fernet 0.0.1 → 0.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
data/README.md CHANGED
@@ -24,11 +24,35 @@ Or install it yourself as:
24
24
 
25
25
  ## Usage
26
26
 
27
- For now, see [spec/fernet_spec.rb](https://github.com/hgimenez/fernet/blob/master/spec/fernet_spec.rb).
27
+ Both server and client must share a secret.
28
28
 
29
- I'll flesh this out further soon. Sorry.
29
+ You want to encode some data in the token as well, for example, an email address can be used to verify it on the other end.
30
+
31
+ ```ruby
32
+ token = Fernet.generate(secret) do |generator|
33
+ generator.data = { email: 'harold@heroku.com' }
34
+ end
35
+ ```
36
+
37
+ On the server side, the receiver can use this token to verify wether it's legit:
38
+
39
+ ```ruby
40
+ verified = Fernet.verify(secret, token) do |verifier|
41
+ verifier.data['email'] == 'harold@heroku.com'
42
+ end
43
+ ```
44
+
45
+ The `verified` variable will be true if:
46
+
47
+ * The email encoded in the token data is `harold@heroku.com`
48
+ * The token was generated in the last 60 seconds
49
+ * The secret used to generate the token matches
50
+
51
+ Otherwise, `verified` will be false, and you should deny the request with an HTTP 401, for example.
52
+
53
+ The specs ([spec/fernet_spec.rb](https://github.com/hgimenez/fernet/blob/master/spec/fernet_spec.rb)) have more usage examples.
30
54
 
31
55
  ## License
32
56
 
33
- Valcro is copyright (c) Harold Giménez and is released under the terms of the
57
+ Fernet is copyright (c) Harold Giménez and is released under the terms of the
34
58
  MIT License found in the LICENSE file.
@@ -5,7 +5,6 @@ require 'date'
5
5
 
6
6
  module Fernet
7
7
  class Generator
8
- attr_reader :secret
9
8
  attr_accessor :data
10
9
 
11
10
  def initialize(secret)
@@ -20,5 +19,12 @@ module Fernet
20
19
  Base64.urlsafe_encode64(JSON.dump(data.merge(signature: mac)))
21
20
  end
22
21
 
22
+ def inspect
23
+ "#<Fernet::Generator @secret=[masked] @data=#{@data.inspect}>"
24
+ end
25
+ alias to_s inspect
26
+
27
+ private
28
+ attr_reader :secret
23
29
  end
24
30
  end
@@ -6,23 +6,33 @@ require 'date'
6
6
  module Fernet
7
7
  class Verifier
8
8
 
9
- attr_reader :secret, :token, :data
9
+ attr_reader :token, :data
10
10
  attr_writer :seconds_valid
11
11
 
12
12
  def initialize(secret)
13
- @secret = secret
13
+ @secret = secret
14
14
  end
15
15
 
16
16
  def verify_token(token)
17
17
  @token = token
18
18
  deconstruct
19
19
 
20
- custom_verification = yield self
20
+ if block_given?
21
+ custom_verification = yield self
22
+ else
23
+ custom_verification = true
24
+ end
21
25
 
22
26
  signatures_match? && token_recent_enough? && custom_verification
23
27
  end
24
28
 
25
- private
29
+ def inspect
30
+ "#<Fernet::Verifier @secret=[masked] @token=#{@token} @data=#{@data.inspect} @seconds_valid=#{@seconds_valid}>"
31
+ end
32
+ alias to_s inspect
33
+
34
+ private
35
+ attr_reader :secret
26
36
 
27
37
  def deconstruct
28
38
  @data = JSON.parse(Base64.decode64(token))
@@ -35,7 +45,11 @@ module Fernet
35
45
  end
36
46
 
37
47
  def signatures_match?
38
- @regenerated_mac == @received_signature
48
+ regenerated_bytes = @regenerated_mac.bytes.to_a
49
+ received_bytes = @received_signature.bytes.to_a
50
+ received_bytes.inject(0) do |accum, byte|
51
+ accum |= byte ^ regenerated_bytes.shift
52
+ end.zero?
39
53
  end
40
54
  end
41
55
  end
@@ -1,3 +1,3 @@
1
1
  module Fernet
2
- VERSION = "0.0.1"
2
+ VERSION = "0.0.2"
3
3
  end
data/spec/fernet_spec.rb CHANGED
@@ -47,4 +47,12 @@ describe Fernet do
47
47
  verifier.seconds_valid = 0
48
48
  end.should be_false
49
49
  end
50
+
51
+ it 'verifies without a custom verification' do
52
+ token = Fernet.generate(secret) do |generator|
53
+ generator.data = token_data
54
+ end
55
+
56
+ Fernet.verify(secret, token).should be_true
57
+ end
50
58
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: fernet
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.1
4
+ version: 0.0.2
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -13,7 +13,7 @@ date: 2012-07-20 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: rspec
16
- requirement: &70116561753260 !ruby/object:Gem::Requirement
16
+ requirement: &70169850711960 !ruby/object:Gem::Requirement
17
17
  none: false
18
18
  requirements:
19
19
  - - ! '>='
@@ -21,7 +21,7 @@ dependencies:
21
21
  version: '0'
22
22
  type: :development
23
23
  prerelease: false
24
- version_requirements: *70116561753260
24
+ version_requirements: *70169850711960
25
25
  description: Delicious HMAC Digest[if] authentication
26
26
  email:
27
27
  - harold.gimenez@gmail.com