Birst_Command 0.4.0 → 0.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 2fcfeb6fbba597581204ab786c08a523038a34dd
-  data.tar.gz: 3aa45b83a061a5375c33d1a25caa0f7f9a242d2a
+  metadata.gz: 6bad6616cef05fab628640a4acabc9b7c219baf4
+  data.tar.gz: d4e2bf27651cf4ef20d1038b064ee8f7f4b83bbe
 SHA512:
-  metadata.gz: 06dc2ba21870c94529450d603469d216b77cbfd307d2b8ec2784404320273d367e40715dcd22d9a1a0597b9e6dae8ec8aab05c6e875745f84dfad97161350d38
-  data.tar.gz: 58252f327c73d797487fe37cb8e9f901400454c46495df153751ee12efbfb82f9a65c6c6baecc918ff2cda63d51b5ab9ad13d4efc63cb131111fb096c733d7e4
+  metadata.gz: b3d0ba0d5ad7a2609aefde09576f90fe927a3caaeba804967510cfce381271878069e9524d1e72502c6b777c61a84ffa9376771ba715888a35bbe5af81372e5f
+  data.tar.gz: fa825d4847ec8e2d6dc06b7af1992e6e3f352f030649e64135bb622f51a3d5d5e156b7d38e5fa7f104ed7daae657350ea70f1a8c3521504923042c2222f46077

data/Birst_Command.gemspec

@@ -17,6 +17,7 @@ Gem::Specification.new do |s|
   s.required_ruby_version = '~> 2'
   s.add_runtime_dependency "savon", ["~> 2.0"]
   s.add_runtime_dependency "httpclient", ["~> 2.3"]
+  s.add_runtime_dependency "envcrypt", ["~> 0.1"]
 
   s.files         = `git ls-files`.split("\n")
   s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")

data/Gemfile

@@ -1,3 +1,4 @@
 source 'https://rubygems.org'
 gem 'savon', '~> 2.0'
 gem 'httpclient'
+gem 'envcrypt', '~> 0.1'

data/README.md

@@ -1,5 +1,6 @@
 Birst_Command
 ====================
+[![Gem Version](https://badge.fury.io/rb/Birst_Command.svg)](http://badge.fury.io/rb/Birst_Command)
 
 Birst Command is a Ruby gem that allows you to build Ruby scripts that
 interface with the Birst Web API.  It also comes with a simple command line
@@ -10,8 +11,8 @@ Birst user that needed to set up a very basic Ruby interface.
 
 # Installation & Setup
 
-**SPECIAL NOTE:** Password management has changed since version 0.3.0.
-It is now more secure but requires some new configuration.
+**SPECIAL NOTE:** Password management has changed since version 0.4.0.
+Read below for details.
 
 Prerequisites: Ruby > 2.0 and rubygems.
 
@@ -34,30 +35,26 @@ the username and password. (**Note**: do not use `login.bws.birst.com`
 since it does not use an updated WSDL; a specific app server must be
 specified).  Since I have a strong aversion to storing passwords in
 plaintext, the password in the config file needs to use and encrypted
-password.  Birst Command comes with a password encryptor that can be
+password.  Birst Command comes bundled with a password encryptor
+called [Envcrypt](https://github.com/gnilrets/envcrypt) that can be
 executed via
 
 ````bash
-$ birstcl -e mypassword
+$ envcrypt -s mypassword
 ````
 
 which should give an output similar to
 ````
-Set these keys as environment variables
- - Do not lose them or you will have to regenerate your password.
- - Keep them secure, your password is compromised if these keys are compromised.
- - Remove them as environment variables to generate new ones
-BIRST_COMMAND_IV="3Nn26chRPkclusqTHePpig=="
-BIRST_COMMAND_KEY="MWHa7gksYQaZTTq4snjyOnBDWUnKaVJq1VF4cv82MgA="
-BIRST_COMMAND_SALT="KI//0xfSrX4mdSpiSp69BQ=="
-...
-Use this encrypted password in your .birstcl file: "JlCX9/RvHnGuWZWUcjTelg=="
+Encrypted Secret: 2KwUMeJIqsjPWWF9Fw0I+w==
+ENVCRYPT_KEY='V/V919RKnz8l2M002336bg==$ARoQfp/9pfv5kVN/ysRuStLuTWJFZhQF1f49xkHbcwQ=$YAjVhHOXlcagmZoFYgPWdQ=='
+WARNING: It is critical that the key and encryption password be stored separately!
 ````
 
-Copy and paste the encrypted password into the config file.  You will
-also need to ensure that the three environment variables are set as
-indicated above.  If you're running in a development environment, you
-can include these in your bash `~/.profile` file.
+Copy and paste the encrypted password (aka "secret') into the
+`$HOME/.birstcl` config file.  You will also need to ensure that the
+`ENVCRYPT_KEY` environment variable is set as indicated above.  If you're
+running in a development environment, you can include these in your
+bash `~/.profile` file.
 
 # Usage - Birst command line tool
 
@@ -227,3 +224,8 @@ entirely consistent in its use of camelCase for arguments (e.g.,
 `listUsersInSpace`).  This inconsistency requires us to **submit
 commands as snake_case and arguments as the camelCase that Birst
 uses.**
+
+# Changelog
+
+* 0.5.0
+  * Migrated password handling to use Envcrypt

data/bin/birstcl

@@ -14,10 +14,6 @@ module BirstCL
       exit
     end
 
-    if @options[:encrypt_password]
-      encrypt_password(@options[:encrypt_password])
-    end
-
     if @options[:command]
       read_config_file
       execute_command
@@ -44,11 +40,6 @@ module BirstCL
         exit
       end
 
-      @options[:encrypt_password] = nil
-      opts.on("-e","--encrypt_password <PASSWORD>","Generates an encrypted version of PASSWORD that needs to be placed in ~/.birstcl") do |opt|
-        @options[:encrypt_password] = opt
-      end
-
       @options[:command] = nil
       opts.on("-c","--command <COMMAND>","COMMAND is the snake_case Birst web API command") do |opt|
         @options[:command] = opt
@@ -88,15 +79,6 @@ module BirstCL
     Birst_Command::Config.read_config(@options[:config_full_path])
   end
 
-  def encrypt_password(password)
-    Birst_Command::Password.generate_keys(verbose: true)
-    puts <<-EOF.unindent
-    ...
-    Use this encrypted password in your .birstcl file: "#{Birst_Command::Password.encrypt(password)}"
-    EOF
-  end
-
-
   def write_cookie_file(file_full_path)
     return nil if file_full_path.nil?
     File.open(file_full_path, 'w') {|f| f.write(Marshal.dump(@session_cookie)) }

data/lib/birst_command.rb

@@ -4,10 +4,10 @@ require 'openssl'
 require 'base64'
 require 'securerandom'
 require 'json'
+require 'envcrypt'
 
 require 'birst_command/config'
 require 'birst_command/core_additions'
 require 'birst_command/version'
-require 'birst_command/password'
 require 'birst_command/session'
 

data/lib/birst_command/session.rb

@@ -34,12 +34,14 @@ module Birst_Command
 
 
     def login(use_cookie: nil)
+      crypt = Envcrypt::Envcrypter.new
+
       @auth_cookies = use_cookie
       @response = @client.call(:login,
         cookies: @auth_cookies,
         message: {
           username: @options[:username], 
-          password: Password.decrypt(@options[:password])
+          password: crypt.decrypt(@options[:password])
         })
 
       @auth_cookies = @response.http.cookies if @auth_cookies.nil?

data/lib/birst_command/version.rb

@@ -1,3 +1,3 @@
 module Birst_Command
-  VERSION = "0.4.0"
+  VERSION = "0.5.0"
 end

data/test/standard/test_password.rb

@@ -3,52 +3,19 @@ require "test_birst_command"
 class Test_password < Test::Unit::TestCase
 
   def setup
-    ENV['BIRST_COMMAND_IV']   = "3Ez9fL0Jlt/E1d7QlVtKdw=="
-    ENV['BIRST_COMMAND_KEY']  = "N589Xi0YzzkE+bRGwp3yaoVk/lneYsLHdFP+366hwcY="
-    ENV['BIRST_COMMAND_SALT'] = "AUkJj8QSmNW3QazpyNl7og=="
+    ENV['ENVCRYPT_KEY'] = '9Aqck/FZ0pCRkiw95VpxLw==$kxnYLOCo9qHDHHaTZM+fN73WVclDkRqO+uxSgzFzrpQ=$qoEtCm1BQWgc+WAxpotsrw=='
 
     @password = "mysecretpass"
-    @encrypted = "dP5+BfQyTAvKOM6s1ik4zg=="
+    @encrypted = "MBTkxkMT8AbQupkOwtG9uQ=="
   end
 
   def teardown
   end
 
-  def test_key_generation
-    ENV['BIRST_COMMAND_IV']   = nil
-    ENV['BIRST_COMMAND_KEY']  = nil
-    ENV['BIRST_COMMAND_SALT'] = nil
-
-    Password.generate_keys
-
-    encrypted = Password.encrypt(@password)
-    decrypted = Password.decrypt(encrypted)
-
-    assert_equal @password, decrypted, "Wrong decrypted password"
-  end
-
-
-  def test_decryption_failure
-    Password.generate_keys
-
-    encrypted = Password.encrypt(@password)
-    ENV['BIRST_COMMAND_SALT'] = SecureRandom.base64
-
-    assert_raise OpenSSL::Cipher::CipherError do
-      decrypted = Password.decrypt(encrypted)
-    end
-  end
-
-
-  def test_encrypt
-    assert_equal @encrypted, Password.encrypt(@password), "Expecting encrypted password #{@encrypted}"
-  end
-
   def test_decrypt
-    assert_equal @password, Password.decrypt(@encrypted), "Expecting decrypted password #{@password}"
+    crypt = Envcrypt::Envcrypter.new
+    assert_equal @password, crypt.decrypt(@encrypted), "Wrong decrypted password"
   end
-
-
 end
 
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: Birst_Command
 version: !ruby/object:Gem::Version
-  version: 0.4.0
+  version: 0.5.0
 platform: ruby
 authors:
 - Sterling Paramore
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-05-24 00:00:00.000000000 Z
+date: 2014-06-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: savon
@@ -38,6 +38,20 @@ dependencies:
     - - ~>
       - !ruby/object:Gem::Version
         version: '2.3'
+- !ruby/object:Gem::Dependency
+  name: envcrypt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '0.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '0.1'
 description: Ruby interface to Birst web API
 email:
 - gnilrets@gmail.com
@@ -60,7 +74,6 @@ files:
 - lib/birst_command.rb
 - lib/birst_command/config.rb
 - lib/birst_command/core_additions.rb
-- lib/birst_command/password.rb
 - lib/birst_command/session.rb
 - lib/birst_command/version.rb
 - test/.gitignore

data/lib/birst_command/password.rb

@@ -1,66 +0,0 @@
-module Birst_Command
-  module Password
-    extend self
-
-    def generate_keys(verbose: false)
-      iv    = ENV['BIRST_COMMAND_IV']   || SecureRandom.base64
-      key   = ENV['BIRST_COMMAND_KEY']  || SecureRandom.base64(32)
-      salt  = ENV['BIRST_COMMAND_SALT'] || SecureRandom.base64
-
-      if verbose
-        puts <<-EOF.unindent
-        Set these keys as environment variables 
-         - Do not lose them or you will have to regenerate your password.
-         - Keep them secure, your password is compromised if these keys are compromised.
-         - Remove them as environment variables to generate new ones
-        BIRST_COMMAND_IV="#{iv}"
-        BIRST_COMMAND_KEY="#{key}"
-        BIRST_COMMAND_SALT="#{salt}"
-        EOF
-      end
-      
-      ENV['BIRST_COMMAND_IV']   = iv
-      ENV['BIRST_COMMAND_KEY']  = key
-      ENV['BIRST_COMMAND_SALT'] = salt
-    end
-
-    # Generate a new cipher for encryption or decryption
-    def create_cipher(mode)
-      iv   = ENV['BIRST_COMMAND_IV']   || SecureRandom.base64
-      key  = ENV['BIRST_COMMAND_KEY']  || SecureRandom.base64(32)
-      salt = ENV['BIRST_COMMAND_SALT'] || SecureRandom.base64
-
-      cipher = OpenSSL::Cipher.new 'AES-128-CBC'
-      cipher.send(mode)
-      cipher.iv = iv
-
-      digest = OpenSSL::Digest::SHA256.new
-      key_len = cipher.key_len
-      iter = 20000
-      cipher.key = OpenSSL::PKCS5.pbkdf2_hmac(key, salt, iter, key_len, digest)
-      cipher
-    end
-
-
-    # Returns a base64-obfuscated password to be stored in the config.json file
-    def encrypt(pwd)
-      cipher = create_cipher(:encrypt)
-
-      encrypted = cipher.update pwd
-      encrypted << cipher.final
-
-      Base64.encode64(encrypted).chomp
-    end
-
-
-    # Returns a plaintext password
-    def decrypt(encrypted_pwd)
-      cipher = create_cipher(:decrypt)
-
-      decrypted = cipher.update Base64.decode64(encrypted_pwd)
-      decrypted << cipher.final
-
-      decrypted
-    end
-  end
-end