heroku-bouncer 0.7.1 → 0.8.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +5 -0
  3. data/README.md +15 -5
  4. data/lib/heroku/bouncer/lockbox.rb +18 -4
  5. data/lib/heroku/bouncer/middleware.rb +1 -1
  6. metadata +19 -7
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 273b79408c5b9a14c9c90997c17b3b6a67edeedc
4
- data.tar.gz: 18c20c30803bee8462c96b65db39828d1b30ec38
3
+ metadata.gz: 85c6929c3208eb743c042d9dbef6f9d43db08987
4
+ data.tar.gz: b08dd7bac4866f854c050a65011ec6403936cb93
5
5
  SHA512:
6
- metadata.gz: cbd28dc5744698aeee1f7774099bfa0c3ced1fb61f6f3cf436512918cafc63c6728be4f79bf04e6d519129044e1647be68dd1ed497ded8c909ad93ad51a06d7a
7
- data.tar.gz: 66d0740ba41638219edb4c7988fdb6b7d897c3b2d84c1eeb264792e922b50523ab560711d27e1430bd1f30480628c80de4edf80bc681f26dde4714e4fee06156
6
+ metadata.gz: 5370531c477251b6247116d86597c9cc4d35ade54fa1dd5bb513e2c51a5db3f09b926a99cf573a5b1674c5dcc0980887c41db12598d9f9459c8f93ae011e17c2
7
+ data.tar.gz: a748a855a7be7e07e9756c5e9407f2db0a08d12dedff83f0fe4473a53ecc205058a6b1eb2113f7ff524bb5fae25d642dc83fcc1dc18e23d3bb1218319dbf671b
data/CHANGELOG.md CHANGED
@@ -1,3 +1,8 @@
1
+ # 0.8.0
2
+
3
+ * #55: Ruby >= 2.4 support and Ruby <2.2 deprecation. Thanks @maxbeizer!
4
+ * #52: Rack 2 / Rails 5 support. Thanks @jkutner!
5
+
1
6
  # 0.7.1
2
7
 
3
8
  * #48: Address potential errors when making API call
data/README.md CHANGED
@@ -6,6 +6,14 @@
6
6
  Heroku Bouncer is a Rack middleware (implemented in Sinatra) that
7
7
  requires Heroku OAuth on all requests.
8
8
 
9
+ ## Ruby and Rack compatibility
10
+
11
+ * **Ruby**: Versions >= 0.8.0 require Ruby >= 2.2. If you need a version
12
+ that works with prior versions of Ruby, please use version `~> 0.7.1`.
13
+ Note, however, that 0.7.1 does not support Rack 2 (Rails 5).
14
+
15
+ * **Rack**: Rack 1 and 2 are supported.
16
+
9
17
  ## Demo
10
18
 
11
19
  [heroku-bouncer-demo](https://github.com/schneems/heroku-bouncer-demo) is a
@@ -16,7 +24,7 @@ Sinatra app that uses heroku-bouncer.
16
24
  1. Install the Heroku OAuth CLI plugin.
17
25
 
18
26
  ```sh
19
- heroku plugins:install git://github.com/heroku/heroku-oauth.git
27
+ heroku plugins:install heroku-cli-oauth
20
28
  ```
21
29
 
22
30
  2. Create your OAuth client using `/auth/heroku/callback` as your
@@ -24,10 +32,12 @@ Sinatra app that uses heroku-bouncer.
24
32
  for local development with Foreman.
25
33
 
26
34
  ```sh
27
- heroku clients:register localhost http://localhost:5000/auth/heroku/callback
28
- heroku clients:register myapp https://myapp.herokuapp.com/auth/heroku/callback
35
+ heroku clients:create localhost http://localhost:5000/auth/heroku/callback
36
+ heroku clients:create myapp https://myapp.herokuapp.com/auth/heroku/callback
29
37
  ```
30
38
 
39
+ See https://github.com/heroku/heroku-cli-oauth#clients for more details.
40
+
31
41
  3. Configure the middleware as follows:
32
42
 
33
43
  **Rack**
@@ -98,8 +108,8 @@ Here are the supported options you can pass to the middleware:
98
108
  * `allow_if`: A lambda that takes an email address. If the lambda evaluates to
99
109
  true, allow the user through. If false, redirects to `redirect_url`.
100
110
  By default, all users are allowed through after authenticating.
101
- * `allow_if_user`: A lambda that takes the
102
- [account resource](https://devcenter.heroku.com/articles/platform-api-reference#account)
111
+ * `allow_if_user`: A lambda that takes the
112
+ [account resource](https://devcenter.heroku.com/articles/platform-api-reference#account)
103
113
  representing the user. If the lambda evaluates to true, allow the user
104
114
  through. If false, redirects to `redirect_url`. By default, all users are
105
115
  allowed through after authenticating.
data/lib/heroku/bouncer/lockbox.rb CHANGED
@@ -7,8 +7,8 @@ class Heroku::Bouncer::Lockbox < BasicObject
7
7
  end
8
8
 
9
9
  def lock(str)
10
- aes = ::OpenSSL::Cipher::Cipher.new('aes-128-cbc').encrypt
11
- aes.key = @key
10
+ aes = cipher.encrypt
11
+ aes.key = @key.size > 32 ? @key[0..31] : @key
12
12
  iv = ::OpenSSL::Random.random_bytes(aes.iv_len)
13
13
  aes.iv = iv
14
14
  [iv + (aes.update(str) << aes.final)].pack('m0')
@@ -21,8 +21,8 @@ class Heroku::Bouncer::Lockbox < BasicObject
21
21
  # decrypt is too short to possibly be good aes data.
22
22
  def unlock(str)
23
23
  str = str.unpack('m0').first
24
- aes = ::OpenSSL::Cipher::Cipher.new('aes-128-cbc').decrypt
25
- aes.key = @key
24
+ aes = cipher.decrypt
25
+ aes.key = @key.size > 32 ? @key[0..31] : @key
26
26
  iv = str[0, aes.iv_len]
27
27
  aes.iv = iv
28
28
  crypted_text = str[aes.iv_len..-1]
@@ -34,6 +34,20 @@ class Heroku::Bouncer::Lockbox < BasicObject
34
34
 
35
35
  private
36
36
 
37
+ def cipher
38
+ # OpenSSL::Cipher::Cipher is deprecated for Ruby >= 2.4
39
+ # https://ruby.github.io/openssl/OpenSSL/Cipher/Cipher.html
40
+ if ruby_two_point_four_or_above?
41
+ ::OpenSSL::Cipher.new('aes-256-cbc')
42
+ else
43
+ ::OpenSSL::Cipher::Cipher.new('aes-256-cbc')
44
+ end
45
+ end
46
+
47
+ def ruby_two_point_four_or_above?
48
+ ::RUBY_VERSION.to_f >= 2.4
49
+ end
50
+
37
51
  def self.generate_hmac(data, key)
38
52
  ::OpenSSL::HMAC.hexdigest(::OpenSSL::Digest::SHA1.new, key, data)
39
53
  end
data/lib/heroku/bouncer/middleware.rb CHANGED
@@ -20,7 +20,7 @@ class Heroku::Bouncer::Middleware < Sinatra::Base
20
20
  # super is not called; we're not using sinatra if we're disabled
21
21
  else
22
22
  super(app)
23
- @cookie_secret = extract_option(options, :secret, SecureRandom.base64(32))
23
+ @cookie_secret = extract_option(options, :secret, SecureRandom.hex(64))
24
24
  @allow_if_user = extract_option(options, :allow_if_user, nil)
25
25
  @redirect_url = extract_option(options, :redirect_url, 'https://www.heroku.com')
26
26
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: heroku-bouncer
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.7.1
4
+ version: 0.8.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Jonathan Dance
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-02-29 00:00:00.000000000 Z
11
+ date: 2017-08-07 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: omniauth-heroku
@@ -28,16 +28,22 @@ dependencies:
28
28
  name: sinatra
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
- - - "~>"
31
+ - - ">="
32
32
  - !ruby/object:Gem::Version
33
33
  version: '1.0'
34
+ - - "<"
35
+ - !ruby/object:Gem::Version
36
+ version: '3'
34
37
  type: :runtime
35
38
  prerelease: false
36
39
  version_requirements: !ruby/object:Gem::Requirement
37
40
  requirements:
38
- - - "~>"
41
+ - - ">="
39
42
  - !ruby/object:Gem::Version
40
43
  version: '1.0'
44
+ - - "<"
45
+ - !ruby/object:Gem::Version
46
+ version: '3'
41
47
  - !ruby/object:Gem::Dependency
42
48
  name: faraday
43
49
  requirement: !ruby/object:Gem::Requirement
@@ -56,16 +62,22 @@ dependencies:
56
62
  name: rack
57
63
  requirement: !ruby/object:Gem::Requirement
58
64
  requirements:
59
- - - "~>"
65
+ - - ">="
60
66
  - !ruby/object:Gem::Version
61
67
  version: '1.0'
68
+ - - "<"
69
+ - !ruby/object:Gem::Version
70
+ version: '3'
62
71
  type: :runtime
63
72
  prerelease: false
64
73
  version_requirements: !ruby/object:Gem::Requirement
65
74
  requirements:
66
- - - "~>"
75
+ - - ">="
67
76
  - !ruby/object:Gem::Version
68
77
  version: '1.0'
78
+ - - "<"
79
+ - !ruby/object:Gem::Version
80
+ version: '3'
69
81
  - !ruby/object:Gem::Dependency
70
82
  name: rake
71
83
  requirement: !ruby/object:Gem::Requirement
@@ -183,7 +195,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
183
195
  requirements:
184
196
  - - ">="
185
197
  - !ruby/object:Gem::Version
186
- version: '0'
198
+ version: '2.2'
187
199
  required_rubygems_version: !ruby/object:Gem::Requirement
188
200
  requirements:
189
201
  - - ">="