sha256_seal 0.1.4 → 0.1.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 64db1f61edfc475755906217a51b68ae2fb6cc73b222464c57a5a8c2225d7ca5
-  data.tar.gz: cb01c03364b3e87db6e8f8765c820bf97a56e52007313a8ca03d3843cf91bb93
+  metadata.gz: 2d5bc9bfba878593900947fc081b861ecd4470df6721e41645088276663351ac
+  data.tar.gz: 6cc71d89a3aef7555dcb4343753c862764014c5948961fc3167d9e50bccf0335
 SHA512:
-  metadata.gz: ff9b8f59a96112330fd803d01f3cffb360aaf9cc3adcc30fa0f03a8a13db849bfc4a5b10c19648e78baa2a22141fabd645b3d100730afb6fc615e0589abbdb83
-  data.tar.gz: 7439cb713a0696d19e129980d5269aa9d1af7a03b02b372888e57191b78ae78d5ea26337decf2561a1b4fff61f27cd3732e419362f59415c40c602eecff3fe26
+  metadata.gz: c309221d7e727a863b89a4faae7b9f417d5ea42f10c59c9adb7c09a4d992e04e77e58eb0bbc86912abc2676fd2f0f98561d687699caca82054b8a04ba59b4f7e
+  data.tar.gz: 04d5c6640cb92472856166bdfb2dbb205c89fe8d040b33a790fb153acd56167bf3dc7bb8eedb1ba0e65b5fc852f70d90b377a184f98129f14d82eff161c1d726

data/.rubocop.yml

@@ -1,6 +1 @@
-Metrics/LineLength:
-  Max: 176
-
-Metrics/BlockLength:
-  Exclude:
-    - 'fix/**/*'
+inherit_from: .rubocop_todo.yml

data/.rubocop_todo.yml

@@ -0,0 +1,20 @@
+# This configuration was generated by
+# `rubocop --auto-gen-config`
+# on 2019-10-09 21:12:32 +0200 using RuboCop version 0.75.0.
+# The point is for the user to remove these configuration records
+# one by one as the offenses are removed from the code base.
+# Note that changes in the inspected code, or installation of new
+# versions of RuboCop, may require this file to be generated again.
+
+# Offense count: 1
+# Configuration parameters: CountComments, ExcludedMethods.
+# ExcludedMethods: refine
+Metrics/BlockLength:
+  Max: 32
+
+# Offense count: 6
+# Cop supports --auto-correct.
+# Configuration parameters: AutoCorrect, AllowHeredoc, AllowURI, URISchemes, IgnoreCopDirectives, IgnoredPatterns.
+# URISchemes: http, https
+Metrics/LineLength:
+  Max: 176

data/.travis.yml

@@ -1,5 +1,22 @@
-sudo: false
+---
 language: ruby
+sudo: false
+cache: bundler
+before_install:
+  - gem install bundler
+script:
+  - bundle exec rubocop
+  - bundle exec rake test
 rvm:
-  - 2.4.1
-before_install: gem install bundler -v 1.16.0.pre.2
+  - 2.3.8
+  - 2.4.5
+  - 2.5.3
+  - 2.6.3
+  - ruby-head
+  - jruby-head
+  - rbx-3
+matrix:
+  allow_failures:
+    - rvm: ruby-head
+    - rvm: jruby-head
+    - rvm: rbx-3

data/Gemfile.lock

@@ -1,60 +1,58 @@
 PATH
   remote: .
   specs:
-    sha256_seal (0.1.4)
+    sha256_seal (0.1.5)
 
 GEM
   remote: https://rubygems.org/
   specs:
     ast (2.4.0)
-    aw (0.1.1)
-    defi (1.1.3)
-    docile (1.3.1)
-    fix (0.17.1)
-      aw (~> 0.1.1)
-      defi (~> 1.1.3)
-      spectus (~> 3.0.6)
-    jaro_winkler (1.5.1)
-    json (2.1.0)
-    matchi (1.0.2)
-    parallel (1.12.1)
-    parser (2.5.1.2)
+    aw (0.1.6)
+    defi (1.1.5)
+    docile (1.3.2)
+    fix (0.18.2)
+      aw (~> 0.1.6)
+      defi (~> 1.1.5)
+      spectus (~> 3.0.9)
+    jaro_winkler (1.5.3)
+    json (2.2.0)
+    matchi (1.0.4)
+    parallel (1.18.0)
+    parser (2.6.5.0)
       ast (~> 2.4.0)
-    powerpack (0.1.2)
     rainbow (3.0.0)
-    rake (12.3.1)
-    rubocop (0.58.2)
+    rake (13.0.0)
+    rubocop (0.75.0)
       jaro_winkler (~> 1.5.1)
       parallel (~> 1.10)
-      parser (>= 2.5, != 2.5.1.1)
-      powerpack (~> 0.1)
+      parser (>= 2.6)
       rainbow (>= 2.2.2, < 4.0)
       ruby-progressbar (~> 1.7)
-      unicode-display_width (~> 1.0, >= 1.0.1)
-    ruby-progressbar (1.10.0)
-    simplecov (0.16.1)
+      unicode-display_width (>= 1.4.0, < 1.7)
+    ruby-progressbar (1.10.1)
+    simplecov (0.17.1)
       docile (~> 1.1)
       json (>= 1.8, < 3)
       simplecov-html (~> 0.10.0)
     simplecov-html (0.10.2)
-    spectus (3.0.6)
-      aw (~> 0.1.1)
-      defi (~> 1.1.1)
-      matchi (~> 1.0.2)
-    unicode-display_width (1.4.0)
-    yard (0.9.16)
+    spectus (3.0.9)
+      aw (~> 0.1.6)
+      defi (~> 1.1.5)
+      matchi (~> 1.0.4)
+    unicode-display_width (1.6.0)
+    yard (0.9.20)
 
 PLATFORMS
   ruby
 
 DEPENDENCIES
-  bundler (~> 1.16)
-  fix (~> 0.17)
-  rake (~> 12.3)
-  rubocop (~> 0.58)
+  bundler (~> 2.0)
+  fix (~> 0.18)
+  rake (~> 13.0)
+  rubocop (~> 0.75)
   sha256_seal!
-  simplecov (~> 0.16)
+  simplecov (~> 0.17)
   yard (~> 0.9)
 
 BUNDLED WITH
-   1.16.1
+   2.0.2

data/README.md

@@ -1,4 +1,6 @@
-# Sha256Seal
+# Sha256 Seal 🔏
+
+A tiny library to sign documents, and check their integrity.
 
 ## Installation
 
@@ -25,21 +27,97 @@ Sign values and verify signatures of values.
 In the context of a Web application, CSRF tokens could be embedded in URLs.
 
 ```ruby
-secret  = 'secret'
+SECRET = 'secret'
+
 
-value   = '/~bob/.__SIGNATURE_HERE__/documents/'
-field   = '__SIGNATURE_HERE__'
+document_string = '/.__SIGNATURE_HERE__/accounts/42?editable=false'
+signature_field = '__SIGNATURE_HERE__'
 
-builder = Sha256Seal::Builder.new(value, secret, field)
-builder.signed_value  # => "/~bob/.8aa1d38b5c16d077d5ac1360c8a6f0248419ff5a3e6dca28a3233894ddcdf3c4/documents/"
+builder = Sha256Seal::Builder.new(document_string, SECRET, signature_field)
 builder.signed_value? # => false
+builder.signed_value  # => "/.a31c3936f236684a8ebc51dcfef168ce124450d71ae1ec404552ec9e0090a8db/accounts/42?editable=false"
+
 
-value   = '/~bob/.8aa1d38b5c16d077d5ac1360c8a6f0248419ff5a3e6dca28a3233894ddcdf3c4/documents/'
-field   = '8aa1d38b5c16d077d5ac1360c8a6f0248419ff5a3e6dca28a3233894ddcdf3c4'
+document_string = '/.a31c3936f236684a8ebc51dcfef168ce124450d71ae1ec404552ec9e0090a8db/accounts/42?editable=false'
+signature_field = 'a31c3936f236684a8ebc51dcfef168ce124450d71ae1ec404552ec9e0090a8db'
 
-builder = Sha256Seal::Builder.new(value, secret, field)
-builder.signed_value  # => "/~bob/.8aa1d38b5c16d077d5ac1360c8a6f0248419ff5a3e6dca28a3233894ddcdf3c4/documents/"
+builder = Sha256Seal::Builder.new(document_string, SECRET, signature_field)
 builder.signed_value? # => true
+builder.signed_value  # => "/.a31c3936f236684a8ebc51dcfef168ce124450d71ae1ec404552ec9e0090a8db/accounts/42?editable=false"
+
+
+document_string = '/.a31c3936f236684a8ebc51dcfef168ce124450d71ae1ec404552ec9e0090a8db/accounts/42?editable=true'
+signature_field = 'a31c3936f236684a8ebc51dcfef168ce124450d71ae1ec404552ec9e0090a8db'
+
+builder = Sha256Seal::Builder.new(document_string, SECRET, signature_field)
+builder.signed_value? # => false
+builder.signed_value  # => "/.babd3a90b6bc2a4c0c7536a0c4804e5430a5a6df27d223c0f0102edb231de590/accounts/42?editable=true"
+```
+
+### Rails integration example
+
+Environment variable:
+
+```txt
+CSRF_SECRET_KEY=secret
+```
+
+Route:
+
+```ruby
+# config/routes.rb
+Rails.application.routes.draw do
+  scope module: :verified_requests, path: '.:csrf', as: 'verified_request' do
+    get '/accounts/:id', to: 'accounts#show', as: 'account'
+  end
+end
+```
+
+Controller:
+
+```ruby
+# app/controllers/verified_requests/base_controller.rb
+class VerifiedRequests::BaseController < ApplicationController
+  # @see https://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection.html#method-i-verified_request-3F
+  def verified_request?
+    secret          = ENV.fetch('CSRF_SECRET_KEY')
+    document_string = request.original_url.force_encoding('utf-8')
+    signature_field = request.path_parameters.fetch(:csrf)
+
+    builder = Sha256Seal::Builder.new(document_string, secret, signature_field)
+    builder.signed_value? || Rails.env.test?
+  end
+
+  def signed_url(route_method, **options)
+    url_route_method  = "#{route_method}_url".to_sym
+    incorrect_csrf    = '__CSRF_SECRET_KEY__'
+    url_route_string  = public_send(url_route_method, csrf: incorrect_csrf, **options)
+
+    replace_incorrect_csrf_by_correct_csrf(url_route_string, incorrect_csrf: incorrect_csrf)
+  end
+  helper_method :signed_url
+
+  def replace_incorrect_csrf_by_correct_csrf(value, incorrect_csrf:)
+    secret  = ENV.fetch('CSRF_SECRET_KEY')
+    field   = incorrect_csrf
+    builder = Sha256Seal::Builder.new(value, secret, field)
+    value   = builder.signed_value
+    field   = builder.send(:signature)
+    builder = Sha256Seal::Builder.new(value, secret, field)
+
+    builder.signed_value
+  end
+end
+```
+
+View:
+
+```ruby
+# app/views/verified_requests/accounts/show.html.erb
+
+<%
+  signed_url(:verified_request_account, id: 'bob', admin: true) # => "http://0.0.0.0:5000/.405d7c8f14389c9ae7f1d97ff66699093bf2d89d13b4f4280a35d62f9e616259/accounts/bob?admin=true"
+%>
 ```
 
 ## Contributing

data/VERSION.semver

@@ -1 +1 @@
-0.1.4
+0.1.5

data/lib/sha256_seal.rb

@@ -15,7 +15,9 @@ module Sha256Seal
 
       i = @value.scan(@field).length
 
-      raise ArgumentError, "#{i} #{@field.inspect} occurrences instead of 1." unless i.equal?(1)
+      return if i.equal?(1)
+
+      raise ::ArgumentError, "#{i} #{@field.inspect} occurrences instead of 1."
     end
 
     def signed_value
@@ -29,7 +31,7 @@ module Sha256Seal
     private
 
     def signature
-      Digest::SHA256.hexdigest(salt_value)
+      ::Digest::SHA256.hexdigest(salt_value)
     end
 
     def salt_value

data/sha256_seal.gemspec

@@ -18,10 +18,10 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ['lib']
 
-  spec.add_development_dependency 'bundler',    '~> 1.16'
-  spec.add_development_dependency 'fix',        '~> 0.17'
-  spec.add_development_dependency 'rake',       '~> 12.3'
-  spec.add_development_dependency 'rubocop',    '~> 0.58'
-  spec.add_development_dependency 'simplecov',  '~> 0.16'
+  spec.add_development_dependency 'bundler',    '~> 2.0'
+  spec.add_development_dependency 'fix',        '~> 0.18'
+  spec.add_development_dependency 'rake',       '~> 13.0'
+  spec.add_development_dependency 'rubocop',    '~> 0.75'
+  spec.add_development_dependency 'simplecov',  '~> 0.17'
   spec.add_development_dependency 'yard',       '~> 0.9'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: sha256_seal
 version: !ruby/object:Gem::Version
-  version: 0.1.4
+  version: 0.1.5
 platform: ruby
 authors:
 - Cyril Kato
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2018-08-25 00:00:00.000000000 Z
+date: 2019-10-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -16,70 +16,70 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.16'
+        version: '2.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.16'
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: fix
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.17'
+        version: '0.18'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.17'
+        version: '0.18'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '12.3'
+        version: '13.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '12.3'
+        version: '13.0'
 - !ruby/object:Gem::Dependency
   name: rubocop
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.58'
+        version: '0.75'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.58'
+        version: '0.75'
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.16'
+        version: '0.17'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.16'
+        version: '0.17'
 - !ruby/object:Gem::Dependency
   name: yard
   requirement: !ruby/object:Gem::Requirement
@@ -103,6 +103,7 @@ extra_rdoc_files: []
 files:
 - ".gitignore"
 - ".rubocop.yml"
+- ".rubocop_todo.yml"
 - ".travis.yml"
 - Gemfile
 - Gemfile.lock
@@ -132,8 +133,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.3
+rubygems_version: 3.0.3
 signing_key: 
 specification_version: 4
 summary: Seal device with SHA-256 hash function.