keybox 1.0.0 → 1.1.0

data/lib/keybox/digest.rb

@@ -1,13 +1,13 @@
-require 'openssl'
+require 'digest/sha2'
 module Keybox
     #
     # By default Keybox wants to use sha-256 as the hashing function.
-    # This is available in OpenSSL 0.9.8 or greater.
+    # a sha-256 library ships with ruby in 'digest/sha2'
     #
     module Digest
         SHA_256             = "sha256"
-        CLASSES             = { SHA_256 => ::OpenSSL::Digest::SHA256 } 
         DEFAULT_ALGORITHM   = SHA_256
-        ALGORITHMS = CLASSES.keys
+        CLASSES             = { SHA_256 => ::Digest::SHA256 }
+        ALGORITHMS          = CLASSES.keys
     end
 end

data/lib/keybox/highline_util.rb

@@ -0,0 +1,91 @@
+begin
+    # first try to use the gem
+    require 'rubygems'
+    gem 'highline', ">=1.2.6"
+rescue Gem::LoadError
+    # If that fails, then use what ships with keybox
+    $: << File.join(Keybox::APP_VENDOR_DIR,"highline")
+end
+
+require 'highline'
+
+module Keybox
+    # including this module assumes that the class included has 
+    # an @highline variable
+    module HighLineUtil
+
+        # the scheme to apply when no scheme is allowed so that 
+        # everything works as normal
+        NONE_SCHEME = {
+                :prompt         => [ :clear ], 
+                :header         => [ :clear ], 
+                :header_bar     => [ :clear ], 
+                :line_number    => [ :clear ], 
+                :even_row       => [ :clear ], 
+                :odd_row        => [ :clear ], 
+                :information    => [ :clear ], 
+                :error          => [ :clear ], 
+                :private        => [ :clear ], 
+                :separator      => [ :clear ], 
+                :separator_bar  => [ :clear ], 
+                :name           => [ :clear ], 
+                :value          => [ :clear ], 
+                :normal         => [ :clear ],
+        }
+
+        #
+        # A whole line of input needs a particular color.  This makes it
+        # easy to have all the ERB happening in one spot to avoid
+        # escaping issues.
+        def hsay(output,color_scheme)
+            @highline.say("<%= color(%Q{#{output}},'#{color_scheme}') %>")
+        end
+
+        def hagree(output)
+            @highline.agree("<%= color(%Q{#{output}},:prompt) %> ")
+        end
+
+        #
+        # Prompt for input, returning what was typed.  Options can be
+        # passed as If echo is false,
+        # then '*' is printed out for each character typed in.  If it is
+        # any other character then that is output instead.
+        #
+        # If validate is set to true, then it will prompt twice and make
+        # sure that the two values match
+        def prompt(p,options)
+            validated = false
+            line = ""
+            extra_prompt = " (again)"
+            original_prompt = p
+            validation_prompt = original_prompt + extra_prompt
+
+            echo     = options[:echo].nil? ? true : options[:echo]
+            width    = options[:width] || 30
+            validate = options[:validate] || false
+
+            until validated do
+                line = @highline.ask("<%= color('#{original_prompt.rjust(width)}',:prompt) %> : ") { |q| q.echo = echo }
+                # ensure we are at the beginning of the line
+                @stdout.print "\r"
+
+                # if we are validating then prompt again to validate
+                if validate then
+                    v = @highline.ask("<%= color('#{validation_prompt.rjust(width)}', :prompt) %> : ") { |q| q.echo = echo }
+                    # ensure we are at the beginning of the line
+                    @stdout.print "\r"
+                   
+                    # line on some terminals
+                    if v != line then
+                        @highline.say("<%= color('Entries do not match, try again.', :error) %>")
+                    else
+                        validated = true
+                    end
+                else 
+                    validated = true
+                end
+            end
+            return line
+        end
+    end
+end

data/lib/keybox/storage/container.rb

@@ -68,15 +68,18 @@ module Keybox
 
             attr_reader     :records
 
-            ITERATIONS = 2048 
+            ITERATIONS            = 2048 
+            MINIMUM_PHRASE_LENGTH = 4
             def initialize(passphrase,path)
                 super()
 
+
                 @path        = path
                 @passphrase  = passphrase
                 @records     = []
 
                 if not load_from_file then
+                    strength_check(@passphrase)
                     self.version                    = Keybox::VERSION
                     
                     self.key_calc_iterations        = ITERATIONS
@@ -98,6 +101,7 @@ module Keybox
             # Change the master password of the container
             #
             def passphrase=(new_passphrase)
+                strength_check(new_passphrase)
                 @passphrase                 = new_passphrase
                 self.key_digest_salt        = Keybox::RandomDevice.random_bytes(32)
                 self.key_digest             = calculated_key_digest(new_passphrase)
@@ -239,6 +243,20 @@ module Keybox
 
             private
 
+            #
+            # validate the passphrase against some criteria.  Right now
+            # this criteria is very minimal and should be changed at
+            # some point.
+            #
+            # An invalid passphrase raises a Keybox::ValidationException
+            #
+            def strength_check(phrase)
+                if phrase.to_s.length < MINIMUM_PHRASE_LENGTH
+                    raise Keybox::ValidationError, "Passphrase is not strong enough.  It is too short."
+                end
+                true
+            end
+
             #
             # calculate the key digest of the input pass phrase and
             # compare that to the digest in the data file.  If they are

data/spec/base_app_spec.rb

@@ -10,7 +10,7 @@ context "Keybox Base Application" do
 
     specify "executing with no args should have output on stdout" do
         kba = Keybox::Application::Base.new(nil)
-        kba.stdout = StringIO.new
+        kba.set_io(StringIO.new,StringIO.new,StringIO.new)
         kba.run
         kba.stdout.string.size.should_be > 0
     end
@@ -18,8 +18,7 @@ context "Keybox Base Application" do
 
     specify "invalid options set the error message, exit 1 and have output on stderr" do
         kba = Keybox::Application::Base.new(["--invalid-option"])
-        kba.stderr = StringIO.new
-        kba.stdout = StringIO.new
+        kba.set_io(StringIO.new,StringIO.new,StringIO.new)
         begin
             kba.run
         rescue SystemExit => se
@@ -32,7 +31,7 @@ context "Keybox Base Application" do
 
     specify "help has output on stdout and exits 0" do
         kba = Keybox::Application::Base.new(["--h"]) 
-        kba.stdout = StringIO.new
+        kba.set_io(StringIO.new,StringIO.new,StringIO.new)
         begin
             kba.run
         rescue SystemExit => se
@@ -43,7 +42,7 @@ context "Keybox Base Application" do
 
     specify "version has output on stdout and exits 0" do
         kba = Keybox::Application::Base.new(["--ver"]) 
-        kba.stdout = StringIO.new
+        kba.set_io(StringIO.new,StringIO.new,StringIO.new)
         begin
             kba.run
         rescue SystemExit => se

data/spec/keybox_app_spec.rb

@@ -37,6 +37,7 @@ context "Keybox Password Safe Application" do
         @import_csv.unlink
         @bad_import_csv.unlink
         @export_csv.unlink
+
     end
 
     specify "nil argv should do nothing" do
@@ -46,8 +47,7 @@ context "Keybox Password Safe Application" do
 
     specify "executing with no args should have output on stdout" do
         kps = Keybox::Application::PasswordSafe.new(["-f", @testing_db.path, "-c", @testing_cfg.path])
-        kps.stdout = StringIO.new
-        kps.stdin  = StringIO.new(@passphrase)
+        kps.set_io(StringIO.new(@passphrase),StringIO.new,StringIO.new)
         kps.run
         kps.stdout.string.size.should_be > 0
     end
@@ -63,8 +63,7 @@ context "Keybox Password Safe Application" do
 
     specify "more than one command options is an error" do
         kps = Keybox::Application::PasswordSafe.new(["-f", @testing_db.path, "-c", @testing_cfg.path, "--add", "account", "--edit", "account"])
-        kps.stderr = StringIO.new
-        kps.stdout = StringIO.new
+        kps.set_io(StringIO.new,StringIO.new,StringIO.new)
         begin
             kps.run
         rescue SystemExit => se
@@ -76,19 +75,19 @@ context "Keybox Password Safe Application" do
 
     specify "space separated words are okay for names" do
         kps = Keybox::Application::PasswordSafe.new(["-f", @testing_db.path, "-c", @testing_cfg.path, "--add", "An Example"])
-        kps.stderr = StringIO.new
-        kps.stdout = StringIO.new
         prompted_values = [@passphrase, "An example"] + %w(example.com someuser apassword apassword noinfo yes)
-        kps.stdin  = StringIO.new(prompted_values.join("\n"))
+        stdin = StringIO.new(prompted_values.join("\n"))
+        kps.set_io(stdin,StringIO.new,StringIO.new)
         kps.run
         kps.db.records.size.should_eql 3
     end
 
 
     specify "invalid options set the error message, exit 1 and have output on stderr" do
-        kps = Keybox::Application::PasswordSafe.new(["-f", @testing_db.path, "-c", @testing_cfg.path,"--invalid-option"])
-        kps.stderr = StringIO.new
-        kps.stdout = StringIO.new
+        kps = Keybox::Application::PasswordSafe.new(["-f", @testing_db.path, 
+                                                     "-c", @testing_cfg.path,
+                                                     "--invalid-option"])
+        kps.set_io(StringIO.new,StringIO.new,StringIO.new)
         begin
             kps.run
         rescue SystemExit => se
@@ -101,7 +100,7 @@ context "Keybox Password Safe Application" do
 
     specify "help has output on stdout and exits 0" do
         kps = Keybox::Application::PasswordSafe.new(["--h"]) 
-        kps.stdout = StringIO.new
+        kps.set_io(StringIO.new,StringIO.new,StringIO.new)
         begin
             kps.run
         rescue SystemExit => se
@@ -112,7 +111,7 @@ context "Keybox Password Safe Application" do
 
     specify "version has output on stdout and exits 0" do
         kps = Keybox::Application::PasswordSafe.new(["--ver"]) 
-        kps.stdout = StringIO.new
+        kps.set_io(StringIO.new,StringIO.new,StringIO.new)
         begin
             kps.run
         rescue SystemExit => se
@@ -124,8 +123,8 @@ context "Keybox Password Safe Application" do
     specify "prompted for password twice to create database initially" do
         File.unlink(@testing_db.path)
         kps = Keybox::Application::PasswordSafe.new(["-f", @testing_db.path, "-c", @testing_cfg.path])
-        kps.stdout = StringIO.new
-        kps.stdin  = StringIO.new([@passphrase,@passphrase].join("\n"))
+        stdin  = StringIO.new([@passphrase,@passphrase].join("\n"))
+        kps.set_io(stdin,StringIO.new,StringIO.new)
         kps.run
         kps.db.records.size.should_eql 0
         kps.stdout.string.should_satisfy { |msg| msg =~ /Creating initial database./m }
@@ -134,26 +133,26 @@ context "Keybox Password Safe Application" do
 
     specify "file can be opened with password" do
         kps = Keybox::Application::PasswordSafe.new(["-f", @testing_db.path, "-c", @testing_cfg.path])
-        kps.stdout = StringIO.new
-        kps.stdin  = StringIO.new(@passphrase + "\n")
+        stdin  = StringIO.new(@passphrase + "\n")
+        kps.set_io(stdin,StringIO.new,StringIO.new)
         kps.run
         kps.db.records.size.should_eql 2
     end
 
     specify "adding an entry to the database works" do
         kps = Keybox::Application::PasswordSafe.new(["-f", @testing_db.path, "-c", @testing_cfg.path, "--add", "example.com"])
-        kps.stdout = StringIO.new
         prompted_values = [@passphrase] + %w(example.com example.com someuser apassword apassword noinfo yes)
-        kps.stdin  = StringIO.new(prompted_values.join("\n"))
+        stdin  = StringIO.new(prompted_values.join("\n"))
+        kps.set_io(stdin,StringIO.new,StringIO.new)
         kps.run
         kps.db.records.size.should_eql 3
     end
 
     specify "editing an entry in the database works" do
         kps = Keybox::Application::PasswordSafe.new(["-f", @testing_db.path, "-c", @testing_cfg.path, "--edit", "localhost"])
-        kps.stdout = StringIO.new
         prompted_values = [@passphrase] + %w(yes example.com example.com someother anewpassword anewpassword someinfo yes)
-        kps.stdin  = StringIO.new(prompted_values.join("\n"))
+        stdin  = StringIO.new(prompted_values.join("\n"))
+        kps.set_io(stdin,StringIO.new,StringIO.new)
         kps.run
         kps.db.records.size.should_eql 2
         kps.db.find("someother")[0].additional_info.should_eql "someinfo"
@@ -161,27 +160,29 @@ context "Keybox Password Safe Application" do
 
     specify "add a url entry to the database" do
         kps = Keybox::Application::PasswordSafe.new(["-f", @testing_db.path, "-c", @testing_cfg.path, "--use-hash-for-url", "--add", "http://www.example.com"])
-        kps.stdout = StringIO.new
         prompted_values = [@passphrase] + %w(www.example.com http://www.example.com someuser noinfo yes)
-        kps.stdin  = StringIO.new(prompted_values.join("\n"))
+        stdin  = StringIO.new(prompted_values.join("\n"))
+        kps.set_io(stdin,StringIO.new,StringIO.new)
         kps.run
         kps.db.records.size.should_eql 3
     end
 
     specify "double prompting on failed password for entry to the database works" do
-        kps = Keybox::Application::PasswordSafe.new(["-f", @testing_db.path, "-c", @testing_cfg.path, "--add", "example.com"])
-        kps.stdout = StringIO.new
+        kps = Keybox::Application::PasswordSafe.new(["-f", @testing_db.path, 
+                                                     "-c", @testing_cfg.path, 
+                                                     "--add", "example.com"])
         prompted_values = [@passphrase, ""] + %w(example.com someuser apassword abadpassword abcdef abcdef noinfo yes)
-        kps.stdin  = StringIO.new(prompted_values.join("\n"))
+        stdin  = StringIO.new(prompted_values.join("\n"))
+        kps.set_io(stdin,StringIO.new,StringIO.new)
         kps.run
         kps.db.records.size.should_eql 3
     end
 
     specify "able to delete an entry" do
         kps = Keybox::Application::PasswordSafe.new(["-f", @testing_db.path, "-c", @testing_cfg.path, "--delete", "example"])
-        kps.stdout = StringIO.new
         prompted_values = [@passphrase] + %w(Yes)
-        kps.stdin = StringIO.new(prompted_values.join("\n"))
+        stdin = StringIO.new(prompted_values.join("\n"))
+        kps.set_io(stdin,StringIO.new,StringIO.new)
         kps.run
         kps.db.records.size.should_eql 1
         kps.stdout.string.should_satisfy { |msg| msg =~ /example' deleted/ }
@@ -189,9 +190,9 @@ context "Keybox Password Safe Application" do
 
     specify "able to cancel deletion" do
         kps = Keybox::Application::PasswordSafe.new(["-f", @testing_db.path, "-c", @testing_cfg.path, "--delete", "example"])
-        kps.stdout = StringIO.new
         prompted_values = [@passphrase] + %w(No)
-        kps.stdin = StringIO.new(prompted_values.join("\n"))
+        stdin = StringIO.new(prompted_values.join("\n"))
+        kps.set_io(stdin,StringIO.new,StringIO.new)
         kps.run
         kps.db.records.size.should_eql 2
         kps.stdout.string.should_satisfy { |msg| msg =~ /example' deleted/ }
@@ -199,24 +200,24 @@ context "Keybox Password Safe Application" do
 
     specify "list all the entries" do
         kps = Keybox::Application::PasswordSafe.new(["-f", @testing_db.path, "-c", @testing_cfg.path, "--list"])
-        kps.stdout = StringIO.new
-        kps.stdin = StringIO.new(@passphrase)
+        stdin = StringIO.new(@passphrase)
+        kps.set_io(stdin,StringIO.new,StringIO.new)
         kps.run
         kps.stdout.string.should_satisfy { |msg| msg =~ /2./m }
     end
 
     specify "listing no entries found" do
         kps = Keybox::Application::PasswordSafe.new(["-f", @testing_db.path, "-c", @testing_cfg.path, "--list", "nothing"])
-        kps.stdout = StringIO.new
-        kps.stdin = StringIO.new(@passphrase)
+        stdin = StringIO.new(@passphrase)
+        kps.set_io(stdin,StringIO.new,StringIO.new)
         kps.run
         kps.stdout.string.should_satisfy { |msg| msg =~ /No matching records were found./ }
     end
 
     specify "showing no entries found" do
         kps = Keybox::Application::PasswordSafe.new(["-f", @testing_db.path, "-c", @testing_cfg.path, "--show", "nothing"])
-        kps.stdout = StringIO.new
-        kps.stdin = StringIO.new(@passphrase)
+        stdin = StringIO.new(@passphrase)
+        kps.set_io(stdin,StringIO.new,StringIO.new)
         kps.run
         kps.stdout.string.should_satisfy { |msg| msg =~ /No matching records were found./ }
     end
@@ -224,32 +225,44 @@ context "Keybox Password Safe Application" do
 
     specify "show all the entries" do
         kps = Keybox::Application::PasswordSafe.new(["-f", @testing_db.path, "-c", @testing_cfg.path, "--show"])
-        kps.stdout = StringIO.new
-        kps.stdin = StringIO.new(@passphrase)
+        stdin = StringIO.new([@passphrase, "", ""].join("\n"))
+        kps.set_io(stdin,StringIO.new,StringIO.new)
         kps.run
         kps.stdout.string.should_satisfy { |msg| msg =~ /2./m }
     end
 
     specify "changing master password works" do
         kps = Keybox::Application::PasswordSafe.new(["-f", @testing_db.path, "-c", @testing_cfg.path, "--master-password"])
-        kps.stdout = StringIO.new
-        kps.stdin  = StringIO.new([@passphrase, "I really love ruby.", "I really love ruby."].join("\n"))
+        stdin  = StringIO.new([@passphrase, "I really love ruby.", "I really love ruby."].join("\n"))
+        kps.set_io(stdin,StringIO.new,StringIO.new)
         kps.run
         kps.stdout.string.should_satisfy { |msg| msg =~ /New master password set/m }
     end
 
+    specify "master password must be non-zero" do
+        kps = Keybox::Application::PasswordSafe.new(["-f", @testing_db.path, "-c", @testing_cfg.path, "--master-password"])
+        stdin  = StringIO.new([@passphrase, "", ""].join("\n"))
+        kps.set_io(stdin,StringIO.new,StringIO.new)
+        begin
+            kps.run
+        rescue SystemExit => se
+            kps.stdout.string.should_satisfy { |msg| msg =~ /Passphrase is not strong enough./m }
+            se.status.should_eql 1
+        end
+    end
+
     specify "importing from a valid csv file" do
         kps = Keybox::Application::PasswordSafe.new(["-f", @testing_db.path, "-c", @testing_cfg.path,"-i", @import_csv.path])
-        kps.stdout = StringIO.new
-        kps.stdin  = StringIO.new([@passphrase, @passphrase].join("\n"))
+        stdin  = StringIO.new([@passphrase, @passphrase].join("\n"))
+        kps.set_io(stdin,StringIO.new,StringIO.new)
         kps.run
         kps.stdout.string.should_satisfy { |msg| msg =~ /Imported \d* records from/m }
     end
 
     specify "Error message give on invalid imported csv" do
         kps = Keybox::Application::PasswordSafe.new(["-f", @testing_db.path, "-c", @testing_cfg.path,"-i", @bad_import_csv.path])
-        kps.stdout = StringIO.new
-        kps.stdin  = StringIO.new([@passphrase, @passphrase].join("\n"))
+        stdin  = StringIO.new([@passphrase, @passphrase].join("\n"))
+        kps.set_io(stdin,StringIO.new,StringIO.new)
         begin
             kps.run
         rescue SystemExit => se
@@ -260,9 +273,35 @@ context "Keybox Password Safe Application" do
 
     specify "able to export to a csv" do
         kps = Keybox::Application::PasswordSafe.new(["-f", @testing_db.path, "-c", @testing_cfg.path,"-x", @export_csv.path])
-        kps.stdout = StringIO.new
-        kps.stdin  = StringIO.new([@passphrase, @passphrase].join("\n"))
+        stdin  = StringIO.new([@passphrase, @passphrase].join("\n"))
+        kps.set_io(stdin,StringIO.new,StringIO.new)
         kps.run
         kps.stdout.string.should_satisfy { |msg| msg =~ /Exported \d* records to/m }
     end
+
+    specify "able to turn off color schemes" do
+        kps = Keybox::Application::PasswordSafe.new(["-f", @testing_db.path, "-c", @testing_cfg.path,"--color","none"])
+        kps.set_io(StringIO.new(@passphrase),StringIO.new,StringIO.new)
+        kps.run
+        kps.options.color_scheme.should_equal :none
+    end
+
+    specify "an invalid color scheme results in a no color scheme" do
+        kps = Keybox::Application::PasswordSafe.new(["-f", @testing_db.path, "-c", @testing_cfg.path,"--color","dne"])
+        kps.set_io(StringIO.new(@passphrase),StringIO.new,StringIO.new)
+        kps.run
+        kps.options.color_scheme.should_equal :none
+    end
+
+    specify "an incomplete color scheme results in an error message and then 'none' color scheme" do
+        bad_color_scheme = { :bad => [:bold, :white, :on_magenta] }
+        File.open("/tmp/test.color_scheme.yaml", "w+") { |f| f.write(bad_color_scheme.to_yaml) }
+        kps = Keybox::Application::PasswordSafe.new(["-f", @testing_db.path, "-c", @testing_cfg.path,"--color","test"])
+        kps.set_io(StringIO.new(@passphrase),StringIO.new,StringIO.new)
+        kps.run
+
+        File.unlink("/tmp/test.color_scheme.yaml")
+        kps.stdout.string.should_satisfy { |msg| msg =~ /It is missing the following items/m }
+        kps.options.color_scheme.should_equal :none
+    end
 end