RubyGems - relishable - Versions diffs - 0.40 → 0.41 - Mend

relishable 0.40 → 0.41

Files changed (5) hide show

checksums.yaml +5 -5
data/Gemfile.lock +16 -2
data/lib/relish/encryption_helper.rb +47 -22
data/lib/relish/version.rb +1 -3
metadata +31 -3

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
-SHA256:
-  metadata.gz: 34890ad56a53f91fbbfd6891d570c8e648ec07d95b1ce274f7e685a4b5386821
-  data.tar.gz: 2dd26c1a00f69b44e9774f60279f3bca37316d3b23d71e90da8aa66a976b7f22
+SHA1:
+  metadata.gz: 29dda1bae467029b5b8fa1bf9e571c346369cb67
+  data.tar.gz: fc53164b682a045c484a7915da717971714f7acf
 SHA512:
-  metadata.gz: d8efa76f83543601f038374960ed849884286b5288bf84837c8bed2b77230f7a948b22fb623520af6c5425aa61dd07ae1622b73eecaad917eb8f77cd12a612e7
-  data.tar.gz: 035c3615cde90904ebe3e6572bd5f290b4aa99d3bb3594a27f21e4da6eb010706cc85822605c204414acde39ca9085b3112a5a2566a4aa1326493fa39cce3ebf
+  metadata.gz: 5b32c9440b0600e7b2d82cce500bbf8a691193348659a61d6dcccc2656e9da17f79a699c5f9750477f073c11f6656630e8355f4c10f1793fabc6e96f1a9a4f31
+  data.tar.gz: a2dc8f10b4297603ff3d74da4ac355ddba222962a7606dd2b498fa5a196668e374382ff43fee600173fa0f65750cc32bef81799e717bb44d68aa7e2481b2ef0b

data/Gemfile.lock CHANGED

@@ -1,7 +1,8 @@
 PATH
   remote: .
   specs:
-    relishable (0.40)
+    relishable (0.41)
+      fernet (~> 2.3)
       fog-aws (~> 0.8.0)
       legacy-fernet (~> 1.6.3)
       net-ssh (~> 3.0.2)
@@ -11,10 +12,14 @@ GEM
   specs:
     addressable (2.3.8)
     builder (3.2.3)
+    byebug (10.0.0)
+    coderay (1.1.2)
     crack (0.4.2)
       safe_yaml (~> 1.0.0)
     diff-lcs (1.2.5)
     excon (0.62.0)
+    fernet (2.3)
+      valcro (~> 0.1)
     fog-aws (0.8.1)
       fog-core (~> 1.27)
       fog-json (~> 1.0)
@@ -34,12 +39,19 @@ GEM
     ipaddress (0.8.3)
     legacy-fernet (1.6.4)
       multi_json (~> 1.0)
+    method_source (0.9.1)
     mini_portile2 (2.3.0)
     multi_json (1.13.1)
     net-ssh (3.0.2)
     nokogiri (1.8.5)
       mini_portile2 (~> 2.3.0)
     power_assert (0.2.2)
+    pry (0.11.3)
+      coderay (~> 1.1.0)
+      method_source (~> 0.9.0)
+    pry-byebug (3.6.0)
+      byebug (~> 10.0)
+      pry (~> 0.10)
     rake (10.4.2)
     rspec (3.1.0)
       rspec-core (~> 3.1.0)
@@ -56,6 +68,7 @@ GEM
     safe_yaml (1.0.4)
     test-unit (3.0.8)
       power_assert
+    valcro (0.1.1)
     webmock (1.19.0)
       addressable (>= 2.3.6)
       crack (>= 0.3.2)
@@ -64,6 +77,7 @@ PLATFORMS
   ruby
 DEPENDENCIES
+  pry-byebug
   rake (> 0)
   relishable!
   rspec (~> 3.1.0)
@@ -71,4 +85,4 @@ DEPENDENCIES
   webmock (~> 1.19.0)
 BUNDLED WITH
-   1.16.2
+   1.17.1

data/lib/relish/encryption_helper.rb CHANGED

@@ -1,5 +1,6 @@
 require "relish/release"
 require "fernet/legacy"
+require "fernet"
 require "openssl"
 class RelishDecryptionFailed < RuntimeError; end
@@ -7,31 +8,31 @@ class RelishDecryptionFailed < RuntimeError; end
 class Relish
   class EncryptionHelper
+    LEGACY_MATCHER = /.+?\|.+?\|.+?/.freeze
     def initialize(static_secret, secrets)
       @static_secret = static_secret
       @secrets = secrets
     end
-    def encrypt(key, value)
-      Fernet::Legacy.generate(hmac_secrets.first) do |gen|
-        gen.data = {key => value}
-      end
+    def encrypt(_key = 'env', value)
+      current_encrypt(value)
     end
-    def decrypt(key, token)
-      hmac_secrets.each do |secret|
-        if verifier = verifier(secret, token)
-          return verifier.data[key] if verifier.valid?
-        end
+    def legacy_encrypt(key, value)
+      Fernet::Legacy.generate(hmac_secrets.first) do |gen|
+        gen.data = { key => value }
       end
-      raise RelishDecryptionFailed
     end
-    def upgrade(key, token)
-      if verifier = verifier(hmac_secrets.first, token)
-        return encrypt(key, verifier.data[key]) if verifier.valid?
+    def decrypt(key = 'env', token)
+      plain = nil
+      hmac_secrets.each do |secret|
+        plain = decrypt_with_secret(secret, token, key)
+        break if plain
       end
-      raise RelishDecryptionFailed
+      raise RelishDecryptionFailed unless plain
+      plain
     end
     def inspect
@@ -42,22 +43,46 @@ class Relish
     protected
+    def current_encrypt(value)
+      Fernet.generate(hmac_secrets.first[0, 32], value)
+    end
+    def legacy?(token)
+      !!(token =~ LEGACY_MATCHER)
+    end
     def hmac_secrets
       @hmac_secrets ||= @secrets.map do |secret|
         OpenSSL::HMAC.hexdigest('sha256', @static_secret, secret)
       end
     end
-    def verifier(secret, token)
-      Fernet::Legacy.verifier(secret, token).tap do |verifier|
-        verifier.enforce_ttl = false
-        verifier.verify_token(token)
-      end
+    def legacy_decrypt(secret, token, key)
+      verifier = Fernet::Legacy.verifier(secret, token)
+      verifier.enforce_ttl = false
+      verifier.verify_token(token)
+      return nil unless verifier.valid?
+      verifier.data[key]
     rescue OpenSSL::Cipher::CipherError
-    # Certain combinations of keys and encrypted data cause decryption with an
-    # incorrect key to succeed (no CipherError) but produce garbage data which
-    # cannot be decoded into JSON, and thus fail with a ParseError instead.
+      # Certain combinations of keys and encrypted data cause decryption with an
+      # incorrect key to succeed (no CipherError) but produce garbage data which
+      # cannot be decoded into JSON, and thus fail with a ParseError instead.
     rescue MultiJson::ParseError
     end
+    def current_decrypt(secret, token)
+      verifier = Fernet.verifier(secret[0, 32], token)
+      verifier.enforce_ttl = false
+      return nil unless verifier.valid?
+      verifier.message
+    end
+    def decrypt_with_secret(secret, token, key)
+      if legacy?(token)
+        legacy_decrypt(secret, token, key)
+      else
+        current_decrypt(secret, token)
+      end
+    end
   end
 end

data/lib/relish/version.rb CHANGED

@@ -1,5 +1,3 @@
 class Relish
-  VERSION = "0.40"
+  VERSION = "0.41"
 end

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: relishable
 version: !ruby/object:Gem::Version
-  version: '0.40'
+  version: '0.41'
 platform: ruby
 authors:
 - Mark Fine
@@ -11,7 +11,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2018-11-09 00:00:00.000000000 Z
+date: 2018-11-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: fog-aws
@@ -41,6 +41,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 1.6.3
+- !ruby/object:Gem::Dependency
+  name: fernet
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.3'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.3'
 - !ruby/object:Gem::Dependency
   name: net-ssh
   requirement: !ruby/object:Gem::Requirement
@@ -111,6 +125,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 1.19.0
+- !ruby/object:Gem::Dependency
+  name: pry-byebug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: Release manager.
 email:
 - pedro@heroku.com
@@ -148,7 +176,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.7.7
+rubygems_version: 2.5.1
 signing_key:
 specification_version: 4
 summary: releases