glogin 0.5.1 → 0.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a5cea77d58ede219ba077e49630a46bb098be2ddc118ee877d6f4546abdf34e8
-  data.tar.gz: 655bd2fc1ef553c2ade646ab881faa8b681fe9c3357bf28bf015cb61d936201f
+  metadata.gz: 72c86f15831f8df5a5d22617b889445f2edc8a18b9a8cac412ecd6fae3fb10ea
+  data.tar.gz: 9280242c989853567637bdaeaed594dcc6f728d16c0f6bf176168c4b69f3166d
 SHA512:
-  metadata.gz: eeb4672fe51e49f717fdfae2b4f7edec1fd5fb3a95a3db53e06a57a8fa6650aa25a4f0f4772168c0a76703a52c5ec5e5ae7f078ccbc185b54755daa4ee997dca
-  data.tar.gz: 3c81ba17842a04dd9f8c45e46fb795c6dac8b6e3375ef797f77d7c8db4b7eb76eb777a0fc46af73c3cd0a07f4ea10259d1a5fe4c62ae9309d534ee71dfd9f261
+  metadata.gz: 6d4437fd9ab2f4634b248aaf9f23d4dd32bc026bfa69660a56aaf171418de27972f4304cac309dceba16171b57bead9839d9e24f350782285a69d3a191bf47af
+  data.tar.gz: 87647de3454925e2eb32baa1d209e9eb3e1d353c922fdca6e1e6a22cf6b8d9114c971fc9a8e1feaa018aded19cf2ac91fd33a9dcd13de5c06a4a13cedb574a79

data/.rubocop.yml

@@ -7,6 +7,8 @@ AllCops:
 
 Metrics/MethodLength:
   Enabled: false
+Style/ClassAndModuleChildren:
+  Enabled: false
 Layout/MultilineMethodCallIndentation:
   Enabled: false
 Metrics/AbcSize:

data/.rultor.yml

@@ -1,15 +1,13 @@
 assets:
-  rubygems.yml: zerocracy/home#assets/rubygems.yml
-  s3cfg: zerocracy/home#assets/s3cfg
+  rubygems.yml: yegor256/home#assets/rubygems.yml
 install: |
   export GEM_HOME=~/.ruby
   export GEM_PATH=$GEM_HOME:$GEM_PATH
-  sudo apt-get -y update
-  sudo gem install pdd
+  sudo gem install pdd -v 0.20.5
+  bundle install
 release:
   script: |-
-    bundle install
-    rake
+    bundle exec rake
     rm -rf *.gem
     sed -i "s/1\.0\.snapshot/${tag}/g" lib/glogin/version.rb
     git add lib/glogin/version.rb
@@ -17,15 +15,10 @@ release:
     gem build glogin.gemspec
     chmod 0600 ../rubygems.yml
     gem push *.gem --config-file ../rubygems.yml
-  commanders:
-  - yegor256
-architect:
-- yegor256
 merge:
   script: |-
-    bundle install
-    rake
-    pdd
+    bundle exec rake
+    pdd -f /dev/null
 deploy:
   script: |-
     echo "There is nothing to deploy"

data/.travis.yml

@@ -8,6 +8,6 @@ branches:
 install:
   - travis_retry bundle update
 script:
-  - rake
+  - bundle exec rake
 after_success:
   - "bash <(curl -s https://codecov.io/bash)"

data/README.md

@@ -1,6 +1,8 @@
+<img src="/logo.svg" width="64px" height="64px"/>
+
 [![Managed by Zerocracy](https://www.0crat.com/badge/C3RFVLU72.svg)](https://www.0crat.com/p/C3RFVLU72)
 [![DevOps By Rultor.com](http://www.rultor.com/b/yegor256/glogin)](http://www.rultor.com/p/yegor256/glogin)
-[![We recommend RubyMine](http://www.elegantobjects.org/rubymine.svg)](https://www.jetbrains.com/ruby/)
+[![We recommend RubyMine](https://www.elegantobjects.org/rubymine.svg)](https://www.jetbrains.com/ruby/)
 
 [![Build Status](https://travis-ci.org/yegor256/glogin.svg)](https://travis-ci.org/yegor256/glogin)
 [![PDD status](http://www.0pdd.com/svg?name=yegor256/glogin)](http://www.0pdd.com/p?name=yegor256/glogin)
@@ -9,7 +11,8 @@
 [![Test Coverage](https://img.shields.io/codecov/c/github/yegor256/glogin.svg)](https://codecov.io/github/yegor256/glogin?branch=master)
 [![Yard Docs](http://img.shields.io/badge/yard-docs-blue.svg)](http://rubydoc.info/github/yegor256/glogin/master/frames)
 
-## GitHub Login for Ruby web app
+[![Hits-of-Code](https://hitsofcode.com/github/yegor256/glogin)](https://hitsofcode.com/view/github/yegor256/glogin)
+[![License](https://img.shields.io/badge/license-MIT-green.svg)](https://github.com/yegor256/glogin/blob/master/LICENSE.txt)
 
 This simple gem will help you enable login/logout through
 [GitHub OAuth](https://developer.github.com/apps/building-integrations/setting-up-and-registering-oauth-apps/)
@@ -17,6 +20,9 @@ for your web application. This is how it works with
 [Sinatra](http://www.sinatrarb.com/),
 but you can do something similar in any framework.
 
+Read this blog post to get the idea:
+[_Simplified GitHub Login for a Ruby Web App_](https://www.yegor256.com/2018/06/19/glogin.html)
+
 First, somewhere in the global space, before the app starts:
 
 ```ruby
@@ -47,7 +53,7 @@ before '/*' do
         # encrypt the value in the cookie.
         secret
       ).to_user
-    rescue OpenSSL::Cipher::CipherError => _
+    rescue GLogin::Codec::DecodingError => _
       # Nothing happens here, the user is not logged in.
       cookies.delete(:glogin)
     end
@@ -132,7 +138,7 @@ encrypted = codec.encrypt('Hello, world!')
 decrypted = codec.decrypt(encrypted)
 ```
 
-# How to contribute
+## How to contribute
 
 Read [these guidelines](https://www.yegor256.com/2014/04/15/github-guidelines.html).
 Make sure you build is green before you contribute
@@ -141,31 +147,7 @@ your pull request. You will need to have [Ruby](https://www.ruby-lang.org/en/) 2
 
 ```
 $ bundle update
-$ rake
+$ bundle exec rake
 ```
 
 If it's clean and you don't see any error messages, submit your pull request.
-
-## License
-
-(The MIT License)
-
-Copyright (c) 2017-2019 Yegor Bugayenko
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the 'Software'), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.

data/Rakefile

@@ -63,7 +63,7 @@ RuboCop::RakeTask.new(:rubocop) do |task|
 end
 
 task :copyright do
-  sh "grep -q -r '#{Date.today.strftime('%Y')}' \
+  sh "grep -q -r '2017-#{Date.today.strftime('%Y')}' \
     --include '*.rb' \
     --include '*.txt' \
     --include 'Rakefile' \

data/glogin.gemspec

@@ -47,6 +47,7 @@ Gem::Specification.new do |s|
   s.test_files = s.files.grep(%r{^(test)/})
   s.rdoc_options = ['--charset=UTF-8']
   s.extra_rdoc_files = ['README.md', 'LICENSE.txt']
+  s.add_runtime_dependency 'base58', '0.2.3'
   s.add_development_dependency 'codecov', '0.1.14'
   s.add_development_dependency 'minitest', '5.11.3'
   s.add_development_dependency 'rake', '12.3.2'

data/lib/glogin/codec.rb

@@ -24,63 +24,64 @@
 require 'securerandom'
 require 'openssl'
 require 'digest/sha1'
-require 'base64'
+require 'base58'
 
 # Codec.
 # Author:: Yegor Bugayenko (yegor256@gmail.com)
 # Copyright:: Copyright (c) 2017-2019 Yegor Bugayenko
 # License:: MIT
-module GLogin
-  #
-  # Codec
-  #
-  class Codec
-    def initialize(secret = '')
-      raise 'Secret can\'t be nil' if secret.nil?
-      @secret = secret
-    end
+class GLogin::Codec
+  # When can't decode.
+  class DecodingError < StandardError; end
 
-    def decrypt(text)
-      raise 'Text can\'t be nil' if text.nil?
-      if @secret.empty?
-        text
-      else
-        cpr = cipher
-        cpr.decrypt
-        cpr.key = digest
-        plain = Base64.decode64(text)
-        raise OpenSSL::Cipher::CipherError if plain.empty?
-        decrypted = cpr.update(plain)
-        decrypted << cpr.final
-        salt, body = decrypted.to_s.split(' ', 2)
-        raise OpenSSL::Cipher::CipherError if salt.empty?
-        raise OpenSSL::Cipher::CipherError if body.nil?
-        body.force_encoding('UTF-8')
-        body
-      end
-    end
+  def initialize(secret = '')
+    raise 'Secret can\'t be nil' if secret.nil?
+    @secret = secret
+  end
 
-    def encrypt(text)
-      raise 'Text can\'t be nil' if text.nil?
-      if @secret.empty?
-        text
-      else
-        cpr = cipher
-        cpr.encrypt
-        cpr.key = digest
-        salt = SecureRandom.base64(Random.rand(8..32))
-        encrypted = cpr.update(salt + ' ' + text)
-        encrypted << cpr.final
-        Base64.encode64(encrypted.to_s).delete("\n")
-      end
+  def decrypt(text)
+    raise 'Text can\'t be nil' if text.nil?
+    if @secret.empty?
+      text
+    else
+      cpr = cipher
+      cpr.decrypt
+      cpr.key = digest
+      raise DecodingError unless /^[a-zA-Z0-9]+$/.match?(text)
+      plain = Base58.base58_to_binary(text)
+      raise DecodingError if plain.empty?
+      decrypted = cpr.update(plain)
+      decrypted << cpr.final
+      salt, body = decrypted.to_s.split(' ', 2)
+      raise DecodingError if salt.empty?
+      raise DecodingError if body.nil?
+      body.force_encoding('UTF-8')
+      body
     end
+  rescue OpenSSL::Cipher::CipherError => e
+    raise DecodingError, e.message
+  end
 
-    def digest
-      Digest::SHA1.hexdigest(@secret)[0..31]
+  def encrypt(text)
+    raise 'Text can\'t be nil' if text.nil?
+    if @secret.empty?
+      text
+    else
+      cpr = cipher
+      cpr.encrypt
+      cpr.key = digest
+      salt = SecureRandom.base64(Random.rand(8..32))
+      encrypted = cpr.update(salt + ' ' + text)
+      encrypted << cpr.final
+      Base58.binary_to_base58(encrypted)
     end
+  end
 
-    def cipher
-      OpenSSL::Cipher.new('aes-256-cbc')
-    end
+  def digest
+    Digest::SHA1.hexdigest(@secret)[0..31]
+  end
+
+  def cipher
+    OpenSSL::Cipher.new('aes-256-cbc')
   end
 end

data/lib/glogin/cookie.rb

@@ -51,14 +51,14 @@ module GLogin
       # Returns a hash with two elements: login and avatar.
       # If the secret is empty, the text will be returned, without
       # any decryption. If the data is not valid, an exception
-      # OpenSSL::Cipher::CipherError will be raised, which you have
+      # GLogin::Codec::DecodingError will be raised, which you have
       # to catch in your applicaiton and ignore the login attempt.
       def to_user
         plain = Codec.new(@secret).decrypt(@text)
         login, avatar, bearer, ctx = plain.split(GLogin::SPLIT, 4)
         if !@secret.empty? && ctx.to_s != @context
           raise(
-            OpenSSL::Cipher::CipherError,
+            GLogin::Codec::DecodingError,
             "Context '#{@context}' expected, but '#{ctx}' found"
           )
         end

data/lib/glogin/version.rb

@@ -26,5 +26,5 @@
 # Copyright:: Copyright (c) 2017-2019 Yegor Bugayenko
 # License:: MIT
 module GLogin
-  VERSION = '0.5.1'
+  VERSION = '0.6.0'
 end

data/logo.svg

@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<svg width="314px" height="314px" viewBox="0 0 314 314" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
+    <!-- Generator: Sketch 43.2 (39069) - http://www.bohemiancoding.com/sketch -->
+    <title>Group 2</title>
+    <desc>Created with Sketch.</desc>
+    <defs></defs>
+    <g id="Page-1" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
+        <g id="Group-2">
+            <g id="Group">
+                <circle id="Oval" fill="#053C5E" cx="157" cy="157" r="157"></circle>
+                <rect id="Rectangle" fill="#2B2B2B" x="0" y="234" width="233" height="68"></rect>
+                <text id="glogin" font-family="CourierNewPS-BoldMT, Courier New" font-size="50" font-weight="bold" fill="#FFFFFF">
+                    <tspan x="28" y="282">glogin</tspan>
+                </text>
+                <path d="M135.676765,111.215287 C135.211714,113.540467 132.770932,120.688823 130.252813,127.100603 C127.734621,133.512383 125.2898,140.431445 124.819828,142.476214 C123.6868,147.405663 121.517836,147.185477 119.69487,141.95608 C116.899865,133.938362 105.171362,111.043501 103.859129,111.043501 C100.420089,111.043501 101.508757,114.986149 109.1771,130.30227 C113.739327,139.414532 118.032086,147.448041 118.716515,148.15443 C120.694817,150.196115 120.172626,154.319657 117.358599,158.877992 C113.567467,165.019055 107.570942,183.721189 108.054206,187.896804 C108.804956,194.383204 112.436054,192.210274 113.355359,184.724515 C114.48376,175.535577 120.945556,159.641154 124.897459,156.333653 C127.109021,154.482778 128.268636,151.905536 128.573284,148.163978 C128.818001,145.157747 131.906711,135.560972 135.437115,126.837819 C138.96752,118.114666 141.511492,110.079835 141.090434,108.982574 C139.755727,105.504315 136.554941,106.824333 135.676765,111.215287 M174.714659,126.841564 C169.37392,129.699438 169.197653,130.049915 167.452978,141.283475 C165.577352,153.360398 165.225112,168.513913 166.548289,180.203784 L167.566817,189.202501 L161.346213,191.9541 C154.601949,194.937416 150.91195,200.302465 153.156708,203.861146 C155.104824,206.949562 157.09025,206.70198 157.571826,203.310532 C158.083734,199.706169 166.097413,193.204052 170.29418,192.987978 C172.116999,192.894116 173.522874,191.717021 173.97823,189.903529 C174.383277,188.290613 177.740353,184.944554 181.438431,182.467858 C188.546172,177.707551 194.317883,170.450278 194.317883,166.273341 C194.317883,162.684548 189.493165,158.361603 185.487795,158.361603 C180.701636,158.361603 180.027195,155.239403 183.731222,150.229385 C188.308065,144.038966 188.284856,130.867646 183.690534,127.147387 C179.896537,124.075276 179.885006,124.074836 174.714659,126.841564 M182.67318,134.240439 C184.752542,140.153164 174.808961,161.185104 171.588639,157.68562 C169.868715,155.81653 172.863122,135.012708 175.266374,132.134564 C177.872553,129.013319 181.163896,129.949075 182.67318,134.240439 M184.854262,162.269586 C190.589839,163.855621 189.673839,167.881335 181.645765,176.371155 C177.281618,180.986262 173.904933,183.573859 173.371946,182.711474 C172.876636,181.91012 172.127869,176.711937 171.707987,171.159972 L170.944531,161.065463 L176.209475,161.200234 C179.105172,161.274339 182.995308,161.755548 184.854262,162.269586 M132.642184,172.492256 C131.593837,175.224098 133.152917,177.288844 136.264027,177.288844 C139.014965,177.288844 139.431396,176.221769 138.067531,172.667568 C137.039234,169.987871 133.645289,169.878218 132.642184,172.492256 M203.781503,185.840798 C203.781503,187.657595 209.264724,193.512152 210.966361,193.512152 C212.534035,193.512152 211.991059,187.391138 210.270768,185.670847 C208.092403,183.492409 203.781503,183.605293 203.781503,185.840798" id="Fill-6" fill="#427B8A" fill-rule="nonzero"></path>
+            </g>
+        </g>
+    </g>
+</svg>

data/test/glogin/test_auth.rb

@@ -29,13 +29,11 @@ class TestAuth < Minitest::Test
   def test_authenticate_via_https
     auth = GLogin::Auth.new('1234', '4433', 'https://example.org')
     stub_request(:post, 'https://github.com/login/oauth/access_token').to_return(
-      status: 200,
       body: {
         access_token: 'some-token'
       }.to_json
     )
     stub_request(:get, 'https://api.github.com/user').to_return(
-      status: 200,
       body: {
         auth_code: '437849732894732',
         login: 'yegor256'

data/test/glogin/test_codec.rb

@@ -22,6 +22,7 @@
 # SOFTWARE.
 
 require 'minitest/autorun'
+require 'base64'
 require_relative '../../lib/glogin/codec'
 
 class TestCodec < Minitest::Test
@@ -40,7 +41,7 @@ class TestCodec < Minitest::Test
   end
 
   def test_decrypts_with_invalid_password
-    assert_raises OpenSSL::Cipher::CipherError do
+    assert_raises GLogin::Codec::DecodingError do
       GLogin::Codec.new('the wrong key').decrypt(
         GLogin::Codec.new('the right key').encrypt('the text')
       )
@@ -49,12 +50,12 @@ class TestCodec < Minitest::Test
 
   def test_encrypts_into_plain_string
     text = GLogin::Codec.new('6hFGrte5LLmwi').encrypt("K&j\n\n\tuIpwp00{]=")
-    assert(text =~ %r{^[a-zA-Z0-9/=+]+$}, text)
+    assert(text =~ /^[a-zA-Z0-9]+$/, text)
     assert(!text.include?("\n"), text)
   end
 
   def test_decrypts_broken_text
-    assert_raises OpenSSL::Cipher::CipherError do
+    assert_raises GLogin::Codec::DecodingError do
       GLogin::Codec.new('the key').decrypt('этот текст не был зашифрован')
     end
   end

data/test/glogin/test_cookie.rb

@@ -74,7 +74,7 @@ class TestCookie < Minitest::Test
   end
 
   def test_fails_on_broken_text
-    assert_raises OpenSSL::Cipher::CipherError do
+    assert_raises GLogin::Codec::DecodingError do
       GLogin::Cookie::Closed.new(
         GLogin::Cookie::Open.new(
           JSON.parse('{"login":"x","avatar_url":"x"}'),
@@ -87,7 +87,7 @@ class TestCookie < Minitest::Test
 
   def test_fails_on_wrong_context
     secret = 'fdjruewoijs789fdsufds89f7ds89fs'
-    assert_raises OpenSSL::Cipher::CipherError do
+    assert_raises GLogin::Codec::DecodingError do
       GLogin::Cookie::Closed.new(
         GLogin::Cookie::Open.new(
           JSON.parse('{"login":"x","avatar_url":"x"}'),

metadata

@@ -1,15 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: glogin
 version: !ruby/object:Gem::Version
-  version: 0.5.1
+  version: 0.6.0
 platform: ruby
 authors:
 - Yegor Bugayenko
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-05-09 00:00:00.000000000 Z
+date: 2019-07-08 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: base58
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.2.3
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.2.3
 - !ruby/object:Gem::Dependency
   name: codecov
   requirement: !ruby/object:Gem::Requirement
@@ -148,6 +162,7 @@ files:
 - lib/glogin/codec.rb
 - lib/glogin/cookie.rb
 - lib/glogin/version.rb
+- logo.svg
 - test/glogin/test_auth.rb
 - test/glogin/test_codec.rb
 - test/glogin/test_cookie.rb