htauth 2.0.0 → 2.1.0

data/spec/passwd_entry_spec.rb

@@ -9,130 +9,151 @@ describe HTAuth::PasswdEntry do
   end
 
   it "initializes with a user and realm" do
-    @alice.user.must_equal "alice"
+    _(@alice.user).must_equal "alice"
   end
 
   it "has the correct crypt password" do
     @alice.password = "a secret"
-    @alice.digest.must_equal "mDwdZuXalQ5zk"
+    _(@alice.digest).must_equal "mDwdZuXalQ5zk"
   end
 
   it "encrypts correctly for md5" do
     bob = HTAuth::PasswdEntry.new("bob", "b secret", "md5", { :salt => @salt })
-    bob.digest.must_equal "$apr1$lo1tk/..$CarApvZPee0F6Wj1U0GxZ1"
+    _(bob.digest).must_equal "$apr1$lo1tk/..$CarApvZPee0F6Wj1U0GxZ1"
   end
 
   it "encrypts correctly for sha1" do
     bob = HTAuth::PasswdEntry.new("bob", "b secret", "sha1", { :salt => @salt })
-    bob.digest.must_equal "{SHA}b/tjGXbX80MEKVnF200S43ca4hY="
+    _(bob.digest).must_equal "{SHA}b/tjGXbX80MEKVnF200S43ca4hY="
   end
 
   it "encrypts correctly for plaintext" do
     bob = HTAuth::PasswdEntry.new("bob", "b secret", "plaintext", { :salt => @salt })
-    bob.digest.must_equal "b secret"
+    _(bob.digest).must_equal "b secret"
   end
 
   it "encrypts with crypt as a default, when parsed from crypt()'d line" do
     bob2 = HTAuth::PasswdEntry.from_line(@bob.to_s)
-    bob2.algorithm.must_be_instance_of( Array )
-    bob2.algorithm.size.must_equal 2
+    _(bob2.algorithm).must_be_instance_of(HTAuth::Crypt)
     bob2.password = "another secret"
-    bob2.algorithm.must_be_instance_of(HTAuth::Crypt)
+    _(bob2.algorithm).must_be_instance_of(HTAuth::Crypt)
   end
 
   it "encrypts with crypt as a default, when parsed from plaintext line" do
     p = HTAuth::PasswdEntry.new('paul', 'p secret', 'plaintext')
     p2 = HTAuth::PasswdEntry.from_line(p.to_s)
-    p2.algorithm.must_be_instance_of(Array)
-    p2.algorithm.size.must_equal 2
+    _(p2.algorithm).must_be_instance_of(HTAuth::Plaintext)
     p2.password = "another secret"
-    p2.algorithm.must_be_instance_of(HTAuth::Crypt)
+    _(p2.algorithm).must_be_instance_of(HTAuth::Crypt)
   end
 
   it "encrypts with md5 as default, when parsed from an md5 line" do
     m = HTAuth::PasswdEntry.new("mary", "m secret", "md5") 
     m2 = HTAuth::PasswdEntry.from_line(m.to_s)
-    m2.algorithm.must_be_instance_of(HTAuth::Md5)
+    _(m2.algorithm).must_be_instance_of(HTAuth::Md5)
   end
 
   it "encrypts with sha1 as default, when parsed from an sha1 line" do
     s = HTAuth::PasswdEntry.new("steve", "s secret", "sha1") 
     s2 = HTAuth::PasswdEntry.from_line(s.to_s)
-    s2.algorithm.must_be_instance_of(HTAuth::Sha1)
+    _(s2.algorithm).must_be_instance_of(HTAuth::Sha1)
+  end
+
+  it "encrypts with bcrypt as default when parsed from a bcrypt line" do
+    b = HTAuth::PasswdEntry.new("brenda", "b secret", "bcrypt")
+    b2 = HTAuth::PasswdEntry.from_line(b.to_s)
+    _(b2.algorithm).must_be_instance_of(HTAuth::Bcrypt)
   end
 
   it "determins the algorithm to be crypt when checking a password" do
     bob2 = HTAuth::PasswdEntry.from_line(@bob.to_s)
-    bob2.algorithm.must_be_instance_of(Array)
-    bob2.algorithm.size.must_equal 2
-    bob2.authenticated?("b secret").must_equal true
-    bob2.algorithm.must_be_instance_of(HTAuth::Crypt)
+    _(bob2.algorithm).must_be_instance_of(HTAuth::Crypt)
+    _(bob2.authenticated?("b secret")).must_equal true
+    _(bob2.algorithm).must_be_instance_of(HTAuth::Crypt)
   end
 
   it "determins the algorithm to be plain when checking a password" do
     bob2 = HTAuth::PasswdEntry.from_line("bob:b secret")
-    bob2.algorithm.must_be_instance_of(Array)
-    bob2.algorithm.size.must_equal 2
-    bob2.authenticated?("b secret").must_equal true
-    bob2.algorithm.must_be_instance_of(HTAuth::Plaintext)
+    _(bob2.algorithm).must_be_instance_of(HTAuth::Plaintext)
+    _(bob2.authenticated?("b secret")).must_equal true
+    _(bob2.algorithm).must_be_instance_of(HTAuth::Plaintext)
   end
 
   it "authenticates correctly against md5" do
     m = HTAuth::PasswdEntry.new("mary", "m secret", "md5") 
     m2 = HTAuth::PasswdEntry.from_line(m.to_s)
-    m2.authenticated?("m secret").must_equal true
+    _(m2.authenticated?("m secret")).must_equal true
   end
 
   it "authenticates correctly against sha1" do
     s = HTAuth::PasswdEntry.new("steve", "s secret", "sha1") 
     s2 = HTAuth::PasswdEntry.from_line(s.to_s)
-    s2.authenticated?("s secret").must_equal true
+    _(s2.authenticated?("s secret")).must_equal true
+  end
+
+  it "authenticates correctly against bcrypt" do
+    s = HTAuth::PasswdEntry.new("brenda", "b secret", "bcrypt")
+    s2 = HTAuth::PasswdEntry.from_line(s.to_s)
+    _(s2.authenticated?("b secret")).must_equal true
   end
 
+  it "can update the cost of an entry after initialization before encoding password" do
+    s = HTAuth::PasswdEntry.new("brenda", "b secret", "bcrypt")
+    _(s.algorithm.cost).must_equal(::HTAuth::Bcrypt::DEFAULT_APACHE_COST)
 
+    s2 = HTAuth::PasswdEntry.from_line(s.to_s)
+    s2.algorithm_args = { :cost => 12 }
+    s2.password = "b secret" # forces recalculation
 
+    _(s2.algorithm.cost).must_equal(12)
+  end
+
+  it "raises an error if assinging an invalid algorithm" do
+    b = HTAuth::PasswdEntry.new("brenda", "b secret", "bcrypt")
+    _ { b.algorithm = 42 }.must_raise(HTAuth::InvalidAlgorithmError)
+  end
 
   it "returns username for a key" do
-    @alice.key.must_equal "alice"
+    _(@alice.key).must_equal "alice"
   end
 
   it "checks the password correctly" do
-    @bob.authenticated?("b secret").must_equal true
+    _(@bob.authenticated?("b secret")).must_equal true
   end
 
   it "formats correctly when put to a string" do
-    @bob.to_s.must_equal "bob:b8Ml4Jp9I0N8E"
+    _(@bob.to_s).must_equal "bob:b8Ml4Jp9I0N8E"
   end
 
   it "parses an input line" do
     @bob_new = HTAuth::PasswdEntry.from_line("bob:b8Ml4Jp9I0N8E")
-    @bob.user.must_equal @bob_new.user
-    @bob.digest.must_equal @bob_new.digest
+    _(@bob.user).must_equal @bob_new.user
+    _(@bob.digest).must_equal @bob_new.digest
   end
 
   it "knows if an input line is a possible entry and raises an exception" do
-    lambda { HTAuth::PasswdEntry.is_entry!("#stuff") }.must_raise(HTAuth::InvalidPasswdEntry)
-    lambda { HTAuth::PasswdEntry.is_entry!("this:that:other:stuff") }.must_raise(HTAuth::InvalidPasswdEntry)
-    lambda { HTAuth::PasswdEntry.is_entry!("this:that:other") }.must_raise(HTAuth::InvalidPasswdEntry)
-    lambda { HTAuth::PasswdEntry.is_entry!("this:that:0a90549e8ffb2dd62f98252a95d88xyz") }.must_raise(HTAuth::InvalidPasswdEntry)
+    _ { HTAuth::PasswdEntry.is_entry!("#stuff") }.must_raise(HTAuth::InvalidPasswdEntry)
+    _ { HTAuth::PasswdEntry.is_entry!("this:that:other:stuff") }.must_raise(HTAuth::InvalidPasswdEntry)
+    _ { HTAuth::PasswdEntry.is_entry!("this:that:other") }.must_raise(HTAuth::InvalidPasswdEntry)
+    _ { HTAuth::PasswdEntry.is_entry!("this:that:0a90549e8ffb2dd62f98252a95d88xyz") }.must_raise(HTAuth::InvalidPasswdEntry)
   end
 
   it "knows if an input line is a possible entry and returns false" do
-    HTAuth::PasswdEntry.is_entry?("#stuff").must_equal false
-    HTAuth::PasswdEntry.is_entry?("this:that:other:stuff").must_equal false 
-    HTAuth::PasswdEntry.is_entry?("this:that:other").must_equal false 
-    HTAuth::PasswdEntry.is_entry?("this:that:0a90549e8ffb2dd62f98252a95d88xyz").must_equal false
+    _(HTAuth::PasswdEntry.is_entry?("#stuff")).must_equal false
+    _(HTAuth::PasswdEntry.is_entry?("this:that:other:stuff")).must_equal false 
+    _(HTAuth::PasswdEntry.is_entry?("this:that:other")).must_equal false 
+    _(HTAuth::PasswdEntry.is_entry?("this:that:0a90549e8ffb2dd62f98252a95d88xyz")).must_equal false
   end
 
   it "knows if an input line is a possible entry and returns true" do
-    HTAuth::PasswdEntry.is_entry?("bob:irRm0g.SDfCyI").must_equal true
-    HTAuth::PasswdEntry.is_entry?("bob:b secreat").must_equal true
-    HTAuth::PasswdEntry.is_entry?("bob:{SHA}b/tjGXbX80MEKVnF200S43ca4hY=").must_equal true
-    HTAuth::PasswdEntry.is_entry?("bob:$apr1$lo1tk/..$CarApvZPee0F6Wj1U0GxZ1").must_equal true
-
+    _(HTAuth::PasswdEntry.is_entry?("bob:irRm0g.SDfCyI")).must_equal true
+    _(HTAuth::PasswdEntry.is_entry?("bob:b secreat")).must_equal true
+    _(HTAuth::PasswdEntry.is_entry?("bob:{SHA}b/tjGXbX80MEKVnF200S43ca4hY=")).must_equal true
+    _(HTAuth::PasswdEntry.is_entry?("bob:$apr1$lo1tk/..$CarApvZPee0F6Wj1U0GxZ1")).must_equal true
+    _(HTAuth::PasswdEntry.is_entry?("bob:$2y$05$ts3k1r.t0Cne6j6DLt0/SepT5X4qthDFEdfqHBBMO5MhqzyMz34j2")).must_equal true
   end
 
   it "duplicates itself" do
-    @alice.dup.to_s.must_equal @alice.to_s
+    _(@alice.dup.to_s).must_equal @alice.to_s
   end
 end

data/spec/passwd_file_spec.rb

@@ -22,45 +22,63 @@ describe HTAuth::PasswdFile do
 
   it "can add a new entry to an already existing passwd file" do
     @passwd_file.add_or_update("charlie", "c secret", "sha1")
-    @passwd_file.contents.must_equal IO.read(PASSWD_ADD_TEST_FILE)
+    _(@passwd_file.contents).must_equal IO.read(PASSWD_ADD_TEST_FILE)
   end
 
   it "can tell if an entry already exists in the passwd file" do
-    @passwd_file.has_entry?("alice").must_equal true
-    @passwd_file.has_entry?("david").must_equal false
+    _(@passwd_file.has_entry?("alice")).must_equal true
+    _(@passwd_file.has_entry?("david")).must_equal false
   end
 
   it "can update an entry in an already existing passwd file, algorithm can change" do
     @passwd_file.add_or_update("alice", "a new secret", "sha1")
-    @passwd_file.contents.must_equal IO.read(PASSWD_UPDATE_TEST_FILE)
+    _(@passwd_file.contents).must_equal IO.read(PASSWD_UPDATE_TEST_FILE)
+  end
+
+  it "can update an entry in an already existing passwd file, algorithm and arguments can change" do
+    @passwd_file.add_or_update("brenda", "b secret", "bcrypt")
+    entry = @passwd_file.fetch("brenda")
+    _(entry.algorithm.cost).must_equal(::HTAuth::Bcrypt::DEFAULT_APACHE_COST)
+    @passwd_file.add_or_update("brenda", "b secret", "bcrypt", :cost => 12)
+    entry = @passwd_file.fetch("brenda")
+    _(entry.algorithm.cost).must_equal(12)
   end
 
   it "fetches a copy of an entry" do
-    @passwd_file.fetch("alice").to_s.must_equal "alice:$apr1$DghnA...$CsPcgerfsI/Ryy0AOAJtb0"
+    _(@passwd_file.fetch("alice").to_s).must_equal "alice:$apr1$DghnA...$CsPcgerfsI/Ryy0AOAJtb0"
   end
 
-  it "raises an error if an attempt is made to alter a non-existenet file" do
-    lambda { HTAuth::PasswdFile.new("some-file") }.must_raise(HTAuth::FileAccessError)
+  it "raises an error if an attempt is made to alter a non-existent file" do
+    _ { HTAuth::PasswdFile.new("some-file") }.must_raise(HTAuth::FileAccessError)
   end
 
   # this test will only work on systems that have /etc/ssh_host_rsa_key 
   it "raises an error if an attempt is made to open a file where no permissions are granted" do
-    lambda { HTAuth::PasswdFile.new("/etc/ssh_host_rsa_key") }.must_raise(HTAuth::FileAccessError)
+    _ { HTAuth::PasswdFile.new("/etc/ssh_host_rsa_key") }.must_raise(HTAuth::FileAccessError)
   end
 
   it "deletes an entry" do
     @passwd_file.delete("bob")
-    @passwd_file.contents.must_equal IO.read(PASSWD_DELETE_TEST_FILE)
+    _(@passwd_file.contents).must_equal IO.read(PASSWD_DELETE_TEST_FILE)
+  end
+
+  it "checks authentication of an entry - true" do
+    _(@passwd_file.authenticated?("alice", "a secret")).must_equal true
   end
 
-  it "is usable in a ruby manner and yeilds itself when opened" do
+  it "checks authentication of an entry - false" do
+    _(@passwd_file.authenticated?("alice", "the wrong secret")).must_equal false
+  end
+
+
+  it "is usable in a ruby manner and yields itself when opened" do
     HTAuth::PasswdFile.open(@tf.path) do |pf|
       pf.add_or_update("alice", "a new secret", "md5")
       pf.delete('bob')
     end
     lines = IO.readlines(@tf.path)
-    lines.size.must_equal 1
-    lines.first.split(':').first.must_equal "alice"
-    lines.first.split(':').last.must_match( /\$apr1\$/ )
+    _(lines.size).must_equal 1
+    _(lines.first.split(':').first).must_equal "alice"
+    _(lines.first.split(':').last).must_match( /\$apr1\$/ )
   end
 end

data/spec/plaintext_spec.rb

@@ -2,14 +2,10 @@ require 'spec_helper'
 require 'htauth/plaintext'
 
 describe HTAuth::Plaintext do
-  it "has a prefix" do
-    HTAuth::Plaintext.new.prefix.must_equal ""
-  end
-
   it "encrypts the same way that apache does" do
     apache_result = "a secret"
     pt = HTAuth::Plaintext.new
-    pt.encode("a secret").must_equal apache_result
+    _(pt.encode("a secret")).must_equal apache_result
   end
 end
 

data/spec/sha1_spec.rb

@@ -2,14 +2,10 @@ require 'spec_helper'
 require 'htauth/sha1'
 
 describe HTAuth::Sha1 do
-  it "has a prefix" do
-    HTAuth::Sha1.new.prefix.must_equal "{SHA}"
-  end
-
   it "encrypts the same way that apache does" do
     apache_result = "{SHA}ZrnlrvmM7ZCOV3FAvM7la89NKbk="
     sha1 = HTAuth::Sha1.new
-    sha1.encode("a secret").must_equal apache_result
+    _(sha1.encode("a secret")).must_equal apache_result
   end
 end
 

data/tasks/default.rake

@@ -38,7 +38,7 @@ task :develop => "develop:default"
 begin
   require 'rake/testtask'
   Rake::TestTask.new( :test ) do |t|
-    t.ruby_opts    = %w[ -w -rubygems ]
+    t.ruby_opts    = %w[ -w ]
     t.libs         = %w[ lib spec test ]
     t.pattern      = "{test,spec}/**/{test_*,*_spec}.rb"
   end
@@ -159,7 +159,7 @@ namespace :fixme do
   end
 
   desc "See if the fixme tools are outdated"
-  task :outdated => :release_check do
+  task :outdated do
     if fixme_up_to_date? then
       puts "Fixme files are up to date."
     else
@@ -170,7 +170,7 @@ namespace :fixme do
   end
 
   desc "Update outdated fixme files"
-  task :update => :release_check do
+  task :update do
     if fixme_up_to_date? then
       puts "Fixme files are already up to date."
     else

data/tasks/this.rb

@@ -28,7 +28,7 @@ class ThisProject
     @exclude_from_manifest = Regexp.union(/\.(git|DS_Store)/,
                                           /^(doc|coverage|pkg|tmp|Gemfile(\.lock)?)/,
                                           /^[^\/]+\.gemspec/,
-                                          /\.(swp|jar|bundle|so|rvmrc|travis.yml)$/,
+                                          /\.(swp|jar|bundle|so|rvmrc|travis.yml|byebug_history|fossa.yml|ruby-version)$/,
                                           /~$/)
     @gemspecs              = Hash.new
     yield self if block_given?
@@ -146,7 +146,7 @@ class ThisProject
       spec.rdoc_options = [ "--main"  , 'README.md',
                             "--markup", "tomdoc" ]
 
-      spec.required_ruby_version = '>= 1.9.3'
+      spec.required_ruby_version = '>= 2.2.2'
     end
   end
 

metadata

@@ -1,71 +1,85 @@
 --- !ruby/object:Gem::Specification
 name: htauth
 version: !ruby/object:Gem::Version
-  version: 2.0.0
+  version: 2.1.0
 platform: ruby
 authors:
 - Jeremy Hinegardner
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-09-14 00:00:00.000000000 Z
+date: 2020-04-02 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: bcrypt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.1'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.1'
+        version: '13.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.1'
+        version: '13.0'
 - !ruby/object:Gem::Dependency
   name: minitest
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '5.0'
+        version: '5.5'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '5.0'
+        version: '5.5'
 - !ruby/object:Gem::Dependency
   name: rdoc
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '4.0'
+        version: '6.2'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '4.0'
+        version: '6.2'
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.9'
+        version: '0.17'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.9'
+        version: '0.17'
 description: HTAuth is a pure ruby replacement for the Apache support programs htdigest
   and htpasswd.  Command line and API access are provided for access to htdigest and
   htpasswd files.
@@ -90,11 +104,13 @@ files:
 - bin/htpasswd-ruby
 - lib/htauth.rb
 - lib/htauth/algorithm.rb
+- lib/htauth/bcrypt.rb
 - lib/htauth/cli.rb
 - lib/htauth/cli/digest.rb
 - lib/htauth/cli/passwd.rb
 - lib/htauth/console.rb
 - lib/htauth/crypt.rb
+- lib/htauth/descendant_tracker.rb
 - lib/htauth/digest_entry.rb
 - lib/htauth/digest_file.rb
 - lib/htauth/entry.rb
@@ -106,6 +122,8 @@ files:
 - lib/htauth/plaintext.rb
 - lib/htauth/sha1.rb
 - lib/htauth/version.rb
+- spec/algorithm_spec.rb
+- spec/bcrypt_spec.rb
 - spec/cli/digest_spec.rb
 - spec/cli/passwd_spec.rb
 - spec/crypt_spec.rb
@@ -143,21 +161,22 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 1.9.3
+      version: 2.2.2
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.4.5
+rubygems_version: 3.0.3
 signing_key: 
 specification_version: 4
 summary: HTAuth is a pure ruby replacement for the Apache support programs htdigest
   and htpasswd.  Command line and API access are provided for access to htdigest and
   htpasswd files.
 test_files:
+- spec/algorithm_spec.rb
+- spec/bcrypt_spec.rb
 - spec/cli/digest_spec.rb
 - spec/cli/passwd_spec.rb
 - spec/crypt_spec.rb