RubyGems - relishable - Versions diffs - 0.40 → 0.41 - Mend

relishable 0.40 → 0.41

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

checksums.yaml +5 -5
data/Gemfile.lock +16 -2
data/lib/relish/encryption_helper.rb +47 -22
data/lib/relish/version.rb +1 -3
metadata +31 -3

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
-SHA256:
-  metadata.gz: 34890ad56a53f91fbbfd6891d570c8e648ec07d95b1ce274f7e685a4b5386821
-  data.tar.gz: 2dd26c1a00f69b44e9774f60279f3bca37316d3b23d71e90da8aa66a976b7f22
+SHA1:
+  metadata.gz: 29dda1bae467029b5b8fa1bf9e571c346369cb67
+  data.tar.gz: fc53164b682a045c484a7915da717971714f7acf
 SHA512:
-  metadata.gz: d8efa76f83543601f038374960ed849884286b5288bf84837c8bed2b77230f7a948b22fb623520af6c5425aa61dd07ae1622b73eecaad917eb8f77cd12a612e7
-  data.tar.gz: 035c3615cde90904ebe3e6572bd5f290b4aa99d3bb3594a27f21e4da6eb010706cc85822605c204414acde39ca9085b3112a5a2566a4aa1326493fa39cce3ebf
+  metadata.gz: 5b32c9440b0600e7b2d82cce500bbf8a691193348659a61d6dcccc2656e9da17f79a699c5f9750477f073c11f6656630e8355f4c10f1793fabc6e96f1a9a4f31
+  data.tar.gz: a2dc8f10b4297603ff3d74da4ac355ddba222962a7606dd2b498fa5a196668e374382ff43fee600173fa0f65750cc32bef81799e717bb44d68aa7e2481b2ef0b

data/Gemfile.lock CHANGED

@@ -1,7 +1,8 @@
 PATH
   remote: .
   specs:
-    relishable (0.40)
+    relishable (0.41)
+      fernet (~> 2.3)
       fog-aws (~> 0.8.0)
       legacy-fernet (~> 1.6.3)
       net-ssh (~> 3.0.2)
@@ -11,10 +12,14 @@ GEM
   specs:
     addressable (2.3.8)
     builder (3.2.3)
+    byebug (10.0.0)
+    coderay (1.1.2)
     crack (0.4.2)
       safe_yaml (~> 1.0.0)
     diff-lcs (1.2.5)
     excon (0.62.0)
+    fernet (2.3)
+      valcro (~> 0.1)
     fog-aws (0.8.1)
       fog-core (~> 1.27)
       fog-json (~> 1.0)
@@ -34,12 +39,19 @@ GEM
     ipaddress (0.8.3)
     legacy-fernet (1.6.4)
       multi_json (~> 1.0)
+    method_source (0.9.1)
     mini_portile2 (2.3.0)
     multi_json (1.13.1)
     net-ssh (3.0.2)
     nokogiri (1.8.5)
       mini_portile2 (~> 2.3.0)
     power_assert (0.2.2)
+    pry (0.11.3)
+      coderay (~> 1.1.0)
+      method_source (~> 0.9.0)
+    pry-byebug (3.6.0)
+      byebug (~> 10.0)
+      pry (~> 0.10)
     rake (10.4.2)
     rspec (3.1.0)
       rspec-core (~> 3.1.0)
@@ -56,6 +68,7 @@ GEM
     safe_yaml (1.0.4)
     test-unit (3.0.8)
       power_assert
+    valcro (0.1.1)
     webmock (1.19.0)
       addressable (>= 2.3.6)
       crack (>= 0.3.2)
@@ -64,6 +77,7 @@ PLATFORMS
   ruby
 DEPENDENCIES
+  pry-byebug
   rake (> 0)
   relishable!
   rspec (~> 3.1.0)
@@ -71,4 +85,4 @@ DEPENDENCIES
   webmock (~> 1.19.0)
 BUNDLED WITH
-   1.16.2
+   1.17.1

data/lib/relish/encryption_helper.rb CHANGED

@@ -1,5 +1,6 @@
 require "relish/release"
 require "fernet/legacy"
+require "fernet"
 require "openssl"
 class RelishDecryptionFailed < RuntimeError; end
@@ -7,31 +8,31 @@ class RelishDecryptionFailed < RuntimeError; end
 class Relish
   class EncryptionHelper
+    LEGACY_MATCHER = /.+?\|.+?\|.+?/.freeze
     def initialize(static_secret, secrets)
       @static_secret = static_secret
       @secrets = secrets
     end
-    def encrypt(key, value)
-      Fernet::Legacy.generate(hmac_secrets.first) do |gen|
-        gen.data = {key => value}
-      end
+    def encrypt(_key = 'env', value)
+      current_encrypt(value)
     end
-    def decrypt(key, token)
-      hmac_secrets.each do |secret|
-        if verifier = verifier(secret, token)
-          return verifier.data[key] if verifier.valid?
-        end
+    def legacy_encrypt(key, value)
+      Fernet::Legacy.generate(hmac_secrets.first) do |gen|
+        gen.data = { key => value }
       end
-      raise RelishDecryptionFailed
     end
-    def upgrade(key, token)
-      if verifier = verifier(hmac_secrets.first, token)
-        return encrypt(key, verifier.data[key]) if verifier.valid?
+    def decrypt(key = 'env', token)
+      plain = nil
+      hmac_secrets.each do |secret|
+        plain = decrypt_with_secret(secret, token, key)
+        break if plain
       end
-      raise RelishDecryptionFailed
+      raise RelishDecryptionFailed unless plain
+      plain
     end
     def inspect
@@ -42,22 +43,46 @@ class Relish
     protected
+    def current_encrypt(value)
+      Fernet.generate(hmac_secrets.first[0, 32], value)
+    end
+    def legacy?(token)
+      !!(token =~ LEGACY_MATCHER)
+    end
     def hmac_secrets
       @hmac_secrets ||= @secrets.map do |secret|
         OpenSSL::HMAC.hexdigest('sha256', @static_secret, secret)
       end
     end
-    def verifier(secret, token)
-      Fernet::Legacy.verifier(secret, token).tap do |verifier|
-        verifier.enforce_ttl = false
-        verifier.verify_token(token)
-      end
+    def legacy_decrypt(secret, token, key)
+      verifier = Fernet::Legacy.verifier(secret, token)
+      verifier.enforce_ttl = false
+      verifier.verify_token(token)
+      return nil unless verifier.valid?
+      verifier.data[key]
     rescue OpenSSL::Cipher::CipherError
-    # Certain combinations of keys and encrypted data cause decryption with an
-    # incorrect key to succeed (no CipherError) but produce garbage data which
-    # cannot be decoded into JSON, and thus fail with a ParseError instead.
+      # Certain combinations of keys and encrypted data cause decryption with an
+      # incorrect key to succeed (no CipherError) but produce garbage data which
+      # cannot be decoded into JSON, and thus fail with a ParseError instead.
     rescue MultiJson::ParseError
     end
+    def current_decrypt(secret, token)
+      verifier = Fernet.verifier(secret[0, 32], token)
+      verifier.enforce_ttl = false
+      return nil unless verifier.valid?
+      verifier.message
+    end
+    def decrypt_with_secret(secret, token, key)
+      if legacy?(token)
+        legacy_decrypt(secret, token, key)
+      else
+        current_decrypt(secret, token)
+      end
+    end
   end
 end

data/lib/relish/version.rb CHANGED

@@ -1,5 +1,3 @@
 class Relish
-  VERSION = "0.40"
+  VERSION = "0.41"
 end

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: relishable
 version: !ruby/object:Gem::Version
-  version: '0.40'
+  version: '0.41'
 platform: ruby
 authors:
 - Mark Fine
@@ -11,7 +11,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2018-11-09 00:00:00.000000000 Z
+date: 2018-11-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: fog-aws
@@ -41,6 +41,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 1.6.3
+- !ruby/object:Gem::Dependency
+  name: fernet
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.3'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.3'
 - !ruby/object:Gem::Dependency
   name: net-ssh
   requirement: !ruby/object:Gem::Requirement
@@ -111,6 +125,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 1.19.0
+- !ruby/object:Gem::Dependency
+  name: pry-byebug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: Release manager.
 email:
 - pedro@heroku.com
@@ -148,7 +176,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.7.7
+rubygems_version: 2.5.1
 signing_key:
 specification_version: 4
 summary: releases