relishable 0.41 → 0.42

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +5 -5
  2. data/Gemfile.lock +1 -4
  3. data/lib/relish/encryption_helper.rb +6 -43
  4. data/lib/relish/version.rb +1 -1
  5. metadata +3 -17
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: 29dda1bae467029b5b8fa1bf9e571c346369cb67
4
- data.tar.gz: fc53164b682a045c484a7915da717971714f7acf
2
+ SHA256:
3
+ metadata.gz: a7ece5b74f66230cf5ef4fd68c652dbeebf3bc894d09bf004765945d733b3f27
4
+ data.tar.gz: a3028612eac4152e34c1b994a3e77d135c275e85fb046125d59f789a0a582fa5
5
5
  SHA512:
6
- metadata.gz: 5b32c9440b0600e7b2d82cce500bbf8a691193348659a61d6dcccc2656e9da17f79a699c5f9750477f073c11f6656630e8355f4c10f1793fabc6e96f1a9a4f31
7
- data.tar.gz: a2dc8f10b4297603ff3d74da4ac355ddba222962a7606dd2b498fa5a196668e374382ff43fee600173fa0f65750cc32bef81799e717bb44d68aa7e2481b2ef0b
6
+ metadata.gz: ec1455df37960ac4291fd79d9a7f2aedd9e8f9f5cb12678fb59482a2428b5816fbd8eaa4b679b4ed43811418a63d20434631458957a52e806e6320c3e7297144
7
+ data.tar.gz: 110ec2a41c0341a95ed4e61cebb8f3e31f0c984fd40c0bff35b0a8f6b5041d7a4fa18ca94bc04540d59edda35ad67bf185cf54b11b1ea2acbe5c0c46a377ba64
data/Gemfile.lock CHANGED
@@ -1,10 +1,9 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- relishable (0.41)
4
+ relishable (0.42)
5
5
  fernet (~> 2.3)
6
6
  fog-aws (~> 0.8.0)
7
- legacy-fernet (~> 1.6.3)
8
7
  net-ssh (~> 3.0.2)
9
8
 
10
9
  GEM
@@ -37,8 +36,6 @@ GEM
37
36
  nokogiri (>= 1.5.11, < 2.0.0)
38
37
  formatador (0.2.5)
39
38
  ipaddress (0.8.3)
40
- legacy-fernet (1.6.4)
41
- multi_json (~> 1.0)
42
39
  method_source (0.9.1)
43
40
  mini_portile2 (2.3.0)
44
41
  multi_json (1.13.1)
data/lib/relish/encryption_helper.rb CHANGED
@@ -1,5 +1,4 @@
1
1
  require "relish/release"
2
- require "fernet/legacy"
3
2
  require "fernet"
4
3
  require "openssl"
5
4
 
@@ -8,27 +7,19 @@ class RelishDecryptionFailed < RuntimeError; end
8
7
  class Relish
9
8
  class EncryptionHelper
10
9
 
11
- LEGACY_MATCHER = /.+?\|.+?\|.+?/.freeze
12
-
13
10
  def initialize(static_secret, secrets)
14
11
  @static_secret = static_secret
15
12
  @secrets = secrets
16
13
  end
17
14
 
18
- def encrypt(_key = 'env', value)
19
- current_encrypt(value)
20
- end
21
-
22
- def legacy_encrypt(key, value)
23
- Fernet::Legacy.generate(hmac_secrets.first) do |gen|
24
- gen.data = { key => value }
25
- end
15
+ def encrypt(value)
16
+ Fernet.generate(hmac_secrets.first[0, 32], value)
26
17
  end
27
18
 
28
- def decrypt(key = 'env', token)
19
+ def decrypt(token)
29
20
  plain = nil
30
21
  hmac_secrets.each do |secret|
31
- plain = decrypt_with_secret(secret, token, key)
22
+ plain = decrypt_with_secret(secret, token)
32
23
  break if plain
33
24
  end
34
25
  raise RelishDecryptionFailed unless plain
@@ -43,46 +34,18 @@ class Relish
43
34
 
44
35
  protected
45
36
 
46
- def current_encrypt(value)
47
- Fernet.generate(hmac_secrets.first[0, 32], value)
48
- end
49
-
50
- def legacy?(token)
51
- !!(token =~ LEGACY_MATCHER)
52
- end
53
-
54
37
  def hmac_secrets
55
38
  @hmac_secrets ||= @secrets.map do |secret|
56
39
  OpenSSL::HMAC.hexdigest('sha256', @static_secret, secret)
57
40
  end
58
41
  end
59
42
 
60
- def legacy_decrypt(secret, token, key)
61
- verifier = Fernet::Legacy.verifier(secret, token)
62
- verifier.enforce_ttl = false
63
- verifier.verify_token(token)
64
- return nil unless verifier.valid?
65
- verifier.data[key]
66
- rescue OpenSSL::Cipher::CipherError
67
- # Certain combinations of keys and encrypted data cause decryption with an
68
- # incorrect key to succeed (no CipherError) but produce garbage data which
69
- # cannot be decoded into JSON, and thus fail with a ParseError instead.
70
- rescue MultiJson::ParseError
71
- end
72
-
73
- def current_decrypt(secret, token)
43
+ def decrypt_with_secret(secret, token)
74
44
  verifier = Fernet.verifier(secret[0, 32], token)
75
45
  verifier.enforce_ttl = false
76
46
  return nil unless verifier.valid?
77
- verifier.message
78
- end
79
47
 
80
- def decrypt_with_secret(secret, token, key)
81
- if legacy?(token)
82
- legacy_decrypt(secret, token, key)
83
- else
84
- current_decrypt(secret, token)
85
- end
48
+ verifier.message
86
49
  end
87
50
  end
88
51
  end
data/lib/relish/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  class Relish
2
- VERSION = "0.41"
2
+ VERSION = "0.42"
3
3
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: relishable
3
3
  version: !ruby/object:Gem::Version
4
- version: '0.41'
4
+ version: '0.42'
5
5
  platform: ruby
6
6
  authors:
7
7
  - Mark Fine
@@ -11,7 +11,7 @@ authors:
11
11
  autorequire:
12
12
  bindir: bin
13
13
  cert_chain: []
14
- date: 2018-11-28 00:00:00.000000000 Z
14
+ date: 2019-01-04 00:00:00.000000000 Z
15
15
  dependencies:
16
16
  - !ruby/object:Gem::Dependency
17
17
  name: fog-aws
@@ -27,20 +27,6 @@ dependencies:
27
27
  - - "~>"
28
28
  - !ruby/object:Gem::Version
29
29
  version: 0.8.0
30
- - !ruby/object:Gem::Dependency
31
- name: legacy-fernet
32
- requirement: !ruby/object:Gem::Requirement
33
- requirements:
34
- - - "~>"
35
- - !ruby/object:Gem::Version
36
- version: 1.6.3
37
- type: :runtime
38
- prerelease: false
39
- version_requirements: !ruby/object:Gem::Requirement
40
- requirements:
41
- - - "~>"
42
- - !ruby/object:Gem::Version
43
- version: 1.6.3
44
30
  - !ruby/object:Gem::Dependency
45
31
  name: fernet
46
32
  requirement: !ruby/object:Gem::Requirement
@@ -176,7 +162,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
176
162
  version: '0'
177
163
  requirements: []
178
164
  rubyforge_project:
179
- rubygems_version: 2.5.1
165
+ rubygems_version: 2.7.6
180
166
  signing_key:
181
167
  specification_version: 4
182
168
  summary: releases