passrock 0.0.5 → 0.0.8

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 7b901d76f9ebf5e7aeae7fac88edbba47f632bb6
-  data.tar.gz: c0102ec9aaaaa8f4536c1787187604140cad70e3
+  metadata.gz: ed1e2aff3b96416160e88dde57f911e727895521
+  data.tar.gz: dc7046386fc7a537d6a1b73594079cae40e735f4
 SHA512:
-  metadata.gz: d7c54fa479abe10d5993a1dd3da3190e7b0ad4e421fa0ed6db25e2d27ac4e2c0ea4aa0b68b707495a16dde840ad327b640f7fd701bee9cb01216a2f6b29aa8b3
-  data.tar.gz: 44b468162e89408c5fa95ed1af2714611334a18b3997702d6a677727cca0ddf8466f48c49bd07bda0d945353580f4fe79802782aac4f21c4b3cf5e6d874470a4
+  metadata.gz: e1a113b26a7a606f42058d644ff1a5d005838dd3729d8ecd2fb759d779da24d8477218d5f5b75f2c9def4800b2c0d00a1d780b337858090d2587ab88e6f69efe
+  data.tar.gz: cda555c54b742e2cb80d4b22db94549b2b044c0c2fb5173da3eac6de7bee395105f7ef1e4516c6dfa5a32df755d7118f707adf689e1c061d43cb78e5385ca505

data/.env.example

@@ -1,2 +1,3 @@
-PASSROCK_PASSWORD_DB=/path/to/passrock/testPRbinary.dat
+PASSROCK_PASSWORD_DB=/path/to/PRbinary_Directory/
+PASSROCK_PASSWORD_DB_FILE=/path/to/PRbinary.dat
 PASSROCK_PRIVATE_KEY=xxx

data/README.md

@@ -2,6 +2,8 @@
 
 Ruby client library for programmatic access to the [Passrock Binary Database](https://www.passrock.com/demo.php).
 
+This library adheres to [SemVer](http://semver.org). Pre v1.0.0 is considered alpha level software.
+
 
 ## Installation
 
@@ -18,34 +20,38 @@ And then execute:
 
 ### Plain Ol' Ruby (PORO)
 
-      require 'passrock'
-
-      passrock_db = Passrock::PasswordDb.new('/path/to/passrock/binary.dat', 'your private key')
-      passrock_db.secure?('password') # => false
-      passrock_db.insecure?('av3r^securePass') # => false
+```ruby
+require 'passrock'
 
+passrock_db = Passrock::PasswordDb.new(:password_db => '/path/to/passrock_db_dir', :private_key => 'your private key')
+passrock_db.secure?('password') # => false
+passrock_db.insecure?('PASSWORD') # => true
+```
 
 ### Ruby on Rails
 
 This library provides a custom ActiveModel validation:
 
-      # Configure: config/initializers/passrock.rb
-      Passrock.configure do |config|
-        config.password_db = '/path/to/passrock/binary.dat'
-        config.private_key = 'your private key'
-      end
-
-      # Model
-      # e.g. app/models/user.rb
-      validates :password, :passrock_secure => true
-
-      # Customize the error message (see: http://guides.rubyonrails.org/i18n.html#error-message-scopes)
-      # e.g. config/locales/en.yml
-      activerecord:
-        errors:
-          messages:
-            passrock_secure: "appears to be a commonly used password"
-
+```ruby
+# Configure: config/initializers/passrock.rb
+Passrock.configure do |config|
+  config.password_db = '/path/to/passrock_db_dir'
+  config.private_key = 'your private key'
+end
+
+# Model
+# e.g. app/models/user.rb
+validates :password, :passrock_secure => true
+```
+
+```yaml
+# Customize the error message (see: http://guides.rubyonrails.org/i18n.html#error-message-scopes)
+# e.g. config/locales/en.yml
+activerecord:
+  errors:
+    messages:
+      passrock_secure: "appears to be a commonly used password"
+```
 
 ## Contributing
 
@@ -56,7 +62,7 @@ This library provides a custom ActiveModel validation:
 5. Create new Pull Request
 
 
-# Specs
+## Specs
 
 To run the spec suite:
 

data/benchmark/binary_search_test.rb

@@ -6,7 +6,7 @@ Dotenv.load
 
 PROJECT_ROOT = File.expand_path(File.join(File.dirname(__FILE__), '../'))
 
-passrock_db = Passrock::PasswordDb.new(ENV['PASSROCK_PASSWORD_DB'], ENV['PASSROCK_PRIVATE_KEY'])
+passrock_db = Passrock::PasswordDb.new(:password_db => ENV['PASSROCK_PASSWORD_DB'], :private_key => ENV['PASSROCK_PRIVATE_KEY'])
 
 Benchmark.bm do |x|
   x.report("#find_by_binary_search\n") { puts "Password secure? #{passrock_db.secure?('password')}" }

data/lib/passrock.rb

@@ -1,6 +1,7 @@
 require 'passrock/version'
 require 'passrock/exceptions'
 require 'passrock/configuration'
+require 'passrock/password_db_finder'
 require 'passrock/password_db'
 
 require 'passrock/railtie' if defined?(::Rails::Railtie)

data/lib/passrock/exceptions.rb

@@ -3,6 +3,6 @@ module Passrock
   class PassrockError < ::StandardError; end
 
   class PasswordDbNotFoundError < PassrockError; end
-  class PrivateKeyInvalidError < PassrockError; end
+  class BinaryFileReadError < PassrockError; end
 
 end

data/lib/passrock/password_db.rb

@@ -1,77 +1,19 @@
-require 'base64'
-require 'bcrypt'
-
 module Passrock
   class PasswordDb
 
-    RECORD_LENGTH = 23
-
-
-    def self.bcrypt_hash(secret, salt)
-      BCrypt::Engine.hash_secret(secret, "$2a$07$#{salt}")
-    end
-
-
-    attr_reader :password_db, :private_key
+    attr_reader :password_db_finder
 
     def initialize(opts = {})
-      @password_db = opts[:password_db]
-      @private_key = opts[:private_key]
-
-      raise PasswordDbNotFoundError, "Passrock Password DB not found at: #{@password_db}" unless File.file?(@password_db)
-    end
-
-    def password_in_searchable_form(password)
-      hashed_password = self.class.bcrypt_hash(password, private_key)
-
-      searchable = hashed_password[29..-1]
-      searchable.tr!('./ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789', 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/')
-      searchable += '=' * (3 - (searchable.size + 3) % 4)
+      @password_db_finder = PasswordDbFinder.new(opts)
     end
 
     def secure?(password)
-      !find_by_binary_search(password)
+      !password_db_finder.find(password)
     end
 
     def insecure?(password)
       !secure?(password)
     end
 
-
-    private
-
-    def total_records
-      # Minus 1 for length in file and 1 for 0-up counting
-      @total_records ||= (File.size(password_db) / RECORD_LENGTH) - 2
-    end
-
-    def find_by_binary_search(password)
-      file = File.new(password_db, 'rb')
-      target = password_in_searchable_form(password)
-
-      lo = 1 # start at 1 because the testKey is at 0
-      hi = total_records
-      while lo <= hi
-        mid = (lo + (hi - lo) / 2)
-        file.seek(RECORD_LENGTH * mid, IO::SEEK_SET)
-        midtest = file.read(RECORD_LENGTH)
-        raise 'Error reading binary file' if midtest.nil?
-
-        midtest = Base64.strict_encode64(midtest)
-
-        if ( (midtest <=> target) == 0 )
-          file.close
-          return true
-        elsif ( (midtest <=> target) < 0 )
-          lo = mid + 1
-        else
-          hi = mid - 1
-        end
-      end
-
-      file.close
-      return false
-    end
-
   end
 end

data/lib/passrock/password_db_finder.rb

@@ -0,0 +1,87 @@
+require 'base64'
+require 'bcrypt'
+
+module Passrock
+  class PasswordDbFinder
+
+    RECORD_LENGTH = 12
+
+
+    def self.bcrypt_hash(secret, salt)
+      BCrypt::Engine.hash_secret(secret, "$2a$07$#{salt}")
+    end
+
+
+    attr_reader :password_db, :private_key
+
+    def initialize(opts = {})
+      @password_db = opts[:password_db]
+      @private_key = opts[:private_key]
+    end
+
+    def valid?
+      password_db_is_a_file? || password_db_is_a_directory?
+    end
+
+    def find(password)
+      raise PasswordDbNotFoundError, "Passrock Password DB not found at: #{password_db}" unless valid?
+      find_by_binary_search(password)
+    end
+
+    def filename(hashed_password = nil)
+      return password_db if password_db_is_a_file?
+      File.join(password_db, "PRbinary#{hashed_password.ord}.dat")
+    end
+
+    def password_db_is_a_file?
+      File.file?(password_db)
+    end
+
+    def password_db_is_a_directory?
+      File.directory?(password_db)
+    end
+
+
+    private
+
+    def password_in_searchable_form(password)
+      password = password.to_s.downcase
+      hashed_password = self.class.bcrypt_hash(password, private_key)
+
+      searchable = hashed_password[29..-1]
+      searchable.tr!('./ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789', 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/')
+      searchable += '=' * (3 - (searchable.size + 3) % 4)
+      searchable[0, 16]
+    end
+
+    def find_by_binary_search(password)
+      target = password_in_searchable_form(password)
+      file = File.new(filename(target), 'rb')
+      total_records = (File.size(file) / RECORD_LENGTH) - 1
+
+      lo = 0
+      hi = total_records
+      while lo <= hi
+        mid = (lo + (hi - lo) / 2)
+        file.seek(RECORD_LENGTH * mid, IO::SEEK_SET)
+        midtest = file.read(RECORD_LENGTH)
+        raise BinaryFileReadError if midtest.nil?
+
+        midtest = Base64.strict_encode64(midtest)
+
+        if ( (midtest <=> target) == 0 )
+          file.close
+          return target
+        elsif ( (midtest <=> target) < 0 )
+          lo = mid + 1
+        else
+          hi = mid - 1
+        end
+      end
+
+      file.close
+      return nil
+    end
+
+  end
+end

data/lib/passrock/version.rb

@@ -1,3 +1,3 @@
 module Passrock
-  VERSION = '0.0.5'
+  VERSION = '0.0.8'
 end

data/spec/passrock/password_db_finder_spec.rb

@@ -0,0 +1,119 @@
+require 'spec_helper'
+
+describe Passrock::PasswordDbFinder do
+
+  let(:password_db) { passrock_password_db }
+  let(:private_key) { passrock_private_key }
+  let(:init_opts) { {:password_db => password_db, :private_key => private_key} }
+
+
+  describe '.bcrypt_hash' do
+
+    it 'calculates and returns the bcrypt password hash given a secret and salt' do
+      secret = 'password'
+      salt = private_key
+      expect(described_class.bcrypt_hash(secret, salt)).to eq('$2a$07$c16iYVArVz3hYEvtakjiXO8jPyn2MxhVHlrY92EErobY/OCDNObhG')
+    end
+
+  end
+
+
+  describe '#valid?' do
+
+    let(:subject) { described_class.new(init_opts) }
+
+    context 'password_db is a directory' do
+      let(:password_db) { passrock_password_db }
+
+      it 'returns true' do
+        expect(subject).to be_valid
+      end
+    end
+
+    context 'password_db is a file' do
+      let(:password_db) { passrock_password_db_file }
+
+      it 'returns true' do
+        expect(subject).to be_valid
+      end
+    end
+
+    context 'password_db is does not exist as a file or directory' do
+      let(:password_db) { '/invalid/path/to/password_db' }
+
+      it 'returns false' do
+        expect(subject).to_not be_valid
+      end
+    end
+
+  end
+
+  describe '#filename' do
+
+    let(:subject) { described_class.new(init_opts) }
+
+    context 'password_db is a directory' do
+      let(:password_db) { passrock_password_db }
+
+      it 'returns the filename based on the integer ordinal of the first character of the given hashed password' do
+        hashed_password = 'g+vOBRu/5hi40RA5'
+        expect(subject.filename(hashed_password)).to eq("#{password_db}/PRbinary#{hashed_password[0].ord}.dat")
+      end
+    end
+
+    context 'password_db is a file' do
+      let(:password_db) { passrock_password_db_file }
+
+      it 'returns the password_db as the filename verbatim' do
+        expect(subject.filename).to eq(passrock_password_db_file)
+      end
+    end
+
+  end
+
+  describe '#find' do
+
+    let(:subject) { described_class.new(init_opts) }
+    let(:known_password) { 'password' }
+    let(:unknown_password) { 'BoatActKnowsDog' }
+
+    context 'when given password is present in the password database' do
+      it 'returns the Base64 representation of the hashed password' do
+        expect(subject.find(known_password)).to eq('+lR0p4OzjXJnta/4')
+      end
+    end
+
+    context 'when given password is mixed cased' do
+      it 'returns the Base64 representation of the hashed password ignoring case' do
+        expect(subject.find(known_password.upcase)).to eq('+lR0p4OzjXJnta/4')
+      end
+    end
+
+    context 'when given password does not appear in the password database' do
+      it 'returns true' do
+        expect(subject.find(unknown_password)).to be_nil
+      end
+    end
+
+    context 'when password_db does not exist' do
+      let(:password_db) { '/invalid/path/to/password_db' }
+
+      it 'raises PasswordDbNotFoundError' do
+        expect {
+          subject.find(known_password)
+        }.to raise_error(Passrock::PasswordDbNotFoundError)
+      end
+    end
+
+    context 'multiple sequential calls' do
+      it 'does not error out' do
+        expect {
+          subject.find(unknown_password)
+          subject.find(known_password)
+        }.to_not raise_error
+      end
+    end
+
+  end
+
+end

data/spec/passrock/password_db_spec.rb

@@ -4,50 +4,22 @@ describe Passrock::PasswordDb do
 
   let(:password_db) { passrock_password_db }
   let(:private_key) { passrock_private_key }
-  let(:valid_init_opts) { {:password_db => password_db, :private_key => private_key} }
+  let(:init_opts) { {:password_db => password_db, :private_key => private_key} }
   let(:insecure_password) { 'password' }
   let(:secure_password) { 'BoatActKnowsDog' }
 
-
-  describe '.bcrypt_hash' do
-
-    it 'calculates and returns the bcrypt password hash given a secret and salt' do
-      secret = 'password'
-      salt = private_key
-      expect(described_class.bcrypt_hash(secret, salt)).to eq('$2a$07$c16iYVArVz3hYEvtakjiXO8jPyn2MxhVHlrY92EErobY/OCDNObhG')
-    end
-
-  end
-
-
-  describe '#initialize' do
-
-    context 'when password_db file does not exist' do
-      it 'raises PasswordDbNotFoundError' do
-        expect {
-          described_class.new(:password_db => '/invalid/path/to/password_db', :private_key => private_key)
-        }.to raise_error(Passrock::PasswordDbNotFoundError)
-      end
-    end
-
-  end
-
-  describe '#password_in_searchable_form' do
-
-    it 'returns the given password in a searchable format' do
-      subject = described_class.new(valid_init_opts)
-      expect(subject.password_in_searchable_form(insecure_password)).to eq('+lR0p4OzjXJnta/4GGtqdaBQEFPQdjI=')
-    end
-
-  end
-
   describe '#secure?' do
 
-    let(:subject) { described_class.new(valid_init_opts) }
+    let(:subject) { described_class.new(init_opts) }
 
     context 'when given password is present in the password database' do
       it 'returns false' do
         expect(subject.secure?(insecure_password)).to be_false
+
+        # sanity check other known insecure passwords
+        [ 'inIUfiWO13', 'PVGWpkf81', 'cSAuOcUW58', 'XxPRBGF11', 'WjNYUmGj72', 'P0RQU33SM3N3ST3r' ].each do |password|
+          expect(subject.secure?(password)).to be_false
+        end
       end
     end
 
@@ -57,20 +29,11 @@ describe Passrock::PasswordDb do
       end
     end
 
-    context 'multiple sequential calls' do
-      it 'does not error out' do
-        expect {
-          subject.secure?(secure_password)
-          subject.secure?(insecure_password)
-        }.to_not raise_error
-      end
-    end
-
   end
 
   describe '#insecure?' do
 
-    let(:subject) { described_class.new(valid_init_opts) }
+    let(:subject) { described_class.new(init_opts) }
 
     context 'when given password is present in the password database' do
       it 'returns true' do

data/spec/spec_helper.rb

@@ -27,6 +27,10 @@ def passrock_password_db
   ENV['PASSROCK_PASSWORD_DB']
 end
 
+def passrock_password_db_file
+  ENV['PASSROCK_PASSWORD_DB_FILE']
+end
+
 def passrock_private_key
   ENV['PASSROCK_PRIVATE_KEY']
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: passrock
 version: !ruby/object:Gem::Version
-  version: 0.0.5
+  version: 0.0.8
 platform: ruby
 authors:
 - Bitium, Inc
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-09-12 00:00:00.000000000 Z
+date: 2013-09-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bcrypt-ruby
@@ -100,11 +100,13 @@ files:
 - lib/passrock/configuration.rb
 - lib/passrock/exceptions.rb
 - lib/passrock/password_db.rb
+- lib/passrock/password_db_finder.rb
 - lib/passrock/railtie.rb
 - lib/passrock/version.rb
 - locales/en.yml
 - passrock.gemspec
 - spec/active_model/validations/passrock_secure_validator_spec.rb
+- spec/passrock/password_db_finder_spec.rb
 - spec/passrock/password_db_spec.rb
 - spec/passrock_spec.rb
 - spec/spec_helper.rb
@@ -134,6 +136,7 @@ specification_version: 4
 summary: Ruby client library to access a Passrock (Passrock.com) binary database
 test_files:
 - spec/active_model/validations/passrock_secure_validator_spec.rb
+- spec/passrock/password_db_finder_spec.rb
 - spec/passrock/password_db_spec.rb
 - spec/passrock_spec.rb
 - spec/spec_helper.rb