manageiq-password 0.3.0 → 1.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 21eeaae385f4eadc2ca2cd9bebd5127e3139a8392a54eeb767e8b2481ada3f11
-  data.tar.gz: 92ea5e0fd4d9a2609cc960025cb0f4537049d9efa11c75a7d97120faed516854
+  metadata.gz: 9a506e65c484778a8b89cc16300e5145922de810e612499fe5046015e8668915
+  data.tar.gz: 5322663567882ef7b24f4275d9a6f21e1d967bd086de0afe64dcdf45d67e868d
 SHA512:
-  metadata.gz: 00ee2ce9764d6420633663fabfb255ce39288c131869472fd5d7b510767156ea90a37cf200f1516b21b66745d934264f2dee3dcaf1eac4f6e4b463561aca18e7
-  data.tar.gz: 905c37a40c89f39d99cfdc7503d3b4ac5d6056bb81192ee149dd7157348e74286a211172607071100ed59c22e74aa5664b3cd0f766499500f70bf5793f1d1edc
+  metadata.gz: 3ea27faaef7f610f5f07f67e19c1b27739c43f418f9662cfbf558d6a05168f0002b8697a1ec782b540b29b99e67a9d25996b03e1ad5cf9044d3644b5b3aaa9cb
+  data.tar.gz: 4b5e896206731cdd5895b1a90165c69af0bbdd789bf86509e2d4e1568a7a3437b794e043094a9183d09612717a67b278b5d32733523e3652698abcb637dd5ad0

data/.codeclimate.yml

@@ -1,11 +1,14 @@
----
 version: '2'
 prepare:
   fetch:
-  - url: https://raw.githubusercontent.com/ManageIQ/guides/master/.rubocop_base.yml
+  - url: https://raw.githubusercontent.com/ManageIQ/manageiq-style/master/.rubocop_base.yml
     path: ".rubocop_base.yml"
-  - url: https://raw.githubusercontent.com/ManageIQ/guides/master/.rubocop_cc_base.yml
+  - url: https://raw.githubusercontent.com/ManageIQ/manageiq-style/master/.rubocop_cc_base.yml
     path: ".rubocop_cc_base.yml"
+  - url: https://raw.githubusercontent.com/ManageIQ/manageiq-style/master/styles/base.yml
+    path: styles/base.yml
+  - url: https://raw.githubusercontent.com/ManageIQ/manageiq-style/master/styles/cc_base.yml
+    path: styles/cc_base.yml
 checks:
   argument-count:
     enabled: false
@@ -28,3 +31,4 @@ plugins:
   rubocop:
     enabled: true
     config: ".rubocop_cc.yml"
+    channel: rubocop-0-82

data/.rubocop.yml

@@ -1,3 +1,4 @@
 inherit_from:
-- https://raw.githubusercontent.com/ManageIQ/guides/master/.rubocop_base.yml
-- .rubocop_local.yml
+- ".rubocop_local.yml"
+inherit_gem:
+  manageiq-style: ".rubocop_base.yml"

data/.rubocop_cc.yml

@@ -1,4 +1,4 @@
 inherit_from:
-- .rubocop_base.yml
-- .rubocop_cc_base.yml
-- .rubocop_local.yml
+- ".rubocop_base.yml"
+- ".rubocop_cc_base.yml"
+- ".rubocop_local.yml"

data/.travis.yml

@@ -1,12 +1,10 @@
 ---
 language: ruby
-sudo: false
 cache: bundler
 rvm:
-- 2.4.5
-- 2.5.3
-before_install:
-- gem install bundler
+- 2.6.7
+- 2.7.3
+- 3.0.1
 before_script:
 - curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 > ./cc-test-reporter
 - chmod +x ./cc-test-reporter

data/CHANGELOG.md

@@ -0,0 +1,17 @@
+# Change Log
+All notable changes to this project will be documented in this file.
+This project adheres to [Semantic Versioning](http://semver.org/).
+
+## [Unreleased]
+
+## [1.0.0] - 2021-05-05
+### Removed
+- **BREAKING**: Drop support for legacy v0 and v1 keys [[#14](https://github.com/ManageIQ/manageiq-password/pull/14)]
+- **BREAKING**: Drop add_legacy_key and related methods [[#15](https://github.com/ManageIQ/manageiq-password/pull/15)]
+  - Legacy key support via recrypt should now pass the legacy key to the recrypt
+    method as a parameter, as ManageIQ::Password will no longer store the legacy
+    key
+- **BREAKING**: Drop deprecated methods [[#16](https://github.com/ManageIQ/manageiq-password/pull/16)]
+
+[Unreleased]: https://github.com/ManageIQ/more_core_extensions/compare/v1.0.0...HEAD
+[1.0.0]: https://github.com/ManageIQ/more_core_extensions/compare/v1.0.0...v0.3.0

data/README.md

@@ -1,6 +1,6 @@
 # ManageIQ Password
 
-[![Build Status](https://travis-ci.org/ManageIQ/manageiq-password.svg)](https://travis-ci.org/ManageIQ/manageiq-password)
+[![Build Status](https://travis-ci.com/ManageIQ/manageiq-password.svg)](https://travis-ci.com/ManageIQ/manageiq-password)
 [![Maintainability](https://api.codeclimate.com/v1/badges/85064711d083dea96636/maintainability)](https://codeclimate.com/github/ManageIQ/manageiq-password/maintainability)
 [![Test Coverage](https://api.codeclimate.com/v1/badges/85064711d083dea96636/test_coverage)](https://codeclimate.com/github/ManageIQ/manageiq-password/test_coverage)
 

data/lib/manageiq/password.rb

@@ -1,4 +1,5 @@
 require "manageiq/password/version"
+require "manageiq/password/password_mixin"
 
 require 'openssl'
 require 'base64'
@@ -8,9 +9,8 @@ module ManageIQ
   class Password
     class PasswordError < StandardError; end
 
-    CURRENT_VERSION = "2"
-    REGEXP = /v([0-2]):\{([^}]*)\}/
-    REGEXP_PASSWORD = /v[0-2](:\{[^}]*\}|%3A%7B.*?%7D)/ # for "v2:{...}" or its URL encoded string
+    REGEXP = /v2:\{([^}]*)\}/
+    REGEXP_PASSWORD = /v2(:\{[^}]*\}|%3A%7B.*?%7D)/ # for "v2:{...}" or its URL encoded string
     REGEXP_START_LINE = /^#{REGEXP}/
     MASK = '********'.freeze
 
@@ -22,58 +22,47 @@ module ManageIQ
       @encStr = encrypt(str)
     end
 
-    def encrypt(str, ver = "v2", key = self.class.keys[ver])
-      value = key.encrypt64(str).delete("\n") unless str.nil? || str.empty?
-      "#{ver}:{#{value}}"
-    end
+    def encrypt(str, key = self.class.key)
+      return str if str.nil?
 
-    def decrypt(str, legacy = false)
-      if str.nil? || str.empty?
-        str
-      else
-        ver, enc = self.class.split(str)
-        return "" if enc.empty?
+      enc = key.encrypt64(str).delete("\n") unless str.empty?
+      self.class.wrap(enc)
+    end
 
-        ver ||= "0" # if we don't know what it is, just assume legacy
-        key_name = (ver == "2" && legacy) ? "alt" : "v#{ver}"
+    def decrypt(str, key = self.class.key)
+      enc = self.class.unwrap(str)
+      return enc if enc.nil? || enc.empty?
 
-        begin
-          self.class.keys[key_name].decrypt64(enc).force_encoding('UTF-8')
-        rescue
-          raise PasswordError, "can not decrypt v#{ver}_key encrypted string"
-        end
+      begin
+        key.decrypt64(enc).force_encoding('UTF-8')
+      rescue
+        raise PasswordError, "cannot decrypt encrypted string"
       end
     end
 
-    def recrypt(str)
-      return str if str.nil? || str.empty?
-      decrypted_str =
-        begin
-          # if a legacy v2 key exists, give decrypt the option to use that
-          decrypt(str, self.class.keys["alt"])
-        rescue
-          source_version = self.class.split(str).first || "0"
-          if source_version == "0" # it probably wasn't encrypted
-            return str
-          elsif source_version == "2" # tried with an alt key, see if regular v2 key works
-            decrypt(str)
-          else
-            raise
-          end
-        end
+    def recrypt(str, prior_key = nil)
+      return str if str.nil?
+
+      decrypted_str   = decrypt(str, prior_key) if prior_key rescue nil
+      decrypted_str ||= decrypt(str)
       encrypt(decrypted_str)
     end
 
-    def self.encrypt(str)
-      new.encrypt(str) if str
+    def self.encrypt(*args)
+      new.encrypt(*args)
+    end
+
+    def self.decrypt(*args)
+      new.decrypt(*args)
     end
 
-    def self.decrypt(str)
-      new.decrypt(str)
+    def self.recrypt(*args)
+      new.recrypt(*args)
     end
 
     def self.encrypted?(str)
-      !!split(str).first
+      return false if str.nil? || str.empty?
+      !!unwrap(str)
     end
 
     def self.md5crypt(str)
@@ -101,52 +90,21 @@ module ManageIQ
       encrypted?(str) ? str : encrypt(str)
     end
 
-    # @returns [ver, enc]
-    def self.split(encrypted_str)
-      if encrypted_str.nil? || encrypted_str.empty?
-        [nil, encrypted_str]
-      else
-        if encrypted_str =~ REGEXP_START_LINE
-          [$1, $2]
-        elsif legacy = extract_erb_encrypted_value(encrypted_str)
-          if legacy =~ REGEXP_START_LINE
-            [$1, $2]
-          else
-            ["0", legacy]
-          end
-        else
-          [nil, encrypted_str]
-        end
-      end
-    end
-
     def self.key_root
       @@key_root ||= ENV["KEY_ROOT"]
     end
 
     def self.key_root=(key_root)
-      clear_keys
+      @@key = nil
       @@key_root = key_root
     end
 
-    def self.clear_keys
-      @@all_keys = nil
-    end
-
-    def self.all_keys
-      keys.values
-    end
-
-    def self.keys
-      @@all_keys ||= {"v2" => load_v2_key}.delete_if { |_n, v| v.nil? }
+    def self.key=(key)
+      @@key = key
     end
 
-    def self.v2_key
-      keys["v2"]
-    end
-
-    def self.load_v2_key
-      load_key_file("v2_key") || begin
+    def self.key
+      @@key ||= load_key_file("v2_key") || begin
         key_file = File.expand_path("v2_key", key_root)
         msg = <<-EOS
   #{key_file} doesn't exist!
@@ -158,46 +116,42 @@ module ManageIQ
   passwords in your database.
   EOS
         Kernel.warn msg
+        nil
       end
     end
 
-    def self.add_legacy_key(filename, type = "alt")
-      key = load_key_file(filename, type != :v0)
-      keys[type.to_s] = key if key
-      key
+    def self.generate_symmetric(filename = nil)
+      Key.new.tap { |key| store_key_file(filename, key) if filename }
     end
 
-    # used by tests only
-    def self.v2_key=(key)
-      (@@all_keys ||= {})["v2"] = key
+    protected
+
+    def self.wrap(encrypted_str)
+      "v2:{#{encrypted_str}}"
     end
 
-    def self.generate_symmetric(filename = nil)
-      Key.new.tap { |key| store_key_file(filename, key) if filename }
+    def self.unwrap(str)
+      _unwrap(str) || _unwrap(extract_erb_encrypted_value(str))
     end
 
-    protected
+    private_class_method def self._unwrap(str)
+      return str if str.nil? || str.empty?
+      str.match(REGEXP_START_LINE)&.public_send(:[], 1)
+    end
 
     def self.store_key_file(filename, key)
       File.write(filename, key.to_h.to_yaml)
     end
 
-    def self.load_key_file(filename, recent = true)
+    def self.load_key_file(filename)
       return filename if filename.respond_to?(:decrypt64)
 
       # if it is an absolute path, or relative to pwd, leave as is
       # otherwise, look in key root for it
       filename = File.expand_path(filename, key_root) unless File.exist?(filename)
-      if !File.exist?(filename)
-        nil
-      elsif recent
-        params = YAML.load_file(filename)
-        Key.new(*params.values_at(:algorithm, :key, :iv))
-      else
-        params = YAML.load_file(filename)
-        algorithm, key, iv = params.values_at(:algorithm, :key, :iv)
-        Key.new(algorithm, key && Base64.encode64(key), iv && Base64.encode64(iv))
-      end
+      return nil unless File.exist?(filename)
+
+      Key.new(*YAML.load_file(filename).values_at(:algorithm, :key, :iv))
     end
 
     def self.extract_erb_encrypted_value(value)

data/lib/manageiq/password/password_mixin.rb

@@ -1,5 +1,3 @@
-require "manageiq-password"
-
 module ManageIQ
   class Password
     module PasswordMixin

data/lib/manageiq/password/rspec_matchers.rb

@@ -1,3 +1,2 @@
 require "manageiq/password/rspec_matchers/be_decrypted"
 require "manageiq/password/rspec_matchers/be_encrypted"
-require "manageiq/password/rspec_matchers/be_encrypted_version"

data/lib/manageiq/password/rspec_matchers/be_encrypted.rb

@@ -25,6 +25,6 @@ RSpec::Matchers.define :be_encrypted do |expected|
   end
 
   description do
-    "expect to be an encrypted v2 password (with optional encrypted value)"
+    "expect to be an encrypted password (with optional encrypted value)"
   end
 end

data/lib/manageiq/password/version.rb

@@ -1,5 +1,5 @@
 module ManageIQ
   class Password
-    VERSION = "0.3.0".freeze
+    VERSION = "1.0.0".freeze
   end
 end

data/manageiq-password.gemspec

@@ -19,7 +19,8 @@ Gem::Specification.new do |spec|
   spec.require_paths = ["lib"]
 
   spec.add_development_dependency "bundler"
-  spec.add_development_dependency "rake", "~> 10.0"
-  spec.add_development_dependency "rspec", "~> 3.0"
+  spec.add_development_dependency "manageiq-style"
+  spec.add_development_dependency "rake",          ">= 12.3.3"
+  spec.add_development_dependency "rspec",         "~> 3.0"
   spec.add_development_dependency "simplecov"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: manageiq-password
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 1.0.0
 platform: ruby
 authors:
 - ManageIQ Authors
-autorequire: 
+autorequire:
 bindir: exe
 cert_chain: []
-date: 2019-03-18 00:00:00.000000000 Z
+date: 2021-05-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -24,20 +24,34 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: manageiq-style
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: 12.3.3
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: 12.3.3
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -66,8 +80,8 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-description: 
-email: 
+description:
+email:
 executables: []
 extensions: []
 extra_rdoc_files: []
@@ -79,6 +93,7 @@ files:
 - ".rubocop_cc.yml"
 - ".rubocop_local.yml"
 - ".travis.yml"
+- CHANGELOG.md
 - CODE_OF_CONDUCT.md
 - Gemfile
 - LICENSE.txt
@@ -92,14 +107,13 @@ files:
 - lib/manageiq/password/rspec_matchers.rb
 - lib/manageiq/password/rspec_matchers/be_decrypted.rb
 - lib/manageiq/password/rspec_matchers/be_encrypted.rb
-- lib/manageiq/password/rspec_matchers/be_encrypted_version.rb
 - lib/manageiq/password/version.rb
 - manageiq-password.gemspec
 homepage: https://github.com/ManageIQ/manageiq-password
 licenses:
 - Apache-2.0
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -114,9 +128,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.6
-signing_key: 
+rubygems_version: 3.1.4
+signing_key:
 specification_version: 4
 summary: A simple encryption util for storing passwords in a database.
 test_files: []

data/lib/manageiq/password/rspec_matchers/be_encrypted_version.rb

@@ -1,21 +0,0 @@
-require "manageiq-password"
-
-RSpec::Matchers.define :be_encrypted_version do |expected|
-  match do |actual|
-    ManageIQ::Password.split(actual).first == expected.to_s
-  end
-
-  failure_message do |actual|
-    actual_version = ManageIQ::Password.split(actual).first
-    actual_version_text = actual_version ? "encrypted with version #{actual_version}" : "not encrypted"
-    "expected: #{actual.inspect} to be encrypted with version #{expected} but is #{actual_version_text}"
-  end
-
-  failure_message_when_negated do |actual|
-    "expected: #{actual.inspect} not to be encrypted with version #{expected}"
-  end
-
-  description do
-    "expect to be encrypted with a particular version of miq password (e.g.: 2)"
-  end
-end