Remove deprecated digest authentication and rack/mock_session file

History.md

@@ -1,3 +1,11 @@
+## main
+
+* Breaking changes:
+  * Digest authentication support, deprecated in 2.0.0, has been
+    removed (Jeremy Evans #307)
+  * requiring rack/mock_session, deprecated in 2.0.0, has been removed
+    (Jeremy Evans #307)
+
 ## 2.0.0 / 2022-06-24
 
 * Breaking changes:

lib/rack/test.rb

@@ -98,8 +98,6 @@ def self.new(app, default_host = DEFAULT_HOST) # :nodoc:
       # If a block is given, #last_response is also yielded to the block.
       def initialize(app, default_host = DEFAULT_HOST)
         @env = {}
-        @digest_username = nil
-        @digest_password = nil
         @app = app
         @after_request = []
         @default_host = default_host
@@ -204,21 +202,6 @@ def basic_authorize(username, password)
 
       alias authorize basic_authorize
 
-      # Set the username and password for HTTP Digest authorization, to be
-      # included in subsequent requests in the HTTP_AUTHORIZATION header.
-      # This method is deprecated and will be removed in rack-test 2.1
-      #
-      # Example:
-      #   digest_authorize "bryan", "secret"
-      def digest_authorize(username, password)
-        warn 'digest authentication support will be removed in rack-test 2.1', uplevel: 1
-        _digest_authorize(username, password)
-      end
-      def _digest_authorize(username, password) # :nodoc:
-        @digest_username = username
-        @digest_password = password
-      end
-
       # Rack::Test will not follow any redirects automatically. This method
       # will follow the redirect returned (including setting the Referer header
       # on the new request) in the last response. If the last response was not
@@ -363,43 +346,9 @@ def process_request(uri, env)
         @after_request.each(&:call)
         @last_response.finish
 
-        if retry_with_digest_auth?(env)
-          auth_env = env.merge('HTTP_AUTHORIZATION' => digest_auth_header,
-                               'rack-test.digest_auth_retry' => true)
-          auth_env.delete('rack.request')
-          process_request(uri, auth_env)
-        else
-          yield last_response if block_given?
-
-          last_response
-        end
-      end
+        yield @last_response if block_given?
 
-      def digest_auth_header
-        require_relative 'test/mock_digest_request'
-
-        challenge = last_response['WWW-Authenticate'].split(' ', 2).last
-        params = Rack::Auth::Digest::Params.parse(challenge)
-
-        params.merge!('username' => @digest_username,
-                      'nc'        => '00000001',
-                      'cnonce'    => 'nonsensenonce',
-                      'uri'       => last_request.fullpath,
-                      'method'    => last_request.env['REQUEST_METHOD'])
-
-        params['response'] = MockDigestRequest_.new(params).response(@digest_password)
-
-        "Digest #{params}"
-      end
-
-      def retry_with_digest_auth?(env)
-        last_response.status == 401 &&
-          digest_auth_configured? &&
-          !env['rack-test.digest_auth_retry']
-      end
-
-      def digest_auth_configured?
-        @digest_username
+        @last_response
       end
     end
 

lib/rack/test/methods.rb

@@ -61,11 +61,6 @@ def with_session(name)
         @_rack_test_current_session = session
       end
 
-      def digest_authorize(username, password) # :nodoc:
-        warn 'digest authentication support will be removed in rack-test 2.1', uplevel: 1
-        current_session._digest_authorize(username, password)
-      end
-
       def_delegators(:current_session,
         :request,
         :get,

spec/rack/test_spec.rb

@@ -7,10 +7,6 @@
     Rack::MockSession.must_be_same_as Rack::Test::Session
   end
 
-  deprecated 'allows requiring rack/mock_session' do
-    require 'rack/mock_session'
-  end
-
   it 'supports being initialized with a Rack::MockSession app' do
     Rack::Test::Session.new(Rack::MockSession.new(app)).request('/').must_be :ok?
   end
@@ -408,52 +404,6 @@ def closed?
   end
 end
 
-describe 'Rack::Test::Session#digest_authorize' do
-  challenge_data = 'realm="test-realm", qop="auth", nonce="nonsensenonce", opaque="morenonsense"'.freeze
-  basic_headers    = { 'content-type' => 'text/html', 'content-length' => '13' }.freeze
-  digest_challenge = "Digest #{challenge_data}".freeze
-  auth_challenge_headers = { 'WWW-Authenticate' => digest_challenge }.freeze
-  cookie_headers = { 'Set-Cookie' => 'digest_auth_session=OZEnmjeekUSW%3D%3D; path=/; HttpOnly' }.freeze
-
-  digest_app = lambda do |_env|
-    [401, basic_headers.merge(auth_challenge_headers).merge(cookie_headers), '']
-  end
-
-  define_method(:app){digest_app}
-
-  def request
-    digest_authorize('test-name', 'test-password')
-    super('/')
-    last_request
-  end
-
-  deprecated 'is defined directly on the session' do
-    current_session.digest_authorize('test-name', 'test-password')
-    get('/')
-    last_request.env['rack-test.digest_auth_retry'].must_equal true
-  end
-
-  deprecated 'retries digest requests' do
-    request.env['rack-test.digest_auth_retry'].must_equal true
-  end
-
-  deprecated 'sends a digest auth header' do
-    request.env['HTTP_AUTHORIZATION'].must_include 'Digest realm'
-  end
-
-  deprecated 'includes the response based on the username,password and nonce' do
-    request.env['HTTP_AUTHORIZATION'].must_include 'response="d773034bdc162b31c50c62764016bd31"'
-  end
-
-  deprecated 'includes the challenge headers' do
-    request.env['HTTP_AUTHORIZATION'].must_include challenge_data
-  end
-
-  deprecated 'includes the username' do
-    request.env['HTTP_AUTHORIZATION'].must_include 'username="test-name"'
-  end
-end
-
 describe 'Rack::Test::Session#follow_redirect!' do
   it 'follows redirects' do
     get '/redirect'