RubyGems - enzoic - Versions diffs - 1.2.0 → 1.4.0 - Mend

enzoic 1.2.0 → 1.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2af7917c4ee90414cdffeda3948ce2a0642f523f6c44fe07db64deab4f5b6e25
-  data.tar.gz: 4cdfeb61e75c47f95132e9a0c644f89a987597a48685038ac7308dba66e008ee
+  metadata.gz: d13fca15fa76f249a013adea0bac59023d847f8021bfe16748999ff0f5d26e52
+  data.tar.gz: a64b16ddd1f5ae4eb7dbdf97672c9a36958ae4099698181f47d88a815626d01e
 SHA512:
-  metadata.gz: 557fadc6dab20d5d76d2098466c31728ecba0a1fcd16ce9cd13a798817239bb791012691b37130b7e64dd7275728d83c9f89bdfeda10dbde0b369faf705f8ecf
-  data.tar.gz: 420af16ed93a7696969a74fbfcd13e491e23f934a9f15712fe42fc3eb777e6cdcf51751ac4ebc2bfa28b250fc7d17c3107f10989a524c4f1779811254423cc50
+  metadata.gz: cf9305fce6e41d506b445c8e3b17b7ffea8e816482ace8d872dc1a464c260d1b25bbb3d81e88534c2d6bb6a084bb5c0bded0dbfb76cd494a98cfb1d7dbfaeb01
+  data.tar.gz: 6aa0dfb06cfbeda5f130a92c77dcb51b36874b0aea2eb128d25c5dc91e033c56228a8af1cbf9b739f4ce9ea494a52e1aa6068b455f2d695b36036cecc58d0995

data/README.md CHANGED Viewed

@@ -35,7 +35,8 @@ require 'enzoic'
 enzoic = Enzoic::Enzoic.new(apiKey: YOUR_API_KEY, secret: YOUR_API_SECRET)
 # Check whether a password has been compromised
-# see https://www.enzoic.com/docs-passwords-api/ for more information
+# for more information, see
+# https://docs.enzoic.com/enzoic-api-developer-documentation/api-reference/passwords-api
 if enzoic.check_password("password-to-test")
     puts("Password is compromised")
 else
@@ -43,7 +44,8 @@ else
 end
 # Check whether a specific set of credentials are compromised
-# see https://www.enzoic.com/docs-credentials-api/ for more information
+# for more information, see
+# https://docs.enzoic.com/enzoic-api-developer-documentation/api-reference/credentials-api/hashed-credentials-api
 if enzoic.check_credentials("test@enzoic.com", "password-to-test")
     puts("Credentials are compromised")
 else
@@ -63,18 +65,21 @@ else
 end
 # get all exposures for a given user
-# see https://www.enzoic.com/docs-exposures-api/#get-exposures for more information
+# for more information, see
+# https://docs.enzoic.com/enzoic-api-developer-documentation/api-reference/exposures-api/get-exposures-for-an-email-address
 exposures = enzoic.get_exposures_for_user("test@enzoic.com")
 puts(exposures.count.to_s + " exposures found for test@enzoic.com")
 # now get the full details for the first exposure found
-# see https://www.enzoic.com/docs-exposures-api/#get-exposure-details for more information
+# for more information, see
+# https://docs.enzoic.com/enzoic-api-developer-documentation/api-reference/exposures-api/retrieve-details-for-an-exposure
 details = enzoic.get_exposure_details(exposures.exposures[0])
 puts("First exposure for test@enzoic.com was " + details.title)
 # get all passwords for a given user - requires special approval, contact Enzoic sales
-# see https://www.enzoic.com/docs-raw-passwords-api/ for more information
-user_passwords = enzoic.get_passwords_for_user("eicar_0@enzoic.com")
+# for more information, see
+# https://docs.enzoic.com/enzoic-api-developer-documentation/api-reference/credentials-api/cleartext-credentials-api
+user_passwords = enzoic.get_passwords_for_user("eicar_0@enzoic.com", true)
 puts("First password for eicar_0@enzoic.com was " + user_passwords.passwords[0].password)
 ```

data/enzoic.gemspec CHANGED Viewed

@@ -20,7 +20,7 @@ Gem::Specification.new do |spec|
   spec.bindir        = "exe"
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ["lib"]
-  spec.add_dependency 'ffi', '~> 1.11.1'
+  spec.add_dependency 'ffi', '~> 1.15.5'
   spec.add_dependency 'ffi-compiler', '~> 1.0.1'
   spec.add_dependency 'rest-client', '~> 2.0', '>= 2.0.2'
   spec.add_dependency 'bcrypt', '~> 3.1', '>= 3.1.11'

data/lib/enzoic/hashing.rb CHANGED Viewed

@@ -3,7 +3,8 @@ require 'digest'
 require 'bcrypt'
 require 'unix_crypt'
 require 'zlib'
-require 'digest/whirlpool'
+require 'digest/whirlpool.bundle'
+#require 'open_ssl'
 require 'base64url'
 module Enzoic
@@ -272,24 +273,47 @@ module Enzoic
       return result
     end
+    def self.sha256crypt(to_hash, salt)
+      return self.sha_crypt("5", UnixCrypt::SHA256, to_hash, salt)
+    end
     def self.sha512crypt(to_hash, salt)
-      return UnixCrypt::SHA512.build(to_hash, salt.start_with?("$6$") ? salt[3..salt.length] : salt)
+      return self.sha_crypt("6", UnixCrypt::SHA512, to_hash, salt)
+    end
+    def self.sha_crypt(crypt_version, crypter, to_hash, salt)
+      # special handling if the salt contains an embedded rounds specifier
+      if salt.start_with?("$" + crypt_version + "$") && salt.include?("$rounds=")
+        # extract rounds
+        rounds_starting_idx = salt.index("$rounds=") + 8
+        rounds = salt[rounds_starting_idx..salt.length]
+        salt_portion = rounds[rounds.index("$") + 1..rounds.length]
+        begin
+          rounds = Integer(rounds[0..rounds.index("$") - 1])
+        rescue ArgumentError
+          rounds = 5000
+        end
+        result = crypter.build(to_hash, salt_portion, rounds)
+        # if the default rounds of 5000 was used, add this back in to the resultant hash as this library, unlike most,
+        # will strip it out.
+        if rounds == 5000
+          result = result[0..2] + "rounds=5000$" + result[3..result.length]
+        end
+        return result
+      end
+      return crypter.build(to_hash, salt.start_with?("$" + crypt_version + "$") ? salt[3..salt.length] : salt)
     end
     def self.custom_algorithm10(to_hash, salt)
       return self.sha512(to_hash + ":" + salt)
     end
-    def self.sha256crypt(to_hash, salt)
-      salt_to_use = salt
-      if salt_to_use.start_with?("$5$")
-        salt_to_use = salt_to_use[3..salt.length];
-      end
-      if salt_to_use.start_with?("rounds=")
-        salt_to_use = salt_to_use[salt_to_use.index("$") + 1..salt_to_use.length]
-      end
-      return UnixCrypt::SHA256.build(to_hash, salt_to_use)
+    def self.hmac_sha1_salt_as_hash(to_hash, salt)
+      return OpenSSL::HMAC.hexdigest("sha1", salt, to_hash)
     end
     def self.authMeSHA256(to_hash, salt)

data/lib/enzoic/password_type.rb CHANGED Viewed

@@ -41,8 +41,9 @@ module Enzoic
     CustomAlgorithm9 = 38
     SHA512Crypt = 39
     CustomAlgorithm10 = 40
-    SHA256Crypt = 41
+    HMACSHA1_SaltAsHash = 41
     AuthMeSHA256 = 42
+    SHA256Crypt = 43
     Unknown = 97
     UnusablePassword = 98

data/lib/enzoic/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 # Standard Gem version constant.
 module Enzoic
-  VERSION = "1.2.0".freeze
+  VERSION = "1.4.0".freeze
 end

data/lib/enzoic.rb CHANGED Viewed

@@ -138,9 +138,10 @@ module Enzoic
       end
     end
-    def get_passwords_for_user(username)
+    def get_passwords_for_user(username, include_exposure_details = false)
       response = make_rest_call(@baseURL + Constants::ACCOUNTS_API_PATH + "?username=" +
-                                  Hashing.sha256(username.downcase) + "&includePasswords=1",
+                                  Hashing.sha256(username.downcase) + "&includePasswords=1" +
+                                  (include_exposure_details ? "&includeExposureDetails=1" : ""),
                                 "GET", nil)
       if response == "404"
@@ -301,6 +302,10 @@ module Enzoic
         if salt != nil && salt.length > 0
           return Hashing.authMeSHA256(password, salt)
         end
+      when PasswordType::HMACSHA1_SaltAsHash
+        if salt != nil && salt.length > 0
+          return Hashing.hmac_sha1_salt_as_hash(password, salt)
+        end
       else
         return nil
       end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: enzoic
 version: !ruby/object:Gem::Version
-  version: 1.2.0
+  version: 1.4.0
 platform: ruby
 authors:
 - Enzoic
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2022-10-22 00:00:00.000000000 Z
+date: 2023-08-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ffi
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.11.1
+        version: 1.15.5
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.11.1
+        version: 1.15.5
 - !ruby/object:Gem::Dependency
   name: ffi-compiler
   requirement: !ruby/object:Gem::Requirement
@@ -116,20 +116,20 @@ dependencies:
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 2.2.11
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: 2.2.11
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 2.2.11
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: 2.2.11
 - !ruby/object:Gem::Dependency
@@ -361,7 +361,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3.1
+rubygems_version: 3.1.6
 signing_key:
 specification_version: 4
 summary: Ruby library for Enzoic API