Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Escape params when performing get requests.

  • Loading branch information...
commit 4468eac3bb742fe2d0d431690feeb4c19e98393a 1 parent a9839a4
@dcu dcu authored
Showing with 38 additions and 14 deletions.
  1. +11 −13 lib/authy/api.rb
  2. +14 −1 lib/authy/url_helpers.rb
  3. +13 −0 spec/authy/api_spec.rb
View
24 lib/authy/api.rb
@@ -88,7 +88,7 @@ def self.get_request(uri, params = {})
response = if state
url = "#{Authy.api_uri}/#{eval_uri(uri, params)}"
params = clean_uri_params(uri_params, params)
- http_client.get(url, {:api_key => Authy.api_key}.merge(params))
+ http_client.get(url, escape_params({:api_key => Authy.api_key}.merge(params)))
else
build_error_response(error)
end
@@ -96,18 +96,16 @@ def self.get_request(uri, params = {})
end
def self.build_error_response(error = "blank uri param found")
- OpenStruct.new(
- {
- 'status' => 400,
- 'body' =>
- {
- 'success' => false,
- 'message' => error,
- 'errors' => {
- 'message' => error
- }
- }.to_json
- })
+ OpenStruct.new({
+ 'status' => 400,
+ 'body' => {
+ 'success' => false,
+ 'message' => error,
+ 'errors' => {
+ 'message' => error
+ }
+ }.to_json
+ })
end
end
end
View
15 lib/authy/url_helpers.rb
@@ -14,7 +14,10 @@ def clean_uri_params(uri_params, params)
end
def eval_uri(uri, params = {})
- uri.gsub(/:\w+/) {|s| params[s.gsub(":", "")]}
+ uri.gsub(/:\w+/) do |s|
+ param_name = s.gsub(":", "")
+ HTTP::Message.escape(params[param_name].to_s)
+ end
end
def validate_for_url(names, to_validate = {})
@@ -49,6 +52,16 @@ def params_from_array(left, values)
end
end
+ def escape_params(params)
+ params.each do |attr, value|
+ if value.kind_of?(String)
+ params[attr] = HTTP::Message.escape(value)
+ elsif value.kind_of?(Hash)
+ escape_params(value)
+ end
+ end
+ end
+
# Copied and extended from httpclient's HTTP::Message#escape_query()
def escape_query(query, namespace = nil) # :nodoc:
pairs = []
View
13 spec/authy/api_spec.rb
@@ -58,6 +58,19 @@
response.should_not be_ok
response.errors['message'].should =~ /invalid api key/i
end
+
+ it "should escape the params" do
+ expect {
+ Authy::API.verify(:token => '[=#%@$&#(!@);.,', :id => @user['id'])
+ }.to_not raise_error
+ end
+
+ it "should fail if a param is missing" do
+ response = Authy::API.verify(:id => @user['id'])
+ response.should be_kind_of(Authy::Response)
+ response.should_not be_ok
+ response["message"] =~ /token is blank/
+ end
end
["sms", "phone_call"].each do |kind|
Please sign in to comment.
Something went wrong with that request. Please try again.