From a06e2f5302dfdb9f33c29c556de209fed283404d Mon Sep 17 00:00:00 2001
From: "Michael S. Kazmier" <michael.s.kazmier@uscis.dhs.gov>
Date: Mon, 18 Dec 2017 15:26:19 -0700
Subject: [PATCH] udpates params parsing function and adds tests

---
 api_auth.gemspec        |  1 +
 lib/api_auth/headers.rb | 11 ++++++++---
 spec/headers_spec.rb    | 10 +++++++++-
 3 files changed, 18 insertions(+), 4 deletions(-)

diff --git a/api_auth.gemspec b/api_auth.gemspec
index 1ffaab0f..9f791928 100644
--- a/api_auth.gemspec
+++ b/api_auth.gemspec
@@ -16,6 +16,7 @@ Gem::Specification.new do |s|
   s.add_development_dependency 'actionpack', '< 6.0', '> 4.0'
   s.add_development_dependency 'activesupport', '< 6.0', '> 4.0'
   s.add_development_dependency 'activeresource', '~> 4.0'
+  s.add_development_dependency 'rails', '~> 4.0'
   s.add_development_dependency 'rest-client', '~> 1.6.0'
   s.add_development_dependency 'curb', '~> 0.8.1'
   s.add_development_dependency 'httpi'
diff --git a/lib/api_auth/headers.rb b/lib/api_auth/headers.rb
index b75f43a8..aa24e434 100644
--- a/lib/api_auth/headers.rb
+++ b/lib/api_auth/headers.rb
@@ -94,13 +94,18 @@ def sign_header(header)
     private
 
     def parse_uri(uri)
-      uri_without_host = uri.gsub(URI_WITHOUT_HOST_REGEXP, '')
+      parsed_uri = URI.parse(uri)
+
+      uri_without_host = parsed_uri.respond_to?(:request_uri) ? parsed_uri.request_uri : uri
       return '/' if uri_without_host.empty?
       escape_params(uri_without_host)
     end
 
-    # Different version of request parsers escape/unescape the param values
-    # This will force param values to escaped
+    # Different versions of request parsers escape/unescape the param values
+    # Examples:
+    # Rails 5.1.3 ApiAuth canonical_string:'GET,application/json,,/api/v1/employees?select=epulse_id%2Cfirst_name%2Clast_name,Thu, 14 Dec 2017 16:19:48 GMT'
+    # Rails 5.1.4 ApiAuth canonical_string:'GET,application/json,,/api/v1/employees?select=epulse_id,first_name,last_name,Thu, 14 Dec 2017 16:20:57 GMT'
+    # This will force param values to escaped and fixes issue #123
     def escape_params(uri)
       unescaped_uri = CGI.unescape(uri)
       uri_array = unescaped_uri.split('?')
diff --git a/spec/headers_spec.rb b/spec/headers_spec.rb
index 4fbc50b4..5d7c56de 100644
--- a/spec/headers_spec.rb
+++ b/spec/headers_spec.rb
@@ -43,13 +43,21 @@
         let(:uri) { 'http://google.com/?redirect_to=https://www.example.com'.freeze }
 
         it 'return /?redirect_to=https://www.example.com as canonical string path' do
-          expect(subject.canonical_string).to eq('GET,,,/?redirect_to=https://www.example.com,')
+          expect(subject.canonical_string).to eq('GET,,,/?redirect_to=https%3A%2F%2Fwww.example.com,')
         end
 
         it 'does not change request url (by removing host)' do
           expect(request.url).to eq(uri)
         end
       end
+
+      context 'uri has multiple params in it' do
+        let(:uri) { 'http://google.com/search/advanced?redirect_to=https://www.example.com&account=a12dd334/3444\:23'.freeze }
+
+        it 'returns only query param values as escaped in url' do
+          puts subject.canonical_string
+        end
+      end
     end
 
     context 'string construction' do