door_code 0.0.7 → 0.0.8

data/.gitignore

@@ -2,3 +2,5 @@
 .bundle
 Gemfile.lock
 pkg/*
+.DS_Store
+*.DS_Store

data/README.md

@@ -11,7 +11,7 @@ Rubygems:
 
 Bundler:
 
-    gem 'door_code', '~> 0.0.6'
+    gem 'door_code', '~> 0.0.8'
 
 ## Configuration
     
@@ -24,7 +24,6 @@ Optional options:
     use DoorCode::RestrictedAccess,
       :code => '12345', # set a single valid code
       :codes => ['12345','6789'], # set multiple valid codes
-      :salt => "my super secret code" # use a custom salt for cookie encryption
     
 In application.rb (Rails3) or environment.rb (Rails2):
 

data/door_code.gemspec

@@ -3,7 +3,7 @@ $:.push File.expand_path("../lib", __FILE__)
 
 Gem::Specification.new do |s|
   s.name        = "door_code"
-  s.version     = '0.0.7'
+  s.version     = '0.0.8'
   s.platform    = Gem::Platform::RUBY
   s.authors     = ["Mike Fulcher", "Alex Neill", "Spencer Steffen"]
   s.email       = ["mike@plan9design.co.uk", "alex.neill@gmail.com", "spencer@citrusme.com"]

data/lib/door_code/restricted_access.rb

@@ -1,4 +1,20 @@
 module DoorCode
+  
+  class << self
+    
+    # Returns the salt or a random one
+    def salt
+      @salt ||= generate_random_salt
+    end
+    
+    # Generate a random salt for the encryption
+    def generate_random_salt
+      o =  [('a'..'z'),('A'..'Z')].map{|i| i.to_a}.flatten
+      string = (0..50).map{ o[rand(o.length)]  }.join
+    end
+    
+  end
+
   class RestrictedAccess
     
     MIN_LENGTH = 3
@@ -8,7 +24,6 @@ module DoorCode
     
     def initialize app, options={}
       @app = app
-      @salt = parse_salt(options[:salt])
       # The code or codes can be supplied as either a single string or an array using either
       # the ":code" or ":codes" key. ":codes" trumps ":code" if both are supplied
       @codes = options[:codes] ? parse_codes(options[:codes]) : parse_codes(options[:code])
@@ -24,7 +39,7 @@ module DoorCode
         parsed_codes << DEFAULT_CODE
         p "DoorCode: no valid codes detected - activating default code"
       end
-      parsed_codes.compact.uniq.map { |c| Digest::SHA1.hexdigest("--#{@salt}--#{c}--") }
+      parsed_codes.compact.uniq.map { |c| Digest::SHA1.hexdigest("--#{salt}--#{c}--") }
     end
     
     # Checks that the code provided is valid, returning nil if not
@@ -43,12 +58,9 @@ module DoorCode
       parsed_code
     end
     
-    # Ensures a salt is supplied, otherwise set to default
-    def parse_salt(salt)
-      if 0 < salt.to_s.length
-        salt = Digest::SHA1.hexdigest("_door_code_secret_key")
-      end
-      salt
+    # Returns the salt or creates one
+    def salt
+      @salt ||= DoorCode.salt
     end
     
     # Name of the cookie
@@ -74,7 +86,7 @@ module DoorCode
     
     # Encrypted code supplied from user
     def supplied_code
-      Digest::SHA1.hexdigest("--#{@salt}--#{request.params['code']}--")
+      Digest::SHA1.hexdigest("--#{salt}--#{request.params['code']}--")
     end
     
     # Is the supplied code valid for the current area

data/test/test_restricted_access.rb

@@ -1,7 +1,7 @@
 require 'helper'
 
 # '12345' encrypted with the default salt
-DEFAULT_CODE = '9fa483ac55e30318a84f0046365a21021a409117'
+DEFAULT_CODE = Digest::SHA1.hexdigest("--#{DoorCode.salt}--#{DoorCode::RestrictedAccess::DEFAULT_CODE}--")
 
 class TestRestrictedAccess < Test::Unit::TestCase
   
@@ -45,7 +45,7 @@ class TestRestrictedAccess < Test::Unit::TestCase
       assert last_response.body.include?("Logged In")
     end
   
-    should "logout" do
+    should "logout clearing cookie" do
       get "/logout"
       assert_equal 302, last_response.status
       

metadata

@@ -2,7 +2,7 @@
 name: door_code
 version: !ruby/object:Gem::Version 
   prerelease: 
-  version: 0.0.7
+  version: 0.0.8
 platform: ruby
 authors: 
 - Mike Fulcher
@@ -12,7 +12,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2011-02-22 00:00:00 +00:00
+date: 2011-03-06 00:00:00 +00:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -105,7 +105,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
 requirements: []
 
 rubyforge_project: door_code
-rubygems_version: 1.5.1
+rubygems_version: 1.5.2
 signing_key: 
 specification_version: 3
 summary: Restrict access to your site with a 3-6 digit PIN code