paseto 0.3.1 → 0.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: '097f41395926bd3e366dc693db7b1d488128bcdad615776bf14263ea79d2814a'
-  data.tar.gz: 0ddabba5cd16bfac6dce3ac474af223d336564280b94f5647fc25f27b1a32c5d
+  metadata.gz: b97852d5f74f9beb557884c9a46eb912fc3552400474dc7c35dbbbacedead44a
+  data.tar.gz: e137a333a093be64c3ae218fa1884043bc61c8d3f585b8933ff777ab77a3269f
 SHA512:
-  metadata.gz: 9876adbdd0432b13825a357f9f3a1226048461b68dd3b9f8b71e43821dfd9114050ec131b5481ae4d6afb9410396a427d8f56d195f64b7825fb218abf74f1ea1
-  data.tar.gz: 363c81182b427a2d352ca09abf43aa0089c6bf90033ecb3dcbabccebfccdd8cf984e5531eb1ff9143db45035a83fd7f0d26163593dc0c1a86d1a5b406dd22dbd
+  metadata.gz: 28bdd43cb3e66b9566f9d71ffadfb6ff25b3ac47b569c51d6b2aa78af1e151e7e54f2f0508235da929e636897f62d88eee45a553675242a3d6f32976531fd197
+  data.tar.gz: '098f57dd56ff3468b62d14123e7ac56de4928ca8d81a88b5cced5a42ca92e4069c87f2cf70f9924a32c8365fe366c4250b80da9c2490623af9afc5b39bc2cd43'

data/.gitignore

@@ -1,4 +1,5 @@
 /.bundle/
+Gemfile.lock
 /.yardoc
 /_yardoc/
 /coverage/

data/.rubocop.yml

@@ -0,0 +1,38 @@
+require: rubocop-rspec
+
+AllCops:
+  TargetRubyVersion: 2.3
+
+Layout/MultilineMethodCallIndentation:
+  EnforcedStyle: indented
+
+Metrics/LineLength:
+  Max: 100
+  Exclude:
+    - "spec/**/*.rb"
+
+Metrics/AbcSize:
+  Max: 25
+
+Metrics/BlockLength:
+  Exclude:
+    - "spec/**/*.rb"
+
+Metrics/MethodLength:
+  Max: 30
+
+RSpec/ExampleLength:
+  Max: 10
+
+RSpec/MessageSpies:
+  Enabled: false
+
+RSpec/VerifiedDoubles:
+  Enabled: false
+
+Security/Eval:
+  Exclude:
+    - "spec/**/*.rb"
+
+Style/MultilineBlockChain:
+  Enabled: false

data/.travis.yml

@@ -1,9 +1,16 @@
 language: ruby
 rvm:
   - 2.3.8
-  - 2.4.5
-  - 2.5.3
+  - 2.4.9
+  - 2.5.5
+  - 2.6.5
+  - 2.7.0
 dist: xenial
 before_install:
   - scripts/build-libsodium
-  - gem install bundler -v 1.16.1
+script:
+  - bundle exec rspec
+  - bundle exec rubocop
+cache: bundler
+env:
+  - CODECOV=true

data/CHANGELOG.md

@@ -0,0 +1,22 @@
+## Paseto.rb Changelog
+
+### 0.4 (Mar 7, 2020)
+
+- Update rbnacl and fix warning [<a href="https://github.com/mguymon/paseto.rb/pull/10">Pull #10</a> by <a href="https://github.com/shaicoleman">shaicoleman</a>]
+- Codecov and Travis support
+- Rubocop is the law :oncoming_police_car:
+- Update rake to fix vulnerability CVE-2020-8130
+
+### 0.3 (Dec 4, 2018)
+
+- Use rbnacl instead of rbnacl-libsodium [<a href="https://github.com/mguymon/paseto.rb/pull/6">Pull #3</a> by <a href="https://github.com/smaximov">smaximov</a>]
+
+- Update docs
+
+#### 0.3.1 (Feb 16, 2019)
+
+- Fix PAE [<a href="https://github.com/mguymon/paseto.rb/pull/6">Pull #6</a> by <a href="https://github.com/smaximov">smaximov</a>]
+- Fix spec names [<a href="https://github.com/mguymon/paseto.rb/pull/5">Pull #5</a> by <a href="https://github.com/smaximov">smaximov</a>]
+- Clean up links in docs
+
+### Start of the Universe

data/Gemfile

@@ -1,6 +1,10 @@
-source "https://rubygems.org"
+# frozen_string_literal: true
 
-git_source(:github) {|repo_name| "https://github.com/#{repo_name}" }
+source 'https://rubygems.org'
+
+git_source(:github) { |repo_name| "https://github.com/#{repo_name}" }
 
 # Specify your gem's dependencies in paseto.gemspec
 gemspec
+
+gem 'codecov', require: false, group: :test

data/Rakefile

@@ -1,6 +1,8 @@
-require "bundler/gem_tasks"
-require "rspec/core/rake_task"
+# frozen_string_literal: true
+
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
 
 RSpec::Core::RakeTask.new(:spec)
 
-task :default => :spec
+task default: :spec

data/bin/console

@@ -1,7 +1,8 @@
 #!/usr/bin/env ruby
+# frozen_string_literal: true
 
-require "bundler/setup"
-require "paseto"
+require 'bundler/setup'
+require 'paseto'
 require 'pry'
 
 # You can add fixtures and/or initialization code here to make experimenting

data/lib/paseto.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'base64'
 require 'rbnacl'
 
@@ -7,15 +9,16 @@ require 'paseto/token'
 require 'paseto/public'
 require 'paseto/local'
 
+# Platform-Agnostic SEcurity TOkens
 module Paseto
-  EMPTY_FOOTER = ''.freeze
+  EMPTY_FOOTER = ''
 
   # An Array#pack format to pack an unsigned little-endian 64-bit integer
-  UNSIGNED_LITTLE_64 = 'Q<'.freeze
+  UNSIGNED_LITTLE_64 = 'Q<'
 
   # https://github.com/paragonie/paseto/blob/master/docs/01-Protocol-Versions/Common.md#pae-definition
-  def self.encode_length(n)
-    [n].pack(UNSIGNED_LITTLE_64)
+  def self.encode_length(num)
+    [num].pack(UNSIGNED_LITTLE_64)
   end
 
   # https://github.com/paragonie/paseto/blob/master/docs/01-Protocol-Versions/Common.md#pae-definition
@@ -23,8 +26,7 @@ module Paseto
     initial_output = encode_length(pieces.length)
 
     pieces.reduce(initial_output) do |output, piece|
-      output += encode_length(piece.length)
-      output += piece
+      output + encode_length(piece.length) + piece
     end
   end
 

data/lib/paseto/error.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Paseto
   Error = Class.new(StandardError)
   HeaderError = Class.new(Error)

data/lib/paseto/local.rb

@@ -1,11 +1,15 @@
+# frozen_string_literal: true
+
 module Paseto
   module V2
+    # Symmetric Encryption
     module Local
       HEADER = 'v2.local'
       NONCE_BYTES = RbNaCl::AEAD::XChaCha20Poly1305IETF.nonce_bytes
 
       NonceError = Class.new(Paseto::Error)
 
+      # Encryption key
       class Key
         def self.generate
           new(RbNaCl::Random.random_bytes(RbNaCl::AEAD::XChaCha20Poly1305IETF.key_bytes))
@@ -43,7 +47,7 @@ module Paseto
           nonce = parsed.payload[0, NONCE_BYTES]
           ciphertext = parsed.payload[NONCE_BYTES..-1]
 
-          raise BadMessageError.new('Unable to process message') if nonce.nil? || ciphertext.nil?
+          raise BadMessageError, 'Unable to process message' if nonce.nil? || ciphertext.nil?
 
           begin
             data = additional_data(nonce, footer)
@@ -52,7 +56,7 @@ module Paseto
             raise NonceError, 'Invalid nonce'
           rescue RbNaCl::CryptoError
             raise AuthenticationError, 'Token signature invalid'
-          rescue
+          rescue StandardError
             raise TokenError, 'Unable to process message'
           end
         end

data/lib/paseto/public.rb

@@ -1,17 +1,23 @@
+# frozen_string_literal: true
+
 module Paseto
   module V2
+    # Asymmetric Authentication (Public-Key Signatures)
     module Public
       HEADER = 'v2.public'
       SIGNATURE_BYTES = RbNaCl::SigningKey.signature_bytes
       BadMessageError = Class.new(Paseto::Error)
 
+      # Encode a message + footer in a Paseto payload
       module Encoder
         private
+
         def encode_message(message, footer)
           Paseto.pre_auth_encode(HEADER + '.', message, footer)
         end
       end
 
+      # secret-key used for signing and verifing
       class SecretKey
         include Encoder
 
@@ -49,6 +55,7 @@ module Paseto
         end
       end
 
+      # public-key used for signing and verifing
       class PublicKey
         include Encoder
 
@@ -74,14 +81,16 @@ module Paseto
           decoded_message = parsed.payload[0..-(SIGNATURE_BYTES + 1)]
           signature = parsed.payload[-SIGNATURE_BYTES..-1]
 
-          raise BadMessageError.new('Unable to process message') if decoded_message.nil? || signature.nil?
+          if decoded_message.nil? || signature.nil?
+            raise BadMessageError, 'Unable to process message'
+          end
 
           begin
             data = encode_message(decoded_message, footer)
             @nacl.verify(signature, data)
             decoded_message
           rescue RbNaCl::BadSignatureError
-            raise AuthenticationError.new('Token signature invalid')
+            raise AuthenticationError, 'Token signature invalid'
           end
         end
       end

data/lib/paseto/token.rb

@@ -1,3 +1,6 @@
+# frozen_string_literal: true
+
+# Helper for verifying and parsing tokens
 module Paseto
   Token = Struct.new(:header, :payload, :footer) do
     def to_message
@@ -14,12 +17,10 @@ module Paseto
 
   def self.verify_token(token, expected_header, expected_footer)
     token = parse(token) unless token.is_a? Token
-    if token.header != expected_header
-      raise HeaderError.new("Invalid message header: #{token.header}")
-    end
+    raise HeaderError, "Invalid message header: #{token.header}" if token.header != expected_header
 
     if token.footer != expected_footer
-      raise TokenError.new("Invalid message footer: #{token.footer.inspect}")
+      raise TokenError, "Invalid message footer: #{token.footer.inspect}"
     end
 
     token

data/lib/paseto/version.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Paseto
-  VERSION = "0.3.1"
+  VERSION = '0.4.0'
 end

data/paseto.gemspec

@@ -1,5 +1,6 @@
+# frozen_string_literal: true
 
-lib = File.expand_path('../lib', __FILE__)
+lib = File.expand_path('lib', __dir__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 require 'paseto/version'
 
@@ -9,8 +10,8 @@ Gem::Specification.new do |spec|
   spec.authors       = ['Michael Guymon', 'Frank Murphy']
   spec.email         = ['mguymon@instructure.com', 'fmurphy@instructure.com']
 
-  spec.summary       = %q{Ruby impl of Paseto}
-  spec.description   = %q{Ruby impl of Paseto}
+  spec.summary       = 'Ruby impl of Paseto'
+  spec.description   = 'Ruby impl of Paseto'
   spec.homepage      = 'https://github.com/mguymon/paseto.rb'
   spec.license       = 'MIT'
 
@@ -20,10 +21,13 @@ Gem::Specification.new do |spec|
   spec.bindir        = 'bin'
   spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
   spec.require_paths = ['lib']
+  spec.required_ruby_version = '>= 2.3.0'
 
-  spec.add_dependency 'rbnacl', '~> 6.0'
-  spec.add_development_dependency 'bundler', '~> 1.16'
-  spec.add_development_dependency 'rake', '~> 10.0'
-  spec.add_development_dependency 'rspec', '~> 3.0'
+  spec.add_dependency 'rbnacl', '>= 7.1.1'
+  spec.add_development_dependency 'bundler'
   spec.add_development_dependency 'pry', '~> 0.11'
+  spec.add_development_dependency 'rake', '>= 12.3.3'
+  spec.add_development_dependency 'rspec', '~> 3.0'
+  spec.add_development_dependency 'rubocop', '~> 0.65.0'
+  spec.add_development_dependency 'rubocop-rspec', '~> 1.32.0'
 end

data/scripts/build-libsodium

@@ -2,9 +2,9 @@
 
 set -e
 
-wget https://download.libsodium.org/libsodium/releases/libsodium-1.0.16.tar.gz
-tar -zxf libsodium-1.0.16.tar.gz
-cd libsodium-1.0.16
+wget https://download.libsodium.org/libsodium/releases/libsodium-1.0.18.tar.gz
+tar -zxf libsodium-1.0.18.tar.gz
+cd libsodium-1.0.18
 ./configure
 make
 sudo make install

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: paseto
 version: !ruby/object:Gem::Version
-  version: 0.3.1
+  version: 0.4.0
 platform: ruby
 authors:
 - Michael Guymon
@@ -9,50 +9,64 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-02-19 00:00:00.000000000 Z
+date: 2020-03-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rbnacl
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '6.0'
+        version: 7.1.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '6.0'
+        version: 7.1.1
 - !ruby/object:Gem::Dependency
   name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: pry
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.16'
+        version: '0.11'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.16'
+        version: '0.11'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: 12.3.3
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: 12.3.3
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -68,19 +82,33 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '3.0'
 - !ruby/object:Gem::Dependency
-  name: pry
+  name: rubocop
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.11'
+        version: 0.65.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.11'
+        version: 0.65.0
+- !ruby/object:Gem::Dependency
+  name: rubocop-rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.32.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.32.0
 description: Ruby impl of Paseto
 email:
 - mguymon@instructure.com
@@ -93,10 +121,11 @@ extra_rdoc_files: []
 files:
 - ".gitignore"
 - ".rspec"
+- ".rubocop.yml"
 - ".travis.yml"
+- CHANGELOG.md
 - CODE_OF_CONDUCT.md
 - Gemfile
-- Gemfile.lock
 - LICENSE.txt
 - README.md
 - Rakefile
@@ -122,15 +151,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 2.3.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.6
+rubygems_version: 3.1.2
 signing_key: 
 specification_version: 4
 summary: Ruby impl of Paseto

data/Gemfile.lock

@@ -1,45 +0,0 @@
-PATH
-  remote: .
-  specs:
-    paseto (0.3.0)
-      rbnacl (~> 6.0)
-
-GEM
-  remote: https://rubygems.org/
-  specs:
-    coderay (1.1.2)
-    diff-lcs (1.3)
-    ffi (1.9.25)
-    method_source (0.9.0)
-    pry (0.11.3)
-      coderay (~> 1.1.0)
-      method_source (~> 0.9.0)
-    rake (10.5.0)
-    rbnacl (6.0.0)
-      ffi
-    rspec (3.7.0)
-      rspec-core (~> 3.7.0)
-      rspec-expectations (~> 3.7.0)
-      rspec-mocks (~> 3.7.0)
-    rspec-core (3.7.1)
-      rspec-support (~> 3.7.0)
-    rspec-expectations (3.7.0)
-      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.7.0)
-    rspec-mocks (3.7.0)
-      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.7.0)
-    rspec-support (3.7.1)
-
-PLATFORMS
-  ruby
-
-DEPENDENCIES
-  bundler (~> 1.16)
-  paseto!
-  pry (~> 0.11)
-  rake (~> 10.0)
-  rspec (~> 3.0)
-
-BUNDLED WITH
-   1.16.3