fridge 0.4.5 → 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. checksums.yaml +4 -4
  2. data/.github/CODEOWNERS +2 -1
  3. data/.github/workflows/release.yml +26 -0
  4. data/.github/workflows/test.yml +48 -0
  5. data/SECURITY.md +23 -0
  6. data/fridge.gemspec +1 -1
  7. data/lib/fridge/version.rb +1 -1
  8. data/spec/fridge/access_token_spec.rb +6 -5
  9. data/spec/spec_helper.rb +1 -0
  10. metadata +8 -6
  11. data/.travis.yml +0 -6
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: f95fc7ff6e87f6f8d584736fe30f491611b63fc216e0d4453fccfa6f83d46c98
4
- data.tar.gz: 02b45faa47f7bcfa6bb572247d1f331a99d254e28e6d28eb982589ebc812dcdc
3
+ metadata.gz: 615a5d84e21b1df893002c8a7808fb1dbfb23faf34655d117301878cd1172e51
4
+ data.tar.gz: d9761a131cc36eb1546be33140064a411f54b4fb17aeae438cd9cdeab9a0cfa5
5
5
  SHA512:
6
- metadata.gz: 1fd27cadc2aadbf83e25d3b6215d504123438f401a36e614ed2c6734476cf53acb78f2d8a9d1957bffeecec071202ddca4f4ce746c319a4fcdc14ec771763ab7
7
- data.tar.gz: 00ade0f6d5133df541f4859904cc76951407d058d90c93ddb7b4e8f4925848242c6d86c6e91fca9bb0efbc0438b93c5e211f8f85273cf5e4a0259c0d5eb161f7
6
+ metadata.gz: e0ea762ece944f13df6461cf41f82f51733396ea627805d34eed0487a870b08b34a2cc214574b113bde377eb3c08b4cb4ceaf3895cb0844008348492499824d1
7
+ data.tar.gz: 92f7c1cbc303cf43926f34fd0c82e44b631ac61685e80924e51822ebaeb6f5005e837cc6a663e486aae546a763999fdc2444322185e8809252657a79e9240f38
data/.github/CODEOWNERS CHANGED
@@ -1 +1,2 @@
1
- * @dawenster
1
+ * @aguilinger
2
+ * @neurosnap
data/.github/workflows/release.yml ADDED
@@ -0,0 +1,26 @@
1
+ on:
2
+ release:
3
+ types: [published]
4
+
5
+ jobs:
6
+ push:
7
+ name: Push gem to RubyGems.org
8
+ runs-on: ubuntu-latest
9
+
10
+ permissions:
11
+ id-token: write
12
+ contents: write
13
+
14
+ steps:
15
+ - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
16
+ with:
17
+ persist-credentials: false
18
+ - name: Set up Ruby
19
+ uses: ruby/setup-ruby@211ffaaa5f8dda97e9e8bca4e70d0fbaf2f8c41c
20
+ with:
21
+ bundler-cache: false
22
+ ruby-version: "3.3"
23
+
24
+ - run: bundle install
25
+
26
+ - uses: rubygems/release-gem@1c162a739e8b4cb21a676e97b087e8268d8fc40b
data/.github/workflows/test.yml ADDED
@@ -0,0 +1,48 @@
1
+ name: Tests
2
+
3
+ on:
4
+ pull_request:
5
+ branches:
6
+ - main
7
+ - master
8
+ push:
9
+ branches:
10
+ - main
11
+ - master
12
+
13
+ jobs:
14
+
15
+ test:
16
+ name: Test
17
+ runs-on: ubuntu-24.04
18
+ strategy:
19
+ fail-fast: false
20
+ matrix:
21
+ RUBY_VERSION: ["2.5", "2.6", "3.1"]
22
+
23
+ steps:
24
+ - name: Check out code
25
+ uses: actions/checkout@v4
26
+
27
+ - name: Install Ruby ${{ matrix.RUBY_VERSION }}
28
+ uses: ruby/setup-ruby@v1
29
+ with:
30
+ ruby-version: ${{ matrix.RUBY_VERSION }}
31
+ bundler-cache: true
32
+
33
+ - name: Run Tests
34
+ run: bundle exec rake
35
+
36
+ results:
37
+ if: ${{ always() }}
38
+ runs-on: ubuntu-latest
39
+ name: Final Results
40
+ needs: [test]
41
+ steps:
42
+ - run: exit 1
43
+ # see https://stackoverflow.com/a/67532120/4907315
44
+ if: >-
45
+ ${{
46
+ contains(needs.*.result, 'failure')
47
+ || contains(needs.*.result, 'cancelled')
48
+ }}
data/SECURITY.md ADDED
@@ -0,0 +1,23 @@
1
+ # Aptible Open Source Security Policies and Procedures
2
+
3
+ This document outlines security procedures and general policies for the Aptible open source projects as found on https://github.com/aptible.
4
+
5
+ * [Reporting a Vulnerability](#reporting-a-vulnerability)
6
+ * [Responsible Disclosure Policy](#responsible-disclosure-policy)
7
+
8
+ ## Reporting a Vulnerability
9
+
10
+ The Aptible team and community take all security vulnerabilities
11
+ seriously. Thank you for improving the security of our open source software. We appreciate your efforts and responsible disclosure and will make every effort to acknowledge your contributions.
12
+
13
+ Report security vulnerabilities by emailing the Aptible security team at:
14
+
15
+ security@aptible.com
16
+
17
+ Security researchers can also privately report security vulnerabilities to repository maintainers using the GitHub "Report a Vulnerability" feature. [See how-to here](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability#privately-reporting-a-security-vulnerability).
18
+
19
+ The Aptible team will acknowledge your email within 24 business hours and send a detailed response within 48 business hours indicating the next steps in handling your report. The Aptible security team will keep you informed of the progress and may ask for additional information or guidance.
20
+
21
+ ## Responsible Disclosure Policy
22
+
23
+ Please see Aptible's Responsible Disclosure Policy here: https://www.aptible.com/legal/responsible-disclosure/
data/fridge.gemspec CHANGED
@@ -21,7 +21,7 @@ Gem::Specification.new do |spec|
21
21
  spec.require_paths = ['lib']
22
22
 
23
23
  spec.add_dependency 'gem_config'
24
- spec.add_dependency 'jwt', '~> 1.5.6'
24
+ spec.add_dependency 'jwt', '~> 2.3.0'
25
25
 
26
26
  spec.add_development_dependency 'aptible-tasks'
27
27
  spec.add_development_dependency 'pry'
data/lib/fridge/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Fridge
2
- VERSION = '0.4.5'.freeze
2
+ VERSION = '1.0.1'.freeze
3
3
  end
data/spec/fridge/access_token_spec.rb CHANGED
@@ -79,21 +79,22 @@ describe Fridge::AccessToken do
79
79
  end
80
80
 
81
81
  it 'should be verifiable with the application public key' do
82
- expect { JWT.decode(subject.serialize, public_key) }.not_to raise_error
82
+ expect { JWT.decode(subject.serialize, public_key, true, algorithm: 'RS512') }
83
+ .not_to raise_error
83
84
  end
84
85
 
85
86
  it 'should be tamper-resistant' do
86
87
  header, _, signature = subject.serialize.split('.')
87
- tampered_claim = JWT.base64url_encode({ foo: 'bar' }.to_json)
88
+ tampered_claim = JWT::Base64.url_encode({ foo: 'bar' }.to_json)
88
89
  tampered_token = [header, tampered_claim, signature].join('.')
89
90
 
90
91
  expect do
91
- JWT.decode(tampered_token, public_key)
92
+ JWT.decode(tampered_token, public_key, true, algorithm: 'RS512')
92
93
  end.to raise_error JWT::DecodeError
93
94
  end
94
95
 
95
96
  it 'should represent :exp in seconds since the epoch' do
96
- hash, = JWT.decode(subject.serialize, public_key)
97
+ hash, = JWT.decode(subject.serialize, public_key, true, algorithm: 'RS512')
97
98
  expect(hash['exp']).to be_a Integer
98
99
  end
99
100
 
@@ -133,7 +134,7 @@ describe Fridge::AccessToken do
133
134
  # test that, although eventually we'll want to see symbols back.
134
135
  actor_s = { 'sub' => 'foo', 'username' => 'test',
135
136
  'act' => { 'sub' => 'bar' } }
136
- hash, = JWT.decode(subject.serialize, public_key)
137
+ hash, = JWT.decode(subject.serialize, public_key, true, algorithm: 'RS512')
137
138
  expect(hash['act']).to eq(actor_s)
138
139
 
139
140
  # Now, check that we properly get symbols back
data/spec/spec_helper.rb CHANGED
@@ -1,6 +1,7 @@
1
1
  $LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
2
2
  $LOAD_PATH.unshift(File.dirname(__FILE__))
3
3
 
4
+ require 'logger'
4
5
  require 'active_support/all'
5
6
  require 'action_controller'
6
7
  require 'action_dispatch'
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: fridge
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.5
4
+ version: 1.0.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Frank Macreery
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-11-30 00:00:00.000000000 Z
11
+ date: 2025-12-29 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: gem_config
@@ -30,14 +30,14 @@ dependencies:
30
30
  requirements:
31
31
  - - "~>"
32
32
  - !ruby/object:Gem::Version
33
- version: 1.5.6
33
+ version: 2.3.0
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - "~>"
39
39
  - !ruby/object:Gem::Version
40
- version: 1.5.6
40
+ version: 2.3.0
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: aptible-tasks
43
43
  requirement: !ruby/object:Gem::Requirement
@@ -130,13 +130,15 @@ extensions: []
130
130
  extra_rdoc_files: []
131
131
  files:
132
132
  - ".github/CODEOWNERS"
133
+ - ".github/workflows/release.yml"
134
+ - ".github/workflows/test.yml"
133
135
  - ".gitignore"
134
136
  - ".rspec"
135
- - ".travis.yml"
136
137
  - Gemfile
137
138
  - LICENSE.md
138
139
  - README.md
139
140
  - Rakefile
141
+ - SECURITY.md
140
142
  - fridge.gemspec
141
143
  - lib/fridge.rb
142
144
  - lib/fridge/access_token.rb
@@ -169,7 +171,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
169
171
  - !ruby/object:Gem::Version
170
172
  version: '0'
171
173
  requirements: []
172
- rubygems_version: 3.0.3.1
174
+ rubygems_version: 3.5.22
173
175
  signing_key:
174
176
  specification_version: 4
175
177
  summary: Token validation for distributed resource servers
data/.travis.yml DELETED
@@ -1,6 +0,0 @@
1
- sudo: false
2
- rvm:
3
- - 2.2
4
- - 2.5
5
- - 2.6
6
- - 3.1