From f80d7ee78ee86a4db43c01f8cff08c4ef1408119 Mon Sep 17 00:00:00 2001
From: James Stoup <james.stoup@castle.io>
Date: Tue, 15 Jun 2021 12:02:14 -0400
Subject: [PATCH] adding support for risk and filter failover

the structure of authenticate differs from risk and filter

authenticate - { action: 'allow|deny|challenge' }
risk/filter - { policy: { action: 'allow|deny|challenge' } }
---
 CHANGELOG.md                                   |  5 +++++
 Gemfile.lock                                   |  4 ++--
 lib/castle/failover/prepare_response.rb        | 12 +++++++++++-
 lib/castle/version.rb                          |  2 +-
 spec/lib/castle/client_spec.rb                 |  3 +++
 spec/support/shared_examples/action_request.rb |  3 +++
 6 files changed, 25 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index b79796f..e502c4b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,11 @@
 
 ## master
 
+## 7.1.1 
+
+- [#246](https://github.com/castle/castle-ruby/pull/246)
+  * support failover for risk and filter
+
 ## 7.1.0 (2021-06-09)
 
 - [#245](https://github.com/castle/castle-ruby/pull/245) 
diff --git a/Gemfile.lock b/Gemfile.lock
index 21d3484..c6b7b8d 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    castle-rb (7.1.0)
+    castle-rb (7.1.1)
 
 GEM
   remote: https://rubygems.org/
@@ -104,4 +104,4 @@ DEPENDENCIES
   webmock
 
 BUNDLED WITH
-   2.1.4
+   2.2.19
diff --git a/lib/castle/failover/prepare_response.rb b/lib/castle/failover/prepare_response.rb
index 0349ba3..3021c5b 100644
--- a/lib/castle/failover/prepare_response.rb
+++ b/lib/castle/failover/prepare_response.rb
@@ -11,7 +11,17 @@ def initialize(user_id, reason:, strategy:)
       end
 
       def call
-        { action: @strategy.to_s, user_id: @user_id, failover: true, failover_reason: @reason }
+        {
+          # v1/risk v1/filter structure
+          policy: {
+            action: @strategy.to_s,
+          },
+          # v1/authenticate structure
+          action: @strategy.to_s,
+          user_id: @user_id,
+          failover: true,
+          failover_reason: @reason
+        }
       end
     end
   end
diff --git a/lib/castle/version.rb b/lib/castle/version.rb
index c4f6dd7..7c351c3 100644
--- a/lib/castle/version.rb
+++ b/lib/castle/version.rb
@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Castle
-  VERSION = '7.1.0'
+  VERSION = '7.1.1'
 end
diff --git a/spec/lib/castle/client_spec.rb b/spec/lib/castle/client_spec.rb
index 5259bee..d7b6ca1 100644
--- a/spec/lib/castle/client_spec.rb
+++ b/spec/lib/castle/client_spec.rb
@@ -225,6 +225,7 @@
       end
 
       it { assert_not_requested :post, 'https://api.castle.io/v1/authenticate' }
+      it { expect(request_response[:policy][:action]).to be_eql(Castle::Verdict::ALLOW) }
       it { expect(request_response[:action]).to be_eql(Castle::Verdict::ALLOW) }
       it { expect(request_response[:user_id]).to be_eql('1234') }
       it { expect(request_response[:failover]).to be true }
@@ -246,6 +247,7 @@
 
       context 'with request error and not throw on eg deny strategy' do
         it { assert_not_requested :post, 'https://:secret@api.castle.io/v1/authenticate' }
+        it { expect(request_response[:policy][:action]).to be_eql('allow') }
         it { expect(request_response[:action]).to be_eql('allow') }
         it { expect(request_response[:user_id]).to be_eql('1234') }
         it { expect(request_response[:failover]).to be true }
@@ -266,6 +268,7 @@
 
       describe 'not throw on eg deny strategy' do
         it { assert_not_requested :post, 'https://:secret@api.castle.io/v1/authenticate' }
+        it { expect(request_response[:policy][:action]).to be_eql('allow') }
         it { expect(request_response[:action]).to be_eql('allow') }
         it { expect(request_response[:user_id]).to be_eql('1234') }
         it { expect(request_response[:failover]).to be true }
diff --git a/spec/support/shared_examples/action_request.rb b/spec/support/shared_examples/action_request.rb
index 22bbbaf..9137eac 100644
--- a/spec/support/shared_examples/action_request.rb
+++ b/spec/support/shared_examples/action_request.rb
@@ -104,6 +104,7 @@
     end
 
     it { assert_not_requested :post, "https://api.castle.io/v1/#{action}" }
+    it { expect(request_response[:policy][:action]).to be_eql(Castle::Verdict::ALLOW) }
     it { expect(request_response[:action]).to be_eql(Castle::Verdict::ALLOW) }
     it { expect(request_response[:user_id]).to be_eql('1234') }
     it { expect(request_response[:failover]).to be true }
@@ -125,6 +126,7 @@
 
     context 'with request error and not throw on eg deny strategy' do
       it { assert_not_requested :post, "https:/:secret@api.castle.io/v1/#{action}" }
+      it { expect(request_response[:policy][:action]).to be_eql('allow') }
       it { expect(request_response[:action]).to be_eql('allow') }
       it { expect(request_response[:user_id]).to be_eql('1234') }
       it { expect(request_response[:failover]).to be true }
@@ -143,6 +145,7 @@
 
     describe 'not throw on eg deny strategy' do
       it { assert_not_requested :post, "https:/:secret@api.castle.io/v1/#{action}" }
+      it { expect(request_response[:policy][:action]).to be_eql('allow') }
       it { expect(request_response[:action]).to be_eql('allow') }
       it { expect(request_response[:user_id]).to be_eql('1234') }
       it { expect(request_response[:failover]).to be true }