openproject-token 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 1c30facc4e5d73dae3a1260b332edd3032fe1fd5
+  data.tar.gz: f4bff0f4de4653c09109a2429bf782ce8b394991
+SHA512:
+  metadata.gz: d1b2556482fddcd2576379c2f9c0bf61338a6c373408a18bc3e4bb72300ed6b586fddbaec709cf7aa0f7e16758c3d630fc44f35baa9d1bd68cae29e08dc890ae
+  data.tar.gz: 5f9341a35e78b775a8114461626dd18040506736ccbcc938338c8ae24d92909de39a011aa8e630ce4fda220eaeee3bd1f106a484e513bc89958055fe91158d5f

data/lib/open_project/token.rb

@@ -0,0 +1,176 @@
+require "openssl"
+require "date"
+require "json"
+require "base64"
+
+require 'active_model'
+
+require "open_project/token/version"
+require "open_project/token/extractor"
+require "open_project/token/armor"
+
+module OpenProject
+  class Token
+    class Error < StandardError; end
+    class ImportError < Error; end
+    class ParseError < Error; end
+    class ValidationError < Error; end
+
+    class << self
+      attr_reader :key, :extractor
+
+      def key=(key)
+        if key && !key.is_a?(OpenSSL::PKey::RSA)
+          raise ArgumentError, "Key is missing."
+        end
+
+        @key = key
+        @extractor = Extractor.new(self.key)
+      end
+
+      def import(data)
+        raise ImportError, "Missing key." if key.nil?
+        raise ImportError, "No token data." if data.nil?
+
+        data = Armor.decode(data)
+        json = extractor.read(data)
+        attributes = JSON.parse(json)
+
+        new(attributes)
+      rescue Extractor::Error
+        raise ImportError, "Token value could not be read."
+      rescue JSON::ParserError
+        raise ImportError, "Token value is invalid JSON."
+      rescue Armor::ParseError
+        raise ImportError, "Token value could not be parsed."
+      end
+    end
+
+    include ActiveModel::Validations
+
+    attr_reader :version
+    attr_accessor :subscriber, :mail
+    attr_accessor :starts_at, :issued_at, :expires_at
+    attr_accessor :notify_admins_at, :notify_users_at, :block_changes_at
+    attr_accessor :restrictions
+
+    validates_presence_of :subscriber
+    validates_presence_of :mail
+
+    validates_each(
+      :starts_at, :issued_at, :expires_at, :notify_admins_at, :notify_users_at, :block_changes_at,
+      allow_blank: true) do |record, attr, value|
+
+      record.errors.add attr, 'is not a date' if !value.is_a?(Date)
+    end
+
+    validates_each :restrictions, allow_nil: true do |record, attr, value|
+      record.errors.add attr, :invalid if !value.is_a?(Hash)
+    end
+
+    def initialize(attributes = {})
+      load_attributes(attributes)
+    end
+
+    def will_expire?
+      self.expires_at
+    end
+
+    def will_notify_admins?
+      self.notify_admins_at
+    end
+
+    def will_notify_users?
+      self.notify_users_at
+    end
+
+    def will_block_changes?
+      self.block_changes_at
+    end
+
+    def expired?
+      will_expire? && Date.today >= self.expires_at
+    end
+
+    def notify_admins?
+      will_notify_admins? && Date.today >= self.notify_admins_at
+    end
+
+    def notify_users?
+      will_notify_users? && Date.today >= self.notify_users_at
+    end
+
+    def block_changes?
+      will_block_changes? && Date.today >= self.block_changes_at
+    end
+
+    def restricted?(key = nil)
+      if key
+        restricted? && restrictions.has_key?(key)
+      else
+        restrictions && restrictions.length >= 1
+      end
+    end
+
+    def attributes
+      hash = {}
+
+      hash["version"]          = self.version
+      hash["subscriber"]       = self.subscriber
+      hash["mail"]             = self.mail
+
+      hash["issued_at"]        = self.issued_at
+      hash["starts_at"]        = self.starts_at
+      hash["expires_at"]       = self.expires_at       if self.will_expire?
+
+      hash["notify_admins_at"] = self.notify_admins_at if self.will_notify_admins?
+      hash["notify_users_at"]  = self.notify_users_at  if self.will_notify_users?
+      hash["block_changes_at"] = self.block_changes_at if self.will_block_changes?
+
+      hash["restrictions"]     = self.restrictions     if self.restricted?
+
+      hash
+    end
+
+    def to_json
+      JSON.dump(self.attributes)
+    end
+
+    def from_json(json)
+      load_attributes(JSON.parse(json))
+    rescue => e
+      raise ParseError, "Failed to load from json: #{e}"
+    end
+
+    private
+
+    def load_attributes(attributes)
+      attributes = Hash[attributes.map { |k, v| [k.to_s, v] }]
+
+      version = attributes["version"] || 1
+      unless version && version == 1
+        raise ArgumentError, "Version is too new"
+      end
+
+      @version = version
+      @subscriber = attributes["subscriber"]
+      @mail = attributes["mail"]
+
+      %w(starts_at issued_at expires_at
+         notify_admins_at notify_users_at block_changes_at).each do |attr|
+        value = attributes[attr]
+        value = Date.parse(value) rescue nil if value.is_a?(String)
+
+        next unless value
+
+        send("#{attr}=", value)
+      end
+
+      restrictions = attributes["restrictions"]
+      if restrictions && restrictions.is_a?(Hash)
+        restrictions = Hash[restrictions.map { |k, v| [k.to_sym, v] }]
+        @restrictions = restrictions
+      end
+    end
+  end
+end

data/lib/open_project/token/armor.rb

@@ -0,0 +1,38 @@
+module OpenProject
+  class Token
+    module Armor
+      class ParseError < StandardError; end
+
+      MARKER = 'OPENPROJECT-EE TOKEN'
+
+      class << self
+        def header
+          "-----BEGIN #{MARKER}-----"
+        end
+
+        def footer
+          "-----END #{MARKER}-----"
+        end
+
+        def encode(data)
+          ''.tap do |s|
+            s << header << "\n"
+
+            s << data.strip << "\n"
+
+            s << footer
+          end
+        end
+
+        def decode(data)
+          match = data.match /#{header}\r?\n(.+?)\r?\n#{footer}/m
+          if match.nil?
+            raise ParseError, 'Failed to parse armored text.'
+          end
+
+          match[1]
+        end
+      end
+    end
+  end
+end

data/lib/open_project/token/extractor.rb

@@ -0,0 +1,68 @@
+module OpenProject
+  class Token
+    class Extractor
+      class Error < StandardError; end
+      class KeyError < Error; end
+      class DecryptionError < Error; end
+
+      attr_accessor :key
+
+      def initialize(key)
+        @key = key
+      end
+
+      def read(data)
+        unless key.public?
+          raise KeyError, "Provided key is not a public key."
+        end
+
+        json_data = Base64.decode64(data.chomp)
+
+        begin
+          encryption_data = JSON.parse(json_data)
+        rescue JSON::ParserError
+          raise DecryptionError, "Encryption data is invalid JSON."
+        end
+
+        unless %w(data key iv).all? { |key| encryption_data[key] }
+          raise DecryptionError, "Required field missing from encryption data."
+        end
+
+        encrypted_data  = Base64.decode64(encryption_data["data"])
+        encrypted_key   = Base64.decode64(encryption_data["key"])
+        aes_iv          = Base64.decode64(encryption_data["iv"])
+
+        begin
+          # Decrypt the AES key using asymmetric RSA encryption.
+          aes_key = self.key.public_decrypt(encrypted_key)
+        rescue OpenSSL::PKey::RSAError
+          raise DecryptionError, "AES encryption key could not be decrypted."
+        end
+
+        # Decrypt the data using symmetric AES encryption.
+        cipher = OpenSSL::Cipher::AES128.new(:CBC)
+        cipher.decrypt
+
+        begin
+          cipher.key  = aes_key
+        rescue OpenSSL::Cipher::CipherError
+          raise DecryptionError, "AES encryption key is invalid."
+        end
+
+        begin
+          cipher.iv   = aes_iv
+        rescue OpenSSL::Cipher::CipherError
+          raise DecryptionError, "AES IV is invalid."
+        end
+
+        begin
+          data = cipher.update(encrypted_data) + cipher.final
+        rescue OpenSSL::Cipher::CipherError
+          raise DecryptionError, "Data could not be decrypted."
+        end
+
+        data
+      end
+    end
+  end
+end

data/lib/open_project/token/version.rb

@@ -0,0 +1,5 @@
+module OpenProject
+  class Token
+    VERSION = "1.0.0"
+  end
+end

data/lib/openproject-token.rb

@@ -0,0 +1 @@
+require 'open_project/token'

metadata

@@ -0,0 +1,90 @@
+--- !ruby/object:Gem::Specification
+name: openproject-token
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- OpenProject GmbH
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2017-01-17 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: activemodel
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.0'
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.10'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.10'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.5'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.5'
+description: 
+email: info@openproject.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/open_project/token.rb
+- lib/open_project/token/armor.rb
+- lib/open_project/token/extractor.rb
+- lib/open_project/token/version.rb
+- lib/openproject-token.rb
+homepage: https://www.openproject.org
+licenses:
+- GPLv3
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.5.1
+signing_key: 
+specification_version: 4
+summary: OpenProject EE token reader
+test_files: []