pwl 0.0.1

data/lib/pwl/dialog/gnome.rb

@@ -0,0 +1,27 @@
+module Pwl
+  module Dialog
+    class GnomeDialog < SystemDialog
+      def command
+        "zenity --title \"#{title}\""
+      end
+    end
+    
+    class GnomePasswordDialog < GnomeDialog
+      #
+      # Returns the OS command that is required to ask the user for a password.
+      #
+      def command
+        "#{super} --entry --hide-text --text \"#{prompt}\""
+      end
+    end
+    
+    class GnomeTextDialog < GnomeDialog
+      #
+      # Returns the OS command that is required to ask the user for text input.
+      #
+      def command
+        "#{super} --entry --text \"#{prompt}\""
+      end
+    end
+  end
+end

data/lib/pwl/dialog.rb

@@ -0,0 +1,50 @@
+$:.unshift File.join(File.dirname(__FILE__), *%w[dialog])
+
+require 'base'
+require 'console'
+require 'gnome'
+require 'cocoa'
+
+module Pwl
+  module Dialog
+    PLATFORM_PASSWORD_DIALOGS = {
+      :gnome => GnomePasswordDialog,
+      :mac   => CocoaPasswordDialog,
+    }
+
+    PLATFORM_TEXT_DIALOGS = {
+      :gnome => GnomeTextDialog,
+      :mac   => CocoaTextDialog,
+    }
+
+    extend self
+
+    class Password
+      class << self
+        # Factory method that creates a new password dialog that suits the current GUI platform.
+        # If no implementation was found for the current platform, a ConsolePasswordDialog is returned.
+        def new(title, prompt)
+          (PLATFORM_PASSWORD_DIALOGS[Dialog.gui_platform] || ConsolePasswordDialog).new(title, prompt)
+        end
+      end
+    end
+
+    class Text
+      class << self
+        # Factory method that creates a new text (input) dialog that suits the current GUI platform.
+        # If no implementation was found for the current platform, a ConsoleTextDialog is returned.
+        def new(title, prompt)
+          (PLATFORM_TEXT_DIALOGS[Dialog.gui_platform] || ConsoleTextDialog).new(title, prompt)
+        end
+      end
+    end
+
+    def gui_platform
+      if ENV['GDMSESSION']
+        :gnome
+      elsif RUBY_PLATFORM =~ /darwin/
+        :mac
+      end
+    end
+  end
+end

data/lib/pwl/message.rb

@@ -0,0 +1,46 @@
+require "erb"
+
+# http://refactormycode.com/codes/281-given-a-hash-of-variables-render-an-erb-template
+class Hash
+  def to_binding(object = Object.new)
+    object.instance_eval("def binding_for(#{keys.join(",")}) binding end")
+    object.binding_for(*values)
+  end
+end
+
+module Pwl
+  class ReservedMessageCodeError < StandardError; end
+
+  class Message
+    attr_reader :exit_code
+
+    def initialize(template, exit_code = 0, default_replacements = {})
+      @template = ERB.new(template)
+      @exit_code = exit_code
+      @default_replacements = default_replacements
+    end
+
+    def to_s(replacements = {})
+      if !replacements.any? && @default_replacements.any?
+        @template.result(@default_replacements.to_binding)
+      else
+        @template.result(replacements.to_binding)
+      end
+    end
+
+    def error?
+      false
+    end
+  end
+
+  class ErrorMessage < Message
+    def initialize(template, exit_code, default_replacements = {})
+      raise ReservedMessageCodeError.new("Exit code 0 is reserved for success messages") if 0 == exit_code
+      super(template, exit_code, default_replacements)
+    end
+
+    def error?
+      true
+    end
+  end
+end

data/lib/pwl/password_policy.rb

@@ -0,0 +1,29 @@
+module Pwl
+  class InvalidMasterPasswordError < StandardError
+    def initialize(reason)
+      super("The master password is not valid: #{reason}")
+    end
+  end
+
+  class AnyNonEmptyPasswordPolicy
+    def validate!(master_password)
+      raise InvalidMasterPasswordError.new("Password must not be blank") if master_password.blank?
+    end
+  end
+
+  class ForbidAllPasswordPolicy
+    def validate!(master_password)
+      raise InvalidMasterPasswordError.new("No password allowed at all")
+    end
+  end
+
+  class ReasonableComplexityPasswordPolicy
+    def validate!(pwd)
+      raise InvalidMasterPasswordError.new("May not be blank") if pwd.blank?
+      raise InvalidMasterPasswordError.new("Must have at least eight characters") if 8 > pwd.length
+      raise InvalidMasterPasswordError.new("Must contain at least one integer") unless pwd =~ /.*\d/
+      raise InvalidMasterPasswordError.new("Must contain at least one character (lower or upper case)") unless pwd =~ /.*([a-z]|[A-Z])/
+      raise InvalidMasterPasswordError.new("Special characters are only allowed if their ASCII value is between 0x20 and 0x7E") unless pwd =~ /[\x20-\x7E]/
+    end
+  end
+end

data/lib/pwl/store.rb

@@ -0,0 +1,284 @@
+require 'date'
+
+module Pwl
+  class Store
+    class FileAlreadyExistsError < StandardError
+      def initialize(file)
+        super("The file #{file} already exists")
+      end
+    end
+
+    class NotInitializedError < StandardError
+      def initialize(file)
+        super("The store at #{file} was not initialized yet")
+      end
+    end
+
+    class WrongMasterPasswordError < StandardError
+      def initialize
+        super("The master password is wrong")
+      end
+    end
+
+    class FileNotFoundError < StandardError
+      def initialize(file)
+        super("The file #{file} for the store was not found")
+      end
+    end
+
+    class KeyNotFoundError < StandardError
+      def initialize(key)
+        super("No entry was found for #{key}")
+      end
+    end
+
+    class BlankError < StandardError
+      def initialize(what)
+        super("#{what} is required")
+      end
+    end
+
+    class BlankKeyError < BlankError
+      def initialize
+        super("Key")
+      end
+    end
+
+    class BlankValueError < BlankError
+      def initialize
+        super("Value")
+      end
+    end
+
+    class << self
+      alias_method :load, :new
+
+      DEFAULT_PASSWORD_POLICY = ReasonableComplexityPasswordPolicy.new
+
+      #
+      # Constructs a new store (not only the object, but also the file behind it).
+      #
+      def new(file, master_password, options = {})
+        if File.exists?(file) && !options[:force] # don't allow accedidential override of existing file
+          raise FileAlreadyExistsError.new(file)
+        else
+          password_policy.validate!(master_password)
+          store = load(file, master_password)
+          store.reset!
+        end
+
+        store
+      end
+
+      #
+      # Opens an existing store. Throws if the backing file does not exist or isn't initialized.
+      #
+      def open(file, master_password)
+        raise FileNotFoundError.new(file) unless File.exists?(file)
+        store = load(file, master_password)
+        store.authenticate # do not allow openeing without successful authentication
+        store
+      end
+
+      def password_policy
+        @password_policy || DEFAULT_PASSWORD_POLICY
+      end
+
+      def password_policy=(policy)
+        @password_policy = policy
+      end
+    end
+
+    #
+    # Create a new store object by loading an existing file.
+    #
+    # Beware: New is overridden; it performs additional actions after before and after #initialize
+    #
+    def initialize(file, master_password)
+      @backend = PStore.new(file, true)
+      @backend.ultra_safe = true
+      @master_password = master_password
+    end
+
+    #
+    # (Re-) Initialize the database
+    #
+    def reset!
+      @backend.transaction{
+        @backend[:user] = {}
+        @backend[:system] = {}
+        @backend[:system][:created] = DateTime.now
+        @backend[:system][:salt] = encrypt(Random.rand.to_s)
+      }
+    end
+
+    #
+    # Check that the master password is correct. This is done to prevent opening an existing but blank store with the wrong password.
+    #
+    def authenticate
+      begin
+        @backend.transaction(true){
+          raise NotInitializedError.new(@backend.path.path) unless @backend[:user] && @backend[:system] && @backend[:system][:created]
+          check_salt!
+        }
+      rescue OpenSSL::Cipher::CipherError
+        raise WrongMasterPasswordError
+      end
+    end
+
+    #
+    # Return the value stored under key
+    #
+    def get(key)
+      raise BlankKeyError if key.blank?
+      @backend.transaction{
+        timestamp!(:last_accessed)
+        value = @backend[:user][encrypt(key)]
+        raise KeyNotFoundError.new(key) unless value
+        decrypt(value)
+      }
+    end
+
+    #
+    # Store value stored under key
+    #
+    def put(key, value)
+      raise BlankKeyError if key.blank?
+      raise BlankValueError if value.blank?
+      @backend.transaction{
+        timestamp!(:last_modified)
+        @backend[:user][encrypt(key)] = encrypt(value)
+      }
+    end
+
+    #
+    # Delete the value that is stored under key and return it
+    #
+    def delete(key)
+      raise BlankKeyError if key.blank?
+      @backend.transaction{
+        timestamp!(:last_modified)
+        old_value = @backend[:user].delete(encrypt(key))
+        raise KeyNotFoundError.new(key) unless old_value
+        decrypt(old_value)
+      }
+    end
+
+    #
+    # Return all keys, optionally filtered by filter
+    #
+    def list(filter = nil)
+      @backend.transaction(true){
+        result = @backend[:user].keys.collect{|k| decrypt(k)}
+
+        if filter.blank?
+          result
+        else
+          result.select{|k,v| k =~ /#{filter}/}
+        end
+      }
+    end
+
+    #
+    # Return all entries
+    #
+    def all
+      result = {}
+      @backend.transaction(true){
+        @backend[:user].each{|k,v| result[decrypt(k)] = decrypt(v)}
+      }
+      result
+    end
+
+    #
+    # Change the master password to +new_master_password+. Note that we don't take a password confirmation here.
+    # This is up to a UI layer.
+    #
+    def change_password!(new_master_password)
+      self.class.password_policy.validate!(new_master_password)
+
+      @backend.transaction{
+        # Decrypt each key and value with the old master password and encrypt them with the new master password
+        copy = {}
+        @backend[:user].each{|k,v|
+          new_key = Encryptor.encrypt(decrypt(k), :key => new_master_password)
+          new_val = Encryptor.encrypt(decrypt(v), :key => new_master_password)
+          copy[new_key] = new_val
+        }
+
+        # re-write user branch with newly encrypted keys and values
+        @backend[:user] = copy
+
+        # from now on, use the new master password as long as the object lives
+        @master_password = new_master_password
+
+        timestamp!(:last_modified)
+        @backend[:system][:salt] = encrypt(Random.rand.to_s)
+      }
+    end
+
+    #
+    # Return the date when the store was created
+    #
+    def created
+      @backend.transaction(true){@backend[:system][:created]}
+    end
+
+    #
+    # Return the date when the store was last accessed
+    #
+    def last_accessed
+      @backend.transaction(true){@backend[:system][:last_accessed]}
+    end
+
+    #
+    # Return the date when the store was last modified
+    #
+    def last_modified
+      @backend.transaction(true){@backend[:system][:last_modified]}
+    end
+
+    #
+    # Return the path to the file backing this store
+    #
+    def path
+      @backend.path
+    end
+
+    private
+
+    #
+    # Adds or updates the time-stamp stored under symbol
+    #
+    # This method must run within a PStore read/write transaction.
+    #
+    def timestamp!(sym)
+      @backend[:system][sym] = DateTime.now
+    end
+
+    #
+    # Return the encrypted +value+ (uses the current master password)
+    #
+    def encrypt(value)
+      Encryptor.encrypt(value, :key => @master_password)
+    end
+
+    #
+    # Return the decrypted +value+ (uses the current master password)
+    #
+    def decrypt(value)
+      Encryptor.decrypt(value, :key => @master_password)
+    end
+
+    #
+    # Attempts to decrypt the system salt. Throws if the master password is incorrect.
+    #
+    # This method must run within a PStore transaction (may be read-only).
+    #
+    def check_salt!
+      raise NotInitializedError.new(@backend.path.path) if @backend[:system][:salt].blank?
+      decrypt(@backend[:system][:salt])
+      nil
+    end
+  end
+end

data/lib/pwl.rb

@@ -0,0 +1,14 @@
+require 'pstore'
+require 'encryptor'
+require 'active_support/core_ext/object/blank'
+
+$:.unshift File.join(File.dirname(__FILE__), *%w[pwl])
+
+require 'message'
+require 'password_policy'
+require 'store'
+require 'dialog'
+
+module Pwl
+  VERSION = File.read(File.join(File.dirname(__FILE__), *%w[.. VERSION]))
+end

data/pwl.gemspec

@@ -0,0 +1,94 @@
+# Generated by jeweler
+# DO NOT EDIT THIS FILE DIRECTLY
+# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |s|
+  s.name = "pwl"
+  s.version = "0.0.1"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Nicholas E. Rabenau"]
+  s.date = "2012-03-22"
+  s.description = "pwl is a secure password locker for the commandline"
+  s.email = "nerab@gmx.net"
+  s.executables = ["pwl", "pwl"]
+  s.extra_rdoc_files = [
+    "LICENSE.txt",
+    "README.md"
+  ]
+  s.files = [
+    ".document",
+    ".travis.yml",
+    "Gemfile",
+    "Gemfile.lock",
+    "LICENSE.txt",
+    "README.md",
+    "Rakefile",
+    "VERSION",
+    "bin/pwl",
+    "lib/pwl.rb",
+    "lib/pwl/dialog.rb",
+    "lib/pwl/dialog/base.rb",
+    "lib/pwl/dialog/cocoa.rb",
+    "lib/pwl/dialog/console.rb",
+    "lib/pwl/dialog/gnome.rb",
+    "lib/pwl/message.rb",
+    "lib/pwl/password_policy.rb",
+    "lib/pwl/store.rb",
+    "pwl.gemspec",
+    "templates/export.html.erb",
+    "test/acceptance/test_basics.rb",
+    "test/acceptance/test_delete.rb",
+    "test/acceptance/test_dialogs.rb",
+    "test/acceptance/test_export.rb",
+    "test/acceptance/test_get.rb",
+    "test/acceptance/test_init.rb",
+    "test/acceptance/test_list.rb",
+    "test/acceptance/test_passwd.rb",
+    "test/acceptance/test_put.rb",
+    "test/fixtures/test_all.html",
+    "test/fixtures/test_empty.html",
+    "test/helper.rb",
+    "test/unit/test_error.rb",
+    "test/unit/test_message.rb",
+    "test/unit/test_store_construction.rb",
+    "test/unit/test_store_crud.rb",
+    "test/unit/test_store_metadata.rb",
+    "test/unit/test_store_password_policy.rb",
+    "test/unit/test_store_security.rb"
+  ]
+  s.homepage = "http://github.com/nerab/pwl"
+  s.licenses = ["MIT"]
+  s.require_paths = ["lib"]
+  s.rubygems_version = "1.8.15"
+  s.summary = "Command-line password locker"
+
+  if s.respond_to? :specification_version then
+    s.specification_version = 3
+
+    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
+      s.add_runtime_dependency(%q<encryptor>, [">= 0"])
+      s.add_runtime_dependency(%q<commander>, [">= 0"])
+      s.add_runtime_dependency(%q<activesupport>, [">= 0"])
+      s.add_development_dependency(%q<rdoc>, ["~> 3.12"])
+      s.add_development_dependency(%q<bundler>, ["~> 1.0.0"])
+      s.add_development_dependency(%q<jeweler>, ["~> 1.8.3"])
+    else
+      s.add_dependency(%q<encryptor>, [">= 0"])
+      s.add_dependency(%q<commander>, [">= 0"])
+      s.add_dependency(%q<activesupport>, [">= 0"])
+      s.add_dependency(%q<rdoc>, ["~> 3.12"])
+      s.add_dependency(%q<bundler>, ["~> 1.0.0"])
+      s.add_dependency(%q<jeweler>, ["~> 1.8.3"])
+    end
+  else
+    s.add_dependency(%q<encryptor>, [">= 0"])
+    s.add_dependency(%q<commander>, [">= 0"])
+    s.add_dependency(%q<activesupport>, [">= 0"])
+    s.add_dependency(%q<rdoc>, ["~> 3.12"])
+    s.add_dependency(%q<bundler>, ["~> 1.0.0"])
+    s.add_dependency(%q<jeweler>, ["~> 1.8.3"])
+  end
+end
+

data/templates/export.html.erb

@@ -0,0 +1,61 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+  <title>Password Manager Export</title>
+  <style type="text/css">
+    table { page-break-inside:auto}
+    tr    { page-break-inside:avoid; page-break-after:auto}
+    thead { display:table-header-group}
+    tfoot { display:table-footer-group; font-size: 0.85em;}
+
+    /* adapted from http://coding.smashingmagazine.com/2008/08/13/top-10-css-table-designs/ */
+    body{
+      font-family: "Lucida Sans Unicode", "Lucida Grande", Sans-Serif;
+      font-size: 12px;
+      margin: 45px;
+      width: 480px;
+      border-collapse: collapse;
+      text-align: left;
+    }
+    th{
+      font-size: 14px;
+      font-weight: bold;
+      padding: 10px 8px;
+      border-bottom: 2px solid;
+    }
+    td{
+      border-bottom: 1px solid;
+      padding: 6px 8px;
+    }
+  </style>
+</head>
+<body>
+  <h1>Password Manager Export</h1>
+  <table>
+    <thead>
+      <tr>
+        <th>Name</th>
+        <th>Value</th>
+      </tr>
+    </thead>
+    <tfoot>
+      <tr>
+        <td colspan="2">
+          This <a href="http://rdoc.info/github/nerab/pwl/master/frames">pwl</a> export was created on <%= DateTime.now.strftime('%F %R') %>.
+        <br/>
+          The database at <%= store.path %> was <%= "last modified #{store.last_modified.strftime('%F %R')}" rescue 'never modified' %>.
+        </td>
+      </tr>
+    </tfoot>
+    <tbody>
+      <% store.all.each{|key, value|%>
+      <tr>
+        <td><%= key %></td>
+        <td><%= value %></td>
+      </tr>
+      <% } %>
+    </tbody>
+  </table>
+</body>
+</html>

data/test/acceptance/test_basics.rb

@@ -0,0 +1,15 @@
+require 'helper'
+
+class TestBasics < Test::Pwl::AppTestCase
+  def test_help
+    assert_successful('Rabenau', 'help')
+  end
+
+  def test_no_args
+    assert_error('invalid', '')
+  end
+
+  def test_unknown_command
+    assert_error('invalid', 'foobar')
+  end
+end

data/test/acceptance/test_delete.rb

@@ -0,0 +1,14 @@
+require 'helper'
+
+# Tests `pwl delete`
+class TestDelete < Test::Pwl::AppTestCase
+  def test_delete_blank_key
+    assert_error('may not be blank', 'delete')
+  end
+
+  def test_delete_simple
+    assert_successful('', 'put foo bar')
+    assert_successful('', 'delete foo')
+    assert_error('No entry was found for foo', 'get foo')
+  end
+end

data/test/acceptance/test_dialogs.rb

@@ -0,0 +1,45 @@
+require 'helper'
+
+#
+# Unit tests for dialogs
+#
+# Note that these teste are being excluded when the plain +rake+ file is run because these tests require manual
+# intervention.
+#
+# Run these tests separately with
+#
+#   rake TEST=test/acceptance/test_dialogs.rb
+#
+class TestPasswordDialog < Test::Unit::TestCase
+  CANDIDATES = %w[Homer Marge Bart Lisa Maggie Martin Ralph]
+
+  def test_get_with_spaces
+    expected = "#{CANDIDATES[Random.rand(CANDIDATES.size)]} #{CANDIDATES[Random.rand(CANDIDATES.size)]}"
+    get_text(expected, Pwl::Dialog::Password)
+  end
+
+  def test_get_empty
+    assert_equal('', Pwl::Dialog::Password.new(self.class.name, "Please just press Enter without entering any text.").get_input)
+  end
+
+  def test_get_without_spaces
+    expected = CANDIDATES[Random.rand(CANDIDATES.size)]
+    get_text(expected, Pwl::Dialog::Password)
+  end
+
+  def test_cancel
+    assert_raise Pwl::Dialog::Cancelled do
+      Pwl::Dialog::Password.new(self.class.name, "Please press the Escape key.").get_input
+    end
+
+    assert_raise Pwl::Dialog::Cancelled do
+      Pwl::Dialog::Password.new(self.class.name, "Please press the Cancel button.").get_input
+    end
+  end
+
+  private
+
+  def get_text(expected, dlg_class)
+    assert_equal(expected, dlg_class.new(self.class.name, "Please enter the string '#{expected}' (without the quotes) and press Enter.").get_input)
+  end
+end