fridge 0.4.4 → 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/CODEOWNERS +2 -1
- data/.github/workflows/test.yml +48 -0
- data/Gemfile +0 -3
- data/SECURITY.md +23 -0
- data/fridge.gemspec +1 -2
- data/lib/fridge/version.rb +1 -1
- data/spec/fridge/access_token_spec.rb +6 -5
- metadata +7 -20
- data/.travis.yml +0 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: ddbc9d80db231fbec0b2e9a00b5ea26ffafa3ae005eef43ca167e82d2712aca1
|
4
|
+
data.tar.gz: 7e6ec26850164a9e6b593233cd28fc4da06b4bdb0a917297362e41eea3007401
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 46f205b7cd98c6306aa2835fd62a8fee6784996ab58e05d1b3feca2678dc11e409c09ff87c2401d41e7e5c3f00bf6f72d2d4f284d59b98ffcca539c5213a5d52
|
7
|
+
data.tar.gz: e728b646ddb3fd02e95602d502e055c035ac1a74f4a7b433dcb27de55e0ad36b3b3c5daf289980c476ba242a00876cb3e9a3659761ae07bec55951af314637c9
|
data/.github/CODEOWNERS
CHANGED
@@ -1 +1,2 @@
|
|
1
|
-
* @
|
1
|
+
* @aguilinger
|
2
|
+
* @neurosnap
|
@@ -0,0 +1,48 @@
|
|
1
|
+
name: Tests
|
2
|
+
|
3
|
+
on:
|
4
|
+
pull_request:
|
5
|
+
branches:
|
6
|
+
- main
|
7
|
+
- master
|
8
|
+
push:
|
9
|
+
branches:
|
10
|
+
- main
|
11
|
+
- master
|
12
|
+
|
13
|
+
jobs:
|
14
|
+
|
15
|
+
test:
|
16
|
+
name: Test
|
17
|
+
runs-on: ubuntu-20.04
|
18
|
+
strategy:
|
19
|
+
fail-fast: false
|
20
|
+
matrix:
|
21
|
+
RUBY_VERSION: ["2.5", "2.6", "3.1"]
|
22
|
+
|
23
|
+
steps:
|
24
|
+
- name: Check out code
|
25
|
+
uses: actions/checkout@v4
|
26
|
+
|
27
|
+
- name: Install Ruby ${{ matrix.RUBY_VERSION }}
|
28
|
+
uses: ruby/setup-ruby@v1
|
29
|
+
with:
|
30
|
+
ruby-version: ${{ matrix.RUBY_VERSION }}
|
31
|
+
bundler-cache: true
|
32
|
+
|
33
|
+
- name: Run Tests
|
34
|
+
run: bundle exec rake
|
35
|
+
|
36
|
+
results:
|
37
|
+
if: ${{ always() }}
|
38
|
+
runs-on: ubuntu-latest
|
39
|
+
name: Final Results
|
40
|
+
needs: [test]
|
41
|
+
steps:
|
42
|
+
- run: exit 1
|
43
|
+
# see https://stackoverflow.com/a/67532120/4907315
|
44
|
+
if: >-
|
45
|
+
${{
|
46
|
+
contains(needs.*.result, 'failure')
|
47
|
+
|| contains(needs.*.result, 'cancelled')
|
48
|
+
}}
|
data/Gemfile
CHANGED
data/SECURITY.md
ADDED
@@ -0,0 +1,23 @@
|
|
1
|
+
# Aptible Open Source Security Policies and Procedures
|
2
|
+
|
3
|
+
This document outlines security procedures and general policies for the Aptible open source projects as found on https://github.com/aptible.
|
4
|
+
|
5
|
+
* [Reporting a Vulnerability](#reporting-a-vulnerability)
|
6
|
+
* [Responsible Disclosure Policy](#responsible-disclosure-policy)
|
7
|
+
|
8
|
+
## Reporting a Vulnerability
|
9
|
+
|
10
|
+
The Aptible team and community take all security vulnerabilities
|
11
|
+
seriously. Thank you for improving the security of our open source software. We appreciate your efforts and responsible disclosure and will make every effort to acknowledge your contributions.
|
12
|
+
|
13
|
+
Report security vulnerabilities by emailing the Aptible security team at:
|
14
|
+
|
15
|
+
security@aptible.com
|
16
|
+
|
17
|
+
Security researchers can also privately report security vulnerabilities to repository maintainers using the GitHub "Report a Vulnerability" feature. [See how-to here](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability#privately-reporting-a-security-vulnerability).
|
18
|
+
|
19
|
+
The Aptible team will acknowledge your email within 24 business hours and send a detailed response within 48 business hours indicating the next steps in handling your report. The Aptible security team will keep you informed of the progress and may ask for additional information or guidance.
|
20
|
+
|
21
|
+
## Responsible Disclosure Policy
|
22
|
+
|
23
|
+
Please see Aptible's Responsible Disclosure Policy here: https://www.aptible.com/legal/responsible-disclosure/
|
data/fridge.gemspec
CHANGED
@@ -21,10 +21,9 @@ Gem::Specification.new do |spec|
|
|
21
21
|
spec.require_paths = ['lib']
|
22
22
|
|
23
23
|
spec.add_dependency 'gem_config'
|
24
|
-
spec.add_dependency 'jwt', '~>
|
24
|
+
spec.add_dependency 'jwt', '~> 2.3.0'
|
25
25
|
|
26
26
|
spec.add_development_dependency 'aptible-tasks'
|
27
|
-
spec.add_development_dependency 'bundler', '~> 1.5'
|
28
27
|
spec.add_development_dependency 'pry'
|
29
28
|
spec.add_development_dependency 'rails'
|
30
29
|
spec.add_development_dependency 'rake'
|
data/lib/fridge/version.rb
CHANGED
@@ -79,21 +79,22 @@ describe Fridge::AccessToken do
|
|
79
79
|
end
|
80
80
|
|
81
81
|
it 'should be verifiable with the application public key' do
|
82
|
-
expect { JWT.decode(subject.serialize, public_key) }
|
82
|
+
expect { JWT.decode(subject.serialize, public_key, true, algorithm: 'RS512') }
|
83
|
+
.not_to raise_error
|
83
84
|
end
|
84
85
|
|
85
86
|
it 'should be tamper-resistant' do
|
86
87
|
header, _, signature = subject.serialize.split('.')
|
87
|
-
tampered_claim = JWT.
|
88
|
+
tampered_claim = JWT::Base64.url_encode({ foo: 'bar' }.to_json)
|
88
89
|
tampered_token = [header, tampered_claim, signature].join('.')
|
89
90
|
|
90
91
|
expect do
|
91
|
-
JWT.decode(tampered_token, public_key)
|
92
|
+
JWT.decode(tampered_token, public_key, true, algorithm: 'RS512')
|
92
93
|
end.to raise_error JWT::DecodeError
|
93
94
|
end
|
94
95
|
|
95
96
|
it 'should represent :exp in seconds since the epoch' do
|
96
|
-
hash, = JWT.decode(subject.serialize, public_key)
|
97
|
+
hash, = JWT.decode(subject.serialize, public_key, true, algorithm: 'RS512')
|
97
98
|
expect(hash['exp']).to be_a Integer
|
98
99
|
end
|
99
100
|
|
@@ -133,7 +134,7 @@ describe Fridge::AccessToken do
|
|
133
134
|
# test that, although eventually we'll want to see symbols back.
|
134
135
|
actor_s = { 'sub' => 'foo', 'username' => 'test',
|
135
136
|
'act' => { 'sub' => 'bar' } }
|
136
|
-
hash, = JWT.decode(subject.serialize, public_key)
|
137
|
+
hash, = JWT.decode(subject.serialize, public_key, true, algorithm: 'RS512')
|
137
138
|
expect(hash['act']).to eq(actor_s)
|
138
139
|
|
139
140
|
# Now, check that we properly get symbols back
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: fridge
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 1.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Frank Macreery
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2024-09-06 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: gem_config
|
@@ -30,14 +30,14 @@ dependencies:
|
|
30
30
|
requirements:
|
31
31
|
- - "~>"
|
32
32
|
- !ruby/object:Gem::Version
|
33
|
-
version:
|
33
|
+
version: 2.3.0
|
34
34
|
type: :runtime
|
35
35
|
prerelease: false
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
37
37
|
requirements:
|
38
38
|
- - "~>"
|
39
39
|
- !ruby/object:Gem::Version
|
40
|
-
version:
|
40
|
+
version: 2.3.0
|
41
41
|
- !ruby/object:Gem::Dependency
|
42
42
|
name: aptible-tasks
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
@@ -52,20 +52,6 @@ dependencies:
|
|
52
52
|
- - ">="
|
53
53
|
- !ruby/object:Gem::Version
|
54
54
|
version: '0'
|
55
|
-
- !ruby/object:Gem::Dependency
|
56
|
-
name: bundler
|
57
|
-
requirement: !ruby/object:Gem::Requirement
|
58
|
-
requirements:
|
59
|
-
- - "~>"
|
60
|
-
- !ruby/object:Gem::Version
|
61
|
-
version: '1.5'
|
62
|
-
type: :development
|
63
|
-
prerelease: false
|
64
|
-
version_requirements: !ruby/object:Gem::Requirement
|
65
|
-
requirements:
|
66
|
-
- - "~>"
|
67
|
-
- !ruby/object:Gem::Version
|
68
|
-
version: '1.5'
|
69
55
|
- !ruby/object:Gem::Dependency
|
70
56
|
name: pry
|
71
57
|
requirement: !ruby/object:Gem::Requirement
|
@@ -144,13 +130,14 @@ extensions: []
|
|
144
130
|
extra_rdoc_files: []
|
145
131
|
files:
|
146
132
|
- ".github/CODEOWNERS"
|
133
|
+
- ".github/workflows/test.yml"
|
147
134
|
- ".gitignore"
|
148
135
|
- ".rspec"
|
149
|
-
- ".travis.yml"
|
150
136
|
- Gemfile
|
151
137
|
- LICENSE.md
|
152
138
|
- README.md
|
153
139
|
- Rakefile
|
140
|
+
- SECURITY.md
|
154
141
|
- fridge.gemspec
|
155
142
|
- lib/fridge.rb
|
156
143
|
- lib/fridge/access_token.rb
|
@@ -183,7 +170,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
183
170
|
- !ruby/object:Gem::Version
|
184
171
|
version: '0'
|
185
172
|
requirements: []
|
186
|
-
rubygems_version: 3.
|
173
|
+
rubygems_version: 3.1.6
|
187
174
|
signing_key:
|
188
175
|
specification_version: 4
|
189
176
|
summary: Token validation for distributed resource servers
|