glogin 0.2.4 → 0.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 357ad19636ac2af81c1ae7fa5cf8207d913b321f
-  data.tar.gz: 4d3820c7c7bcbfb6a705d8c18915df06eb06d841
+  metadata.gz: c3c071f29aab8173a4e284f3474e9ec61fca2a35
+  data.tar.gz: e79f3c2070e7779837fbd91fd9ed57b238eab102
 SHA512:
-  metadata.gz: c63d0a85c703d26b28661a6380aef6c1b85a1f1092a2926f715c081172f817ac42325b3aebf243685d1f853961550e6d127b298c8c2784162b1855b3b14749c1
-  data.tar.gz: cf3c5ee83aaae89c7c1621bd90c506dae4fb51f654068341465ed1ecef60ea77626469f43aa94b25497902256a798fd3797b8c1d5c6a5646edbc79c587d2d642
+  metadata.gz: 843729ae29be1dc09908a270559dd7358e37ab37709b4a51412c98d8bf94bbe0d4f7ba7967f9e53453db62b3f2b07e4e1bdd2518d78d788fdd952fdad013f22b
+  data.tar.gz: 76185f8c23855c3929d84fe7df2adcdf492ab8efce2508d0b077b77cfbb44280ffd69be2ff4c9f1c644a4e61f702ba503884ceeb015752e4fbd5c32f47763994

data/.rubocop.yml

@@ -7,7 +7,7 @@ AllCops:
 
 Metrics/MethodLength:
   Enabled: false
-Style/MultilineMethodCallIndentation:
+Layout/MultilineMethodCallIndentation:
   Enabled: false
 Metrics/AbcSize:
   Enabled: false

data/README.md

@@ -84,6 +84,12 @@ get '/logout' do
 end
 ```
 
+It is recommended to provide the third "context" parameter to
+`GLogin::Cookie::Closed` and `GLogin::Cookie::Open` constructors, in order
+to enforce stronger security. The context may include the `User-Agent`
+HTTP header of the user, their IP address, and so on. When anything
+changes on the user side, they will be forced to re-login.
+
 One more thing is the login URL you will need for your front page. Here
 it is:
 

data/Rakefile

@@ -40,6 +40,7 @@ Rake::TestTask.new(:test) do |test|
   Rake::Cleaner.cleanup_files(['coverage'])
   test.libs << 'lib' << 'test'
   test.pattern = 'test/**/test_*.rb'
+  test.warning = true
   test.verbose = false
 end
 

data/glogin.gemspec

@@ -45,11 +45,11 @@ Gem::Specification.new do |s|
   s.test_files = s.files.grep(%r{^(test|features)/})
   s.rdoc_options = ['--charset=UTF-8']
   s.extra_rdoc_files = ['README.md', 'LICENSE.txt']
-  s.add_development_dependency 'codecov', '0.1.10'
-  s.add_development_dependency 'minitest', '5.5.0'
-  s.add_development_dependency 'rake', '12.0.0'
-  s.add_development_dependency 'rdoc', '4.2.0'
-  s.add_development_dependency 'rspec-rails', '3.1.0'
-  s.add_development_dependency 'rubocop', '0.57'
-  s.add_development_dependency 'rubocop-rspec', '1.5.1'
+  s.add_development_dependency 'codecov', '~>0.1'
+  s.add_development_dependency 'minitest', '~>5.5'
+  s.add_development_dependency 'rake', '~>12.0'
+  s.add_development_dependency 'rdoc', '~>4.2'
+  s.add_development_dependency 'rspec-rails', '~>3.1'
+  s.add_development_dependency 'rubocop', '~>0.57'
+  s.add_development_dependency 'rubocop-rspec', '~>1.5'
 end

data/lib/glogin/cookie.rb

@@ -32,15 +32,21 @@ module GLogin
   # Secure cookie
   #
   class Cookie
-    # Closed
+    # Closed cookie.
     class Closed
-      def initialize(text, secret)
+      def initialize(text, secret, context = '')
         raise 'Text can\'t be nil' if text.nil?
         @text = text
         raise 'Secret can\'t be nil' if secret.nil?
         @secret = secret
+        @context = context.to_s
       end
 
+      # Returns a hash with two elements: login and avatar.
+      # If the secret is empty, the text will be returned, without
+      # any decryption. If the data is not valid, an exception
+      # OpenSSL::Cipher::CipherError will be raised, which you have
+      # to catch in your applicaiton and ignore the login attempt.
       def to_user
         plain =
           if @secret.empty?
@@ -53,25 +59,36 @@ module GLogin
             decrypted << cpr.final
             decrypted.to_s
           end
-        parts = plain.split('|')
+        parts = plain.split('|', 3)
+        unless parts[2].to_s == @context
+          raise(
+            OpenSSL::Cipher::CipherError,
+            "Context '#{@context}' expectected, but '#{parts[2]}' found"
+          )
+        end
         { login: parts[0], avatar: parts[1] }
       end
     end
 
     # Open
     class Open
-      def initialize(json, secret)
+      # Here comes the JSON you receive from Auth.user()
+      def initialize(json, secret, context = '')
         raise 'JSON can\'t be nil' if json.nil?
         @json = json
         raise 'Secret can\'t be nil' if secret.nil?
         @secret = secret
+        @context = context.to_s
       end
 
+      # Returns the text you should drop back to the user as a cookie.
       def to_s
         cpr = Cookie.cipher
         cpr.encrypt
         cpr.key = Cookie.digest(@secret)
-        encrypted = cpr.update("#{@json['login']}|#{@json['avatar_url']}")
+        encrypted = cpr.update(
+          "#{@json['login']}|#{@json['avatar_url']}|#{@context}"
+        )
         encrypted << cpr.final
         Base64.encode64(encrypted.to_s)
       end
@@ -82,7 +99,7 @@ module GLogin
     end
 
     def self.cipher
-      OpenSSL::Cipher::Cipher.new('aes-256-cbc')
+      OpenSSL::Cipher.new('aes-256-cbc')
     end
   end
 end

data/lib/glogin/version.rb

@@ -24,5 +24,5 @@
 # Copyright:: Copyright (c) 2017-2018 Yegor Bugayenko
 # License:: MIT
 module GLogin
-  VERSION = '0.2.4'.freeze
+  VERSION = '0.3'.freeze
 end

data/test/glogin/test_cookie.rb

@@ -39,6 +39,22 @@ class TestCookie < Minitest::Test
     assert_equal(user[:avatar], 'https://avatars1.githubusercontent.com/u/526301')
   end
 
+  def test_encrypts_and_decrypts_with_context
+    secret = 'kfdj7hjsywhs6hjshr7shsw990s'
+    context = '127.0.0.1'
+    user = GLogin::Cookie::Closed.new(
+      GLogin::Cookie::Open.new(
+        JSON.parse('{"login":"jeffrey","avatar_url":"#"}'),
+        secret,
+        context
+      ).to_s,
+      secret,
+      context
+    ).to_user
+    assert_equal(user[:login], 'jeffrey')
+    assert_equal(user[:avatar], '#')
+  end
+
   def test_decrypts_in_test_mode
     user = GLogin::Cookie::Closed.new(
       'test|http://example.com', ''
@@ -58,4 +74,19 @@ class TestCookie < Minitest::Test
       ).to_user
     end
   end
+
+  def test_fails_on_wrong_context
+    secret = 'fdjruewoijs789fdsufds89f7ds89fs'
+    assert_raises OpenSSL::Cipher::CipherError do
+      GLogin::Cookie::Closed.new(
+        GLogin::Cookie::Open.new(
+          JSON.parse('{"login":"x","avatar_url":"x"}'),
+          secret,
+          'context-1'
+        ).to_s,
+        secret,
+        'context-2'
+      ).to_user
+    end
+  end
 end

metadata

@@ -1,113 +1,113 @@
 --- !ruby/object:Gem::Specification
 name: glogin
 version: !ruby/object:Gem::Version
-  version: 0.2.4
+  version: '0.3'
 platform: ruby
 authors:
 - Yegor Bugayenko
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-06-07 00:00:00.000000000 Z
+date: 2018-06-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: codecov
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.1.10
+        version: '0.1'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.1.10
+        version: '0.1'
 - !ruby/object:Gem::Dependency
   name: minitest
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 5.5.0
+        version: '5.5'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 5.5.0
+        version: '5.5'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 12.0.0
+        version: '12.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 12.0.0
+        version: '12.0'
 - !ruby/object:Gem::Dependency
   name: rdoc
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 4.2.0
+        version: '4.2'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 4.2.0
+        version: '4.2'
 - !ruby/object:Gem::Dependency
   name: rspec-rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.1.0
+        version: '3.1'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.1.0
+        version: '3.1'
 - !ruby/object:Gem::Dependency
   name: rubocop
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '0.57'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '0.57'
 - !ruby/object:Gem::Dependency
   name: rubocop-rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.5.1
+        version: '1.5'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.5.1
+        version: '1.5'
 description: Enables login/logout functionality for a Ruby web app
 email: yegor256@gmail.com
 executables: []