relishable 0.40 → 0.41
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/Gemfile.lock +16 -2
- data/lib/relish/encryption_helper.rb +47 -22
- data/lib/relish/version.rb +1 -3
- metadata +31 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: 29dda1bae467029b5b8fa1bf9e571c346369cb67
|
4
|
+
data.tar.gz: fc53164b682a045c484a7915da717971714f7acf
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 5b32c9440b0600e7b2d82cce500bbf8a691193348659a61d6dcccc2656e9da17f79a699c5f9750477f073c11f6656630e8355f4c10f1793fabc6e96f1a9a4f31
|
7
|
+
data.tar.gz: a2dc8f10b4297603ff3d74da4ac355ddba222962a7606dd2b498fa5a196668e374382ff43fee600173fa0f65750cc32bef81799e717bb44d68aa7e2481b2ef0b
|
data/Gemfile.lock
CHANGED
@@ -1,7 +1,8 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
relishable (0.
|
4
|
+
relishable (0.41)
|
5
|
+
fernet (~> 2.3)
|
5
6
|
fog-aws (~> 0.8.0)
|
6
7
|
legacy-fernet (~> 1.6.3)
|
7
8
|
net-ssh (~> 3.0.2)
|
@@ -11,10 +12,14 @@ GEM
|
|
11
12
|
specs:
|
12
13
|
addressable (2.3.8)
|
13
14
|
builder (3.2.3)
|
15
|
+
byebug (10.0.0)
|
16
|
+
coderay (1.1.2)
|
14
17
|
crack (0.4.2)
|
15
18
|
safe_yaml (~> 1.0.0)
|
16
19
|
diff-lcs (1.2.5)
|
17
20
|
excon (0.62.0)
|
21
|
+
fernet (2.3)
|
22
|
+
valcro (~> 0.1)
|
18
23
|
fog-aws (0.8.1)
|
19
24
|
fog-core (~> 1.27)
|
20
25
|
fog-json (~> 1.0)
|
@@ -34,12 +39,19 @@ GEM
|
|
34
39
|
ipaddress (0.8.3)
|
35
40
|
legacy-fernet (1.6.4)
|
36
41
|
multi_json (~> 1.0)
|
42
|
+
method_source (0.9.1)
|
37
43
|
mini_portile2 (2.3.0)
|
38
44
|
multi_json (1.13.1)
|
39
45
|
net-ssh (3.0.2)
|
40
46
|
nokogiri (1.8.5)
|
41
47
|
mini_portile2 (~> 2.3.0)
|
42
48
|
power_assert (0.2.2)
|
49
|
+
pry (0.11.3)
|
50
|
+
coderay (~> 1.1.0)
|
51
|
+
method_source (~> 0.9.0)
|
52
|
+
pry-byebug (3.6.0)
|
53
|
+
byebug (~> 10.0)
|
54
|
+
pry (~> 0.10)
|
43
55
|
rake (10.4.2)
|
44
56
|
rspec (3.1.0)
|
45
57
|
rspec-core (~> 3.1.0)
|
@@ -56,6 +68,7 @@ GEM
|
|
56
68
|
safe_yaml (1.0.4)
|
57
69
|
test-unit (3.0.8)
|
58
70
|
power_assert
|
71
|
+
valcro (0.1.1)
|
59
72
|
webmock (1.19.0)
|
60
73
|
addressable (>= 2.3.6)
|
61
74
|
crack (>= 0.3.2)
|
@@ -64,6 +77,7 @@ PLATFORMS
|
|
64
77
|
ruby
|
65
78
|
|
66
79
|
DEPENDENCIES
|
80
|
+
pry-byebug
|
67
81
|
rake (> 0)
|
68
82
|
relishable!
|
69
83
|
rspec (~> 3.1.0)
|
@@ -71,4 +85,4 @@ DEPENDENCIES
|
|
71
85
|
webmock (~> 1.19.0)
|
72
86
|
|
73
87
|
BUNDLED WITH
|
74
|
-
1.
|
88
|
+
1.17.1
|
@@ -1,5 +1,6 @@
|
|
1
1
|
require "relish/release"
|
2
2
|
require "fernet/legacy"
|
3
|
+
require "fernet"
|
3
4
|
require "openssl"
|
4
5
|
|
5
6
|
class RelishDecryptionFailed < RuntimeError; end
|
@@ -7,31 +8,31 @@ class RelishDecryptionFailed < RuntimeError; end
|
|
7
8
|
class Relish
|
8
9
|
class EncryptionHelper
|
9
10
|
|
11
|
+
LEGACY_MATCHER = /.+?\|.+?\|.+?/.freeze
|
12
|
+
|
10
13
|
def initialize(static_secret, secrets)
|
11
14
|
@static_secret = static_secret
|
12
15
|
@secrets = secrets
|
13
16
|
end
|
14
17
|
|
15
|
-
def encrypt(
|
16
|
-
|
17
|
-
gen.data = {key => value}
|
18
|
-
end
|
18
|
+
def encrypt(_key = 'env', value)
|
19
|
+
current_encrypt(value)
|
19
20
|
end
|
20
21
|
|
21
|
-
def
|
22
|
-
hmac_secrets.
|
23
|
-
|
24
|
-
return verifier.data[key] if verifier.valid?
|
25
|
-
end
|
22
|
+
def legacy_encrypt(key, value)
|
23
|
+
Fernet::Legacy.generate(hmac_secrets.first) do |gen|
|
24
|
+
gen.data = { key => value }
|
26
25
|
end
|
27
|
-
raise RelishDecryptionFailed
|
28
26
|
end
|
29
27
|
|
30
|
-
def
|
31
|
-
|
32
|
-
|
28
|
+
def decrypt(key = 'env', token)
|
29
|
+
plain = nil
|
30
|
+
hmac_secrets.each do |secret|
|
31
|
+
plain = decrypt_with_secret(secret, token, key)
|
32
|
+
break if plain
|
33
33
|
end
|
34
|
-
raise RelishDecryptionFailed
|
34
|
+
raise RelishDecryptionFailed unless plain
|
35
|
+
plain
|
35
36
|
end
|
36
37
|
|
37
38
|
def inspect
|
@@ -42,22 +43,46 @@ class Relish
|
|
42
43
|
|
43
44
|
protected
|
44
45
|
|
46
|
+
def current_encrypt(value)
|
47
|
+
Fernet.generate(hmac_secrets.first[0, 32], value)
|
48
|
+
end
|
49
|
+
|
50
|
+
def legacy?(token)
|
51
|
+
!!(token =~ LEGACY_MATCHER)
|
52
|
+
end
|
53
|
+
|
45
54
|
def hmac_secrets
|
46
55
|
@hmac_secrets ||= @secrets.map do |secret|
|
47
56
|
OpenSSL::HMAC.hexdigest('sha256', @static_secret, secret)
|
48
57
|
end
|
49
58
|
end
|
50
59
|
|
51
|
-
def
|
52
|
-
Fernet::Legacy.verifier(secret, token)
|
53
|
-
|
54
|
-
|
55
|
-
|
60
|
+
def legacy_decrypt(secret, token, key)
|
61
|
+
verifier = Fernet::Legacy.verifier(secret, token)
|
62
|
+
verifier.enforce_ttl = false
|
63
|
+
verifier.verify_token(token)
|
64
|
+
return nil unless verifier.valid?
|
65
|
+
verifier.data[key]
|
56
66
|
rescue OpenSSL::Cipher::CipherError
|
57
|
-
|
58
|
-
|
59
|
-
|
67
|
+
# Certain combinations of keys and encrypted data cause decryption with an
|
68
|
+
# incorrect key to succeed (no CipherError) but produce garbage data which
|
69
|
+
# cannot be decoded into JSON, and thus fail with a ParseError instead.
|
60
70
|
rescue MultiJson::ParseError
|
61
71
|
end
|
72
|
+
|
73
|
+
def current_decrypt(secret, token)
|
74
|
+
verifier = Fernet.verifier(secret[0, 32], token)
|
75
|
+
verifier.enforce_ttl = false
|
76
|
+
return nil unless verifier.valid?
|
77
|
+
verifier.message
|
78
|
+
end
|
79
|
+
|
80
|
+
def decrypt_with_secret(secret, token, key)
|
81
|
+
if legacy?(token)
|
82
|
+
legacy_decrypt(secret, token, key)
|
83
|
+
else
|
84
|
+
current_decrypt(secret, token)
|
85
|
+
end
|
86
|
+
end
|
62
87
|
end
|
63
88
|
end
|
data/lib/relish/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: relishable
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: '0.
|
4
|
+
version: '0.41'
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Mark Fine
|
@@ -11,7 +11,7 @@ authors:
|
|
11
11
|
autorequire:
|
12
12
|
bindir: bin
|
13
13
|
cert_chain: []
|
14
|
-
date: 2018-11-
|
14
|
+
date: 2018-11-28 00:00:00.000000000 Z
|
15
15
|
dependencies:
|
16
16
|
- !ruby/object:Gem::Dependency
|
17
17
|
name: fog-aws
|
@@ -41,6 +41,20 @@ dependencies:
|
|
41
41
|
- - "~>"
|
42
42
|
- !ruby/object:Gem::Version
|
43
43
|
version: 1.6.3
|
44
|
+
- !ruby/object:Gem::Dependency
|
45
|
+
name: fernet
|
46
|
+
requirement: !ruby/object:Gem::Requirement
|
47
|
+
requirements:
|
48
|
+
- - "~>"
|
49
|
+
- !ruby/object:Gem::Version
|
50
|
+
version: '2.3'
|
51
|
+
type: :runtime
|
52
|
+
prerelease: false
|
53
|
+
version_requirements: !ruby/object:Gem::Requirement
|
54
|
+
requirements:
|
55
|
+
- - "~>"
|
56
|
+
- !ruby/object:Gem::Version
|
57
|
+
version: '2.3'
|
44
58
|
- !ruby/object:Gem::Dependency
|
45
59
|
name: net-ssh
|
46
60
|
requirement: !ruby/object:Gem::Requirement
|
@@ -111,6 +125,20 @@ dependencies:
|
|
111
125
|
- - "~>"
|
112
126
|
- !ruby/object:Gem::Version
|
113
127
|
version: 1.19.0
|
128
|
+
- !ruby/object:Gem::Dependency
|
129
|
+
name: pry-byebug
|
130
|
+
requirement: !ruby/object:Gem::Requirement
|
131
|
+
requirements:
|
132
|
+
- - ">="
|
133
|
+
- !ruby/object:Gem::Version
|
134
|
+
version: '0'
|
135
|
+
type: :development
|
136
|
+
prerelease: false
|
137
|
+
version_requirements: !ruby/object:Gem::Requirement
|
138
|
+
requirements:
|
139
|
+
- - ">="
|
140
|
+
- !ruby/object:Gem::Version
|
141
|
+
version: '0'
|
114
142
|
description: Release manager.
|
115
143
|
email:
|
116
144
|
- pedro@heroku.com
|
@@ -148,7 +176,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
148
176
|
version: '0'
|
149
177
|
requirements: []
|
150
178
|
rubyforge_project:
|
151
|
-
rubygems_version: 2.
|
179
|
+
rubygems_version: 2.5.1
|
152
180
|
signing_key:
|
153
181
|
specification_version: 4
|
154
182
|
summary: releases
|