SECURITY-1063: add filter_invalid function

Jozsa Csongor · Jozsa Csongor · commit 9427c0a59039 · 2018-04-24T10:49:48.000+02:00
Co-authored-by: krisztian.nagy@emarsys.com
diff --git a/README.md b/README.md
@@ -10,19 +10,33 @@ gem install session-validator-client
 
 ## Usage
 
+
 setup up the following environment variables:
 
 * `KEY_POOL`
 * `SESSION_VALIDATOR_KEYID`
 * `SESSION_VALIDATOR_URL`
 
+###Validating a single Msid
+`valid?(msid)` returns `true` if `msid` is valid
+
 ```ruby
 require "session_validator"
 
 client = SessionValidator::Client.new
 client.valid?("staging_int_5ad5f96f307cf9.61063404")
 ```
 
+###Batch validating multiple MSIDS
+`filter_invalid(msids)` returns an array of the invalid MSIDS.
+
+```ruby
+require "session_validator"
+
+client = SessionValidator::Client.new
+client.filter_invalid(["staging_int_5ad5f96f307cf9.61063404", "staging_int_5ad5f96f307cf9.61063405"])
+```
+
 ## Running tests
 
 ```bash
diff --git a/lib/session_validator/cached_client.rb b/lib/session_validator/cached_client.rb
@@ -15,5 +15,16 @@ def valid?(msid)
         @cache.set msid, result if result
       end
     end
+
+    def filter_invalid(msids)
+      @cache.cleanup
+
+      @client.filter_invalid(msids).tap do |result|
+        msids.each do |msid|
+          @cache.set msid, true unless result.include?(msid)
+        end
+      end
+    end
+
   end
 end
diff --git a/lib/session_validator/client.rb b/lib/session_validator/client.rb
@@ -21,6 +21,18 @@ def valid?(msid)
     true
   end
 
+  def filter_invalid(msids)
+    response = client.post("/sessions/filter", JSON.generate({msids:msids}), headers)
+    if response.status == 200
+      JSON.parse(response.body)
+    else
+      []
+    end
+  rescue Faraday::TimeoutError
+    []
+  end
+
+
   private
 
   def client
diff --git a/spec/session_validator/cached_client_spec.rb b/spec/session_validator/cached_client_spec.rb
@@ -47,4 +47,50 @@
       it { is_expected.to be true }
     end
   end
+
+  describe "#filter_invalid" do
+    subject(:result) { cached_client.filter_invalid msids }
+
+    let(:msids) { ["test_12345.67890", "test_12345.67891", "test_12345.67892"] }
+
+    before do
+      allow(cache).to receive(:cleanup)
+    end
+
+    context "when called" do
+      before do
+        allow(cache).to receive(:set)
+        allow(client).to receive(:filter_invalid).with(msids).and_return([])
+      end
+      it do
+        expect(cache).to receive(:cleanup).with(no_args)
+        result
+      end
+    end
+
+    context "when msids are valid" do
+      before do
+        allow(cache).to receive(:set)
+        allow(client).to receive(:filter_invalid).with(msids).and_return([])
+      end
+
+      it do
+        msids.each do |msid|
+          expect(cache).to receive(:set).with(msid, true)
+        end
+        result
+      end
+      it { is_expected.to eq [] }
+    end
+
+    context "when msids are invalid" do
+      before do
+        allow(client).to receive(:filter_invalid).with(msids).and_return(msids)
+      end
+
+      it { is_expected.to eq msids }
+    end
+
+  end
+
 end
diff --git a/spec/session_validator/client_spec.rb b/spec/session_validator/client_spec.rb
@@ -45,4 +45,47 @@
       it { is_expected.to eq true }
     end
   end
+
+  describe "#filter_invalid" do
+    subject(:validation) { client.filter_invalid msids }
+
+    let(:msids) { ["test_12345.67890", "test_12345.67891", "test_12345.67892"] }
+    let(:invalid_msids) { ["test_12345.67890", "test_12345.67892"] }
+    let(:service_url) { "https://example.org" }
+    let(:http_request) { stub_request(:post, "#{service_url}/sessions/filter") }
+    let(:escher_keypool) { { api_key_id: 'session-validator_smart-insight_v1', api_secret: 'escher_secret' } }
+
+    before do
+      stub_const 'ENV', ENV.to_h.merge('SESSION_VALIDATOR_URL' => service_url)
+      allow(::Escher::Keypool).to receive_message_chain(:new, :get_active_key).with("session_validator")
+                                      .and_return(escher_keypool)
+    end
+
+    context "when request timeouted" do
+      before { http_request.to_raise Faraday::TimeoutError }
+
+      it { is_expected.to eq [] }
+    end
+
+    context "when given a list of msids" do
+      before { http_request.to_return body: JSON.generate(invalid_msids) }
+
+      it { is_expected.to have_requested(:post, "#{service_url}/sessions/filter").
+          with(body: JSON.generate({msids: msids})) }
+    end
+
+    context "when response status code is not 200 OK" do
+      before { http_request.to_return status: [404, "Not Found"] }
+
+      it { is_expected.to eq [] }
+    end
+
+    context "when server replies with a list of msids" do
+      before { http_request.to_return body: JSON.generate(invalid_msids) }
+
+      it { is_expected.to eq invalid_msids }
+    end
+
+  end
+
 end
