letsencrypt-rails-heroku 0.2.7 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 32cf3371510deaf174656882cf2936193a2e5b82
-  data.tar.gz: 356180870192d490933561ecb7682eec6860f3d4
+  metadata.gz: 0aabfc12bc180268e622c9bace1bf6460b2c73ef
+  data.tar.gz: c4bd799e49433146dc65f55ca0901c5fcad7f0be
 SHA512:
-  metadata.gz: a7cc76a0036aa49ed275dd234ebd09ae14923e04d34b083c5bb6716ac07c011ed20ba45294ea78523dadcb1272e035dde2b83e550a75a58431f492b67180d70e
-  data.tar.gz: 297cd3465bb78abe0d732087ea51f3ddd24eba38277e88fa1c1d91d900bda5931883a00d90ac0115bee55d6555129c57f2f640d9392b895997563dc12b0a9d96
+  metadata.gz: 8a259feabfb24e55ac7a2a499ad565cb33d0088a2aac1fa80773b0a96654a866f336a5bc98977458b289d096d0f3ec0b8e98346890bf4d85c569ba8a2e2b9e7e
+  data.tar.gz: c43da038a91df674e2d9bf57ca45534e0ed671bf0754b2a5638014c17a282c2da83e11b65b5b35921a5a702008cf0b029dd085a0ba02e8111bdc1cfee4a1462f

data/CHANGELOG.md

@@ -1,3 +1,9 @@
+# 0.3.0
+
+ - Remove some Rails-specific methods and code to allow the gem to be used
+   (with some extra steps) by non-Rails applications like Sinatra. Closes issue
+   #14 and pull request #15, thanks @cbetta!
+
 # 0.2.6
 
  - Add more details of the error returned by LetsEncrypt when a challenge fails.

data/Gemfile.lock

@@ -27,13 +27,13 @@ GEM
     faraday (0.9.2)
       multipart-post (>= 1.2, < 3)
     git (1.3.0)
-    github_api (0.14.4)
+    github_api (0.14.5)
       addressable (~> 2.4.0)
       descendants_tracker (~> 0.0.4)
       faraday (~> 0.8, < 0.10)
       hashie (>= 3.4)
-      oauth2 (~> 1.0.0)
-    hashie (3.4.4)
+      oauth2 (~> 1.0)
+    hashie (3.4.6)
     heroics (0.0.17)
       erubis (~> 2.0)
       excon
@@ -43,9 +43,9 @@ GEM
     highline (1.7.8)
     i18n (0.7.0)
     json (1.8.3)
-    juwelier (2.1.2)
+    juwelier (2.1.3)
       builder
-      bundler (>= 1.0)
+      bundler (>= 1.13)
       git (>= 1.2.5)
       github_api
       highline (>= 1.6.15)
@@ -53,26 +53,24 @@ GEM
       rake
       rdoc
       semver
-    jwt (1.5.4)
+    jwt (1.5.6)
     mini_portile2 (2.1.0)
     minitest (5.9.0)
     moneta (0.8.0)
     multi_json (1.12.1)
-    multi_xml (0.5.5)
+    multi_xml (0.6.0)
     multipart-post (2.0.0)
     netrc (0.11.0)
-    nokogiri (1.6.8)
+    nokogiri (1.6.8.1)
       mini_portile2 (~> 2.1.0)
-      pkg-config (~> 1.1.7)
-    oauth2 (1.0.0)
+    oauth2 (1.2.0)
       faraday (>= 0.8, < 0.10)
       jwt (~> 1.0)
       multi_json (~> 1.3)
       multi_xml (~> 0.5)
-      rack (~> 1.2)
-    pkg-config (1.1.7)
-    rack (1.6.4)
-    rake (11.2.2)
+      rack (>= 1.2, < 3)
+    rack (2.0.1)
+    rake (12.0.0)
     rdoc (3.12.2)
       json (~> 1.4)
     semver (1.0.1)
@@ -104,4 +102,4 @@ DEPENDENCIES
   simplecov
 
 BUNDLED WITH
-   1.12.5
+   1.13.6

data/README.md

@@ -6,17 +6,15 @@ This gem is a complete solution for securing your Ruby on Rails application
 on Heroku using their free SNI-based SSL and LetsEncrypt. It will automatically
 handle renewals and keeping your certificate up to date.
 
+With some extra steps, this gem can also be used with Sinatra. For an example
+of how to do this, see the
+[letsencrypt-rails-heroku-sinatra-example](https://github.com/pixielabs/letsencrypt-rails-heroku-sinatra-example)
+repository.
 
-## Requirements
-
- - Whilst it is in beta, you must use the labs feature to enable Heroku's free
-   SSL offering:
 
-   ```
-   heroku labs:enable http-sni
-   ```
+## Requirements
 
- - You must be using hobby or professional dynos to use free SNI-based SSL.
+ - You must be using hobby or professional dynos to use free SNI-based SSL. Find out more on [Heroku's documentation page about SSL](https://devcenter.heroku.com/articles/ssl).
 
  - You should have already configured your app DNS as per [Heroku's
    documentation](https://devcenter.heroku.com/articles/custom-domains).
@@ -26,7 +24,7 @@ handle renewals and keeping your certificate up to date.
 Add the gem to your Gemfile:
 
 ```
-# Until the API calls are out of beta, you must manually specify my fork
+# Until the new API calls are generally available, you must manually specify my fork
 # of the Heroku API gem:
 gem 'platform-api', github: 'jalada/platform-api', branch: 'master'
 
@@ -45,6 +43,21 @@ Rails.application.configure do
 end
 ```
 
+If you have configured your app to enforce SSL with the configuration option
+`config.force_ssl = true` you will need to insert the middleware in front of
+the middleware performing that enforcement instead, as LetsEncrypt do not allow
+redirects on their verification requests:
+
+```ruby
+Rails.application.configure do
+  # <...>
+  
+  config.middleware.insert_before ActionDispatch::SSL, Letsencrypt::Middleware
+
+  # <...>
+end
+```
+
 ## Configuring
 
 By default the gem will try to use the following set of configuration variables,
@@ -129,12 +142,12 @@ Source: [blog.dbrgn.ch](https://blog.dbrgn.ch/2013/10/4/heroku-schedule-weekly-m
 Suggestions and pull requests are welcome in improving the situation with the
 following security considerations:
 
- - When configuring this gem you are baking a non-expiring Heroku API token
-   into your applications environment. Your collaborators could use this
+ - When configuring this gem you must add a non-expiring Heroku API token
+   into your application environment. Your collaborators could use this
    token to impersonate the account it was created with when accessing
    the Heroku API. This is important if your account has access to other apps
-   that your collaborators don’t. Additionally, if your application’s environment was
-   leaked this would give access to the Heroku API as your user account. 
+   that your collaborators don’t. Additionally, if your application environment was
+   leaked this would give the attacker access to the Heroku API as your user account. 
    [More information about Heroku’s API and oAuth](https://devcenter.heroku.com/articles/oauth#direct-authorization).
 
    You should create the API token from a suitably locked-down account.
@@ -153,7 +166,7 @@ following security considerations:
   we don’t register with LetsEncrypt over and over.
 
 - Stop using a fork of the `platform-api` gem once it supports the SNI endpoint
-  API calls.
+  API calls. [See issue #49 of the platform-api gem](https://github.com/heroku/platform-api/issues/49).
 
 - Provide instructions for running the gem decoupled from the app it is 
   securing, for the paranoid.

data/VERSION

@@ -1 +1 @@
-0.2.7
+0.3.0

data/letsencrypt-rails-heroku.gemspec

@@ -2,16 +2,16 @@
 # DO NOT EDIT THIS FILE DIRECTLY
 # Instead, edit Juwelier::Tasks in Rakefile, and run 'rake gemspec'
 # -*- encoding: utf-8 -*-
-# stub: letsencrypt-rails-heroku 0.2.7 ruby lib
+# stub: letsencrypt-rails-heroku 0.3.0 ruby lib
 
 Gem::Specification.new do |s|
   s.name = "letsencrypt-rails-heroku"
-  s.version = "0.2.7"
+  s.version = "0.3.0"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.require_paths = ["lib"]
   s.authors = ["David Somers"]
-  s.date = "2016-08-19"
+  s.date = "2016-12-10"
   s.description = "This gem automatically handles creation, renewal, and applying SSL certificates from LetsEncrypt to your Heroku account."
   s.email = "david@pixielabs.co.uk"
   s.extra_rdoc_files = [

data/lib/letsencrypt-rails-heroku/letsencrypt.rb

@@ -9,9 +9,9 @@ module Letsencrypt
   end
 
   def self.challenge_configured?
-    configuration.acme_challenge_filename.present? && 
-      configuration.acme_challenge_filename.starts_with?(".well-known/") &&
-      configuration.acme_challenge_file_content.present?
+    configuration.acme_challenge_filename && 
+      configuration.acme_challenge_filename.start_with?(".well-known/") &&
+      configuration.acme_challenge_file_content
   end
 
   class Configuration
@@ -25,14 +25,13 @@ module Letsencrypt
       @heroku_app = ENV["HEROKU_APP"]
       @acme_email = ENV["ACME_EMAIL"]
       @acme_domain = ENV["ACME_DOMAIN"]
-      @acme_endpoint = ENV["ACME_ENDPOINT"].presence || 'https://acme-v01.api.letsencrypt.org/'
+      @acme_endpoint = ENV["ACME_ENDPOINT"] || 'https://acme-v01.api.letsencrypt.org/'
       @acme_challenge_filename = ENV["ACME_CHALLENGE_FILENAME"]
       @acme_challenge_file_content = ENV["ACME_CHALLENGE_FILE_CONTENT"]
     end
 
     def valid?
-      heroku_token.present? && heroku_app.present? && acme_email.present? &&
-        acme_domain.present?
+      heroku_token && heroku_app && acme_email && acme_domain
     end
   end
 end

data/lib/tasks/letsencrypt.rake

@@ -6,7 +6,7 @@ require 'platform-api'
 namespace :letsencrypt do
 
   desc 'Renew your LetsEncrypt certificate'
-  task :renew => :environment do
+  task :renew do
     # Check configuration looks OK
     abort "letsencrypt-rails-heroku is configured incorrectly. Are you missing an environment variable or other configuration? You should have a heroku_token, heroku_app, acmp_email and acme_domain configured either via a `Letsencrypt.configure` block in an initializer or as environment variables." unless Letsencrypt.configuration.valid?
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: letsencrypt-rails-heroku
 version: !ruby/object:Gem::Version
-  version: 0.2.7
+  version: 0.3.0
 platform: ruby
 authors:
 - David Somers
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-08-19 00:00:00.000000000 Z
+date: 2016-12-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: acme-client