allow cache to be an ActiveSupport::Cache object

Jay OConnor · Jay OConnor · commit d1390644262a · 2023-05-22T14:44:55.000-07:00
diff --git a/lib/firebase_id_token.rb b/lib/firebase_id_token.rb
@@ -9,6 +9,7 @@
 require 'firebase_id_token/exceptions/no_certificates_error'
 require 'firebase_id_token/exceptions/certificates_request_error'
 require 'firebase_id_token/exceptions/certificates_ttl_error'
+require 'firebase_id_token/exceptions/unsupported_cache_operation_error'
 require 'firebase_id_token/exceptions/certificate_not_found'
 require 'firebase_id_token/configuration'
 require 'firebase_id_token/certificates'
diff --git a/lib/firebase_id_token/certificates.rb b/lib/firebase_id_token/certificates.rb
@@ -30,8 +30,8 @@ module FirebaseIdToken
   #   FirebaseIdToken::Certificates.request! # Downloads certificates.
   #
   class Certificates
-    # A Redis instance.
-    attr_reader :redis
+    # A common cache store
+    attr_reader :cache_store
     # Certificates saved in the Redis (JSON `String` or `nil`).
     attr_reader :local_certs
 
@@ -146,16 +146,20 @@ def self.find!(kid)
     # time, use it to know when to request again.
     # @return [Fixnum]
     def self.ttl
-      ttl = new.redis.ttl('certificates')
-      ttl < 0 ? 0 : ttl
+      if new.cache_store.respond_to?(:redis)
+        ttl = new.cache_store.redis.ttl('certificates')
+        return ttl < 0 ? 0 : ttl
+      end
+      # Not all cache stores supported by ActiveSupport::Cache support a TTL
+      # read on an entrye
+      raise Exceptions::UnsupportedCacheOperationError.new
     end
 
     # Sets two instance attributes: `:redis` and `:local_certs`. Those are
     # respectively a Redis instance from {FirebaseIdToken::Configuration} and
     # the certificates in it.
     def initialize
-      @redis = Redis::Namespace.new('firebase_id_token',
-        redis: FirebaseIdToken.configuration.redis)
+      @cache_store = FirebaseIdToken.configuration.cache_store
       @local_certs = read_certificates
     end
 
@@ -178,12 +182,12 @@ def request!
     private
 
     def read_certificates
-      certs = @redis.get 'certificates'
+      certs = @cache_store.read 'certificates'
       certs ? JSON.parse(certs) : {}
     end
 
     def save_certificates
-      @redis.setex 'certificates', ttl, @request.body
+      @cache_store.write 'certificates', @request.body, expires_in: ttl
       @local_certs = read_certificates
     end
 
diff --git a/lib/firebase_id_token/configuration.rb b/lib/firebase_id_token/configuration.rb
@@ -4,11 +4,15 @@ module FirebaseIdToken
   LIB_PATH = File.expand_path('../../', __FILE__)
 
   class Configuration
-    attr_accessor :redis, :project_ids, :certificates
+    attr_accessor :redis, :project_ids, :certificates, :cache_store
 
     def initialize
       @project_ids = []
       @certificates = FirebaseIdToken::Certificates
+      # support older API where redis attribute was explictly set
+      if redis
+        @cache_store = ActiveSupport::Cache.RedisStore.new(redis)
+      end
     end
   end
 end
diff --git a/lib/firebase_id_token/exceptions/unsupported_cache_operation_error.rb b/lib/firebase_id_token/exceptions/unsupported_cache_operation_error.rb
@@ -0,0 +1,11 @@
+module FirebaseIdToken
+  module Exceptions
+    # @see FirebaseIdToken::Certificates.request
+    # @see FirebaseIdToken::Certificates.request!
+    class UnsupportedCacheOperationError < StandardError
+      def initialize(message = "Cache store does not support a TTL read on entries")
+        super message
+      end
+    end
+  end
+end
diff --git a/spec/firebase_id_token/certificates_spec.rb b/spec/firebase_id_token/certificates_spec.rb
@@ -2,7 +2,6 @@
 
 module FirebaseIdToken
   describe Certificates do
-    let (:redis) { Redis::Namespace.new 'firebase_id_token', redis: Redis.new }
     let (:certs) { File.read('spec/fixtures/files/certificates.json') }
     let (:cache) { 'public, max-age=19302, must-revalidate, no-transform' }
     let (:low_cache) { 'public, max-age=2160, must-revalidate, no-transform' }
@@ -22,143 +21,158 @@ module FirebaseIdToken
         with(an_instance_of(String)) { response }
     }
 
-    before :each do
-      redis.del 'certificates'
-      mock_request
-    end
-
-    describe '#request' do
-      it 'requests certificates when Redis database is empty' do
-        expect(HTTParty).to receive(:get).
-          with(FirebaseIdToken::Certificates::URL)
-        described_class.request
+    shared_examples_for 'a certificate store' do |cache_store, cache_store_supports_ttl|
+      before :each do
+        allow(FirebaseIdToken.configuration).to receive(:cache_store).and_return(cache_store)
+        FirebaseIdToken.configuration.cache_store.delete 'certificates'
+        mock_request
       end
 
-      it 'does not requests certificates when Redis database is written' do
-        expect(HTTParty).to receive(:get).
-          with(FirebaseIdToken::Certificates::URL).once
-        2.times { described_class.request }
-      end
-    end
-
-    describe '#request!' do
-      it 'always requests certificates' do
-        expect(HTTParty).to receive(:get).
-          with(FirebaseIdToken::Certificates::URL).twice
-        2.times { described_class.request! }
-      end
+      describe '#request' do
+        it 'requests certificates when Redis database is empty' do
+          expect(HTTParty).to receive(:get).
+            with(FirebaseIdToken::Certificates::URL)
+          described_class.request
+        end
 
-      it 'sets the certificate expiration time as Redis TTL' do
-        described_class.request!
-        expect(redis.ttl('certificates')).to be > 3600
+        it 'does not requests certificates when Redis database is written' do
+          expect(HTTParty).to receive(:get).
+            with(FirebaseIdToken::Certificates::URL).once
+          2.times { described_class.request }
+        end
       end
 
-      it 'raises a error when certificates expires in less than 1 hour' do
-        allow(response).to receive(:headers) {{'cache-control' => low_cache}}
-        expect{ described_class.request! }.
-          to raise_error(Exceptions::CertificatesTtlError)
-      end
+      describe '#request!' do
+        it 'always requests certificates' do
+          expect(HTTParty).to receive(:get).
+            with(FirebaseIdToken::Certificates::URL).twice
+          2.times { described_class.request! }
+        end
 
-      it 'raises a error when HTTP response code is other than 200' do
-        allow(response).to receive(:code) { 401 }
-        expect{ described_class.request! }.
-          to raise_error(Exceptions::CertificatesRequestError)
-      end
-    end
+        it 'sets the certificate expiration time as Redis TTL', skip: !cache_store_supports_ttl do
+          described_class.request!
+          expect(described_class.ttl).to be > 3600
+        end
 
-    describe '#request_anyway' do
-      it 'also requests certificates' do
-        expect(HTTParty).to receive(:get).
-          with(FirebaseIdToken::Certificates::URL)
+        it 'raises a error when certificates expires in less than 1 hour' do
+          allow(response).to receive(:headers) {{'cache-control' => low_cache}}
+            expect{ described_class.request! }.
+              to raise_error(Exceptions::CertificatesTtlError)
+        end
 
-        described_class.request_anyway
+        it 'raises a error when HTTP response code is other than 200' do
+          allow(response).to receive(:code) { 401 }
+          expect{ described_class.request! }.
+            to raise_error(Exceptions::CertificatesRequestError)
+        end
       end
-    end
 
-    describe '.present?' do
-      it 'returns false when Redis database is empty' do
-        expect(described_class.present?).to be(false)
-      end
+      describe '#request_anyway' do
+        it 'also requests certificates' do
+          expect(HTTParty).to receive(:get).
+            with(FirebaseIdToken::Certificates::URL)
 
-      it 'returns true when Redis database is written' do
-        described_class.request
-        expect(described_class.present?).to be(true)
-      end
-    end
-
-    describe '.all' do
-      context 'before requesting certificates' do
-        it 'returns a empty Array' do
-          expect(described_class.all).to eq([])
+          described_class.request_anyway
         end
       end
 
-      context 'after requesting certificates' do
-        it 'returns a array of hashes: String keys' do
-          described_class.request
-          expect(described_class.all.first.keys[0]).to be_a(String)
+      describe '.present?' do
+        it 'returns false when Redis database is empty' do
+          expect(described_class.present?).to be(false)
         end
 
-        it 'returns a array of hashes: OpenSSL::X509::Certificate values' do
+        it 'returns true when Redis database is written' do
           described_class.request
-          expect(described_class.all.first.values[0]).
-            to be_a(OpenSSL::X509::Certificate)
+          expect(described_class.present?).to be(true)
         end
       end
-    end
 
-    describe '.find' do
-      context 'without certificates in Redis database' do
-        it 'raises a exception' do
-          expect{ described_class.find(kid)}.
-            to raise_error(Exceptions::NoCertificatesError)
+      describe '.all' do
+        context 'before requesting certificates' do
+          it 'returns a empty Array' do
+            expect(described_class.all).to eq([])
+          end
+        end
+
+        context 'after requesting certificates' do
+          it 'returns a array of hashes: String keys' do
+            described_class.request
+            expect(described_class.all.first.keys[0]).to be_a(String)
+          end
+
+          it 'returns a array of hashes: OpenSSL::X509::Certificate values' do
+            described_class.request
+            expect(described_class.all.first.values[0]).
+              to be_a(OpenSSL::X509::Certificate)
+          end
         end
       end
 
-      context 'with certificates in Redis database' do
-        it 'returns a OpenSSL::X509::Certificate when it finds the kid' do
-          described_class.request
-          expect(described_class.find(kid)).to be_a(OpenSSL::X509::Certificate)
+      describe '.find' do
+        context 'without certificates in Redis database' do
+          it 'raises a exception' do
+            expect{ described_class.find(kid)}.
+              to raise_error(Exceptions::NoCertificatesError)
+          end
         end
 
-        it 'returns nil when it can not find the kid' do
-          described_class.request
-          expect(described_class.find('')).to be(nil)
+        context 'with certificates in Redis database' do
+          it 'returns a OpenSSL::X509::Certificate when it finds the kid' do
+            described_class.request
+            expect(described_class.find(kid)).to be_a(OpenSSL::X509::Certificate)
+          end
+
+          it 'returns nil when it can not find the kid' do
+            described_class.request
+            expect(described_class.find('')).to be(nil)
+          end
         end
       end
-    end
 
-    describe '.find!' do
-      context 'without certificates in Redis database' do
-        it 'raises a exception' do
-          expect{ described_class.find!(kid)}.
-            to raise_error(Exceptions::NoCertificatesError)
+      describe '.find!' do
+        context 'without certificates in Redis database' do
+          it 'raises a exception' do
+            expect{ described_class.find!(kid)}.
+              to raise_error(Exceptions::NoCertificatesError)
+          end
+        end
+        context 'with certificates in Redis database' do
+          it 'returns a OpenSSL::X509::Certificate when it finds the kid' do
+            described_class.request
+            expect(described_class.find!(kid)).to be_a(OpenSSL::X509::Certificate)
+          end
+
+          it 'raises a CertificateNotFound error when it can not find the kid' do
+            described_class.request
+            expect { described_class.find!('') }
+              .to raise_error(Exceptions::CertificateNotFound, /Unable to find/)
+          end
         end
+
       end
-      context 'with certificates in Redis database' do
-        it 'returns a OpenSSL::X509::Certificate when it finds the kid' do
+
+      describe '.ttl' do
+        it 'returns a positive number when has certificates in Redis', skip: !cache_store_supports_ttl do
           described_class.request
-          expect(described_class.find!(kid)).to be_a(OpenSSL::X509::Certificate)
+          expect(described_class.ttl).to be > 0
         end
 
-        it 'raises a CertificateNotFound error when it can not find the kid' do
-          described_class.request
-          expect { described_class.find!('') }
-            .to raise_error(Exceptions::CertificateNotFound, /Unable to find/)
+        it 'returns zero when has no certificates in Redis', skip: !cache_store_supports_ttl do
+          expect(described_class.ttl).to eq(0)
         end
-      end
 
+        it 'raises an error if the cache store does not support TTL', skip: cache_store_supports_ttl do
+          expect { described_class.ttl }.to raise_error(Exceptions::UnsupportedCacheOperationError)
+        end
+      end
     end
 
-    describe '.ttl' do
-      it 'returns a positive number when has certificates in Redis' do
-        described_class.request
-        expect(described_class.ttl).to be > 0
-      end
+    context 'RedisCacheStore' do
+      it_behaves_like 'a certificate store', ActiveSupport::Cache::RedisCacheStore.new, true
+    end
 
-      it 'returns zero when has no certificates in Redis' do
-        expect(described_class.ttl).to eq(0)
-      end
+    context 'MemoryStore' do
+      it_behaves_like 'a certificate store', ActiveSupport::Cache::MemoryStore.new, false
     end
   end
 end
