safedb 0.2.7 → 0.3.1005

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 30a324556ac98545ab07f345b1bf502deb262ab05fd1ba6768f0be22f383fbcb
-  data.tar.gz: abb20f9e15dc091b8ce3a498942dddd77567fec704eec586bf2755a393e5644f
+  metadata.gz: 718df8b99a21bac018c59c65972a82fbb2b117a8aeab58b7e1836dc65c4c759e
+  data.tar.gz: b0eab23a4e4216f70badb1f454b621081fee24d3b88fce7c11cf43674d2bd018
 SHA512:
-  metadata.gz: a342cc015febbadb9b5e3155c4117547738bf8033e151b44f6655ed33f3faa3eda928fc78219b00a2bab6fd6b6e74a90b613725a4dd1922713e73cd715d20ab5
-  data.tar.gz: 639c206abbf990497b24e383621a61fc181b3b28a4ef6ff8049a0684a986ef2bc6b46aa0e99a49a7a56b327711536b5d67ca54cb6144d40e2c639d19c4f8d47d
+  metadata.gz: be459393d8ea7bfd99e1a9613e3d1b0229ab01487ec5ba7c533264e0deccd5ea6154d1eb80bd050826704f973e86eb1163c79d908bb775617abd562f17ffc120
+  data.tar.gz: 921bbb4522ac6edc6a3f85d1acb9b019321fb6cb4dc7ad205ab44bc0a0f06089ea575605d2b0fe84f4a3747d4c58f3a50e942120f32148e6924c6f2c3cd88c43

data/CONTRIBUTING.md

@@ -9,18 +9,39 @@ You can contriubute software, documentation, issues and even good ideas. Most co
 To contribute software you'll need to setup a development environment.
 
 ```
-sudo apt-get install --assume-yes ruby-full, libicu-dev, git
+sudo apt-get install --assume-yes ruby-full libicu-dev git
 sudo chown -R $USER:$USER /var/lib/gems
 sudo chown -R $USER:$USER /usr/local/bin
-gem install safedb bundler gem-release
+sudo chown -R $USER:$USER /usr/local/lib
+gem install safedb bundler gem-release cucumber aruba
 git clone https://github.com/devops4me/safedb.net.git mirror.safedb.ro
 cd mirror.safedb
 rake install
+bundle install
+cucumber
 ```
 
 You change the software as you see fit and **send a pull request** when you are ready.
 
 
+## Running Cucumber/Aruba Tests
+
+Use the simple **`cucumber`** command in the project directory to run the tests.
+
+## Reek | Ruby Code Quality
+
+software quality must improve with every check-in and conversely we should never holistically degrade quality. Every change must be small and incremental so keeping the quality metrics ticking in the right direction is not too much to ask.
+
+**[reek code quality documentation](https://github.com/troessner/reek/tree/v5.3.1/docs)**
+
+We must **install and run reek** within development and continuous integration pipelines, so as to derive a listing of software quality issues.
+
+```
+gem install reek
+reek lib
+```
+
+
 ## Releasing Software
 
 Those with priveleges to release to safedb.net will have a private key to push (or pull) in git repository changes.

data/Gemfile

@@ -1,10 +1,7 @@
-## ============================================
-## Try removing this file
-## See what happens
-## ============================================
 source "https://rubygems.org"
 
 git_source(:github) {|repo_name| "https://github.com/#{repo_name}" }
 
 # Specify your gem's dependencies in safedb.gemspec
 gemspec
+gem 'aruba', '~> 1.0.0-alpha.2'

data/README.md

@@ -114,18 +114,19 @@ You only need to run init once on a computer for each domain - after that you si
 
 More information will be provided on installing and using safe via a gem install, Ubuntu's apt-get, yum, a docker container, a development install, a unit test install and a software development kit (SDK) install.
 
-## Create Alias for Export Safe Terminal Token
+## Automatically Create Safe Token
 
-It is tiresome To type <tt>export SAFE_TTY_TOKEN=`safe token`</tt> every time you use the safe. A solution is to create a smaller alias command like <tt>safetty</tt> which will run when we open up a shell.
+Always typing <tt>export SAFE_TTY_TOKEN=`safe token`</tt> before using safe is tiresome. Ubuntu provides **`.bash_aliases`** for creating tokens like these at the genesis of each shell.
 
 ```bash
-echo "alias safetty='export SAFE_TTY_TOKEN=\`safe token\`'" >> ~/.bash_aliases
+echo "export SAFE_TTY_TOKEN=\`safe token\`" >> ~/.bash_aliases
+source ~/.bash_aliases          # no need to create a new shell
+cat ~/.bash_aliases             # we expect the export command
+printenv | grep SAFE_TTY_TOKEN  # we expect the environment var
 ```
 
-Note the **escaped back-ticks** surrounding <tt>safe token</tt>. It is easy to mistake them for apostrophes.
+Note the **escaped back-ticks** around <tt>safe token</tt>.
 
-    $ cat ~/.bash_aliases      # Check the alias has been added to ~/.bash_aliases
-    $ source ~/.bash_aliases   # Use source to avoid grabbing a new shell this time
 
 ## safe book login command
 

data/lib/keytools/key.api.rb

@@ -729,19 +729,10 @@ module SafeDb
     # - reading the encrypted and encoded content, decoding and decrypting it
     # - employing index key, ciphertext and random iv to reveal the content
     #
-    # @param use_grandparent_pid [Boolean]
-    #
-    #    Optional boolean parameter. If set to true the PID (process ID) used
-    #    as part of an obfuscator key and normally acquired from the parent
-    #    process should now be acquired from the grandparent's process.
-    #
-    #    Set to true when accessing the safe's credentials from a sub process
-    #    rather than directly through the logged in shell.
-    #
     # @return [String]
     #    decode, decrypt and hen return the plain text content that was written
     #    to a file by the {write_content} method.
-    def self.read_master_db( use_grandparent_pid = false )
+    def self.read_master_db()
 
       # --
       # -- Get the filepath to the breadcrumbs file using the trail in
@@ -758,7 +749,7 @@ module SafeDb
       # --
       # -- Regenerate intra-session key from the session token.
       # --
-      intra_key = KeyLocal.regenerate_shell_key( to_token(), use_grandparent_pid )
+      intra_key = KeyLocal.regenerate_shell_key( to_token() )
 
       # --
       # -- Decrypt and acquire the content enryption key that was created

data/lib/keytools/key.id.rb

@@ -110,7 +110,58 @@ module SafeDb
     #    It will also be different on this workstation if the application
     #    instance identifier provided is different.
     def self.derive_app_instance_machine_id( app_ref )
-      return derive_identifier( app_ref + KeyIdent.derive_machine_identifier() )
+      return derive_identifier( app_ref + derive_machine_identifier() )
+    end
+
+
+    # This method uses a one-way function to return a combinatorial digested
+    # machine identification string using a number of distinct input parameters
+    # to deliver the characteristic of producing the same identifier for the
+    # same machine, virtual machine, workstation and/or compute element, and
+    # reciprocally, a different one on a different machine.
+    #
+    # The userspace is also a key machine identifier so a different machine user
+    # generates a different identifier when all other things remain equal.
+    #
+    # @return [String]
+    #    a one line textual machine workstation or compute element identifier
+    #    that is (surprisingly) different when the machine user changes.
+    def self.derive_machine_identifier
+
+      require 'socket'
+
+      identity_text = [
+        Etc.getlogin,
+        get_machine_id(),
+        Socket.gethostname()
+      ].join.reverse
+
+      return identity_text
+
+    end
+
+
+    # The machine identifier is a UUID based hash value that is tied to the
+    # CPU and motherboard of the machine. This read-only identifier can be
+    # accessed without sudoer permissions so is perfect for license generators
+    # and environment sensitive software.
+    #
+    # In the modern era of virtualization you should always check the behaviour
+    # of the above identifiers when used inside
+    #
+    # - docker containers
+    # - Amazon EC2 servers (or Azure or GCE)
+    # - vagrant (VirtualBox/VMWare)
+    # - Windows MSGYWIN (Ubuntu) environments
+    # - Kubernetes pods
+    #
+    # @return [String] the machine ID hash value
+    def self.get_machine_id
+
+      machine_id_cmd = "cat /etc/machine-id"
+      machine_id_str = %x[ #{machine_id_cmd} ]
+      return machine_id_str.chomp
+
     end
 
 

data/lib/keytools/key.ident.rb

@@ -52,22 +52,13 @@ module SafeDb
     # - the user comes back to their <b>workstation</b>
     # - the clock ticks into another day, month, year ...
     #
-    # @param use_grandparent_pid [Boolean]
-    #
-    #    Optional boolean parameter. If set to true the PID (process ID) used
-    #    as part of an obfuscator key and normally acquired from the parent
-    #    process should now be acquired from the grandparent's process.
-    #
-    #    Set to true when accessing the safe's credentials from a sub process
-    #    rather than directly through the logged in shell.
-    #
     # @return [String]
     #    Return a one line textual shell identity string.
     #
     #    As key derivation algorithms enforcing a maximum length may be length may
     #    be applied, each character must add value so non-alphanumerics (mostly hyphens)
     #    are cleansed out before returning.
-    def self.derive_shell_identifier( use_grandparent_pid = false )
+    def self.derive_shell_identifier
 
       require 'socket'
 
@@ -76,7 +67,6 @@ module SafeDb
 
       identity_text =
       [
-        get_ancestor_pid( use_grandparent_pid ),
         get_bootup_id(),
         Etc.getlogin(),
         Socket.gethostname()
@@ -87,6 +77,29 @@ module SafeDb
     end
 
 
+    # If you need to know whether a Linux computer has been rebooted or
+    # you need an identifier that stays the same until the computer reboots,
+    # look no further than the read only (non sudoer accessible) **boot id**.
+    #
+    # In the modern era of virtualization you should always check the behaviour
+    # of the above identifiers when used inside
+    #
+    # - docker containers
+    # - Amazon EC2 servers (or Azure or GCE)
+    # - vagrant (VirtualBox/VMWare)
+    # - Windows MSGYWIN (Ubuntu) environments
+    # - Kubernetes pods
+    #
+    # @return [String] the bootup ID hash value
+    def self.get_bootup_id
+
+      bootup_id_cmd = "cat /proc/sys/kernel/random/boot_id"
+      bootup_id_str = %x[ #{bootup_id_cmd} ]
+      return bootup_id_str.chomp
+
+    end
+
+
     # Return an ancestor process ID meaning return either the parent process
     # ID or the grandparent process ID. The one returned depends on the paremeter
     # boolean value.
@@ -140,80 +153,6 @@ module SafeDb
     end
 
 
-    # This method uses a one-way function to return a combinatorial digested
-    # machine identification string using a number of distinct input parameters
-    # to deliver the characteristic of producing the same identifier for the
-    # same machine, virtual machine, workstation and/or compute element, and
-    # reciprocally, a different one on a different machine.
-    #
-    # The userspace is also a key machine identifier so a different machine user
-    # generates a different identifier when all other things remain equal.
-    #
-    # @return [String]
-    #    a one line textual machine workstation or compute element identifier
-    #    that is (surprisingly) different when the machine user changes.
-    def self.derive_machine_identifier
-
-      require 'socket'
-
-      identity_text = [
-        Etc.getlogin,
-        get_machine_id(),
-        Socket.gethostname()
-      ].join.reverse
-
-      return identity_text
-
-    end
-
-
-    # If you need to know whether a Linux computer has been rebooted or
-    # you need an identifier that stays the same until the computer reboots,
-    # look no further than the read only (non sudoer accessible) **boot id**.
-    #
-    # In the modern era of virtualization you should always check the behaviour
-    # of the above identifiers when used inside
-    #
-    # - docker containers
-    # - Amazon EC2 servers (or Azure or GCE)
-    # - vagrant (VirtualBox/VMWare)
-    # - Windows MSGYWIN (Ubuntu) environments
-    # - Kubernetes pods
-    #
-    # @return [String] the bootup ID hash value
-    def self.get_bootup_id
-
-      bootup_id_cmd = "cat /proc/sys/kernel/random/boot_id"
-      bootup_id_str = %x[ #{bootup_id_cmd} ]
-      return bootup_id_str.chomp
-
-    end
-
-
-    # The machine identifier is a UUID based hash value that is tied to the
-    # CPU and motherboard of the machine. This read-only identifier can be
-    # accessed without sudoer permissions so is perfect for license generators
-    # and environment sensitive software.
-    #
-    # In the modern era of virtualization you should always check the behaviour
-    # of the above identifiers when used inside
-    #
-    # - docker containers
-    # - Amazon EC2 servers (or Azure or GCE)
-    # - vagrant (VirtualBox/VMWare)
-    # - Windows MSGYWIN (Ubuntu) environments
-    # - Kubernetes pods
-    #
-    # @return [String] the machine ID hash value
-    def self.get_machine_id
-
-      machine_id_cmd = "cat /etc/machine-id"
-      machine_id_str = %x[ #{machine_id_cmd} ]
-      return machine_id_str.chomp
-
-    end
-
-
   end
 
 

data/lib/keytools/key.local.rb

@@ -128,26 +128,17 @@ module SafeDb
     #    {self.instantiate_shell_key_and_generate_token} and provided
     #    here ad verbatim.
     #
-    # @param use_grandparent_pid [Boolean]
-    #
-    #    Optional boolean parameter. If set to true the PID (process ID) used
-    #    as part of an obfuscator key and normally acquired from the parent
-    #    process should now be acquired from the grandparent's process.
-    #
-    #    Set to true when accessing the safe's credentials from a sub process
-    #    rather than directly through the logged in shell.
-    #
     # @return [SafeDb::Key]
     #    an extremely high entropy 256 bit key derived (digested) from 48
     #    random bytes at the beginning of the shell (cli) session.
-    def self.regenerate_shell_key( session_token, use_grandparent_pid = false )
+    def self.regenerate_shell_key( session_token )
 
       assert_session_token_size( session_token )
       bcrypt_salt = session_token[ BCRYPT_SALT_START_INDEX .. BCRYPT_SALT_END_INDEX ].reverse
       assert_bcrypt_salt_size( bcrypt_salt )
 
       key_ciphertext = session_token[ 0 .. ( BCRYPT_SALT_START_INDEX - 1 ) ]
-      obfuscator_key = derive_session_crypt_key( bcrypt_salt, use_grandparent_pid )
+      obfuscator_key = derive_session_crypt_key( bcrypt_salt )
       regenerated_key = obfuscator_key.do_decrypt_key( key_ciphertext )
 
       return regenerated_key
@@ -199,22 +190,13 @@ module SafeDb
     #    Either use BCrypt to generate the salt or retrieve and post in a
     #    previously generated salt which must hold 22 printable characters.
     #
-    # @param use_grandparent_pid [Boolean]
-    #
-    #    Optional boolean parameter. If set to true the PID (process ID) used
-    #    as part of an obfuscator key and normally acquired from the parent
-    #    process should now be acquired from the grandparent's process.
-    #
-    #    Set to true when accessing the safe's credentials from a sub process
-    #    rather than directly through the logged in shell.
-    #
     # @return [SafeDb::Key]
     #    a digested key suitable for short term (session scoped) use with the
     #    guarantee that the same key will be returned whenever called from within
     #    the same executing shell environment and a different key when not.
-    def self.derive_session_crypt_key bcrypt_salt_key, use_grandparent_pid = false
+    def self.derive_session_crypt_key bcrypt_salt_key
 
-      shell_id_text = KeyIdent.derive_shell_identifier( use_grandparent_pid )
+      shell_id_text = KeyIdent.derive_shell_identifier()
       truncate_text = shell_id_text.length > KdfBCrypt::BCRYPT_MAX_IN_TEXT_LENGTH
       shell_id_trim = shell_id_text unless truncate_text
       shell_id_trim = shell_id_text[ 0 .. ( KdfBCrypt::BCRYPT_MAX_IN_TEXT_LENGTH - 1 ) ] if truncate_text

data/lib/usecase/visit/README.md

@@ -0,0 +1,30 @@
+#### The **safe philosophy** is to minimize human interaction with large random credential strings. Your credential-less interactions with Terraform, AWS and now website logins is not just **simple**, it is also **more secure**.
+
+# safe visit | visit (login to) a website
+
+**Issue <tt>safe visit</tt> and you will be logged in.**
+
+To login to a website your verse needs to contain a <tt>signin.url</tt>, a <tt>username</tt> or <tt>email</tt> and a <tt>password</tt>.
+
+## Technologies Used to Visit Websites
+
+**Selinium** and the **Ruby Watir** library are used to interact with web browsers to enable hands free logins.
+
+### How to install Watir
+
+Use **`curl`** to pull down and place the following executable into /usr/local/bin
+
+https://github.com/mozilla/geckodriver/releases/download/v0.24.0/geckodriver-v0.24.0-linux64.tar.gz
+
+Now when you run the **`ruby visit.rb`** the browser should pop up and search for our search term.
+
+### Reading Material
+
+https://applitools.com/tutorials/watir.html#run-your-first-test
+http://watir.com/guides/
+
+http://watir.com/
+https://www.rubydoc.info/gems/watir/
+
+
+

data/lib/usecase/visit/visit.rb

@@ -0,0 +1,29 @@
+#!/usr/bin/ruby
+	
+module SafeDb
+
+  class Visit < UseCase
+
+    def execute
+
+      require "watir" 
+      require "rspec/expectations" 
+
+      ## see README.md for documentation on installing geckodriver
+
+      @browser ||= Watir::Browser.new :firefox 
+      @browser.goto "google.com" 
+      @browser.text_field(:name => "q").set "apollo akora"
+      @browser.button.click 
+
+      @browser.div(:id => "resultStats").wait_until(&:present?)
+      sleep 20
+      @browser.close
+
+    end
+
+
+  end
+
+
+end

data/lib/version.rb

@@ -1,3 +1,3 @@
 module SafeDb
-  VERSION = "0.2.7"
+  VERSION = "0.3.1005"
 end

data/safedb.gemspec

@@ -29,6 +29,8 @@ Gem::Specification.new do |spec|
   spec.add_dependency 'thor',    '~> 0.20'
   spec.add_dependency 'inifile', '~> 3.0'
 
-  spec.add_development_dependency "bundler", "~> 1.16"
+  spec.add_development_dependency "bundler"
+  spec.add_development_dependency "cucumber", "~> 2.0"
+  spec.add_development_dependency "aruba", "~> 1.0.0-alpha.1"
 
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: safedb
 version: !ruby/object:Gem::Version
-  version: 0.2.7
+  version: 0.3.1005
 platform: ruby
 authors:
 - Apollo Akora
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-02-26 00:00:00.000000000 Z
+date: 2019-03-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bcrypt
@@ -54,18 +54,46 @@ dependencies:
         version: '3.0'
 - !ruby/object:Gem::Dependency
   name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: cucumber
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: aruba
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.16'
+        version: 1.0.0.pre.alpha.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.16'
+        version: 1.0.0.pre.alpha.1
 description: safe is a credentials manager for the linux command line written in Ruby.
   It locks and unlocks secrets in a safe simple and intuitive manner. You can then
   visit websites, manufacture keys and passwords, inject credentials into Jenkins,
@@ -160,6 +188,8 @@ files:
 - lib/usecase/use.rb
 - lib/usecase/verse.rb
 - lib/usecase/view.rb
+- lib/usecase/visit/README.md
+- lib/usecase/visit/visit.rb
 - lib/usecase/vpn/README.md
 - lib/usecase/vpn/vpn.ini
 - lib/usecase/vpn/vpn.rb
@@ -185,8 +215,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.6
+rubygems_version: 3.0.2
 signing_key: 
 specification_version: 4
 summary: safe locks and unlocks secrets in a simple, secure and intuitive way.