enzoic 1.0.3 → 1.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: f384606d64ea5eac9f13b2467ab4e494d7043312
4
- data.tar.gz: 7f3d428ada763102e27d26aba7ee5172169e5bee
3
+ metadata.gz: 193cc6ee5e5585ea3a76add970ce69feb44c2383
4
+ data.tar.gz: a77cdcf48592e05a9f06ef1ad486467002f2df30
5
5
  SHA512:
6
- metadata.gz: 7a6da77a5e86c97d835e50378c67423c6197f771d5647216d9c7613d7cf402ff6705dbf9e20fce28796bf8957741a3d7459c6dbec0aead19f0ff9e3a7bc4b09e
7
- data.tar.gz: 20356c44bacd22fa24ea58ee85515acecb44326b4fc5b46ee233ad0b132727b8b61594053e2c91df1a4c5300277f0bcda1c7691acf14ed5b126e59bc265e55b1
6
+ metadata.gz: 641ca919dd26147fe4e06550923f380f2b54eb0959372171f57a4f17ff2bcd5f98adcd446d3d39e9f0205910671307c7e78b6954ffa77e0ad58513f25ca31084
7
+ data.tar.gz: 9acf2c9d120dc0292f136b7583ba0d36f2aacd4c7e9fe52de19ec2c6468f7f42738e939250893345fe1fdc6e5d77b44e203db2558b34b0a541303365515b393d
data/README.md CHANGED
@@ -48,6 +48,18 @@ else
48
48
  puts("Credentials are not compromised")
49
49
  end
50
50
 
51
+ # Check whether a specific set of credentials are compromised, using the optional
52
+ # lastCheckData parameter.
53
+ # lastCheckDate is the timestamp for the last check you performed for this user.
54
+ # If the DateTime you provide for the last check is greater than the timestamp Enzoic has
55
+ # for the last breach affecting this user, the check will not be performed.
56
+ # This can be used to substantially increase performance.
57
+ if enzoic.check_credentials("test@enzoic.com", "password-to-test", DateTime.parse("2019-07-15T19:57:43.000Z"))
58
+ puts("Credentials are compromised")
59
+ else
60
+ puts("Credentials are not compromised")
61
+ end
62
+
51
63
  # get all exposures for a given user
52
64
  exposures = enzoic.get_exposures_for_user("test@enzoic.com")
53
65
  puts(exposures.count.to_s + " exposures found for test@enzoic.com")
data/Rakefile CHANGED
@@ -20,9 +20,9 @@ Rake::ExtensionTask.new('whirlpool', gemspec) do |ext|
20
20
  ext.lib_dir = 'lib/digest'
21
21
  end
22
22
 
23
- Rake::ExtensionTask.new('argon2-wrapper', gemspec) do |ext|
24
- ext.ext_dir = 'ext/argon2-wrapper'
25
- ext.lib_dir = 'lib/enzoic'
26
- end
23
+ # Rake::ExtensionTask.new('argon2-wrapper', gemspec) do |ext|
24
+ # ext.ext_dir = 'ext/argon2-wrapper'
25
+ # ext.lib_dir = 'lib/enzoic'
26
+ # end
27
27
 
28
28
  task :default => :test
@@ -0,0 +1,20 @@
1
+ <?xml version="1.0" encoding="UTF-8"?>
2
+ <!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
3
+ <plist version="1.0">
4
+ <dict>
5
+ <key>CFBundleDevelopmentRegion</key>
6
+ <string>English</string>
7
+ <key>CFBundleIdentifier</key>
8
+ <string>com.apple.xcode.dsym.argon2</string>
9
+ <key>CFBundleInfoDictionaryVersion</key>
10
+ <string>6.0</string>
11
+ <key>CFBundlePackageType</key>
12
+ <string>dSYM</string>
13
+ <key>CFBundleSignature</key>
14
+ <string>????</string>
15
+ <key>CFBundleShortVersionString</key>
16
+ <string>1.0</string>
17
+ <key>CFBundleVersion</key>
18
+ <string>1</string>
19
+ </dict>
20
+ </plist>
@@ -0,0 +1,20 @@
1
+ <?xml version="1.0" encoding="UTF-8"?>
2
+ <!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
3
+ <plist version="1.0">
4
+ <dict>
5
+ <key>CFBundleDevelopmentRegion</key>
6
+ <string>English</string>
7
+ <key>CFBundleIdentifier</key>
8
+ <string>com.apple.xcode.dsym.libargon2.0.dylib</string>
9
+ <key>CFBundleInfoDictionaryVersion</key>
10
+ <string>6.0</string>
11
+ <key>CFBundlePackageType</key>
12
+ <string>dSYM</string>
13
+ <key>CFBundleSignature</key>
14
+ <string>????</string>
15
+ <key>CFBundleShortVersionString</key>
16
+ <string>1.0</string>
17
+ <key>CFBundleVersion</key>
18
+ <string>1</string>
19
+ </dict>
20
+ </plist>
@@ -23,7 +23,7 @@ module Enzoic
23
23
  @authString = calc_auth_string(@apiKey, @secret)
24
24
  end
25
25
 
26
- def check_credentials(username, password)
26
+ def check_credentials(username, password, lastCheckTimestamp = Date.new(1980, 1, 1))
27
27
  raise EnzoicFail, "API key/Secret not set" if !@authString || @authString == ''
28
28
 
29
29
  response = make_rest_call(@baseURL + Constants::ACCOUNTS_API_PATH + "?username=" + Hashing.sha256(username), "GET", nil)
@@ -33,40 +33,44 @@ module Enzoic
33
33
  end
34
34
 
35
35
  account_response = JSON.parse(response)
36
- hashes_required = account_response["passwordHashesRequired"]
37
36
 
38
- bcrypt_count = 0
39
- query_string = ""
37
+ # if lastCheckTimestamp was provided, see if we need to go any further
38
+ if (Date.parse(account_response["lastBreachDate"]) > lastCheckTimestamp)
39
+ hashes_required = account_response["passwordHashesRequired"]
40
40
 
41
- for i in 0..hashes_required.length - 1 do
42
- hash_spec = hashes_required[i]
41
+ bcrypt_count = 0
42
+ query_string = ""
43
43
 
44
- # bcrypt gets far too expensive for good response time if there are many of them to calculate.
45
- # some mostly garbage accounts have accumulated a number of them in our DB and if we happen to hit one it
46
- # kills performance, so short circuit out after at most 2 BCrypt hashes
47
- if (hash_spec["hashType"] != PasswordType::BCrypt || bcrypt_count <= 2)
48
- if (hash_spec["hashType"] == PasswordType::BCrypt)
49
- bcrypt_count = bcrypt_count + 1
50
- end
44
+ for i in 0..hashes_required.length - 1 do
45
+ hash_spec = hashes_required[i]
46
+
47
+ # bcrypt gets far too expensive for good response time if there are many of them to calculate.
48
+ # some mostly garbage accounts have accumulated a number of them in our DB and if we happen to hit one it
49
+ # kills performance, so short circuit out after at most 2 BCrypt hashes
50
+ if (hash_spec["hashType"] != PasswordType::BCrypt || bcrypt_count <= 2)
51
+ if (hash_spec["hashType"] == PasswordType::BCrypt)
52
+ bcrypt_count = bcrypt_count + 1
53
+ end
51
54
 
52
- if (hash_spec["hashType"] != nil)
53
- credential_hash = calc_credential_hash(username, password, account_response["salt"], hash_spec);
55
+ if (hash_spec["hashType"] != nil)
56
+ credential_hash = calc_credential_hash(username, password, account_response["salt"], hash_spec);
54
57
 
55
- if (credential_hash != nil)
56
- if (query_string.length == 0)
57
- query_string = query_string + "?hashes=" + CGI.escape(credential_hash);
58
- else
59
- query_string = query_string + "&hashes=" + CGI.escape(credential_hash);
58
+ if (credential_hash != nil)
59
+ if (query_string.length == 0)
60
+ query_string = query_string + "?hashes=" + CGI.escape(credential_hash);
61
+ else
62
+ query_string = query_string + "&hashes=" + CGI.escape(credential_hash);
63
+ end
60
64
  end
61
65
  end
62
66
  end
63
67
  end
64
- end
65
68
 
66
- if (query_string.length > 0)
67
- creds_response = make_rest_call(
68
- @baseURL + Constants::CREDENTIALS_API_PATH + query_string, "GET", nil)
69
- return creds_response != "404"
69
+ if (query_string.length > 0)
70
+ creds_response = make_rest_call(
71
+ @baseURL + Constants::CREDENTIALS_API_PATH + query_string, "GET", nil)
72
+ return creds_response != "404"
73
+ end
70
74
  end
71
75
 
72
76
  return false
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
  # Standard Gem version constant.
3
3
  module Enzoic
4
- VERSION = "1.0.3".freeze
4
+ VERSION = "1.1.3".freeze
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: enzoic
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.3
4
+ version: 1.1.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Enzoic
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2019-07-02 00:00:00.000000000 Z
11
+ date: 2019-08-27 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: ffi
@@ -230,9 +230,11 @@ files:
230
230
  - Rakefile
231
231
  - enzoic.gemspec
232
232
  - ext/.DS_Store
233
+ - ext/argon2-wrapper/.DS_Store
233
234
  - ext/argon2-wrapper/Makefile
234
235
  - ext/argon2-wrapper/argon2-wrapper.c
235
236
  - ext/argon2-wrapper/extconf.rb
237
+ - ext/argon2-wrapper/libargon2-wrapper.bundle
236
238
  - ext/argon2_import/.DS_Store
237
239
  - ext/digest/whirlpool/extconf.rb
238
240
  - ext/digest/whirlpool/whirlpool-algorithm.c
@@ -251,7 +253,10 @@ files:
251
253
  - ext/phc-winner-argon2/Makefile
252
254
  - ext/phc-winner-argon2/README.md
253
255
  - ext/phc-winner-argon2/appveyor.yml
256
+ - ext/phc-winner-argon2/argon2
254
257
  - ext/phc-winner-argon2/argon2-specs.pdf
258
+ - ext/phc-winner-argon2/argon2.dSYM/Contents/Info.plist
259
+ - ext/phc-winner-argon2/argon2.dSYM/Contents/Resources/DWARF/argon2
255
260
  - ext/phc-winner-argon2/export.sh
256
261
  - ext/phc-winner-argon2/include/argon2.h
257
262
  - ext/phc-winner-argon2/kats/argon2d
@@ -278,27 +283,37 @@ files:
278
283
  - ext/phc-winner-argon2/latex/pics/generic.pdf
279
284
  - ext/phc-winner-argon2/latex/pics/power-distribution.jpg
280
285
  - ext/phc-winner-argon2/latex/tradeoff.bib
286
+ - ext/phc-winner-argon2/libargon2.0.dylib
287
+ - ext/phc-winner-argon2/libargon2.0.dylib.dSYM/Contents/Info.plist
288
+ - ext/phc-winner-argon2/libargon2.0.dylib.dSYM/Contents/Resources/DWARF/libargon2.0.dylib
289
+ - ext/phc-winner-argon2/libargon2.a
281
290
  - ext/phc-winner-argon2/libargon2.pc
282
291
  - ext/phc-winner-argon2/man/argon2.1
283
292
  - ext/phc-winner-argon2/src/argon2.c
293
+ - ext/phc-winner-argon2/src/argon2.o
284
294
  - ext/phc-winner-argon2/src/bench.c
285
295
  - ext/phc-winner-argon2/src/blake2/blake2-impl.h
286
296
  - ext/phc-winner-argon2/src/blake2/blake2.h
287
297
  - ext/phc-winner-argon2/src/blake2/blake2b.c
298
+ - ext/phc-winner-argon2/src/blake2/blake2b.o
288
299
  - ext/phc-winner-argon2/src/blake2/blamka-round-opt.h
289
300
  - ext/phc-winner-argon2/src/blake2/blamka-round-ref.h
290
301
  - ext/phc-winner-argon2/src/core.c
291
302
  - ext/phc-winner-argon2/src/core.h
303
+ - ext/phc-winner-argon2/src/core.o
292
304
  - ext/phc-winner-argon2/src/encoding.c
293
305
  - ext/phc-winner-argon2/src/encoding.h
306
+ - ext/phc-winner-argon2/src/encoding.o
294
307
  - ext/phc-winner-argon2/src/genkat.c
295
308
  - ext/phc-winner-argon2/src/genkat.h
296
309
  - ext/phc-winner-argon2/src/opt.c
310
+ - ext/phc-winner-argon2/src/opt.o
297
311
  - ext/phc-winner-argon2/src/ref.c
298
312
  - ext/phc-winner-argon2/src/run.c
299
313
  - ext/phc-winner-argon2/src/test.c
300
314
  - ext/phc-winner-argon2/src/thread.c
301
315
  - ext/phc-winner-argon2/src/thread.h
316
+ - ext/phc-winner-argon2/src/thread.o
302
317
  - ext/phc-winner-argon2/vs2015/Argon2Opt/Argon2Opt.vcxproj
303
318
  - ext/phc-winner-argon2/vs2015/Argon2Opt/Argon2Opt.vcxproj.filters
304
319
  - ext/phc-winner-argon2/vs2015/Argon2OptBench/Argon2OptBench.vcxproj