relishable 0.41 → 0.44
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/Gemfile +1 -1
- data/Gemfile.lock +60 -56
- data/lib/relish/encryption_helper.rb +10 -48
- data/lib/relish/version.rb +1 -1
- metadata +15 -30
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: f86a33178d81efd6d22a01cda3f4e254251b8f153afd1e4bddb6581c56468972
|
4
|
+
data.tar.gz: ad2c949dad4dcd6e6bb51c9f9c8f71eab32990ccc6d7ac82104a2bd90225772e
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: d8f999b98885c32e2b6c3382fe24dd5f1c2a35b792dc2698839d316a9a82dec9a8c8d03e7f633ac1967a7a1ed1547d1b48dee26ea65d6ac594859c5e16a3f9f6
|
7
|
+
data.tar.gz: 81c2ba2e9622151895c271f16927e46ac3a506c0cb568253ba50f7586f4b1661e06c5e059db3a4b6e5f10305fd2f48f4e76d491c6f0c792182ef77deb6fd31a0
|
data/Gemfile
CHANGED
data/Gemfile.lock
CHANGED
@@ -1,88 +1,92 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
relishable (0.
|
4
|
+
relishable (0.44)
|
5
5
|
fernet (~> 2.3)
|
6
|
-
fog-aws (~>
|
7
|
-
|
8
|
-
net-ssh (~> 3.0.2)
|
6
|
+
fog-aws (~> 3.12.0)
|
7
|
+
net-ssh (~> 6.1.0)
|
9
8
|
|
10
9
|
GEM
|
11
|
-
remote:
|
10
|
+
remote: https://rubygems.org/
|
12
11
|
specs:
|
13
|
-
addressable (2.
|
14
|
-
|
15
|
-
|
16
|
-
coderay (1.1.
|
17
|
-
crack (0.4.
|
18
|
-
|
19
|
-
diff-lcs (1.
|
20
|
-
excon (0.
|
12
|
+
addressable (2.8.0)
|
13
|
+
public_suffix (>= 2.0.2, < 5.0)
|
14
|
+
builder (3.2.4)
|
15
|
+
coderay (1.1.3)
|
16
|
+
crack (0.4.5)
|
17
|
+
rexml
|
18
|
+
diff-lcs (1.5.0)
|
19
|
+
excon (0.92.3)
|
21
20
|
fernet (2.3)
|
22
21
|
valcro (~> 0.1)
|
23
|
-
fog-aws (
|
24
|
-
fog-core (~> 1
|
25
|
-
fog-json (~> 1.
|
22
|
+
fog-aws (3.12.0)
|
23
|
+
fog-core (~> 2.1)
|
24
|
+
fog-json (~> 1.1)
|
26
25
|
fog-xml (~> 0.1)
|
27
26
|
ipaddress (~> 0.8)
|
28
|
-
fog-core (
|
27
|
+
fog-core (2.3.0)
|
29
28
|
builder
|
30
|
-
excon (~> 0.
|
31
|
-
formatador (
|
29
|
+
excon (~> 0.71)
|
30
|
+
formatador (>= 0.2, < 2.0)
|
31
|
+
mime-types
|
32
32
|
fog-json (1.2.0)
|
33
33
|
fog-core
|
34
34
|
multi_json (~> 1.10)
|
35
|
-
fog-xml (0.1.
|
35
|
+
fog-xml (0.1.4)
|
36
36
|
fog-core
|
37
37
|
nokogiri (>= 1.5.11, < 2.0.0)
|
38
|
-
formatador (
|
38
|
+
formatador (1.1.0)
|
39
|
+
hashdiff (1.0.1)
|
39
40
|
ipaddress (0.8.3)
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
rspec-
|
60
|
-
|
61
|
-
rspec-
|
62
|
-
rspec-
|
41
|
+
method_source (1.0.0)
|
42
|
+
mime-types (3.4.1)
|
43
|
+
mime-types-data (~> 3.2015)
|
44
|
+
mime-types-data (3.2022.0105)
|
45
|
+
mini_portile2 (2.8.0)
|
46
|
+
multi_json (1.15.0)
|
47
|
+
net-ssh (6.1.0)
|
48
|
+
nokogiri (1.13.6)
|
49
|
+
mini_portile2 (~> 2.8.0)
|
50
|
+
racc (~> 1.4)
|
51
|
+
power_assert (2.0.1)
|
52
|
+
pry (0.14.1)
|
53
|
+
coderay (~> 1.1)
|
54
|
+
method_source (~> 1.0)
|
55
|
+
public_suffix (4.0.7)
|
56
|
+
racc (1.6.0)
|
57
|
+
rake (13.0.6)
|
58
|
+
rexml (3.2.5)
|
59
|
+
rspec (3.10.0)
|
60
|
+
rspec-core (~> 3.10.0)
|
61
|
+
rspec-expectations (~> 3.10.0)
|
62
|
+
rspec-mocks (~> 3.10.0)
|
63
|
+
rspec-core (3.10.2)
|
64
|
+
rspec-support (~> 3.10.0)
|
65
|
+
rspec-expectations (3.10.2)
|
63
66
|
diff-lcs (>= 1.2.0, < 2.0)
|
64
|
-
rspec-support (~> 3.
|
65
|
-
rspec-mocks (3.
|
66
|
-
|
67
|
-
|
68
|
-
|
69
|
-
test-unit (3.
|
67
|
+
rspec-support (~> 3.10.0)
|
68
|
+
rspec-mocks (3.10.3)
|
69
|
+
diff-lcs (>= 1.2.0, < 2.0)
|
70
|
+
rspec-support (~> 3.10.0)
|
71
|
+
rspec-support (3.10.3)
|
72
|
+
test-unit (3.5.3)
|
70
73
|
power_assert
|
71
74
|
valcro (0.1.1)
|
72
|
-
webmock (
|
73
|
-
addressable (>= 2.
|
75
|
+
webmock (3.14.0)
|
76
|
+
addressable (>= 2.8.0)
|
74
77
|
crack (>= 0.3.2)
|
78
|
+
hashdiff (>= 0.4.0, < 2.0.0)
|
75
79
|
|
76
80
|
PLATFORMS
|
77
81
|
ruby
|
78
82
|
|
79
83
|
DEPENDENCIES
|
80
|
-
pry
|
84
|
+
pry
|
81
85
|
rake (> 0)
|
82
86
|
relishable!
|
83
|
-
rspec (~> 3.
|
87
|
+
rspec (~> 3.10.0)
|
84
88
|
test-unit
|
85
|
-
webmock (~>
|
89
|
+
webmock (~> 3.14.0)
|
86
90
|
|
87
91
|
BUNDLED WITH
|
88
|
-
|
92
|
+
2.3.14
|
@@ -1,5 +1,4 @@
|
|
1
1
|
require "relish/release"
|
2
|
-
require "fernet/legacy"
|
3
2
|
require "fernet"
|
4
3
|
require "openssl"
|
5
4
|
|
@@ -8,27 +7,19 @@ class RelishDecryptionFailed < RuntimeError; end
|
|
8
7
|
class Relish
|
9
8
|
class EncryptionHelper
|
10
9
|
|
11
|
-
|
12
|
-
|
13
|
-
def initialize(static_secret, secrets)
|
14
|
-
@static_secret = static_secret
|
10
|
+
def initialize(static_secrets, secrets)
|
11
|
+
@static_secrets = static_secrets.is_a?(String) ? [static_secrets] : static_secrets
|
15
12
|
@secrets = secrets
|
16
13
|
end
|
17
14
|
|
18
|
-
def encrypt(
|
19
|
-
|
20
|
-
end
|
21
|
-
|
22
|
-
def legacy_encrypt(key, value)
|
23
|
-
Fernet::Legacy.generate(hmac_secrets.first) do |gen|
|
24
|
-
gen.data = { key => value }
|
25
|
-
end
|
15
|
+
def encrypt(value)
|
16
|
+
Fernet.generate(hmac_secrets.first[0, 32], value)
|
26
17
|
end
|
27
18
|
|
28
|
-
def decrypt(
|
19
|
+
def decrypt(token)
|
29
20
|
plain = nil
|
30
21
|
hmac_secrets.each do |secret|
|
31
|
-
plain = decrypt_with_secret(secret, token
|
22
|
+
plain = decrypt_with_secret(secret, token)
|
32
23
|
break if plain
|
33
24
|
end
|
34
25
|
raise RelishDecryptionFailed unless plain
|
@@ -43,46 +34,17 @@ class Relish
|
|
43
34
|
|
44
35
|
protected
|
45
36
|
|
46
|
-
def current_encrypt(value)
|
47
|
-
Fernet.generate(hmac_secrets.first[0, 32], value)
|
48
|
-
end
|
49
|
-
|
50
|
-
def legacy?(token)
|
51
|
-
!!(token =~ LEGACY_MATCHER)
|
52
|
-
end
|
53
|
-
|
54
37
|
def hmac_secrets
|
55
|
-
@hmac_secrets ||= @secrets.map
|
56
|
-
OpenSSL::HMAC.hexdigest('sha256',
|
57
|
-
end
|
58
|
-
end
|
59
|
-
|
60
|
-
def legacy_decrypt(secret, token, key)
|
61
|
-
verifier = Fernet::Legacy.verifier(secret, token)
|
62
|
-
verifier.enforce_ttl = false
|
63
|
-
verifier.verify_token(token)
|
64
|
-
return nil unless verifier.valid?
|
65
|
-
verifier.data[key]
|
66
|
-
rescue OpenSSL::Cipher::CipherError
|
67
|
-
# Certain combinations of keys and encrypted data cause decryption with an
|
68
|
-
# incorrect key to succeed (no CipherError) but produce garbage data which
|
69
|
-
# cannot be decoded into JSON, and thus fail with a ParseError instead.
|
70
|
-
rescue MultiJson::ParseError
|
38
|
+
@hmac_secrets ||= @static_secrets.product(@secrets).map {|static_secret, secret|
|
39
|
+
OpenSSL::HMAC.hexdigest('sha256', static_secret, secret)}
|
71
40
|
end
|
72
41
|
|
73
|
-
def
|
42
|
+
def decrypt_with_secret(secret, token)
|
74
43
|
verifier = Fernet.verifier(secret[0, 32], token)
|
75
44
|
verifier.enforce_ttl = false
|
76
45
|
return nil unless verifier.valid?
|
77
|
-
verifier.message
|
78
|
-
end
|
79
46
|
|
80
|
-
|
81
|
-
if legacy?(token)
|
82
|
-
legacy_decrypt(secret, token, key)
|
83
|
-
else
|
84
|
-
current_decrypt(secret, token)
|
85
|
-
end
|
47
|
+
verifier.message
|
86
48
|
end
|
87
49
|
end
|
88
50
|
end
|
data/lib/relish/version.rb
CHANGED
metadata
CHANGED
@@ -1,17 +1,17 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: relishable
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: '0.
|
4
|
+
version: '0.44'
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Mark Fine
|
8
8
|
- Blake Gentry
|
9
9
|
- Pedro Belo
|
10
10
|
- Joshua Tobin
|
11
|
-
autorequire:
|
11
|
+
autorequire:
|
12
12
|
bindir: bin
|
13
13
|
cert_chain: []
|
14
|
-
date:
|
14
|
+
date: 2022-06-09 00:00:00.000000000 Z
|
15
15
|
dependencies:
|
16
16
|
- !ruby/object:Gem::Dependency
|
17
17
|
name: fog-aws
|
@@ -19,28 +19,14 @@ dependencies:
|
|
19
19
|
requirements:
|
20
20
|
- - "~>"
|
21
21
|
- !ruby/object:Gem::Version
|
22
|
-
version:
|
22
|
+
version: 3.12.0
|
23
23
|
type: :runtime
|
24
24
|
prerelease: false
|
25
25
|
version_requirements: !ruby/object:Gem::Requirement
|
26
26
|
requirements:
|
27
27
|
- - "~>"
|
28
28
|
- !ruby/object:Gem::Version
|
29
|
-
version:
|
30
|
-
- !ruby/object:Gem::Dependency
|
31
|
-
name: legacy-fernet
|
32
|
-
requirement: !ruby/object:Gem::Requirement
|
33
|
-
requirements:
|
34
|
-
- - "~>"
|
35
|
-
- !ruby/object:Gem::Version
|
36
|
-
version: 1.6.3
|
37
|
-
type: :runtime
|
38
|
-
prerelease: false
|
39
|
-
version_requirements: !ruby/object:Gem::Requirement
|
40
|
-
requirements:
|
41
|
-
- - "~>"
|
42
|
-
- !ruby/object:Gem::Version
|
43
|
-
version: 1.6.3
|
29
|
+
version: 3.12.0
|
44
30
|
- !ruby/object:Gem::Dependency
|
45
31
|
name: fernet
|
46
32
|
requirement: !ruby/object:Gem::Requirement
|
@@ -61,14 +47,14 @@ dependencies:
|
|
61
47
|
requirements:
|
62
48
|
- - "~>"
|
63
49
|
- !ruby/object:Gem::Version
|
64
|
-
version:
|
50
|
+
version: 6.1.0
|
65
51
|
type: :runtime
|
66
52
|
prerelease: false
|
67
53
|
version_requirements: !ruby/object:Gem::Requirement
|
68
54
|
requirements:
|
69
55
|
- - "~>"
|
70
56
|
- !ruby/object:Gem::Version
|
71
|
-
version:
|
57
|
+
version: 6.1.0
|
72
58
|
- !ruby/object:Gem::Dependency
|
73
59
|
name: rake
|
74
60
|
requirement: !ruby/object:Gem::Requirement
|
@@ -89,14 +75,14 @@ dependencies:
|
|
89
75
|
requirements:
|
90
76
|
- - "~>"
|
91
77
|
- !ruby/object:Gem::Version
|
92
|
-
version: 3.
|
78
|
+
version: 3.10.0
|
93
79
|
type: :development
|
94
80
|
prerelease: false
|
95
81
|
version_requirements: !ruby/object:Gem::Requirement
|
96
82
|
requirements:
|
97
83
|
- - "~>"
|
98
84
|
- !ruby/object:Gem::Version
|
99
|
-
version: 3.
|
85
|
+
version: 3.10.0
|
100
86
|
- !ruby/object:Gem::Dependency
|
101
87
|
name: test-unit
|
102
88
|
requirement: !ruby/object:Gem::Requirement
|
@@ -117,16 +103,16 @@ dependencies:
|
|
117
103
|
requirements:
|
118
104
|
- - "~>"
|
119
105
|
- !ruby/object:Gem::Version
|
120
|
-
version:
|
106
|
+
version: 3.14.0
|
121
107
|
type: :development
|
122
108
|
prerelease: false
|
123
109
|
version_requirements: !ruby/object:Gem::Requirement
|
124
110
|
requirements:
|
125
111
|
- - "~>"
|
126
112
|
- !ruby/object:Gem::Version
|
127
|
-
version:
|
113
|
+
version: 3.14.0
|
128
114
|
- !ruby/object:Gem::Dependency
|
129
|
-
name: pry
|
115
|
+
name: pry
|
130
116
|
requirement: !ruby/object:Gem::Requirement
|
131
117
|
requirements:
|
132
118
|
- - ">="
|
@@ -160,7 +146,7 @@ files:
|
|
160
146
|
homepage: http://github.com/heroku/relish
|
161
147
|
licenses: []
|
162
148
|
metadata: {}
|
163
|
-
post_install_message:
|
149
|
+
post_install_message:
|
164
150
|
rdoc_options: []
|
165
151
|
require_paths:
|
166
152
|
- lib
|
@@ -175,9 +161,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
175
161
|
- !ruby/object:Gem::Version
|
176
162
|
version: '0'
|
177
163
|
requirements: []
|
178
|
-
|
179
|
-
|
180
|
-
signing_key:
|
164
|
+
rubygems_version: 3.2.22
|
165
|
+
signing_key:
|
181
166
|
specification_version: 4
|
182
167
|
summary: releases
|
183
168
|
test_files: []
|