coder_decorator 1.0.1 → 1.0.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 632b576de3c05ef79d82ba749cba8f22f6f62fed
-  data.tar.gz: 226f7e428d62b83dd1996f25a0c6d8c3364f4e44
+  metadata.gz: e4a202ad3cb054138882ff8ba09cc79bf4a58860
+  data.tar.gz: 42b3b4bcdae63fb410391f243d594bbe67ec34eb
 SHA512:
-  metadata.gz: 7ed5494544fab2529cdefd5247ecefe87efe4e636b5d0a5d3d29121220db2974cf5b1698b985a2f0c84316aa31706f3a5b72f577832ea9bc0e233da8726325ae
-  data.tar.gz: 25a6c1b6b5dd5ccf9e7352ee9972a2efe76fe0085cb8f478940bbdf7b4849921a301a96f3fe552c48f1e8c7e31c6b3146425eb589054ce72e5f714b58d0840bc
+  metadata.gz: 5b5b0524aa151aa4724526e65707672b38cc17bf78a309f09d4fd88c2563e4f665a1dd096f401de180cbad8ad6b9df12c03e9e0a13a5c2758d8055c07a210fed
+  data.tar.gz: 7e1f11176529551995a0676ef5993139d6b12267213579cc1d374a73e5484b374331489d31b41064d297d7ae7e0858b11760484474b0a76f7886e77b85452672

data/lib/coder_decorator/coders/cipher.rb

@@ -10,9 +10,10 @@ module CoderDecorator
     #     "#{encrypted_data}--#{initial_vector}"
     #
     class Cipher < Coder
-      def initialize(coder = nil, secret:, cipher: 'AES-256-CBC')
+      def initialize(coder = nil, secret:, old_secret: nil, cipher: 'AES-256-CBC')
         super(coder)
         @secret = secret
+        @old_secret = old_secret
         @cipher = ::OpenSSL::Cipher.new(cipher)
         @base64 = Coders::Base64.new
       end
@@ -27,15 +28,24 @@ module CoderDecorator
       end
 
       def decode(str)
-        encrypted_data, iv = @base64.decode(str).split('--').map! { |v| @base64.decode(v) }
+        [@secret, @old_secret].each do |secret|
+          begin
+            return decrypt(secret, str)
+          rescue ::OpenSSL::Cipher::CipherError, ::TypeError
+            next
+          end
+        end
+        raise InvalidEncoding
+      end
+
+      private
+
+      def decrypt(secret, data)
+        encrypted_data, iv = @base64.decode(data).split('--').map! { |v| @base64.decode(v) }
         @cipher.decrypt
-        @cipher.key = @secret
+        @cipher.key = secret
         @cipher.iv  = iv
-        begin
-          coder.decode(@cipher.update(encrypted_data) << @cipher.final)
-        rescue ::OpenSSL::Cipher::CipherError
-          raise InvalidEncoding
-        end
+        coder.decode(@cipher.update(encrypted_data) << @cipher.final)
       end
     end
   end

data/lib/coder_decorator/coders/hmac.rb

@@ -12,28 +12,31 @@ module CoderDecorator
     class HMAC < Coder
       REGEXP = /\A(.*)--(.*)\z/
 
-      def initialize(coder = nil, secret:, digest: 'SHA1')
+      def initialize(coder = nil, secret:, old_secret: nil, digest: 'SHA1')
         super(coder)
         @secret = secret
+        @old_secret = old_secret
         @digest = ::OpenSSL::Digest.new(digest)
       end
 
       def encode(str)
         data = coder.encode(str)
-        hmac = generate_hmac(data)
+        hmac = generate_hmac(@secret, data)
         "#{data}--#{hmac}"
       end
 
       def decode(str)
-        data, hmac = REGEXP.match(str)&.captures
-        raise InvalidEncoding unless data && hmac && secure_compare(hmac, generate_hmac(data))
+        match_data = REGEXP.match(str)
+        data, hmac = match_data && match_data.captures
+        secrets = [@secret, @old_secret]
+        raise InvalidEncoding unless data && hmac && secrets.any? { |secret| secure_compare(hmac, generate_hmac(secret, data)) }
         coder.decode(data)
       end
 
       private
 
-      def generate_hmac(str)
-        ::OpenSSL::HMAC.hexdigest(@digest.new, @secret, str)
+      def generate_hmac(secret, str)
+        ::OpenSSL::HMAC.hexdigest(@digest.new, secret, str)
       end
 
       def secure_compare(a, b)

metadata

@@ -1,52 +1,52 @@
 --- !ruby/object:Gem::Specification
 name: coder_decorator
 version: !ruby/object:Gem::Version
-  version: 1.0.1
+  version: 1.0.2
 platform: ruby
 authors:
 - Jian Weihang
-autorequire:
+autorequire: 
 bindir: bin
 cert_chain: []
 date: 2016-12-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
+  name: minitest
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-  name: minitest
-  prerelease: false
   type: :development
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
+  name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-  name: rake
-  prerelease: false
   type: :development
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
+  name: rubocop
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-  name: rubocop
-  prerelease: false
   type: :development
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -69,11 +69,11 @@ files:
 - lib/coder_decorator/coders/rescue.rb
 - lib/coder_decorator/coders/zip.rb
 - lib/coder_decorator/errors.rb
-homepage:
+homepage: 
 licenses:
 - MIT
 metadata: {}
-post_install_message:
+post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
@@ -81,16 +81,16 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 2.2.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project:
+rubyforge_project: 
 rubygems_version: 2.6.8
-signing_key:
+signing_key: 
 specification_version: 4
 summary: An encoding/decoding library with decorator pattern.
 test_files: []