relishable 0.40 → 0.41
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/Gemfile.lock +16 -2
- data/lib/relish/encryption_helper.rb +47 -22
- data/lib/relish/version.rb +1 -3
- metadata +31 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: 29dda1bae467029b5b8fa1bf9e571c346369cb67
|
4
|
+
data.tar.gz: fc53164b682a045c484a7915da717971714f7acf
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 5b32c9440b0600e7b2d82cce500bbf8a691193348659a61d6dcccc2656e9da17f79a699c5f9750477f073c11f6656630e8355f4c10f1793fabc6e96f1a9a4f31
|
7
|
+
data.tar.gz: a2dc8f10b4297603ff3d74da4ac355ddba222962a7606dd2b498fa5a196668e374382ff43fee600173fa0f65750cc32bef81799e717bb44d68aa7e2481b2ef0b
|
data/Gemfile.lock
CHANGED
@@ -1,7 +1,8 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
relishable (0.
|
4
|
+
relishable (0.41)
|
5
|
+
fernet (~> 2.3)
|
5
6
|
fog-aws (~> 0.8.0)
|
6
7
|
legacy-fernet (~> 1.6.3)
|
7
8
|
net-ssh (~> 3.0.2)
|
@@ -11,10 +12,14 @@ GEM
|
|
11
12
|
specs:
|
12
13
|
addressable (2.3.8)
|
13
14
|
builder (3.2.3)
|
15
|
+
byebug (10.0.0)
|
16
|
+
coderay (1.1.2)
|
14
17
|
crack (0.4.2)
|
15
18
|
safe_yaml (~> 1.0.0)
|
16
19
|
diff-lcs (1.2.5)
|
17
20
|
excon (0.62.0)
|
21
|
+
fernet (2.3)
|
22
|
+
valcro (~> 0.1)
|
18
23
|
fog-aws (0.8.1)
|
19
24
|
fog-core (~> 1.27)
|
20
25
|
fog-json (~> 1.0)
|
@@ -34,12 +39,19 @@ GEM
|
|
34
39
|
ipaddress (0.8.3)
|
35
40
|
legacy-fernet (1.6.4)
|
36
41
|
multi_json (~> 1.0)
|
42
|
+
method_source (0.9.1)
|
37
43
|
mini_portile2 (2.3.0)
|
38
44
|
multi_json (1.13.1)
|
39
45
|
net-ssh (3.0.2)
|
40
46
|
nokogiri (1.8.5)
|
41
47
|
mini_portile2 (~> 2.3.0)
|
42
48
|
power_assert (0.2.2)
|
49
|
+
pry (0.11.3)
|
50
|
+
coderay (~> 1.1.0)
|
51
|
+
method_source (~> 0.9.0)
|
52
|
+
pry-byebug (3.6.0)
|
53
|
+
byebug (~> 10.0)
|
54
|
+
pry (~> 0.10)
|
43
55
|
rake (10.4.2)
|
44
56
|
rspec (3.1.0)
|
45
57
|
rspec-core (~> 3.1.0)
|
@@ -56,6 +68,7 @@ GEM
|
|
56
68
|
safe_yaml (1.0.4)
|
57
69
|
test-unit (3.0.8)
|
58
70
|
power_assert
|
71
|
+
valcro (0.1.1)
|
59
72
|
webmock (1.19.0)
|
60
73
|
addressable (>= 2.3.6)
|
61
74
|
crack (>= 0.3.2)
|
@@ -64,6 +77,7 @@ PLATFORMS
|
|
64
77
|
ruby
|
65
78
|
|
66
79
|
DEPENDENCIES
|
80
|
+
pry-byebug
|
67
81
|
rake (> 0)
|
68
82
|
relishable!
|
69
83
|
rspec (~> 3.1.0)
|
@@ -71,4 +85,4 @@ DEPENDENCIES
|
|
71
85
|
webmock (~> 1.19.0)
|
72
86
|
|
73
87
|
BUNDLED WITH
|
74
|
-
1.
|
88
|
+
1.17.1
|
@@ -1,5 +1,6 @@
|
|
1
1
|
require "relish/release"
|
2
2
|
require "fernet/legacy"
|
3
|
+
require "fernet"
|
3
4
|
require "openssl"
|
4
5
|
|
5
6
|
class RelishDecryptionFailed < RuntimeError; end
|
@@ -7,31 +8,31 @@ class RelishDecryptionFailed < RuntimeError; end
|
|
7
8
|
class Relish
|
8
9
|
class EncryptionHelper
|
9
10
|
|
11
|
+
LEGACY_MATCHER = /.+?\|.+?\|.+?/.freeze
|
12
|
+
|
10
13
|
def initialize(static_secret, secrets)
|
11
14
|
@static_secret = static_secret
|
12
15
|
@secrets = secrets
|
13
16
|
end
|
14
17
|
|
15
|
-
def encrypt(
|
16
|
-
|
17
|
-
gen.data = {key => value}
|
18
|
-
end
|
18
|
+
def encrypt(_key = 'env', value)
|
19
|
+
current_encrypt(value)
|
19
20
|
end
|
20
21
|
|
21
|
-
def
|
22
|
-
hmac_secrets.
|
23
|
-
|
24
|
-
return verifier.data[key] if verifier.valid?
|
25
|
-
end
|
22
|
+
def legacy_encrypt(key, value)
|
23
|
+
Fernet::Legacy.generate(hmac_secrets.first) do |gen|
|
24
|
+
gen.data = { key => value }
|
26
25
|
end
|
27
|
-
raise RelishDecryptionFailed
|
28
26
|
end
|
29
27
|
|
30
|
-
def
|
31
|
-
|
32
|
-
|
28
|
+
def decrypt(key = 'env', token)
|
29
|
+
plain = nil
|
30
|
+
hmac_secrets.each do |secret|
|
31
|
+
plain = decrypt_with_secret(secret, token, key)
|
32
|
+
break if plain
|
33
33
|
end
|
34
|
-
raise RelishDecryptionFailed
|
34
|
+
raise RelishDecryptionFailed unless plain
|
35
|
+
plain
|
35
36
|
end
|
36
37
|
|
37
38
|
def inspect
|
@@ -42,22 +43,46 @@ class Relish
|
|
42
43
|
|
43
44
|
protected
|
44
45
|
|
46
|
+
def current_encrypt(value)
|
47
|
+
Fernet.generate(hmac_secrets.first[0, 32], value)
|
48
|
+
end
|
49
|
+
|
50
|
+
def legacy?(token)
|
51
|
+
!!(token =~ LEGACY_MATCHER)
|
52
|
+
end
|
53
|
+
|
45
54
|
def hmac_secrets
|
46
55
|
@hmac_secrets ||= @secrets.map do |secret|
|
47
56
|
OpenSSL::HMAC.hexdigest('sha256', @static_secret, secret)
|
48
57
|
end
|
49
58
|
end
|
50
59
|
|
51
|
-
def
|
52
|
-
Fernet::Legacy.verifier(secret, token)
|
53
|
-
|
54
|
-
|
55
|
-
|
60
|
+
def legacy_decrypt(secret, token, key)
|
61
|
+
verifier = Fernet::Legacy.verifier(secret, token)
|
62
|
+
verifier.enforce_ttl = false
|
63
|
+
verifier.verify_token(token)
|
64
|
+
return nil unless verifier.valid?
|
65
|
+
verifier.data[key]
|
56
66
|
rescue OpenSSL::Cipher::CipherError
|
57
|
-
|
58
|
-
|
59
|
-
|
67
|
+
# Certain combinations of keys and encrypted data cause decryption with an
|
68
|
+
# incorrect key to succeed (no CipherError) but produce garbage data which
|
69
|
+
# cannot be decoded into JSON, and thus fail with a ParseError instead.
|
60
70
|
rescue MultiJson::ParseError
|
61
71
|
end
|
72
|
+
|
73
|
+
def current_decrypt(secret, token)
|
74
|
+
verifier = Fernet.verifier(secret[0, 32], token)
|
75
|
+
verifier.enforce_ttl = false
|
76
|
+
return nil unless verifier.valid?
|
77
|
+
verifier.message
|
78
|
+
end
|
79
|
+
|
80
|
+
def decrypt_with_secret(secret, token, key)
|
81
|
+
if legacy?(token)
|
82
|
+
legacy_decrypt(secret, token, key)
|
83
|
+
else
|
84
|
+
current_decrypt(secret, token)
|
85
|
+
end
|
86
|
+
end
|
62
87
|
end
|
63
88
|
end
|
data/lib/relish/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: relishable
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: '0.
|
4
|
+
version: '0.41'
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Mark Fine
|
@@ -11,7 +11,7 @@ authors:
|
|
11
11
|
autorequire:
|
12
12
|
bindir: bin
|
13
13
|
cert_chain: []
|
14
|
-
date: 2018-11-
|
14
|
+
date: 2018-11-28 00:00:00.000000000 Z
|
15
15
|
dependencies:
|
16
16
|
- !ruby/object:Gem::Dependency
|
17
17
|
name: fog-aws
|
@@ -41,6 +41,20 @@ dependencies:
|
|
41
41
|
- - "~>"
|
42
42
|
- !ruby/object:Gem::Version
|
43
43
|
version: 1.6.3
|
44
|
+
- !ruby/object:Gem::Dependency
|
45
|
+
name: fernet
|
46
|
+
requirement: !ruby/object:Gem::Requirement
|
47
|
+
requirements:
|
48
|
+
- - "~>"
|
49
|
+
- !ruby/object:Gem::Version
|
50
|
+
version: '2.3'
|
51
|
+
type: :runtime
|
52
|
+
prerelease: false
|
53
|
+
version_requirements: !ruby/object:Gem::Requirement
|
54
|
+
requirements:
|
55
|
+
- - "~>"
|
56
|
+
- !ruby/object:Gem::Version
|
57
|
+
version: '2.3'
|
44
58
|
- !ruby/object:Gem::Dependency
|
45
59
|
name: net-ssh
|
46
60
|
requirement: !ruby/object:Gem::Requirement
|
@@ -111,6 +125,20 @@ dependencies:
|
|
111
125
|
- - "~>"
|
112
126
|
- !ruby/object:Gem::Version
|
113
127
|
version: 1.19.0
|
128
|
+
- !ruby/object:Gem::Dependency
|
129
|
+
name: pry-byebug
|
130
|
+
requirement: !ruby/object:Gem::Requirement
|
131
|
+
requirements:
|
132
|
+
- - ">="
|
133
|
+
- !ruby/object:Gem::Version
|
134
|
+
version: '0'
|
135
|
+
type: :development
|
136
|
+
prerelease: false
|
137
|
+
version_requirements: !ruby/object:Gem::Requirement
|
138
|
+
requirements:
|
139
|
+
- - ">="
|
140
|
+
- !ruby/object:Gem::Version
|
141
|
+
version: '0'
|
114
142
|
description: Release manager.
|
115
143
|
email:
|
116
144
|
- pedro@heroku.com
|
@@ -148,7 +176,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
148
176
|
version: '0'
|
149
177
|
requirements: []
|
150
178
|
rubyforge_project:
|
151
|
-
rubygems_version: 2.
|
179
|
+
rubygems_version: 2.5.1
|
152
180
|
signing_key:
|
153
181
|
specification_version: 4
|
154
182
|
summary: releases
|