quo_vadis 2.1.6 → 2.1.7
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +6 -0
- data/app/views/quo_vadis/logs/index.html.erb +1 -1
- data/lib/quo_vadis/crypt.rb +12 -6
- data/lib/quo_vadis/version.rb +1 -1
- data/test/integration/sessions_test.rb +1 -1
- data/test/models/crypt_test.rb +19 -0
- metadata +1 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f2f5586e06a0e01dd89d66bf9cae01317b0d302ba51e5a82cfcb4bc00dc0ea85
|
4
|
+
data.tar.gz: f37f34fbae6ab23081643aff844525b4ca8795c9e5057cbce737e7348d6a254f
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: de242f63f325f1520fb9fb209535a4dfcff1c6f3f2e80d6620bce3e940c1000d5452145e83b6917e9106deb844aa4f467be922880c92bbb357da2dcb6bbf563b
|
7
|
+
data.tar.gz: d706a441437cab9af6ee75f3581cc18df8edfd17414317555eecd58a1c984f7cc62a085297158fb5a42f9d244bcfdbde98bd6792220434a6118e32f801c0241e
|
data/CHANGELOG.md
CHANGED
@@ -12,7 +12,7 @@
|
|
12
12
|
<tbody>
|
13
13
|
<% @logs.each do |log| %>
|
14
14
|
<tr>
|
15
|
-
<td><%= log.created_at %></td>
|
15
|
+
<td><time datetime="<%= log.created_at.to_formatted_s(:iso8601) %>"><%= log.created_at.to_formatted_s('%-d %B %Y') %></time></td>
|
16
16
|
<td><%= QuoVadis.translate "log.action.#{log.action}" %></td>
|
17
17
|
<td><%= log.ip %></td>
|
18
18
|
<td><%= log.metadata.empty? ? '' : log.metadata.map {|k,v| "#{k}: #{v}"}.join(', ') %></td>
|
data/lib/quo_vadis/crypt.rb
CHANGED
@@ -8,7 +8,7 @@ module QuoVadis
|
|
8
8
|
return '' if value == ''
|
9
9
|
|
10
10
|
salt = SecureRandom.hex KEY_LENGTH
|
11
|
-
crypt = encryptor
|
11
|
+
crypt = encryptor salt
|
12
12
|
ciphertext = crypt.encrypt_and_sign value
|
13
13
|
[salt, ciphertext].join SEPARATOR
|
14
14
|
end
|
@@ -18,7 +18,7 @@ module QuoVadis
|
|
18
18
|
return '' if value == ''
|
19
19
|
|
20
20
|
salt, data = value.split SEPARATOR
|
21
|
-
crypt = encryptor
|
21
|
+
crypt = encryptor salt
|
22
22
|
crypt.decrypt_and_verify(data)
|
23
23
|
end
|
24
24
|
|
@@ -27,12 +27,18 @@ module QuoVadis
|
|
27
27
|
KEY_LENGTH = ActiveSupport::MessageEncryptor.key_len
|
28
28
|
SEPARATOR = '$$'
|
29
29
|
|
30
|
-
def self.encryptor(
|
31
|
-
|
30
|
+
def self.encryptor(salt)
|
31
|
+
key_sha256 = key salt, OpenSSL::Digest::SHA256
|
32
|
+
key_sha1 = key salt, OpenSSL::Digest::SHA1
|
33
|
+
ActiveSupport::MessageEncryptor.new(key_sha256).tap { |crypt|
|
34
|
+
crypt.rotate key_sha1
|
35
|
+
}
|
32
36
|
end
|
33
37
|
|
34
|
-
def self.key(salt)
|
35
|
-
ActiveSupport::KeyGenerator
|
38
|
+
def self.key(salt, hash_digest_class)
|
39
|
+
ActiveSupport::KeyGenerator
|
40
|
+
.new(secret, hash_digest_class: hash_digest_class)
|
41
|
+
.generate_key(salt, KEY_LENGTH)
|
36
42
|
end
|
37
43
|
|
38
44
|
def self.secret
|
data/lib/quo_vadis/version.rb
CHANGED
@@ -54,7 +54,7 @@ class SessionsTest < IntegrationTest
|
|
54
54
|
phone.get quo_vadis.sessions_path
|
55
55
|
phone.assert_response :success
|
56
56
|
phone.assert_select 'td', 'This session'
|
57
|
-
phone.assert_select 'td
|
57
|
+
phone.assert_select 'td button[type=submit]', text: 'Log out', count: 1
|
58
58
|
|
59
59
|
# on phone, log out the desktop session
|
60
60
|
phone.delete quo_vadis.session_path(QuoVadis::Session.first.id)
|
data/test/models/crypt_test.rb
CHANGED
@@ -4,6 +4,13 @@ class CryptTest < ActiveSupport::TestCase
|
|
4
4
|
|
5
5
|
setup do
|
6
6
|
@crypt = QuoVadis::Crypt
|
7
|
+
|
8
|
+
@crypt_sha1 = Class.new(QuoVadis::Crypt) do
|
9
|
+
def self.encryptor(salt)
|
10
|
+
key_sha1 = key salt, OpenSSL::Digest::SHA1
|
11
|
+
ActiveSupport::MessageEncryptor.new key_sha1
|
12
|
+
end
|
13
|
+
end
|
7
14
|
end
|
8
15
|
|
9
16
|
test 'round trip' do
|
@@ -19,4 +26,16 @@ class CryptTest < ActiveSupport::TestCase
|
|
19
26
|
refute_equal ciphertext, @crypt.encrypt(plaintext)
|
20
27
|
end
|
21
28
|
|
29
|
+
test 'rotation' do
|
30
|
+
# This test only works if our test Rails contains this commit:
|
31
|
+
# https://github.com/rails/rails/commit/447e28347eb46e2ad5dc625de616152bd1b69a32
|
32
|
+
return unless ActiveSupport::KeyGenerator.respond_to? :hash_digest_class
|
33
|
+
|
34
|
+
plaintext = 'the quick brown fox'
|
35
|
+
# Encrypt with SHA1 digest
|
36
|
+
ciphertext_sha1 = @crypt_sha1.encrypt plaintext
|
37
|
+
# Ensure code can decrypt it.
|
38
|
+
assert_equal plaintext, @crypt.decrypt(ciphertext_sha1)
|
39
|
+
end
|
40
|
+
|
22
41
|
end
|