passrock 0.0.4

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 006903c5325cd4eabe082e5b18f7cd8dc6b0e1e6
+  data.tar.gz: c4febb93f9d06f5719d779fec992474bdb6e2f0f
+SHA512:
+  metadata.gz: 25f6c1159dc62afade5a1f7a58e160884469f56bf0d77e363a838098317340d0c5f36dd67a222a05d1c4cf58905d383650d5e2d391c57a0dbe4878737059cb63
+  data.tar.gz: ecb64da91a081c048a4176b69ca9c9b7e344571bb87a45b5eefefec00fd8701f29232809e2e69001b2e128c46f77ac016c12142ea9383b1d4ae4bbbb0d6824bb

data/.env.example

@@ -0,0 +1,2 @@
+PASSROCK_PASSWORD_DB=/path/to/passrock/testPRbinary.dat
+PASSROCK_PRIVATE_KEY=xxx

data/.gitignore

@@ -0,0 +1,21 @@
+*.gem
+*.rbc
+.bundle
+.config
+.env
+.yardoc
+.ruby-gemset
+.ruby-version
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+spec/data
+test/tmp
+test/version_tmp
+tmp

data/.rspec

@@ -0,0 +1,2 @@
+--color
+--format progress

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in passrock.gemspec
+gemspec

data/MIT-LICENSE

@@ -0,0 +1,22 @@
+Copyright (c) 2013 Bitium Inc.
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,65 @@
+# Passrock
+
+Ruby client library for programmatic access to the [Passrock Binary Database](https://www.passrock.com/demo.php).
+
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'passrock'
+
+And then execute:
+
+    $ bundle
+
+
+## Usage
+
+### Plain Ol' Ruby (PORO)
+
+      require 'passrock'
+
+      passrock_db = Passrock::PasswordDb.new('/path/to/passrock/binary.dat', 'your private key')
+      passrock_db.secure?('password') # => false
+      passrock_db.insecure?('av3r^securePass') # => false
+
+
+### Ruby on Rails
+
+This library provides a custom ActiveModel validation:
+
+      # Configure: config/initializers/passrock.rb
+      Passrock.configure do |config|
+        config.password_db = '/path/to/passrock/binary.dat'
+        config.private_key = 'your private key'
+      end
+
+      # Model
+      # e.g. app/models/user.rb
+      validates :password, :passrock_secure => true
+
+      # Customize the error message (see: http://guides.rubyonrails.org/i18n.html#error-message-scopes)
+      # e.g. config/locales/en.yml
+      activerecord:
+        errors:
+          messages:
+            passrock_secure: "appears to be a commonly used password"
+
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request
+
+
+# Specs
+
+To run the spec suite:
+
+      bundle install
+      cp .env.example .env # and change the env values
+      bundle exec rake spec

data/Rakefile

@@ -0,0 +1,7 @@
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
+
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/benchmark/binary_search_test.rb

@@ -0,0 +1,13 @@
+require 'passrock'
+require 'benchmark'
+require 'dotenv'
+
+Dotenv.load
+
+PROJECT_ROOT = File.expand_path(File.join(File.dirname(__FILE__), '../'))
+
+passrock_db = Passrock::PasswordDb.new(ENV['PASSROCK_PASSWORD_DB'], ENV['PASSROCK_PRIVATE_KEY'])
+
+Benchmark.bm do |x|
+  x.report("#find_by_binary_search\n") { puts "Password secure? #{passrock_db.secure?('password')}" }
+end

data/lib/active_model/validations/passrock_secure_validator.rb

@@ -0,0 +1,16 @@
+require 'active_model/validations'
+
+module ActiveModel
+  module Validations
+
+    class PassrockSecureValidator < ActiveModel::EachValidator
+
+      def validate_each(record, attribute, value)
+        passrock_db = Passrock::PasswordDb.new(Passrock.configuration.password_db, Passrock.configuration.private_key)
+        record.errors.add(attribute, :passrock_secure) if passrock_db.insecure?(value)
+      end
+
+    end
+
+  end
+end

data/lib/passrock/configuration.rb

@@ -0,0 +1,7 @@
+module Passrock
+  class Configuration
+
+    attr_accessor :password_db, :private_key
+
+  end
+end

data/lib/passrock/password_db.rb

@@ -0,0 +1,75 @@
+require 'base64'
+require 'bcrypt'
+
+module Passrock
+  class PasswordDb
+
+    RECORD_LENGTH = 23
+
+
+    def self.bcrypt_hash(secret, salt)
+      BCrypt::Engine.hash_secret(secret, "$2a$07$#{salt}")
+    end
+
+
+    attr_reader :filename, :private_key
+
+    def initialize(filename, private_key)
+      @filename = filename
+      @private_key = private_key
+    end
+
+    def password_in_searchable_form(password)
+      hashed_password = self.class.bcrypt_hash(password, private_key)
+
+      searchable = hashed_password[29..-1]
+      searchable.tr!('./ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789', 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/')
+      searchable += '=' * (3 - (searchable.size + 3) % 4)
+    end
+
+    def secure?(password)
+      !find_by_binary_search(password)
+    end
+
+    def insecure?(password)
+      !secure?(password)
+    end
+
+
+    private
+
+    def total_records
+      # Minus 1 for length in file and 1 for 0-up counting
+      @total_records ||= (File.size(filename) / RECORD_LENGTH) - 2
+    end
+
+    def find_by_binary_search(password)
+      file = File.new(filename, 'rb')
+      target = password_in_searchable_form(password)
+
+      lo = 1 # start at 1 because the testKey is at 0
+      hi = total_records
+      while lo <= hi
+        mid = (lo + (hi - lo) / 2)
+        file.seek(RECORD_LENGTH * mid, IO::SEEK_SET)
+        midtest = file.read(RECORD_LENGTH)
+        raise 'Error reading binary file' if midtest.nil?
+
+        midtest = Base64.strict_encode64(midtest)
+
+        if ( (midtest <=> target) == 0 )
+          file.close
+          return true
+        elsif ( (midtest <=> target) < 0 )
+          lo = mid + 1
+        else
+          hi = mid - 1
+        end
+      end
+
+      file.close
+      return false
+    end
+
+  end
+end

data/lib/passrock/railtie.rb

@@ -0,0 +1,10 @@
+module Passrock
+  class Railtie < ::Rails::Railtie
+
+    # Add load paths straight to I18n so engines and application can overwrite it.
+    require 'active_support/i18n'
+    I18n.load_path << File.join(File.dirname(__FILE__), '..', '..', 'locales', 'en.yml')
+
+  end
+end
+

data/lib/passrock/version.rb

@@ -0,0 +1,3 @@
+module Passrock
+  VERSION = '0.0.4'
+end

data/lib/passrock.rb

@@ -0,0 +1,27 @@
+require 'passrock/version'
+require 'passrock/configuration'
+require 'passrock/password_db'
+
+require 'passrock/railtie' if defined?(::Rails::Railtie)
+require 'active_model/validations/passrock_secure_validator' if defined?(::ActiveModel)
+
+module Passrock
+
+  class << self
+
+    def configuration
+      @configuration ||= Configuration.new
+    end
+
+    def configure(&block)
+      yield(configuration)
+      configuration
+    end
+
+    def reset_configuration!
+      @configuration = nil
+    end
+
+  end
+
+end

data/locales/en.yml

@@ -0,0 +1,4 @@
+en:
+  errors:
+    messages:
+      passrock_secure: "appears to be a commonly used password"

data/passrock.gemspec

@@ -0,0 +1,27 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'passrock/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'passrock'
+  spec.version       = Passrock::VERSION
+  spec.authors       = ['Bitium, Inc']
+  spec.email         = ['devops@bitium.com']
+  spec.description   = %q{Client library for Passrock Binary Database}
+  spec.summary       = %q{Ruby client library to access a Passrock (Passrock.com) binary database }
+  spec.homepage      = 'https://github.com/bitium/passrock'
+  spec.license       = 'MIT'
+
+  spec.files         = `git ls-files`.split($/)
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ['lib']
+
+  spec.add_runtime_dependency 'bcrypt-ruby'
+
+  spec.add_development_dependency 'rake'
+  spec.add_development_dependency 'rspec', '~> 2.14'
+  spec.add_development_dependency 'rails', '>= 3.2'
+  spec.add_development_dependency 'dotenv', '~> 0.8'
+end

data/spec/active_model/validations/passrock_secure_validator_spec.rb

@@ -0,0 +1,38 @@
+require 'spec_helper'
+
+class TestRecord
+  include ActiveModel::Validations
+  attr_accessor :password
+
+  def initialize(password)
+    @password = password
+  end
+end
+
+describe ActiveModel::Validations::PassrockSecureValidator do
+  let(:password_db) { passrock_password_db }
+  let(:private_key) { passrock_private_key }
+  let(:field) { :password }
+
+  describe '#validate_each' do
+
+    before(:each) do
+      TestRecord.validates(field, :passrock_secure => true)
+
+      Passrock.configure do |config|
+        config.password_db = password_db
+        config.private_key = private_key
+      end
+
+      #I18n.backend.reload!
+    end
+
+    it 'validates the attribute with the Passrock DB for compromised passwords' do
+      model = TestRecord.new('password')
+      expect(model).to_not be_valid
+      expect(model.errors.messages[field]).to eq(['appears to be a commonly used password'])
+    end
+
+  end
+
+end

data/spec/passrock/password_db_spec.rb

@@ -0,0 +1,72 @@
+require 'spec_helper'
+
+describe Passrock::PasswordDb do
+  let(:password_db) { passrock_password_db }
+  let(:private_key) { passrock_private_key }
+  let(:insecure_password) { 'password' }
+  let(:secure_password) { 'BoatActKnowsDog' }
+
+
+  describe '.bcrypt_hash' do
+
+    it 'calculates and returns the bcrypt password hash given a secret and salt' do
+      secret = 'password'
+      salt = private_key
+      expect(described_class.bcrypt_hash(secret, salt)).to eq('$2a$07$c16iYVArVz3hYEvtakjiXO8jPyn2MxhVHlrY92EErobY/OCDNObhG')
+    end
+
+  end
+
+
+  describe '#password_in_searchable_form' do
+
+    it 'returns the given password in a searchable format' do
+      passrock = described_class.new(password_db, private_key)
+      expect(passrock.password_in_searchable_form(insecure_password)).to eq('+lR0p4OzjXJnta/4GGtqdaBQEFPQdjI=')
+    end
+
+  end
+
+  describe '#secure?' do
+    let(:passrock) { described_class.new(password_db, private_key) }
+
+    context 'when given password is present in the password database' do
+      it 'returns false' do
+        expect(passrock.secure?(insecure_password)).to be_false
+      end
+    end
+
+    context 'when given password does not appear in the password database' do
+      it 'returns true' do
+        expect(passrock.secure?(secure_password)).to be_true
+      end
+    end
+
+    context 'multiple sequential calls' do
+      it 'does not error out' do
+        expect {
+          passrock.secure?(secure_password)
+          passrock.secure?(insecure_password)
+        }.to_not raise_error
+      end
+    end
+
+  end
+
+  describe '#insecure?' do
+    let(:passrock) { described_class.new(password_db, private_key) }
+
+    context 'when given password is present in the password database' do
+      it 'returns true' do
+        expect(passrock.insecure?(insecure_password)).to be_true
+      end
+    end
+
+    context 'when given password does not appear in the password database' do
+      it 'returns false' do
+        expect(passrock.insecure?(secure_password)).to be_false
+      end
+    end
+  end
+
+end

data/spec/passrock_spec.rb

@@ -0,0 +1,23 @@
+require 'spec_helper'
+
+describe Passrock do
+
+  describe '.configure' do
+
+    before(:each) do
+      Passrock.reset_configuration!
+    end
+
+    it 'allows configuration to be set with a block' do
+      Passrock.configure do |config|
+        config.password_db = '/path/to/db'
+        config.private_key = 'abc12345'
+      end
+
+      expect(Passrock.configuration.password_db).to eq('/path/to/db')
+      expect(Passrock.configuration.private_key).to eq('abc12345')
+    end
+
+  end
+
+end

data/spec/spec_helper.rb

@@ -0,0 +1,32 @@
+require 'active_model/railtie'
+require 'passrock'
+require 'dotenv'
+
+Dotenv.load
+
+PROJECT_ROOT = File.expand_path(File.join(File.dirname(__FILE__), '../'))
+
+# See http://rubydoc.info/gems/rspec-core/RSpec/Core/Configuration
+RSpec.configure do |config|
+  config.treat_symbols_as_metadata_keys_with_true_values = true
+  config.run_all_when_everything_filtered = true
+  config.filter_run :focus
+
+  # Run specs in random order to surface order dependencies. If you find an
+  # order dependency and want to debug it, you can fix the order by providing
+  # the seed, which is printed after each run.
+  #     --seed 1234
+  config.order = 'random'
+end
+
+
+
+# Helpers
+
+def passrock_password_db
+  ENV['PASSROCK_PASSWORD_DB']
+end
+
+def passrock_private_key
+  ENV['PASSROCK_PRIVATE_KEY']
+end

metadata

@@ -0,0 +1,138 @@
+--- !ruby/object:Gem::Specification
+name: passrock
+version: !ruby/object:Gem::Version
+  version: 0.0.4
+platform: ruby
+authors:
+- Bitium, Inc
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2013-09-03 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bcrypt-ruby
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '2.14'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '2.14'
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '3.2'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '3.2'
+- !ruby/object:Gem::Dependency
+  name: dotenv
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '0.8'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '0.8'
+description: Client library for Passrock Binary Database
+email:
+- devops@bitium.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .env.example
+- .gitignore
+- .rspec
+- Gemfile
+- MIT-LICENSE
+- README.md
+- Rakefile
+- benchmark/binary_search_test.rb
+- lib/active_model/validations/passrock_secure_validator.rb
+- lib/passrock.rb
+- lib/passrock/configuration.rb
+- lib/passrock/password_db.rb
+- lib/passrock/railtie.rb
+- lib/passrock/version.rb
+- locales/en.yml
+- passrock.gemspec
+- spec/active_model/validations/passrock_secure_validator_spec.rb
+- spec/passrock/password_db_spec.rb
+- spec/passrock_spec.rb
+- spec/spec_helper.rb
+homepage: https://github.com/bitium/passrock
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.0.3
+signing_key: 
+specification_version: 4
+summary: Ruby client library to access a Passrock (Passrock.com) binary database
+test_files:
+- spec/active_model/validations/passrock_secure_validator_spec.rb
+- spec/passrock/password_db_spec.rb
+- spec/passrock_spec.rb
+- spec/spec_helper.rb