autosign 0.1.1 → 1.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/.rubocop.yml +12 -0
- data/.rubocop_todo.yml +659 -0
- data/.travis.yml +4 -5
- data/CHANGELOG.md +56 -0
- data/Gemfile.lock +107 -89
- data/LICENSE +201 -0
- data/README.md +37 -0
- data/Rakefile +22 -22
- data/autosign.gemspec +24 -20
- data/bin/autosign +23 -15
- data/bin/autosign-validator +14 -6
- data/lib/autosign.rb +1 -1
- data/lib/autosign/config.rb +71 -56
- data/lib/autosign/decoder.rb +7 -3
- data/lib/autosign/journal.rb +2 -2
- data/lib/autosign/token.rb +7 -7
- data/lib/autosign/validator.rb +34 -197
- data/lib/autosign/{validators → validator}/jwt.rb +41 -42
- data/lib/autosign/{validators → validator}/multiplexer.rb +24 -32
- data/lib/autosign/{validators → validator}/passwordlist.rb +16 -17
- data/lib/autosign/validator/validator_base.rb +168 -0
- data/lib/autosign/version.rb +1 -1
- metadata +78 -74
- data/features/autosign.feature +0 -93
- data/features/step_definitions/autosign_steps.rb +0 -44
- data/features/support/env.rb +0 -17
- data/features/validate.feature +0 -22
- data/fixtures/i-7672fe81.pem +0 -34
- data/spec/spec_helper.rb +0 -102
- data/spec/specs/config_spec.rb +0 -20
- data/spec/specs/decoder_spec.rb +0 -16
- data/spec/specs/journal_spec.rb +0 -41
- data/spec/specs/token_spec.rb +0 -102
- data/spec/specs/validators/jwt_spec.rb +0 -69
- data/spec/specs/validators/passwordlist_spec.rb +0 -51
@@ -1,69 +0,0 @@
|
|
1
|
-
require 'spec_helper'
|
2
|
-
require 'securerandom'
|
3
|
-
|
4
|
-
context Autosign::Validators::JWT do
|
5
|
-
let(:certname) { 'host.example.com' }
|
6
|
-
let(:validator) { Autosign::Validators::JWT.new }
|
7
|
-
|
8
|
-
let(:one_time_token) { Autosign::Token.new('foo.example.com', false, 3600, 'rspec_test', 'secret').sign }
|
9
|
-
let(:reusable_token) { Autosign::Token.new('foo.example.com', true, 3600, 'rspec_test', 'secret').sign }
|
10
|
-
let(:expired_token) { Autosign::Token.new('foo.example.com', true, -1, 'rspec_test', 'secret').sign }
|
11
|
-
|
12
|
-
before {
|
13
|
-
# stub configuration
|
14
|
-
data = { 'general' => {
|
15
|
-
'loglevel' => :debug,
|
16
|
-
'logfile' => '/tmp/autosign.log'
|
17
|
-
},
|
18
|
-
'jwt_token' => {
|
19
|
-
'secret' => 'secret',
|
20
|
-
'validity' => 3600,
|
21
|
-
'journalfile' => '/tmp/autosign.journal'
|
22
|
-
}
|
23
|
-
}
|
24
|
-
allow_any_instance_of(Autosign::Config).to receive(:settings).and_return(data)
|
25
|
-
}
|
26
|
-
|
27
|
-
|
28
|
-
context 'class methods' do
|
29
|
-
describe '.new' do
|
30
|
-
it 'requires no parameters' do
|
31
|
-
expect { Autosign::Validators::JWT.new() }.to_not raise_error
|
32
|
-
end
|
33
|
-
end
|
34
|
-
end
|
35
|
-
|
36
|
-
context 'instance methods' do
|
37
|
-
describe '.name' do
|
38
|
-
it 'returns a string' do
|
39
|
-
expect(validator.name).to be_a(String)
|
40
|
-
end
|
41
|
-
it 'returns the string "jwt_token"' do
|
42
|
-
expect(validator.name).to eq('jwt_token')
|
43
|
-
end
|
44
|
-
end
|
45
|
-
describe '.validate' do
|
46
|
-
it 'validates a JWT token' do
|
47
|
-
expect(validator.validate(one_time_token, 'foo.example.com', 'dummy_csr_data')).to be true
|
48
|
-
end
|
49
|
-
it 'does not validate a token with the wrong hostname' do
|
50
|
-
expect(validator.validate(one_time_token, 'wrong.example.com', 'dummy_csr_data')).to be false
|
51
|
-
end
|
52
|
-
it 'does not validate an expired token' do
|
53
|
-
expect(validator.validate(expired_token, 'foo.example.com', 'dummy_csr_data')).to be false
|
54
|
-
end
|
55
|
-
it 'does not validate an invalid token' do
|
56
|
-
expect(validator.validate(SecureRandom.urlsafe_base64(200), 'foo.example.com', 'dummy_csr_data')).to be false
|
57
|
-
end
|
58
|
-
it 'does not validate a re-used one-time token' do
|
59
|
-
expect(validator.validate(one_time_token, 'foo.example.com', 'dummy_csr_data')).to be true
|
60
|
-
expect(validator.validate(one_time_token, 'foo.example.com', 'dummy_csr_data')).to be false
|
61
|
-
end
|
62
|
-
it 'does validate a re-used re-usable token' do
|
63
|
-
expect(validator.validate(reusable_token, 'foo.example.com', 'dummy_csr_data')).to be true
|
64
|
-
expect(validator.validate(reusable_token, 'foo.example.com', 'dummy_csr_data')).to be true
|
65
|
-
end
|
66
|
-
end
|
67
|
-
|
68
|
-
end
|
69
|
-
end
|
@@ -1,51 +0,0 @@
|
|
1
|
-
require 'spec_helper'
|
2
|
-
require 'securerandom'
|
3
|
-
|
4
|
-
context Autosign::Validators::Passwordlist do
|
5
|
-
let(:certname) { 'host.example.com' }
|
6
|
-
let(:validator) { Autosign::Validators::Passwordlist.new }
|
7
|
-
|
8
|
-
before {
|
9
|
-
# stub configuration
|
10
|
-
data = { 'general' => {
|
11
|
-
'loglevel' => :debug,
|
12
|
-
'logfile' => '/tmp/autosign.log'
|
13
|
-
},
|
14
|
-
'password_list' => {
|
15
|
-
'password' => ['hunter2', 'opensesame', 'CPE1704TKS']
|
16
|
-
}
|
17
|
-
}
|
18
|
-
allow_any_instance_of(Autosign::Config).to receive(:settings).and_return(data)
|
19
|
-
}
|
20
|
-
|
21
|
-
context 'class methods' do
|
22
|
-
describe '.new' do
|
23
|
-
it 'requires no parameters' do
|
24
|
-
expect { Autosign::Validators::Passwordlist.new() }.to_not raise_error
|
25
|
-
end
|
26
|
-
end
|
27
|
-
end
|
28
|
-
|
29
|
-
context 'instance methods' do
|
30
|
-
describe '.name' do
|
31
|
-
it 'returns a string' do
|
32
|
-
expect(validator.name).to be_a(String)
|
33
|
-
end
|
34
|
-
it 'returns the string "password_list"' do
|
35
|
-
expect(validator.name).to eq('password_list')
|
36
|
-
end
|
37
|
-
end
|
38
|
-
describe '.validate' do
|
39
|
-
it 'validates a request with a valid password' do
|
40
|
-
expect(validator.validate('hunter2', 'foo.example.com', 'dummy_csr_data')).to be true
|
41
|
-
expect(validator.validate('opensesame', 'foo.example.com', 'dummy_csr_data')).to be true
|
42
|
-
expect(validator.validate('CPE1704TKS', 'foo.example.com', 'dummy_csr_data')).to be true
|
43
|
-
end
|
44
|
-
it 'does not validate a request with an invalid password' do
|
45
|
-
expect(validator.validate('bad_password', 'foo.example.com', 'dummy_csr_data')).to be false
|
46
|
-
expect(validator.validate('', 'foo.example.com', 'dummy_csr_data')).to be false
|
47
|
-
end
|
48
|
-
end
|
49
|
-
|
50
|
-
end
|
51
|
-
end
|