RubyGems - has_protected_token - Versions diffs - 0.0.0.pre.alpha - Mend

has_protected_token 0.0.0.pre.alpha

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (17) hide show

checksums.yaml +7 -0
data/.gitignore +2 -0
data/.rspec +1 -0
data/.ruby-version +1 -0
data/.travis.yml +12 -0
data/Gemfile +3 -0
data/Gemfile.lock +65 -0
data/LICENSE.txt +22 -0
data/README.md +3 -0
data/Rakefile +10 -0
data/has_protected_token.gemspec +23 -0
data/lib/has_protected_token.rb +116 -0
data/spec/lib/has_protected_token_spec.rb +138 -0
data/spec/spec_helper.rb +32 -0
data/spec/support/model.rb +13 -0
data/spec/support/schema.rb +6 -0
metadata +187 -0

checksums.yaml ADDED

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 2402637577f83fe36f06f2f78c890acf609d2f88f119c19aa611c50b62e01883
+  data.tar.gz: 070f0809cc1e72075fc117fa108fbad54a96269efc621dacd61565a7b1ba9d87
+SHA512:
+  metadata.gz: 9e4e4b5a199ace9e249752acedd415fa0082d70374971c0aaa6c4368c96db97c9bafe21837ee886d4eabec7db8a5cce398e99d5c7dba6829b9d0995471bec8dd
+  data.tar.gz: 52b14529a9d74b2cfa230149fcde14751d0560331d76b1b178bc17e8e1a3d452e040efc4a2805ab2ae48de8a00ba86957723f780d25b16cd88de52128523edab

data/.gitignore ADDED

	@@ -0,0 +1,2 @@
1	+ .byebug_history
2	+ db/

data/.rspec ADDED

	@@ -0,0 +1 @@
1	+ --require spec_helper

data/.ruby-version ADDED

	@@ -0,0 +1 @@
1	+ 2.5.7

data/.travis.yml ADDED

@@ -0,0 +1,12 @@
+language: ruby
+cache: bundler
+before_install:
+  - gem install bundler -v 1.17.3
+install:
+  - bundle install
+branches:
+  only:
+    - master

data/Gemfile ADDED

@@ -0,0 +1,3 @@
+source 'https://rubygems.org'
+gemspec

data/Gemfile.lock ADDED

@@ -0,0 +1,65 @@
+PATH
+  remote: .
+  specs:
+    has_protected_token (0.0.0.pre.alpha)
+      activerecord (>= 3.0)
+      bcrypt (~> 3.1.1)
+GEM
+  remote: https://rubygems.org/
+  specs:
+    activemodel (6.0.0)
+      activesupport (= 6.0.0)
+    activerecord (6.0.0)
+      activemodel (= 6.0.0)
+      activesupport (= 6.0.0)
+    activesupport (6.0.0)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (>= 0.7, < 2)
+      minitest (~> 5.1)
+      tzinfo (~> 1.1)
+      zeitwerk (~> 2.1, >= 2.1.8)
+    bcrypt (3.1.13)
+    bump (0.8.0)
+    byebug (11.0.1)
+    concurrent-ruby (1.1.5)
+    database_cleaner (1.7.0)
+    diff-lcs (1.3)
+    i18n (1.7.0)
+      concurrent-ruby (~> 1.0)
+    minitest (5.12.2)
+    rake (13.0.0)
+    rspec (3.8.0)
+      rspec-core (~> 3.8.0)
+      rspec-expectations (~> 3.8.0)
+      rspec-mocks (~> 3.8.0)
+    rspec-core (3.8.2)
+      rspec-support (~> 3.8.0)
+    rspec-expectations (3.8.5)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.8.0)
+    rspec-mocks (3.8.2)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.8.0)
+    rspec-support (3.8.3)
+    sqlite3 (1.4.1)
+    thread_safe (0.3.6)
+    tzinfo (1.2.5)
+      thread_safe (~> 0.1)
+    zeitwerk (2.2.0)
+PLATFORMS
+  ruby
+DEPENDENCIES
+  bump
+  bundler (~> 1.17.3)
+  byebug
+  database_cleaner
+  has_protected_token!
+  rake
+  rspec
+  sqlite3
+BUNDLED WITH
+   1.17.3

data/LICENSE.txt ADDED

@@ -0,0 +1,22 @@
+Copyright (c) 2019 David Allen
+MIT License
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md ADDED

@@ -0,0 +1,3 @@
+# has_protected_token
+This gem is a work in progress towards a minimum viable product. Version 0.1 should be released soon.

data/Rakefile ADDED

@@ -0,0 +1,10 @@
+require 'rspec/core/rake_task'
+require 'bump/tasks'
+Bump.tag_by_default = true
+RSpec::Core::RakeTask.new :test do |task|
+  task.pattern = Dir.glob('spec/**/*_spec.rb')
+end
+task default: :test

data/has_protected_token.gemspec ADDED

@@ -0,0 +1,23 @@
+Gem::Specification.new do |s|
+  s.name        = 'has_protected_token'
+  s.version     = '0.0.0-alpha'
+  s.date        = '2019-10-06'
+  s.summary     = 'Easily generate random tokens for any ActiveRecord model and store them securely in the database.'
+  s.description = 'Generate random tokens (or use your own) for any ActiveRecord model. Hashes and salts the token before storage in the database using the same methodology as has_secure_password.'
+  s.author      = 'David Allen'
+  s.email       = '1337dallen@gmail.com' # yes, I know it's a terrible email address...
+  s.files       = `git ls-files`.split("\n")
+  s.homepage    = 'https://github.com/StaphSynth/has_protected_token'
+  s.license     = 'MIT'
+  s.add_dependency 'activerecord', '>= 3.0'
+  s.add_dependency 'bcrypt', '~> 3.1.1'
+  s.add_development_dependency 'bundler', '~> 1.17.3'
+  s.add_development_dependency 'rake'
+  s.add_development_dependency 'rspec'
+  s.add_development_dependency 'sqlite3'
+  s.add_development_dependency 'byebug'
+  s.add_development_dependency 'database_cleaner'
+  s.add_development_dependency 'bump'
+end

data/lib/has_protected_token.rb ADDED

@@ -0,0 +1,116 @@
+require 'active_record'
+require 'bcrypt'
+module ActiveRecord
+  module ProtectedToken
+    extend ActiveSupport::Concern
+    module ClassMethods
+      # == has_protected_token
+      #
+      # Adds methods to set and validate against a token
+      # that has been hashed and salted using BCrypt.
+      # It assumes you have a 'token' attribute on
+      # your model.
+      #
+      # === Options
+      #
+      # +has_protected_token+ accepts an optional hash
+      # for modifying the following default behaviour:
+      #
+      # +column_name+
+      # If you would like to use an attribute other than
+      # 'token', pass +column_name: :my_attribute_name+
+      #
+      # +cost+
+      # BCrypt's default hashing cost is used. To use a
+      # different value, pass +cost: <value>+. The cost
+      # value must be an integer.
+      #
+      # === Example 1
+      #
+      # Generating a new token on the fly.
+      #
+      # class UserOne < ActiveRecord::Base
+      #   has_protected_token column_name: :shared_secret, cost: 8
+      # end
+      #
+      # user1 = UserOne.new
+      # user1.regenerate_shared_secret
+      # => 'e13d0bbd4a12d2aea673127c7e995a67'
+      #
+      # user1.authenticate_shared_secret('not_even_close_to_correct')
+      # => false
+      #
+      # user1.authenticate_shared_secret('e13d0bbd4a12d2aea673127c7e995a67')
+      # => true
+      #
+      # === Example 2
+      #
+      # Passing your own token.
+      #
+      # class UserTwo < ActiveRecord::Base
+      #   has_protected_token cost: 8
+      # end
+      #
+      # user2 = UserTwo.new
+      # user2.token = 'super_secret_token'
+      # => 'super_secret_token'
+      # user2.save!
+      # => true
+      # user2.token
+      # => '$2a$12$5xVuny6Z79bYfgMMU7nyzeaOSjygRnXfsJjeJHzRZ0vUYRGeUjo6u'
+      #
+      # user2.authenticate_token('totally_wrong')
+      # => false
+      #
+      # user2.authenticate_token('super_secret_token')
+      # => true
+      def has_protected_token(options = {})
+        attribute = options[:column_name] || :token
+        cost = options[:cost] || BCrypt::Engine::DEFAULT_COST
+        define_method("regenerate_#{attribute}") do
+          raw_token = self.class.generate_token
+          hashed_token = hash_token(raw_token, cost)
+          update_attribute(attribute, hashed_token)
+          raw_token
+        end
+        define_method("#{attribute}=") do |raw_token|
+          super(hash_token(raw_token, cost))
+        end
+        define_method("authenticate_#{attribute}") do |raw_token|
+          begin
+            BCrypt::Password.new(self.send(attribute)) == raw_token
+          rescue BCrypt::Error
+            false
+          end
+        end
+      end
+      # == .generate_token
+      # Class method to generate random tokens
+      #
+      # Accepts an optional integer to specify the length
+      # of the returned token.
+      def generate_token(length = 24)
+        n = length.to_i
+        SecureRandom.hex(n / 2) # hex returns n * 2
+        rescue NoMethodError
+          raise ArgumentError, 'Token length must be an integer'
+      end
+    end
+    private
+    def hash_token(raw_token, cost)
+      BCrypt::Password.create(raw_token, :cost => cost)
+    end
+  end
+end
+ActiveRecord::Base.send(:include, ActiveRecord::ProtectedToken)

data/spec/lib/has_protected_token_spec.rb ADDED

@@ -0,0 +1,138 @@
+require 'spec_helper'
+describe ActiveRecord::ProtectedToken do
+  let(:user) { User.create }
+  let(:raw_token) { 'raw_token' }
+  let(:hashed_token) { '$hashed_token$' }
+  describe 'options hash' do
+    describe 'column_name' do
+      context 'when no value is provided' do
+        it 'defaults to "token"' do
+          expect(user.respond_to?(:regenerate_token)).to be(true)
+        end
+      end
+      context 'when a symbol is passed' do
+        let(:user) { SpecialUser.create }
+        it 'uses it as an attribute name' do
+          expect(user.respond_to?(:regenerate_shared_secret)).to be(true)
+          expect(user.respond_to?(:regenerate_token)).to be(false)
+        end
+      end
+    end
+    describe 'cost' do
+      context 'when no value provided' do
+        it 'defaults to BCrypt::Engine::DEFAULT_COST' do
+          expect(BCrypt::Password).to receive(:create).with(
+            raw_token,
+            cost: BCrypt::Engine::DEFAULT_COST
+          )
+          user.token = raw_token
+        end
+      end
+      context 'when an integer is provided' do
+        let(:user) { CostedUser.new }
+        it 'accepts that instead' do
+          expect(BCrypt::Password).to receive(:create).with(
+            raw_token,
+            cost: 9
+          )
+          user.token = raw_token
+        end
+      end
+    end
+  end
+  context 'instance methods' do
+    before do
+      allow(User).to receive(:generate_token).and_return(raw_token)
+      allow(BCrypt::Password).to receive(:create).and_return(hashed_token)
+      allow(BCrypt::Password).to(
+        receive(:new).with(hashed_token).and_return(raw_token)
+      )
+    end
+    describe '#regenerate_{attribute}' do
+      it 'returns a new token' do
+        expect(user.regenerate_token).to eq(raw_token)
+      end
+      it 'hashes the new token and stores it in the database' do
+        user.regenerate_token
+        expect(user.reload.token).to eq(hashed_token)
+      end
+    end
+    describe '#authenticate_{attribute}' do
+      before do
+        user.regenerate_token
+      end
+      context 'when passed an plain text token' do
+        it 'returns true if it matches the stored value' do
+          expect(user.authenticate_token(raw_token)).to eq(true)
+        end
+        it 'returns false if it does not match the stored value' do
+          expect(user.authenticate_token('derp derp')).to eq(false)
+        end
+      end
+      context 'when passed bad data' do
+        before do
+          allow(BCrypt::Password).to receive(:new).and_raise(BCrypt::Error)
+        end
+        it 'returns false' do
+          expect(user.authenticate_token({ bad: 'data' })).to eq(false)
+        end
+      end
+    end
+    describe '#{attribute}=' do
+      context 'when passed a value' do
+        it 'hashes it and stores the hashed value in the model instance' do
+          user.token = raw_token
+          expect(user.token).to eq(hashed_token)
+          expect(User.find(user.id).token).to be_nil
+        end
+        it 'returns the original value' do
+          expect(user.token = raw_token).to eq(raw_token)
+        end
+      end
+    end
+  end
+  describe 'class methods' do
+    describe '.generate_token' do
+      let(:random_token) { 'abc123' }
+      context 'with no arguments' do
+        it 'returns a token 24 chars in length' do
+          expect(User.generate_token.size).to eq(24)
+        end
+      end
+      context 'when passing a length' do
+        it 'validates the length is coercable to an integer' do
+          expect{ User.generate_token(12) }.not_to raise_error
+          expect{ User.generate_token(false) }.to raise_error(ArgumentError)
+        end
+        it 'returns a token of that length' do
+          expect(User.generate_token(20).size).to eq(20)
+        end
+      end
+    end
+  end
+end

data/spec/spec_helper.rb ADDED

@@ -0,0 +1,32 @@
+require 'byebug'
+require 'database_cleaner'
+require 'has_protected_token'
+require_relative './support/model'
+RSpec.configure do |config|
+  config.shared_context_metadata_behavior = :apply_to_host_groups
+  config.expect_with :rspec do |expectations|
+    expectations.include_chain_clauses_in_custom_matcher_descriptions = true
+  end
+  config.mock_with :rspec do |mocks|
+    mocks.verify_partial_doubles = true
+  end
+  config.before :suite do
+    ActiveRecord::Base.establish_connection adapter: 'sqlite3', database: ':memory:'
+    ActiveRecord::Migration.suppress_messages do
+      load 'support/schema.rb'
+    end
+  end
+  config.before :each do
+    DatabaseCleaner.strategy = :transaction
+    DatabaseCleaner.start
+  end
+  config.after :each do
+    DatabaseCleaner.clean
+  end
+end

data/spec/support/model.rb ADDED

@@ -0,0 +1,13 @@
+class Model < ActiveRecord::Base; end
+class User < Model
+  has_protected_token
+end
+class SpecialUser < Model
+  has_protected_token column_name: :shared_secret
+end
+class CostedUser < Model
+  has_protected_token cost: 9
+end

data/spec/support/schema.rb ADDED

@@ -0,0 +1,6 @@
+ActiveRecord::Schema.define(version: 1) do
+  create_table :models do |t|
+    t.string :shared_secret
+    t.string :token
+  end
+end

metadata ADDED

@@ -0,0 +1,187 @@
+--- !ruby/object:Gem::Specification
+name: has_protected_token
+version: !ruby/object:Gem::Version
+  version: 0.0.0.pre.alpha
+platform: ruby
+authors:
+- David Allen
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2019-10-06 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: activerecord
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: bcrypt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.1.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.1.1
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.17.3
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.17.3
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: byebug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: database_cleaner
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bump
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Generate random tokens (or use your own) for any ActiveRecord model.
+  Hashes and salts the token before storage in the database using the same methodology
+  as has_secure_password.
+email: 1337dallen@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- ".ruby-version"
+- ".travis.yml"
+- Gemfile
+- Gemfile.lock
+- LICENSE.txt
+- README.md
+- Rakefile
+- has_protected_token.gemspec
+- lib/has_protected_token.rb
+- spec/lib/has_protected_token_spec.rb
+- spec/spec_helper.rb
+- spec/support/model.rb
+- spec/support/schema.rb
+homepage: https://github.com/StaphSynth/has_protected_token
+licenses:
+- MIT
+metadata: {}
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">"
+    - !ruby/object:Gem::Version
+      version: 1.3.1
+requirements: []
+rubyforge_project:
+rubygems_version: 2.7.6.2
+signing_key:
+specification_version: 4
+summary: Easily generate random tokens for any ActiveRecord model and store them securely
+  in the database.
+test_files: []