forked from maxio-com/chargify2
-
Notifications
You must be signed in to change notification settings - Fork 0
/
direct_secure_parameters_spec.rb
195 lines (162 loc) · 8.77 KB
/
direct_secure_parameters_spec.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
require 'spec_helper'
module Chargify2
describe Direct::SecureParameters do
let(:client) { Client.new(valid_client_credentials) }
it "raises an argument error if data is provided but it is not in hash format" do
lambda {
Direct::SecureParameters.new({'data' => 'string'}, client)
}.should raise_error(ArgumentError)
end
it "raises an argument error if it could not get an api_id and secret from the passed client" do
lambda {
Direct::SecureParameters.new({}, Hashery::OpenCascade.new)
}.should raise_error(ArgumentError)
end
describe "#timestamp?" do
it "returns true when a timestamp is provided via a string hash key" do
sp = Direct::SecureParameters.new({'timestamp' => '1234'}, client)
sp.timestamp?.should be_true
end
it "returns true when a timestamp is provided via a symbol hash key" do
sp = Direct::SecureParameters.new({:timestamp => '1234'}, client)
sp.timestamp?.should be_true
end
it "returns false when a timestamp key/value is not provided" do
sp = Direct::SecureParameters.new({}, client)
sp.timestamp?.should be_false
end
it "returns false when a timestamp key is provided but the value is nil" do
sp = Direct::SecureParameters.new({'timestamp' => nil}, client)
sp.timestamp?.should be_false
end
it "returns false when a timestamp key is provided but the value is blank" do
sp = Direct::SecureParameters.new({'timestamp' => ''}, client)
sp.timestamp?.should be_false
end
end
describe "#nonce?" do
it "returns true when a nonce is provided via a string hash key" do
sp = Direct::SecureParameters.new({'nonce' => '1234'}, client)
sp.nonce?.should be_true
end
it "returns true when a nonce is provided via a symbol hash key" do
sp = Direct::SecureParameters.new({:nonce => '1234'}, client)
sp.nonce?.should be_true
end
it "returns false when a nonce key/value is not provided" do
sp = Direct::SecureParameters.new({}, client)
sp.nonce?.should be_false
end
it "returns false when a nonce key is provided but the value is nil" do
sp = Direct::SecureParameters.new({'nonce' => nil}, client)
sp.nonce?.should be_false
end
it "returns false when a nonce key is provided but the value is blank" do
sp = Direct::SecureParameters.new({'nonce' => ''}, client)
sp.nonce?.should be_false
end
end
describe "#data?" do
it "returns true when data is provided via a string hash key" do
sp = Direct::SecureParameters.new({'data' => {'foo' => 'bar'}}, client)
sp.data?.should be_true
end
it "returns true when data is provided via a symbol hash key" do
sp = Direct::SecureParameters.new({:data => {'foo' => 'bar'}}, client)
sp.data?.should be_true
end
it "returns false when a data key/value is not provided" do
sp = Direct::SecureParameters.new({}, client)
sp.data?.should be_false
end
it "returns false when a data key is provided but the value is nil" do
sp = Direct::SecureParameters.new({'data' => nil}, client)
sp.data?.should be_false
end
it "returns false when a data key is provided but the value is an empty hash" do
sp = Direct::SecureParameters.new({'data' => {}}, client)
sp.data?.should be_false
end
end
describe "#encoded_data" do
it "turns the data hash in to query string format" do
sp = Direct::SecureParameters.new({'data' => {'one' => 'two', 'three' => 'four'}}, client)
sp.encoded_data.should == "one=two&three=four"
end
it "turns a nested data hash in to nested query string format" do
sp = Direct::SecureParameters.new({'data' => {'one' => {'two' => {'three' => 'four'}}, 'foo' => 'bar'}}, client)
sp.encoded_data.should == "one[two][three]=four&foo=bar"
end
it "performs percent encoding on unsafe characters" do
sp = Direct::SecureParameters.new({'data' => {'redirect_uri' => 'http://www.example.com', 'sentence' => 'Michael was here!'}}, client)
sp.encoded_data.should == "redirect_uri=http%3A%2F%2Fwww.example.com&sentence=Michael+was+here%21"
end
end
describe "#to_form_inputs" do
context "with no timestamp, nonce, nor data" do
it "outputs 2 hidden form inputs - one for the api_id and one for the signature" do
sp = Direct::SecureParameters.new({}, client)
form = Capybara::Node::Simple.new(sp.to_form_inputs)
form.should have_selector("input", :count => 2)
form.should have_selector("input[type='hidden'][name='secure[api_id]'][value='#{client.api_id}']", :count => 1)
form.should have_selector("input[type='hidden'][name='secure[signature]'][value='#{sp.signature}']", :count => 1)
end
end
context "with a timestamp" do
it "outputs 3 hidden form inputs - one each for the api_id, timestamp, and signature" do
sp = Direct::SecureParameters.new({'timestamp' => '1234'}, client)
form = Capybara::Node::Simple.new(sp.to_form_inputs)
form.should have_selector("input", :count => 3)
form.should have_selector("input[type='hidden'][name='secure[api_id]'][value='#{client.api_id}']", :count => 1)
form.should have_selector("input[type='hidden'][name='secure[timestamp]'][value='1234']", :count => 1)
form.should have_selector("input[type='hidden'][name='secure[signature]'][value='#{sp.signature}']", :count => 1)
end
end
context "with a nonce" do
it "outputs 3 hidden form inputs - one each for the api_id, nonce, and signature" do
sp = Direct::SecureParameters.new({'nonce' => '1234'}, client)
form = Capybara::Node::Simple.new(sp.to_form_inputs)
form.should have_selector("input", :count => 3)
form.should have_selector("input[type='hidden'][name='secure[api_id]'][value='#{client.api_id}']", :count => 1)
form.should have_selector("input[type='hidden'][name='secure[nonce]'][value='1234']", :count => 1)
form.should have_selector("input[type='hidden'][name='secure[signature]'][value='#{sp.signature}']", :count => 1)
end
end
context "with data" do
it "outputs 3 hidden form inputs - one each for the api_id, nonce, and signature" do
sp = Direct::SecureParameters.new({'data' => {'foo' => 'bar'}}, client)
form = Capybara::Node::Simple.new(sp.to_form_inputs)
form.should have_selector("input", :count => 3)
form.should have_selector("input[type='hidden'][name='secure[api_id]'][value='#{client.api_id}']", :count => 1)
form.should have_selector("input[type='hidden'][name='secure[data]'][value='foo=bar']", :count => 1)
form.should have_selector("input[type='hidden'][name='secure[signature]'][value='#{sp.signature}']", :count => 1)
end
end
context "with timestamp, nonce, and data" do
it "outputs 3 hidden form inputs - one each for the api_id, nonce, and signature" do
sp = Direct::SecureParameters.new({'timestamp' => '1234', 'nonce' => '5678', 'data' => {'foo' => 'bar'}}, client)
form = Capybara::Node::Simple.new(sp.to_form_inputs)
form.should have_selector("input", :count => 5)
form.should have_selector("input[type='hidden'][name='secure[api_id]'][value='#{client.api_id}']", :count => 1)
form.should have_selector("input[type='hidden'][name='secure[timestamp]'][value='1234']", :count => 1)
form.should have_selector("input[type='hidden'][name='secure[nonce]'][value='5678']", :count => 1)
form.should have_selector("input[type='hidden'][name='secure[data]'][value='foo=bar']", :count => 1)
form.should have_selector("input[type='hidden'][name='secure[signature]'][value='#{sp.signature}']", :count => 1)
end
end
end
describe "#signature" do
it "correctly calculates the signature by taking the HMAC-SHA1 hash of the concatenation of the api_id, timestamp, nonce, and encoded_data" do
timestamp = '1234'
nonce = '5678'
data = {'one' => 'two', 'three' => {'four' => "http://www.example.com"}}
sp = Direct::SecureParameters.new({'timestamp' => timestamp, 'nonce' => nonce, 'data' => data}, client)
# Used the generator here: http://hash.online-convert.com/sha1-generator
# ... with message: "1c016050-498a-012e-91b1-005056a216ab12345678one=two&three[four]=http%3A%2F%2Fwww.example.com"
# ... and secret: "p5lxQ804MYtwZecFWNOT"
# ... to get: "c57c36e619f575958221bcd4ce156c61347a3555"
sp.signature.should == "c57c36e619f575958221bcd4ce156c61347a3555"
end
end
end
end