fernet 0.0.1 → 0.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/README.md +27 -3
- data/lib/fernet/generator.rb +7 -1
- data/lib/fernet/verifier.rb +19 -5
- data/lib/fernet/version.rb +1 -1
- data/spec/fernet_spec.rb +8 -0
- metadata +3 -3
data/README.md
CHANGED
|
@@ -24,11 +24,35 @@ Or install it yourself as:
|
|
|
24
24
|
|
|
25
25
|
## Usage
|
|
26
26
|
|
|
27
|
-
|
|
27
|
+
Both server and client must share a secret.
|
|
28
28
|
|
|
29
|
-
|
|
29
|
+
You want to encode some data in the token as well, for example, an email address can be used to verify it on the other end.
|
|
30
|
+
|
|
31
|
+
```ruby
|
|
32
|
+
token = Fernet.generate(secret) do |generator|
|
|
33
|
+
generator.data = { email: 'harold@heroku.com' }
|
|
34
|
+
end
|
|
35
|
+
```
|
|
36
|
+
|
|
37
|
+
On the server side, the receiver can use this token to verify wether it's legit:
|
|
38
|
+
|
|
39
|
+
```ruby
|
|
40
|
+
verified = Fernet.verify(secret, token) do |verifier|
|
|
41
|
+
verifier.data['email'] == 'harold@heroku.com'
|
|
42
|
+
end
|
|
43
|
+
```
|
|
44
|
+
|
|
45
|
+
The `verified` variable will be true if:
|
|
46
|
+
|
|
47
|
+
* The email encoded in the token data is `harold@heroku.com`
|
|
48
|
+
* The token was generated in the last 60 seconds
|
|
49
|
+
* The secret used to generate the token matches
|
|
50
|
+
|
|
51
|
+
Otherwise, `verified` will be false, and you should deny the request with an HTTP 401, for example.
|
|
52
|
+
|
|
53
|
+
The specs ([spec/fernet_spec.rb](https://github.com/hgimenez/fernet/blob/master/spec/fernet_spec.rb)) have more usage examples.
|
|
30
54
|
|
|
31
55
|
## License
|
|
32
56
|
|
|
33
|
-
|
|
57
|
+
Fernet is copyright (c) Harold Giménez and is released under the terms of the
|
|
34
58
|
MIT License found in the LICENSE file.
|
data/lib/fernet/generator.rb
CHANGED
|
@@ -5,7 +5,6 @@ require 'date'
|
|
|
5
5
|
|
|
6
6
|
module Fernet
|
|
7
7
|
class Generator
|
|
8
|
-
attr_reader :secret
|
|
9
8
|
attr_accessor :data
|
|
10
9
|
|
|
11
10
|
def initialize(secret)
|
|
@@ -20,5 +19,12 @@ module Fernet
|
|
|
20
19
|
Base64.urlsafe_encode64(JSON.dump(data.merge(signature: mac)))
|
|
21
20
|
end
|
|
22
21
|
|
|
22
|
+
def inspect
|
|
23
|
+
"#<Fernet::Generator @secret=[masked] @data=#{@data.inspect}>"
|
|
24
|
+
end
|
|
25
|
+
alias to_s inspect
|
|
26
|
+
|
|
27
|
+
private
|
|
28
|
+
attr_reader :secret
|
|
23
29
|
end
|
|
24
30
|
end
|
data/lib/fernet/verifier.rb
CHANGED
|
@@ -6,23 +6,33 @@ require 'date'
|
|
|
6
6
|
module Fernet
|
|
7
7
|
class Verifier
|
|
8
8
|
|
|
9
|
-
attr_reader :
|
|
9
|
+
attr_reader :token, :data
|
|
10
10
|
attr_writer :seconds_valid
|
|
11
11
|
|
|
12
12
|
def initialize(secret)
|
|
13
|
-
@secret
|
|
13
|
+
@secret = secret
|
|
14
14
|
end
|
|
15
15
|
|
|
16
16
|
def verify_token(token)
|
|
17
17
|
@token = token
|
|
18
18
|
deconstruct
|
|
19
19
|
|
|
20
|
-
|
|
20
|
+
if block_given?
|
|
21
|
+
custom_verification = yield self
|
|
22
|
+
else
|
|
23
|
+
custom_verification = true
|
|
24
|
+
end
|
|
21
25
|
|
|
22
26
|
signatures_match? && token_recent_enough? && custom_verification
|
|
23
27
|
end
|
|
24
28
|
|
|
25
|
-
|
|
29
|
+
def inspect
|
|
30
|
+
"#<Fernet::Verifier @secret=[masked] @token=#{@token} @data=#{@data.inspect} @seconds_valid=#{@seconds_valid}>"
|
|
31
|
+
end
|
|
32
|
+
alias to_s inspect
|
|
33
|
+
|
|
34
|
+
private
|
|
35
|
+
attr_reader :secret
|
|
26
36
|
|
|
27
37
|
def deconstruct
|
|
28
38
|
@data = JSON.parse(Base64.decode64(token))
|
|
@@ -35,7 +45,11 @@ module Fernet
|
|
|
35
45
|
end
|
|
36
46
|
|
|
37
47
|
def signatures_match?
|
|
38
|
-
|
|
48
|
+
regenerated_bytes = @regenerated_mac.bytes.to_a
|
|
49
|
+
received_bytes = @received_signature.bytes.to_a
|
|
50
|
+
received_bytes.inject(0) do |accum, byte|
|
|
51
|
+
accum |= byte ^ regenerated_bytes.shift
|
|
52
|
+
end.zero?
|
|
39
53
|
end
|
|
40
54
|
end
|
|
41
55
|
end
|
data/lib/fernet/version.rb
CHANGED
data/spec/fernet_spec.rb
CHANGED
|
@@ -47,4 +47,12 @@ describe Fernet do
|
|
|
47
47
|
verifier.seconds_valid = 0
|
|
48
48
|
end.should be_false
|
|
49
49
|
end
|
|
50
|
+
|
|
51
|
+
it 'verifies without a custom verification' do
|
|
52
|
+
token = Fernet.generate(secret) do |generator|
|
|
53
|
+
generator.data = token_data
|
|
54
|
+
end
|
|
55
|
+
|
|
56
|
+
Fernet.verify(secret, token).should be_true
|
|
57
|
+
end
|
|
50
58
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: fernet
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.2
|
|
5
5
|
prerelease:
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
@@ -13,7 +13,7 @@ date: 2012-07-20 00:00:00.000000000 Z
|
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: rspec
|
|
16
|
-
requirement: &
|
|
16
|
+
requirement: &70169850711960 !ruby/object:Gem::Requirement
|
|
17
17
|
none: false
|
|
18
18
|
requirements:
|
|
19
19
|
- - ! '>='
|
|
@@ -21,7 +21,7 @@ dependencies:
|
|
|
21
21
|
version: '0'
|
|
22
22
|
type: :development
|
|
23
23
|
prerelease: false
|
|
24
|
-
version_requirements: *
|
|
24
|
+
version_requirements: *70169850711960
|
|
25
25
|
description: Delicious HMAC Digest[if] authentication
|
|
26
26
|
email:
|
|
27
27
|
- harold.gimenez@gmail.com
|