autosign 0.1.1 → 1.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/.rubocop.yml +12 -0
- data/.rubocop_todo.yml +659 -0
- data/.travis.yml +4 -5
- data/CHANGELOG.md +56 -0
- data/Gemfile.lock +107 -89
- data/LICENSE +201 -0
- data/README.md +37 -0
- data/Rakefile +22 -22
- data/autosign.gemspec +24 -20
- data/bin/autosign +23 -15
- data/bin/autosign-validator +14 -6
- data/lib/autosign.rb +1 -1
- data/lib/autosign/config.rb +71 -56
- data/lib/autosign/decoder.rb +7 -3
- data/lib/autosign/journal.rb +2 -2
- data/lib/autosign/token.rb +7 -7
- data/lib/autosign/validator.rb +34 -197
- data/lib/autosign/{validators → validator}/jwt.rb +41 -42
- data/lib/autosign/{validators → validator}/multiplexer.rb +24 -32
- data/lib/autosign/{validators → validator}/passwordlist.rb +16 -17
- data/lib/autosign/validator/validator_base.rb +168 -0
- data/lib/autosign/version.rb +1 -1
- metadata +78 -74
- data/features/autosign.feature +0 -93
- data/features/step_definitions/autosign_steps.rb +0 -44
- data/features/support/env.rb +0 -17
- data/features/validate.feature +0 -22
- data/fixtures/i-7672fe81.pem +0 -34
- data/spec/spec_helper.rb +0 -102
- data/spec/specs/config_spec.rb +0 -20
- data/spec/specs/decoder_spec.rb +0 -16
- data/spec/specs/journal_spec.rb +0 -41
- data/spec/specs/token_spec.rb +0 -102
- data/spec/specs/validators/jwt_spec.rb +0 -69
- data/spec/specs/validators/passwordlist_spec.rb +0 -51
@@ -1,69 +0,0 @@
|
|
1
|
-
require 'spec_helper'
|
2
|
-
require 'securerandom'
|
3
|
-
|
4
|
-
context Autosign::Validators::JWT do
|
5
|
-
let(:certname) { 'host.example.com' }
|
6
|
-
let(:validator) { Autosign::Validators::JWT.new }
|
7
|
-
|
8
|
-
let(:one_time_token) { Autosign::Token.new('foo.example.com', false, 3600, 'rspec_test', 'secret').sign }
|
9
|
-
let(:reusable_token) { Autosign::Token.new('foo.example.com', true, 3600, 'rspec_test', 'secret').sign }
|
10
|
-
let(:expired_token) { Autosign::Token.new('foo.example.com', true, -1, 'rspec_test', 'secret').sign }
|
11
|
-
|
12
|
-
before {
|
13
|
-
# stub configuration
|
14
|
-
data = { 'general' => {
|
15
|
-
'loglevel' => :debug,
|
16
|
-
'logfile' => '/tmp/autosign.log'
|
17
|
-
},
|
18
|
-
'jwt_token' => {
|
19
|
-
'secret' => 'secret',
|
20
|
-
'validity' => 3600,
|
21
|
-
'journalfile' => '/tmp/autosign.journal'
|
22
|
-
}
|
23
|
-
}
|
24
|
-
allow_any_instance_of(Autosign::Config).to receive(:settings).and_return(data)
|
25
|
-
}
|
26
|
-
|
27
|
-
|
28
|
-
context 'class methods' do
|
29
|
-
describe '.new' do
|
30
|
-
it 'requires no parameters' do
|
31
|
-
expect { Autosign::Validators::JWT.new() }.to_not raise_error
|
32
|
-
end
|
33
|
-
end
|
34
|
-
end
|
35
|
-
|
36
|
-
context 'instance methods' do
|
37
|
-
describe '.name' do
|
38
|
-
it 'returns a string' do
|
39
|
-
expect(validator.name).to be_a(String)
|
40
|
-
end
|
41
|
-
it 'returns the string "jwt_token"' do
|
42
|
-
expect(validator.name).to eq('jwt_token')
|
43
|
-
end
|
44
|
-
end
|
45
|
-
describe '.validate' do
|
46
|
-
it 'validates a JWT token' do
|
47
|
-
expect(validator.validate(one_time_token, 'foo.example.com', 'dummy_csr_data')).to be true
|
48
|
-
end
|
49
|
-
it 'does not validate a token with the wrong hostname' do
|
50
|
-
expect(validator.validate(one_time_token, 'wrong.example.com', 'dummy_csr_data')).to be false
|
51
|
-
end
|
52
|
-
it 'does not validate an expired token' do
|
53
|
-
expect(validator.validate(expired_token, 'foo.example.com', 'dummy_csr_data')).to be false
|
54
|
-
end
|
55
|
-
it 'does not validate an invalid token' do
|
56
|
-
expect(validator.validate(SecureRandom.urlsafe_base64(200), 'foo.example.com', 'dummy_csr_data')).to be false
|
57
|
-
end
|
58
|
-
it 'does not validate a re-used one-time token' do
|
59
|
-
expect(validator.validate(one_time_token, 'foo.example.com', 'dummy_csr_data')).to be true
|
60
|
-
expect(validator.validate(one_time_token, 'foo.example.com', 'dummy_csr_data')).to be false
|
61
|
-
end
|
62
|
-
it 'does validate a re-used re-usable token' do
|
63
|
-
expect(validator.validate(reusable_token, 'foo.example.com', 'dummy_csr_data')).to be true
|
64
|
-
expect(validator.validate(reusable_token, 'foo.example.com', 'dummy_csr_data')).to be true
|
65
|
-
end
|
66
|
-
end
|
67
|
-
|
68
|
-
end
|
69
|
-
end
|
@@ -1,51 +0,0 @@
|
|
1
|
-
require 'spec_helper'
|
2
|
-
require 'securerandom'
|
3
|
-
|
4
|
-
context Autosign::Validators::Passwordlist do
|
5
|
-
let(:certname) { 'host.example.com' }
|
6
|
-
let(:validator) { Autosign::Validators::Passwordlist.new }
|
7
|
-
|
8
|
-
before {
|
9
|
-
# stub configuration
|
10
|
-
data = { 'general' => {
|
11
|
-
'loglevel' => :debug,
|
12
|
-
'logfile' => '/tmp/autosign.log'
|
13
|
-
},
|
14
|
-
'password_list' => {
|
15
|
-
'password' => ['hunter2', 'opensesame', 'CPE1704TKS']
|
16
|
-
}
|
17
|
-
}
|
18
|
-
allow_any_instance_of(Autosign::Config).to receive(:settings).and_return(data)
|
19
|
-
}
|
20
|
-
|
21
|
-
context 'class methods' do
|
22
|
-
describe '.new' do
|
23
|
-
it 'requires no parameters' do
|
24
|
-
expect { Autosign::Validators::Passwordlist.new() }.to_not raise_error
|
25
|
-
end
|
26
|
-
end
|
27
|
-
end
|
28
|
-
|
29
|
-
context 'instance methods' do
|
30
|
-
describe '.name' do
|
31
|
-
it 'returns a string' do
|
32
|
-
expect(validator.name).to be_a(String)
|
33
|
-
end
|
34
|
-
it 'returns the string "password_list"' do
|
35
|
-
expect(validator.name).to eq('password_list')
|
36
|
-
end
|
37
|
-
end
|
38
|
-
describe '.validate' do
|
39
|
-
it 'validates a request with a valid password' do
|
40
|
-
expect(validator.validate('hunter2', 'foo.example.com', 'dummy_csr_data')).to be true
|
41
|
-
expect(validator.validate('opensesame', 'foo.example.com', 'dummy_csr_data')).to be true
|
42
|
-
expect(validator.validate('CPE1704TKS', 'foo.example.com', 'dummy_csr_data')).to be true
|
43
|
-
end
|
44
|
-
it 'does not validate a request with an invalid password' do
|
45
|
-
expect(validator.validate('bad_password', 'foo.example.com', 'dummy_csr_data')).to be false
|
46
|
-
expect(validator.validate('', 'foo.example.com', 'dummy_csr_data')).to be false
|
47
|
-
end
|
48
|
-
end
|
49
|
-
|
50
|
-
end
|
51
|
-
end
|