RubyGems - door_code - Versions diffs - 0.0.5 → 0.0.7 - Mend

door_code 0.0.5 → 0.0.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

data/README.md +13 -11
data/door_code.gemspec +2 -1
data/lib/door_code/restricted_access.rb +27 -12
metadata +13 -26

data/README.md CHANGED Viewed

@@ -11,19 +11,20 @@ Rubygems:
 Bundler:
-    gem 'door_code', '~> 0.0.3'
+    gem 'door_code', '~> 0.0.6'
-### Then
+## Configuration
-In config.ru:
+In config.ru or within your Sinatra app:
-    use DoorCode::RestrictedAccess, :code => '12345'
-    # to use a custom salt for cookie encryption
-    use DoorCode::RestrictedAccess, :code => '12345', :salt => "my super secret code"
+    use DoorCode::RestrictedAccess, :code => '12345' # code must be 3-6 digits
+Optional options:
+    use DoorCode::RestrictedAccess,
+      :code => '12345', # set a single valid code
+      :codes => ['12345','6789'], # set multiple valid codes
+      :salt => "my super secret code" # use a custom salt for cookie encryption
 In application.rb (Rails3) or environment.rb (Rails2):
@@ -36,9 +37,10 @@ There is a simple demo application running on Heroku at [http://doorcodedemo.her
 ## Notes
 * The default code is '12345'
-* If the code passed to DoorCode is invalid (eg contains non-digits), the default code will be assigned
+* All options passed to DoorCode are optional. If no valid codes are supplied, the default code will be activated
 ## To Do
 * Allow specifying domains and paths to restrict access conditionally
+* API for customization
 * Write more tests

data/door_code.gemspec CHANGED Viewed

@@ -3,7 +3,7 @@ $:.push File.expand_path("../lib", __FILE__)
 Gem::Specification.new do |s|
   s.name        = "door_code"
-  s.version     = '0.0.5'
+  s.version     = '0.0.7'
   s.platform    = Gem::Platform::RUBY
   s.authors     = ["Mike Fulcher", "Alex Neill", "Spencer Steffen"]
   s.email       = ["mike@plan9design.co.uk", "alex.neill@gmail.com", "spencer@citrusme.com"]
@@ -23,5 +23,6 @@ Gem::Specification.new do |s|
   s.add_development_dependency 'shoulda', '2.11.3'
   s.add_development_dependency 'rack-test', '0.5.7'
+  s.add_development_dependency 'sinatra', '1.1.0'
 end

data/lib/door_code/restricted_access.rb CHANGED Viewed

@@ -9,29 +9,44 @@ module DoorCode
     def initialize app, options={}
       @app = app
       @salt = parse_salt(options[:salt])
-      @code = parse_code(options[:code])
+      # The code or codes can be supplied as either a single string or an array using either
+      # the ":code" or ":codes" key. ":codes" trumps ":code" if both are supplied
+      @codes = options[:codes] ? parse_codes(options[:codes]) : parse_codes(options[:code])
     end
-    # Ensures the code is good & valid, otherwise
-    # reverts to the default
+    # Filters the supplied codes to ensure they are valid, and sets the DEFAULT_CODE if no
+    # valid codes are detected
+    def parse_codes(codes)
+      parsed_codes = codes.respond_to?(:any?) ? codes.map { |c| parse_code(c) } : [parse_code(codes)]
+      # If there are any valid codes supplied which are unique and valid,
+      # strip the default code out in order to circumvent a security hole
+      if parsed_codes.compact.uniq.empty?
+        parsed_codes << DEFAULT_CODE
+        p "DoorCode: no valid codes detected - activating default code"
+      end
+      parsed_codes.compact.uniq.map { |c| Digest::SHA1.hexdigest("--#{@salt}--#{c}--") }
+    end
+    # Checks that the code provided is valid, returning nil if not
     def parse_code(code)
       parsed_code = code.to_s.gsub(/\D/, '')
-      if parsed_code == code
+      if parsed_code == code && (code.length < MIN_LENGTH || code.length > MAX_LENGTH)
         # Means the supplied code contains only digits, which is good
         # Just need to check that the code length is valid
-        parsed_code = DEFAULT_CODE if code.length < MIN_LENGTH || code.length > MAX_LENGTH
-      else
+        parsed_code = nil
+        p "DoorCode: invalid PIN code detected"
+      elsif parsed_code != code
         # Means the supplied code contained non-digits, so revert to default
-        parsed_code = DEFAULT_CODE
+        parsed_code = nil
+        p "DoorCode: invalid PIN code detected"
       end
-      Digest::SHA1.hexdigest("--#{@salt}--#{parsed_code}--")
+      parsed_code
     end
     # Ensures a salt is supplied, otherwise set to default
     def parse_salt(salt)
       if 0 < salt.to_s.length
-        salt = Digest::SHA1.hexdigest("Door Code Secret Key")
+        salt = Digest::SHA1.hexdigest("_door_code_secret_key")
       end
       salt
     end
@@ -64,7 +79,7 @@ module DoorCode
     # Is the supplied code valid for the current area
     def valid_code?(code)
-      @code == code
+      @codes.include?(code)
     end
     # Check if the supplied code is valid;
@@ -105,7 +120,7 @@ module DoorCode
       build_rack_objects
       return @app.call(env) if confirmed?
-      p 'Loading DoorCode::RestrictedAccess'
+      p 'DoorCode: Unauthorized personnel detected'
       if request.post?
         response['Content-Type'] = 'text/javascript' if request.xhr?

metadata CHANGED Viewed

@@ -1,13 +1,8 @@
 --- !ruby/object:Gem::Specification
 name: door_code
 version: !ruby/object:Gem::Version
-  hash: 21
   prerelease:
-  segments:
-  - 0
-  - 0
-  - 5
-  version: 0.0.5
+  version: 0.0.7
 platform: ruby
 authors:
 - Mike Fulcher
@@ -17,7 +12,7 @@ autorequire:
 bindir: bin
 cert_chain: []
-date: 2011-02-21 00:00:00 +00:00
+date: 2011-02-22 00:00:00 +00:00
 default_executable:
 dependencies:
 - !ruby/object:Gem::Dependency
@@ -28,9 +23,6 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        hash: 3
-        segments:
-        - 0
         version: "0"
   type: :runtime
   version_requirements: *id001
@@ -42,11 +34,6 @@ dependencies:
     requirements:
     - - "="
       - !ruby/object:Gem::Version
-        hash: 37
-        segments:
-        - 2
-        - 11
-        - 3
         version: 2.11.3
   type: :development
   version_requirements: *id002
@@ -58,14 +45,20 @@ dependencies:
     requirements:
     - - "="
       - !ruby/object:Gem::Version
-        hash: 5
-        segments:
-        - 0
-        - 5
-        - 7
         version: 0.5.7
   type: :development
   version_requirements: *id003
+- !ruby/object:Gem::Dependency
+  name: sinatra
+  prerelease: false
+  requirement: &id004 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - "="
+      - !ruby/object:Gem::Version
+        version: 1.1.0
+  type: :development
+  version_requirements: *id004
 description: Rack middleware which requires that visitors to the site enter a 3-6 digit PIN code to gain access.
 email:
 - mike@plan9design.co.uk
@@ -102,18 +95,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      hash: 3
-      segments:
-      - 0
       version: "0"
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      hash: 3
-      segments:
-      - 0
       version: "0"
 requirements: []