relishable 0.40 → 0.41

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA256:
3
- metadata.gz: 34890ad56a53f91fbbfd6891d570c8e648ec07d95b1ce274f7e685a4b5386821
4
- data.tar.gz: 2dd26c1a00f69b44e9774f60279f3bca37316d3b23d71e90da8aa66a976b7f22
2
+ SHA1:
3
+ metadata.gz: 29dda1bae467029b5b8fa1bf9e571c346369cb67
4
+ data.tar.gz: fc53164b682a045c484a7915da717971714f7acf
5
5
  SHA512:
6
- metadata.gz: d8efa76f83543601f038374960ed849884286b5288bf84837c8bed2b77230f7a948b22fb623520af6c5425aa61dd07ae1622b73eecaad917eb8f77cd12a612e7
7
- data.tar.gz: 035c3615cde90904ebe3e6572bd5f290b4aa99d3bb3594a27f21e4da6eb010706cc85822605c204414acde39ca9085b3112a5a2566a4aa1326493fa39cce3ebf
6
+ metadata.gz: 5b32c9440b0600e7b2d82cce500bbf8a691193348659a61d6dcccc2656e9da17f79a699c5f9750477f073c11f6656630e8355f4c10f1793fabc6e96f1a9a4f31
7
+ data.tar.gz: a2dc8f10b4297603ff3d74da4ac355ddba222962a7606dd2b498fa5a196668e374382ff43fee600173fa0f65750cc32bef81799e717bb44d68aa7e2481b2ef0b
@@ -1,7 +1,8 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- relishable (0.40)
4
+ relishable (0.41)
5
+ fernet (~> 2.3)
5
6
  fog-aws (~> 0.8.0)
6
7
  legacy-fernet (~> 1.6.3)
7
8
  net-ssh (~> 3.0.2)
@@ -11,10 +12,14 @@ GEM
11
12
  specs:
12
13
  addressable (2.3.8)
13
14
  builder (3.2.3)
15
+ byebug (10.0.0)
16
+ coderay (1.1.2)
14
17
  crack (0.4.2)
15
18
  safe_yaml (~> 1.0.0)
16
19
  diff-lcs (1.2.5)
17
20
  excon (0.62.0)
21
+ fernet (2.3)
22
+ valcro (~> 0.1)
18
23
  fog-aws (0.8.1)
19
24
  fog-core (~> 1.27)
20
25
  fog-json (~> 1.0)
@@ -34,12 +39,19 @@ GEM
34
39
  ipaddress (0.8.3)
35
40
  legacy-fernet (1.6.4)
36
41
  multi_json (~> 1.0)
42
+ method_source (0.9.1)
37
43
  mini_portile2 (2.3.0)
38
44
  multi_json (1.13.1)
39
45
  net-ssh (3.0.2)
40
46
  nokogiri (1.8.5)
41
47
  mini_portile2 (~> 2.3.0)
42
48
  power_assert (0.2.2)
49
+ pry (0.11.3)
50
+ coderay (~> 1.1.0)
51
+ method_source (~> 0.9.0)
52
+ pry-byebug (3.6.0)
53
+ byebug (~> 10.0)
54
+ pry (~> 0.10)
43
55
  rake (10.4.2)
44
56
  rspec (3.1.0)
45
57
  rspec-core (~> 3.1.0)
@@ -56,6 +68,7 @@ GEM
56
68
  safe_yaml (1.0.4)
57
69
  test-unit (3.0.8)
58
70
  power_assert
71
+ valcro (0.1.1)
59
72
  webmock (1.19.0)
60
73
  addressable (>= 2.3.6)
61
74
  crack (>= 0.3.2)
@@ -64,6 +77,7 @@ PLATFORMS
64
77
  ruby
65
78
 
66
79
  DEPENDENCIES
80
+ pry-byebug
67
81
  rake (> 0)
68
82
  relishable!
69
83
  rspec (~> 3.1.0)
@@ -71,4 +85,4 @@ DEPENDENCIES
71
85
  webmock (~> 1.19.0)
72
86
 
73
87
  BUNDLED WITH
74
- 1.16.2
88
+ 1.17.1
@@ -1,5 +1,6 @@
1
1
  require "relish/release"
2
2
  require "fernet/legacy"
3
+ require "fernet"
3
4
  require "openssl"
4
5
 
5
6
  class RelishDecryptionFailed < RuntimeError; end
@@ -7,31 +8,31 @@ class RelishDecryptionFailed < RuntimeError; end
7
8
  class Relish
8
9
  class EncryptionHelper
9
10
 
11
+ LEGACY_MATCHER = /.+?\|.+?\|.+?/.freeze
12
+
10
13
  def initialize(static_secret, secrets)
11
14
  @static_secret = static_secret
12
15
  @secrets = secrets
13
16
  end
14
17
 
15
- def encrypt(key, value)
16
- Fernet::Legacy.generate(hmac_secrets.first) do |gen|
17
- gen.data = {key => value}
18
- end
18
+ def encrypt(_key = 'env', value)
19
+ current_encrypt(value)
19
20
  end
20
21
 
21
- def decrypt(key, token)
22
- hmac_secrets.each do |secret|
23
- if verifier = verifier(secret, token)
24
- return verifier.data[key] if verifier.valid?
25
- end
22
+ def legacy_encrypt(key, value)
23
+ Fernet::Legacy.generate(hmac_secrets.first) do |gen|
24
+ gen.data = { key => value }
26
25
  end
27
- raise RelishDecryptionFailed
28
26
  end
29
27
 
30
- def upgrade(key, token)
31
- if verifier = verifier(hmac_secrets.first, token)
32
- return encrypt(key, verifier.data[key]) if verifier.valid?
28
+ def decrypt(key = 'env', token)
29
+ plain = nil
30
+ hmac_secrets.each do |secret|
31
+ plain = decrypt_with_secret(secret, token, key)
32
+ break if plain
33
33
  end
34
- raise RelishDecryptionFailed
34
+ raise RelishDecryptionFailed unless plain
35
+ plain
35
36
  end
36
37
 
37
38
  def inspect
@@ -42,22 +43,46 @@ class Relish
42
43
 
43
44
  protected
44
45
 
46
+ def current_encrypt(value)
47
+ Fernet.generate(hmac_secrets.first[0, 32], value)
48
+ end
49
+
50
+ def legacy?(token)
51
+ !!(token =~ LEGACY_MATCHER)
52
+ end
53
+
45
54
  def hmac_secrets
46
55
  @hmac_secrets ||= @secrets.map do |secret|
47
56
  OpenSSL::HMAC.hexdigest('sha256', @static_secret, secret)
48
57
  end
49
58
  end
50
59
 
51
- def verifier(secret, token)
52
- Fernet::Legacy.verifier(secret, token).tap do |verifier|
53
- verifier.enforce_ttl = false
54
- verifier.verify_token(token)
55
- end
60
+ def legacy_decrypt(secret, token, key)
61
+ verifier = Fernet::Legacy.verifier(secret, token)
62
+ verifier.enforce_ttl = false
63
+ verifier.verify_token(token)
64
+ return nil unless verifier.valid?
65
+ verifier.data[key]
56
66
  rescue OpenSSL::Cipher::CipherError
57
- # Certain combinations of keys and encrypted data cause decryption with an
58
- # incorrect key to succeed (no CipherError) but produce garbage data which
59
- # cannot be decoded into JSON, and thus fail with a ParseError instead.
67
+ # Certain combinations of keys and encrypted data cause decryption with an
68
+ # incorrect key to succeed (no CipherError) but produce garbage data which
69
+ # cannot be decoded into JSON, and thus fail with a ParseError instead.
60
70
  rescue MultiJson::ParseError
61
71
  end
72
+
73
+ def current_decrypt(secret, token)
74
+ verifier = Fernet.verifier(secret[0, 32], token)
75
+ verifier.enforce_ttl = false
76
+ return nil unless verifier.valid?
77
+ verifier.message
78
+ end
79
+
80
+ def decrypt_with_secret(secret, token, key)
81
+ if legacy?(token)
82
+ legacy_decrypt(secret, token, key)
83
+ else
84
+ current_decrypt(secret, token)
85
+ end
86
+ end
62
87
  end
63
88
  end
@@ -1,5 +1,3 @@
1
1
  class Relish
2
- VERSION = "0.40"
2
+ VERSION = "0.41"
3
3
  end
4
-
5
-
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: relishable
3
3
  version: !ruby/object:Gem::Version
4
- version: '0.40'
4
+ version: '0.41'
5
5
  platform: ruby
6
6
  authors:
7
7
  - Mark Fine
@@ -11,7 +11,7 @@ authors:
11
11
  autorequire:
12
12
  bindir: bin
13
13
  cert_chain: []
14
- date: 2018-11-09 00:00:00.000000000 Z
14
+ date: 2018-11-28 00:00:00.000000000 Z
15
15
  dependencies:
16
16
  - !ruby/object:Gem::Dependency
17
17
  name: fog-aws
@@ -41,6 +41,20 @@ dependencies:
41
41
  - - "~>"
42
42
  - !ruby/object:Gem::Version
43
43
  version: 1.6.3
44
+ - !ruby/object:Gem::Dependency
45
+ name: fernet
46
+ requirement: !ruby/object:Gem::Requirement
47
+ requirements:
48
+ - - "~>"
49
+ - !ruby/object:Gem::Version
50
+ version: '2.3'
51
+ type: :runtime
52
+ prerelease: false
53
+ version_requirements: !ruby/object:Gem::Requirement
54
+ requirements:
55
+ - - "~>"
56
+ - !ruby/object:Gem::Version
57
+ version: '2.3'
44
58
  - !ruby/object:Gem::Dependency
45
59
  name: net-ssh
46
60
  requirement: !ruby/object:Gem::Requirement
@@ -111,6 +125,20 @@ dependencies:
111
125
  - - "~>"
112
126
  - !ruby/object:Gem::Version
113
127
  version: 1.19.0
128
+ - !ruby/object:Gem::Dependency
129
+ name: pry-byebug
130
+ requirement: !ruby/object:Gem::Requirement
131
+ requirements:
132
+ - - ">="
133
+ - !ruby/object:Gem::Version
134
+ version: '0'
135
+ type: :development
136
+ prerelease: false
137
+ version_requirements: !ruby/object:Gem::Requirement
138
+ requirements:
139
+ - - ">="
140
+ - !ruby/object:Gem::Version
141
+ version: '0'
114
142
  description: Release manager.
115
143
  email:
116
144
  - pedro@heroku.com
@@ -148,7 +176,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
148
176
  version: '0'
149
177
  requirements: []
150
178
  rubyforge_project:
151
- rubygems_version: 2.7.7
179
+ rubygems_version: 2.5.1
152
180
  signing_key:
153
181
  specification_version: 4
154
182
  summary: releases