From a229eccb3d977df7a544050dac0dbd757600d435 Mon Sep 17 00:00:00 2001
From: Felix Kleinschmidt <fk@bsrd.io>
Date: Wed, 26 Mar 2025 10:15:11 -0200
Subject: [PATCH 1/2] apply headers after default basic auth, so that
 Authorization header can be overwritten

---
 lib/quickpay/api/client.rb |  3 ++-
 test/client.rb             | 11 +++++++++++
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/lib/quickpay/api/client.rb b/lib/quickpay/api/client.rb
index ae95ddc..8616cd7 100644
--- a/lib/quickpay/api/client.rb
+++ b/lib/quickpay/api/client.rb
@@ -62,8 +62,9 @@ def initialize(username: nil, password: nil, base_uri: "https://api.quickpay.net
           if (query = req.query) && query.any?
             uri.query = URI.encode_www_form(req.query)
           end
-          net_req = method_class.new(uri, req.headers)
+          net_req = method_class.new(uri)
           net_req.basic_auth(@username, @password) if @username || @password
+          req.headers.each { |key, value| net_req[key] = value }
           net_req.body = req.body
           res = Net::HTTP.start(
             uri.hostname,
diff --git a/test/client.rb b/test/client.rb
index 4decd7f..767e2ac 100644
--- a/test/client.rb
+++ b/test/client.rb
@@ -29,6 +29,17 @@
     _(headers["authorization"]).must_equal "Basic OnNlY3JldA=="
   end
 
+  it "overwrites Authorization header if already set" do
+    stub_request(:get, "http://localhost:4242/ping").to_return { |request| { headers: request.headers, status: 200 } }
+
+    client = QuickPay::API::Client.new(password: "secret", base_uri: "http://localhost:4242")
+    _, _, headers = *client.get("/ping", headers: { Authorization: "Basic OnRlc3RfdXNlcg==" })
+
+    _(headers["accept-version"]).must_equal "v10"
+    _(headers["user-agent"]).must_equal "quickpay-ruby-client, v#{QuickPay::API::VERSION}"
+    _(headers["authorization"]).must_equal "Basic OnRlc3RfdXNlcg=="
+  end
+
   describe "JSON <=> Hash conversion of body" do
     subject { QuickPay::API::Client.new }
 

From 722e5b209a9f9af6ff691c1877d5064d1fa05829 Mon Sep 17 00:00:00 2001
From: Felix Kleinschmidt <fk@bsrd.io>
Date: Wed, 26 Mar 2025 10:19:51 -0200
Subject: [PATCH 2/2] Bump version to 4.0.2

---
 CHANGELOG.md                | 13 +++++++++++++
 lib/quickpay/api/version.rb |  2 +-
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 31775d0..2a38bde 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,18 @@
 # Changelog
 
+## 4.0.2
+
+Make overwritten Authorization header possible again.
+
+## 4.0.1
+
+Fix so that settings port number is no longer ignored
+
+## 4.0.0
+
+Replace Excon with std lib Net::HTTP, so raised errors will have different underlying errors.
+The returned header keys are all lowercase.
+
 ## 3.0.1
 
 * Fixed bug where variations of Content-Type application/json got scrubbed, fx application/json;charset=UTF-8 (https://github.com/QuickPay/quickpay-ruby-client/pull/41)
diff --git a/lib/quickpay/api/version.rb b/lib/quickpay/api/version.rb
index b970388..4f66171 100644
--- a/lib/quickpay/api/version.rb
+++ b/lib/quickpay/api/version.rb
@@ -1,5 +1,5 @@
 module QuickPay
   module API
-    VERSION = "4.0.1".freeze
+    VERSION = "4.0.2".freeze
   end
 end