fridge 0.4.4 → 1.0.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: f2d340550f97b33c430967cef5b8de4a59b73acfdd5a1ce62ad3ee7d17a6f8c9
4
- data.tar.gz: 06a758734a6b6e668043c3bffe2cf350495325dfdab4f73948e2788f97d5c89d
3
+ metadata.gz: ddbc9d80db231fbec0b2e9a00b5ea26ffafa3ae005eef43ca167e82d2712aca1
4
+ data.tar.gz: 7e6ec26850164a9e6b593233cd28fc4da06b4bdb0a917297362e41eea3007401
5
5
  SHA512:
6
- metadata.gz: d8b53167a69aaf39d60b4abbe6ad347968efddc1b2333dc12136b730600d65ab0c72fc8c7416d190b33fc55ce3571d8b98cbf1322c7a0eddd46c46517114cc0c
7
- data.tar.gz: 0632f0de72e4654663256000e201568745697a05170e49191d31598a9a5bd2f6158871379253bee1302d3b10ebf76c5a6b84d2baae803cf8fd935bb4324a47b3
6
+ metadata.gz: 46f205b7cd98c6306aa2835fd62a8fee6784996ab58e05d1b3feca2678dc11e409c09ff87c2401d41e7e5c3f00bf6f72d2d4f284d59b98ffcca539c5213a5d52
7
+ data.tar.gz: e728b646ddb3fd02e95602d502e055c035ac1a74f4a7b433dcb27de55e0ad36b3b3c5daf289980c476ba242a00876cb3e9a3659761ae07bec55951af314637c9
data/.github/CODEOWNERS CHANGED
@@ -1 +1,2 @@
1
- * @dawenster
1
+ * @aguilinger
2
+ * @neurosnap
@@ -0,0 +1,48 @@
1
+ name: Tests
2
+
3
+ on:
4
+ pull_request:
5
+ branches:
6
+ - main
7
+ - master
8
+ push:
9
+ branches:
10
+ - main
11
+ - master
12
+
13
+ jobs:
14
+
15
+ test:
16
+ name: Test
17
+ runs-on: ubuntu-20.04
18
+ strategy:
19
+ fail-fast: false
20
+ matrix:
21
+ RUBY_VERSION: ["2.5", "2.6", "3.1"]
22
+
23
+ steps:
24
+ - name: Check out code
25
+ uses: actions/checkout@v4
26
+
27
+ - name: Install Ruby ${{ matrix.RUBY_VERSION }}
28
+ uses: ruby/setup-ruby@v1
29
+ with:
30
+ ruby-version: ${{ matrix.RUBY_VERSION }}
31
+ bundler-cache: true
32
+
33
+ - name: Run Tests
34
+ run: bundle exec rake
35
+
36
+ results:
37
+ if: ${{ always() }}
38
+ runs-on: ubuntu-latest
39
+ name: Final Results
40
+ needs: [test]
41
+ steps:
42
+ - run: exit 1
43
+ # see https://stackoverflow.com/a/67532120/4907315
44
+ if: >-
45
+ ${{
46
+ contains(needs.*.result, 'failure')
47
+ || contains(needs.*.result, 'cancelled')
48
+ }}
data/Gemfile CHANGED
@@ -1,7 +1,4 @@
1
1
  source 'https://rubygems.org'
2
2
 
3
- gem 'activesupport', '~> 4.0'
4
- gem 'nokogiri', '~> 1.9.1'
5
-
6
3
  # Specify your gem's dependencies in fridge.gemspec
7
4
  gemspec
data/SECURITY.md ADDED
@@ -0,0 +1,23 @@
1
+ # Aptible Open Source Security Policies and Procedures
2
+
3
+ This document outlines security procedures and general policies for the Aptible open source projects as found on https://github.com/aptible.
4
+
5
+ * [Reporting a Vulnerability](#reporting-a-vulnerability)
6
+ * [Responsible Disclosure Policy](#responsible-disclosure-policy)
7
+
8
+ ## Reporting a Vulnerability
9
+
10
+ The Aptible team and community take all security vulnerabilities
11
+ seriously. Thank you for improving the security of our open source software. We appreciate your efforts and responsible disclosure and will make every effort to acknowledge your contributions.
12
+
13
+ Report security vulnerabilities by emailing the Aptible security team at:
14
+
15
+ security@aptible.com
16
+
17
+ Security researchers can also privately report security vulnerabilities to repository maintainers using the GitHub "Report a Vulnerability" feature. [See how-to here](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability#privately-reporting-a-security-vulnerability).
18
+
19
+ The Aptible team will acknowledge your email within 24 business hours and send a detailed response within 48 business hours indicating the next steps in handling your report. The Aptible security team will keep you informed of the progress and may ask for additional information or guidance.
20
+
21
+ ## Responsible Disclosure Policy
22
+
23
+ Please see Aptible's Responsible Disclosure Policy here: https://www.aptible.com/legal/responsible-disclosure/
data/fridge.gemspec CHANGED
@@ -21,10 +21,9 @@ Gem::Specification.new do |spec|
21
21
  spec.require_paths = ['lib']
22
22
 
23
23
  spec.add_dependency 'gem_config'
24
- spec.add_dependency 'jwt', '~> 1.5.6'
24
+ spec.add_dependency 'jwt', '~> 2.3.0'
25
25
 
26
26
  spec.add_development_dependency 'aptible-tasks'
27
- spec.add_development_dependency 'bundler', '~> 1.5'
28
27
  spec.add_development_dependency 'pry'
29
28
  spec.add_development_dependency 'rails'
30
29
  spec.add_development_dependency 'rake'
@@ -1,3 +1,3 @@
1
1
  module Fridge
2
- VERSION = '0.4.4'.freeze
2
+ VERSION = '1.0.0'.freeze
3
3
  end
@@ -79,21 +79,22 @@ describe Fridge::AccessToken do
79
79
  end
80
80
 
81
81
  it 'should be verifiable with the application public key' do
82
- expect { JWT.decode(subject.serialize, public_key) }.not_to raise_error
82
+ expect { JWT.decode(subject.serialize, public_key, true, algorithm: 'RS512') }
83
+ .not_to raise_error
83
84
  end
84
85
 
85
86
  it 'should be tamper-resistant' do
86
87
  header, _, signature = subject.serialize.split('.')
87
- tampered_claim = JWT.base64url_encode({ foo: 'bar' }.to_json)
88
+ tampered_claim = JWT::Base64.url_encode({ foo: 'bar' }.to_json)
88
89
  tampered_token = [header, tampered_claim, signature].join('.')
89
90
 
90
91
  expect do
91
- JWT.decode(tampered_token, public_key)
92
+ JWT.decode(tampered_token, public_key, true, algorithm: 'RS512')
92
93
  end.to raise_error JWT::DecodeError
93
94
  end
94
95
 
95
96
  it 'should represent :exp in seconds since the epoch' do
96
- hash, = JWT.decode(subject.serialize, public_key)
97
+ hash, = JWT.decode(subject.serialize, public_key, true, algorithm: 'RS512')
97
98
  expect(hash['exp']).to be_a Integer
98
99
  end
99
100
 
@@ -133,7 +134,7 @@ describe Fridge::AccessToken do
133
134
  # test that, although eventually we'll want to see symbols back.
134
135
  actor_s = { 'sub' => 'foo', 'username' => 'test',
135
136
  'act' => { 'sub' => 'bar' } }
136
- hash, = JWT.decode(subject.serialize, public_key)
137
+ hash, = JWT.decode(subject.serialize, public_key, true, algorithm: 'RS512')
137
138
  expect(hash['act']).to eq(actor_s)
138
139
 
139
140
  # Now, check that we properly get symbols back
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: fridge
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.4
4
+ version: 1.0.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Frank Macreery
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-05-18 00:00:00.000000000 Z
11
+ date: 2024-09-06 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: gem_config
@@ -30,14 +30,14 @@ dependencies:
30
30
  requirements:
31
31
  - - "~>"
32
32
  - !ruby/object:Gem::Version
33
- version: 1.5.6
33
+ version: 2.3.0
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - "~>"
39
39
  - !ruby/object:Gem::Version
40
- version: 1.5.6
40
+ version: 2.3.0
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: aptible-tasks
43
43
  requirement: !ruby/object:Gem::Requirement
@@ -52,20 +52,6 @@ dependencies:
52
52
  - - ">="
53
53
  - !ruby/object:Gem::Version
54
54
  version: '0'
55
- - !ruby/object:Gem::Dependency
56
- name: bundler
57
- requirement: !ruby/object:Gem::Requirement
58
- requirements:
59
- - - "~>"
60
- - !ruby/object:Gem::Version
61
- version: '1.5'
62
- type: :development
63
- prerelease: false
64
- version_requirements: !ruby/object:Gem::Requirement
65
- requirements:
66
- - - "~>"
67
- - !ruby/object:Gem::Version
68
- version: '1.5'
69
55
  - !ruby/object:Gem::Dependency
70
56
  name: pry
71
57
  requirement: !ruby/object:Gem::Requirement
@@ -144,13 +130,14 @@ extensions: []
144
130
  extra_rdoc_files: []
145
131
  files:
146
132
  - ".github/CODEOWNERS"
133
+ - ".github/workflows/test.yml"
147
134
  - ".gitignore"
148
135
  - ".rspec"
149
- - ".travis.yml"
150
136
  - Gemfile
151
137
  - LICENSE.md
152
138
  - README.md
153
139
  - Rakefile
140
+ - SECURITY.md
154
141
  - fridge.gemspec
155
142
  - lib/fridge.rb
156
143
  - lib/fridge/access_token.rb
@@ -183,7 +170,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
183
170
  - !ruby/object:Gem::Version
184
171
  version: '0'
185
172
  requirements: []
186
- rubygems_version: 3.0.3
173
+ rubygems_version: 3.1.6
187
174
  signing_key:
188
175
  specification_version: 4
189
176
  summary: Token validation for distributed resource servers
data/.travis.yml DELETED
@@ -1,5 +0,0 @@
1
- sudo: false
2
- rvm:
3
- - 2.2
4
- - 2.5
5
- - 2.6