hmac 2.1.0 → 2.1.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7888837728c6bb09e5e14affacdb43a21f11da744c0764bb4ef5a9b57ed0a62b
-  data.tar.gz: 05ecca95e1798456adb1e5b81201ac8bafdbe981b897a688ebd7bf7a29d270f0
+  metadata.gz: 5fd24073f962286b5036af83509c0b66b111570bef35c7dddc985727e83763ed
+  data.tar.gz: 2454b49c08c891b5012a0d089ae08dc7ffa9cfef07c06ce54b05d3075dab32ab
 SHA512:
-  metadata.gz: 4112f07d1dee0c90e7e5f2a878998401cb1fa8b6b7989a7e5693e8ecfa78acb03ced551a070091a9e2539aa30295c029023a72b1ed3462aaf3665a6c63860ba8
-  data.tar.gz: d9256aa9cb5973a34f2a0dfc045f6a24b60603574077d259d9d89a399793c7128dfa770039417f63440c28298e6aa8e6140f65250437b4a1da76f87b6556b114
+  metadata.gz: afeea418951c0e9a0d2907e021ab445e1bc9b73331d3e3cc3c1a0e51d4773c53586965a36661c1574245d44a7c0fc6cc00431bbe1a9b96701e441faf99e7e7ec
+  data.tar.gz: faf288b5fefbf5da8bcd76c413427eeda87a5ae619fd6d14a2aba27910a33290625ef5828e4a3ce09e2a34b3c1611c52b5b024719e4274413e55af46e2957094

data/.rubocop.yml

@@ -7,9 +7,11 @@ AllCops:
   <% end %>
 
 # Extensions
-require:
+plugins:
+  - rubocop-factory_bot
   - rubocop-rake
   - rubocop-rspec
+  - rubocop-rspec_rails
 
 # New rules
 Lint/DuplicateBranch: # (new in 1.3)
@@ -42,8 +44,6 @@ Style/RedundantArgument: # (new in 1.4)
   Enabled: true
 Style/SwapValues: # (new in 1.1)
   Enabled: true
-Gemspec/DateAssignment: # (new in 1.10)
-  Enabled: true
 Layout/SpaceBeforeBrackets: # (new in 1.7)
   Enabled: true
 Lint/AmbiguousAssignment: # (new in 1.7)
@@ -120,10 +120,6 @@ RSpec/IdenticalEqualityAssertion: # new in 2.4
   Enabled: true
 RSpec/SubjectDeclaration: # new in 2.5
   Enabled: true
-RSpec/FactoryBot/SyntaxMethods: # new in 2.7
-  Enabled: true
-RSpec/Rails/AvoidSetupHook: # new in 2.4
-  Enabled: true
 Style/NestedFileDirname: # new in 1.26
   Enabled: true
 RSpec/BeEq: # new in 2.9.0
@@ -134,6 +130,250 @@ Lint/RefinementImportMethods: # new in 1.27
   Enabled: true
 Style/RedundantInitialize: # new in 1.27
   Enabled: true
+Gemspec/AddRuntimeDependency: # new in 1.65
+  Enabled: true
+Gemspec/AttributeAssignment: # new in 1.77
+  Enabled: true
+Gemspec/DeprecatedAttributeAssignment: # new in 1.30
+  Enabled: true
+Gemspec/DevelopmentDependencies: # new in 1.44
+  Enabled: true
+Layout/EmptyLinesAfterModuleInclusion: # new in 1.79
+  Enabled: true
+Layout/LineContinuationLeadingSpace: # new in 1.31
+  Enabled: true
+Layout/LineContinuationSpacing: # new in 1.31
+  Enabled: true
+Lint/ArrayLiteralInRegexp: # new in 1.71
+  Enabled: true
+Lint/ConstantOverwrittenInRescue: # new in 1.31
+  Enabled: true
+Lint/ConstantReassignment: # new in 1.70
+  Enabled: true
+Lint/CopDirectiveSyntax: # new in 1.72
+  Enabled: true
+Lint/DataDefineOverride: # new in 1.85
+  Enabled: true
+Lint/DuplicateMagicComment: # new in 1.37
+  Enabled: true
+Lint/DuplicateMatchPattern: # new in 1.50
+  Enabled: true
+Lint/DuplicateSetElement: # new in 1.67
+  Enabled: true
+Lint/HashNewWithKeywordArgumentsAsDefault: # new in 1.69
+  Enabled: true
+Lint/ItWithoutArgumentsInBlock: # new in 1.59
+  Enabled: true
+Lint/LiteralAssignmentInCondition: # new in 1.58
+  Enabled: true
+Lint/MixedCaseRange: # new in 1.53
+  Enabled: true
+Lint/NonAtomicFileOperation: # new in 1.31
+  Enabled: true
+Lint/NumericOperationWithConstantResult: # new in 1.69
+  Enabled: true
+Lint/RedundantRegexpQuantifiers: # new in 1.53
+  Enabled: true
+Lint/RedundantTypeConversion: # new in 1.72
+  Enabled: true
+Lint/RequireRangeParentheses: # new in 1.32
+  Enabled: true
+Lint/SharedMutableDefault: # new in 1.70
+  Enabled: true
+Lint/SuppressedExceptionInNumberConversion: # new in 1.72
+  Enabled: true
+Lint/UnescapedBracketInRegexp: # new in 1.68
+  Enabled: true
+Lint/UnreachablePatternBranch: # new in 1.85
+  Enabled: true
+Lint/UselessConstantScoping: # new in 1.72
+  Enabled: true
+Lint/UselessDefaultValueArgument: # new in 1.76
+  Enabled: true
+Lint/UselessDefined: # new in 1.69
+  Enabled: true
+Lint/UselessNumericOperation: # new in 1.66
+  Enabled: true
+Lint/UselessOr: # new in 1.76
+  Enabled: true
+Lint/UselessRescue: # new in 1.43
+  Enabled: true
+Metrics/CollectionLiteralLength: # new in 1.47
+  Enabled: true
+Naming/PredicateMethod: # new in 1.76
+  Enabled: true
+Security/CompoundHash: # new in 1.28
+  Enabled: true
+Style/AmbiguousEndlessMethodDefinition: # new in 1.68
+  Enabled: true
+Style/ArrayIntersect: # new in 1.40
+  Enabled: true
+Style/ArrayIntersectWithSingleElement: # new in 1.81
+  Enabled: true
+Style/BitwisePredicate: # new in 1.68
+  Enabled: true
+Style/CollectionQuerying: # new in 1.77
+  Enabled: true
+Style/CombinableDefined: # new in 1.68
+  Enabled: true
+Style/ComparableBetween: # new in 1.74
+  Enabled: true
+Style/ComparableClamp: # new in 1.44
+  Enabled: true
+Style/ConcatArrayLiterals: # new in 1.41
+  Enabled: true
+Style/DataInheritance: # new in 1.49
+  Enabled: true
+Style/DigChain: # new in 1.69
+  Enabled: true
+Style/DirEmpty: # new in 1.48
+  Enabled: true
+Style/EmptyClassDefinition: # new in 1.84
+  Enabled: true
+Style/EmptyHeredoc: # new in 1.32
+  Enabled: true
+Style/EmptyStringInsideInterpolation: # new in 1.76
+  Enabled: true
+Style/EnvHome: # new in 1.29
+  Enabled: true
+Style/ExactRegexpMatch: # new in 1.51
+  Enabled: true
+Style/FetchEnvVar: # new in 1.28
+  Enabled: true
+Style/FileEmpty: # new in 1.48
+  Enabled: true
+Style/FileNull: # new in 1.69
+  Enabled: true
+Style/FileOpen: # new in 1.85
+  Enabled: true
+Style/FileTouch: # new in 1.69
+  Enabled: true
+Style/HashFetchChain: # new in 1.75
+  Enabled: true
+Style/HashSlice: # new in 1.71
+  Enabled: true
+Style/ItAssignment: # new in 1.70
+  Enabled: true
+Style/ItBlockParameter: # new in 1.75
+  Enabled: true
+Style/KeywordArgumentsMerging: # new in 1.68
+  Enabled: true
+Style/MagicCommentFormat: # new in 1.35
+  Enabled: true
+Style/MapCompactWithConditionalBlock: # new in 1.30
+  Enabled: true
+Style/MapIntoArray: # new in 1.63
+  Enabled: true
+Style/MapJoin: # new in 1.85
+  Enabled: true
+Style/MapToSet: # new in 1.42
+  Enabled: true
+Style/MinMaxComparison: # new in 1.42
+  Enabled: true
+Style/ModuleMemberExistenceCheck: # new in 1.82
+  Enabled: true
+Style/NegativeArrayIndex: # new in 1.84
+  Enabled: true
+Style/ObjectThen: # new in 1.28
+  Enabled: true
+Style/OneClassPerFile: # new in 1.85
+  Enabled: true
+Style/OperatorMethodCall: # new in 1.37
+  Enabled: true
+Style/PartitionInsteadOfDoubleSelect: # new in 1.85
+  Enabled: true
+Style/PredicateWithKind: # new in 1.85
+  Enabled: true
+Style/ReduceToHash: # new in 1.85
+  Enabled: true
+Style/RedundantArrayConstructor: # new in 1.52
+  Enabled: true
+Style/RedundantArrayFlatten: # new in 1.76
+  Enabled: true
+Style/RedundantConstantBase: # new in 1.40
+  Enabled: true
+Style/RedundantCurrentDirectoryInPath: # new in 1.53
+  Enabled: true
+Style/RedundantDoubleSplatHashBraces: # new in 1.41
+  Enabled: true
+Style/RedundantEach: # new in 1.38
+  Enabled: true
+Style/RedundantFilterChain: # new in 1.52
+  Enabled: true
+Style/RedundantFormat: # new in 1.72
+  Enabled: true
+Style/RedundantHeredocDelimiterQuotes: # new in 1.45
+  Enabled: true
+Style/RedundantInterpolationUnfreeze: # new in 1.66
+  Enabled: true
+Style/RedundantLineContinuation: # new in 1.49
+  Enabled: true
+Style/RedundantMinMaxBy: # new in 1.85
+  Enabled: true
+Style/RedundantRegexpArgument: # new in 1.53
+  Enabled: true
+Style/RedundantRegexpConstructor: # new in 1.52
+  Enabled: true
+Style/RedundantStringEscape: # new in 1.37
+  Enabled: true
+Style/ReturnNilInPredicateMethodDefinition: # new in 1.53
+  Enabled: true
+Style/ReverseFind: # new in 1.84
+  Enabled: true
+Style/SafeNavigationChainLength: # new in 1.68
+  Enabled: true
+Style/SelectByKind: # new in 1.85
+  Enabled: true
+Style/SelectByRange: # new in 1.85
+  Enabled: true
+Style/SendWithLiteralMethodName: # new in 1.64
+  Enabled: true
+Style/SingleLineDoEndBlock: # new in 1.57
+  Enabled: true
+Style/SuperArguments: # new in 1.64
+  Enabled: true
+Style/SuperWithArgsParentheses: # new in 1.58
+  Enabled: true
+Style/TallyMethod: # new in 1.85
+  Enabled: true
+Style/YAMLFileRead: # new in 1.53
+  Enabled: true
+FactoryBot/AssociationStyle: # new in 2.23
+  Enabled: true
+FactoryBot/ConsistentParenthesesStyle: # new in 2.14
+  Enabled: true
+FactoryBot/ExcessiveCreateList: # new in 2.25
+  Enabled: true
+FactoryBot/FactoryAssociationWithStrategy: # new in 2.23
+  Enabled: true
+FactoryBot/FactoryNameStyle: # new in 2.16
+  Enabled: true
+FactoryBot/IdSequence: # new in 2.24
+  Enabled: true
+FactoryBot/RedundantFactoryOption: # new in 2.23
+  Enabled: true
+FactoryBot/SyntaxMethods: # new in 2.7
+  Enabled: true
+RSpec/IncludeExamples: # new in 3.6
+  Enabled: true
+RSpec/LeakyLocalVariable: # new in 3.8
+  Enabled: true
+RSpec/Output: # new in 3.9
+  Enabled: true
+RSpecRails/AvoidSetupHook: # new in 2.4
+  Enabled: true
+RSpecRails/HaveHttpStatus: # new in 2.12
+  Enabled: true
+RSpecRails/HttpStatusNameConsistency: # new in 2.32
+  Enabled: true
+RSpecRails/InferredSpecType: # new in 2.14
+  Enabled: true
+RSpecRails/MinitestAssertions: # new in 2.17
+  Enabled: true
+RSpecRails/NegationBeValid: # new in 2.23
+  Enabled: true
+RSpecRails/TravelAround: # new in 2.19
+  Enabled: true
 
 # Alterations
 Naming/RescuedExceptionsVariableName:

data/.tool-versions

@@ -0,0 +1 @@
+ruby 3.3.6

data/Gemfile

@@ -5,8 +5,10 @@ source "https://rubygems.org"
 # Specify your gem's dependencies in hmac.gemspec
 gemspec
 
-gem "rake", "~> 13.0"
-gem "rspec", "~> 3.11"
-gem "rubocop", "~> 1.7"
-gem "rubocop-rake", "~> 0.6"
-gem "rubocop-rspec", "~> 2.9"
+gem "rake", "~> 13.4"
+gem "rspec", "~> 3.13"
+gem "rubocop", "~> 1.86"
+gem "rubocop-factory_bot", "~> 2.28"
+gem "rubocop-rake", "~> 0.7"
+gem "rubocop-rspec", "~> 3.9"
+gem "rubocop-rspec_rails", "~> 2.32"

data/Gemfile.lock

@@ -1,62 +1,85 @@
 PATH
   remote: .
   specs:
-    hmac (2.0.0)
+    hmac (2.1.0)
 
 GEM
   remote: https://rubygems.org/
   specs:
-    ast (2.4.2)
-    diff-lcs (1.5.0)
-    parallel (1.22.1)
-    parser (3.1.2.0)
+    ast (2.4.3)
+    diff-lcs (1.5.1)
+    json (2.19.4)
+    language_server-protocol (3.17.0.5)
+    lint_roller (1.1.0)
+    parallel (2.1.0)
+    parser (3.3.11.1)
       ast (~> 2.4.1)
+      racc
+    prism (1.9.0)
+    racc (1.8.1)
     rainbow (3.1.1)
-    rake (13.0.6)
-    regexp_parser (2.3.0)
-    rexml (3.2.5)
-    rspec (3.11.0)
-      rspec-core (~> 3.11.0)
-      rspec-expectations (~> 3.11.0)
-      rspec-mocks (~> 3.11.0)
-    rspec-core (3.11.0)
-      rspec-support (~> 3.11.0)
-    rspec-expectations (3.11.0)
+    rake (13.4.2)
+    regexp_parser (2.12.0)
+    rspec (3.13.0)
+      rspec-core (~> 3.13.0)
+      rspec-expectations (~> 3.13.0)
+      rspec-mocks (~> 3.13.0)
+    rspec-core (3.13.0)
+      rspec-support (~> 3.13.0)
+    rspec-expectations (3.13.0)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.11.0)
-    rspec-mocks (3.11.1)
+      rspec-support (~> 3.13.0)
+    rspec-mocks (3.13.0)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.11.0)
-    rspec-support (3.11.0)
-    rubocop (1.27.0)
-      parallel (~> 1.10)
-      parser (>= 3.1.0.0)
+      rspec-support (~> 3.13.0)
+    rspec-support (3.13.1)
+    rubocop (1.86.1)
+      json (~> 2.3)
+      language_server-protocol (~> 3.17.0.2)
+      lint_roller (~> 1.1.0)
+      parallel (>= 1.10)
+      parser (>= 3.3.0.2)
       rainbow (>= 2.2.2, < 4.0)
-      regexp_parser (>= 1.8, < 3.0)
-      rexml
-      rubocop-ast (>= 1.16.0, < 2.0)
+      regexp_parser (>= 2.9.3, < 3.0)
+      rubocop-ast (>= 1.49.0, < 2.0)
       ruby-progressbar (~> 1.7)
-      unicode-display_width (>= 1.4.0, < 3.0)
-    rubocop-ast (1.17.0)
-      parser (>= 3.1.1.0)
-    rubocop-rake (0.6.0)
-      rubocop (~> 1.0)
-    rubocop-rspec (2.9.0)
-      rubocop (~> 1.19)
-    ruby-progressbar (1.11.0)
-    unicode-display_width (2.1.0)
+      unicode-display_width (>= 2.4.0, < 4.0)
+    rubocop-ast (1.49.1)
+      parser (>= 3.3.7.2)
+      prism (~> 1.7)
+    rubocop-factory_bot (2.28.0)
+      lint_roller (~> 1.1)
+      rubocop (~> 1.72, >= 1.72.1)
+    rubocop-rake (0.7.1)
+      lint_roller (~> 1.1)
+      rubocop (>= 1.72.1)
+    rubocop-rspec (3.9.0)
+      lint_roller (~> 1.1)
+      rubocop (~> 1.81)
+    rubocop-rspec_rails (2.32.0)
+      lint_roller (~> 1.1)
+      rubocop (~> 1.72, >= 1.72.1)
+      rubocop-rspec (~> 3.5)
+    ruby-progressbar (1.13.0)
+    unicode-display_width (3.2.0)
+      unicode-emoji (~> 4.1)
+    unicode-emoji (4.2.0)
 
 PLATFORMS
+  arm64-darwin-23
+  arm64-darwin-24
   x86_64-darwin-19
   x86_64-darwin-21
 
 DEPENDENCIES
   hmac!
-  rake (~> 13.0)
-  rspec (~> 3.11)
-  rubocop (~> 1.7)
-  rubocop-rake (~> 0.6)
-  rubocop-rspec (~> 2.9)
+  rake (~> 13.4)
+  rspec (~> 3.13)
+  rubocop (~> 1.86)
+  rubocop-factory_bot (~> 2.28)
+  rubocop-rake (~> 0.7)
+  rubocop-rspec (~> 3.9)
+  rubocop-rspec_rails (~> 2.32)
 
 BUNDLED WITH
-   2.3.10
+   2.5.7

data/README.md

@@ -18,7 +18,79 @@ Or install it yourself as:
 
 ## Usage
 
-TODO: Write usage instructions here
+### Configuration
+
+You'll need to set a secret key, for example:
+
+`config/initializers/hmac.rb`
+```ruby
+HMAC.configure do |config|
+  config.secret = ENV["HMAC_SECRET"]
+end
+```
+
+This can be overriden when intializing the HMAC generator if needed.
+
+### Generating an HMAC
+
+Firstly, create yourself a generator, giving it a context for the HMAC.
+
+The idea is that you can produce tokens for the same record ID in
+different contexts, without allowing someone to use a token from one
+context in another.
+
+```ruby
+generator = HMAC::Generator.new(context: "user_sessions")
+```
+
+Then you can generate a token for a given record ID:
+
+```ruby
+token = generator.generate(user.id)
+```
+
+You can also pass in a `public` boolean when creating the generator to
+similarly produce a different HMAC for the same ID and context but in
+public and private situations.  To be honest I don't remember why I
+added this, but it's there if you need it.
+
+```ruby
+generator = HMAC::Generator.new(context: "user_sessions", public: true)
+```
+
+Finally, you can pass in an arbitrary hash of extra fields to be
+included in the hash, if you want to confirm more than just the ID.
+
+```ruby
+token = generator.generate(user.id, { email_address: user.email_address })
+```
+
+### Validating an HMAC
+
+You can verify a token by creating a validator with the same context
+and then calling `verify` on it.  The initializer is identical to the
+generator.
+
+```ruby
+validator = HMAC::Validator.new(context: "user_sessions")
+```
+
+Then you can verify a token for a given record ID:
+
+```ruby
+validator.verify(token, against_id: user.id)
+```
+
+Similarly, extra fields can be passed in to be checked.
+
+```ruby
+validator.verify(token, against_id: user.id, extra_fields: {
+  email_address: user.email_address,
+})
+```
+
+The `#verify` method will return `true` or `false`.  If `false`,
+something doesn't match and you should refuse the request.
 
 ## Development
 

data/bin/rspec

@@ -0,0 +1,27 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+#
+# This file was generated by Bundler.
+#
+# The application 'rspec' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
+
+ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__)
+
+bundle_binstub = File.expand_path("bundle", __dir__)
+
+if File.file?(bundle_binstub)
+  if File.read(bundle_binstub, 300).include?("This file was generated by Bundler")
+    load(bundle_binstub)
+  else
+    abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run.
+Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.")
+  end
+end
+
+require "rubygems"
+require "bundler/setup"
+
+load Gem.bin_path("rspec-core", "rspec")

data/bin/rubocop

@@ -0,0 +1,27 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+#
+# This file was generated by Bundler.
+#
+# The application 'rubocop' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
+
+ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__)
+
+bundle_binstub = File.expand_path("bundle", __dir__)
+
+if File.file?(bundle_binstub)
+  if File.read(bundle_binstub, 300).include?("This file was generated by Bundler")
+    load(bundle_binstub)
+  else
+    abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run.
+Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.")
+  end
+end
+
+require "rubygems"
+require "bundler/setup"
+
+load Gem.bin_path("rubocop", "rubocop")

data/lib/hmac/validator.rb

@@ -1,3 +1,4 @@
+require "openssl"
 require_relative "generator"
 
 module HMAC
@@ -7,7 +8,7 @@ module HMAC
     end
 
     def validate(hmac, against_id:, extra_fields: {})
-      present?(hmac) && hmac == @generator.generate(id: against_id, extra_fields:)
+      present?(hmac) && OpenSSL.secure_compare(hmac, @generator.generate(id: against_id, extra_fields:))
     end
 
   private

data/lib/hmac/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module HMAC
-  VERSION = "2.1.0"
+  VERSION = "2.1.1"
 end

metadata

@@ -1,16 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: hmac
 version: !ruby/object:Gem::Version
-  version: 2.1.0
+  version: 2.1.1
 platform: ruby
 authors:
 - Elliot Crosby-McCullough
-autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-04-16 00:00:00.000000000 Z
+date: 1980-01-02 00:00:00.000000000 Z
 dependencies: []
-description:
 email:
 - elliot.cm@gmail.com
 executables: []
@@ -21,7 +19,7 @@ files:
 - ".gitignore"
 - ".rspec"
 - ".rubocop.yml"
-- ".ruby-version"
+- ".tool-versions"
 - CHANGELOG.md
 - Gemfile
 - Gemfile.lock
@@ -30,6 +28,8 @@ files:
 - Rakefile
 - bin/console
 - bin/release
+- bin/rspec
+- bin/rubocop
 - bin/setup
 - hmac.gemspec
 - lib/hmac.rb
@@ -42,9 +42,8 @@ metadata:
   allowed_push_host: https://rubygems.org
   homepage_uri: https://github.com/SmartCasual/hmac
   source_code_uri: https://github.com/SmartCasual/hmac
-  changelog_uri: https://github.com/SmartCasual/hmac/blob/2.1.0/CHANGELOG.md
+  changelog_uri: https://github.com/SmartCasual/hmac/blob/2.1.1/CHANGELOG.md
   rubygems_mfa_required: 'true'
-post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -59,8 +58,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.7
-signing_key:
+rubygems_version: 3.7.2
 specification_version: 4
 summary: A utility for generating and validating HMAC signatures
 test_files: []

data/.ruby-version

@@ -1 +0,0 @@
-3.1.1