password_rehasher 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 409cef18ec9de50002c666881ae5cb056408d819
+  data.tar.gz: 8fd6efa013ae5e7cacaf6dcbff3ec0513dacd884
+SHA512:
+  metadata.gz: 01cd32f04dd356ed981600d1da983976e83937c75ab877e4f2ad13b85215cb40969e2f226fabbd7c5effbada3c7ac0942091098770f5d0898d768f938792ebce
+  data.tar.gz: e059422957191020d44b05508408db860539c8ee7ad1f38735655a61f542b34f9729feee4da13a6e10325640322fb3d4cf5df2eda2448da1d6e23b77a67c1274

data/.gitignore

@@ -0,0 +1,35 @@
+*.gem
+*.rbc
+/.config
+/coverage/
+/InstalledFiles
+/pkg/
+/spec/reports/
+/test/tmp/
+/test/version_tmp/
+/tmp/
+
+## Specific to RubyMotion:
+.dat*
+.repl_history
+build/
+
+## Documentation cache and generated files:
+/.yardoc/
+/_yardoc/
+/doc/
+/rdoc/
+
+## Environment normalisation:
+/.bundle/
+/vendor/bundle
+/lib/bundler/man/
+
+# for a library or gem, you might want to ignore these files since the code is
+# intended to run in multiple environments; otherwise, check them in:
+# Gemfile.lock
+# .ruby-version
+# .ruby-gemset
+
+# unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
+.rvmrc

data/.rspec

@@ -0,0 +1,2 @@
+--color
+--require spec_helper

data/Gemfile

@@ -0,0 +1,8 @@
+source 'https://rubygems.org'
+
+gem "scrypt", '~> 2.0.2'
+
+group :test, :development do
+	gem 'rspec', '~> 3.3.0'
+	gem 'pry'
+end

data/Gemfile.lock

@@ -0,0 +1,43 @@
+GEM
+  remote: https://rubygems.org/
+  specs:
+    coderay (1.1.0)
+    diff-lcs (1.2.5)
+    ffi (1.9.10)
+    ffi-compiler (0.1.3)
+      ffi (>= 1.0.0)
+      rake
+    method_source (0.8.2)
+    pry (0.10.3)
+      coderay (~> 1.1.0)
+      method_source (~> 0.8.1)
+      slop (~> 3.4)
+    rake (10.4.2)
+    rspec (3.3.0)
+      rspec-core (~> 3.3.0)
+      rspec-expectations (~> 3.3.0)
+      rspec-mocks (~> 3.3.0)
+    rspec-core (3.3.2)
+      rspec-support (~> 3.3.0)
+    rspec-expectations (3.3.1)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.3.0)
+    rspec-mocks (3.3.2)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.3.0)
+    rspec-support (3.3.0)
+    scrypt (2.0.2)
+      ffi-compiler (>= 0.0.2)
+      rake
+    slop (3.6.0)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  pry
+  rspec (~> 3.3.0)
+  scrypt (~> 2.0.2)
+
+BUNDLED WITH
+   1.10.6

data/README.md

@@ -0,0 +1,17 @@
+# password_rehasher
+
+Password Rehasher is a temporary gem to rehash the passwords in the RPM database to scrypt.
+
+## Usage
+
+```ruby
+if (PasswordRehasher.password_valid?(plaintext_password, crypted_password)) {
+	if (PasswordRehasher.rehash_needed?(crypted_password)) {
+	    user.crypted_password = PasswordRehasher.hash_password(password)
+	    user.save
+    }
+    # user is logged in
+} else {
+	# user is not logged in
+}
+```

data/lib/password_rehasher.rb

@@ -0,0 +1,31 @@
+require "scrypt"
+require 'digest/sha1'
+
+class PasswordRehasher
+	VERSION = "0.1.0"
+
+	def self.password_valid?(plaintext_password, hashed_password)
+		case hashed_password.length 
+		when 40
+			hashed_password == Digest::SHA1.hexdigest(plaintext_password)
+		when 90
+			password = SCrypt::Password.new(hashed_password)
+			password == plaintext_password
+		when 103
+			scrypt_plus_sha1_hash =  hashed_password[13..-1]
+			sha1_hashed_password = Digest::SHA1.hexdigest(plaintext_password)
+			password = SCrypt::Password.new(scrypt_plus_sha1_hash)
+			password == sha1_hashed_password
+		else
+			false
+		end
+	end
+
+	def self.rehash_needed?(hashed_password)
+		hashed_password.length != 90
+	end
+
+	def self.hash_password(plaintext_password)
+		SCrypt::Password.create(plaintext_password)
+	end
+end

data/password_rehasher.gemspec

@@ -0,0 +1,26 @@
+# -*- encoding: utf-8 -*-
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'password_rehasher'
+
+Gem::Specification.new do |gem|
+  gem.name          = "password_rehasher"
+  gem.version       = PasswordRehasher::VERSION
+  gem.authors       = ["John Hyland", "Polina Vorozheykina"]
+  gem.email         = ["jhyland@newrelic.com", "pvorozheykina@newrelic.com"]
+  gem.description   = %q{Temporary gem to rehash passwords to scrypt}
+  gem.summary       = %q{Temporary gem to rehash passwords to scrypt}
+  gem.homepage      = "https://source.datanerd.us/platform-services/password_rehasher"
+  gem.license       = 'New Relic'
+
+  gem.files         = `git ls-files`.split($/)
+  gem.executables   = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
+  gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
+  gem.require_paths = ["lib"]
+
+  gem.add_runtime_dependency 'scrypt', '~> 2.0.2'
+
+  gem.add_development_dependency 'rspec', '~> 3.3.0'
+  gem.add_development_dependency 'pry'
+
+end

data/spec/password_rehasher_spec.rb

@@ -0,0 +1,70 @@
+describe PasswordRehasher do
+	let(:plaintext_password) { "some_password" }
+	let(:incorrect_plaintext_password) { "some_passwords" }
+
+	let(:sha1_hashed_password) { "7165f6d407dc2fd68528da63260a913e71623e86" }
+	let(:nested_hashed_password) { "nested hash: 400$8$38$e4df71f5896cd935$55ef6d79674ed4274e433e51ad75f0c80fd3599717698c46b11df7e67c5b0206" }
+	let(:scrypt_hashed_password) { "400$8$38$76f69b1ead11cf5c$b0e509793a43e66d206d549cec5f039acf15b52fe965cd3b5d855408459c3ddb" }
+	let(:invalid_hashed_password) { "400$8$38$76f60b1ead11cf5c$b0e509793a43e66d206d549cec5f039acf15b52fe965cd3b5d855408459c3ddb" }
+
+	describe '::VERSION' do
+		subject { PasswordRehasher::VERSION }
+
+		it { is_expected.to_not be_nil }
+	end
+
+	describe '.password_valid?' do
+		subject { PasswordRehasher.password_valid?(plaintext_password, hashed_password) }
+
+		context 'with a SHA1 hash' do
+			let(:hashed_password) { sha1_hashed_password }
+			it { is_expected.to be_truthy }
+		end
+
+		context 'with a nested hash' do
+			let(:hashed_password) { nested_hashed_password }
+			it { is_expected.to be_truthy }
+		end
+
+		context 'with an scrypt hash' do
+			let(:hashed_password) { scrypt_hashed_password }
+			it { is_expected.to be_truthy }
+		end
+
+		context 'with an scrypt hash' do
+			let(:hashed_password) { invalid_hashed_password }
+			it { is_expected.to be_falsey }
+		end
+	end
+
+	describe '.rehash_needed?' do
+		subject { PasswordRehasher.rehash_needed?(hashed_password) }
+
+		context 'with a SHA1 hash' do
+			let(:hashed_password) { sha1_hashed_password }
+			it { is_expected.to be_truthy }
+		end
+
+		context 'with a nested hash' do
+			let(:hashed_password) { nested_hashed_password }
+			it { is_expected.to be_truthy }
+		end
+
+		context 'with an scrypt hash' do
+			let(:hashed_password) { scrypt_hashed_password }
+			it { is_expected.to be_falsey }
+		end
+	end
+
+	describe '.hash_password' do
+		subject(:password_object) { PasswordRehasher.hash_password(plaintext_password) }
+
+		it "returns a password object matching the plaintext password" do
+			expect(password_object == plaintext_password).to be_truthy
+		end
+
+		it "returns a password object that does not match a different plaintext password" do
+			expect(password_object == incorrect_plaintext_password).to be_falsey
+		end
+	end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,98 @@
+require_relative "../lib/password_rehasher.rb"
+
+# This file was generated by the `rspec --init` command. Conventionally, all
+# specs live under a `spec` directory, which RSpec adds to the `$LOAD_PATH`.
+# The generated `.rspec` file contains `--require spec_helper` which will cause
+# this file to always be loaded, without a need to explicitly require it in any
+# files.
+#
+# Given that it is always loaded, you are encouraged to keep this file as
+# light-weight as possible. Requiring heavyweight dependencies from this file
+# will add to the boot time of your test suite on EVERY test run, even for an
+# individual file that may not need all of that loaded. Instead, consider making
+# a separate helper file that requires the additional dependencies and performs
+# the additional setup, and require it from the spec files that actually need
+# it.
+#
+# The `.rspec` file also contains a few flags that are not defaults but that
+# users commonly want.
+#
+# See http://rubydoc.info/gems/rspec-core/RSpec/Core/Configuration
+RSpec.configure do |config|
+  # rspec-expectations config goes here. You can use an alternate
+  # assertion/expectation library such as wrong or the stdlib/minitest
+  # assertions if you prefer.
+  config.expect_with :rspec do |expectations|
+    # This option will default to `true` in RSpec 4. It makes the `description`
+    # and `failure_message` of custom matchers include text for helper methods
+    # defined using `chain`, e.g.:
+    #     be_bigger_than(2).and_smaller_than(4).description
+    #     # => "be bigger than 2 and smaller than 4"
+    # ...rather than:
+    #     # => "be bigger than 2"
+    expectations.include_chain_clauses_in_custom_matcher_descriptions = true
+  end
+
+  # rspec-mocks config goes here. You can use an alternate test double
+  # library (such as bogus or mocha) by changing the `mock_with` option here.
+  config.mock_with :rspec do |mocks|
+    # Prevents you from mocking or stubbing a method that does not exist on
+    # a real object. This is generally recommended, and will default to
+    # `true` in RSpec 4.
+    mocks.verify_partial_doubles = true
+  end
+
+# The settings below are suggested to provide a good initial experience
+# with RSpec, but feel free to customize to your heart's content.
+=begin
+  # These two settings work together to allow you to limit a spec run
+  # to individual examples or groups you care about by tagging them with
+  # `:focus` metadata. When nothing is tagged with `:focus`, all examples
+  # get run.
+  config.filter_run :focus
+  config.run_all_when_everything_filtered = true
+
+  # Allows RSpec to persist some state between runs in order to support
+  # the `--only-failures` and `--next-failure` CLI options. We recommend
+  # you configure your source control system to ignore this file.
+  config.example_status_persistence_file_path = "spec/examples.txt"
+
+  # Limits the available syntax to the non-monkey patched syntax that is
+  # recommended. For more details, see:
+  #   - http://myronmars.to/n/dev-blog/2012/06/rspecs-new-expectation-syntax
+  #   - http://www.teaisaweso.me/blog/2013/05/27/rspecs-new-message-expectation-syntax/
+  #   - http://myronmars.to/n/dev-blog/2014/05/notable-changes-in-rspec-3#new__config_option_to_disable_rspeccore_monkey_patching
+  config.disable_monkey_patching!
+
+  # This setting enables warnings. It's recommended, but in some cases may
+  # be too noisy due to issues in dependencies.
+  config.warnings = true
+
+  # Many RSpec users commonly either run the entire suite or an individual
+  # file, and it's useful to allow more verbose output when running an
+  # individual spec file.
+  if config.files_to_run.one?
+    # Use the documentation formatter for detailed output,
+    # unless a formatter has already been configured
+    # (e.g. via a command-line flag).
+    config.default_formatter = 'doc'
+  end
+
+  # Print the 10 slowest examples and example groups at the
+  # end of the spec run, to help surface which specs are running
+  # particularly slow.
+  config.profile_examples = 10
+
+  # Run specs in random order to surface order dependencies. If you find an
+  # order dependency and want to debug it, you can fix the order by providing
+  # the seed, which is printed after each run.
+  #     --seed 1234
+  config.order = :random
+
+  # Seed global randomization in this process using the `--seed` CLI option.
+  # Setting this allows you to use `--seed` to deterministically reproduce
+  # test failures related to randomization by passing the same `--seed` value
+  # as the one that triggered the failure.
+  Kernel.srand config.seed
+=end
+end

metadata

@@ -0,0 +1,100 @@
+--- !ruby/object:Gem::Specification
+name: password_rehasher
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- John Hyland
+- Polina Vorozheykina
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2015-10-19 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: scrypt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.0.2
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.0.2
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.3.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.3.0
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Temporary gem to rehash passwords to scrypt
+email:
+- jhyland@newrelic.com
+- pvorozheykina@newrelic.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- Gemfile
+- Gemfile.lock
+- README.md
+- lib/password_rehasher.rb
+- password_rehasher.gemspec
+- spec/password_rehasher_spec.rb
+- spec/spec_helper.rb
+homepage: https://source.datanerd.us/platform-services/password_rehasher
+licenses:
+- New Relic
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.6
+signing_key: 
+specification_version: 4
+summary: Temporary gem to rehash passwords to scrypt
+test_files:
+- spec/password_rehasher_spec.rb
+- spec/spec_helper.rb
+has_rdoc: