_VERSION} (API server)")
print("Verifies requests signed by client version 1.3.2  : ")
puts authentic?(mock_signed_request(req13))
print("Verifies requests signed by client version 1.4.1  : ")
puts authentic?(mock_signed_request(req14_0))
print("Verifies requests signed by client version 1.4.1* : ")
puts authentic?(mock_signed_request(req14_1))
print("Verifies requests signed by client version 1.5.0  : ")
puts authentic?(mock_signed_request(req15_0))
print("Verifies requests signed by client version 1.5.0* : ")
puts authentic?(mock_signed_request(req15_1))
puts("* with_http_method = true")
puts("")


# VERSION 1.3.2 (API server)
# Verifies requests signed by client version 1.3.2  : true
# Verifies requests signed by client version 1.4.1  : true
# Verifies requests signed by client version 1.4.1* : false
# Verifies requests signed by client version 1.5.0  : true
# Verifies requests signed by client version 1.5.0* : false

# VERSION 1.4.1 (API server)
# Verifies requests signed by client version 1.3.2  : true
# Verifies requests signed by client version 1.4.1  : true
# Verifies requests signed by client version 1.4.1* : true
# Verifies requests signed by client version 1.5.0  : true
# Verifies requests signed by client version 1.5.0* : true

# VERSION 1.5.0 (API server)
# Verifies requests signed by client version 1.3.2  : true
# Verifies requests signed by client version 1.4.1  : true
# Verifies requests signed by client version 1.4.1* : true
# Verifies requests signed by client version 1.5.0  : true
# Verifies requests signed by client version 1.5.0* : true

# VERSION 2.0.1 (API server)
# Verifies requests signed by client version 1.3.2  : false
# Verifies requests signed by client version 1.4.1  : false
# Verifies requests signed by client version 1.4.1* : true
# Verifies requests signed by client version 1.5.0  : false
# Verifies requests signed by client version 1.5.0* : true

# * with_http_method = true
	require 'rack'

	# Since the requests are time-sensitive, you will need to regenerate the
	# mock client requests for each of the versions before testing them
	# against the different API versions. Otherwise they will all just return false.
	API_AUTH_VERSION = '1.3.2'

	# gem 'api-auth', '1.3.2'
	# gem 'api-auth', '1.4.1'
	# gem 'api-auth', '1.5.0'
	# gem 'api-auth', '2.0.1'
	gem 'api-auth', API_AUTH_VERSION
	require 'api_auth'

	SECRET_KEY = 'alkjdsfkjsdflkjs'
	ACCESS_ID = '3084029348029'

	def signed_request(with_http_method: false)
	Rack::Request.new({ 'REQUEST_METHOD' => 'GET', 'HTTP_HOST'=>'localhost:3000',
	'PATH_INFO'=>'/super', 'rack.url_scheme'=>'https' }).tap do \|r\|
	if with_http_method
	ApiAuth.sign! r, ACCESS_ID, SECRET_KEY, {:with_http_method => with_http_method}
	else
	ApiAuth.sign! r, ACCESS_ID, SECRET_KEY
	end
	end
	end

	def mock_signed_request(attrs)
	Rack::Request.new(attrs)
	end

	def authentic?(req)
	ApiAuth.authentic? req, SECRET_KEY
	end


	### Mock Client Requests. These are time-sensitive and will need to be regenerated before you run the tests since they expire after 15 minutes ###
	# 1.3.2
	req13 = {"REQUEST_METHOD"=>"GET", "HTTP_HOST"=>"localhost:3000", "PATH_INFO"=>"/super", "rack.url_scheme"=>"https", "DATE"=>"Thu, 15 Sep 2016 19:51:34 GMT", "Authorization"=>"APIAuth 3084029348029:jHdQ+A8VfcOT1swb1K1JlWxtGBA="}
	# 1.4.1
	req14_0 = {"REQUEST_METHOD"=>"GET", "HTTP_HOST"=>"localhost:3000", "PATH_INFO"=>"/super", "rack.url_scheme"=>"https", "DATE"=>"Thu, 15 Sep 2016 19:52:01 GMT", "Authorization"=>"APIAuth 3084029348029:1ZliackQOR/EHyTCSYnkSB4S7h8="}
	# 1.4.1 with http method
	req14_1 = {"REQUEST_METHOD"=>"GET", "HTTP_HOST"=>"localhost:3000", "PATH_INFO"=>"/super", "rack.url_scheme"=>"https", "DATE"=>"Thu, 15 Sep 2016 19:52:01 GMT", "Authorization"=>"APIAuth 3084029348029:Z+bC7ovAltcVfglYhIBrqZLHzDI="}
	# 1.5.0
	req15_0 = {"REQUEST_METHOD"=>"GET", "HTTP_HOST"=>"localhost:3000", "PATH_INFO"=>"/super", "rack.url_scheme"=>"https", "DATE"=>"Thu, 15 Sep 2016 19:52:46 GMT", "Authorization"=>"APIAuth 3084029348029:4Q3MLuu+8C/Y9dCIfK09RzY6dpc="}
	# 1.5.0 with http method
	req15_1 = {"REQUEST_METHOD"=>"GET", "HTTP_HOST"=>"localhost:3000", "PATH_INFO"=>"/super", "rack.url_scheme"=>"https", "DATE"=>"Thu, 15 Sep 2016 19:52:46 GMT", "Authorization"=>"APIAuth 3084029348029:OZjKABOm1EWRQsCWiigCZ2zXFOY="}

	# These lines are used to generate the above requests for the set version
	puts("\nSample client requests: ")
	puts("# #{API_AUTH_VERSION}: ")
	puts(signed_request.env)
	if API_AUTH_VERSION.to_f >= 1.4
	puts("# #{API_AUTH_VERSION} with http method: ")
	puts(signed_request(with_http_method: true).env)
	end
	puts("")

	puts("VERSION #{API_AUTH_VERSION} (API server)")
	print("Verifies requests signed by client version 1.3.2 : ")
	puts authentic?(mock_signed_request(req13))
	print("Verifies requests signed by client version 1.4.1 : ")
	puts authentic?(mock_signed_request(req14_0))
	print("Verifies requests signed by client version 1.4.1* : ")
	puts authentic?(mock_signed_request(req14_1))
	print("Verifies requests signed by client version 1.5.0 : ")
	puts authentic?(mock_signed_request(req15_0))
	print("Verifies requests signed by client version 1.5.0* : ")
	puts authentic?(mock_signed_request(req15_1))
	puts("* with_http_method = true")
	puts("")


	# VERSION 1.3.2 (API server)
	# Verifies requests signed by client version 1.3.2 : true
	# Verifies requests signed by client version 1.4.1 : true
	# Verifies requests signed by client version 1.4.1* : false
	# Verifies requests signed by client version 1.5.0 : true
	# Verifies requests signed by client version 1.5.0* : false

	# VERSION 1.4.1 (API server)
	# Verifies requests signed by client version 1.3.2 : true
	# Verifies requests signed by client version 1.4.1 : true
	# Verifies requests signed by client version 1.4.1* : true
	# Verifies requests signed by client version 1.5.0 : true
	# Verifies requests signed by client version 1.5.0* : true

	# VERSION 1.5.0 (API server)
	# Verifies requests signed by client version 1.3.2 : true
	# Verifies requests signed by client version 1.4.1 : true
	# Verifies requests signed by client version 1.4.1* : true
	# Verifies requests signed by client version 1.5.0 : true
	# Verifies requests signed by client version 1.5.0* : true

	# VERSION 2.0.1 (API server)
	# Verifies requests signed by client version 1.3.2 : false
	# Verifies requests signed by client version 1.4.1 : false
	# Verifies requests signed by client version 1.4.1* : true
	# Verifies requests signed by client version 1.5.0 : false
	# Verifies requests signed by client version 1.5.0* : true

	# * with_http_method = true