fernet 2.1 → 2.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +1 -0
- data/lib/fernet/encryption.rb +6 -1
- data/lib/fernet/token.rb +3 -3
- data/lib/fernet/verifier.rb +18 -25
- data/lib/fernet/version.rb +1 -1
- data/spec/fernet_spec.rb +1 -1
- data/spec/spec_helper.rb +0 -1
- data/spec/token_spec.rb +31 -4
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 8306def467a28bb3eeda6f4eb57c0dcc0b6f73a2
|
|
4
|
+
data.tar.gz: 3f124ffeff277310fb3df669d78f4e41c26cdb4d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c3954ecff3c25ff7142d950303206b6a437705537fdf3add03b66d4e8489aecbcd217c99927a6ce147ba08e3907dd6fa9ebdf91146cf353ca18d5a34230da158
|
|
7
|
+
data.tar.gz: b8fb5061d5d37d287ec20fedf5df2cdd44dd103ae3d91df746037b51e8e8fa714670c48fd85abb6735ed0d4b7be46867eb5db7cb09ae3103061abcf253019907
|
data/.gitignore
CHANGED
data/lib/fernet/encryption.rb
CHANGED
|
@@ -26,7 +26,12 @@ module Fernet
|
|
|
26
26
|
iv = opts[:iv] || cipher.random_iv
|
|
27
27
|
cipher.iv = iv
|
|
28
28
|
cipher.key = opts[:key]
|
|
29
|
-
|
|
29
|
+
ciphertext = ""
|
|
30
|
+
if opts[:message] && !opts[:message].empty?
|
|
31
|
+
ciphertext += cipher.update(opts[:message])
|
|
32
|
+
end
|
|
33
|
+
ciphertext += cipher.final
|
|
34
|
+
[ciphertext, iv]
|
|
30
35
|
end
|
|
31
36
|
|
|
32
37
|
# Internal: Decrypts the provided ciphertext using a AES-128-CBC cipher with a
|
data/lib/fernet/token.rb
CHANGED
|
@@ -81,7 +81,8 @@ module Fernet
|
|
|
81
81
|
)
|
|
82
82
|
issued_timestamp = (opts[:now] || Time.now).to_i
|
|
83
83
|
|
|
84
|
-
|
|
84
|
+
version = opts[:version] || DEFAULT_VERSION
|
|
85
|
+
payload = [version].pack("C") +
|
|
85
86
|
BitPacking.pack_int64_bigendian(issued_timestamp) +
|
|
86
87
|
iv +
|
|
87
88
|
encrypted_message
|
|
@@ -148,8 +149,7 @@ module Fernet
|
|
|
148
149
|
end
|
|
149
150
|
|
|
150
151
|
def valid_base64?
|
|
151
|
-
decoded_token
|
|
152
|
-
true
|
|
152
|
+
!decoded_token.nil?
|
|
153
153
|
rescue ArgumentError
|
|
154
154
|
false
|
|
155
155
|
end
|
data/lib/fernet/verifier.rb
CHANGED
|
@@ -9,8 +9,8 @@ module Fernet
|
|
|
9
9
|
class Verifier
|
|
10
10
|
class UnknownTokenVersion < Fernet::Error; end
|
|
11
11
|
|
|
12
|
-
attr_reader :token
|
|
13
|
-
attr_accessor :ttl
|
|
12
|
+
attr_reader :token, :enforce_ttl
|
|
13
|
+
attr_accessor :ttl
|
|
14
14
|
|
|
15
15
|
# Internal: initializes a Verifier
|
|
16
16
|
#
|
|
@@ -20,12 +20,9 @@ module Fernet
|
|
|
20
20
|
# * enforce_ttl - whether to enforce TTL, defaults to Configuration.enforce_ttl
|
|
21
21
|
# * ttl - number of seconds the token is valid
|
|
22
22
|
def initialize(opts = {})
|
|
23
|
-
enforce_ttl = opts.has_key?(:enforce_ttl) ? opts[:enforce_ttl] : Configuration.enforce_ttl
|
|
24
|
-
@
|
|
25
|
-
|
|
26
|
-
enforce_ttl: enforce_ttl,
|
|
27
|
-
ttl: opts[:ttl],
|
|
28
|
-
now: opts[:now])
|
|
23
|
+
@enforce_ttl = opts.has_key?(:enforce_ttl) ? opts[:enforce_ttl] : Configuration.enforce_ttl
|
|
24
|
+
@opts = opts
|
|
25
|
+
create_token!
|
|
29
26
|
end
|
|
30
27
|
|
|
31
28
|
# Public: whether the verifier is valid. A verifier is valid if it's token
|
|
@@ -54,25 +51,21 @@ module Fernet
|
|
|
54
51
|
end
|
|
55
52
|
alias to_s inspect
|
|
56
53
|
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
@issued_at < (now + MAX_CLOCK_SKEW)
|
|
64
|
-
end
|
|
65
|
-
|
|
66
|
-
def signatures_match?
|
|
67
|
-
regenerated_bytes = @regenerated_mac.bytes.to_a
|
|
68
|
-
received_bytes = @received_signature.bytes.to_a
|
|
69
|
-
received_bytes.inject(0) do |accum, byte|
|
|
70
|
-
accum |= byte ^ regenerated_bytes.shift
|
|
71
|
-
end.zero?
|
|
54
|
+
# Public: sets the enforce_ttl configuration
|
|
55
|
+
#
|
|
56
|
+
# * val - whether to enforce TTL, defaults to Configuration.enforce_ttl
|
|
57
|
+
def enforce_ttl=(val)
|
|
58
|
+
@enforce_ttl = val
|
|
59
|
+
create_token!
|
|
72
60
|
end
|
|
73
61
|
|
|
74
|
-
|
|
75
|
-
|
|
62
|
+
private
|
|
63
|
+
def create_token!
|
|
64
|
+
@token = Token.new(@opts.fetch(:token),
|
|
65
|
+
secret: @opts.fetch(:secret),
|
|
66
|
+
enforce_ttl: enforce_ttl,
|
|
67
|
+
ttl: @opts[:ttl],
|
|
68
|
+
now: @opts[:now])
|
|
76
69
|
end
|
|
77
70
|
end
|
|
78
71
|
end
|
data/lib/fernet/version.rb
CHANGED
data/spec/fernet_spec.rb
CHANGED
|
@@ -67,7 +67,7 @@ describe Fernet do
|
|
|
67
67
|
config.ttl = 0
|
|
68
68
|
end
|
|
69
69
|
token = Fernet.generate(secret, 'password1')
|
|
70
|
-
verifier = Fernet.verifier(secret, token)
|
|
70
|
+
verifier = Fernet.verifier(secret, token, now: Time.now + 999999)
|
|
71
71
|
verifier.enforce_ttl = false
|
|
72
72
|
expect(verifier.valid?).to eq(true)
|
|
73
73
|
expect(verifier.message).to eq('password1')
|
data/spec/spec_helper.rb
CHANGED
data/spec/token_spec.rb
CHANGED
|
@@ -9,7 +9,7 @@ describe Fernet::Token, 'validation' do
|
|
|
9
9
|
message: 'hello')
|
|
10
10
|
|
|
11
11
|
bogus_hmac = "1" * 32
|
|
12
|
-
Fernet::Encryption.
|
|
12
|
+
allow(Fernet::Encryption).to receive(:hmac_digest).and_return(bogus_hmac)
|
|
13
13
|
|
|
14
14
|
token = Fernet::Token.new(generated.to_s, secret: secret)
|
|
15
15
|
|
|
@@ -46,10 +46,29 @@ describe Fernet::Token, 'validation' do
|
|
|
46
46
|
end
|
|
47
47
|
|
|
48
48
|
it 'is invalid with an unknown token version' do
|
|
49
|
-
|
|
49
|
+
invalid1 = Fernet::Token.generate(message: 'message', version: 0x00, secret: secret)
|
|
50
|
+
invalid2 = Fernet::Token.generate(message: 'message', version: 0x81, secret: secret)
|
|
51
|
+
valid = Fernet::Token.generate(message: 'message', secret: secret)
|
|
52
|
+
|
|
53
|
+
[invalid1, invalid2].each do |token|
|
|
54
|
+
expect(token.valid?).to eq(false)
|
|
55
|
+
expect(token.errors[:version]).to include("is unknown")
|
|
56
|
+
end
|
|
57
|
+
expect(valid.valid?).to eq(true)
|
|
58
|
+
end
|
|
50
59
|
|
|
51
|
-
|
|
52
|
-
|
|
60
|
+
it 'is invalid with bad base64 encodings' do
|
|
61
|
+
token = Fernet::Token.generate(message: 'message', secret: secret)
|
|
62
|
+
invalid = Fernet::Token.new("\n#{token}", secret: secret)
|
|
63
|
+
|
|
64
|
+
["\n#{token}", "#{token} ", "#{token}+",
|
|
65
|
+
token.to_s.gsub(/(.)$/, "1"),
|
|
66
|
+
token.to_s.gsub(/(.)$/, "+"),
|
|
67
|
+
token.to_s.gsub(/(.)$/, "\\"),
|
|
68
|
+
].each do |invalid_string|
|
|
69
|
+
invalid = Fernet::Token.new(invalid_string, secret: secret)
|
|
70
|
+
expect(invalid.valid?).to be(false)
|
|
71
|
+
end
|
|
53
72
|
end
|
|
54
73
|
end
|
|
55
74
|
|
|
@@ -76,4 +95,12 @@ describe Fernet::Token, 'message' do
|
|
|
76
95
|
|
|
77
96
|
expect(token.message).to eq('hello')
|
|
78
97
|
end
|
|
98
|
+
|
|
99
|
+
it 'correctly handles an empty message' do
|
|
100
|
+
token = Fernet::Token.generate(secret: secret,
|
|
101
|
+
message: '')
|
|
102
|
+
token.valid? or raise "invalid token"
|
|
103
|
+
|
|
104
|
+
expect(token.message).to eq('')
|
|
105
|
+
end
|
|
79
106
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: fernet
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version:
|
|
4
|
+
version: 2.1.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Harold Giménez
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2015-04-09 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: valcro
|
|
@@ -91,7 +91,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
91
91
|
version: '0'
|
|
92
92
|
requirements: []
|
|
93
93
|
rubyforge_project:
|
|
94
|
-
rubygems_version: 2.
|
|
94
|
+
rubygems_version: 2.4.5
|
|
95
95
|
signing_key:
|
|
96
96
|
specification_version: 4
|
|
97
97
|
summary: Easily generate and verify AES encrypted HMAC based authentication tokens
|