Skip to content

Commit

Permalink
Ensure that signature is sent before files (#65)
Browse files Browse the repository at this point in the history
* Ensure that signature is sent before files

Closes #51

* Fix linting

* Update CHANGELOG.md
  • Loading branch information
Acconut authored Jan 10, 2024
1 parent c5c9693 commit f6e3778
Show file tree
Hide file tree
Showing 3 changed files with 51 additions and 5 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
* Prevent duplicate assembly steps [#49](https://github.com/transloadit/ruby-sdk/issues/27) (@ifedapoolarewaju)
* Send "Transloadit-Client" header for every request (@ifedapoolarewaju)
* Send all requests via HTTPS by default
* Position signature before any files in requests [#51](https://github.com/transloadit/ruby-sdk/issues/51)

### 2.0.1 / 2017-01-23 ###

Expand Down
21 changes: 16 additions & 5 deletions lib/transloadit/request.rb
Original file line number Diff line number Diff line change
Expand Up @@ -139,11 +139,22 @@ def to_payload(payload = nil)
return {} if payload.nil?
return {} if payload.respond_to?(:empty?) && payload.empty?

# TODO: refactor this, don't update a hash that's not ours
payload.update params: MultiJson.dump(payload[:params])
payload.update signature: signature(payload[:params])
payload.delete :signature if payload[:signature].nil?
payload
# Create a new hash with JSONified params and a signature if a secret was provided.
# Note: We first set :params and :signature to ensure that these are the first fields
# in the multipart requests, before any file. Otherwise, a signature will only be transmitted
# after all files have been uploaded. The order of the fields in a multipart request
# follows the order of the entries in the returned hash here.
# See https://github.com/transloadit/ruby-sdk/issues/51
new_payload = {
params: MultiJson.dump(payload[:params])
}
sig = signature(new_payload[:params])
new_payload[:signature] = sig unless sig.nil?

# Copy all values, excluding :params and :signature keys.
new_payload.update payload.reject { |key, _| key == :params || key == :signature }

new_payload
end

#
Expand Down
34 changes: 34 additions & 0 deletions test/unit/transloadit/test_assembly.rb
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,40 @@
end
end

describe "with a secret" do
include WebMock::API

before do
WebMock.reset!
stub_request(:post, "https://api2.transloadit.com/assemblies")
.to_return(body: '{"ok":"ASSEMBLY_COMPLETED"}')
end

after do
WebMock.reset!
end

it "must send the signature before any file" do
transloadit = Transloadit.new(key: "", secret: "foo")
Transloadit::Assembly.new(
transloadit
).create! open("lib/transloadit/version.rb")

assert_requested(:post, "https://api2.transloadit.com/assemblies") do |req|
position_params = req.body.index 'name="params"'
position_signature = req.body.index 'name="signature"'
position_file = req.body.index 'name="file_0"'

_(position_params).wont_be_nil
_(position_signature).wont_be_nil
_(position_file).wont_be_nil

_(position_params < position_signature).must_equal true
_(position_signature < position_file).must_equal true
end
end
end

describe "with additional parameters" do
include WebMock::API

Expand Down

0 comments on commit f6e3778

Please sign in to comment.