RubyGems - fernet - Versions diffs - 2.1.1 → 2.2 - Mend

fernet 2.1.1 → 2.2

Files changed (20) hide show

data/lib/fernet.rb +7 -0
data/lib/fernet/verifier.rb +1 -1
data/lib/fernet/version.rb +1 -1
metadata +42 -36
checksums.yaml +0 -7
data/.gitignore +0 -19
data/.gitmodules +0 -3
data/.rdoc_options +0 -16
data/.rspec +0 -2
data/.travis.yml +0 -8
data/Gemfile +0 -4
data/Rakefile +0 -2
data/fernet.gemspec +0 -20
data/spec/acceptance/generate_spec.rb +0 -27
data/spec/acceptance/verify_spec.rb +0 -52
data/spec/bit_packing_spec.rb +0 -36
data/spec/fernet_spec.rb +0 -75
data/spec/secret_spec.rb +0 -35
data/spec/spec_helper.rb +0 -20
data/spec/token_spec.rb +0 -106

data/lib/fernet.rb CHANGED

@@ -23,6 +23,13 @@ module Fernet
   #
   # Returns the fernet token as a string
   def self.generate(secret, message = '', opts = {})
+    # OpenSSL::Cipher loses all encoding informaion upon decoding ciphertext
+    # and everything comes out as ASCII. To prevent that, let's just explicitly
+    # convert input value to UTF-8 so we can assume the decrypted value will
+    # also be unicode.  This is not exactly a wonderful solution, but it's
+    # better than just returning ASCII with mangled unicode bytes in it.
+    message = message.encode(Encoding::UTF_8) if message
     Generator.new(opts.merge({secret: secret, message: message})).
       generate
   end

data/lib/fernet/verifier.rb CHANGED

@@ -35,7 +35,7 @@ module Fernet
     # Public: Returns the token's message
     def message
-      @token.message
+      @token.message.dup.force_encoding(Encoding::UTF_8)
     end
     # Deprecated: returns the token's message

data/lib/fernet/version.rb CHANGED

@@ -1,3 +1,3 @@
 module Fernet
-  VERSION = "2.1.1"
+  VERSION = "2.2"
 end

metadata CHANGED

@@ -1,18 +1,20 @@
 --- !ruby/object:Gem::Specification
 name: fernet
 version: !ruby/object:Gem::Version
-  version: 2.1.1
+  version: '2.2'
+  prerelease:
 platform: ruby
 authors:
 - Harold Giménez
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2015-04-09 00:00:00.000000000 Z
+date: 2015-12-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: valcro
   requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - '='
       - !ruby/object:Gem::Version
@@ -20,6 +22,7 @@ dependencies:
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - '='
       - !ruby/object:Gem::Version
@@ -27,17 +30,35 @@ dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - ">="
+    - - ~>
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '3.4'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - ">="
+    - - ~>
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '3.4'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '10.4'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '10.4'
 description: Delicious HMAC Digest(if) authentication and AES-128-CBC encryption
 email:
 - harold.gimenez@gmail.com
@@ -45,17 +66,8 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- ".gitignore"
-- ".gitmodules"
-- ".rdoc_options"
-- ".rspec"
-- ".travis.yml"
-- Gemfile
 - LICENSE
 - README.md
-- Rakefile
-- fernet.gemspec
-- lib/fernet.rb
 - lib/fernet/bit_packing.rb
 - lib/fernet/configuration.rb
 - lib/fernet/encryption.rb
@@ -65,41 +77,35 @@ files:
 - lib/fernet/token.rb
 - lib/fernet/verifier.rb
 - lib/fernet/version.rb
-- spec/acceptance/generate_spec.rb
-- spec/acceptance/verify_spec.rb
-- spec/bit_packing_spec.rb
-- spec/fernet_spec.rb
-- spec/secret_spec.rb
-- spec/spec_helper.rb
-- spec/token_spec.rb
-homepage: ''
+- lib/fernet.rb
+homepage: https://github.com/fernet/fernet-rb
 licenses: []
-metadata: {}
 post_install_message:
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
   requirements:
-  - - ">="
+  - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
+      segments:
+      - 0
+      hash: 4235098473398822064
 required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
   requirements:
-  - - ">="
+  - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
+      segments:
+      - 0
+      hash: 4235098473398822064
 requirements: []
 rubyforge_project:
-rubygems_version: 2.4.5
+rubygems_version: 1.8.23.2
 signing_key:
-specification_version: 4
+specification_version: 3
 summary: Easily generate and verify AES encrypted HMAC based authentication tokens
-test_files:
-- spec/acceptance/generate_spec.rb
-- spec/acceptance/verify_spec.rb
-- spec/bit_packing_spec.rb
-- spec/fernet_spec.rb
-- spec/secret_spec.rb
-- spec/spec_helper.rb
-- spec/token_spec.rb
+test_files: []

checksums.yaml DELETED

@@ -1,7 +0,0 @@
----
-SHA1:
-  metadata.gz: 8306def467a28bb3eeda6f4eb57c0dcc0b6f73a2
-  data.tar.gz: 3f124ffeff277310fb3df669d78f4e41c26cdb4d
-SHA512:
-  metadata.gz: c3954ecff3c25ff7142d950303206b6a437705537fdf3add03b66d4e8489aecbcd217c99927a6ce147ba08e3907dd6fa9ebdf91146cf353ca18d5a34230da158
-  data.tar.gz: b8fb5061d5d37d287ec20fedf5df2cdd44dd103ae3d91df746037b51e8e8fa714670c48fd85abb6735ed0d4b7be46867eb5db7cb09ae3103061abcf253019907

data/.gitignore DELETED

@@ -1,19 +0,0 @@
-*.gem
-*.rbc
-.bundle
-.config
-.yardoc
-Gemfile.lock
-InstalledFiles
-_yardoc
-coverage
-doc/
-lib/bundler/man
-pkg
-rdoc
-spec/reports
-test/tmp
-test/version_tmp
-tmp
-.rbenv-version
-.ruby-version

data/.gitmodules DELETED

@@ -1,3 +0,0 @@
-[submodule "spec/fernet-spec"]
-	path = spec/fernet-spec
-	url = git://github.com/kr/fernet-spec.git

data/.rdoc_options DELETED

@@ -1,16 +0,0 @@
---- !ruby/object:RDoc::Options
-encoding: UTF-8
-static_path: []
-rdoc_include:
-- .
-charset: UTF-8
-exclude:
-hyperlink_all: false
-line_numbers: false
-main_page:
-markup: tomdoc
-show_hash: false
-tab_width: 8
-title:
-visibility: :protected
-webcvs:

data/.rspec DELETED

	@@ -1,2 +0,0 @@
1	- --color
2	- --format progress

data/.travis.yml DELETED

@@ -1,8 +0,0 @@
-language: ruby
-rvm:
-  - "1.9.3"
-  - "1.9.2"
-  - "2.0.0"
-script: bundle exec rspec -b spec

data/Gemfile DELETED

@@ -1,4 +0,0 @@
-source 'https://rubygems.org'
-# Specify your gem's dependencies in fernet.gemspec
-gemspec

data/Rakefile DELETED

	@@ -1,2 +0,0 @@
1	- #!/usr/bin/env rake
2	- require "bundler/gem_tasks"

data/fernet.gemspec DELETED

@@ -1,20 +0,0 @@
-# -*- encoding: utf-8 -*-
-require File.expand_path('../lib/fernet/version', __FILE__)
-Gem::Specification.new do |gem|
-  gem.authors       = ["Harold Giménez"]
-  gem.email         = ["harold.gimenez@gmail.com"]
-  gem.description   = %q{Delicious HMAC Digest(if) authentication and AES-128-CBC encryption}
-  gem.summary       = %q{Easily generate and verify AES encrypted HMAC based authentication tokens}
-  gem.homepage      = ""
-  gem.files         = `git ls-files`.split($\)
-  gem.executables   = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
-  gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
-  gem.name          = "fernet"
-  gem.require_paths = ["lib"]
-  gem.version       = Fernet::VERSION
-  gem.add_runtime_dependency "valcro", "0.1"
-  gem.add_development_dependency "rspec"
-end

data/spec/acceptance/generate_spec.rb DELETED

@@ -1,27 +0,0 @@
-require 'spec_helper'
-require 'fernet'
-require 'json'
-require 'base64'
-describe Fernet::Generator do
-  it 'generates tokens according to the spec' do
-    path = File.expand_path(
-      './../fernet-spec/generate.json', File.dirname(__FILE__)
-    )
-    generate_json  = JSON.parse(File.read(path))
-    generate_json.each do |test_data|
-      message        = test_data['src']
-      iv             = test_data['iv'].pack("C*")
-      secret         = test_data['secret']
-      now            = DateTime.parse(test_data['now']).to_time
-      expected_token = test_data['token']
-      generator = Fernet::Generator.new(secret:  secret,
-                                        message: message,
-                                        iv:      iv,
-                                        now:     now)
-      expect(generator.generate).to eq(expected_token)
-    end
-  end
-end

data/spec/acceptance/verify_spec.rb DELETED

@@ -1,52 +0,0 @@
-require 'spec_helper'
-require 'fernet'
-require 'json'
-require 'base64'
-describe Fernet::Verifier do
-  it 'verifies tokens according to the spec' do
-    path = File.expand_path(
-      './../fernet-spec/verify.json', File.dirname(__FILE__)
-    )
-    verify_json  = JSON.parse(File.read(path))
-    verify_json.each do |test_data|
-      token   = test_data['token']
-      ttl     = test_data['ttl_sec']
-      now     = DateTime.parse(test_data['now']).to_time
-      secret  = test_data['secret']
-      message = test_data['src']
-      verifier = Fernet::Verifier.new(token: token,
-                                      secret: secret,
-                                      now: now,
-                                      ttl: ttl)
-      expect(
-        verifier.message
-      ).to eq(message)
-    end
-  end
-  context 'invalid tokens' do
-    path = File.expand_path(
-      './../fernet-spec/invalid.json', File.dirname(__FILE__)
-    )
-    invalid_json = JSON.parse(File.read(path))
-    invalid_json.each do |test_data|
-      it "detects #{test_data['desc']}" do
-        token  = test_data['token']
-        ttl    = test_data['ttl_sec']
-        now    = DateTime.parse(test_data['now']).to_time
-        secret = test_data['secret']
-        verifier = Fernet::Verifier.new(token: token,
-                                        secret: secret,
-                                        now: now,
-                                        ttl: ttl)
-        expect { verifier.message }.to raise_error(Fernet::Token::InvalidToken)
-      end
-    end
-  end
-end

data/spec/bit_packing_spec.rb DELETED

@@ -1,36 +0,0 @@
-require 'spec_helper'
-require 'fernet/bit_packing'
-describe Fernet::BitPacking do
-  VALUE_TO_BYTES = {
-    0x0000000000000000 => [ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ],
-    0x00000000000000FF => [ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF ],
-    0x000000FF00000000 => [ 0x00, 0x00, 0x00, 0xFF, 0x00, 0x00, 0x00, 0x00 ],
-    0x00000000FF000000 => [ 0x00, 0x00, 0x00, 0x00, 0xFF, 0x00, 0x00, 0x00 ],
-    0xFF00000000000000 => [ 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ],
-    0xFFFFFFFFFFFFFFFF => [ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ]
-  }
-  def self.pretty(bytea)
-    "0x#{bytea.map { |b| sprintf("%.2x", b) }.join}"
-  end
-  def self.bytestr(bytea)
-    bytea.map(&:chr).join
-  end
-  VALUE_TO_BYTES.each do |value, bytes|
-    pretty_bytes = pretty(bytes).rjust(20)
-    pretty_val = value.to_s.rjust(20)
-    bytestr = bytestr(bytes)
-    it "encodes #{pretty_val} to #{pretty_bytes}" do
-      expect(Fernet::BitPacking.pack_int64_bigendian(value)).to eq(bytestr)
-    end
-    # N.B.: we have two extra spaces in the spec description for
-    # aligned formatting w.r.t. the 'encode' specs
-    it "decodes #{pretty_bytes} to #{pretty_val}" do
-      expect(Fernet::BitPacking.unpack_int64_bigendian(bytestr)).to eq(value)
-    end
-  end
-end

data/spec/fernet_spec.rb DELETED

@@ -1,75 +0,0 @@
-require 'spec_helper'
-require 'fernet'
-describe Fernet do
-  after { Fernet::Configuration.run }
-  let(:secret)     { 'JrdICDH6x3M7duQeM8dJEMK4Y5TkBIsYDw1lPy35RiY=' }
-  let(:bad_secret) { 'badICDH6x3M7duQeM8dJEMK4Y5TkBIsYDw1lPy35RiY=' }
-  it 'can verify tokens it generates' do
-    token = Fernet.generate(secret, 'harold@heroku.com')
-    verifier = Fernet.verifier(secret, token)
-    expect(verifier).to be_valid
-    expect(verifier.message).to eq('harold@heroku.com')
-  end
-  it 'fails with a bad secret' do
-    token = Fernet.generate(secret, 'harold@heroku.com')
-    verifier = Fernet.verifier(bad_secret, token)
-    expect(verifier.valid?).to eq(false)
-    expect {
-      verifier.message
-    }.to raise_error Fernet::Token::InvalidToken
-  end
-  it 'fails if the token is too old' do
-    token = Fernet.generate(secret, 'harold@heroku.com', now: (Time.now - 61))
-    verifier = Fernet.verifier(secret, token)
-    expect(verifier.valid?).to eq(false)
-  end
-  it 'can ignore TTL enforcement' do
-    Fernet::Configuration.run do |config|
-      config.enforce_ttl = true
-    end
-    token = Fernet.generate(secret, 'harold@heroku.com')
-    verifier = Fernet.verifier(secret, token, enforce_ttl: false,
-                                              now: Time.now + 9999)
-    expect(verifier.valid?).to eq(true)
-  end
-  it 'can ignore TTL enforcement via global config' do
-    Fernet::Configuration.run do |config|
-      config.enforce_ttl = false
-    end
-    token = Fernet.generate(secret, 'harold@heroku.com')
-    verifier = Fernet.verifier(secret, token, now: Time.now + 999999)
-    expect(verifier.valid?).to eq(true)
-  end
-  it 'does not send the message in plain text' do
-    token = Fernet.generate(secret, 'password1')
-    expect(Base64.urlsafe_decode64(token)).not_to match /password1/
-  end
-  it 'allows overriding enforce_ttl on a verifier' do
-    Fernet::Configuration.run do |config|
-      config.enforce_ttl = true
-      config.ttl = 0
-    end
-    token = Fernet.generate(secret, 'password1')
-    verifier = Fernet.verifier(secret, token, now: Time.now + 999999)
-    verifier.enforce_ttl = false
-    expect(verifier.valid?).to eq(true)
-    expect(verifier.message).to eq('password1')
-  end
-end

data/spec/secret_spec.rb DELETED

@@ -1,35 +0,0 @@
-require 'spec_helper'
-require 'fernet/secret'
-describe Fernet::Secret do
-  it "can resolve a URL safe base64 encoded 32 byte string" do
-    resolves_input(Base64.urlsafe_encode64("A"*16 + "B"*16))
-  end
-  it "can resolve a base64 encoded 32 byte string" do
-    resolves_input(Base64.encode64("A"*16 + "B"*16))
-  end
-  it "can resolve a 32 byte string without encoding" do
-    resolves_input("A"*16 + "B"*16)
-  end
-  it "fails loudly when an invalid secret is provided" do
-    secret = Base64.urlsafe_encode64("bad")
-    expect do
-      Fernet::Secret.new(secret)
-    end.to raise_error(Fernet::Secret::InvalidSecret)
-  end
-  def resolves_input(input)
-    secret = Fernet::Secret.new(input)
-    expect(
-      secret.signing_key
-    ).to eq("A"*16)
-    expect(
-      secret.encryption_key
-    ).to eq("B"*16)
-  end
-end

data/spec/spec_helper.rb DELETED

@@ -1,20 +0,0 @@
-# This file was generated by the `rspec --init` command. Conventionally, all
-# specs live under a `spec` directory, which RSpec adds to the `$LOAD_PATH`.
-# Require this file using `require "spec_helper"` to ensure that it is only
-# loaded once.
-#
-# See http://rubydoc.info/gems/rspec-core/RSpec/Core/Configuration
-RSpec.configure do |config|
-  config.run_all_when_everything_filtered = true
-  config.filter_run :focus
-  # Run specs in random order to surface order dependencies. If you find an
-  # order dependency and want to debug it, you can fix the order by providing
-  # the seed, which is printed after each run.
-  #     --seed 1234
-  config.order = 'random'
-  config.expect_with :rspec do |c|
-    c.syntax = :expect
-  end
-end

data/spec/token_spec.rb DELETED

@@ -1,106 +0,0 @@
-require 'spec_helper'
-require 'fernet'
-require 'json'
-describe Fernet::Token, 'validation' do
-  let(:secret) { 'odN/0Yu+Pwp3oIvvG8OiE5w4LsLrqfWYRb3knQtSyKI=' }
-  it 'is invalid with a bad MAC signature' do
-    generated = Fernet::Token.generate(secret: secret,
-                                       message: 'hello')
-    bogus_hmac = "1" * 32
-    allow(Fernet::Encryption).to receive(:hmac_digest).and_return(bogus_hmac)
-    token = Fernet::Token.new(generated.to_s, secret: secret)
-    expect(token.valid?).to eq(false)
-    expect(token.errors[:signature]).to include("does not match")
-  end
-  it 'is invalid if too old' do
-    generated = Fernet::Token.generate(secret: secret,
-                                       message: 'hello',
-                                       now: Time.now - 61)
-    token = Fernet::Token.new(generated.to_s, enforce_ttl: true,
-                                              ttl: 60,
-                                              secret: secret)
-    expect(token.valid?).to eq(false)
-    expect(token.errors[:issued_timestamp]).to include("is too far in the past: token expired")
-  end
-  it 'is invalid with a large clock skew' do
-    generated = Fernet::Token.generate(secret:  secret,
-                                       message: 'hello',
-                                       now:     Time.at(Time.now.to_i + 61))
-    token = Fernet::Token.new(generated.to_s, secret: secret)
-    expect(token.valid?).to eq(false)
-    expect(token.errors[:issued_timestamp]).to include("is too far in the future")
-  end
-  it 'is invalid with bad base64' do
-    token = Fernet::Token.new('bad', secret: secret)
-    expect(token.valid?).to eq(false)
-    expect(token.errors[:token]).to include("invalid base64")
-  end
-  it 'is invalid with an unknown token version' do
-    invalid1 = Fernet::Token.generate(message: 'message', version: 0x00, secret: secret)
-    invalid2 = Fernet::Token.generate(message: 'message', version: 0x81, secret: secret)
-    valid    = Fernet::Token.generate(message: 'message', secret: secret)
-    [invalid1, invalid2].each do |token|
-      expect(token.valid?).to eq(false)
-      expect(token.errors[:version]).to include("is unknown")
-    end
-    expect(valid.valid?).to eq(true)
-  end
-  it 'is invalid with bad base64 encodings' do
-    token = Fernet::Token.generate(message: 'message', secret: secret)
-    invalid = Fernet::Token.new("\n#{token}", secret: secret)
-    ["\n#{token}", "#{token} ", "#{token}+",
-      token.to_s.gsub(/(.)$/, "1"),
-      token.to_s.gsub(/(.)$/, "+"),
-      token.to_s.gsub(/(.)$/, "\\"),
-    ].each do |invalid_string|
-      invalid = Fernet::Token.new(invalid_string, secret: secret)
-      expect(invalid.valid?).to be(false)
-    end
-  end
-end
-describe Fernet::Token, 'message' do
-  let(:secret) { 'odN/0Yu+Pwp3oIvvG8OiE5w4LsLrqfWYRb3knQtSyKI=' }
-  it 'refuses to decrypt if invalid' do
-    generated = Fernet::Token.generate(secret:  secret,
-                                       message: 'hello',
-                                       now:     Time.now + 61)
-    token = Fernet::Token.new(generated.to_s, secret: secret)
-    !token.valid? or raise "invalid token"
-    expect {
-      token.message
-    }.to raise_error Fernet::Token::InvalidToken,
-      /issued_timestamp is too far in the future/
-  end
-  it 'gives back the original message in plain text' do
-    token = Fernet::Token.generate(secret: secret,
-                                   message: 'hello')
-    token.valid? or raise "invalid token"
-    expect(token.message).to eq('hello')
-  end
-  it 'correctly handles an empty message' do
-    token = Fernet::Token.generate(secret: secret,
-                                   message: '')
-    token.valid? or raise "invalid token"
-    expect(token.message).to eq('')
-  end
-end