shield 0.0.3 → 0.0.4
Sign up to get free protection for your applications and to get access to all the features.
- data/lib/shield/password.rb +12 -8
- data/lib/shield/password/pbkdf2.rb +23 -0
- data/lib/shield/password/simple.rb +22 -0
- data/test/helper.rb +2 -2
- data/test/password_hash_test.rb +34 -14
- metadata +51 -74
- data/LICENSE +0 -19
- data/README.markdown +0 -36
- data/Rakefile +0 -6
data/lib/shield/password.rb
CHANGED
|
@@ -2,19 +2,23 @@ require "digest/sha2"
|
|
|
2
2
|
|
|
3
3
|
module Shield
|
|
4
4
|
module Password
|
|
5
|
-
|
|
6
|
-
|
|
5
|
+
autoload :Simple, "shield/password/simple"
|
|
6
|
+
autoload :PBKDF2, "shield/password/pbkdf2"
|
|
7
|
+
|
|
8
|
+
def self.strategy=(s)
|
|
9
|
+
@strategy = s
|
|
7
10
|
end
|
|
8
11
|
|
|
9
|
-
def self.
|
|
10
|
-
|
|
12
|
+
def self.strategy
|
|
13
|
+
@strategy ||= Shield::Password::Simple
|
|
14
|
+
end
|
|
11
15
|
|
|
12
|
-
|
|
16
|
+
def self.encrypt(password, salt = generate_salt)
|
|
17
|
+
strategy.encrypt(password, salt)
|
|
13
18
|
end
|
|
14
19
|
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
Digest::SHA512.hexdigest("#{ password }#{ salt }")
|
|
20
|
+
def self.check(password, encrypted)
|
|
21
|
+
strategy.check(password, encrypted)
|
|
18
22
|
end
|
|
19
23
|
|
|
20
24
|
def self.generate_salt
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
require "pbkdf2"
|
|
2
|
+
|
|
3
|
+
module Shield
|
|
4
|
+
module Password
|
|
5
|
+
module PBKDF2
|
|
6
|
+
extend Shield::Password::Simple
|
|
7
|
+
|
|
8
|
+
def self.digest(password, salt)
|
|
9
|
+
::PBKDF2.new do |p|
|
|
10
|
+
p.password = password
|
|
11
|
+
p.salt = salt
|
|
12
|
+
p.iterations = iterations
|
|
13
|
+
p.hash_function = :sha512
|
|
14
|
+
end.hex_string
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
class << self
|
|
18
|
+
attr_accessor :iterations
|
|
19
|
+
end
|
|
20
|
+
@iterations = 5000
|
|
21
|
+
end
|
|
22
|
+
end
|
|
23
|
+
end
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
module Shield
|
|
2
|
+
module Password
|
|
3
|
+
module Simple
|
|
4
|
+
extend self
|
|
5
|
+
|
|
6
|
+
def encrypt(password, salt)
|
|
7
|
+
digest(password, salt) + salt
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
def check(password, encrypted)
|
|
11
|
+
sha512, salt = encrypted.to_s[0..127], encrypted.to_s[128..-1]
|
|
12
|
+
|
|
13
|
+
digest(password, salt) == sha512
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
private
|
|
17
|
+
def digest(password, salt)
|
|
18
|
+
Digest::SHA512.hexdigest("#{ password }#{ salt }")
|
|
19
|
+
end
|
|
20
|
+
end
|
|
21
|
+
end
|
|
22
|
+
end
|
data/test/helper.rb
CHANGED
|
@@ -9,8 +9,8 @@ class Cutest::Scope
|
|
|
9
9
|
include Rack::Test::Methods
|
|
10
10
|
|
|
11
11
|
def assert_redirected_to(path)
|
|
12
|
-
|
|
13
|
-
|
|
12
|
+
assert_equal 302, last_response.status
|
|
13
|
+
assert_equal path, URI(last_response.headers["Location"]).path
|
|
14
14
|
end
|
|
15
15
|
|
|
16
16
|
def session
|
data/test/password_hash_test.rb
CHANGED
|
@@ -1,23 +1,43 @@
|
|
|
1
1
|
require File.expand_path("helper", File.dirname(__FILE__))
|
|
2
2
|
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
3
|
+
# Shield::Password::Simple
|
|
4
|
+
scope do
|
|
5
|
+
test "encrypt" do
|
|
6
|
+
encrypted = Shield::Password.encrypt("password")
|
|
7
|
+
assert Shield::Password.check("password", encrypted)
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
test "with custom 64 character salt" do
|
|
11
|
+
encrypted = Shield::Password.encrypt("password", "A" * 64)
|
|
12
|
+
assert Shield::Password.check("password", encrypted)
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
test "nil password doesn't raise" do
|
|
16
|
+
ex = nil
|
|
7
17
|
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
18
|
+
begin
|
|
19
|
+
encrypted = Shield::Password.encrypt(nil)
|
|
20
|
+
rescue Exception => e
|
|
21
|
+
ex = e
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
assert nil == ex
|
|
25
|
+
end
|
|
11
26
|
end
|
|
12
27
|
|
|
13
|
-
|
|
14
|
-
|
|
28
|
+
# Shield::Password::PBKDF2
|
|
29
|
+
scope do
|
|
30
|
+
setup do
|
|
31
|
+
Shield::Password.strategy = Shield::Password::PBKDF2
|
|
32
|
+
end
|
|
15
33
|
|
|
16
|
-
|
|
17
|
-
encrypted = Shield::Password.encrypt(
|
|
18
|
-
|
|
19
|
-
ex = e
|
|
34
|
+
test "encrypt" do
|
|
35
|
+
encrypted = Shield::Password.encrypt("password")
|
|
36
|
+
assert Shield::Password.check("password", encrypted)
|
|
20
37
|
end
|
|
21
38
|
|
|
22
|
-
|
|
39
|
+
test "with custom 64 character salt" do
|
|
40
|
+
encrypted = Shield::Password.encrypt("password", "A" * 64)
|
|
41
|
+
assert Shield::Password.check("password", encrypted)
|
|
42
|
+
end
|
|
23
43
|
end
|
metadata
CHANGED
|
@@ -1,118 +1,95 @@
|
|
|
1
|
-
--- !ruby/object:Gem::Specification
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: shield
|
|
3
|
-
version: !ruby/object:Gem::Version
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
- 0
|
|
7
|
-
- 0
|
|
8
|
-
- 3
|
|
9
|
-
version: 0.0.3
|
|
3
|
+
version: !ruby/object:Gem::Version
|
|
4
|
+
version: 0.0.4
|
|
5
|
+
prerelease:
|
|
10
6
|
platform: ruby
|
|
11
|
-
authors:
|
|
7
|
+
authors:
|
|
12
8
|
- Michel Martens
|
|
13
9
|
- Damian Janowski
|
|
14
10
|
- Cyril David
|
|
15
11
|
autorequire:
|
|
16
12
|
bindir: bin
|
|
17
13
|
cert_chain: []
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
dependencies:
|
|
22
|
-
- !ruby/object:Gem::Dependency
|
|
14
|
+
date: 2012-01-20 00:00:00.000000000 Z
|
|
15
|
+
dependencies:
|
|
16
|
+
- !ruby/object:Gem::Dependency
|
|
23
17
|
name: cutest
|
|
24
|
-
|
|
25
|
-
requirement: &id001 !ruby/object:Gem::Requirement
|
|
18
|
+
requirement: &2156259380 !ruby/object:Gem::Requirement
|
|
26
19
|
none: false
|
|
27
|
-
requirements:
|
|
28
|
-
- -
|
|
29
|
-
- !ruby/object:Gem::Version
|
|
30
|
-
|
|
31
|
-
- 0
|
|
32
|
-
version: "0"
|
|
20
|
+
requirements:
|
|
21
|
+
- - ! '>='
|
|
22
|
+
- !ruby/object:Gem::Version
|
|
23
|
+
version: '0'
|
|
33
24
|
type: :development
|
|
34
|
-
version_requirements: *id001
|
|
35
|
-
- !ruby/object:Gem::Dependency
|
|
36
|
-
name: sinatra
|
|
37
25
|
prerelease: false
|
|
38
|
-
|
|
26
|
+
version_requirements: *2156259380
|
|
27
|
+
- !ruby/object:Gem::Dependency
|
|
28
|
+
name: sinatra
|
|
29
|
+
requirement: &2156274580 !ruby/object:Gem::Requirement
|
|
39
30
|
none: false
|
|
40
|
-
requirements:
|
|
41
|
-
- -
|
|
42
|
-
- !ruby/object:Gem::Version
|
|
43
|
-
|
|
44
|
-
- 0
|
|
45
|
-
version: "0"
|
|
31
|
+
requirements:
|
|
32
|
+
- - ! '>='
|
|
33
|
+
- !ruby/object:Gem::Version
|
|
34
|
+
version: '0'
|
|
46
35
|
type: :development
|
|
47
|
-
version_requirements: *id002
|
|
48
|
-
- !ruby/object:Gem::Dependency
|
|
49
|
-
name: rack-test
|
|
50
36
|
prerelease: false
|
|
51
|
-
|
|
37
|
+
version_requirements: *2156274580
|
|
38
|
+
- !ruby/object:Gem::Dependency
|
|
39
|
+
name: rack-test
|
|
40
|
+
requirement: &2156273800 !ruby/object:Gem::Requirement
|
|
52
41
|
none: false
|
|
53
|
-
requirements:
|
|
54
|
-
- -
|
|
55
|
-
- !ruby/object:Gem::Version
|
|
56
|
-
|
|
57
|
-
- 0
|
|
58
|
-
version: "0"
|
|
42
|
+
requirements:
|
|
43
|
+
- - ! '>='
|
|
44
|
+
- !ruby/object:Gem::Version
|
|
45
|
+
version: '0'
|
|
59
46
|
type: :development
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
47
|
+
prerelease: false
|
|
48
|
+
version_requirements: *2156273800
|
|
49
|
+
description: ! "\n Provides all the protocol you need in order to do authentication
|
|
50
|
+
on\n your rack application. The implementation specifics can be found in\n http://github.com/cyx/shield-contrib\n
|
|
51
|
+
\ "
|
|
52
|
+
email:
|
|
63
53
|
- michel@soveran.com
|
|
64
54
|
- djanowski@dimaion.com
|
|
65
|
-
-
|
|
55
|
+
- me@cyrildavid.com
|
|
66
56
|
executables: []
|
|
67
|
-
|
|
68
57
|
extensions: []
|
|
69
|
-
|
|
70
58
|
extra_rdoc_files: []
|
|
71
|
-
|
|
72
|
-
files:
|
|
59
|
+
files:
|
|
73
60
|
- lib/shield/helpers.rb
|
|
74
61
|
- lib/shield/model.rb
|
|
75
62
|
- lib/shield/password.rb
|
|
63
|
+
- lib/shield/password/simple.rb
|
|
64
|
+
- lib/shield/password/pbkdf2.rb
|
|
76
65
|
- lib/shield.rb
|
|
77
|
-
- README.markdown
|
|
78
|
-
- LICENSE
|
|
79
|
-
- Rakefile
|
|
80
66
|
- test/helper.rb
|
|
81
67
|
- test/model_test.rb
|
|
82
68
|
- test/password_hash_test.rb
|
|
83
69
|
- test/shield_test.rb
|
|
84
70
|
- test/sinatra_test.rb
|
|
85
|
-
has_rdoc: true
|
|
86
71
|
homepage: http://github.com/cyx/shield
|
|
87
72
|
licenses: []
|
|
88
|
-
|
|
89
73
|
post_install_message:
|
|
90
74
|
rdoc_options: []
|
|
91
|
-
|
|
92
|
-
require_paths:
|
|
75
|
+
require_paths:
|
|
93
76
|
- lib
|
|
94
|
-
required_ruby_version: !ruby/object:Gem::Requirement
|
|
77
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
|
95
78
|
none: false
|
|
96
|
-
requirements:
|
|
97
|
-
- -
|
|
98
|
-
- !ruby/object:Gem::Version
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
version: "0"
|
|
102
|
-
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
79
|
+
requirements:
|
|
80
|
+
- - ! '>='
|
|
81
|
+
- !ruby/object:Gem::Version
|
|
82
|
+
version: '0'
|
|
83
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
103
84
|
none: false
|
|
104
|
-
requirements:
|
|
105
|
-
- -
|
|
106
|
-
- !ruby/object:Gem::Version
|
|
107
|
-
|
|
108
|
-
- 0
|
|
109
|
-
version: "0"
|
|
85
|
+
requirements:
|
|
86
|
+
- - ! '>='
|
|
87
|
+
- !ruby/object:Gem::Version
|
|
88
|
+
version: '0'
|
|
110
89
|
requirements: []
|
|
111
|
-
|
|
112
90
|
rubyforge_project: shield
|
|
113
|
-
rubygems_version: 1.
|
|
91
|
+
rubygems_version: 1.8.11
|
|
114
92
|
signing_key:
|
|
115
93
|
specification_version: 3
|
|
116
94
|
summary: Generic authentication protocol for rack applications.
|
|
117
95
|
test_files: []
|
|
118
|
-
|
data/LICENSE
DELETED
|
@@ -1,19 +0,0 @@
|
|
|
1
|
-
Copyright (c) 2009 Michel Martens, Damian Janowski and Cyril David
|
|
2
|
-
|
|
3
|
-
Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
4
|
-
of this software and associated documentation files (the "Software"), to deal
|
|
5
|
-
in the Software without restriction, including without limitation the rights
|
|
6
|
-
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
7
|
-
copies of the Software, and to permit persons to whom the Software is
|
|
8
|
-
furnished to do so, subject to the following conditions:
|
|
9
|
-
|
|
10
|
-
The above copyright notice and this permission notice shall be included in
|
|
11
|
-
all copies or substantial portions of the Software.
|
|
12
|
-
|
|
13
|
-
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
14
|
-
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
15
|
-
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
16
|
-
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
17
|
-
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
18
|
-
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
|
19
|
-
THE SOFTWARE.
|
data/README.markdown
DELETED
|
@@ -1,36 +0,0 @@
|
|
|
1
|
-
# Shield
|
|
2
|
-
|
|
3
|
-
Shield
|
|
4
|
-
|
|
5
|
-
_n. A solid piece of metal code used to protect your application._
|
|
6
|
-
|
|
7
|
-
## Why another authentication library?
|
|
8
|
-
|
|
9
|
-
1. Because most of the other libraries are too huge.
|
|
10
|
-
2. Extending other libraries is a pain.
|
|
11
|
-
3. Writing code is fun :-)
|
|
12
|
-
|
|
13
|
-
## Description of Shield
|
|
14
|
-
|
|
15
|
-
1. Simple
|
|
16
|
-
2. Doesn't get in the way
|
|
17
|
-
3. Extensible (see [shield-contrib][shield-contrib]).
|
|
18
|
-
|
|
19
|
-
## Getting started
|
|
20
|
-
|
|
21
|
-
The fastest way to get started is by using one of the drop-in solutions
|
|
22
|
-
in [shield-contrib][shield-contrib].
|
|
23
|
-
|
|
24
|
-
## Tutorials
|
|
25
|
-
|
|
26
|
-
You can learn more by reading through some of our tutorials:
|
|
27
|
-
|
|
28
|
-
1. [Sinatra & OHM][sin-ohm]
|
|
29
|
-
2. [Sinatra & Sequel][sin-sequel]
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
[sin]: http://sinatrarb.com
|
|
33
|
-
[ohm]: http://ohm.keyvalue.org
|
|
34
|
-
[shield-contrib]: http://github.com/cyx/shield-contrib
|
|
35
|
-
[sin-ohm]: http://cyx.github.com/shield/sinatra-ohm.html
|
|
36
|
-
[sin-sequel]: http://cyx.github.com/shield/sinatra-sequel.html
|