fernet 2.1 → 2.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.gitignore +1 -0
- data/lib/fernet/encryption.rb +6 -1
- data/lib/fernet/token.rb +3 -3
- data/lib/fernet/verifier.rb +18 -25
- data/lib/fernet/version.rb +1 -1
- data/spec/fernet_spec.rb +1 -1
- data/spec/spec_helper.rb +0 -1
- data/spec/token_spec.rb +31 -4
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 8306def467a28bb3eeda6f4eb57c0dcc0b6f73a2
|
|
4
|
+
data.tar.gz: 3f124ffeff277310fb3df669d78f4e41c26cdb4d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c3954ecff3c25ff7142d950303206b6a437705537fdf3add03b66d4e8489aecbcd217c99927a6ce147ba08e3907dd6fa9ebdf91146cf353ca18d5a34230da158
|
|
7
|
+
data.tar.gz: b8fb5061d5d37d287ec20fedf5df2cdd44dd103ae3d91df746037b51e8e8fa714670c48fd85abb6735ed0d4b7be46867eb5db7cb09ae3103061abcf253019907
|
data/.gitignore
CHANGED
data/lib/fernet/encryption.rb
CHANGED
|
@@ -26,7 +26,12 @@ module Fernet
|
|
|
26
26
|
iv = opts[:iv] || cipher.random_iv
|
|
27
27
|
cipher.iv = iv
|
|
28
28
|
cipher.key = opts[:key]
|
|
29
|
-
|
|
29
|
+
ciphertext = ""
|
|
30
|
+
if opts[:message] && !opts[:message].empty?
|
|
31
|
+
ciphertext += cipher.update(opts[:message])
|
|
32
|
+
end
|
|
33
|
+
ciphertext += cipher.final
|
|
34
|
+
[ciphertext, iv]
|
|
30
35
|
end
|
|
31
36
|
|
|
32
37
|
# Internal: Decrypts the provided ciphertext using a AES-128-CBC cipher with a
|
data/lib/fernet/token.rb
CHANGED
|
@@ -81,7 +81,8 @@ module Fernet
|
|
|
81
81
|
)
|
|
82
82
|
issued_timestamp = (opts[:now] || Time.now).to_i
|
|
83
83
|
|
|
84
|
-
|
|
84
|
+
version = opts[:version] || DEFAULT_VERSION
|
|
85
|
+
payload = [version].pack("C") +
|
|
85
86
|
BitPacking.pack_int64_bigendian(issued_timestamp) +
|
|
86
87
|
iv +
|
|
87
88
|
encrypted_message
|
|
@@ -148,8 +149,7 @@ module Fernet
|
|
|
148
149
|
end
|
|
149
150
|
|
|
150
151
|
def valid_base64?
|
|
151
|
-
decoded_token
|
|
152
|
-
true
|
|
152
|
+
!decoded_token.nil?
|
|
153
153
|
rescue ArgumentError
|
|
154
154
|
false
|
|
155
155
|
end
|
data/lib/fernet/verifier.rb
CHANGED
|
@@ -9,8 +9,8 @@ module Fernet
|
|
|
9
9
|
class Verifier
|
|
10
10
|
class UnknownTokenVersion < Fernet::Error; end
|
|
11
11
|
|
|
12
|
-
attr_reader :token
|
|
13
|
-
attr_accessor :ttl
|
|
12
|
+
attr_reader :token, :enforce_ttl
|
|
13
|
+
attr_accessor :ttl
|
|
14
14
|
|
|
15
15
|
# Internal: initializes a Verifier
|
|
16
16
|
#
|
|
@@ -20,12 +20,9 @@ module Fernet
|
|
|
20
20
|
# * enforce_ttl - whether to enforce TTL, defaults to Configuration.enforce_ttl
|
|
21
21
|
# * ttl - number of seconds the token is valid
|
|
22
22
|
def initialize(opts = {})
|
|
23
|
-
enforce_ttl = opts.has_key?(:enforce_ttl) ? opts[:enforce_ttl] : Configuration.enforce_ttl
|
|
24
|
-
@
|
|
25
|
-
|
|
26
|
-
enforce_ttl: enforce_ttl,
|
|
27
|
-
ttl: opts[:ttl],
|
|
28
|
-
now: opts[:now])
|
|
23
|
+
@enforce_ttl = opts.has_key?(:enforce_ttl) ? opts[:enforce_ttl] : Configuration.enforce_ttl
|
|
24
|
+
@opts = opts
|
|
25
|
+
create_token!
|
|
29
26
|
end
|
|
30
27
|
|
|
31
28
|
# Public: whether the verifier is valid. A verifier is valid if it's token
|
|
@@ -54,25 +51,21 @@ module Fernet
|
|
|
54
51
|
end
|
|
55
52
|
alias to_s inspect
|
|
56
53
|
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
@issued_at < (now + MAX_CLOCK_SKEW)
|
|
64
|
-
end
|
|
65
|
-
|
|
66
|
-
def signatures_match?
|
|
67
|
-
regenerated_bytes = @regenerated_mac.bytes.to_a
|
|
68
|
-
received_bytes = @received_signature.bytes.to_a
|
|
69
|
-
received_bytes.inject(0) do |accum, byte|
|
|
70
|
-
accum |= byte ^ regenerated_bytes.shift
|
|
71
|
-
end.zero?
|
|
54
|
+
# Public: sets the enforce_ttl configuration
|
|
55
|
+
#
|
|
56
|
+
# * val - whether to enforce TTL, defaults to Configuration.enforce_ttl
|
|
57
|
+
def enforce_ttl=(val)
|
|
58
|
+
@enforce_ttl = val
|
|
59
|
+
create_token!
|
|
72
60
|
end
|
|
73
61
|
|
|
74
|
-
|
|
75
|
-
|
|
62
|
+
private
|
|
63
|
+
def create_token!
|
|
64
|
+
@token = Token.new(@opts.fetch(:token),
|
|
65
|
+
secret: @opts.fetch(:secret),
|
|
66
|
+
enforce_ttl: enforce_ttl,
|
|
67
|
+
ttl: @opts[:ttl],
|
|
68
|
+
now: @opts[:now])
|
|
76
69
|
end
|
|
77
70
|
end
|
|
78
71
|
end
|
data/lib/fernet/version.rb
CHANGED
data/spec/fernet_spec.rb
CHANGED
|
@@ -67,7 +67,7 @@ describe Fernet do
|
|
|
67
67
|
config.ttl = 0
|
|
68
68
|
end
|
|
69
69
|
token = Fernet.generate(secret, 'password1')
|
|
70
|
-
verifier = Fernet.verifier(secret, token)
|
|
70
|
+
verifier = Fernet.verifier(secret, token, now: Time.now + 999999)
|
|
71
71
|
verifier.enforce_ttl = false
|
|
72
72
|
expect(verifier.valid?).to eq(true)
|
|
73
73
|
expect(verifier.message).to eq('password1')
|
data/spec/spec_helper.rb
CHANGED
data/spec/token_spec.rb
CHANGED
|
@@ -9,7 +9,7 @@ describe Fernet::Token, 'validation' do
|
|
|
9
9
|
message: 'hello')
|
|
10
10
|
|
|
11
11
|
bogus_hmac = "1" * 32
|
|
12
|
-
Fernet::Encryption.
|
|
12
|
+
allow(Fernet::Encryption).to receive(:hmac_digest).and_return(bogus_hmac)
|
|
13
13
|
|
|
14
14
|
token = Fernet::Token.new(generated.to_s, secret: secret)
|
|
15
15
|
|
|
@@ -46,10 +46,29 @@ describe Fernet::Token, 'validation' do
|
|
|
46
46
|
end
|
|
47
47
|
|
|
48
48
|
it 'is invalid with an unknown token version' do
|
|
49
|
-
|
|
49
|
+
invalid1 = Fernet::Token.generate(message: 'message', version: 0x00, secret: secret)
|
|
50
|
+
invalid2 = Fernet::Token.generate(message: 'message', version: 0x81, secret: secret)
|
|
51
|
+
valid = Fernet::Token.generate(message: 'message', secret: secret)
|
|
52
|
+
|
|
53
|
+
[invalid1, invalid2].each do |token|
|
|
54
|
+
expect(token.valid?).to eq(false)
|
|
55
|
+
expect(token.errors[:version]).to include("is unknown")
|
|
56
|
+
end
|
|
57
|
+
expect(valid.valid?).to eq(true)
|
|
58
|
+
end
|
|
50
59
|
|
|
51
|
-
|
|
52
|
-
|
|
60
|
+
it 'is invalid with bad base64 encodings' do
|
|
61
|
+
token = Fernet::Token.generate(message: 'message', secret: secret)
|
|
62
|
+
invalid = Fernet::Token.new("\n#{token}", secret: secret)
|
|
63
|
+
|
|
64
|
+
["\n#{token}", "#{token} ", "#{token}+",
|
|
65
|
+
token.to_s.gsub(/(.)$/, "1"),
|
|
66
|
+
token.to_s.gsub(/(.)$/, "+"),
|
|
67
|
+
token.to_s.gsub(/(.)$/, "\\"),
|
|
68
|
+
].each do |invalid_string|
|
|
69
|
+
invalid = Fernet::Token.new(invalid_string, secret: secret)
|
|
70
|
+
expect(invalid.valid?).to be(false)
|
|
71
|
+
end
|
|
53
72
|
end
|
|
54
73
|
end
|
|
55
74
|
|
|
@@ -76,4 +95,12 @@ describe Fernet::Token, 'message' do
|
|
|
76
95
|
|
|
77
96
|
expect(token.message).to eq('hello')
|
|
78
97
|
end
|
|
98
|
+
|
|
99
|
+
it 'correctly handles an empty message' do
|
|
100
|
+
token = Fernet::Token.generate(secret: secret,
|
|
101
|
+
message: '')
|
|
102
|
+
token.valid? or raise "invalid token"
|
|
103
|
+
|
|
104
|
+
expect(token.message).to eq('')
|
|
105
|
+
end
|
|
79
106
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: fernet
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version:
|
|
4
|
+
version: 2.1.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Harold Giménez
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2015-04-09 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: valcro
|
|
@@ -91,7 +91,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
91
91
|
version: '0'
|
|
92
92
|
requirements: []
|
|
93
93
|
rubyforge_project:
|
|
94
|
-
rubygems_version: 2.
|
|
94
|
+
rubygems_version: 2.4.5
|
|
95
95
|
signing_key:
|
|
96
96
|
specification_version: 4
|
|
97
97
|
summary: Easily generate and verify AES encrypted HMAC based authentication tokens
|