From e0c2ae7fc7f5f412ff9dd2a179ca990c5c8dda33 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=A1=D0=B5=D1=80=D0=B3=D0=B5=D0=B9=20=D0=9C=D0=B0=D0=BB?=
 =?UTF-8?q?=D1=8B=D1=85?= <xronos.i.am@gmail.com>
Date: Tue, 16 Apr 2019 13:40:23 +0300
Subject: [PATCH] Fix authorization header for Chrome's non-standards-compliant
 GCM endpoints

---
 lib/webpush/request.rb       |  2 +-
 spec/webpush/request_spec.rb | 45 ++++++++++++++++++++++++++++++++++++
 2 files changed, 46 insertions(+), 1 deletion(-)

diff --git a/lib/webpush/request.rb b/lib/webpush/request.rb
index ed085d9..896cbc3 100644
--- a/lib/webpush/request.rb
+++ b/lib/webpush/request.rb
@@ -59,7 +59,7 @@ def headers
       end
 
       if api_key?
-        headers["Authorization"] = api_key
+        headers["Authorization"] = "key=#{api_key}"
       elsif vapid?
         vapid_headers = build_vapid_headers
         headers["Authorization"] = vapid_headers["Authorization"]
diff --git a/spec/webpush/request_spec.rb b/spec/webpush/request_spec.rb
index e7d7171..85326f5 100644
--- a/spec/webpush/request_spec.rb
+++ b/spec/webpush/request_spec.rb
@@ -19,6 +19,51 @@
       end
     end
 
+    describe 'from :api_key' do
+      def build_request_with_api_key(endpoint, options = {})
+        subscription = {
+          endpoint: endpoint,
+          keys: {
+            p256dh: 'p256dh',
+            auth: 'auth'
+          }
+        }
+        request = Webpush::Request.new(message: "", subscription: subscription, vapid: {}, **options)
+      end
+
+      it 'inserts Authorization header when api_key present, and endpoint is for Chrome\'s non-standards-compliant GCM endpoints' do
+        request = build_request_with_api_key('https://gcm-http.googleapis.com/gcm/xyz', api_key: "api_key")
+
+        expect(request.headers['Authorization']).to eq("key=api_key")
+      end
+
+      it 'does not insert Authorization header for Chrome\'s new standards-compliant endpoints, even if api_key is present' do
+        request = build_request_with_api_key('https://fcm.googleapis.com/fcm/send/ABCD1234', api_key: "api_key")
+
+        expect(request.headers['Authorization']).to be_nil
+      end
+
+      it 'does not insert Authorization header when endpoint is not for Chrome, even if api_key is present' do
+        request = build_request_with_api_key('https://some.random.endpoint.com/xyz', api_key: "api_key")
+
+        expect(request.headers['Authorization']).to be_nil
+      end
+
+      it 'does not insert Authorization header when api_key blank' do
+        request = build_request_with_api_key("endpoint", api_key: nil)
+
+        expect(request.headers['Authorization']).to be_nil
+
+        request = build_request_with_api_key("endpoint", api_key: "")
+
+        expect(request.headers['Authorization']).to be_nil
+
+        request = build_request_with_api_key("endpoint")
+
+        expect(request.headers['Authorization']).to be_nil
+      end
+    end
+
     describe 'from :ttl' do
       it 'can override Ttl with :ttl option with string' do
         request = build_request(ttl: '300', vapid: vapid_options)