nobi 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: c9b2519943abe7119d47b83b0a1ac23bba9515d1
+  data.tar.gz: 1a0a2902847e87bd482834c7ec396b1d49ccdcd0
+SHA512:
+  metadata.gz: bf65dab63bde421c905181d4d43fde5f6a786010d40985b2873732b3f30df0a3b192a5239e209ace45494be102eb2163bfabd82978d65b597d448b75be01ac42
+  data.tar.gz: 4c920e5e013494ed9b4ce00dedbca15e0e6fb2c85e95e7e7618e339b832d300ed57ebc79b319e53c4a8ff3ea1a69701b97a0e9793c0de3e1948614d841ffa942

data/LICENSE

@@ -0,0 +1,19 @@
+Copyright (c) 2012 Cyril David
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,48 @@
+nobi
+====
+
+Ruby port of [itsdangerous][itsdangerous] python signer.
+
+[itsdangerous]: http://pythonhosted.org/itsdangerous/
+
+Examples
+--------
+
+Best two usecases:
+
+1. Creating an activation link for users
+2. Creating a password reset link
+
+## Creating an activation link for users
+
+```ruby
+signer = Nobi::Signer.new('my secret')
+
+# Let's say the user's ID is 101
+signed = signer.sign('101')
+
+# You can now email this url to your users!
+url = "http://yoursite.com/activate/?key=%s" % signed
+```
+
+## Creating a password reset link
+```ruby
+signer = Nobi::TimestampSigner.new('my secret')
+
+# Let's say the user's ID is 101
+signed = signer.sign('101')
+
+# You can now email this url to your users!
+url = "http://yoursite.com/password-reset/?key=%s" % signed
+
+# In your code, you can verify the expiration:
+signer.unsign(signed, max_age: 86400) # 1 day expiration
+```
+
+## Installation
+
+As usual, you can install it using rubygems.
+
+```
+$ gem install nobi
+```

data/lib/nobi.rb

@@ -0,0 +1,166 @@
+require 'base64'
+require 'openssl'
+
+module Nobi
+  BadData = Class.new(StandardError)
+  BadSignature = Class.new(BadData)
+  SignatureExpired = Class.new(BadData)
+  BadTimeSignature = Class.new(BadSignature)
+
+  module Utils
+    def self.base64_encode(string)
+      Base64.urlsafe_encode64(string).gsub(/=+$/, '')
+    end
+
+    def self.base64_decode(string)
+      Base64.urlsafe_decode64(string + '=' * (-string.length % 4))
+    end
+
+    def self.int_to_bytes(num)
+      raise ArgumentError unless num >= 0
+
+      rv = []
+
+      while num > 0
+        rv << (num & 0xff).chr
+        num >>= 8
+      end
+
+      return rv.reverse.join
+    end
+
+    def self.bytes_to_int(bytes)
+      bytes.each_byte.inject(0) do |acc, byte|
+        acc << 8 | byte
+      end
+    end
+
+    def self.constant_time_compare(val1, val2)
+      return false unless val1.length == val2.length
+
+      cmp = val2.bytes.to_a
+      result = 0
+
+      val1.bytes.each_with_index do |char, index|
+        result |= char ^ cmp[index]
+      end
+
+      return result == 0
+    end
+
+    def self.rsplit(str, sep)
+      if str =~ /\A(.*)#{Regexp.escape(sep)}([^#{Regexp.escape(sep)}]+)\z/
+        return $1, $2
+      end
+    end
+  end
+
+  class HMACAlgorithm
+    def initialize(digest_method)
+      @digest_method = digest_method
+    end
+
+    def signature(key, value)
+      OpenSSL::HMAC.digest(@digest_method, key, value)
+    end
+  end
+
+  class Signer
+    def initialize(secret,
+      salt: 'nobi.Signer',
+      sep: '.',
+      digest_method: 'sha1')
+
+      @secret = secret
+      @salt = salt
+      @sep = sep
+      @algorithm = HMACAlgorithm.new(digest_method)
+    end
+
+    def sign(value)
+      '%s%s%s' % [value, @sep, signature(value)]
+    end
+
+    def unsign(value)
+      if not value.include?(@sep)
+        raise BadSignature, 'No "%s" found in value' % @sep
+      end
+
+      value, sig = Utils.rsplit(value, @sep)
+
+      if Utils.constant_time_compare(sig, signature(value))
+        return value
+      end
+
+      raise BadSignature, 'Signature "%s" does not match' % sig
+    end
+
+    def derive_key
+      @algorithm.signature(@secret, @salt)
+    end
+
+    def signature(value)
+      key = derive_key
+      sig = @algorithm.signature(key, value)
+
+      Utils.base64_encode(sig)
+    end
+  end
+
+  class TimestampSigner < Signer
+    # 2011/01/01 in UTC
+    EPOCH = 1293840000
+
+    def get_timestamp
+      Time.now.utc.to_f - EPOCH
+    end
+
+    def timestamp_to_datetime(ts)
+      Time.at(ts + EPOCH).utc
+    end
+
+    def sign(value)
+      timestamp = Utils.base64_encode(Utils.int_to_bytes(get_timestamp.to_i))
+      value = '%s%s%s' % [value, @sep, timestamp]
+
+      '%s%s%s' % [value, @sep, signature(value)]
+    end
+
+    def unsign(value, max_age: nil, return_timestamp: nil)
+      sig_error = nil
+      result = ''
+
+      begin
+        result = super(value)
+      rescue BadSignature => e
+        sig_error = e
+      end
+
+      if not result.include?(@sep)
+        if sig_error
+          raise sig_error
+        else
+          raise BadTimeSignature, 'timestamp missing'
+        end
+      end
+
+      value, timestamp = Utils.rsplit(result, @sep)
+
+      timestamp = Utils.bytes_to_int(Utils.base64_decode(timestamp))
+
+      if max_age
+        age = get_timestamp - timestamp
+
+        if age > max_age
+          raise SignatureExpired, 'Signature age %s > %s seconds' % [age, max_age]
+        end
+      end
+
+      if return_timestamp
+        return value, timestamp_to_datetime(timestamp)
+      else
+        return value
+      end
+    end
+  end
+end

data/makefile

@@ -0,0 +1,2 @@
+test:
+	cutest tests/*_test.rb

data/nobi.gemspec

@@ -0,0 +1,23 @@
+# encoding: utf-8
+
+Gem::Specification.new do |s|
+  s.name = "nobi"
+  s.version = "0.0.1"
+  s.summary = "Ruby port of itsdangerous python signer."
+  s.description = "Ruby port of itsdangerous python signer."
+  s.authors = ["Cyril David"]
+  s.email = ["cyx@cyx.is"]
+  s.homepage = "http://cyx.is"
+  s.files = Dir[
+    "LICENSE",
+    "README*",
+    "makefile",
+    "lib/**/*.rb",
+    "*.gemspec",
+    "tests/*.*",
+  ]
+
+  s.license = "MIT"
+
+  s.add_development_dependency "cutest"
+end

data/tests/nobi_test.rb

@@ -0,0 +1,71 @@
+require File.expand_path('../lib/nobi', File.dirname(__FILE__))
+require 'cutest'
+
+scope do
+  setup do
+    Nobi::Signer.new('foo')
+  end
+
+  test 'sign + unsign' do |s|
+    assert_equal 'bar', s.unsign(s.sign('bar'))
+  end
+
+  test 'sign + unsign an int' do |s|
+    assert_raise TypeError do
+      s.sign(1)
+    end
+  end
+
+  test 'no signature' do |s|
+    assert_raise Nobi::BadSignature do
+      s.unsign('nosep')
+    end
+  end
+
+  test 'bad signature' do |s|
+    assert_raise Nobi::BadSignature do
+      s.unsign('bar.whatever')
+    end
+  end
+end
+
+scope do
+  setup do
+    Nobi::TimestampSigner.new('foo')
+  end
+
+  test 'sign + unsign' do |ts|
+    assert_equal 'bar', ts.unsign(ts.sign('bar'))
+  end
+
+  test 'sign with no timestamp + unsign with timestamp' do |ts|
+    s = Nobi::Signer.new('foo')
+
+    assert_raise Nobi::BadTimeSignature do
+      ts.unsign(s.sign('bar'))
+    end
+  end
+
+  test 'unsign return_ timestamp' do |ts|
+    time = Time.now.utc
+    signed = ts.sign('bar')
+
+    value, timestamp = ts.unsign(signed, return_timestamp: true)
+
+    assert_equal 'bar', value
+
+    # Because we can't make the exact time down to the fractional second,
+    # we need to compare the time on an int level.
+    assert_equal time.to_i, timestamp.to_i
+  end
+
+  test 'signature expired' do |ts|
+    signed = ts.sign('bar')
+
+    sleep 0.09
+
+    assert_raise Nobi::SignatureExpired do
+      ts.unsign(signed, max_age: 0.1)
+    end
+  end
+end

metadata

@@ -0,0 +1,64 @@
+--- !ruby/object:Gem::Specification
+name: nobi
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Cyril David
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2013-05-21 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: cutest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Ruby port of itsdangerous python signer.
+email:
+- cyx@cyx.is
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- LICENSE
+- README.md
+- makefile
+- lib/nobi.rb
+- nobi.gemspec
+- tests/nobi_test.rb
+homepage: http://cyx.is
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.0.0
+signing_key: 
+specification_version: 4
+summary: Ruby port of itsdangerous python signer.
+test_files: []