fernet 1.0 → 1.1

data/fernet.gemspec

@@ -4,8 +4,8 @@ require File.expand_path('../lib/fernet/version', __FILE__)
 Gem::Specification.new do |gem|
   gem.authors       = ["Harold Giménez"]
   gem.email         = ["harold.gimenez@gmail.com"]
-  gem.description   = %q{Delicious HMAC Digest(if) authentication}
-  gem.summary       = %q{Easily generate and verify HMAC based authentication tokens}
+  gem.description   = %q{Delicious HMAC Digest(if) authentication and encryption}
+  gem.summary       = %q{Easily generate and verify AES encrypted HMAC based authentication tokens}
   gem.homepage      = ""
 
   gem.files         = `git ls-files`.split($\)
@@ -15,5 +15,7 @@ Gem::Specification.new do |gem|
   gem.require_paths = ["lib"]
   gem.version       = Fernet::VERSION
 
+  gem.add_dependency "yajl-ruby"
+
   gem.add_development_dependency "rspec"
 end

data/lib/fernet.rb

@@ -3,6 +3,10 @@ require 'fernet/generator'
 require 'fernet/verifier'
 require 'fernet/secret'
 
+if RUBY_VERSION == '1.8.7'
+  require 'shim/base64'
+end
+
 module Fernet
   def self.generate(secret, encrypt = true, &block)
     Generator.new(secret, encrypt).generate(&block)

data/lib/fernet/generator.rb

@@ -1,5 +1,5 @@
 require 'base64'
-require 'json'
+require 'yajl'
 require 'openssl'
 require 'date'
 
@@ -16,13 +16,13 @@ module Fernet
 
     def generate
       yield self if block_given?
-      data.merge!(issued_at: DateTime.now)
+      data.merge!(:issued_at => DateTime.now)
 
       if encrypt?
         iv = encrypt_data!
         @payload = "#{base64(data)}|#{base64(iv)}"
       else
-        @payload = base64(JSON.dump(data))
+        @payload = base64(Yajl::Encoder.encode(data))
       end
 
       mac = OpenSSL::HMAC.hexdigest('sha256', payload, signing_key)
@@ -47,7 +47,7 @@ module Fernet
       iv         = cipher.random_iv
       cipher.iv  = iv
       cipher.key = encryption_key
-      @data = cipher.update(JSON.dump(data)) + cipher.final
+      @data = cipher.update(Yajl::Encoder.encode(data)) + cipher.final
       iv
     end
 

data/lib/fernet/secret.rb

@@ -6,12 +6,12 @@ module Fernet
     end
 
     def encryption_key
-      @secret.byteslice(@secret.bytesize/2, @secret.bytesize)
+      @secret.slice(@secret.size/2, @secret.size)
     end
 
     def signing_key
       if @encrypt
-        @secret.byteslice(0, @secret.bytesize/2)
+        @secret.slice(0, @secret.size/2)
       else
         @secret
       end

data/lib/fernet/verifier.rb

@@ -1,16 +1,18 @@
 require 'base64'
-require 'json'
+require 'yajl'
 require 'openssl'
 require 'date'
 
 module Fernet
   class Verifier
     attr_reader :token, :data
-    attr_writer :seconds_valid
+    attr_accessor :ttl, :enforce_ttl
 
     def initialize(secret, decrypt)
-      @secret  = Secret.new(secret, decrypt)
-      @decrypt = decrypt
+      @secret      = Secret.new(secret, decrypt)
+      @decrypt     = decrypt
+      @ttl         = 60
+      @enforce_ttl = true
     end
 
     def verify_token(token)
@@ -27,7 +29,7 @@ module Fernet
     end
 
     def inspect
-      "#<Fernet::Verifier @secret=[masked] @token=#{@token} @data=#{@data.inspect} @seconds_valid=#{@seconds_valid}>"
+      "#<Fernet::Verifier @secret=[masked] @token=#{@token} @data=#{@data.inspect} @ttl=#{@ttl}>"
     end
     alias to_s inspect
 
@@ -38,18 +40,22 @@ module Fernet
       parts = @token.split('|')
       if decrypt?
         encrypted_data, iv, @received_signature = *parts
-        @data = JSON.parse(decrypt!(encrypted_data, Base64.urlsafe_decode64(iv)))
+        @data = Yajl::Parser.parse(decrypt!(encrypted_data, Base64.urlsafe_decode64(iv)))
         signing_blob = "#{encrypted_data}|#{iv}"
       else
         encoded_data, @received_signature = *parts
         signing_blob = encoded_data
-        @data = JSON.parse(Base64.urlsafe_decode64(encoded_data))
+        @data = Yajl::Parser.parse(Base64.urlsafe_decode64(encoded_data))
       end
       @regenerated_mac = OpenSSL::HMAC.hexdigest('sha256', signing_blob, signing_key)
     end
 
     def token_recent_enough?
-      DateTime.parse(data['issued_at']) > (DateTime.now - 60)
+      if enforce_ttl?
+        DateTime.parse(data['issued_at']) > (now - ttl)
+      else
+        true
+      end
     end
 
     def signatures_match?
@@ -80,5 +86,12 @@ module Fernet
       @decrypt
     end
 
+    def enforce_ttl?
+      @enforce_ttl
+    end
+
+    def now
+      DateTime.now
+    end
   end
 end

data/lib/fernet/version.rb

@@ -1,3 +1,3 @@
 module Fernet
-  VERSION = "1.0"
+  VERSION = "1.1"
 end

data/lib/shim/base64.rb

@@ -0,0 +1,21 @@
+Base64.class_eval do
+  def strict_encode64(bin)
+    encode64(bin).tr("\n",'')
+  end
+
+  def strict_decode64(str)
+    unless str.include?("\n")
+      decode64(str)
+    else
+      raise(ArgumentError,"invalid base64")
+    end
+  end
+
+  def urlsafe_encode64(bin)
+    strict_encode64(bin).tr("+/", "-_")
+  end
+
+  def urlsafe_decode64(str)
+    strict_decode64(str.tr("-_", "+/"))
+  end
+end

data/spec/fernet_spec.rb

@@ -3,11 +3,11 @@ require 'fernet'
 
 describe Fernet do
   let(:token_data) do
-    { email: 'harold@heroku.com', id: '123', arbitrary: 'data' }
+    { :email => 'harold@heroku.com', :id => '123', :arbitrary => 'data' }
   end
 
-  let(:secret) { 'JrdICDH6x3M7duQeM8dJEMK4Y5TkBIsYDw1lPy35RiY=' }
-  let(:bad_secret) { 'jrdICDH6x3M7duQeM8dJEMK4Y5TkBIsYDw1lPy35RiY=' }
+  let(:secret)     { 'JrdICDH6x3M7duQeM8dJEMK4Y5TkBIsYDw1lPy35RiY=' }
+  let(:bad_secret) { 'badICDH6x3M7duQeM8dJEMK4Y5TkBIsYDw1lPy35RiY=' }
 
   it 'can verify tokens it generates' do
     token = Fernet.generate(secret) do |generator|
@@ -45,7 +45,7 @@ describe Fernet do
     end
 
     Fernet.verify(bad_secret, token) do |verifier|
-      verifier.seconds_valid = 0
+      verifier.ttl = 0
     end.should be_false
   end
 
@@ -57,6 +57,20 @@ describe Fernet do
     Fernet.verify(secret, token).should be_true
   end
 
+  it 'can TTL enforcement' do
+    token = Fernet.generate(secret) do |generator|
+      generator.data = token_data
+    end
+
+    Fernet.verify(secret, token) do |verifier|
+      def verifier.now
+        Time.now + 99999999999
+      end
+      verifier.enforce_ttl = false
+      true
+    end.should be_true
+  end
+
   it 'generates without custom data' do
     token = Fernet.generate(secret)
 
@@ -88,5 +102,4 @@ describe Fernet do
       verifier.data['password'].should == 'password1'
     end
   end
-
 end

metadata

@@ -1,34 +1,59 @@
---- !ruby/object:Gem::Specification
+--- !ruby/object:Gem::Specification 
 name: fernet
-version: !ruby/object:Gem::Version
-  version: '1.0'
+version: !ruby/object:Gem::Version 
+  hash: 13
   prerelease: 
+  segments: 
+  - 1
+  - 1
+  version: "1.1"
 platform: ruby
-authors:
-- Harold Giménez
+authors: 
+- "Harold Gim\xC3\xA9nez"
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-08-14 00:00:00.000000000 Z
-dependencies:
-- !ruby/object:Gem::Dependency
+
+date: 2012-08-15 00:00:00 Z
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: yajl-ruby
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  type: :runtime
+  version_requirements: *id001
+- !ruby/object:Gem::Dependency 
   name: rspec
-  requirement: &70135148211780 !ruby/object:Gem::Requirement
+  prerelease: false
+  requirement: &id002 !ruby/object:Gem::Requirement 
     none: false
-    requirements:
-    - - ! '>='
-      - !ruby/object:Gem::Version
-        version: '0'
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
   type: :development
-  prerelease: false
-  version_requirements: *70135148211780
-description: Delicious HMAC Digest(if) authentication
-email:
+  version_requirements: *id002
+description: Delicious HMAC Digest(if) authentication and encryption
+email: 
 - harold.gimenez@gmail.com
 executables: []
+
 extensions: []
+
 extra_rdoc_files: []
-files:
+
+files: 
 - .gitignore
 - .rspec
 - Gemfile
@@ -41,32 +66,42 @@ files:
 - lib/fernet/secret.rb
 - lib/fernet/verifier.rb
 - lib/fernet/version.rb
+- lib/shim/base64.rb
 - spec/fernet_spec.rb
 - spec/spec_helper.rb
-homepage: ''
+homepage: ""
 licenses: []
+
 post_install_message: 
 rdoc_options: []
-require_paths:
+
+require_paths: 
 - lib
-required_ruby_version: !ruby/object:Gem::Requirement
+required_ruby_version: !ruby/object:Gem::Requirement 
   none: false
-  requirements:
-  - - ! '>='
-    - !ruby/object:Gem::Version
-      version: '0'
-required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
   none: false
-  requirements:
-  - - ! '>='
-    - !ruby/object:Gem::Version
-      version: '0'
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
 requirements: []
+
 rubyforge_project: 
 rubygems_version: 1.8.10
 signing_key: 
 specification_version: 3
-summary: Easily generate and verify HMAC based authentication tokens
-test_files:
+summary: Easily generate and verify AES encrypted HMAC based authentication tokens
+test_files: 
 - spec/fernet_spec.rb
 - spec/spec_helper.rb