RubyGems - forest_admin_rpc_agent - Versions diffs - 1.30.4 → 1.30.5 - Mend

forest_admin_rpc_agent 1.30.4 → 1.30.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

checksums.yaml +4 -4
data/lib/forest_admin_rpc_agent/middleware/authentication.rb +1 -28
data/lib/forest_admin_rpc_agent/version.rb +1 -1
metadata +1 -1

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: bd30b9ebff36413cfe4e1bd1ae0e5b06683273ba7f9ba9be13a2e4b208fee7f2
-  data.tar.gz: f85a704df4609325c50c85cb0fd61b9b543b3bb8e7fd88db0f8a2318148a9c22
+  metadata.gz: 7b87f32904f9a2d19ae17c3fc4a072fdd9b9507295650aad7b37f5f5422158e0
+  data.tar.gz: 98ebfb88b77d5d27a1012e734d27d05c4626bf96530e0515e6fe25a38c3593a3
 SHA512:
-  metadata.gz: 93097366142e92fb3f3636262f76666903d18cdd7d01e35a8a4d4719f204c9639448959afec7f2a3c475291423cfc1b5f8852d080a19b13607c07f45da25087f
-  data.tar.gz: e933c8b5e1f911e88ec3b9b0ea8ecef28c763817e832743b9de3729135026e84294fb4798c1de2046cbdcb196bb579e8e1a4b667accaba47d4b5b4447b2ab19c
+  metadata.gz: 9e80b93723b13efccc4c5e6682b3336024915354ade50cebae5044e166e4187334c4db35627ca184e0e78db05a3fb6ad7270889fadadd5049ba6db0de43d4f8e
+  data.tar.gz: 6eaefdd80f3b2dfc96764f111773304f0adc5575e3b2e0376d7f1824b06b0426ba8b3d3483cfa517148a7370e44b2968f03fc64019e62478bef08f200b772302

data/lib/forest_admin_rpc_agent/middleware/authentication.rb CHANGED Viewed

@@ -4,9 +4,6 @@ module ForestAdminRpcAgent
   module Middleware
     class Authentication
       ALLOWED_TIME_DIFF = 300
-      SIGNATURE_REUSE_WINDOW = 5
-      @@used_signatures = {}
-      @@signatures_mutex = Mutex.new
       def initialize(app)
         @app = app
@@ -41,25 +38,7 @@ module ForestAdminRpcAgent
         expected_signature = OpenSSL::HMAC.hexdigest('SHA256', auth_secret, timestamp)
-        return false unless Rack::Utils.secure_compare(signature, expected_signature)
-        # check if this signature has already been used (replay attack)
-        # Reject if signature was used recently (within SIGNATURE_REUSE_WINDOW seconds)
-        # Use mutex to prevent race conditions in multi-threaded environments
-        now = current_time_in_seconds
-        @@signatures_mutex.synchronize do
-          if @@used_signatures.key?(signature)
-            last_used = @@used_signatures[signature]
-            time_since_last_use = now - last_used
-            return false if time_since_last_use <= SIGNATURE_REUSE_WINDOW
-          end
-          @@used_signatures[signature] = now
-          cleanup_old_signatures
-        end
-        true
+        Rack::Utils.secure_compare(signature, expected_signature)
       end
       def valid_timestamp?(timestamp)
@@ -73,12 +52,6 @@ module ForestAdminRpcAgent
         (current_time_in_seconds - time.to_i).abs <= ALLOWED_TIME_DIFF
       end
-      def cleanup_old_signatures
-        # Should be called within mutex synchronize block
-        now = current_time_in_seconds
-        @@used_signatures.delete_if { |_signature, last_used| now - last_used > ALLOWED_TIME_DIFF }
-      end
       def current_time_in_seconds
         defined?(Time.current) ? Time.current.to_i : Time.now.utc.to_i
       end

data/lib/forest_admin_rpc_agent/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module ForestAdminRpcAgent
-  VERSION = "1.30.4"
+  VERSION = "1.30.5"
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: forest_admin_rpc_agent
 version: !ruby/object:Gem::Version
-  version: 1.30.4
+  version: 1.30.5
 platform: ruby
 authors:
 - Matthieu