quo_vadis 2.1.6 → 2.1.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +6 -0
- data/app/views/quo_vadis/logs/index.html.erb +1 -1
- data/lib/quo_vadis/crypt.rb +12 -6
- data/lib/quo_vadis/version.rb +1 -1
- data/test/integration/sessions_test.rb +1 -1
- data/test/models/crypt_test.rb +19 -0
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f2f5586e06a0e01dd89d66bf9cae01317b0d302ba51e5a82cfcb4bc00dc0ea85
|
|
4
|
+
data.tar.gz: f37f34fbae6ab23081643aff844525b4ca8795c9e5057cbce737e7348d6a254f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: de242f63f325f1520fb9fb209535a4dfcff1c6f3f2e80d6620bce3e940c1000d5452145e83b6917e9106deb844aa4f467be922880c92bbb357da2dcb6bbf563b
|
|
7
|
+
data.tar.gz: d706a441437cab9af6ee75f3581cc18df8edfd17414317555eecd58a1c984f7cc62a085297158fb5a42f9d244bcfdbde98bd6792220434a6118e32f801c0241e
|
data/CHANGELOG.md
CHANGED
|
@@ -12,7 +12,7 @@
|
|
|
12
12
|
<tbody>
|
|
13
13
|
<% @logs.each do |log| %>
|
|
14
14
|
<tr>
|
|
15
|
-
<td><%= log.created_at %></td>
|
|
15
|
+
<td><time datetime="<%= log.created_at.to_formatted_s(:iso8601) %>"><%= log.created_at.to_formatted_s('%-d %B %Y') %></time></td>
|
|
16
16
|
<td><%= QuoVadis.translate "log.action.#{log.action}" %></td>
|
|
17
17
|
<td><%= log.ip %></td>
|
|
18
18
|
<td><%= log.metadata.empty? ? '' : log.metadata.map {|k,v| "#{k}: #{v}"}.join(', ') %></td>
|
data/lib/quo_vadis/crypt.rb
CHANGED
|
@@ -8,7 +8,7 @@ module QuoVadis
|
|
|
8
8
|
return '' if value == ''
|
|
9
9
|
|
|
10
10
|
salt = SecureRandom.hex KEY_LENGTH
|
|
11
|
-
crypt = encryptor
|
|
11
|
+
crypt = encryptor salt
|
|
12
12
|
ciphertext = crypt.encrypt_and_sign value
|
|
13
13
|
[salt, ciphertext].join SEPARATOR
|
|
14
14
|
end
|
|
@@ -18,7 +18,7 @@ module QuoVadis
|
|
|
18
18
|
return '' if value == ''
|
|
19
19
|
|
|
20
20
|
salt, data = value.split SEPARATOR
|
|
21
|
-
crypt = encryptor
|
|
21
|
+
crypt = encryptor salt
|
|
22
22
|
crypt.decrypt_and_verify(data)
|
|
23
23
|
end
|
|
24
24
|
|
|
@@ -27,12 +27,18 @@ module QuoVadis
|
|
|
27
27
|
KEY_LENGTH = ActiveSupport::MessageEncryptor.key_len
|
|
28
28
|
SEPARATOR = '$$'
|
|
29
29
|
|
|
30
|
-
def self.encryptor(
|
|
31
|
-
|
|
30
|
+
def self.encryptor(salt)
|
|
31
|
+
key_sha256 = key salt, OpenSSL::Digest::SHA256
|
|
32
|
+
key_sha1 = key salt, OpenSSL::Digest::SHA1
|
|
33
|
+
ActiveSupport::MessageEncryptor.new(key_sha256).tap { |crypt|
|
|
34
|
+
crypt.rotate key_sha1
|
|
35
|
+
}
|
|
32
36
|
end
|
|
33
37
|
|
|
34
|
-
def self.key(salt)
|
|
35
|
-
ActiveSupport::KeyGenerator
|
|
38
|
+
def self.key(salt, hash_digest_class)
|
|
39
|
+
ActiveSupport::KeyGenerator
|
|
40
|
+
.new(secret, hash_digest_class: hash_digest_class)
|
|
41
|
+
.generate_key(salt, KEY_LENGTH)
|
|
36
42
|
end
|
|
37
43
|
|
|
38
44
|
def self.secret
|
data/lib/quo_vadis/version.rb
CHANGED
|
@@ -54,7 +54,7 @@ class SessionsTest < IntegrationTest
|
|
|
54
54
|
phone.get quo_vadis.sessions_path
|
|
55
55
|
phone.assert_response :success
|
|
56
56
|
phone.assert_select 'td', 'This session'
|
|
57
|
-
phone.assert_select 'td
|
|
57
|
+
phone.assert_select 'td button[type=submit]', text: 'Log out', count: 1
|
|
58
58
|
|
|
59
59
|
# on phone, log out the desktop session
|
|
60
60
|
phone.delete quo_vadis.session_path(QuoVadis::Session.first.id)
|
data/test/models/crypt_test.rb
CHANGED
|
@@ -4,6 +4,13 @@ class CryptTest < ActiveSupport::TestCase
|
|
|
4
4
|
|
|
5
5
|
setup do
|
|
6
6
|
@crypt = QuoVadis::Crypt
|
|
7
|
+
|
|
8
|
+
@crypt_sha1 = Class.new(QuoVadis::Crypt) do
|
|
9
|
+
def self.encryptor(salt)
|
|
10
|
+
key_sha1 = key salt, OpenSSL::Digest::SHA1
|
|
11
|
+
ActiveSupport::MessageEncryptor.new key_sha1
|
|
12
|
+
end
|
|
13
|
+
end
|
|
7
14
|
end
|
|
8
15
|
|
|
9
16
|
test 'round trip' do
|
|
@@ -19,4 +26,16 @@ class CryptTest < ActiveSupport::TestCase
|
|
|
19
26
|
refute_equal ciphertext, @crypt.encrypt(plaintext)
|
|
20
27
|
end
|
|
21
28
|
|
|
29
|
+
test 'rotation' do
|
|
30
|
+
# This test only works if our test Rails contains this commit:
|
|
31
|
+
# https://github.com/rails/rails/commit/447e28347eb46e2ad5dc625de616152bd1b69a32
|
|
32
|
+
return unless ActiveSupport::KeyGenerator.respond_to? :hash_digest_class
|
|
33
|
+
|
|
34
|
+
plaintext = 'the quick brown fox'
|
|
35
|
+
# Encrypt with SHA1 digest
|
|
36
|
+
ciphertext_sha1 = @crypt_sha1.encrypt plaintext
|
|
37
|
+
# Ensure code can decrypt it.
|
|
38
|
+
assert_equal plaintext, @crypt.decrypt(ciphertext_sha1)
|
|
39
|
+
end
|
|
40
|
+
|
|
22
41
|
end
|