fernet 0.0.1 → 0.0.2
Sign up to get free protection for your applications and to get access to all the features.
- data/README.md +27 -3
- data/lib/fernet/generator.rb +7 -1
- data/lib/fernet/verifier.rb +19 -5
- data/lib/fernet/version.rb +1 -1
- data/spec/fernet_spec.rb +8 -0
- metadata +3 -3
data/README.md
CHANGED
|
@@ -24,11 +24,35 @@ Or install it yourself as:
|
|
|
24
24
|
|
|
25
25
|
## Usage
|
|
26
26
|
|
|
27
|
-
|
|
27
|
+
Both server and client must share a secret.
|
|
28
28
|
|
|
29
|
-
|
|
29
|
+
You want to encode some data in the token as well, for example, an email address can be used to verify it on the other end.
|
|
30
|
+
|
|
31
|
+
```ruby
|
|
32
|
+
token = Fernet.generate(secret) do |generator|
|
|
33
|
+
generator.data = { email: 'harold@heroku.com' }
|
|
34
|
+
end
|
|
35
|
+
```
|
|
36
|
+
|
|
37
|
+
On the server side, the receiver can use this token to verify wether it's legit:
|
|
38
|
+
|
|
39
|
+
```ruby
|
|
40
|
+
verified = Fernet.verify(secret, token) do |verifier|
|
|
41
|
+
verifier.data['email'] == 'harold@heroku.com'
|
|
42
|
+
end
|
|
43
|
+
```
|
|
44
|
+
|
|
45
|
+
The `verified` variable will be true if:
|
|
46
|
+
|
|
47
|
+
* The email encoded in the token data is `harold@heroku.com`
|
|
48
|
+
* The token was generated in the last 60 seconds
|
|
49
|
+
* The secret used to generate the token matches
|
|
50
|
+
|
|
51
|
+
Otherwise, `verified` will be false, and you should deny the request with an HTTP 401, for example.
|
|
52
|
+
|
|
53
|
+
The specs ([spec/fernet_spec.rb](https://github.com/hgimenez/fernet/blob/master/spec/fernet_spec.rb)) have more usage examples.
|
|
30
54
|
|
|
31
55
|
## License
|
|
32
56
|
|
|
33
|
-
|
|
57
|
+
Fernet is copyright (c) Harold Giménez and is released under the terms of the
|
|
34
58
|
MIT License found in the LICENSE file.
|
data/lib/fernet/generator.rb
CHANGED
|
@@ -5,7 +5,6 @@ require 'date'
|
|
|
5
5
|
|
|
6
6
|
module Fernet
|
|
7
7
|
class Generator
|
|
8
|
-
attr_reader :secret
|
|
9
8
|
attr_accessor :data
|
|
10
9
|
|
|
11
10
|
def initialize(secret)
|
|
@@ -20,5 +19,12 @@ module Fernet
|
|
|
20
19
|
Base64.urlsafe_encode64(JSON.dump(data.merge(signature: mac)))
|
|
21
20
|
end
|
|
22
21
|
|
|
22
|
+
def inspect
|
|
23
|
+
"#<Fernet::Generator @secret=[masked] @data=#{@data.inspect}>"
|
|
24
|
+
end
|
|
25
|
+
alias to_s inspect
|
|
26
|
+
|
|
27
|
+
private
|
|
28
|
+
attr_reader :secret
|
|
23
29
|
end
|
|
24
30
|
end
|
data/lib/fernet/verifier.rb
CHANGED
|
@@ -6,23 +6,33 @@ require 'date'
|
|
|
6
6
|
module Fernet
|
|
7
7
|
class Verifier
|
|
8
8
|
|
|
9
|
-
attr_reader :
|
|
9
|
+
attr_reader :token, :data
|
|
10
10
|
attr_writer :seconds_valid
|
|
11
11
|
|
|
12
12
|
def initialize(secret)
|
|
13
|
-
@secret
|
|
13
|
+
@secret = secret
|
|
14
14
|
end
|
|
15
15
|
|
|
16
16
|
def verify_token(token)
|
|
17
17
|
@token = token
|
|
18
18
|
deconstruct
|
|
19
19
|
|
|
20
|
-
|
|
20
|
+
if block_given?
|
|
21
|
+
custom_verification = yield self
|
|
22
|
+
else
|
|
23
|
+
custom_verification = true
|
|
24
|
+
end
|
|
21
25
|
|
|
22
26
|
signatures_match? && token_recent_enough? && custom_verification
|
|
23
27
|
end
|
|
24
28
|
|
|
25
|
-
|
|
29
|
+
def inspect
|
|
30
|
+
"#<Fernet::Verifier @secret=[masked] @token=#{@token} @data=#{@data.inspect} @seconds_valid=#{@seconds_valid}>"
|
|
31
|
+
end
|
|
32
|
+
alias to_s inspect
|
|
33
|
+
|
|
34
|
+
private
|
|
35
|
+
attr_reader :secret
|
|
26
36
|
|
|
27
37
|
def deconstruct
|
|
28
38
|
@data = JSON.parse(Base64.decode64(token))
|
|
@@ -35,7 +45,11 @@ module Fernet
|
|
|
35
45
|
end
|
|
36
46
|
|
|
37
47
|
def signatures_match?
|
|
38
|
-
|
|
48
|
+
regenerated_bytes = @regenerated_mac.bytes.to_a
|
|
49
|
+
received_bytes = @received_signature.bytes.to_a
|
|
50
|
+
received_bytes.inject(0) do |accum, byte|
|
|
51
|
+
accum |= byte ^ regenerated_bytes.shift
|
|
52
|
+
end.zero?
|
|
39
53
|
end
|
|
40
54
|
end
|
|
41
55
|
end
|
data/lib/fernet/version.rb
CHANGED
data/spec/fernet_spec.rb
CHANGED
|
@@ -47,4 +47,12 @@ describe Fernet do
|
|
|
47
47
|
verifier.seconds_valid = 0
|
|
48
48
|
end.should be_false
|
|
49
49
|
end
|
|
50
|
+
|
|
51
|
+
it 'verifies without a custom verification' do
|
|
52
|
+
token = Fernet.generate(secret) do |generator|
|
|
53
|
+
generator.data = token_data
|
|
54
|
+
end
|
|
55
|
+
|
|
56
|
+
Fernet.verify(secret, token).should be_true
|
|
57
|
+
end
|
|
50
58
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: fernet
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.2
|
|
5
5
|
prerelease:
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
@@ -13,7 +13,7 @@ date: 2012-07-20 00:00:00.000000000 Z
|
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: rspec
|
|
16
|
-
requirement: &
|
|
16
|
+
requirement: &70169850711960 !ruby/object:Gem::Requirement
|
|
17
17
|
none: false
|
|
18
18
|
requirements:
|
|
19
19
|
- - ! '>='
|
|
@@ -21,7 +21,7 @@ dependencies:
|
|
|
21
21
|
version: '0'
|
|
22
22
|
type: :development
|
|
23
23
|
prerelease: false
|
|
24
|
-
version_requirements: *
|
|
24
|
+
version_requirements: *70169850711960
|
|
25
25
|
description: Delicious HMAC Digest[if] authentication
|
|
26
26
|
email:
|
|
27
27
|
- harold.gimenez@gmail.com
|